Location: PHPKode > projects > Slashster > slashster/html/messages.php
<?


# Slashster: Open Source Friend of a Friend Software
# Copyright 2004 Mark El-Wakil
# Contact: hide@address.com
# http://seventhcycle.net
#
# This file is part of Slashster.
#
# Slashster is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Slashster is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Slashster; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

   import_request_variables("gPc");

   require_once("PageClass.php");

   $mpage = new PageClass("authonly");  
   $mpage->MembersOnly();

   if (($_SERVER[SERVER_PORT] != 443) && $mpage->sys[securenbl])
   {
        $url = $mpage->sys[secureurl];
        $url .= $_SERVER[SCRIPT_NAME];
        $url .= "?" . $_SERVER[QUERY_STRING] . "&" . sid;

        header("Location: $url");
        exit;
   }


   $mpage->Initialize("authremainder"); 


   if ($movemultok && sizeof($mid))
   {
      $sql = "select * from PrivateFolders where Owner=$mpage->IdNum AND Id = \"$movemult\" ";
      $mm  = $mpage->DoQuery($sql,1);

      if (sizeof($mm))
      {
         if ($movemult == $mpage->user[DefMailTrash])
            $newtt = ", New=0";

         foreach ($mid as $md)
         {
             $sql = "update PrivateMessage set Folder=\"$movemult\" $newtt where Id = \"$md\"
                     AND Owner = $mpage->IdNum "; 
             $mpage->DoQuery($sql);
         }
 
         $f = $movemult;

         UpdateNewCount();
      }
   }


   if ($delmult && sizeof($mid))
   {
      if ($f == $mpage->user[DefMailTrash])
      {
           foreach ($mid as $md)
           {
               $sql = "delete from PrivateMessage where Owner=$mpage->IdNum AND
                       Id = \"$md\" ";
               $mpage->DoQuery($sql);
           }

           UpdateNewCount();
      }
      else
      {
           foreach ($mid as $md)
           {
               $sql = "update PrivateMessage set Folder = ".$mpage->user[DefMailTrash].",
                       New = 0 
                       where Owner=$mpage->IdNum AND
                       Id = \"$md\" ";
               $mpage->DoQuery($sql);
           }

           UpdateNewCount();
      }
      
   }



   if ($delete)
   {
       $sql = "select * from PrivateMessage where Id = \"$r\" AND Owner = $mpage->IdNum";
       $rp = $mpage->DoQuery($sql,1);

       if (sizeof($rp))
       {
           $fld = $rp[0][Folder];

           if ($fld == $mpage->user[DefMailTrash])
           {
               $sql = "delete from PrivateMessage where Id = \"$r\" AND Owner = $mpage->IdNum";
               $mpage->DoQuery($sql);
               $f = $fld;
               $r = "";
           }
           else
           {
               $move = $mpage->user[DefMailTrash];
           }
       }      
   }

   if ($move)
   {
        $sql = "select * from PrivateFolders where Id = \"$move\" AND Owner = $mpage->IdNum";
        $rp = $mpage->DoQuery($sql,1);

        if (sizeof($rp))
        {
           $sql = "update PrivateMessage set Folder=\"$move\" where Id = \"$r\" AND 
                   Owner = \"$mpage->IdNum\" ";
           $mpage->DoQuery($sql);

           $f = $move;
           $r = "";
        }
   }




   $f = (floor($f)) ? floor($f) : $mpage->user[DefMailInbox];

?>


<table height=500px border=1 class="stdtable" width=100% cellspacing=0 
cellpadding=0>
<tr>
<td width=560 class="stdfilling">
<div style="height:500px; width=100%; overflow:auto;" align=center>
<? 
   if ($r)
   { 
      ReadMsg($r);
   }
   else
   {
      MessageList($f);
   }

 ?>
</div>
</td>
<td width=200 class="stdfilling">
<div style="height:500px; width=100%; overflow:auto;">
<?
   Folders($f);
   echo "<BR>";
   ComposeFriend();   

?>
</div>
</td>
</tr>

</table>

<?

   $mpage->ClosePage();

function ComposeFriend()
{
   global $mpage;

   $sql = "select UserTable.* from FriendTable
           left join UserTable on UserTable.Id = FriendTable.End
           where FriendTable.Start= $mpage->IdNum order by UserTable.Fname asc, UserTable.Lname asc";
   $r = $mpage->DoQuery($sql,1);

   if (!sizeof($r)) return;
?>


    <table border=1 cellspacing=0 width=100%>
<tr><td align=center class="stdtable">
<B>Compose to Friend</b>
   
</td></tr>
<tr><td align=center class="stdaltfilling">

<form method=get action="composemessage.php">
<select name="id">
  <? foreach ($r as $s) { ?>
     <option value="<?= $s[Id] ?>"> <?= $s[Fname] ?> <?= substr($s[Lname],0,1) ?>.
  <? } ?>
</select><BR><input type="submit" value="Compose" class="submit">


</td></tr>

</table>




<?


}


function ReadMsg($rd)
{
   global $mpage,$f;

   $sql = "select PrivateMessage.*,
           UserTable1.Fname as LoginA, UserTable2.Fname as LoginB,
           UserTable1.PicDefault as Pic1, UserTable2.PicDefault as Pic2,
           UNIX_TIMESTAMP(DateSent) as UT
           from PrivateMessage
           left join UserTable as UserTable1 on PrivateMessage.Start = UserTable1.Id
           left join UserTable as UserTable2 on PrivateMessage.End   = UserTable2.Id
           where Owner=$mpage->IdNum AND PrivateMessage.Id = \"$rd\" ";
   $r = $mpage->DoQuery($sql,1); 
               
   if (!count($r))
   {
       echo "No such message";
       return;
   }

   $r = $r[0];
   $f = $r[Folder];

   if ($r["New"])
   {
       $sql = "update PrivateMessage set New=0 where Id = \"$rd\" ";
       $mpage->DoQuery($sql);

       $sql = "update UserTable set NewMsgs = greatest(NewMsgs-1,0) where Id = $mpage->IdNum";
       $mpage->DoQuery($sql);

   }

   $ln  = ($f == $mpage->user[DefMailOutg]) ? "LoginB" : "LoginA";
   $lns = ($f == $mpage->user[DefMailOutg]) ? "End"    : "Start" ;
   
   $sql = "select * from PrivateFolders 
           where Owner = $mpage->IdNum AND Id != '$f' order by Special desc, Name";
   $fl  = $mpage->DoQuery($sql,1);  

   if ($r[Encrypted] && ($_POST[pass] || $_SESSION[AES]))
   {
      if ($_SESSION[AES])
      {
          $aes = $_SESSION[AES];
      }
      else
      {
          $aes = base64_decode($mpage->user[AES]);
          $sql = "select *, AES_DECRYPT(\"".mysql_escape_string($aes)."\", \"$_POST[pass]\") as AES1 from UserTable 
                  where Id = $mpage->IdNum";

          $enc = $mpage->DoQuery($sql,1);
          $enc = $enc[0];

          $aes = $enc[AES1];
      }

      $prikey = base64_decode($mpage->user[PrivateKey]);

      $valid = "VALIDAESKEY";
      $vd = ( strpos ($aes , $valid) === FALSE  ) ? 0 : 1;

      if ($vd)
      {
         if ($mpage->user[SessionAES]) $_SESSION[AES] = $aes;

         $sql = "select AES_DECRYPT(\"".mysql_escape_string($prikey)."\", \"$aes\") as AS1";
         $pk = $mpage->DoQuery($sql);
         $pk = $pk[0][0];

         $valid = "-----BEGIN RSA PRIVATE KEY-----";

         $vd = (  strpos ($pk , $valid) === FALSE  ) ? 0 : 1;
      }

      if ($vd)
      {
          $r[Body] = base64_decode($r[Body]);
          openssl_private_decrypt($r[Body], $r[Body], $pk);

          $decrypted=1;
      }


   }


?>

<BR>
<table width=95% class="stdtable">
<form method=post action="composemessage.php">
<tr><td>
<input name="replyid" value="<?= $r[Id] ?>" type=hidden>
<input class="submit" name="reply" type="submit" value="Reply">
</td>
</form>
<form method=post>
<td align=right>
<input class="submit" name="delete" type="submit" value="Delete">
<select name=move>
  <option value="">Move to Folder
  <? foreach ($fl as $fd) { ?>
     <option value="<?= $fd[Id] ?>"> <?= $fd[Name] ?>
  <? } ?>
</select>

<input type="submit" class="submit" value="Ok">

</td></tr>
</form>
</table>
<hr color=black width=95%>
<table width=95% cellspacing=0>
<tr><td width=75 class="stdtable">Date:</td>
    <td class="stdtable"><?= date("F d, Y h:i:a", $r[UT]) ?></td>
    <td class="stdtable" rowspan=3 width=90>
        <img src="userpics/<?= 
($f == $mpage->user[DefMailOutg]) ? $mpage->PicPr($r[Pic2], $r[End]) 
                                  : $mpage->PicPr($r[Pic1], $r[Start]) ?>-b.jpg">
    </td>
</tr>

<tr><td width=75 class="stdtable">
<?= ($r[Folder] == $mpage->user[DefMailOutg]) ? "To" : "From" ?>:

</td><td class="stdtable"><a 
class="stdtxt" href="user.php?id=<?= $r[$lns] ?>"><?= ucfirst($r[$ln]) 
?></a></td>
</tr>

<tr><td class="stdtable" width=75>Subject:</td>
    <td class="stdtable"><?= $r[Subject] ?></td>
</tr>

<? if ($r[Encrypted]) { ?>

<tr><td class="stdtable" width=75>&nbsp;</td>
    <td class="stdtable" colspan=2>
<img src="images/padlock.gif"> This is an Encrypted Message
</td>
</tr>

<? } ?>

</table>
<BR>
<? if ($r[Encrypted] && !$decrypted) { ?>

<table width=95%><tr><td class="stdaltfilling">

        The following message has been encrypted.  In order to decrypt it, please
        enter your account password:

<form method=post>   
<input name="pass" type="password">  
<input type="submit" value="Decrypt Message" class="submit">
</form>  

</td></tr>
</table>
<BR>

<? } ?>


<table width=95%><tr><td class="stdaltfilling">
<? 
   if ($r[Encrypted] && !$decrypted) 
   { 
       $bd = preg_replace("/(\S{60})/", "$1<BR>", $r[Body]);
       echo "<pre>$bd</pre>";
   }
   else
   {
        echo $r[Body];
   }
?>

</td></tr></table>

<?
}


function MessageList($f)
{
   global $mpage;

   $sql = "select PrivateMessage.*, 
           UserTable1.Fname as LoginA, UserTable2.Fname as LoginB,
           UNIX_TIMESTAMP(DateSent) as UT
           from PrivateMessage 
           left join UserTable as UserTable1 on PrivateMessage.Start = UserTable1.Id
           left join UserTable as UserTable2 on PrivateMessage.End   = UserTable2.Id
           where Owner=$mpage->IdNum AND Folder=\"$f\" order by PrivateMessage.Id desc";
   $r = $mpage->DoQuery($sql,1);

   $ln  = ($f == $mpage->user[DefMailOutg]) ? "LoginB" : "LoginA";
   $lns = ($f == $mpage->user[DefMailOutg]) ? "End" : "Start";

   $sql = "select * from PrivateFolders
           where Owner = $mpage->IdNum AND Id != '$f' order by Special desc, Name";
   $fl  = $mpage->DoQuery($sql,1);

   $sql = "select * from PrivateFolders where Id = \"$f\" ";
   $fdr = $mpage->DoQuery($sql,1);

   if (!sizeof($fdr))
   {
       echo "No such folder";
       return;
   } 

   $fdr = $fdr[0];

?>

<BR>
<form method=post>

<table width=95%>
<tr><td align=left>
<input name=delmult class="submit" type="submit" value="Delete"></td>
</td><td align=right>
<select name=movemult>
  <option value="">Move to Folder
  <? foreach ($fl as $fg) { ?>
     <option value="<?= $fg[Id] ?>"> <?= $fg[Name] ?>
  <? } ?>
</select>
<input name="movemultok" class="submit" type="submit" value="Ok">
</td></tr>
</table>


<script>
function selallf()
{     
   f=document.forms[0];

   for(i=0;i<f.elements.length;i++)
   {
      if(f.elements[i].name=="mid[]")
      {
        if (f.selall.checked)
        {
           if(!f.elements[i].checked) f.elements[i].click();
        }
        else
        {
           if(f.elements[i].checked) f.elements[i].click();
        }
      }
   }        
            
  return false;
}   

</script>

<table width=95%  cellspacing=0 cellpadding=2px border=1>


<tr>
  <td class="stdtable"><input name = "selall" type="checkbox" onclick="selallf()"></td>
  <td class="stdtable" colspan=2><?= ($f == $mpage->user[DefMailOutg]) ? "To" : "From" ?></td>
  <td class="stdtable">Subject</td>
  <td class="stdtable">Date</td>
</tr>


<? foreach ($r as $s) { ?>
<tr><td width=30 class="stdaltfilling">
<input name="mid[]" value="<?= $s[Id] ?>" type="checkbox">
</td>
    <td class="stdaltfilling" width=80><a href="user.php?id=<?= $s[$lns] ?>"><?= ucfirst($s[$ln]) ?></a></td>
    <td class="stdaltfilling" width=18 align=center>
<? if ($s[Answered]) { ?>
  <img alt="Replied<?= 
($s[Encrypted]) ? " To Encrypted Message" : ""
?>" src="/images/replied<?=
 ($s[Encrypted]) ? "l" : ""  ?>-<?= $mpage->CSS ?>.gif" width=13 height=15>
<? } elseif ($s[Encrypted]) { ?>
  <img alt="Encrypted Message" src="/images/padlock.gif" width=13 height=15>
<? } else { ?>
&nbsp;
<? } ?>


    <td class="stdaltfilling" width=*><a href="messages.php?r=<?= $s[Id] ?>"<?

if ($s["New"]) { ?>
 class="newmsg"
<? } 

?>><?= $s[Subject] 
?></a></td>
    <td class="stdaltfilling" width=45><?= date("M d", $s[UT])?></td>
<? } ?>
   </table>
</form>

<?
}

function Folders($f)
{
   global $mpage;
   $sql = "select PrivateFolders.*, count(PrivateMessage.Folder) as cnt from PrivateFolders
           left join PrivateMessage on PrivateMessage.Folder = PrivateFolders.Id
           where PrivateFolders.Owner=$mpage->IdNum group by Folder
           order by Special desc, Name";

   $r = $mpage->DoQuery($sql,1);

   $sql = "select * from PrivateFolders where Owner = $mpage->IdNum AND
           Id = \"$f\" ";
   $fd  = $mpage->DoQuery($sql,1);
   $fd  = $fd[0];


?>

<? if ($fd[Name]) { ?>

<BR>
    <table border=1 cellspacing=0 width=100%>
<tr><td align=center class="stdtable">
<span style="font: 16px arial;">
You are in<BR><B><?= $fd[Name] ?></b>
</span>
</td></tr>


</table>
<BR>

<? } ?>

    <table border=1 cellspacing=0 width=100%>
<tr><td align=center class="stdtable">
<B>Mailbox Folders</b>
   
</td></tr>
<tr><td align=center class="stdaltfilling">

<table width=80%>

<? foreach ($r as $s) { ?>
<tr><td>
<?= ($f == $s[Id]) ? "*" : "&nbsp;" ?>
</td><td>
<a href="messages.php?f=<?= $s[Id] ?>"><?= $s[Name] ?></a>
</td><td align=right>
<?= $s[cnt] ?> msgs
</td></tr>
<? } ?>

</table>
 
</td></tr>
    </table>






<?
}


function UpdateNewCount()
{
    global $mpage;

    $sql = "select count(*) from PrivateMessage where Owner=$mpage->IdNum AND New=1";
    $r = $mpage->DoQuery($sql);
    $r = $r[0][0];

    $sql = "update UserTable set NewMsgs = $r where Id = $mpage->IdNum";
    $mpage->DoQuery($sql);

}
Return current item: Slashster