Gazelle/sections/reports/takecompose.php

<?
authorize();


if (empty($_POST['toid'])) {
	error(404);
}

if (!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$_POST['toid']])) {
	error(403);
}


if (isset($_POST['convid']) && is_number($_POST['convid'])) {
	$ConvID = $_POST['convid'];
	$Subject = '';
	$ToID = explode(',', $_POST['toid']);
	foreach ($ToID as $TID) {
		if (!is_number($TID)) {
			$Err = 'A recipient does not exist.';
		}
	}
	$DB->query("SELECT UserID FROM pm_conversations_users WHERE UserID='$LoggedUser[ID]' AND ConvID='$ConvID'");
	if ($DB->record_count() == 0) {
		error(403);
	}
} else {
	$ConvID = '';
	if (!is_number($_POST['toid'])) {
		$Err = 'This recipient does not exist.';
	} else {
		$ToID = $_POST['toid'];
	}
	$Subject = trim($_POST['subject']);
	if (empty($Subject)) {
		$Err = "You can't send a message without a subject.";
	}
}
$Body = trim($_POST['body']);
if ($Body === '' || $Body === false) {
	$Err = "You can't send a message without a body!";
}

if (!empty($Err)) {
	error($Err);
	//header('Location: inbox.php?action=compose&to='.$_POST['toid']);
	$ToID = $_POST['toid'];
	$Return = true;
	include(SERVER_ROOT.'/sections/inbox/compose.php');
	die();
}

$ConvID = Misc::send_pm($ToID, $LoggedUser['ID'], $Subject, $Body, $ConvID);

header('Location: reports.php');
?>
Empty commit 2012-09-04 08:00:23 +00:00			`<?`
			`authorize();`


Empty commit 2013-05-01 08:00:16 +00:00			`if (empty($_POST['toid'])) {`
			`error(404);`
			`}`
Empty commit 2012-09-04 08:00:23 +00:00
Empty commit 2013-05-01 08:00:16 +00:00			`if (!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$_POST['toid']])) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(403);`
			`}`


			`if (isset($_POST['convid']) && is_number($_POST['convid'])) {`
			`$ConvID = $_POST['convid'];`
Empty commit 2013-05-01 08:00:16 +00:00			`$Subject = '';`
Empty commit 2012-09-04 08:00:23 +00:00			`$ToID = explode(',', $_POST['toid']);`
Empty commit 2013-05-01 08:00:16 +00:00			`foreach ($ToID as $TID) {`
			`if (!is_number($TID)) {`
			`$Err = 'A recipient does not exist.';`
Empty commit 2012-09-04 08:00:23 +00:00			`}`
			`}`
			`$DB->query("SELECT UserID FROM pm_conversations_users WHERE UserID='$LoggedUser[ID]' AND ConvID='$ConvID'");`
Empty commit 2013-05-01 08:00:16 +00:00			`if ($DB->record_count() == 0) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error(403);`
			`}`
			`} else {`
Empty commit 2013-05-01 08:00:16 +00:00			`$ConvID = '';`
			`if (!is_number($_POST['toid'])) {`
			`$Err = 'This recipient does not exist.';`
Empty commit 2012-09-04 08:00:23 +00:00			`} else {`
			`$ToID = $_POST['toid'];`
			`}`
			`$Subject = trim($_POST['subject']);`
			`if (empty($Subject)) {`
			`$Err = "You can't send a message without a subject.";`
			`}`
			`}`
			`$Body = trim($_POST['body']);`
Empty commit 2013-05-01 08:00:16 +00:00			`if ($Body === '' \|\| $Body === false) {`
Empty commit 2012-09-04 08:00:23 +00:00			`$Err = "You can't send a message without a body!";`
			`}`

Empty commit 2013-05-01 08:00:16 +00:00			`if (!empty($Err)) {`
Empty commit 2012-09-04 08:00:23 +00:00			`error($Err);`
			`//header('Location: inbox.php?action=compose&to='.$_POST['toid']);`
			`$ToID = $_POST['toid'];`
			`$Return = true;`
			`include(SERVER_ROOT.'/sections/inbox/compose.php');`
			`die();`
			`}`

Empty commit 2013-03-10 08:00:41 +00:00			`$ConvID = Misc::send_pm($ToID, $LoggedUser['ID'], $Subject, $Body, $ConvID);`
Empty commit 2012-09-04 08:00:23 +00:00
			`header('Location: reports.php');`
			`?>`