--- a/plugins/PrivateMessages.php Sun Mar 28 21:49:26 2010 -0400
+++ b/plugins/PrivateMessages.php Sun Mar 28 23:10:46 2010 -0400
@@ -1,12 +1,12 @@
<?php
/**!info**
{
- "Plugin Name" : "plugin_privatemessages_title",
- "Plugin URI" : "http://enanocms.org/",
- "Description" : "plugin_privatemessages_desc",
- "Author" : "Dan Fuhry",
- "Version" : "1.1.6",
- "Author URI" : "http://enanocms.org/"
+ "Plugin Name" : "plugin_privatemessages_title",
+ "Plugin URI" : "http://enanocms.org/",
+ "Description" : "plugin_privatemessages_desc",
+ "Author" : "Dan Fuhry",
+ "Version" : "1.1.6",
+ "Author URI" : "http://enanocms.org/"
}
**!*/
@@ -25,831 +25,831 @@
function PrivateMessages_paths_init()
{
- register_special_page('PrivateMessages', 'specialpage_private_messages');
+ register_special_page('PrivateMessages', 'specialpage_private_messages');
}
function page_Special_PrivateMessages()
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- if ( !$session->user_logged_in )
- {
- die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '</p>');
- }
- $argv = Array();
- $argv[] = $paths->getParam(0);
- $argv[] = $paths->getParam(1);
- $argv[] = $paths->getParam(2);
- if ( !$argv[0] )
- {
- $argv[0] = 'InVaLiD';
- }
- switch($argv[0])
- {
- default:
- header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
- break;
- case 'View':
- $id = $argv[1];
- if ( !ctype_digit($id) )
- {
- die_friendly('Message error', '<p>Invalid message ID</p>');
- }
- $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
- if ( !$q )
- {
- $db->_die('The message data could not be selected.');
- }
- $r = $db->fetchrow();
- $db->free_result();
- if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
- {
- die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_read') . '</p>');
- }
- if ( $r['message_to'] == $session->username )
- {
- $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
- $db->free_result();
- if ( !$q )
- {
- $db->_die('Could not mark message as read');
- }
- }
- $template->header();
- userprefs_show_menu();
- ?>
- <br />
- <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
- <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?></th></tr>
- <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_subject') ?></td><td class="row1"><?php echo $r['subject']; ?></td></tr>
- <tr><td class="row2"><?php echo $lang->get('privmsgs_lbl_date') ?></td><td class="row2"><?php echo enano_date(ED_DATE | ED_TIME, $r['date']); ?></td></tr>
- <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_message') ?></td><td class="row1"><?php echo RenderMan::render($r['message_text']);
- if ( $r['signature'] != '' )
- {
- echo '<hr style="margin-left: 1em; width: 200px;" />';
- echo RenderMan::render($r['signature']);
- }
- ?></td></tr>
- <tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>"><?php echo $lang->get('privmsgs_btn_send_reply'); ?></a> | <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a> | <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>"><?php echo $lang->get('privmsgs_btn_archive'); ?></a> | <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>"><?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?></a></td></tr>
- </table></div>
- <?php
- $template->footer();
- break;
- case 'Move':
- $id = $argv[1];
- if ( !ctype_digit($id) )
- {
- die_friendly('Message error', '<p>Invalid message ID</p>');
- }
- $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
- if ( !$q )
- {
- $db->_die('The message data could not be selected.');
- }
- $r = $db->fetchrow();
- $db->free_result();
- if ( $r['message_to'] != $session->username )
- {
- die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_edit') . '</p>');
- }
- $fname = $argv[2];
- if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
- {
- die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
- }
- $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
- $db->free_result();
- if ( !$q )
- {
- $db->_die('The message was not successfully moved.');
- }
- die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
- break;
- case 'Delete':
- $id = $argv[1];
- if ( !ctype_digit($id) )
- {
- die_friendly('Message error', '<p>Invalid message ID</p>');
- }
- $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
- if ( !$q )
- {
- $db->_die('The message data could not be selected.');
- }
- $r = $db->fetchrow();
- if ( $r['message_to'] != $session->username )
- {
- die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to delete this message.</p>');
- }
- $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
- if ( !$q )
- {
- $db->_die('The message was not successfully deleted.');
- }
- $db->free_result();
- die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_deleted') . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
- break;
- case 'Compose':
- if ( $argv[1]=='Send' && isset($_POST['_send']) )
- {
- // Check each POST DATA parameter...
- $errors = array();
- if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_username');
- }
- if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_subject');
- }
- if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_message');
- }
- if ( count($errors) < 1 )
- {
- $namelist = $_POST['to'];
- $namelist = str_replace(', ', ',', $namelist);
- $namelist = explode(',', $namelist);
- foreach($namelist as $n) { $n = $db->escape($n); }
- $subject = RenderMan::preprocess_text($_POST['subject']);
- $message = RenderMan::preprocess_text($_POST['message']);
- $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
- foreach($namelist as $n)
- {
- $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),';
- }
- $base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
- $result = $db->sql_query($base_query);
- $db->free_result();
- if ( !$result )
- {
- $db->_die('The message could not be sent.');
- }
- else
- {
- die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
- }
- return;
- }
- }
- else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) )
- {
- $errors = array();
- if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') )
- {
- $errors[] = $lang->get('privmsgs_err_need_username');
- }
- if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') )
- {
- $errors[] = $lang->get('privmsgs_err_need_subject');
- }
- if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') )
- {
- $errors[] = $lang->get('privmsgs_err_need_message');
- }
- if ( count($errors) < 1 )
- {
- $namelist = $_POST['to'];
- $namelist = str_replace(', ', ',', $namelist);
- $namelist = explode(',', $namelist);
- foreach($namelist as $n)
- {
- $n = $db->escape($n);
- }
- if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') )
- {
- die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '<p>' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '</p>');
- }
- $subject = $db->escape($_POST['subject']);
- $message = RenderMan::preprocess_text($_POST['message']);
- $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
- foreach($namelist as $n)
- {
- $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),';
- }
- $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';';
- $result = $db->sql_query($base_query);
- $db->free_result();
- if ( !$result )
- {
- $db->_die('The message could not be saved.');
- }
- }
- }
- else if(isset($_POST['_inbox']))
- {
- redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0);
- }
- if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2]))
- {
- $to = '';
- $text = '';
- $subj = '';
- $id = $argv[2];
- $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';');
- if ( !$q )
- $db->_die('The message data could not be selected.');
-
- $r = $db->fetchrow();
- $db->free_result();
- if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' )
- {
- die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to view the contents of this message.</p>');
- }
- $subj = 'Re: ' . $r['subject'];
- $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-)
-
- $tbuf = $text;
- while( preg_match("/\n([\> ]*?)\> \>/", $text) )
- {
- $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text);
- if ( $text == $tbuf )
- break;
- $tbuf = $text;
- }
-
- $to = $r['message_from'];
- }
- else
- {
- if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] )
- {
- $to = htmlspecialchars($argv[2]);
- }
- else
- {
- $to = '';
- }
- $text = '';
- $subj = '';
- }
- $template->header();
- userprefs_show_menu();
- if ( isset($errors) && count($errors) > 0 )
- {
- echo '<div class="warning-box">
- ' . $lang->get('privmsgs_err_send_submit') . '
- <ul>
- <li>' . implode('</li><li>', $errors) . '</li>
- </ul>
- </div>';
- }
- echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post">';
-
- if ( isset($_POST['_savedraft']) )
- {
- echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
- }
- ?>
- <br />
- <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
- <tr>
- <th colspan="2"><?php echo $lang->get('privmsgs_lbl_compose_th'); ?></th>
- </tr>
- <tr>
- <td class="row1">
- <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
- <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
- </td>
- <td class="row1">
- <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
- </td>
- </tr>
- <tr>
- <td class="row2">
- <?php echo $lang->get('privmsgs_lbl_subject'); ?>
- </td>
- <td class="row2">
- <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" />
- </td>
- </tr>
- <tr>
- <td class="row1">
- <?php echo $lang->get('privmsgs_lbl_message'); ?>
- </td>
- <td class="row1" style="min-width: 80%;">
- <?php
- if ( isset($_POST['_savedraft']) )
- {
- $content = htmlspecialchars($_POST['message']);
- }
- else
- {
- $content =& $text;
- }
- echo $template->tinymce_textarea('message', $content, 20, 40);
- ?>
- </td>
- </tr>
- <tr>
- <th class="subhead" colspan="2">
- <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
- <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
- <input type="submit" name="_inbox" value="<?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?>" />
- </th>
- </tr>
- </table></div>
- <?php
- echo '</form>';
- $template->footer();
- break;
- case 'Edit':
- $id = $argv[1];
- if ( !ctype_digit($id) )
- {
- die_friendly('Message error', '<p>Invalid message ID</p>');
- }
- $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
- if ( !$q )
- {
- $db->_die('The message data could not be selected.');
- }
- $r = $db->fetchrow();
- $db->free_result();
- if ( $r['message_from'] != $session->username || $r['message_read'] == 1 )
- {
- die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to edit this message.</p>');
- }
- $fname = $argv[2];
-
- if(isset($_POST['_send']))
- {
- // Check each POST DATA parameter...
- $errors = array();
- if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_username');
- }
- if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_subject');
- }
- if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_message');
- }
- if ( count($errors) < 1 )
- {
- $namelist = $_POST['to'];
- $namelist = str_replace(', ', ',', $namelist);
- $namelist = explode(',', $namelist);
- foreach ($namelist as $n)
- {
- $n = $db->escape($n);
- }
- $subject = RenderMan::preprocess_text($_POST['subject']);
- $message = RenderMan::preprocess_text($_POST['message']);
- $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';';
- $result = $db->sql_query($base_query);
- $db->free_result();
- if ( !$result )
- {
- $db->_die('The message could not be sent.');
- }
- else
- {
- die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
- }
- return;
- }
- }
- else if ( isset($_POST['_savedraft']) )
- {
- // Check each POST DATA parameter...
- $errors = array();
- if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_username');
- }
- if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_subject');
- }
- if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
- {
- $errors[] = $lang->get('privmsgs_err_need_message');
- }
- if ( count($errors) < 1 )
- {
- $namelist = $_POST['to'];
- $namelist = str_replace(', ', ',', $namelist);
- $namelist = explode(',', $namelist);
- foreach ( $namelist as $n )
- {
- $n = $db->escape($n);
- }
- $subject = $db->escape($_POST['subject']);
- $message = RenderMan::preprocess_text($_POST['message']);
- $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';';
- $result = $db->sql_query($base_query);
- $db->free_result();
- if ( !$result )
- {
- $db->_die('The message could not be saved.');
- }
- }
- }
- if ( $argv[1]=='to' && $argv[2] )
- {
- $to = htmlspecialchars($argv[2]);
- }
- else
- {
- $to = '';
- }
- $template->header();
- userprefs_show_menu();
- echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
-
- if ( isset($_POST['_savedraft']) )
- {
- echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
- }
- ?>
- <br />
- <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
- <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_edit_th'); ?></th></tr>
- <tr>
- <td class="row1">
- <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
- <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
- </td>
- <td class="row1">
- <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?>
- </td>
- </tr>
- <tr>
- <td class="row2">
- <?php echo $lang->get('privmsgs_lbl_subject'); ?>
- </td>
- <td class="row2">
- <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" />
- </td>
- </tr>
- <tr>
- <td class="row1">
- <?php echo $lang->get('privmsgs_lbl_message'); ?>
- </td>
- <td class="row1" style="min-width: 80%;">
- <?php
- if ( isset($_POST['_savedraft']) )
- {
- $content = htmlspecialchars($_POST['message']);
- }
- else
- {
- $content =& $r['message_text'];
- }
- echo $template->tinymce_textarea('message', $content, 20, 40);
- ?>
- </td>
- </tr>
-
- <tr>
- <th class="subhead" colspan="2">
- <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
- <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
- </th>
- </tr>
- </table></div>
- <?php
- echo '</form>';
- $template->footer();
- break;
- case 'Folder':
- $template->header();
- userprefs_show_menu();
- switch($argv[1])
- {
- default:
- echo '<p>' . $lang->get('privmsgs_err_folder_not_exist', array(
- 'folder_name' => htmlspecialchars($argv[1]),
- 'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')
- )) . '</p>';
- break;
- case 'Inbox':
- case 'Outbox':
- case 'Sent':
- case 'Drafts':
- case 'Archive':
- ?>
- <table border="0" width="100%" cellspacing="10" cellpadding="0">
- <tr>
- <td style="padding: 0px; width: 120px;" valign="top" >
- <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
- <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
- <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
- </table></div>
- </td>
- <td valign="top">
- <?php
- $fname = strtolower($argv[1]);
- switch($argv[1])
- {
- case 'Inbox':
- case 'Archive':
- default:
- $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
- break;
- case 'Outbox':
- $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;');
- break;
- case 'Sent':
- $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;');
- break;
- case 'Drafts':
- $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
- break;
- }
- if ( !$q )
- {
- $db->_die('The private message data could not be selected.');
- }
- if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' )
- {
- $act = 'Edit';
- }
- else
- {
- $act = 'View';
- }
- echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post">
- <div class="tblholder">
- <table border="0" width="100%" cellspacing="1" cellpadding="4">
- <tr>
- <th colspan="4" style="text-align: left;">' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '</th>
- </tr>
- <tr>
- <th class="subhead">';
- if ( $fname == 'drafts' || $fname == 'Outbox' )
- {
- echo $lang->get('privmsgs_folder_th_to');
- }
- else
- {
- echo $lang->get('privmsgs_folder_th_from');
- }
- echo '</th>
- <th class="subhead">' . $lang->get('privmsgs_folder_th_subject') . '</th>
- <th class="subhead">' . $lang->get('privmsgs_folder_th_date') . '</th>
- <th class="subhead">' . $lang->get('privmsgs_folder_th_mark') . '</th>
- </tr>';
- if($db->numrows() < 1)
- {
- echo '<tr><td style="text-align: center;" class="row1" colspan="4">' . $lang->get('privmsgs_msg_no_messages') . '</td></tr>';
- }
- else
- {
- $cls = 'row2';
- while ( $r = $db->fetchrow() )
- {
- if($cls == 'row2') $cls='row1';
- else $cls = 'row2';
- $mto = str_replace(' ', '_', $r['message_to']);
- $mfr = str_replace(' ', '_', $r['message_from']);
- echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">';
- if ( $fname == 'drafts' || $fname == 'outbox' )
- {
- echo $r['message_to'];
- }
- else
- {
- echo $r['message_from'];
- }
-
- echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">';
-
- if ( $r['message_read'] == 0 )
- {
- echo '<b>';
- }
- echo $r['subject'];
- if ( $r['message_read'] == 0 )
- {
- echo '</b>';
- }
- echo '</a></td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>';
- }
- $db->free_result();
- }
- echo '<tr>
- <th style="text-align: right;" colspan="4">
- <input type="hidden" name="folder" value="'.$fname.'" />
- <input type="submit" name="archive" value="' . $lang->get('privmsgs_btn_archive_selected') . '" />
- <input type="submit" name="delete" value="' . $lang->get('privmsgs_btn_delete_selected') . '" />
- <input type="submit" name="deleteall" value="' . $lang->get('privmsgs_btn_delete_all') . '" />
- </th>
- </tr>';
- echo '</table></div></form>
- <br />
- <a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">' . $lang->get('privmsgs_btn_compose') . '</a>
- </td></tr></table>';
- break;
- }
- $template->footer();
- break;
- case 'PostHandler':
- $fname = $db->escape(strtolower($_POST['folder']));
- if($fname=='drafts' || $fname=='outbox')
- {
- $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
- } else {
- $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
- }
- if(!$q) $db->_die('The private message data could not be selected.');
-
- if(isset($_POST['archive'])) {
- while($row = $db->fetchrow($q))
- {
- if(isset($_POST['marked_'.$row['message_id']]))
- {
- $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';');
- if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
- $db->free_result();
- }
- }
- } elseif(isset($_POST['delete'])) {
- while($row = $db->fetchrow($q))
- {
- if(isset($_POST['marked_'.$row['message_id']]))
- {
- $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
- if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
- $db->free_result();
- }
- }
- } elseif(isset($_POST['deleteall'])) {
- while($row = $db->fetchrow($q))
- {
- $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
- if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
- $db->free_result();
- }
- } else {
- die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.');
- }
- $db->free_result($q);
- header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) ));
- break;
- case 'FriendList':
- if($argv[1] == 'Add')
- {
- if(isset($_POST['_go']))
- $buddyname = $_POST['buddyname'];
- elseif($argv[2])
- $buddyname = $argv[2];
- else
- die_friendly('Error adding buddy', '<p>No name specified</p>');
- $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\'');
- if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
- if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
- {
- $r = $db->fetchrow();
- $db->free_result();
- $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);');
- if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>';
- $db->free_result();
- }
- } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
- // Using WHERE user_id prevents users from deleting others' buddies
- $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
- $db->free_result();
- if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>';
- if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
- }
- $template->header();
- userprefs_show_menu();
- ?>
- <table border="0" width="100%" cellspacing="10" cellpadding="0">
- <tr>
- <td style="padding: 0px; width: 120px;" valign="top" >
- <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
- <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
- <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
- </table></div>
- </td>
- <td valign="top">
- <?php
- $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;');
- if(!$q) $db->_die('The buddy list could not be selected.');
- else
- {
- $allbuds = '';
- echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>';
- if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_buddies') . '</td></tr>';
- $cls = 'row2';
- while ( $row = $db->fetchrow() )
- {
- if($cls=='row2') $cls = 'row1';
- else $cls = 'row2';
- echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>';
- $allbuds .= str_replace(' ', '_', $row['username']).',';
- }
- $db->free_result();
- $allbuds = substr($allbuds, 0, strlen($allbuds)-1);
- if($cls=='row2') $cls = 'row1';
- else $cls = 'row2';
- echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">' . $lang->get('privmsgs_btn_pm_all_buddies') . '</a></td></tr>';
- echo '</table></div>';
- }
- echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
- <h3>' . $lang->get('privmsgs_heading_add_buddy') . '</h3>';
- echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>';
- echo '</form>';
- ?>
- </td>
- </tr>
- </table>
- <?php
- $template->footer();
- break;
- case 'FoeList':
- if($argv[1] == 'Add' && isset($_POST['_go']))
- {
- $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\'');
- if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
- if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
- {
- $r = $db->fetchrow();
- $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);');
- if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>';
- }
- $db->free_result();
- } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
- // Using WHERE user_id prevents users from deleting others' buddies
- $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
- $db->free_result();
- if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>';
- if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
- }
- $template->header();
- userprefs_show_menu();
- ?>
- <table border="0" width="100%" cellspacing="10" cellpadding="0">
- <tr>
- <td style="padding: 0px; width: 120px;" valign="top" >
- <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
- <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
- <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
- <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
- <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
- </table></div>
- </td>
- <td valign="top">
- <?php
- $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;');
- if(!$q) $db->_die('The buddy list could not be selected.');
- else
- {
- $allbuds = '';
- echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>';
- if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_foes') . '</td></tr>';
- $cls = 'row2';
- while ( $row = $db->fetchrow() )
- {
- if($cls=='row2') $cls = 'row1';
- else $cls = 'row2';
- echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>';
- $allbuds .= str_replace(' ', '_', $row['username']).',';
- }
- $db->free_result();
- $allbuds = substr($allbuds, 0, strlen($allbuds)-1);
- if($cls=='row2') $cls = 'row1';
- else $cls = 'row2';
- echo '</table></div>';
- }
- echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
- <h3>' . $lang->get('privmsgs_heading_add_foe') . '</h3>';
- echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>';
- echo '</form>';
- ?>
- </td>
- </tr>
- </table>
- <?php
- $template->footer();
- break;
- }
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+ if ( !$session->user_logged_in )
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '</p>');
+ }
+ $argv = Array();
+ $argv[] = $paths->getParam(0);
+ $argv[] = $paths->getParam(1);
+ $argv[] = $paths->getParam(2);
+ if ( !$argv[0] )
+ {
+ $argv[0] = 'InVaLiD';
+ }
+ switch($argv[0])
+ {
+ default:
+ header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
+ break;
+ case 'View':
+ $id = $argv[1];
+ if ( !ctype_digit($id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
+ $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
+ $r = $db->fetchrow();
+ $db->free_result();
+ if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_read') . '</p>');
+ }
+ if ( $r['message_to'] == $session->username )
+ {
+ $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
+ $db->free_result();
+ if ( !$q )
+ {
+ $db->_die('Could not mark message as read');
+ }
+ }
+ $template->header();
+ userprefs_show_menu();
+ ?>
+ <br />
+ <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?></th></tr>
+ <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_subject') ?></td><td class="row1"><?php echo $r['subject']; ?></td></tr>
+ <tr><td class="row2"><?php echo $lang->get('privmsgs_lbl_date') ?></td><td class="row2"><?php echo enano_date(ED_DATE | ED_TIME, $r['date']); ?></td></tr>
+ <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_message') ?></td><td class="row1"><?php echo RenderMan::render($r['message_text']);
+ if ( $r['signature'] != '' )
+ {
+ echo '<hr style="margin-left: 1em; width: 200px;" />';
+ echo RenderMan::render($r['signature']);
+ }
+ ?></td></tr>
+ <tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>"><?php echo $lang->get('privmsgs_btn_send_reply'); ?></a> | <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a> | <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>"><?php echo $lang->get('privmsgs_btn_archive'); ?></a> | <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>"><?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?></a></td></tr>
+ </table></div>
+ <?php
+ $template->footer();
+ break;
+ case 'Move':
+ $id = $argv[1];
+ if ( !ctype_digit($id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
+ $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
+ $r = $db->fetchrow();
+ $db->free_result();
+ if ( $r['message_to'] != $session->username )
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_edit') . '</p>');
+ }
+ $fname = $argv[2];
+ if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
+ {
+ die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
+ }
+ $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
+ $db->free_result();
+ if ( !$q )
+ {
+ $db->_die('The message was not successfully moved.');
+ }
+ die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
+ break;
+ case 'Delete':
+ $id = $argv[1];
+ if ( !ctype_digit($id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
+ $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
+ $r = $db->fetchrow();
+ if ( $r['message_to'] != $session->username )
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to delete this message.</p>');
+ }
+ $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
+ if ( !$q )
+ {
+ $db->_die('The message was not successfully deleted.');
+ }
+ $db->free_result();
+ die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_deleted') . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
+ break;
+ case 'Compose':
+ if ( $argv[1]=='Send' && isset($_POST['_send']) )
+ {
+ // Check each POST DATA parameter...
+ $errors = array();
+ if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_username');
+ }
+ if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_subject');
+ }
+ if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_message');
+ }
+ if ( count($errors) < 1 )
+ {
+ $namelist = $_POST['to'];
+ $namelist = str_replace(', ', ',', $namelist);
+ $namelist = explode(',', $namelist);
+ foreach($namelist as $n) { $n = $db->escape($n); }
+ $subject = RenderMan::preprocess_text($_POST['subject']);
+ $message = RenderMan::preprocess_text($_POST['message']);
+ $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
+ foreach($namelist as $n)
+ {
+ $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),';
+ }
+ $base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
+ $result = $db->sql_query($base_query);
+ $db->free_result();
+ if ( !$result )
+ {
+ $db->_die('The message could not be sent.');
+ }
+ else
+ {
+ die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
+ }
+ return;
+ }
+ }
+ else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) )
+ {
+ $errors = array();
+ if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') )
+ {
+ $errors[] = $lang->get('privmsgs_err_need_username');
+ }
+ if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') )
+ {
+ $errors[] = $lang->get('privmsgs_err_need_subject');
+ }
+ if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') )
+ {
+ $errors[] = $lang->get('privmsgs_err_need_message');
+ }
+ if ( count($errors) < 1 )
+ {
+ $namelist = $_POST['to'];
+ $namelist = str_replace(', ', ',', $namelist);
+ $namelist = explode(',', $namelist);
+ foreach($namelist as $n)
+ {
+ $n = $db->escape($n);
+ }
+ if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') )
+ {
+ die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '<p>' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '</p>');
+ }
+ $subject = $db->escape($_POST['subject']);
+ $message = RenderMan::preprocess_text($_POST['message']);
+ $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
+ foreach($namelist as $n)
+ {
+ $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),';
+ }
+ $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';';
+ $result = $db->sql_query($base_query);
+ $db->free_result();
+ if ( !$result )
+ {
+ $db->_die('The message could not be saved.');
+ }
+ }
+ }
+ else if(isset($_POST['_inbox']))
+ {
+ redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0);
+ }
+ if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2]))
+ {
+ $to = '';
+ $text = '';
+ $subj = '';
+ $id = $argv[2];
+ $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';');
+ if ( !$q )
+ $db->_die('The message data could not be selected.');
+
+ $r = $db->fetchrow();
+ $db->free_result();
+ if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' )
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to view the contents of this message.</p>');
+ }
+ $subj = 'Re: ' . $r['subject'];
+ $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-)
+
+ $tbuf = $text;
+ while( preg_match("/\n([\> ]*?)\> \>/", $text) )
+ {
+ $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text);
+ if ( $text == $tbuf )
+ break;
+ $tbuf = $text;
+ }
+
+ $to = $r['message_from'];
+ }
+ else
+ {
+ if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] )
+ {
+ $to = htmlspecialchars($argv[2]);
+ }
+ else
+ {
+ $to = '';
+ }
+ $text = '';
+ $subj = '';
+ }
+ $template->header();
+ userprefs_show_menu();
+ if ( isset($errors) && count($errors) > 0 )
+ {
+ echo '<div class="warning-box">
+ ' . $lang->get('privmsgs_err_send_submit') . '
+ <ul>
+ <li>' . implode('</li><li>', $errors) . '</li>
+ </ul>
+ </div>';
+ }
+ echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post">';
+
+ if ( isset($_POST['_savedraft']) )
+ {
+ echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
+ }
+ ?>
+ <br />
+ <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ <tr>
+ <th colspan="2"><?php echo $lang->get('privmsgs_lbl_compose_th'); ?></th>
+ </tr>
+ <tr>
+ <td class="row1">
+ <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
+ <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
+ </td>
+ <td class="row1">
+ <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="row2">
+ <?php echo $lang->get('privmsgs_lbl_subject'); ?>
+ </td>
+ <td class="row2">
+ <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" />
+ </td>
+ </tr>
+ <tr>
+ <td class="row1">
+ <?php echo $lang->get('privmsgs_lbl_message'); ?>
+ </td>
+ <td class="row1" style="min-width: 80%;">
+ <?php
+ if ( isset($_POST['_savedraft']) )
+ {
+ $content = htmlspecialchars($_POST['message']);
+ }
+ else
+ {
+ $content =& $text;
+ }
+ echo $template->tinymce_textarea('message', $content, 20, 40);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <th class="subhead" colspan="2">
+ <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
+ <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
+ <input type="submit" name="_inbox" value="<?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?>" />
+ </th>
+ </tr>
+ </table></div>
+ <?php
+ echo '</form>';
+ $template->footer();
+ break;
+ case 'Edit':
+ $id = $argv[1];
+ if ( !ctype_digit($id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
+ $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
+ $r = $db->fetchrow();
+ $db->free_result();
+ if ( $r['message_from'] != $session->username || $r['message_read'] == 1 )
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to edit this message.</p>');
+ }
+ $fname = $argv[2];
+
+ if(isset($_POST['_send']))
+ {
+ // Check each POST DATA parameter...
+ $errors = array();
+ if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_username');
+ }
+ if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_subject');
+ }
+ if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_message');
+ }
+ if ( count($errors) < 1 )
+ {
+ $namelist = $_POST['to'];
+ $namelist = str_replace(', ', ',', $namelist);
+ $namelist = explode(',', $namelist);
+ foreach ($namelist as $n)
+ {
+ $n = $db->escape($n);
+ }
+ $subject = RenderMan::preprocess_text($_POST['subject']);
+ $message = RenderMan::preprocess_text($_POST['message']);
+ $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';';
+ $result = $db->sql_query($base_query);
+ $db->free_result();
+ if ( !$result )
+ {
+ $db->_die('The message could not be sent.');
+ }
+ else
+ {
+ die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
+ }
+ return;
+ }
+ }
+ else if ( isset($_POST['_savedraft']) )
+ {
+ // Check each POST DATA parameter...
+ $errors = array();
+ if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_username');
+ }
+ if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_subject');
+ }
+ if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
+ {
+ $errors[] = $lang->get('privmsgs_err_need_message');
+ }
+ if ( count($errors) < 1 )
+ {
+ $namelist = $_POST['to'];
+ $namelist = str_replace(', ', ',', $namelist);
+ $namelist = explode(',', $namelist);
+ foreach ( $namelist as $n )
+ {
+ $n = $db->escape($n);
+ }
+ $subject = $db->escape($_POST['subject']);
+ $message = RenderMan::preprocess_text($_POST['message']);
+ $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';';
+ $result = $db->sql_query($base_query);
+ $db->free_result();
+ if ( !$result )
+ {
+ $db->_die('The message could not be saved.');
+ }
+ }
+ }
+ if ( $argv[1]=='to' && $argv[2] )
+ {
+ $to = htmlspecialchars($argv[2]);
+ }
+ else
+ {
+ $to = '';
+ }
+ $template->header();
+ userprefs_show_menu();
+ echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
+
+ if ( isset($_POST['_savedraft']) )
+ {
+ echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
+ }
+ ?>
+ <br />
+ <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_edit_th'); ?></th></tr>
+ <tr>
+ <td class="row1">
+ <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
+ <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
+ </td>
+ <td class="row1">
+ <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="row2">
+ <?php echo $lang->get('privmsgs_lbl_subject'); ?>
+ </td>
+ <td class="row2">
+ <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" />
+ </td>
+ </tr>
+ <tr>
+ <td class="row1">
+ <?php echo $lang->get('privmsgs_lbl_message'); ?>
+ </td>
+ <td class="row1" style="min-width: 80%;">
+ <?php
+ if ( isset($_POST['_savedraft']) )
+ {
+ $content = htmlspecialchars($_POST['message']);
+ }
+ else
+ {
+ $content =& $r['message_text'];
+ }
+ echo $template->tinymce_textarea('message', $content, 20, 40);
+ ?>
+ </td>
+ </tr>
+
+ <tr>
+ <th class="subhead" colspan="2">
+ <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
+ <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
+ </th>
+ </tr>
+ </table></div>
+ <?php
+ echo '</form>';
+ $template->footer();
+ break;
+ case 'Folder':
+ $template->header();
+ userprefs_show_menu();
+ switch($argv[1])
+ {
+ default:
+ echo '<p>' . $lang->get('privmsgs_err_folder_not_exist', array(
+ 'folder_name' => htmlspecialchars($argv[1]),
+ 'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')
+ )) . '</p>';
+ break;
+ case 'Inbox':
+ case 'Outbox':
+ case 'Sent':
+ case 'Drafts':
+ case 'Archive':
+ ?>
+ <table border="0" width="100%" cellspacing="10" cellpadding="0">
+ <tr>
+ <td style="padding: 0px; width: 120px;" valign="top" >
+ <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
+ <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
+ <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
+ </table></div>
+ </td>
+ <td valign="top">
+ <?php
+ $fname = strtolower($argv[1]);
+ switch($argv[1])
+ {
+ case 'Inbox':
+ case 'Archive':
+ default:
+ $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
+ break;
+ case 'Outbox':
+ $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;');
+ break;
+ case 'Sent':
+ $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;');
+ break;
+ case 'Drafts':
+ $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
+ break;
+ }
+ if ( !$q )
+ {
+ $db->_die('The private message data could not be selected.');
+ }
+ if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' )
+ {
+ $act = 'Edit';
+ }
+ else
+ {
+ $act = 'View';
+ }
+ echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post">
+ <div class="tblholder">
+ <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ <tr>
+ <th colspan="4" style="text-align: left;">' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '</th>
+ </tr>
+ <tr>
+ <th class="subhead">';
+ if ( $fname == 'drafts' || $fname == 'Outbox' )
+ {
+ echo $lang->get('privmsgs_folder_th_to');
+ }
+ else
+ {
+ echo $lang->get('privmsgs_folder_th_from');
+ }
+ echo '</th>
+ <th class="subhead">' . $lang->get('privmsgs_folder_th_subject') . '</th>
+ <th class="subhead">' . $lang->get('privmsgs_folder_th_date') . '</th>
+ <th class="subhead">' . $lang->get('privmsgs_folder_th_mark') . '</th>
+ </tr>';
+ if($db->numrows() < 1)
+ {
+ echo '<tr><td style="text-align: center;" class="row1" colspan="4">' . $lang->get('privmsgs_msg_no_messages') . '</td></tr>';
+ }
+ else
+ {
+ $cls = 'row2';
+ while ( $r = $db->fetchrow() )
+ {
+ if($cls == 'row2') $cls='row1';
+ else $cls = 'row2';
+ $mto = str_replace(' ', '_', $r['message_to']);
+ $mfr = str_replace(' ', '_', $r['message_from']);
+ echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">';
+ if ( $fname == 'drafts' || $fname == 'outbox' )
+ {
+ echo $r['message_to'];
+ }
+ else
+ {
+ echo $r['message_from'];
+ }
+
+ echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">';
+
+ if ( $r['message_read'] == 0 )
+ {
+ echo '<b>';
+ }
+ echo $r['subject'];
+ if ( $r['message_read'] == 0 )
+ {
+ echo '</b>';
+ }
+ echo '</a></td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>';
+ }
+ $db->free_result();
+ }
+ echo '<tr>
+ <th style="text-align: right;" colspan="4">
+ <input type="hidden" name="folder" value="'.$fname.'" />
+ <input type="submit" name="archive" value="' . $lang->get('privmsgs_btn_archive_selected') . '" />
+ <input type="submit" name="delete" value="' . $lang->get('privmsgs_btn_delete_selected') . '" />
+ <input type="submit" name="deleteall" value="' . $lang->get('privmsgs_btn_delete_all') . '" />
+ </th>
+ </tr>';
+ echo '</table></div></form>
+ <br />
+ <a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">' . $lang->get('privmsgs_btn_compose') . '</a>
+ </td></tr></table>';
+ break;
+ }
+ $template->footer();
+ break;
+ case 'PostHandler':
+ $fname = $db->escape(strtolower($_POST['folder']));
+ if($fname=='drafts' || $fname=='outbox')
+ {
+ $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
+ } else {
+ $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
+ }
+ if(!$q) $db->_die('The private message data could not be selected.');
+
+ if(isset($_POST['archive'])) {
+ while($row = $db->fetchrow($q))
+ {
+ if(isset($_POST['marked_'.$row['message_id']]))
+ {
+ $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';');
+ if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
+ $db->free_result();
+ }
+ }
+ } elseif(isset($_POST['delete'])) {
+ while($row = $db->fetchrow($q))
+ {
+ if(isset($_POST['marked_'.$row['message_id']]))
+ {
+ $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
+ if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
+ $db->free_result();
+ }
+ }
+ } elseif(isset($_POST['deleteall'])) {
+ while($row = $db->fetchrow($q))
+ {
+ $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
+ if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
+ $db->free_result();
+ }
+ } else {
+ die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.');
+ }
+ $db->free_result($q);
+ header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) ));
+ break;
+ case 'FriendList':
+ if($argv[1] == 'Add')
+ {
+ if(isset($_POST['_go']))
+ $buddyname = $_POST['buddyname'];
+ elseif($argv[2])
+ $buddyname = $argv[2];
+ else
+ die_friendly('Error adding buddy', '<p>No name specified</p>');
+ $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\'');
+ if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
+ if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
+ {
+ $r = $db->fetchrow();
+ $db->free_result();
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);');
+ if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>';
+ $db->free_result();
+ }
+ } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
+ // Using WHERE user_id prevents users from deleting others' buddies
+ $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
+ $db->free_result();
+ if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>';
+ if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
+ }
+ $template->header();
+ userprefs_show_menu();
+ ?>
+ <table border="0" width="100%" cellspacing="10" cellpadding="0">
+ <tr>
+ <td style="padding: 0px; width: 120px;" valign="top" >
+ <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
+ <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
+ <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
+ </table></div>
+ </td>
+ <td valign="top">
+ <?php
+ $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;');
+ if(!$q) $db->_die('The buddy list could not be selected.');
+ else
+ {
+ $allbuds = '';
+ echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>';
+ if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_buddies') . '</td></tr>';
+ $cls = 'row2';
+ while ( $row = $db->fetchrow() )
+ {
+ if($cls=='row2') $cls = 'row1';
+ else $cls = 'row2';
+ echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>';
+ $allbuds .= str_replace(' ', '_', $row['username']).',';
+ }
+ $db->free_result();
+ $allbuds = substr($allbuds, 0, strlen($allbuds)-1);
+ if($cls=='row2') $cls = 'row1';
+ else $cls = 'row2';
+ echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">' . $lang->get('privmsgs_btn_pm_all_buddies') . '</a></td></tr>';
+ echo '</table></div>';
+ }
+ echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ <h3>' . $lang->get('privmsgs_heading_add_buddy') . '</h3>';
+ echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>';
+ echo '</form>';
+ ?>
+ </td>
+ </tr>
+ </table>
+ <?php
+ $template->footer();
+ break;
+ case 'FoeList':
+ if($argv[1] == 'Add' && isset($_POST['_go']))
+ {
+ $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\'');
+ if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
+ if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
+ {
+ $r = $db->fetchrow();
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);');
+ if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>';
+ }
+ $db->free_result();
+ } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
+ // Using WHERE user_id prevents users from deleting others' buddies
+ $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
+ $db->free_result();
+ if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>';
+ if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
+ }
+ $template->header();
+ userprefs_show_menu();
+ ?>
+ <table border="0" width="100%" cellspacing="10" cellpadding="0">
+ <tr>
+ <td style="padding: 0px; width: 120px;" valign="top" >
+ <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
+ <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
+ <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
+ <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
+ <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
+ </table></div>
+ </td>
+ <td valign="top">
+ <?php
+ $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;');
+ if(!$q) $db->_die('The buddy list could not be selected.');
+ else
+ {
+ $allbuds = '';
+ echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>';
+ if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_foes') . '</td></tr>';
+ $cls = 'row2';
+ while ( $row = $db->fetchrow() )
+ {
+ if($cls=='row2') $cls = 'row1';
+ else $cls = 'row2';
+ echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>';
+ $allbuds .= str_replace(' ', '_', $row['username']).',';
+ }
+ $db->free_result();
+ $allbuds = substr($allbuds, 0, strlen($allbuds)-1);
+ if($cls=='row2') $cls = 'row1';
+ else $cls = 'row2';
+ echo '</table></div>';
+ }
+ echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ <h3>' . $lang->get('privmsgs_heading_add_foe') . '</h3>';
+ echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>';
+ echo '</form>';
+ ?>
+ </td>
+ </tr>
+ </table>
+ <?php
+ $template->footer();
+ break;
+ }
}
?>
\ No newline at end of file