plugins/PrivateMessages.php
changeset 334 c72b545f1304
parent 326 ab66d6d1f1f4
child 341 1e3b55a591d1
child 343 eefe9ab7fe7c
equal deleted inserted replaced
333:32429702305e 334:c72b545f1304
    20  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    20  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    21  */
    21  */
    22  
    22  
    23 global $db, $session, $paths, $template, $plugins; // Common objects
    23 global $db, $session, $paths, $template, $plugins; // Common objects
    24 
    24 
    25 $plugins->attachHook('base_classes_initted', '
    25 $plugins->attachHook('session_started', '
    26   global $paths;
    26   global $paths;
    27     $paths->add_page(Array(
    27     $paths->add_page(Array(
    28       \'name\'=>\'Private Messages\',
    28       \'name\'=>\'specialpage_private_messages\',
    29       \'urlname\'=>\'PrivateMessages\',
    29       \'urlname\'=>\'PrivateMessages\',
    30       \'namespace\'=>\'Special\',
    30       \'namespace\'=>\'Special\',
    31       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
    31       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
    32       ));
    32       ));
    33     ');
    33     ');
    34 
    34 
    35 function page_Special_PrivateMessages()
    35 function page_Special_PrivateMessages()
    36 {
    36 {
    37   global $db, $session, $paths, $template, $plugins; // Common objects
    37   global $db, $session, $paths, $template, $plugins; // Common objects
       
    38   global $lang;
    38   if ( !$session->user_logged_in )
    39   if ( !$session->user_logged_in )
    39   {
    40   {
    40     die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
    41     die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '</p>');
    41   }
    42   }
    42   $argv = Array();
    43   $argv = Array();
    43   $argv[] = $paths->getParam(0);
    44   $argv[] = $paths->getParam(0);
    44   $argv[] = $paths->getParam(1);
    45   $argv[] = $paths->getParam(1);
    45   $argv[] = $paths->getParam(2);
    46   $argv[] = $paths->getParam(2);
    65       }
    66       }
    66       $r = $db->fetchrow();
    67       $r = $db->fetchrow();
    67       $db->free_result();
    68       $db->free_result();
    68       if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
    69       if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
    69       {
    70       {
    70         die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
    71         die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_read') . '</p>');
    71       }
    72       }
    72       if ( $r['message_to'] == $session->username )
    73       if ( $r['message_to'] == $session->username )
    73       {
    74       {
    74         $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
    75         $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
    75         $db->free_result();
    76         $db->free_result();
    81       $template->header();
    82       $template->header();
    82       userprefs_show_menu();
    83       userprefs_show_menu();
    83       ?>
    84       ?>
    84         <br />
    85         <br />
    85         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
    86         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
    86           <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr>
    87           <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?></th></tr>
    87           <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
    88           <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_subject') ?></td><td class="row1"><?php echo $r['subject']; ?></td></tr>
    88           <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
    89           <tr><td class="row2"><?php echo $lang->get('privmsgs_lbl_date') ?></td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
    89           <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
    90           <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_message') ?></td><td class="row1"><?php echo RenderMan::render($r['message_text']);
    90           if ( $r['signature'] != '' )
    91           if ( $r['signature'] != '' )
    91           {
    92           {
    92             echo '<hr style="margin-left: 1em; width: 200px;" />';
    93             echo '<hr style="margin-left: 1em; width: 200px;" />';
    93             echo RenderMan::render($r['signature']);
    94             echo RenderMan::render($r['signature']);
    94           }
    95           }
    95           ?></td></tr>
    96           ?></td></tr>
    96           <tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>">Send reply</a>  |  <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a>  |  <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>">Archive message</a>  |  <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>">Return to inbox</a></td></tr>
    97           <tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>"><?php echo $lang->get('privmsgs_btn_send_reply'); ?></a>  |  <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a>  |  <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>"><?php echo $lang->get('privmsgs_btn_archive'); ?></a>  |  <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>"><?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?></a></td></tr>
    97         </table></div>
    98         </table></div>
    98       <?php
    99       <?php
    99       $template->footer();              
   100       $template->footer();              
   100       break;
   101       break;
   101     case 'Move':
   102     case 'Move':
   111       }
   112       }
   112       $r = $db->fetchrow();
   113       $r = $db->fetchrow();
   113       $db->free_result();
   114       $db->free_result();
   114       if ( $r['message_to'] != $session->username )
   115       if ( $r['message_to'] != $session->username )
   115       {
   116       {
   116         die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
   117         die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_edit') . '</p>');
   117       }
   118       }
   118       $fname = $argv[2];
   119       $fname = $argv[2];
   119       if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
   120       if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
   120       {
   121       {
   121         die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
   122         die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
   124       $db->free_result();
   125       $db->free_result();
   125       if ( !$q )
   126       if ( !$q )
   126       {
   127       {
   127         $db->_die('The message was not successfully moved.');
   128         $db->_die('The message was not successfully moved.');
   128       }
   129       }
   129       die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
   130       die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
   130       break;
   131       break;
   131     case 'Delete':
   132     case 'Delete':
   132       $id = $argv[1];
   133       $id = $argv[1];
   133       if ( !preg_match('#^([0-9]+)$#', $id) )
   134       if ( !preg_match('#^([0-9]+)$#', $id) )
   134       {
   135       {
   140         $db->_die('The message data could not be selected.');
   141         $db->_die('The message data could not be selected.');
   141       }
   142       }
   142       $r = $db->fetchrow();
   143       $r = $db->fetchrow();
   143       if ( $r['message_to'] != $session->username )
   144       if ( $r['message_to'] != $session->username )
   144       {
   145       {
   145         die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
   146         die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to delete this message.</p>');
   146       }
   147       }
   147       $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
   148       $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
   148       if ( !$q )
   149       if ( !$q )
   149       {
   150       {
   150         $db->_die('The message was not successfully deleted.');
   151         $db->_die('The message was not successfully deleted.');
   151       }
   152       }
   152       $db->free_result();
   153       $db->free_result();
   153       die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
   154       die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_deleted') . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
   154       break;
   155       break;
   155     case 'Compose':
   156     case 'Compose':
   156       if ( $argv[1]=='Send' && isset($_POST['_send']) )
   157       if ( $argv[1]=='Send' && isset($_POST['_send']) )
   157       {
   158       {
   158         // Check each POST DATA parameter...
   159         // Check each POST DATA parameter...
   159         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
   160         $errors = array();
   160         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
   161         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
   161         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
   162         {
   162         $namelist = $_POST['to'];
   163           $errors[] = $lang->get('privmsgs_err_need_username');
   163         $namelist = str_replace(', ', ',', $namelist);
   164         }
   164         $namelist = explode(',', $namelist);
   165         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
   165         foreach($namelist as $n) { $n = $db->escape($n); }
   166         {
   166         $subject = RenderMan::preprocess_text($_POST['subject']);
   167           $errors[] = $lang->get('privmsgs_err_need_subject');
   167         $message = RenderMan::preprocess_text($_POST['message']);
   168         }
   168         $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
   169         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
   169         foreach($namelist as $n)
   170         {
   170         {
   171           $errors[] = $lang->get('privmsgs_err_need_message');
   171           $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),';
   172         }
   172         }
   173         if ( count($errors) < 1 )
   173         $base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
   174         {
   174         $result = $db->sql_query($base_query);
   175           $namelist = $_POST['to'];
   175         $db->free_result();
   176           $namelist = str_replace(', ', ',', $namelist);
   176         if(!$result) $db->_die('The message could not be sent.');
   177           $namelist = explode(',', $namelist);
   177         else die_friendly('Message status', '<p>Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>');
   178           foreach($namelist as $n) { $n = $db->escape($n); }
   178         return;
   179           $subject = RenderMan::preprocess_text($_POST['subject']);
   179       } elseif($argv[1]=='Send' && isset($_POST['_savedraft'])) {
   180           $message = RenderMan::preprocess_text($_POST['message']);
   180         // Check each POST DATA parameter...
   181           $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
   181         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
   182           foreach($namelist as $n)
   182         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
   183           {
   183         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
   184             $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),';
   184         $namelist = $_POST['to'];
   185           }
   185         $namelist = str_replace(', ', ',', $namelist);
   186           $base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
   186         $namelist = explode(',', $namelist);
   187           $result = $db->sql_query($base_query);
   187         foreach($namelist as $n) { $n = $db->escape($n); }
   188           $db->free_result();
   188         if(count($namelist) > MAX_PMS_PER_BATCH && $session->get_permssions('mod_misc')) die_friendly('Limit exceeded', '<p>You can only send this message to a maximum of '.MAX_PMS_PER_BATCH.' users.</p>');
   189           if ( !$result )
   189         $subject = $db->escape($_POST['subject']);
   190           {
   190         $message = RenderMan::preprocess_text($_POST['message']);
   191             $db->_die('The message could not be sent.');
   191         $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
   192           }
   192         foreach($namelist as $n)
   193           else
   193         {
   194           {
   194           $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),';
   195             die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
   195         }
   196           }
   196         $base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
   197           return;
   197         $result = $db->sql_query($base_query);
   198         }
   198         $db->free_result();
   199       }
   199         if(!$result) $db->_die('The message could not be saved.');
   200       else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) )
   200       } elseif(isset($_POST['_inbox'])) {
   201       {
   201         header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
   202         $errors = array();
       
   203         if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') )
       
   204         {
       
   205           $errors[] = $lang->get('privmsgs_err_need_username');
       
   206         }
       
   207         if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') )
       
   208         {
       
   209           $errors[] = $lang->get('privmsgs_err_need_subject');
       
   210         }
       
   211         if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') )
       
   212         {
       
   213           $errors[] = $lang->get('privmsgs_err_need_message');
       
   214         }
       
   215         if ( count($errors) < 1 )
       
   216         {
       
   217           $namelist = $_POST['to'];
       
   218           $namelist = str_replace(', ', ',', $namelist);
       
   219           $namelist = explode(',', $namelist);
       
   220           foreach($namelist as $n)
       
   221           {
       
   222             $n = $db->escape($n);
       
   223           }
       
   224           if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') )
       
   225           {
       
   226             die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '<p>' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '</p>');
       
   227           }
       
   228           $subject = $db->escape($_POST['subject']);
       
   229           $message = RenderMan::preprocess_text($_POST['message']);
       
   230           $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
       
   231           foreach($namelist as $n)
       
   232           {
       
   233             $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),';
       
   234           }
       
   235           $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';';
       
   236           $result = $db->sql_query($base_query);
       
   237           $db->free_result();
       
   238           if ( !$result )
       
   239           {
       
   240             $db->_die('The message could not be saved.');
       
   241           }
       
   242         }
       
   243       }
       
   244       else if(isset($_POST['_inbox']))
       
   245       {
       
   246         redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0);
   202       }
   247       }
   203       if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2]))
   248       if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2]))
   204       {
   249       {
   205         $to = '';
   250         $to = '';
   206         $text = '';
   251         $text = '';
   207         $subj = '';
   252         $subj = '';
   208         $id = $argv[2];
   253         $id = $argv[2];
   209         $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';');
   254         $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';');
   210         if(!$q) $db->_die('The message data could not be selected.');
   255         if ( !$q )
       
   256           $db->_die('The message data could not be selected.');
       
   257         
   211         $r = $db->fetchrow();
   258         $r = $db->fetchrow();
   212         $db->free_result();
   259         $db->free_result();
   213         if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view the contents of this message.</p>');
   260         if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' )
       
   261         {
       
   262           die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to view the contents of this message.</p>');
       
   263         }
   214         $subj = 'Re: ' . $r['subject'];
   264         $subj = 'Re: ' . $r['subject'];
   215         $text = "\n\n\nOn ".date('M j, Y G:i', $r['date']).", ".$r['message_from']." wrote:\n> ".str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-)
   265         $text = "\n\n\nOn " . date('M j, Y G:i', $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-)
   216         
   266         
   217         $tbuf = $text;
   267         $tbuf = $text;
   218         while( preg_match("/\n([\> ]*?)\> \>/", $text) )
   268         while( preg_match("/\n([\> ]*?)\> \>/", $text) )
   219         {
   269         {
   220           $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text);
   270           $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text);
   222             break;
   272             break;
   223           $tbuf = $text;
   273           $tbuf = $text;
   224         }
   274         }
   225         
   275         
   226         $to = $r['message_from'];
   276         $to = $r['message_from'];
   227       } else {
   277       }
   228         if(( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2]) $to = $argv[2];
   278       else
   229         else $to = '';
   279       {
       
   280         if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] )
       
   281         {
       
   282           $to = htmlspecialchars($argv[2]);
       
   283         }
       
   284         else
       
   285         {
       
   286           $to = '';
       
   287         }
   230         $text = '';
   288         $text = '';
   231         $subj = '';
   289         $subj = '';
   232       }
   290       }
   233         $template->header();
   291         $template->header();
   234         userprefs_show_menu();
   292         userprefs_show_menu();
   235         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">';
   293         if ( isset($errors) && count($errors) > 0 )
       
   294         {
       
   295           echo '<div class="warning-box">
       
   296                   ' . $lang->get('privmsgs_err_send_submit') . '
       
   297                   <ul>
       
   298                     <li>' . implode('</li><li>', $errors) . '</li>
       
   299                   </ul>
       
   300                 </div>';
       
   301         }
       
   302         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post">';
       
   303         
       
   304         if ( isset($_POST['_savedraft']) )
       
   305         {
       
   306           echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
       
   307         }
   236         ?>
   308         ?>
   237         <br />
   309         <br />
   238         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   310         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   239           <tr>
   311           <tr>
   240             <th colspan="2">Compose new private message</th>
   312             <th colspan="2"><?php echo $lang->get('privmsgs_lbl_compose_th'); ?></th>
   241           </tr>
   313           </tr>
   242           <tr>
   314           <tr>
   243             <td class="row1">
   315             <td class="row1">
   244               To:<br />
   316               <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
   245               <small>Separate multiple names with a single comma; you<br />
   317               <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
   246                      may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small>
       
   247             </td>
   318             </td>
   248             <td class="row1">
   319             <td class="row1">
   249               <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
   320               <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
   250             </td>
   321             </td>
   251           </tr>
   322           </tr>
   252           <tr>
   323           <tr>
   253             <td class="row2">
   324             <td class="row2">
   254               Subject:
   325               <?php echo $lang->get('privmsgs_lbl_subject'); ?>
   255             </td>
   326             </td>
   256             <td class="row2">
   327             <td class="row2">
   257               <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr>
   328               <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" />
   258           <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr>
   329             </td>
   259           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
   330           </tr>
       
   331           <tr>
       
   332             <td class="row1">
       
   333               <?php echo $lang->get('privmsgs_lbl_message'); ?>
       
   334             </td>
       
   335             <td class="row1" style="min-width: 80%;">
       
   336               <?php
       
   337                 if ( isset($_POST['_savedraft']) )
       
   338                 {
       
   339                   $content = htmlspecialchars($_POST['message']);
       
   340                 }
       
   341                 else
       
   342                 {
       
   343                   $content =& $text;
       
   344                 }
       
   345                 echo $template->tinymce_textarea('message', $content, 20, 40);
       
   346               ?>
       
   347             </td>
       
   348           </tr>
       
   349           <tr>
       
   350             <th class="subhead" colspan="2">
       
   351               <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
       
   352               <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
       
   353               <input type="submit" name="_inbox" value="<?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?>" />
       
   354             </th>
       
   355           </tr>
   260         </table></div>
   356         </table></div>
   261         <?php
   357         <?php
   262         echo '</form>';
   358         echo '</form>';
   263         $template->footer();
   359         $template->footer();
   264       break;
   360       break;
   265     case 'Edit':
   361     case 'Edit':
   266       $id = $argv[1];
   362       $id = $argv[1];
   267       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
   363       if ( !preg_match('#^([0-9]+)$#', $id) )
       
   364       {
       
   365         die_friendly('Message error', '<p>Invalid message ID</p>');
       
   366       }
   268       $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
   367       $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
   269       if(!$q) $db->_die('The message data could not be selected.');
   368       if ( !$q )
       
   369       {
       
   370         $db->_die('The message data could not be selected.');
       
   371       }
   270       $r = $db->fetchrow();
   372       $r = $db->fetchrow();
   271       $db->free_result();
   373       $db->free_result();
   272       if($r['message_from'] != $session->username || $r['message_read'] == 1 ) die_friendly('Access denied', '<p>You are not authorized to edit this message.</p>');
   374       if ( $r['message_from'] != $session->username || $r['message_read'] == 1 )
       
   375       {
       
   376         die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to edit this message.</p>');
       
   377       }
   273       $fname = $argv[2];
   378       $fname = $argv[2];
   274       
   379       
   275       if(isset($_POST['_send']))
   380       if(isset($_POST['_send']))
   276       {
   381       {
   277         // Check each POST DATA parameter...
   382         // Check each POST DATA parameter...
   278         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
   383         $errors = array();
   279         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
   384         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
   280         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
   385         {
   281         $namelist = $_POST['to'];
   386           $errors[] = $lang->get('privmsgs_err_need_username');
   282         $namelist = str_replace(', ', ',', $namelist);
   387         }
   283         $namelist = explode(',', $namelist);
   388         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
   284         foreach($namelist as $n) { $n = $db->escape($n); }
   389         {
   285         $subject = RenderMan::preprocess_text($_POST['subject']);
   390           $errors[] = $lang->get('privmsgs_err_need_subject');
   286         $message = RenderMan::preprocess_text($_POST['message']);
   391         }
   287         $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';';
   392         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
   288         $result = $db->sql_query($base_query);
   393         {
   289         $db->free_result();
   394           $errors[] = $lang->get('privmsgs_err_need_message');
   290         if(!$result) $db->_die('The message could not be sent.');
   395         }
   291         else die_friendly('Message status', '<p>Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>');
   396         if ( count($errors) < 1 )
   292         return;
   397         {
   293       } elseif(isset($_POST['_savedraft'])) {
   398           $namelist = $_POST['to'];
       
   399           $namelist = str_replace(', ', ',', $namelist);
       
   400           $namelist = explode(',', $namelist);
       
   401           foreach ($namelist as $n)
       
   402           {
       
   403             $n = $db->escape($n);
       
   404           }
       
   405           $subject = RenderMan::preprocess_text($_POST['subject']);
       
   406           $message = RenderMan::preprocess_text($_POST['message']);
       
   407           $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';';
       
   408           $result = $db->sql_query($base_query);
       
   409           $db->free_result();
       
   410           if ( !$result )
       
   411           {
       
   412             $db->_die('The message could not be sent.');
       
   413           }
       
   414           else
       
   415           {
       
   416             die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
       
   417           }
       
   418           return;
       
   419         }
       
   420       }
       
   421       else if ( isset($_POST['_savedraft']) )
       
   422       {
   294         // Check each POST DATA parameter...
   423         // Check each POST DATA parameter...
   295         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
   424         $errors = array();
   296         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
   425         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
   297         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
   426         {
   298         $namelist = $_POST['to'];
   427           $errors[] = $lang->get('privmsgs_err_need_username');
   299         $namelist = str_replace(', ', ',', $namelist);
   428         }
   300         $namelist = explode(',', $namelist);
   429         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
   301         foreach($namelist as $n) { $n = $db->escape($n); }
   430         {
   302         $subject = $db->escape($_POST['subject']);
   431           $errors[] = $lang->get('privmsgs_err_need_subject');
   303         $message = RenderMan::preprocess_text($_POST['message']);
   432         }
   304         $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';';
   433         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
   305         $result = $db->sql_query($base_query);
   434         {
   306         $db->free_result();
   435           $errors[] = $lang->get('privmsgs_err_need_message');
   307         if(!$result) $db->_die('The message could not be saved.');
   436         }
   308       }
   437         if ( count($errors) < 1 )
   309         if($argv[1]=='to' && $argv[2]) $to = $argv[2];
   438         {
   310         else $to = '';
   439           $namelist = $_POST['to'];
       
   440           $namelist = str_replace(', ', ',', $namelist);
       
   441           $namelist = explode(',', $namelist);
       
   442           foreach ( $namelist as $n )
       
   443           {
       
   444             $n = $db->escape($n);
       
   445           }
       
   446           $subject = $db->escape($_POST['subject']);
       
   447           $message = RenderMan::preprocess_text($_POST['message']);
       
   448           $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';';
       
   449           $result = $db->sql_query($base_query);
       
   450           $db->free_result();
       
   451           if ( !$result )
       
   452           {
       
   453             $db->_die('The message could not be saved.');
       
   454           }
       
   455         }
       
   456       }
       
   457         if ( $argv[1]=='to' && $argv[2] )
       
   458         {
       
   459           $to = htmlspecialchars($argv[2]);
       
   460         }
       
   461         else
       
   462         {
       
   463           $to = '';
       
   464         }
   311         $template->header();
   465         $template->header();
   312         userprefs_show_menu();
   466         userprefs_show_menu();
   313         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
   467         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
       
   468         
       
   469         if ( isset($_POST['_savedraft']) )
       
   470         {
       
   471           echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
       
   472         }
   314         ?>
   473         ?>
   315         <br />
   474         <br />
   316         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   475         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   317           <tr><th colspan="2">Edit draft</th></tr>
   476           <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_edit_th'); ?></th></tr>
   318           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr>
   477           <tr>
   319           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr>
   478             <td class="row1">
   320           <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr>
   479               <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
   321           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
   480               <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
       
   481             </td>
       
   482             <td class="row1">
       
   483               <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?>
       
   484             </td>
       
   485           </tr>
       
   486           <tr>
       
   487             <td class="row2">
       
   488               <?php echo $lang->get('privmsgs_lbl_subject'); ?>
       
   489             </td>
       
   490             <td class="row2">
       
   491               <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" />
       
   492             </td>
       
   493           </tr>
       
   494           <tr>
       
   495             <td class="row1">
       
   496               <?php echo $lang->get('privmsgs_lbl_message'); ?>
       
   497             </td>
       
   498             <td class="row1" style="min-width: 80%;">
       
   499               <?php
       
   500                 if ( isset($_POST['_savedraft']) )
       
   501                 {
       
   502                   $content = htmlspecialchars($_POST['message']);
       
   503                 }
       
   504                 else
       
   505                 {
       
   506                   $content =& $r['message_text'];
       
   507                 }
       
   508                 echo $template->tinymce_textarea('message', $content, 20, 40);
       
   509               ?>
       
   510             </td>
       
   511           </tr>
       
   512           
       
   513           <tr>
       
   514             <th class="subhead" colspan="2">
       
   515               <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
       
   516               <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
       
   517             </th>
       
   518           </tr>
   322         </table></div>
   519         </table></div>
   323         <?php
   520         <?php
   324         echo '</form>';
   521         echo '</form>';
   325         $template->footer();
   522         $template->footer();
   326       break;
   523       break;
   328       $template->header();
   525       $template->header();
   329       userprefs_show_menu();
   526       userprefs_show_menu();
   330       switch($argv[1])
   527       switch($argv[1])
   331       {
   528       {
   332         default:
   529         default:
   333           echo '<p>The folder "'.$argv[1].'" does not exist. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>';
   530           echo '<p>' . $lang->get('privmsgs_err_folder_not_exist', array(
       
   531               'folder_name' => htmlspecialchars($argv[1]),
       
   532               'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')
       
   533             )) . '</p>';
   334           break;
   534           break;
   335         case 'Inbox':
   535         case 'Inbox':
   336         case 'Outbox':
   536         case 'Outbox':
   337         case 'Sent':
   537         case 'Sent':
   338         case 'Drafts':
   538         case 'Drafts':
   340           ?>
   540           ?>
   341           <table border="0" width="100%" cellspacing="10" cellpadding="0">
   541           <table border="0" width="100%" cellspacing="10" cellpadding="0">
   342           <tr>
   542           <tr>
   343           <td style="padding: 0px; width: 120px;" valign="top"  >
   543           <td style="padding: 0px; width: 120px;" valign="top"  >
   344           <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
   544           <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
   345           <tr><th><small>Private messages</small></th></tr>
   545           <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
   346           <tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a>    </small></td></tr>
   546           <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
   347           <tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a>  </small></td></tr>
   547           <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
   348           <tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr>
   548           <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
   349           <tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a>  </small></td></tr>
   549           <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
   350           <tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr>
   550           <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
   351           <tr><th><small>Buddies</small></th></tr>
   551           <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
   352           <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr>
   552           <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
   353           <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr>
   553           <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
   354           </table></div>
   554           </table></div>
   355           </td>
   555           </td>
   356           <td valign="top">
   556           <td valign="top">
   357           <?php
   557           <?php
   358           $fname = strtolower($argv[1]);
   558           $fname = strtolower($argv[1]);
   371               break;
   571               break;
   372             case 'Drafts':
   572             case 'Drafts':
   373               $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
   573               $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
   374               break;
   574               break;
   375           }
   575           }
   376           if($argv[1] == 'Drafts' || $argv[1] == 'Outbox') $act = 'Edit';
   576           if ( !$q )
   377           else $act = 'View';
   577           {
   378           if(!$q) $db->_die('The private message data could not be selected.');
   578             $db->_die('The private message data could not be selected.');
   379           echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post"><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="4" style="text-align: left;">Folder: '.$argv[1].'</th></tr><tr><th class="subhead">';
   579           }
   380           if($fname == 'drafts' || $fname == 'Outbox') echo 'To'; else echo 'From';
   580           if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' )
   381           echo '</th><th class="subhead">Subject</th><th class="subhead">Date</th><th class="subhead">Mark</th></tr>';
   581           {
       
   582             $act = 'Edit';
       
   583           }
       
   584           else
       
   585           {
       
   586             $act = 'View';
       
   587           }
       
   588           echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post">
       
   589                   <div class="tblholder">
       
   590                     <table border="0" width="100%" cellspacing="1" cellpadding="4">
       
   591                       <tr>
       
   592                         <th colspan="4" style="text-align: left;">' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '</th>
       
   593                       </tr>
       
   594                     <tr>
       
   595                       <th class="subhead">';
       
   596           if ( $fname == 'drafts' || $fname == 'Outbox' )
       
   597           {
       
   598             echo $lang->get('privmsgs_folder_th_to');
       
   599           }
       
   600           else
       
   601           {
       
   602             echo $lang->get('privmsgs_folder_th_from');
       
   603           }
       
   604           echo '</th>
       
   605                 <th class="subhead">' . $lang->get('privmsgs_folder_th_subject') . '</th>
       
   606                 <th class="subhead">' . $lang->get('privmsgs_folder_th_date') . '</th>
       
   607                 <th class="subhead">' . $lang->get('privmsgs_folder_th_mark') . '</th>
       
   608               </tr>';
   382           if($db->numrows() < 1)
   609           if($db->numrows() < 1)
   383             echo '<tr><td style="text-align: center;" class="row1" colspan="4">No messages in this folder.</td></tr>';
   610           {
   384           else {
   611             echo '<tr><td style="text-align: center;" class="row1" colspan="4">' . $lang->get('privmsgs_msg_no_messages') . '</td></tr>';
       
   612           }
       
   613           else
       
   614           {
   385             $cls = 'row2';
   615             $cls = 'row2';
   386             while($r = $db->fetchrow())
   616             while ( $r = $db->fetchrow() )
   387             {
   617             {
   388               if($cls == 'row2') $cls='row1';
   618               if($cls == 'row2') $cls='row1';
   389               else $cls = 'row2';
   619               else $cls = 'row2';
   390               $mto = str_replace(' ', '_', $r['message_to']);
   620               $mto = str_replace(' ', '_', $r['message_to']);
   391               $mfr = str_replace(' ', '_', $r['message_from']);
   621               $mfr = str_replace(' ', '_', $r['message_from']);
   392               echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">';
   622               echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">';
   393               if($fname == 'drafts' || $fname == 'outbox') echo $r['message_to']; else echo $r['message_from'];
   623               if ( $fname == 'drafts' || $fname == 'outbox' )
       
   624               {
       
   625                 echo $r['message_to'];
       
   626               }
       
   627               else
       
   628               {
       
   629                 echo $r['message_from'];
       
   630               }
       
   631               
   394               echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">';
   632               echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">';
   395               if($r['message_read'] == 0) echo '<b>';
   633               
       
   634               if ( $r['message_read'] == 0 )
       
   635               {
       
   636                 echo '<b>';
       
   637               }
   396               echo $r['subject'];
   638               echo $r['subject'];
   397               if($r['message_read'] == 0) echo '</b>';
   639               if ( $r['message_read'] == 0 )
       
   640               {
       
   641                 echo '</b>';
       
   642               }
   398               echo '</a></td><td class="'.$cls.'">'.date('M j, Y G:i', $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>';
   643               echo '</a></td><td class="'.$cls.'">'.date('M j, Y G:i', $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>';
   399             }
   644             }
   400             $db->free_result();
   645             $db->free_result();
   401           }
   646           }
   402           echo '<tr><th style="text-align: right;" colspan="4"><input type="hidden" name="folder" value="'.$fname.'" /><input type="submit" name="archive" value="Archive selected" /> <input type="submit" name="delete" value="Delete selected" /> <input type="submit" name="deleteall" value="Delete all" /></th></tr>';
   647           echo '<tr>
       
   648                   <th style="text-align: right;" colspan="4">
       
   649                     <input type="hidden" name="folder" value="'.$fname.'" />
       
   650                     <input type="submit" name="archive" value="' . $lang->get('privmsgs_btn_archive_selected') . '" />
       
   651                     <input type="submit" name="delete" value="' . $lang->get('privmsgs_btn_delete_selected') . '" />
       
   652                     <input type="submit" name="deleteall" value="' . $lang->get('privmsgs_btn_delete_all') . '" />
       
   653                   </th>
       
   654                 </tr>';
   403           echo '</table></div></form>
   655           echo '</table></div></form>
   404           <br />
   656           <br />
   405           <a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">New message</a>
   657           <a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">' . $lang->get('privmsgs_btn_compose') . '</a>
   406           </td></tr></table>';
   658           </td></tr></table>';
   407           break;
   659           break;
   408       }
   660       }
   409       $template->footer();
   661       $template->footer();
   410       break;
   662       break;