pms.php

本代码是为客户联系管理而做的系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: pms.php,v $
// | $Date: 2004/02/10 01:34:30 $
// | $Revision: 1.20 $
// +-------------------------------------------------------------+
// | File Details:
// | - Private message viewer
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

tech_nav('teamwork');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "view";
}

// globalise variables
$global = array	(
			array('id')			// ticketid
);
rg($global);

############################### ACTIONS ###############################

if ($_REQUEST['do'] == "actions") {
	if (is_array($_REQUEST['doaction'])) {
		foreach ($_REQUEST['doaction'] AS $key => $var) {
			if ($var = 1) {
				if ($_REQUEST['type'] == "delete") {
					$db->query("DELETE FROM pm_relations WHERE pmid = '$key' AND techid = '$user[id]'");
				
					// check if we need to delete the source
					$total = $db->query_return("SELECT COUNT(*) AS total FROM pm_relations WHERE pmid = '$key'");
					if ($total[total] < 1) {
						$db->query("DELETE FROM pm_source WHERE id = '$key'");
					}
				} elseif ($_REQUEST['type'] == "markread") {
					$db->query("UPDATE pm_relations SET is_read = 1 WHERE pmid = '$key' AND techid = '$user[id]'");
				} elseif ($_REQUEST['type'] == "markunread") {
					$db->query("UPDATE pm_relations SET is_read = 0 WHERE pmid = '$key' AND techid = '$user[id]'");
				}
			}
		}
	}
	$_REQUEST['do'] = "view";
}

############################### READ ###############################

if ($_REQUEST['do'] == "read") {
	$pm = $db->query_return("SELECT pm_source.*, pm_relations.is_read, tech.username FROM pm_relations
				LEFT JOIN pm_source ON (pm_source.id = pm_relations.pmid)
				LEFT JOIN tech ON (pm_source.fromid = tech.id)
				WHERE pm_relations.techid = '$user[id]' AND pm_relations.pmid = '$id'
			");

	// update read status
	if (!$pm[is_read]) {
		$db->query("UPDATE pm_relations SET is_read = '1' WHERE pmid = '$id' AND techid = '$user[id]'");
	}

	// display pm

	$table[] = table_midheader('The Private message');

	$table[] = array('<b>Message From</b>', $pm[username]);
	$table[] = array('<b>Subject</b>', $pm[title]);
	$table[] = array('<b>Date Sent</b>', our_date($pm[timestamp]));
	$table[] = array('<b>Message</b>', $pm[message]);

	$table[] = table_midheader('Reply to this private message');

	$table[] = array(table_thelp('<b>Message Title</b>', 'Private Messages', 'Send: Message Title'), form_input('title', "Re: " . $pm[title]));
	$table[] = array(table_thelp('<b>Send To</b>', 'Private Messages', 'Send: Send To'), "<I>" . $pm[username] . "</I>");
	$table[] = array(table_thelp('<b>Message</b>', 'Private Messages', 'Send: Message'), form_textarea('message', 80, 10, $_REQUEST[message]));

	table_header('Your private message', 'pms.php', array('do' => 'add2', 'to[]' => $pm[fromid]));
	table_content('', $table, '', '', iff($error, '<b><font color="red">You have not completed all the necessary fields</font></b><br /><br />'));
	table_footer('Send Message');
}

############################### SEND (2) ###############################

if ($_REQUEST['do'] == "add2") {
	if ($_REQUEST[title] AND $_REQUEST[message] AND (is_array($_REQUEST[to]))) {
		$checks = xss_check(array($_REQUEST['message'], $_REQUEST['title']), 'tech');

		$db->query("INSERT INTO pm_source SET
			message = '" . mysql_escape_string($checks[0]) . "',
			title = '" . mysql_escape_string($checks[1]) . "',
			fromid = '$user[id]',
			timestamp = '" . mktime() . "'
		");
		$title = $_REQUEST['title'];
		$message = wordwrap($_REQUEST['message']);
		$sender = $user['username'];
		$id = $db->last_id();

		$emails = $db->query_return_array_id("SELECT id, email, username, email_pm FROM tech ORDER BY id");

		foreach ($_REQUEST['to'] AS $key => $var) {
				
			$db->query("INSERT INTO pm_relations SET
				techid = '" . intval($var) . "',
				pmid = '$id'
			");
			if ($emails[$var]['email_pm']) {
				$username = $emails[$var]['username'];
				eval(makeemaileval('body', 'TECHBODY_newpm', $subject));
				dp_mail($emails[$var]['email'], $subject, $body);
			}
		}

		jump('pms.php', 'Your private message has been sent');

	} else {
		$_REQUEST['do'] = "send";
		$error = 1;
	}
}

############################### SEND FORM ###############################

if ($_REQUEST['do'] == "send") {
	$db->query("SELECT username, id FROM tech WHERE id != '$user[id]'");
	while ($result = $db->row_array()) {
		$tech[$result[id]] = $result[username];
	}

	$table[] = array(table_thelp('<b>Message Title</b>', 'Private Messages', 'Send: Message Title'), form_input('title', $_REQUEST[title]));
	$table[] = array(table_thelp('<b>Send To</b>', 'Private Messages', 'Send: Send To'), form_select('to', $tech, '', $toid, '', '', 5));
	$table[] = array(table_thelp('<b>Message</b>', 'Private Messages', 'Send: Message'), form_textarea('message', 80, 10, $_REQUEST[message]));

	table_header('Send new private message', 'pms.php', array('do' => 'add2'));
	table_content('', $table, '', '', iff($error, '<b><font color="red">You have not completed all the necessary fields</font></b><br /><br />'));
	table_footer('Send Message');
}

############################### VIEW ###############################

if ($_REQUEST['do'] == "view") { // read or unread
	$db->query("SELECT pm_source.*, tech.username FROM pm_relations
				LEFT JOIN pm_source ON (pm_source.id = pm_relations.pmid)
				LEFT JOIN tech ON (pm_source.fromid = tech.id)
				WHERE pm_relations.techid = '$user[id]' AND " . iff($_REQUEST[is_read], 'is_read', '!is_read') . "
				ORDER BY pm_source.timestamp
				");
	
	while ($pm = $db->row_array()) {
		$table[] = array(form_checkbox_single($pm[id], 1, '', 'doaction'), $pm[title], $pm[username], our_date($pm[timestamp]), "<a href=\"pms.php?do=read&id=$pm[id]\">view</a>");
	}

	if ($_REQUEST[is_read]) {
		$array_type = array('delete' => 'Delete', 'markunread' => 'Mark Unread');
	} else {
		$array_type = array('delete' => 'Delete', 'markread' => 'Mark Read');
	}

	$width = array('20');
	$cols = array('<input type="checkbox" name="allbox" onclick="checkall(this.form);" />', 'Title', 'From', 'Date Sent', 'View');
	table_header(iff($_REQUEST[is_read], "Read Private Messages", "Unread Private Messages"), 'pms.php', array('do' => 'actions', 'is_read' => $_REQUEST[is_read]));
	table_content($cols, $table, '', '', '', '', $width);
	table_footer('Submit', 'Left', form_select('type', $array_type));

	echo "<br /><br />" . thelp('Private Messages', 'Viewing') . "<br /><br />";
	echo iff($_REQUEST[is_read], "<a href=\"pms.php?do=view&is_read=0\">View Unread PMs</a>", "<a href=\"pms.php?do=view&is_read=1\">View Read PMs</a>");
}

tech_footer();
?>