23 |
23 |
24 global $db, $session, $paths, $template, $plugins; // Common objects |
24 global $db, $session, $paths, $template, $plugins; // Common objects |
25 |
25 |
26 function PrivateMessages_paths_init() |
26 function PrivateMessages_paths_init() |
27 { |
27 { |
28 register_special_page('PrivateMessages', 'specialpage_private_messages'); |
28 register_special_page('PrivateMessages', 'specialpage_private_messages'); |
29 } |
29 } |
30 |
30 |
31 function page_Special_PrivateMessages() |
31 function page_Special_PrivateMessages() |
32 { |
32 { |
33 global $db, $session, $paths, $template, $plugins; // Common objects |
33 global $db, $session, $paths, $template, $plugins; // Common objects |
34 global $lang; |
34 global $lang; |
35 if ( !$session->user_logged_in ) |
35 if ( !$session->user_logged_in ) |
36 { |
36 { |
37 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '</p>'); |
37 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '</p>'); |
38 } |
38 } |
39 $argv = Array(); |
39 $argv = Array(); |
40 $argv[] = $paths->getParam(0); |
40 $argv[] = $paths->getParam(0); |
41 $argv[] = $paths->getParam(1); |
41 $argv[] = $paths->getParam(1); |
42 $argv[] = $paths->getParam(2); |
42 $argv[] = $paths->getParam(2); |
43 if ( !$argv[0] ) |
43 if ( !$argv[0] ) |
44 { |
44 { |
45 $argv[0] = 'InVaLiD'; |
45 $argv[0] = 'InVaLiD'; |
46 } |
46 } |
47 switch($argv[0]) |
47 switch($argv[0]) |
48 { |
48 { |
49 default: |
49 default: |
50 header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); |
50 header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')); |
51 break; |
51 break; |
52 case 'View': |
52 case 'View': |
53 $id = $argv[1]; |
53 $id = $argv[1]; |
54 if ( !ctype_digit($id) ) |
54 if ( !ctype_digit($id) ) |
55 { |
55 { |
56 die_friendly('Message error', '<p>Invalid message ID</p>'); |
56 die_friendly('Message error', '<p>Invalid message ID</p>'); |
57 } |
57 } |
58 $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); |
58 $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.''); |
59 if ( !$q ) |
59 if ( !$q ) |
60 { |
60 { |
61 $db->_die('The message data could not be selected.'); |
61 $db->_die('The message data could not be selected.'); |
62 } |
62 } |
63 $r = $db->fetchrow(); |
63 $r = $db->fetchrow(); |
64 $db->free_result(); |
64 $db->free_result(); |
65 if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) |
65 if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) |
66 { |
66 { |
67 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_read') . '</p>'); |
67 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_read') . '</p>'); |
68 } |
68 } |
69 if ( $r['message_to'] == $session->username ) |
69 if ( $r['message_to'] == $session->username ) |
70 { |
70 { |
71 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); |
71 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.''); |
72 $db->free_result(); |
72 $db->free_result(); |
73 if ( !$q ) |
73 if ( !$q ) |
74 { |
74 { |
75 $db->_die('Could not mark message as read'); |
75 $db->_die('Could not mark message as read'); |
76 } |
76 } |
77 } |
77 } |
78 $template->header(); |
78 $template->header(); |
79 userprefs_show_menu(); |
79 userprefs_show_menu(); |
80 ?> |
80 ?> |
81 <br /> |
81 <br /> |
82 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
82 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
83 <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?></th></tr> |
83 <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?></th></tr> |
84 <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_subject') ?></td><td class="row1"><?php echo $r['subject']; ?></td></tr> |
84 <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_subject') ?></td><td class="row1"><?php echo $r['subject']; ?></td></tr> |
85 <tr><td class="row2"><?php echo $lang->get('privmsgs_lbl_date') ?></td><td class="row2"><?php echo enano_date(ED_DATE | ED_TIME, $r['date']); ?></td></tr> |
85 <tr><td class="row2"><?php echo $lang->get('privmsgs_lbl_date') ?></td><td class="row2"><?php echo enano_date(ED_DATE | ED_TIME, $r['date']); ?></td></tr> |
86 <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_message') ?></td><td class="row1"><?php echo RenderMan::render($r['message_text']); |
86 <tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_message') ?></td><td class="row1"><?php echo RenderMan::render($r['message_text']); |
87 if ( $r['signature'] != '' ) |
87 if ( $r['signature'] != '' ) |
88 { |
88 { |
89 echo '<hr style="margin-left: 1em; width: 200px;" />'; |
89 echo '<hr style="margin-left: 1em; width: 200px;" />'; |
90 echo RenderMan::render($r['signature']); |
90 echo RenderMan::render($r['signature']); |
91 } |
91 } |
92 ?></td></tr> |
92 ?></td></tr> |
93 <tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>"><?php echo $lang->get('privmsgs_btn_send_reply'); ?></a> | <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a> | <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>"><?php echo $lang->get('privmsgs_btn_archive'); ?></a> | <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>"><?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?></a></td></tr> |
93 <tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>"><?php echo $lang->get('privmsgs_btn_send_reply'); ?></a> | <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a> | <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>"><?php echo $lang->get('privmsgs_btn_archive'); ?></a> | <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>"><?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?></a></td></tr> |
94 </table></div> |
94 </table></div> |
95 <?php |
95 <?php |
96 $template->footer(); |
96 $template->footer(); |
97 break; |
97 break; |
98 case 'Move': |
98 case 'Move': |
99 $id = $argv[1]; |
99 $id = $argv[1]; |
100 if ( !ctype_digit($id) ) |
100 if ( !ctype_digit($id) ) |
101 { |
101 { |
102 die_friendly('Message error', '<p>Invalid message ID</p>'); |
102 die_friendly('Message error', '<p>Invalid message ID</p>'); |
103 } |
103 } |
104 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
104 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
105 if ( !$q ) |
105 if ( !$q ) |
106 { |
106 { |
107 $db->_die('The message data could not be selected.'); |
107 $db->_die('The message data could not be selected.'); |
108 } |
108 } |
109 $r = $db->fetchrow(); |
109 $r = $db->fetchrow(); |
110 $db->free_result(); |
110 $db->free_result(); |
111 if ( $r['message_to'] != $session->username ) |
111 if ( $r['message_to'] != $session->username ) |
112 { |
112 { |
113 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_edit') . '</p>'); |
113 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_edit') . '</p>'); |
114 } |
114 } |
115 $fname = $argv[2]; |
115 $fname = $argv[2]; |
116 if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) |
116 if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) |
117 { |
117 { |
118 die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>'); |
118 die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>'); |
119 } |
119 } |
120 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); |
120 $q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';'); |
121 $db->free_result(); |
121 $db->free_result(); |
122 if ( !$q ) |
122 if ( !$q ) |
123 { |
123 { |
124 $db->_die('The message was not successfully moved.'); |
124 $db->_die('The message was not successfully moved.'); |
125 } |
125 } |
126 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>'); |
126 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>'); |
127 break; |
127 break; |
128 case 'Delete': |
128 case 'Delete': |
129 $id = $argv[1]; |
129 $id = $argv[1]; |
130 if ( !ctype_digit($id) ) |
130 if ( !ctype_digit($id) ) |
131 { |
131 { |
132 die_friendly('Message error', '<p>Invalid message ID</p>'); |
132 die_friendly('Message error', '<p>Invalid message ID</p>'); |
133 } |
133 } |
134 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
134 $q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
135 if ( !$q ) |
135 if ( !$q ) |
136 { |
136 { |
137 $db->_die('The message data could not be selected.'); |
137 $db->_die('The message data could not be selected.'); |
138 } |
138 } |
139 $r = $db->fetchrow(); |
139 $r = $db->fetchrow(); |
140 if ( $r['message_to'] != $session->username ) |
140 if ( $r['message_to'] != $session->username ) |
141 { |
141 { |
142 die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to delete this message.</p>'); |
142 die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to delete this message.</p>'); |
143 } |
143 } |
144 $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); |
144 $q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';'); |
145 if ( !$q ) |
145 if ( !$q ) |
146 { |
146 { |
147 $db->_die('The message was not successfully deleted.'); |
147 $db->_die('The message was not successfully deleted.'); |
148 } |
148 } |
149 $db->free_result(); |
149 $db->free_result(); |
150 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_deleted') . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>'); |
150 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_deleted') . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>'); |
151 break; |
151 break; |
152 case 'Compose': |
152 case 'Compose': |
153 if ( $argv[1]=='Send' && isset($_POST['_send']) ) |
153 if ( $argv[1]=='Send' && isset($_POST['_send']) ) |
154 { |
154 { |
155 // Check each POST DATA parameter... |
155 // Check each POST DATA parameter... |
156 $errors = array(); |
156 $errors = array(); |
157 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) |
157 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) |
158 { |
158 { |
159 $errors[] = $lang->get('privmsgs_err_need_username'); |
159 $errors[] = $lang->get('privmsgs_err_need_username'); |
160 } |
160 } |
161 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) |
161 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) |
162 { |
162 { |
163 $errors[] = $lang->get('privmsgs_err_need_subject'); |
163 $errors[] = $lang->get('privmsgs_err_need_subject'); |
164 } |
164 } |
165 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) |
165 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) |
166 { |
166 { |
167 $errors[] = $lang->get('privmsgs_err_need_message'); |
167 $errors[] = $lang->get('privmsgs_err_need_message'); |
168 } |
168 } |
169 if ( count($errors) < 1 ) |
169 if ( count($errors) < 1 ) |
170 { |
170 { |
171 $namelist = $_POST['to']; |
171 $namelist = $_POST['to']; |
172 $namelist = str_replace(', ', ',', $namelist); |
172 $namelist = str_replace(', ', ',', $namelist); |
173 $namelist = explode(',', $namelist); |
173 $namelist = explode(',', $namelist); |
174 foreach($namelist as $n) { $n = $db->escape($n); } |
174 foreach($namelist as $n) { $n = $db->escape($n); } |
175 $subject = RenderMan::preprocess_text($_POST['subject']); |
175 $subject = RenderMan::preprocess_text($_POST['subject']); |
176 $message = RenderMan::preprocess_text($_POST['message']); |
176 $message = RenderMan::preprocess_text($_POST['message']); |
177 $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; |
177 $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; |
178 foreach($namelist as $n) |
178 foreach($namelist as $n) |
179 { |
179 { |
180 $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; |
180 $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),'; |
181 } |
181 } |
182 $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; |
182 $base_query = substr($base_query, 0, strlen($base_query)-1) . ';'; |
183 $result = $db->sql_query($base_query); |
183 $result = $db->sql_query($base_query); |
184 $db->free_result(); |
184 $db->free_result(); |
185 if ( !$result ) |
185 if ( !$result ) |
186 { |
186 { |
187 $db->_die('The message could not be sent.'); |
187 $db->_die('The message could not be sent.'); |
188 } |
188 } |
189 else |
189 else |
190 { |
190 { |
191 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>'); |
191 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>'); |
192 } |
192 } |
193 return; |
193 return; |
194 } |
194 } |
195 } |
195 } |
196 else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) ) |
196 else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) ) |
197 { |
197 { |
198 $errors = array(); |
198 $errors = array(); |
199 if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') ) |
199 if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') ) |
200 { |
200 { |
201 $errors[] = $lang->get('privmsgs_err_need_username'); |
201 $errors[] = $lang->get('privmsgs_err_need_username'); |
202 } |
202 } |
203 if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') ) |
203 if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') ) |
204 { |
204 { |
205 $errors[] = $lang->get('privmsgs_err_need_subject'); |
205 $errors[] = $lang->get('privmsgs_err_need_subject'); |
206 } |
206 } |
207 if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') ) |
207 if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') ) |
208 { |
208 { |
209 $errors[] = $lang->get('privmsgs_err_need_message'); |
209 $errors[] = $lang->get('privmsgs_err_need_message'); |
210 } |
210 } |
211 if ( count($errors) < 1 ) |
211 if ( count($errors) < 1 ) |
212 { |
212 { |
213 $namelist = $_POST['to']; |
213 $namelist = $_POST['to']; |
214 $namelist = str_replace(', ', ',', $namelist); |
214 $namelist = str_replace(', ', ',', $namelist); |
215 $namelist = explode(',', $namelist); |
215 $namelist = explode(',', $namelist); |
216 foreach($namelist as $n) |
216 foreach($namelist as $n) |
217 { |
217 { |
218 $n = $db->escape($n); |
218 $n = $db->escape($n); |
219 } |
219 } |
220 if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') ) |
220 if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') ) |
221 { |
221 { |
222 die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '<p>' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '</p>'); |
222 die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '<p>' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '</p>'); |
223 } |
223 } |
224 $subject = $db->escape($_POST['subject']); |
224 $subject = $db->escape($_POST['subject']); |
225 $message = RenderMan::preprocess_text($_POST['message']); |
225 $message = RenderMan::preprocess_text($_POST['message']); |
226 $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; |
226 $base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES'; |
227 foreach($namelist as $n) |
227 foreach($namelist as $n) |
228 { |
228 { |
229 $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; |
229 $base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),'; |
230 } |
230 } |
231 $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';'; |
231 $base_query = substr($base_query, 0, strlen($base_query) - 1) . ';'; |
232 $result = $db->sql_query($base_query); |
232 $result = $db->sql_query($base_query); |
233 $db->free_result(); |
233 $db->free_result(); |
234 if ( !$result ) |
234 if ( !$result ) |
235 { |
235 { |
236 $db->_die('The message could not be saved.'); |
236 $db->_die('The message could not be saved.'); |
237 } |
237 } |
238 } |
238 } |
239 } |
239 } |
240 else if(isset($_POST['_inbox'])) |
240 else if(isset($_POST['_inbox'])) |
241 { |
241 { |
242 redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0); |
242 redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0); |
243 } |
243 } |
244 if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) |
244 if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2])) |
245 { |
245 { |
246 $to = ''; |
246 $to = ''; |
247 $text = ''; |
247 $text = ''; |
248 $subj = ''; |
248 $subj = ''; |
249 $id = $argv[2]; |
249 $id = $argv[2]; |
250 $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); |
250 $q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';'); |
251 if ( !$q ) |
251 if ( !$q ) |
252 $db->_die('The message data could not be selected.'); |
252 $db->_die('The message data could not be selected.'); |
253 |
253 |
254 $r = $db->fetchrow(); |
254 $r = $db->fetchrow(); |
255 $db->free_result(); |
255 $db->free_result(); |
256 if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' ) |
256 if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' ) |
257 { |
257 { |
258 die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to view the contents of this message.</p>'); |
258 die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to view the contents of this message.</p>'); |
259 } |
259 } |
260 $subj = 'Re: ' . $r['subject']; |
260 $subj = 'Re: ' . $r['subject']; |
261 $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) |
261 $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) |
262 |
262 |
263 $tbuf = $text; |
263 $tbuf = $text; |
264 while( preg_match("/\n([\> ]*?)\> \>/", $text) ) |
264 while( preg_match("/\n([\> ]*?)\> \>/", $text) ) |
265 { |
265 { |
266 $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text); |
266 $text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text); |
267 if ( $text == $tbuf ) |
267 if ( $text == $tbuf ) |
268 break; |
268 break; |
269 $tbuf = $text; |
269 $tbuf = $text; |
270 } |
270 } |
271 |
271 |
272 $to = $r['message_from']; |
272 $to = $r['message_from']; |
273 } |
273 } |
274 else |
274 else |
275 { |
275 { |
276 if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] ) |
276 if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] ) |
277 { |
277 { |
278 $to = htmlspecialchars($argv[2]); |
278 $to = htmlspecialchars($argv[2]); |
279 } |
279 } |
280 else |
280 else |
281 { |
281 { |
282 $to = ''; |
282 $to = ''; |
283 } |
283 } |
284 $text = ''; |
284 $text = ''; |
285 $subj = ''; |
285 $subj = ''; |
286 } |
286 } |
287 $template->header(); |
287 $template->header(); |
288 userprefs_show_menu(); |
288 userprefs_show_menu(); |
289 if ( isset($errors) && count($errors) > 0 ) |
289 if ( isset($errors) && count($errors) > 0 ) |
290 { |
290 { |
291 echo '<div class="warning-box"> |
291 echo '<div class="warning-box"> |
292 ' . $lang->get('privmsgs_err_send_submit') . ' |
292 ' . $lang->get('privmsgs_err_send_submit') . ' |
293 <ul> |
293 <ul> |
294 <li>' . implode('</li><li>', $errors) . '</li> |
294 <li>' . implode('</li><li>', $errors) . '</li> |
295 </ul> |
295 </ul> |
296 </div>'; |
296 </div>'; |
297 } |
297 } |
298 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post">'; |
298 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post">'; |
299 |
299 |
300 if ( isset($_POST['_savedraft']) ) |
300 if ( isset($_POST['_savedraft']) ) |
301 { |
301 { |
302 echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>'; |
302 echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>'; |
303 } |
303 } |
304 ?> |
304 ?> |
305 <br /> |
305 <br /> |
306 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
306 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
307 <tr> |
307 <tr> |
308 <th colspan="2"><?php echo $lang->get('privmsgs_lbl_compose_th'); ?></th> |
308 <th colspan="2"><?php echo $lang->get('privmsgs_lbl_compose_th'); ?></th> |
309 </tr> |
309 </tr> |
310 <tr> |
310 <tr> |
311 <td class="row1"> |
311 <td class="row1"> |
312 <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br /> |
312 <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br /> |
313 <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small> |
313 <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small> |
314 </td> |
314 </td> |
315 <td class="row1"> |
315 <td class="row1"> |
316 <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> |
316 <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?> |
317 </td> |
317 </td> |
318 </tr> |
318 </tr> |
319 <tr> |
319 <tr> |
320 <td class="row2"> |
320 <td class="row2"> |
321 <?php echo $lang->get('privmsgs_lbl_subject'); ?> |
321 <?php echo $lang->get('privmsgs_lbl_subject'); ?> |
322 </td> |
322 </td> |
323 <td class="row2"> |
323 <td class="row2"> |
324 <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /> |
324 <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /> |
325 </td> |
325 </td> |
326 </tr> |
326 </tr> |
327 <tr> |
327 <tr> |
328 <td class="row1"> |
328 <td class="row1"> |
329 <?php echo $lang->get('privmsgs_lbl_message'); ?> |
329 <?php echo $lang->get('privmsgs_lbl_message'); ?> |
330 </td> |
330 </td> |
331 <td class="row1" style="min-width: 80%;"> |
331 <td class="row1" style="min-width: 80%;"> |
332 <?php |
332 <?php |
333 if ( isset($_POST['_savedraft']) ) |
333 if ( isset($_POST['_savedraft']) ) |
334 { |
334 { |
335 $content = htmlspecialchars($_POST['message']); |
335 $content = htmlspecialchars($_POST['message']); |
336 } |
336 } |
337 else |
337 else |
338 { |
338 { |
339 $content =& $text; |
339 $content =& $text; |
340 } |
340 } |
341 echo $template->tinymce_textarea('message', $content, 20, 40); |
341 echo $template->tinymce_textarea('message', $content, 20, 40); |
342 ?> |
342 ?> |
343 </td> |
343 </td> |
344 </tr> |
344 </tr> |
345 <tr> |
345 <tr> |
346 <th class="subhead" colspan="2"> |
346 <th class="subhead" colspan="2"> |
347 <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" /> |
347 <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" /> |
348 <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" /> |
348 <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" /> |
349 <input type="submit" name="_inbox" value="<?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?>" /> |
349 <input type="submit" name="_inbox" value="<?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?>" /> |
350 </th> |
350 </th> |
351 </tr> |
351 </tr> |
352 </table></div> |
352 </table></div> |
353 <?php |
353 <?php |
354 echo '</form>'; |
354 echo '</form>'; |
355 $template->footer(); |
355 $template->footer(); |
356 break; |
356 break; |
357 case 'Edit': |
357 case 'Edit': |
358 $id = $argv[1]; |
358 $id = $argv[1]; |
359 if ( !ctype_digit($id) ) |
359 if ( !ctype_digit($id) ) |
360 { |
360 { |
361 die_friendly('Message error', '<p>Invalid message ID</p>'); |
361 die_friendly('Message error', '<p>Invalid message ID</p>'); |
362 } |
362 } |
363 $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
363 $q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.''); |
364 if ( !$q ) |
364 if ( !$q ) |
365 { |
365 { |
366 $db->_die('The message data could not be selected.'); |
366 $db->_die('The message data could not be selected.'); |
367 } |
367 } |
368 $r = $db->fetchrow(); |
368 $r = $db->fetchrow(); |
369 $db->free_result(); |
369 $db->free_result(); |
370 if ( $r['message_from'] != $session->username || $r['message_read'] == 1 ) |
370 if ( $r['message_from'] != $session->username || $r['message_read'] == 1 ) |
371 { |
371 { |
372 die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to edit this message.</p>'); |
372 die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to edit this message.</p>'); |
373 } |
373 } |
374 $fname = $argv[2]; |
374 $fname = $argv[2]; |
375 |
375 |
376 if(isset($_POST['_send'])) |
376 if(isset($_POST['_send'])) |
377 { |
377 { |
378 // Check each POST DATA parameter... |
378 // Check each POST DATA parameter... |
379 $errors = array(); |
379 $errors = array(); |
380 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) |
380 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) |
381 { |
381 { |
382 $errors[] = $lang->get('privmsgs_err_need_username'); |
382 $errors[] = $lang->get('privmsgs_err_need_username'); |
383 } |
383 } |
384 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) |
384 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) |
385 { |
385 { |
386 $errors[] = $lang->get('privmsgs_err_need_subject'); |
386 $errors[] = $lang->get('privmsgs_err_need_subject'); |
387 } |
387 } |
388 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) |
388 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) |
389 { |
389 { |
390 $errors[] = $lang->get('privmsgs_err_need_message'); |
390 $errors[] = $lang->get('privmsgs_err_need_message'); |
391 } |
391 } |
392 if ( count($errors) < 1 ) |
392 if ( count($errors) < 1 ) |
393 { |
393 { |
394 $namelist = $_POST['to']; |
394 $namelist = $_POST['to']; |
395 $namelist = str_replace(', ', ',', $namelist); |
395 $namelist = str_replace(', ', ',', $namelist); |
396 $namelist = explode(',', $namelist); |
396 $namelist = explode(',', $namelist); |
397 foreach ($namelist as $n) |
397 foreach ($namelist as $n) |
398 { |
398 { |
399 $n = $db->escape($n); |
399 $n = $db->escape($n); |
400 } |
400 } |
401 $subject = RenderMan::preprocess_text($_POST['subject']); |
401 $subject = RenderMan::preprocess_text($_POST['subject']); |
402 $message = RenderMan::preprocess_text($_POST['message']); |
402 $message = RenderMan::preprocess_text($_POST['message']); |
403 $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';'; |
403 $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';'; |
404 $result = $db->sql_query($base_query); |
404 $result = $db->sql_query($base_query); |
405 $db->free_result(); |
405 $db->free_result(); |
406 if ( !$result ) |
406 if ( !$result ) |
407 { |
407 { |
408 $db->_die('The message could not be sent.'); |
408 $db->_die('The message could not be sent.'); |
409 } |
409 } |
410 else |
410 else |
411 { |
411 { |
412 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>'); |
412 die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>'); |
413 } |
413 } |
414 return; |
414 return; |
415 } |
415 } |
416 } |
416 } |
417 else if ( isset($_POST['_savedraft']) ) |
417 else if ( isset($_POST['_savedraft']) ) |
418 { |
418 { |
419 // Check each POST DATA parameter... |
419 // Check each POST DATA parameter... |
420 $errors = array(); |
420 $errors = array(); |
421 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) |
421 if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) |
422 { |
422 { |
423 $errors[] = $lang->get('privmsgs_err_need_username'); |
423 $errors[] = $lang->get('privmsgs_err_need_username'); |
424 } |
424 } |
425 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) |
425 if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '')) |
426 { |
426 { |
427 $errors[] = $lang->get('privmsgs_err_need_subject'); |
427 $errors[] = $lang->get('privmsgs_err_need_subject'); |
428 } |
428 } |
429 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) |
429 if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '')) |
430 { |
430 { |
431 $errors[] = $lang->get('privmsgs_err_need_message'); |
431 $errors[] = $lang->get('privmsgs_err_need_message'); |
432 } |
432 } |
433 if ( count($errors) < 1 ) |
433 if ( count($errors) < 1 ) |
434 { |
434 { |
435 $namelist = $_POST['to']; |
435 $namelist = $_POST['to']; |
436 $namelist = str_replace(', ', ',', $namelist); |
436 $namelist = str_replace(', ', ',', $namelist); |
437 $namelist = explode(',', $namelist); |
437 $namelist = explode(',', $namelist); |
438 foreach ( $namelist as $n ) |
438 foreach ( $namelist as $n ) |
439 { |
439 { |
440 $n = $db->escape($n); |
440 $n = $db->escape($n); |
441 } |
441 } |
442 $subject = $db->escape($_POST['subject']); |
442 $subject = $db->escape($_POST['subject']); |
443 $message = RenderMan::preprocess_text($_POST['message']); |
443 $message = RenderMan::preprocess_text($_POST['message']); |
444 $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';'; |
444 $base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';'; |
445 $result = $db->sql_query($base_query); |
445 $result = $db->sql_query($base_query); |
446 $db->free_result(); |
446 $db->free_result(); |
447 if ( !$result ) |
447 if ( !$result ) |
448 { |
448 { |
449 $db->_die('The message could not be saved.'); |
449 $db->_die('The message could not be saved.'); |
450 } |
450 } |
451 } |
451 } |
452 } |
452 } |
453 if ( $argv[1]=='to' && $argv[2] ) |
453 if ( $argv[1]=='to' && $argv[2] ) |
454 { |
454 { |
455 $to = htmlspecialchars($argv[2]); |
455 $to = htmlspecialchars($argv[2]); |
456 } |
456 } |
457 else |
457 else |
458 { |
458 { |
459 $to = ''; |
459 $to = ''; |
460 } |
460 } |
461 $template->header(); |
461 $template->header(); |
462 userprefs_show_menu(); |
462 userprefs_show_menu(); |
463 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">'; |
463 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">'; |
464 |
464 |
465 if ( isset($_POST['_savedraft']) ) |
465 if ( isset($_POST['_savedraft']) ) |
466 { |
466 { |
467 echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>'; |
467 echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>'; |
468 } |
468 } |
469 ?> |
469 ?> |
470 <br /> |
470 <br /> |
471 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
471 <div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
472 <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_edit_th'); ?></th></tr> |
472 <tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_edit_th'); ?></th></tr> |
473 <tr> |
473 <tr> |
474 <td class="row1"> |
474 <td class="row1"> |
475 <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br /> |
475 <?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br /> |
476 <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small> |
476 <small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small> |
477 </td> |
477 </td> |
478 <td class="row1"> |
478 <td class="row1"> |
479 <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?> |
479 <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?> |
480 </td> |
480 </td> |
481 </tr> |
481 </tr> |
482 <tr> |
482 <tr> |
483 <td class="row2"> |
483 <td class="row2"> |
484 <?php echo $lang->get('privmsgs_lbl_subject'); ?> |
484 <?php echo $lang->get('privmsgs_lbl_subject'); ?> |
485 </td> |
485 </td> |
486 <td class="row2"> |
486 <td class="row2"> |
487 <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /> |
487 <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /> |
488 </td> |
488 </td> |
489 </tr> |
489 </tr> |
490 <tr> |
490 <tr> |
491 <td class="row1"> |
491 <td class="row1"> |
492 <?php echo $lang->get('privmsgs_lbl_message'); ?> |
492 <?php echo $lang->get('privmsgs_lbl_message'); ?> |
493 </td> |
493 </td> |
494 <td class="row1" style="min-width: 80%;"> |
494 <td class="row1" style="min-width: 80%;"> |
495 <?php |
495 <?php |
496 if ( isset($_POST['_savedraft']) ) |
496 if ( isset($_POST['_savedraft']) ) |
497 { |
497 { |
498 $content = htmlspecialchars($_POST['message']); |
498 $content = htmlspecialchars($_POST['message']); |
499 } |
499 } |
500 else |
500 else |
501 { |
501 { |
502 $content =& $r['message_text']; |
502 $content =& $r['message_text']; |
503 } |
503 } |
504 echo $template->tinymce_textarea('message', $content, 20, 40); |
504 echo $template->tinymce_textarea('message', $content, 20, 40); |
505 ?> |
505 ?> |
506 </td> |
506 </td> |
507 </tr> |
507 </tr> |
508 |
508 |
509 <tr> |
509 <tr> |
510 <th class="subhead" colspan="2"> |
510 <th class="subhead" colspan="2"> |
511 <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" /> |
511 <input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" /> |
512 <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" /> |
512 <input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" /> |
513 </th> |
513 </th> |
514 </tr> |
514 </tr> |
515 </table></div> |
515 </table></div> |
516 <?php |
516 <?php |
517 echo '</form>'; |
517 echo '</form>'; |
518 $template->footer(); |
518 $template->footer(); |
519 break; |
519 break; |
520 case 'Folder': |
520 case 'Folder': |
521 $template->header(); |
521 $template->header(); |
522 userprefs_show_menu(); |
522 userprefs_show_menu(); |
523 switch($argv[1]) |
523 switch($argv[1]) |
524 { |
524 { |
525 default: |
525 default: |
526 echo '<p>' . $lang->get('privmsgs_err_folder_not_exist', array( |
526 echo '<p>' . $lang->get('privmsgs_err_folder_not_exist', array( |
527 'folder_name' => htmlspecialchars($argv[1]), |
527 'folder_name' => htmlspecialchars($argv[1]), |
528 'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') |
528 'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') |
529 )) . '</p>'; |
529 )) . '</p>'; |
530 break; |
530 break; |
531 case 'Inbox': |
531 case 'Inbox': |
532 case 'Outbox': |
532 case 'Outbox': |
533 case 'Sent': |
533 case 'Sent': |
534 case 'Drafts': |
534 case 'Drafts': |
535 case 'Archive': |
535 case 'Archive': |
536 ?> |
536 ?> |
537 <table border="0" width="100%" cellspacing="10" cellpadding="0"> |
537 <table border="0" width="100%" cellspacing="10" cellpadding="0"> |
538 <tr> |
538 <tr> |
539 <td style="padding: 0px; width: 120px;" valign="top" > |
539 <td style="padding: 0px; width: 120px;" valign="top" > |
540 <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
540 <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
541 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr> |
541 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr> |
542 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr> |
542 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr> |
543 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr> |
543 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr> |
544 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr> |
544 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr> |
545 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr> |
545 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr> |
546 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr> |
546 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr> |
547 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr> |
547 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr> |
548 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr> |
548 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr> |
549 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr> |
549 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr> |
550 </table></div> |
550 </table></div> |
551 </td> |
551 </td> |
552 <td valign="top"> |
552 <td valign="top"> |
553 <?php |
553 <?php |
554 $fname = strtolower($argv[1]); |
554 $fname = strtolower($argv[1]); |
555 switch($argv[1]) |
555 switch($argv[1]) |
556 { |
556 { |
557 case 'Inbox': |
557 case 'Inbox': |
558 case 'Archive': |
558 case 'Archive': |
559 default: |
559 default: |
560 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); |
560 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); |
561 break; |
561 break; |
562 case 'Outbox': |
562 case 'Outbox': |
563 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;'); |
563 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;'); |
564 break; |
564 break; |
565 case 'Sent': |
565 case 'Sent': |
566 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;'); |
566 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;'); |
567 break; |
567 break; |
568 case 'Drafts': |
568 case 'Drafts': |
569 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); |
569 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); |
570 break; |
570 break; |
571 } |
571 } |
572 if ( !$q ) |
572 if ( !$q ) |
573 { |
573 { |
574 $db->_die('The private message data could not be selected.'); |
574 $db->_die('The private message data could not be selected.'); |
575 } |
575 } |
576 if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' ) |
576 if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' ) |
577 { |
577 { |
578 $act = 'Edit'; |
578 $act = 'Edit'; |
579 } |
579 } |
580 else |
580 else |
581 { |
581 { |
582 $act = 'View'; |
582 $act = 'View'; |
583 } |
583 } |
584 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post"> |
584 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post"> |
585 <div class="tblholder"> |
585 <div class="tblholder"> |
586 <table border="0" width="100%" cellspacing="1" cellpadding="4"> |
586 <table border="0" width="100%" cellspacing="1" cellpadding="4"> |
587 <tr> |
587 <tr> |
588 <th colspan="4" style="text-align: left;">' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '</th> |
588 <th colspan="4" style="text-align: left;">' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '</th> |
589 </tr> |
589 </tr> |
590 <tr> |
590 <tr> |
591 <th class="subhead">'; |
591 <th class="subhead">'; |
592 if ( $fname == 'drafts' || $fname == 'Outbox' ) |
592 if ( $fname == 'drafts' || $fname == 'Outbox' ) |
593 { |
593 { |
594 echo $lang->get('privmsgs_folder_th_to'); |
594 echo $lang->get('privmsgs_folder_th_to'); |
595 } |
595 } |
596 else |
596 else |
597 { |
597 { |
598 echo $lang->get('privmsgs_folder_th_from'); |
598 echo $lang->get('privmsgs_folder_th_from'); |
599 } |
599 } |
600 echo '</th> |
600 echo '</th> |
601 <th class="subhead">' . $lang->get('privmsgs_folder_th_subject') . '</th> |
601 <th class="subhead">' . $lang->get('privmsgs_folder_th_subject') . '</th> |
602 <th class="subhead">' . $lang->get('privmsgs_folder_th_date') . '</th> |
602 <th class="subhead">' . $lang->get('privmsgs_folder_th_date') . '</th> |
603 <th class="subhead">' . $lang->get('privmsgs_folder_th_mark') . '</th> |
603 <th class="subhead">' . $lang->get('privmsgs_folder_th_mark') . '</th> |
604 </tr>'; |
604 </tr>'; |
605 if($db->numrows() < 1) |
605 if($db->numrows() < 1) |
606 { |
606 { |
607 echo '<tr><td style="text-align: center;" class="row1" colspan="4">' . $lang->get('privmsgs_msg_no_messages') . '</td></tr>'; |
607 echo '<tr><td style="text-align: center;" class="row1" colspan="4">' . $lang->get('privmsgs_msg_no_messages') . '</td></tr>'; |
608 } |
608 } |
609 else |
609 else |
610 { |
610 { |
611 $cls = 'row2'; |
611 $cls = 'row2'; |
612 while ( $r = $db->fetchrow() ) |
612 while ( $r = $db->fetchrow() ) |
613 { |
613 { |
614 if($cls == 'row2') $cls='row1'; |
614 if($cls == 'row2') $cls='row1'; |
615 else $cls = 'row2'; |
615 else $cls = 'row2'; |
616 $mto = str_replace(' ', '_', $r['message_to']); |
616 $mto = str_replace(' ', '_', $r['message_to']); |
617 $mfr = str_replace(' ', '_', $r['message_from']); |
617 $mfr = str_replace(' ', '_', $r['message_from']); |
618 echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">'; |
618 echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">'; |
619 if ( $fname == 'drafts' || $fname == 'outbox' ) |
619 if ( $fname == 'drafts' || $fname == 'outbox' ) |
620 { |
620 { |
621 echo $r['message_to']; |
621 echo $r['message_to']; |
622 } |
622 } |
623 else |
623 else |
624 { |
624 { |
625 echo $r['message_from']; |
625 echo $r['message_from']; |
626 } |
626 } |
627 |
627 |
628 echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">'; |
628 echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">'; |
629 |
629 |
630 if ( $r['message_read'] == 0 ) |
630 if ( $r['message_read'] == 0 ) |
631 { |
631 { |
632 echo '<b>'; |
632 echo '<b>'; |
633 } |
633 } |
634 echo $r['subject']; |
634 echo $r['subject']; |
635 if ( $r['message_read'] == 0 ) |
635 if ( $r['message_read'] == 0 ) |
636 { |
636 { |
637 echo '</b>'; |
637 echo '</b>'; |
638 } |
638 } |
639 echo '</a></td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>'; |
639 echo '</a></td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>'; |
640 } |
640 } |
641 $db->free_result(); |
641 $db->free_result(); |
642 } |
642 } |
643 echo '<tr> |
643 echo '<tr> |
644 <th style="text-align: right;" colspan="4"> |
644 <th style="text-align: right;" colspan="4"> |
645 <input type="hidden" name="folder" value="'.$fname.'" /> |
645 <input type="hidden" name="folder" value="'.$fname.'" /> |
646 <input type="submit" name="archive" value="' . $lang->get('privmsgs_btn_archive_selected') . '" /> |
646 <input type="submit" name="archive" value="' . $lang->get('privmsgs_btn_archive_selected') . '" /> |
647 <input type="submit" name="delete" value="' . $lang->get('privmsgs_btn_delete_selected') . '" /> |
647 <input type="submit" name="delete" value="' . $lang->get('privmsgs_btn_delete_selected') . '" /> |
648 <input type="submit" name="deleteall" value="' . $lang->get('privmsgs_btn_delete_all') . '" /> |
648 <input type="submit" name="deleteall" value="' . $lang->get('privmsgs_btn_delete_all') . '" /> |
649 </th> |
649 </th> |
650 </tr>'; |
650 </tr>'; |
651 echo '</table></div></form> |
651 echo '</table></div></form> |
652 <br /> |
652 <br /> |
653 <a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">' . $lang->get('privmsgs_btn_compose') . '</a> |
653 <a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">' . $lang->get('privmsgs_btn_compose') . '</a> |
654 </td></tr></table>'; |
654 </td></tr></table>'; |
655 break; |
655 break; |
656 } |
656 } |
657 $template->footer(); |
657 $template->footer(); |
658 break; |
658 break; |
659 case 'PostHandler': |
659 case 'PostHandler': |
660 $fname = $db->escape(strtolower($_POST['folder'])); |
660 $fname = $db->escape(strtolower($_POST['folder'])); |
661 if($fname=='drafts' || $fname=='outbox') |
661 if($fname=='drafts' || $fname=='outbox') |
662 { |
662 { |
663 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); |
663 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;'); |
664 } else { |
664 } else { |
665 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); |
665 $q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;'); |
666 } |
666 } |
667 if(!$q) $db->_die('The private message data could not be selected.'); |
667 if(!$q) $db->_die('The private message data could not be selected.'); |
668 |
668 |
669 if(isset($_POST['archive'])) { |
669 if(isset($_POST['archive'])) { |
670 while($row = $db->fetchrow($q)) |
670 while($row = $db->fetchrow($q)) |
671 { |
671 { |
672 if(isset($_POST['marked_'.$row['message_id']])) |
672 if(isset($_POST['marked_'.$row['message_id']])) |
673 { |
673 { |
674 $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';'); |
674 $e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';'); |
675 if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
675 if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
676 $db->free_result(); |
676 $db->free_result(); |
677 } |
677 } |
678 } |
678 } |
679 } elseif(isset($_POST['delete'])) { |
679 } elseif(isset($_POST['delete'])) { |
680 while($row = $db->fetchrow($q)) |
680 while($row = $db->fetchrow($q)) |
681 { |
681 { |
682 if(isset($_POST['marked_'.$row['message_id']])) |
682 if(isset($_POST['marked_'.$row['message_id']])) |
683 { |
683 { |
684 $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); |
684 $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); |
685 if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
685 if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
686 $db->free_result(); |
686 $db->free_result(); |
687 } |
687 } |
688 } |
688 } |
689 } elseif(isset($_POST['deleteall'])) { |
689 } elseif(isset($_POST['deleteall'])) { |
690 while($row = $db->fetchrow($q)) |
690 while($row = $db->fetchrow($q)) |
691 { |
691 { |
692 $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); |
692 $e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';'); |
693 if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
693 if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.'); |
694 $db->free_result(); |
694 $db->free_result(); |
695 } |
695 } |
696 } else { |
696 } else { |
697 die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.'); |
697 die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.'); |
698 } |
698 } |
699 $db->free_result($q); |
699 $db->free_result($q); |
700 header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) )); |
700 header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) )); |
701 break; |
701 break; |
702 case 'FriendList': |
702 case 'FriendList': |
703 if($argv[1] == 'Add') |
703 if($argv[1] == 'Add') |
704 { |
704 { |
705 if(isset($_POST['_go'])) |
705 if(isset($_POST['_go'])) |
706 $buddyname = $_POST['buddyname']; |
706 $buddyname = $_POST['buddyname']; |
707 elseif($argv[2]) |
707 elseif($argv[2]) |
708 $buddyname = $argv[2]; |
708 $buddyname = $argv[2]; |
709 else |
709 else |
710 die_friendly('Error adding buddy', '<p>No name specified</p>'); |
710 die_friendly('Error adding buddy', '<p>No name specified</p>'); |
711 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\''); |
711 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\''); |
712 if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); |
712 if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); |
713 if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>'; |
713 if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>'; |
714 { |
714 { |
715 $r = $db->fetchrow(); |
715 $r = $db->fetchrow(); |
716 $db->free_result(); |
716 $db->free_result(); |
717 $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);'); |
717 $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);'); |
718 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>'; |
718 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>'; |
719 $db->free_result(); |
719 $db->free_result(); |
720 } |
720 } |
721 } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { |
721 } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { |
722 // Using WHERE user_id prevents users from deleting others' buddies |
722 // Using WHERE user_id prevents users from deleting others' buddies |
723 $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); |
723 $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); |
724 $db->free_result(); |
724 $db->free_result(); |
725 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>'; |
725 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>'; |
726 if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>'; |
726 if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>'; |
727 } |
727 } |
728 $template->header(); |
728 $template->header(); |
729 userprefs_show_menu(); |
729 userprefs_show_menu(); |
730 ?> |
730 ?> |
731 <table border="0" width="100%" cellspacing="10" cellpadding="0"> |
731 <table border="0" width="100%" cellspacing="10" cellpadding="0"> |
732 <tr> |
732 <tr> |
733 <td style="padding: 0px; width: 120px;" valign="top" > |
733 <td style="padding: 0px; width: 120px;" valign="top" > |
734 <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
734 <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
735 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr> |
735 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr> |
736 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr> |
736 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr> |
737 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr> |
737 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr> |
738 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr> |
738 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr> |
739 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr> |
739 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr> |
740 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr> |
740 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr> |
741 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr> |
741 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr> |
742 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr> |
742 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr> |
743 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr> |
743 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr> |
744 </table></div> |
744 </table></div> |
745 </td> |
745 </td> |
746 <td valign="top"> |
746 <td valign="top"> |
747 <?php |
747 <?php |
748 $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;'); |
748 $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;'); |
749 if(!$q) $db->_die('The buddy list could not be selected.'); |
749 if(!$q) $db->_die('The buddy list could not be selected.'); |
750 else |
750 else |
751 { |
751 { |
752 $allbuds = ''; |
752 $allbuds = ''; |
753 echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>'; |
753 echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>'; |
754 if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_buddies') . '</td></tr>'; |
754 if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_buddies') . '</td></tr>'; |
755 $cls = 'row2'; |
755 $cls = 'row2'; |
756 while ( $row = $db->fetchrow() ) |
756 while ( $row = $db->fetchrow() ) |
757 { |
757 { |
758 if($cls=='row2') $cls = 'row1'; |
758 if($cls=='row2') $cls = 'row1'; |
759 else $cls = 'row2'; |
759 else $cls = 'row2'; |
760 echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>'; |
760 echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>'; |
761 $allbuds .= str_replace(' ', '_', $row['username']).','; |
761 $allbuds .= str_replace(' ', '_', $row['username']).','; |
762 } |
762 } |
763 $db->free_result(); |
763 $db->free_result(); |
764 $allbuds = substr($allbuds, 0, strlen($allbuds)-1); |
764 $allbuds = substr($allbuds, 0, strlen($allbuds)-1); |
765 if($cls=='row2') $cls = 'row1'; |
765 if($cls=='row2') $cls = 'row1'; |
766 else $cls = 'row2'; |
766 else $cls = 'row2'; |
767 echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">' . $lang->get('privmsgs_btn_pm_all_buddies') . '</a></td></tr>'; |
767 echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">' . $lang->get('privmsgs_btn_pm_all_buddies') . '</a></td></tr>'; |
768 echo '</table></div>'; |
768 echo '</table></div>'; |
769 } |
769 } |
770 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
770 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
771 <h3>' . $lang->get('privmsgs_heading_add_buddy') . '</h3>'; |
771 <h3>' . $lang->get('privmsgs_heading_add_buddy') . '</h3>'; |
772 echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>'; |
772 echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>'; |
773 echo '</form>'; |
773 echo '</form>'; |
774 ?> |
774 ?> |
775 </td> |
775 </td> |
776 </tr> |
776 </tr> |
777 </table> |
777 </table> |
778 <?php |
778 <?php |
779 $template->footer(); |
779 $template->footer(); |
780 break; |
780 break; |
781 case 'FoeList': |
781 case 'FoeList': |
782 if($argv[1] == 'Add' && isset($_POST['_go'])) |
782 if($argv[1] == 'Add' && isset($_POST['_go'])) |
783 { |
783 { |
784 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\''); |
784 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\''); |
785 if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); |
785 if(!$q) $db->_die('The buddy\'s user ID could not be selected.'); |
786 if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>'; |
786 if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>'; |
787 { |
787 { |
788 $r = $db->fetchrow(); |
788 $r = $db->fetchrow(); |
789 $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);'); |
789 $q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);'); |
790 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>'; |
790 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>'; |
791 } |
791 } |
792 $db->free_result(); |
792 $db->free_result(); |
793 } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { |
793 } elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) { |
794 // Using WHERE user_id prevents users from deleting others' buddies |
794 // Using WHERE user_id prevents users from deleting others' buddies |
795 $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); |
795 $q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';'); |
796 $db->free_result(); |
796 $db->free_result(); |
797 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>'; |
797 if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>'; |
798 if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>'; |
798 if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>'; |
799 } |
799 } |
800 $template->header(); |
800 $template->header(); |
801 userprefs_show_menu(); |
801 userprefs_show_menu(); |
802 ?> |
802 ?> |
803 <table border="0" width="100%" cellspacing="10" cellpadding="0"> |
803 <table border="0" width="100%" cellspacing="10" cellpadding="0"> |
804 <tr> |
804 <tr> |
805 <td style="padding: 0px; width: 120px;" valign="top" > |
805 <td style="padding: 0px; width: 120px;" valign="top" > |
806 <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
806 <div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4"> |
807 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr> |
807 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr> |
808 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr> |
808 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr> |
809 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr> |
809 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr> |
810 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr> |
810 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr> |
811 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr> |
811 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr> |
812 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr> |
812 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr> |
813 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr> |
813 <tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr> |
814 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr> |
814 <tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr> |
815 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr> |
815 <tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr> |
816 </table></div> |
816 </table></div> |
817 </td> |
817 </td> |
818 <td valign="top"> |
818 <td valign="top"> |
819 <?php |
819 <?php |
820 $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;'); |
820 $q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;'); |
821 if(!$q) $db->_die('The buddy list could not be selected.'); |
821 if(!$q) $db->_die('The buddy list could not be selected.'); |
822 else |
822 else |
823 { |
823 { |
824 $allbuds = ''; |
824 $allbuds = ''; |
825 echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>'; |
825 echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>'; |
826 if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_foes') . '</td></tr>'; |
826 if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_foes') . '</td></tr>'; |
827 $cls = 'row2'; |
827 $cls = 'row2'; |
828 while ( $row = $db->fetchrow() ) |
828 while ( $row = $db->fetchrow() ) |
829 { |
829 { |
830 if($cls=='row2') $cls = 'row1'; |
830 if($cls=='row2') $cls = 'row1'; |
831 else $cls = 'row2'; |
831 else $cls = 'row2'; |
832 echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>'; |
832 echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>'; |
833 $allbuds .= str_replace(' ', '_', $row['username']).','; |
833 $allbuds .= str_replace(' ', '_', $row['username']).','; |
834 } |
834 } |
835 $db->free_result(); |
835 $db->free_result(); |
836 $allbuds = substr($allbuds, 0, strlen($allbuds)-1); |
836 $allbuds = substr($allbuds, 0, strlen($allbuds)-1); |
837 if($cls=='row2') $cls = 'row1'; |
837 if($cls=='row2') $cls = 'row1'; |
838 else $cls = 'row2'; |
838 else $cls = 'row2'; |
839 echo '</table></div>'; |
839 echo '</table></div>'; |
840 } |
840 } |
841 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
841 echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
842 <h3>' . $lang->get('privmsgs_heading_add_foe') . '</h3>'; |
842 <h3>' . $lang->get('privmsgs_heading_add_foe') . '</h3>'; |
843 echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>'; |
843 echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').' <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>'; |
844 echo '</form>'; |
844 echo '</form>'; |
845 ?> |
845 ?> |
846 </td> |
846 </td> |
847 </tr> |
847 </tr> |
848 </table> |
848 </table> |
849 <?php |
849 <?php |
850 $template->footer(); |
850 $template->footer(); |
851 break; |
851 break; |
852 } |
852 } |
853 } |
853 } |
854 |
854 |
855 ?> |
855 ?> |