Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/PrivateMessages.php
changeset 209 8a00247d1dee
parent 192 9237767a23ae
child 326 ab66d6d1f1f4
equal deleted inserted replaced
208:c75ad574b56d 209:8a00247d1dee 
    33     ');
 
    33     ');
 
    34 
    34 
    35 function page_Special_PrivateMessages()
 
    35 function page_Special_PrivateMessages()
 
    36 {
 
    36 {
 
    37   global $db, $session, $paths, $template, $plugins; // Common objects
 
    37   global $db, $session, $paths, $template, $plugins; // Common objects
 
    38   if(!$session->user_logged_in) die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
 
    38   if ( !$session->user_logged_in )
 
       
    39   {
 
       
    40     die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
 
       
    41   }
 
    39   $argv = Array();
 
    42   $argv = Array();
 
    40   $argv[] = $paths->getParam(0);
 
    43   $argv[] = $paths->getParam(0);
 
    41   $argv[] = $paths->getParam(1);
 
    44   $argv[] = $paths->getParam(1);
 
    42   $argv[] = $paths->getParam(2);
 
    45   $argv[] = $paths->getParam(2);
 
    43   if(!$argv[0]) $argv[0] = 'InVaLiD';
 
    46   if ( !$argv[0] )
 
       
    47   {
 
       
    48     $argv[0] = 'InVaLiD';
 
       
    49   }
 
    44   switch($argv[0])
 
    50   switch($argv[0])
 
    45   {
 
    51   {
 
    46     default:
 
    52     default:
 
    47       header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
 
    53       header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
 
    48       break;
 
    54       break;
 
    49     case 'View':
 
    55     case 'View':
 
    50       $id = $argv[1];
 
    56       $id = $argv[1];
 
    51       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
 
    57       if ( !preg_match('#^([0-9]+)$#', $id) )
 
       
    58       {
 
       
    59         die_friendly('Message error', '<p>Invalid message ID</p>');
 
       
    60       }
 
    52       $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
 
    61       $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
 
    53       if(!$q) $db->_die('The message data could not be selected.');
 
    62       if ( !$q )
 
       
    63       {
 
       
    64         $db->_die('The message data could not be selected.');
 
       
    65       }
 
    54       $r = $db->fetchrow();
 
    66       $r = $db->fetchrow();
 
    55       $db->free_result();
 
    67       $db->free_result();
 
    56       if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
 
    68       if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
 
    57       if($r['message_to'] == $session->username)
 
    69       {
 
       
    70         die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
 
       
    71       }
 
       
    72       if ( $r['message_to'] == $session->username )
 
    58       {
 
    73       {
 
    59         $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
 
    74         $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
 
    60         $db->free_result();
 
    75         $db->free_result();
 
    61         if(!$q) $db->_die('Could not mark message as read');
 
    76         if ( !$q )
 
       
    77         {
 
       
    78           $db->_die('Could not mark message as read');
 
       
    79         }
 
    62       }
 
    80       }
 
    63       $template->header();
 
    81       $template->header();
 
    64       userprefs_show_menu();
 
    82       userprefs_show_menu();
 
    65       ?>
 
    83       ?>
 
    66         <br />
 
    84         <br />
 
    67         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
 
    85         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
 
    68           <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr>
 
    86           <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr>
 
    69           <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
 
    87           <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
 
    70           <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
 
    88           <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
 
    71           <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
 
    89           <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
 
    72           if($r['signature'] != '')
 
    90           if ( $r['signature'] != '' )
 
    73           {
 
    91           {
 
    74             echo '<hr style="margin-left: 1em; width: 200px;" />';
 
    92             echo '<hr style="margin-left: 1em; width: 200px;" />';
 
    75             echo RenderMan::render($r['signature']);
 
    93             echo RenderMan::render($r['signature']);
 
    76           }
 
    94           }
 
    77           ?></td></tr>
 
    95           ?></td></tr>
 
    80       <?php
 
    98       <?php
 
    81       $template->footer();              
    99       $template->footer();              
    82       break;
 
   100       break;
 
    83     case 'Move':
 
   101     case 'Move':
 
    84       $id = $argv[1];
 
   102       $id = $argv[1];
 
    85       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
 
   103       if ( !preg_match('#^([0-9]+)$#', $id) )
 
       
   104       {
 
       
   105         die_friendly('Message error', '<p>Invalid message ID</p>');
 
       
   106       }
 
    86       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
 
   107       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
 
    87       if(!$q) $db->_die('The message data could not be selected.');
 
   108       if ( !$q )
 
       
   109       {
 
       
   110         $db->_die('The message data could not be selected.');
 
       
   111       }
 
    88       $r = $db->fetchrow();
 
   112       $r = $db->fetchrow();
 
    89       $db->free_result();
 
   113       $db->free_result();
 
    90       if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
 
   114       if ( $r['message_to'] != $session->username )
 
       
   115       {
 
       
   116         die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
 
       
   117       }
 
    91       $fname = $argv[2];
 
   118       $fname = $argv[2];
 
    92       if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
 
   119       if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
 
       
   120       {
 
       
   121         die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
 
       
   122       }
 
    93       $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
 
   123       $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
 
    94       $db->free_result();
 
   124       $db->free_result();
 
    95       if(!$q) $db->_die('The message was not successfully moved.');
 
   125       if ( !$q )
 
       
   126       {
 
       
   127         $db->_die('The message was not successfully moved.');
 
       
   128       }
 
    96       die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
 
   129       die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
 
    97       break;
 
   130       break;
 
    98     case 'Delete':
 
   131     case 'Delete':
 
    99       $id = $argv[1];
 
   132       $id = $argv[1];
 
   100       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
 
   133       if ( !preg_match('#^([0-9]+)$#', $id) )
 
       
   134       {
 
       
   135         die_friendly('Message error', '<p>Invalid message ID</p>');
 
       
   136       }
 
   101       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
 
   137       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
 
   102       if(!$q) $db->_die('The message data could not be selected.');
 
   138       if ( !$q )
 
       
   139       {
 
       
   140         $db->_die('The message data could not be selected.');
 
       
   141       }
 
   103       $r = $db->fetchrow();
 
   142       $r = $db->fetchrow();
 
   104       if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
 
   143       if ( $r['message_to'] != $session->username )
 
       
   144       {
 
       
   145         die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
 
       
   146       }
 
   105       $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
 
   147       $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
 
   106       if(!$q) $db->_die('The message was not successfully deleted.');
 
   148       if ( !$q )
 
       
   149       {
 
       
   150         $db->_die('The message was not successfully deleted.');
 
       
   151       }
 
   107       $db->free_result();
 
   152       $db->free_result();
 
   108       die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
 
   153       die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
 
   109       break;
 
   154       break;
 
   110     case 'Compose':
 
   155     case 'Compose':
 
   111       if($argv[1]=='Send' && isset($_POST['_send']))
 
   156       if ( $argv[1]=='Send' && isset($_POST['_send']) )
 
   112       {
 
   157       {
 
   113         // Check each POST DATA parameter...
 
   158         // Check each POST DATA parameter...
 
   114         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
 
   159         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
 
   115         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
 
   160         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
 
   116         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
 
   161         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
 
   189         userprefs_show_menu();
 
   234         userprefs_show_menu();
 
   190         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">';
 
   235         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">';
 
   191         ?>
 
   236         ?>
 
   192         <br />
 
   237         <br />
 
   193         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
 
   238         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
 
   194           <tr><th colspan="2">Compose new private message</th></tr>
 
   239           <tr>
 
   195           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma; you<br />can send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small></td><td class="row1"><?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?></td></tr>
 
   240             <th colspan="2">Compose new private message</th>
 
   196           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $subj; ?>" /></td></tr>
 
   241           </tr>
 
   197           <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $text; ?></textarea></td></tr>
 
   242           <tr>
 
       
   243             <td class="row1">
 
       
   244               To:<br />
 
       
   245               <small>Separate multiple names with a single comma; you<br />
 
       
   246                      may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small>
 
       
   247             </td>
 
       
   248             <td class="row1">
 
       
   249               <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
 
       
   250             </td>
 
       
   251           </tr>
 
       
   252           <tr>
 
       
   253             <td class="row2">
 
       
   254               Subject:
 
       
   255             </td>
 
       
   256             <td class="row2">
 
       
   257               <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr>
 
       
   258           <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr>
 
   198           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
 
   259           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
 
   199         </table></div>
 
   260         </table></div>
 
   200         <?php
 
   261         <?php
 
   201         echo '</form>';
 
   262         echo '</form>';
 
   202         $template->footer();
 
   263         $template->footer();
 
   252         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
 
   313         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
 
   253         ?>
 
   314         ?>
 
   254         <br />
 
   315         <br />
 
   255         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
 
   316         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
 
   256           <tr><th colspan="2">Edit draft</th></tr>
 
   317           <tr><th colspan="2">Edit draft</th></tr>
 
   257           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['to']; else echo $r['message_to']; ?>" /></td></tr>
 
   318           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr>
 
   258           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $r['subject']; ?>" /></td></tr>
 
   319           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr>
 
   259           <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $r['message_text']; ?></textarea></td></tr>
 
   320           <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr>
 
   260           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
 
   321           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
 
   261         </table></div>
 
   322         </table></div>
 
   262         <?php
 
   323         <?php
 
   263         echo '</form>';
 
   324         echo '</form>';
 
   264         $template->footer();
 
   325         $template->footer();
Enano CMS (1.1.x)