db->query($sql, array(0, $data['name'], 0, 0, $data['subject'], $data['message']));
}
public function get_drafts($userid)
{
$sql = "SELECT * FROM mail_drafts WHERE userid='$userid'";
$q = $this->db->query($sql);
if (!$q->num_rows()) {
return false;
}
return $q->result_array();
}
public function get_draft($id, $userid)
{
$sql = "SELECT * FROM mail_drafts WHERE id = ?";
$q = $this->db->query($sql, array($id));
if (!$q->num_rows()) {
return false;
}
$res = $q->row_array();
if ($res['userid'] != $userid) {
return false;
}
return $res;
}
public function delete_draft($id, $userid)
{
$sql = "DELETE FROM mail_drafts WHERE id = ? AND userid = ?";
$this->db->query($sql, array($id, $userid));
}
public function get_inbox($userid, $new)
{
$sql = "SELECT mails.*,users.username FROM mails
LEFT JOIN users on mails.sender=users.id
WHERE owner='$userid'
ORDER BY time DESC";
$q = $this->db->query($sql);
if (!$q->num_rows()) {
return false;
}
$res = $q->result_array();
if (!$new) {
return $res;
}
$found = false;
foreach ($res as $row) {
if ($row['new']) {
$found = true;
break;
}
}
if ($found) {
return $res;
}
$sql = "UPDATE users SET new_mail='0' WHERE id='$userid'";
$this->db->query($sql);
return $res;
}
public function send_message($data, $userid)
{
$sql = "SELECT * FROM users WHERE username = ?";
$q = $this->db->query($sql, array($data['name']));
if (!$q->num_rows()) {
return;
}
$res = $q->row_array();
$data['subject'] = htmlspecialchars($data['subject'], ENT_HTML5, 'UTF-8');
if (strlen($data['subject']) >= 45) {
$data['subject'] = (substr($data['subject'], 0, 45) . '...');
}
//determining line endings
$w = substr_count($data['message'], "\r\n");
if ($w) {
$exp = "\r\n";
} else {
$exp = "\n";
}
$message = explode($exp, $data['message']);
if ($message) {
$d = "";
foreach ($message as $row) {
if (strlen($row) > 70) {
//split into multiple lines
for ($i = 0; $i <= (floor(strlen($row) / 70)); $i++) {
$sub = substr($row, (0 + ($i * 70)), 70);
$d .= $sub;
if (strlen($sub) == 70) {
$d .= "«";
}
$d .= "\r\n";
}
} else {
$d .= $row . "\r\n";
}
}
$data['message'] = $d;
}
$data['message'] = htmlspecialchars($data['message'], ENT_HTML5, 'UTF-8');
$breaks = array("\r\n", "\n");
$text = str_ireplace($breaks, "
", $data['message']);
$sql = "INSERT INTO mails VALUES(default,
'" . $res['id'] . "', '$userid', '" . time() . "', ?, ?, '1')";
$this->db->query($sql, array($data['subject'], $text));
$sql = "UPDATE users SET new_mail='1' WHERE id='" . $res['id'] . "'";
$this->db->query($sql);
//saving mail to sent
//id, userid, to_id, to, time, subject, body
$sql = "INSERT INTO mail_sent VALUES(default, ?, ?, ?, " . time(). ", ?, ?)";
$sent = array($userid, $res['id'], $res['username'], $data['subject'], $data['message']);
$this->db->query($sql, $sent);
}
public function get_mail($id, $userid, $edit = false)
{
//querying userid here, so if the user types a random id into the browser bar, it won't return anything
$sql = "SELECT mails.*,users.username FROM mails
LEFT JOIN users ON mails.sender=users.id
WHERE mails.id = ? AND mails.owner = ?";
$q = $this->db->query($sql, array($id, $userid));
if (!$q->num_rows()) {
return false;
}
$res = $q->row_array();
if ($res['new']) {
//userid is correct we can query with just the id
$sql = "UPDATE mails SET new='0' WHERE id = ?";
$this->db->query($sql, array($id));
}
if ($edit) {
//just in case
$breaks = array("
","
","
");
$data['body'] = str_ireplace($breaks, "\r\n", $data['body']);
$data['body'] = htmlspecialchars_decode($data['body'], ENT_HTML5, 'UTF-8');
$data['subject'] = htmlspecialchars_decode($data['subject'], ENT_HTML5, 'UTF-8');
}
return $res;
}
public function get_sent($id, $userid)
{
//querying userid here, so if the user types a random id into the browser bar, it won't return anything
$sql = "SELECT * FROM mail_sent WHERE id = ? AND userid = ?";
$q = $this->db->query($sql, array($id, $userid));
if (!$q->num_rows()) {
return false;
}
return $q->row_array();
}
public function get_all_sent($userid)
{
$sql = "SELECT * FROM mail_sent WHERE userid = ?";
$q = $this->db->query($sql, array($userid));
if (!$q->num_rows()) {
return false;
}
return $q->result_array();
}
}
//nowhitesp