isAdmin()){ $subject = addslashes(htmlspecialchars($subject)); $message = addslashes($message); // this allows the admin to put links in messages. } else { $subject = addslashes(htmlspecialchars($subject)); $message = addslashes(htmlspecialchars($message)); } $queryString = "INSERT INTO messages (fromUser,toUser,subject,message,senderIP,createdOn) VALUES ("; $queryString.= "\"$from\",\"$to\",\"$subject\",\"$message\",\"$ip\", NOW())"; if(mysql_query($queryString,$db)){ // TODO: ALLOW USERS TO SELECT TO HAVE THEIR MESSAGES FORWARDED TO THEIR EMAIL? OR AT LEAST TO BE NOTIFIED VIA EMAIL IF THEY HAVE MESSAGES. /*$copyToEmail = (simpleQuery("SELECT forwardToEmail FROM memberProfiles WHERE username='$to'") == 1); if($copyToEmail){ $emailToUse = ""; $emailToUse = simpleQuery("SELECT email FROM members WHERE username='$to'"); if($emailToUse == ""){ $emailToUse = $to; } $subject = stripslashes($subject); $message = stripslashes(stripslashes($message)); $preamble = "NOTE: This message was forwarded to you because you have indicated in your CollegeInfoDesk profile that"; $preamble.= " you wanted to receive emailed copies of your messages. To change this, please update your"; $preamble.= " profile. - CollegeInfoDesk.com team
\r\n"; $preamble.= "-------------------------------------------------------------------------------
\r\n"; $preamble.= "Subject: $subject
\n"; $preamble.= "Message:
\n"; $message = "$preamble$message"; $message.= "
\r\n-------------------------------------------------------------------------------
\r\n"; $subject = "CID: $subject"; GLOBAL $INC_PATH; include_once $INC_PATH.'inc/emailTools.php'; if(false === sendMail($message, "msgForwarder@pedlr.com", $emailToUse, $subject)){ logEvent("Problem sending message to '$emailToUse' which belongs to '$to'."); } }*/ // Log the message as being sent in user statistics sendQuery("UPDATE userStats,users SET userStats.msgsFrom=userStats.msgsFrom+1 WHERE userStats.user_id=users.id AND users.username='$from'"); sendQuery("UPDATE userStats,users SET userStats.msgsTo=userStats.msgsTo+1 WHERE userStats.user_id=users.id AND users.username='$to'"); $to_id = simpleQuery("SELECT id FROM users WHERE username='$to'"); $from_id = getUser()->getId(); include_once 'friendTools.php'; logInteraction( $from_id, $to_id ); // Send notification if configured for receiver to get them. include_once 'emailTools.php'; if(shouldNotify($to_id, USERPREF_NOTIFY_MESSAGE)){ notification_message($to_id, $from_id); } if($verbose){ dispSuccess("Your message has been sent."); // STRINGTABLES } $retVal = true; } else { if($verbose){ logQueryError('Error in sendMessage() in '.__FILE__, $queryString); dispError("Unable to send message. Please try again later."); // STRINGTABLES } } } return $retVal; } // end sendMessage(...) //// // On pages that will process message posts, this can read them from the POST array and process them. //// function registerMessage(){ $user = getUser(); if((getPost('formName') == 'sendMessage') && ($user->isLoggedIn())){ $from = $user->getUsername(); $to = getPost('to'); $subject = getPost('subject'); $message = getPost('message'); if(sendMessage($from,$to,$subject,$message)){ if(isset($_POST['replyTo'])){ $replyTo = $_POST['replyTo']; sendQuery("UPDATE messages SET beenReplied=1 WHERE id=$replyTo"); } } } } // end registerMessage() //// // Displays a form to send a message to the specified user. // If _GET values are specified for 'subject' or 'message', those will be used to initialize the form. //// function messageForm($recipient,$hiddenData=""){ $PHP_SELF = $_SERVER['PHP_SELF']; $title = "Send Message to $recipient"; // STRINGTABLES ob_start(); if(($hiddenData=="") && (isset($_GET['subject']))){ $hiddenData = $_GET['subject']; } $messageVal = getVal($_GET, 'message'); $to = getVal($_GET, 'to'); if($recipient == ""){ $recipient = $to; } print "
\n"; print "\n"; print "\n"; print "Subject:

\n"; print "Message:
\n"; print "
\n"; print "
\n"; print "\n"; $content = ob_get_clean(); include_once 'mod/module.php'; include_once 'mod/textmod.php'; $mod = new TextModule($content, '', $title); $mod->setImage("mail_forward.png"); print $mod->getHTML(); } // end messageForm(...) //// // Displays a form to send a message to any user. //// function genericMessageForm(){ $PHP_SELF = $_SERVER['PHP_SELF']; $title = "Send a Message"; // STRINGTABLES $to = stripslashes(getVal($_GET, 'to')); $subj = stripslashes(getVal($_GET, 'subject')); $msg = stripslashes(getVal($_GET, 'message')); ob_start(); print "
\n"; print "\n"; print "To:
(this must be their username found in their pedlr URL)
\n"; print "Subject:

\n"; print "Message:
\n"; print "
\n"; print "
\n"; print "\n"; $content = ob_get_clean(); include_once 'mod/module.php'; include_once 'mod/textModule.php'; $mod = new TextModule($content, '', $title); $mod->setImage("mail_forward.png"); return $mod; } // end genericMessageForm() //// // Displays the message by its id. Checks to make sure the current user has permission to view this message first. // To be allowed to view the message, they must either be the recipient or the sender. //// function dispMessage($id){ $PHP_SELF = $_SERVER['PHP_SELF']; $user = getUser(); $username = $user->getUsername(); $db = dil_connect(); ob_start(); $queryString = "SELECT * FROM messages WHERE id=$id AND (fromUser=\"$username\" OR toUser=\"$username\")"; if($result = mysql_query($queryString,$db)){ if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){ $from = mysql_result($result,0,"fromUser"); $to = mysql_result($result,0,"toUser"); $subject = mysql_result($result,0,"subject"); $message = mysql_result($result,0,"message"); $timestamp = mysql_result($result,0,"createdOn"); $beenRead = mysql_result($result,0,"beenRead"); $beenReplied = mysql_result($result,0,"beenReplied"); $timestamp = date("M jS, Y \a\\t g:ia", strtotime($timestamp)); $message = str_replace("<br>","
",$message); $message = str_replace("<br/>","
",$message); $message = str_replace("\n","
",$message); $subject = stripslashes($subject); $message = stripslashes($message); $toMe = (strtolower($username) == strtolower($to)); // if the message is 'to' the person viewing the page. $fromVisible = simpleQuery("SELECT visibleName FROM users WHERE username='$from'"); $title = "Message from $from"; // STRINGTABLES print "\n"; if($toMe){ print "\n"; } else { print "\n"; $toVisible = simpleQuery("SELECT visibleName FROM users WHERE username='$to'"); print "\n"; } print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; print "From:$fromVisible
\n"; print "From:$fromVisible
\n"; print "To:$toVisible
\n"; print "Subj:$subject
\n"; print "Date:$timestamp
\n"; print "Message:  $message
"; print "Inbox | "; if($toMe){ print "Reply | "; print "Delete"; } else { print "Outbox | "; print "Delete"; } print "
\n"; if($toMe){ sendQuery("UPDATE messages SET beenRead=1 WHERE id=$id AND toUser=\"$username\""); } } else { dispError("That message was not found or you do not have privileges to view it."); // STRINGTABLES } } else { logQueryError("Error when user $username tried to read message with id $id", $queryString); } $content = ob_get_clean(); include_once 'mod/module.php'; include_once 'mod/textModule.php'; $retVal = new TextModule($content, '', $title); return $retVal; } // end dispMessage(...) //// // Displays an overview of each of the messages with a link to display the message. // // If an overrideQuery is specified, it will be used to populate the inbox instead of the default. // // If doOutbox is true, this will switch to become an outbox display instead of an inbox (should use dispOutbox() which will in turn call this). //// function dispInbox($overrideQuery="", $doOutbox=false){ $PHP_SELF = $_SERVER['PHP_SELF']; $db = dil_connect(); $content = ""; $user = getUser(); if($overrideQuery == ""){ $username = $user->getUsername(); //$hackStr = ($user->isAdmin())? " OR toUser='CollegeInfoDesk' OR toUser LIKE 'admin@%'" : ""; // maybe later... all links to read/delete/etc. depend on being the user also $queryString = "SELECT * FROM messages WHERE toUser=\"$username\" AND deletedBy_toUser=0 ORDER BY createdOn DESC"; if($doOutbox){ $queryString = "SELECT * FROM messages WHERE fromUser=\"$username\" AND deletedBy_fromUser=0 ORDER BY createdOn DESC"; } } else { $queryString = $overrideQuery; } if($result = mysql_query($queryString,$db)){ $title = "Inbox"; // STRINGTABLES if($doOutbox){ $title = "Outbox"; } ob_start(); print "\n"; if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){ if($doOutbox){ print "\n"; } else { print "\n"; } for($cnt=0; $cnt<$numRows; $cnt++){ $to = mysql_result($result, $cnt, "toUser"); $from = mysql_result($result,$cnt,"fromUser"); $subject = mysql_result($result,$cnt,"subject"); $message = mysql_result($result,$cnt,"message"); $timestamp = mysql_result($result,$cnt,"createdOn"); $beenRead = mysql_result($result,$cnt,"beenRead"); $beenReplied = mysql_result($result,$cnt,"beenReplied"); $id = mysql_result($result,$cnt,"id"); //$timestamp = date("g:ia M jS, Y", strtotime($timestamp)); $timestamp = shortDate($timestamp); if($doOutbox){ $from = $to; // switch who gets displayed in the outbox } // Some names may be too long to display entirely.. $fromUser = $from; if(strlen($fromUser) > 25){ $fromUser = substr($fromUser, 0, 22) . "..."; } // STRINGTABLES $icon = "/img/mail_new.gif"; $status = "New"; if(($beenReplied) || ($doOutbox)){ // the 'sent-message' icon will be shown for all outbox messages. $icon = "/img/mail_replied.gif"; $status = "Replied"; } else if($beenRead){ $icon = "/img/mail_read.gif"; $status = "Already Read"; } //$class = "class=controlTableTd".($cnt%2); $class= "style='border-bottom: 1px dotted #191970;"; if((!$beenRead) && (!$doOutbox)){ $class .= "background-color:#fff;'"; } else { if($doOutbox){ $class.= (($cnt%2)==0) ? "background-color: #ebffeb;'" : "background-color: #ccffcc;'"; } else { $class.= (($cnt%2)==0) ? "background-color: #e0ecff;'" : "background-color: #c3d9ff;'"; } } if(($beenRead) || ($doOutbox)){ print "\n"; } else { print "\n"; } $subject = ($subject==""?"(No subject)":$subject); print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; } else { print "reply | "; print "delete\n"; } print "\n"; } } else { // STRINGTABLES print "\n"; } print "
 ToSubjectSentActions
 FromSubjectSentActions
\"$status\"
  $fromUser  $subject$timestampread | "; if($doOutbox){ print "delete
".($doOutbox?"You have no sent messages stored in your outbox.":"You have no messages.")."
\n"; $content = ob_get_clean(); } else { logEvent("Error loading mailbox with query:
$queryString",4); ob_start(); dispError("There was a problem loading your mailbox. This problem has been logged and we're working on it. Please try again later."); // STRINGTABLES $content = ob_get_clean(); } include_once 'mod/module.php'; include_once 'mod/textModule.php'; $mod = new TextModule($content, '', $title); $mod->setImage("mailbox.png"); return $mod; } // end dispInbox() //// // Displays the messages sent by this user. //// function dispOutbox(){ $FORCE_OUTBOX = true; return dispInbox("", $FORCE_OUTBOX); } // end dispOutbox() //// // Displays a form to reply to the message indicated. Checks to see if the current user is the intended // recipient first, and does not allow the user to reply if they are not the recipient. // // Returns an ARRAY of modules. //// function dispReplyTo($replyTo){ $PHP_SELF = $_SERVER['PHP_SELF']; $db = dil_connect(); include_once 'mod/module.php'; include_once 'mod/textModule.php'; $retVal = array(); $content = ""; $user = getUser(); $username = $user->getUsername(); $queryString = "SELECT * FROM messages WHERE toUser=\"$username\" AND id=$replyTo"; if($result = mysql_query($queryString,$db)){ if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){ $fromUser = mysql_result($result,0,"fromUser"); $subject = mysql_result($result,0,"subject"); $title = "Reply to $fromUser"; // STRINGTABLES ob_start(); print "\n"; print "\n"; print "\n"; print "
\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "Subject:

\n"; print "Message:
\n"; print "
\n"; print "\n"; print "\n"; print "
\n"; $content = ob_get_clean(); $retVal[] = new TextModule($content, '', $title); $retVal[] = dispMessage($replyTo); } else { ob_start(); $title = "I think we have a miscommunication here..."; dispError("Message was either not found or you do not have permission to view it."); // STRINGTABLES $content= ob_get_clean(); $retVal[] = new TextModule($content, '', $title); } } return $retVal; } // end dispReplyTo(...) //// // Deletes the message whose id is specified if the logged in user has permission to delete it. // Admin can delete messages that they received as well as messages they wrote. Other users can // only delete messages they received. //// function deleteMessage($id){ $db = dil_connect(); $user = getUser(); $username = $user->getUsername(); if(0 < simpleQuery("SELECT COUNT(*) FROM messages WHERE id=$id AND toUser='$username'")){ sendQuery("UPDATE messages SET deletedBy_toUser=1 WHERE id='$id'"); if(sendQuery("DELETE FROM messages WHERE id=$id AND deletedBy_fromUser=1")){ dispSuccess("Message deleted."); // STRINGTABLES } else { logEvent("Could not delete for some reason.
".mysql_error()."
Query:
$queryString"); } } else { dispError("Message not found."); // STRINGTABLES } } // end deleteMessage(...) //// // Deletes the specified message from the outbox if the user has permission to delete it. // If the message is not also in the recipient's inbox, the message is completely deleted. //// function deleteMessageFrom($id){ $db = dil_connect(); $user = getUser(); $username = $user->getUsername(); $isAdmin = ($user->isAdmin()?"1":"0"); if(0 < simpleQuery("SELECT COUNT(*) FROM messages WHERE id=$id AND fromUser='$username'")){ sendQuery("UPDATE messages SET deletedBy_fromUser=1 WHERE id='$id'"); if(sendQuery("DELETE FROM messages WHERE id=$id AND deletedBy_toUser=1")){ dispSuccess("Message removed from outbox."); // STRINGTABLES } else { logEvent("Could not delete for some reason.
".mysql_error()."
Query:
$queryString"); } } else { dispError("Message not found."); // STRINGTABLES } } // end deleteMessageFrom(...) //// // Returns the number of unread messages that the specified user has. // If the username parameter is left blank, the default logged in user will be used. //// function getNumMessages($username=""){ $retVal = 0; $user = getUser(); if(($username == "") && $user->isLoggedIn()){ $username = $user->getUsername(); } $queryString = "SELECT COUNT(*) AS numMessages FROM messages WHERE toUser='$username'"; $queryString.= " AND beenRead=0"; $retVal = simpleQuery($queryString); return $retVal; } // end getNumMessages(...) //// // Returns the number of unread threads that the specified user has. // If the username parameter is left blank, the default logged in user will be used. // NOTE: THREADING IS NOT IMPLEMENTED YET. THIS IS EXPERIMENTAL // CODE BROUGHT OVER FROM CollegeInfoDesk. //// function getNumThreads($username=""){ $retVal = 0; $user = getUser(); if(($username == "") && $user->isLoggedIn()){ $username = $user->getUsername(); } $queryString = "SELECT COUNT(*) AS numThreads FROM threads WHERE "; $queryString.= "(user1='$username' AND delBy1=0 AND unreadBy1=1) OR "; $queryString.= "(user2='$username' AND delBy2=0 AND unreadBy2=1)"; $retVal = simpleQuery($queryString); return $retVal; } // end getNumThreads(...) //// // Displays a customizable feedback form for various places on the site. //// function feedbackForm($subject="", $message="", $formName='feedbackForm', $action='', $showUrgency=true){ $action = ($action==""?$_SERVER['PHP_SELF']:$action); ?>
Urgency:
Subject:
Message:


isLoggedIn()){ print "*You are not logged in. Please include your email address in the message if you would like a response from us."; } ?>
getUserString()."
URGENCY: $defcon
SUBJECT: $subject
MESSAGE:
$message"; logEvent($message, $defcon); $successStr = ($successStr!=""?$successStr:"Your message has been sent.

We will address the message very shortly.
Thank you for your input!"); dispSuccess($successStr); $retVal = true; } } return $retVal; } // end processFeedback() ?>