id." ORDER BY date DESC");
if (mysql_num_rows($query) == 0) {
echo "You have no private messages.";
} else {
start_table();
print "
\n";
echo "Delete\n";
echo " | Reply\n";
echo " | Inbox\n";
end_table();
if ($message->opened == 0) {
mysql_query("UPDATE private_messages SET opened=1 WHERE id=$id");
}
}
} elseif ($action == "new") {
pm_create_new();
} elseif ($action == "delete") {
$id = get_int("id", true);
if ($id == null) { $id = post_int("id"); }
if (post_int("confirm", true) == 1) {
check_tokens($logged_in_user->authenticator);
mysql_query("DELETE FROM private_messages WHERE userid=".$logged_in_user->id." AND id=$id");
header("Location: forum_pm.php");
} else {
$message = mysql_query("SELECT * FROM private_messages WHERE userid=".$logged_in_user->id." AND id=$id");
if (mysql_num_rows($message) == 1) {
$message = mysql_fetch_object($message);
$sender = lookup_user_id($message->senderid);
page_head("Private messages : Really delete?");
pm_header();
echo " Are you sure you want to delete the message with subject \"".$message->subject."\" (sent by ".$sender->name." on ".time_str($message->date).")? \n";
echo "\n";
echo "\n";
} else {
error_page("No such message.");
}
}
} elseif ($action == "send") {
check_tokens($logged_in_user->authenticator);
$to = stripslashes(post_str("to", true));
$subject = stripslashes(post_str("subject", true));
$content = stripslashes(post_str("content", true));
if (($to == null) || ($subject == null) || ($content == null)) {
pm_create_new("You need to fill all fields to send a private message");
} else {
akismet_check(new User($logged_in_user->id), $content);
$to = str_replace(", ", ",", $to); // Filter out spaces after separator
$users = explode(",", $to);
$userlist = array();
$userids = array(); // To prevent from spamming a single user by adding it multiple times
foreach ($users as $username) {
$user = explode(" ", $username);
if (is_numeric($user[0])) { // user ID is gived
$userid = $user[0];
$user = lookup_user_id($userid);
if ($user == null) {
pm_create_new("Could not find user with id $userid");
}
} else {
$user = lookup_user_name($username);
if ($user == null) {
pm_create_new("Could not find user $username");
} elseif ($user == -1) { // Non-unique username
pm_create_new("User $username is not unique; you will have to use user ID");
}
}
$ignorelist = mysql_query("SELECT ignorelist FROM forum_preferences WHERE userid=".$user->id);
$ignorelist = mysql_fetch_object($ignorelist);
$ignorelist = $ignorelist->ignorelist;
$ignorelist = explode("|", $ignorelist);
if (in_array($logged_in_user->id, $ignorelist)) {
pm_create_new("User ".$user->name." (ID: ".$user->id.") is not accepting private messages from you.");
}
if ($userids[$user->id] == null) {
$userlist[] = $user;
$userids[$user->id] = true;
}
}
foreach ($userlist as $user) {
pm_send($user, $subject, $content);
}
Header("Location: forum_pm.php?action=inbox&sent=1");
}
}
page_tail();
function pm_header() {
echo "\n";
}
function pm_create_new($error = null) {
page_head("Private messages : Create new");
pm_header();
global $logged_in_user;
$replyto = get_int("replyto", true);
$userid = get_int("userid", true);
if ($replyto) {
$message = mysql_query("SELECT * FROM private_messages WHERE userid=".$logged_in_user->id." AND id=$replyto");
if ($message) {
$message = mysql_fetch_object($message);
$content = "[quote]".$message->content."[/quote]\n";
$userid = $message->senderid;
$user = get_user_from_id($userid);
if ($user != null) {
$writeto = $userid." (".$user->name.")";
}
$subject = $message->subject;
if (substr($subject, 0, 3) != "re:") {
$subject = "re: ".$subject;
}
}
} elseif ($userid) {
$user = get_user_from_id($userid);
if ($user != null) {
$writeto = $userid." (".$user->name.")";
}
} else {
$writeto = post_str("to", true);
$subject = post_str("subject", true);
$content = post_str("content", true);
}
$subject = htmlspecialchars($subject);
if ($error != null) {
echo "$error \n";
}
echo " |