45 lines
1.3 KiB
PHP
45 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('HTTP/1.1 403 Forbidden');
|
|
exit("Access denied.");
|
|
}
|
|
|
|
$sender_user_id = $_SESSION['user_id'];
|
|
$recipient_user_id = isset($_POST['recipient_user_id']) ? (int)$_POST['recipient_user_id'] : 0;
|
|
$subject = isset($_POST['subject']) ? trim($_POST['subject']) : '';
|
|
$body = isset($_POST['body']) ? trim($_POST['body']) : '';
|
|
|
|
$redirect_url = 'messages.php';
|
|
if ($_SESSION['user_role'] === 'staff') {
|
|
$redirect_url = 'staff_dashboard.php';
|
|
} elseif ($_SESSION['user_role'] === 'partner') {
|
|
$redirect_url = 'partner_dashboard.php';
|
|
}
|
|
|
|
|
|
if ($recipient_user_id === 0 || empty($subject) || empty($body)) {
|
|
// Basic validation failed
|
|
header("Location: " . $redirect_url . "?error=empty_message");
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("INSERT INTO messages (sender_user_id, recipient_user_id, subject, body) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$sender_user_id, $recipient_user_id, $subject, $body]);
|
|
|
|
header("Location: " . $redirect_url . "?success=message_sent");
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
// In a real app, log this error.
|
|
header("Location: " . $redirect_url . "?error=db_error");
|
|
exit;
|
|
} |