plugins/PrivateMessages.php
changeset 228 b0a4d179be85
parent 209 8a00247d1dee
child 326 ab66d6d1f1f4
equal deleted inserted replaced
197:90b7a52bea45 228:b0a4d179be85
    33     ');
    33     ');
    34 
    34 
    35 function page_Special_PrivateMessages()
    35 function page_Special_PrivateMessages()
    36 {
    36 {
    37   global $db, $session, $paths, $template, $plugins; // Common objects
    37   global $db, $session, $paths, $template, $plugins; // Common objects
    38   if(!$session->user_logged_in) die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
    38   if ( !$session->user_logged_in )
       
    39   {
       
    40     die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
       
    41   }
    39   $argv = Array();
    42   $argv = Array();
    40   $argv[] = $paths->getParam(0);
    43   $argv[] = $paths->getParam(0);
    41   $argv[] = $paths->getParam(1);
    44   $argv[] = $paths->getParam(1);
    42   $argv[] = $paths->getParam(2);
    45   $argv[] = $paths->getParam(2);
    43   if(!$argv[0]) $argv[0] = 'InVaLiD';
    46   if ( !$argv[0] )
       
    47   {
       
    48     $argv[0] = 'InVaLiD';
       
    49   }
    44   switch($argv[0])
    50   switch($argv[0])
    45   {
    51   {
    46     default:
    52     default:
    47       header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
    53       header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
    48       break;
    54       break;
    49     case 'View':
    55     case 'View':
    50       $id = $argv[1];
    56       $id = $argv[1];
    51       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
    57       if ( !preg_match('#^([0-9]+)$#', $id) )
       
    58       {
       
    59         die_friendly('Message error', '<p>Invalid message ID</p>');
       
    60       }
    52       $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
    61       $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
    53       if(!$q) $db->_die('The message data could not be selected.');
    62       if ( !$q )
       
    63       {
       
    64         $db->_die('The message data could not be selected.');
       
    65       }
    54       $r = $db->fetchrow();
    66       $r = $db->fetchrow();
    55       $db->free_result();
    67       $db->free_result();
    56       if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
    68       if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
    57       if($r['message_to'] == $session->username)
    69       {
       
    70         die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
       
    71       }
       
    72       if ( $r['message_to'] == $session->username )
    58       {
    73       {
    59         $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
    74         $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
    60         $db->free_result();
    75         $db->free_result();
    61         if(!$q) $db->_die('Could not mark message as read');
    76         if ( !$q )
       
    77         {
       
    78           $db->_die('Could not mark message as read');
       
    79         }
    62       }
    80       }
    63       $template->header();
    81       $template->header();
    64       userprefs_show_menu();
    82       userprefs_show_menu();
    65       ?>
    83       ?>
    66         <br />
    84         <br />
    67         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
    85         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
    68           <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr>
    86           <tr><th colspan="2">Private message from <?php echo $r['message_from']; ?></th></tr>
    69           <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
    87           <tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
    70           <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
    88           <tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
    71           <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
    89           <tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
    72           if($r['signature'] != '')
    90           if ( $r['signature'] != '' )
    73           {
    91           {
    74             echo '<hr style="margin-left: 1em; width: 200px;" />';
    92             echo '<hr style="margin-left: 1em; width: 200px;" />';
    75             echo RenderMan::render($r['signature']);
    93             echo RenderMan::render($r['signature']);
    76           }
    94           }
    77           ?></td></tr>
    95           ?></td></tr>
    80       <?php
    98       <?php
    81       $template->footer();              
    99       $template->footer();              
    82       break;
   100       break;
    83     case 'Move':
   101     case 'Move':
    84       $id = $argv[1];
   102       $id = $argv[1];
    85       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
   103       if ( !preg_match('#^([0-9]+)$#', $id) )
       
   104       {
       
   105         die_friendly('Message error', '<p>Invalid message ID</p>');
       
   106       }
    86       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
   107       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
    87       if(!$q) $db->_die('The message data could not be selected.');
   108       if ( !$q )
       
   109       {
       
   110         $db->_die('The message data could not be selected.');
       
   111       }
    88       $r = $db->fetchrow();
   112       $r = $db->fetchrow();
    89       $db->free_result();
   113       $db->free_result();
    90       if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
   114       if ( $r['message_to'] != $session->username )
       
   115       {
       
   116         die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
       
   117       }
    91       $fname = $argv[2];
   118       $fname = $argv[2];
    92       if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
   119       if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
       
   120       {
       
   121         die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
       
   122       }
    93       $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
   123       $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
    94       $db->free_result();
   124       $db->free_result();
    95       if(!$q) $db->_die('The message was not successfully moved.');
   125       if ( !$q )
       
   126       {
       
   127         $db->_die('The message was not successfully moved.');
       
   128       }
    96       die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
   129       die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
    97       break;
   130       break;
    98     case 'Delete':
   131     case 'Delete':
    99       $id = $argv[1];
   132       $id = $argv[1];
   100       if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
   133       if ( !preg_match('#^([0-9]+)$#', $id) )
       
   134       {
       
   135         die_friendly('Message error', '<p>Invalid message ID</p>');
       
   136       }
   101       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
   137       $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
   102       if(!$q) $db->_die('The message data could not be selected.');
   138       if ( !$q )
       
   139       {
       
   140         $db->_die('The message data could not be selected.');
       
   141       }
   103       $r = $db->fetchrow();
   142       $r = $db->fetchrow();
   104       if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
   143       if ( $r['message_to'] != $session->username )
       
   144       {
       
   145         die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
       
   146       }
   105       $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
   147       $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
   106       if(!$q) $db->_die('The message was not successfully deleted.');
   148       if ( !$q )
       
   149       {
       
   150         $db->_die('The message was not successfully deleted.');
       
   151       }
   107       $db->free_result();
   152       $db->free_result();
   108       die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
   153       die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
   109       break;
   154       break;
   110     case 'Compose':
   155     case 'Compose':
   111       if($argv[1]=='Send' && isset($_POST['_send']))
   156       if ( $argv[1]=='Send' && isset($_POST['_send']) )
   112       {
   157       {
   113         // Check each POST DATA parameter...
   158         // Check each POST DATA parameter...
   114         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
   159         if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
   115         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
   160         if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) die_friendly('Sending of message failed', '<p>Please enter a subject for your message.</p>');
   116         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
   161         if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) die_friendly('Sending of message failed', '<p>Please enter a message to send.</p>');
   189         userprefs_show_menu();
   234         userprefs_show_menu();
   190         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">';
   235         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post" onsubmit="if(!submitAuthorized) return false;">';
   191         ?>
   236         ?>
   192         <br />
   237         <br />
   193         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   238         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   194           <tr><th colspan="2">Compose new private message</th></tr>
   239           <tr>
   195           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma; you<br />can send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small></td><td class="row1"><?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?></td></tr>
   240             <th colspan="2">Compose new private message</th>
   196           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $subj; ?>" /></td></tr>
   241           </tr>
   197           <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $text; ?></textarea></td></tr>
   242           <tr>
       
   243             <td class="row1">
       
   244               To:<br />
       
   245               <small>Separate multiple names with a single comma; you<br />
       
   246                      may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small>
       
   247             </td>
       
   248             <td class="row1">
       
   249               <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
       
   250             </td>
       
   251           </tr>
       
   252           <tr>
       
   253             <td class="row2">
       
   254               Subject:
       
   255             </td>
       
   256             <td class="row2">
       
   257               <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr>
       
   258           <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr>
   198           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
   259           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
   199         </table></div>
   260         </table></div>
   200         <?php
   261         <?php
   201         echo '</form>';
   262         echo '</form>';
   202         $template->footer();
   263         $template->footer();
   252         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
   313         echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
   253         ?>
   314         ?>
   254         <br />
   315         <br />
   255         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   316         <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   256           <tr><th colspan="2">Edit draft</th></tr>
   317           <tr><th colspan="2">Edit draft</th></tr>
   257           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['to']; else echo $r['message_to']; ?>" /></td></tr>
   318           <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr>
   258           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $r['subject']; ?>" /></td></tr>
   319           <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr>
   259           <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $r['message_text']; ?></textarea></td></tr>
   320           <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr>
   260           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
   321           <tr><th colspan="2"><input type="submit" name="_send" value="Send message" />  <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
   261         </table></div>
   322         </table></div>
   262         <?php
   323         <?php
   263         echo '</form>';
   324         echo '</form>';
   264         $template->footer();
   325         $template->footer();