/** * Get global title matching filter params * * Outputs the title of the category when you load the page with <code>?cat=</code> * Display "Archive Directory" title if it has been requested * Display "Latest comments" title if these have been requested * Display "Statistics" title if these have been requested * Display "User profile" title if it has been requested * * @todo single month: Respect locales datefmt * @todo single post: posts do no get proper checking (wether they are in the requested blog or wether their permissions match user rights, * thus the title sometimes gets displayed even when it should not. We need to pre-query the ItemList instead!! * @todo make it complete with all possible params! * * @param array params * - "auto_pilot": "seo_title": Use the SEO title autopilot. (Default: "none") */ function get_request_title($params = array()) { global $MainList, $preview, $disp, $action, $current_User, $Blog, $admin_url; $r = array(); $params = array_merge(array('auto_pilot' => 'none', 'title_before' => '', 'title_after' => '', 'title_none' => '', 'title_single_disp' => true, 'title_single_before' => '#', 'title_single_after' => '#', 'title_page_disp' => true, 'title_page_before' => '#', 'title_page_after' => '#', 'glue' => ' - ', 'format' => 'htmlbody', 'arcdir_text' => T_('Archive Directory'), 'catdir_text' => T_('Category Directory'), 'mediaidx_text' => T_('Photo Index'), 'postidx_text' => T_('Post Index'), 'search_text' => T_('Search'), 'sitemap_text' => T_('Site Map'), 'msgform_text' => T_('Sending a message'), 'messages_text' => T_('Messages'), 'contacts_text' => T_('Contacts'), 'login_text' => T_('Login '), 'register_text' => T_('Register'), 'req_validatemail' => T_('Account activation'), 'account_activation' => T_('Account activation'), 'lostpassword_text' => T_('Lost password?'), 'profile_text' => T_('User Profile'), 'avatar_text' => T_('Profile picture'), 'pwdchange_text' => T_('Password change'), 'userprefs_text' => T_('User preferences'), 'user_text' => T_('User: %s'), 'users_text' => T_('Users'), 'closeaccount_text' => T_('Close account'), 'subs_text' => T_('Notifications'), 'comments_text' => T_('Latest Comments'), 'feedback-popup_text' => T_('Feedback'), 'edit_text_create' => T_('New post'), 'edit_text_update' => T_('Editing post'), 'edit_text_copy' => T_('Duplicating post'), 'edit_comment_text' => T_('Editing comment'), 'front_text' => '', 'posts_text' => '#', 'useritems_text' => T_('User posts'), 'usercomments_text' => T_('User comments')), $params); if ($params['auto_pilot'] == 'seo_title') { // We want to use the SEO title autopilot. Do overrides: $params['format'] = 'htmlhead'; $params['title_after'] = $params['glue'] . $Blog->get('name'); $params['title_single_after'] = ''; $params['title_page_after'] = ''; $params['title_none'] = $Blog->dget('name', 'htmlhead'); } $before = $params['title_before']; $after = $params['title_after']; switch ($disp) { case 'arcdir': // We are requesting the archive directory: $r[] = $params['arcdir_text']; break; case 'catdir': // We are requesting the archive directory: $r[] = $params['catdir_text']; break; case 'mediaidx': $r[] = $params['mediaidx_text']; break; case 'postidx': $r[] = $params['postidx_text']; break; case 'sitemap': $r[] = $params['sitemap_text']; break; case 'search': $r[] = $params['search_text']; break; case 'comments': // We are requesting the latest comments: global $Item; if (isset($Item)) { $r[] = sprintf($params['comments_text'] . T_(' on %s'), $Item->get('title')); } else { $r[] = $params['comments_text']; } break; case 'feedback-popup': // We are requesting the comments on a specific post: // Should be in first position $Item =& $MainList->get_by_idx(0); $r[] = sprintf($params['feedback-popup_text'] . T_(' on %s'), $Item->get('title')); break; case 'profile': // We are requesting the user profile: $r[] = $params['profile_text']; break; case 'avatar': // We are requesting the user avatar: $r[] = $params['avatar_text']; break; case 'pwdchange': // We are requesting the user change password: $r[] = $params['pwdchange_text']; break; case 'userprefs': // We are requesting the user preferences: $r[] = $params['userprefs_text']; break; case 'subs': // We are requesting the subscriptions screen: $r[] = $params['subs_text']; break; case 'msgform': // We are requesting the message form: $r[] = $params['msgform_text']; break; case 'threads': case 'messages': // We are requesting the messages form $thrd_ID = param('thrd_ID', 'integer', 0); if (empty($thrd_ID)) { $r[] = $params['messages_text']; } else { // We get a thread title by ID load_class('messaging/model/_thread.class.php', 'Thread'); $ThreadCache =& get_ThreadCache(); if ($Thread = $ThreadCache->get_by_ID($thrd_ID, false)) { // Thread exists and we get a title if ($params['auto_pilot'] == 'seo_title') { // Display thread title only for tag <title> $r[] = $Thread->title; } } else { // Bad request with not existing thread $r[] = strip_tags($params['messages_text']); } } break; case 'contacts': // We are requesting the message form: $r[] = $params['contacts_text']; break; case 'login': // We are requesting the login form: if ($action == 'req_validatemail') { $r[] = $params['req_validatemail']; } else { $r[] = $params['login_text']; } break; case 'register': // We are requesting the registration form: $r[] = $params['register_text']; break; case 'activateinfo': // We are requesting the activate info form: $r[] = $params['account_activation']; break; case 'lostpassword': // We are requesting the lost password form: $r[] = $params['lostpassword_text']; break; case 'single': case 'page': // We are displaying a single message: if ($preview) { // We are requesting a post preview: $r[] = T_('PREVIEW'); } elseif ($params['title_' . $disp . '_disp'] && isset($MainList)) { $r = array_merge($r, $MainList->get_filter_titles(array('visibility', 'hide_future'), $params)); } if ($params['title_' . $disp . '_before'] != '#') { $before = $params['title_' . $disp . '_before']; } if ($params['title_' . $disp . '_after'] != '#') { $after = $params['title_' . $disp . '_after']; } break; case 'user': // We are requesting the user page: $user_ID = param('user_ID', 'integer', 0); $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($user_ID, false, false); $user_login = $User ? $User->get('login') : ''; $r[] = sprintf($params['user_text'], $user_login); break; case 'users': $r[] = $params['users_text']; break; case 'closeaccount': $r[] = $params['closeaccount_text']; break; case 'edit': $action = param_action(); // Edit post by switching into 'In skin' mode from Back-office $p = param('p', 'integer', 0); // Edit post from Front-office $cp = param('cp', 'integer', 0); // Copy post from Front-office if ($action == 'edit_switchtab' || $p > 0) { // Edit post $title = $params['edit_text_update']; } else { if ($cp > 0) { // Copy post $title = $params['edit_text_copy']; } else { // Create post $title = $params['edit_text_create']; } } if ($params['auto_pilot'] != 'seo_title') { // Add advanced edit and close icon global $edited_Item; if (!empty($edited_Item) && $edited_Item->ID > 0) { // Set the cancel editing url as permanent url of the item $cancel_url = $edited_Item->get_permanent_url(); } else { // Set the cancel editing url to home page of the blog $cancel_url = $Blog->gen_blogurl(); } $title .= '<span class="title_action_icons">'; if ($current_User->check_perm('admin', 'normal')) { global $advanced_edit_link; $title .= action_icon(T_('Go to advanced edit screen'), 'edit', $advanced_edit_link['href'], ' ' . T_('Advanced editing'), NULL, 3, array('onclick' => $advanced_edit_link['onclick'])); } $title .= action_icon(T_('Cancel editing'), 'close', $cancel_url, ' ' . T_('Cancel editing'), NULL, 3); $title .= '</span>'; } $r[] = $title; break; case 'edit_comment': global $comment_Item, $edited_Comment; $title = $params['edit_comment_text']; if ($params['auto_pilot'] != 'seo_title') { // Add advanced edit and close icon $title .= '<span class="title_action_icons">'; if ($current_User->check_perm('admin', 'normal')) { $advanced_edit_url = url_add_param($admin_url, 'ctrl=comments&action=edit&blog=' . $Blog->ID . '&comment_ID=' . $edited_Comment->ID); $title .= action_icon(T_('Go to advanced edit screen'), 'edit', $advanced_edit_url, ' ' . T_('Advanced editing'), NULL, 3, array('onclick' => 'return switch_edit_view();')); } if (empty($comment_Item)) { $comment_Item =& $edited_Comment->get_Item(); } if (!empty($comment_Item)) { $title .= action_icon(T_('Cancel editing'), 'close', url_add_tail($comment_Item->get_permanent_url(), '#c' . $edited_Comment->ID), ' ' . T_('Cancel editing'), NULL, 3); } $title .= '</span>'; } $r[] = $title; break; case 'useritems': // We are requesting the user items list: $r[] = $params['useritems_text']; break; case 'usercomments': // We are requesting the user comments list: $r[] = $params['usercomments_text']; break; default: if (isset($MainList)) { $r = array_merge($r, $MainList->get_filter_titles(array('visibility', 'hide_future'), $params)); } break; } if (!empty($r)) { // We have at leats one title match: $r = implode($params['glue'], $r); if (!empty($r)) { // This is in case we asked for an empty title (e-g for search) $r = $before . format_to_output($r, $params['format']) . $after; } } elseif (!empty($params['title_none'])) { $r = $params['title_none']; } else { // never return array() $r = ''; } return $r; }
/** * @var User */ global $current_User; // Check minimum permission: if (!$current_User->check_perm('perm_messaging', 'reply')) { $Messages->add('Sorry, you are not allowed to view threads!'); header_redirect($admin_url); } // Set options path: $AdminUI->set_path('messaging', 'threads'); // Get action parameter from request: param_action(); if (param('thrd_ID', 'integer', '', true)) { // Load thread from cache: $ThreadCache =& get_ThreadCache(); if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) { unset($edited_Thread); forget_param('thrd_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error'); $action = 'nil'; } } // check params switch ($action) { case 'create': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_threads'); break; case 'delete': case 'leave':
/** * Handle messaging module htsrv actions */ function handle_htsrv_action() { global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url; // Init objects we want to work on. $action = param_action(true, true); $disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads'); // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_' . $disp); // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); load_class('messaging/model/_message.class.php', 'Message'); if (!is_logged_in()) { // user must be logged in debug_die('User must be logged in to proceed with messaging updates!'); } // Check permission: $current_User->check_perm('perm_messaging', 'reply', true); // set where to redirect $redirect_to = param('redirect_to', 'url', NULL); if (empty($redirect_to)) { if (isset($Blog)) { $redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp); } else { $redirect_to = url_add_param($baseurl, 'disp=' . $disp); } } if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) { // Load thread from cache: $ThreadCache =& get_ThreadCache(); if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) { unset($edited_Thread); forget_param('thrd_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error'); $action = 'nil'; } } switch ($disp) { // threads action case 'threads': if ($action != 'create') { // Make sure we got a thrd_ID: param('thrd_ID', 'integer', true); } switch ($action) { case 'create': // create thread // check if create new thread is allowed if (check_create_thread_limit()) { // max new threads limit reached, don't allow to create new thread debug_die('Invalid request, new conversation limit already reached!'); } if (!create_new_thread()) { // unsuccessful new thread creation global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array; $redirect_to .= '&action=new'; // save new message and thread params into the Session to not lose the content $unsaved_message_params = array(); $unsaved_message_params['subject'] = $edited_Thread->title; $unsaved_message_params['message'] = $edited_Message->text; $unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual'); // alternative: discussion $unsaved_message_params['thrd_recipients'] = $thrd_recipients; $unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array; save_message_params_to_session($unsaved_message_params); } break; case 'delete': // delete thread // Check permission: $current_User->check_perm('perm_messaging', 'delete', true); $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { $msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title')); $edited_Thread->dbdelete(true); unset($edited_Thread); forget_param('thrd_ID'); $Messages->add($msg, 'success'); } else { $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title')); $msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button; $Messages->add($msg, 'error'); } break; case 'leave': // user wants to leave the thread leave_thread($edited_Thread->ID, $current_User->ID, false); $Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success'); break; case 'close': // close the thread // close the thread case 'close_and_block': // close the thread and block contact leave_thread($edited_Thread->ID, $current_User->ID, true); // user has closed this conversation because there was only one other user involved $Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success'); if ($action == 'close_and_block') { // user also wants to block contact with the other user involved in this thread $block_user_ID = param('block_ID', 'integer', true); $UserCache =& get_UserCache(); $blocked_User = $UserCache->get_by_ID($block_user_ID); set_contact_blocked($block_user_ID, true); $Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success'); } break; } break; // break from threads action switch // contacts action // break from threads action switch // contacts action case 'contacts': $user_ID = param('user_ID', 'string', true); if ($action != 'block' && $action != 'unblock') { // only block or unblock is valid debug_die("Invalid action param"); } set_contact_blocked($user_ID, $action == 'block' ? 1 : 0); $redirect_to = str_replace('&', '&', $redirect_to); break; // messages action // messages action case 'messages': if ($action == 'create') { // create new message create_new_message($thrd_ID); } elseif ($action == 'delete') { // Check permission: $current_User->check_perm('perm_messaging', 'delete', true); $msg_ID = param('msg_ID', 'integer', true); $MessageCache =& get_MessageCache(); if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) { $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error'); break; } $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { // delete message $edited_Message->dbdelete(); unset($edited_Message); $Messages->add(T_('Message deleted.'), 'success'); } else { $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1'; $delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button; $Messages->add($msg, 'error'); } } break; } header_redirect($redirect_to); // Will save $Messages into Session }
/** * Display threads results table * * @param array Params */ function threads_results_block($params = array()) { // Make sure we are not missing any param: $params = array_merge(array('edited_User' => NULL, 'results_param_prefix' => 'actv_thrd_', 'results_title' => T_('Threads with private messages sent by the user'), 'results_no_text' => T_('User has not sent any private messages')), $params); if (!is_logged_in()) { // Only logged in users can access to this function return; } global $current_User; if (!$current_User->check_perm('users', 'edit') || !$current_User->check_perm('perm_messaging', 'reply')) { // Check minimum permission: return; } $edited_User = $params['edited_User']; if (!$edited_User) { // No defined User, probably the function is calling from AJAX request $user_ID = param('user_ID', 'integer', 0); if (empty($user_ID)) { // Bad request, Exit here return; } $UserCache =& get_UserCache(); if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) { // Bad request, Exit here return; } } global $DB, $current_User; param('user_tab', 'string', '', true); param('user_ID', 'integer', 0, true); // Check permission: if ($current_User->check_perm('perm_messaging', 'abuse')) { // Create result set: $threads_Results = get_threads_results(array('results_param_prefix' => $params['results_param_prefix'], 'user_ID' => $edited_User->ID, 'sent_user_ID' => $edited_User->ID)); $threads_Results->Cache =& get_ThreadCache(); $threads_Results->title = $params['results_title']; $threads_Results->no_results_text = $params['results_no_text']; if ($threads_Results->total_rows > 0) { // Display action icon to delete all records if at least one record exists $threads_Results->global_icon(sprintf(T_('Delete all private messages sent by %s'), $edited_User->login), 'delete', '?ctrl=user&user_tab=activity&action=delete_all_messages&user_ID=' . $edited_User->ID . '&' . url_crumb('user'), ' ' . T_('Delete all'), 3, 4); } // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); // Initialize Results object threads_results($threads_Results, array('abuse_management' => 1, 'show_only_date' => 1)); if (is_ajax_content()) { // init results param by template name if (!isset($params['skin_type']) || !isset($params['skin_name'])) { debug_die('Invalid ajax results request!'); } $threads_Results->init_params_by_skin($params['skin_type'], $params['skin_name']); } $display_params = array('before' => '<div class="results" style="margin-top:25px" id="threads_result">'); $threads_Results->display($display_params); if (!is_ajax_content()) { // Create this hidden div to get a function name for AJAX request echo '<div id="' . $params['results_param_prefix'] . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>'; } } else { // No permission for abuse management echo '<div style="margin-top:25px;font-weight:bold">' . sprintf(T_('User has sent %s private messages'), $edited_User->get_num_messages('sent')) . '</div>'; } }
die('Please, do not access this page directly.'); } global $current_User; global $unread_messages_count; global $DB, $Blog; global $perm_abuse_management; // TRUE if we go from Abuse Management if (!isset($display_params)) { // init display_params $display_params = array(); } // set default values $display_params = array_merge(array('show_only_date' => 0), $display_params); // Create result set: $Results = get_threads_results(array('results_param_prefix' => $perm_abuse_management ? 'abuse_' : 'thrd_', 'search_word' => param('s', 'string', '', true), 'search_user' => param('u', 'string', '', true), 'show_closed_threads' => param('show_closed', 'boolean', false, true))); $Results->Cache =& get_ThreadCache(); $Results->title = T_('Conversations list'); if (is_admin_page()) { $Results->title .= get_manual_link('messaging'); } if ($unread_messages_count > 0 && !$perm_abuse_management) { $Results->title = $Results->title . ' <span class="badge">' . $unread_messages_count . '</span></b>'; } /** * Callback to add filters on top of the result set * * @param Form */ function filter_recipients(&$Form) { global $perm_abuse_management;
/** * Delete message and dependencies from database * * @param Log Log object where output gets added (by reference). */ function dbdelete() { global $DB; if ($this->ID == 0) { debug_die('Non persistant object cannot be deleted!'); } // Remember ID, because parent method resets it to 0 $thread_ID = $this->thread_ID; $DB->begin(); // UPDATE last unread msg_ID on this thread statuses from this message ID to the next message ID or NULL if there is no next message $DB->query('UPDATE T_messaging__threadstatus SET tsta_first_unread_msg_ID = ( SELECT msg_ID FROM T_messaging__message WHERE msg_thread_ID = ' . $thread_ID . ' AND msg_datetime > ' . $DB->quote($this->datetime) . ' ORDER BY msg_datetime ASC LIMIT 1 ) WHERE tsta_first_unread_msg_ID = ' . $this->ID); // Delete Message if (!parent::dbdelete()) { $DB->rollback(); return false; } // Get a count of the messages in the current thread $SQL = new SQL(); $SQL->SELECT('COUNT( msg_ID )'); $SQL->FROM($this->dbtablename); $SQL->WHERE('msg_thread_ID = ' . $DB->quote($thread_ID)); $msg_count = $DB->get_var($SQL->get()); if ($msg_count == 0) { // Last message was deleted from thread now, We should also delete this thread load_class('messaging/model/_thread.class.php', 'Thread'); $ThreadCache =& get_ThreadCache(); $Thread =& $ThreadCache->get_by_ID($thread_ID); $Thread->dbdelete(); } $DB->commit(); return true; }
/** * Get Thread object */ function &get_Thread() { if (is_null($this->Thread) && !empty($this->thread_ID)) { $ThreadCache =& get_ThreadCache(); $this->Thread = $ThreadCache->get_by_ID($this->thread_ID); } return $this->Thread; }