Mercurial > hg > vamp-website
diff forum/Sources/PersonalMessage.php @ 76:e3e11437ecea website
Add forum code
| author | Chris Cannam |
|---|---|
| date | Sun, 07 Jul 2013 11:25:48 +0200 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/forum/Sources/PersonalMessage.php Sun Jul 07 11:25:48 2013 +0200 @@ -0,0 +1,3618 @@ +<?php + +/** + * Simple Machines Forum (SMF) + * + * @package SMF + * @author Simple Machines http://www.simplemachines.org + * @copyright 2011 Simple Machines + * @license http://www.simplemachines.org/about/smf/license.php BSD + * + * @version 2.0 + */ + +if (!defined('SMF')) + die('Hacking attempt...'); + +/* This file is mainly meant for viewing personal messages. It also sends, + deletes, and marks personal messages. For compatibility reasons, they are + often called "instant messages". The following functions are used: + + void MessageMain() + // !!! ?action=pm + + void messageIndexBar(string area) + // !!! + + void MessageFolder() + // !!! ?action=pm;sa=folder + + void prepareMessageContext(type reset = 'subject', bool reset = false) + // !!! + + void MessageSearch() + // !!! + + void MessageSearch2() + // !!! + + void MessagePost() + // !!! ?action=pm;sa=post + + void messagePostError(array error_types, array named_recipients, array recipient_ids) + // !!! + + void MessagePost2() + // !!! ?action=pm;sa=post2 + + void WirelessAddBuddy() + // !!! + + void MessageActionsApply() + // !!! ?action=pm;sa=pmactions + + void MessageKillAllQuery() + // !!! ?action=pm;sa=killall + + void MessageKillAll() + // !!! ?action=pm;sa=killall2 + + void MessagePrune() + // !!! ?action=pm;sa=prune + + void deleteMessages(array personal_messages, string folder, + int owner = user) + // !!! + + void markMessages(array personal_messages = all, int label = all, + int owner = user) + - marks the specified personal_messages read. + - if label is set, only marks messages with that label. + - if owner is set, marks messages owned by that member id. + + void ManageLabels() + // !!! + + void MessageSettings() + // !!! + + void ReportMessage() + - allows the user to report a personal message to an administrator. + - in the first instance requires that the ID of the message to report + is passed through $_GET. + - allows the user to report to either a particular administrator - or + the whole admin team. + - will forward on a copy of the original message without allowing the + reporter to make changes. + - uses the report_message sub-template. + + void ManageRules() + // !!! + + void LoadRules() + // !!! + + void ApplyRules() + // !!! +*/ + +// This helps organize things... +function MessageMain() +{ + global $txt, $scripturl, $sourcedir, $context, $user_info, $user_settings, $smcFunc, $modSettings; + + // No guests! + is_not_guest(); + + // You're not supposed to be here at all, if you can't even read PMs. + isAllowedTo('pm_read'); + + // This file contains the basic functions for sending a PM. + require_once($sourcedir . '/Subs-Post.php'); + + loadLanguage('PersonalMessage'); + + if (WIRELESS && WIRELESS_PROTOCOL == 'wap') + fatal_lang_error('wireless_error_notyet', false); + elseif (WIRELESS) + $context['sub_template'] = WIRELESS_PROTOCOL . '_pm'; + else + loadTemplate('PersonalMessage'); + + // Load up the members maximum message capacity. + if ($user_info['is_admin']) + $context['message_limit'] = 0; + elseif (($context['message_limit'] = cache_get_data('msgLimit:' . $user_info['id'], 360)) === null) + { + // !!! Why do we do this? It seems like if they have any limit we should use it. + $request = $smcFunc['db_query']('', ' + SELECT MAX(max_messages) AS top_limit, MIN(max_messages) AS bottom_limit + FROM {db_prefix}membergroups + WHERE id_group IN ({array_int:users_groups})', + array( + 'users_groups' => $user_info['groups'], + ) + ); + list ($maxMessage, $minMessage) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + $context['message_limit'] = $minMessage == 0 ? 0 : $maxMessage; + + // Save us doing it again! + cache_put_data('msgLimit:' . $user_info['id'], $context['message_limit'], 360); + } + + // Prepare the context for the capacity bar. + if (!empty($context['message_limit'])) + { + $bar = ($user_info['messages'] * 100) / $context['message_limit']; + + $context['limit_bar'] = array( + 'messages' => $user_info['messages'], + 'allowed' => $context['message_limit'], + 'percent' => $bar, + 'bar' => min(100, (int) $bar), + 'text' => sprintf($txt['pm_currently_using'], $user_info['messages'], round($bar, 1)), + ); + } + + // a previous message was sent successfully? show a small indication. + if (isset($_GET['done']) && ($_GET['done'] == 'sent')) + $context['pm_sent'] = true; + + // Now we have the labels, and assuming we have unsorted mail, apply our rules! + if ($user_settings['new_pm']) + { + $context['labels'] = $user_settings['message_labels'] == '' ? array() : explode(',', $user_settings['message_labels']); + foreach ($context['labels'] as $id_label => $label_name) + $context['labels'][(int) $id_label] = array( + 'id' => $id_label, + 'name' => trim($label_name), + 'messages' => 0, + 'unread_messages' => 0, + ); + $context['labels'][-1] = array( + 'id' => -1, + 'name' => $txt['pm_msg_label_inbox'], + 'messages' => 0, + 'unread_messages' => 0, + ); + + ApplyRules(); + updateMemberData($user_info['id'], array('new_pm' => 0)); + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET is_new = {int:not_new} + WHERE id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'not_new' => 0, + ) + ); + } + + // Load the label data. + if ($user_settings['new_pm'] || ($context['labels'] = cache_get_data('labelCounts:' . $user_info['id'], 720)) === null) + { + $context['labels'] = $user_settings['message_labels'] == '' ? array() : explode(',', $user_settings['message_labels']); + foreach ($context['labels'] as $id_label => $label_name) + $context['labels'][(int) $id_label] = array( + 'id' => $id_label, + 'name' => trim($label_name), + 'messages' => 0, + 'unread_messages' => 0, + ); + $context['labels'][-1] = array( + 'id' => -1, + 'name' => $txt['pm_msg_label_inbox'], + 'messages' => 0, + 'unread_messages' => 0, + ); + + // Looks like we need to reseek! + $result = $smcFunc['db_query']('', ' + SELECT labels, is_read, COUNT(*) AS num + FROM {db_prefix}pm_recipients + WHERE id_member = {int:current_member} + AND deleted = {int:not_deleted} + GROUP BY labels, is_read', + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($result)) + { + $this_labels = explode(',', $row['labels']); + foreach ($this_labels as $this_label) + { + $context['labels'][(int) $this_label]['messages'] += $row['num']; + if (!($row['is_read'] & 1)) + $context['labels'][(int) $this_label]['unread_messages'] += $row['num']; + } + } + $smcFunc['db_free_result']($result); + + // Store it please! + cache_put_data('labelCounts:' . $user_info['id'], $context['labels'], 720); + } + + // This determines if we have more labels than just the standard inbox. + $context['currently_using_labels'] = count($context['labels']) > 1 ? 1 : 0; + + // Some stuff for the labels... + $context['current_label_id'] = isset($_REQUEST['l']) && isset($context['labels'][(int) $_REQUEST['l']]) ? (int) $_REQUEST['l'] : -1; + $context['current_label'] = &$context['labels'][(int) $context['current_label_id']]['name']; + $context['folder'] = !isset($_REQUEST['f']) || $_REQUEST['f'] != 'sent' ? 'inbox' : 'sent'; + + // This is convenient. Do you know how annoying it is to do this every time?! + $context['current_label_redirect'] = 'action=pm;f=' . $context['folder'] . (isset($_GET['start']) ? ';start=' . $_GET['start'] : '') . (isset($_REQUEST['l']) ? ';l=' . $_REQUEST['l'] : ''); + $context['can_issue_warning'] = in_array('w', $context['admin_features']) && allowedTo('issue_warning') && $modSettings['warning_settings'][0] == 1; + + // Build the linktree for all the actions... + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm', + 'name' => $txt['personal_messages'] + ); + + // Preferences... + $context['display_mode'] = WIRELESS ? 0 : $user_settings['pm_prefs'] & 3; + + $subActions = array( + 'addbuddy' => 'WirelessAddBuddy', + 'manlabels' => 'ManageLabels', + 'manrules' => 'ManageRules', + 'pmactions' => 'MessageActionsApply', + 'prune' => 'MessagePrune', + 'removeall' => 'MessageKillAllQuery', + 'removeall2' => 'MessageKillAll', + 'report' => 'ReportMessage', + 'search' => 'MessageSearch', + 'search2' => 'MessageSearch2', + 'send' => 'MessagePost', + 'send2' => 'MessagePost2', + 'settings' => 'MessageSettings', + ); + + if (!isset($_REQUEST['sa']) || !isset($subActions[$_REQUEST['sa']])) + MessageFolder(); + else + { + messageIndexBar($_REQUEST['sa']); + $subActions[$_REQUEST['sa']](); + } +} + +// A sidebar to easily access different areas of the section +function messageIndexBar($area) +{ + global $txt, $context, $scripturl, $sourcedir, $sc, $modSettings, $settings, $user_info, $options; + + $pm_areas = array( + 'folders' => array( + 'title' => $txt['pm_messages'], + 'areas' => array( + 'send' => array( + 'label' => $txt['new_message'], + 'custom_url' => $scripturl . '?action=pm;sa=send', + 'permission' => allowedTo('pm_send'), + ), + 'inbox' => array( + 'label' => $txt['inbox'], + 'custom_url' => $scripturl . '?action=pm', + ), + 'sent' => array( + 'label' => $txt['sent_items'], + 'custom_url' => $scripturl . '?action=pm;f=sent', + ), + ), + ), + 'labels' => array( + 'title' => $txt['pm_labels'], + 'areas' => array(), + ), + 'actions' => array( + 'title' => $txt['pm_actions'], + 'areas' => array( + 'search' => array( + 'label' => $txt['pm_search_bar_title'], + 'custom_url' => $scripturl . '?action=pm;sa=search', + ), + 'prune' => array( + 'label' => $txt['pm_prune'], + 'custom_url' => $scripturl . '?action=pm;sa=prune' + ), + ), + ), + 'pref' => array( + 'title' => $txt['pm_preferences'], + 'areas' => array( + 'manlabels' => array( + 'label' => $txt['pm_manage_labels'], + 'custom_url' => $scripturl . '?action=pm;sa=manlabels', + ), + 'manrules' => array( + 'label' => $txt['pm_manage_rules'], + 'custom_url' => $scripturl . '?action=pm;sa=manrules', + ), + 'settings' => array( + 'label' => $txt['pm_settings'], + 'custom_url' => $scripturl . '?action=pm;sa=settings', + ), + ), + ), + ); + + // Handle labels. + if (empty($context['currently_using_labels'])) + unset($pm_areas['labels']); + else + { + // Note we send labels by id as it will have less problems in the querystring. + $unread_in_labels = 0; + foreach ($context['labels'] as $label) + { + if ($label['id'] == -1) + continue; + + // Count the amount of unread items in labels. + $unread_in_labels += $label['unread_messages']; + + // Add the label to the menu. + $pm_areas['labels']['areas']['label' . $label['id']] = array( + 'label' => $label['name'] . (!empty($label['unread_messages']) ? ' (<strong>' . $label['unread_messages'] . '</strong>)' : ''), + 'custom_url' => $scripturl . '?action=pm;l=' . $label['id'], + 'unread_messages' => $label['unread_messages'], + 'messages' => $label['messages'], + ); + } + + if (!empty($unread_in_labels)) + $pm_areas['labels']['title'] .= ' (' . $unread_in_labels . ')'; + } + + $pm_areas['folders']['areas']['inbox']['unread_messages'] = &$context['labels'][-1]['unread_messages']; + $pm_areas['folders']['areas']['inbox']['messages'] = &$context['labels'][-1]['messages']; + if (!empty($context['labels'][-1]['unread_messages'])) + { + $pm_areas['folders']['areas']['inbox']['label'] .= ' (<strong>' . $context['labels'][-1]['unread_messages'] . '</strong>)'; + $pm_areas['folders']['title'] .= ' (' . $context['labels'][-1]['unread_messages'] . ')'; + } + + // Do we have a limit on the amount of messages we can keep? + if (!empty($context['message_limit'])) + { + $bar = round(($user_info['messages'] * 100) / $context['message_limit'], 1); + + $context['limit_bar'] = array( + 'messages' => $user_info['messages'], + 'allowed' => $context['message_limit'], + 'percent' => $bar, + 'bar' => $bar > 100 ? 100 : (int) $bar, + 'text' => sprintf($txt['pm_currently_using'], $user_info['messages'], $bar) + ); + } + + require_once($sourcedir . '/Subs-Menu.php'); + + // What page is this, again? + $current_page = $scripturl . '?action=pm' . (!empty($_REQUEST['sa']) ? ';sa=' . $_REQUEST['sa'] : '') . (!empty($context['folder']) ? ';f=' . $context['folder'] : '') . (!empty($context['current_label_id']) ? ';l=' . $context['current_label_id'] : ''); + + // Set a few options for the menu. + $menuOptions = array( + 'current_area' => $area, + 'disable_url_session_check' => true, + 'toggle_url' => $current_page . ';togglebar', + 'toggle_redirect_url' => $current_page, + ); + + // Actually create the menu! + $pm_include_data = createMenu($pm_areas, $menuOptions); + unset($pm_areas); + + // Make a note of the Unique ID for this menu. + $context['pm_menu_id'] = $context['max_menu_id']; + $context['pm_menu_name'] = 'menu_data_' . $context['pm_menu_id']; + + // Set the selected item. + $context['menu_item_selected'] = $pm_include_data['current_area']; + + // obExit will know what to do! + if (!WIRELESS) + $context['template_layers'][] = 'pm'; +} + +// A folder, ie. inbox/sent etc. +function MessageFolder() +{ + global $txt, $scripturl, $modSettings, $context, $subjects_request; + global $messages_request, $user_info, $recipients, $options, $smcFunc, $memberContext, $user_settings; + + // Changing view? + if (isset($_GET['view'])) + { + $context['display_mode'] = $context['display_mode'] > 1 ? 0 : $context['display_mode'] + 1; + updateMemberData($user_info['id'], array('pm_prefs' => ($user_settings['pm_prefs'] & 252) | $context['display_mode'])); + } + + // Make sure the starting location is valid. + if (isset($_GET['start']) && $_GET['start'] != 'new') + $_GET['start'] = (int) $_GET['start']; + elseif (!isset($_GET['start']) && !empty($options['view_newest_pm_first'])) + $_GET['start'] = 0; + else + $_GET['start'] = 'new'; + + // Set up some basic theme stuff. + $context['from_or_to'] = $context['folder'] != 'sent' ? 'from' : 'to'; + $context['get_pmessage'] = 'prepareMessageContext'; + $context['signature_enabled'] = substr($modSettings['signature_settings'], 0, 1) == 1; + + $labelQuery = $context['folder'] != 'sent' ? ' + AND FIND_IN_SET(' . $context['current_label_id'] . ', pmr.labels) != 0' : ''; + + // Set the index bar correct! + messageIndexBar($context['current_label_id'] == -1 ? $context['folder'] : 'label' . $context['current_label_id']); + + // Sorting the folder. + $sort_methods = array( + 'date' => 'pm.id_pm', + 'name' => 'IFNULL(mem.real_name, \'\')', + 'subject' => 'pm.subject', + ); + + // They didn't pick one, use the forum default. + if (!isset($_GET['sort']) || !isset($sort_methods[$_GET['sort']])) + { + $context['sort_by'] = 'date'; + $_GET['sort'] = 'pm.id_pm'; + // An overriding setting? + $descending = !empty($options['view_newest_pm_first']); + } + // Otherwise use the defaults: ascending, by date. + else + { + $context['sort_by'] = $_GET['sort']; + $_GET['sort'] = $sort_methods[$_GET['sort']]; + $descending = isset($_GET['desc']); + } + + $context['sort_direction'] = $descending ? 'down' : 'up'; + + // Why would you want access to your sent items if you're not allowed to send anything? + if ($context['folder'] == 'sent') + isAllowedTo('pm_send'); + + // Set the text to resemble the current folder. + $pmbox = $context['folder'] != 'sent' ? $txt['inbox'] : $txt['sent_items']; + $txt['delete_all'] = str_replace('PMBOX', $pmbox, $txt['delete_all']); + + // Now, build the link tree! + if ($context['current_label_id'] == -1) + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;f=' . $context['folder'], + 'name' => $pmbox + ); + + // Build it further for a label. + if ($context['current_label_id'] != -1) + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;f=' . $context['folder'] . ';l=' . $context['current_label_id'], + 'name' => $txt['pm_current_label'] . ': ' . $context['current_label'] + ); + + // Figure out how many messages there are. + if ($context['folder'] == 'sent') + $request = $smcFunc['db_query']('', ' + SELECT COUNT(' . ($context['display_mode'] == 2 ? 'DISTINCT pm.id_pm_head' : '*') . ') + FROM {db_prefix}personal_messages AS pm + WHERE pm.id_member_from = {int:current_member} + AND pm.deleted_by_sender = {int:not_deleted}', + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + ) + ); + else + $request = $smcFunc['db_query']('', ' + SELECT COUNT(' . ($context['display_mode'] == 2 ? 'DISTINCT pm.id_pm_head' : '*') . ') + FROM {db_prefix}pm_recipients AS pmr' . ($context['display_mode'] == 2 ? ' + INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm)' : '') . ' + WHERE pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted}' . $labelQuery, + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + ) + ); + list ($max_messages) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + // Only show the button if there are messages to delete. + $context['show_delete'] = $max_messages > 0; + + // Start on the last page. + if (!is_numeric($_GET['start']) || $_GET['start'] >= $max_messages) + $_GET['start'] = ($max_messages - 1) - (($max_messages - 1) % $modSettings['defaultMaxMessages']); + elseif ($_GET['start'] < 0) + $_GET['start'] = 0; + + // ... but wait - what if we want to start from a specific message? + if (isset($_GET['pmid'])) + { + $pmID = (int) $_GET['pmid']; + + // Make sure you have access to this PM. + if (!isAccessiblePM($pmID, $context['folder'] == 'sent' ? 'outbox' : 'inbox')) + fatal_lang_error('no_access', false); + + $context['current_pm'] = $pmID; + + // With only one page of PM's we're gonna want page 1. + if ($max_messages <= $modSettings['defaultMaxMessages']) + $_GET['start'] = 0; + // If we pass kstart we assume we're in the right place. + elseif (!isset($_GET['kstart'])) + { + if ($context['folder'] == 'sent') + $request = $smcFunc['db_query']('', ' + SELECT COUNT(' . ($context['display_mode'] == 2 ? 'DISTINCT pm.id_pm_head' : '*') . ') + FROM {db_prefix}personal_messages + WHERE id_member_from = {int:current_member} + AND deleted_by_sender = {int:not_deleted} + AND id_pm ' . ($descending ? '>' : '<') . ' {int:id_pm}', + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + 'id_pm' => $pmID, + ) + ); + else + $request = $smcFunc['db_query']('', ' + SELECT COUNT(' . ($context['display_mode'] == 2 ? 'DISTINCT pm.id_pm_head' : '*') . ') + FROM {db_prefix}pm_recipients AS pmr' . ($context['display_mode'] == 2 ? ' + INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm)' : '') . ' + WHERE pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted}' . $labelQuery . ' + AND pmr.id_pm ' . ($descending ? '>' : '<') . ' {int:id_pm}', + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + 'id_pm' => $pmID, + ) + ); + + list ($_GET['start']) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + // To stop the page index's being abnormal, start the page on the page the message would normally be located on... + $_GET['start'] = $modSettings['defaultMaxMessages'] * (int) ($_GET['start'] / $modSettings['defaultMaxMessages']); + } + } + + // Sanitize and validate pmsg variable if set. + if (isset($_GET['pmsg'])) + { + $pmsg = (int) $_GET['pmsg']; + + if (!isAccessiblePM($pmsg, $context['folder'] == 'sent' ? 'outbox' : 'inbox')) + fatal_lang_error('no_access', false); + } + + // Set up the page index. + $context['page_index'] = constructPageIndex($scripturl . '?action=pm;f=' . $context['folder'] . (isset($_REQUEST['l']) ? ';l=' . (int) $_REQUEST['l'] : '') . ';sort=' . $context['sort_by'] . ($descending ? ';desc' : ''), $_GET['start'], $max_messages, $modSettings['defaultMaxMessages']); + $context['start'] = $_GET['start']; + + // Determine the navigation context (especially useful for the wireless template). + $context['links'] = array( + 'first' => $_GET['start'] >= $modSettings['defaultMaxMessages'] ? $scripturl . '?action=pm;start=0' : '', + 'prev' => $_GET['start'] >= $modSettings['defaultMaxMessages'] ? $scripturl . '?action=pm;start=' . ($_GET['start'] - $modSettings['defaultMaxMessages']) : '', + 'next' => $_GET['start'] + $modSettings['defaultMaxMessages'] < $max_messages ? $scripturl . '?action=pm;start=' . ($_GET['start'] + $modSettings['defaultMaxMessages']) : '', + 'last' => $_GET['start'] + $modSettings['defaultMaxMessages'] < $max_messages ? $scripturl . '?action=pm;start=' . (floor(($max_messages - 1) / $modSettings['defaultMaxMessages']) * $modSettings['defaultMaxMessages']) : '', + 'up' => $scripturl, + ); + $context['page_info'] = array( + 'current_page' => $_GET['start'] / $modSettings['defaultMaxMessages'] + 1, + 'num_pages' => floor(($max_messages - 1) / $modSettings['defaultMaxMessages']) + 1 + ); + + // First work out what messages we need to see - if grouped is a little trickier... + if ($context['display_mode'] == 2) + { + // On a non-default sort due to PostgreSQL we have to do a harder sort. + if ($smcFunc['db_title'] == 'PostgreSQL' && $_GET['sort'] != 'pm.id_pm') + { + $sub_request = $smcFunc['db_query']('', ' + SELECT MAX({raw:sort}) AS sort_param, pm.id_pm_head + FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? ($context['sort_by'] == 'name' ? ' + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm)' : '') : ' + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm + AND pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted} + ' . $labelQuery . ')') . ($context['sort_by'] == 'name' ? ( ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = {raw:id_member})') : '') . ' + WHERE ' . ($context['folder'] == 'sent' ? 'pm.id_member_from = {int:current_member} + AND pm.deleted_by_sender = {int:not_deleted}' : '1=1') . (empty($pmsg) ? '' : ' + AND pm.id_pm = {int:id_pm}') . ' + GROUP BY pm.id_pm_head + ORDER BY sort_param' . ($descending ? ' DESC' : ' ASC') . (empty($pmsg) ? ' + LIMIT ' . $_GET['start'] . ', ' . $modSettings['defaultMaxMessages'] : ''), + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + 'id_member' => $context['folder'] == 'sent' ? 'pmr.id_member' : 'pm.id_member_from', + 'id_pm' => isset($pmsg) ? $pmsg : '0', + 'sort' => $_GET['sort'], + ) + ); + $sub_pms = array(); + while ($row = $smcFunc['db_fetch_assoc']($sub_request)) + $sub_pms[$row['id_pm_head']] = $row['sort_param']; + + $smcFunc['db_free_result']($sub_request); + + $request = $smcFunc['db_query']('', ' + SELECT pm.id_pm AS id_pm, pm.id_pm_head + FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? ($context['sort_by'] == 'name' ? ' + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm)' : '') : ' + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm + AND pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted} + ' . $labelQuery . ')') . ($context['sort_by'] == 'name' ? ( ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = {raw:id_member})') : '') . ' + WHERE ' . (empty($sub_pms) ? '0=1' : 'pm.id_pm IN ({array_int:pm_list})') . ' + ORDER BY ' . ($_GET['sort'] == 'pm.id_pm' && $context['folder'] != 'sent' ? 'id_pm' : '{raw:sort}') . ($descending ? ' DESC' : ' ASC') . (empty($pmsg) ? ' + LIMIT ' . $_GET['start'] . ', ' . $modSettings['defaultMaxMessages'] : ''), + array( + 'current_member' => $user_info['id'], + 'pm_list' => array_keys($sub_pms), + 'not_deleted' => 0, + 'sort' => $_GET['sort'], + 'id_member' => $context['folder'] == 'sent' ? 'pmr.id_member' : 'pm.id_member_from', + ) + ); + } + else + { + $request = $smcFunc['db_query']('pm_conversation_list', ' + SELECT MAX(pm.id_pm) AS id_pm, pm.id_pm_head + FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? ($context['sort_by'] == 'name' ? ' + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm)' : '') : ' + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm + AND pmr.id_member = {int:current_member} + AND pmr.deleted = {int:deleted_by} + ' . $labelQuery . ')') . ($context['sort_by'] == 'name' ? ( ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = {raw:pm_member})') : '') . ' + WHERE ' . ($context['folder'] == 'sent' ? 'pm.id_member_from = {int:current_member} + AND pm.deleted_by_sender = {int:deleted_by}' : '1=1') . (empty($pmsg) ? '' : ' + AND pm.id_pm = {int:pmsg}') . ' + GROUP BY pm.id_pm_head + ORDER BY ' . ($_GET['sort'] == 'pm.id_pm' && $context['folder'] != 'sent' ? 'id_pm' : '{raw:sort}') . ($descending ? ' DESC' : ' ASC') . (empty($_GET['pmsg']) ? ' + LIMIT ' . $_GET['start'] . ', ' . $modSettings['defaultMaxMessages'] : ''), + array( + 'current_member' => $user_info['id'], + 'deleted_by' => 0, + 'sort' => $_GET['sort'], + 'pm_member' => $context['folder'] == 'sent' ? 'pmr.id_member' : 'pm.id_member_from', + 'pmsg' => isset($pmsg) ? (int) $pmsg : 0, + ) + ); + } + } + // This is kinda simple! + else + { + // !!!SLOW This query uses a filesort. (inbox only.) + $request = $smcFunc['db_query']('', ' + SELECT pm.id_pm, pm.id_pm_head, pm.id_member_from + FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? '' . ($context['sort_by'] == 'name' ? ' + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm)' : '') : ' + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm + AND pmr.id_member = {int:current_member} + AND pmr.deleted = {int:is_deleted} + ' . $labelQuery . ')') . ($context['sort_by'] == 'name' ? ( ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = {raw:pm_member})') : '') . ' + WHERE ' . ($context['folder'] == 'sent' ? 'pm.id_member_from = {raw:current_member} + AND pm.deleted_by_sender = {int:is_deleted}' : '1=1') . (empty($pmsg) ? '' : ' + AND pm.id_pm = {int:pmsg}') . ' + ORDER BY ' . ($_GET['sort'] == 'pm.id_pm' && $context['folder'] != 'sent' ? 'pmr.id_pm' : '{raw:sort}') . ($descending ? ' DESC' : ' ASC') . (empty($pmsg) ? ' + LIMIT ' . $_GET['start'] . ', ' . $modSettings['defaultMaxMessages'] : ''), + array( + 'current_member' => $user_info['id'], + 'is_deleted' => 0, + 'sort' => $_GET['sort'], + 'pm_member' => $context['folder'] == 'sent' ? 'pmr.id_member' : 'pm.id_member_from', + 'pmsg' => isset($pmsg) ? (int) $pmsg : 0, + ) + ); + } + // Load the id_pms and initialize recipients. + $pms = array(); + $lastData = array(); + $posters = $context['folder'] == 'sent' ? array($user_info['id']) : array(); + $recipients = array(); + + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + if (!isset($recipients[$row['id_pm']])) + { + if (isset($row['id_member_from'])) + $posters[$row['id_pm']] = $row['id_member_from']; + $pms[$row['id_pm']] = $row['id_pm']; + $recipients[$row['id_pm']] = array( + 'to' => array(), + 'bcc' => array() + ); + } + + // Keep track of the last message so we know what the head is without another query! + if ((empty($pmID) && (empty($options['view_newest_pm_first']) || !isset($lastData))) || empty($lastData) || (!empty($pmID) && $pmID == $row['id_pm'])) + $lastData = array( + 'id' => $row['id_pm'], + 'head' => $row['id_pm_head'], + ); + } + $smcFunc['db_free_result']($request); + + // Make sure that we have been given a correct head pm id! + if ($context['display_mode'] == 2 && !empty($pmID) && $pmID != $lastData['id']) + fatal_lang_error('no_access', false); + + if (!empty($pms)) + { + // Select the correct current message. + if (empty($pmID)) + $context['current_pm'] = $lastData['id']; + + // This is a list of the pm's that are used for "full" display. + if ($context['display_mode'] == 0) + $display_pms = $pms; + else + $display_pms = array($context['current_pm']); + + // At this point we know the main id_pm's. But - if we are looking at conversations we need the others! + if ($context['display_mode'] == 2) + { + $request = $smcFunc['db_query']('', ' + SELECT pm.id_pm, pm.id_member_from, pm.deleted_by_sender, pmr.id_member, pmr.deleted + FROM {db_prefix}personal_messages AS pm + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm) + WHERE pm.id_pm_head = {int:id_pm_head} + AND ((pm.id_member_from = {int:current_member} AND pm.deleted_by_sender = {int:not_deleted}) + OR (pmr.id_member = {int:current_member} AND pmr.deleted = {int:not_deleted})) + ORDER BY pm.id_pm', + array( + 'current_member' => $user_info['id'], + 'id_pm_head' => $lastData['head'], + 'not_deleted' => 0, + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + // This is, frankly, a joke. We will put in a workaround for people sending to themselves - yawn! + if ($context['folder'] == 'sent' && $row['id_member_from'] == $user_info['id'] && $row['deleted_by_sender'] == 1) + continue; + elseif ($row['id_member'] == $user_info['id'] & $row['deleted'] == 1) + continue; + + if (!isset($recipients[$row['id_pm']])) + $recipients[$row['id_pm']] = array( + 'to' => array(), + 'bcc' => array() + ); + $display_pms[] = $row['id_pm']; + $posters[$row['id_pm']] = $row['id_member_from']; + } + $smcFunc['db_free_result']($request); + } + + // This is pretty much EVERY pm! + $all_pms = array_merge($pms, $display_pms); + $all_pms = array_unique($all_pms); + + // Get recipients (don't include bcc-recipients for your inbox, you're not supposed to know :P). + $request = $smcFunc['db_query']('', ' + SELECT pmr.id_pm, mem_to.id_member AS id_member_to, mem_to.real_name AS to_name, pmr.bcc, pmr.labels, pmr.is_read + FROM {db_prefix}pm_recipients AS pmr + LEFT JOIN {db_prefix}members AS mem_to ON (mem_to.id_member = pmr.id_member) + WHERE pmr.id_pm IN ({array_int:pm_list})', + array( + 'pm_list' => $all_pms, + ) + ); + $context['message_labels'] = array(); + $context['message_replied'] = array(); + $context['message_unread'] = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + if ($context['folder'] == 'sent' || empty($row['bcc'])) + $recipients[$row['id_pm']][empty($row['bcc']) ? 'to' : 'bcc'][] = empty($row['id_member_to']) ? $txt['guest_title'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_to'] . '">' . $row['to_name'] . '</a>'; + + if ($row['id_member_to'] == $user_info['id'] && $context['folder'] != 'sent') + { + $context['message_replied'][$row['id_pm']] = $row['is_read'] & 2; + $context['message_unread'][$row['id_pm']] = $row['is_read'] == 0; + + $row['labels'] = $row['labels'] == '' ? array() : explode(',', $row['labels']); + foreach ($row['labels'] as $v) + { + if (isset($context['labels'][(int) $v])) + $context['message_labels'][$row['id_pm']][(int) $v] = array('id' => $v, 'name' => $context['labels'][(int) $v]['name']); + } + } + } + $smcFunc['db_free_result']($request); + + // Make sure we don't load unnecessary data. + if ($context['display_mode'] == 1) + { + foreach ($posters as $k => $v) + if (!in_array($k, $display_pms)) + unset($posters[$k]); + } + + // Load any users.... + $posters = array_unique($posters); + if (!empty($posters)) + loadMemberData($posters); + + // If we're on grouped/restricted view get a restricted list of messages. + if ($context['display_mode'] != 0) + { + // Get the order right. + $orderBy = array(); + foreach (array_reverse($pms) as $pm) + $orderBy[] = 'pm.id_pm = ' . $pm; + + // Seperate query for these bits! + $subjects_request = $smcFunc['db_query']('', ' + SELECT pm.id_pm, pm.subject, pm.id_member_from, pm.msgtime, IFNULL(mem.real_name, pm.from_name) AS from_name, + IFNULL(mem.id_member, 0) AS not_guest + FROM {db_prefix}personal_messages AS pm + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = pm.id_member_from) + WHERE pm.id_pm IN ({array_int:pm_list}) + ORDER BY ' . implode(', ', $orderBy) . ' + LIMIT ' . count($pms), + array( + 'pm_list' => $pms, + ) + ); + } + + // Execute the query! + $messages_request = $smcFunc['db_query']('', ' + SELECT pm.id_pm, pm.subject, pm.id_member_from, pm.body, pm.msgtime, pm.from_name + FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? ' + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm)' : '') . ($context['sort_by'] == 'name' ? ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = {raw:id_member})' : '') . ' + WHERE pm.id_pm IN ({array_int:display_pms})' . ($context['folder'] == 'sent' ? ' + GROUP BY pm.id_pm, pm.subject, pm.id_member_from, pm.body, pm.msgtime, pm.from_name' : '') . ' + ORDER BY ' . ($context['display_mode'] == 2 ? 'pm.id_pm' : $_GET['sort']) . ($descending ? ' DESC' : ' ASC') . ' + LIMIT ' . count($display_pms), + array( + 'display_pms' => $display_pms, + 'id_member' => $context['folder'] == 'sent' ? 'pmr.id_member' : 'pm.id_member_from', + ) + ); + } + else + $messages_request = false; + + $context['can_send_pm'] = allowedTo('pm_send'); + if (!WIRELESS) + $context['sub_template'] = 'folder'; + $context['page_title'] = $txt['pm_inbox']; + + // Finally mark the relevant messages as read. + if ($context['folder'] != 'sent' && !empty($context['labels'][(int) $context['current_label_id']]['unread_messages'])) + { + // If the display mode is "old sk00l" do them all... + if ($context['display_mode'] == 0) + markMessages(null, $context['current_label_id']); + // Otherwise do just the current one! + elseif (!empty($context['current_pm'])) + markMessages($display_pms, $context['current_label_id']); + } +} + +// Get a personal message for the theme. (used to save memory.) +function prepareMessageContext($type = 'subject', $reset = false) +{ + global $txt, $scripturl, $modSettings, $context, $messages_request, $memberContext, $recipients, $smcFunc; + global $user_info, $subjects_request; + + // Count the current message number.... + static $counter = null; + if ($counter === null || $reset) + $counter = $context['start']; + + static $temp_pm_selected = null; + if ($temp_pm_selected === null) + { + $temp_pm_selected = isset($_SESSION['pm_selected']) ? $_SESSION['pm_selected'] : array(); + $_SESSION['pm_selected'] = array(); + } + + // If we're in non-boring view do something exciting! + if ($context['display_mode'] != 0 && $subjects_request && $type == 'subject') + { + $subject = $smcFunc['db_fetch_assoc']($subjects_request); + if (!$subject) + { + $smcFunc['db_free_result']($subjects_request); + return false; + } + + $subject['subject'] = $subject['subject'] == '' ? $txt['no_subject'] : $subject['subject']; + censorText($subject['subject']); + + $output = array( + 'id' => $subject['id_pm'], + 'member' => array( + 'id' => $subject['id_member_from'], + 'name' => $subject['from_name'], + 'link' => $subject['not_guest'] ? '<a href="' . $scripturl . '?action=profile;u=' . $subject['id_member_from'] . '">' . $subject['from_name'] . '</a>' : $subject['from_name'], + ), + 'recipients' => &$recipients[$subject['id_pm']], + 'subject' => $subject['subject'], + 'time' => timeformat($subject['msgtime']), + 'timestamp' => forum_time(true, $subject['msgtime']), + 'number_recipients' => count($recipients[$subject['id_pm']]['to']), + 'labels' => &$context['message_labels'][$subject['id_pm']], + 'fully_labeled' => count($context['message_labels'][$subject['id_pm']]) == count($context['labels']), + 'is_replied_to' => &$context['message_replied'][$subject['id_pm']], + 'is_unread' => &$context['message_unread'][$subject['id_pm']], + 'is_selected' => !empty($temp_pm_selected) && in_array($subject['id_pm'], $temp_pm_selected), + ); + + return $output; + } + + // Bail if it's false, ie. no messages. + if ($messages_request == false) + return false; + + // Reset the data? + if ($reset == true) + return @$smcFunc['db_data_seek']($messages_request, 0); + + // Get the next one... bail if anything goes wrong. + $message = $smcFunc['db_fetch_assoc']($messages_request); + if (!$message) + { + if ($type != 'subject') + $smcFunc['db_free_result']($messages_request); + + return false; + } + + // Use '(no subject)' if none was specified. + $message['subject'] = $message['subject'] == '' ? $txt['no_subject'] : $message['subject']; + + // Load the message's information - if it's not there, load the guest information. + if (!loadMemberContext($message['id_member_from'], true)) + { + $memberContext[$message['id_member_from']]['name'] = $message['from_name']; + $memberContext[$message['id_member_from']]['id'] = 0; + // Sometimes the forum sends messages itself (Warnings are an example) - in this case don't label it from a guest. + $memberContext[$message['id_member_from']]['group'] = $message['from_name'] == $context['forum_name'] ? '' : $txt['guest_title']; + $memberContext[$message['id_member_from']]['link'] = $message['from_name']; + $memberContext[$message['id_member_from']]['email'] = ''; + $memberContext[$message['id_member_from']]['show_email'] = showEmailAddress(true, 0); + $memberContext[$message['id_member_from']]['is_guest'] = true; + } + else + { + $memberContext[$message['id_member_from']]['can_view_profile'] = allowedTo('profile_view_any') || ($message['id_member_from'] == $user_info['id'] && allowedTo('profile_view_own')); + $memberContext[$message['id_member_from']]['can_see_warning'] = !isset($context['disabled_fields']['warning_status']) && $memberContext[$message['id_member_from']]['warning_status'] && ($context['user']['can_mod'] || (!empty($modSettings['warning_show']) && ($modSettings['warning_show'] > 1 || $message['id_member_from'] == $user_info['id']))); + } + + // Censor all the important text... + censorText($message['body']); + censorText($message['subject']); + + // Run UBBC interpreter on the message. + $message['body'] = parse_bbc($message['body'], true, 'pm' . $message['id_pm']); + + // Send the array. + $output = array( + 'alternate' => $counter % 2, + 'id' => $message['id_pm'], + 'member' => &$memberContext[$message['id_member_from']], + 'subject' => $message['subject'], + 'time' => timeformat($message['msgtime']), + 'timestamp' => forum_time(true, $message['msgtime']), + 'counter' => $counter, + 'body' => $message['body'], + 'recipients' => &$recipients[$message['id_pm']], + 'number_recipients' => count($recipients[$message['id_pm']]['to']), + 'labels' => &$context['message_labels'][$message['id_pm']], + 'fully_labeled' => count($context['message_labels'][$message['id_pm']]) == count($context['labels']), + 'is_replied_to' => &$context['message_replied'][$message['id_pm']], + 'is_unread' => &$context['message_unread'][$message['id_pm']], + 'is_selected' => !empty($temp_pm_selected) && in_array($message['id_pm'], $temp_pm_selected), + ); + + $counter++; + + return $output; +} + +function MessageSearch() +{ + global $context, $txt, $scripturl, $modSettings, $smcFunc; + + if (isset($_REQUEST['params'])) + { + $temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+')))); + $context['search_params'] = array(); + foreach ($temp_params as $i => $data) + { + @list ($k, $v) = explode('|\'|', $data); + $context['search_params'][$k] = $v; + } + } + if (isset($_REQUEST['search'])) + $context['search_params']['search'] = un_htmlspecialchars($_REQUEST['search']); + + if (isset($context['search_params']['search'])) + $context['search_params']['search'] = htmlspecialchars($context['search_params']['search']); + if (isset($context['search_params']['userspec'])) + $context['search_params']['userspec'] = htmlspecialchars($context['search_params']['userspec']); + + if (!empty($context['search_params']['searchtype'])) + $context['search_params']['searchtype'] = 2; + + if (!empty($context['search_params']['minage'])) + $context['search_params']['minage'] = (int) $context['search_params']['minage']; + + if (!empty($context['search_params']['maxage'])) + $context['search_params']['maxage'] = (int) $context['search_params']['maxage']; + + $context['search_params']['subject_only'] = !empty($context['search_params']['subject_only']); + $context['search_params']['show_complete'] = !empty($context['search_params']['show_complete']); + + // Create the array of labels to be searched. + $context['search_labels'] = array(); + $searchedLabels = isset($context['search_params']['labels']) && $context['search_params']['labels'] != '' ? explode(',', $context['search_params']['labels']) : array(); + foreach ($context['labels'] as $label) + { + $context['search_labels'][] = array( + 'id' => $label['id'], + 'name' => $label['name'], + 'checked' => !empty($searchedLabels) ? in_array($label['id'], $searchedLabels) : true, + ); + } + + // Are all the labels checked? + $context['check_all'] = empty($searchedLabels) || count($context['search_labels']) == count($searchedLabels); + + // Load the error text strings if there were errors in the search. + if (!empty($context['search_errors'])) + { + loadLanguage('Errors'); + $context['search_errors']['messages'] = array(); + foreach ($context['search_errors'] as $search_error => $dummy) + { + if ($search_error == 'messages') + continue; + + $context['search_errors']['messages'][] = $txt['error_' . $search_error]; + } + } + + $context['simple_search'] = isset($context['search_params']['advanced']) ? empty($context['search_params']['advanced']) : !empty($modSettings['simpleSearch']) && !isset($_REQUEST['advanced']); + $context['page_title'] = $txt['pm_search_title']; + $context['sub_template'] = 'search'; + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=search', + 'name' => $txt['pm_search_bar_title'], + ); +} + +function MessageSearch2() +{ + global $scripturl, $modSettings, $user_info, $context, $txt; + global $memberContext, $smcFunc; + + if (!empty($context['load_average']) && !empty($modSettings['loadavg_search']) && $context['load_average'] >= $modSettings['loadavg_search']) + fatal_lang_error('loadavg_search_disabled', false); + + // !!! For the moment force the folder to the inbox. + $context['folder'] = 'inbox'; + + // Some useful general permissions. + $context['can_send_pm'] = allowedTo('pm_send'); + + // Some hardcoded veriables that can be tweaked if required. + $maxMembersToSearch = 500; + + // Extract all the search parameters. + $search_params = array(); + if (isset($_REQUEST['params'])) + { + $temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+')))); + foreach ($temp_params as $i => $data) + { + @list ($k, $v) = explode('|\'|', $data); + $search_params[$k] = $v; + } + } + + $context['start'] = isset($_GET['start']) ? (int) $_GET['start'] : 0; + + // Store whether simple search was used (needed if the user wants to do another query). + if (!isset($search_params['advanced'])) + $search_params['advanced'] = empty($_REQUEST['advanced']) ? 0 : 1; + + // 1 => 'allwords' (default, don't set as param) / 2 => 'anywords'. + if (!empty($search_params['searchtype']) || (!empty($_REQUEST['searchtype']) && $_REQUEST['searchtype'] == 2)) + $search_params['searchtype'] = 2; + + // Minimum age of messages. Default to zero (don't set param in that case). + if (!empty($search_params['minage']) || (!empty($_REQUEST['minage']) && $_REQUEST['minage'] > 0)) + $search_params['minage'] = !empty($search_params['minage']) ? (int) $search_params['minage'] : (int) $_REQUEST['minage']; + + // Maximum age of messages. Default to infinite (9999 days: param not set). + if (!empty($search_params['maxage']) || (!empty($_REQUEST['maxage']) && $_REQUEST['maxage'] != 9999)) + $search_params['maxage'] = !empty($search_params['maxage']) ? (int) $search_params['maxage'] : (int) $_REQUEST['maxage']; + + $search_params['subject_only'] = !empty($search_params['subject_only']) || !empty($_REQUEST['subject_only']); + $search_params['show_complete'] = !empty($search_params['show_complete']) || !empty($_REQUEST['show_complete']); + + // Default the user name to a wildcard matching every user (*). + if (!empty($search_params['user_spec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*')) + $search_params['userspec'] = isset($search_params['userspec']) ? $search_params['userspec'] : $_REQUEST['userspec']; + + // This will be full of all kinds of parameters! + $searchq_parameters = array(); + + // If there's no specific user, then don't mention it in the main query. + if (empty($search_params['userspec'])) + $userQuery = ''; + else + { + $userString = strtr($smcFunc['htmlspecialchars']($search_params['userspec'], ENT_QUOTES), array('"' => '"')); + $userString = strtr($userString, array('%' => '\%', '_' => '\_', '*' => '%', '?' => '_')); + + preg_match_all('~"([^"]+)"~', $userString, $matches); + $possible_users = array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $userString))); + + for ($k = 0, $n = count($possible_users); $k < $n; $k++) + { + $possible_users[$k] = trim($possible_users[$k]); + + if (strlen($possible_users[$k]) == 0) + unset($possible_users[$k]); + } + + // Who matches those criteria? + // !!! This doesn't support sent item searching. + $request = $smcFunc['db_query']('', ' + SELECT id_member + FROM {db_prefix}members + WHERE real_name LIKE {raw:real_name_implode}', + array( + 'real_name_implode' => '\'' . implode('\' OR real_name LIKE \'', $possible_users) . '\'', + ) + ); + // Simply do nothing if there're too many members matching the criteria. + if ($smcFunc['db_num_rows']($request) > $maxMembersToSearch) + $userQuery = ''; + elseif ($smcFunc['db_num_rows']($request) == 0) + { + $userQuery = 'AND pm.id_member_from = 0 AND (pm.from_name LIKE {raw:guest_user_name_implode})'; + $searchq_parameters['guest_user_name_implode'] = '\'' . implode('\' OR pm.from_name LIKE \'', $possible_users) . '\''; + } + else + { + $memberlist = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $memberlist[] = $row['id_member']; + $userQuery = 'AND (pm.id_member_from IN ({array_int:member_list}) OR (pm.id_member_from = 0 AND (pm.from_name LIKE {raw:guest_user_name_implode})))'; + $searchq_parameters['guest_user_name_implode'] = '\'' . implode('\' OR pm.from_name LIKE \'', $possible_users) . '\''; + $searchq_parameters['member_list'] = $memberlist; + } + $smcFunc['db_free_result']($request); + } + + // Setup the sorting variables... + // !!! Add more in here! + $sort_columns = array( + 'pm.id_pm', + ); + if (empty($search_params['sort']) && !empty($_REQUEST['sort'])) + list ($search_params['sort'], $search_params['sort_dir']) = array_pad(explode('|', $_REQUEST['sort']), 2, ''); + $search_params['sort'] = !empty($search_params['sort']) && in_array($search_params['sort'], $sort_columns) ? $search_params['sort'] : 'pm.id_pm'; + $search_params['sort_dir'] = !empty($search_params['sort_dir']) && $search_params['sort_dir'] == 'asc' ? 'asc' : 'desc'; + + // Sort out any labels we may be searching by. + $labelQuery = ''; + if ($context['folder'] == 'inbox' && !empty($search_params['advanced']) && $context['currently_using_labels']) + { + // Came here from pagination? Put them back into $_REQUEST for sanitization. + if (isset($search_params['labels'])) + $_REQUEST['searchlabel'] = explode(',', $search_params['labels']); + + // Assuming we have some labels - make them all integers. + if (!empty($_REQUEST['searchlabel']) && is_array($_REQUEST['searchlabel'])) + { + foreach ($_REQUEST['searchlabel'] as $key => $id) + $_REQUEST['searchlabel'][$key] = (int) $id; + } + else + $_REQUEST['searchlabel'] = array(); + + // Now that everything is cleaned up a bit, make the labels a param. + $search_params['labels'] = implode(',', $_REQUEST['searchlabel']); + + // No labels selected? That must be an error! + if (empty($_REQUEST['searchlabel'])) + $context['search_errors']['no_labels_selected'] = true; + // Otherwise prepare the query! + elseif (count($_REQUEST['searchlabel']) != count($context['labels'])) + { + $labelQuery = ' + AND {raw:label_implode}'; + + $labelStatements = array(); + foreach ($_REQUEST['searchlabel'] as $label) + $labelStatements[] = $smcFunc['db_quote']('FIND_IN_SET({string:label}, pmr.labels) != 0', array( + 'label' => $label, + )); + + $searchq_parameters['label_implode'] = '(' . implode(' OR ', $labelStatements) . ')'; + } + } + + // What are we actually searching for? + $search_params['search'] = !empty($search_params['search']) ? $search_params['search'] : (isset($_REQUEST['search']) ? $_REQUEST['search'] : ''); + // If we ain't got nothing - we should error! + if (!isset($search_params['search']) || $search_params['search'] == '') + $context['search_errors']['invalid_search_string'] = true; + + // Extract phrase parts first (e.g. some words "this is a phrase" some more words.) + preg_match_all('~(?:^|\s)([-]?)"([^"]+)"(?:$|\s)~' . ($context['utf8'] ? 'u' : ''), $search_params['search'], $matches, PREG_PATTERN_ORDER); + $searchArray = $matches[2]; + + // Remove the phrase parts and extract the words. + $tempSearch = explode(' ', preg_replace('~(?:^|\s)(?:[-]?)"(?:[^"]+)"(?:$|\s)~' . ($context['utf8'] ? 'u' : ''), ' ', $search_params['search'])); + + // A minus sign in front of a word excludes the word.... so... + $excludedWords = array(); + + // .. first, we check for things like -"some words", but not "-some words". + foreach ($matches[1] as $index => $word) + if ($word == '-') + { + $word = $smcFunc['strtolower'](trim($searchArray[$index])); + if (strlen($word) > 0) + $excludedWords[] = $word; + unset($searchArray[$index]); + } + + // Now we look for -test, etc.... normaller. + foreach ($tempSearch as $index => $word) + if (strpos(trim($word), '-') === 0) + { + $word = substr($smcFunc['strtolower'](trim($word)), 1); + if (strlen($word) > 0) + $excludedWords[] = $word; + unset($tempSearch[$index]); + } + + $searchArray = array_merge($searchArray, $tempSearch); + + // Trim everything and make sure there are no words that are the same. + foreach ($searchArray as $index => $value) + { + $searchArray[$index] = $smcFunc['strtolower'](trim($value)); + if ($searchArray[$index] == '') + unset($searchArray[$index]); + else + { + // Sort out entities first. + $searchArray[$index] = $smcFunc['htmlspecialchars']($searchArray[$index]); + } + } + $searchArray = array_unique($searchArray); + + // Create an array of replacements for highlighting. + $context['mark'] = array(); + foreach ($searchArray as $word) + $context['mark'][$word] = '<strong class="highlight">' . $word . '</strong>'; + + // This contains *everything* + $searchWords = array_merge($searchArray, $excludedWords); + + // Make sure at least one word is being searched for. + if (empty($searchArray)) + $context['search_errors']['invalid_search_string'] = true; + + // Sort out the search query so the user can edit it - if they want. + $context['search_params'] = $search_params; + if (isset($context['search_params']['search'])) + $context['search_params']['search'] = htmlspecialchars($context['search_params']['search']); + if (isset($context['search_params']['userspec'])) + $context['search_params']['userspec'] = htmlspecialchars($context['search_params']['userspec']); + + // Now we have all the parameters, combine them together for pagination and the like... + $context['params'] = array(); + foreach ($search_params as $k => $v) + $context['params'][] = $k . '|\'|' . $v; + $context['params'] = base64_encode(implode('|"|', $context['params'])); + + // Compile the subject query part. + $andQueryParts = array(); + + foreach ($searchWords as $index => $word) + { + if ($word == '') + continue; + + if ($search_params['subject_only']) + $andQueryParts[] = 'pm.subject' . (in_array($word, $excludedWords) ? ' NOT' : '') . ' LIKE {string:search_' . $index . '}'; + else + $andQueryParts[] = '(pm.subject' . (in_array($word, $excludedWords) ? ' NOT' : '') . ' LIKE {string:search_' . $index . '} ' . (in_array($word, $excludedWords) ? 'AND pm.body NOT' : 'OR pm.body') . ' LIKE {string:search_' . $index . '})'; + $searchq_parameters['search_' . $index] = '%' . strtr($word, array('_' => '\\_', '%' => '\\%')) . '%'; + } + + $searchQuery = ' 1=1'; + if (!empty($andQueryParts)) + $searchQuery = implode(!empty($search_params['searchtype']) && $search_params['searchtype'] == 2 ? ' OR ' : ' AND ', $andQueryParts); + + // Age limits? + $timeQuery = ''; + if (!empty($search_params['minage'])) + $timeQuery .= ' AND pm.msgtime < ' . (time() - $search_params['minage'] * 86400); + if (!empty($search_params['maxage'])) + $timeQuery .= ' AND pm.msgtime > ' . (time() - $search_params['maxage'] * 86400); + + // If we have errors - return back to the first screen... + if (!empty($context['search_errors'])) + { + $_REQUEST['params'] = $context['params']; + return MessageSearch(); + } + + // Get the amount of results. + $request = $smcFunc['db_query']('', ' + SELECT COUNT(*) + FROM {db_prefix}pm_recipients AS pmr + INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm) + WHERE ' . ($context['folder'] == 'inbox' ? ' + pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted}' : ' + pm.id_member_from = {int:current_member} + AND pm.deleted_by_sender = {int:not_deleted}') . ' + ' . $userQuery . $labelQuery . $timeQuery . ' + AND (' . $searchQuery . ')', + array_merge($searchq_parameters, array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + )) + ); + list ($numResults) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + // Get all the matching messages... using standard search only (No caching and the like!) + // !!! This doesn't support sent item searching yet. + $request = $smcFunc['db_query']('', ' + SELECT pm.id_pm, pm.id_pm_head, pm.id_member_from + FROM {db_prefix}pm_recipients AS pmr + INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm) + WHERE ' . ($context['folder'] == 'inbox' ? ' + pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted}' : ' + pm.id_member_from = {int:current_member} + AND pm.deleted_by_sender = {int:not_deleted}') . ' + ' . $userQuery . $labelQuery . $timeQuery . ' + AND (' . $searchQuery . ') + ORDER BY ' . $search_params['sort'] . ' ' . $search_params['sort_dir'] . ' + LIMIT ' . $context['start'] . ', ' . $modSettings['search_results_per_page'], + array_merge($searchq_parameters, array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + )) + ); + $foundMessages = array(); + $posters = array(); + $head_pms = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + $foundMessages[] = $row['id_pm']; + $posters[] = $row['id_member_from']; + $head_pms[$row['id_pm']] = $row['id_pm_head']; + } + $smcFunc['db_free_result']($request); + + // Find the real head pms! + if ($context['display_mode'] == 2 && !empty($head_pms)) + { + $request = $smcFunc['db_query']('', ' + SELECT MAX(pm.id_pm) AS id_pm, pm.id_pm_head + FROM {db_prefix}personal_messages AS pm + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm) + WHERE pm.id_pm_head IN ({array_int:head_pms}) + AND pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted} + GROUP BY pm.id_pm_head + LIMIT {int:limit}', + array( + 'head_pms' => array_unique($head_pms), + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + 'limit' => count($head_pms), + ) + ); + $real_pm_ids = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $real_pm_ids[$row['id_pm_head']] = $row['id_pm']; + $smcFunc['db_free_result']($request); + } + + // Load the users... + $posters = array_unique($posters); + if (!empty($posters)) + loadMemberData($posters); + + // Sort out the page index. + $context['page_index'] = constructPageIndex($scripturl . '?action=pm;sa=search2;params=' . $context['params'], $_GET['start'], $numResults, $modSettings['search_results_per_page'], false); + + $context['message_labels'] = array(); + $context['message_replied'] = array(); + $context['personal_messages'] = array(); + + if (!empty($foundMessages)) + { + // Now get recipients (but don't include bcc-recipients for your inbox, you're not supposed to know :P!) + $request = $smcFunc['db_query']('', ' + SELECT + pmr.id_pm, mem_to.id_member AS id_member_to, mem_to.real_name AS to_name, + pmr.bcc, pmr.labels, pmr.is_read + FROM {db_prefix}pm_recipients AS pmr + LEFT JOIN {db_prefix}members AS mem_to ON (mem_to.id_member = pmr.id_member) + WHERE pmr.id_pm IN ({array_int:message_list})', + array( + 'message_list' => $foundMessages, + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + if ($context['folder'] == 'sent' || empty($row['bcc'])) + $recipients[$row['id_pm']][empty($row['bcc']) ? 'to' : 'bcc'][] = empty($row['id_member_to']) ? $txt['guest_title'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_to'] . '">' . $row['to_name'] . '</a>'; + + if ($row['id_member_to'] == $user_info['id'] && $context['folder'] != 'sent') + { + $context['message_replied'][$row['id_pm']] = $row['is_read'] & 2; + + $row['labels'] = $row['labels'] == '' ? array() : explode(',', $row['labels']); + // This is a special need for linking to messages. + foreach ($row['labels'] as $v) + { + if (isset($context['labels'][(int) $v])) + $context['message_labels'][$row['id_pm']][(int) $v] = array('id' => $v, 'name' => $context['labels'][(int) $v]['name']); + + // Here we find the first label on a message - for linking to posts in results + if (!isset($context['first_label'][$row['id_pm']]) && !in_array('-1', $row['labels'])) + $context['first_label'][$row['id_pm']] = (int) $v; + } + } + } + + // Prepare the query for the callback! + $request = $smcFunc['db_query']('', ' + SELECT pm.id_pm, pm.subject, pm.id_member_from, pm.body, pm.msgtime, pm.from_name + FROM {db_prefix}personal_messages AS pm + WHERE pm.id_pm IN ({array_int:message_list}) + ORDER BY ' . $search_params['sort'] . ' ' . $search_params['sort_dir'] . ' + LIMIT ' . count($foundMessages), + array( + 'message_list' => $foundMessages, + ) + ); + $counter = 0; + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + // If there's no message subject, use the default. + $row['subject'] = $row['subject'] == '' ? $txt['no_subject'] : $row['subject']; + + // Load this posters context info, if it ain't there then fill in the essentials... + if (!loadMemberContext($row['id_member_from'], true)) + { + $memberContext[$row['id_member_from']]['name'] = $row['from_name']; + $memberContext[$row['id_member_from']]['id'] = 0; + $memberContext[$row['id_member_from']]['group'] = $txt['guest_title']; + $memberContext[$row['id_member_from']]['link'] = $row['from_name']; + $memberContext[$row['id_member_from']]['email'] = ''; + $memberContext[$row['id_member_from']]['show_email'] = showEmailAddress(true, 0); + $memberContext[$row['id_member_from']]['is_guest'] = true; + } + + // Censor anything we don't want to see... + censorText($row['body']); + censorText($row['subject']); + + // Parse out any BBC... + $row['body'] = parse_bbc($row['body'], true, 'pm' . $row['id_pm']); + + $href = $scripturl . '?action=pm;f=' . $context['folder'] . (isset($context['first_label'][$row['id_pm']]) ? ';l=' . $context['first_label'][$row['id_pm']] : '') . ';pmid=' . ($context['display_mode'] == 2 && isset($real_pm_ids[$head_pms[$row['id_pm']]]) ? $real_pm_ids[$head_pms[$row['id_pm']]] : $row['id_pm']) . '#msg' . $row['id_pm']; + $context['personal_messages'][] = array( + 'id' => $row['id_pm'], + 'member' => &$memberContext[$row['id_member_from']], + 'subject' => $row['subject'], + 'body' => $row['body'], + 'time' => timeformat($row['msgtime']), + 'recipients' => &$recipients[$row['id_pm']], + 'labels' => &$context['message_labels'][$row['id_pm']], + 'fully_labeled' => count($context['message_labels'][$row['id_pm']]) == count($context['labels']), + 'is_replied_to' => &$context['message_replied'][$row['id_pm']], + 'href' => $href, + 'link' => '<a href="' . $href . '">' . $row['subject'] . '</a>', + 'counter' => ++$counter, + ); + } + $smcFunc['db_free_result']($request); + } + + // Finish off the context. + $context['page_title'] = $txt['pm_search_title']; + $context['sub_template'] = 'search_results'; + $context['menu_data_' . $context['pm_menu_id']]['current_area'] = 'search'; + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=search', + 'name' => $txt['pm_search_bar_title'], + ); +} + +// Send a new message? +function MessagePost() +{ + global $txt, $sourcedir, $scripturl, $modSettings; + global $context, $options, $smcFunc, $language, $user_info; + + isAllowedTo('pm_send'); + + loadLanguage('PersonalMessage'); + // Just in case it was loaded from somewhere else. + if (!WIRELESS) + { + loadTemplate('PersonalMessage'); + $context['sub_template'] = 'send'; + } + + // Extract out the spam settings - cause it's neat. + list ($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); + + // Set the title... + $context['page_title'] = $txt['send_message']; + + $context['reply'] = isset($_REQUEST['pmsg']) || isset($_REQUEST['quote']); + + // Check whether we've gone over the limit of messages we can send per hour. + if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') + { + // How many messages have they sent this last hour? + $request = $smcFunc['db_query']('', ' + SELECT COUNT(pr.id_pm) AS post_count + FROM {db_prefix}personal_messages AS pm + INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm) + WHERE pm.id_member_from = {int:current_member} + AND pm.msgtime > {int:msgtime}', + array( + 'current_member' => $user_info['id'], + 'msgtime' => time() - 3600, + ) + ); + list ($postCount) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) + fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); + } + + // Quoting/Replying to a message? + if (!empty($_REQUEST['pmsg'])) + { + $pmsg = (int) $_REQUEST['pmsg']; + + // Make sure this is yours. + if (!isAccessiblePM($pmsg)) + fatal_lang_error('no_access', false); + + // Work out whether this is one you've received? + $request = $smcFunc['db_query']('', ' + SELECT + id_pm + FROM {db_prefix}pm_recipients + WHERE id_pm = {int:id_pm} + AND id_member = {int:current_member} + LIMIT 1', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $pmsg, + ) + ); + $isReceived = $smcFunc['db_num_rows']($request) != 0; + $smcFunc['db_free_result']($request); + + // Get the quoted message (and make sure you're allowed to see this quote!). + $request = $smcFunc['db_query']('', ' + SELECT + pm.id_pm, CASE WHEN pm.id_pm_head = {int:id_pm_head_empty} THEN pm.id_pm ELSE pm.id_pm_head END AS pm_head, + pm.body, pm.subject, pm.msgtime, mem.member_name, IFNULL(mem.id_member, 0) AS id_member, + IFNULL(mem.real_name, pm.from_name) AS real_name + FROM {db_prefix}personal_messages AS pm' . (!$isReceived ? '' : ' + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = {int:id_pm})') . ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = pm.id_member_from) + WHERE pm.id_pm = {int:id_pm}' . (!$isReceived ? ' + AND pm.id_member_from = {int:current_member}' : ' + AND pmr.id_member = {int:current_member}') . ' + LIMIT 1', + array( + 'current_member' => $user_info['id'], + 'id_pm_head_empty' => 0, + 'id_pm' => $pmsg, + ) + ); + if ($smcFunc['db_num_rows']($request) == 0) + fatal_lang_error('pm_not_yours', false); + $row_quoted = $smcFunc['db_fetch_assoc']($request); + $smcFunc['db_free_result']($request); + + // Censor the message. + censorText($row_quoted['subject']); + censorText($row_quoted['body']); + + // Add 'Re: ' to it.... + if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) + { + if ($language === $user_info['language']) + $context['response_prefix'] = $txt['response_prefix']; + else + { + loadLanguage('index', $language, false); + $context['response_prefix'] = $txt['response_prefix']; + loadLanguage('index'); + } + cache_put_data('response_prefix', $context['response_prefix'], 600); + } + $form_subject = $row_quoted['subject']; + if ($context['reply'] && trim($context['response_prefix']) != '' && $smcFunc['strpos']($form_subject, trim($context['response_prefix'])) !== 0) + $form_subject = $context['response_prefix'] . $form_subject; + + if (isset($_REQUEST['quote'])) + { + // Remove any nested quotes and <br />... + $form_message = preg_replace('~<br ?/?' . '>~i', "\n", $row_quoted['body']); + if (!empty($modSettings['removeNestedQuotes'])) + $form_message = preg_replace(array('~\n?\[quote.*?\].+?\[/quote\]\n?~is', '~^\n~', '~\[/quote\]~'), '', $form_message); + if (empty($row_quoted['id_member'])) + $form_message = '[quote author="' . $row_quoted['real_name'] . '"]' . "\n" . $form_message . "\n" . '[/quote]'; + else + $form_message = '[quote author=' . $row_quoted['real_name'] . ' link=action=profile;u=' . $row_quoted['id_member'] . ' date=' . $row_quoted['msgtime'] . ']' . "\n" . $form_message . "\n" . '[/quote]'; + } + else + $form_message = ''; + + // Do the BBC thang on the message. + $row_quoted['body'] = parse_bbc($row_quoted['body'], true, 'pm' . $row_quoted['id_pm']); + + // Set up the quoted message array. + $context['quoted_message'] = array( + 'id' => $row_quoted['id_pm'], + 'pm_head' => $row_quoted['pm_head'], + 'member' => array( + 'name' => $row_quoted['real_name'], + 'username' => $row_quoted['member_name'], + 'id' => $row_quoted['id_member'], + 'href' => !empty($row_quoted['id_member']) ? $scripturl . '?action=profile;u=' . $row_quoted['id_member'] : '', + 'link' => !empty($row_quoted['id_member']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row_quoted['id_member'] . '">' . $row_quoted['real_name'] . '</a>' : $row_quoted['real_name'], + ), + 'subject' => $row_quoted['subject'], + 'time' => timeformat($row_quoted['msgtime']), + 'timestamp' => forum_time(true, $row_quoted['msgtime']), + 'body' => $row_quoted['body'] + ); + } + else + { + $context['quoted_message'] = false; + $form_subject = ''; + $form_message = ''; + } + + $context['recipients'] = array( + 'to' => array(), + 'bcc' => array(), + ); + + // Sending by ID? Replying to all? Fetch the real_name(s). + if (isset($_REQUEST['u'])) + { + // If the user is replying to all, get all the other members this was sent to.. + if ($_REQUEST['u'] == 'all' && isset($row_quoted)) + { + // Firstly, to reply to all we clearly already have $row_quoted - so have the original member from. + if ($row_quoted['id_member'] != $user_info['id']) + $context['recipients']['to'][] = array( + 'id' => $row_quoted['id_member'], + 'name' => htmlspecialchars($row_quoted['real_name']), + ); + + // Now to get the others. + $request = $smcFunc['db_query']('', ' + SELECT mem.id_member, mem.real_name + FROM {db_prefix}pm_recipients AS pmr + INNER JOIN {db_prefix}members AS mem ON (mem.id_member = pmr.id_member) + WHERE pmr.id_pm = {int:id_pm} + AND pmr.id_member != {int:current_member} + AND pmr.bcc = {int:not_bcc}', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $pmsg, + 'not_bcc' => 0, + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $context['recipients']['to'][] = array( + 'id' => $row['id_member'], + 'name' => $row['real_name'], + ); + $smcFunc['db_free_result']($request); + } + else + { + $_REQUEST['u'] = explode(',', $_REQUEST['u']); + foreach ($_REQUEST['u'] as $key => $uID) + $_REQUEST['u'][$key] = (int) $uID; + + $_REQUEST['u'] = array_unique($_REQUEST['u']); + + $request = $smcFunc['db_query']('', ' + SELECT id_member, real_name + FROM {db_prefix}members + WHERE id_member IN ({array_int:member_list}) + LIMIT ' . count($_REQUEST['u']), + array( + 'member_list' => $_REQUEST['u'], + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $context['recipients']['to'][] = array( + 'id' => $row['id_member'], + 'name' => $row['real_name'], + ); + $smcFunc['db_free_result']($request); + } + + // Get a literal name list in case the user has JavaScript disabled. + $names = array(); + foreach ($context['recipients']['to'] as $to) + $names[] = $to['name']; + $context['to_value'] = empty($names) ? '' : '"' . implode('", "', $names) . '"'; + } + else + $context['to_value'] = ''; + + // Set the defaults... + $context['subject'] = $form_subject != '' ? $form_subject : $txt['no_subject']; + $context['message'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); + $context['post_error'] = array(); + $context['copy_to_outbox'] = !empty($options['copy_to_outbox']); + + // And build the link tree. + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=send', + 'name' => $txt['new_message'] + ); + + $modSettings['disable_wysiwyg'] = !empty($modSettings['disable_wysiwyg']) || empty($modSettings['enableBBC']); + + // Needed for the WYSIWYG editor. + require_once($sourcedir . '/Subs-Editor.php'); + + // Now create the editor. + $editorOptions = array( + 'id' => 'message', + 'value' => $context['message'], + 'height' => '175px', + 'width' => '100%', + 'labels' => array( + 'post_button' => $txt['send_message'], + ), + ); + create_control_richedit($editorOptions); + + // Store the ID for old compatibility. + $context['post_box_name'] = $editorOptions['id']; + + $context['bcc_value'] = ''; + + $context['require_verification'] = !$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']; + if ($context['require_verification']) + { + $verificationOptions = array( + 'id' => 'pm', + ); + $context['require_verification'] = create_control_verification($verificationOptions); + $context['visual_verification_id'] = $verificationOptions['id']; + } + + // Register this form and get a sequence number in $context. + checkSubmitOnce('register'); +} + +// An error in the message... +function messagePostError($error_types, $named_recipients, $recipient_ids = array()) +{ + global $txt, $context, $scripturl, $modSettings; + global $smcFunc, $user_info, $sourcedir; + + $context['menu_data_' . $context['pm_menu_id']]['current_area'] = 'send'; + + if (!WIRELESS) + $context['sub_template'] = 'send'; + + $context['page_title'] = $txt['send_message']; + + // Got some known members? + $context['recipients'] = array( + 'to' => array(), + 'bcc' => array(), + ); + if (!empty($recipient_ids['to']) || !empty($recipient_ids['bcc'])) + { + $allRecipients = array_merge($recipient_ids['to'], $recipient_ids['bcc']); + + $request = $smcFunc['db_query']('', ' + SELECT id_member, real_name + FROM {db_prefix}members + WHERE id_member IN ({array_int:member_list})', + array( + 'member_list' => $allRecipients, + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + $recipientType = in_array($row['id_member'], $recipient_ids['bcc']) ? 'bcc' : 'to'; + $context['recipients'][$recipientType][] = array( + 'id' => $row['id_member'], + 'name' => $row['real_name'], + ); + } + $smcFunc['db_free_result']($request); + } + + // Set everything up like before.... + $context['subject'] = isset($_REQUEST['subject']) ? $smcFunc['htmlspecialchars']($_REQUEST['subject']) : ''; + $context['message'] = isset($_REQUEST['message']) ? str_replace(array(' '), array(' '), $smcFunc['htmlspecialchars']($_REQUEST['message'])) : ''; + $context['copy_to_outbox'] = !empty($_REQUEST['outbox']); + $context['reply'] = !empty($_REQUEST['replied_to']); + + if ($context['reply']) + { + $_REQUEST['replied_to'] = (int) $_REQUEST['replied_to']; + + $request = $smcFunc['db_query']('', ' + SELECT + pm.id_pm, CASE WHEN pm.id_pm_head = {int:no_id_pm_head} THEN pm.id_pm ELSE pm.id_pm_head END AS pm_head, + pm.body, pm.subject, pm.msgtime, mem.member_name, IFNULL(mem.id_member, 0) AS id_member, + IFNULL(mem.real_name, pm.from_name) AS real_name + FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? '' : ' + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = {int:replied_to})') . ' + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = pm.id_member_from) + WHERE pm.id_pm = {int:replied_to}' . ($context['folder'] == 'sent' ? ' + AND pm.id_member_from = {int:current_member}' : ' + AND pmr.id_member = {int:current_member}') . ' + LIMIT 1', + array( + 'current_member' => $user_info['id'], + 'no_id_pm_head' => 0, + 'replied_to' => $_REQUEST['replied_to'], + ) + ); + if ($smcFunc['db_num_rows']($request) == 0) + fatal_lang_error('pm_not_yours', false); + $row_quoted = $smcFunc['db_fetch_assoc']($request); + $smcFunc['db_free_result']($request); + + censorText($row_quoted['subject']); + censorText($row_quoted['body']); + + $context['quoted_message'] = array( + 'id' => $row_quoted['id_pm'], + 'pm_head' => $row_quoted['pm_head'], + 'member' => array( + 'name' => $row_quoted['real_name'], + 'username' => $row_quoted['member_name'], + 'id' => $row_quoted['id_member'], + 'href' => !empty($row_quoted['id_member']) ? $scripturl . '?action=profile;u=' . $row_quoted['id_member'] : '', + 'link' => !empty($row_quoted['id_member']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row_quoted['id_member'] . '">' . $row_quoted['real_name'] . '</a>' : $row_quoted['real_name'], + ), + 'subject' => $row_quoted['subject'], + 'time' => timeformat($row_quoted['msgtime']), + 'timestamp' => forum_time(true, $row_quoted['msgtime']), + 'body' => parse_bbc($row_quoted['body'], true, 'pm' . $row_quoted['id_pm']), + ); + } + + // Build the link tree.... + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=send', + 'name' => $txt['new_message'] + ); + + // Set each of the errors for the template. + loadLanguage('Errors'); + $context['post_error'] = array( + 'messages' => array(), + ); + foreach ($error_types as $error_type) + { + $context['post_error'][$error_type] = true; + if (isset($txt['error_' . $error_type])) + { + if ($error_type == 'long_message') + $txt['error_' . $error_type] = sprintf($txt['error_' . $error_type], $modSettings['max_messageLength']); + $context['post_error']['messages'][] = $txt['error_' . $error_type]; + } + } + + // We need to load the editor once more. + require_once($sourcedir . '/Subs-Editor.php'); + + // Create it... + $editorOptions = array( + 'id' => 'message', + 'value' => $context['message'], + 'width' => '90%', + 'labels' => array( + 'post_button' => $txt['send_message'], + ), + ); + create_control_richedit($editorOptions); + + // ... and store the ID again... + $context['post_box_name'] = $editorOptions['id']; + + // Check whether we need to show the code again. + $context['require_verification'] = !$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']; + if ($context['require_verification']) + { + require_once($sourcedir . '/Subs-Editor.php'); + $verificationOptions = array( + 'id' => 'pm', + ); + $context['require_verification'] = create_control_verification($verificationOptions); + $context['visual_verification_id'] = $verificationOptions['id']; + } + + $context['to_value'] = empty($named_recipients['to']) ? '' : '"' . implode('", "', $named_recipients['to']) . '"'; + $context['bcc_value'] = empty($named_recipients['bcc']) ? '' : '"' . implode('", "', $named_recipients['bcc']) . '"'; + + // No check for the previous submission is needed. + checkSubmitOnce('free'); + + // Acquire a new form sequence number. + checkSubmitOnce('register'); +} + +// Send it! +function MessagePost2() +{ + global $txt, $context, $sourcedir; + global $user_info, $modSettings, $scripturl, $smcFunc; + + isAllowedTo('pm_send'); + require_once($sourcedir . '/Subs-Auth.php'); + + loadLanguage('PersonalMessage', '', false); + + // Extract out the spam settings - it saves database space! + list ($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); + + // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! + if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') + { + // How many have they sent this last hour? + $request = $smcFunc['db_query']('', ' + SELECT COUNT(pr.id_pm) AS post_count + FROM {db_prefix}personal_messages AS pm + INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm) + WHERE pm.id_member_from = {int:current_member} + AND pm.msgtime > {int:msgtime}', + array( + 'current_member' => $user_info['id'], + 'msgtime' => time() - 3600, + ) + ); + list ($postCount) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) + fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); + } + + // If we came from WYSIWYG then turn it back into BBC regardless. + if (!empty($_POST['message_mode']) && isset($_POST['message'])) + { + require_once($sourcedir . '/Subs-Editor.php'); + $_POST['message'] = html_to_bbc($_POST['message']); + + // We need to unhtml it now as it gets done shortly. + $_POST['message'] = un_htmlspecialchars($_POST['message']); + + // We need this in case of errors etc. + $_REQUEST['message'] = $_POST['message']; + } + + // Initialize the errors we're about to make. + $post_errors = array(); + + // If your session timed out, show an error, but do allow to re-submit. + if (checkSession('post', '', false) != '') + $post_errors[] = 'session_timeout'; + + $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; + $_REQUEST['to'] = empty($_POST['to']) ? (empty($_GET['to']) ? '' : $_GET['to']) : $_POST['to']; + $_REQUEST['bcc'] = empty($_POST['bcc']) ? (empty($_GET['bcc']) ? '' : $_GET['bcc']) : $_POST['bcc']; + + // Route the input from the 'u' parameter to the 'to'-list. + if (!empty($_POST['u'])) + $_POST['recipient_to'] = explode(',', $_POST['u']); + + // Construct the list of recipients. + $recipientList = array(); + $namedRecipientList = array(); + $namesNotFound = array(); + foreach (array('to', 'bcc') as $recipientType) + { + // First, let's see if there's user ID's given. + $recipientList[$recipientType] = array(); + if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) + { + foreach ($_POST['recipient_' . $recipientType] as $recipient) + $recipientList[$recipientType][] = (int) $recipient; + } + + // Are there also literal names set? + if (!empty($_REQUEST[$recipientType])) + { + // We're going to take out the "s anyway ;). + $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"')); + + preg_match_all('~"([^"]+)"~', $recipientString, $matches); + $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString)))); + + foreach ($namedRecipientList[$recipientType] as $index => $recipient) + { + if (strlen(trim($recipient)) > 0) + $namedRecipientList[$recipientType][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($recipient))); + else + unset($namedRecipientList[$recipientType][$index]); + } + + if (!empty($namedRecipientList[$recipientType])) + { + $foundMembers = findMembers($namedRecipientList[$recipientType]); + + // Assume all are not found, until proven otherwise. + $namesNotFound[$recipientType] = $namedRecipientList[$recipientType]; + + foreach ($foundMembers as $member) + { + $testNames = array( + $smcFunc['strtolower']($member['username']), + $smcFunc['strtolower']($member['name']), + $smcFunc['strtolower']($member['email']), + ); + + if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) + { + $recipientList[$recipientType][] = $member['id']; + + // Get rid of this username, since we found it. + $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames); + } + } + } + } + + // Selected a recipient to be deleted? Remove them now. + if (!empty($_POST['delete_recipient'])) + $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient'])); + + // Make sure we don't include the same name twice + $recipientList[$recipientType] = array_unique($recipientList[$recipientType]); + } + + // Are we changing the recipients some how? + $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']); + + // Check if there's at least one recipient. + if (empty($recipientList['to']) && empty($recipientList['bcc'])) + $post_errors[] = 'no_to'; + + // Make sure that we remove the members who did get it from the screen. + if (!$is_recipient_change) + { + foreach ($recipientList as $recipientType => $dummy) + { + if (!empty($namesNotFound[$recipientType])) + { + $post_errors[] = 'bad_' . $recipientType; + + // Since we already have a post error, remove the previous one. + $post_errors = array_diff($post_errors, array('no_to')); + + foreach ($namesNotFound[$recipientType] as $name) + $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); + } + } + } + + // Did they make any mistakes? + if ($_REQUEST['subject'] == '') + $post_errors[] = 'no_subject'; + if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') + $post_errors[] = 'no_message'; + elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) + $post_errors[] = 'long_message'; + else + { + // Preparse the message. + $message = $_REQUEST['message']; + preparsecode($message); + + // Make sure there's still some content left without the tags. + if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) + $post_errors[] = 'no_message'; + } + + // Wrong verification code? + if (!$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) + { + require_once($sourcedir . '/Subs-Editor.php'); + $verificationOptions = array( + 'id' => 'pm', + ); + $context['require_verification'] = create_control_verification($verificationOptions, true); + + if (is_array($context['require_verification'])) + { + $post_errors = array_merge($post_errors, $context['require_verification']); + } + } + + // If they did, give a chance to make ammends. + if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview'])) + return messagePostError($post_errors, $namedRecipientList, $recipientList); + + // Want to take a second glance before you send? + if (isset($_REQUEST['preview'])) + { + // Set everything up to be displayed. + $context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']); + $context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES); + preparsecode($context['preview_message'], true); + + // Parse out the BBC if it is enabled. + $context['preview_message'] = parse_bbc($context['preview_message']); + + // Censor, as always. + censorText($context['preview_subject']); + censorText($context['preview_message']); + + // Set a descriptive title. + $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject']; + + // Pretend they messed up but don't ignore if they really did :P. + return messagePostError($post_errors, $namedRecipientList, $recipientList); + } + + // Adding a recipient cause javascript ain't working? + elseif ($is_recipient_change) + { + // Maybe we couldn't find one? + foreach ($namesNotFound as $recipientType => $names) + { + $post_errors[] = 'bad_' . $recipientType; + foreach ($names as $name) + $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); + } + + return messagePostError(array(), $namedRecipientList, $recipientList); + } + + // Before we send the PM, let's make sure we don't have an abuse of numbers. + elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) + { + $context['send_log'] = array( + 'sent' => array(), + 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])), + ); + return messagePostError($post_errors, $namedRecipientList, $recipientList); + } + + // Protect from message spamming. + spamProtection('pm'); + + // Prevent double submission of this form. + checkSubmitOnce('check'); + + // Do the actual sending of the PM. + if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) + $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0); + else + $context['send_log'] = array( + 'sent' => array(), + 'failed' => array() + ); + + // Mark the message as "replied to". + if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') + { + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET is_read = is_read | 2 + WHERE id_pm = {int:replied_to} + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'replied_to' => (int) $_REQUEST['replied_to'], + ) + ); + } + + // If one or more of the recipient were invalid, go back to the post screen with the failed usernames. + if (!empty($context['send_log']['failed'])) + return messagePostError($post_errors, $namesNotFound, array( + 'to' => array_intersect($recipientList['to'], $context['send_log']['failed']), + 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed']) + )); + + // Message sent successfully? + if (!empty($context['send_log']) && empty($context['send_log']['failed'])) + $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent'; + + // Go back to the where they sent from, if possible... + redirectexit($context['current_label_redirect']); +} + +// This function lists all buddies for wireless protocols. +function WirelessAddBuddy() +{ + global $scripturl, $txt, $user_info, $context, $smcFunc; + + isAllowedTo('pm_send'); + $context['page_title'] = $txt['wireless_pm_add_buddy']; + + $current_buddies = empty($_REQUEST['u']) ? array() : explode(',', $_REQUEST['u']); + foreach ($current_buddies as $key => $buddy) + $current_buddies[$key] = (int) $buddy; + + $base_url = $scripturl . '?action=pm;sa=send;u=' . (empty($current_buddies) ? '' : implode(',', $current_buddies) . ','); + $context['pm_href'] = $scripturl . '?action=pm;sa=send' . (empty($current_buddies) ? '' : ';u=' . implode(',', $current_buddies)); + + $context['buddies'] = array(); + if (!empty($user_info['buddies'])) + { + $request = $smcFunc['db_query']('', ' + SELECT id_member, real_name + FROM {db_prefix}members + WHERE id_member IN ({array_int:buddy_list}) + ORDER BY real_name + LIMIT ' . count($user_info['buddies']), + array( + 'buddy_list' => $user_info['buddies'], + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $context['buddies'][] = array( + 'id' => $row['id_member'], + 'name' => $row['real_name'], + 'selected' => in_array($row['id_member'], $current_buddies), + 'add_href' => $base_url . $row['id_member'], + ); + $smcFunc['db_free_result']($request); + } +} + +// This function performs all additional stuff... +function MessageActionsApply() +{ + global $txt, $context, $user_info, $options, $smcFunc; + + checkSession('request'); + + if (isset($_REQUEST['del_selected'])) + $_REQUEST['pm_action'] = 'delete'; + + if (isset($_REQUEST['pm_action']) && $_REQUEST['pm_action'] != '' && !empty($_REQUEST['pms']) && is_array($_REQUEST['pms'])) + { + foreach ($_REQUEST['pms'] as $pm) + $_REQUEST['pm_actions'][(int) $pm] = $_REQUEST['pm_action']; + } + + if (empty($_REQUEST['pm_actions'])) + redirectexit($context['current_label_redirect']); + + // If we are in conversation, we may need to apply this to every message in the conversation. + if ($context['display_mode'] == 2 && isset($_REQUEST['conversation'])) + { + $id_pms = array(); + foreach ($_REQUEST['pm_actions'] as $pm => $dummy) + $id_pms[] = (int) $pm; + + $request = $smcFunc['db_query']('', ' + SELECT id_pm_head, id_pm + FROM {db_prefix}personal_messages + WHERE id_pm IN ({array_int:id_pms})', + array( + 'id_pms' => $id_pms, + ) + ); + $pm_heads = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $pm_heads[$row['id_pm_head']] = $row['id_pm']; + $smcFunc['db_free_result']($request); + + $request = $smcFunc['db_query']('', ' + SELECT id_pm, id_pm_head + FROM {db_prefix}personal_messages + WHERE id_pm_head IN ({array_int:pm_heads})', + array( + 'pm_heads' => array_keys($pm_heads), + ) + ); + // Copy the action from the single to PM to the others. + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + if (isset($pm_heads[$row['id_pm_head']]) && isset($_REQUEST['pm_actions'][$pm_heads[$row['id_pm_head']]])) + $_REQUEST['pm_actions'][$row['id_pm']] = $_REQUEST['pm_actions'][$pm_heads[$row['id_pm_head']]]; + } + $smcFunc['db_free_result']($request); + } + + $to_delete = array(); + $to_label = array(); + $label_type = array(); + foreach ($_REQUEST['pm_actions'] as $pm => $action) + { + if ($action === 'delete') + $to_delete[] = (int) $pm; + else + { + if (substr($action, 0, 4) == 'add_') + { + $type = 'add'; + $action = substr($action, 4); + } + elseif (substr($action, 0, 4) == 'rem_') + { + $type = 'rem'; + $action = substr($action, 4); + } + else + $type = 'unk'; + + if ($action == '-1' || $action == '0' || (int) $action > 0) + { + $to_label[(int) $pm] = (int) $action; + $label_type[(int) $pm] = $type; + } + } + } + + // Deleting, it looks like? + if (!empty($to_delete)) + deleteMessages($to_delete, $context['display_mode'] == 2 ? null : $context['folder']); + + // Are we labeling anything? + if (!empty($to_label) && $context['folder'] == 'inbox') + { + $updateErrors = 0; + + // Get information about each message... + $request = $smcFunc['db_query']('', ' + SELECT id_pm, labels + FROM {db_prefix}pm_recipients + WHERE id_member = {int:current_member} + AND id_pm IN ({array_int:to_label}) + LIMIT ' . count($to_label), + array( + 'current_member' => $user_info['id'], + 'to_label' => array_keys($to_label), + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + $labels = $row['labels'] == '' ? array('-1') : explode(',', trim($row['labels'])); + + // Already exists? Then... unset it! + $ID_LABEL = array_search($to_label[$row['id_pm']], $labels); + if ($ID_LABEL !== false && $label_type[$row['id_pm']] !== 'add') + unset($labels[$ID_LABEL]); + elseif ($label_type[$row['id_pm']] !== 'rem') + $labels[] = $to_label[$row['id_pm']]; + + if (!empty($options['pm_remove_inbox_label']) && $to_label[$row['id_pm']] != '-1' && ($key = array_search('-1', $labels)) !== false) + unset($labels[$key]); + + $set = implode(',', array_unique($labels)); + if ($set == '') + $set = '-1'; + + // Check that this string isn't going to be too large for the database. + if ($set > 60) + $updateErrors++; + else + { + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET labels = {string:labels} + WHERE id_pm = {int:id_pm} + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $row['id_pm'], + 'labels' => $set, + ) + ); + } + } + $smcFunc['db_free_result']($request); + + // Any errors? + // !!! Separate the sprintf? + if (!empty($updateErrors)) + fatal_lang_error('labels_too_many', true, array($updateErrors)); + } + + // Back to the folder. + $_SESSION['pm_selected'] = array_keys($to_label); + redirectexit($context['current_label_redirect'] . (count($to_label) == 1 ? '#msg' . $_SESSION['pm_selected'][0] : ''), count($to_label) == 1 && $context['browser']['is_ie']); +} + +// Are you sure you want to PERMANENTLY (mostly) delete ALL your messages? +function MessageKillAllQuery() +{ + global $txt, $context; + + // Only have to set up the template.... + $context['sub_template'] = 'ask_delete'; + $context['page_title'] = $txt['delete_all']; + $context['delete_all'] = $_REQUEST['f'] == 'all'; + + // And set the folder name... + $txt['delete_all'] = str_replace('PMBOX', $context['folder'] != 'sent' ? $txt['inbox'] : $txt['sent_items'], $txt['delete_all']); +} + +// Delete ALL the messages! +function MessageKillAll() +{ + global $context; + + checkSession('get'); + + // If all then delete all messages the user has. + if ($_REQUEST['f'] == 'all') + deleteMessages(null, null); + // Otherwise just the selected folder. + else + deleteMessages(null, $_REQUEST['f'] != 'sent' ? 'inbox' : 'sent'); + + // Done... all gone. + redirectexit($context['current_label_redirect']); +} + +// This function allows the user to delete all messages older than so many days. +function MessagePrune() +{ + global $txt, $context, $user_info, $scripturl, $smcFunc; + + // Actually delete the messages. + if (isset($_REQUEST['age'])) + { + checkSession(); + + // Calculate the time to delete before. + $deleteTime = max(0, time() - (86400 * (int) $_REQUEST['age'])); + + // Array to store the IDs in. + $toDelete = array(); + + // Select all the messages they have sent older than $deleteTime. + $request = $smcFunc['db_query']('', ' + SELECT id_pm + FROM {db_prefix}personal_messages + WHERE deleted_by_sender = {int:not_deleted} + AND id_member_from = {int:current_member} + AND msgtime < {int:msgtime}', + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + 'msgtime' => $deleteTime, + ) + ); + while ($row = $smcFunc['db_fetch_row']($request)) + $toDelete[] = $row[0]; + $smcFunc['db_free_result']($request); + + // Select all messages in their inbox older than $deleteTime. + $request = $smcFunc['db_query']('', ' + SELECT pmr.id_pm + FROM {db_prefix}pm_recipients AS pmr + INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm) + WHERE pmr.deleted = {int:not_deleted} + AND pmr.id_member = {int:current_member} + AND pm.msgtime < {int:msgtime}', + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + 'msgtime' => $deleteTime, + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $toDelete[] = $row['id_pm']; + $smcFunc['db_free_result']($request); + + // Delete the actual messages. + deleteMessages($toDelete); + + // Go back to their inbox. + redirectexit($context['current_label_redirect']); + } + + // Build the link tree elements. + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=prune', + 'name' => $txt['pm_prune'] + ); + + $context['sub_template'] = 'prune'; + $context['page_title'] = $txt['pm_prune']; +} + +// Delete the specified personal messages. +function deleteMessages($personal_messages, $folder = null, $owner = null) +{ + global $user_info, $smcFunc; + + if ($owner === null) + $owner = array($user_info['id']); + elseif (empty($owner)) + return; + elseif (!is_array($owner)) + $owner = array($owner); + + if ($personal_messages !== null) + { + if (empty($personal_messages) || !is_array($personal_messages)) + return; + + foreach ($personal_messages as $index => $delete_id) + $personal_messages[$index] = (int) $delete_id; + + $where = ' + AND id_pm IN ({array_int:pm_list})'; + } + else + $where = ''; + + if ($folder == 'sent' || $folder === null) + { + $smcFunc['db_query']('', ' + UPDATE {db_prefix}personal_messages + SET deleted_by_sender = {int:is_deleted} + WHERE id_member_from IN ({array_int:member_list}) + AND deleted_by_sender = {int:not_deleted}' . $where, + array( + 'member_list' => $owner, + 'is_deleted' => 1, + 'not_deleted' => 0, + 'pm_list' => $personal_messages !== null ? array_unique($personal_messages) : array(), + ) + ); + } + if ($folder != 'sent' || $folder === null) + { + // Calculate the number of messages each member's gonna lose... + $request = $smcFunc['db_query']('', ' + SELECT id_member, COUNT(*) AS num_deleted_messages, CASE WHEN is_read & 1 >= 1 THEN 1 ELSE 0 END AS is_read + FROM {db_prefix}pm_recipients + WHERE id_member IN ({array_int:member_list}) + AND deleted = {int:not_deleted}' . $where . ' + GROUP BY id_member, is_read', + array( + 'member_list' => $owner, + 'not_deleted' => 0, + 'pm_list' => $personal_messages !== null ? array_unique($personal_messages) : array(), + ) + ); + // ...And update the statistics accordingly - now including unread messages!. + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + if ($row['is_read']) + updateMemberData($row['id_member'], array('instant_messages' => $where == '' ? 0 : 'instant_messages - ' . $row['num_deleted_messages'])); + else + updateMemberData($row['id_member'], array('instant_messages' => $where == '' ? 0 : 'instant_messages - ' . $row['num_deleted_messages'], 'unread_messages' => $where == '' ? 0 : 'unread_messages - ' . $row['num_deleted_messages'])); + + // If this is the current member we need to make their message count correct. + if ($user_info['id'] == $row['id_member']) + { + $user_info['messages'] -= $row['num_deleted_messages']; + if (!($row['is_read'])) + $user_info['unread_messages'] -= $row['num_deleted_messages']; + } + } + $smcFunc['db_free_result']($request); + + // Do the actual deletion. + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET deleted = {int:is_deleted} + WHERE id_member IN ({array_int:member_list}) + AND deleted = {int:not_deleted}' . $where, + array( + 'member_list' => $owner, + 'is_deleted' => 1, + 'not_deleted' => 0, + 'pm_list' => $personal_messages !== null ? array_unique($personal_messages) : array(), + ) + ); + } + + // If sender and recipients all have deleted their message, it can be removed. + $request = $smcFunc['db_query']('', ' + SELECT pm.id_pm AS sender, pmr.id_pm + FROM {db_prefix}personal_messages AS pm + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm AND pmr.deleted = {int:not_deleted}) + WHERE pm.deleted_by_sender = {int:is_deleted} + ' . str_replace('id_pm', 'pm.id_pm', $where) . ' + GROUP BY sender, pmr.id_pm + HAVING pmr.id_pm IS null', + array( + 'not_deleted' => 0, + 'is_deleted' => 1, + 'pm_list' => $personal_messages !== null ? array_unique($personal_messages) : array(), + ) + ); + $remove_pms = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $remove_pms[] = $row['sender']; + $smcFunc['db_free_result']($request); + + if (!empty($remove_pms)) + { + $smcFunc['db_query']('', ' + DELETE FROM {db_prefix}personal_messages + WHERE id_pm IN ({array_int:pm_list})', + array( + 'pm_list' => $remove_pms, + ) + ); + + $smcFunc['db_query']('', ' + DELETE FROM {db_prefix}pm_recipients + WHERE id_pm IN ({array_int:pm_list})', + array( + 'pm_list' => $remove_pms, + ) + ); + } + + // Any cached numbers may be wrong now. + cache_put_data('labelCounts:' . $user_info['id'], null, 720); +} + +// Mark personal messages read. +function markMessages($personal_messages = null, $label = null, $owner = null) +{ + global $user_info, $context, $smcFunc; + + if ($owner === null) + $owner = $user_info['id']; + + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET is_read = is_read | 1 + WHERE id_member = {int:id_member} + AND NOT (is_read & 1 >= 1)' . ($label === null ? '' : ' + AND FIND_IN_SET({string:label}, labels) != 0') . ($personal_messages !== null ? ' + AND id_pm IN ({array_int:personal_messages})' : ''), + array( + 'personal_messages' => $personal_messages, + 'id_member' => $owner, + 'label' => $label, + ) + ); + + // If something wasn't marked as read, get the number of unread messages remaining. + if ($smcFunc['db_affected_rows']() > 0) + { + if ($owner == $user_info['id']) + { + foreach ($context['labels'] as $label) + $context['labels'][(int) $label['id']]['unread_messages'] = 0; + } + + $result = $smcFunc['db_query']('', ' + SELECT labels, COUNT(*) AS num + FROM {db_prefix}pm_recipients + WHERE id_member = {int:id_member} + AND NOT (is_read & 1 >= 1) + AND deleted = {int:is_not_deleted} + GROUP BY labels', + array( + 'id_member' => $owner, + 'is_not_deleted' => 0, + ) + ); + $total_unread = 0; + while ($row = $smcFunc['db_fetch_assoc']($result)) + { + $total_unread += $row['num']; + + if ($owner != $user_info['id']) + continue; + + $this_labels = explode(',', $row['labels']); + foreach ($this_labels as $this_label) + $context['labels'][(int) $this_label]['unread_messages'] += $row['num']; + } + $smcFunc['db_free_result']($result); + + // Need to store all this. + cache_put_data('labelCounts:' . $owner, $context['labels'], 720); + updateMemberData($owner, array('unread_messages' => $total_unread)); + + // If it was for the current member, reflect this in the $user_info array too. + if ($owner == $user_info['id']) + $user_info['unread_messages'] = $total_unread; + } +} + +// This function handles adding, deleting and editing labels on messages. +function ManageLabels() +{ + global $txt, $context, $user_info, $scripturl, $smcFunc; + + // Build the link tree elements... + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=manlabels', + 'name' => $txt['pm_manage_labels'] + ); + + $context['page_title'] = $txt['pm_manage_labels']; + $context['sub_template'] = 'labels'; + + $the_labels = array(); + // Add all existing labels to the array to save, slashing them as necessary... + foreach ($context['labels'] as $label) + { + if ($label['id'] != -1) + $the_labels[$label['id']] = $label['name']; + } + + if (isset($_POST[$context['session_var']])) + { + checkSession('post'); + + // This will be for updating messages. + $message_changes = array(); + $new_labels = array(); + $rule_changes = array(); + + // Will most likely need this. + LoadRules(); + + // Adding a new label? + if (isset($_POST['add'])) + { + $_POST['label'] = strtr($smcFunc['htmlspecialchars'](trim($_POST['label'])), array(',' => ',')); + + if ($smcFunc['strlen']($_POST['label']) > 30) + $_POST['label'] = $smcFunc['substr']($_POST['label'], 0, 30); + if ($_POST['label'] != '') + $the_labels[] = $_POST['label']; + } + // Deleting an existing label? + elseif (isset($_POST['delete'], $_POST['delete_label'])) + { + $i = 0; + foreach ($the_labels as $id => $name) + { + if (isset($_POST['delete_label'][$id])) + { + unset($the_labels[$id]); + $message_changes[$id] = true; + } + else + $new_labels[$id] = $i++; + } + } + // The hardest one to deal with... changes. + elseif (isset($_POST['save']) && !empty($_POST['label_name'])) + { + $i = 0; + foreach ($the_labels as $id => $name) + { + if ($id == -1) + continue; + elseif (isset($_POST['label_name'][$id])) + { + $_POST['label_name'][$id] = trim(strtr($smcFunc['htmlspecialchars']($_POST['label_name'][$id]), array(',' => ','))); + + if ($smcFunc['strlen']($_POST['label_name'][$id]) > 30) + $_POST['label_name'][$id] = $smcFunc['substr']($_POST['label_name'][$id], 0, 30); + if ($_POST['label_name'][$id] != '') + { + $the_labels[(int) $id] = $_POST['label_name'][$id]; + $new_labels[$id] = $i++; + } + else + { + unset($the_labels[(int) $id]); + $message_changes[(int) $id] = true; + } + } + else + $new_labels[$id] = $i++; + } + } + + // Save the label status. + updateMemberData($user_info['id'], array('message_labels' => implode(',', $the_labels))); + + // Update all the messages currently with any label changes in them! + if (!empty($message_changes)) + { + $searchArray = array_keys($message_changes); + + if (!empty($new_labels)) + { + for ($i = max($searchArray) + 1, $n = max(array_keys($new_labels)); $i <= $n; $i++) + $searchArray[] = $i; + } + + // Now find the messages to change. + $request = $smcFunc['db_query']('', ' + SELECT id_pm, labels + FROM {db_prefix}pm_recipients + WHERE FIND_IN_SET({raw:find_label_implode}, labels) != 0 + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'find_label_implode' => '\'' . implode('\', labels) != 0 OR FIND_IN_SET(\'', $searchArray) . '\'', + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + // Do the long task of updating them... + $toChange = explode(',', $row['labels']); + + foreach ($toChange as $key => $value) + if (in_array($value, $searchArray)) + { + if (isset($new_labels[$value])) + $toChange[$key] = $new_labels[$value]; + else + unset($toChange[$key]); + } + + if (empty($toChange)) + $toChange[] = '-1'; + + // Update the message. + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET labels = {string:new_labels} + WHERE id_pm = {int:id_pm} + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $row['id_pm'], + 'new_labels' => implode(',', array_unique($toChange)), + ) + ); + } + $smcFunc['db_free_result']($request); + + // Now do the same the rules - check through each rule. + foreach ($context['rules'] as $k => $rule) + { + // Each action... + foreach ($rule['actions'] as $k2 => $action) + { + if ($action['t'] != 'lab' || !in_array($action['v'], $searchArray)) + continue; + + $rule_changes[] = $rule['id']; + // If we're here we have a label which is either changed or gone... + if (isset($new_labels[$action['v']])) + $context['rules'][$k]['actions'][$k2]['v'] = $new_labels[$action['v']]; + else + unset($context['rules'][$k]['actions'][$k2]); + } + } + } + + // If we have rules to change do so now. + if (!empty($rule_changes)) + { + $rule_changes = array_unique($rule_changes); + // Update/delete as appropriate. + foreach ($rule_changes as $k => $id) + if (!empty($context['rules'][$id]['actions'])) + { + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_rules + SET actions = {string:actions} + WHERE id_rule = {int:id_rule} + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'id_rule' => $id, + 'actions' => serialize($context['rules'][$id]['actions']), + ) + ); + unset($rule_changes[$k]); + } + + // Anything left here means it's lost all actions... + if (!empty($rule_changes)) + $smcFunc['db_query']('', ' + DELETE FROM {db_prefix}pm_rules + WHERE id_rule IN ({array_int:rule_list}) + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'rule_list' => $rule_changes, + ) + ); + } + + // Make sure we're not caching this! + cache_put_data('labelCounts:' . $user_info['id'], null, 720); + + // To make the changes appear right away, redirect. + redirectexit('action=pm;sa=manlabels'); + } +} + +// Edit Personal Message Settings +function MessageSettings() +{ + global $txt, $user_settings, $user_info, $context, $sourcedir, $smcFunc; + global $scripturl, $profile_vars, $cur_profile, $user_profile; + + // Need this for the display. + require_once($sourcedir . '/Profile.php'); + require_once($sourcedir . '/Profile-Modify.php'); + + // We want them to submit back to here. + $context['profile_custom_submit_url'] = $scripturl . '?action=pm;sa=settings;save'; + + loadMemberData($user_info['id'], false, 'profile'); + $cur_profile = $user_profile[$user_info['id']]; + + loadLanguage('Profile'); + loadTemplate('Profile'); + + $context['page_title'] = $txt['pm_settings']; + $context['user']['is_owner'] = true; + $context['id_member'] = $user_info['id']; + $context['require_password'] = false; + $context['menu_item_selected'] = 'settings'; + $context['submit_button_text'] = $txt['pm_settings']; + $context['profile_header_text'] = $txt['personal_messages']; + + // Add our position to the linktree. + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=settings', + 'name' => $txt['pm_settings'] + ); + + // Are they saving? + if (isset($_REQUEST['save'])) + { + checkSession('post'); + + // Mimic what profile would do. + $_POST = htmltrim__recursive($_POST); + $_POST = htmlspecialchars__recursive($_POST); + + // Save the fields. + saveProfileFields(); + + if (!empty($profile_vars)) + updateMemberData($user_info['id'], $profile_vars); + } + + // Load up the fields. + pmprefs($user_info['id']); +} + +// Allows a user to report a personal message they receive to the administrator. +function ReportMessage() +{ + global $txt, $context, $scripturl, $sourcedir; + global $user_info, $language, $modSettings, $smcFunc; + + // Check that this feature is even enabled! + if (empty($modSettings['enableReportPM']) || empty($_REQUEST['pmsg'])) + fatal_lang_error('no_access', false); + + $pmsg = (int) $_REQUEST['pmsg']; + + if (!isAccessiblePM($pmsg, 'inbox')) + fatal_lang_error('no_access', false); + + $context['pm_id'] = $pmsg; + $context['page_title'] = $txt['pm_report_title']; + + // If we're here, just send the user to the template, with a few useful context bits. + if (!isset($_POST['report'])) + { + $context['sub_template'] = 'report_message'; + + // !!! I don't like being able to pick who to send it to. Favoritism, etc. sucks. + // Now, get all the administrators. + $request = $smcFunc['db_query']('', ' + SELECT id_member, real_name + FROM {db_prefix}members + WHERE id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 + ORDER BY real_name', + array( + 'admin_group' => 1, + ) + ); + $context['admins'] = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $context['admins'][$row['id_member']] = $row['real_name']; + $smcFunc['db_free_result']($request); + + // How many admins in total? + $context['admin_count'] = count($context['admins']); + } + // Otherwise, let's get down to the sending stuff. + else + { + // Check the session before proceeding any further! + checkSession('post'); + + // First, pull out the message contents, and verify it actually went to them! + $request = $smcFunc['db_query']('', ' + SELECT pm.subject, pm.body, pm.msgtime, pm.id_member_from, IFNULL(m.real_name, pm.from_name) AS sender_name + FROM {db_prefix}personal_messages AS pm + INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm) + LEFT JOIN {db_prefix}members AS m ON (m.id_member = pm.id_member_from) + WHERE pm.id_pm = {int:id_pm} + AND pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted} + LIMIT 1', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $context['pm_id'], + 'not_deleted' => 0, + ) + ); + // Can only be a hacker here! + if ($smcFunc['db_num_rows']($request) == 0) + fatal_lang_error('no_access', false); + list ($subject, $body, $time, $memberFromID, $memberFromName) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + // Remove the line breaks... + $body = preg_replace('~<br ?/?' . '>~i', "\n", $body); + + // Get any other recipients of the email. + $request = $smcFunc['db_query']('', ' + SELECT mem_to.id_member AS id_member_to, mem_to.real_name AS to_name, pmr.bcc + FROM {db_prefix}pm_recipients AS pmr + LEFT JOIN {db_prefix}members AS mem_to ON (mem_to.id_member = pmr.id_member) + WHERE pmr.id_pm = {int:id_pm} + AND pmr.id_member != {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $context['pm_id'], + ) + ); + $recipients = array(); + $hidden_recipients = 0; + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + // If it's hidden still don't reveal their names - privacy after all ;) + if ($row['bcc']) + $hidden_recipients++; + else + $recipients[] = '[url=' . $scripturl . '?action=profile;u=' . $row['id_member_to'] . ']' . $row['to_name'] . '[/url]'; + } + $smcFunc['db_free_result']($request); + + if ($hidden_recipients) + $recipients[] = sprintf($txt['pm_report_pm_hidden'], $hidden_recipients); + + // Now let's get out and loop through the admins. + $request = $smcFunc['db_query']('', ' + SELECT id_member, real_name, lngfile + FROM {db_prefix}members + WHERE (id_group = {int:admin_id} OR FIND_IN_SET({int:admin_id}, additional_groups) != 0) + ' . (empty($_POST['ID_ADMIN']) ? '' : 'AND id_member = {int:specific_admin}') . ' + ORDER BY lngfile', + array( + 'admin_id' => 1, + 'specific_admin' => isset($_POST['ID_ADMIN']) ? (int) $_POST['ID_ADMIN'] : 0, + ) + ); + + // Maybe we shouldn't advertise this? + if ($smcFunc['db_num_rows']($request) == 0) + fatal_lang_error('no_access', false); + + $memberFromName = un_htmlspecialchars($memberFromName); + + // Prepare the message storage array. + $messagesToSend = array(); + // Loop through each admin, and add them to the right language pile... + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + // Need to send in the correct language! + $cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']; + + if (!isset($messagesToSend[$cur_language])) + { + loadLanguage('PersonalMessage', $cur_language, false); + + // Make the body. + $report_body = str_replace(array('{REPORTER}', '{SENDER}'), array(un_htmlspecialchars($user_info['name']), $memberFromName), $txt['pm_report_pm_user_sent']); + $report_body .= "\n" . '[b]' . $_POST['reason'] . '[/b]' . "\n\n"; + if (!empty($recipients)) + $report_body .= $txt['pm_report_pm_other_recipients'] . ' ' . implode(', ', $recipients) . "\n\n"; + $report_body .= $txt['pm_report_pm_unedited_below'] . "\n" . '[quote author=' . (empty($memberFromID) ? '"' . $memberFromName . '"' : $memberFromName . ' link=action=profile;u=' . $memberFromID . ' date=' . $time) . ']' . "\n" . un_htmlspecialchars($body) . '[/quote]'; + + // Plonk it in the array ;) + $messagesToSend[$cur_language] = array( + 'subject' => ($smcFunc['strpos']($subject, $txt['pm_report_pm_subject']) === false ? $txt['pm_report_pm_subject'] : '') . un_htmlspecialchars($subject), + 'body' => $report_body, + 'recipients' => array( + 'to' => array(), + 'bcc' => array() + ), + ); + } + + // Add them to the list. + $messagesToSend[$cur_language]['recipients']['to'][$row['id_member']] = $row['id_member']; + } + $smcFunc['db_free_result']($request); + + // Send a different email for each language. + foreach ($messagesToSend as $lang => $message) + sendpm($message['recipients'], $message['subject'], $message['body']); + + // Give the user their own language back! + if (!empty($modSettings['userLanguage'])) + loadLanguage('PersonalMessage', '', false); + + // Leave them with a template. + $context['sub_template'] = 'report_message_complete'; + } +} + +// List all rules, and allow adding/entering etc.... +function ManageRules() +{ + global $txt, $context, $user_info, $scripturl, $smcFunc; + + // The link tree - gotta have this :o + $context['linktree'][] = array( + 'url' => $scripturl . '?action=pm;sa=manrules', + 'name' => $txt['pm_manage_rules'] + ); + + $context['page_title'] = $txt['pm_manage_rules']; + $context['sub_template'] = 'rules'; + + // Load them... load them!! + LoadRules(); + + // Likely to need all the groups! + $request = $smcFunc['db_query']('', ' + SELECT mg.id_group, mg.group_name, IFNULL(gm.id_member, 0) AS can_moderate, mg.hidden + FROM {db_prefix}membergroups AS mg + LEFT JOIN {db_prefix}group_moderators AS gm ON (gm.id_group = mg.id_group AND gm.id_member = {int:current_member}) + WHERE mg.min_posts = {int:min_posts} + AND mg.id_group != {int:moderator_group} + AND mg.hidden = {int:not_hidden} + ORDER BY mg.group_name', + array( + 'current_member' => $user_info['id'], + 'min_posts' => -1, + 'moderator_group' => 3, + 'not_hidden' => 0, + ) + ); + $context['groups'] = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + // Hide hidden groups! + if ($row['hidden'] && !$row['can_moderate'] && !allowedTo('manage_membergroups')) + continue; + + $context['groups'][$row['id_group']] = $row['group_name']; + } + $smcFunc['db_free_result']($request); + + // Applying all rules? + if (isset($_GET['apply'])) + { + checkSession('get'); + + ApplyRules(true); + redirectexit('action=pm;sa=manrules'); + } + // Editing a specific one? + if (isset($_GET['add'])) + { + $context['rid'] = isset($_GET['rid']) && isset($context['rules'][$_GET['rid']])? (int) $_GET['rid'] : 0; + $context['sub_template'] = 'add_rule'; + + // Current rule information... + if ($context['rid']) + { + $context['rule'] = $context['rules'][$context['rid']]; + $members = array(); + // Need to get member names! + foreach ($context['rule']['criteria'] as $k => $criteria) + if ($criteria['t'] == 'mid' && !empty($criteria['v'])) + $members[(int) $criteria['v']] = $k; + + if (!empty($members)) + { + $request = $smcFunc['db_query']('', ' + SELECT id_member, member_name + FROM {db_prefix}members + WHERE id_member IN ({array_int:member_list})', + array( + 'member_list' => array_keys($members), + ) + ); + while ($row = $smcFunc['db_fetch_assoc']($request)) + $context['rule']['criteria'][$members[$row['id_member']]]['v'] = $row['member_name']; + $smcFunc['db_free_result']($request); + } + } + else + $context['rule'] = array( + 'id' => '', + 'name' => '', + 'criteria' => array(), + 'actions' => array(), + 'logic' => 'and', + ); + } + // Saving? + elseif (isset($_GET['save'])) + { + checkSession('post'); + $context['rid'] = isset($_GET['rid']) && isset($context['rules'][$_GET['rid']])? (int) $_GET['rid'] : 0; + + // Name is easy! + $ruleName = $smcFunc['htmlspecialchars'](trim($_POST['rule_name'])); + if (empty($ruleName)) + fatal_lang_error('pm_rule_no_name', false); + + // Sanity check... + if (empty($_POST['ruletype']) || empty($_POST['acttype'])) + fatal_lang_error('pm_rule_no_criteria', false); + + // Let's do the criteria first - it's also hardest! + $criteria = array(); + foreach ($_POST['ruletype'] as $ind => $type) + { + // Check everything is here... + if ($type == 'gid' && (!isset($_POST['ruledefgroup'][$ind]) || !isset($context['groups'][$_POST['ruledefgroup'][$ind]]))) + continue; + elseif ($type != 'bud' && !isset($_POST['ruledef'][$ind])) + continue; + + // Members need to be found. + if ($type == 'mid') + { + $name = trim($_POST['ruledef'][$ind]); + $request = $smcFunc['db_query']('', ' + SELECT id_member + FROM {db_prefix}members + WHERE real_name = {string:member_name} + OR member_name = {string:member_name}', + array( + 'member_name' => $name, + ) + ); + if ($smcFunc['db_num_rows']($request) == 0) + continue; + list ($memID) = $smcFunc['db_fetch_row']($request); + $smcFunc['db_free_result']($request); + + $criteria[] = array('t' => 'mid', 'v' => $memID); + } + elseif ($type == 'bud') + $criteria[] = array('t' => 'bud', 'v' => 1); + elseif ($type == 'gid') + $criteria[] = array('t' => 'gid', 'v' => (int) $_POST['ruledefgroup'][$ind]); + elseif (in_array($type, array('sub', 'msg')) && trim($_POST['ruledef'][$ind]) != '') + $criteria[] = array('t' => $type, 'v' => $smcFunc['htmlspecialchars'](trim($_POST['ruledef'][$ind]))); + } + + // Also do the actions! + $actions = array(); + $doDelete = 0; + $isOr = $_POST['rule_logic'] == 'or' ? 1 : 0; + foreach ($_POST['acttype'] as $ind => $type) + { + // Picking a valid label? + if ($type == 'lab' && (!isset($_POST['labdef'][$ind]) || !isset($context['labels'][$_POST['labdef'][$ind] - 1]))) + continue; + + // Record what we're doing. + if ($type == 'del') + $doDelete = 1; + elseif ($type == 'lab') + $actions[] = array('t' => 'lab', 'v' => (int) $_POST['labdef'][$ind] - 1); + } + + if (empty($criteria) || (empty($actions) && !$doDelete)) + fatal_lang_error('pm_rule_no_criteria', false); + + // What are we storing? + $criteria = serialize($criteria); + $actions = serialize($actions); + + // Create the rule? + if (empty($context['rid'])) + $smcFunc['db_insert']('', + '{db_prefix}pm_rules', + array( + 'id_member' => 'int', 'rule_name' => 'string', 'criteria' => 'string', 'actions' => 'string', + 'delete_pm' => 'int', 'is_or' => 'int', + ), + array( + $user_info['id'], $ruleName, $criteria, $actions, $doDelete, $isOr, + ), + array('id_rule') + ); + else + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_rules + SET rule_name = {string:rule_name}, criteria = {string:criteria}, actions = {string:actions}, + delete_pm = {int:delete_pm}, is_or = {int:is_or} + WHERE id_rule = {int:id_rule} + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'delete_pm' => $doDelete, + 'is_or' => $isOr, + 'id_rule' => $context['rid'], + 'rule_name' => $ruleName, + 'criteria' => $criteria, + 'actions' => $actions, + ) + ); + + redirectexit('action=pm;sa=manrules'); + } + // Deleting? + elseif (isset($_POST['delselected']) && !empty($_POST['delrule'])) + { + checkSession('post'); + $toDelete = array(); + foreach ($_POST['delrule'] as $k => $v) + $toDelete[] = (int) $k; + + if (!empty($toDelete)) + $smcFunc['db_query']('', ' + DELETE FROM {db_prefix}pm_rules + WHERE id_rule IN ({array_int:delete_list}) + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'delete_list' => $toDelete, + ) + ); + + redirectexit('action=pm;sa=manrules'); + } +} + +// This will apply rules to all unread messages. If all_messages is set will, clearly, do it to all! +function ApplyRules($all_messages = false) +{ + global $user_info, $smcFunc, $context, $options; + + // Want this - duh! + loadRules(); + + // No rules? + if (empty($context['rules'])) + return; + + // Just unread ones? + $ruleQuery = $all_messages ? '' : ' AND pmr.is_new = 1'; + + //!!! Apply all should have timeout protection! + // Get all the messages that match this. + $request = $smcFunc['db_query']('', ' + SELECT + pmr.id_pm, pm.id_member_from, pm.subject, pm.body, mem.id_group, pmr.labels + FROM {db_prefix}pm_recipients AS pmr + INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm) + LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = pm.id_member_from) + WHERE pmr.id_member = {int:current_member} + AND pmr.deleted = {int:not_deleted} + ' . $ruleQuery, + array( + 'current_member' => $user_info['id'], + 'not_deleted' => 0, + ) + ); + $actions = array(); + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + foreach ($context['rules'] as $rule) + { + $match = false; + // Loop through all the criteria hoping to make a match. + foreach ($rule['criteria'] as $criterium) + { + if (($criterium['t'] == 'mid' && $criterium['v'] == $row['id_member_from']) || ($criterium['t'] == 'gid' && $criterium['v'] == $row['id_group']) || ($criterium['t'] == 'sub' && strpos($row['subject'], $criterium['v']) !== false) || ($criterium['t'] == 'msg' && strpos($row['body'], $criterium['v']) !== false)) + $match = true; + // If we're adding and one criteria don't match then we stop! + elseif ($rule['logic'] == 'and') + { + $match = false; + break; + } + } + + // If we have a match the rule must be true - act! + if ($match) + { + if ($rule['delete']) + $actions['deletes'][] = $row['id_pm']; + else + { + foreach ($rule['actions'] as $ruleAction) + { + if ($ruleAction['t'] == 'lab') + { + // Get a basic pot started! + if (!isset($actions['labels'][$row['id_pm']])) + $actions['labels'][$row['id_pm']] = empty($row['labels']) ? array() : explode(',', $row['labels']); + $actions['labels'][$row['id_pm']][] = $ruleAction['v']; + } + } + } + } + } + } + $smcFunc['db_free_result']($request); + + // Deletes are easy! + if (!empty($actions['deletes'])) + deleteMessages($actions['deletes']); + + // Relabel? + if (!empty($actions['labels'])) + { + foreach ($actions['labels'] as $pm => $labels) + { + // Quickly check each label is valid! + $realLabels = array(); + foreach ($context['labels'] as $label) + if (in_array($label['id'], $labels) && ($label['id'] != -1 || empty($options['pm_remove_inbox_label']))) + $realLabels[] = $label['id']; + + $smcFunc['db_query']('', ' + UPDATE {db_prefix}pm_recipients + SET labels = {string:new_labels} + WHERE id_pm = {int:id_pm} + AND id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + 'id_pm' => $pm, + 'new_labels' => empty($realLabels) ? '' : implode(',', $realLabels), + ) + ); + } + } +} + +// Load up all the rules for the current user. +function LoadRules($reload = false) +{ + global $user_info, $context, $smcFunc; + + if (isset($context['rules']) && !$reload) + return; + + $request = $smcFunc['db_query']('', ' + SELECT + id_rule, rule_name, criteria, actions, delete_pm, is_or + FROM {db_prefix}pm_rules + WHERE id_member = {int:current_member}', + array( + 'current_member' => $user_info['id'], + ) + ); + $context['rules'] = array(); + // Simply fill in the data! + while ($row = $smcFunc['db_fetch_assoc']($request)) + { + $context['rules'][$row['id_rule']] = array( + 'id' => $row['id_rule'], + 'name' => $row['rule_name'], + 'criteria' => unserialize($row['criteria']), + 'actions' => unserialize($row['actions']), + 'delete' => $row['delete_pm'], + 'logic' => $row['is_or'] ? 'or' : 'and', + ); + + if ($row['delete_pm']) + $context['rules'][$row['id_rule']]['actions'][] = array('t' => 'del', 'v' => 1); + } + $smcFunc['db_free_result']($request); +} + +// Check if the PM is available to the current user. +function isAccessiblePM($pmID, $validFor = 'in_or_outbox') +{ + global $user_info, $smcFunc; + + $request = $smcFunc['db_query']('', ' + SELECT + pm.id_member_from = {int:id_current_member} AND pm.deleted_by_sender = {int:not_deleted} AS valid_for_outbox, + pmr.id_pm IS NOT NULL AS valid_for_inbox + FROM {db_prefix}personal_messages AS pm + LEFT JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm AND pmr.id_member = {int:id_current_member} AND pmr.deleted = {int:not_deleted}) + WHERE pm.id_pm = {int:id_pm} + AND ((pm.id_member_from = {int:id_current_member} AND pm.deleted_by_sender = {int:not_deleted}) OR pmr.id_pm IS NOT NULL)', + array( + 'id_pm' => $pmID, + 'id_current_member' => $user_info['id'], + 'not_deleted' => 0, + ) + ); + + if ($smcFunc['db_num_rows']($request) === 0) + { + $smcFunc['db_free_result']($request); + return false; + } + + $validationResult = $smcFunc['db_fetch_assoc']($request); + $smcFunc['db_free_result']($request); + + switch ($validFor) + { + case 'inbox': + return !empty($validationResult['valid_for_inbox']); + break; + + case 'outbox': + return !empty($validationResult['valid_for_outbox']); + break; + + case 'in_or_outbox': + return !empty($validationResult['valid_for_inbox']) || !empty($validationResult['valid_for_outbox']); + break; + + default: + trigger_error('Undefined validation type given', E_USER_ERROR); + break; + } +} + +?> \ No newline at end of file