mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-11 10:05:19 +02:00
Code Issues Releases Wiki Activity

Moved prepare message to post.php to enable privmsg to use it

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@487 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-06-13 17:36:58 +00:00
parent e82e107714
commit f9b181e0ce
3 changed files with 648 additions and 399 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
phpBB/includes/post.php
View File

@ -1,4 +1,4 @@
'<?php <?php
/*************************************************************************** /***************************************************************************
* *
* ------------------- * -------------------
@ -22,5 +22,33 @@
* *
***************************************************************************/ ***************************************************************************/
//
// This function will prepare a posted message for
// entry into the database.
//
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
$message = trim($message);
if(!$html_on)
{
$message = htmlspecialchars($message);
}
if($bbcode_on)
{
$message = bbencode_first_pass($message, $bbcode_uid);
}
if($smile_on)
{
// No smile() function yet, write one...
//$message = smile($message);
}
$message = addslashes($message);
return($message);
}
?> ?>

480
phpBB/posting.php
View File

@ -22,43 +22,18 @@
***************************************************************************/ ***************************************************************************/
include('extension.inc'); include('extension.inc');
include('common.'.$phpEx); include('common.'.$phpEx);
include('includes/post.'.$phpEx);
include('includes/bbcode.'.$phpEx); include('includes/bbcode.'.$phpEx);
// //
// Posting specific functions. // Start session management
//
$userdata = session_pagestart($user_ip, PAGE_POSTING, $session_length);
init_userprefs($userdata);
//
// End session management
// //
// This function will prepare the message for entry into the database.
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
$message = trim($message);
if(!$html_on)
{
$message = htmlspecialchars($message);
}
if($bbcode_on)
{
$message = bbencode_first_pass($message, $bbcode_uid);
}
if($smile_on)
{
// No smile() function yet, write one...
//$message = smile($message);
}
$message = addslashes($message);
return($message);
}
//
// End Posting specific functions.
//
//
// Start program proper
//
if(!isset($HTTP_GET_VARS['forum']) && !isset($HTTP_POST_VARS['forum'])) // For backward compatibility if(!isset($HTTP_GET_VARS['forum']) && !isset($HTTP_POST_VARS['forum'])) // For backward compatibility
{ {
$forum_id = ($HTTP_GET_VARS[POST_FORUM_URL]) ? $HTTP_GET_VARS[POST_FORUM_URL] : $HTTP_POST_VARS[POST_FORUM_URL]; $forum_id = ($HTTP_GET_VARS[POST_FORUM_URL]) ? $HTTP_GET_VARS[POST_FORUM_URL] : $HTTP_POST_VARS[POST_FORUM_URL];
@ -71,32 +46,46 @@ else
$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : ( (isset($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : ""); $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : ( (isset($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : "");
// //
// Start session management // Set initial conditions
//
$userdata = session_pagestart($user_ip, PAGE_POSTING, $session_length);
init_userprefs($userdata);
//
// End session management
// //
$is_first_post = (($HTTP_GET_VARS['is_first_post'] == 1) || ($HTTP_POST_VARS['is_first_post'] == 1)) ? TRUE : FALSE;
$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];
$notify = (isset($HTTP_POST_VARS['notify'])) ? $HTTP_POST_VARS['notify'] : $userdata["always_notify"];
$annouce = (isset($HTTP_POST_VARS['annouce'])) ? $HTTP_POST_VARS['annouce'] : "";
$unannouce = (isset($HTTP_POST_VARS['unannouce'])) ? $HTTP_POST_VARS['unannouce'] : "";
$sticky = (isset($HTTP_POST_VARS['sticky'])) ? $HTTP_POST_VARS['sticky'] : "";
$unstick = (isset($HTTP_POST_VARS['unstick'])) ? $HTTP_POST_VARS['unstick'] : "";
$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;
if($annouce)
{
$topic_type = ANNOUCE;
}
else if($sticky)
{
$topic_type = STICKY;
}
else
{
$topic_type = NORMAL;
}
// //
// Auth code // Auth code
// //
// This is a quick check to see if it works
// can probably be placed better ...
switch($mode) switch($mode)
{ {
case 'newtopic': case 'newtopic':
if(isset($HTTP_POST_VARS['annouce'])) if($topic_type == ANNOUNCE)
{ {
$auth_type = AUTH_ANNOUCE; $auth_type = AUTH_ANNOUCE;
$is_auth_type = "auth_announce"; $is_auth_type = "auth_announce";
$error_string = $lang['can_post_announcements']; $error_string = $lang['can_post_announcements'];
} }
else if(isset($HTTP_POST_VARS['sticky'])) else if($topic_type == STICKY)
{ {
$auth_type = AUTH_STICKY; $auth_type = AUTH_STICKY;
$is_auth_type = "auth_sticky"; $is_auth_type = "auth_sticky";
@ -137,7 +126,6 @@ if(!$is_auth[$is_auth_type])
{ {
// //
// Ooopss, user is not authed // Ooopss, user is not authed
// to read this forum ...
// //
include('includes/page_header.'.$phpEx); include('includes/page_header.'.$phpEx);
@ -153,42 +141,12 @@ if(!$is_auth[$is_auth_type])
include('includes/page_tail.'.$phpEx); include('includes/page_tail.'.$phpEx);
} }
// //
// End Auth // End Auth
// //
$error = FALSE; $error = FALSE;
//
// Set initial conditions
//
$is_first_post = (($HTTP_GET_VARS['is_first_post'] == 1) || ($HTTP_POST_VARS['is_first_post'] == 1)) ? TRUE : FALSE;
$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];
$notify = (isset($HTTP_POST_VARS['notify'])) ? $HTTP_POST_VARS['notify'] : $userdata["always_notify"];
$annouce = (isset($HTTP_POST_VARS['annouce'])) ? $HTTP_POST_VARS['annouce'] : "";
$unannouce = (isset($HTTP_POST_VARS['unannouce'])) ? $HTTP_POST_VARS['unannouce'] : "";
$sticky = (isset($HTTP_POST_VARS['sticky'])) ? $HTTP_POST_VARS['sticky'] : "";
$unstick = (isset($HTTP_POST_VARS['unstick'])) ? $HTTP_POST_VARS['unstick'] : "";
$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;
if($annouce)
{
$topic_type = ANNOUCE;
}
else if($sticky)
{
$topic_type = STICKY;
}
else
{
$topic_type = NORMAL;
}
// //
// Prepare our message and subject on a 'submit' // Prepare our message and subject on a 'submit'
// //
@ -199,13 +157,13 @@ if(isset($HTTP_POST_VARS['submit']) || $preview)
// //
if($mode != 'editpost' && !$preview) if($mode != 'editpost' && !$preview)
{ {
$sql = "SELECT max(post_time) AS last_post_time $sql = "SELECT MAX(post_time) AS last_post_time
FROM ".POSTS_TABLE." FROM " . POSTS_TABLE . "
WHERE poster_ip = '$user_ip'"; WHERE poster_ip = '$user_ip'";
if($result = $db->sql_query($sql)) if($result = $db->sql_query($sql))
{ {
$db_row = $db->sql_fetchrowset($result); $db_row = $db->sql_fetchrow($result);
$last_post_time = $db_row[0]['last_post_time']; $last_post_time = $db_row['last_post_time'];
$current_time = get_gmt_ts(); $current_time = get_gmt_ts();
if(($current_time - $last_post_time) < $board_config['flood_interval']) if(($current_time - $last_post_time) < $board_config['flood_interval'])
@ -349,8 +307,8 @@ switch($mode)
if($db->sql_query($sql)) if($db->sql_query($sql))
{ {
$new_topic_id = $db->sql_nextid(); $new_topic_id = $db->sql_nextid();
$sql = "INSERT INTO ".POSTS_TABLE." (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid) $sql = "INSERT INTO ".POSTS_TABLE." (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid)
VALUES ($new_topic_id, $forum_id, ".$userdata['user_id'].", '".$username."', $topic_time, '$user_ip', '$uid')"; VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$uid')";
if($db->sql_query($sql)) if($db->sql_query($sql))
{ {
@ -979,7 +937,7 @@ if(empty($username))
// //
// Start: Preview Post // Start: Preview Post
// //
if($preview) if($preview && !$error)
{ {
$preview_message = $message; $preview_message = $message;
$uid = make_bbcode_uid(); $uid = make_bbcode_uid();
@ -1011,205 +969,205 @@ if($preview)
if(!isset($HTTP_GET_VARS[POST_FORUM_URL]) && !isset($HTTP_POST_VARS[POST_FORUM_URL])) if(!isset($HTTP_GET_VARS[POST_FORUM_URL]) && !isset($HTTP_POST_VARS[POST_FORUM_URL]))
{ {
error_die(GENERAL_ERROR, "Sorry, no there is no such forum"); error_die(GENERAL_ERROR, "Sorry but there is no such forum");
} }
$sql = "SELECT forum_name $sql = "SELECT forum_name
FROM ".FORUMS_TABLE." FROM ".FORUMS_TABLE."
WHERE forum_id = $forum_id"; WHERE forum_id = $forum_id";
if(!$result = $db->sql_query($sql)) if(!$result = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not obtain forum/forum access information.", __LINE__, __FILE__);
}
$forum_info = $db->sql_fetchrow($result);
$forum_name = stripslashes($forum_info['forum_name']);
$template->set_filenames(array(
"body" => "posting_body.tpl",
"jumpbox" => "jumpbox.tpl")
);
$jumpbox = make_jumpbox();
$template->assign_vars(array(
"JUMPBOX_LIST" => $jumpbox,
"SELECT_NAME" => POST_FORUM_URL)
);
$template->assign_var_from_handle("JUMPBOX", "jumpbox");
$template->assign_vars(array(
"FORUM_ID" => $forum_id,
"FORUM_NAME" => $forum_name,
"L_POSTNEWIN" => $section_title,
"U_VIEW_FORUM" => append_sid("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id"))
);
if($userdata['session_logged_in'])
{
$username_input = $userdata["username"];
$password_input = "";
}
else
{
$username_input = '<input type="text" name="username" value="' . $username . '" size="25" maxlength="50">';
$password_input = '<input type="password" name="password" size="25" maxlenght="40">';
}
$subject_input = '<input type="text" name="subject" value="'.$subject.'" size="50" maxlength="255">';
$message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">'.$message.'</textarea>';
if($board_config['allow_html'])
{
$html_status = $lang['HTML'] . $lang['is_ON'];
$html_toggle = '<input type="checkbox" name="disable_html" ';
if($disable_html)
{
$html_toggle .= 'checked';
}
$html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'];
}
else
{
$html_status = $lang['HTML'] . $lang['is_OFF'];
}
if($board_config['allow_bbcode'])
{
$bbcode_status = $lang['BBCode'] . $lang['is_ON'];
$bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';
if($disable_bbcode)
{
$bbcode_toggle .= "checked";
}
$bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'];
}
else
{
$bbcode_status = $lang['BBCode'] . $lang['is_OFF'];
}
if($board_config['allow_smilies'])
{
$smile_toggle = '<input type="checkbox" name="disable_smile" ';
if($disable_smilies)
{
$smile_toggle .= "checked";
}
$smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'];
}
$sig_toggle = '<input type="checkbox" name="attach_sig" ';
if($attach_sig)
{
$sig_toggle .= "checked";
}
$sig_toggle .= "> " . $lang['Attach_signature'];
if($mode == 'newtopic' || ($mode == 'editpost' && $is_first_post))
{
if($is_auth['auth_announce'])
{
if(!$is_annouce)
{ {
error_die(SQL_QUERY, "Could not obtain forum/forum access information.", __LINE__, __FILE__); $annouce_toggle = '<input type="checkbox" name="annouce" ';
} if($annouce)
$forum_info = $db->sql_fetchrow($result); {
$forum_name = stripslashes($forum_info['forum_name']); $announce_toggle .= "checked";
}
$template->set_filenames(array( $annouce_toggle .= '> '.$lang['Post_Annoucement'];
"body" => "posting_body.tpl",
"jumpbox" => "jumpbox.tpl")
);
$jumpbox = make_jumpbox();
$template->assign_vars(array(
"JUMPBOX_LIST" => $jumpbox,
"SELECT_NAME" => POST_FORUM_URL)
);
$template->assign_var_from_handle("JUMPBOX", "jumpbox");
$template->assign_vars(array(
"FORUM_ID" => $forum_id,
"FORUM_NAME" => $forum_name,
"L_POSTNEWIN" => $section_title,
"U_VIEW_FORUM" => append_sid("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id"))
);
if($userdata['session_logged_in'])
{
$username_input = $userdata["username"];
$password_input = "";
} }
else else
{ {
$username_input = '<input type="text" name="username" value="' . $username . '" size="25" maxlength="50">'; $annouce_toggle = '<input type="checkbox" name="unannouce" ';
$password_input = '<input type="password" name="password" size="25" maxlenght="40">'; if($unannouce)
}
$subject_input = '<input type="text" name="subject" value="'.$subject.'" size="50" maxlength="255">';
$message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">'.$message.'</textarea>';
if($board_config['allow_html'])
{
$html_status = $lang['HTML'] . $lang['is_ON'];
$html_toggle = '<input type="checkbox" name="disable_html" ';
if($disable_html)
{ {
$html_toggle .= 'checked'; $announce_toggle .= "checked";
} }
$html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post']; $annouce_toggle .= '> '.$lang['Un_announce'];
}
}
if($is_auth['auth_sticky'])
{
if(!$is_stuck)
{
$sticky_toggle = '<input type="checkbox" name="sticky" ';
if($sticky)
{
$sticky_toggle .= "checked";
}
$sticky_toggle .= '> '.$lang['Post_Sticky'];
} }
else else
{ {
$html_status = $lang['HTML'] . $lang['is_OFF']; $sticky_toggle = '<input type="checkbox" name="unstick" ';
} if($unstick)
if($board_config['allow_bbcode'])
{
$bbcode_status = $l_bbcodeis . " " . $l_on;
$bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';
if($disable_bbcode)
{ {
$bbcode_toggle .= "checked"; $sticky_toggle .= "checked";
} }
$bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post']; $sticky_toggle .= '> '.$lang['Un_stick'];
}
else
{
$bbcode_status = $lang['BBCode'] . $lang['is_OFF'];
} }
}
}
if($board_config['allow_smilies']) if($mode == 'newtopic' || ($mode == 'editpost' && $notify_show))
{ {
$smile_toggle = '<input type="checkbox" name="disable_smile" '; $notify_toggle = '<input type="checkbox" name="notify" ';
if($disable_smilies) if($notify)
{ {
$smile_toggle .= "checked"; $notify_toggle .= "checked";
} }
$smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post']; $notify_toggle .= "> " . $lang['Notify'];
} }
$sig_toggle = '<input type="checkbox" name="attach_sig" '; if($mode == 'reply' || $mode == 'editpost')
if($attach_sig) {
{ $topic_id = ($HTTP_GET_VARS[POST_TOPIC_URL]) ? $HTTP_GET_VARS[POST_TOPIC_URL] : $HTTP_POST_VARS[POST_TOPIC_URL];
$sig_toggle .= "checked"; $post_id = ($HTTP_GET_VARS[POST_POST_URL]) ? $HTTP_GET_VARS[POST_POST_URL] : $HTTP_POST_VARS[POST_POST_URL];
} }
$sig_toggle .= "> " . $lang['Attach_signature']; $hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"" . POST_FORUM_URL . "\" value=\"$forum_id\"><input type=\"hidden\" name=\"" . POST_TOPIC_URL . "\" value=\"$topic_id\"><input type=\"hidden\" name=\"" . POST_POST_URL . "\" value=\"$post_id\"><input type=\"hidden\" name=\"is_first_post\" value=\"$is_first_post\">";
if($mode == 'newtopic' || ($mode == 'editpost' && $is_first_post)) if($mode == 'newtopic')
{ {
if($is_auth['auth_announce']) $post_a = $lang['Post_a_new_topic'];
{ }
if(!$is_annouce) else if($mode == 'reply')
{ {
$annouce_toggle = '<input type="checkbox" name="annouce" '; $post_a = $lang['Post_a_reply'];
if($annouce) }
{ else if($mode == 'editpost')
$announce_toggle .= "checked"; {
} $post_a = $lang['Edit_Post'];
$annouce_toggle .= '> '.$lang['Post_Annoucement']; }
}
else
{
$annouce_toggle = '<input type="checkbox" name="unannouce" ';
if($unannouce)
{
$announce_toggle .= "checked";
}
$annouce_toggle .= '> '.$lang['Un_announce'];
}
}
if($is_auth['auth_sticky'])
{
if(!$is_stuck)
{
$sticky_toggle = '<input type="checkbox" name="sticky" ';
if($sticky)
{
$sticky_toggle .= "checked";
}
$sticky_toggle .= '> '.$lang['Post_Sticky'];
}
else
{
$sticky_toggle = '<input type="checkbox" name="unstick" ';
if($unstick)
{
$sticky_toggle .= "checked";
}
$sticky_toggle .= '> '.$lang['Un_stick'];
}
}
}
if($mode == 'newtopic' || ($mode == 'editpost' && $notify_show))
{
$notify_toggle = '<input type="checkbox" name="notify" ';
if($notify)
{
$notify_toggle .= "checked";
}
$notify_toggle .= "> " . $lang['Notify'];
}
if($mode == 'reply' || $mode == 'editpost')
{
$topic_id = ($HTTP_GET_VARS[POST_TOPIC_URL]) ? $HTTP_GET_VARS[POST_TOPIC_URL] : $HTTP_POST_VARS[POST_TOPIC_URL];
$post_id = ($HTTP_GET_VARS[POST_POST_URL]) ? $HTTP_GET_VARS[POST_POST_URL] : $HTTP_POST_VARS[POST_POST_URL];
}
$hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"" . POST_FORUM_URL . "\" value=\"$forum_id\"><input type=\"hidden\" name=\"" . POST_TOPIC_URL . "\" value=\"$topic_id\"><input type=\"hidden\" name=\"" . POST_POST_URL . "\" value=\"$post_id\"><input type=\"hidden\" name=\"is_first_post\" value=\"$is_first_post\">";
if($mode == 'newtopic')
{
$post_a = $lang['Post_a_new_topic'];
}
else if($mode == 'reply')
{
$post_a = $lang['Post_a_reply'];
}
else if($mode == 'editpost')
{
$post_a = $lang['Edit_Post'];
}
$template->assign_vars(array( $template->assign_vars(array(
"USERNAME_INPUT" => $username_input, "USERNAME_INPUT" => $username_input,
"PASSWORD_INPUT" => $password_input, "PASSWORD_INPUT" => $password_input,
"SUBJECT_INPUT" => $subject_input, "SUBJECT_INPUT" => $subject_input,
"MESSAGE_INPUT" => $message_input, "MESSAGE_INPUT" => $message_input,
"HTML_STATUS" => $html_status, "HTML_STATUS" => $html_status,
"HTML_TOGGLE" => $html_toggle, "HTML_TOGGLE" => $html_toggle,
"SMILE_TOGGLE" => $smile_toggle, "SMILE_TOGGLE" => $smile_toggle,
"SIG_TOGGLE" => $sig_toggle, "SIG_TOGGLE" => $sig_toggle,
"ANNOUNCE_TOGGLE" => $annouce_toggle, "ANNOUNCE_TOGGLE" => $annouce_toggle,
"STICKY_TOGGLE" => $sticky_toggle, "STICKY_TOGGLE" => $sticky_toggle,
"NOTIFY_TOGGLE" => $notify_toggle, "NOTIFY_TOGGLE" => $notify_toggle,
"BBCODE_TOGGLE" => $bbcode_toggle, "BBCODE_TOGGLE" => $bbcode_toggle,
"BBCODE_STATUS" => $bbcode_status, "BBCODE_STATUS" => $bbcode_status,
"L_SUBJECT" => $lang['Subject'], "L_SUBJECT" => $lang['Subject'],
"L_MESSAGE_BODY" => $lang['Message_body'], "L_MESSAGE_BODY" => $lang['Message_body'],
"L_OPTIONS" => $lang['Options'], "L_OPTIONS" => $lang['Options'],
"L_PREVIEW" => $lang['Preview'], "L_PREVIEW" => $lang['Preview'],
"L_SUBMIT" => $lang['Submit_post'], "L_SUBMIT" => $lang['Submit_post'],
"L_CANCEL" => $lang['Cancel_post'], "L_CANCEL" => $lang['Cancel_post'],
"L_POST_A" => $post_a, "L_POST_A" => $post_a,
"S_POST_ACTION" => append_sid("posting.$phpEx"), "S_POST_ACTION" => append_sid("posting.$phpEx"),
"S_HIDDEN_FORM_FIELDS" => $hidden_form_fields) "S_HIDDEN_FORM_FIELDS" => $hidden_form_fields)
); );
$template->pparse("body"); $template->pparse("body");
include('includes/page_tail.'.$phpEx);
include('includes/page_tail.'.$phpEx);
?> ?>

537
phpBB/privmsg.php
View File

@ -23,6 +23,7 @@
***************************************************************************/ ***************************************************************************/
include('extension.inc'); include('extension.inc');
include('common.'.$phpEx); include('common.'.$phpEx);
include('includes/post.'.$phpEx);
include('includes/bbcode.'.$phpEx); include('includes/bbcode.'.$phpEx);
$pagetype = "privmsgs"; $pagetype = "privmsgs";
@ -37,16 +38,17 @@ init_userprefs($userdata);
// End session management // End session management
// //
$folder = (!empty($HTTP_GET_VARS['folder'])) ? $HTTP_GET_VARS['folder'] : "inbox"; $folder = (!empty($HTTP_GET_VARS['folder'])) ? $HTTP_GET_VARS['folder'] : ( (!empty($HTTP_POST_VARS['folder'])) ? $HTTP_POST_VARS['folder'] : "inbox" );
$mode = (!empty($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : ""; if(empty($HTTP_POST_VARS['cancel']))
{
$mode = (!empty($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : ( (!empty($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : "" );
}
else
{
$mode = "";
}
$start = (!empty($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0; $start = (!empty($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0;
//
// Output page header and
// open the index body template
//
include('includes/page_header.'.$phpEx);
// //
// Start main // Start main
// //
@ -67,13 +69,13 @@ if($mode == "read")
$folder = $HTTP_GET_VARS['folder']; $folder = $HTTP_GET_VARS['folder'];
if($folder == "inbox" || $folder == "saved") if($folder == "inbox" || $folder == "saved")
{ {
$user_to_sql = "AND pm.privmsgs_to_groupid = ug2.group_id AND ug2.user_id = " . $userdata['user_id']; $user_to_sql = "AND pm.privmsgs_to_userid = " . $userdata['user_id'];
$user_from_sql = "AND pm.privmsgs_from_groupid = ug.group_id AND u.user_id = ug.user_id"; $user_from_sql = "AND u.user_id = pm.privmsgs_from_userid";
} }
else else
{ {
$user_to_sql = "AND pm.privmsgs_to_groupid = ug.group_id AND u.user_id = ug.user_id"; $user_to_sql = "AND u.user_id = pm.privmsgs_to_userid";
$user_from_sql = "AND pm.privmsgs_from_groupid = ug2.group_id AND ug2.user_id = " . $userdata['user_id']; $user_from_sql = "AND pm.privmsgs_from_userid = " . $userdata['user_id'];
} }
} }
else else
@ -82,6 +84,8 @@ if($mode == "read")
} }
include('includes/page_header.'.$phpEx);
// //
// Load templates // Load templates
// //
@ -96,8 +100,8 @@ if($mode == "read")
); );
$template->assign_var_from_handle("JUMPBOX", "jumpbox"); $template->assign_var_from_handle("JUMPBOX", "jumpbox");
$sql = "SELECT u.username, u.user_id, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_viewemail, u.user_sig, u.user_avatar, pm.privmsgs_id, pm.privmsgs_type, pm.privmsgs_date, pm.privmsgs_subject, pm.privmsgs_bbcode_uid, pmt.privmsgs_text $sql = "SELECT u.username, u.user_id, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_viewemail, u.user_sig, u.user_avatar, pm.privmsgs_id, pm.privmsgs_type, pm.privmsgs_subject, pm.privmsgs_from_userid, pm.privmsgs_to_userid, pm.privmsgs_date, pm.privmsgs_ip, pm.privmsgs_bbcode_uid, pmt.privmsgs_text
FROM ".PRIVMSGS_TABLE." pm, " . PRIVMSGS_TEXT_TABLE . " pmt, ".USERS_TABLE." u, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2 FROM ".PRIVMSGS_TABLE." pm, " . PRIVMSGS_TEXT_TABLE . " pmt, ".USERS_TABLE." u
WHERE pm.privmsgs_id = $privmsgs_id WHERE pm.privmsgs_id = $privmsgs_id
AND pmt.privmsgs_text_id = pm.privmsgs_id AND pmt.privmsgs_text_id = pm.privmsgs_id
$user_to_sql $user_to_sql
@ -117,6 +121,32 @@ if($mode == "read")
{ {
error_die(SQL_QUERY, "Could not update private message read status.", __LINE__, __FILE__); error_die(SQL_QUERY, "Could not update private message read status.", __LINE__, __FILE__);
} }
//
// This makes a copy of the post and stores
// it as a SENT message from the sendee. Perhaps
// not the most DB friendly way but a lot easier
// to manage, besides the admin will be able to
// set limits on numbers of storable posts for
// users ... hopefully!
//
$sql = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_bbcode_uid)
VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . stripslashes($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', '" . $privmsg['privmsgs_bbcode_uid'] . "')";
if(!$pm_sent_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not insert private message sent info.", __LINE__, __FILE__);
}
else
{
$privmsg_sent_id = $db->sql_nextid($pm_sent_status);
$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_text)
VALUES ($privmsg_sent_id, '" . stripslashes($privmsg['privmsgs_text']) . "')";
if(!$pm_sent_text_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not insert private message sent text.", __LINE__, __FILE__);
}
}
} }
// //
@ -155,17 +185,22 @@ if($mode == "read")
$poster = stripslashes($privmsg['username']); $poster = stripslashes($privmsg['username']);
$poster_id = $privmsg['user_id']; $poster_id = $privmsg['user_id'];
$post_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['default_timezone']);
$poster_avatar = ($privmsg['user_avatar'] != "" && $userdata['user_id'] != ANONYMOUS) ? "<img src=\"".$board_config['avatar_path']."/".$privmsg['user_avatar']."\">" : "";
$profile_img = "<a href=\"".append_sid("profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=$poster_id")."\"><img src=\"".$images['profile']."\" alt=\"$l_profileof $poster\" border=\"0\"></a>"; $post_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['default_timezone']);
$email_img = ($privmsg['user_viewemail'] == 1) ? "<a href=\"mailto:".$privmsg['user_email']."\"><img src=\"".$images['email']."\" alt=\"$l_email $poster\" border=\"0\"></a>" : "";
$www_img = ($privmsg['user_website']) ? "<a href=\"".$privmsg['user_website']."\"><img src=\"".$images['www']."\" alt=\"$l_viewsite\" border=\"0\"></a>" : ""; $poster_avatar = ($privmsg['user_avatar'] != "" && $userdata['user_id'] != ANONYMOUS) ? "<img src=\"" . $board_config['avatar_path'] . "/" . $privmsg['user_avatar'] . "\">" : "";
$profile_img = "<a href=\"" . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id") . "\"><img src=\"" . $images['profile'] . "\" alt=\"$l_profileof $poster\" border=\"0\"></a>";
$email_img = ($privmsg['user_viewemail'] == 1) ? "<a href=\"mailto:" . $privmsg['user_email'] . "\"><img src=\"" .$images['email'] . "\" alt=\"$l_email $poster\" border=\"0\"></a>" : "";
$www_img = ($privmsg['user_website']) ? "<a href=\"" . $privmsg['user_website'] . "\"><img src=\"" . $images['www'] . "\" alt=\"$l_viewsite\" border=\"0\"></a>" : "";
if($privmsg['user_icq']) if($privmsg['user_icq'])
{ {
$icq_status_img = "<a href=\"http://wwp.icq.com/".$privmsg['user_icq']."#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=".$privmsg['user_icq']."&img=5\" alt=\"$l_icqstatus\" border=\"0\"></a>"; $icq_status_img = "<a href=\"http://wwp.icq.com/" . $privmsg['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $privmsg['user_icq'] . "&img=5\" alt=\"$l_icqstatus\" border=\"0\"></a>";
$icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$privmsg['user_icq']."\"><img src=\"".$images['icq']."\" alt=\"$l_icq\" border=\"0\"></a>";
$icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $privmsg['user_icq'] . "\"><img src=\"" . $images['icq'] . "\" alt=\"$l_icq\" border=\"0\"></a>";
} }
else else
{ {
@ -173,9 +208,11 @@ if($mode == "read")
$icq_add_img = ""; $icq_add_img = "";
} }
$aim_img = ($privmsg['user_aim']) ? "<a href=\"aim:goim?screenname=".$privmsg['user_aim']."&message=Hello+Are+you+there?\"><img src=\"".$images['aim']."\" border=\"0\"></a>" : ""; $aim_img = ($privmsg['user_aim']) ? "<a href=\"aim:goim?screenname=" . $privmsg['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['aim'] . "\" border=\"0\"></a>" : "";
$msn_img = ($privmsg['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=$poster_id\"><img src=\"".$images['msn']."\" border=\"0\"></a>" : "";
$yim_img = ($privmsg['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=".$privmsg['user_yim']."&.src=pg\"><img src=\"".$images['yim']."\" border=\"0\"></a>" : ""; $msn_img = ($privmsg['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['msn'] . "\" border=\"0\"></a>" : "";
$yim_img = ($privmsg['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $privmsg['user_yim'] . "&.src=pg\"><img src=\"" . $images['yim'] . "\" border=\"0\"></a>" : "";
if($folder == "inbox") if($folder == "inbox")
{ {
@ -183,8 +220,10 @@ if($mode == "read")
} }
$post_subject = stripslashes($privmsg['privmsgs_subject']); $post_subject = stripslashes($privmsg['privmsgs_subject']);
$message = stripslashes($privmsg['privmsgs_text']); $message = stripslashes($privmsg['privmsgs_text']);
$bbcode_uid = $privmsg['privmsgs_bbcode_uid']; $bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
$user_sig = stripslashes($privmsg['user_sig']); $user_sig = stripslashes($privmsg['user_sig']);
if(!$board_config['allow_html']) if(!$board_config['allow_html'])
@ -230,10 +269,23 @@ if($mode == "read")
include('includes/page_tail.'.$phpEx); include('includes/page_tail.'.$phpEx);
} }
else if($mode == "post" || $mode == "reply") else if($mode == "post" || $mode == "reply" || $mode == "edit")
{ {
if($mode == "reply") if(!$userdata['session_logged_in'])
{
header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=$folder&mode=$mode"));
}
$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];
$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;
$username = (isset($HTTP_POST_VARS['username'])) ? $HTTP_POST_VARS['username'] : "";
if($mode == "reply" || $mode == "edit")
{ {
if(!empty($HTTP_GET_VARS[POST_POST_URL])) if(!empty($HTTP_GET_VARS[POST_POST_URL]))
{ {
@ -246,12 +298,187 @@ else if($mode == "post" || $mode == "reply")
} }
} }
if!empty($HTTP_GET_VARS[POST_USERS_URL]))
{
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE user_id = " . $HTTP_GET_VARS[POST_USERS_URL];
if(!$result = $db->sql_query($sql))
{
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
else
{
list($username) = $db->sql_fetchrow($result);
}
}
if($HTTP_POST_VARS['submit'] || $preview)
{
//
// Flood control
//
if($mode != 'edit' && !$preview)
{
$sql = "SELECT MAX(privmsgs_date) AS last_post_time
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_ip = '$user_ip'";
if($result = $db->sql_query($sql))
{
$db_row = $db->sql_fetchrow($result);
$last_post_time = $db_row['last_post_time'];
$current_time = get_gmt_ts();
if(($current_time - $last_post_time) < $board_config['flood_interval'])
{
$error = TRUE;
$error_msg = $lang['Flood_Error'];
}
}
}
//
// End: Flood control
//
$subject = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['subject'])));
if($mode == "post" && empty($subject))
{
$error = TRUE;
if(isset($error_msg))
{
$error_msg .= "<br />";
}
$error_msg .= $lang['Empty_subject'];
}
if(!empty($HTTP_POST_VARS['message']))
{
if(!$error && !$preview)
{
$html_on = ($disable_html) ? FALSE : TRUE;
$bbcode_on = ($diable_bbcode) ? FALSE : TRUE;
$smile_on = ($disable_smilies) ? FALSE : TRUE;
$message = prepare_message($HTTP_POST_VARS['message'], $html_on, $bbcode_on, $smile_on, $uid);
if($attach_sig && !empty($userdata['user_sig']))
{
$message .= "[addsig]";
}
}
else
{
// do stripslashes incase magic_quotes is on.
$message = stripslashes($HTTP_POST_VARS['message']);
}
}
else
{
$error = TRUE;
if(isset($error_msg))
{
$error_msg .= "<br />";
}
$error_msg .= $lang['Empty_msg'];
}
if(!empty($HTTP_POST_VARS['to_userid']))
{
$to_user_id = $HTTP_POST_VARS['to_userid'];
}
else
{
$error = TRUE;
if(isset($error_msg))
{
$error_msg .= "<br />";
}
$error_msg .= $lang['No_to_user'];
}
if($HTTP_POST_VARS['submit'] && !$preview)
{
$sql = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_bbcode_uid)
VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . stripslashes($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', '" . $privmsg['privmsgs_bbcode_uid'] . "')";
if(!$pm_sent_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not insert private message sent info.", __LINE__, __FILE__);
}
else
{
$privmsg_sent_id = $db->sql_nextid($pm_sent_status);
$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_text)
VALUES ($privmsg_sent_id, '" . stripslashes($privmsg['privmsgs_text']) . "')";
if(!$pm_sent_text_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not insert private message sent text.", __LINE__, __FILE__);
}
}
}
}
//
// Obtain list of groups/users is
// this user is a group moderator
//
if($mode == "post")
{
unset($mod_group_list);
$sql = "SELECT g.group_id, g.group_name, g.group_moderator, g.group_single_user, u.username
FROM phpbb_groups g, phpbb_user_group ug, phpbb_users u
WHERE g.group_moderator = " . $userdata['user_id'] ."
AND ug.group_id = g.group_id
AND u.user_id = ug.user_id";
if(!$group_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not obtain group moderator list.", __LINE__, __FILE__);
}
if($db->sql_numrows($group_status))
{
$mod_group_list = $db->sql_fetchrowset($group_status);
}
}
include('includes/page_header.'.$phpEx);
if($preview && !$error)
{
$preview_message = $message;
$uid = make_bbcode_uid();
$preview_message = prepare_message($preview_message, TRUE, TRUE, TRUE, $uid);
$preview_message = bbencode_second_pass($preview_message, $uid);
$preview_message = make_clickable($preview_message);
$template->set_filenames(array(
"preview" => "posting_preview.tpl")
);
$template->assign_vars(array(
"TOPIC_TITLE" => $subject,
"POST_SUBJECT" => $subject,
"ROW_COLOR" => "#" . $theme['td_color1'],
"POSTER_NAME" => $username,
"POST_DATE" => create_date($board_config['default_dateformat'], time(), $board_config['default_timezone']),
"MESSAGE" => stripslashes(nl2br($preview_message)),
"L_PREVIEW" => $lang['Preview'],
"L_POSTED" => $lang['Posted'])
);
$template->pparse("preview");
}
// //
// Load templates // Load templates
// //
$template->set_filenames(array( $template->set_filenames(array(
"body" => "posting_body.tpl", "body" => "privmsgs_posting_body.tpl",
"jumpbox" => "jumpbox.tpl") "jumpbox" => "jumpbox.tpl")
); );
$jumpbox = make_jumpbox(); $jumpbox = make_jumpbox();
@ -261,6 +488,93 @@ else if($mode == "post" || $mode == "reply")
); );
$template->assign_var_from_handle("JUMPBOX", "jumpbox"); $template->assign_var_from_handle("JUMPBOX", "jumpbox");
if($board_config['allow_html'])
{
$html_status = $lang['HTML'] . $lang['is_ON'];
$html_toggle = '<input type="checkbox" name="disable_html" ';
if($disable_html)
{
$html_toggle .= 'checked';
}
$html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'];
}
else
{
$html_status = $lang['HTML'] . $lang['is_OFF'];
}
if($board_config['allow_bbcode'])
{
$bbcode_status = $lang['BBCode'] . $lang['is_ON'];
$bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';
if($disable_bbcode)
{
$bbcode_toggle .= "checked";
}
$bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'];
}
else
{
$bbcode_status = $lang['BBCode'] . $lang['is_OFF'];
}
if($board_config['allow_smilies'])
{
$smile_toggle = '<input type="checkbox" name="disable_smile" ';
if($disable_smilies)
{
$smile_toggle .= "checked";
}
$smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'];
}
$sig_toggle = '<input type="checkbox" name="attach_sig" ';
if($attach_sig)
{
$sig_toggle .= "checked";
}
$sig_toggle .= "> " . $lang['Attach_signature'];
if($mode == 'post')
{
$post_a = $lang['Post_a_new_topic'];
}
else if($mode == 'reply')
{
$post_a = $lang['Post_a_reply'];
}
else if($mode == 'editpost')
{
$post_a = $lang['Edit_Post'];
}
$hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"folder\" value=\"$folder\">";
$template->assign_vars(array(
"SUBJECT_INPUT" => $subject_input,
"MESSAGE_INPUT" => $message_input,
"HTML_STATUS" => $html_status,
"HTML_TOGGLE" => $html_toggle,
"SMILE_TOGGLE" => $smile_toggle,
"SIG_TOGGLE" => $sig_toggle,
"ANNOUNCE_TOGGLE" => $annouce_toggle,
"STICKY_TOGGLE" => $sticky_toggle,
"NOTIFY_TOGGLE" => $notify_toggle,
"BBCODE_TOGGLE" => $bbcode_toggle,
"BBCODE_STATUS" => $bbcode_status,
"L_SUBJECT" => $lang['Subject'],
"L_MESSAGE_BODY" => $lang['Message_body'],
"L_OPTIONS" => $lang['Options'],
"L_PREVIEW" => $lang['Preview'],
"L_SUBMIT" => $lang['Submit_post'],
"L_CANCEL" => $lang['Cancel_post'],
"L_POST_A" => $post_a,
"S_POST_ACTION" => append_sid("privmsg.$phpEx"),
"S_HIDDEN_FORM_FIELDS" => $hidden_form_fields)
);
$template->pparse("body"); $template->pparse("body");
include('includes/page_tail.'.$phpEx); include('includes/page_tail.'.$phpEx);
@ -270,22 +584,9 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
{ {
if(!$userdata['session_logged_in']) if(!$userdata['session_logged_in'])
{ {
// Error header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
} }
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = " . $userdata['user_id'] . "
AND ug.group_id = g.group_id
AND g.group_single_user = 1";
if(!$ug_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not obtain group_id information.", __LINE__, __FILE__);
}
$group_id_row = $db->sql_fetchrow($ug_status);
$group_id = $group_id_row['group_id'];
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE "; WHERE ";
@ -293,7 +594,6 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
{ {
$delete_ary = $HTTP_POST_VARS['mark']; $delete_ary = $HTTP_POST_VARS['mark'];
for($i = 0; $i < count($delete_ary); $i++) for($i = 0; $i < count($delete_ary); $i++)
{ {
$delete_sql .= "privmsgs_id = " . $delete_ary[$i] . " "; $delete_sql .= "privmsgs_id = " . $delete_ary[$i] . " ";
@ -304,23 +604,22 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
} }
$delete_sql .= "AND "; $delete_sql .= "AND ";
} }
switch($folder) switch($folder)
{ {
case 'inbox': case 'inbox':
$delete_sql .= "privmsgs_to_groupid = $group_id AND ( $delete_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )"; privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )";
break; break;
case 'outbox': case 'outbox':
$delete_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_NEW_MAIL; $delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_NEW_MAIL;
break; break;
case 'sentbox': case 'sentbox':
$delete_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL; $delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
break; break;
case 'savedbox': case 'savebox':
$delete_sql .= "( privmsgs_from_groupid = $group_id OR privmsgs_to_groupid = $group_id ) $delete_sql .= "( privmsgs_from_userid = " . $userdata['user_id'] . " OR privmsgs_to_userid = " . $userdata['user_id'] . " )
AND privmsgs_type = " . PRIVMSGS_SAVED_MAIL; AND privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
break; break;
} }
@ -335,22 +634,9 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
{ {
if(!$userdata['session_logged_in']) if(!$userdata['session_logged_in'])
{ {
// Error header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
} }
$sql = "SELECT g.group_id
FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE ug.user_id = " . $userdata['user_id'] . "
AND ug.group_id = g.group_id
AND g.group_single_user = 1";
if(!$ug_status = $db->sql_query($sql))
{
error_die(SQL_QUERY, "Could not obtain group_id information.", __LINE__, __FILE__);
}
$group_id_row = $db->sql_fetchrow($ug_status);
$group_id = $group_id_row['group_id'];
$saved_sql = "UPDATE " . PRIVMSGS_TABLE . " $saved_sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_type = " . PRIVMSGS_SAVED_MAIL . " SET privmsgs_type = " . PRIVMSGS_SAVED_MAIL . "
WHERE "; WHERE ";
@ -375,11 +661,11 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
switch($folder) switch($folder)
{ {
case 'inbox': case 'inbox':
$saved_sql .= "privmsgs_to_groupid = $group_id AND ( $saved_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )"; privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )";
break; break;
case 'sentbox': case 'sentbox':
$saved_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL; $saved_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_READ_MAIL;
break; break;
} }
@ -390,12 +676,25 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
$folder = "savebox"; $folder = "savebox";
}
else if($HTTP_POST_VARS['cancel'])
{
$folder = "inbox";
$mode = "";
} }
// //
// Default page // Default page
// //
if(!$userdata['session_logged_in'])
{
header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
}
include('includes/page_header.'.$phpEx);
// //
// Load templates // Load templates
// //
@ -445,81 +744,52 @@ $template->assign_vars(array(
"S_POST_NEW_MSG" => $post_new_mesg_url) "S_POST_NEW_MSG" => $post_new_mesg_url)
); );
$sql_tot = "SELECT COUNT(privmsgs_id)_total FROM " . PRIVMSGS_TABLE . " ";
$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, u.user_id, u.username FROM " . PRIVMSGS_TABLE . " pm, " . USERS_TABLE . " u ";
switch($folder) switch($folder)
{ {
case 'inbox': case 'inbox':
$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total $sql_tot .= "WHERE privmsgs_to_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
WHERE ug.group_id = pm.privmsgs_to_groupid OR privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";
AND ug.user_id = " . $userdata['user_id'] . "
AND ( pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";
$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user $sql .= "WHERE pm.privmsgs_to_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g AND u.user_id = pm.privmsgs_from_userid
WHERE ug.group_id = pm.privmsgs_from_groupid AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
AND g.group_id = ug.group_id OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";
AND ug2.group_id = pm.privmsgs_to_groupid
AND ug2.user_id = " . $userdata['user_id'] . "
AND ( pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
ORDER BY pm.privmsgs_date DESC
LIMIT $start, " . $board_config['topics_per_page'];
break; break;
case 'outbox': case 'outbox':
$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total $sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug AND privmsgs_type = " . PRIVMSGS_NEW_MAIL;
WHERE ug.group_id = pm.privmsgs_from_groupid
AND ug.user_id = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user $sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g AND u.user_id = pm.privmsgs_to_userid
WHERE ug.group_id = pm.privmsgs_to_groupid AND pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL;
AND g.group_id = ug.group_id break;
AND ug2.group_id = pm.privmsgs_from_groupid
AND ug2.user_id = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
ORDER BY pm.privmsgs_date DESC
LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'sentbox': case 'sentbox':
$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total $sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
WHERE ug.group_id = pm.privmsgs_from_groupid
AND ug.user_id = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user $sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g AND u.user_id = pm.privmsgs_to_userid
WHERE ug.group_id = pm.privmsgs_to_groupid AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
AND g.group_id = ug.group_id
AND ug2.group_id = pm.privmsgs_from_groupid
AND ug2.user_id = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
ORDER BY pm.privmsgs_date DESC
LIMIT $start, " . $board_config['topics_per_page'];
break; break;
case 'savebox': case 'savebox':
$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total $sql_tot .= "WHERE privmsgs_to_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug AND privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
WHERE ug.group_id = pm.privmsgs_to_groupid
AND ug.user_id = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user $sql .= "WHERE pm.privmsgs_to_userid = " . $userdata['user_id'] . "
FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g AND u.user_id = pm.privmsgs_from_userid
WHERE ug.group_id = pm.privmsgs_from_groupid AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
AND g.group_id = ug.group_id break;
AND ug2.group_id = pm.privmsgs_to_groupid
AND ug2.user_id = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL . "
ORDER BY pm.privmsgs_date DESC
LIMIT $start, " . $board_config['topics_per_page']; break;
} }
$sql .= " ORDER BY pm.privmsgs_date DESC LIMIT $start, " . $board_config['topics_per_page'];
if(!$pm_tot_status = $db->sql_query($sql_tot)) if(!$pm_tot_status = $db->sql_query($sql_tot))
{ {
error_die(SQL_QUERY, "Could not query private message information.", __LINE__, __FILE__); error_die(SQL_QUERY, "Could not query private message information.", __LINE__, __FILE__);
@ -532,34 +802,27 @@ $pm_total = $db->sql_numrows($pm_tot_status);
$pm_list = $db->sql_fetchrowset($pm_status); $pm_list = $db->sql_fetchrowset($pm_status);
// //
// Okay, let's build the index // Okay, let's build the correct folder
// //
for($i = 0; $i < count($pm_list); $i++) for($i = 0; $i < count($pm_list); $i++)
{ {
$privmsg_id = $pm_list[$i]['privmsgs_id']; $privmsg_id = $pm_list[$i]['privmsgs_id'];
$flag = $pm_list[$i]['privmsgs_type']; $flag = $pm_list[$i]['privmsgs_type'];
$icon_flag = ($flag == PRIVMSGS_READ_MAIL || $flag == PRIVMSGS_SENT_MAIL) ? "<img src=\"images/msg_read.gif\">" : "<img src=\"images/msg_unread.gif\">"; $icon_flag = ($flag == PRIVMSGS_READ_MAIL || $flag == PRIVMSGS_SAVED_MAIL || $flag == PRIVMSGS_SENT_MAIL) ? "<img src=\"images/msg_read.gif\">" : "<img src=\"images/msg_unread.gif\">";
$msg_userid = $pm_list[$i]['user_id']; $msg_userid = $pm_list[$i]['user_id'];
$msg_username = stripslashes($pm_list[$i]['group_name']); $msg_username = stripslashes($pm_list[$i]['username']);
if($pm_list[$i]['group_single_user']) $u_from_user_profile = "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid";
{
$u_from_user_profile = "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid";
}
else
{
$u_from_user_profile = "groupadmin.$phpEx?" . POST_GROUPS_URL . "=$msg_userid";
}
$msg_subject = stripslashes($pm_list[$i]['privmsgs_subject']); $msg_subject = stripslashes($pm_list[$i]['privmsgs_subject']);
$u_subject = "privmsg.$phpEx?folder=$folder&mode=read&" . POST_POST_URL . "=$privmsg_id"; $u_subject = "privmsg.$phpEx?folder=$folder&mode=read&" . POST_POST_URL . "=$privmsg_id";
$msg_date = create_date($board_config['default_dateformat'], $pm_list[$i]['privmsgs_date'], $board_config['default_timezone']); $msg_date = create_date($board_config['default_dateformat'], $pm_list[$i]['privmsgs_date'], $board_config['default_timezone']);
if($flag == PRIVMSGS_NEW_MAIL && $mode == "inbox") if($flag == PRIVMSGS_NEW_MAIL && $folder == "inbox")
{ {
$msg_subject = "<b>" . $msg_subject . "</b>"; $msg_subject = "<b>" . $msg_subject . "</b>";
$msg_date = "<b>" . $msg_date . "</b>"; $msg_date = "<b>" . $msg_date . "</b>";
@ -583,7 +846,7 @@ for($i = 0; $i < count($pm_list); $i++)
} // for ... } // for ...
$template->assign_vars(array( $template->assign_vars(array(
"PAGINATION" => generate_pagination("privmsg.$phpEx?mode=$mode", $pm_total, $board_config['topics_per_page'], $start), "PAGINATION" => generate_pagination("privmsg.$phpEx?folder=$folder", $pm_total, $board_config['topics_per_page'], $start),
"ON_PAGE" => (floor($start/$board_config['topics_per_page'])+1), "ON_PAGE" => (floor($start/$board_config['topics_per_page'])+1),
"TOTAL_PAGES" => ceil(($pm_total)/$board_config['topics_per_page']), "TOTAL_PAGES" => ceil(($pm_total)/$board_config['topics_per_page']),