//We check if the user is logged
if(isset($_SESSION['phone']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($_POST['title'], $_POST['recip'], $_POST['message']))
{
$otitle = $_POST['title'];
$orecip = $_POST['recip'];
$omessage = $_POST['message'];
$orecip = implode(' ,', $_POST['recip']);
echo $orecip;
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($_POST['title']!='' and $_POST['recip']!='' and $_POST['message']!='')
{
//We protect the variables
$title = mysqli_real_escape_string($conn, $otitle);
$recip = mysqli_real_escape_string($conn, $orecip);
$message = mysqli_real_escape_string($conn, nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysqli_fetch_array($conn->query('select count(id) as recip, id as recipid, (select count(*) from pm) as npm from registrationform where email="'.$recip.'" '));
if($dn1['recip']>=1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$id1)
{
$id = $dn1['npm']+1;
//We send the message
if($conn->query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$id1.'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '
';}
//We display the form
?>