2 /* |
2 /* |
3 Plugin Name: Private Message frontend |
3 Plugin Name: Private Message frontend |
4 Plugin URI: http://enanocms.org/ |
4 Plugin URI: http://enanocms.org/ |
5 Description: Provides the page Special:PrivateMessages, which is used to manage private message functions. Also handles buddy lists. |
5 Description: Provides the page Special:PrivateMessages, which is used to manage private message functions. Also handles buddy lists. |
6 Author: Dan Fuhry |
6 Author: Dan Fuhry |
7 Version: 1.0.1 |
7 Version: 1.0.2 |
8 Author URI: http://enanocms.org/ |
8 Author URI: http://enanocms.org/ |
9 */ |
9 */ |
10 |
10 |
11 /* |
11 /* |
12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
13 * Version 1.0 release candidate 2 |
13 * Version 1.0.2 |
14 * Copyright (C) 2006-2007 Dan Fuhry |
14 * Copyright (C) 2006-2007 Dan Fuhry |
15 * |
15 * |
16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
18 * |
18 * |
33 '); |
33 '); |
34 |
34 |
35 function page_Special_PrivateMessages() |
35 function page_Special_PrivateMessages() |
36 { |
36 { |
37 global $db, $session, $paths, $template, $plugins; // Common objects |
37 global $db, $session, $paths, $template, $plugins; // Common objects |
38 if(!$session->user_logged_in) die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>'); |
38 if ( !$session->user_logged_in ) |
|
39 { |
|
40 die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>'); |
|
41 } |
39 $argv = Array(); |
42 $argv = Array(); |
40 $argv[] = $paths->getParam(0); |
43 $argv[] = $paths->getParam(0); |
41 $argv[] = $paths->getParam(1); |
44 $argv[] = $paths->getParam(1); |
42 $argv[] = $paths->getParam(2); |
45 $argv[] = $paths->getParam(2); |
43 if(!$argv[0]) $argv[0] = 'InVaLiD'; |
46 if ( !$argv[0] ) |
|
47 { |
|
48 $argv[0] = 'InVaLiD'; |
|
49 } |
44 switch($argv[0]) |
50 switch($argv[0]) |
45 { |
51 { |
46 default: |
52 default: |
47 header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); |
53 header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); |
48 break; |
54 break; |
49 case 'View': |
55 case 'View': |
50 $id = $argv[1]; |
56 $id = $argv[1]; |
51 if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>'); |
57 if ( !preg_match('#^([0-9]+)$#', $id) ) |
|
58 { |
|
59 die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
60 } |
52 $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); |
61 $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); |
53 if(!$q) $db->_die('The message data could not be selected.'); |
62 if ( !$q ) |
|
63 { |
|
64 $db->_die('The message data could not be selected.'); |
|
65 } |
54 $r = $db->fetchrow(); |
66 $r = $db->fetchrow(); |
55 $db->free_result(); |
67 $db->free_result(); |
56 if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view this message.</p>'); |
68 if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) |
57 if($r['message_to'] == $session->username) |
69 { |
|
70 die_friendly('Access denied', '<p>You are not authorized to view this message.</p>'); |
|
71 } |
|
72 if ( $r['message_to'] == $session->username ) |
58 { |
73 { |
59 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); |
74 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); |
60 $db->free_result(); |
75 $db->free_result(); |
61 if(!$q) $db->_die('Could not mark message as read'); |
76 if ( !$q ) |
|
77 { |
|
78 $db->_die('Could not mark message as read'); |
|
79 } |
62 } |
80 } |
63 $template->header(); |
81 $template->header(); |
64 userprefs_show_menu(); |
82 userprefs_show_menu(); |
65 ?> |
83 ?> |
66 <br /> |
84 <br /> |
67 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
85 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
68 <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr> |
86 <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr> |
69 <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr> |
87 <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr> |
70 <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr> |
88 <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr> |
71 <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']); |
89 <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']); |
72 if($r['signature'] != '') |
90 if ( $r['signature'] != '' ) |
73 { |
91 { |
74 echo '<hr style="margin-left: 1em; width: 200px;" />'; |
92 echo '<hr style="margin-left: 1em; width: 200px;" />'; |
75 echo RenderMan::render($r['signature']); |
93 echo RenderMan::render($r['signature']); |
76 } |
94 } |
77 ?></td></tr> |
95 ?></td></tr> |
80 <?php |
98 <?php |
81 $template->footer(); |
99 $template->footer(); |
82 break; |
100 break; |
83 case 'Move': |
101 case 'Move': |
84 $id = $argv[1]; |
102 $id = $argv[1]; |
85 if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>'); |
103 if ( !preg_match('#^([0-9]+)$#', $id) ) |
|
104 { |
|
105 die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
106 } |
86 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
107 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
87 if(!$q) $db->_die('The message data could not be selected.'); |
108 if ( !$q ) |
|
109 { |
|
110 $db->_die('The message data could not be selected.'); |
|
111 } |
88 $r = $db->fetchrow(); |
112 $r = $db->fetchrow(); |
89 $db->free_result(); |
113 $db->free_result(); |
90 if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>'); |
114 if ( $r['message_to'] != $session->username ) |
|
115 { |
|
116 die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>'); |
|
117 } |
91 $fname = $argv[2]; |
118 $fname = $argv[2]; |
92 if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>'); |
119 if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) |
|
120 { |
|
121 die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>'); |
|
122 } |
93 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); |
123 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); |
94 $db->free_result(); |
124 $db->free_result(); |
95 if(!$q) $db->_die('The message was not successfully moved.'); |
125 if ( !$q ) |
|
126 { |
|
127 $db->_die('The message was not successfully moved.'); |
|
128 } |
96 die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); |
129 die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); |
97 break; |
130 break; |
98 case 'Delete': |
131 case 'Delete': |
99 $id = $argv[1]; |
132 $id = $argv[1]; |
100 if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>'); |
133 if ( !preg_match('#^([0-9]+)$#', $id) ) |
|
134 { |
|
135 die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
136 } |
101 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
137 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
102 if(!$q) $db->_die('The message data could not be selected.'); |
138 if ( !$q ) |
|
139 { |
|
140 $db->_die('The message data could not be selected.'); |
|
141 } |
103 $r = $db->fetchrow(); |
142 $r = $db->fetchrow(); |
104 if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>'); |
143 if ( $r['message_to'] != $session->username ) |
|
144 { |
|
145 die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>'); |
|
146 } |
105 $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); |
147 $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); |
106 if(!$q) $db->_die('The message was not successfully deleted.'); |
148 if ( !$q ) |
|
149 { |
|
150 $db->_die('The message was not successfully deleted.'); |
|
151 } |
107 $db->free_result(); |
152 $db->free_result(); |
108 die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); |
153 die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); |
109 break; |
154 break; |
110 case 'Compose': |
155 case 'Compose': |
111 if($argv[1]=='Send' && isset($_POST['_send'])) |
156 if ( $argv[1]=='Send' && isset($_POST['_send']) ) |
112 { |
157 { |
113 // Check each POST DATA parameter... |
158 // Check each POST DATA parameter... |
114 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); |
159 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); |
115 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); |
160 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); |
116 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); |
161 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); |
189 userprefs_show_menu(); |
234 userprefs_show_menu(); |
190 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">'; |
235 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">'; |
191 ?> |
236 ?> |
192 <br /> |
237 <br /> |
193 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
238 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
194 <tr><th colspan="2">Compose new private message</th></tr> |
239 <tr> |
195 <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma; you<br />can send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small></td><td class="row1"><?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?></td></tr> |
240 <th colspan="2">Compose new private message</th> |
196 <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $subj; ?>" /></td></tr> |
241 </tr> |
197 <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $text; ?></textarea></td></tr> |
242 <tr> |
|
243 <td class="row1"> |
|
244 To:<br /> |
|
245 <small>Separate multiple names with a single comma; you<br /> |
|
246 may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small> |
|
247 </td> |
|
248 <td class="row1"> |
|
249 <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> |
|
250 </td> |
|
251 </tr> |
|
252 <tr> |
|
253 <td class="row2"> |
|
254 Subject: |
|
255 </td> |
|
256 <td class="row2"> |
|
257 <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr> |
|
258 <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr> |
198 <tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr> |
259 <tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr> |
199 </table></div> |
260 </table></div> |
200 <?php |
261 <?php |
201 echo '</form>'; |
262 echo '</form>'; |
202 $template->footer(); |
263 $template->footer(); |
252 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">'; |
313 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">'; |
253 ?> |
314 ?> |
254 <br /> |
315 <br /> |
255 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
316 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
256 <tr><th colspan="2">Edit draft</th></tr> |
317 <tr><th colspan="2">Edit draft</th></tr> |
257 <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['to']; else echo $r['message_to']; ?>" /></td></tr> |
318 <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr> |
258 <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $r['subject']; ?>" /></td></tr> |
319 <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr> |
259 <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $r['message_text']; ?></textarea></td></tr> |
320 <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr> |
260 <tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /></th></tr> |
321 <tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /></th></tr> |
261 </table></div> |
322 </table></div> |
262 <?php |
323 <?php |
263 echo '</form>'; |
324 echo '</form>'; |
264 $template->footer(); |
325 $template->footer(); |