plugins/PrivateMessages.php
author Dan Fuhry <dan@enanocms.org>
Thu, 28 Oct 2010 03:05:31 -0400
changeset 1308 f9bee9b125ee
parent 1280 871f17a0d27d
child 1348 2e635e51deb0
permissions -rw-r--r--
Parser updates. Added the "styled" keyword to wikitables to allow them to be styled using the current theme's standard table skinning, and changes to how the image tag parser decides how to display an image (framed, inline or raw).

<?php
/**!info**
{
	"Plugin Name"  : "plugin_privatemessages_title",
	"Plugin URI"   : "http://enanocms.org/",
	"Description"  : "plugin_privatemessages_desc",
	"Author"       : "Dan Fuhry",
	"Version"      : "1.1.6",
	"Author URI"   : "http://enanocms.org/"
}
**!*/

/*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
 * Copyright (C) 2006-2009 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 */
 
global $db, $session, $paths, $template, $plugins; // Common objects

function PrivateMessages_paths_init()
{
	register_special_page('PrivateMessages', 'specialpage_private_messages');
}

function page_Special_PrivateMessages()
{
	global $db, $session, $paths, $template, $plugins; // Common objects
	global $lang;
	if ( !$session->user_logged_in )
	{
		die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_need_login', array('login_link' => makeUrlNS('Special', 'Login/' . $paths->page))) . '</p>');
	}
	$argv = Array();
	$argv[] = $paths->getParam(0);
	$argv[] = $paths->getParam(1);
	$argv[] = $paths->getParam(2);
	if ( !$argv[0] )
	{
		$argv[0] = 'InVaLiD';
	}
	switch($argv[0])
	{
		default:
			header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
			break;
		case 'View':
			$id = $argv[1];
			if ( !ctype_digit($id) )
			{
				die_friendly('Message error', '<p>Invalid message ID</p>');
			}
			$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
			if ( !$q )
			{
				$db->_die('The message data could not be selected.');
			}
			$r = $db->fetchrow();
			$db->free_result();
			if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
			{
				die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_read') . '</p>');
			}
			if ( $r['message_to'] == $session->username )
			{
				$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
				$db->free_result();
				if ( !$q )
				{
					$db->_die('Could not mark message as read');
				}
			}
			$template->header();
			userprefs_show_menu();
			?>
				<br />
				<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
					<tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?></th></tr>
					<tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_subject') ?></td><td class="row1"><?php echo $r['subject']; ?></td></tr>
					<tr><td class="row2"><?php echo $lang->get('privmsgs_lbl_date') ?></td><td class="row2"><?php echo enano_date(ED_DATE | ED_TIME, $r['date']); ?></td></tr>
					<tr><td class="row1"><?php echo $lang->get('privmsgs_lbl_message') ?></td><td class="row1"><?php echo RenderMan::render($r['message_text']);
					if ( $r['signature'] != '' )
					{
						echo '<hr style="margin-left: 1em; width: 200px;" />';
						echo RenderMan::render($r['signature']);
					}
					?></td></tr>
					<tr><td colspan="2" class="row3"><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Compose/ReplyTo/'.$id); ?>"><?php echo $lang->get('privmsgs_btn_send_reply'); ?></a>  |  <a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Delete/'.$id); ?>">Delete message</a>  |  <?php if($r['folder_name'] != 'archive') { ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Move/'.$id.'/Archive'); ?>"><?php echo $lang->get('privmsgs_btn_archive'); ?></a>  |  <?php } ?><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox') ?>"><?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?></a></td></tr>
				</table></div>
			<?php
			$template->footer();              
			break;
		case 'Move':
			$id = $argv[1];
			if ( !ctype_digit($id) )
			{
				die_friendly('Message error', '<p>Invalid message ID</p>');
			}
			$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
			if ( !$q )
			{
				$db->_die('The message data could not be selected.');
			}
			$r = $db->fetchrow();
			$db->free_result();
			if ( $r['message_to'] != $session->username )
			{
				die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('privmsgs_err_not_authorized_edit') . '</p>');
			}
			$fname = $argv[2];
			if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
			{
				die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
			}
			$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
			$db->free_result();
			if ( !$q )
			{
				$db->_die('The message was not successfully moved.');
			}
			die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_moved', array('folder' => $fname)) . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
			break;
		case 'Delete':
			$id = $argv[1];
			if ( !ctype_digit($id) )
			{
				die_friendly('Message error', '<p>Invalid message ID</p>');
			}
			$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
			if ( !$q )
			{
				$db->_die('The message data could not be selected.');
			}
			$r = $db->fetchrow();
			if ( $r['message_to'] != $session->username )
			{
				die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to delete this message.</p>');
			}
			$q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
			if ( !$q )
			{
				$db->_die('The message was not successfully deleted.');
			}
			$db->free_result();
			die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_deleted') . '</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">' . $lang->get('privmsgs_btn_return_to_inbox') . '</a></p>');
			break;
		case 'Compose':
			if ( $argv[1]=='Send' && isset($_POST['_send']) )
			{
				// Check each POST DATA parameter...
				$errors = array();
				if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_username');
				}
				if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_subject');
				}
				if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_message');
				}
				if ( count($errors) < 1 )
				{
					$namelist = $_POST['to'];
					$namelist = str_replace(', ', ',', $namelist);
					$namelist = explode(',', $namelist);
					foreach($namelist as $n) { $n = $db->escape($n); }
					$subject = RenderMan::preprocess_text($_POST['subject']);
					$message = RenderMan::preprocess_text($_POST['message']);
					$base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
					foreach($namelist as $n)
					{
						$base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'inbox\', 0),';
					}
					$base_query = substr($base_query, 0, strlen($base_query)-1) . ';';
					$result = $db->sql_query($base_query);
					$db->free_result();
					if ( !$result )
					{
						$db->_die('The message could not be sent.');
					}
					else
					{
						die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
					}
					return;
				}
			}
			else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) )
			{
				$errors = array();
				if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') )
				{
					$errors[] = $lang->get('privmsgs_err_need_username');
				}
				if ( !isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == '') )
				{
					$errors[] = $lang->get('privmsgs_err_need_subject');
				}
				if ( !isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == '') )
				{
					$errors[] = $lang->get('privmsgs_err_need_message');
				}
				if ( count($errors) < 1 )
				{
					$namelist = $_POST['to'];
					$namelist = str_replace(', ', ',', $namelist);
					$namelist = explode(',', $namelist);
					foreach($namelist as $n)
					{
						$n = $db->escape($n);
					}
					if ( count($namelist) > MAX_PMS_PER_BATCH && !$session->get_permssions('mod_misc') )
					{
						die_friendly($lang->get('privmsgs_err_limit_exceeded_title'), '<p>' . $lang->get('privmsgs_err_limit_exceeded_body', array('limit' => MAX_PMS_PER_BATCH)) . '</p>');
					}
					$subject = $db->escape($_POST['subject']);
					$message = RenderMan::preprocess_text($_POST['message']);
					$base_query = 'INSERT INTO '.table_prefix.'privmsgs(message_from,message_to,date,subject,message_text,folder_name,message_read) VALUES';
					foreach($namelist as $n)
					{
						$base_query .= '(\''.$session->username.'\', \''.$n.'\', '.time().', \''.$subject.'\', \''.$message.'\', \'drafts\', 0),';
					}
					$base_query = substr($base_query, 0, strlen($base_query) - 1) . ';';
					$result = $db->sql_query($base_query);
					$db->free_result();
					if ( !$result )
					{
						$db->_die('The message could not be saved.');
					}
				}
			}
			else if(isset($_POST['_inbox']))
			{
				redirect(makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'), '', '', 0);
			}
			if($argv[1] == 'ReplyTo' && preg_match('#^([0-9]+)$#', $argv[2]))
			{
				$to = '';
				$text = '';
				$subj = '';
				$id = $argv[2];
				$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.';');
				if ( !$q )
					$db->_die('The message data could not be selected.');
				
				$r = $db->fetchrow();
				$db->free_result();
				if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name'] == 'drafts' )
				{
					die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to view the contents of this message.</p>');
				}
				$subj = 'Re: ' . $r['subject'];
				$text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-)
				
				$tbuf = $text;
				while( preg_match("/\n([\> ]*?)\> \>/", $text) )
				{
					$text = preg_replace("/\n([\> ]*?)\> \>/", '\\1>>', $text);
					if ( $text == $tbuf )
						break;
					$tbuf = $text;
				}
				
				$to = $r['message_from'];
			}
			else
			{
				if ( ( $argv[1]=='to' || $argv[1]=='To' ) && $argv[2] )
				{
					$to = htmlspecialchars(str_replace('_', ' ', dirtify_page_id($argv[2])));
				}
				else
				{
					$to = '';
				}
				$text = '';
				$subj = '';
			}
				$template->header();
				userprefs_show_menu();
				if ( isset($errors) && count($errors) > 0 )
				{
					echo '<div class="warning-box">
									' . $lang->get('privmsgs_err_send_submit') . '
									<ul>
										<li>' . implode('</li><li>', $errors) . '</li>
									</ul>
								</div>';
				}
				echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Compose/Send').'" method="post">';
				
				if ( isset($_POST['_savedraft']) )
				{
					echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
				}
				?>
				<br />
				<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
					<tr>
						<th colspan="2"><?php echo $lang->get('privmsgs_lbl_compose_th'); ?></th>
					</tr>
					<tr>
						<td class="row1">
							<?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
							<small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
						</td>
						<td class="row1">
							<?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
						</td>
					</tr>
					<tr>
						<td class="row2">
							<?php echo $lang->get('privmsgs_lbl_subject'); ?>
						</td>
						<td class="row2">
							<input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" />
						</td>
					</tr>
					<tr>
						<td class="row1">
							<?php echo $lang->get('privmsgs_lbl_message'); ?>
						</td>
						<td class="row1" style="min-width: 80%;">
							<?php
								if ( isset($_POST['_savedraft']) )
								{
									$content = htmlspecialchars($_POST['message']);
								}
								else
								{
									$content =& $text;
								}
								echo $template->tinymce_textarea('message', $content, 20, 40);
							?>
						</td>
					</tr>
					<tr>
						<th class="subhead" colspan="2">
							<input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
							<input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
							<input type="submit" name="_inbox" value="<?php echo $lang->get('privmsgs_btn_return_to_inbox'); ?>" />
						</th>
					</tr>
				</table></div>
				<?php
				echo '</form>';
				$template->footer();
			break;
		case 'Edit':
			$id = $argv[1];
			if ( !ctype_digit($id) )
			{
				die_friendly('Message error', '<p>Invalid message ID</p>');
			}
			$q = $db->sql_query('SELECT message_from, message_to, subject, message_text, date, folder_name, message_read FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
			if ( !$q )
			{
				$db->_die('The message data could not be selected.');
			}
			$r = $db->fetchrow();
			$db->free_result();
			if ( $r['message_from'] != $session->username || $r['message_read'] == 1 )
			{
				die_friendly($lang->get('etc_access_denied_short'), '<p>You are not authorized to edit this message.</p>');
			}
			$fname = $argv[2];
			
			if(isset($_POST['_send']))
			{
				// Check each POST DATA parameter...
				$errors = array();
				if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_username');
				}
				if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_subject');
				}
				if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_message');
				}
				if ( count($errors) < 1 )
				{
					$namelist = $_POST['to'];
					$namelist = str_replace(', ', ',', $namelist);
					$namelist = explode(',', $namelist);
					foreach ($namelist as $n)
					{
						$n = $db->escape($n);
					}
					$subject = RenderMan::preprocess_text($_POST['subject']);
					$message = RenderMan::preprocess_text($_POST['message']);
					$base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\',folder_name=\'inbox\' WHERE message_id='.$id.';';
					$result = $db->sql_query($base_query);
					$db->free_result();
					if ( !$result )
					{
						$db->_die('The message could not be sent.');
					}
					else
					{
						die_friendly($lang->get('privmsgs_msg_message_status'), '<p>' . $lang->get('privmsgs_msg_message_sent', array('inbox_link' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'))) . '</p>');
					}
					return;
				}
			}
			else if ( isset($_POST['_savedraft']) )
			{
				// Check each POST DATA parameter...
				$errors = array();
				if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_username');
				}
				if(!isset($_POST['subject']) || ( isset($_POST['subject']) && $_POST['subject'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_subject');
				}
				if(!isset($_POST['message']) || ( isset($_POST['message']) && $_POST['message'] == ''))
				{
					$errors[] = $lang->get('privmsgs_err_need_message');
				}
				if ( count($errors) < 1 )
				{
					$namelist = $_POST['to'];
					$namelist = str_replace(', ', ',', $namelist);
					$namelist = explode(',', $namelist);
					foreach ( $namelist as $n )
					{
						$n = $db->escape($n);
					}
					$subject = $db->escape($_POST['subject']);
					$message = RenderMan::preprocess_text($_POST['message']);
					$base_query = 'UPDATE '.table_prefix.'privmsgs SET subject=\''.$subject.'\',message_to=\''.$namelist[0].'\',message_text=\''.$message.'\' WHERE message_id='.$id.';';
					$result = $db->sql_query($base_query);
					$db->free_result();
					if ( !$result )
					{
						$db->_die('The message could not be saved.');
					}
				}
			}
				if ( $argv[1]=='to' && $argv[2] )
				{
					$to = htmlspecialchars($argv[2]);
				}
				else
				{
					$to = '';
				}
				$template->header();
				userprefs_show_menu();
				echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/Edit/'.$id).'" method="post">';
				
				if ( isset($_POST['_savedraft']) )
				{
					echo '<div class="info-box">' . $lang->get('privmsgs_msg_draft_saved') . '</div>';
				}
				?>
				<br />
				<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
					<tr><th colspan="2"><?php echo $lang->get('privmsgs_lbl_edit_th'); ?></th></tr>
					<tr>
						<td class="row1">
							<?php echo $lang->get('privmsgs_lbl_compose_to'); ?><br />
							<small><?php echo $lang->get('privmsgs_lbl_compose_to_max', array('limit' => MAX_PMS_PER_BATCH)); ?></small>
						</td>
						<td class="row1">
							<?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $r['message_to'] ); ?>
						</td>
					</tr>
					<tr>
						<td class="row2">
							<?php echo $lang->get('privmsgs_lbl_subject'); ?>
						</td>
						<td class="row2">
							<input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" />
						</td>
					</tr>
					<tr>
						<td class="row1">
							<?php echo $lang->get('privmsgs_lbl_message'); ?>
						</td>
						<td class="row1" style="min-width: 80%;">
							<?php
								if ( isset($_POST['_savedraft']) )
								{
									$content = htmlspecialchars($_POST['message']);
								}
								else
								{
									$content =& $r['message_text'];
								}
								echo $template->tinymce_textarea('message', $content, 20, 40);
							?>
						</td>
					</tr>
					
					<tr>
						<th class="subhead" colspan="2">
							<input type="submit" name="_send" value="<?php echo $lang->get('privmsgs_btn_send'); ?>" />
							<input type="submit" name="_savedraft" value="<?php echo $lang->get('privmsgs_btn_savedraft'); ?>" />
						</th>
					</tr>
				</table></div>
				<?php
				echo '</form>';
				$template->footer();
			break;
		case 'Folder':
			$template->header();
			userprefs_show_menu();
			switch($argv[1])
			{
				default:
					echo '<p>' . $lang->get('privmsgs_err_folder_not_exist', array(
							'folder_name' => htmlspecialchars($argv[1]),
							'inbox_url' => makeUrlNS('Special', 'PrivateMessages/Folder/Inbox')
						)) . '</p>';
					break;
				case 'Inbox':
				case 'Outbox':
				case 'Sent':
				case 'Drafts':
				case 'Archive':
					?>
					<table border="0" width="100%" cellspacing="10" cellpadding="0">
					<tr>
					<td style="padding: 0px; width: 120px;" valign="top"  >
					<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
					<tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
					<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
					<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
					<tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
					<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
					</table></div>
					</td>
					<td valign="top">
					<?php
					$fname = strtolower($argv[1]);
					switch($argv[1])
					{
						case 'Inbox':
						case 'Archive':
						default:
							$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
							break;
						case 'Outbox':
							$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=0 ORDER BY date DESC;');
							break;
						case 'Sent':
							$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.message_from=\''.$session->username.'\' AND message_read=1 ORDER BY date DESC;');
							break;
						case 'Drafts':
							$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject, p.message_read FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');
							break;
					}
					if ( !$q )
					{
						$db->_die('The private message data could not be selected.');
					}
					if ( $argv[1] == 'Drafts' || $argv[1] == 'Outbox' )
					{
						$act = 'Edit';
					}
					else
					{
						$act = 'View';
					}
					echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/PostHandler').'" method="post">
									<div class="tblholder">
										<table border="0" width="100%" cellspacing="1" cellpadding="4">
											<tr>
												<th colspan="4" style="text-align: left;">' . $lang->get('privmsgs_folder_th_foldername') . ' ' . $lang->get('privmsgs_folder_' . strtolower($argv[1])) . '</th>
											</tr>
										<tr>
											<th class="subhead">';
					if ( $fname == 'drafts' || $fname == 'Outbox' )
					{
						echo $lang->get('privmsgs_folder_th_to');
					}
					else
					{
						echo $lang->get('privmsgs_folder_th_from');
					}
					echo '</th>
								<th class="subhead">' . $lang->get('privmsgs_folder_th_subject') . '</th>
								<th class="subhead">' . $lang->get('privmsgs_folder_th_date') . '</th>
								<th class="subhead">' . $lang->get('privmsgs_folder_th_mark') . '</th>
							</tr>';
					if($db->numrows() < 1)
					{
						echo '<tr><td style="text-align: center;" class="row1" colspan="4">' . $lang->get('privmsgs_msg_no_messages') . '</td></tr>';
					}
					else
					{
						$cls = 'row2';
						while ( $r = $db->fetchrow() )
						{
							if($cls == 'row2') $cls='row1';
							else $cls = 'row2';
							$mto = str_replace(' ', '_', $r['message_to']);
							$mfr = str_replace(' ', '_', $r['message_from']);
							echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', ( $fname == 'drafts') ? $mto : $mfr).'">';
							if ( $fname == 'drafts' || $fname == 'outbox' )
							{
								echo $r['message_to'];
							}
							else
							{
								echo $r['message_from'];
							}
							
							echo '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/'.$act.'/'.$r['message_id']).'">';
							
							if ( $r['message_read'] == 0 )
							{
								echo '<b>';
							}
							echo $r['subject'];
							if ( $r['message_read'] == 0 )
							{
								echo '</b>';
							}
							echo '</a></td><td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $r['date']).'</td><td class="'.$cls.'" style="text-align: center;"><input name="marked_'.$r['message_id'].'" type="checkbox" /></td></tr>';
						}
						$db->free_result();
					}
					echo '<tr>
									<th style="text-align: right;" colspan="4">
										<input type="hidden" name="folder" value="'.$fname.'" />
										<input type="submit" name="archive" value="' . $lang->get('privmsgs_btn_archive_selected') . '" />
										<input type="submit" name="delete" value="' . $lang->get('privmsgs_btn_delete_selected') . '" />
										<input type="submit" name="deleteall" value="' . $lang->get('privmsgs_btn_delete_all') . '" />
									</th>
								</tr>';
					echo '</table></div></form>
					<br />
					<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/').'">' . $lang->get('privmsgs_btn_compose') . '</a>
					</td></tr></table>';
					break;
			}
			$template->footer();
			break;
		case 'PostHandler':
			$fname = $db->escape(strtolower($_POST['folder']));
			if($fname=='drafts' || $fname=='outbox')
			{
				$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_from=\''.$session->username.'\' ORDER BY date DESC;');  
			} else {
				$q = $db->sql_query('SELECT p.message_id, p.message_from, p.message_to, p.date, p.subject FROM '.table_prefix.'privmsgs AS p WHERE p.folder_name=\''.$fname.'\' AND p.message_to=\''.$session->username.'\' ORDER BY date DESC;');
			}
			if(!$q) $db->_die('The private message data could not be selected.');
					
			if(isset($_POST['archive'])) {
				while($row = $db->fetchrow($q))
				{
					if(isset($_POST['marked_'.$row['message_id']]))
					{
						$e = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\'archive\' WHERE message_id='.$row['message_id'].';');
						if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
						$db->free_result();
					}
				}
			} elseif(isset($_POST['delete'])) {
				while($row = $db->fetchrow($q))
				{
					if(isset($_POST['marked_'.$row['message_id']]))
					{
						$e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
						if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
						$db->free_result();
					}
				}
			} elseif(isset($_POST['deleteall'])) {
				while($row = $db->fetchrow($q))
				{
					$e = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$row['message_id'].';');
					if(!$e) $db->_die('Message '.$row['message_id'].' was not successfully moved.');
					$db->free_result();
				}
			} else {
				die_friendly('Invalid request', 'This section can only be accessed from within another Private Message section.');
			}
			$db->free_result($q);
			header('Location: '.makeUrlNS('Special', 'PrivateMessages/Folder/'. substr(strtoupper($_POST['folder']), 0, 1) . substr(strtolower($_POST['folder']), 1, strlen($_POST['folder'])) ));
			break;
		case 'FriendList':
			if($argv[1] == 'Add')
			{
				if(isset($_POST['_go']))
					$buddyname = $_POST['buddyname'];
				elseif($argv[2])
					$buddyname = $argv[2];
				else
					die_friendly('Error adding buddy', '<p>No name specified</p>');
				$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($buddyname).'\'');
				if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
				if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
				{
					$r = $db->fetchrow();
					$db->free_result();
					$q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 1);');
					if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>';
					$db->free_result();
				}
			} elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
				// Using WHERE user_id prevents users from deleting others' buddies
				$q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
				$db->free_result();
				if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>';
				if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
			}
			$template->header();
			userprefs_show_menu();
			?>
			<table border="0" width="100%" cellspacing="10" cellpadding="0">
					<tr>
					<td style="padding: 0px; width: 120px;" valign="top"  >
					<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
					<tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
					<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
					<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
					<tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
					<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
					<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
					</table></div>
					</td>
					<td valign="top">
				<?php
				$q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=1;');
				if(!$q) $db->_die('The buddy list could not be selected.');
				else 
				{
					$allbuds = '';
					echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_buddy_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>';
					if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_buddies') . '</td></tr>';
					$cls = 'row2';
					while ( $row = $db->fetchrow($q) )
					{
						if($cls=='row2') $cls = 'row1';
						else $cls = 'row2';
						echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>';
						$allbuds .= str_replace(' ', '_', $row['username']).',';
					}
					$db->free_result();
					$allbuds = substr($allbuds, 0, strlen($allbuds)-1);
					if($cls=='row2') $cls = 'row1';
					else $cls = 'row2';
					echo '<tr><td colspan="3" class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.$allbuds).'">' . $lang->get('privmsgs_btn_pm_all_buddies') . '</a></td></tr>';
					echo '</table></div>';
				}
				echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
							<h3>' . $lang->get('privmsgs_heading_add_buddy') . '</h3>';
				echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').'  <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>';
				echo '</form>';
				?>
				</td>
				</tr>
				</table>
				<?php
			$template->footer();
			break;
		case 'FoeList':
			if($argv[1] == 'Add' && isset($_POST['_go']))
			{
				$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['buddyname']).'\'');
				if(!$q) $db->_die('The buddy\'s user ID could not be selected.');
				if($db->numrows() < 1) echo '<h3>Error adding buddy</h3><p>The username you entered is not in use by any registered user.</p>';
				{
					$r = $db->fetchrow();
					$q = $db->sql_query('INSERT INTO '.table_prefix.'buddies(user_id,buddy_user_id,is_friend) VALUES('.$session->user_id.', '.$r['user_id'].', 0);');
					if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be added: '.$db->get_error().'</p>';
				}
				$db->free_result();
			} elseif($argv[1] == 'Remove' && preg_match('#^([0-9]+)$#', $argv[2])) {
				// Using WHERE user_id prevents users from deleting others' buddies
				$q = $db->sql_query('DELETE FROM '.table_prefix.'buddies WHERE user_id='.$session->user_id.' AND buddy_id='.$argv[2].';');
				$db->free_result();
				if(!$q) echo '<h3>Warning:</h3><p>Buddy could not be deleted: '.$db->get_error().'</p>';
				if(mysql_affected_rows() < 1) echo '<h3>Warning:</h3><p>No rows were affected. Either the selected buddy ID does not exist or you tried to delete someone else\'s buddy.</p>';
			}
			$template->header();
			userprefs_show_menu();
			?>
				<table border="0" width="100%" cellspacing="10" cellpadding="0">
				<tr>
				<td style="padding: 0px; width: 120px;" valign="top"  >
				<div class="tblholder" style="width: 120px;"><table border="0" width="120" cellspacing="1" cellpadding="4">
				<tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_privmsgs'); ?></small></th></tr>
				<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'); ?>"><?php echo $lang->get('privmsgs_folder_inbox'); ?></a></small></td></tr>
				<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'); ?>"><?php echo $lang->get('privmsgs_folder_outbox'); ?></a></small></td></tr>
				<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Sent'); ?>"><?php echo $lang->get('privmsgs_folder_sent'); ?></a></small></td></tr>
				<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'); ?>"><?php echo $lang->get('privmsgs_folder_drafts'); ?></a></small></td></tr>
				<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/Folder/Archive'); ?>"><?php echo $lang->get('privmsgs_folder_archive'); ?></a></small></td></tr>
				<tr><th><small><?php echo $lang->get('privmsgs_sidebar_th_buddies'); ?></small></th></tr>
				<tr><td class="row2"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FriendList'); ?>"><?php echo $lang->get('privmsgs_sidebar_friend_list'); ?></a></small></td></tr>
				<tr><td class="row1"><small><a href="<?php echo makeUrlNS('Special', 'PrivateMessages/FoeList'); ?>"><?php echo $lang->get('privmsgs_sidebar_foe_list'); ?></a></small></td></tr>
				</table></div>
				</td>
				<td valign="top">
				<?php
				$q = $db->sql_query('SELECT u.username,b.buddy_id FROM '.table_prefix.'buddies AS b LEFT JOIN '.table_prefix.'users AS u ON ( u.user_id=b.buddy_user_id ) WHERE b.user_id='.$session->user_id.' AND is_friend=0;');
				if(!$q) $db->_die('The buddy list could not be selected.');
				else 
				{
					$allbuds = '';
					echo '<br /><div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th colspan="3">' . $lang->get('privmsgs_th_foe_list', array('username' => htmlspecialchars($session->username))) . '</th></tr>';
					if($db->numrows() < 1) echo '<tr><td class="row3">' . $lang->get('privmsgs_msg_no_foes') . '</td></tr>';
					$cls = 'row2';
					while ( $row = $db->fetchrow($q) )
					{
						if($cls=='row2') $cls = 'row1';
						else $cls = 'row2';
						echo '<tr><td class="'.$cls.'"><a href="'.makeUrlNS('User', str_replace(' ', '_', $row['username'])).'" '. ( isPage($paths->nslist['User'].str_replace(' ', '_', $row['username'])) ? '' : 'class="wikilink-nonexistent" ' ) .'>'.$row['username'].'</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/to/'.str_replace(' ', '_', $row['username'])).'">' . $lang->get('privmsgs_btn_buddy_send_pm') . '</a></td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Remove/'.$row['buddy_id']).'">' . $lang->get('privmsgs_btn_buddy_remove') . '</a></td></tr>';
						$allbuds .= str_replace(' ', '_', $row['username']).',';
					}
					$db->free_result();
					$allbuds = substr($allbuds, 0, strlen($allbuds)-1);
					if($cls=='row2') $cls = 'row1';
					else $cls = 'row2';
					echo '</table></div>';
				}
				echo '<form action="'.makeUrlNS('Special', 'PrivateMessages/FoeList/Add').'" method="post" onsubmit="if(!submitAuthorized) return false;">
							<h3>' . $lang->get('privmsgs_heading_add_foe') . '</h3>';
				echo '<p>' . $lang->get('privmsgs_lbl_username') . ' '.$template->username_field('buddyname').'  <input type="submit" name="_go" value="' . $lang->get('privmsgs_btn_add') . '" /></p>';
				echo '</form>';
				?>
				</td>
				</tr>
				</table>
				<?php
			$template->footer();
			break;
	}
}

?>