Gazelle/sections/staffpm/takepost.php
2013-05-16 16:15:57 +00:00

79 lines
2.2 KiB
PHP

<?
if ($Message = db_string($_POST['message'])) {
if ($Subject = db_string($_POST['subject'])) {
// New staff PM conversation
$Level = db_string($_POST['level']);
$DB->query("
INSERT INTO staff_pm_conversations
(Subject, Status, Level, UserID, Date)
VALUES
('$Subject', 'Unanswered', $Level, ".$LoggedUser['ID'].", '".sqltime()."')"
);
// New message
$ConvID = $DB->inserted_id();
$DB->query("
INSERT INTO staff_pm_messages
(UserID, SentDate, Message, ConvID)
VALUES
(".$LoggedUser['ID'].", '".sqltime()."', '$Message', $ConvID)"
);
header('Location: staffpm.php');
} elseif ($ConvID = (int)$_POST['convid']) {
// Check if conversation belongs to user
$DB->query("SELECT UserID, AssignedToUser FROM staff_pm_conversations WHERE ID=$ConvID");
list($UserID, $AssignedToUser) = $DB->next_record();
if ($UserID == $LoggedUser['ID'] || $IsFLS || $UserID == $AssignedToUser) {
// Response to existing conversation
$DB->query("
INSERT INTO staff_pm_messages
(UserID, SentDate, Message, ConvID)
VALUES
(".$LoggedUser['ID'].", '".sqltime()."', '$Message', $ConvID)"
);
// Update conversation
if ($IsFLS) {
// FLS/Staff
$DB->query("
UPDATE staff_pm_conversations
SET Date='".sqltime()."', Unread=true, Status='Open'
WHERE ID=$ConvID");
$Cache->delete_value('num_staff_pms_'.$LoggedUser['ID']);
} else {
// User
$DB->query("
UPDATE staff_pm_conversations
SET Date='".sqltime()."', Unread=true, Status='Unanswered'
WHERE ID=$ConvID");
}
// Clear cache for user
$Cache->delete_value('staff_pm_new_'.$UserID);
$Cache->delete_value('staff_pm_new_'.$LoggedUser['ID']);
header("Location: staffpm.php?action=viewconv&id=$ConvID");
} else {
// User is trying to respond to conversation that does no belong to them
error(403);
}
} else {
// Message but no subject or conversation ID
header("Location: staffpm.php?action=viewconv&id=$ConvID");
}
} elseif ($ConvID = (int)$_POST['convid']) {
// No message, but conversation ID
header("Location: staffpm.php?action=viewconv&id=$ConvID");
} else {
// No message or conversation ID
header('Location: staffpm.php');
}
?>