<?php authorize(); if (!check_perms('users_give_donor')) { error(403); } if (!is_number($_POST['id']) || !is_numeric($_POST['donation_amount']) || empty($_POST['donation_currency'])) { error(404); } $ConvID = (int) $_POST['id']; $DB->query("\n\tSELECT c.Subject, c.UserID, c.Level, c.AssignedToUser, c.Unread, c.Status, u.Donor\n\tFROM staff_pm_conversations AS c\n\t\tJOIN users_info AS u ON u.UserID = c.UserID\n\tWHERE ID = {$ConvID}"); list($Subject, $UserID, $Level, $AssignedToUser, $Unread, $Status, $Donor) = $DB->next_record(); if ($DB->record_count() == 0) { error(404); } $Message = "Thank for for helping to support the site. It's users like you who make all of this possible."; if ((int) $Donor === 0) { $Message .= ' Enjoy your new love from us!'; } else { $Message .= ' '; } /* $DB->query(" INSERT INTO staff_pm_messages (UserID, SentDate, Message, ConvID) VALUES (".$LoggedUser['ID'].", '".sqltime()."', '".db_string($Message)."', $ConvID)"); */ $DB->query("\n\tUPDATE staff_pm_conversations\n\tSET Date = '" . sqltime() . "',\n\t\tUnread = true,\n\t\tStatus = 'Resolved',\n\t\tResolverID = " . $LoggedUser['ID'] . "\n\tWHERE ID = {$ConvID}"); Donations::donate($UserID, array("Source" => "Staff PM", "Price" => $_POST['donation_amount'], "Currency" => $_POST['donation_currency'], "Reason" => $_POST['donation_reason'], "SendPM" => true)); header('Location: staffpm.php');