diff -r c75ad574b56d -r 8a00247d1dee plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Sat Oct 27 13:54:44 2007 -0400 +++ b/plugins/PrivateMessages.php Sun Oct 28 14:32:13 2007 -0400 @@ -35,12 +35,18 @@ function page_Special_PrivateMessages() { global $db, $session, $paths, $template, $plugins; // Common objects - if(!$session->user_logged_in) die_friendly('Access denied', '
You need to log in to view your private messages.
'); + if ( !$session->user_logged_in ) + { + die_friendly('Access denied', 'You need to log in to view your private messages.
'); + } $argv = Array(); $argv[] = $paths->getParam(0); $argv[] = $paths->getParam(1); $argv[] = $paths->getParam(2); - if(!$argv[0]) $argv[0] = 'InVaLiD'; + if ( !$argv[0] ) + { + $argv[0] = 'InVaLiD'; + } switch($argv[0]) { default: @@ -48,17 +54,29 @@ break; case 'View': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', 'Invalid message ID
'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', 'Invalid message ID
'); + } $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); $db->free_result(); - if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', 'You are not authorized to view this message.
'); - if($r['message_to'] == $session->username) + if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) + { + die_friendly('Access denied', 'You are not authorized to view this message.
'); + } + if ( $r['message_to'] == $session->username ) { $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); $db->free_result(); - if(!$q) $db->_die('Could not mark message as read'); + if ( !$q ) + { + $db->_die('Could not mark message as read'); + } } $template->header(); userprefs_show_menu(); @@ -69,7 +87,7 @@Invalid message ID
'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', 'Invalid message ID
'); + } $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); $db->free_result(); - if($r['message_to'] != $session->username) die_friendly('Access denied', 'You are not authorized to alter this message.
'); + if ( $r['message_to'] != $session->username ) + { + die_friendly('Access denied', 'You are not authorized to alter this message.
'); + } $fname = $argv[2]; - if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', 'The folder name "'.$fname.'" is invalid.
'); + if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) + { + die_friendly('Invalid request', 'The folder name "'.$fname.'" is invalid.
'); + } $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); $db->free_result(); - if(!$q) $db->_die('The message was not successfully moved.'); + if ( !$q ) + { + $db->_die('The message was not successfully moved.'); + } die_friendly('Message status', 'Your message has been moved to the folder "'.$fname.'".
'); break; case 'Delete': $id = $argv[1]; - if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', 'Invalid message ID
'); + if ( !preg_match('#^([0-9]+)$#', $id) ) + { + die_friendly('Message error', 'Invalid message ID
'); + } $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } $r = $db->fetchrow(); - if($r['message_to'] != $session->username) die_friendly('Access denied', 'You are not authorized to delete this message.
'); + if ( $r['message_to'] != $session->username ) + { + die_friendly('Access denied', 'You are not authorized to delete this message.
'); + } $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); - if(!$q) $db->_die('The message was not successfully deleted.'); + if ( !$q ) + { + $db->_die('The message was not successfully deleted.'); + } $db->free_result(); die_friendly('Message status', 'The message has been deleted.
'); break; case 'Compose': - if($argv[1]=='Send' && isset($_POST['_send'])) + if ( $argv[1]=='Send' && isset($_POST['_send']) ) { // Check each POST DATA parameter... if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', 'Please enter the username to which you want to send your message.
'); @@ -191,10 +236,26 @@ ?>Compose new private message | |
---|---|
To: Separate multiple names with a single comma; you can send this message to up to users. | username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> |
Subject: | |
Message: | |
Compose new private message | +|
+ To: + Separate multiple names with a single comma; you + may send this message to up to users. + |
+ + username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> + | +
+ Subject: + | ++ |
Message: | |
Edit draft | |
---|---|
To: Separate multiple names with a single comma | |
Subject: | |
Message: | |
To: Separate multiple names with a single comma | |
Subject: | |
Message: | |