<?php

if (is_numeric($_GET['id'])) {
    $id = mysqli_real_escape_string($dbconn, $_GET['id']);
    $result = dbQuery("SELECT * FROM users WHERE record_num = '$id'");
} else {
    $id = mysqli_real_escape_string($dbconn, $_GET['id']);
    $result = dbQuery("SELECT * FROM users WHERE username = '$id'");
}

if (count($result) < 1) {
    pageNotFound();
}

$urow = $result[0];
$id = $urow['record_num'];

//send PM
if (isset($_POST['send'])) {
    if ($_POST['subject'] && $_POST['text'] && $_POST['captchaaa'] == $_SESSION['captcha']) {
        $from = $_SESSION['userid'];
        $to = $urow['record_num'];
        $subject = htmlspecialchars(strip_tags(mysqli_real_escape_string($dbconn, $_POST['subject'])));
        $text = htmlspecialchars(strip_tags(mysqli_real_escape_string($dbconn, $_POST['text'])));
        dbQuery("INSERT INTO mail(from_user,to_user,subject,body,date_sent,recipient_read,recipient_deleted,sender_deleted,sender_ip) 
                     VALUES('" . $from . "','" . $to . "','" . $subject . "','" . $text . "','" . date("Y-m-d H:i:s") . "','0','0','0','" . $_SERVER['REMOTE_ADDR'] . "')", false);

        sendEmail('new-message', $urow['record_num']);
        setMessage(_t("Success! Your message has been sent."), "success");
    } else {
        setMessage(_t("All fields are mandatory."), 'error');
    }
}

if ($_SESSION['userid'] && ($urow[record_num] !== $_SESSION['userid'])) {
    $friend = dbValue("SELECT `approved` FROM `friends` WHERE `user` = '{$_SESSION['userid']}' AND `friend` = '{$id}'", 'approved');
}

$_meta['user_name'] = $profusername = ucwords($urow['username']);
$_meta['description'] = $urow['description'];
$custom = unserialize($urow['custom']);
?>