Rev 831 | Blame | Last modification | View Log | RSS feed
<?php
////////////////////////////////////////////////////////////////////////////////
// //
// Copyright (C) 2006 Phorum Development Team //
// http://www.phorum.org //
// //
// This program is free software. You can redistribute it and/or modify //
// it under the terms of either the current Phorum License (viewable at //
// phorum.org) or the Phorum License that was distributed with this file //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
// These language strings are set dynamically, so the language
// tool won't recognize them automatically. Therefore they are
// mentioned here.
// $PHORUM["DATA"]["LANG"]["PMFolderCreateSuccess"]
// $PHORUM["DATA"]["LANG"]["PMFolderRenameSuccess"]
// $PHORUM["DATA"]["LANG"]["PMFolderDeleteSuccess"]
// $PHORUM["DATA"]["LANG"]["PMSent"]
// PMTODO If reading from a mail notify, lookup the folder_id,
// so the close button will work. Now the folder_id is empty.
// PMTODO implement pm_reply_flag functionality
define('phorum_page','pm');
include_once("./common.php");
phorum_require_login();
// set all our common URL's
phorum_build_common_urls();
include_once("./include/email_functions.php");
include_once("./include/format_functions.php");
// a user has to be logged in to use the private messages system
if (!$PHORUM["DATA"]["LOGGEDIN"]) {
phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
exit();
}
// if the user is not fully logged in, send him to the login page
if (!$PHORUM["DATA"]["FULLY_LOGGEDIN"]) {
// Construct the URL to redirect to after logging in.
$args = array(PHORUM_PM_URL);
foreach ($PHORUM["args"] as $k => $v) {
if (in_array("$k=$v", $PHORUM["DATA"]["GET_VARS"])) continue;
if(is_numeric($k)) $args[] = $v; else $args[] = "$k=$v";
}
$redir = urlencode(call_user_func_array('phorum_get_url', $args));
phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL, "redir=$redir"));
exit();
}
// If private messages are disabled, just show a simple error message.
if (! $PHORUM["enable_pm"]) {
$PHORUM["DATA"]["BLOCK_CONTENT"] = $PHORUM["DATA"]["LANG"]["PMDisabled"];
include phorum_get_template("header");
phorum_hook("after_header");
include phorum_get_template("stdblock");
phorum_hook("before_footer");
include phorum_get_template("footer");
return;
}
// ------------------------------------------------------------------------
// Parameter handling
// ------------------------------------------------------------------------
// Retrieve a parameter from either the args-list or $_POST.
function phorum_getparam($name)
{
$PHORUM = $GLOBALS["PHORUM"];
$ret = NULL;
if (isset($PHORUM["args"][$name])) {
$ret = trim($PHORUM["args"][$name]);
}elseif (isset($_POST[$name])) {
$ret = trim($_POST[$name]);
}
return $ret;
}
// Get basic parameters.
$action = phorum_getparam('action');
$page = phorum_getparam('page');
$folder_id = phorum_getparam('folder_id');
$pm_id = phorum_getparam('pm_id');
$forum_id = $PHORUM["forum_id"];
$user_id = $PHORUM["user"]["user_id"];
$hide_userselect = phorum_getparam('hide_userselect');
// Get recipients from the form and create a valid list of recipients.
$recipients = array();
if (isset($_POST["recipients"]) && is_array($_POST["recipients"])) {
foreach ($_POST["recipients"] as $id => $username) {
$user = phorum_user_get($id, false);
if ($user) {
$recipients[$id] = $user;
}
}
}
// init error var
$error_msg = "";
// ------------------------------------------------------------------------
// Banlist checking
// ------------------------------------------------------------------------
// Start editor Post message Post reply
if ($page == 'send' || $action == 'post' || ($action == 'list' && isset($pm_id)))
{
include_once("./include/profile_functions.php");
$error = phorum_check_bans(array(
array($PHORUM["user"]["username"], PHORUM_BAD_NAMES),
array($PHORUM["user"]["email"], PHORUM_BAD_EMAILS),
array($user_id, PHORUM_BAD_USERID),
array(NULL, PHORUM_BAD_IPS),
));
// Show an error in case we encountered a ban.
if (! empty($error)) {
$PHORUM["DATA"]["ERROR"] = $error;
include phorum_get_template("header");
phorum_hook("after_header");
include phorum_get_template("message");
phorum_hook("before_footer");
include phorum_get_template("footer");
return;
}
}
// ------------------------------------------------------------------------
// Perform actions
// ------------------------------------------------------------------------
// Initialize error and ok message.
$error = '';
$okmsg = '';
// init folder list
$pm_folders = phorum_db_pm_getfolders(NULL, true);
// Translate button clicks from the read page to appropriate actions.
if (isset($_POST['close_message'])) {
$page = 'list';
} elseif (isset($_POST['delete_message'])) {
$page = 'list';
$_POST['delete'] = 1;
$_POST['checked'] = array($pm_id);
$action = 'list';
} elseif (isset($_POST['move_message'])) {
$page = 'list';
$_POST['move'] = 1;
$_POST['checked'] = array($pm_id);
$action = 'list';
} elseif (isset($_POST['reply']) || isset($_POST['reply_to_all'])) {
$page = 'send';
$action = '';
}
if (!empty($action)) {
// Utility function to check if a foldername already exists.
// No extreme checking with locking here. Technically
// speaking duplicate foldernames will work. It's just
// confusing for the user.
function phorum_pm_folder_exists($foldername)
{
global $pm_folders;
foreach ($pm_folders as $id => $data) {
if (strcasecmp($foldername, $data["name"]) == 0) {
return true;
}
}
return false;
}
// Redirect will be set to a true value if after performing
// the action we want to use a redirect to get to the
// result page. This is done for two reasons:
// 1) Let the result page use refreshed PM data;
// 2) Prevent reloading of the action page (which could for
// example result in duplicate message sending).
// The variable $redirect_message can be set to a language
// key string to have a message displayed after redirection.
$redirect = false;
$redirect_message = '';
switch($action) {
// Actions which are triggered from the folder management interface.
case "folders":
$redirect = false;
$page = "folders";
// Create folder.
if (!empty($_POST['create_folder']))
{
$foldername = trim($_POST["create_folder_name"]);
if ($foldername != '')
{
if (phorum_pm_folder_exists($foldername)) {
$error = $PHORUM["DATA"]["LANG"]["PMFolderExistsError"];
} else {
phorum_db_pm_create_folder($foldername);
$redirect_message = "PMFolderCreateSuccess";
$redirect = true;
}
}
}
// Rename a folder.
elseif (!empty($_POST['rename_folder']))
{
$from = $_POST['rename_folder_from'];
$to = trim($_POST['rename_folder_to']);
if (!empty($from) && $to != '') {
if (phorum_pm_folder_exists($to)) {
$error = $PHORUM["DATA"]["LANG"]["PMFolderExistsError"];
} else {
phorum_db_pm_rename_folder($from, $to);
$redirect_message = "PMFolderRenameSuccess";
$redirect = true;
}
}
}
// Delete a folder.
elseif (!empty($_POST['delete_folder']))
{
$folder_id = $_POST["delete_folder_target"];
if (!empty($folder_id)) {
phorum_db_pm_delete_folder($folder_id);
$redirect_message = "PMFolderDeleteSuccess";
$redirect = true;
// Invalidate user cache, to update message counts.
phorum_cache_remove('user',$user_id);
}
}
break;
// Actions which are triggered from the list interface.
case "list":
// Delete all checked messages.
if (isset($_POST["delete"]) && isset($_POST["checked"])) {
foreach($_POST["checked"] as $pm_id) {
if (phorum_db_pm_get($pm_id, $folder_id)) {
phorum_db_pm_delete($pm_id, $folder_id);
}
}
// Invalidate user cache, to update message counts.
phorum_cache_remove('user',$user_id);
}
// Move checked messages to another folder.
elseif (isset($_POST["move"]) && isset($_POST["checked"])) {
$to = $_POST['target_folder'];
if (! empty($to)) {
foreach($_POST["checked"] as $pm_id) {
if (phorum_db_pm_get($pm_id, $folder_id)) {
phorum_db_pm_move($pm_id, $folder_id, $to);
}
}
}
}
$page = "list";
$redirect = true;
break;
// Actions which are triggered from the post form.
case "post":
// Parse clicks on the image buttons that we use for
// deleting recipients from the list of recipients.
// These are not sent as name=value, but instead
// name_x=xclickoffset and name_y=yclickoffset are sent.
// Also accept normal button clicks with name="del_rcpt::<id>",
// so template builders can use that.
$del_rcpt = NULL;
foreach ($_POST as $key => $val) {
if (preg_match('/^del_rcpt::(\d+)(_x)?$/', $key, $m)) {
$del_rcpt = $m[1];
break;
}
}
// Determine what action to perform.
$action = "post";
if (isset($_POST["preview"])) $action = "preview";
if (isset($_POST["rcpt_add"])) $action = "rcpt_add";
if (!is_null($del_rcpt)) $action = "del_rcpt";
// Adding a recipient.
if ($action == "rcpt_add" || $action == "preview" || $action == "post") {
// Convert adding a recipient by name to adding by user id.
if (isset($_POST["to_name"])) {
$to_name = trim($_POST["to_name"]);
if ($to_name != '') {
$to_user_id = phorum_db_user_check_field('username', $to_name);
if ($to_user_id) {
$_POST["to_id"] = $to_user_id;
unset($_POST["to_name"]);
} else {
$error = $PHORUM["DATA"]["LANG"]["UserNotFound"];
}
}
}
// Add a recipient by id.
if (isset($_POST["to_id"]) && is_numeric($_POST["to_id"])) {
$user = phorum_user_get($_POST["to_id"], false);
if ($user) {
$recipients[$user["user_id"]] = $user;
}
}
$page = "send";
// Deleting a recipient.
} elseif ($action == "del_rcpt") {
unset($recipients[$del_rcpt]);
$page = "send";
// When deleting a recipient, we always have to
// show the user selection. Put it back in, for
// situations where we had the user selection
// hidden intentionally.
$hide_userselect = 0;
}
// For previewing the message, no action has to be taken.
if ($action == "preview") {
$page = "send";
}
// Posting the message.
elseif ($action == "post") {
// Only send the message if we have at least one recipient.
if (count($recipients)) {
$_POST["subject"] = trim($_POST["subject"]);
$_POST["message"] = trim($_POST["message"]);
// Only send the message if all required message data is filled in.
if ($_POST["subject"] == '' || $_POST["message"] == '') {
$error = $PHORUM["DATA"]["LANG"]["PMRequiredFields"];
// Message data is okay. Post the message.
} else {
if (empty($_POST["keep"])) $_POST["keep"] = 0;
// Check if sender and recipients have not yet reached the
// maximum number of messages that may be stored on the server.
// Administrators may always send PM.
if (!$PHORUM['user']['admin'] && $PHORUM['max_pm_messagecount'])
{
// Build a list of users to check.
$checkusers = $recipients;
if ($_POST['keep']) $checkusers[] = $PHORUM['user'];
// Check all users.
foreach ($checkusers as $user)
{
if ($user['admin']) continue; // No limits for admins
$current_count = phorum_db_pm_messagecount(PHORUM_PM_ALLFOLDERS, $user["user_id"]);
if ($current_count['total'] >= $PHORUM['max_pm_messagecount']) {
if ($user['user_id'] == $PHORUM["user"]["user_id"]) {
$error = $PHORUM["DATA"]["LANG"]["PMFromMailboxFull"];
} else {
$error = $PHORUM["DATA"]["LANG"]["PMToMailboxFull"];
$error = str_replace('%recipient%', htmlspecialchars($user["username"]), $error);
}
}
}
}
// Send the private message if no errors occurred.
if (empty($error)) {
$pm_message_id = phorum_db_pm_send($_POST["subject"], $_POST["message"], array_keys($recipients), NULL, $_POST["keep"]);
// Show an error in case of problems.
if (! $pm_message_id) {
$error = $PHORUM["DATA"]["LANG"]["PMNotSent"];
// Do e-mail notifications on successful sending.
} else {
include_once("./include/email_functions.php");
$pm_message = array(
'pm_message_id' => $pm_message_id,
'subject' => $_POST['subject'],
'message' => $_POST['message'],
'from_username' => $PHORUM['user']['username'],
'from_user_id' => $user_id,
);
// Sort all recipients that want a notify by language.
$langrcpts = array();
foreach ($recipients as $rcpt_id => $rcpt) {
if ($rcpt["pm_email_notify"]) {
if (!isset($langrcpts[$rcpt["user_language"]])) {
$langrcpts[$rcpt["user_language"]] = array($rcpt);
} else {
$langrcpts[$rcpt["user_language"]][] = $rcpt;
}
}
}
phorum_email_pm_notice($pm_message, $langrcpts);
phorum_hook("pm_sent", $pm_message);
}
}
// Invalidate user cache, to update message counts.
phorum_cache_remove('user', $user_id);
foreach ($recipients as $rcpt) {
phorum_cache_remove('user', $rcpt["user_id"]);
}
$redirect_message = "PMSent";
}
} else {
$error = $PHORUM["DATA"]["LANG"]["PMNoRecipients"];
}
// Stay on the post page in case of errors. Redirect on success.
if ($error) {
$page = "send";
} else {
$redirect = true;
}
}
break;
// Actions that are triggered from the buddy list.
case "buddies":
// Delete all checked buddies.
if (isset($_POST["delete"]) && isset($_POST["checked"])) {
foreach($_POST["checked"] as $buddy_user_id) {
phorum_db_pm_buddy_delete($buddy_user_id);
phorum_hook("buddy_delete", $buddy_user_id);
}
}
// Send a PM to the checked buddies.
if (isset($_POST["send_pm"]) && isset($_POST["checked"])) {
$pm_rcpts = $_POST["checked"];
if (count($pm_rcpts)) {
$redirect = true;
$page = "send";
} else {
unset($pm_rcpts);
}
}
break;
// Add a user to this user's buddy list.
case "addbuddy":
$buddy_user_id = $PHORUM["args"]["addbuddy_id"];
if (!empty($buddy_user_id)) {
if (phorum_db_pm_buddy_add($buddy_user_id)) {
$okmsg = $PHORUM["DATA"]["LANG"]["BuddyAddSuccess"];
phorum_hook("buddy_add", $buddy_user_id);
} else {
$error = $PHORUM["DATA"]["LANG"]["BuddyAddFail"];
}
}
break;
default:
die("Unhandled action for pm.php: " . htmlspecialchars($action));
}
// The action has been completed successfully.
// Redirect the user to the result page.
if ($redirect)
{
$args = array(
PHORUM_PM_URL,
"page=" . $page,
"folder_id=" . $folder_id,
);
if (isset($pm_rcpts)) $args[] = "to_id=" . implode(':', $pm_rcpts);
if (!empty($pm_id)) $args[] = "pm_id=" . $pm_id;
if (!empty($redirect_message)) $args[] = "okmsg=" . $redirect_message;
$redir_url = call_user_func_array('phorum_get_url', $args);
phorum_redirect_by_url($redir_url);
exit();
}
}
// ------------------------------------------------------------------------
// Display a PM page
// ------------------------------------------------------------------------
// Use the message list as the default page.
if (!$page){
$page = "list";
$folder_id = PHORUM_PM_INBOX;
}
// Show an OK message for a redirected page?
$okmsg_id = phorum_getparam('okmsg');
if ($okmsg_id && isset($PHORUM["DATA"]["LANG"][$okmsg_id])) {
$okmsg = $PHORUM["DATA"]["LANG"][$okmsg_id];
}
// Make error and OK messages available in the template.
$PHORUM["DATA"]["ERROR"] = (empty($error)) ? "" : $error;
$PHORUM["DATA"]["OKMSG"] = (empty($okmsg)) ? "" : $okmsg;
switch ($page) {
// Manage the PM folders.
case "folders":
$PHORUM["DATA"]["CREATE_FOLDER_NAME"] = isset($_POST["create_folder_name"]) ? htmlspecialchars($_POST["create_folder_name"]) : '';
$PHORUM["DATA"]["RENAME_FOLDER_NAME"] = isset($_POST["rename_folder_name"]) ? htmlspecialchars($_POST["rename_folder_name"]) : '';
$template = "pm_folders";
break;
// Manage the buddies.
case "buddies":
// Retrieve a list of users that are buddies for the current user.
$buddy_list = phorum_db_pm_buddy_list(NULL, true);
if (count($buddy_list)) {
$buddy_users = phorum_user_get(array_keys($buddy_list), false);
$buddy_users = phorum_hook("read_user_info", $buddy_users);
} else {
$buddy_users = array();
}
// Sort the buddies by username.
function phorum_sort_buddy_list($a,$b) {
return strcasecmp($a["username"], $b["username"]);
}
uasort($buddy_users, 'phorum_sort_buddy_list');
$buddies = array();
foreach ($buddy_users as $id => $buddy_user) {
$buddy = array(
'user_id' => $id,
'profile_url' => phorum_get_url(PHORUM_PROFILE_URL, $buddy_user["user_id"]),
'username' => htmlspecialchars($buddy_user["username"]),
'real_name' => isset($buddy_user["real_name"]) ? htmlspecialchars($buddy_user["real_name"]) : '',
'mutual' => $buddy_list[$id]["mutual"],
);
if (!$buddy_user['hide_activity']) {
$buddy["date_last_active"] = phorum_date($PHORUM["short_date"], $buddy_user["date_last_active"]);
} else {
$buddy["date_last_active"] = "-";
}
$buddies[$id] = $buddy;
}
$PHORUM["DATA"]["USERTRACK"] = $PHORUM["track_user_activity"];
$PHORUM["DATA"]["BUDDIES"] = $buddies;
$PHORUM["DATA"]["BUDDYCOUNT"] = count($buddies);
$PHORUM["DATA"]["PMLOCATION"] = $PHORUM["DATA"]["LANG"]["Buddies"];
$template = "pm_buddies";
break;
// Show a listing of messages in a folder.
case "list":
// Check if the folder exists for the user.
if (! isset($pm_folders[$folder_id])) {
$PHORUM["DATA"]["BLOCK_CONTENT"] = $PHORUM["DATA"]["LANG"]["PMFolderNotAvailable"];
$template = "stdblock";
} else {
$list = phorum_db_pm_list($folder_id);
// Prepare data for the templates (formatting and XSS prevention).
$list = phorum_pm_format($list);
foreach ($list as $message_id => $message)
{
$list[$message_id]["from_profile_url"] = phorum_get_url(PHORUM_PROFILE_URL, $message["from_user_id"]);
$list[$message_id]["read_url"]=phorum_get_url(PHORUM_PM_URL, "page=read", "folder_id=$folder_id", "pm_id=$message_id");
$list[$message_id]["date"] = phorum_date($PHORUM["short_date"], $message["datestamp"]);
$list[$message_id]["recipient_count"] = count($message["recipients"]);
$receive_count = 0;
foreach ($message["recipients"] as $rcpt_id => $rcpt) {
if ($rcpt["read_flag"]) $receive_count++;
$list[$message_id]["recipients"][$rcpt_id]["username"] = htmlspecialchars($rcpt["username"]);
$list[$message_id]["recipients"][$rcpt_id]["to_profile_url"] = phorum_get_url(PHORUM_PROFILE_URL, $rcpt_id);
}
$list[$message_id]["receive_count"] = $receive_count;
}
// Setup template variables.
$PHORUM["DATA"]["MESSAGECOUNT"] = count($list);
$PHORUM["DATA"]["MESSAGES"] = $list;
$PHORUM["DATA"]["PMLOCATION"] = $pm_folders[$folder_id]["name"];
$template = "pm_list";
}
break;
// Read a single private message.
case "read":
if (($message=phorum_db_pm_get($pm_id, $folder_id))) {
// Mark the message read.
if (! $message['read_flag']) {
phorum_db_pm_setflag($message["pm_message_id"], PHORUM_PM_READ_FLAG, true);
// Invalidate user cache, to update message counts.
phorum_cache_remove('user',$user_id);
}
// Run the message through the default message formatting.
list($message) = phorum_pm_format(array($message));
// Setup data for recipients.
foreach ($message["recipients"] as $rcpt_id => $rcpt) {
$message["recipients"][$rcpt_id]["username"] = htmlspecialchars($rcpt["username"]);
$message["recipients"][$rcpt_id]["to_profile_url"] = phorum_get_url(PHORUM_PROFILE_URL, $rcpt_id);
}
$message["recipient_count"] = count($message["recipients"]);
// Setup URL's and format date.
$message["from_profile_url"]=phorum_get_url(PHORUM_PROFILE_URL, $message["from_user_id"]);
$message["date"]=phorum_date($PHORUM["short_date"], $message["datestamp"]);
$PHORUM["DATA"]["MESSAGE"] = $message;
$PHORUM["DATA"]["PMLOCATION"] = $PHORUM["DATA"]["LANG"]["PMRead"];
// re-init folder list to account for change in read flags
$pm_folders = phorum_db_pm_getfolders(NULL, true);
// Set folder id to the right folder for this message.
$folder_id = $message["pm_folder_id"];
if ($folder_id == 0) {
$folder_id = $message["special_folder"];
}
$template = "pm_read";
} else {
// The message was not found. Show an error.
$PHORUM["DATA"]["BLOCK_CONTENT"] = $PHORUM["DATA"]["LANG"]["PMNotAvailable"];
$template = "stdblock";
}
break;
// Post a new private message.
case "send":
// Setup the default array with the message data.
$msg = array(
"from_username" => $PHORUM["user"]["username"],
"keep" => isset($_POST["keep"]) && $_POST["keep"] ? 1 : 0,
"subject" => isset($_POST["subject"]) ? $_POST["subject"] : '',
"message" => isset($_POST["message"]) ? $_POST["message"] : '',
"preview" => isset($_POST["preview"]) ? 1 : 0,
"recipients" => $recipients,
);
// Data initialization for posting messages on first request.
if ($action == NULL || $action != 'post')
{
// Setup data for sending a private message to specified recipients.
// Recipients are passed on as a standard phorum argument "to_id"
// containing a colon separated list of users.
if (isset($PHORUM["args"]["to_id"])) {
foreach (explode(":", $PHORUM["args"]["to_id"]) as $rcpt_id) {
settype($rcpt_id, "int");
$user = phorum_user_get($rcpt_id, false);
if ($user) {
$msg["recipients"][$rcpt_id] = array(
"username" => $user["username"],
"user_id" => $user["user_id"]
);
}
}
$hide_userselect = 1;
// Setup data for replying to a private message.
} elseif (isset($pm_id)) {
$message = phorum_db_pm_get($pm_id);
$msg["subject"] = $message["subject"];
$msg["message"] = $message["message"];
$msg["recipients"][$message["from_user_id"]] = array(
"username" => $message["from_username"],
"user_id" => $message["from_user_id"]
);
$msg = phorum_pm_quoteformat($message["from_username"], $msg);
// Include the other recipient, excecpt the active
// user himself, when replying to all.
if (isset($_POST["reply_to_all"])) {
foreach($message["recipients"] as $rcpt) {
if ($user_id == $rcpt["user_id"]) continue;
$msg["recipients"][$rcpt["user_id"]] = array(
"username" => $rcpt["username"],
"user_id" => $rcpt["user_id"],
);
}
}
$hide_userselect = 1;
// Setup data for replying privately to a forum post.
} elseif (isset($PHORUM["args"]["message_id"])) {
$message = phorum_db_get_message($PHORUM["args"]["message_id"], "message_id", true);
if (phorum_user_access_allowed(PHORUM_USER_ALLOW_READ) && ($PHORUM["forum_id"]==$message["forum_id"] || $message["forum_id"] == 0)) {
// get url to the message board thread
$origurl = phorum_get_url(PHORUM_READ_URL, $message["thread"], $message["message_id"]);
// Find the real username, because some mods rewrite the
// username in the message table. There will be a better solution
// for selecting recipients, but for now this will fix some
// of the problems.
$user = phorum_user_get($message["user_id"], false);
$msg["subject"] = $message["subject"];
$msg["message"] = $message["body"];
$msg["recipients"][$message["user_id"]] = array(
'username' => $user["username"],
'user_id' => $user["user_id"]
);
$msg = phorum_pm_quoteformat($user["username"], $msg, $origurl);
}
$hide_userselect = 1;
}
}
// Setup data for previewing a message.
if ($msg["preview"]) {
list($preview) = phorum_pm_format(array($msg));
$PHORUM["DATA"]["PREVIEW"] = $preview;
}
// XSS prevention.
foreach ($msg as $key => $val) {
switch ($key) {
case "recipients": {
foreach ($val as $id => $data) {
$msg[$key][$id]["username"] = htmlspecialchars($data["username"]);
}
break;
}
default: {
$msg[$key] = htmlspecialchars($val);
break;
}
}
}
$PHORUM["DATA"]["MESSAGE"] = $msg;
$PHORUM["DATA"]["RECIPIENT_COUNT"] = count($msg["recipients"]);
$PHORUM["DATA"]["SHOW_USERSELECTION"] = true;
// Determine what input element gets the focus.
$focus_id = 'userselection';
if ($PHORUM["DATA"]["RECIPIENT_COUNT"]) $focus_id = 'subject';
if (!empty($msg["subject"])) $focus_id = 'message';
$PHORUM["DATA"]["FOCUS_TO_ID"] = $focus_id;
// Create data for a user dropdown list, if configured.
if ($PHORUM["DATA"]["SHOW_USERSELECTION"] && $PHORUM["enable_dropdown_userlist"])
{
$allusers = array();
$userlist = phorum_user_get_list();
foreach ($userlist as $user_id => $userinfo){
if (isset($msg["recipients"][$user_id])) continue;
$userinfo["displayname"] = htmlspecialchars($userinfo["displayname"]);
$userinfo["username"] = htmlspecialchars($userinfo["username"]);
$userinfo["user_id"] = $user_id;
$allusers[] = $userinfo;
}
$PHORUM["DATA"]["USERS"] = $allusers;
if (count($allusers) == 0) $PHORUM["DATA"]["SHOW_USERSELECTION"] = false;
}
$PHORUM["DATA"]["PMLOCATION"] = $PHORUM["DATA"]["LANG"]["SendPM"];
$template = "pm_post";
break;
}
if ($hide_userselect) {
$PHORUM["DATA"]["SHOW_USERSELECTION"] = 0;
}
// Make message count and quota information available in the templates.
$PHORUM['DATA']['MAX_PM_MESSAGECOUNT'] = 0;
if (! $PHORUM['user']['admin']) {
$PHORUM['DATA']['MAX_PM_MESSAGECOUNT'] = $PHORUM['SETTINGS']['max_pm_messagecount'];
if ($PHORUM['SETTINGS']['max_pm_messagecount'])
{
$current_count = phorum_db_pm_messagecount(PHORUM_PM_ALLFOLDERS);
$PHORUM['DATA']['PM_MESSAGECOUNT'] = $current_count['total'];
$space_left = $PHORUM['SETTINGS']['max_pm_messagecount'] - $current_count['total'];
if ($space_left < 0) $space_left = 0;
$PHORUM['DATA']['PM_SPACE_LEFT'] = $space_left;
$PHORUM['DATA']['LANG']['PMSpaceLeft'] = str_replace('%pm_space_left%', $space_left, $PHORUM['DATA']['LANG']['PMSpaceLeft']);
}
}
// Make a list of folders for use in the menu and a list of folders that
// the user created. The latter will be set to zero if no user folders
// are available.
$pm_userfolders = array();
foreach($pm_folders as $id => $data)
{
$pm_folders[$id]["is_special"] = is_numeric($id) ? 0 : 1;
$pm_folders[$id]["is_outgoing"] = $id == PHORUM_PM_OUTBOX;
$pm_folders[$id]["id"] = $id;
$pm_folders[$id]["name"] = htmlspecialchars($data["name"]);
$pm_folders[$id]["url"] = phorum_get_url(PHORUM_PM_URL, "page=list", "folder_id=$id");
if (!$pm_folders[$id]["is_special"]) {
$pm_userfolders[$id] = $pm_folders[$id];
}
}
$PHORUM["DATA"]["URL"]["PM_FOLDERS"] = phorum_get_url(PHORUM_PM_URL, "page=folders");
$PHORUM["DATA"]["URL"]["PM_SEND"] = phorum_get_url(PHORUM_PM_URL, "page=send");
$PHORUM["DATA"]["URL"]["BUDDIES"] = phorum_get_url(PHORUM_PM_URL, "page=buddies");
$PHORUM["DATA"]["PM_FOLDERS"] = $pm_folders;
$PHORUM["DATA"]["PM_USERFOLDERS"] = count($pm_userfolders) ? $pm_userfolders : 0;
// Set some default template data.
$PHORUM["DATA"]["ACTION"]=phorum_get_url( PHORUM_PM_ACTION_URL );
$PHORUM["DATA"]["FOLDER_ID"] = $folder_id;
$PHORUM["DATA"]["FOLDER_IS_INCOMING"] = $folder_id == PHORUM_PM_OUTBOX ? 0 : 1;
$PHORUM["DATA"]["PM_PAGE"] = $page;
$PHORUM["DATA"]["HIDE_USERSELECT"] = $hide_userselect;
include phorum_get_template("header");
phorum_hook("after_header");
if ($error_msg) {
$PHORUM["DATA"]["ERROR"] = $error_msg;
unset($PHORUM["DATA"]["MESSAGE"]);
include phorum_get_template("message");
} else {
include phorum_get_template("pm");
}
phorum_hook("before_footer");
include phorum_get_template("footer");
// ------------------------------------------------------------------------
// Utility functions
// ------------------------------------------------------------------------
// Apply the default forum message formatting to a private message.
function phorum_pm_format($messages)
{
include_once("./include/format_functions.php");
// Reformat message so it looks like a forum message.
foreach ($messages as $id => $message)
{
$messages[$id]["author"] = $message["from_username"];
$messages[$id]["body"] = isset($message["message"]) ? $message["message"] : "";
$messages[$id]["email"] = "";
}
// Run the messages through the formatting code.
$messages = phorum_format_messages($messages);
// Reformat message back to a private message.
foreach ($messages as $id => $message)
{
$messages[$id]["message"] = $message["body"];
$messages[$id]["from_username"] = $message["author"];
unset($messages[$id]["body"]);
unset($messages[$id]["author"]);
}
return $messages;
}
// Apply message reply quoting to a private message.
function phorum_pm_quoteformat($orig_author, $message, $inreplyto = NULL)
{
$PHORUM = $GLOBALS["PHORUM"];
// Build the reply subject.
if (substr($message["subject"], 0, 3) != "Re:") {
$message["subject"] = "Re: ".$message["subject"];
}
// Build a quoted version of the message body.
$quote = phorum_strip_body($message["message"]);
$quote = str_replace("\n", "\n> ", $quote);
$quote = wordwrap(trim($quote), 50, "\n> ", true);
$quote = ($inreplyto != NULL ? "{$PHORUM['DATA']['LANG']['InReplyTo']} {$inreplyto}\n" : '') .
"$orig_author {$PHORUM['DATA']['LANG']['Wrote']}:\n" .
str_repeat("-", 55)."\n> {$quote}\n\n\n";
$message["message"] = $quote;
return $message;
}
?>