mirror of
https://github.com/WhatCD/Gazelle.git
synced 2024-12-13 10:56:26 +00:00
41 lines
988 B
PHP
41 lines
988 B
PHP
<?
|
|
if ($IDs = $_POST['id']) {
|
|
$Queries = array();
|
|
foreach ($IDs as &$ID) {
|
|
$ID = (int)$ID;
|
|
|
|
// Check if conversation belongs to user
|
|
$DB->query("
|
|
SELECT UserID, AssignedToUser
|
|
FROM staff_pm_conversations
|
|
WHERE ID = $ID");
|
|
list($UserID, $AssignedToUser) = $DB->next_record();
|
|
|
|
if ($UserID == $LoggedUser['ID'] || $DisplayStaff == '1' || $UserID == $AssignedToUser) {
|
|
// Conversation belongs to user or user is staff, queue query
|
|
$Queries[] = "
|
|
UPDATE staff_pm_conversations
|
|
SET Status = 'Resolved', ResolverID = ".$LoggedUser['ID']."
|
|
WHERE ID = $ID";
|
|
} else {
|
|
// Trying to run disallowed query
|
|
error(403);
|
|
}
|
|
}
|
|
|
|
// Run queries
|
|
foreach ($Queries as $Query) {
|
|
$DB->query($Query);
|
|
}
|
|
// Clear cache for user
|
|
$Cache->delete_value("staff_pm_new_$LoggedUser[ID]");
|
|
$Cache->delete_value("num_staff_pms_$LoggedUser[ID]");
|
|
|
|
// Done! Return to inbox
|
|
header("Location: staffpm.php");
|
|
} else {
|
|
// No ID
|
|
header("Location: staffpm.php");
|
|
}
|
|
?>
|