2012-01-26 08:00:25 +00:00
|
|
|
<?
|
|
|
|
|
if ($Message = db_string($_POST['message'])) {
|
|
|
|
|
if ($Subject = db_string($_POST['subject'])) {
|
2013-05-16 16:15:57 +00:00
|
|
|
// New staff PM conversation
|
2013-07-19 08:00:28 +00:00
|
|
|
assert_numbers($_POST, array('level'), 'Invalid recipient');
|
2012-01-26 08:00:25 +00:00
|
|
|
$DB->query("
|
2013-02-22 08:00:24 +00:00
|
|
|
INSERT INTO staff_pm_conversations
|
2012-01-26 08:00:25 +00:00
|
|
|
(Subject, Status, Level, UserID, Date)
|
|
|
|
|
VALUES
|
2013-07-19 08:00:28 +00:00
|
|
|
('$Subject', 'Unanswered', $_POST[level], $LoggedUser[ID], '".sqltime()."')"
|
2012-01-26 08:00:25 +00:00
|
|
|
);
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
// New message
|
|
|
|
|
$ConvID = $DB->inserted_id();
|
|
|
|
|
$DB->query("
|
|
|
|
|
INSERT INTO staff_pm_messages
|
|
|
|
|
(UserID, SentDate, Message, ConvID)
|
|
|
|
|
VALUES
|
2013-07-19 08:00:28 +00:00
|
|
|
($LoggedUser[ID], '".sqltime()."', '$Message', $ConvID)"
|
2012-01-26 08:00:25 +00:00
|
|
|
);
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
header('Location: staffpm.php');
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
} elseif ($ConvID = (int)$_POST['convid']) {
|
|
|
|
|
// Check if conversation belongs to user
|
2013-07-02 08:01:37 +00:00
|
|
|
$DB->query("
|
|
|
|
|
SELECT UserID, AssignedToUser
|
|
|
|
|
FROM staff_pm_conversations
|
|
|
|
|
WHERE ID = $ConvID");
|
2012-01-26 08:00:25 +00:00
|
|
|
list($UserID, $AssignedToUser) = $DB->next_record();
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
if ($UserID == $LoggedUser['ID'] || $IsFLS || $UserID == $AssignedToUser) {
|
|
|
|
|
// Response to existing conversation
|
|
|
|
|
$DB->query("
|
|
|
|
|
INSERT INTO staff_pm_messages
|
|
|
|
|
(UserID, SentDate, Message, ConvID)
|
|
|
|
|
VALUES
|
|
|
|
|
(".$LoggedUser['ID'].", '".sqltime()."', '$Message', $ConvID)"
|
|
|
|
|
);
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
// Update conversation
|
|
|
|
|
if ($IsFLS) {
|
|
|
|
|
// FLS/Staff
|
2013-05-16 16:15:57 +00:00
|
|
|
$DB->query("
|
|
|
|
|
UPDATE staff_pm_conversations
|
2013-12-23 08:00:59 +00:00
|
|
|
SET Date = '".sqltime()."',
|
|
|
|
|
Unread = true,
|
|
|
|
|
Status = 'Open'
|
2013-07-02 08:01:37 +00:00
|
|
|
WHERE ID = $ConvID");
|
2013-12-23 08:00:59 +00:00
|
|
|
$Cache->delete_value("num_staff_pms_$LoggedUser[ID]");
|
2012-01-26 08:00:25 +00:00
|
|
|
} else {
|
|
|
|
|
// User
|
2013-05-16 16:15:57 +00:00
|
|
|
$DB->query("
|
|
|
|
|
UPDATE staff_pm_conversations
|
2013-12-23 08:00:59 +00:00
|
|
|
SET Date = '".sqltime()."',
|
|
|
|
|
Unread = true,
|
|
|
|
|
Status = 'Unanswered'
|
2013-07-02 08:01:37 +00:00
|
|
|
WHERE ID = $ConvID");
|
2012-01-26 08:00:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Clear cache for user
|
2013-07-02 08:01:37 +00:00
|
|
|
$Cache->delete_value("staff_pm_new_$UserID");
|
2013-12-23 08:00:59 +00:00
|
|
|
$Cache->delete_value("staff_pm_new_$LoggedUser[ID]");
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
header("Location: staffpm.php?action=viewconv&id=$ConvID");
|
|
|
|
|
} else {
|
|
|
|
|
// User is trying to respond to conversation that does no belong to them
|
|
|
|
|
error(403);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2013-05-16 16:15:57 +00:00
|
|
|
// Message but no subject or conversation ID
|
2012-01-26 08:00:25 +00:00
|
|
|
header("Location: staffpm.php?action=viewconv&id=$ConvID");
|
2013-02-22 08:00:24 +00:00
|
|
|
|
2012-01-26 08:00:25 +00:00
|
|
|
}
|
|
|
|
|
} elseif ($ConvID = (int)$_POST['convid']) {
|
2013-05-16 16:15:57 +00:00
|
|
|
// No message, but conversation ID
|
2012-01-26 08:00:25 +00:00
|
|
|
header("Location: staffpm.php?action=viewconv&id=$ConvID");
|
|
|
|
|
} else {
|
2013-05-16 16:15:57 +00:00
|
|
|
// No message or conversation ID
|
2012-01-26 08:00:25 +00:00
|
|
|
header('Location: staffpm.php');
|
|
|
|
|
}
|
|
|
|
|
?>
|
