0 && !$_GET['a']) { $form_stage = 'compose'; $_GET['to'] = (int)$_GET['to']; } elseif ($_GET['a'] == 'send') $form_stage = 'send'; if (!$loggedin) $error = _t('_Register to send a message to this member popup'); db_connect(); if (!$error) { if ((is_numeric($_POST['reply_to']) && $_POST['reply_to']>0) || (is_numeric($_GET['reply_to']) && $_GET['reply_to']>0)) { $reply_to = ($_POST['reply_to'])?(int)$_POST['reply_to']:(int)$_GET['reply_to']; //if ($_POST['reply_to']) $reply_to = (int)$_POST['reply_to']; //else $reply_to = (int)$_GET['reply_to']; //is reply indication genuine? $q_reply = mysqli_query($db_link, "select `id` from `messages` where `id`=$reply_to and `to`={$_SESSION['member_id']} and `replied`=0") or die ('Failed to check reply status of msg: '.mysqli_error($db_link)); if (mysqli_num_rows($q_reply)) { $true_reply = 1; //has the member reached reply-msg limit: $msgs = mysqli_query($db_link, "select COUNT(`id`) as `msgs` from `members_activities` where `member`={$_SESSION['member_id']} and `activity`='reply_pm' and `time`>NOW() - INTERVAL 1 DAY") or die ('checking for reply-msg limits failed: '.mysqli_error($db_link)); $msgs = mysqli_fetch_assoc($msgs); $msgs = $msgs['msgs']; if ($msgs>=$website['daily_pm_limit']*100) $error = _t('_Daily reply-msg limit reached error');//allow more for reply-msg } } if (!$true_reply) {////not a reply? normal count applies $msgs = mysqli_query($db_link, "select COUNT(`id`) as `msgs` from `members_activities` where `member`={$_SESSION['member_id']} and `activity`='pm' and `time`>NOW() - INTERVAL 1 DAY") or die ('checking for msg limits failed: '.mysqli_error($db_link)); $msgs = mysqli_fetch_assoc($msgs); $msgs = $msgs['msgs']; if ($msgs>=$website['daily_pm_limit']) $error = _t('_Daily msg limit reached error'); } } if ($form_stage == 'compose' && !$error) { //validate: (actual action is below) if ((int)$_GET['to'] == $_SESSION['member_id']) $error = _t('_You cannot send message to yourself'); if (!is_numeric($_GET['to'])) $error = _t('_Invalid member reference given'); if (!$error) { $sender = mysqli_query($db_link, "select `email_status`, `status`, `username`, `has_photo`, `dob` from `profiles` where `id`={$_SESSION['member_id']}") or die ('db error: '.mysqli_error($db_link)); $sender = mysqli_fetch_assoc($sender); if ($sender['status'] != 1) $error = _t('_Inactive member sending msg'); elseif ($sender['email_status'] != 1 && (int)$_GET['to'] != 1) $error = _t('_Unconfirmed email sending msg');//can msg admin for support etc... (assuming to ADMIN member id remains 1) } if (!$error) { $recipient = mysqli_query($db_link, "select `id`, `username`, `status`, `email_status`, `age_range_min`, `age_range_max`, `restrict_age_range`, `restrict_no_photo`, `language`, `last_seen`, `country`, `country2` from `profiles` where `id`={$_GET['to']}") or die ("Profile Error: ".mysqli_error($db_link)); $recipient = mysqli_fetch_assoc($recipient); clear4html($recipient); if (!is_array($recipient)) $error = _t('_Member was not found'); elseif ($recipient['status'] != 1) $error = _t('_This profile is currently inactive'); //elseif ($recipient['email_status'] != 1 && $loggedin != 'admin') $error = _t('_This member has not verified their email yet'); } if (!$error) { //has the recipient blocked the sender: $blocked = mysqli_query($db_link, "select `blocked` from `blocks` where `member`={$recipient['id']} and `blocked`={$_SESSION['member_id']} limit 1") or die ('checking for blocked failed (2): '.mysqli_error($db_link)); if (mysqli_num_rows($blocked)) $error = _t('_This member does not wish to communicate with you'); } if (!$error) { //has the sender blocked the recipient: $blocked = mysqli_query($db_link, "select `blocked` from `blocks` where `member`={$_SESSION['member_id']} and `blocked`={$recipient['id']} limit 1") or die ('checking for blocked failed: '.mysqli_error($db_link)); if (mysqli_num_rows($blocked)) $error = _t('_Sending msg to blocked member'); } if (!$error) { if ($recipient['restrict_age_range']>0 || $recipient['restrict_no_photo'] >0) require_once('site/inc/inc-profile-settings.php'); //get_age function is here if ($_SESSION['member_id'] !=1 && ($recipient['restrict_no_photo'] >0 && $sender['has_photo'] == 0) || ($recipient['restrict_age_range'] > 0 && (get_age($sender['dob'])< $recipient['age_range_min'] || get_age($sender['dob'])> $recipient['age_range_max']))) { //restrictions in place, now check if there is a msg from recipient $q_r = mysqli_query($db_link, "SELECT `id` FROM `messages` WHERE `box`='inbox' AND `from`={$recipient['id']} AND `to`={$_SESSION['member_id']} LIMIT 1") or die(mysqli_error($db_link)); if (mysqli_num_rows($q_r)!=1) {//rec never wrote or replied so enforce the rests. if ($recipient['restrict_no_photo'] == 2 && $sender['has_photo'] == 0) {//recipient disallows those with no photo: $error = _t('_This member does not wish to get messages from profiles with no photos'); } elseif ($recipient['restrict_no_photo'] == 1 && $sender['has_photo'] == 0) {//pre-warn instead $pre_warn = _t('_This member does not wish to get messages from profiles with no photos warn'); } if ($recipient['restrict_age_range'] == 2 && (get_age($sender['dob'])< $recipient['age_range_min'] || get_age($sender['dob'])> $recipient['age_range_max'])) {//outside recipient's age prefs $error .= '
'._t('_This member does not wish to get messages from people of your age'); } elseif ($recipient['restrict_age_range'] == 1 && (get_age($sender['dob'])< $recipient['age_range_min'] || get_age($sender['dob'])> $recipient['age_range_max'])) {//pre-warn instead $pre_warn .= '
'._t('_This member does not wish to get messages from people of your age warn'); } } } } } elseif ($form_stage == 'send' && !$error) { if (!isset($_POST['message']) || empty($_POST['message']) || strlen($_POST['message'])<2) $error = _t('_You have not entered a message'); else $_POST['message'] = trim($_POST['message']); //validate: (actual action is below) if ($_POST['s'] != $_SESSION['member_session_token']) $error = _t('_Authentication Error'); elseif (!is_numeric($_POST['to'])) $error = _t('_Invalid or missing member reference'); elseif ($_POST['to'] == $_SESSION['member_id']) $error = _t('_You cannot send message to yourself'); if (!$error) { //check sender's membership status $sender = mysqli_query($db_link, "select `email_status`, `status` from `profiles` where `id`={$_SESSION['member_id']}") or die (mysqli_error($db_link)); $sender = mysqli_fetch_assoc($sender); if ($sender['status'] != 1) $error = _t('_Inactive member sending msg'); elseif ($sender['email_status'] != 1 && (int)$_POST['to'] != 1) $error = _t('_Unconfirmed email sending msg'); } if (!$error) { $_POST['to'] = (int)$_POST['to']; $recipient = mysqli_query($db_link, "select `id`, `status`, `email_status`, `email_valid`, `email_notified`, `username`, `last_seen`, `email_new_msg`, `language`, `email`, `f` from `profiles` where `id`={$_POST['to']}") or die (mysqli_error($db_link)); $recipient = mysqli_fetch_assoc($recipient); //$recipient `username`, `email_new_msg`, `email` used in the new msg notification email below when the msg is registered //clear4html($member); if (!is_array($recipient)) $error = _t('_Member was not found'); elseif ($recipient['status'] != 1) $error = _t('_This profile is currently inactive'); //elseif ($recipient['email_status'] != 1 && $loggedin != 'admin') $error = _t('_This member has not verified their email yet'); } if (!$error) { //has the recipient blocked the sender: $blocked = mysqli_query($db_link, "select `blocked` from `blocks` where `member`={$recipient['id']} and `blocked`={$_SESSION['member_id']} limit 1") or die ('checking for blocked failed (2): '.mysqli_error($db_link)); if (mysqli_num_rows($blocked)) $error = _t('_This member does not wish to communicate with you'); } if (!$error) { //has the sender blocked the recipient: $blocked = mysqli_query($db_link, "select `blocked` from `blocks` where `member`={$_SESSION['member_id']} and `blocked`={$recipient['id']} limit 1") or die ('checking for blocked failed: '.mysqli_error($db_link)); if (mysqli_num_rows($blocked)) $error = _t('_Sending msg to blocked member'); } } ?>