diff -r 32429702305e -r c72b545f1304 plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Fri Dec 21 19:08:27 2007 -0500 +++ b/plugins/PrivateMessages.php Wed Dec 26 00:37:26 2007 -0500 @@ -22,10 +22,10 @@ global $db, $session, $paths, $template, $plugins; // Common objects -$plugins->attachHook('base_classes_initted', ' +$plugins->attachHook('session_started', ' global $paths; $paths->add_page(Array( - \'name\'=>\'Private Messages\', + \'name\'=>\'specialpage_private_messages\', \'urlname\'=>\'PrivateMessages\', \'namespace\'=>\'Special\', \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', @@ -35,9 +35,10 @@ function page_Special_PrivateMessages() { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; if ( !$session->user_logged_in ) { - die_friendly('Access denied', '
You need to log in to view your private messages.
'); + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '
'); } $argv = Array(); $argv[] = $paths->getParam(0); @@ -67,7 +68,7 @@ $db->free_result(); if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) { - die_friendly('Access denied', 'You are not authorized to view this message.
'); + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('privmsgs_err_not_authorized_read') . '
'); } if ( $r['message_to'] == $session->username ) { @@ -83,17 +84,17 @@ ?>Private message from | |||
---|---|---|---|
Subject: | |||
Date: | |||
Message: | get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?> | ||
get('privmsgs_lbl_subject') ?> | |||
get('privmsgs_lbl_date') ?> | |||
get('privmsgs_lbl_message') ?> | '; echo RenderMan::render($r['signature']); } ?> | ||
Send reply | Delete message | Archive message | Return to inbox | |||
get('privmsgs_btn_send_reply'); ?> | Delete message | get('privmsgs_btn_archive'); ?> | get('privmsgs_btn_return_to_inbox'); ?> |
You are not authorized to alter this message.
'); + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('privmsgs_err_not_authorized_edit') . '
'); } $fname = $argv[2]; if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) @@ -126,7 +127,7 @@ { $db->_die('The message was not successfully moved.'); } - die_friendly('Message status', 'Your message has been moved to the folder "'.$fname.'".
'); + die_friendly($lang->get('privmsgs_msg_message_status'), '' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '
' . $lang->get('privmsgs_btn_return_to_inbox') . '
'); break; case 'Delete': $id = $argv[1]; @@ -142,7 +143,7 @@ $r = $db->fetchrow(); if ( $r['message_to'] != $session->username ) { - die_friendly('Access denied', 'You are not authorized to delete this message.
'); + die_friendly($lang->get('etc_access_denied_short'), 'You are not authorized to delete this message.
'); } $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); if ( !$q ) @@ -150,55 +151,99 @@ $db->_die('The message was not successfully deleted.'); } $db->free_result(); - die_friendly('Message status', 'The message has been deleted.
'); + die_friendly($lang->get('privmsgs_msg_message_status'), '' . $lang->get('privmsgs_msg_message_deleted') . '
' . $lang->get('privmsgs_btn_return_to_inbox') . '
'); break; case 'Compose': if ( $argv[1]=='Send' && isset($_POST['_send']) ) { // Check each POST DATA parameter... - if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', 'Please enter the username to which you want to send your message.
'); - if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', 'Please enter a subject for your message.
'); - if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', 'Please enter a message to send.
'); - $namelist = $_POST['to']; - $namelist = str_replace(', ', ',', $namelist); - $namelist = explode(',', $namelist); - foreach($namelist as $n) { $n = $db->escape($n); } - $subject = RenderMan::preprocess_text($_POST['subject']); - $message = RenderMan::preprocess_text($_POST['message']); - $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; - foreach($namelist as $n) + $errors = array(); + if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_username'); + } + if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_subject'); + } + if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) + { + $errors[] = $lang->get('privmsgs_err_need_message'); + } + if ( count($errors) < 1 ) { - $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) { $n = $db->escape($n); } + $subject = RenderMan::preprocess_text($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; + foreach($namelist as $n) + { + $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; + } + $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if ( !$result ) + { + $db->_die('The message could not be sent.'); + } + else + { + die_friendly($lang->get('privmsgs_msg_message_status'), '' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '
'); + } + return; } - $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; - $result = $db->sql_query($base_query); - $db->free_result(); - if(!$result) $db->_die('The message could not be sent.'); - else die_friendly('Message status', 'Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your inbox.
'); - return; - } elseif($argv[1]=='Send' && isset($_POST['_savedraft'])) { - // Check each POST DATA parameter... - if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', 'Please enter the username to which you want to send your message.
'); - if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', 'Please enter a subject for your message.
'); - if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', 'Please enter a message to send.
'); - $namelist = $_POST['to']; - $namelist = str_replace(', ', ',', $namelist); - $namelist = explode(',', $namelist); - foreach($namelist as $n) { $n = $db->escape($n); } - if(count($namelist) > MAX_PMS_PER_BATCH && $session->get_permssions('mod_misc')) die_friendly('Limit exceeded', 'You can only send this message to a maximum of '.MAX_PMS_PER_BATCH.' users.
'); - $subject = $db->escape($_POST['subject']); - $message = RenderMan::preprocess_text($_POST['message']); - $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; - foreach($namelist as $n) + } + else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) ) + { + $errors = array(); + if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') ) + { + $errors[] = $lang->get('privmsgs_err_need_username'); + } + if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') ) + { + $errors[] = $lang->get('privmsgs_err_need_subject'); + } + if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') ) + { + $errors[] = $lang->get('privmsgs_err_need_message'); + } + if ( count($errors) < 1 ) { - $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; + $namelist = $_POST['to']; + $namelist = str_replace(', ', ',', $namelist); + $namelist = explode(',', $namelist); + foreach($namelist as $n) + { + $n = $db->escape($n); + } + if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') ) + { + die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '
'); + } + $subject = $db->escape($_POST['subject']); + $message = RenderMan::preprocess_text($_POST['message']); + $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; + foreach($namelist as $n) + { + $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; + } + $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';'; + $result = $db->sql_query($base_query); + $db->free_result(); + if ( !$result ) + { + $db->_die('The message could not be saved.'); + } } - $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; - $result = $db->sql_query($base_query); - $db->free_result(); - if(!$result) $db->_die('The message could not be saved.'); - } elseif(isset($_POST['_inbox'])) { - header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); + } + else if(isset($_POST['_inbox'])) + { + redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0); } if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) { @@ -207,12 +252,17 @@ $subj = ''; $id = $argv[2]; $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); - if(!$q) $db->_die('The message data could not be selected.'); + if ( !$q ) + $db->_die('The message data could not be selected.'); + $r = $db->fetchrow(); $db->free_result(); - if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', 'You are not authorized to view the contents of this message.
'); + if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' ) + { + die_friendly($lang->get('etc_access_denied_short'), 'You are not authorized to view the contents of this message.
'); + } $subj = 'Re: ' . $r['subject']; - $text = "\n\n\nOn ".date('M j, Y G:i', $r['date']).", ".$r['message_from']." wrote:\n> ".str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) + $text = "\n\n\nOn " . date('M j, Y G:i', $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) $tbuf = $text; while( preg_match("/\n([\> ]*?)\> \>/", $text) ) @@ -224,26 +274,47 @@ } $to = $r['message_from']; - } else { - if(( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2]) $to = $argv[2]; - else $to = ''; + } + else + { + if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] ) + { + $to = htmlspecialchars($argv[2]); + } + else + { + $to = ''; + } $text = ''; $subj = ''; } $template->header(); userprefs_show_menu(); - echo '