/** * Send it! */ function MessagePost2() { global $txt, $context, $sourcedir; global $user_info, $modSettings, $scripturl, $smcFunc; isAllowedTo('pm_send'); require_once $sourcedir . '/Subs-Auth.php'; loadLanguage('PersonalMessage', '', false); // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Initialize the errors we're about to make. $post_errors = array(); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') { // How many have they sent this last hour? $request = $smcFunc['db_query']('', ' SELECT COUNT(pr.id_pm) AS post_count FROM {db_prefix}personal_messages AS pm INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm) WHERE pm.id_member_from = {int:current_member} AND pm.msgtime > {int:msgtime}', array('current_member' => $user_info['id'], 'msgtime' => time() - 3600)); list($postCount) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) { if (!isset($_REQUEST['xml'])) { fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); } else { $post_errors[] = 'pm_too_many_per_hour'; } } } // If your session timed out, show an error, but do allow to re-submit. if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to']; $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc']; // Route the input from the 'u' parameter to the 'to'-list. if (!empty($_POST['u'])) { $_POST['recipient_to'] = explode(',', $_POST['u']); } // Construct the list of recipients. $recipientList = array(); $namedRecipientList = array(); $namesNotFound = array(); foreach (array('to', 'bcc') as $recipientType) { // First, let's see if there's user ID's given. $recipientList[$recipientType] = array(); if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) { foreach ($_POST['recipient_' . $recipientType] as $recipient) { $recipientList[$recipientType][] = (int) $recipient; } } // Are there also literal names set? if (!empty($_REQUEST[$recipientType])) { // We're going to take out the "s anyway ;). $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $recipientString, $matches); $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString)))); foreach ($namedRecipientList[$recipientType] as $index => $recipient) { if (strlen(trim($recipient)) > 0) { $namedRecipientList[$recipientType][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($recipient))); } else { unset($namedRecipientList[$recipientType][$index]); } } if (!empty($namedRecipientList[$recipientType])) { $foundMembers = findMembers($namedRecipientList[$recipientType]); // Assume all are not found, until proven otherwise. $namesNotFound[$recipientType] = $namedRecipientList[$recipientType]; foreach ($foundMembers as $member) { $testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email'])); if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) { $recipientList[$recipientType][] = $member['id']; // Get rid of this username, since we found it. $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames); } } } } // Selected a recipient to be deleted? Remove them now. if (!empty($_POST['delete_recipient'])) { $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient'])); } // Make sure we don't include the same name twice $recipientList[$recipientType] = array_unique($recipientList[$recipientType]); } // Are we changing the recipients some how? $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']); // Check if there's at least one recipient. if (empty($recipientList['to']) && empty($recipientList['bcc'])) { $post_errors[] = 'no_to'; } // Make sure that we remove the members who did get it from the screen. if (!$is_recipient_change) { foreach ($recipientList as $recipientType => $dummy) { if (!empty($namesNotFound[$recipientType])) { $post_errors[] = 'bad_' . $recipientType; // Since we already have a post error, remove the previous one. $post_errors = array_diff($post_errors, array('no_to')); foreach ($namesNotFound[$recipientType] as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } } } // Did they make any mistakes? if ($_REQUEST['subject'] == '') { $post_errors[] = 'no_subject'; } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } else { // Preparse the message. $message = $_REQUEST['message']; preparsecode($message); // Make sure there's still some content left without the tags. if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) { $post_errors[] = 'no_message'; } } // Wrong verification code? if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { $post_errors = array_merge($post_errors, $context['require_verification']); } } // If they did, give a chance to make ammends. if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) { return messagePostError($post_errors, $namedRecipientList, $recipientList); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']); $context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject']; // Pretend they messed up but don't ignore if they really did :P. return messagePostError($post_errors, $namedRecipientList, $recipientList); } elseif ($is_recipient_change) { // Maybe we couldn't find one? foreach ($namesNotFound as $recipientType => $names) { $post_errors[] = 'bad_' . $recipientType; foreach ($names as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } return messagePostError(array(), $namedRecipientList, $recipientList); } // Want to save this as a draft and think about it some more? if (!empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && isset($_POST['save_draft'])) { require_once $sourcedir . '/Drafts.php'; SavePMDraft($post_errors, $recipientList); return messagePostError($post_errors, $namedRecipientList, $recipientList); } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); return messagePostError($post_errors, $namedRecipientList, $recipientList); } // Protect from message spamming. spamProtection('pm'); // Prevent double submission of this form. checkSubmitOnce('check'); // Do the actual sending of the PM. if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) { $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { $smcFunc['db_query']('', ' UPDATE {db_prefix}pm_recipients SET is_read = is_read | 2 WHERE id_pm = {int:replied_to} AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'replied_to' => (int) $_REQUEST['replied_to'])); } // If one or more of the recipient were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($post_errors, $namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed']))); } // Message sent successfully? if (!empty($context['send_log']) && empty($context['send_log']['failed'])) { $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent'; } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
/** * Reads a draft in from the user_drafts table * Only loads the draft of a given type 0 for post, 1 for pm draft * validates that the draft is the users draft * Optionally loads the draft in to context or superglobal for loading in to the form * * @param type $id_draft - draft to load * @param type $type - type of draft * @param type $check - validate the user * @param type $load - load it for use in a form * @return boolean */ function ReadDraft($id_draft, $type = 0, $check = true, $load = false) { global $context, $user_info, $smcFunc, $modSettings; // always clean to be sure $id_draft = (int) $id_draft; $type = (int) $type; // nothing to read, nothing to do if (empty($id_draft)) { return false; } // load in this draft from the DB $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}user_drafts WHERE id_draft = {int:id_draft}' . ($check ? ' AND id_member = {int:id_member}' : '') . ' AND type = {int:type}' . (!empty($modSettings['drafts_keep_days']) ? ' AND poster_time > {int:time}' : '') . ' LIMIT 1', array('id_member' => $user_info['id'], 'id_draft' => $id_draft, 'type' => $type, 'time' => !empty($modSettings['drafts_keep_days']) ? time() - $modSettings['drafts_keep_days'] * 86400 : 0)); // no results? if (!$smcFunc['db_num_rows']($request)) { return false; } // load up the data $draft_info = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Load it up for the templates as well $recipients = array(); if (!empty($load)) { if ($type === 0) { // a standard post draft? $context['sticky'] = !empty($draft_info['is_sticky']) ? $draft_info['is_sticky'] : ''; $context['locked'] = !empty($draft_info['locked']) ? $draft_info['locked'] : ''; $context['use_smileys'] = !empty($draft_info['smileys_enabled']) ? true : false; $context['icon'] = !empty($draft_info['icon']) ? $draft_info['icon'] : 'xx'; $context['message'] = !empty($draft_info['body']) ? str_replace('<br />', "\n", un_htmlspecialchars(stripslashes($draft_info['body']))) : ''; $context['subject'] = !empty($draft_info['subject']) ? stripslashes($draft_info['subject']) : ''; $context['board'] = !empty($draft_info['board_id']) ? $draft_info['id_board'] : ''; $context['id_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0; } elseif ($type === 1) { // one of those pm drafts? then set it up like we have an error $_REQUEST['outbox'] = !empty($draft_info['outbox']); $_REQUEST['subject'] = !empty($draft_info['subject']) ? stripslashes($draft_info['subject']) : ''; $_REQUEST['message'] = !empty($draft_info['body']) ? str_replace('<br />', "\n", un_htmlspecialchars(stripslashes($draft_info['body']))) : ''; $_REQUEST['replied_to'] = !empty($draft_info['id_reply']) ? $draft_info['id_reply'] : 0; $context['id_pm_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0; $recipients = unserialize($draft_info['to_list']); // make sure we only have integers in this array $recipients['to'] = array_map('intval', $recipients['to']); $recipients['bcc'] = array_map('intval', $recipients['bcc']); // pretend we messed up to populate the pm message form messagePostError(array(), array(), $recipients); return true; } } return $draft_info; }
/** * Send a personal message. */ public function action_send2() { global $txt, $context, $user_info, $modSettings; // All the helpers we need require_once SUBSDIR . '/Auth.subs.php'; require_once SUBSDIR . '/Post.subs.php'; // PM Drafts enabled and needed? if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) { require_once SUBSDIR . '/Drafts.subs.php'; } loadLanguage('PersonalMessage', '', false); // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Initialize the errors we're about to make. $post_errors = Error_Context::context('pm', 1); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') { // How many have they sent this last hour? $pmCount = pmCount($user_info['id'], 3600); if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) { if (!isset($_REQUEST['xml'])) { fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); } else { $post_errors->addError('pm_too_many_per_hour'); } } } // If your session timed out, show an error, but do allow to re-submit. if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') { $post_errors->addError('session_timeout'); } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to']; $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc']; // Route the input from the 'u' parameter to the 'to'-list. if (!empty($_POST['u'])) { $_POST['recipient_to'] = explode(',', $_POST['u']); } // Construct the list of recipients. $recipientList = array(); $namedRecipientList = array(); $namesNotFound = array(); foreach (array('to', 'bcc') as $recipientType) { // First, let's see if there's user ID's given. $recipientList[$recipientType] = array(); if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) { foreach ($_POST['recipient_' . $recipientType] as $recipient) { $recipientList[$recipientType][] = (int) $recipient; } } // Are there also literal names set? if (!empty($_REQUEST[$recipientType])) { // We're going to take out the "s anyway ;). $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $recipientString, $matches); $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString)))); // Clean any literal names entered foreach ($namedRecipientList[$recipientType] as $index => $recipient) { if (strlen(trim($recipient)) > 0) { $namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient))); } else { unset($namedRecipientList[$recipientType][$index]); } } // Now see if we can resolove the entered name to an actual user if (!empty($namedRecipientList[$recipientType])) { $foundMembers = findMembers($namedRecipientList[$recipientType]); // Assume all are not found, until proven otherwise. $namesNotFound[$recipientType] = $namedRecipientList[$recipientType]; // Make sure we only have each member listed once, incase they did not use the select list foreach ($foundMembers as $member) { $testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email'])); if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) { $recipientList[$recipientType][] = $member['id']; // Get rid of this username, since we found it. $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames); } } } } // Selected a recipient to be deleted? Remove them now. if (!empty($_POST['delete_recipient'])) { $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient'])); } // Make sure we don't include the same name twice $recipientList[$recipientType] = array_unique($recipientList[$recipientType]); } // Are we changing the recipients some how? $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']); // Check if there's at least one recipient. if (empty($recipientList['to']) && empty($recipientList['bcc'])) { $post_errors->addError('no_to'); } // Make sure that we remove the members who did get it from the screen. if (!$is_recipient_change) { foreach (array_keys($recipientList) as $recipientType) { if (!empty($namesNotFound[$recipientType])) { $post_errors->addError('bad_' . $recipientType); // Since we already have a post error, remove the previous one. $post_errors->removeError('no_to'); foreach ($namesNotFound[$recipientType] as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } } } // Did they make any mistakes like no subject or message? if ($_REQUEST['subject'] == '') { $post_errors->addError('no_subject'); } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors->addError('no_message'); } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors->addError('long_message'); } else { // Preparse the message. $message = $_REQUEST['message']; preparsecode($message); // Make sure there's still some content left without the tags. if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) { $post_errors->addError('no_message'); } } // Wrong verification code? if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $post_errors->addError($error); } } } // If they made any errors, give them a chance to make amends. if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) { return messagePostError($namedRecipientList, $recipientList); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']); $context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject']; // Pretend they messed up but don't ignore if they really did :P. return messagePostError($namedRecipientList, $recipientList); } elseif ($is_recipient_change) { // Maybe we couldn't find one? foreach ($namesNotFound as $recipientType => $names) { $post_errors->addError('bad_' . $recipientType); foreach ($names as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } return messagePostError($namedRecipientList, $recipientList); } // Want to save this as a draft and think about it some more? if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) { savePMDraft($recipientList); return messagePostError($namedRecipientList, $recipientList); } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); return messagePostError($namedRecipientList, $recipientList); } // Protect from message spamming. spamProtection('pm'); // Prevent double submission of this form. checkSubmitOnce('check'); // Finally do the actual sending of the PM. if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) { $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { require_once SUBSDIR . '/PersonalMessage.subs.php'; setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']); } // If one or more of the recipients were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed']))); } // Message sent successfully? if (!empty($context['send_log']) && empty($context['send_log']['failed'])) { $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent'; // If we had a PM draft for this one, then its time to remove it since it was just sent if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) { deleteDrafts($_POST['id_pm_draft'], $user_info['id']); } } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
function MessagePost2() { global $txt, $ID_MEMBER, $context, $sourcedir; global $db_prefix, $user_info, $modSettings, $scripturl, $func; isAllowedTo('pm_send'); require_once $sourcedir . '/Subs-Auth.php'; if (loadLanguage('PersonalMessage', '', false) === false) { loadLanguage('InstantMessage'); } // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail'))) { // How many messages have they sent this last hour? $request = db_query("\n\t\t\tSELECT COUNT(pr.ID_PM) AS postCount\n\t\t\tFROM ({$db_prefix}personal_messages AS pm, {$db_prefix}pm_recipients AS pr)\n\t\t\tWHERE pm.ID_MEMBER_FROM = {$ID_MEMBER}\n\t\t\t\tAND pm.msgtime > " . (time() - 3600) . "\n\t\t\t\tAND pr.ID_PM = pm.ID_PM", __FILE__, __LINE__); list($postCount) = mysql_fetch_row($request); mysql_free_result($request); if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) { // Excempt moderators. $request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}moderators\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { fatal_error(sprintf($txt['pm_too_many_per_hour'], $modSettings['pm_posts_per_hour'])); } mysql_free_result($request); } } // Initialize the errors we're about to make. $post_errors = array(); // If your session timed out, show an error, but do allow to re-submit. if (checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : stripslashes($_POST['to']); $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : stripslashes($_POST['bcc']); // Did they make any mistakes? if ($_REQUEST['subject'] == '') { $post_errors[] = 'no_subject'; } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } if (empty($_REQUEST['to']) && empty($_REQUEST['bcc']) && empty($_REQUEST['u'])) { $post_errors[] = 'no_to'; } // Wrong verification code? if (!$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification'] && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) { $post_errors[] = 'wrong_verification_code'; } // If they did, give a chance to make ammends. if (!empty($post_errors)) { return messagePostError($post_errors, $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc'])); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = $func['htmlspecialchars'](stripslashes($_REQUEST['subject'])); $context['preview_message'] = $func['htmlspecialchars'](stripslashes($_REQUEST['message']), ENT_QUOTES); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt[507] . ' - ' . $context['preview_subject']; // Pretend they messed up :P. return messagePostError(array(), $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc'])); } // Protect from message spamming. spamProtection('spam'); // Prevent double submission of this form. checkSubmitOnce('check'); // Initialize member ID array. $recipients = array('to' => array(), 'bcc' => array()); // Format the to and bcc members. $input = array('to' => array(), 'bcc' => array()); if (empty($_REQUEST['u'])) { // To who..? if (!empty($_REQUEST['to'])) { // We're going to take out the "s anyway ;). $_REQUEST['to'] = strtr($_REQUEST['to'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['to'], $matches); $input['to'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['to'])))); } // Your secret's safe with me! if (!empty($_REQUEST['bcc'])) { // We're going to take out the "s anyway ;). $_REQUEST['bcc'] = strtr($_REQUEST['bcc'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['bcc'], $matches); $input['bcc'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['bcc'])))); } foreach ($input as $rec_type => $rec) { foreach ($rec as $index => $member) { if (strlen(trim($member)) > 0) { $input[$rec_type][$index] = $func['htmlspecialchars']($func['strtolower'](stripslashes(trim($member)))); } else { unset($input[$rec_type][$index]); } } } // Find the requested members - bcc and to. $foundMembers = findMembers(array_merge($input['to'], $input['bcc'])); // Store IDs of the members that were found. foreach ($foundMembers as $member) { // It's easier this way. $member['name'] = strtr($member['name'], array(''' => '\'')); foreach ($input as $rec_type => $to_members) { if (array_intersect(array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email'])), $to_members)) { $recipients[$rec_type][] = $member['id']; // Get rid of this username. The ones that remain were not found. $input[$rec_type] = array_diff($input[$rec_type], array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email']))); } } } } else { $_REQUEST['u'] = explode(',', $_REQUEST['u']); foreach ($_REQUEST['u'] as $key => $uID) { $_REQUEST['u'][$key] = (int) $uID; } $request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE ID_MEMBER IN (" . implode(',', $_REQUEST['u']) . ")\n\t\t\tLIMIT " . count($_REQUEST['u']), __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) { $recipients['to'][] = $row['ID_MEMBER']; } mysql_free_result($request); } // Before we send the PM, let's make sure we don't have an abuse of numbers. if (!empty($modSettings['max_pm_recipients']) && count($recipients['to']) + count($recipients['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); } else { if (!empty($recipients['to']) || !empty($recipients['bcc'])) { $context['send_log'] = sendpm($recipients, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox'])); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } } // Add a log message for all recipients that were not found. foreach ($input as $rec_type => $rec) { // Either bad_to or bad_bcc. if (!empty($rec) && !in_array('bad_' . $rec_type, $post_errors)) { $post_errors[] = 'bad_' . $rec_type; } foreach ($rec as $i => $member) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $input[$rec_type][$i]); } } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { db_query("\n\t\t\tUPDATE {$db_prefix}pm_recipients\n\t\t\tSET is_read = is_read | 2\n\t\t\tWHERE ID_PM = " . (int) $_REQUEST['replied_to'] . "\n\t\t\t\tAND ID_MEMBER = {$ID_MEMBER}\n\t\t\tLIMIT 1", __FILE__, __LINE__); } // If one or more of the recipient were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($post_errors, empty($input['to']) ? '' : '"' . implode('", "', $input['to']) . '"', empty($input['bcc']) ? '' : '"' . implode('", "', $input['bcc']) . '"'); } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
/** * Reads a draft in from the user_drafts table * * - Only loads the draft of a given type 0 for post, 1 for pm draft * - Validates that the draft is the users draft * - Optionally loads the draft in to context or superglobal for loading in to the form * * @package Drafts * @param int $id_draft - draft to load * @param int $type - type of draft * @param bool $check - validate the user * @param bool $load - load it for use in a form */ function loadDraft($id_draft, $type = 0, $check = true, $load = false) { global $context, $user_info, $modSettings; // Like purell always clean to be sure $id_draft = (int) $id_draft; $type = (int) $type; // Nothing to read, nothing to do if (empty($id_draft)) { return false; } // Load in this draft from the DB $drafts_keep_days = !empty($modSettings['drafts_keep_days']) ? time() - $modSettings['drafts_keep_days'] * 86400 : 0; $draft_info = load_draft($id_draft, $user_info['id'], $type, $drafts_keep_days, $check); // Load it up for the templates as well if (!empty($load) && !empty($draft_info)) { if ($type === 0) { // A standard post draft? $context['sticky'] = !empty($draft_info['is_sticky']) ? $draft_info['is_sticky'] : ''; $context['locked'] = !empty($draft_info['locked']) ? $draft_info['locked'] : ''; $context['use_smileys'] = !empty($draft_info['smileys_enabled']) ? true : false; $context['icon'] = !empty($draft_info['icon']) ? $draft_info['icon'] : 'xx'; $context['message'] = !empty($draft_info['body']) ? $draft_info['body'] : ''; $context['subject'] = !empty($draft_info['subject']) ? $draft_info['subject'] : ''; $context['board'] = !empty($draft_info['board_id']) ? $draft_info['id_board'] : ''; $context['id_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0; } elseif ($type === 1) { // One of those pm drafts? then set it up like we have an error $_REQUEST['subject'] = !empty($draft_info['subject']) ? $draft_info['subject'] : ''; $_REQUEST['message'] = !empty($draft_info['body']) ? $draft_info['body'] : ''; $_REQUEST['replied_to'] = !empty($draft_info['id_reply']) ? $draft_info['id_reply'] : 0; $context['id_pm_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0; $recipients = unserialize($draft_info['to_list']); // Make sure we only have integers in this array $recipients['to'] = array_map('intval', $recipients['to']); $recipients['bcc'] = array_map('intval', $recipients['bcc']); // Pretend we messed up to populate the pm message form messagePostError(array(), $recipients); return true; } } return $draft_info; }