diff --git a/e107_handlers/userclass_class.php b/e107_handlers/userclass_class.php index 206f88be0..e2df6d302 100644 --- a/e107_handlers/userclass_class.php +++ b/e107_handlers/userclass_class.php @@ -531,7 +531,7 @@ class user_class if (count($opt_arr) == 0) { - $opt_arr = array('public' => 1, 'guest' => 1, 'nobody' => 1, 'member' => 1, 'classes' => 1); + $opt_arr = array('public' => 1, 'guest' => 1, 'new'=>1, 'nobody' => 1, 'member' => 1, 'classes' => 1); } if (isset($opt_arr['all'])) diff --git a/e107_plugins/pm/e_shortcode.php b/e107_plugins/pm/e_shortcode.php index 890f5e57b..62ee34983 100644 --- a/e107_plugins/pm/e_shortcode.php +++ b/e107_plugins/pm/e_shortcode.php @@ -75,8 +75,10 @@ class pm_shortcodes extends e_shortcode } - - + /** + * @param int $parm - User ID. + * @return null|string + */ function sc_sendpm($parm='') { @@ -86,8 +88,12 @@ class pm_shortcodes extends e_shortcode $url = e107::url('pm','index').'?send.'.$parm; + require_once(e_PLUGIN."pm/pm_class.php"); - if(check_class($pm_prefs['pm_class'])) + $pm = new private_message; + + + if(check_class($pm_prefs['pm_class']) && $pm->canSendTo($parm)) // check $this->pmPrefs['send_to_class']. { if(deftrue('FONTAWESOME') && deftrue('BOOTSTRAP')) { diff --git a/e107_plugins/pm/languages/English.php b/e107_plugins/pm/languages/English.php index d1ae0a849..53b2f5032 100755 --- a/e107_plugins/pm/languages/English.php +++ b/e107_plugins/pm/languages/English.php @@ -88,4 +88,5 @@ define("LAN_PM_111", "Read"); define("LAN_PM_112", "User(s)"); define("LAN_PM_113", "Read Message"); +define("LAN_PM_114", "You do not have access to send to this user."); ?> \ No newline at end of file diff --git a/e107_plugins/pm/pm.php b/e107_plugins/pm/pm.php index e3b323814..ed3a355ca 100755 --- a/e107_plugins/pm/pm.php +++ b/e107_plugins/pm/pm.php @@ -148,8 +148,16 @@ class pm_extended extends private_message $to_uid = $pm_info['pm_from']; } + + if(!empty($to_uid)) { + + if($this->canSendTo($to_uid) == false) + { + return "
".LAN_PM_114."
";// sending to this user is not permitted. + } + $sql2 = e107::getDb('sql2'); if($sql2->select('user', 'user_name', 'user_id = '.intval($to_uid))) //TODO add a check for userclass. { diff --git a/e107_plugins/pm/pm_class.php b/e107_plugins/pm/pm_class.php index c51b59de5..ceb4f55d7 100755 --- a/e107_plugins/pm/pm_class.php +++ b/e107_plugins/pm/pm_class.php @@ -35,7 +35,8 @@ class private_message public function __construct($prefs=null) { $this->e107 = e107::getInstance(); - $this->pmPrefs = $prefs; } + $this->pmPrefs = e107::pref('pm'); + } /** @@ -262,6 +263,10 @@ class private_message else { // Sending to a single person $info['pm_to'] = intval($vars['to_info']['user_id']); // Sending to a single user now + + + + if($pmid = $sql->insert('private_msg', $info)) { $info['pm_id'] = $pmid; @@ -634,6 +639,7 @@ class private_message function get_users_inclass($class) { $sql = e107::getDb(); + if($class == e_UC_MEMBER) { $qry = "SELECT user_id, user_name, user_email, user_class FROM `#user` WHERE 1"; @@ -658,6 +664,37 @@ class private_message } + /** + * Check permission to send a PM to someone. + * @param int $uid user_id of the person to send to + * @return bool + */ + function canSendTo($uid) + { + if(empty($uid)) + { + return false; + } + + $user = e107::user($uid); + + $uclass = explode(",", $user['user_class']); + + if($this->pmPrefs['send_to_class'] == 'matchclass') + { + $tmp = explode(",", USERCLASS); + $result = array_intersect($uclass, $tmp); + + return !empty($result); + } + + return in_array($this->pmPrefs['send_to_class'], $uclass); + + } + + + + /** * Get inbox - up to $limit messages from $from *