function print_message($thread, $msg)
{
global $template_dir, $user, $forum;
global $tpl;
/* hack to get current page */
$mtpl = new Template($template_dir, "comment");
$mtpl->set_file("message", "message.tpl");
message_set_block($mtpl);
$iid = mid_to_iid($msg['mid']);
if (isset($iid)) {
$sql = "update f_messages{$iid} set views = views + 1 where mid = ?";
db_exec($sql, array($msg['mid']));
}
$uuser = new ForumUser($msg['aid']);
$mtpl->set_var("parent", "");
render_message($mtpl, $msg, $user, $uuser);
/* in threaded mode, subject is a link. override MSG_SUBJECT set above. */
$mtpl->set_var("MSG_SUBJECT", "<a href=\"../msgs/" . $msg['mid'] . ".phtml\" name=\"" . $msg['mid'] . "\">" . $msg['subject'] . "</a>");
$mtpl->set_var("FORUM_SHORTNAME", $forum['shortname']);
$mtpl->set_var("PAGE", $tpl->get_var('PAGE'));
$mtpl->parse("MESSAGE", "message");
return $mtpl->get_var("MESSAGE");
}
function render_message_page($message_id, $in_reply_to = 0)
{
if (isset($_SESSION["user_id"])) {
$mysqli = db_connect();
$overall_total_sql = "SELECT COUNT(Id) AS NumMessages FROM Messages WHERE ToUserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND ToStatus=0 AND ReadFlag=0";
$overall_total_result = $mysqli->query($overall_total_sql);
$overall_total_row = $overall_total_result->fetch_assoc();
$overall_total = $overall_total_row["NumMessages"] > 0 ? " (" . $overall_total_row["NumMessages"] . ")" : "";
$inbox_total_sql = "SELECT COUNT(Id) AS NumMessages FROM Messages WHERE ToUserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND ToStatus=0 AND Type=0 AND ReadFlag=0";
$inbox_total_result = $mysqli->query($inbox_total_sql);
$inbox_total_row = $inbox_total_result->fetch_assoc();
$inbox_total = $inbox_total_row["NumMessages"] > 0 ? " (" . $inbox_total_row["NumMessages"] . ")" : "";
$notification_total_sql = "SELECT COUNT(Id) AS NumMessages FROM Messages WHERE ToUserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND ToStatus=0 AND Type>0 AND ReadFlag=0";
$notification_total_result = $mysqli->query($notification_total_sql);
$notification_total_row = $notification_total_result->fetch_assoc();
$notification_total = $notification_total_row["NumMessages"] > 0 ? " (" . $notification_total_row["NumMessages"] . ")" : "";
$html = render_header("Message");
$html .= "<div class=\"bg_menu_wrapper\">\n" . "<ul class=\"bg_menu\">\n" . "<li><a href=\"/messages/compose\" title=\"Compose\">Compose</a></li>\n" . "<li><a href=\"/messages/all\" title=\"All\">All" . $overall_total . "</a></li>\n" . "<li><a href=\"/messages/inbox\" title=\"Inbox\">Inbox" . $inbox_total . "</a></li>\n" . "<li><a href=\"/messages/outbox\" title=\"Outbox\">Outbox</a></li>\n" . "<li><a href=\"/messages/notifications\" title=\"Notifications\">Notifications" . $notification_total . "</a></li>\n" . "<li><a href=\"/messages/trash\" title=\"Trash\">Trash</a></li>\n" . "<li class=\"selected\">Message</li>\n" . "</ul>\n" . "<div class=\"clear\"></div>\n" . "</div>\n";
$html .= "<div id=\"header\">\n" . "<h1>Message</h1>\n" . "</div> <!-- #header -->\n" . "<div id=\"messages\">\n";
// fetch the message
$sql = "SELECT Messages.RootId" . " FROM Messages" . " WHERE Messages.Id=" . $mysqli->real_escape_string($message_id) . " AND (Messages.ToUserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " OR Messages.FromUserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . ")";
$message_result = $mysqli->query($sql);
if ($message_result->num_rows > 0) {
$message_row = $message_result->fetch_assoc();
// get the messages matching the root id
$sql = "SELECT Messages.*,FromUsers.Username As FromUsersUsername, FromUsers.Avatar AS FromUsersAvatar, ToUsers.Username As ToUsersUsername, ToUsers.Avatar AS ToUsersAvatar, ParentUsers.Username AS ParentUsersUsername, ParentMessages.Id AS ParentMessagesId" . " FROM Messages" . " INNER JOIN Users FromUsers ON Messages.FromUserId=FromUsers.Id" . " INNER JOIN Users ToUsers ON Messages.ToUserId=ToUsers.Id" . " LEFT OUTER JOIN Messages ParentMessages ON ParentMessages.Id=Messages.ParentId" . " LEFT OUTER JOIN Users ParentUsers ON ParentMessages.FromUserId=ParentUsers.Id" . " WHERE ((Messages.RootId=" . $mysqli->real_escape_string($message_row["RootId"]) . " AND Messages.Type=0) OR Messages.Id=" . $mysqli->real_escape_string($message_id) . ")" . " ORDER BY Created";
$message_result = $mysqli->query($sql);
$last_message_row = null;
while ($message_row = @$message_result->fetch_assoc()) {
$html .= "\n<div>\n\n" . render_message($message_row, false, $message_row["Id"] == $message_id ? true : false) . "</div> <!-- #messages -->\n";
if ($message_row["FromUserId"] != $_SESSION["user_id"]) {
$last_message_row = $message_row;
}
}
// Render the post message form
$html .= "<form method=\"POST\" action=\"/api/message/send\" enctype=\"multipart/form-data\">\n" . "<input type=\"hidden\" name=\"to\" value=\"" . $last_message_row["FromUsersUsername"] . "\" />\n" . "<input type=\"hidden\" name=\"in_reply_to\" value=\"" . ($in_reply_to > 0 ? $in_reply_to : $last_message_row["Id"]) . "\" />\n" . "<div class=\"message_form_wrapper\">\n" . "<div class=\"message_form\">\n" . "<h3>Message</h3>\n" . "<p>Write your message here... (supports <a href=\"http://daringfireball.net/projects/markdown/\">markdown</a>)</p>\n" . "<div><textarea id=\"message_body\" name=\"body\" rows=\"10\"></textarea></div>\n" . "<input type=\"submit\" value=\"Send\" />\n" . "</div> <!-- .message_form -->\n" . "</div> <!-- .message_form_wrapper -->\n" . "</form>\n" . "<a name='form'></a>\n" . "<script>\n" . "\$(\"#message_body\").focus();\n" . "</script>\n";
$html .= "</div> <!-- #messages -->\n";
} else {
// requested message not found
$html .= "<div class=\"message_form_wrapper\"><div class=\"message_form\"><h4>Message not found</h4></div></div>\n";
}
$html .= render_footer();
} else {
header("Location: /403");
}
return $html;
}
exit;
}
require_once "strip.inc";
require_once "message.inc";
$tpl->set_file(array("del" => "delete.tpl", "message" => "message.tpl", "forum_header" => array("forum/" . $forum['shortname'] . ".tpl", "forum/generic.tpl")));
$tpl->set_block("del", "disabled");
message_set_block($tpl);
$tpl->set_var("FORUM_NAME", $forum['name']);
$tpl->set_var("FORUM_SHORTNAME", $forum['shortname']);
$tpl->parse("FORUM_HEADER", "forum_header");
$iid = mid_to_iid($mid);
if (!isset($iid)) {
echo "Invalid message!\n";
exit;
}
$sql = "select * from f_messages{$iid} where mid = ?";
$msg = db_query_first($sql, array($mid));
if ($msg['aid'] != $user->aid) {
echo "This message does not belong to you!\n";
exit;
}
if (!isset($forum['option']['PostEdit'])) {
$tpl->set_var(array("image" => "", "preview" => "", "form" => "", "accept" => ""));
print generate_page('Delete Message Denied', $tpl->parse("CONTENT", "disabled"));
exit;
}
$tpl->set_var("disabled", "");
render_message($tpl, $msg, $user);
$tpl->set_var("PAGE", $_page);
$tpl->parse("PREVIEW", "message");
print generate_page('Delete Message', $tpl->parse("CONTENT", "del"));
render_message("../templates/message.php", ["message" => "Error: thread does not exist."]);
print htmlspecialchars($_GET["no"]);
// header("Refresh: 2; URL=/cs50chan/public/home.php");
}
if (isset($_POST)) {
//validate name field
if ($_POST["name"] == "") {
$name = "Anonymous";
} else {
$name = $_POST["name"];
}
//check if image exists
if ($_FILES["fileToUpload"]["name"] != "") {
$filename = $_FILES["fileToUpload"]["name"];
require "upload.php";
} else {
$filename = "";
}
// send post data to database
$post = query("INSERT INTO `cs50chan`.`posts` (`name`, `subject`, `email`, `date`, `op`, \t\t\n\t\t\t\t `post_number`, `image_file`, `post_content`, `thread_number`) VALUES (?, '', ?, NOW(), NULL,\n\t \t\t\t'', ?, ?, ?)", $name, $_POST["email"], $filename, $_POST["comment"], $_GET["no"]);
if ($post === false) {
render_message("../templates/message.php", ["message" => "Something went wrong!\n\n\t\t\t\t\t\t\tYour post was not submitted..."]);
print_r($post);
} else {
render_message("../templates/message.php", ["message" => "Post Successful!"]);
}
} else {
render_message("../templates/message.php", ["message" => "Something went wrong!\nYour post was not submitted..."]);
}
//Pause for 2 seconds before redirecting
header("Refresh: 2; URL=/cs50chan/public/thread.php?no=" . htmlspecialchars($_GET["no"]));
<?php
require "../includes/config.php";
//include functions, config
//take query string
//query mysql db for all posts in that thread
//populate mid section of page with posts according to date/time posted
//
if (isset($_GET["no"])) {
render("../templates/thread.php");
} else {
render_message("../templates/message.php", ["message" => "Error: thread does not exist."]);
header("Refresh: 2; URL=/cs50chan/public/home.php");
}