Subversion Repositories Applications.papyrus

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
831 florian 1
<?php
2
 
3
////////////////////////////////////////////////////////////////////////////////
4
//                                                                            //
5
// Copyright (C) 2006  Phorum Development Team                                //
6
// http://www.phorum.org                                                      //
7
//                                                                            //
8
// This program is free software. You can redistribute it and/or modify       //
9
// it under the terms of either the current Phorum License (viewable at       //
10
// phorum.org) or the Phorum License that was distributed with this file      //
11
//                                                                            //
12
// This program is distributed in the hope that it will be useful,            //
13
// but WITHOUT ANY WARRANTY, without even the implied warranty of             //
14
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                       //
15
//                                                                            //
16
// You should have received a copy of the Phorum License                      //
17
// along with this program.                                                   //
18
////////////////////////////////////////////////////////////////////////////////
19
 
20
// These language strings are set dynamically, so the language
21
// tool won't recognize them automatically. Therefore they are
22
// mentioned here.
23
// $PHORUM["DATA"]["LANG"]["PMFolderCreateSuccess"]
24
// $PHORUM["DATA"]["LANG"]["PMFolderRenameSuccess"]
25
// $PHORUM["DATA"]["LANG"]["PMFolderDeleteSuccess"]
26
// $PHORUM["DATA"]["LANG"]["PMSent"]
27
 
28
// PMTODO If reading from a mail notify, lookup the folder_id,
29
//        so the close button will work. Now the folder_id is empty.
30
// PMTODO implement pm_reply_flag functionality
31
 
32
define('phorum_page','pm');
33
 
34
include_once("./common.php");
35
 
36
phorum_require_login();
37
 
38
// set all our common URL's
39
phorum_build_common_urls();
40
 
41
include_once("./include/email_functions.php");
42
include_once("./include/format_functions.php");
43
 
44
// a user has to be logged in to use the private messages system
45
if (!$PHORUM["DATA"]["LOGGEDIN"]) {
46
    phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
47
    exit();
48
}
49
 
50
// if the user is not fully logged in, send him to the login page
51
if (!$PHORUM["DATA"]["FULLY_LOGGEDIN"]) {
52
 
53
    // Construct the URL to redirect to after logging in.
54
    $args = array(PHORUM_PM_URL);
55
    foreach ($PHORUM["args"] as $k => $v) {
56
        if (in_array("$k=$v", $PHORUM["DATA"]["GET_VARS"])) continue;
57
        if(is_numeric($k)) $args[] = $v; else $args[] = "$k=$v";
58
    }
59
    $redir = urlencode(call_user_func_array('phorum_get_url', $args));
60
 
61
    phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL, "redir=$redir"));
62
    exit();
63
}
64
 
65
// If private messages are disabled, just show a simple error message.
66
if (! $PHORUM["enable_pm"]) {
67
    $PHORUM["DATA"]["BLOCK_CONTENT"] = $PHORUM["DATA"]["LANG"]["PMDisabled"];
68
    include phorum_get_template("header");
69
    phorum_hook("after_header");
70
    include phorum_get_template("stdblock");
71
    phorum_hook("before_footer");
72
    include phorum_get_template("footer");
73
    return;
74
}
75
 
76
// ------------------------------------------------------------------------
77
// Parameter handling
78
// ------------------------------------------------------------------------
79
 
80
// Retrieve a parameter from either the args-list or $_POST.
81
function phorum_getparam($name)
82
{
83
    $PHORUM = $GLOBALS["PHORUM"];
84
 
85
    $ret = NULL;
86
    if (isset($PHORUM["args"][$name])) {
87
        $ret = trim($PHORUM["args"][$name]);
88
    }elseif (isset($_POST[$name])) {
89
        $ret = trim($_POST[$name]);
90
    }
91
 
92
    return $ret;
93
}
94
 
95
// Get basic parameters.
96
$action          = phorum_getparam('action');
97
$page            = phorum_getparam('page');
98
$folder_id       = phorum_getparam('folder_id');
99
$pm_id           = phorum_getparam('pm_id');
100
$forum_id        = $PHORUM["forum_id"];
101
$user_id         = $PHORUM["user"]["user_id"];
102
$hide_userselect = phorum_getparam('hide_userselect');
103
 
104
// Get recipients from the form and create a valid list of recipients.
105
$recipients = array();
106
if (isset($_POST["recipients"]) && is_array($_POST["recipients"])) {
107
    foreach ($_POST["recipients"] as $id => $username) {
108
        $user = phorum_user_get($id, false);
109
        if ($user) {
110
            $recipients[$id] = $user;
111
        }
112
    }
113
}
114
 
115
// init error var
116
$error_msg = "";
117
 
118
// ------------------------------------------------------------------------
119
// Banlist checking
120
// ------------------------------------------------------------------------
121
 
122
//  Start editor       Post message         Post reply
123
if ($page == 'send' || $action == 'post' || ($action == 'list' && isset($pm_id)))
124
{
125
    include_once("./include/profile_functions.php");
126
    $error = phorum_check_bans(array(
127
        array($PHORUM["user"]["username"], PHORUM_BAD_NAMES),
128
        array($PHORUM["user"]["email"],    PHORUM_BAD_EMAILS),
129
        array($user_id,                    PHORUM_BAD_USERID),
130
        array(NULL,                        PHORUM_BAD_IPS),
131
    ));
132
 
133
    // Show an error in case we encountered a ban.
134
    if (! empty($error)) {
135
        $PHORUM["DATA"]["ERROR"] = $error;
136
        include phorum_get_template("header");
137
        phorum_hook("after_header");
138
        include phorum_get_template("message");
139
        phorum_hook("before_footer");
140
        include phorum_get_template("footer");
141
        return;
142
    }
143
}
144
 
145
// ------------------------------------------------------------------------
146
// Perform actions
147
// ------------------------------------------------------------------------
148
 
149
// Initialize error and ok message.
150
$error = '';
151
$okmsg = '';
152
 
153
// init folder list
154
$pm_folders = phorum_db_pm_getfolders(NULL, true);
155
 
156
// Translate button clicks from the read page to appropriate actions.
157
if (isset($_POST['close_message'])) {
158
    $page = 'list';
159
} elseif (isset($_POST['delete_message'])) {
160
    $page = 'list';
161
    $_POST['delete'] = 1;
162
    $_POST['checked'] = array($pm_id);
163
    $action = 'list';
164
} elseif (isset($_POST['move_message'])) {
165
    $page = 'list';
166
    $_POST['move'] = 1;
167
    $_POST['checked'] = array($pm_id);
168
    $action = 'list';
169
} elseif (isset($_POST['reply']) || isset($_POST['reply_to_all'])) {
170
    $page = 'send';
171
    $action = '';
172
}
173
 
174
if (!empty($action)) {
175
 
176
    // Utility function to check if a foldername already exists.
177
    // No extreme checking with locking here. Technically
178
    // speaking duplicate foldernames will work. It's just
179
    // confusing for the user.
180
    function phorum_pm_folder_exists($foldername)
181
    {
182
        global $pm_folders;
183
        foreach ($pm_folders as $id => $data) {
184
            if (strcasecmp($foldername, $data["name"]) == 0) {
185
                return true;
186
            }
187
        }
188
        return false;
189
    }
190
 
191
    // Redirect will be set to a true value if after performing
192
    // the action we want to use a redirect to get to the
193
    // result page. This is done for two reasons:
194
    // 1) Let the result page use refreshed PM data;
195
    // 2) Prevent reloading of the action page (which could for
196
    //    example result in duplicate message sending).
197
    // The variable $redirect_message can be set to a language
198
    // key string to have a message displayed after redirection.
199
    $redirect = false;
200
    $redirect_message = '';
201
 
202
    switch($action) {
203
 
204
        // Actions which are triggered from the folder management interface.
205
        case "folders":
206
 
207
            $redirect = false;
208
            $page = "folders";
209
 
210
            // Create folder.
211
            if (!empty($_POST['create_folder']))
212
            {
213
                $foldername = trim($_POST["create_folder_name"]);
214
 
215
                if ($foldername != '')
216
                {
217
                    if (phorum_pm_folder_exists($foldername)) {
218
                        $error = $PHORUM["DATA"]["LANG"]["PMFolderExistsError"];
219
                    } else {
220
                        phorum_db_pm_create_folder($foldername);
221
                        $redirect_message = "PMFolderCreateSuccess";
222
                        $redirect = true;
223
                    }
224
 
225
                }
226
            }
227
 
228
            // Rename a folder.
229
            elseif (!empty($_POST['rename_folder']))
230
            {
231
                $from = $_POST['rename_folder_from'];
232
                $to = trim($_POST['rename_folder_to']);
233
 
234
                if (!empty($from) && $to != '') {
235
                    if (phorum_pm_folder_exists($to)) {
236
                        $error = $PHORUM["DATA"]["LANG"]["PMFolderExistsError"];
237
                    } else {
238
                        phorum_db_pm_rename_folder($from, $to);
239
                        $redirect_message = "PMFolderRenameSuccess";
240
                        $redirect = true;
241
                    }
242
                }
243
            }
244
 
245
            // Delete a folder.
246
            elseif (!empty($_POST['delete_folder']))
247
            {
248
                $folder_id = $_POST["delete_folder_target"];
249
                if (!empty($folder_id)) {
250
                    phorum_db_pm_delete_folder($folder_id);
251
                    $redirect_message = "PMFolderDeleteSuccess";
252
                    $redirect = true;
253
 
254
                    // Invalidate user cache, to update message counts.
255
                    phorum_cache_remove('user',$user_id);
256
                }
257
            }
258
 
259
            break;
260
 
261
 
262
        // Actions which are triggered from the list interface.
263
        case "list":
264
 
265
            // Delete all checked messages.
266
            if (isset($_POST["delete"]) && isset($_POST["checked"])) {
267
                foreach($_POST["checked"] as $pm_id) {
268
                    if (phorum_db_pm_get($pm_id, $folder_id)) {
269
                        phorum_db_pm_delete($pm_id, $folder_id);
270
                    }
271
                }
272
 
273
                // Invalidate user cache, to update message counts.
274
                phorum_cache_remove('user',$user_id);
275
            }
276
 
277
            // Move checked messages to another folder.
278
            elseif (isset($_POST["move"]) && isset($_POST["checked"])) {
279
                $to = $_POST['target_folder'];
280
                if (! empty($to)) {
281
                    foreach($_POST["checked"] as $pm_id) {
282
                        if (phorum_db_pm_get($pm_id, $folder_id)) {
283
                            phorum_db_pm_move($pm_id, $folder_id, $to);
284
                        }
285
                    }
286
                }
287
            }
288
 
289
            $page = "list";
290
            $redirect = true;
291
 
292
            break;
293
 
294
 
295
        // Actions which are triggered from the post form.
296
        case "post":
297
 
298
            // Parse clicks on the image buttons that we use for
299
            // deleting recipients from the list of recipients.
300
            // These are not sent as name=value, but instead
301
            // name_x=xclickoffset and name_y=yclickoffset are sent.
302
            // Also accept normal button clicks with name="del_rcpt::<id>",
303
            // so template builders can use that.
304
            $del_rcpt = NULL;
305
            foreach ($_POST as $key => $val) {
306
                if (preg_match('/^del_rcpt::(\d+)(_x)?$/', $key, $m)) {
307
                    $del_rcpt = $m[1];
308
                    break;
309
                }
310
            }
311
 
312
            // Determine what action to perform.
313
            $action = "post";
314
            if (isset($_POST["preview"])) $action = "preview";
315
            if (isset($_POST["rcpt_add"])) $action = "rcpt_add";
316
            if (!is_null($del_rcpt)) $action = "del_rcpt";
317
 
318
            // Adding a recipient.
319
            if ($action == "rcpt_add" || $action == "preview" || $action == "post") {
320
 
321
                // Convert adding a recipient by name to adding by user id.
322
                if (isset($_POST["to_name"])) {
323
                    $to_name = trim($_POST["to_name"]);
324
                    if ($to_name != '') {
325
                        $to_user_id = phorum_db_user_check_field('username', $to_name);
326
                        if ($to_user_id) {
327
                            $_POST["to_id"] = $to_user_id;
328
                            unset($_POST["to_name"]);
329
                        } else {
330
                            $error = $PHORUM["DATA"]["LANG"]["UserNotFound"];
331
                        }
332
                    }
333
                }
334
 
335
                // Add a recipient by id.
336
                if (isset($_POST["to_id"]) && is_numeric($_POST["to_id"])) {
337
                    $user = phorum_user_get($_POST["to_id"], false);
338
                    if ($user) {
339
                        $recipients[$user["user_id"]] = $user;
340
                    }
341
                }
342
 
343
                $page = "send";
344
 
345
            // Deleting a recipient.
346
            } elseif ($action == "del_rcpt") {
347
 
348
                unset($recipients[$del_rcpt]);
349
                $page = "send";
350
 
351
                // When deleting a recipient, we always have to
352
                // show the user selection. Put it back in, for
353
                // situations where we had the user selection
354
                // hidden intentionally.
355
                $hide_userselect = 0;
356
            }
357
 
358
            // For previewing the message, no action has to be taken.
359
            if ($action == "preview") {
360
                $page = "send";
361
            }
362
 
363
            // Posting the message.
364
            elseif ($action == "post") {
365
 
366
                // Only send the message if we have at least one recipient.
367
                if (count($recipients)) {
368
                    $_POST["subject"] = trim($_POST["subject"]);
369
                    $_POST["message"] = trim($_POST["message"]);
370
 
371
                    // Only send the message if all required message data is filled in.
372
                    if ($_POST["subject"] == '' || $_POST["message"] == '') {
373
 
374
                        $error = $PHORUM["DATA"]["LANG"]["PMRequiredFields"];
375
 
376
                    // Message data is okay. Post the message.
377
                    } else {
378
 
379
                        if (empty($_POST["keep"])) $_POST["keep"] = 0;
380
 
381
                        // Check if sender and recipients have not yet reached the
382
                        // maximum number of messages that may be stored on the server.
383
                        // Administrators may always send PM.
384
                        if (!$PHORUM['user']['admin'] && $PHORUM['max_pm_messagecount'])
385
                        {
386
                            // Build a list of users to check.
387
                            $checkusers = $recipients;
388
                            if ($_POST['keep']) $checkusers[] = $PHORUM['user'];
389
 
390
                            // Check all users.
391
                            foreach ($checkusers as $user)
392
                            {
393
                                if ($user['admin']) continue; // No limits for admins
394
                                $current_count = phorum_db_pm_messagecount(PHORUM_PM_ALLFOLDERS, $user["user_id"]);
395
                                if ($current_count['total'] >= $PHORUM['max_pm_messagecount']) {
396
                                    if ($user['user_id'] == $PHORUM["user"]["user_id"]) {
397
                                        $error = $PHORUM["DATA"]["LANG"]["PMFromMailboxFull"];
398
                                    } else {
399
                                        $error = $PHORUM["DATA"]["LANG"]["PMToMailboxFull"];
400
                                        $error = str_replace('%recipient%', htmlspecialchars($user["username"]), $error);
401
                                    }
402
                                }
403
                            }
404
                        }
405
 
406
                        // Send the private message if no errors occurred.
407
                        if (empty($error)) {
408
 
409
                            $pm_message_id = phorum_db_pm_send($_POST["subject"], $_POST["message"], array_keys($recipients), NULL, $_POST["keep"]);
410
 
411
                            // Show an error in case of problems.
412
                            if (! $pm_message_id) {
413
 
414
                                $error = $PHORUM["DATA"]["LANG"]["PMNotSent"];
415
 
416
                            // Do e-mail notifications on successful sending.
417
                            } else {
418
 
419
                                include_once("./include/email_functions.php");
420
 
421
                                $pm_message = array(
422
                                    'pm_message_id' => $pm_message_id,
423
                                    'subject'       => $_POST['subject'],
424
                                    'message'       => $_POST['message'],
425
                                    'from_username' => $PHORUM['user']['username'],
426
                                    'from_user_id'  => $user_id,
427
                                );
428
 
429
                                // Sort all recipients that want a notify by language.
430
                                $langrcpts = array();
431
                                foreach ($recipients as $rcpt_id => $rcpt) {
432
 
433
                                    if ($rcpt["pm_email_notify"]) {
434
                                        if (!isset($langrcpts[$rcpt["user_language"]])) {
435
                                            $langrcpts[$rcpt["user_language"]] = array($rcpt);
436
                                        } else {
437
                                            $langrcpts[$rcpt["user_language"]][] = $rcpt;
438
                                        }
439
                                    }
440
                                }
441
 
442
                                phorum_email_pm_notice($pm_message, $langrcpts);
443
 
444
                                phorum_hook("pm_sent", $pm_message);
445
                            }
446
                        }
447
 
448
                        // Invalidate user cache, to update message counts.
449
                        phorum_cache_remove('user', $user_id);
450
                        foreach ($recipients as $rcpt) {
451
                            phorum_cache_remove('user', $rcpt["user_id"]);
452
                        }
453
 
454
                        $redirect_message = "PMSent";
455
                    }
456
 
457
                } else {
458
                    $error = $PHORUM["DATA"]["LANG"]["PMNoRecipients"];
459
                }
460
 
461
                // Stay on the post page in case of errors. Redirect on success.
462
                if ($error) {
463
                    $page = "send";
464
                } else {
465
                    $redirect = true;
466
                }
467
 
468
            }
469
 
470
            break;
471
 
472
 
473
        // Actions that are triggered from the buddy list.
474
        case "buddies":
475
 
476
            // Delete all checked buddies.
477
            if (isset($_POST["delete"]) && isset($_POST["checked"])) {
478
                foreach($_POST["checked"] as $buddy_user_id) {
479
                    phorum_db_pm_buddy_delete($buddy_user_id);
480
                    phorum_hook("buddy_delete", $buddy_user_id);
481
                }
482
            }
483
 
484
            // Send a PM to the checked buddies.
485
            if (isset($_POST["send_pm"]) && isset($_POST["checked"])) {
486
                $pm_rcpts = $_POST["checked"];
487
                if (count($pm_rcpts)) {
488
                    $redirect = true;
489
                    $page = "send";
490
                } else {
491
                    unset($pm_rcpts);
492
                }
493
            }
494
 
495
            break;
496
 
497
 
498
        // Add a user to this user's buddy list.
499
        case "addbuddy":
500
 
501
            $buddy_user_id = $PHORUM["args"]["addbuddy_id"];
502
            if (!empty($buddy_user_id)) {
503
                if (phorum_db_pm_buddy_add($buddy_user_id)) {
504
                    $okmsg = $PHORUM["DATA"]["LANG"]["BuddyAddSuccess"];
505
                    phorum_hook("buddy_add", $buddy_user_id);
506
                } else {
507
                    $error = $PHORUM["DATA"]["LANG"]["BuddyAddFail"];
508
                }
509
            }
510
            break;
511
 
512
 
513
        default:
514
            die("Unhandled action for pm.php: " . htmlspecialchars($action));
515
 
516
    }
517
 
518
    // The action has been completed successfully.
519
    // Redirect the user to the result page.
520
    if ($redirect)
521
    {
522
        $args = array(
523
            PHORUM_PM_URL,
524
            "page=" . $page,
525
            "folder_id=" . $folder_id,
526
        );
527
        if (isset($pm_rcpts)) $args[]  = "to_id=" . implode(':', $pm_rcpts);
528
        if (!empty($pm_id)) $args[]  = "pm_id=" . $pm_id;
529
        if (!empty($redirect_message)) $args[] = "okmsg=" . $redirect_message;
530
 
531
        $redir_url = call_user_func_array('phorum_get_url', $args);
532
 
533
        phorum_redirect_by_url($redir_url);
534
        exit();
535
    }
536
 
537
}
538
 
539
// ------------------------------------------------------------------------
540
// Display a PM page
541
// ------------------------------------------------------------------------
542
 
543
// Use the message list as the default page.
544
if (!$page){
545
    $page = "list";
546
    $folder_id = PHORUM_PM_INBOX;
547
}
548
 
549
// Show an OK message for a redirected page?
550
$okmsg_id = phorum_getparam('okmsg');
551
if ($okmsg_id && isset($PHORUM["DATA"]["LANG"][$okmsg_id])) {
552
    $okmsg = $PHORUM["DATA"]["LANG"][$okmsg_id];
553
}
554
 
555
// Make error and OK messages available in the template.
556
$PHORUM["DATA"]["ERROR"] = (empty($error)) ? "" : $error;
557
$PHORUM["DATA"]["OKMSG"] = (empty($okmsg)) ? "" : $okmsg;
558
 
559
switch ($page) {
560
 
561
    // Manage the PM folders.
562
    case "folders":
563
 
564
        $PHORUM["DATA"]["CREATE_FOLDER_NAME"] = isset($_POST["create_folder_name"]) ? htmlspecialchars($_POST["create_folder_name"]) : '';
565
        $PHORUM["DATA"]["RENAME_FOLDER_NAME"] = isset($_POST["rename_folder_name"]) ? htmlspecialchars($_POST["rename_folder_name"]) : '';
566
        $template = "pm_folders";
567
        break;
568
 
569
 
570
    // Manage the buddies.
571
    case "buddies":
572
 
573
        // Retrieve a list of users that are buddies for the current user.
574
        $buddy_list = phorum_db_pm_buddy_list(NULL, true);
575
        if (count($buddy_list)) {
576
            $buddy_users = phorum_user_get(array_keys($buddy_list), false);
577
            $buddy_users = phorum_hook("read_user_info", $buddy_users);
578
        } else {
579
            $buddy_users = array();
580
        }
581
 
582
        // Sort the buddies by username.
583
        function phorum_sort_buddy_list($a,$b) {
584
            return strcasecmp($a["username"], $b["username"]);
585
        }
586
        uasort($buddy_users, 'phorum_sort_buddy_list');
587
 
588
        $buddies = array();
589
        foreach ($buddy_users as $id => $buddy_user) {
590
            $buddy = array(
591
                'user_id'     => $id,
592
                'profile_url' => phorum_get_url(PHORUM_PROFILE_URL, $buddy_user["user_id"]),
593
                'username'    => htmlspecialchars($buddy_user["username"]),
594
                'real_name'   => isset($buddy_user["real_name"]) ? htmlspecialchars($buddy_user["real_name"]) : '',
595
                'mutual'      => $buddy_list[$id]["mutual"],
596
            );
597
 
598
            if (!$buddy_user['hide_activity']) {
599
              $buddy["date_last_active"] = phorum_date($PHORUM["short_date"], $buddy_user["date_last_active"]);
600
            } else {
601
              $buddy["date_last_active"] = "-";
602
            }
603
            $buddies[$id] = $buddy;
604
        }
605
 
606
        $PHORUM["DATA"]["USERTRACK"] = $PHORUM["track_user_activity"];
607
        $PHORUM["DATA"]["BUDDIES"] = $buddies;
608
        $PHORUM["DATA"]["BUDDYCOUNT"] = count($buddies);
609
 
610
        $PHORUM["DATA"]["PMLOCATION"] = $PHORUM["DATA"]["LANG"]["Buddies"];
611
 
612
        $template = "pm_buddies";
613
        break;
614
 
615
 
616
    // Show a listing of messages in a folder.
617
    case "list":
618
 
619
        // Check if the folder exists for the user.
620
        if (! isset($pm_folders[$folder_id])) {
621
            $PHORUM["DATA"]["BLOCK_CONTENT"] = $PHORUM["DATA"]["LANG"]["PMFolderNotAvailable"];
622
            $template = "stdblock";
623
        } else {
624
 
625
            $list = phorum_db_pm_list($folder_id);
626
 
627
            // Prepare data for the templates (formatting and XSS prevention).
628
            $list = phorum_pm_format($list);
629
            foreach ($list as $message_id => $message)
630
            {
631
                $list[$message_id]["from_profile_url"] = phorum_get_url(PHORUM_PROFILE_URL, $message["from_user_id"]);
632
                $list[$message_id]["read_url"]=phorum_get_url(PHORUM_PM_URL, "page=read", "folder_id=$folder_id", "pm_id=$message_id");
633
                $list[$message_id]["date"] = phorum_date($PHORUM["short_date"], $message["datestamp"]);
634
                $list[$message_id]["recipient_count"] = count($message["recipients"]);
635
                $receive_count = 0;
636
                foreach ($message["recipients"] as $rcpt_id => $rcpt) {
637
                    if ($rcpt["read_flag"]) $receive_count++;
638
                    $list[$message_id]["recipients"][$rcpt_id]["username"] = htmlspecialchars($rcpt["username"]);
639
                    $list[$message_id]["recipients"][$rcpt_id]["to_profile_url"] = phorum_get_url(PHORUM_PROFILE_URL, $rcpt_id);
640
                }
641
                $list[$message_id]["receive_count"] = $receive_count;
642
            }
643
 
644
            // Setup template variables.
645
            $PHORUM["DATA"]["MESSAGECOUNT"] = count($list);
646
            $PHORUM["DATA"]["MESSAGES"] = $list;
647
            $PHORUM["DATA"]["PMLOCATION"] = $pm_folders[$folder_id]["name"];
648
 
649
            $template = "pm_list";
650
        }
651
 
652
        break;
653
 
654
 
655
    // Read a single private message.
656
    case "read":
657
 
658
        if (($message=phorum_db_pm_get($pm_id, $folder_id))) {
659
 
660
            // Mark the message read.
661
            if (! $message['read_flag']) {
662
                phorum_db_pm_setflag($message["pm_message_id"], PHORUM_PM_READ_FLAG, true);
663
 
664
                // Invalidate user cache, to update message counts.
665
                phorum_cache_remove('user',$user_id);
666
            }
667
 
668
            // Run the message through the default message formatting.
669
            list($message) = phorum_pm_format(array($message));
670
 
671
            // Setup data for recipients.
672
            foreach ($message["recipients"] as $rcpt_id => $rcpt) {
673
                $message["recipients"][$rcpt_id]["username"] = htmlspecialchars($rcpt["username"]);
674
                $message["recipients"][$rcpt_id]["to_profile_url"] = phorum_get_url(PHORUM_PROFILE_URL, $rcpt_id);
675
            }
676
            $message["recipient_count"] = count($message["recipients"]);
677
 
678
            // Setup URL's and format date.
679
            $message["from_profile_url"]=phorum_get_url(PHORUM_PROFILE_URL, $message["from_user_id"]);
680
            $message["date"]=phorum_date($PHORUM["short_date"], $message["datestamp"]);
681
 
682
            $PHORUM["DATA"]["MESSAGE"] = $message;
683
            $PHORUM["DATA"]["PMLOCATION"] = $PHORUM["DATA"]["LANG"]["PMRead"];
684
 
685
            // re-init folder list to account for change in read flags
686
            $pm_folders = phorum_db_pm_getfolders(NULL, true);
687
 
688
            // Set folder id to the right folder for this message.
689
            $folder_id = $message["pm_folder_id"];
690
            if ($folder_id == 0) {
691
                $folder_id = $message["special_folder"];
692
            }
693
 
694
            $template = "pm_read";
695
 
696
        } else {
697
 
698
            // The message was not found. Show an error.
699
            $PHORUM["DATA"]["BLOCK_CONTENT"] = $PHORUM["DATA"]["LANG"]["PMNotAvailable"];
700
            $template = "stdblock";
701
        }
702
 
703
        break;
704
 
705
 
706
    // Post a new private message.
707
    case "send":
708
 
709
        // Setup the default array with the message data.
710
        $msg = array(
711
            "from_username" => $PHORUM["user"]["username"],
712
            "keep"          => isset($_POST["keep"]) && $_POST["keep"] ? 1 : 0,
713
            "subject"       => isset($_POST["subject"]) ? $_POST["subject"] : '',
714
            "message"       => isset($_POST["message"]) ? $_POST["message"] : '',
715
            "preview"       => isset($_POST["preview"]) ? 1 : 0,
716
            "recipients"    => $recipients,
717
        );
718
 
719
        // Data initialization for posting messages on first request.
720
        if ($action == NULL || $action != 'post')
721
        {
722
            // Setup data for sending a private message to specified recipients.
723
            // Recipients are passed on as a standard phorum argument "to_id"
724
            // containing a colon separated list of users.
725
            if (isset($PHORUM["args"]["to_id"])) {
726
                foreach (explode(":", $PHORUM["args"]["to_id"]) as $rcpt_id) {
727
                    settype($rcpt_id, "int");
728
                    $user = phorum_user_get($rcpt_id, false);
729
                    if ($user) {
730
                        $msg["recipients"][$rcpt_id] = array(
731
                            "username" => $user["username"],
732
                            "user_id"  => $user["user_id"]
733
                        );
734
                    }
735
                }
736
 
737
                $hide_userselect = 1;
738
 
739
            // Setup data for replying to a private message.
740
            } elseif (isset($pm_id)) {
741
 
742
                $message = phorum_db_pm_get($pm_id);
743
                $msg["subject"] = $message["subject"];
744
                $msg["message"] = $message["message"];
745
                $msg["recipients"][$message["from_user_id"]] = array(
746
                    "username" => $message["from_username"],
747
                    "user_id"  => $message["from_user_id"]
748
                );
749
                $msg = phorum_pm_quoteformat($message["from_username"], $msg);
750
 
751
                // Include the other recipient, excecpt the active
752
                // user himself, when replying to all.
753
                if (isset($_POST["reply_to_all"])) {
754
                    foreach($message["recipients"] as $rcpt) {
755
                        if ($user_id == $rcpt["user_id"]) continue;
756
                        $msg["recipients"][$rcpt["user_id"]] = array(
757
                            "username" => $rcpt["username"],
758
                            "user_id"  => $rcpt["user_id"],
759
                        );
760
                    }
761
                }
762
 
763
                $hide_userselect = 1;
764
 
765
            // Setup data for replying privately to a forum post.
766
            } elseif (isset($PHORUM["args"]["message_id"])) {
767
 
768
                $message = phorum_db_get_message($PHORUM["args"]["message_id"], "message_id", true);
769
 
770
                if (phorum_user_access_allowed(PHORUM_USER_ALLOW_READ) && ($PHORUM["forum_id"]==$message["forum_id"] || $message["forum_id"] == 0)) {
771
 
772
                    // get url to the message board thread
773
                    $origurl = phorum_get_url(PHORUM_READ_URL, $message["thread"], $message["message_id"]);
774
 
775
                    // Find the real username, because some mods rewrite the
776
                    // username in the message table. There will be a better solution
777
                    // for selecting recipients, but for now this will fix some
778
                    // of the problems.
779
                    $user = phorum_user_get($message["user_id"], false);
780
 
781
                    $msg["subject"] = $message["subject"];
782
                    $msg["message"] = $message["body"];
783
                    $msg["recipients"][$message["user_id"]] = array(
784
                        'username' => $user["username"],
785
                        'user_id'  => $user["user_id"]
786
                    );
787
                    $msg = phorum_pm_quoteformat($user["username"], $msg, $origurl);
788
                }
789
 
790
                $hide_userselect = 1;
791
            }
792
        }
793
 
794
        // Setup data for previewing a message.
795
        if ($msg["preview"]) {
796
            list($preview) = phorum_pm_format(array($msg));
797
            $PHORUM["DATA"]["PREVIEW"] = $preview;
798
        }
799
 
800
        // XSS prevention.
801
        foreach ($msg as $key => $val) {
802
            switch ($key) {
803
                case "recipients": {
804
                    foreach ($val as $id => $data) {
805
                        $msg[$key][$id]["username"] = htmlspecialchars($data["username"]);
806
                    }
807
                    break;
808
                }
809
                default: {
810
                    $msg[$key] = htmlspecialchars($val);
811
                    break;
812
                }
813
            }
814
        }
815
 
816
 
817
        $PHORUM["DATA"]["MESSAGE"] = $msg;
818
        $PHORUM["DATA"]["RECIPIENT_COUNT"] = count($msg["recipients"]);
819
        $PHORUM["DATA"]["SHOW_USERSELECTION"] = true;
820
 
821
        // Determine what input element gets the focus.
822
        $focus_id = 'userselection';
823
        if ($PHORUM["DATA"]["RECIPIENT_COUNT"]) $focus_id = 'subject';
824
        if (!empty($msg["subject"])) $focus_id = 'message';
825
        $PHORUM["DATA"]["FOCUS_TO_ID"] = $focus_id;
826
 
827
        // Create data for a user dropdown list, if configured.
828
        if ($PHORUM["DATA"]["SHOW_USERSELECTION"] && $PHORUM["enable_dropdown_userlist"])
829
        {
830
            $allusers = array();
831
            $userlist = phorum_user_get_list();
832
            foreach ($userlist as $user_id => $userinfo){
833
                if (isset($msg["recipients"][$user_id])) continue;
834
                $userinfo["displayname"] = htmlspecialchars($userinfo["displayname"]);
835
                $userinfo["username"] = htmlspecialchars($userinfo["username"]);
836
                $userinfo["user_id"] = $user_id;
837
                $allusers[] = $userinfo;
838
            }
839
            $PHORUM["DATA"]["USERS"] = $allusers;
840
            if (count($allusers) == 0) $PHORUM["DATA"]["SHOW_USERSELECTION"] = false;
841
        }
842
 
843
        $PHORUM["DATA"]["PMLOCATION"] = $PHORUM["DATA"]["LANG"]["SendPM"];
844
        $template = "pm_post";
845
        break;
846
}
847
 
848
if ($hide_userselect) {
849
    $PHORUM["DATA"]["SHOW_USERSELECTION"] = 0;
850
}
851
 
852
// Make message count and quota information available in the templates.
853
$PHORUM['DATA']['MAX_PM_MESSAGECOUNT'] = 0;
854
if (! $PHORUM['user']['admin']) {
855
    $PHORUM['DATA']['MAX_PM_MESSAGECOUNT'] = $PHORUM['SETTINGS']['max_pm_messagecount'];
856
    if ($PHORUM['SETTINGS']['max_pm_messagecount'])
857
    {
858
        $current_count = phorum_db_pm_messagecount(PHORUM_PM_ALLFOLDERS);
859
        $PHORUM['DATA']['PM_MESSAGECOUNT'] = $current_count['total'];
860
        $space_left = $PHORUM['SETTINGS']['max_pm_messagecount'] - $current_count['total'];
861
        if ($space_left < 0) $space_left = 0;
862
        $PHORUM['DATA']['PM_SPACE_LEFT'] = $space_left;
863
        $PHORUM['DATA']['LANG']['PMSpaceLeft'] = str_replace('%pm_space_left%', $space_left, $PHORUM['DATA']['LANG']['PMSpaceLeft']);
864
    }
865
}
866
 
867
// Make a list of folders for use in the menu and a list of folders that
868
// the user created. The latter will be set to zero if no user folders
869
// are available.
870
 
871
$pm_userfolders = array();
872
foreach($pm_folders as $id => $data)
873
{
874
    $pm_folders[$id]["is_special"] = is_numeric($id) ? 0 : 1;
875
    $pm_folders[$id]["is_outgoing"] = $id == PHORUM_PM_OUTBOX;
876
    $pm_folders[$id]["id"] = $id;
877
    $pm_folders[$id]["name"] = htmlspecialchars($data["name"]);
878
    $pm_folders[$id]["url"] = phorum_get_url(PHORUM_PM_URL, "page=list", "folder_id=$id");
879
 
880
    if (!$pm_folders[$id]["is_special"]) {
881
        $pm_userfolders[$id] = $pm_folders[$id];
882
    }
883
}
884
 
885
$PHORUM["DATA"]["URL"]["PM_FOLDERS"] = phorum_get_url(PHORUM_PM_URL, "page=folders");
886
$PHORUM["DATA"]["URL"]["PM_SEND"] = phorum_get_url(PHORUM_PM_URL, "page=send");
887
$PHORUM["DATA"]["URL"]["BUDDIES"] = phorum_get_url(PHORUM_PM_URL, "page=buddies");
888
 
889
$PHORUM["DATA"]["PM_FOLDERS"] = $pm_folders;
890
$PHORUM["DATA"]["PM_USERFOLDERS"] = count($pm_userfolders) ? $pm_userfolders : 0;
891
 
892
 
893
// Set some default template data.
894
$PHORUM["DATA"]["ACTION"]=phorum_get_url( PHORUM_PM_ACTION_URL );
895
$PHORUM["DATA"]["FOLDER_ID"] = $folder_id;
896
$PHORUM["DATA"]["FOLDER_IS_INCOMING"] = $folder_id == PHORUM_PM_OUTBOX ? 0 : 1;
897
$PHORUM["DATA"]["PM_PAGE"] = $page;
898
$PHORUM["DATA"]["HIDE_USERSELECT"] = $hide_userselect;
899
 
900
include phorum_get_template("header");
901
phorum_hook("after_header");
902
if ($error_msg) {
903
    $PHORUM["DATA"]["ERROR"] = $error_msg;
904
    unset($PHORUM["DATA"]["MESSAGE"]);
905
    include phorum_get_template("message");
906
} else {
907
    include phorum_get_template("pm");
908
}
909
phorum_hook("before_footer");
910
include phorum_get_template("footer");
911
 
912
// ------------------------------------------------------------------------
913
// Utility functions
914
// ------------------------------------------------------------------------
915
 
916
// Apply the default forum message formatting to a private message.
917
function phorum_pm_format($messages)
918
{
919
    include_once("./include/format_functions.php");
920
 
921
    // Reformat message so it looks like a forum message.
922
    foreach ($messages as $id => $message)
923
    {
924
        $messages[$id]["author"] = $message["from_username"];
925
        $messages[$id]["body"] = isset($message["message"]) ? $message["message"] : "";
926
        $messages[$id]["email"] = "";
927
    }
928
 
929
    // Run the messages through the formatting code.
930
    $messages = phorum_format_messages($messages);
931
 
932
    // Reformat message back to a private message.
933
    foreach ($messages as $id => $message)
934
    {
935
        $messages[$id]["message"] = $message["body"];
936
        $messages[$id]["from_username"] = $message["author"];
937
        unset($messages[$id]["body"]);
938
        unset($messages[$id]["author"]);
939
    }
940
 
941
    return $messages;
942
}
943
 
944
// Apply message reply quoting to a private message.
945
function phorum_pm_quoteformat($orig_author, $message, $inreplyto = NULL)
946
{
947
    $PHORUM = $GLOBALS["PHORUM"];
948
 
949
    // Build the reply subject.
950
    if (substr($message["subject"], 0, 3) != "Re:") {
951
        $message["subject"] = "Re: ".$message["subject"];
952
    }
953
 
954
    // Build a quoted version of the message body.
955
    $quote = phorum_strip_body($message["message"]);
956
    $quote = str_replace("\n", "\n> ", $quote);
957
    $quote = wordwrap(trim($quote), 50, "\n> ", true);
958
    $quote = ($inreplyto != NULL ? "{$PHORUM['DATA']['LANG']['InReplyTo']} {$inreplyto}\n" : '') .
959
             "$orig_author {$PHORUM['DATA']['LANG']['Wrote']}:\n" .
960
             str_repeat("-", 55)."\n> {$quote}\n\n\n";
961
    $message["message"] = $quote;
962
 
963
    return $message;
964
}
965
 
966
?>