".tra("Your message has been sent.")."\n"; } $query = mysql_query("SELECT * FROM private_messages WHERE userid=".$logged_in_user->id." ORDER BY date DESC"); if (mysql_num_rows($query) == 0) { echo tra("You have no private messages."); } else { echo "
\n"; echo form_tokens($logged_in_user->authenticator); start_table(); echo "".tra("Subject")."".tra("Sender")."".tra("Date")."\n"; while ($row = mysql_fetch_object($query)) { echo "\n"; $checkbox = "id."\">"; $subject = "id."\">".$row->subject.""; if ($row->opened) { echo "".$checkbox.$subject."\n"; } else { echo "".$checkbox."".$subject."\n"; } echo "".user_links(get_user_from_id($row->senderid))."\n"; echo "".time_str($row->date)."\n"; echo "\n"; } $delete = ""; $mark_as_read = ""; $mark_as_unread = ""; table_header(tra("With selected").":", array($delete." ".$mark_as_read." ".$mark_as_unread, "colspan=\"2\"")); end_table(); echo "
\n"; } } elseif ($action == "read") { $id = get_int("id"); $message = mysql_query("SELECT * FROM private_messages WHERE id=".$id." AND userid=".$logged_in_user->id); if (mysql_num_rows($message) == 0) { error_page(tra("No such message")); } else { $message = mysql_fetch_object($message); page_head(tra("Private messages")." : ".$message->subject); pm_header(); $options = new output_options; start_table(); echo "".tra("Subject")."".$message->subject.""; echo "".tra("Sender")."".user_links(get_user_from_id($message->senderid))." senderid."\">\"".tra("Block"; echo "".tra("Date")."".time_str($message->date).""; echo "".tra("Message")."".output_transform($message->content, $options).""; echo "\n"; echo "".tra("Delete")."\n"; echo " | ".tra("Reply")."\n"; echo " | ".tra("Inbox")."\n"; end_table(); if ($message->opened == 0) { mysql_query("UPDATE private_messages SET opened=1 WHERE id=$id"); } } } elseif ($action == "new") { check_banished(new User($logged_in_user->id)); pm_create_new(); } elseif ($action == "delete") { $id = get_int("id", true); if ($id == null) { $id = post_int("id"); } if (post_int("confirm", true) == 1) { check_tokens($logged_in_user->authenticator); mysql_query("DELETE FROM private_messages WHERE userid=".$logged_in_user->id." AND id=$id"); header("Location: forum_pm.php"); } else { $message = mysql_query("SELECT * FROM private_messages WHERE userid=".$logged_in_user->id." AND id=$id"); if (mysql_num_rows($message) == 1) { $message = mysql_fetch_object($message); $sender = lookup_user_id($message->senderid); page_head(tra("Private messages")." : ".tra("Really delete?")); pm_header(); echo "
".tra("Are you sure you want to delete the message with subject "%1" (sent by %2 on %3)?", $message->subject, $sender->name, time_str($message->date))."
\n"; echo "
\n"; echo form_tokens($logged_in_user->authenticator); echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo "
\n"; echo "\n"; echo "\n"; echo "
\n"; } else { error_page(tra("No such message.")); } } } elseif ($action == "send") { check_banished(new User($logged_in_user->id)); check_tokens($logged_in_user->authenticator); $to = stripslashes(post_str("to", true)); $subject = stripslashes(post_str("subject", true)); $content = stripslashes(post_str("content", true)); if (post_str("preview", true) == tra("Preview")) { pm_create_new(); } if (($to == null) || ($subject == null) || ($content == null)) { pm_create_new(tra("You need to fill all fields to send a private message")); } else { akismet_check(new User($logged_in_user->id), $content); $to = str_replace(", ", ",", $to); // Filter out spaces after separator $users = explode(",", $to); $userlist = array(); $userids = array(); // To prevent from spamming a single user by adding it multiple times foreach ($users as $username) { $user = explode(" ", $username); if (is_numeric($user[0])) { // user ID is gived $userid = $user[0]; $user = lookup_user_id($userid); if ($user == null) { pm_create_new(tra("Could not find user with id %1", $userid)); } } else { $user = lookup_user_name($username); if ($user == null) { pm_create_new(tra("Could not find user with username %1", $username)); } elseif ($user == -1) { // Non-unique username pm_create_new(tra("%1 is not a unique username; you will have to use user ID", $username)); } } $ignorelist = mysql_query("SELECT ignorelist FROM forum_preferences WHERE userid=".$user->id); $ignorelist = mysql_fetch_object($ignorelist); $ignorelist = $ignorelist->ignorelist; $ignorelist = explode("|", $ignorelist); if (in_array($logged_in_user->id, $ignorelist)) { pm_create_new(tra("User %1 (ID: %2) is not accepting private messages from you.", $user->name, $user->id)); } if ($userids[$user->id] == null) { $userlist[] = $user; $userids[$user->id] = true; } } foreach ($userlist as $user) { check_pm_count($logged_in_user->id); pm_send($user, $subject, $content); } Header("Location: forum_pm.php?action=inbox&sent=1"); } } elseif ($action == "block") { $id = get_int("id"); $user = mysql_query("SELECT name FROM user WHERE id=$id"); if ($user) { $user = mysql_fetch_object($user); page_head(tra("Really block %1?", $user->name)); echo "
".tra("Are you really sure you want to block user %1 from sending you private messages?", $user->name)."
\n"; echo tra("Please note that you can only block a limited amount of users.")."
\n"; echo "
".tra("Once the user has been blocked you can unblock it using forum preferences page.")."
\n"; echo "
\n"; echo form_tokens($logged_in_user->authenticator); echo "\n"; echo "\n"; echo "\n"; echo "".tra("No, cancel")."\n"; echo "
\n"; } else { error_page(tra("No such user")); } } elseif ($action == "confirmedblock") { check_tokens($logged_in_user->authenticator); $id = post_int("id"); $user = new User($logged_in_user->id); $blocked = new User($id); $user->addIgnoredUser($blocked); page_head(tra("User %1 blocked", $blocked->getName())); echo "
".tra("User %1 has been blocked from sending you private messages.", $blocked->getName())."\n"; echo tra("To unblock, visit %1message board preferences%2", "", "")."
\n"; } elseif ($action == "select_".tra("Delete")) { check_tokens($logged_in_user->authenticator); foreach ($_POST["pm_select"] as $id) { $query = mysql_query("SELECT * FROM private_messages ". "WHERE id=".mysql_real_escape_string($id)." AND userid=".$logged_in_user->id); if (mysql_num_rows($query) == 1) { // User has rights to delete the message mysql_query("DELETE FROM private_messages WHERE id=".mysql_real_escape_string($id)); } } Header("Location: forum_pm.php?action=inbox&deleted=1"); } elseif ($action == "select_".tra("Mark as read")) { check_tokens($logged_in_user->authenticator); foreach ($_POST["pm_select"] as $id) { $query = mysql_query("SELECT * FROM private_messages ". "WHERE id=".mysql_real_escape_string($id)." AND userid=".$logged_in_user->id); if (mysql_num_rows($query) == 1) { mysql_query("UPDATE private_messages SET opened=1 WHERE id=".mysql_real_escape_string($id)); } } Header("Location: forum_pm.php?action=inbox"); } elseif ($action == "select_".tra("Mark as unread")) { check_tokens($logged_in_user->authenticator); foreach ($_POST["pm_select"] as $id) { $query = mysql_query("SELECT * FROM private_messages ". "WHERE id=".mysql_real_escape_string($id)." AND userid=".$logged_in_user->id); if (mysql_num_rows($query) == 1) { mysql_query("UPDATE private_messages SET opened=0 WHERE id=".mysql_real_escape_string($id)); } } Header("Location: forum_pm.php?action=inbox"); } page_tail(); ?>