prepare("SELECT m.*, u1.full_name as assigned_name, u2.full_name as creator_name, s.name as status_name, s.color as status_color FROM mailbox m LEFT JOIN users u1 ON m.assigned_to = u1.id LEFT JOIN users u2 ON m.created_by = u2.id LEFT JOIN mailbox_statuses s ON m.status_id = s.id WHERE m.id = ?"); $stmt->execute([$id]); $mail = $stmt->fetch(); if (!$mail) redirect('index.php'); // Check if user has view permission for this mail type if (!canView($mail['type'])) { redirect('index.php'); } // Security check for internal mail: only sender or recipient can view // Even admins should only see their own internal mail for privacy if ($mail['type'] === 'internal') { if ($mail['created_by'] != $_SESSION['user_id'] && $mail['assigned_to'] != $_SESSION['user_id']) { redirect('internal_inbox.php'); } } $success = ''; $error = ''; // Handle Comment submission if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_comment'])) { // For internal mail, users can always comment if involved. For others, check edit permission. if ($mail['type'] !== 'internal' && !canEdit($mail['type'])) { $error = 'عذراً، ليس لديك الصلاحية لإضافة تعليقات'; } else { $comment = $_POST['comment'] ?? ''; $referred_user_id = $_POST['referred_user_id'] ?: null; if ($comment) { $stmt = db()->prepare("INSERT INTO comments (mail_id, user_id, comment, referred_user_id) VALUES (?, ?, ?, ?)"); $stmt->execute([$id, $_SESSION['user_id'], $comment, $referred_user_id]); // Send email notification if referred if ($referred_user_id) { $stmt_u = db()->prepare("SELECT email, full_name FROM users WHERE id = ?"); $stmt_u->execute([$referred_user_id]); $referred_user = $stmt_u->fetch(); if ($referred_user && !empty($referred_user['email'])) { $sender_name = $_SESSION['name'] ?? 'زميلك'; $mail_subject = "إحالة بريد: " . $mail['subject']; $mail_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]" . dirname($_SERVER['PHP_SELF']) . "/view_mail.php?id=" . $id; $html = "

مرحباً " . htmlspecialchars($referred_user['full_name']) . "

قام " . htmlspecialchars($sender_name) . " بإحالة بريد إليك مع التعليق التالي:

" . nl2br(htmlspecialchars($comment)) . "

تفاصيل البريد:

عرض البريد

"; $txt = "قام {$sender_name} بإحالة بريد إليك: {$mail['subject']}\n\nالتعليق: {$comment}\n\nعرض البريد: {$mail_link}"; MailService::sendMail($referred_user['email'], $mail_subject, $html, $txt); } } $_SESSION['success'] = 'تم إضافة التعليق بنجاح'; redirect("view_mail.php?id=$id"); } } } // Handle Attachment upload if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['attachment'])) { if ($mail['type'] !== 'internal' && !canEdit($mail['type'])) { $error = 'عذراً، ليس لديك الصلاحية لرفع مرفقات'; } else { $file = $_FILES['attachment']; $display_name = $_POST['display_name'] ?? ''; if ($file['error'] === 0) { $upload_dir = 'uploads/attachments/'; if (!is_dir($upload_dir)) mkdir($upload_dir, 0777, true); $file_name = time() . '_' . basename($file['name']); $target_path = $upload_dir . $file_name; if (move_uploaded_file($file['tmp_name'], $target_path)) { $stmt = db()->prepare("INSERT INTO attachments (mail_id, display_name, file_path, file_name, file_size) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$id, $display_name, $target_path, $file['name'], $file['size']]); $_SESSION['success'] = 'تم رفع الملف بنجاح'; redirect("view_mail.php?id=$id"); } else { $error = 'فشل في رفع الملف'; } } } } // Handle Attachment deletion if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_attachment'])) { if ($mail['type'] !== 'internal' && !canDelete($mail['type'])) { $error = 'عذراً، ليس لديك الصلاحية لحذف المرفقات'; } else { $attachment_id = $_POST['attachment_id'] ?? 0; if ($attachment_id) { $stmt = db()->prepare("SELECT * FROM attachments WHERE id = ?"); $stmt->execute([$attachment_id]); $attachment = $stmt->fetch(); if ($attachment) { // Delete file from disk if (file_exists($attachment['file_path'])) { unlink($attachment['file_path']); } // Delete record from DB $stmt = db()->prepare("DELETE FROM attachments WHERE id = ?"); $stmt->execute([$attachment_id]); $_SESSION['success'] = 'تم حذف المرفق بنجاح'; redirect("view_mail.php?id=$id"); } } } } // Get session messages if (isset($_SESSION['success'])) { $success = $_SESSION['success']; unset($_SESSION['success']); } if (isset($_SESSION['error'])) { $error = $_SESSION['error']; unset($_SESSION['error']); } $comments = db()->prepare("SELECT c.*, u.full_name, ru.full_name as referred_name FROM comments c LEFT JOIN users u ON c.user_id = u.id LEFT JOIN users ru ON c.referred_user_id = ru.id WHERE c.mail_id = ? ORDER BY c.created_at DESC"); $comments->execute([$id]); $mail_comments = $comments->fetchAll(); $attachments = db()->prepare("SELECT * FROM attachments WHERE mail_id = ? ORDER BY created_at DESC"); $attachments->execute([$id]); $mail_attachments = $attachments->fetchAll(); // Fetch all users for referral dropdown (excluding current user) $stmt_users = db()->prepare("SELECT id, full_name, role FROM users WHERE id != ? ORDER BY full_name ASC"); $stmt_users->execute([$_SESSION['user_id']]); $all_users = $stmt_users->fetchAll(); // Helper to check previewable files function isPreviewable($fileName) { $ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION)); return in_array($ext, ['pdf', 'png', 'jpg', 'jpeg', 'gif', 'webp']); } $type_label = 'بريد وارد'; if ($mail['type'] == 'outbound') $type_label = 'بريد صادر'; if ($mail['type'] == 'internal') $type_label = 'رسالة داخلية'; $back_link = $mail['type'] . '.php'; if ($mail['type'] == 'internal') { $back_link = ($mail['created_by'] == $_SESSION['user_id']) ? 'internal_outbox.php' : 'internal_inbox.php'; } ?>

تفاصيل

عودة للقائمة تعديل البيانات
المعلومات الأساسية

غير محدد

لا يوجد محتوى إضافي'; } else { echo nl2br(htmlspecialchars($mail['description'] ?: 'لا يوجد محتوى إضافي')); } ?>

الردود والمتابعة
سيتم إرسال تنبيه عبر البريد الإلكتروني للموظف المحال إليه.
إحالة إلى:

لا توجد ردود بعد

المرفقات
KB

لا توجد مرفقات