| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 /** 23 * Compose private message 24 * Called from ucp_pm with mode == 'compose' 25 */ 26 function compose_pm($id, $mode, $action, $user_folders = array()) 27 { 28 global $template, $db, $auth, $user, $cache; 29 global $phpbb_root_path, $phpEx, $config, $language; 30 global $request, $phpbb_dispatcher, $phpbb_container; 31 32 // Damn php and globals - i know, this is horrible 33 // Needed for handle_message_list_actions() 34 global $refresh, $submit, $preview; 35 36 if (!function_exists('generate_smilies')) 37 { 38 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); 39 } 40 41 if (!function_exists('display_custom_bbcodes')) 42 { 43 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 44 } 45 46 if (!class_exists('parse_message')) 47 { 48 include($phpbb_root_path . 'includes/message_parser.' . $phpEx); 49 } 50 51 if (!$action) 52 { 53 $action = 'post'; 54 } 55 add_form_key('ucp_pm_compose'); 56 57 // Grab only parameters needed here 58 $to_user_id = $request->variable('u', 0); 59 $to_group_id = $request->variable('g', 0); 60 $msg_id = $request->variable('p', 0); 61 $draft_id = $request->variable('d', 0); 62 63 // Reply to all triggered (quote/reply) 64 $reply_to_all = $request->variable('reply_to_all', 0); 65 66 $address_list = $request->variable('address_list', array('' => array(0 => ''))); 67 68 $preview = (isset($_POST['preview'])) ? true : false; 69 $save = (isset($_POST['save'])) ? true : false; 70 $load = (isset($_POST['load'])) ? true : false; 71 $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false; 72 $delete = (isset($_POST['delete'])) ? true : false; 73 74 $remove_u = (isset($_REQUEST['remove_u'])) ? true : false; 75 $remove_g = (isset($_REQUEST['remove_g'])) ? true : false; 76 $add_to = (isset($_REQUEST['add_to'])) ? true : false; 77 $add_bcc = (isset($_REQUEST['add_bcc'])) ? true : false; 78 79 $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load 80 || $remove_u || $remove_g || $add_to || $add_bcc; 81 $submit = $request->is_set_post('post') && !$refresh && !$preview; 82 83 $action = ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action; 84 $select_single = ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? false : true; 85 86 $error = array(); 87 $current_time = time(); 88 89 /** @var \phpbb\group\helper $group_helper */ 90 $group_helper = $phpbb_container->get('group_helper'); 91 92 // Was cancel pressed? If so then redirect to the appropriate page 93 if ($cancel) 94 { 95 if ($msg_id) 96 { 97 redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&action=view_message&p=' . $msg_id)); 98 } 99 redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm')); 100 } 101 102 // Since viewtopic.php language entries are used in several modes, 103 // we include the language file here 104 $user->add_lang('viewtopic'); 105 106 /** 107 * Modify the default vars before composing a PM 108 * 109 * @event core.ucp_pm_compose_modify_data 110 * @var int msg_id post_id in the page request 111 * @var int to_user_id The id of whom the message is to 112 * @var int to_group_id The id of the group the message is to 113 * @var bool submit Whether the form has been submitted 114 * @var bool preview Whether the user is previewing the PM or not 115 * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies 116 * @var bool delete Whether the user is deleting the PM 117 * @var int reply_to_all Value of reply_to_all request variable. 118 * @since 3.1.4-RC1 119 */ 120 $vars = array( 121 'msg_id', 122 'to_user_id', 123 'to_group_id', 124 'submit', 125 'preview', 126 'action', 127 'delete', 128 'reply_to_all', 129 ); 130 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_data', compact($vars))); 131 132 // Output PM_TO box if message composing 133 if ($action != 'edit') 134 { 135 // Add groups to PM box 136 if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) 137 { 138 $sql = 'SELECT g.group_id, g.group_name, g.group_type, g.group_colour 139 FROM ' . GROUPS_TABLE . ' g'; 140 141 if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) 142 { 143 $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug 144 ON ( 145 g.group_id = ug.group_id 146 AND ug.user_id = ' . $user->data['user_id'] . ' 147 AND ug.user_pending = 0 148 ) 149 WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')'; 150 } 151 152 $sql .= ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? ' WHERE ' : ' AND '; 153 154 $sql .= 'g.group_receive_pm = 1 155 ORDER BY g.group_type DESC, g.group_name ASC'; 156 $result = $db->sql_query($sql); 157 158 $group_options = ''; 159 while ($row = $db->sql_fetchrow($result)) 160 { 161 $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '"' . ($row['group_colour'] ? ' style="color: #' . $row['group_colour'] . '"' : '') . '>' . $group_helper->get_name($row['group_name']) . '</option>'; 162 } 163 $db->sql_freeresult($result); 164 } 165 166 $template->assign_vars(array( 167 'S_SHOW_PM_BOX' => true, 168 'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false, 169 'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '', 170 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single), 171 )); 172 } 173 174 $sql = ''; 175 $folder_id = 0; 176 177 // What is all this following SQL for? Well, we need to know 178 // some basic information in all cases before we do anything. 179 switch ($action) 180 { 181 case 'post': 182 if (!$auth->acl_get('u_sendpm')) 183 { 184 send_status_line(403, 'Forbidden'); 185 trigger_error('NO_AUTH_SEND_MESSAGE'); 186 } 187 break; 188 189 case 'reply': 190 case 'quote': 191 case 'forward': 192 case 'quotepost': 193 if (!$msg_id) 194 { 195 trigger_error('NO_MESSAGE'); 196 } 197 198 if (!$auth->acl_get('u_sendpm')) 199 { 200 send_status_line(403, 'Forbidden'); 201 trigger_error('NO_AUTH_SEND_MESSAGE'); 202 } 203 204 if ($action == 'quotepost') 205 { 206 $sql = 'SELECT p.post_id as msg_id, p.forum_id, p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username 207 FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u 208 WHERE p.post_id = $msg_id 209 AND t.topic_id = p.topic_id 210 AND u.user_id = p.poster_id"; 211 } 212 else 213 { 214 $sql = 'SELECT t.folder_id, p.*, u.username as quote_username 215 FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u 216 WHERE t.user_id = ' . $user->data['user_id'] . " 217 AND p.author_id = u.user_id 218 AND t.msg_id = p.msg_id 219 AND p.msg_id = $msg_id"; 220 } 221 break; 222 223 case 'edit': 224 if (!$msg_id) 225 { 226 trigger_error('NO_MESSAGE'); 227 } 228 229 // check for outbox (not read) status, we do not allow editing if one user already having the message 230 $sql = 'SELECT p.*, t.folder_id 231 FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p 232 WHERE t.user_id = ' . $user->data['user_id'] . ' 233 AND t.folder_id = ' . PRIVMSGS_OUTBOX . " 234 AND t.msg_id = $msg_id 235 AND t.msg_id = p.msg_id"; 236 break; 237 238 case 'delete': 239 if (!$auth->acl_get('u_pm_delete')) 240 { 241 send_status_line(403, 'Forbidden'); 242 trigger_error('NO_AUTH_DELETE_MESSAGE'); 243 } 244 245 if (!$msg_id) 246 { 247 trigger_error('NO_MESSAGE'); 248 } 249 250 $sql = 'SELECT msg_id, pm_unread, pm_new, author_id, folder_id 251 FROM ' . PRIVMSGS_TO_TABLE . ' 252 WHERE user_id = ' . $user->data['user_id'] . " 253 AND msg_id = $msg_id"; 254 break; 255 256 case 'smilies': 257 generate_smilies('window', 0); 258 break; 259 260 default: 261 trigger_error('NO_ACTION_MODE', E_USER_ERROR); 262 break; 263 } 264 265 if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) 266 { 267 send_status_line(403, 'Forbidden'); 268 trigger_error('NO_AUTH_FORWARD_MESSAGE'); 269 } 270 271 if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) 272 { 273 send_status_line(403, 'Forbidden'); 274 trigger_error('NO_AUTH_EDIT_MESSAGE'); 275 } 276 277 if ($sql) 278 { 279 /** 280 * Alter sql query to get message for user to write the PM 281 * 282 * @event core.ucp_pm_compose_compose_pm_basic_info_query_before 283 * @var string sql String with the query to be executed 284 * @var int msg_id topic_id in the page request 285 * @var int to_user_id The id of whom the message is to 286 * @var int to_group_id The id of the group whom the message is to 287 * @var bool submit Whether the user is sending the PM or not 288 * @var bool preview Whether the user is previewing the PM or not 289 * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies 290 * @var bool delete Whether the user is deleting the PM 291 * @var int reply_to_all Value of reply_to_all request variable. 292 * @since 3.1.0-RC5 293 * @changed 3.2.0-a1 Removed undefined variables 294 */ 295 $vars = array( 296 'sql', 297 'msg_id', 298 'to_user_id', 299 'to_group_id', 300 'submit', 301 'preview', 302 'action', 303 'delete', 304 'reply_to_all', 305 ); 306 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars))); 307 308 $result = $db->sql_query($sql); 309 $post = $db->sql_fetchrow($result); 310 $db->sql_freeresult($result); 311 312 /** 313 * Alter the row of the post being quoted when composing a private message 314 * 315 * @event core.ucp_pm_compose_compose_pm_basic_info_query_after 316 * @var array post Array with data of the post being quoted 317 * @var int msg_id topic_id in the page request 318 * @var int to_user_id The id of whom the message is to 319 * @var int to_group_id The id of the group whom the message is to 320 * @var bool submit Whether the user is sending the PM or not 321 * @var bool preview Whether the user is previewing the PM or not 322 * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies 323 * @var bool delete Whether the user is deleting the PM 324 * @var int reply_to_all Value of reply_to_all request variable. 325 * @since 3.2.10-RC1 326 * @since 3.3.1-RC1 327 */ 328 $vars = [ 329 'post', 330 'msg_id', 331 'to_user_id', 332 'to_group_id', 333 'submit', 334 'preview', 335 'action', 336 'delete', 337 'reply_to_all', 338 ]; 339 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_after', compact($vars))); 340 341 if (!$post) 342 { 343 // If editing it could be the recipient already read the message... 344 if ($action == 'edit') 345 { 346 $sql = 'SELECT p.*, t.folder_id 347 FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p 348 WHERE t.user_id = ' . $user->data['user_id'] . " 349 AND t.msg_id = $msg_id 350 AND t.msg_id = p.msg_id"; 351 $result = $db->sql_query($sql); 352 $post = $db->sql_fetchrow($result); 353 $db->sql_freeresult($result); 354 355 if ($post) 356 { 357 trigger_error('NO_EDIT_READ_MESSAGE'); 358 } 359 } 360 361 trigger_error('NO_MESSAGE'); 362 } 363 364 if ($action == 'quotepost') 365 { 366 if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read'))) 367 { 368 send_status_line(403, 'Forbidden'); 369 trigger_error('NOT_AUTHORISED'); 370 } 371 372 /** 373 * Get the result of querying for the post to be quoted in the pm message 374 * 375 * @event core.ucp_pm_compose_quotepost_query_after 376 * @var string sql The original SQL used in the query 377 * @var array post Associative array with the data of the quoted post 378 * @var array msg_id The post_id that was searched to get the message for quoting 379 * @var int to_user_id Users the message is sent to 380 * @var int to_group_id Groups the message is sent to 381 * @var bool submit Whether the user is sending the PM or not 382 * @var bool preview Whether the user is previewing the PM or not 383 * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies 384 * @var bool delete If deleting message 385 * @var int reply_to_all Value of reply_to_all request variable. 386 * @since 3.1.0-RC5 387 * @changed 3.2.0-a1 Removed undefined variables 388 */ 389 $vars = array( 390 'sql', 391 'post', 392 'msg_id', 393 'to_user_id', 394 'to_group_id', 395 'submit', 396 'preview', 397 'action', 398 'delete', 399 'reply_to_all', 400 ); 401 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_quotepost_query_after', compact($vars))); 402 403 // Passworded forum? 404 if ($post['forum_id']) 405 { 406 $sql = 'SELECT forum_id, forum_name, forum_password 407 FROM ' . FORUMS_TABLE . ' 408 WHERE forum_id = ' . (int) $post['forum_id']; 409 $result = $db->sql_query($sql); 410 $forum_data = $db->sql_fetchrow($result); 411 $db->sql_freeresult($result); 412 413 if (!empty($forum_data['forum_password'])) 414 { 415 login_forum_box($forum_data); 416 } 417 } 418 } 419 420 $msg_id = (int) $post['msg_id']; 421 $folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0; 422 $message_text = (isset($post['message_text'])) ? $post['message_text'] : ''; 423 424 if ((!$post['author_id'] || ($post['author_id'] == ANONYMOUS && $action != 'delete')) && $msg_id) 425 { 426 trigger_error('NO_AUTHOR'); 427 } 428 429 if ($action == 'quotepost') 430 { 431 // Decode text for message display 432 decode_message($message_text, $post['bbcode_uid']); 433 } 434 435 if ($action != 'delete') 436 { 437 $enable_urls = $post['enable_magic_url']; 438 $enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0; 439 440 $message_attachment = (isset($post['message_attachment'])) ? $post['message_attachment'] : 0; 441 $message_subject = $post['message_subject']; 442 $message_time = $post['message_time']; 443 $bbcode_uid = $post['bbcode_uid']; 444 445 $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : ''; 446 $icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0; 447 448 if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !count($address_list) && !$refresh && !$submit && !$preview) 449 { 450 // Add the original author as the recipient if quoting a post or only replying and not having checked "reply to all" 451 if ($action == 'quotepost' || !$reply_to_all) 452 { 453 $address_list = array('u' => array($post['author_id'] => 'to')); 454 } 455 else 456 { 457 // We try to include every previously listed member from the TO Header - Reply to all 458 $address_list = rebuild_header(array('to' => $post['to_address'])); 459 460 // Add the author (if he is already listed then this is no shame (it will be overwritten)) 461 $address_list['u'][$post['author_id']] = 'to'; 462 463 // Now, make sure the user itself is not listed. ;) 464 if (isset($address_list['u'][$user->data['user_id']])) 465 { 466 unset($address_list['u'][$user->data['user_id']]); 467 } 468 } 469 } 470 else if ($action == 'edit' && !count($address_list) && !$refresh && !$submit && !$preview) 471 { 472 // Rebuild TO and BCC Header 473 $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); 474 } 475 476 if ($action == 'quotepost') 477 { 478 $check_value = 0; 479 } 480 else 481 { 482 $check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1); 483 } 484 } 485 } 486 else 487 { 488 $message_attachment = 0; 489 $message_text = $message_subject = ''; 490 491 /** 492 * Predefine message text and subject 493 * 494 * @event core.ucp_pm_compose_predefined_message 495 * @var string message_text Message text 496 * @var string message_subject Messate subject 497 * @since 3.1.11-RC1 498 */ 499 $vars = array('message_text', 'message_subject'); 500 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_predefined_message', compact($vars))); 501 502 if ($to_user_id && $to_user_id != ANONYMOUS && $action == 'post') 503 { 504 $address_list['u'][$to_user_id] = 'to'; 505 } 506 else if ($to_group_id && $action == 'post') 507 { 508 $address_list['g'][$to_group_id] = 'to'; 509 } 510 $check_value = 0; 511 } 512 513 if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) 514 { 515 send_status_line(403, 'Forbidden'); 516 trigger_error('NO_AUTH_GROUP_MESSAGE'); 517 } 518 519 if ($action == 'edit' && !$refresh && !$preview && !$submit) 520 { 521 if (!($message_time > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time'])) 522 { 523 trigger_error('CANNOT_EDIT_MESSAGE_TIME'); 524 } 525 } 526 527 if ($action == 'post') 528 { 529 $template->assign_var('S_NEW_MESSAGE', true); 530 } 531 532 if (!isset($icon_id)) 533 { 534 $icon_id = 0; 535 } 536 537 /* @var $plupload \phpbb\plupload\plupload */ 538 $plupload = $phpbb_container->get('plupload'); 539 $message_parser = new parse_message(); 540 $message_parser->set_plupload($plupload); 541 542 $message_parser->message = ($action == 'reply') ? '' : $message_text; 543 unset($message_text); 544 545 $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id); 546 $s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : ''); 547 548 // Delete triggered ? 549 if ($action == 'delete') 550 { 551 // Folder id has been determined by the SQL Statement 552 // $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); 553 554 // Do we need to confirm ? 555 if (confirm_box(true)) 556 { 557 delete_pm($user->data['user_id'], $msg_id, $folder_id); 558 559 // jump to next message in "history"? nope, not for the moment. But able to be included later. 560 $meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&folder=$folder_id"); 561 $message = $user->lang['MESSAGE_DELETED']; 562 563 meta_refresh(3, $meta_info); 564 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>'); 565 trigger_error($message); 566 } 567 else 568 { 569 $s_hidden_fields = array( 570 'p' => $msg_id, 571 'f' => $folder_id, 572 'action' => 'delete' 573 ); 574 575 // "{$phpbb_root_path}ucp.$phpEx?i=pm&mode=compose" 576 confirm_box(false, 'DELETE_MESSAGE', build_hidden_fields($s_hidden_fields)); 577 } 578 579 redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&action=view_message&p=' . $msg_id)); 580 } 581 582 // Get maximum number of allowed recipients 583 $max_recipients = phpbb_get_max_setting_from_group($db, $user->data['user_id'], 'max_recipients'); 584 585 // If it is 0, there is no limit set and we use the maximum value within the config. 586 $max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients; 587 588 // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients 589 if (($action == 'reply' || $action == 'quote') && $max_recipients && $reply_to_all) 590 { 591 // We try to include every previously listed member from the TO Header 592 $list = rebuild_header(array('to' => $post['to_address'])); 593 594 // Can be an empty array too ;) 595 $list = (!empty($list['u'])) ? $list['u'] : array(); 596 $list[$post['author_id']] = 'to'; 597 598 if (isset($list[$user->data['user_id']])) 599 { 600 unset($list[$user->data['user_id']]); 601 } 602 603 $max_recipients = ($max_recipients < count($list)) ? count($list) : $max_recipients; 604 605 unset($list); 606 } 607 608 // Handle User/Group adding/removing 609 handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc); 610 611 // Check mass pm to group permission 612 if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')) && !empty($address_list['g'])) 613 { 614 $address_list = array(); 615 $error[] = $user->lang['NO_AUTH_GROUP_MESSAGE']; 616 } 617 618 // Check mass pm to users permission 619 if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1) 620 { 621 $address_list = get_recipients($address_list, 1); 622 $error[] = $user->lang('TOO_MANY_RECIPIENTS', 1); 623 } 624 625 // Check for too many recipients 626 if (!empty($address_list['u']) && $max_recipients && count($address_list['u']) > $max_recipients) 627 { 628 $address_list = get_recipients($address_list, $max_recipients); 629 $error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients); 630 } 631 632 // Always check if the submitted attachment data is valid and belongs to the user. 633 // Further down (especially in submit_post()) we do not check this again. 634 $message_parser->get_submitted_attachment_data(); 635 636 if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') 637 { 638 // Do not change to SELECT * 639 $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize 640 FROM ' . ATTACHMENTS_TABLE . " 641 WHERE post_msg_id = $msg_id 642 AND in_message = 1 643 AND is_orphan = 0 644 ORDER BY filetime DESC"; 645 $result = $db->sql_query($sql); 646 $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); 647 $db->sql_freeresult($result); 648 } 649 650 if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) 651 { 652 $enable_sig = ($config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig') && $user->optionget('attachsig')); 653 $enable_smilies = ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smilies')); 654 $enable_bbcode = ($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') && $user->optionget('bbcode')); 655 $enable_urls = true; 656 } 657 658 $drafts = false; 659 660 // User own some drafts? 661 if ($auth->acl_get('u_savedrafts') && $action != 'delete') 662 { 663 $sql = 'SELECT draft_id 664 FROM ' . DRAFTS_TABLE . ' 665 WHERE forum_id = 0 666 AND topic_id = 0 667 AND user_id = ' . $user->data['user_id'] . 668 (($draft_id) ? " AND draft_id <> $draft_id" : ''); 669 $result = $db->sql_query_limit($sql, 1); 670 $row = $db->sql_fetchrow($result); 671 $db->sql_freeresult($result); 672 673 if ($row) 674 { 675 $drafts = true; 676 } 677 } 678 679 if ($action == 'edit') 680 { 681 $message_parser->bbcode_uid = $bbcode_uid; 682 } 683 684 $bbcode_status = ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false; 685 $smilies_status = ($config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies')) ? true : false; 686 $img_status = ($config['auth_img_pm'] && $auth->acl_get('u_pm_img')) ? true : false; 687 $flash_status = ($config['auth_flash_pm'] && $auth->acl_get('u_pm_flash')) ? true : false; 688 $url_status = ($config['allow_post_links']) ? true : false; 689 690 // Save Draft 691 if ($save && $auth->acl_get('u_savedrafts')) 692 { 693 $subject = $request->variable('subject', '', true); 694 $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; 695 $message = $request->variable('message', '', true); 696 697 /** 698 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR. 699 * Using their Numeric Character Reference's Hexadecimal notation. 700 */ 701 $subject = utf8_encode_ucr($subject); 702 703 if ($subject && $message) 704 { 705 if (confirm_box(true)) 706 { 707 $message_parser->message = $message; 708 $message_parser->parse($bbcode_status, $url_status, $smilies_status, $img_status, $flash_status, true, $url_status); 709 710 $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 711 'user_id' => $user->data['user_id'], 712 'topic_id' => 0, 713 'forum_id' => 0, 714 'save_time' => $current_time, 715 'draft_subject' => $subject, 716 'draft_message' => $message_parser->message, 717 ) 718 ); 719 $db->sql_query($sql); 720 721 /** @var \phpbb\attachment\manager $attachment_manager */ 722 $attachment_manager = $phpbb_container->get('attachment.manager'); 723 $attachment_manager->delete('attach', array_column($message_parser->attachment_data, 'attach_id')); 724 725 $redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=$mode"); 726 727 meta_refresh(3, $redirect_url); 728 $message = $user->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); 729 730 trigger_error($message); 731 } 732 else 733 { 734 $s_hidden_fields = build_hidden_fields(array( 735 'mode' => $mode, 736 'action' => $action, 737 'save' => true, 738 'subject' => $subject, 739 'message' => $message, 740 'u' => $to_user_id, 741 'g' => $to_group_id, 742 'p' => $msg_id, 743 'attachment_data' => $message_parser->attachment_data, 744 )); 745 $s_hidden_fields .= build_address_field($address_list); 746 747 confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields); 748 } 749 } 750 else 751 { 752 if (utf8_clean_string($subject) === '') 753 { 754 $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; 755 } 756 757 if (utf8_clean_string($message) === '') 758 { 759 $error[] = $user->lang['TOO_FEW_CHARS']; 760 } 761 } 762 763 unset($subject, $message); 764 } 765 766 // Load Draft 767 if ($draft_id && $auth->acl_get('u_savedrafts')) 768 { 769 $sql = 'SELECT draft_subject, draft_message 770 FROM ' . DRAFTS_TABLE . " 771 WHERE draft_id = $draft_id 772 AND topic_id = 0 773 AND forum_id = 0 774 AND user_id = " . $user->data['user_id']; 775 $result = $db->sql_query_limit($sql, 1); 776 777 if ($row = $db->sql_fetchrow($result)) 778 { 779 $message_parser->message = $row['draft_message']; 780 $message_subject = $row['draft_subject']; 781 782 $template->assign_var('S_DRAFT_LOADED', true); 783 } 784 else 785 { 786 $draft_id = 0; 787 } 788 $db->sql_freeresult($result); 789 } 790 791 // Load Drafts 792 if ($load && $drafts) 793 { 794 load_drafts(0, 0, $id, $action, $msg_id); 795 } 796 797 if ($submit || $preview || $refresh) 798 { 799 if (($submit || $preview) && !check_form_key('ucp_pm_compose')) 800 { 801 $error[] = $user->lang['FORM_INVALID']; 802 } 803 $subject = $request->variable('subject', '', true); 804 $message_parser->message = $request->variable('message', '', true); 805 806 $icon_id = $request->variable('icon', 0); 807 808 $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; 809 $enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; 810 $enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1; 811 $enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false); 812 813 /** 814 * Modify private message 815 * 816 * @event core.ucp_pm_compose_modify_parse_before 817 * @var bool enable_bbcode Whether or not bbcode is enabled 818 * @var bool enable_smilies Whether or not smilies are enabled 819 * @var bool enable_urls Whether or not urls are enabled 820 * @var bool enable_sig Whether or not signature is enabled 821 * @var string subject PM subject text 822 * @var object message_parser The message parser object 823 * @var bool submit Whether or not the form has been sumitted 824 * @var bool preview Whether or not the signature is being previewed 825 * @var array error Any error strings 826 * @since 3.1.10-RC1 827 */ 828 $vars = array( 829 'enable_bbcode', 830 'enable_smilies', 831 'enable_urls', 832 'enable_sig', 833 'subject', 834 'message_parser', 835 'submit', 836 'preview', 837 'error', 838 ); 839 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); 840 841 // Parse Attachments - before checksum is calculated 842 if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) 843 { 844 $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); 845 } 846 847 if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) 848 { 849 $error[] = implode('<br />', $message_parser->warn_msg); 850 $message_parser->warn_msg = array(); 851 } 852 853 // Parse message 854 $message_parser->parse($enable_bbcode, ($config['allow_post_links']) ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_post_links']); 855 856 // On a refresh we do not care about message parsing errors 857 if (count($message_parser->warn_msg) && !$refresh) 858 { 859 $error[] = implode('<br />', $message_parser->warn_msg); 860 } 861 862 if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_ignoreflood')) 863 { 864 // Flood check 865 $last_post_time = $user->data['user_lastpost_time']; 866 867 if ($last_post_time) 868 { 869 if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval'])) 870 { 871 $error[] = $user->lang['FLOOD_ERROR']; 872 } 873 } 874 } 875 876 // Subject defined 877 if ($submit) 878 { 879 if (utf8_clean_string($subject) === '') 880 { 881 $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; 882 } 883 884 if (!count($address_list)) 885 { 886 $error[] = $user->lang['NO_RECIPIENT']; 887 } 888 } 889 890 /** 891 * Modify private message 892 * 893 * @event core.ucp_pm_compose_modify_parse_after 894 * @var bool enable_bbcode Whether or not bbcode is enabled 895 * @var bool enable_smilies Whether or not smilies are enabled 896 * @var bool enable_urls Whether or not urls are enabled 897 * @var bool enable_sig Whether or not signature is enabled 898 * @var string subject PM subject text 899 * @var object message_parser The message parser object 900 * @var bool submit Whether or not the form has been sumitted 901 * @var bool preview Whether or not the signature is being previewed 902 * @var array error Any error strings 903 * @since 3.2.10-RC1 904 * @since 3.3.1-RC1 905 */ 906 $vars = [ 907 'enable_bbcode', 908 'enable_smilies', 909 'enable_urls', 910 'enable_sig', 911 'subject', 912 'message_parser', 913 'submit', 914 'preview', 915 'error', 916 ]; 917 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_after', compact($vars))); 918 919 // Store message, sync counters 920 if (!count($error) && $submit) 921 { 922 $pm_data = array( 923 'msg_id' => (int) $msg_id, 924 'from_user_id' => $user->data['user_id'], 925 'from_user_ip' => $user->ip, 926 'from_username' => $user->data['username'], 927 'reply_from_root_level' => (isset($post['root_level'])) ? (int) $post['root_level'] : 0, 928 'reply_from_msg_id' => (int) $msg_id, 929 'icon_id' => (int) $icon_id, 930 'enable_sig' => (bool) $enable_sig, 931 'enable_bbcode' => (bool) $enable_bbcode, 932 'enable_smilies' => (bool) $enable_smilies, 933 'enable_urls' => (bool) $enable_urls, 934 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 935 'bbcode_uid' => $message_parser->bbcode_uid, 936 'message' => $message_parser->message, 937 'attachment_data' => $message_parser->attachment_data, 938 'filename_data' => $message_parser->filename_data, 939 'address_list' => $address_list 940 ); 941 942 /** 943 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR. 944 * Using their Numeric Character Reference's Hexadecimal notation. 945 */ 946 $subject = utf8_encode_ucr($subject); 947 948 // ((!$message_subject) ? $subject : $message_subject) 949 $msg_id = submit_pm($action, $subject, $pm_data); 950 951 $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&p=' . $msg_id); 952 $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'); 953 $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); 954 955 $folder_url = ''; 956 if (($folder_id > 0) && isset($user_folders[$folder_id])) 957 { 958 $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id); 959 } 960 961 $return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url; 962 $return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX'; 963 964 $save_message = ($action === 'edit') ? $user->lang['MESSAGE_EDITED'] : $user->lang['MESSAGE_STORED']; 965 $message = $save_message . '<br /><br />' . $user->lang('VIEW_PRIVATE_MESSAGE', '<a href="' . $return_message_url . '">', '</a>'); 966 967 $last_click_type = 'CLICK_RETURN_FOLDER'; 968 if ($folder_url) 969 { 970 $message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']); 971 $last_click_type = 'CLICK_GOTO_FOLDER'; 972 } 973 $message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]); 974 975 meta_refresh(3, $return_message_url); 976 trigger_error($message); 977 } 978 979 $message_subject = $subject; 980 } 981 982 // Preview 983 if (!count($error) && $preview) 984 { 985 $preview_message = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); 986 987 $preview_signature = $user->data['user_sig']; 988 $preview_signature_uid = $user->data['user_sig_bbcode_uid']; 989 $preview_signature_bitfield = $user->data['user_sig_bbcode_bitfield']; 990 991 // Signature 992 if ($enable_sig && $config['allow_sig'] && $preview_signature) 993 { 994 $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); 995 $preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $bbcode_flags); 996 } 997 else 998 { 999 $preview_signature = ''; 1000 } 1001 1002 // Attachment Preview 1003 if (count($message_parser->attachment_data)) 1004 { 1005 $template->assign_var('S_HAS_ATTACHMENTS', true); 1006 1007 $update_count = array(); 1008 $attachment_data = $message_parser->attachment_data; 1009 1010 parse_attachments(false, $preview_message, $attachment_data, $update_count, true); 1011 1012 foreach ($attachment_data as $i => $attachment) 1013 { 1014 $template->assign_block_vars('attachment', array( 1015 'DISPLAY_ATTACHMENT' => $attachment) 1016 ); 1017 } 1018 unset($attachment_data); 1019 } 1020 1021 $preview_subject = censor_text($subject); 1022 1023 if (!count($error)) 1024 { 1025 $template->assign_vars(array( 1026 'PREVIEW_SUBJECT' => $preview_subject, 1027 'PREVIEW_MESSAGE' => $preview_message, 1028 'PREVIEW_SIGNATURE' => $preview_signature, 1029 1030 'S_DISPLAY_PREVIEW' => true) 1031 ); 1032 } 1033 unset($message_text); 1034 } 1035 1036 // Decode text for message display 1037 $bbcode_uid = (($action == 'quote' || $action == 'forward') && !$preview && !$refresh && (!count($error) || (count($error) && !$submit))) ? $bbcode_uid : $message_parser->bbcode_uid; 1038 1039 $message_parser->decode_message($bbcode_uid); 1040 1041 if (($action == 'quote' || $action == 'quotepost') && !$preview && !$refresh && !$submit) 1042 { 1043 if ($action == 'quotepost') 1044 { 1045 $post_id = $request->variable('p', 0); 1046 if ($config['allow_post_links']) 1047 { 1048 $message_link = generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}"; 1049 $message_link_subject = "{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}"; 1050 if ($bbcode_status) 1051 { 1052 $message_link = "[url=" . $message_link . "]" . $message_link_subject . "[/url]\n\n"; 1053 } 1054 else 1055 { 1056 $message_link = $message_link . " - " . $message_link_subject . "\n\n"; 1057 } 1058 } 1059 else 1060 { 1061 $message_link = $user->lang['SUBJECT'] . $user->lang['COLON'] . ' ' . $message_subject . " (" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id})\n\n"; 1062 } 1063 } 1064 else 1065 { 1066 $message_link = ''; 1067 } 1068 $quote_attributes = array( 1069 'author' => $quote_username, 1070 'time' => $post['message_time'], 1071 'user_id' => $post['author_id'], 1072 ); 1073 if ($action === 'quotepost') 1074 { 1075 $quote_attributes['post_id'] = $post['msg_id']; 1076 } 1077 if ($action === 'quote') 1078 { 1079 $quote_attributes['msg_id'] = $post['msg_id']; 1080 } 1081 /** @var \phpbb\language\language $language */ 1082 $language = $phpbb_container->get('language'); 1083 /** @var \phpbb\textformatter\utils_interface $text_formatter_utils */ 1084 $text_formatter_utils = $phpbb_container->get('text_formatter.utils'); 1085 phpbb_format_quote($language, $message_parser, $text_formatter_utils, $bbcode_status, $quote_attributes, $message_link); 1086 } 1087 1088 if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) 1089 { 1090 $message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject); 1091 1092 /** 1093 * This event allows you to modify the PM subject of the PM being quoted 1094 * 1095 * @event core.pm_modify_message_subject 1096 * @var string message_subject String with the PM subject already censored. 1097 * @since 3.2.8-RC1 1098 */ 1099 $vars = array('message_subject'); 1100 extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars))); 1101 } 1102 1103 if ($action == 'forward' && !$preview && !$refresh && !$submit) 1104 { 1105 $fwd_to_field = write_pm_addresses(array('to' => $post['to_address']), 0, true); 1106 1107 if ($config['allow_post_links']) 1108 { 1109 $quote_username_text = '[url=' . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]"; 1110 } 1111 else 1112 { 1113 $quote_username_text = $quote_username . ' (' . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']})"; 1114 } 1115 1116 $forward_text = array(); 1117 $forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE']; 1118 $forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject)); 1119 $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time, false, true)); 1120 $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); 1121 $forward_text[] = sprintf($user->lang['FWD_TO'], implode($user->lang['COMMA_SEPARATOR'], $fwd_to_field['to'])); 1122 1123 $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( 1124 censor_text($message_parser->message), 1125 array('author' => $quote_username) 1126 ); 1127 $message_parser->message = implode("\n", $forward_text) . "\n\n" . $quote_text; 1128 $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); 1129 } 1130 1131 $attachment_data = $message_parser->attachment_data; 1132 $filename_data = $message_parser->filename_data; 1133 $message_text = $message_parser->message; 1134 1135 // MAIN PM PAGE BEGINS HERE 1136 1137 // Generate smiley listing 1138 generate_smilies('inline', 0); 1139 1140 // Generate PM Icons 1141 $s_pm_icons = false; 1142 if ($config['enable_pm_icons']) 1143 { 1144 $s_pm_icons = posting_gen_topic_icons($action, $icon_id); 1145 } 1146 1147 // Generate inline attachment select box 1148 posting_gen_inline_attachments($attachment_data); 1149 1150 // Build address list for display 1151 // array('u' => array($author_id => 'to')); 1152 if (count($address_list)) 1153 { 1154 // Get Usernames and Group Names 1155 $result = array(); 1156 if (!empty($address_list['u'])) 1157 { 1158 $sql = 'SELECT user_id as id, username as name, user_colour as colour 1159 FROM ' . USERS_TABLE . ' 1160 WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u']))) . ' 1161 ORDER BY username_clean ASC'; 1162 $result['u'] = $db->sql_query($sql); 1163 } 1164 1165 if (!empty($address_list['g'])) 1166 { 1167 $sql = 'SELECT g.group_id AS id, g.group_name AS name, g.group_colour AS colour, g.group_type 1168 FROM ' . GROUPS_TABLE . ' g'; 1169 1170 if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) 1171 { 1172 $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug 1173 ON ( 1174 g.group_id = ug.group_id 1175 AND ug.user_id = ' . $user->data['user_id'] . ' 1176 AND ug.user_pending = 0 1177 ) 1178 WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')'; 1179 } 1180 1181 $sql .= ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? ' WHERE ' : ' AND '; 1182 1183 $sql .= 'g.group_receive_pm = 1 1184 AND ' . $db->sql_in_set('g.group_id', array_map('intval', array_keys($address_list['g']))) . ' 1185 ORDER BY g.group_name ASC'; 1186 1187 $result['g'] = $db->sql_query($sql); 1188 } 1189 1190 $u = $g = array(); 1191 $_types = array('u', 'g'); 1192 foreach ($_types as $type) 1193 { 1194 if (isset($result[$type]) && $result[$type]) 1195 { 1196 while ($row = $db->sql_fetchrow($result[$type])) 1197 { 1198 if ($type == 'g') 1199 { 1200 $row['name'] = $group_helper->get_name($row['name']); 1201 } 1202 1203 ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); 1204 } 1205 $db->sql_freeresult($result[$type]); 1206 } 1207 } 1208 1209 // Now Build the address list 1210 foreach ($address_list as $type => $adr_ary) 1211 { 1212 foreach ($adr_ary as $id => $field) 1213 { 1214 if (!isset(${$type}[$id])) 1215 { 1216 unset($address_list[$type][$id]); 1217 continue; 1218 } 1219 1220 $field = ($field == 'to') ? 'to' : 'bcc'; 1221 $type = ($type == 'u') ? 'u' : 'g'; 1222 $id = (int) $id; 1223 1224 $tpl_ary = array( 1225 'IS_GROUP' => ($type == 'g') ? true : false, 1226 'IS_USER' => ($type == 'u') ? true : false, 1227 'UG_ID' => $id, 1228 'NAME' => ${$type}[$id]['name'], 1229 'COLOUR' => (${$type}[$id]['colour']) ? '#' . ${$type}[$id]['colour'] : '', 1230 'TYPE' => $type, 1231 ); 1232 1233 if ($type == 'u') 1234 { 1235 $tpl_ary = array_merge($tpl_ary, array( 1236 'U_VIEW' => get_username_string('profile', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), 1237 'NAME_FULL' => get_username_string('full', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), 1238 )); 1239 } 1240 else 1241 { 1242 $tpl_ary = array_merge($tpl_ary, array( 1243 'U_VIEW' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), 1244 )); 1245 } 1246 1247 $template->assign_block_vars($field . '_recipient', $tpl_ary); 1248 } 1249 } 1250 } 1251 1252 // Build hidden address list 1253 $s_hidden_address_field = build_address_field($address_list); 1254 1255 $bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode')) ? !$user->optionget('bbcode') : 1); 1256 $smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smilies') : 1); 1257 $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0; 1258 $sig_checked = $enable_sig; 1259 1260 switch ($action) 1261 { 1262 case 'post': 1263 $page_title = $user->lang['POST_NEW_PM']; 1264 break; 1265 1266 case 'quote': 1267 $page_title = $user->lang['POST_QUOTE_PM']; 1268 break; 1269 1270 case 'quotepost': 1271 $page_title = $user->lang['POST_PM_POST']; 1272 break; 1273 1274 case 'reply': 1275 $page_title = $user->lang['POST_REPLY_PM']; 1276 break; 1277 1278 case 'edit': 1279 $page_title = $user->lang['POST_EDIT_PM']; 1280 break; 1281 1282 case 'forward': 1283 $page_title = $user->lang['POST_FORWARD_PM']; 1284 break; 1285 1286 default: 1287 trigger_error('NO_ACTION_MODE', E_USER_ERROR); 1288 break; 1289 } 1290 1291 $s_hidden_fields = (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : ''; 1292 $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? $request->variable('draft_loaded', 0) : $draft_id) . '" />' : ''; 1293 1294 $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"'; 1295 1296 /** @var \phpbb\controller\helper $controller_helper */ 1297 $controller_helper = $phpbb_container->get('controller.helper'); 1298 1299 // Start assigning vars for main posting page ... 1300 $template_ary = array( 1301 'L_POST_A' => $page_title, 1302 'L_ICON' => $user->lang['PM_ICON'], 1303 'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']), 1304 1305 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 1306 'MESSAGE' => $message_text, 1307 'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 1308 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 1309 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 1310 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 1311 'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 1312 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 1313 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 1314 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 1315 'MAX_RECIPIENTS' => ($config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group'))) ? $max_recipients : 0, 1316 1317 'S_COMPOSE_PM' => true, 1318 'S_EDIT_POST' => ($action == 'edit'), 1319 'S_SHOW_PM_ICONS' => $s_pm_icons, 1320 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0, 1321 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '', 1322 'S_SMILIES_ALLOWED' => $smilies_status, 1323 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '', 1324 'S_SIG_ALLOWED' => ($config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig')), 1325 'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '', 1326 'S_LINKS_ALLOWED' => $url_status, 1327 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '', 1328 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $action != 'edit') ? true : false, 1329 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $drafts), 1330 'S_FORM_ENCTYPE' => $form_enctype, 1331 'S_ATTACH_DATA' => json_encode($message_parser->attachment_data), 1332 1333 'S_BBCODE_IMG' => $img_status, 1334 'S_BBCODE_FLASH' => $flash_status, 1335 'S_BBCODE_QUOTE' => true, 1336 'S_BBCODE_URL' => $url_status, 1337 1338 'S_POST_ACTION' => $s_action, 1339 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 1340 'S_HIDDEN_FIELDS' => $s_hidden_fields, 1341 1342 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), 1343 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup'), 1344 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup')), 1345 ); 1346 1347 /** 1348 * Modify the default template vars 1349 * 1350 * @event core.ucp_pm_compose_template 1351 * @var array template_ary Template variables 1352 * @since 3.2.6-RC1 1353 */ 1354 $vars = array('template_ary'); 1355 extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_template', compact($vars))); 1356 1357 $template->assign_vars($template_ary); 1358 1359 // Build custom bbcodes array 1360 display_custom_bbcodes(); 1361 1362 // Show attachment box for adding attachments if true 1363 $allowed = ($auth->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype); 1364 1365 if ($allowed) 1366 { 1367 $max_files = ($auth->acl_gets('a_', 'm_')) ? 0 : (int) $config['max_attachments_pm']; 1368 $plupload->configure($cache, $template, $s_action, false, $max_files); 1369 } 1370 1371 // Attachment entry 1372 posting_gen_attachment_entry($attachment_data, $filename_data, $allowed); 1373 1374 // Message History 1375 if ($action == 'reply' || $action == 'quote' || $action == 'forward') 1376 { 1377 if (message_history($msg_id, $user->data['user_id'], $post, array(), true)) 1378 { 1379 $template->assign_var('S_DISPLAY_HISTORY', true); 1380 } 1381 } 1382 } 1383 1384 /** 1385 * For composing messages, handle list actions 1386 */ 1387 function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc) 1388 { 1389 global $auth, $db, $user; 1390 global $request, $phpbb_dispatcher; 1391 1392 // Delete User [TO/BCC] 1393 if ($remove_u && $request->variable('remove_u', array(0 => ''))) 1394 { 1395 $remove_user_id = array_keys($request->variable('remove_u', array(0 => ''))); 1396 1397 if (isset($remove_user_id[0])) 1398 { 1399 unset($address_list['u'][(int) $remove_user_id[0]]); 1400 } 1401 } 1402 1403 // Delete Group [TO/BCC] 1404 if ($remove_g && $request->variable('remove_g', array(0 => ''))) 1405 { 1406 $remove_group_id = array_keys($request->variable('remove_g', array(0 => ''))); 1407 1408 if (isset($remove_group_id[0])) 1409 { 1410 unset($address_list['g'][(int) $remove_group_id[0]]); 1411 } 1412 } 1413 1414 // Add Selected Groups 1415 $group_list = $request->variable('group_list', array(0)); 1416 1417 // Build usernames to add 1418 $usernames = $request->variable('username', '', true); 1419 $usernames = (empty($usernames)) ? array() : array($usernames); 1420 1421 $username_list = $request->variable('username_list', '', true); 1422 if ($username_list) 1423 { 1424 $usernames = array_merge($usernames, explode("\n", $username_list)); 1425 } 1426 1427 // If add to or add bcc not pressed, users could still have usernames listed they want to add... 1428 if (!$add_to && !$add_bcc && (count($group_list) || count($usernames))) 1429 { 1430 $add_to = true; 1431 1432 global $refresh, $submit, $preview; 1433 1434 $refresh = true; 1435 $submit = false; 1436 1437 // Preview is only true if there was also a message entered 1438 if ($request->variable('message', '')) 1439 { 1440 $preview = true; 1441 } 1442 } 1443 1444 // Add User/Group [TO] 1445 if ($add_to || $add_bcc) 1446 { 1447 $type = ($add_to) ? 'to' : 'bcc'; 1448 1449 if (count($group_list)) 1450 { 1451 foreach ($group_list as $group_id) 1452 { 1453 $address_list['g'][$group_id] = $type; 1454 } 1455 } 1456 1457 // User ID's to add... 1458 $user_id_ary = array(); 1459 1460 // Reveal the correct user_ids 1461 if (count($usernames)) 1462 { 1463 $user_id_ary = array(); 1464 user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); 1465 1466 // If there are users not existing, we will at least print a notice... 1467 if (!count($user_id_ary)) 1468 { 1469 $error[] = $user->lang['PM_NO_USERS']; 1470 } 1471 } 1472 1473 // Add Friends if specified 1474 $friend_list = array_keys($request->variable('add_' . $type, array(0))); 1475 $user_id_ary = array_merge($user_id_ary, $friend_list); 1476 1477 foreach ($user_id_ary as $user_id) 1478 { 1479 if ($user_id == ANONYMOUS) 1480 { 1481 continue; 1482 } 1483 1484 $address_list['u'][$user_id] = $type; 1485 } 1486 } 1487 1488 // Check for disallowed recipients 1489 if (!empty($address_list['u'])) 1490 { 1491 $can_ignore_allow_pm = $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'); 1492 1493 // Administrator deactivated users check and we need to check their 1494 // PM status (do they want to receive PM's?) 1495 // Only check PM status if not a moderator or admin, since they 1496 // are allowed to override this user setting 1497 $sql = 'SELECT user_id, user_allow_pm 1498 FROM ' . USERS_TABLE . ' 1499 WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' 1500 AND ( 1501 (user_type = ' . USER_INACTIVE . ' 1502 AND user_inactive_reason = ' . INACTIVE_MANUAL . ') 1503 ' . ($can_ignore_allow_pm ? '' : ' OR user_allow_pm = 0') . ' 1504 )'; 1505 1506 $result = $db->sql_query($sql); 1507 1508 $removed_no_pm = $removed_no_permission = false; 1509 while ($row = $db->sql_fetchrow($result)) 1510 { 1511 if (!$can_ignore_allow_pm && !$row['user_allow_pm']) 1512 { 1513 $removed_no_pm = true; 1514 } 1515 else 1516 { 1517 $removed_no_permission = true; 1518 } 1519 1520 unset($address_list['u'][$row['user_id']]); 1521 } 1522 $db->sql_freeresult($result); 1523 1524 // print a notice about users not being added who do not want to receive pms 1525 if ($removed_no_pm) 1526 { 1527 $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; 1528 } 1529 1530 // print a notice about users not being added who do not have permission to receive PMs 1531 if ($removed_no_permission) 1532 { 1533 $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; 1534 } 1535 1536 if (!count(array_keys($address_list['u']))) 1537 { 1538 return; 1539 } 1540 1541 // Check if users have permission to read PMs 1542 $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); 1543 $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; 1544 $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); 1545 if (!empty($cannot_read_list)) 1546 { 1547 foreach ($cannot_read_list as $cannot_read) 1548 { 1549 unset($address_list['u'][$cannot_read]); 1550 } 1551 1552 $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; 1553 } 1554 1555 // Check if users are banned 1556 $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); 1557 if (!empty($banned_user_list)) 1558 { 1559 foreach ($banned_user_list as $banned_user) 1560 { 1561 unset($address_list['u'][$banned_user]); 1562 } 1563 1564 $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; 1565 } 1566 } 1567 1568 /** 1569 * Event for additional message list actions 1570 * 1571 * @event core.message_list_actions 1572 * @var array address_list The assoc array with the recipient user/group ids 1573 * @var array error The array containing error data 1574 * @var bool remove_u The variable for removing a user 1575 * @var bool remove_g The variable for removing a group 1576 * @var bool add_to The variable for adding a user to the [TO] field 1577 * @var bool add_bcc The variable for adding a user to the [BCC] field 1578 * @since 3.2.4-RC1 1579 */ 1580 $vars = array('address_list', 'error', 'remove_u', 'remove_g', 'add_to', 'add_bcc'); 1581 extract($phpbb_dispatcher->trigger_event('core.message_list_actions', compact($vars))); 1582 } 1583 1584 /** 1585 * Build the hidden field for the recipients. Needed, as the variable is not read via $request->variable(). 1586 */ 1587 function build_address_field($address_list) 1588 { 1589 $s_hidden_address_field = ''; 1590 foreach ($address_list as $type => $adr_ary) 1591 { 1592 foreach ($adr_ary as $id => $field) 1593 { 1594 $s_hidden_address_field .= '<input type="hidden" name="address_list[' . (($type == 'u') ? 'u' : 'g') . '][' . (int) $id . ']" value="' . (($field == 'to') ? 'to' : 'bcc') . '" />'; 1595 } 1596 } 1597 return $s_hidden_address_field; 1598 } 1599 1600 /** 1601 * Return number of private message recipients 1602 */ 1603 function num_recipients($address_list) 1604 { 1605 $num_recipients = 0; 1606 1607 foreach ($address_list as $field => $adr_ary) 1608 { 1609 $num_recipients += count($adr_ary); 1610 } 1611 1612 return $num_recipients; 1613 } 1614 1615 /** 1616 * Get number of 'num_recipients' recipients from first position 1617 */ 1618 function get_recipients($address_list, $num_recipients = 1) 1619 { 1620 $recipient = array(); 1621 1622 $count = 0; 1623 foreach ($address_list as $field => $adr_ary) 1624 { 1625 foreach ($adr_ary as $id => $type) 1626 { 1627 if ($count >= $num_recipients) 1628 { 1629 break 2; 1630 } 1631 $recipient[$field][$id] = $type; 1632 $count++; 1633 } 1634 } 1635 1636 return $recipient; 1637 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |