|
This is the index.php file I have from the private_message folder in the modules folder.
[code:1:7944f8ea27]
<?php
/***************************************************************************
* privmsgs.php
* -------------------
* begin : Saturday, Jun 9, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: privmsg.php 8342 2008-01-29 11:05:17Z Kellanved $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('MODULE_FILE') )
{
die("You can't access this file directly...");
}
if (isset($privmsg_id)) {
$privmsg_id = intval($privmsg_id);
}
if (!empty($pm_uname)) {
$pm_uname = addslashes(check_html($pm_uname, "nohtml"));
$sql = "SELECT user_id from ".$user_prefix."_users WHERE username='$pm_uname'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$u = intval($row['user_id']);
$mode = "post";
Header("Location: modules.php?name=Private_Messages&mode=$mode&u=$u");
die();
}
$sql_title = "SELECT custom_title from ".$prefix."_modules where title='$name'";
$result_title = $db->sql_query($sql_title);
$row_title = $db->sql_fetchrow($result_title);
if (empty($row_title['custom_title'])) {
$mod_name = ereg_replace("_", " ", $name);
} else {
$mod_name = $row_title['custom_title'];
}
if (!isset($popup) OR ($popup != "1")) {
$module_name = basename(dirname(__FILE__));
require("modules/Forums/nukebb.php");
title("$sitename: $mod_name");
if (is_user($user)) {
include("modules/Your_Account/navbar.php");
OpenTable();
nav();
CloseTable();
echo "<br>";
}
} else {
$phpbb_root_path = 'modules/Forums/';
$nuke_file_path = 'modules.php?name=Forums&file=';
}
define('IN_PHPBB', true);
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include("includes/bbcode.php");
include("includes/functions_post.php");
//
// Is PM disabled?
//
if ( !empty($board_config['privmsg_disable']) )
{
message_die(GENERAL_MESSAGE, 'PM_disabled');
}
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
//
// Parameters
//
$submit = ( isset($HTTP_POST_VARS['post']) ) ? TRUE : 0;
$submit_search = ( isset($HTTP_POST_VARS['usersubmit']) ) ? TRUE : 0;
$submit_msgdays = ( isset($HTTP_POST_VARS['submit_msgdays']) ) ? TRUE : 0;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0;
$preview = ( isset($HTTP_POST_VARS['preview']) ) ? TRUE : 0;
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0;
$delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : 0;
$delete_all = ( isset($HTTP_POST_VARS['deleteall']) ) ? TRUE : 0;
$save = ( isset($HTTP_POST_VARS['save']) ) ? TRUE : 0;
$sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0;
$refresh = $preview || $submit_search;
$mark_list = ( !empty($HTTP_POST_VARS['mark']) ) ? $HTTP_POST_VARS['mark'] : 0;
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
$folder = htmlspecialchars($folder);
if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{
$folder = 'inbox';
}
}
else
{
$folder = 'inbox';
}
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_PRIVMSGS, $nukeuser);
init_userprefs($userdata);
//
// End session management
//
//
// Cancel
//
if ( $cancel )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("privmsg.$phpEx?folder=$folder", true));
exit;
}
//
// Var definitions
//
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = '';
}
$start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
$start = ($start < 0) ? 0 : $start;
if ( isset($HTTP_POST_VARS[POST_POST_URL]) || isset($HTTP_GET_VARS[POST_POST_URL]) )
{
$privmsg_id = ( isset($HTTP_POST_VARS[POST_POST_URL]) ) ? intval($HTTP_POST_VARS[POST_POST_URL]) : intval($HTTP_GET_VARS[POST_POST_URL]);
}
else
{
$privmsg_id = '';
}
$error = FALSE;
//
// Define the box image links
//
$inbox_img = ( $folder != 'inbox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '"><img src="' . $images['pm_inbox'] . '" border="0" alt="' . $lang['Inbox'] . '" /></a>' : '<img src="' . $images['pm_inbox'] . '" border="0" alt="' . $lang['Inbox'] . '" />';
$inbox_url = ( $folder != 'inbox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '">' . $lang['Inbox'] . '</a>' : $lang['Inbox'];
$outbox_img = ( $folder != 'outbox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=outbox") . '"><img src="' . $images['pm_outbox'] . '" border="0" alt="' . $lang['Outbox'] . '" /></a>' : '<img src="' . $images['pm_outbox'] . '" border="0" alt="' . $lang['Outbox'] . '" />';
$outbox_url = ( $folder != 'outbox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=outbox") . '">' . $lang['Outbox'] . '</a>' : $lang['Outbox'];
$sentbox_img = ( $folder != 'sentbox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=sentbox") . '"><img src="' . $images['pm_sentbox'] . '" border="0" alt="' . $lang['Sentbox'] . '" /></a>' : '<img src="' . $images['pm_sentbox'] . '" border="0" alt="' . $lang['Sentbox'] . '" />';
$sentbox_url = ( $folder != 'sentbox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=sentbox") . '">' . $lang['Sentbox'] . '</a>' : $lang['Sentbox'];
$savebox_img = ( $folder != 'savebox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=savebox") . '"><img src="' . $images['pm_savebox'] . '" border="0" alt="' . $lang['Savebox'] . '" /></a>' : '<img src="' . $images['pm_savebox'] . '" border="0" alt="' . $lang['Savebox'] . '" />';
$savebox_url = ( $folder != 'savebox' || !empty($mode) ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=savebox") . '">' . $lang['Savebox'] . '</a>' : $lang['Savebox'];
// ----------
// Start main
//
if ( $mode == 'newpm' )
{
$gen_simple_header = TRUE;
$page_title = $lang['Private_Messaging'];
include("includes/page_header_review.php");
$template->set_filenames(array(
'body' => 'privmsgs_popup.tpl')
);
if ( $userdata['session_logged_in'] )
{
if ( $userdata['user_new_privmsg'] )
{
$l_new_message = ( $userdata['user_new_privmsg'] == 1 ) ? $lang['You_new_pm'] : $lang['You_new_pms'];
}
else
{
$l_new_message = $lang['You_no_new_pm'];
}
$l_new_message .= '<br /><br />' . sprintf($lang['Click_view_privmsg'], '<a href="' . append_sid("privmsg.".$phpEx."?folder=inbox") . '" onclick="jump_to_inbox();return false;" target="_new">', '</a>');
}
else
{
$l_new_message = $lang['Login_check_pm'];
}
$template->assign_vars(array(
'L_CLOSE_WINDOW' => $lang['Close_window'],
'L_MESSAGE' => $l_new_message)
);
$template->pparse('body');
include("includes/page_tail_review.php");
}
else if ( $mode == 'read' )
{
if ( !empty($HTTP_GET_VARS[POST_POST_URL]) )
{
$privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]);
}
else
{
message_die(GENERAL_ERROR, $lang['No_post_id']);
}
if ( !$userdata['session_logged_in'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode&" . POST_POST_URL . "=$privmsgs_id", true));
exit;
}
//
// SQL to pull appropriate message, prevents nosey people
// reading other peoples messages ... hopefully!
//
switch( $folder )
{
case 'inbox':
$l_box_name = $lang['Inbox'];
$pm_sql_user = "AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND ( pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
break;
case 'outbox':
$l_box_name = $lang['Outbox'];
$pm_sql_user = "AND pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
break;
case 'sentbox':
$l_box_name = $lang['Sentbox'];
$pm_sql_user = "AND pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
break;
case 'savebox':
$l_box_name = $lang['Savebox'];
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
)";
break;
default:
message_die(GENERAL_ERROR, $lang['No_such_folder']);
break;
}
//
// Major query obtains the message ...
//
$sql = "SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_xfi, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text
FROM " . PRIVMSGS_TABLE . " pm, " . PRIVMSGS_TEXT_TABLE . " pmt, " . USERS_TABLE . " u, " . USERS_TABLE . " u2
WHERE pm.privmsgs_id = '$privmsgs_id'
AND pmt.privmsgs_text_id = pm.privmsgs_id
$pm_sql_user
AND u.user_id = pm.privmsgs_from_userid
AND u2.user_id = pm.privmsgs_to_userid";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query private message post information', '', __LINE__, __FILE__, $sql);
}
//
// Did the query return any data?
//
if ( !($privmsg = $db->sql_fetchrow($result)) )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("privmsg.$phpEx?folder=$folder", true));
exit;
}
$privmsg_id = $privmsg['privmsgs_id'];
//
// Is this a new message in the inbox? If it is then save
// a copy in the posters sent box
//
if (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL || $privmsg['privmsgs_type'] == PRIVMSGS_UNREAD_MAIL) && $folder == 'inbox')
{
// Update appropriate counter
switch ($privmsg['privmsgs_type'])
{
case PRIVMSGS_NEW_MAIL:
$sql = "user_new_privmsg = user_new_privmsg - 1";
break;
case PRIVMSGS_UNREAD_MAIL:
$sql = "user_unread_privmsg = user_unread_privmsg - 1";
break;
}
$sql = "UPDATE " . USERS_TABLE . "
SET $sql
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private message read status for user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_type = " . PRIVMSGS_READ_MAIL . "
WHERE privmsgs_id = " . $privmsg['privmsgs_id'];
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private message read status', '', __LINE__, __FILE__, $sql);
}
// Check to see if the poster has a 'full' sent box
$sql = "SELECT COUNT(privmsgs_id) AS sent_items, MIN(privmsgs_date) AS oldest_post_time
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
}
$sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
if ( $sent_info = $db->sql_fetchrow($result) )
{
if ($board_config['max_sentbox_privmsgs'] && $sent_info['sent_items'] >= $board_config['max_sentbox_privmsgs'])
{
$sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
AND privmsgs_date = " . $sent_info['oldest_post_time'] . "
AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not find oldest privmsgs', '', __LINE__, __FILE__, $sql);
}
$old_privmsgs_id = $db->sql_fetchrow($result);
$old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];
$sql = "DELETE $sql_priority FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id = '$old_privmsgs_id'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (sent)', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE $sql_priority FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id = '$old_privmsgs_id'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (sent)', '', __LINE__, __FILE__, $sql);
}
}
}
//
// This makes a copy of the post and stores it as a SENT message from the sendee. Perhaps
// not the most DB friendly way but a lot easier to manage, besides the admin will be able to
// set limits on numbers of storable posts for users ... hopefully!
//
$sql = "INSERT $sql_priority INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig)
VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_subject'])) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', " . $privmsg['privmsgs_enable_html'] . ", " . $privmsg['privmsgs_enable_bbcode'] . ", " . $privmsg['privmsgs_enable_smilies'] . ", " . $privmsg['privmsgs_attach_sig'] . ")";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
}
$privmsg_sent_id = $db->sql_nextid();
$sql = "INSERT $sql_priority INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
VALUES ('$privmsg_sent_id', '" . $privmsg['privmsgs_bbcode_uid'] . "', '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_text'])) . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
}
}
//
// Pick a folder, any folder, so long as it's one below ...
//
$post_urls = array(
'post' => append_sid("privmsg.$phpEx?mode=post"),
'reply' => append_sid("privmsg.$phpEx?mode=reply&" . POST_POST_URL . "=$privmsg_id"),
'quote' => append_sid("privmsg.$phpEx?mode=quote&" . POST_POST_URL . "=$privmsg_id"),
'edit' => append_sid("privmsg.$phpEx?mode=edit&" . POST_POST_URL . "=$privmsg_id")
);
$post_icons = array(
'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>',
'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>',
'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>',
'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>',
'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0" /></a>',
'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['Post_quote_pm'] . '</a>',
'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0" /></a>',
'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['Edit_pm'] . '</a>'
);
if ( $folder == 'inbox' )
{
$post_img = $post_icons['post_img'];
$reply_img = $post_icons['reply_img'];
$quote_img = $post_icons['quote_img'];
$edit_img = '';
$post = $post_icons['post'];
$reply = $post_icons['reply'];
$quote = $post_icons['quote'];
$edit = '';
$l_box_name = $lang['Inbox'];
}
else if ( $folder == 'outbox' )
{
$post_img = $post_icons['post_img'];
$reply_img = '';
$quote_img = '';
$edit_img = $post_icons['edit_img'];
$post = $post_icons['post'];
$reply = '';
$quote = '';
$edit = $post_icons['edit'];
$l_box_name = $lang['Outbox'];
}
else if ( $folder == 'savebox' )
{
if ( $privmsg['privmsgs_type'] == PRIVMSGS_SAVED_IN_MAIL )
{
$post_img = $post_icons['post_img'];
$reply_img = $post_icons['reply_img'];
$quote_img = $post_icons['quote_img'];
$edit_img = '';
$post = $post_icons['post'];
$reply = $post_icons['reply'];
$quote = $post_icons['quote'];
$edit = '';
}
else
{
$post_img = $post_icons['post_img'];
$reply_img = '';
$quote_img = '';
$edit_img = '';
$post = $post_icons['post'];
$reply = '';
$quote = '';
$edit = '';
}
$l_box_name = $lang['Saved'];
}
else if ( $folder == 'sentbox' )
{
$post_img = $post_icons['post_img'];
$reply_img = '';
$quote_img = '';
$edit_img = '';
$post = $post_icons['post'];
$reply = '';
$quote = '';
$edit = '';
$l_box_name = $lang['Sent'];
}
$s_hidden_fields = '<input type="hidden" name="mark[]" value="' . $privmsgs_id . '" />';
$page_title = $lang['Read_pm'];
include("includes/page_header.php");
//
// Load templates
//
$template->set_filenames(array(
'body' => 'privmsgs_read_body.tpl')
);
if (is_active("Forums")) {
make_jumpbox('viewforum.'.$phpEx);
}
$template->assign_vars(array(
'INBOX_IMG' => $inbox_img,
'SENTBOX_IMG' => $sentbox_img,
'OUTBOX_IMG' => $outbox_img,
'SAVEBOX_IMG' => $savebox_img,
'INBOX' => $inbox_url,
'POST_PM_IMG' => $post_img,
'REPLY_PM_IMG' => $reply_img,
'EDIT_PM_IMG' => $edit_img,
'QUOTE_PM_IMG' => $quote_img,
'POST_PM' => $post,
'REPLY_PM' => $reply,
'EDIT_PM' => $edit,
'QUOTE_PM' => $quote,
'SENTBOX' => $sentbox_url,
'OUTBOX' => $outbox_url,
'SAVEBOX' => $savebox_url,
'BOX_NAME' => $l_box_name,
'L_MESSAGE' => $lang['Message'],
'L_INBOX' => $lang['Inbox'],
'L_OUTBOX' => $lang['Outbox'],
'L_SENTBOX' => $lang['Sent'],
'L_SAVEBOX' => $lang['Saved'],
'L_FLAG' => $lang['Flag'],
'L_SUBJECT' => $lang['Subject'],
'L_POSTED' => $lang['Posted'],
'L_DATE' => $lang['Date'],
'L_FROM' => $lang['From'],
'L_TO' => $lang['To'],
'L_SAVE_MSG' => $lang['Save_message'],
'L_DELETE_MSG' => $lang['Delete_message'],
'S_PRIVMSGS_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$username_from = $privmsg['username_1'];
$user_id_from = $privmsg['user_id_1'];
$username_to = $privmsg['username_2'];
$user_id_to = $privmsg['user_id_2'];
$post_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']);
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . '=' . $user_id_from);
$profile_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_profile'] . '" alt="' . $lang['Read_profile'] . '" title="' . $lang['Read_profile'] . '" border="0" /></a>';
$profile = '<a href="' . $temp_url . '">' . $lang['Read_profile'] . '</a>';
$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id_from");
$pm_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['Send_private_message'] . '" title="' . $lang['Send_private_message'] . '" border="0" /></a>';
$pm = '<a href="' . $temp_url . '">' . $lang['Send_private_message'] . '</a>';
if ( !empty($privmsg['user_viewemail']) || $userdata['user_level'] == ADMIN )
{
$email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL .'=' . $user_id_from) : 'mailto:' . $privmsg['user_email'];
$email_img = '<a href="' . $email_uri . '"><img src="' . $images['icon_email'] . '" alt="' . $lang['Send_email'] . '" title="' . $lang['Send_email'] . '" border="0" /></a>';
$email = '<a href="' . $email_uri . '">' . $lang['Send_email'] . '</a>';
}
else
{
$email_img = '';
$email = '';
}
$www_img = ( $privmsg['user_website'] ) ? '<a href="' . $privmsg['user_website'] . '" target="_userwww"><img src="' . $images['icon_www'] . '" alt="' . $lang['Visit_website'] . '" title="' . $lang['Visit_website'] . '" border="0" /></a>' : '';
$www = ( $privmsg['user_website'] ) ? '<a href="' . $privmsg['user_website'] . '" target="_userwww">' . $lang['Visit_website'] . '</a>' : '';
if ( !empty($privmsg['user_icq']) )
{
$icq_status_img = '<a href="http://wwp.icq.com/' . $privmsg['user_icq'] . '#pager"><img src="http://web.icq.com/whitepages/online?icq=' . $privmsg['user_icq'] . '&img=5" width="18" height="18" border="0" /></a>';
$icq_img = '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $privmsg['user_icq'] . '"><img src="' . $images['icon_icq'] . '" alt="' . $lang['ICQ'] . '" title="' . $lang['ICQ'] . '" border="0" /></a>';
$icq = '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $privmsg['user_icq'] . '">' . $lang['ICQ'] . '</a>';
}
else
{
$icq_status_img = '';
$icq_img = '';
$icq = '';
}
$aim_img = ( $privmsg['user_aim'] ) ? '<a href="aim:goim?screenname=' . $privmsg['user_aim'] . '&message=Hello+Are+you+there?"><img src="' . $images['icon_aim'] . '" alt="' . $lang['AIM'] . '" title="' . $lang['AIM'] . '" border="0" /></a>' : '';
$aim = ( $privmsg['user_aim'] ) ? '<a href="aim:goim?screenname=' . $privmsg['user_aim'] . '&message=Hello+Are+you+there?">' . $lang['AIM'] . '</a>' : '';
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id_from");
$msn_img = ( $privmsg['user_msnm'] ) ? '<a href="' . $temp_url . '"><img src="' . $images['icon_msnm'] . '" alt="' . $lang['MSNM'] . '" title="' . $lang['MSNM'] . '" border="0" /></a>' : '';
$msn = ( $privmsg['user_msnm'] ) ? '<a href="' . $temp_url . '">' . $lang['MSNM'] . '</a>' : '';
$yim_img = ( $privmsg['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $privmsg['user_yim'] . '&.src=pg"><img src="' . $images['icon_yim'] . '" alt="' . $lang['YIM'] . '" title="' . $lang['YIM'] . '" border="0" /></a>' : '';
$yim = ( $privmsg['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $privmsg['user_yim'] . '&.src=pg">' . $lang['YIM'] . '</a>' : '';
// XFire mod by Chris Weidert
if ( !empty($privmsg['user_xfi']) )
{
$xfi_add_img = '<a href="xfire:add_friend?user=' . $privmsg['user_xfi'] . '">' . '<img src="' . $images['icon_xfi_add'] . '"' . ' alt="' . sprintf($lang['XFI_ADD'], $privmsg['user_xfi']) . '" title="' . sprintf($lang['XFI_ADD'], $privmsg['user_xfi']) . '" border="0" /></a>';
$xfi_img = '<a href="http://www.xfire.com/xf/modules.php?name=XFire&file=profile&uname=' . $privmsg['user_xfi'] . '"><img src="' . $images['icon_xfi'] . '" alt="' . $lang['XFI'] . '" title="' . $lang['XFI'] . '" border="0" /></a>';
$xfi = '<a href="http://www.xfire.com/xf/modules.php?name=XFire&file=profile&uname=' . $privmsg['user_xfi'] . '">' . $lang['XFI'] . '</a>';
}
else
{
$xfi_add_img = '';
$xfi_img = '';
$xfi = '';
}
// END XFire mod by Chris Weidert
$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username_from) . "&showresults=posts");
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username_from) . '" title="' . sprintf($lang['Search_user_posts'], $username_from) . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username_from) . '</a>';
//
// Processing of post
//
$post_subject = $privmsg['privmsgs_subject'];
$private_message = $privmsg['privmsgs_text'];
$bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
if ( $board_config['allow_sig'] )
{
$user_sig = ( $privmsg['privmsgs_from_userid'] == $userdata['user_id'] ) ? $userdata['user_sig'] : $privmsg['user_sig'];
}
else
{
$user_sig = '';
}
$user_sig_bbcode_uid = ( $privmsg['privmsgs_from_userid'] == $userdata['user_id'] ) ? $userdata['user_sig_bbcode_uid'] : $privmsg['user_sig_bbcode_uid'];
//
// If the board has HTML off but the post has HTML
// on then we process it, else leave it alone
//
if ( !$board_config['allow_html'] || !$userdata['user_allowhtml'])
{
if ( !empty($user_sig))
{
$user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig);
}
if ( $privmsg['privmsgs_enable_html'] )
{
$private_message = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $private_message);
}
}
if ( !empty($user_sig) && $privmsg['privmsgs_attach_sig'] && !empty($user_sig_bbcode_uid) )
{
$user_sig = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $user_sig);
}
if ( !empty($bbcode_uid) )
{
$private_message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($private_message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $private_message);
}
$private_message = make_clickable($private_message);
if ( $privmsg['privmsgs_attach_sig'] && !empty($user_sig) )
{
$private_message .= '<br /><br />_________________<br />' . make_clickable($user_sig);
}
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
if ( count($orig_word) )
{
$post_subject = preg_replace($orig_word, $replacement_word, $post_subject);
$private_message = preg_replace($orig_word, $replacement_word, $private_message);
}
if ( $board_config['allow_smilies'] && $privmsg['privmsgs_enable_smilies'] )
{
$private_message = smilies_pass($private_message);
}
$private_message = str_replace("\n", '<br />', $private_message);
$private_message = str_replace("(eval","bad_tag",$private_message);
$private_message = str_replace("document.cookie","bad_tag",$private_message);
$private_message = str_replace("top:expression","bad_tag",$private_message);
$user_sig = str_replace("(eval","bad_tag",$user_sig);
$user_sig = str_replace("document.cookie","bad_tag",$user_sig);
$user_sig = str_replace("top:expression","bad_tag",$user_sig);
//
// Dump it to the templating engine
//
$template->assign_vars(array(
'MESSAGE_TO' => $username_to,
'MESSAGE_FROM' => $username_from,
'RANK_IMAGE' => $rank_image,
'POSTER_JOINED' => $poster_joined,
'POSTER_POSTS' => $poster_posts,
'POSTER_FROM' => $poster_from,
'POSTER_AVATAR' => $poster_avatar,
'POST_SUBJECT' => $post_subject,
'POST_DATE' => $post_date,
'MESSAGE' => $private_message,
'PROFILE_IMG' => $profile_img,
'PROFILE' => $profile,
'SEARCH_IMG' => $search_img,
'SEARCH' => $search,
'EMAIL_IMG' => $email_img,
'EMAIL' => $email,
'WWW_IMG' => $www_img,
'WWW' => $www,
'ICQ_STATUS_IMG' => $icq_status_img,
'ICQ_IMG' => $icq_img,
'ICQ' => $icq,
'AIM_IMG' => $aim_img,
'AIM' => $aim,
'MSN_IMG' => $msn_img,
'MSN' => $msn,
'XFI_ADD_IMG' => $xfi_add_img, // XFire MOD by Chris Weidert
'XFI_IMG' => $xfi_img, // XFire MOD by Chris Weidert
'xfi' => $xfi, // XFire MOD by Chris Weidert
'YIM_IMG' => $yim_img,
'YIM' => $yim)
);
$template->pparse('body');
include("includes/page_tail.php");
}
else if ( ( $delete && $mark_list ) || $delete_all )
{
if ( !$userdata['session_logged_in'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
exit;
}
if ( isset($mark_list) && !is_array($mark_list) )
{
// Set to empty array instead of '0' if nothing is selected.
$mark_list = array();
}
if ( !$confirm )
{
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
$s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />';
$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
for($i = 0; $i < count($mark_list); $i++)
{
$s_hidden_fields .= '<input type="hidden" name="mark[]" value="' . intval($mark_list[$i]) . '" />';
}
//
// Output confirmation page
//
include("includes/page_header.php");
$template->set_filenames(array(
'confirm_body' => 'confirm_body.tpl')
);
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Information'],
'MESSAGE_TEXT' => ( count($mark_list) == 1 ) ? $lang['Confirm_delete_pm'] : $lang['Confirm_delete_pms'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('confirm_body');
include("includes/page_tail.php");
}
else if ($confirm && $sid === $userdata['session_id'])
{
$delete_sql_id = '';
if (!$delete_all)
{
for ($i = 0; $i < count($mark_list); $i++)
{
$delete_sql_id .= ((!empty($delete_sql_id)) ? ', ' : '') . intval($mark_list[$i]);
}
$delete_sql_id = "AND privmsgs_id IN ($delete_sql_id)";
}
switch($folder)
{
case 'inbox':
$delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
break;
case 'outbox':
$delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
break;
case 'sentbox':
$delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
break;
case 'savebox':
$delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
OR ( privmsgs_to_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
break;
}
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE $delete_type $delete_sql_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain id list to delete messages', '', __LINE__, __FILE__, $sql);
}
$mark_list = array();
while ( $row = $db->sql_fetchrow($result) )
{
$mark_list[] = $row['privmsgs_id'];
}
unset($delete_type);
if ( count($mark_list) )
{
$delete_sql_id = '';
for ($i = 0; $i < sizeof($mark_list); $i++)
{
$delete_sql_id .= ((!empty($delete_sql_id)) ? ', ' : '') . intval($mark_list[$i]);
}
if ($folder == 'inbox' || $folder == 'outbox')
{
switch ($folder)
{
case 'inbox':
$sql = "privmsgs_to_userid = " . $userdata['user_id'];
break;
case 'outbox':
$sql = "privmsgs_from_userid = " . $userdata['user_id'];
break;
}
// Get information relevant to new or unread mail
// so we can adjust users counters appropriately
$sql = "SELECT privmsgs_to_userid, privmsgs_type
FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)
AND $sql
AND privmsgs_type IN (" . PRIVMSGS_NEW_MAIL . ", " . PRIVMSGS_UNREAD_MAIL . ")";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result))
{
$update_users = $update_list = array();
do
{
switch ($row['privmsgs_type'])
{
case PRIVMSGS_NEW_MAIL:
$update_users['new'][$row['privmsgs_to_userid']]++;
break;
case PRIVMSGS_UNREAD_MAIL:
$update_users['unread'][$row['privmsgs_to_userid']]++;
break;
}
}
while ($row = $db->sql_fetchrow($result));
if (sizeof($update_users))
{
while (list($type, $users) = each($update_users))
{
while (list($user_id, $dec) = each($users))
{
$update_list[$type][$dec][] = $user_id;
}
}
unset($update_users);
while (list($type, $dec_ary) = each($update_list))
{
switch ($type)
{
case 'new':
$type = "user_new_privmsg";
break;
case 'unread':
$type = "user_unread_privmsg";
break;
}
while (list($dec, $user_ary) = each($dec_ary))
{
$user_ids = implode(', ', $user_ary);
$sql = "UPDATE " . USERS_TABLE . "
SET $type = $type - $dec
WHERE user_id IN ($user_ids)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update user pm counters', '', __LINE__, __FILE__, $sql);
}
}
}
unset($update_list);
}
}
$db->sql_freeresult($result);
}
// Delete the messages
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)
AND ";
switch( $folder )
{
case 'inbox':
$delete_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
break;
case 'outbox':
$delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND (
privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
break;
case 'sentbox':
$delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
break;
case 'savebox':
$delete_sql .= "( ( privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
OR ( privmsgs_to_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
break;
}
if ( !$db->sql_query($delete_sql, BEGIN_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql, END_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
}
}
else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
{
if ( !$userdata['session_logged_in'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
exit;
}
if (sizeof($mark_list))
{
// See if recipient is at their savebox limit
$sql = "SELECT COUNT(privmsgs_id) AS savebox_items, MIN(privmsgs_date) AS oldest_post_time
FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
}
$sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
if ( $saved_info = $db->sql_fetchrow($result) )
{
if ($board_config['max_savebox_privmsgs'] && $saved_info['savebox_items'] >= $board_config['max_savebox_privmsgs'] )
{
$sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )
AND privmsgs_date = " . $saved_info['oldest_post_time'];
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (save)', '', __LINE__, __FILE__, $sql);
}
$old_privmsgs_id = $db->sql_fetchrow($result);
$old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];
$sql = "DELETE $sql_priority FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id = '$old_privmsgs_id'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (save)', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE $sql_priority FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id = '$old_privmsgs_id'";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (save)', '', __LINE__, __FILE__, $sql);
}
}
}
$saved_sql_id = '';
for ($i = 0; $i < sizeof($mark_list); $i++)
{
$saved_sql_id .= ((!empty($saved_sql_id)) ? ', ' : '') . intval($mark_list[$i]);
}
// Process request
$saved_sql = "UPDATE " . PRIVMSGS_TABLE;
// Decrement read/new counters if appropriate
if ($folder == 'inbox' || $folder == 'outbox')
{
switch ($folder)
{
case 'inbox':
$sql = "privmsgs_to_userid = " . $userdata['user_id'];
[/code:1
|
|
|
38.107.179.220
