locale_restore_previous();
}
// Plugins should cleanup their temporary data here:
$Plugins->trigger_event('MessageFormSentCleanup', array('success_message' => $success_message));
if (empty($redirect_to) && empty($Blog)) {
$redirect_to = $baseurl;
}
if ($success_message) {
// Never say to whom we sent the email -- prevent user enumeration.
$Messages->add(T_('Your message has been sent by email.'), 'success');
if (empty($redirect_to)) {
$redirect_to = $Blog->gen_blogurl();
if (!empty($recipient_User)) {
$redirect_to = url_add_param($redirect_to, 'disp=msgform&recipient_id=' . $recipient_User->ID);
}
}
header_redirect($redirect_to);
// exited here
}
// unsuccessful message send, save message params into the Session to not lose the content
$unsaved_message_params = array();
$unsaved_message_params['sender_name'] = $sender_name;
$unsaved_message_params['sender_address'] = $sender_address;
$unsaved_message_params['subject'] = $subject;
$unsaved_message_params['message'] = $original_content;
save_message_params_to_session($unsaved_message_params);
if (param_errors_detected() || empty($redirect_to)) {
$redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=msgform&recipient_id=' . $recipient_id, '&');
}
header_redirect($redirect_to);
//exited here
/**
* Handle messaging module htsrv actions
*/
function handle_htsrv_action()
{
global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url;
// Init objects we want to work on.
$action = param_action(true, true);
$disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads');
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_' . $disp);
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
if (!is_logged_in()) {
// user must be logged in
debug_die('User must be logged in to proceed with messaging updates!');
}
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
// set where to redirect
$redirect_to = param('redirect_to', 'url', NULL);
if (empty($redirect_to)) {
if (isset($Blog)) {
$redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp);
} else {
$redirect_to = url_add_param($baseurl, 'disp=' . $disp);
}
}
if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) {
// Load thread from cache:
$ThreadCache =& get_ThreadCache();
if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) {
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error');
$action = 'nil';
}
}
switch ($disp) {
// threads action
case 'threads':
if ($action != 'create') {
// Make sure we got a thrd_ID:
param('thrd_ID', 'integer', true);
}
switch ($action) {
case 'create':
// create thread
// check if create new thread is allowed
if (check_create_thread_limit()) {
// max new threads limit reached, don't allow to create new thread
debug_die('Invalid request, new conversation limit already reached!');
}
if (!create_new_thread()) {
// unsuccessful new thread creation
global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array;
$redirect_to .= '&action=new';
// save new message and thread params into the Session to not lose the content
$unsaved_message_params = array();
$unsaved_message_params['subject'] = $edited_Thread->title;
$unsaved_message_params['message'] = $edited_Message->text;
$unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual');
// alternative: discussion
$unsaved_message_params['thrd_recipients'] = $thrd_recipients;
$unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array;
save_message_params_to_session($unsaved_message_params);
}
break;
case 'delete':
// delete thread
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
$msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title'));
$edited_Thread->dbdelete(true);
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add($msg, 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title'));
$msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button;
$Messages->add($msg, 'error');
}
break;
case 'leave':
// user wants to leave the thread
leave_thread($edited_Thread->ID, $current_User->ID, false);
$Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success');
break;
case 'close':
// close the thread
// close the thread
case 'close_and_block':
// close the thread and block contact
leave_thread($edited_Thread->ID, $current_User->ID, true);
// user has closed this conversation because there was only one other user involved
$Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success');
if ($action == 'close_and_block') {
// user also wants to block contact with the other user involved in this thread
$block_user_ID = param('block_ID', 'integer', true);
$UserCache =& get_UserCache();
$blocked_User = $UserCache->get_by_ID($block_user_ID);
set_contact_blocked($block_user_ID, true);
$Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success');
}
break;
}
break;
// break from threads action switch
// contacts action
// break from threads action switch
// contacts action
case 'contacts':
$user_ID = param('user_ID', 'string', true);
if ($action != 'block' && $action != 'unblock') {
// only block or unblock is valid
debug_die("Invalid action param");
}
set_contact_blocked($user_ID, $action == 'block' ? 1 : 0);
$redirect_to = str_replace('&', '&', $redirect_to);
break;
// messages action
// messages action
case 'messages':
if ($action == 'create') {
// create new message
create_new_message($thrd_ID);
} elseif ($action == 'delete') {
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$msg_ID = param('msg_ID', 'integer', true);
$MessageCache =& get_MessageCache();
if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) {
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error');
break;
}
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
// delete message
$edited_Message->dbdelete();
unset($edited_Message);
$Messages->add(T_('Message deleted.'), 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1';
$delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button;
$Messages->add($msg, 'error');
}
}
break;
}
header_redirect($redirect_to);
// Will save $Messages into Session
}