2007-05-07 19:34:45 +00:00
< ? php
2007-05-09 19:30:46 +00:00
$cvs_version_tracker [] = " \$ Id $ " ;
2007-05-07 19:34:45 +00:00
require_once ( " ../inc/forum.inc " );
require_once ( " ../inc/forum_std.inc " );
require_once ( " ../inc/email.inc " );
require_once ( " ../inc/akismet.inc " );
db_init ();
$action = get_str ( " action " , true );
if ( $action == null ) { $action = post_str ( " action " , true ); }
if ( $action == null ) { $action = " inbox " ; }
$logged_in_user = get_logged_in_user ();
if ( $action == " inbox " ) {
2007-08-25 15:04:29 +00:00
page_head ( tra ( " Private messages " ) . " : " . tra ( " Inbox " ));
2007-05-07 19:34:45 +00:00
pm_header ();
2007-05-26 17:00:01 +00:00
if ( get_int ( " sent " , true ) == 1 ) {
2007-08-25 15:04:29 +00:00
echo " <div class= \" notice \" > " . tra ( " Your message has been sent. " ) . " </div> \n " ;
2007-05-26 17:00:01 +00:00
}
2007-05-07 19:34:45 +00:00
$query = mysql_query ( " SELECT * FROM private_messages WHERE userid= " . $logged_in_user -> id . " ORDER BY date DESC " );
if ( mysql_num_rows ( $query ) == 0 ) {
2007-08-25 15:04:29 +00:00
echo tra ( " You have no private messages. " );
2007-05-07 19:34:45 +00:00
} else {
start_table ();
2007-08-25 15:04:29 +00:00
print " <tr><th> " . tra ( " Subject " ) . " </th><th> " . tra ( " Sender " ) . " </th><th> " . tra ( " Date " ) . " </th></tr> \n " ;
2007-05-07 19:34:45 +00:00
while ( $row = mysql_fetch_object ( $query )) {
print " <tr> \n " ;
$subject = " <a href= \" forum_pm.php?action=read&id= " . $row -> id . " \" > " . $row -> subject . " </a> " ;
if ( $row -> opened ) {
print " <td> " . $subject . " </td> \n " ;
} else {
print " <td><strong> " . $subject . " </strong></td> \n " ;
}
print " <td> " . user_links ( get_user_from_id ( $row -> senderid )) . " </td> \n " ;
print " <td> " . time_str ( $row -> date ) . " </td> \n " ;
print " </tr> \n " ;
}
end_table ();
}
} elseif ( $action == " read " ) {
$id = get_int ( " id " );
$message = mysql_query ( " SELECT * FROM private_messages WHERE id= " . $id . " AND userid= " . $logged_in_user -> id );
if ( mysql_num_rows ( $message ) == 0 ) {
2007-08-25 15:04:29 +00:00
error_page ( tra ( " No such message " ));
2007-05-07 19:34:45 +00:00
} else {
$message = mysql_fetch_object ( $message );
2007-08-25 15:04:29 +00:00
page_head ( tra ( " Private messages " ) . " : " . $message -> subject );
2007-05-07 19:34:45 +00:00
pm_header ();
$options = new output_options ;
start_table ();
2007-08-25 15:04:29 +00:00
echo " <tr><th> " . tra ( " Subject " ) . " </th><td> " . $message -> subject . " </td></tr> " ;
echo " <tr><th> " . tra ( " Sender " ) . " </th><td> " . user_links ( get_user_from_id ( $message -> senderid )) . "
< a href = \ " forum_pm.php?action=block&id= " . $message -> senderid . " \" ><img src= \" img/report_post.png \" width= \" 9 \" height= \" 9 \" alt= \" " . tra ( " Block user " ) . " \" ></a></td></tr> " ;
echo " <tr><th> " . tra ( " Date " ) . " </th><td> " . time_str ( $message -> date ) . " </td></tr> " ;
echo " <tr><th> " . tra ( " Message " ) . " </th><td> " . output_transform ( $message -> content , $options ) . " </td></tr> " ;
2007-05-07 19:34:45 +00:00
echo " <tr><td class= \" pm_footer \" ></td><td> \n " ;
2007-08-25 15:04:29 +00:00
echo " <a href= \" forum_pm.php?action=delete&id= $id\ " > " .tra( " Delete " ). " </ a > \n " ;
echo " | <a href= \" forum_pm.php?action=new&replyto= $id\ " > " .tra( " Reply " ). " </ a > \n " ;
echo " | <a href= \" forum_pm.php?action=inbox \" > " . tra ( " Inbox " ) . " </a> \n " ;
2007-05-07 19:34:45 +00:00
end_table ();
if ( $message -> opened == 0 ) {
mysql_query ( " UPDATE private_messages SET opened=1 WHERE id= $id " );
}
}
} elseif ( $action == " new " ) {
2007-06-22 03:46:42 +00:00
check_banished ( new User ( $logged_in_user -> id ));
2007-05-07 19:34:45 +00:00
pm_create_new ();
} elseif ( $action == " delete " ) {
$id = get_int ( " id " , true );
if ( $id == null ) { $id = post_int ( " id " ); }
if ( post_int ( " confirm " , true ) == 1 ) {
check_tokens ( $logged_in_user -> authenticator );
mysql_query ( " DELETE FROM private_messages WHERE userid= " . $logged_in_user -> id . " AND id= $id " );
header ( " Location: forum_pm.php " );
} else {
$message = mysql_query ( " SELECT * FROM private_messages WHERE userid= " . $logged_in_user -> id . " AND id= $id " );
if ( mysql_num_rows ( $message ) == 1 ) {
$message = mysql_fetch_object ( $message );
$sender = lookup_user_id ( $message -> senderid );
2007-08-25 15:04:29 +00:00
page_head ( tra ( " Private messages " ) . " : " . tra ( " Really delete? " ));
2007-05-07 19:34:45 +00:00
pm_header ();
2007-08-25 15:04:29 +00:00
echo " <div> " . tra ( " Are you sure you want to delete the message with subject "%1" (sent by %2 on %3)? " , $message -> subject , $sender -> name , time_str ( $message -> date )) . " </div> \n " ;
2007-05-07 19:34:45 +00:00
echo " <form action= \" forum_pm.php \" method= \" post \" > \n " ;
echo form_tokens ( $logged_in_user -> authenticator );
echo " <input type= \" hidden \" name= \" action \" value= \" delete \" > \n " ;
echo " <input type= \" hidden \" name= \" confirm \" value= \" 1 \" > \n " ;
echo " <input type= \" hidden \" name= \" id \" value= \" $id\ " > \n " ;
2007-08-25 15:04:29 +00:00
echo " <input type= \" submit \" value= \" " . tra ( " Yes, delete " ) . " \" > \n " ;
2007-05-07 19:34:45 +00:00
echo " </form> \n " ;
echo " <form action= \" forum_pm.php \" method= \" post \" > \n " ;
echo " <input type= \" hidden \" name= \" action \" value= \" inbox \" > \n " ;
2007-08-25 15:04:29 +00:00
echo " <input type= \" submit \" value= \" " . tra ( " No, cancel " ) . " \" > \n " ;
2007-05-07 19:34:45 +00:00
echo " </form> \n " ;
} else {
2007-08-25 15:04:29 +00:00
error_page ( tra ( " No such message. " ));
2007-05-07 19:34:45 +00:00
}
}
} elseif ( $action == " send " ) {
2007-06-22 03:46:42 +00:00
check_banished ( new User ( $logged_in_user -> id ));
2007-05-07 19:34:45 +00:00
check_tokens ( $logged_in_user -> authenticator );
2007-06-02 17:11:19 +00:00
2007-05-07 19:34:45 +00:00
$to = stripslashes ( post_str ( " to " , true ));
$subject = stripslashes ( post_str ( " subject " , true ));
$content = stripslashes ( post_str ( " content " , true ));
2007-06-02 17:11:19 +00:00
2007-08-25 15:04:29 +00:00
if ( post_str ( " preview " , true ) == tra ( " Preview " )) {
2007-08-20 17:59:24 +00:00
pm_create_new ();
}
2007-05-07 19:34:45 +00:00
if (( $to == null ) || ( $subject == null ) || ( $content == null )) {
2007-08-25 15:04:29 +00:00
pm_create_new ( tra ( " You need to fill all fields to send a private message " ));
2007-05-07 19:34:45 +00:00
} else {
akismet_check ( new User ( $logged_in_user -> id ), $content );
$to = str_replace ( " , " , " , " , $to ); // Filter out spaces after separator
$users = explode ( " , " , $to );
$userlist = array ();
$userids = array (); // To prevent from spamming a single user by adding it multiple times
foreach ( $users as $username ) {
$user = explode ( " " , $username );
if ( is_numeric ( $user [ 0 ])) { // user ID is gived
$userid = $user [ 0 ];
$user = lookup_user_id ( $userid );
if ( $user == null ) {
2007-08-25 15:04:29 +00:00
pm_create_new ( tra ( " Could not find user with id %1 " , $userid ));
2007-05-07 19:34:45 +00:00
}
} else {
$user = lookup_user_name ( $username );
if ( $user == null ) {
2007-08-25 15:04:29 +00:00
pm_create_new ( tra ( " Could not find user with username %1 " , $username ));
2007-05-11 20:34:16 +00:00
} elseif ( $user == - 1 ) { // Non-unique username
2007-08-25 15:04:29 +00:00
pm_create_new ( tra ( " %1 is not a unique username; you will have to use user ID " , $username ));
2007-05-07 19:34:45 +00:00
}
}
$ignorelist = mysql_query ( " SELECT ignorelist FROM forum_preferences WHERE userid= " . $user -> id );
$ignorelist = mysql_fetch_object ( $ignorelist );
$ignorelist = $ignorelist -> ignorelist ;
$ignorelist = explode ( " | " , $ignorelist );
if ( in_array ( $logged_in_user -> id , $ignorelist )) {
2007-08-25 15:04:29 +00:00
pm_create_new ( tra ( " User %1 (ID: %2) is not accepting private messages from you. " , $user -> name , $user -> id ));
2007-05-07 19:34:45 +00:00
}
if ( $userids [ $user -> id ] == null ) {
$userlist [] = $user ;
$userids [ $user -> id ] = true ;
}
}
foreach ( $userlist as $user ) {
2007-06-14 19:43:11 +00:00
check_pm_count ( $logged_in_user -> id );
2007-05-07 19:34:45 +00:00
pm_send ( $user , $subject , $content );
}
Header ( " Location: forum_pm.php?action=inbox&sent=1 " );
}
2007-05-26 17:00:01 +00:00
} elseif ( $action == " block " ) {
$id = get_int ( " id " );
$user = mysql_query ( " SELECT name FROM user WHERE id= $id " );
if ( $user ) {
$user = mysql_fetch_object ( $user );
2007-08-25 15:04:29 +00:00
page_head ( tra ( " Really block %1? " , $user -> name ));
echo " <div> " . tra ( " Are you really sure you want to block user %1 from sending you private messages? " , $user -> name ) . " <br> \n " ;
echo tra ( " Please note that you can only block a limited amount of users. " ) . " </div> \n " ;
echo " <div> " . tra ( " Once the user has been blocked you can unblock it using forum preferences page. " ) . " </div> \n " ;
2007-05-26 17:00:01 +00:00
echo " <form action= \" forum_pm.php \" method= \" POST \" > \n " ;
echo form_tokens ( $logged_in_user -> authenticator );
echo " <input type= \" hidden \" name= \" action \" value= \" confirmedblock \" > \n " ;
echo " <input type= \" hidden \" name= \" id \" value= \" $id\ " > \n " ;
2007-08-25 15:04:29 +00:00
echo " <input type= \" submit \" value= \" " . tra ( " Add user to filter " ) . " \" > \n " ;
echo " <a href= \" forum_pm.php?action=inbox \" > " . tra ( " No, cancel " ) . " </a> \n " ;
2007-05-26 17:00:01 +00:00
echo " </form> \n " ;
2007-05-07 19:34:45 +00:00
} else {
2007-08-25 15:04:29 +00:00
error_page ( tra ( " No such user " ));
2007-05-07 19:34:45 +00:00
}
2007-05-26 17:00:01 +00:00
} elseif ( $action == " confirmedblock " ) {
check_tokens ( $logged_in_user -> authenticator );
$id = post_int ( " id " );
$user = new User ( $logged_in_user -> id );
$blocked = new User ( $id );
$user -> addIgnoredUser ( $blocked );
2007-06-02 17:11:19 +00:00
2007-08-25 15:04:29 +00:00
page_head ( tra ( " User %1 blocked " , $blocked -> getName ()));
2007-05-26 17:00:01 +00:00
2007-08-25 15:04:29 +00:00
echo " <div> " . tra ( " User %1 has been blocked from sending you private messages. " , $blocked -> getName ()) . " \n " ;
echo tra ( " To unblock, visit %1message board preferences%2 " , " <a href= \" edit_forum_preferences_form.php \" > " , " </a> " ) . " </div> \n " ;
2007-05-07 19:34:45 +00:00
}
2007-05-26 17:00:01 +00:00
page_tail ();
2007-05-07 19:34:45 +00:00
?>
