<?php
/*******************************************************************
Name : raSMP 2.0
Copyright : 2002, Adam Alkins
Website : http://www.rasmp.com
email : hide@address.com
$Id: messages.php,v 1.14 2003/03/21 01:24:43 rasadam Exp $:
*******************************************************************/
/*******************************************************************
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the
Free Software Foundation Inc., 59 Temple Place, Suite 330,
Boston, MA 02111-1307 USA
*******************************************************************/
/*
Message Centre
*/
define('RASMP',true);
define('RASMP_ADMIN',true);
define('SCRIPT_PATH','../');
include SCRIPT_PATH.'common/extension.inc';
include SCRIPT_PATH.'common/admin_common.'.FILE_EXT;
global $config;
// Check authentication
check_auth('messages');
function do_header($title)
{
global $config;
?>
<head>
<title><?php echo $title; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style>
a.menulink:link { COLOR: #FFFFFF; TEXT-DECORATION: none }
a.menulink:visited { COLOR: #FFFFFF; TEXT-DECORATION: none }
a.menulink:hover { COLOR: #666666 }
.copyright {
font-size: 12px;
font-color: #000000;
}
a.copyright:link { COLOR: #000000; TEXT-DECORATION: none }
a.copyright:visited { COLOR: #000000; TEXT-DECORATION: none }
a.copyright:hover { COLOR: #000FFF }
</style>
</head>
<body>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="top"><font color="#666666" size="5"><?php echo stripslashes($config['site_name']); ?></font></td>
<td align="right" valign="bottom"><font color="#666666" size="5">Message Centre</font></td>
</tr>
</table>
<table width="95%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC" bgcolor="#333333">
<tr>
<td align="center" valign="middle"><font color="#FFFFFF" size="3"><a class="menulink" href="<?php echo attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"); ?>">Inbox</a>
| <a class="menulink" href="<?php echo attach_sid("messages.".FILE_EXT."?mode=compose"); ?>">Compose Message</a> | <a class="menulink" href="<?php echo attach_sid("messages.".FILE_EXT."?mode=viewsent"); ?>">Sentbox</a> | <a class="menulink" href="<?php echo attach_sid("index.".FILE_EXT); ?>">Return to the Index</a></font></td>
</tr>
</table>
<?php
}
//
// Function to generate list of folders. Isn't as simple as querying the folders table
// as the Outbox and Sendbox table are "Make-Believe"
//
function generate_folder_list()
{
global $user_data;
?>
<tr>
<td bgcolor="#0033CC"><div align="center"><strong><font color="#FFFFFF">Folders</font></strong></div></td>
</tr>
<tr>
<td><div align="center"><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"); ?>">Inbox</a><?php
// Let's query to find the total messages in the Inbox
$query = "SELECT COUNT(*) as numrows FROM ".MESSAGES_TABLE." WHERE in_folder = 1 AND message_to = ".$user_data['user_id'];
$numrows = db_fetchassoc('',$query,'Could not get folder stats for Inbox');
echo ' ('.$numrows['numrows'].')';
?></div></td>
</tr>
<tr>
<td><div align="center"><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=outbox"); ?>">Outbox</a><?php
// Query to check total for "Outbox", i.e. sent but not read by recipient
$query = "SELECT COUNT(*) as numrows FROM ".MESSAGES_TABLE." WHERE message_from = ".$user_data['user_id']." AND is_read = 0 AND in_folder <> -1";
$numrows = db_fetchassoc('',$query,'Could not get folder stats for Outbox');
echo ' ('.$numrows['numrows'].')';
?></div></td>
</tr>
<tr>
<td><div align="center"><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=viewsent"); ?>">Sentbox</a><?php
// Query to check all messages in sentbox, sent and read
$query = "SELECT COUNT(*) as numrows FROM ".MESSAGES_TABLE." WHERE message_from = ".$user_data['user_id']." AND in_folder = -1";
$numrows = db_fetchassoc('',$query,'Could not get folder stats for Sentbox');
echo ' ('.$numrows['numrows'].')';
?></div></td>
</tr>
<?php
// Get list of custom folders
$query = "SELECT folder_id, folder_name FROM ".MFOLDERS_TABLE." WHERE folder_creator = ".$user_data['user_id']." ORDER BY folder_name ASC";
$result = db_query($query,'Could not select folder list');
$rows = db_fetchrows($result);
// If there are custom folders
if(db_numrows($result)!=0)
{
?>
<tr>
<td><div align="center"> </div></td>
</tr>
<?php
for($i=0;$i<count($rows);$i++)
{
echo '
<tr>
<td><div align="center"><a href="'.attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=".$rows[$i]['folder_id']).'">'.stripslashes($rows[$i]['folder_name']);
// Count messages in these folders
$query = "SELECT COUNT(*) as numrows FROM ".MESSAGES_TABLE." WHERE in_folder = ".$rows[$i]['folder_id']." AND message_to = ".$user_data['user_id'];
$numrows = db_fetchassoc('',$query,'Could not get folder stats for Inbox');
echo '</a> ('.$numrows['numrows'].')';
echo '</div></td>
</tr>';
}
}
?>
<tr>
<td><div align="center"> </div></td>
</tr> <tr>
<td><div align="center"><em><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=createfolder"); ?>">Create New Folder</a></em></div></td>
</tr>
<tr>
<td><div align="center"><em><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=managefolders"); ?>">Manage Your Folders</a></em></div></td>
</tr>
</table>
<?php
}
switch($_GET['mode'])
{
case 'compose':
if(!isset($_POST['dosend']))
{
do_header("Admin Panel >> Messages >> New Message");
?>
<p align="center"><font color="#0033CC" size="5">Compose New Message</font></p>
<form name="form1" method="post" action="<?php echo attach_sid("messages.".FILE_EXT."?mode=compose"); ?>">
<table width="98%" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td>To:
<select name="user_id" id="user_id">
<?php
// Generate user list for recipient selection
$query = "SELECT user_id, user_name FROM ".ACCOUNTS_TABLE." ORDER BY user_name";
$rowset = db_fetchrows('',$query,'Could not select accounts list');
for($i=0;$i < count($rowset);$i++)
{
// If the user was passed in the url, we'll make it selected by default
if($_GET['user_id']==$rowset[$i]['user_id'])
{
echo '<option value="'.$rowset[$i]['user_id'].'" selected>'.stripslashes($rowset[$i]['user_name']).'</option>';
}
else
{
echo '<option value="'.$rowset[$i]['user_id'].'">'.stripslashes($rowset[$i]['user_name']).'</option>';
}
}
?>
</select></td>
</tr>
<tr>
<td>Subject:
<input name="title" type="text" id="title" size="50" maxlength="255" value="<?php echo htmlentities(urldecode($_GET['title'])); ?>" /></td>
</tr>
<tr>
<td>Body:<br>
<textarea name="body" cols="70" rows="10"><?php echo htmlentities(urldecode($_GET['body'])); ?></textarea> </td>
</tr>
<tr>
<td><div align="center">
<input type="submit" name="dosend" value="Send" />
</div></td>
</tr>
</table>
</form>
<p> </p>
<?php
display_footer();
}
else
{
if(!isset($_POST['user_id']))
{
redirect_page('No recipient specified',attach_sid("messages.".FILE_EXT."?mode=compose&title=".urlencode($_POST['title'])."&body=".urlencode($_POST['body'])));
}
$recipient = intval($_POST['user_id']);
// Check to see if the recipient exists
$query = "SELECT COUNT(*) as numrows FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$recipient;
$row = db_fetchassoc('',$query,'Could not select account');
if($row['numrows']==0)
{
redirect_page('Recipient Invalid',attach_sid("messages.".FILE_EXT."?mode=compose&title=".urlencode($_POST['title'])."&body=".urlencode($_POST['body'])));
}
if(!isset($_POST['title'])||$_POST['title']==''||$_POST['title']==' '||$_POST['title']==' ')
{
redirect_page('Subject must contain text',attach_sid("messages.".FILE_EXT."?mode=compose&body=".urlencode($_POST['body'])));
}
if(!isset($_POST['body']))
{
redirect_page('Body Invalid',attach_sid("messages.".FILE_EXT."?mode=compose&title=".urlencode($_POST['title'])));
}
$title = addslashes($_POST['title']);
$body = addslashes($_POST['body']);
$query = "INSERT INTO ".MESSAGES_TABLE." (message_from, message_to, title, body, is_read, in_folder, date_sent, date_read) VALUES(".$user_data['user_id'].",".$recipient.",'".$title."','".$body."',0,1,".time().",'')";
db_query($query, 'Could not send message');
$query = "UPDATE ".ACCOUNTS_TABLE." SET message_popup = 1 WHERE user_id = ".$recipient;
db_query($query, 'Could not update popup flag');
redirect_page('Successfully sent message',attach_sid("messages.".FILE_EXT));
}
break;
case 'createfolder':
if(!isset($_POST['docreate']))
{
do_header("Admin Panel >> Messages >> Create New Folder");
?>
<p> </p>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#CCCCCC"><div align="center"><strong>Create New Folder</strong></div></td>
</tr>
<tr>
<td><div align="center">
<form name="form" method="post" action="<?php echo attach_sid("messages.".FILE_EXT."?mode=createfolder"); ?>">
<input name="folder_name" type="text" size="25" maxlength="255" />
</div></td>
</tr>
<tr>
<td bgcolor="#CCCCCC"><div align="center">
<input type="submit" name="docreate" value="Create" />
</form>
</div></td>
</tr>
</table>
<p> </p>
<?php
display_footer();
}
else
{
if(!isset($_POST['folder_name'])||$_POST['folder_name']==''||$_POST['folder_name']=='Sentbox'||$_POST['folder_name']=='Outbox')
{
redirect_page("Folder name invalid",attach_sid("messages.".FILE_EXT."?mode=createfolder"));
}
$query = "SELECT COUNT(*) as numrows FROM ".MFOLDERS_TABLE." WHERE folder_name = '".addslashes(htmlentities($_POST['folder_name']))."' AND ( folder_creator = ".$user_data['user_id']." OR folder_creator = -1)";
$row = db_fetchassoc('',$query,'Could not look for existing folder');
if($row['numrows']!=0)
{
redirect_page('Folder Already Exists',attach_sid("messages.".FILE_EXT."?mode=createfolder"));
}
// Insert new folder record.. simple
$query = "INSERT INTO ".MFOLDERS_TABLE." (folder_name, folder_creator) VALUES('".addslashes(htmlentities($_POST['folder_name']))."',".$user_data['user_id'].")";
db_query($query,'Could not insert new folder');
redirect_page("Folder successfully created",attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
break;
case 'delete':
if(!isset($_GET['m']))
{
redirect_page("No message specified",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
$messageid = intval($_GET['m']);
// Let's see if this message exists
$query = "SELECT COUNT(*) as numrows FROM ".MESSAGES_TABLE." WHERE message_to = ".$user_data['user_id']." AND message_id = ".$messageid;
$row = db_fetchassoc('',$query,'Could not see if message exists');
if($row['numrows']==0)
{
redirect_page("Message does not exist",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
// Delete it
$query = "DELETE FROM ".MESSAGES_TABLE." WHERE message_id = ".$messageid;
db_query($query,'Could not delete message');
redirect_page("Message successfully deleted",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"),3);
break;
case 'managefolders':
switch($_GET['action'])
{
case 'delete':
if(!isset($_GET['f']))
{
redirect_page("No folder specified",attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
$folderid = intval($_GET['f']);
// Check if folder exists
$query = "SELECT COUNT(*) as numrows FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$folderid." AND folder_creator = ".$user_data['user_id'];
$row = db_fetchassoc('',$query,'Could not select folder info');
if($row['numrows']==0)
{
redirect_page("Folder does not exist",attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
// See if there are messages in this folder
$query = "SELECT COUNT(*) as numrows FROM ".MESSAGES_TABLE." WHERE in_folder = ".$folderid;
$row = db_fetchassoc('',$query,'Could not select folder info');
// If there aren't we can go ahead and delete the folder
if($row['numrows']==0)
{
$query = "DELETE FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$folderid;
db_query($query,'Could not delete folder');
redirect_page("Folder successfully deleted",attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
// From here on, we need to determine where the messages in this folder should
// go. We give the user the option to delete them or move them to another folder.
if(!isset($_POST['dodelete']))
{
do_header("Admin Panel >> Messages >> Manage Folders >> Delete");
?>
<div align="center">
<p> </p>
<p>There are messages in this folder. Select a folder to move those messages
to or select to delete them. </p>
</div>
<form name="form1" method="post" action="<?php echo attach_sid("messages.".FILE_EXT."?mode=managefolders&action=delete&f=".$folderid); ?>">
<table width="50%" border="0" align="center" cellpadding="0" cellspacing="3">
<tr>
<td><div align="center">
<select name="folder_id">
<option value="1">Inbox</option>
<?php
// Get list of folders, except one to be deleted
$query = "SELECT folder_id, folder_name FROM ".MFOLDERS_TABLE." WHERE folder_creator = ".$user_data['user_id']." AND folder_id <> ".$folderid." ORDER BY folder_name ASC";
$rowset = db_fetchrows('',$query,'Could not select folder list');
for($i = 0; $i < count($rowset); $i++)
{
echo '<option value="'.$rowset[$i]['folder_id'].'">'.stripslashes($rowset[$i]['folder_name']).'</option>';
}
?>
<option value="-1">-- Delete Messages --</option>
</select>
</div></td>
</tr>
<tr>
<td align="center"><input type="submit" name="dodelete" value="Move" /></td>
</tr>
</table>
</form>
<p> </p>
<?php
display_footer();
}
else
{
if(!isset($_POST['folder_id']))
{
redirect_page("No folder selected", attach_sid("messages.".FILE_EXT."?mode=managefolders&action=delete&f=".$folderid));
}
$movefolderid = intval($_POST['folder_id']);
// If the user decided to actually move it to another custom folder, we need to make
// sure this custom folder actually exists
if($movefolderid != 1 && $movefolderid != -1)
{
$query = "SELECT COUNT(*) as numrows FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$movefolderid." AND folder_creator = ".$user_data['user_id'];
$row = db_fetchassoc('',$query,'Could not select folder info');
if($row['numrows']==0)
{
redirect_page("Invalid Folder selected", attach_sid("messages.".FILE_EXT."?mode=managefolders&action=delete&f=".$folderid));
}
}
// If the destination folder is the same as the folder to be deleted
// (Shouldn't happen via the form but incase someone sneaky is trying something)
if($movefolderid == $folderid)
{
redirect_page("Cannot move to the same Folder", attach_sid("messages.".FILE_EXT."?mode=managefolders&action=delete&f=".$folderid));
}
// If they specified to delete the message
if($movefolderid == -1)
{
// Zap em
$query = "DELETE FROM ".MESSAGES_TABLE." WHERE in_folder = ".$folderid;
}
else
{
// Or just change the folder :P
$query = "UPDATE ".MESSAGES_TABLE." SET in_folder = ".$movefolderid." WHERE in_folder = ".$folderid;
}
db_query($query,'Could not update messages');
// And now we can delete this folder
$query = "DELETE FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$folderid;
db_query($query,'Could not delete folder');
redirect_page("Successfully deleted folder", attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
case 'rename':
if(!isset($_GET['f']))
{
redirect_page("No folder specified",attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
$folderid = intval($_GET['f']);
// Does this folder exist?
$query = "SELECT COUNT(*) as numrows FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$folderid." AND folder_creator = ".$user_data['user_id'];
$row = db_fetchassoc('',$query,'Could not select folder info');
if($row['numrows']==0)
{
redirect_page("Folder does not exist",attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
$query = "SELECT folder_name FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$folderid;
$data = db_fetchassoc('',$query,'Could not get folder data');
if(!isset($_POST['dorename']))
{
do_header("Admin Panel >> Messages >> Manage Folders >> Rename");
?>
<div align="center">
<p> </p>
<p>Change the name of the folder in the box below. Click the rename button to make the changes. (Note: No two folders can have the same name)</p>
</div>
<form name="form1" method="post" action="<?php echo attach_sid("messages.".FILE_EXT."?mode=managefolders&action=rename&f=".$folderid); ?>">
<table width="50%" border="0" align="center" cellpadding="0" cellspacing="3">
<tr>
<td><div align="center">
<input name="folder_name" type="text" size="25" maxlength="255" value="<?php echo stripslashes($data['folder_name']); ?>" />
</div></td>
</tr>
<tr>
<td align="center"><input type="submit" name="dorename" value="Rename" /></td>
</tr>
</table>
</form>
<p> </p>
<?php
display_footer();
}
else
{
if(!isset($_POST['folder_name'])||$_POST['folder_name']==''||$_POST['folder_name']=='Sentbox'||$_POST['folder_name']=='Outbox')
{
redirect_page('Folder Name Invalid',attach_sid("messages.".FILE_EXT."?mode=managefolders&action=rename&f=".$folderid));
}
$query = "SELECT COUNT(*) as numrows FROM ".MFOLDERS_TABLE." WHERE folder_name = '".addslashes(htmlentities($_POST['folder_name']))."' AND ( folder_creator = ".$user_data['user_id']." OR folder_creator = -1) AND folder_id <> ".$folderid;
$row = db_fetchassoc('',$query,'Could not look for existing folder');
if($row['numrows']!=0)
{
redirect_page('Folder Already Exists',attach_sid("messages.".FILE_EXT."?mode=managefolders&action=rename&f=".$folderid));
}
$query = "UPDATE ".MFOLDERS_TABLE." SET folder_name = '".addslashes(htmlentities($_POST['folder_name']))."' WHERE folder_id = ".$folderid;
db_query($query,'Could not rename folder');
redirect_page('Folder Renamed Successfully',attach_sid("messages.".FILE_EXT."?mode=managefolders"));
}
case 'index':
default:
do_header("Admin Panel >> Messages >> Manage Folders");
?>
<p align="center"><font color="#0066CC" size="5">Folder Management</font></p>
<table width="75%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
<tr>
<td bgcolor="#0099CC"><strong><font color="#FFFFFF"> Folder Name</font></strong></td>
<td width="65" bgcolor="#0099CC"> </td>
<td width="65" bgcolor="#0099CC"> </td>
</tr>
<?php
// Get list of custom folders
$query = "SELECT folder_id, folder_name FROM ".MFOLDERS_TABLE." WHERE folder_id <> 1 AND folder_creator = ".$user_data['user_id']." ORDER BY folder_name";
$result = db_query($query, 'Could not select folders');
while($row_data = db_fetchassoc($result))
{
?>
<tr>
<td><?php echo stripslashes($row_data['folder_name']); ?></td>
<td><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=managefolders&action=rename&f=".$row_data['folder_id']); ?>">Rename</a></td>
<td><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=managefolders&action=delete&f=".$row_data['folder_id']); ?>">Delete</a></td>
</tr>
<?php
}
?>
</table>
<div align="center"><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=createfolder"); ?>">Create New Folder</a>
<p> </p>
<?php
display_footer();
}
case 'outbox':
// Lets get the messages for this fake folder. All message sent and not read will show up
$query = "SELECT message_id, message_to, title, is_read, date_sent FROM ".MESSAGES_TABLE." WHERE message_from = ".$user_data['user_id']." AND is_read = 0 ORDER BY date_sent ASC";
$result = db_query($query,'Could not select messages');
$numrows = db_numrows($result);
$row_data = db_fetchrows($result);
do_header("Admin Panel >> Messages >> Outbox");
?>
<p align="center"><font color="#3399CC" size="5"><strong>Outbox</strong></font></p>
<table width="99%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="20%" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"><?php generate_folder_list(); ?></td>
<td width="87%" align="center" valign="top"><table width="98%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CBDCED">
<tr>
<td bgcolor="#336699"><div align="center"><strong><font color="#FFFF00">Date</font></strong></div></td>
<td bgcolor="#336699"><div align="center"><strong><font color="#FFFF00">Recipient</font></strong></div></td>
<td bgcolor="#336699"><div align="center"><strong><font color="#FFFF00">Title</font></strong></div></td>
</tr>
<?php
if($numrows==0)
{
echo '</table>
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><div align="center"><em>No Messages</em></div></td>
</tr>
</table>';
}
else
{
$colour = "#FFFFFF";
for($i = 0;$i < $numrows;$i++)
{
echo '
<tr>
<td bgcolor="'.$colour.'">'.date("M dS, Y g:iA", $row_data[$i]['date_sent']).'</td>
<td bgcolor="'.$colour.'">';
// Query to get user name from ID
$query = "SELECT user_name FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$row_data[$i]['message_to'];
$row = db_fetchassoc('',$query,'Could not select account data');
echo stripslashes($row['user_name']);
echo '
</td>
<td bgcolor="'.$colour.'"><a href="'.attach_sid("messages.".FILE_EXT."?mode=outmessage&m=".$row_data[$i]['message_id']).'">'.stripslashes($row_data[$i]['title']).'</a></td>
</tr>';
// Alternating colour of rows
if($colour == "#FFFFFF")
{
$colour = "#80AAD5";
}
else
{
$colour = "#FFFFFF";
}
}
?>
</table>
<?php
}
?>
<p><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=compose"); ?>">Compose New Message</a></p></td>
<?php
display_footer();
break;
case 'outmessage':
//
// Outmessage is for editing of messages in the outbox, before they're read
//
if(!isset($_GET['m']))
{
redirect_page("No Message Specified", attach_sid("messages.".FILE_EXT."?mode=outbox"));
}
$messageid = intval($_GET['m']);
$query = "SELECT message_to, title, body FROM ".MESSAGES_TABLE." WHERE message_id = $messageid AND message_from = ".$user_data['user_id']." AND is_read = 0";
$result = db_query($query,'Could not select message');
if(db_numrows($result)==0)
{
redirect_page("Invalid Message Specified", attach_sid("messages.".FILE_EXT."?mode=outbox"));
}
$message_data = db_fetchassoc($result);
// If the person decided to delete the message entirely
if($_GET['action']=='delete')
{
$query = "DELETE FROM ".MESSAGES_TABLE." WHERE message_id = ".$messageid;
db_query($query, 'Could not delete message');
$query = "SELECT message_popup FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$message_data['message_to'];
$row = db_fetchassoc('',$query,'Could not check popup column');
// Ok, if the person still has their message popup flagged to popup, we will take
// it off. I am aware that if the person received a subsequent message, the flag
// will be removed. But fixing this would mean adding another column, its a minor
// issue to leave, IMO.
if($row['message_popup']==1)
{
$query = "UPDATE ".ACCOUNTS_TABLE." SET message_popup = 0 WHERE user_id = ".$message_data['message_to'];
db_query($query,'Could not update accounts table');
}
redirect_page('Message Successfully Deleted',attach_sid("messages.".FILE_EXT));
}
if(isset($_GET['user_id']))
{
$message_to = intval($_GET['user_id']);
}
else
{
$message_to = $message_data['message_to'];
}
if(isset($_GET['title']))
{
$title = htmlentities(urldecode($_GET['title']));
}
else
{
$title = htmlentities(stripslashes($message_data['title']));
}
if(isset($_GET['body']))
{
$body = htmlentities(urldecode($_GET['body']));
}
else
{
$body = htmlentities(stripslashes($message_data['body']));
}
if(!isset($_POST['doupdate']))
{
do_header("Admin Panel >> Messages >> Outbox");
?>
<p> </p>
<form name="form1" method="post" action="<?php echo attach_sid("messages.".FILE_EXT."?mode=outmessage&m=".$messageid); ?>">
<table width="98%" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td>To:
<select name="user_id" id="user_id">
<?php
$query = "SELECT user_id, user_name FROM ".ACCOUNTS_TABLE." ORDER BY user_name";
$rowset = db_fetchrows('',$query,'Could not select accounts list');
for($i=0;$i < count($rowset);$i++)
{
if($rowset[$i]['user_id']==$message_to)
{
echo '<option value="'.$rowset[$i]['user_id'].'" selected>'.stripslashes($rowset[$i]['user_name']).'</option>';
}
else
{
echo '<option value="'.$rowset[$i]['user_id'].'">'.stripslashes($rowset[$i]['user_name']).'</option>';
}
}
?>
</select></td>
</tr>
<tr>
<td>Subject:
<input name="title" type="text" id="title" size="50" maxlength="255" value="<?php echo $title; ?>" /></td>
</tr>
<tr>
<td>Body:<br>
<textarea name="body" cols="70" rows="10"><?php echo $body; ?></textarea> </td>
</tr>
<tr>
<td><div align="center">
<input type="submit" name="doupdate" value="Update Message" />
</div></td>
</tr>
</table>
</form>
<p align="center">(<a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=outmessage&m=$messageid&action=delete"); ?>">Delete this Message</a>)</p></td>
<p> </p>
<?php
display_footer();
}
else
{
if(!isset($_POST['user_id']))
{
redirect_page('No recipient specified',attach_sid("messages.".FILE_EXT."?mode=outmessage&m=$messageid&title=".urlencode($_POST['title'])."&body=".urlencode($_POST['body'])));
}
$recipient = intval($_POST['user_id']);
// Validate username
$query = "SELECT COUNT(*) as numrows FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$recipient;
$row = db_fetchassoc('',$query,'Could not select account');
if($row['numrows']==0)
{
redirect_page('Recipient Invalid',attach_sid("messages.".FILE_EXT."?mode=outmessage&m=$messageid&title=".urlencode($_POST['title'])."&body=".urlencode($_POST['body'])));
}
if(!isset($_POST['title'])||$_POST['title']==''||$_POST['title']==' '||$_POST['title']==' ')
{
redirect_page('Subject must contain text',attach_sid("messages.".FILE_EXT."?mode=outmessage&m=$messageid&body=".urlencode($_POST['body'])));
}
if(!isset($_POST['body']))
{
redirect_page('Body Invalid',attach_sid("messages.".FILE_EXT."?mode=outmessage&m=$messageid&title=".urlencode($_POST['title'])));
}
$title = addslashes($_POST['title']);
$body = addslashes($_POST['body']);
// Update this message
$query = "UPDATE ".MESSAGES_TABLE." SET message_to = ".$recipient.", title = '".$title."', body = '".$body."', date_sent = ".time()." WHERE message_id = ".$messageid;
db_query($query, 'Could not update message');
redirect_page('Message Successfully Updated',attach_sid("messages.".FILE_EXT));
}
break;
case 'move':
if(!isset($_GET['m']))
{
redirect_page("No message specified",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
$messageid = intval($_GET['m']);
// Check if message exists
$query = "SELECT COUNT(*) as numrows, in_folder FROM ".MESSAGES_TABLE." WHERE message_to = ".$user_data['user_id']." AND message_id = ".$messageid." GROUP BY message_id";
$row = db_fetchassoc('',$query,'Could not see if message exists');
if($row['numrows']==0)
{
redirect_page("Message does not exist",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
if(!isset($_POST['fid']))
{
redirect_page("Message does not exist",attach_sid("messages.".FILE_EXT."?mode=viewmessage&m=".$messageid));
}
$folderid = intval($_POST['fid']);
// If the folder we are moving to is invalid
if($folderid != 1)
{
$query = "SELECT COUNT(*) as numrows FROM ".MFOLDERS_TABLE." WHERE folder_creator = ".$user_data['user_id']." AND folder_id = ".$folderid;
$data = db_fetchassoc('',$query,'Could not select folder data');
if($data['numrows']==0)
{
redirect_page("Destination Folder does not exist",attach_sid("messages.".FILE_EXT."?mode=viewmessage&m=".$messageid));
}
}
// If moving to the same folder
if($row['in_folder']==$folderid)
{
redirect_page("Message is already in that folder",attach_sid("messages.".FILE_EXT."?mode=viewmessage&m=".$messageid));
}
$query = "UPDATE ".MESSAGES_TABLE." SET in_folder = ".$folderid." WHERE message_id = ".$messageid;
db_query($query,'Could not update message');
redirect_page("Message moved successfully",attach_sid("messages.".FILE_EXT."?mode=viewmessage&m=".$messageid));
break;
case 'sentmessage':
if(!isset($_GET['m']))
{
redirect_page("No message specified",attach_sid("messages.".FILE_EXT."?mode=viewsent"));
}
$messageid = intval($_GET['m']);
$query = "SELECT message_to, title, body, in_folder, date_sent, date_read FROM ".MESSAGES_TABLE." WHERE message_from = ".$user_data['user_id']." AND in_folder = -1 AND message_id = ".$messageid;
$result = db_query($query, 'Could not select message');
if(db_numrows($result)==0)
{
redirect_page("Message does not exist",attach_sid("messages.".FILE_EXT."?mode=viewsent"));
}
if($_GET['action']=='delete')
{
$query = "DELETE FROM ".MESSAGES_TABLE." WHERE message_id = ".$messageid;
db_query($query, 'Could not delete sent message');
redirect_page("Message Successfully Deleted",attach_sid("messages".FILE_EXT."?mode=viewsent"));
}
$message_data = db_fetchassoc($result);
do_header("Admin Panel >> Messages >> ".stripslashes($message_data['title']));
?>
<p> </p><p align="center"><font color="#3399CC" size="5"><strong>Sent Message</strong></font></p><table width="98%" border="0" align="center" cellpadding="1" cellspacing="0">
<tr><td bgcolor="#E4E4E4"><strong>To:</strong></td>
<td align="center" bgcolor="#E4E4E4"><?php
$query = "SELECT user_name FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$message_data['message_to'];
$row = db_fetchassoc('',$query,'Could not select user data');
echo stripslashes($row['user_name']);
?></td></tr>
<tr>
<td><strong>Date Sent:</strong></td>
<td align="center"><?php echo date("M dS, Y g:iA", $message_data['date_sent']); ?></td>
</tr>
<tr>
<td bgcolor="#E4E4E4"><strong>Date Read:</strong></td>
<td align="center" bgcolor="#E4E4E4"><?php echo date("M dS, Y g:iA", $message_data['date_read']); ?></td>
</tr>
<tr>
<td><strong>Title:</strong></td>
<td align="center"><?php echo stripslashes(strip_tags(htmlentities($message_data['title']))); ?></td>
</tr>
<tr>
<td width="200" bgcolor="#E4E4E4"><strong>Message:</strong></td>
<td align="left" bgcolor="#E4E4E4"><blockquote><?php echo stripslashes(nl2br(strip_tags(htmlentities($message_data['body'])))); ?></blockquote></td>
</tr>
</table>
<p align="center"><font size="2">(<a href="<?php echo attach_sid("messages".FILE_EXT."?mode=sentmessage&action=delete&m=".$messageid); ?>">Delete this Message</a></font>)</p>
<p> </p>
<?php
display_footer();
break;
case 'viewmessage':
if(!isset($_GET['m']))
{
redirect_page("No message specified",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
$messageid = intval($_GET['m']);
$query = "SELECT message_from, title, body, is_read, in_folder, date_sent FROM ".MESSAGES_TABLE." WHERE message_to = ".$user_data['user_id']." AND in_folder <> -1 AND message_id = ".$messageid;
$result = db_query($query, 'Could not select message');
if(db_numrows($result)==0)
{
redirect_page("Message does not exist",attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
$message_data = db_fetchassoc($result);
do_header("Admin Panel >> Messages >> ".stripslashes($message_data['title']));
?>
<p> </p><table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="right"><form name="folderlist" method="post" action="<?php echo attach_sid("messages.".FILE_EXT."?mode=move&m=".$messageid); ?>">
Folder:
<select name="fid">
<?php
// For the Move dropdown box, since the inbox isn't going to be pulled in the query below,
// if its in the inbox, lets make it selected and display it regardless
if($message_data['in_folder']==1)
{
echo '<option value="1" selected>Inbox</option>';
}
else
{
echo '<option value="1">Inbox</option>';
}
// Select all custom folders
$query = "SELECT folder_id, folder_name FROM ".MFOLDERS_TABLE." WHERE folder_creator = ".$user_data['user_id']." ORDER BY folder_name ASC";
$rowset = db_fetchrows('',$query,'Could not select folder list');
for($i = 0; $i < count($rowset); $i++)
{
// If the message is in this folder, make it selected by default
if($message_data['in_folder'] == $rowset[$i]['folder_id'])
{
$selected = ' selected';
}
else
{
$selected = '';
}
echo '<option value="'.$rowset[$i]['folder_id'].'"'.$selected.'>'.stripslashes($rowset[$i]['folder_name']).'</option>';
}
?>
</select>
<input type="submit" name="Submit" value="Move">
</form></td>
</tr>
</table>
<table width="98%" border="0" align="center" cellpadding="1" cellspacing="0">
<tr>
<td width="1%" bgcolor="#E4E4E4"><strong>Date:</strong></td>
<td width="100%" align="center" bgcolor="#E4E4E4"><?php echo date("M dS, Y g:iA", $message_data['date_sent']); ?></td>
</tr>
<tr>
<td width="1%"><strong>From:</strong></td>
<td width="100%" align="center"><?php
$query = "SELECT user_name FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$message_data['message_from'];
$row = db_fetchassoc('',$query,'Could not select user data');
echo stripslashes($row['user_name']);
?></td>
</tr>
<tr>
<td bgcolor="#E4E4E4"><strong>Title:</strong></td>
<td align="center" bgcolor="#E4E4E4"><?php echo strip_tags(htmlentities(stripslashes($message_data['title']))); ?></td>
</tr>
<tr>
<td><strong>Message:</strong></td>
<td align="left"><blockquote><?php echo stripslashes(nl2br(strip_tags(htmlentities($message_data['body'])))); ?></blockquote></td>
</tr>
</table>
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><div align="center"><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=compose&user_id=".$message_data['message_from']."&title=".urlencode("RE: ".$message_data['title'])); ?>">Reply to Sender</a> .::. <a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=delete&m=".$messageid); ?>">Delete this message</a></div></td>
</tr>
</table>
<p> </p>
<?php
// If the message hasn't been read before, lets mark it as being read, and log the time
// and create a new message for the sentbox
if($message_data['is_read'] == 0)
{
$query = "UPDATE ".MESSAGES_TABLE." SET is_read = 1, date_read = ".time()." WHERE message_id = ".$messageid;
db_query($query, 'Could not update message data');
$query = "INSERT INTO ".MESSAGES_TABLE." (message_from, message_to, title, body, is_read, in_folder, date_sent, date_read) VALUES(".$message_data['message_from'].",".$user_data['user_id'].",'".$message_data['title']."','".$message_data['body']."',1,-1,".$message_data['date_sent'].",".time().")";
db_query($query, 'Could not insert sent message');
}
display_footer();
break;
case 'viewsent':
if($_GET['action']=='clear')
{
$query = "DELETE FROM ".MESSAGES_TABLE." WHERE in_folder = -1 AND message_from = ".$user_data['user_id'];
db_query($query,'Could not clear messages');
}
//
// Messages sent and have been read by the recipient (Fake folder)
//
$query = "SELECT message_id, message_to, title, is_read, date_sent, date_read FROM ".MESSAGES_TABLE." WHERE message_from = ".$user_data['user_id']." AND in_folder = -1 ORDER BY date_sent ASC";
$result = db_query($query,'Could not select messages');
$numrows = db_numrows($result);
$row_data = db_fetchrows($result);
do_header("Admin Panel >> Messages >> Sentbox");
?>
<p align="center"><font color="#3399CC" size="5"><strong>Sentbox</strong></font></p>
<table width="99%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="20%" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"><?php generate_folder_list(); ?></td>
<td width="87%" align="center" valign="top"><table width="98%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CBDCED">
<tr>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Date Sent</font></strong></div></td>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Date Read</font></strong></div></td>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Recipient</font></strong></div></td>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Title</font></strong></div></td>
</tr>
<?php
if($numrows==0)
{
echo '</table>
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><div align="center"><em>No Messages</em></div></td>
</tr>
</table>';
}
else
{
$colour = "#FFFFFF";
for($i = 0;$i < $numrows;$i++)
{
echo '
<tr>
<td bgcolor="'.$colour.'">'.date("M dS, Y g:iA", $row_data[$i]['date_sent']).'</td>
<td bgcolor="'.$colour.'">'.date("M dS, Y g:iA", $row_data[$i]['date_read']).'</td>
<td bgcolor="'.$colour.'">';
$query = "SELECT user_name FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$row_data[$i]['message_to'];
$row = db_fetchassoc('',$query,'Could not select account data');
echo stripslashes($row['user_name']);
echo '
</td>
<td bgcolor="'.$colour.'"><a href="'.attach_sid("messages.".FILE_EXT."?mode=sentmessage&m=".$row_data[$i]['message_id']).'">'.strip_tags(htmlentities(stripslashes($row_data[$i]['title']))).'</a></td>
</tr>';
// Alternate colour of rows
if($colour == "#FFFFFF")
{
$colour = "#80AAD5";
}
else
{
$colour = "#FFFFFF";
}
}
?>
</table>
<table width="98%" border="0" cellpadding="0" cellspacing="0">
<tr><td align="right" valign="top"><font size="2">(<a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=viewsent&action=clear"); ?>">Clear all messages</a>)</font></td></tr></table>
<?php
}
?>
<p><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=compose"); ?>">Compose New Message</a></p></td>
<?php
display_footer();
break;
case 'viewfolder':
default:
// If no folderid is specified, assume is inbox... or if its inbox self
if(!isset($_GET['f'])||$_GET['f']==1)
{
$folder = 1;
$folder_data['folder_name'] = 'Inbox';
if($user_data['message_popup']==1)
{
$query = "UPDATE ".ACCOUNTS_TABLE." SET message_popup = 0 WHERE user_id = ".$user_data['user_id'];
db_query($query, 'Could not update message popup data');
}
}
else
{
$folder = intval($_GET['f']);
// Select the folder
$query = "SELECT folder_name FROM ".MFOLDERS_TABLE." WHERE folder_id = ".$folder." AND folder_creator = ".$user_data['user_id'];
$result = db_query($query,'Could not select folder data');
// If it doesn't exist
if(db_numrows($result)==0)
{
redirect_page('Folder does not exist',attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=1"));
}
else
{
$folder_data = db_fetchassoc($result);
}
}
if($_GET['action']=='clear')
{
$query = "DELETE FROM ".MESSAGES_TABLE." WHERE in_folder = ".$folder." AND message_to = ".$user_data['user_id'];
db_query($query,'Could not clear messages');
}
// Select messages within this folder
$query = "SELECT message_id, message_from, title, is_read, date_sent FROM ".MESSAGES_TABLE." WHERE in_folder = ".$folder." AND message_to = ".$user_data['user_id']." ORDER BY date_sent ASC";
$result = db_query($query,'Could not select messages');
$numrows = db_numrows($result);
$row_data = db_fetchrows($result);
do_header("Admin Panel >> Messages >> ".stripslashes($folder_data['folder_name']));
?>
<p align="center"><font color="#3399CC" size="5"><strong><?php echo stripslashes($folder_data['folder_name']); ?></strong></font></p>
<table width="99%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="20%" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"><?php generate_folder_list(); ?></td>
<td width="87%" align="center" valign="top"><table width="98%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CBDCED">
<tr>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Date</font></strong></div></td>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Sender</font></strong></div></td>
<td bgcolor="#336699" valign="top"><div align="center"><strong><font color="#FFFF00">Title</font></strong></div></td>
</tr>
<?php
// If there are no messages
if($numrows==0)
{
echo '</table>
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><div align="center"><em>No Messages</em></div></td>
</tr>
</table>';
}
else
{
$colour = "#FFFFFF";
for($i = 0;$i < $numrows;$i++)
{
// If a message hasn't been read, lets bold it
if($row_data[$i]['is_read']==0)
{
$st = "<strong>";
$stn = "</strong>";
}
else
{
$st = '';
$stn = '';
}
echo '
<tr>
<td bgcolor="'.$colour.'">'.$st.date("M dS, Y g:iA", $row_data[$i]['date_sent']).$stn.'</td>
<td bgcolor="'.$colour.'">';
$query = "SELECT user_name FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$row_data[$i]['message_from'];
$row = db_fetchassoc('',$query,'Could not select account data');
echo $st.stripslashes($row['user_name']).$stn;
echo '
</td>
<td bgcolor="'.$colour.'">'.$st.'<a href="'.attach_sid("messages.".FILE_EXT."?mode=viewmessage&m=".$row_data[$i]['message_id']).'">'.strip_tags(htmlentities(stripslashes($row_data[$i]['title']))).'</a>'.$stn.'</td>
</tr>';
// Alternate colour of rows
if($colour == "#FFFFFF")
{
$colour = "#80AAD5";
}
else
{
$colour = "#FFFFFF";
}
}
?>
</table>
<table width="98%" border="0" cellpadding="0" cellspacing="0">
<tr><td align="right" valign="top"><font size="2">(<a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=viewfolder&f=".$folder."&action=clear"); ?>">Clear all messages</a>)</font></td></tr></table>
<?php
}
?>
<p><a href="<?php echo attach_sid("messages.".FILE_EXT."?mode=compose"); ?>">Compose New Message</a></p></td>
<?php
display_footer();
}
?>