<?php
authorize();
if (!check_perms('users_give_donor')) {
error(403);
}
if (!is_number($_POST['id']) || !is_numeric($_POST['donation_amount']) || empty($_POST['donation_currency'])) {
error(404);
}
$ConvID = (int) $_POST['id'];
$DB->query("\n\tSELECT c.Subject, c.UserID, c.Level, c.AssignedToUser, c.Unread, c.Status, u.Donor\n\tFROM staff_pm_conversations AS c\n\t\tJOIN users_info AS u ON u.UserID = c.UserID\n\tWHERE ID = {$ConvID}");
list($Subject, $UserID, $Level, $AssignedToUser, $Unread, $Status, $Donor) = $DB->next_record();
if ($DB->record_count() == 0) {
error(404);
}
$Message = "Thank for for helping to support the site. It's users like you who make all of this possible.";
if ((int) $Donor === 0) {
$Message .= ' Enjoy your new love from us!';
} else {
$Message .= ' ';
}
/*
$DB->query("
INSERT INTO staff_pm_messages
(UserID, SentDate, Message, ConvID)
VALUES
(".$LoggedUser['ID'].", '".sqltime()."', '".db_string($Message)."', $ConvID)");
*/
$DB->query("\n\tUPDATE staff_pm_conversations\n\tSET Date = '" . sqltime() . "',\n\t\tUnread = true,\n\t\tStatus = 'Resolved',\n\t\tResolverID = " . $LoggedUser['ID'] . "\n\tWHERE ID = {$ConvID}");
Donations::donate($UserID, array("Source" => "Staff PM", "Price" => $_POST['donation_amount'], "Currency" => $_POST['donation_currency'], "Reason" => $_POST['donation_reason'], "SendPM" => true));
header('Location: staffpm.php');
