".$lang_staffbox['text_staff_pm'].""); if ($count == 0) { stdmsg($lang_staffbox['std_sorry'], $lang_staffbox['std_no_messages_yet']); } else { begin_main_frame(); print("
"); print("\n"); print(""); $res = sql_query("SELECT staffmessages.id, staffmessages.added, staffmessages.subject, staffmessages.answered, staffmessages.answeredby, staffmessages.sender, staffmessages.answer FROM staffmessages ORDER BY id desc $limit"); while ($arr = mysql_fetch_assoc($res)) { if ($arr['answered']) { $answered = "".$lang_staffbox['text_yes']." - " . get_username($arr['answeredby']) . ""; } else $answered = "".$lang_staffbox['text_no'].""; $pmid = $arr["id"]; print("\n"); } print(""); print("
".$lang_staffbox['col_subject']." ".$lang_staffbox['col_sender']." ".$lang_staffbox['col_added']." ".$lang_staffbox['col_answered']." ".$lang_staffbox['col_action']."
".htmlspecialchars($arr['subject'])."" . get_username($arr['sender']) . "".gettime($arr['added'], true, false)."$answered
\n"); print("
"); echo $pagerbottom; end_main_frame(); } stdfoot(); } ////////////////////////// // VIEW PM'S // ////////////////////////// if ($action == "viewpm") { if (get_user_class() < $staffmem_class) permissiondenied(); $pmid = intval($_GET["pmid"] ?? 0); $ress4 = sql_query("SELECT * FROM staffmessages WHERE id=".sqlesc($pmid)); $arr4 = mysql_fetch_assoc($ress4); $answeredby = get_username($arr4["answeredby"]); if (is_valid_id($arr4["sender"])) { $sender = get_username($arr4["sender"]); } else $sender = $lang_staffbox['text_system']; $subject = htmlspecialchars($arr4["subject"]); if ($arr4["answered"] == 1){ $colspan = "3"; $width = "33"; } else{ $colspan = "2"; $width = "50"; } stdhead($lang_staffbox['head_view_staff_pm']); print("

".$lang_staffbox['text_staff_pm']."-->".$subject."

"); print(""); print(""); if ($arr4["answered"] == 1) print(""); print(""); print(""); if ($arr4["answered"] == 1) print(""); print(""); print(""); if ($arr4["answered"] == 1 && $arr4["answer"]) { print(""); } print(""); print("
".$lang_staffbox['col_from']."".$lang_staffbox['col_answered_by']."".$lang_staffbox['col_date']."
".$sender."".$answeredby."".gettime($arr4["added"])."
".format_comment($arr4["msg"])."
".format_comment($arr4["answer"])."
"); print(""); if ($arr4["answered"] == 0) print("[ ".$lang_staffbox['text_reply']." ] [ ".$lang_staffbox['text_mark_answered']." ] "); print("[ ".$lang_staffbox['text_delete']." ]"); print(""); print("
"); stdfoot(); } ////////////////////////// // ANSWER MESSAGE // ////////////////////////// if ($action == "answermessage") { if (get_user_class() < $staffmem_class) permissiondenied(); $answeringto = $_GET["answeringto"]; $receiver = intval($_GET["receiver"] ?? 0); int_check($receiver,true); $res = sql_query("SELECT * FROM users WHERE id=" . sqlesc($receiver)); $user = mysql_fetch_assoc($res); if (!$user) stderr($lang_staffbox['std_error'], $lang_staffbox['std_no_user_id']); $res2 = sql_query("SELECT * FROM staffmessages WHERE id=" . sqlesc($answeringto)); $staffmsg = mysql_fetch_assoc($res2); stdhead($lang_staffbox['head_answer_to_staff_pm']); begin_main_frame(); ?>
"> > > ".htmlspecialchars($staffmsg['subject'])."".$lang_staffbox['text_sent_by'].get_username($staffmsg['sender']); begin_compose($title, "reply", "", false); end_compose(); print("
"); end_main_frame(); stdfoot(); } ////////////////////////// // TAKE ANSWER // ////////////////////////// if ($action == "takeanswer") { if ($_SERVER["REQUEST_METHOD"] != "POST") die(); if (get_user_class() < $staffmem_class) permissiondenied(); $receiver = intval($_POST["receiver"] ?? 0); $answeringto = $_POST["answeringto"]; int_check($receiver,true); $userid = $CURUSER["id"]; $msg = trim($_POST["body"]); $message = sqlesc($msg); $added = "'" . date("Y-m-d H:i:s") . "'"; if (!$msg) stderr($lang_staffbox['std_error'], $lang_staffbox['std_body_is_empty']); sql_query("INSERT INTO messages (sender, receiver, added, msg) VALUES($userid, $receiver, $added, $message)") or sqlerr(__FILE__, __LINE__); sql_query("UPDATE staffmessages SET answer=$message, answered='1', answeredby='$userid' WHERE id=$answeringto") or sqlerr(__FILE__, __LINE__); $Cache->delete_value('staff_new_message_count'); header("Location: staffbox.php?action=viewpm&pmid=$answeringto"); die; } ////////////////////////// // DELETE STAFF MESSAGE // ////////////////////////// if ($action == "deletestaffmessage") { $id = intval($_GET["id"] ?? 0); if (!is_numeric($id) || $id < 1 || floor($id) != $id) die; if (get_user_class() < $staffmem_class) permissiondenied(); sql_query("DELETE FROM staffmessages WHERE id=" . sqlesc($id)) or die(); $Cache->delete_value('staff_message_count'); $Cache->delete_value('staff_new_message_count'); header("Location: " . get_protocol_prefix() . "$BASEURL/staffbox.php"); } ////////////////////////// // MARK AS ANSWERED // ////////////////////////// if ($action == "setanswered") { if (get_user_class() < $staffmem_class) permissiondenied(); $id = intval($_GET["id"] ?? 0); sql_query ("UPDATE staffmessages SET answered=1, answeredby = {$CURUSER['id']} WHERE id = $id") or sqlerr(); $Cache->delete_value('staff_new_message_count'); header("Refresh: 0; url=staffbox.php?action=viewpm&pmid=$id"); } ////////////////////////// // MARK AS ANSWERED #2 // ////////////////////////// if ($action == "takecontactanswered") { if (get_user_class() < $staffmem_class) permissiondenied(); if ($_POST['setdealt']){ $res = sql_query ("SELECT id FROM staffmessages WHERE answered=0 AND id IN (" . implode(", ", $_POST['setanswered']) . ")"); while ($arr = mysql_fetch_assoc($res)) sql_query ("UPDATE staffmessages SET answered=1, answeredby = {$CURUSER['id']} WHERE id = {$arr['id']}") or sqlerr(); } elseif ($_POST['delete']){ $res = sql_query ("SELECT id FROM staffmessages WHERE id IN (" . implode(", ", $_POST['setanswered']) . ")"); while ($arr = mysql_fetch_assoc($res)) sql_query ("DELETE FROM staffmessages WHERE id = {$arr['id']}") or sqlerr(); } $Cache->delete_value('staff_new_message_count'); header("Refresh: 0; url=staffbox.php"); } ?>