diff -r 000000000000 -r 902822492a68 plugins/PrivateMessages.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/PrivateMessages.php Wed Jun 13 16:03:00 2007 -0400 @@ -0,0 +1,547 @@ +attachHook('base_classes_initted', ' + global $paths; + $paths->add_page(Array( + \'name\'=>\'Private Messages\', + \'urlname\'=>\'PrivateMessages\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + '); + +function page_Special_PrivateMessages() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + if(!$session->user_logged_in) die_friendly('Access denied', '

You need to log in to view your private messages.

'); + $argv = Array(); + $argv[] = $paths->getParam(0); + $argv[] = $paths->getParam(1); + $argv[] = $paths->getParam(2); + if(!$argv[0]) $argv[0] = 'InVaLiD'; + switch($argv[0]) + { + default: + header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); + break; + case 'View': + $id = $argv[1]; + if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); + if(!$q) $db->_die('The message data could not be selected.'); + $r = $db->fetchrow(); + $db->free_result(); + if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '

You are not authorized to view this message.

'); + if($r['message_to'] == $session->username) + { + $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); + $db->free_result(); + if(!$q) $db->_die('Could not mark message as read'); + } + $template->header(); + userprefs_show_menu(); + ?> +
+

+ + + + + +

Private message from
Subject:
Date:
Message:	'; + echo RenderMan::render($r['signature']); + } + ?>
Send reply \| Delete message \| Archive message \| Return to inbox

+ footer(); + break; + case 'Move': + $id = $argv[1]; + if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); + if(!$q) $db->_die('The message data could not be selected.'); + $r = $db->fetchrow(); + $db->free_result(); + if($r['message_to'] != $session->username) die_friendly('Access denied', '

You are not authorized to alter this message.

'); + $fname = $argv[2]; + if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); + $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); + $db->free_result(); + if(!$q) $db->_die('The message was not successfully moved.'); + die_friendly('Message status', '

Your message has been moved to the folder "'.$fname.'".

Return to inbox

'); + break; + case 'Delete': + $id = $argv[1]; + if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); + if(!$q) $db->_die('The message data could not be selected.'); + $r = $db->fetchrow(); + if($r['message_to'] != $session->username) die_friendly('Access denied', '

You are not authorized to delete this message.

'); + $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); + if(!$q) $db->_die('The message was not successfully deleted.'); + $db->free_result(); + die_friendly('Message status', '

The message has been deleted.

Return to inbox

'); + break; + case 'Compose': + if($argv[1]=='Send' && isset($_POST['_send'])) + { + // Check each POST DATA parameter... + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '

Please enter the username to which you want to send your message.

'); + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '

Please enter a subject for your message.

'); + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '

Please enter a message to send.

'); + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) { $n = $db->escape($n); } + $subject = RenderMan::preprocess_text($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; + foreach($namelist as $n) + { + $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; + } + $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if(!$result) $db->_die('The message could not be sent.'); + else die_friendly('Message status', '

Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your inbox.

'); + return; + } elseif($argv[1]=='Send' && isset($_POST['_savedraft'])) { + // Check each POST DATA parameter... + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '

Please enter the username to which you want to send your message.

'); + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '

Please enter a subject for your message.

'); + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '

Please enter a message to send.

'); + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) { $n = $db->escape($n); } + if(count($namelist) > MAX_PMS_PER_BATCH && $session->get_permssions('mod_misc')) die_friendly('Limit exceeded', '

You can only send this message to a maximum of '.MAX_PMS_PER_BATCH.' users.

'); + $subject = $db->escape($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; + foreach($namelist as $n) + { + $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; + } + $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if(!$result) $db->_die('The message could not be saved.'); + } elseif(isset($_POST['_inbox'])) { + header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); + } + if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) + { + $to = ''; + $text = ''; + $subj = ''; + $id = $argv[2]; + $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); + if(!$q) $db->_die('The message data could not be selected.'); + $r = $db->fetchrow(); + $db->free_result(); + if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '

You are not authorized to view the contents of this message.

'); + $subj = 'Re: ' . $r['subject']; + $text = "\n\n\nOn ".date('M j, Y G:i', $r['date']).", ".$r['message_from']." wrote:\n> ".str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) + + $tbuf = $text; + while( preg_match("/\n([\> ]*?)\> \>/", $text) ) + { + $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text); + if ( $text == $tbuf ) + break; + $tbuf = $text; + } + + $to = $r['message_from']; + } else { + if($argv[1]=='to' && $argv[2]) $to = $argv[2]; + else $to = ''; + $text = ''; + $subj = ''; + } + $template->header(); + userprefs_show_menu(); + echo '

'; + ?> +
+

+ + + + + +

Compose new private message
To: Separate multiple names with a single comma; you can send this message to up to users.	username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
Subject:
Message:	<?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $text; ?>

+ '; + $template->footer(); + break; + case 'Edit': + $id = $argv[1]; + if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '

Invalid message ID

'); + $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); + if(!$q) $db->_die('The message data could not be selected.'); + $r = $db->fetchrow(); + $db->free_result(); + if($r['message_from'] != $session->username || $r['message_read'] == 1 ) die_friendly('Access denied', '

You are not authorized to edit this message.

'); + $fname = $argv[2]; + + if(isset($_POST['_send'])) + { + // Check each POST DATA parameter... + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '

Please enter the username to which you want to send your message.

'); + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '

Please enter a subject for your message.

'); + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '

Please enter a message to send.

'); + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) { $n = $db->escape($n); } + $subject = RenderMan::preprocess_text($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if(!$result) $db->_die('The message could not be sent.'); + else die_friendly('Message status', '

Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your inbox.

'); + return; + } elseif(isset($_POST['_savedraft'])) { + // Check each POST DATA parameter... + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '

Please enter the username to which you want to send your message.

'); + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '

Please enter a subject for your message.

'); + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '

Please enter a message to send.

'); + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) { $n = $db->escape($n); } + $subject = $db->escape($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if(!$result) $db->_die('The message could not be saved.'); + } + if($argv[1]=='to' && $argv[2]) $to = $argv[2]; + else $to = ''; + $template->header(); + userprefs_show_menu(); + echo ''; + ?> +
+

+ + + + + +

Edit draft
To: Separate multiple names with a single comma
Subject:
Message:	<?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $r['message_text']; ?>

+ '; + $template->footer(); + break; + case 'Folder': + $template->header(); + userprefs_show_menu(); + switch($argv[1]) + { + default: + echo '

The folder "'.$argv[1].'" does not exist. Return to your inbox.

'; + break; + case 'Inbox': + case 'Outbox': + case 'Sent': + case 'Drafts': + case 'Archive': + ?> + + + +

+ + + + + + + + + +

Private messages
Inbox
Outbox
Sent Items
Drafts
Archive
Buddies
Friend list
Foe list

+ sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); + break; + case 'Outbox': + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;'); + break; + case 'Sent': + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;'); + break; + case 'Drafts': + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); + break; + } + if($argv[1] == 'Drafts' || $argv[1] == 'Outbox') $act = 'Edit'; + else $act = 'View'; + if(!$q) $db->_die('The private message data could not be selected.'); + echo '

'; + if($db->numrows() < 1) + echo ''; + else { + $cls = 'row2'; + while($r = $db->fetchrow()) + { + if($cls == 'row2') $cls='row1'; + else $cls = 'row2'; + $mto = str_replace(' ', '_', $r['message_to']); + $mfr = str_replace(' ', '_', $r['message_from']); + echo ''; + } + $db->free_result(); + } + echo ''; + echo '

Folder: '.$argv[1].'
'; + if($fname == 'drafts' \|\| $fname == 'Outbox') echo 'To'; else echo 'From'; + echo '	Subject	Date	Mark
No messages in this folder.
'; + if($fname == 'drafts' \|\| $fname == 'outbox') echo $r['message_to']; else echo $r['message_from']; + echo '	'; + if($r['message_read'] == 0) echo ''; + echo $r['subject']; + if($r['message_read'] == 0) echo ''; + echo '	'.date('M j, Y G:i', $r['date']).'

+
+ New message +

'; + break; + } + $template->footer(); + break; + case 'PostHandler': + $fname = $db->escape(strtolower($_POST['folder'])); + if($fname=='drafts' || $fname=='outbox') + { + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); + } else { + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); + } + if(!$q) $db->_die('The private message data could not be selected.'); + + if(isset($_POST['archive'])) { + while($row = $db->fetchrow($q)) + { + if(isset($_POST['marked_'.$row['message_id']])) + { + $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + $db->free_result(); + } + } + } elseif(isset($_POST['delete'])) { + while($row = $db->fetchrow($q)) + { + if(isset($_POST['marked_'.$row['message_id']])) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + $db->free_result(); + } + } + } elseif(isset($_POST['deleteall'])) { + while($row = $db->fetchrow($q)) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + $db->free_result(); + } + } else { + die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.'); + } + $db->free_result($q); + header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) )); + break; + case 'FriendList': + if($argv[1] == 'Add') + { + if(isset($_POST['_go'])) + $buddyname = $_POST['buddyname']; + elseif($argv[2]) + $buddyname = $argv[2]; + else + die_friendly('Error adding buddy', '

No name specified

'); + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\''); + if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); + if($db->numrows() < 1) echo '

Error adding buddy

The username you entered is not in use by any registered user.

'; + { + $r = $db->fetchrow(); + $db->free_result(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);'); + if(!$q) echo '

Warning:

Buddy could not be added: '.mysql_error().'

'; + $db->free_result(); + } + } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { + // Using WHERE user_id prevents users from deleting others' buddies + $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); + $db->free_result(); + if(!$q) echo '

Warning:

Buddy could not be deleted: '.mysql_error().'

'; + if(mysql_affected_rows() < 1) echo '

Warning:

No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.

'; + } + $template->header(); + userprefs_show_menu(); + ?> + + + + + +

+ + + + + + + + + +

Private messages
Inbox
Outbox
Sent Items
Drafts
Archive
Buddies
Friend list
Foe list

+ sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;'); + if(!$q) $db->_die('The buddy list could not be selected.'); + else + { + $allbuds = ''; + echo '

'; + if($db->numrows() < 1) echo ''; + $cls = 'row2'; + while ( $row = $db->fetchrow() ) + { + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + $allbuds .= str_replace(' ', '_', $row['username']).','; + } + $db->free_result(); + $allbuds = substr($allbuds, 0, strlen($allbuds)-1); + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + echo '

Buddy list for '.$session->username.'
No buddies in your list.
nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'	Send private message	Remove
Send a PM to all buddies

'; + } + echo ''; + ?> +

+ footer(); + break; + case 'FoeList': + if($argv[1] == 'Add' && isset($_POST['_go'])) + { + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\''); + if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); + if($db->numrows() < 1) echo '

Error adding buddy

The username you entered is not in use by any registered user.

'; + { + $r = $db->fetchrow(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);'); + if(!$q) echo '

Warning:

Buddy could not be added: '.mysql_error().'

'; + } + $db->free_result(); + } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { + // Using WHERE user_id prevents users from deleting others' buddies + $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); + $db->free_result(); + if(!$q) echo '

Warning:

Buddy could not be deleted: '.mysql_error().'

'; + if(mysql_affected_rows() < 1) echo '

Warning:

No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.

'; + } + $template->header(); + userprefs_show_menu(); + ?> + + + + + +

+ + + + + + + + + +

Private messages
Inbox
Outbox
Sent Items
Drafts
Archive
Buddies
Friend list
Foe list

+ sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;'); + if(!$q) $db->_die('The buddy list could not be selected.'); + else + { + $allbuds = ''; + echo '

'; + if($db->numrows() < 1) echo ''; + $cls = 'row2'; + while ( $row = $db->fetchrow() ) + { + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + $allbuds .= str_replace(' ', '_', $row['username']).','; + } + $allbuds = substr($allbuds, 0, strlen($allbuds)-1); + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + //echo ''; + echo '

Foe list for '.$session->username.'
No foes in your list.
nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'	Send private message	Remove
Send a PM to all buddies

'; + } + $db->free_result(); + echo ''; + ?> +

+ footer(); + break; + } +} + +?> \ No newline at end of file

Error adding buddy

Warning:

Warning:

Warning:

Add a new friend

Error adding buddy

Warning:

Warning:

Warning:

Add a new foe