diff -r c75ad574b56d -r 8a00247d1dee plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Sat Oct 27 13:54:44 2007 -0400 +++ b/plugins/PrivateMessages.php Sun Oct 28 14:32:13 2007 -0400 @@ -35,12 +35,18 @@ function page_Special_PrivateMessages() { global $db, $session, $paths, $template, $plugins; // Common objects - if(!$session->user_logged_in) die_friendly('Access denied', '

You need to log in to view your private messages.

'); + if ( !$session->user_logged_in ) + { + die_friendly('Access denied', '

You need to log in to view your private messages.

'); + } $argv = Array(); $argv[] = $paths->getParam(0); $argv[] = $paths->getParam(1); $argv[] = $paths->getParam(2); - if(!$argv[0]) $argv[0] = 'InVaLiD'; + if ( !$argv[0] ) + { + $argv[0] = 'InVaLiD'; + } switch($argv[0]) { default: @@ -48,17 +54,29 @@ break; case 'View': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); $db->free_result(); - if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '

You are not authorized to view this message.

'); - if($r['message_to'] == $session->username) + if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) + { + die_friendly('Access denied', '

You are not authorized to view this message.

'); + } + if ( $r['message_to'] == $session->username ) { $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); $db->free_result(); - if(!$q) $db->_die('Could not mark message as read'); + if ( !$q ) + { + $db->_die('Could not mark message as read'); + } } $template->header(); userprefs_show_menu(); @@ -69,7 +87,7 @@ Subject: Date: Message:'; echo RenderMan::render($r['signature']); @@ -82,33 +100,60 @@ break; case 'Move': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); $db->free_result(); - if($r['message_to'] != $session->username) die_friendly('Access denied', '

You are not authorized to alter this message.

'); + if ( $r['message_to'] != $session->username ) + { + die_friendly('Access denied', '

You are not authorized to alter this message.

'); + } $fname = $argv[2]; - if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); + if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) + { + die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); + } $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); $db->free_result(); - if(!$q) $db->_die('The message was not successfully moved.'); + if ( !$q ) + { + $db->_die('The message was not successfully moved.'); + } die_friendly('Message status', '

Your message has been moved to the folder "'.$fname.'".

Return to inbox

'); break; case 'Delete': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); - if($r['message_to'] != $session->username) die_friendly('Access denied', '

You are not authorized to delete this message.

'); + if ( $r['message_to'] != $session->username ) + { + die_friendly('Access denied', '

You are not authorized to delete this message.

'); + } $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); - if(!$q) $db->_die('The message was not successfully deleted.'); + if ( !$q ) + { + $db->_die('The message was not successfully deleted.'); + } $db->free_result(); die_friendly('Message status', '

The message has been deleted.

Return to inbox

'); break; case 'Compose': - if($argv[1]=='Send' && isset($_POST['_send'])) + if ( $argv[1]=='Send' && isset($_POST['_send']) ) { // Check each POST DATA parameter... if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '

Please enter the username to which you want to send your message.

'); @@ -191,10 +236,26 @@ ?>
- - - - + + + + + + + + + + +
Compose new private message
To:
Separate multiple names with a single comma; you
can send this message to up to users.
username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
Subject:
Message:
Compose new private message
+ To:
+ Separate multiple names with a single comma; you
+ may send this message to up to users.
+
+ username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> +
+ Subject: + +
Message:
- - - + + +
Edit draft
To:
Separate multiple names with a single comma
Subject:
Message:
To:
Separate multiple names with a single comma
Subject:
Message: