0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Private Message frontend
23
+ − 4
Plugin URI: http://enanocms.org/
0
+ − 5
Description: Provides the page Special:PrivateMessages, which is used to manage private message functions. Also handles buddy lists.
+ − 6
Author: Dan Fuhry
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
diff
changeset
+ − 7
Version: 1.0.2
23
+ − 8
Author URI: http://enanocms.org/
0
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
diff
changeset
+ − 13
* Version 1.0.2
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Private Messages\',
+ − 29
\'urlname\'=>\'PrivateMessages\',
+ − 30
\'namespace\'=>\'Special\',
+ − 31
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32
));
+ − 33
');
+ − 34
+ − 35
function page_Special_PrivateMessages()
+ − 36
{
+ − 37
global $db, $session, $paths, $template, $plugins; // Common objects
209
+ − 38
if ( !$session->user_logged_in )
+ − 39
{
+ − 40
die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
+ − 41
}
0
+ − 42
$argv = Array();
+ − 43
$argv[] = $paths->getParam(0);
+ − 44
$argv[] = $paths->getParam(1);
+ − 45
$argv[] = $paths->getParam(2);
209
+ − 46
if ( !$argv[0] )
+ − 47
{
+ − 48
$argv[0] = 'InVaLiD';
+ − 49
}
0
+ − 50
switch($argv[0])
+ − 51
{
+ − 52
default:
+ − 53
header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
+ − 54
break;
+ − 55
case 'View':
+ − 56
$id = $argv[1];
209
+ − 57
if ( !preg_match('#^([0-9]+)$#', $id) )
+ − 58
{
+ − 59
die_friendly('Message error', '<p>Invalid message ID</p>');
+ − 60
}
0
+ − 61
$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
209
+ − 62
if ( !$q )
+ − 63
{
+ − 64
$db->_die('The message data could not be selected.');
+ − 65
}
0
+ − 66
$r = $db->fetchrow();
+ − 67
$db->free_result();
209
+ − 68
if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
+ − 69
{
+ − 70
die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
+ − 71
}
+ − 72
if ( $r['message_to'] == $session->username )
0
+ − 73
{
+ − 74
$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
+ − 75
$db->free_result();
209
+ − 76
if ( !$q )
+ − 77
{
+ − 78
$db->_die('Could not mark message as read');
+ − 79
}
0
+ − 80
}
+ − 81
$template->header();
+ − 82
userprefs_show_menu();
+ − 83
?>
+ − 84
<br />
+ − 85
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 86
<tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr>
+ − 87
<tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
+ − 88
<tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
+ − 89
<tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
209
+ − 90
if ( $r['signature'] != '' )
0
+ − 91
{
+ − 92
echo '<hr style="margin-left: 1em; width: 200px;" />';
+ − 93
echo RenderMan::render($r['signature']);
+ − 94
}
+ − 95
?></td></tr>
+ − 96
<tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>">Send reply</a> | <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a> | <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>">Archive message</a> | <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>">Return to inbox</a></td></tr>
+ − 97
</table></div>
+ − 98
<?php
+ − 99
$template->footer();
+ − 100
break;
+ − 101
case 'Move':
+ − 102
$id = $argv[1];
209
+ − 103
if ( !preg_match('#^([0-9]+)$#', $id) )
+ − 104
{
+ − 105
die_friendly('Message error', '<p>Invalid message ID</p>');
+ − 106
}
0
+ − 107
$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
209
+ − 108
if ( !$q )
+ − 109
{
+ − 110
$db->_die('The message data could not be selected.');
+ − 111
}
0
+ − 112
$r = $db->fetchrow();
+ − 113
$db->free_result();
209
+ − 114
if ( $r['message_to'] != $session->username )
+ − 115
{
+ − 116
die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
+ − 117
}
0
+ − 118
$fname = $argv[2];
209
+ − 119
if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
+ − 120
{
+ − 121
die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
+ − 122
}
0
+ − 123
$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
+ − 124
$db->free_result();
209
+ − 125
if ( !$q )
+ − 126
{
+ − 127
$db->_die('The message was not successfully moved.');
+ − 128
}
0
+ − 129
die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
+ − 130
break;
+ − 131
case 'Delete':
+ − 132
$id = $argv[1];
209
+ − 133
if ( !preg_match('#^([0-9]+)$#', $id) )
+ − 134
{
+ − 135
die_friendly('Message error', '<p>Invalid message ID</p>');
+ − 136
}
0
+ − 137
$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
209
+ − 138
if ( !$q )
+ − 139
{
+ − 140
$db->_die('The message data could not be selected.');
+ − 141
}
0
+ − 142
$r = $db->fetchrow();
209
+ − 143
if ( $r['message_to'] != $session->username )
+ − 144
{
+ − 145
die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
+ − 146
}
0
+ − 147
$q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
209
+ − 148
if ( !$q )
+ − 149
{
+ − 150
$db->_die('The message was not successfully deleted.');
+ − 151
}
0
+ − 152
$db->free_result();
+ − 153
die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
+ − 154
break;
+ − 155
case 'Compose':
209
+ − 156
if ( $argv[1]=='Send' && isset($_POST['_send']) )
0
+ − 157
{
+ − 158
// Check each POST DATA parameter...
+ − 159
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
+ − 160
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
+ − 161
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
+ − 162
$namelist = $_POST['to'];
+ − 163
$namelist = str_replace(', ', ',', $namelist);
+ − 164
$namelist = explode(',', $namelist);
+ − 165
foreach($namelist as $n) { $n = $db->escape($n); }
+ − 166
$subject = RenderMan::preprocess_text($_POST['subject']);
+ − 167
$message = RenderMan::preprocess_text($_POST['message']);
+ − 168
$base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
+ − 169
foreach($namelist as $n)
+ − 170
{
+ − 171
$base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),';
+ − 172
}
+ − 173
$base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
+ − 174
$result = $db->sql_query($base_query);
+ − 175
$db->free_result();
+ − 176
if(!$result) $db->_die('The message could not be sent.');
+ − 177
else die_friendly('Message status', '<p>Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>');
+ − 178
return;
+ − 179
} elseif($argv[1]=='Send' && isset($_POST['_savedraft'])) {
+ − 180
// Check each POST DATA parameter...
+ − 181
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
+ − 182
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
+ − 183
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
+ − 184
$namelist = $_POST['to'];
+ − 185
$namelist = str_replace(', ', ',', $namelist);
+ − 186
$namelist = explode(',', $namelist);
+ − 187
foreach($namelist as $n) { $n = $db->escape($n); }
+ − 188
if(count($namelist) > MAX_PMS_PER_BATCH && $session->get_permssions('mod_misc')) die_friendly('Limit exceeded', '<p>You can only send this message to a maximum of '.MAX_PMS_PER_BATCH.' users.</p>');
+ − 189
$subject = $db->escape($_POST['subject']);
+ − 190
$message = RenderMan::preprocess_text($_POST['message']);
+ − 191
$base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
+ − 192
foreach($namelist as $n)
+ − 193
{
+ − 194
$base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),';
+ − 195
}
+ − 196
$base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
+ − 197
$result = $db->sql_query($base_query);
+ − 198
$db->free_result();
+ − 199
if(!$result) $db->_die('The message could not be saved.');
+ − 200
} elseif(isset($_POST['_inbox'])) {
+ − 201
header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
+ − 202
}
+ − 203
if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2]))
+ − 204
{
+ − 205
$to = '';
+ − 206
$text = '';
+ − 207
$subj = '';
+ − 208
$id = $argv[2];
+ − 209
$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';');
+ − 210
if(!$q) $db->_die('The message data could not be selected.');
+ − 211
$r = $db->fetchrow();
+ − 212
$db->free_result();
+ − 213
if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view the contents of this message.</p>');
+ − 214
$subj = 'Re: ' . $r['subject'];
+ − 215
$text = "\n\n\nOn ".date('M j, Y G:i', $r['date']).", ".$r['message_from']." wrote:\n> ".str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-)
+ − 216
+ − 217
$tbuf = $text;
+ − 218
while( preg_match("/\n([\> ]*?)\> \>/", $text) )
+ − 219
{
+ − 220
$text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text);
+ − 221
if ( $text == $tbuf )
+ − 222
break;
+ − 223
$tbuf = $text;
+ − 224
}
+ − 225
+ − 226
$to = $r['message_from'];
+ − 227
} else {
22
+ − 228
if(( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2]) $to = $argv[2];
0
+ − 229
else $to = '';
+ − 230
$text = '';
+ − 231
$subj = '';
+ − 232
}
+ − 233
$template->header();
+ − 234
userprefs_show_menu();
+ − 235
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">';
+ − 236
?>
+ − 237
<br />
+ − 238
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
209
+ − 239
<tr>
+ − 240
<th colspan="2">Compose new private message</th>
+ − 241
</tr>
+ − 242
<tr>
+ − 243
<td class="row1">
+ − 244
To:<br />
+ − 245
<small>Separate multiple names with a single comma; you<br />
+ − 246
may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small>
+ − 247
</td>
+ − 248
<td class="row1">
+ − 249
<?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
+ − 250
</td>
+ − 251
</tr>
+ − 252
<tr>
+ − 253
<td class="row2">
+ − 254
Subject:
+ − 255
</td>
+ − 256
<td class="row2">
+ − 257
<input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr>
+ − 258
<tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr>
0
+ − 259
<tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
+ − 260
</table></div>
+ − 261
<?php
+ − 262
echo '</form>';
+ − 263
$template->footer();
+ − 264
break;
+ − 265
case 'Edit':
+ − 266
$id = $argv[1];
+ − 267
if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
+ − 268
$q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
+ − 269
if(!$q) $db->_die('The message data could not be selected.');
+ − 270
$r = $db->fetchrow();
+ − 271
$db->free_result();
+ − 272
if($r['message_from'] != $session->username || $r['message_read'] == 1 ) die_friendly('Access denied', '<p>You are not authorized to edit this message.</p>');
+ − 273
$fname = $argv[2];
+ − 274
+ − 275
if(isset($_POST['_send']))
+ − 276
{
+ − 277
// Check each POST DATA parameter...
+ − 278
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
+ − 279
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
+ − 280
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
+ − 281
$namelist = $_POST['to'];
+ − 282
$namelist = str_replace(', ', ',', $namelist);
+ − 283
$namelist = explode(',', $namelist);
+ − 284
foreach($namelist as $n) { $n = $db->escape($n); }
+ − 285
$subject = RenderMan::preprocess_text($_POST['subject']);
+ − 286
$message = RenderMan::preprocess_text($_POST['message']);
+ − 287
$base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';';
+ − 288
$result = $db->sql_query($base_query);
+ − 289
$db->free_result();
+ − 290
if(!$result) $db->_die('The message could not be sent.');
+ − 291
else die_friendly('Message status', '<p>Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>');
+ − 292
return;
+ − 293
} elseif(isset($_POST['_savedraft'])) {
+ − 294
// Check each POST DATA parameter...
+ − 295
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
+ − 296
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
+ − 297
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
+ − 298
$namelist = $_POST['to'];
+ − 299
$namelist = str_replace(', ', ',', $namelist);
+ − 300
$namelist = explode(',', $namelist);
+ − 301
foreach($namelist as $n) { $n = $db->escape($n); }
+ − 302
$subject = $db->escape($_POST['subject']);
+ − 303
$message = RenderMan::preprocess_text($_POST['message']);
+ − 304
$base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';';
+ − 305
$result = $db->sql_query($base_query);
+ − 306
$db->free_result();
+ − 307
if(!$result) $db->_die('The message could not be saved.');
+ − 308
}
+ − 309
if($argv[1]=='to' && $argv[2]) $to = $argv[2];
+ − 310
else $to = '';
+ − 311
$template->header();
+ − 312
userprefs_show_menu();
+ − 313
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
+ − 314
?>
+ − 315
<br />
+ − 316
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 317
<tr><th colspan="2">Edit draft</th></tr>
209
+ − 318
<tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr>
+ − 319
<tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr>
+ − 320
<tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr>
0
+ − 321
<tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
+ − 322
</table></div>
+ − 323
<?php
+ − 324
echo '</form>';
+ − 325
$template->footer();
+ − 326
break;
+ − 327
case 'Folder':
+ − 328
$template->header();
+ − 329
userprefs_show_menu();
+ − 330
switch($argv[1])
+ − 331
{
+ − 332
default:
+ − 333
echo '<p>The folder "'.$argv[1].'" does not exist. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>';
+ − 334
break;
+ − 335
case 'Inbox':
+ − 336
case 'Outbox':
+ − 337
case 'Sent':
+ − 338
case 'Drafts':
+ − 339
case 'Archive':
+ − 340
?>
+ − 341
<table border="0" width="100%" cellspacing="10" cellpadding="0">
+ − 342
<tr>
+ − 343
<td style="padding: 0px; width: 120px;" valign="top" >
+ − 344
<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
+ − 345
<tr><th><small>Private messages</small></th></tr>
+ − 346
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a> </small></td></tr>
+ − 347
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a> </small></td></tr>
+ − 348
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr>
+ − 349
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a> </small></td></tr>
+ − 350
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr>
+ − 351
<tr><th><small>Buddies</small></th></tr>
+ − 352
<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr>
+ − 353
<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr>
+ − 354
</table></div>
+ − 355
</td>
+ − 356
<td valign="top">
+ − 357
<?php
+ − 358
$fname = strtolower($argv[1]);
+ − 359
switch($argv[1])
+ − 360
{
+ − 361
case 'Inbox':
+ − 362
case 'Archive':
+ − 363
default:
+ − 364
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
+ − 365
break;
+ − 366
case 'Outbox':
+ − 367
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;');
+ − 368
break;
+ − 369
case 'Sent':
+ − 370
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;');
+ − 371
break;
+ − 372
case 'Drafts':
+ − 373
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
+ − 374
break;
+ − 375
}
+ − 376
if($argv[1] == 'Drafts' || $argv[1] == 'Outbox') $act = 'Edit';
+ − 377
else $act = 'View';
+ − 378
if(!$q) $db->_die('The private message data could not be selected.');
+ − 379
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post"><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="4" style="text-align: left;">Folder: '.$argv[1].'</th></tr><tr><th class="subhead">';
+ − 380
if($fname == 'drafts' || $fname == 'Outbox') echo 'To'; else echo 'From';
+ − 381
echo '</th><th class="subhead">Subject</th><th class="subhead">Date</th><th class="subhead">Mark</th></tr>';
+ − 382
if($db->numrows() < 1)
+ − 383
echo '<tr><td style="text-align: center;" class="row1" colspan="4">No messages in this folder.</td></tr>';
+ − 384
else {
+ − 385
$cls = 'row2';
+ − 386
while($r = $db->fetchrow())
+ − 387
{
+ − 388
if($cls == 'row2') $cls='row1';
+ − 389
else $cls = 'row2';
+ − 390
$mto = str_replace(' ', '_', $r['message_to']);
+ − 391
$mfr = str_replace(' ', '_', $r['message_from']);
+ − 392
echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">';
+ − 393
if($fname == 'drafts' || $fname == 'outbox') echo $r['message_to']; else echo $r['message_from'];
+ − 394
echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">';
+ − 395
if($r['message_read'] == 0) echo '<b>';
+ − 396
echo $r['subject'];
+ − 397
if($r['message_read'] == 0) echo '</b>';
+ − 398
echo '</a></td><td class="'.$cls.'">'.date('M j, Y G:i', $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>';
+ − 399
}
+ − 400
$db->free_result();
+ − 401
}
+ − 402
echo '<tr><th style="text-align: right;" colspan="4"><input type="hidden" name="folder" value="'.$fname.'" /><input type="submit" name="archive" value="Archive selected" /> <input type="submit" name="delete" value="Delete selected" /> <input type="submit" name="deleteall" value="Delete all" /></th></tr>';
+ − 403
echo '</table></div></form>
+ − 404
<br />
+ − 405
<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">New message</a>
+ − 406
</td></tr></table>';
+ − 407
break;
+ − 408
}
+ − 409
$template->footer();
+ − 410
break;
+ − 411
case 'PostHandler':
+ − 412
$fname = $db->escape(strtolower($_POST['folder']));
+ − 413
if($fname=='drafts' || $fname=='outbox')
+ − 414
{
+ − 415
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
+ − 416
} else {
+ − 417
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
+ − 418
}
+ − 419
if(!$q) $db->_die('The private message data could not be selected.');
+ − 420
+ − 421
if(isset($_POST['archive'])) {
+ − 422
while($row = $db->fetchrow($q))
+ − 423
{
+ − 424
if(isset($_POST['marked_'.$row['message_id']]))
+ − 425
{
+ − 426
$e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';');
+ − 427
if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
+ − 428
$db->free_result();
+ − 429
}
+ − 430
}
+ − 431
} elseif(isset($_POST['delete'])) {
+ − 432
while($row = $db->fetchrow($q))
+ − 433
{
+ − 434
if(isset($_POST['marked_'.$row['message_id']]))
+ − 435
{
+ − 436
$e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
+ − 437
if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
+ − 438
$db->free_result();
+ − 439
}
+ − 440
}
+ − 441
} elseif(isset($_POST['deleteall'])) {
+ − 442
while($row = $db->fetchrow($q))
+ − 443
{
+ − 444
$e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
+ − 445
if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
+ − 446
$db->free_result();
+ − 447
}
+ − 448
} else {
+ − 449
die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.');
+ − 450
}
+ − 451
$db->free_result($q);
+ − 452
header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) ));
+ − 453
break;
+ − 454
case 'FriendList':
+ − 455
if($argv[1] == 'Add')
+ − 456
{
+ − 457
if(isset($_POST['_go']))
+ − 458
$buddyname = $_POST['buddyname'];
+ − 459
elseif($argv[2])
+ − 460
$buddyname = $argv[2];
+ − 461
else
+ − 462
die_friendly('Error adding buddy', '<p>No name specified</p>');
+ − 463
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\'');
+ − 464
if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
+ − 465
if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
+ − 466
{
+ − 467
$r = $db->fetchrow();
+ − 468
$db->free_result();
+ − 469
$q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);');
+ − 470
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.mysql_error().'</p>';
+ − 471
$db->free_result();
+ − 472
}
+ − 473
} elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
+ − 474
// Using WHERE user_id prevents users from deleting others' buddies
+ − 475
$q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
+ − 476
$db->free_result();
+ − 477
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.mysql_error().'</p>';
+ − 478
if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
+ − 479
}
+ − 480
$template->header();
+ − 481
userprefs_show_menu();
+ − 482
?>
+ − 483
<table border="0" width="100%" cellspacing="10" cellpadding="0">
+ − 484
<tr>
+ − 485
<td style="padding: 0px; width: 120px;" valign="top" >
+ − 486
<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
+ − 487
<tr><th><small>Private messages</small></th></tr>
+ − 488
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a> </small></td></tr>
+ − 489
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a> </small></td></tr>
+ − 490
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr>
+ − 491
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a> </small></td></tr>
+ − 492
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr>
+ − 493
<tr><th><small>Buddies</small></th></tr>
+ − 494
<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr>
+ − 495
<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr>
+ − 496
</table></div>
+ − 497
</td>
+ − 498
<td valign="top">
+ − 499
<?php
+ − 500
$q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;');
+ − 501
if(!$q) $db->_die('The buddy list could not be selected.');
+ − 502
else
+ − 503
{
+ − 504
$allbuds = '';
+ − 505
echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">Buddy list for '.$session->username.'</th></tr>';
+ − 506
if($db->numrows() < 1) echo '<tr><td class="row3">No buddies in your list.</td></tr>';
+ − 507
$cls = 'row2';
+ − 508
while ( $row = $db->fetchrow() )
+ − 509
{
+ − 510
if($cls=='row2') $cls = 'row1';
+ − 511
else $cls = 'row2';
+ − 512
echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">Send private message</a></td><td class="'.$cls.'"><a onclick="return confirm(\'Are you sure you want to delete this user from your buddy list?\')" href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">Remove</a></td></tr>';
+ − 513
$allbuds .= str_replace(' ', '_', $row['username']).',';
+ − 514
}
+ − 515
$db->free_result();
+ − 516
$allbuds = substr($allbuds, 0, strlen($allbuds)-1);
+ − 517
if($cls=='row2') $cls = 'row1';
+ − 518
else $cls = 'row2';
+ − 519
echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">Send a PM to all buddies</a></td></tr>';
+ − 520
echo '</table></div>';
+ − 521
}
+ − 522
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 523
<h3>Add a new friend</h3>';
+ − 524
echo '<p>Username: '.$template->username_field('buddyname').' <input type="submit" name="_go" value="Add" /></p>';
+ − 525
echo '</form>';
+ − 526
?>
+ − 527
</td>
+ − 528
</tr>
+ − 529
</table>
+ − 530
<?php
+ − 531
$template->footer();
+ − 532
break;
+ − 533
case 'FoeList':
+ − 534
if($argv[1] == 'Add' && isset($_POST['_go']))
+ − 535
{
+ − 536
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\'');
+ − 537
if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
+ − 538
if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
+ − 539
{
+ − 540
$r = $db->fetchrow();
+ − 541
$q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);');
+ − 542
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.mysql_error().'</p>';
+ − 543
}
+ − 544
$db->free_result();
+ − 545
} elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
+ − 546
// Using WHERE user_id prevents users from deleting others' buddies
+ − 547
$q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
+ − 548
$db->free_result();
+ − 549
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.mysql_error().'</p>';
+ − 550
if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
+ − 551
}
+ − 552
$template->header();
+ − 553
userprefs_show_menu();
+ − 554
?>
+ − 555
<table border="0" width="100%" cellspacing="10" cellpadding="0">
+ − 556
<tr>
+ − 557
<td style="padding: 0px; width: 120px;" valign="top" >
+ − 558
<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
+ − 559
<tr><th><small>Private messages</small></th></tr>
+ − 560
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a> </small></td></tr>
+ − 561
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a> </small></td></tr>
+ − 562
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr>
+ − 563
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a> </small></td></tr>
+ − 564
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr>
+ − 565
<tr><th><small>Buddies</small></th></tr>
+ − 566
<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr>
+ − 567
<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr>
+ − 568
</table></div>
+ − 569
</td>
+ − 570
<td valign="top">
+ − 571
<?php
+ − 572
$q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;');
+ − 573
if(!$q) $db->_die('The buddy list could not be selected.');
+ − 574
else
+ − 575
{
+ − 576
$allbuds = '';
+ − 577
echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">Foe list for '.$session->username.'</th></tr>';
+ − 578
if($db->numrows() < 1) echo '<tr><td class="row2">No foes in your list.</td></tr>';
+ − 579
$cls = 'row2';
+ − 580
while ( $row = $db->fetchrow() )
+ − 581
{
+ − 582
if($cls=='row2') $cls = 'row1';
+ − 583
else $cls = 'row2';
+ − 584
echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">Send private message</a></td><td class="'.$cls.'"><a onclick="return confirm(\'Are you sure you want to delete this user from your buddy list?\')" href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">Remove</a></td></tr>';
+ − 585
$allbuds .= str_replace(' ', '_', $row['username']).',';
+ − 586
}
+ − 587
$allbuds = substr($allbuds, 0, strlen($allbuds)-1);
+ − 588
if($cls=='row2') $cls = 'row1';
+ − 589
else $cls = 'row2';
+ − 590
//echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">Send a PM to all buddies</a></td></tr>';
+ − 591
echo '</table></div>';
+ − 592
}
+ − 593
$db->free_result();
+ − 594
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 595
<h3>Add a new foe</h3>';
+ − 596
echo '<p>Username: '.$template->username_field('buddyname').' <input type="submit" name="_go" value="Add" /></p>';
+ − 597
echo '</form>';
+ − 598
?>
+ − 599
</td>
+ − 600
</tr>
+ − 601
</table>
+ − 602
<?php
+ − 603
$template->footer();
+ − 604
break;
+ − 605
}
+ − 606
}
+ − 607
+ − 608
?>