author | Dan |
Sun, 28 Oct 2007 21:19:36 -0400 | |
changeset 213 | 1316404e4ea8 |
parent 209 | 8a00247d1dee |
child 326 | ab66d6d1f1f4 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/* |
|
3 |
Plugin Name: Private Message frontend |
|
23
320acf077276
At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents:
22
diff
changeset
|
4 |
Plugin URI: http://enanocms.org/ |
0 | 5 |
Description: Provides the page Special:PrivateMessages, which is used to manage private message functions. Also handles buddy lists. |
6 |
Author: Dan Fuhry |
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
85
diff
changeset
|
7 |
Version: 1.0.2 |
23
320acf077276
At last, I fixed all those phased-out enano.homelinux.org links!
Dan
parents:
22
diff
changeset
|
8 |
Author URI: http://enanocms.org/ |
0 | 9 |
*/ |
10 |
||
11 |
/* |
|
12 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
85
diff
changeset
|
13 |
* Version 1.0.2 |
0 | 14 |
* Copyright (C) 2006-2007 Dan Fuhry |
15 |
* |
|
16 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
17 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
18 |
* |
|
19 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
20 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
21 |
*/ |
|
22 |
||
23 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
24 |
||
25 |
$plugins->attachHook('base_classes_initted', ' |
|
26 |
global $paths; |
|
27 |
$paths->add_page(Array( |
|
28 |
\'name\'=>\'Private Messages\', |
|
29 |
\'urlname\'=>\'PrivateMessages\', |
|
30 |
\'namespace\'=>\'Special\', |
|
31 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
32 |
)); |
|
33 |
'); |
|
34 |
||
35 |
function page_Special_PrivateMessages() |
|
36 |
{ |
|
37 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
209 | 38 |
if ( !$session->user_logged_in ) |
39 |
{ |
|
40 |
die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>'); |
|
41 |
} |
|
0 | 42 |
$argv = Array(); |
43 |
$argv[] = $paths->getParam(0); |
|
44 |
$argv[] = $paths->getParam(1); |
|
45 |
$argv[] = $paths->getParam(2); |
|
209 | 46 |
if ( !$argv[0] ) |
47 |
{ |
|
48 |
$argv[0] = 'InVaLiD'; |
|
49 |
} |
|
0 | 50 |
switch($argv[0]) |
51 |
{ |
|
52 |
default: |
|
53 |
header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); |
|
54 |
break; |
|
55 |
case 'View': |
|
56 |
$id = $argv[1]; |
|
209 | 57 |
if ( !preg_match('#^([0-9]+)$#', $id) ) |
58 |
{ |
|
59 |
die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
60 |
} |
|
0 | 61 |
$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); |
209 | 62 |
if ( !$q ) |
63 |
{ |
|
64 |
$db->_die('The message data could not be selected.'); |
|
65 |
} |
|
0 | 66 |
$r = $db->fetchrow(); |
67 |
$db->free_result(); |
|
209 | 68 |
if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) |
69 |
{ |
|
70 |
die_friendly('Access denied', '<p>You are not authorized to view this message.</p>'); |
|
71 |
} |
|
72 |
if ( $r['message_to'] == $session->username ) |
|
0 | 73 |
{ |
74 |
$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); |
|
75 |
$db->free_result(); |
|
209 | 76 |
if ( !$q ) |
77 |
{ |
|
78 |
$db->_die('Could not mark message as read'); |
|
79 |
} |
|
0 | 80 |
} |
81 |
$template->header(); |
|
82 |
userprefs_show_menu(); |
|
83 |
?> |
|
84 |
<br /> |
|
85 |
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
86 |
<tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr> |
|
87 |
<tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr> |
|
88 |
<tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr> |
|
89 |
<tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']); |
|
209 | 90 |
if ( $r['signature'] != '' ) |
0 | 91 |
{ |
92 |
echo '<hr style="margin-left: 1em; width: 200px;" />'; |
|
93 |
echo RenderMan::render($r['signature']); |
|
94 |
} |
|
95 |
?></td></tr> |
|
96 |
<tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>">Send reply</a> | <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a> | <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>">Archive message</a> | <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>">Return to inbox</a></td></tr> |
|
97 |
</table></div> |
|
98 |
<?php |
|
99 |
$template->footer(); |
|
100 |
break; |
|
101 |
case 'Move': |
|
102 |
$id = $argv[1]; |
|
209 | 103 |
if ( !preg_match('#^([0-9]+)$#', $id) ) |
104 |
{ |
|
105 |
die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
106 |
} |
|
0 | 107 |
$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
209 | 108 |
if ( !$q ) |
109 |
{ |
|
110 |
$db->_die('The message data could not be selected.'); |
|
111 |
} |
|
0 | 112 |
$r = $db->fetchrow(); |
113 |
$db->free_result(); |
|
209 | 114 |
if ( $r['message_to'] != $session->username ) |
115 |
{ |
|
116 |
die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>'); |
|
117 |
} |
|
0 | 118 |
$fname = $argv[2]; |
209 | 119 |
if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) |
120 |
{ |
|
121 |
die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>'); |
|
122 |
} |
|
0 | 123 |
$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); |
124 |
$db->free_result(); |
|
209 | 125 |
if ( !$q ) |
126 |
{ |
|
127 |
$db->_die('The message was not successfully moved.'); |
|
128 |
} |
|
0 | 129 |
die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); |
130 |
break; |
|
131 |
case 'Delete': |
|
132 |
$id = $argv[1]; |
|
209 | 133 |
if ( !preg_match('#^([0-9]+)$#', $id) ) |
134 |
{ |
|
135 |
die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
136 |
} |
|
0 | 137 |
$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
209 | 138 |
if ( !$q ) |
139 |
{ |
|
140 |
$db->_die('The message data could not be selected.'); |
|
141 |
} |
|
0 | 142 |
$r = $db->fetchrow(); |
209 | 143 |
if ( $r['message_to'] != $session->username ) |
144 |
{ |
|
145 |
die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>'); |
|
146 |
} |
|
0 | 147 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); |
209 | 148 |
if ( !$q ) |
149 |
{ |
|
150 |
$db->_die('The message was not successfully deleted.'); |
|
151 |
} |
|
0 | 152 |
$db->free_result(); |
153 |
die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>'); |
|
154 |
break; |
|
155 |
case 'Compose': |
|
209 | 156 |
if ( $argv[1]=='Send' && isset($_POST['_send']) ) |
0 | 157 |
{ |
158 |
// Check each POST DATA parameter... |
|
159 |
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); |
|
160 |
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); |
|
161 |
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); |
|
162 |
$namelist = $_POST['to']; |
|
163 |
$namelist = str_replace(', ', ',', $namelist); |
|
164 |
$namelist = explode(',', $namelist); |
|
165 |
foreach($namelist as $n) { $n = $db->escape($n); } |
|
166 |
$subject = RenderMan::preprocess_text($_POST['subject']); |
|
167 |
$message = RenderMan::preprocess_text($_POST['message']); |
|
168 |
$base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; |
|
169 |
foreach($namelist as $n) |
|
170 |
{ |
|
171 |
$base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; |
|
172 |
} |
|
173 |
$base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; |
|
174 |
$result = $db->sql_query($base_query); |
|
175 |
$db->free_result(); |
|
176 |
if(!$result) $db->_die('The message could not be sent.'); |
|
177 |
else die_friendly('Message status', '<p>Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>'); |
|
178 |
return; |
|
179 |
} elseif($argv[1]=='Send' && isset($_POST['_savedraft'])) { |
|
180 |
// Check each POST DATA parameter... |
|
181 |
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); |
|
182 |
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); |
|
183 |
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); |
|
184 |
$namelist = $_POST['to']; |
|
185 |
$namelist = str_replace(', ', ',', $namelist); |
|
186 |
$namelist = explode(',', $namelist); |
|
187 |
foreach($namelist as $n) { $n = $db->escape($n); } |
|
188 |
if(count($namelist) > MAX_PMS_PER_BATCH && $session->get_permssions('mod_misc')) die_friendly('Limit exceeded', '<p>You can only send this message to a maximum of '.MAX_PMS_PER_BATCH.' users.</p>'); |
|
189 |
$subject = $db->escape($_POST['subject']); |
|
190 |
$message = RenderMan::preprocess_text($_POST['message']); |
|
191 |
$base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; |
|
192 |
foreach($namelist as $n) |
|
193 |
{ |
|
194 |
$base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; |
|
195 |
} |
|
196 |
$base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; |
|
197 |
$result = $db->sql_query($base_query); |
|
198 |
$db->free_result(); |
|
199 |
if(!$result) $db->_die('The message could not be saved.'); |
|
200 |
} elseif(isset($_POST['_inbox'])) { |
|
201 |
header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); |
|
202 |
} |
|
203 |
if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) |
|
204 |
{ |
|
205 |
$to = ''; |
|
206 |
$text = ''; |
|
207 |
$subj = ''; |
|
208 |
$id = $argv[2]; |
|
209 |
$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); |
|
210 |
if(!$q) $db->_die('The message data could not be selected.'); |
|
211 |
$r = $db->fetchrow(); |
|
212 |
$db->free_result(); |
|
213 |
if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view the contents of this message.</p>'); |
|
214 |
$subj = 'Re: ' . $r['subject']; |
|
215 |
$text = "\n\n\nOn ".date('M j, Y G:i', $r['date']).", ".$r['message_from']." wrote:\n> ".str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) |
|
216 |
||
217 |
$tbuf = $text; |
|
218 |
while( preg_match("/\n([\> ]*?)\> \>/", $text) ) |
|
219 |
{ |
|
220 |
$text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text); |
|
221 |
if ( $text == $tbuf ) |
|
222 |
break; |
|
223 |
$tbuf = $text; |
|
224 |
} |
|
225 |
||
226 |
$to = $r['message_from']; |
|
227 |
} else { |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
0
diff
changeset
|
228 |
if(( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2]) $to = $argv[2]; |
0 | 229 |
else $to = ''; |
230 |
$text = ''; |
|
231 |
$subj = ''; |
|
232 |
} |
|
233 |
$template->header(); |
|
234 |
userprefs_show_menu(); |
|
235 |
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">'; |
|
236 |
?> |
|
237 |
<br /> |
|
238 |
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
209 | 239 |
<tr> |
240 |
<th colspan="2">Compose new private message</th> |
|
241 |
</tr> |
|
242 |
<tr> |
|
243 |
<td class="row1"> |
|
244 |
To:<br /> |
|
245 |
<small>Separate multiple names with a single comma; you<br /> |
|
246 |
may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small> |
|
247 |
</td> |
|
248 |
<td class="row1"> |
|
249 |
<?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> |
|
250 |
</td> |
|
251 |
</tr> |
|
252 |
<tr> |
|
253 |
<td class="row2"> |
|
254 |
Subject: |
|
255 |
</td> |
|
256 |
<td class="row2"> |
|
257 |
<input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr> |
|
258 |
<tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr> |
|
0 | 259 |
<tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr> |
260 |
</table></div> |
|
261 |
<?php |
|
262 |
echo '</form>'; |
|
263 |
$template->footer(); |
|
264 |
break; |
|
265 |
case 'Edit': |
|
266 |
$id = $argv[1]; |
|
267 |
if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>'); |
|
268 |
$q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
|
269 |
if(!$q) $db->_die('The message data could not be selected.'); |
|
270 |
$r = $db->fetchrow(); |
|
271 |
$db->free_result(); |
|
272 |
if($r['message_from'] != $session->username || $r['message_read'] == 1 ) die_friendly('Access denied', '<p>You are not authorized to edit this message.</p>'); |
|
273 |
$fname = $argv[2]; |
|
274 |
||
275 |
if(isset($_POST['_send'])) |
|
276 |
{ |
|
277 |
// Check each POST DATA parameter... |
|
278 |
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); |
|
279 |
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); |
|
280 |
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); |
|
281 |
$namelist = $_POST['to']; |
|
282 |
$namelist = str_replace(', ', ',', $namelist); |
|
283 |
$namelist = explode(',', $namelist); |
|
284 |
foreach($namelist as $n) { $n = $db->escape($n); } |
|
285 |
$subject = RenderMan::preprocess_text($_POST['subject']); |
|
286 |
$message = RenderMan::preprocess_text($_POST['message']); |
|
287 |
$base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';'; |
|
288 |
$result = $db->sql_query($base_query); |
|
289 |
$db->free_result(); |
|
290 |
if(!$result) $db->_die('The message could not be sent.'); |
|
291 |
else die_friendly('Message status', '<p>Your message has been sent. You may edit the message if you wish; one copy for each recipient will be in your outbox until each recipient has read it. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>'); |
|
292 |
return; |
|
293 |
} elseif(isset($_POST['_savedraft'])) { |
|
294 |
// Check each POST DATA parameter... |
|
295 |
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>'); |
|
296 |
if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>'); |
|
297 |
if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>'); |
|
298 |
$namelist = $_POST['to']; |
|
299 |
$namelist = str_replace(', ', ',', $namelist); |
|
300 |
$namelist = explode(',', $namelist); |
|
301 |
foreach($namelist as $n) { $n = $db->escape($n); } |
|
302 |
$subject = $db->escape($_POST['subject']); |
|
303 |
$message = RenderMan::preprocess_text($_POST['message']); |
|
304 |
$base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';'; |
|
305 |
$result = $db->sql_query($base_query); |
|
306 |
$db->free_result(); |
|
307 |
if(!$result) $db->_die('The message could not be saved.'); |
|
308 |
} |
|
309 |
if($argv[1]=='to' && $argv[2]) $to = $argv[2]; |
|
310 |
else $to = ''; |
|
311 |
$template->header(); |
|
312 |
userprefs_show_menu(); |
|
313 |
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">'; |
|
314 |
?> |
|
315 |
<br /> |
|
316 |
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
317 |
<tr><th colspan="2">Edit draft</th></tr> |
|
209 | 318 |
<tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr> |
319 |
<tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr> |
|
320 |
<tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr> |
|
0 | 321 |
<tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /></th></tr> |
322 |
</table></div> |
|
323 |
<?php |
|
324 |
echo '</form>'; |
|
325 |
$template->footer(); |
|
326 |
break; |
|
327 |
case 'Folder': |
|
328 |
$template->header(); |
|
329 |
userprefs_show_menu(); |
|
330 |
switch($argv[1]) |
|
331 |
{ |
|
332 |
default: |
|
333 |
echo '<p>The folder "'.$argv[1].'" does not exist. Return to your <a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">inbox</a>.</p>'; |
|
334 |
break; |
|
335 |
case 'Inbox': |
|
336 |
case 'Outbox': |
|
337 |
case 'Sent': |
|
338 |
case 'Drafts': |
|
339 |
case 'Archive': |
|
340 |
?> |
|
341 |
<table border="0" width="100%" cellspacing="10" cellpadding="0"> |
|
342 |
<tr> |
|
343 |
<td style="padding: 0px; width: 120px;" valign="top" > |
|
344 |
<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
|
345 |
<tr><th><small>Private messages</small></th></tr> |
|
346 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a> </small></td></tr> |
|
347 |
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a> </small></td></tr> |
|
348 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr> |
|
349 |
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a> </small></td></tr> |
|
350 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr> |
|
351 |
<tr><th><small>Buddies</small></th></tr> |
|
352 |
<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr> |
|
353 |
<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr> |
|
354 |
</table></div> |
|
355 |
</td> |
|
356 |
<td valign="top"> |
|
357 |
<?php |
|
358 |
$fname = strtolower($argv[1]); |
|
359 |
switch($argv[1]) |
|
360 |
{ |
|
361 |
case 'Inbox': |
|
362 |
case 'Archive': |
|
363 |
default: |
|
364 |
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); |
|
365 |
break; |
|
366 |
case 'Outbox': |
|
367 |
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;'); |
|
368 |
break; |
|
369 |
case 'Sent': |
|
370 |
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;'); |
|
371 |
break; |
|
372 |
case 'Drafts': |
|
373 |
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); |
|
374 |
break; |
|
375 |
} |
|
376 |
if($argv[1] == 'Drafts' || $argv[1] == 'Outbox') $act = 'Edit'; |
|
377 |
else $act = 'View'; |
|
378 |
if(!$q) $db->_die('The private message data could not be selected.'); |
|
379 |
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post"><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="4" style="text-align: left;">Folder: '.$argv[1].'</th></tr><tr><th class="subhead">'; |
|
380 |
if($fname == 'drafts' || $fname == 'Outbox') echo 'To'; else echo 'From'; |
|
381 |
echo '</th><th class="subhead">Subject</th><th class="subhead">Date</th><th class="subhead">Mark</th></tr>'; |
|
382 |
if($db->numrows() < 1) |
|
383 |
echo '<tr><td style="text-align: center;" class="row1" colspan="4">No messages in this folder.</td></tr>'; |
|
384 |
else { |
|
385 |
$cls = 'row2'; |
|
386 |
while($r = $db->fetchrow()) |
|
387 |
{ |
|
388 |
if($cls == 'row2') $cls='row1'; |
|
389 |
else $cls = 'row2'; |
|
390 |
$mto = str_replace(' ', '_', $r['message_to']); |
|
391 |
$mfr = str_replace(' ', '_', $r['message_from']); |
|
392 |
echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">'; |
|
393 |
if($fname == 'drafts' || $fname == 'outbox') echo $r['message_to']; else echo $r['message_from']; |
|
394 |
echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">'; |
|
395 |
if($r['message_read'] == 0) echo '<b>'; |
|
396 |
echo $r['subject']; |
|
397 |
if($r['message_read'] == 0) echo '</b>'; |
|
398 |
echo '</a></td><td class="'.$cls.'">'.date('M j, Y G:i', $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>'; |
|
399 |
} |
|
400 |
$db->free_result(); |
|
401 |
} |
|
402 |
echo '<tr><th style="text-align: right;" colspan="4"><input type="hidden" name="folder" value="'.$fname.'" /><input type="submit" name="archive" value="Archive selected" /> <input type="submit" name="delete" value="Delete selected" /> <input type="submit" name="deleteall" value="Delete all" /></th></tr>'; |
|
403 |
echo '</table></div></form> |
|
404 |
<br /> |
|
405 |
<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">New message</a> |
|
406 |
</td></tr></table>'; |
|
407 |
break; |
|
408 |
} |
|
409 |
$template->footer(); |
|
410 |
break; |
|
411 |
case 'PostHandler': |
|
412 |
$fname = $db->escape(strtolower($_POST['folder'])); |
|
413 |
if($fname=='drafts' || $fname=='outbox') |
|
414 |
{ |
|
415 |
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); |
|
416 |
} else { |
|
417 |
$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); |
|
418 |
} |
|
419 |
if(!$q) $db->_die('The private message data could not be selected.'); |
|
420 |
||
421 |
if(isset($_POST['archive'])) { |
|
422 |
while($row = $db->fetchrow($q)) |
|
423 |
{ |
|
424 |
if(isset($_POST['marked_'.$row['message_id']])) |
|
425 |
{ |
|
426 |
$e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';'); |
|
427 |
if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
|
428 |
$db->free_result(); |
|
429 |
} |
|
430 |
} |
|
431 |
} elseif(isset($_POST['delete'])) { |
|
432 |
while($row = $db->fetchrow($q)) |
|
433 |
{ |
|
434 |
if(isset($_POST['marked_'.$row['message_id']])) |
|
435 |
{ |
|
436 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); |
|
437 |
if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
|
438 |
$db->free_result(); |
|
439 |
} |
|
440 |
} |
|
441 |
} elseif(isset($_POST['deleteall'])) { |
|
442 |
while($row = $db->fetchrow($q)) |
|
443 |
{ |
|
444 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); |
|
445 |
if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
|
446 |
$db->free_result(); |
|
447 |
} |
|
448 |
} else { |
|
449 |
die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.'); |
|
450 |
} |
|
451 |
$db->free_result($q); |
|
452 |
header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) )); |
|
453 |
break; |
|
454 |
case 'FriendList': |
|
455 |
if($argv[1] == 'Add') |
|
456 |
{ |
|
457 |
if(isset($_POST['_go'])) |
|
458 |
$buddyname = $_POST['buddyname']; |
|
459 |
elseif($argv[2]) |
|
460 |
$buddyname = $argv[2]; |
|
461 |
else |
|
462 |
die_friendly('Error adding buddy', '<p>No name specified</p>'); |
|
463 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\''); |
|
464 |
if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); |
|
465 |
if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>'; |
|
466 |
{ |
|
467 |
$r = $db->fetchrow(); |
|
468 |
$db->free_result(); |
|
469 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);'); |
|
470 |
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.mysql_error().'</p>'; |
|
471 |
$db->free_result(); |
|
472 |
} |
|
473 |
} elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { |
|
474 |
// Using WHERE user_id prevents users from deleting others' buddies |
|
475 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); |
|
476 |
$db->free_result(); |
|
477 |
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.mysql_error().'</p>'; |
|
478 |
if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>'; |
|
479 |
} |
|
480 |
$template->header(); |
|
481 |
userprefs_show_menu(); |
|
482 |
?> |
|
483 |
<table border="0" width="100%" cellspacing="10" cellpadding="0"> |
|
484 |
<tr> |
|
485 |
<td style="padding: 0px; width: 120px;" valign="top" > |
|
486 |
<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
|
487 |
<tr><th><small>Private messages</small></th></tr> |
|
488 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a> </small></td></tr> |
|
489 |
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a> </small></td></tr> |
|
490 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr> |
|
491 |
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a> </small></td></tr> |
|
492 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr> |
|
493 |
<tr><th><small>Buddies</small></th></tr> |
|
494 |
<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr> |
|
495 |
<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr> |
|
496 |
</table></div> |
|
497 |
</td> |
|
498 |
<td valign="top"> |
|
499 |
<?php |
|
500 |
$q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;'); |
|
501 |
if(!$q) $db->_die('The buddy list could not be selected.'); |
|
502 |
else |
|
503 |
{ |
|
504 |
$allbuds = ''; |
|
505 |
echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">Buddy list for '.$session->username.'</th></tr>'; |
|
506 |
if($db->numrows() < 1) echo '<tr><td class="row3">No buddies in your list.</td></tr>'; |
|
507 |
$cls = 'row2'; |
|
508 |
while ( $row = $db->fetchrow() ) |
|
509 |
{ |
|
510 |
if($cls=='row2') $cls = 'row1'; |
|
511 |
else $cls = 'row2'; |
|
512 |
echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">Send private message</a></td><td class="'.$cls.'"><a onclick="return confirm(\'Are you sure you want to delete this user from your buddy list?\')" href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">Remove</a></td></tr>'; |
|
513 |
$allbuds .= str_replace(' ', '_', $row['username']).','; |
|
514 |
} |
|
515 |
$db->free_result(); |
|
516 |
$allbuds = substr($allbuds, 0, strlen($allbuds)-1); |
|
517 |
if($cls=='row2') $cls = 'row1'; |
|
518 |
else $cls = 'row2'; |
|
519 |
echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">Send a PM to all buddies</a></td></tr>'; |
|
520 |
echo '</table></div>'; |
|
521 |
} |
|
522 |
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
523 |
<h3>Add a new friend</h3>'; |
|
524 |
echo '<p>Username: '.$template->username_field('buddyname').' <input type="submit" name="_go" value="Add" /></p>'; |
|
525 |
echo '</form>'; |
|
526 |
?> |
|
527 |
</td> |
|
528 |
</tr> |
|
529 |
</table> |
|
530 |
<?php |
|
531 |
$template->footer(); |
|
532 |
break; |
|
533 |
case 'FoeList': |
|
534 |
if($argv[1] == 'Add' && isset($_POST['_go'])) |
|
535 |
{ |
|
536 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\''); |
|
537 |
if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); |
|
538 |
if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>'; |
|
539 |
{ |
|
540 |
$r = $db->fetchrow(); |
|
541 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);'); |
|
542 |
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.mysql_error().'</p>'; |
|
543 |
} |
|
544 |
$db->free_result(); |
|
545 |
} elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { |
|
546 |
// Using WHERE user_id prevents users from deleting others' buddies |
|
547 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); |
|
548 |
$db->free_result(); |
|
549 |
if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.mysql_error().'</p>'; |
|
550 |
if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>'; |
|
551 |
} |
|
552 |
$template->header(); |
|
553 |
userprefs_show_menu(); |
|
554 |
?> |
|
555 |
<table border="0" width="100%" cellspacing="10" cellpadding="0"> |
|
556 |
<tr> |
|
557 |
<td style="padding: 0px; width: 120px;" valign="top" > |
|
558 |
<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
|
559 |
<tr><th><small>Private messages</small></th></tr> |
|
560 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Inbox'); ?>">Inbox</a> </small></td></tr> |
|
561 |
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Outbox'); ?>">Outbox</a> </small></td></tr> |
|
562 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Sent'); ?>">Sent Items</a></small></td></tr> |
|
563 |
<tr><td class="row2"><small><a href="<?php echo $session->append_sid('Drafts'); ?>">Drafts</a> </small></td></tr> |
|
564 |
<tr><td class="row1"><small><a href="<?php echo $session->append_sid('Archive'); ?>">Archive</a></small></td></tr> |
|
565 |
<tr><th><small>Buddies</small></th></tr> |
|
566 |
<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>">Friend list</a></small></td></tr> |
|
567 |
<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>">Foe list</a></small></td></tr> |
|
568 |
</table></div> |
|
569 |
</td> |
|
570 |
<td valign="top"> |
|
571 |
<?php |
|
572 |
$q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;'); |
|
573 |
if(!$q) $db->_die('The buddy list could not be selected.'); |
|
574 |
else |
|
575 |
{ |
|
576 |
$allbuds = ''; |
|
577 |
echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">Foe list for '.$session->username.'</th></tr>'; |
|
578 |
if($db->numrows() < 1) echo '<tr><td class="row2">No foes in your list.</td></tr>'; |
|
579 |
$cls = 'row2'; |
|
580 |
while ( $row = $db->fetchrow() ) |
|
581 |
{ |
|
582 |
if($cls=='row2') $cls = 'row1'; |
|
583 |
else $cls = 'row2'; |
|
584 |
echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">Send private message</a></td><td class="'.$cls.'"><a onclick="return confirm(\'Are you sure you want to delete this user from your buddy list?\')" href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">Remove</a></td></tr>'; |
|
585 |
$allbuds .= str_replace(' ', '_', $row['username']).','; |
|
586 |
} |
|
587 |
$allbuds = substr($allbuds, 0, strlen($allbuds)-1); |
|
588 |
if($cls=='row2') $cls = 'row1'; |
|
589 |
else $cls = 'row2'; |
|
590 |
//echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">Send a PM to all buddies</a></td></tr>'; |
|
591 |
echo '</table></div>'; |
|
592 |
} |
|
593 |
$db->free_result(); |
|
594 |
echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
595 |
<h3>Add a new foe</h3>'; |
|
596 |
echo '<p>Username: '.$template->username_field('buddyname').' <input type="submit" name="_go" value="Add" /></p>'; |
|
597 |
echo '</form>'; |
|
598 |
?> |
|
599 |
</td> |
|
600 |
</tr> |
|
601 |
</table> |
|
602 |
<?php |
|
603 |
$template->footer(); |
|
604 |
break; |
|
605 |
} |
|
606 |
} |
|
607 |
||
608 |
?> |