diff -r de56132c008d -r bdac73ed481e plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Sun Mar 28 21:49:26 2010 -0400 +++ b/plugins/PrivateMessages.php Sun Mar 28 23:10:46 2010 -0400 @@ -1,12 +1,12 @@ user_logged_in ) - { - die_friendly($lang->get('etc_access_denied_short'), '

' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '

'); - } - $argv = Array(); - $argv[] = $paths->getParam(0); - $argv[] = $paths->getParam(1); - $argv[] = $paths->getParam(2); - if ( !$argv[0] ) - { - $argv[0] = 'InVaLiD'; - } - switch($argv[0]) - { - default: - header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); - break; - case 'View': - $id = $argv[1]; - if ( !ctype_digit($id) ) - { - die_friendly('Message error', '

Invalid message ID

'); - } - $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); - if ( !$q ) - { - $db->_die('The message data could not be selected.'); - } - $r = $db->fetchrow(); - $db->free_result(); - if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) - { - die_friendly($lang->get('etc_access_denied_short'), '

' . $lang->get('privmsgs_err_not_authorized_read') . '

'); - } - if ( $r['message_to'] == $session->username ) - { - $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); - $db->free_result(); - if ( !$q ) - { - $db->_die('Could not mark message as read'); - } - } - $template->header(); - userprefs_show_menu(); - ?> -
-
- - - - - -
get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?>
get('privmsgs_lbl_subject') ?>
get('privmsgs_lbl_date') ?>
get('privmsgs_lbl_message') ?>'; - echo RenderMan::render($r['signature']); - } - ?>
get('privmsgs_btn_send_reply'); ?> | Delete message | get('privmsgs_btn_archive'); ?> | get('privmsgs_btn_return_to_inbox'); ?>
- footer(); - break; - case 'Move': - $id = $argv[1]; - if ( !ctype_digit($id) ) - { - die_friendly('Message error', '

Invalid message ID

'); - } - $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if ( !$q ) - { - $db->_die('The message data could not be selected.'); - } - $r = $db->fetchrow(); - $db->free_result(); - if ( $r['message_to'] != $session->username ) - { - die_friendly($lang->get('etc_access_denied_short'), '

' . $lang->get('privmsgs_err_not_authorized_edit') . '

'); - } - $fname = $argv[2]; - if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) - { - die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); - } - $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); - $db->free_result(); - if ( !$q ) - { - $db->_die('The message was not successfully moved.'); - } - die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '

' . $lang->get('privmsgs_btn_return_to_inbox') . '

'); - break; - case 'Delete': - $id = $argv[1]; - if ( !ctype_digit($id) ) - { - die_friendly('Message error', '

Invalid message ID

'); - } - $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if ( !$q ) - { - $db->_die('The message data could not be selected.'); - } - $r = $db->fetchrow(); - if ( $r['message_to'] != $session->username ) - { - die_friendly($lang->get('etc_access_denied_short'), '

You are not authorized to delete this message.

'); - } - $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); - if ( !$q ) - { - $db->_die('The message was not successfully deleted.'); - } - $db->free_result(); - die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_deleted') . '

' . $lang->get('privmsgs_btn_return_to_inbox') . '

'); - break; - case 'Compose': - if ( $argv[1]=='Send' && isset($_POST['_send']) ) - { - // Check each POST DATA parameter... - $errors = array(); - if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_username'); - } - if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_subject'); - } - if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_message'); - } - if ( count($errors) < 1 ) - { - $namelist = $_POST['to']; - $namelist = str_replace(', ', ',', $namelist); - $namelist = explode(',', $namelist); - foreach($namelist as $n) { $n = $db->escape($n); } - $subject = RenderMan::preprocess_text($_POST['subject']); - $message = RenderMan::preprocess_text($_POST['message']); - $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; - foreach($namelist as $n) - { - $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; - } - $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; - $result = $db->sql_query($base_query); - $db->free_result(); - if ( !$result ) - { - $db->_die('The message could not be sent.'); - } - else - { - die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '

'); - } - return; - } - } - else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) ) - { - $errors = array(); - if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') ) - { - $errors[] = $lang->get('privmsgs_err_need_username'); - } - if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') ) - { - $errors[] = $lang->get('privmsgs_err_need_subject'); - } - if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') ) - { - $errors[] = $lang->get('privmsgs_err_need_message'); - } - if ( count($errors) < 1 ) - { - $namelist = $_POST['to']; - $namelist = str_replace(', ', ',', $namelist); - $namelist = explode(',', $namelist); - foreach($namelist as $n) - { - $n = $db->escape($n); - } - if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') ) - { - die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '

' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '

'); - } - $subject = $db->escape($_POST['subject']); - $message = RenderMan::preprocess_text($_POST['message']); - $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; - foreach($namelist as $n) - { - $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; - } - $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';'; - $result = $db->sql_query($base_query); - $db->free_result(); - if ( !$result ) - { - $db->_die('The message could not be saved.'); - } - } - } - else if(isset($_POST['_inbox'])) - { - redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0); - } - if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) - { - $to = ''; - $text = ''; - $subj = ''; - $id = $argv[2]; - $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); - if ( !$q ) - $db->_die('The message data could not be selected.'); - - $r = $db->fetchrow(); - $db->free_result(); - if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' ) - { - die_friendly($lang->get('etc_access_denied_short'), '

You are not authorized to view the contents of this message.

'); - } - $subj = 'Re: ' . $r['subject']; - $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) - - $tbuf = $text; - while( preg_match("/\n([\> ]*?)\> \>/", $text) ) - { - $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text); - if ( $text == $tbuf ) - break; - $tbuf = $text; - } - - $to = $r['message_from']; - } - else - { - if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] ) - { - $to = htmlspecialchars($argv[2]); - } - else - { - $to = ''; - } - $text = ''; - $subj = ''; - } - $template->header(); - userprefs_show_menu(); - if ( isset($errors) && count($errors) > 0 ) - { - echo '
- ' . $lang->get('privmsgs_err_send_submit') . ' - -
'; - } - echo '
'; - - if ( isset($_POST['_savedraft']) ) - { - echo '
' . $lang->get('privmsgs_msg_draft_saved') . '
'; - } - ?> -
-
- - - - - - - - - - - - - - - - - - -
get('privmsgs_lbl_compose_th'); ?>
- get('privmsgs_lbl_compose_to'); ?>
- get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?> - 		- username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> -
- get('privmsgs_lbl_subject'); ?> - - -
- get('privmsgs_lbl_message'); ?> - - tinymce_textarea('message', $content, 20, 40); - ?> -
- - - -
- '; - $template->footer(); - break; - case 'Edit': - $id = $argv[1]; - if ( !ctype_digit($id) ) - { - die_friendly('Message error', '

Invalid message ID

'); - } - $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); - if ( !$q ) - { - $db->_die('The message data could not be selected.'); - } - $r = $db->fetchrow(); - $db->free_result(); - if ( $r['message_from'] != $session->username || $r['message_read'] == 1 ) - { - die_friendly($lang->get('etc_access_denied_short'), '

You are not authorized to edit this message.

'); - } - $fname = $argv[2]; - - if(isset($_POST['_send'])) - { - // Check each POST DATA parameter... - $errors = array(); - if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_username'); - } - if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_subject'); - } - if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_message'); - } - if ( count($errors) < 1 ) - { - $namelist = $_POST['to']; - $namelist = str_replace(', ', ',', $namelist); - $namelist = explode(',', $namelist); - foreach ($namelist as $n) - { - $n = $db->escape($n); - } - $subject = RenderMan::preprocess_text($_POST['subject']); - $message = RenderMan::preprocess_text($_POST['message']); - $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';'; - $result = $db->sql_query($base_query); - $db->free_result(); - if ( !$result ) - { - $db->_die('The message could not be sent.'); - } - else - { - die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '

'); - } - return; - } - } - else if ( isset($_POST['_savedraft']) ) - { - // Check each POST DATA parameter... - $errors = array(); - if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_username'); - } - if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_subject'); - } - if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) - { - $errors[] = $lang->get('privmsgs_err_need_message'); - } - if ( count($errors) < 1 ) - { - $namelist = $_POST['to']; - $namelist = str_replace(', ', ',', $namelist); - $namelist = explode(',', $namelist); - foreach ( $namelist as $n ) - { - $n = $db->escape($n); - } - $subject = $db->escape($_POST['subject']); - $message = RenderMan::preprocess_text($_POST['message']); - $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';'; - $result = $db->sql_query($base_query); - $db->free_result(); - if ( !$result ) - { - $db->_die('The message could not be saved.'); - } - } - } - if ( $argv[1]=='to' && $argv[2] ) - { - $to = htmlspecialchars($argv[2]); - } - else - { - $to = ''; - } - $template->header(); - userprefs_show_menu(); - echo ''; - - if ( isset($_POST['_savedraft']) ) - { - echo '
' . $lang->get('privmsgs_msg_draft_saved') . '
'; - } - ?> -
-
- - - - - - - - - - - - - - - - - -
get('privmsgs_lbl_edit_th'); ?>
- get('privmsgs_lbl_compose_to'); ?>
- get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?> - 		- username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?> -
- get('privmsgs_lbl_subject'); ?> - - -
- get('privmsgs_lbl_message'); ?> - - tinymce_textarea('message', $content, 20, 40); - ?> -
- - -
- '; - $template->footer(); - break; - case 'Folder': - $template->header(); - userprefs_show_menu(); - switch($argv[1]) - { - default: - echo '

' . $lang->get('privmsgs_err_folder_not_exist', array( - 'folder_name' => htmlspecialchars($argv[1]), - 'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') - )) . '

'; - break; - case 'Inbox': - case 'Outbox': - case 'Sent': - case 'Drafts': - case 'Archive': - ?> - - - -
-
- - - - - - - - - -
get('privmsgs_sidebar_th_privmsgs'); ?>
get('privmsgs_folder_inbox'); ?>
get('privmsgs_folder_outbox'); ?>
get('privmsgs_folder_sent'); ?>
get('privmsgs_folder_drafts'); ?>
get('privmsgs_folder_archive'); ?>
get('privmsgs_sidebar_th_buddies'); ?>
get('privmsgs_sidebar_friend_list'); ?>
get('privmsgs_sidebar_foe_list'); ?>
- 		- sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); - break; - case 'Outbox': - $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;'); - break; - case 'Sent': - $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;'); - break; - case 'Drafts': - $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); - break; - } - if ( !$q ) - { - $db->_die('The private message data could not be selected.'); - } - if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' ) - { - $act = 'Edit'; - } - else - { - $act = 'View'; - } - echo ' -
- - - - - - - - - - '; - if($db->numrows() < 1) - { - echo ''; - } - else - { - $cls = 'row2'; - while ( $r = $db->fetchrow() ) - { - if($cls == 'row2') $cls='row1'; - else $cls = 'row2'; - $mto = str_replace(' ', '_', $r['message_to']); - $mfr = str_replace(' ', '_', $r['message_from']); - echo ''; - } - $db->free_result(); - } - echo ' - - '; - echo '
' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '
'; - if ( $fname == 'drafts' || $fname == 'Outbox' ) - { - echo $lang->get('privmsgs_folder_th_to'); - } - else - { - echo $lang->get('privmsgs_folder_th_from'); - } - echo '' . $lang->get('privmsgs_folder_th_subject') . '' . $lang->get('privmsgs_folder_th_date') . '' . $lang->get('privmsgs_folder_th_mark') . '
' . $lang->get('privmsgs_msg_no_messages') . '
'; - if ( $fname == 'drafts' || $fname == 'outbox' ) - { - echo $r['message_to']; - } - else - { - echo $r['message_from']; - } - - echo ''; - - if ( $r['message_read'] == 0 ) - { - echo ''; - } - echo $r['subject']; - if ( $r['message_read'] == 0 ) - { - echo ''; - } - echo ''.enano_date(ED_DATE | ED_TIME, $r['date']).'
- - - - -
-
- ' . $lang->get('privmsgs_btn_compose') . ' -
'; - break; - } - $template->footer(); - break; - case 'PostHandler': - $fname = $db->escape(strtolower($_POST['folder'])); - if($fname=='drafts' || $fname=='outbox') - { - $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); - } else { - $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); - } - if(!$q) $db->_die('The private message data could not be selected.'); - - if(isset($_POST['archive'])) { - while($row = $db->fetchrow($q)) - { - if(isset($_POST['marked_'.$row['message_id']])) - { - $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';'); - if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); - $db->free_result(); - } - } - } elseif(isset($_POST['delete'])) { - while($row = $db->fetchrow($q)) - { - if(isset($_POST['marked_'.$row['message_id']])) - { - $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); - if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); - $db->free_result(); - } - } - } elseif(isset($_POST['deleteall'])) { - while($row = $db->fetchrow($q)) - { - $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); - if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); - $db->free_result(); - } - } else { - die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.'); - } - $db->free_result($q); - header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) )); - break; - case 'FriendList': - if($argv[1] == 'Add') - { - if(isset($_POST['_go'])) - $buddyname = $_POST['buddyname']; - elseif($argv[2]) - $buddyname = $argv[2]; - else - die_friendly('Error adding buddy', '

No name specified

'); - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\''); - if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); - if($db->numrows() < 1) echo '

Error adding buddy

The username you entered is not in use by any registered user.

'; - { - $r = $db->fetchrow(); - $db->free_result(); - $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);'); - if(!$q) echo '

Warning:

Buddy could not be added: '.$db->get_error().'

'; - $db->free_result(); - } - } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { - // Using WHERE user_id prevents users from deleting others' buddies - $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); - $db->free_result(); - if(!$q) echo '

Warning:

Buddy could not be deleted: '.$db->get_error().'

'; - if(mysql_affected_rows() < 1) echo '

Warning:

No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.

'; - } - $template->header(); - userprefs_show_menu(); - ?> - - - - - -
-
- - - - - - - - - -
get('privmsgs_sidebar_th_privmsgs'); ?>
get('privmsgs_folder_inbox'); ?>
get('privmsgs_folder_outbox'); ?>
get('privmsgs_folder_sent'); ?>
get('privmsgs_folder_drafts'); ?>
get('privmsgs_folder_archive'); ?>
get('privmsgs_sidebar_th_buddies'); ?>
get('privmsgs_sidebar_friend_list'); ?>
get('privmsgs_sidebar_foe_list'); ?>
- 		- sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;'); - if(!$q) $db->_die('The buddy list could not be selected.'); - else - { - $allbuds = ''; - echo '
'; - if($db->numrows() < 1) echo ''; - $cls = 'row2'; - while ( $row = $db->fetchrow() ) - { - if($cls=='row2') $cls = 'row1'; - else $cls = 'row2'; - echo ''; - $allbuds .= str_replace(' ', '_', $row['username']).','; - } - $db->free_result(); - $allbuds = substr($allbuds, 0, strlen($allbuds)-1); - if($cls=='row2') $cls = 'row1'; - else $cls = 'row2'; - echo ''; - echo '
' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '
' . $lang->get('privmsgs_msg_no_buddies') . '
nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'' . $lang->get('privmsgs_btn_buddy_send_pm') . '' . $lang->get('privmsgs_btn_buddy_remove') . '
' . $lang->get('privmsgs_btn_pm_all_buddies') . '
'; - } - echo '
-

' . $lang->get('privmsgs_heading_add_buddy') . '

'; - echo '

' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').'

'; - echo '
'; - ?> -
- footer(); - break; - case 'FoeList': - if($argv[1] == 'Add' && isset($_POST['_go'])) - { - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\''); - if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); - if($db->numrows() < 1) echo '

Error adding buddy

The username you entered is not in use by any registered user.

'; - { - $r = $db->fetchrow(); - $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);'); - if(!$q) echo '

Warning:

Buddy could not be added: '.$db->get_error().'

'; - } - $db->free_result(); - } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { - // Using WHERE user_id prevents users from deleting others' buddies - $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); - $db->free_result(); - if(!$q) echo '

Warning:

Buddy could not be deleted: '.$db->get_error().'

'; - if(mysql_affected_rows() < 1) echo '

Warning:

No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.

'; - } - $template->header(); - userprefs_show_menu(); - ?> - - - - - -
-
- - - - - - - - - -
get('privmsgs_sidebar_th_privmsgs'); ?>
get('privmsgs_folder_inbox'); ?>
get('privmsgs_folder_outbox'); ?>
get('privmsgs_folder_sent'); ?>
get('privmsgs_folder_drafts'); ?>
get('privmsgs_folder_archive'); ?>
get('privmsgs_sidebar_th_buddies'); ?>
get('privmsgs_sidebar_friend_list'); ?>
get('privmsgs_sidebar_foe_list'); ?>
- 		- sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;'); - if(!$q) $db->_die('The buddy list could not be selected.'); - else - { - $allbuds = ''; - echo '
'; - if($db->numrows() < 1) echo ''; - $cls = 'row2'; - while ( $row = $db->fetchrow() ) - { - if($cls=='row2') $cls = 'row1'; - else $cls = 'row2'; - echo ''; - $allbuds .= str_replace(' ', '_', $row['username']).','; - } - $db->free_result(); - $allbuds = substr($allbuds, 0, strlen($allbuds)-1); - if($cls=='row2') $cls = 'row1'; - else $cls = 'row2'; - echo '
' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '
' . $lang->get('privmsgs_msg_no_foes') . '
nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'' . $lang->get('privmsgs_btn_buddy_send_pm') . '' . $lang->get('privmsgs_btn_buddy_remove') . '
'; - } - echo '
-

' . $lang->get('privmsgs_heading_add_foe') . '

'; - echo '

' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').'

'; - echo '
'; - ?> -
- footer(); - break; - } + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( !$session->user_logged_in ) + { + die_friendly($lang->get('etc_access_denied_short'), '

' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '

'); + } + $argv = Array(); + $argv[] = $paths->getParam(0); + $argv[] = $paths->getParam(1); + $argv[] = $paths->getParam(2); + if ( !$argv[0] ) + { + $argv[0] = 'InVaLiD'; + } + switch($argv[0]) + { + default: + header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); + break; + case 'View': + $id = $argv[1]; + if ( !ctype_digit($id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } + $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } + $r = $db->fetchrow(); + $db->free_result(); + if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) + { + die_friendly($lang->get('etc_access_denied_short'), '

' . $lang->get('privmsgs_err_not_authorized_read') . '

'); + } + if ( $r['message_to'] == $session->username ) + { + $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); + $db->free_result(); + if ( !$q ) + { + $db->_die('Could not mark message as read'); + } + } + $template->header(); + userprefs_show_menu(); + ?> +
+
+ + + + + +
get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?>
get('privmsgs_lbl_subject') ?>
get('privmsgs_lbl_date') ?>
get('privmsgs_lbl_message') ?>'; + echo RenderMan::render($r['signature']); + } + ?>
get('privmsgs_btn_send_reply'); ?> | Delete message | get('privmsgs_btn_archive'); ?> | get('privmsgs_btn_return_to_inbox'); ?>
+ footer(); + break; + case 'Move': + $id = $argv[1]; + if ( !ctype_digit($id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } + $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } + $r = $db->fetchrow(); + $db->free_result(); + if ( $r['message_to'] != $session->username ) + { + die_friendly($lang->get('etc_access_denied_short'), '

' . $lang->get('privmsgs_err_not_authorized_edit') . '

'); + } + $fname = $argv[2]; + if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) + { + die_friendly('Invalid request', '

The folder name "'.$fname.'" is invalid.

'); + } + $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); + $db->free_result(); + if ( !$q ) + { + $db->_die('The message was not successfully moved.'); + } + die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '

' . $lang->get('privmsgs_btn_return_to_inbox') . '

'); + break; + case 'Delete': + $id = $argv[1]; + if ( !ctype_digit($id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } + $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } + $r = $db->fetchrow(); + if ( $r['message_to'] != $session->username ) + { + die_friendly($lang->get('etc_access_denied_short'), '

You are not authorized to delete this message.

'); + } + $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); + if ( !$q ) + { + $db->_die('The message was not successfully deleted.'); + } + $db->free_result(); + die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_deleted') . '

' . $lang->get('privmsgs_btn_return_to_inbox') . '

'); + break; + case 'Compose': + if ( $argv[1]=='Send' && isset($_POST['_send']) ) + { + // Check each POST DATA parameter... + $errors = array(); + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_username'); + } + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_subject'); + } + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_message'); + } + if ( count($errors) < 1 ) + { + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) { $n = $db->escape($n); } + $subject = RenderMan::preprocess_text($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; + foreach($namelist as $n) + { + $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; + } + $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if ( !$result ) + { + $db->_die('The message could not be sent.'); + } + else + { + die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '

'); + } + return; + } + } + else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) ) + { + $errors = array(); + if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') ) + { + $errors[] = $lang->get('privmsgs_err_need_username'); + } + if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') ) + { + $errors[] = $lang->get('privmsgs_err_need_subject'); + } + if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') ) + { + $errors[] = $lang->get('privmsgs_err_need_message'); + } + if ( count($errors) < 1 ) + { + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) + { + $n = $db->escape($n); + } + if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') ) + { + die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '

' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '

'); + } + $subject = $db->escape($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; + foreach($namelist as $n) + { + $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; + } + $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if ( !$result ) + { + $db->_die('The message could not be saved.'); + } + } + } + else if(isset($_POST['_inbox'])) + { + redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0); + } + if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) + { + $to = ''; + $text = ''; + $subj = ''; + $id = $argv[2]; + $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); + if ( !$q ) + $db->_die('The message data could not be selected.'); + + $r = $db->fetchrow(); + $db->free_result(); + if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' ) + { + die_friendly($lang->get('etc_access_denied_short'), '

You are not authorized to view the contents of this message.

'); + } + $subj = 'Re: ' . $r['subject']; + $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) + + $tbuf = $text; + while( preg_match("/\n([\> ]*?)\> \>/", $text) ) + { + $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text); + if ( $text == $tbuf ) + break; + $tbuf = $text; + } + + $to = $r['message_from']; + } + else + { + if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] ) + { + $to = htmlspecialchars($argv[2]); + } + else + { + $to = ''; + } + $text = ''; + $subj = ''; + } + $template->header(); + userprefs_show_menu(); + if ( isset($errors) && count($errors) > 0 ) + { + echo '
+ ' . $lang->get('privmsgs_err_send_submit') . ' + +
'; + } + echo '
'; + + if ( isset($_POST['_savedraft']) ) + { + echo '
' . $lang->get('privmsgs_msg_draft_saved') . '
'; + } + ?> +
+
+ + + + + + + + + + + + + + + + + + +
get('privmsgs_lbl_compose_th'); ?>
+ get('privmsgs_lbl_compose_to'); ?>
+ get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?> + 		+ username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> +
+ get('privmsgs_lbl_subject'); ?> + + +
+ get('privmsgs_lbl_message'); ?> + + tinymce_textarea('message', $content, 20, 40); + ?> +
+ + + +
+ '; + $template->footer(); + break; + case 'Edit': + $id = $argv[1]; + if ( !ctype_digit($id) ) + { + die_friendly('Message error', '

Invalid message ID

'); + } + $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); + if ( !$q ) + { + $db->_die('The message data could not be selected.'); + } + $r = $db->fetchrow(); + $db->free_result(); + if ( $r['message_from'] != $session->username || $r['message_read'] == 1 ) + { + die_friendly($lang->get('etc_access_denied_short'), '

You are not authorized to edit this message.

'); + } + $fname = $argv[2]; + + if(isset($_POST['_send'])) + { + // Check each POST DATA parameter... + $errors = array(); + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_username'); + } + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_subject'); + } + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_message'); + } + if ( count($errors) < 1 ) + { + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach ($namelist as $n) + { + $n = $db->escape($n); + } + $subject = RenderMan::preprocess_text($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if ( !$result ) + { + $db->_die('The message could not be sent.'); + } + else + { + die_friendly($lang->get('privmsgs_msg_message_status'), '

' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '

'); + } + return; + } + } + else if ( isset($_POST['_savedraft']) ) + { + // Check each POST DATA parameter... + $errors = array(); + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_username'); + } + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_subject'); + } + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_message'); + } + if ( count($errors) < 1 ) + { + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach ( $namelist as $n ) + { + $n = $db->escape($n); + } + $subject = $db->escape($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if ( !$result ) + { + $db->_die('The message could not be saved.'); + } + } + } + if ( $argv[1]=='to' && $argv[2] ) + { + $to = htmlspecialchars($argv[2]); + } + else + { + $to = ''; + } + $template->header(); + userprefs_show_menu(); + echo ''; + + if ( isset($_POST['_savedraft']) ) + { + echo '
' . $lang->get('privmsgs_msg_draft_saved') . '
'; + } + ?> +
+
+ + + + + + + + + + + + + + + + + +
get('privmsgs_lbl_edit_th'); ?>
+ get('privmsgs_lbl_compose_to'); ?>
+ get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?> + 		+ username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?> +
+ get('privmsgs_lbl_subject'); ?> + + +
+ get('privmsgs_lbl_message'); ?> + + tinymce_textarea('message', $content, 20, 40); + ?> +
+ + +
+ '; + $template->footer(); + break; + case 'Folder': + $template->header(); + userprefs_show_menu(); + switch($argv[1]) + { + default: + echo '

' . $lang->get('privmsgs_err_folder_not_exist', array( + 'folder_name' => htmlspecialchars($argv[1]), + 'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') + )) . '

'; + break; + case 'Inbox': + case 'Outbox': + case 'Sent': + case 'Drafts': + case 'Archive': + ?> + + + +
+
+ + + + + + + + + +
get('privmsgs_sidebar_th_privmsgs'); ?>
get('privmsgs_folder_inbox'); ?>
get('privmsgs_folder_outbox'); ?>
get('privmsgs_folder_sent'); ?>
get('privmsgs_folder_drafts'); ?>
get('privmsgs_folder_archive'); ?>
get('privmsgs_sidebar_th_buddies'); ?>
get('privmsgs_sidebar_friend_list'); ?>
get('privmsgs_sidebar_foe_list'); ?>
+ 		+ sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); + break; + case 'Outbox': + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;'); + break; + case 'Sent': + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;'); + break; + case 'Drafts': + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); + break; + } + if ( !$q ) + { + $db->_die('The private message data could not be selected.'); + } + if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' ) + { + $act = 'Edit'; + } + else + { + $act = 'View'; + } + echo ' +
+ + + + + + + + + + '; + if($db->numrows() < 1) + { + echo ''; + } + else + { + $cls = 'row2'; + while ( $r = $db->fetchrow() ) + { + if($cls == 'row2') $cls='row1'; + else $cls = 'row2'; + $mto = str_replace(' ', '_', $r['message_to']); + $mfr = str_replace(' ', '_', $r['message_from']); + echo ''; + } + $db->free_result(); + } + echo ' + + '; + echo '
' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '
'; + if ( $fname == 'drafts' || $fname == 'Outbox' ) + { + echo $lang->get('privmsgs_folder_th_to'); + } + else + { + echo $lang->get('privmsgs_folder_th_from'); + } + echo '' . $lang->get('privmsgs_folder_th_subject') . '' . $lang->get('privmsgs_folder_th_date') . '' . $lang->get('privmsgs_folder_th_mark') . '
' . $lang->get('privmsgs_msg_no_messages') . '
'; + if ( $fname == 'drafts' || $fname == 'outbox' ) + { + echo $r['message_to']; + } + else + { + echo $r['message_from']; + } + + echo ''; + + if ( $r['message_read'] == 0 ) + { + echo ''; + } + echo $r['subject']; + if ( $r['message_read'] == 0 ) + { + echo ''; + } + echo ''.enano_date(ED_DATE | ED_TIME, $r['date']).'
+ + + + +
+
+ ' . $lang->get('privmsgs_btn_compose') . ' +
'; + break; + } + $template->footer(); + break; + case 'PostHandler': + $fname = $db->escape(strtolower($_POST['folder'])); + if($fname=='drafts' || $fname=='outbox') + { + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); + } else { + $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); + } + if(!$q) $db->_die('The private message data could not be selected.'); + + if(isset($_POST['archive'])) { + while($row = $db->fetchrow($q)) + { + if(isset($_POST['marked_'.$row['message_id']])) + { + $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + $db->free_result(); + } + } + } elseif(isset($_POST['delete'])) { + while($row = $db->fetchrow($q)) + { + if(isset($_POST['marked_'.$row['message_id']])) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + $db->free_result(); + } + } + } elseif(isset($_POST['deleteall'])) { + while($row = $db->fetchrow($q)) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); + if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); + $db->free_result(); + } + } else { + die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.'); + } + $db->free_result($q); + header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) )); + break; + case 'FriendList': + if($argv[1] == 'Add') + { + if(isset($_POST['_go'])) + $buddyname = $_POST['buddyname']; + elseif($argv[2]) + $buddyname = $argv[2]; + else + die_friendly('Error adding buddy', '

No name specified

'); + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\''); + if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); + if($db->numrows() < 1) echo '

Error adding buddy

The username you entered is not in use by any registered user.

'; + { + $r = $db->fetchrow(); + $db->free_result(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);'); + if(!$q) echo '

Warning:

Buddy could not be added: '.$db->get_error().'

'; + $db->free_result(); + } + } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { + // Using WHERE user_id prevents users from deleting others' buddies + $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); + $db->free_result(); + if(!$q) echo '

Warning:

Buddy could not be deleted: '.$db->get_error().'

'; + if(mysql_affected_rows() < 1) echo '

Warning:

No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.

'; + } + $template->header(); + userprefs_show_menu(); + ?> + + + + + +
+
+ + + + + + + + + +
get('privmsgs_sidebar_th_privmsgs'); ?>
get('privmsgs_folder_inbox'); ?>
get('privmsgs_folder_outbox'); ?>
get('privmsgs_folder_sent'); ?>
get('privmsgs_folder_drafts'); ?>
get('privmsgs_folder_archive'); ?>
get('privmsgs_sidebar_th_buddies'); ?>
get('privmsgs_sidebar_friend_list'); ?>
get('privmsgs_sidebar_foe_list'); ?>
+ 		+ sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;'); + if(!$q) $db->_die('The buddy list could not be selected.'); + else + { + $allbuds = ''; + echo '
'; + if($db->numrows() < 1) echo ''; + $cls = 'row2'; + while ( $row = $db->fetchrow() ) + { + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + $allbuds .= str_replace(' ', '_', $row['username']).','; + } + $db->free_result(); + $allbuds = substr($allbuds, 0, strlen($allbuds)-1); + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + echo '
' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '
' . $lang->get('privmsgs_msg_no_buddies') . '
nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'' . $lang->get('privmsgs_btn_buddy_send_pm') . '' . $lang->get('privmsgs_btn_buddy_remove') . '
' . $lang->get('privmsgs_btn_pm_all_buddies') . '
'; + } + echo '
+

' . $lang->get('privmsgs_heading_add_buddy') . '

'; + echo '

' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').'

'; + echo '
'; + ?> +
+ footer(); + break; + case 'FoeList': + if($argv[1] == 'Add' && isset($_POST['_go'])) + { + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\''); + if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); + if($db->numrows() < 1) echo '

Error adding buddy

The username you entered is not in use by any registered user.

'; + { + $r = $db->fetchrow(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);'); + if(!$q) echo '

Warning:

Buddy could not be added: '.$db->get_error().'

'; + } + $db->free_result(); + } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { + // Using WHERE user_id prevents users from deleting others' buddies + $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); + $db->free_result(); + if(!$q) echo '

Warning:

Buddy could not be deleted: '.$db->get_error().'

'; + if(mysql_affected_rows() < 1) echo '

Warning:

No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.

'; + } + $template->header(); + userprefs_show_menu(); + ?> + + + + + +
+
+ + + + + + + + + +
get('privmsgs_sidebar_th_privmsgs'); ?>
get('privmsgs_folder_inbox'); ?>
get('privmsgs_folder_outbox'); ?>
get('privmsgs_folder_sent'); ?>
get('privmsgs_folder_drafts'); ?>
get('privmsgs_folder_archive'); ?>
get('privmsgs_sidebar_th_buddies'); ?>
get('privmsgs_sidebar_friend_list'); ?>
get('privmsgs_sidebar_foe_list'); ?>
+ 		+ sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;'); + if(!$q) $db->_die('The buddy list could not be selected.'); + else + { + $allbuds = ''; + echo '
'; + if($db->numrows() < 1) echo ''; + $cls = 'row2'; + while ( $row = $db->fetchrow() ) + { + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo ''; + $allbuds .= str_replace(' ', '_', $row['username']).','; + } + $db->free_result(); + $allbuds = substr($allbuds, 0, strlen($allbuds)-1); + if($cls=='row2') $cls = 'row1'; + else $cls = 'row2'; + echo '
' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '
' . $lang->get('privmsgs_msg_no_foes') . '
nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'' . $lang->get('privmsgs_btn_buddy_send_pm') . '' . $lang->get('privmsgs_btn_buddy_remove') . '
'; + } + echo '
+

' . $lang->get('privmsgs_heading_add_foe') . '

'; + echo '

' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').'

'; + echo '
'; + ?> +
+ footer(); + break; + } } ?> \ No newline at end of file