mirror of
https://github.com/WhatCD/Gazelle.git
synced 2024-12-14 19:36:25 +00:00
36 lines
964 B
PHP
36 lines
964 B
PHP
<?
|
|
if ($IDs = $_POST['id']) {
|
|
$Queries = array();
|
|
foreach ($IDs as &$ID) {
|
|
$ID = (int)$ID;
|
|
|
|
// Check if conversation belongs to user
|
|
$DB->query("SELECT UserID, AssignedToUser FROM staff_pm_conversations WHERE ID=$ID");
|
|
list($UserID, $AssignedToUser) = $DB->next_record();
|
|
|
|
if ($UserID == $LoggedUser['ID'] || $DisplayStaff == '1' || $UserID == $AssignedToUser) {
|
|
// Conversation belongs to user or user is staff, queue query
|
|
$Queries[] = "UPDATE staff_pm_conversations SET Status='Resolved', ResolverID=".$LoggedUser['ID']." WHERE ID=$ID";
|
|
} else {
|
|
// Trying to run disallowed query
|
|
error(403);
|
|
}
|
|
}
|
|
|
|
// Run queries
|
|
foreach ($Queries as $Query) {
|
|
$DB->query($Query);
|
|
}
|
|
// Clear cache for user
|
|
$Cache->delete_value('staff_pm_new_'.$LoggedUser['ID']);
|
|
$Cache->delete_value('num_staff_pms_'.$LoggedUser['ID']);
|
|
|
|
// Done! Return to inbox
|
|
header("Location: staffpm.php");
|
|
|
|
} else {
|
|
// No id
|
|
header("Location: staffpm.php");
|
|
}
|
|
?>
|