/**
* Send it!
*/
function MessagePost2()
{
global $txt, $context, $sourcedir;
global $user_info, $modSettings, $scripturl, $smcFunc;
isAllowedTo('pm_send');
require_once $sourcedir . '/Subs-Auth.php';
loadLanguage('PersonalMessage', '', false);
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Initialize the errors we're about to make.
$post_errors = array();
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
// How many have they sent this last hour?
$request = $smcFunc['db_query']('', '
SELECT COUNT(pr.id_pm) AS post_count
FROM {db_prefix}personal_messages AS pm
INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm)
WHERE pm.id_member_from = {int:current_member}
AND pm.msgtime > {int:msgtime}', array('current_member' => $user_info['id'], 'msgtime' => time() - 3600));
list($postCount) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) {
if (!isset($_REQUEST['xml'])) {
fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
} else {
$post_errors[] = 'pm_too_many_per_hour';
}
}
}
// If your session timed out, show an error, but do allow to re-submit.
if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
// Route the input from the 'u' parameter to the 'to'-list.
if (!empty($_POST['u'])) {
$_POST['recipient_to'] = explode(',', $_POST['u']);
}
// Construct the list of recipients.
$recipientList = array();
$namedRecipientList = array();
$namesNotFound = array();
foreach (array('to', 'bcc') as $recipientType) {
// First, let's see if there's user ID's given.
$recipientList[$recipientType] = array();
if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
foreach ($_POST['recipient_' . $recipientType] as $recipient) {
$recipientList[$recipientType][] = (int) $recipient;
}
}
// Are there also literal names set?
if (!empty($_REQUEST[$recipientType])) {
// We're going to take out the "s anyway ;).
$recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $recipientString, $matches);
$namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
if (strlen(trim($recipient)) > 0) {
$namedRecipientList[$recipientType][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($recipient)));
} else {
unset($namedRecipientList[$recipientType][$index]);
}
}
if (!empty($namedRecipientList[$recipientType])) {
$foundMembers = findMembers($namedRecipientList[$recipientType]);
// Assume all are not found, until proven otherwise.
$namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
foreach ($foundMembers as $member) {
$testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email']));
if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
$recipientList[$recipientType][] = $member['id'];
// Get rid of this username, since we found it.
$namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
}
}
}
}
// Selected a recipient to be deleted? Remove them now.
if (!empty($_POST['delete_recipient'])) {
$recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
}
// Make sure we don't include the same name twice
$recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
}
// Are we changing the recipients some how?
$is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
// Check if there's at least one recipient.
if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
$post_errors[] = 'no_to';
}
// Make sure that we remove the members who did get it from the screen.
if (!$is_recipient_change) {
foreach ($recipientList as $recipientType => $dummy) {
if (!empty($namesNotFound[$recipientType])) {
$post_errors[] = 'bad_' . $recipientType;
// Since we already have a post error, remove the previous one.
$post_errors = array_diff($post_errors, array('no_to'));
foreach ($namesNotFound[$recipientType] as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes?
if ($_REQUEST['subject'] == '') {
$post_errors[] = 'no_subject';
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors[] = 'no_message';
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
$post_errors = array_merge($post_errors, $context['require_verification']);
}
}
// If they did, give a chance to make ammends.
if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($post_errors, $namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']);
$context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($post_errors, $namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors[] = 'bad_' . $recipientType;
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError(array(), $namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if (!empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && isset($_POST['save_draft'])) {
require_once $sourcedir . '/Drafts.php';
SavePMDraft($post_errors, $recipientList);
return messagePostError($post_errors, $namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($post_errors, $namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}pm_recipients
SET is_read = is_read | 2
WHERE id_pm = {int:replied_to}
AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'replied_to' => (int) $_REQUEST['replied_to']));
}
// If one or more of the recipient were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($post_errors, $namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
/**
* Reads a draft in from the user_drafts table
* Only loads the draft of a given type 0 for post, 1 for pm draft
* validates that the draft is the users draft
* Optionally loads the draft in to context or superglobal for loading in to the form
*
* @param type $id_draft - draft to load
* @param type $type - type of draft
* @param type $check - validate the user
* @param type $load - load it for use in a form
* @return boolean
*/
function ReadDraft($id_draft, $type = 0, $check = true, $load = false)
{
global $context, $user_info, $smcFunc, $modSettings;
// always clean to be sure
$id_draft = (int) $id_draft;
$type = (int) $type;
// nothing to read, nothing to do
if (empty($id_draft)) {
return false;
}
// load in this draft from the DB
$request = $smcFunc['db_query']('', '
SELECT *
FROM {db_prefix}user_drafts
WHERE id_draft = {int:id_draft}' . ($check ? '
AND id_member = {int:id_member}' : '') . '
AND type = {int:type}' . (!empty($modSettings['drafts_keep_days']) ? '
AND poster_time > {int:time}' : '') . '
LIMIT 1', array('id_member' => $user_info['id'], 'id_draft' => $id_draft, 'type' => $type, 'time' => !empty($modSettings['drafts_keep_days']) ? time() - $modSettings['drafts_keep_days'] * 86400 : 0));
// no results?
if (!$smcFunc['db_num_rows']($request)) {
return false;
}
// load up the data
$draft_info = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Load it up for the templates as well
$recipients = array();
if (!empty($load)) {
if ($type === 0) {
// a standard post draft?
$context['sticky'] = !empty($draft_info['is_sticky']) ? $draft_info['is_sticky'] : '';
$context['locked'] = !empty($draft_info['locked']) ? $draft_info['locked'] : '';
$context['use_smileys'] = !empty($draft_info['smileys_enabled']) ? true : false;
$context['icon'] = !empty($draft_info['icon']) ? $draft_info['icon'] : 'xx';
$context['message'] = !empty($draft_info['body']) ? str_replace('<br />', "\n", un_htmlspecialchars(stripslashes($draft_info['body']))) : '';
$context['subject'] = !empty($draft_info['subject']) ? stripslashes($draft_info['subject']) : '';
$context['board'] = !empty($draft_info['board_id']) ? $draft_info['id_board'] : '';
$context['id_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0;
} elseif ($type === 1) {
// one of those pm drafts? then set it up like we have an error
$_REQUEST['outbox'] = !empty($draft_info['outbox']);
$_REQUEST['subject'] = !empty($draft_info['subject']) ? stripslashes($draft_info['subject']) : '';
$_REQUEST['message'] = !empty($draft_info['body']) ? str_replace('<br />', "\n", un_htmlspecialchars(stripslashes($draft_info['body']))) : '';
$_REQUEST['replied_to'] = !empty($draft_info['id_reply']) ? $draft_info['id_reply'] : 0;
$context['id_pm_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0;
$recipients = unserialize($draft_info['to_list']);
// make sure we only have integers in this array
$recipients['to'] = array_map('intval', $recipients['to']);
$recipients['bcc'] = array_map('intval', $recipients['bcc']);
// pretend we messed up to populate the pm message form
messagePostError(array(), array(), $recipients);
return true;
}
}
return $draft_info;
}
/**
* Send a personal message.
*/
public function action_send2()
{
global $txt, $context, $user_info, $modSettings;
// All the helpers we need
require_once SUBSDIR . '/Auth.subs.php';
require_once SUBSDIR . '/Post.subs.php';
// PM Drafts enabled and needed?
if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) {
require_once SUBSDIR . '/Drafts.subs.php';
}
loadLanguage('PersonalMessage', '', false);
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Initialize the errors we're about to make.
$post_errors = Error_Context::context('pm', 1);
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
// How many have they sent this last hour?
$pmCount = pmCount($user_info['id'], 3600);
if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) {
if (!isset($_REQUEST['xml'])) {
fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
} else {
$post_errors->addError('pm_too_many_per_hour');
}
}
}
// If your session timed out, show an error, but do allow to re-submit.
if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
$post_errors->addError('session_timeout');
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
// Route the input from the 'u' parameter to the 'to'-list.
if (!empty($_POST['u'])) {
$_POST['recipient_to'] = explode(',', $_POST['u']);
}
// Construct the list of recipients.
$recipientList = array();
$namedRecipientList = array();
$namesNotFound = array();
foreach (array('to', 'bcc') as $recipientType) {
// First, let's see if there's user ID's given.
$recipientList[$recipientType] = array();
if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
foreach ($_POST['recipient_' . $recipientType] as $recipient) {
$recipientList[$recipientType][] = (int) $recipient;
}
}
// Are there also literal names set?
if (!empty($_REQUEST[$recipientType])) {
// We're going to take out the "s anyway ;).
$recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $recipientString, $matches);
$namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
// Clean any literal names entered
foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
if (strlen(trim($recipient)) > 0) {
$namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient)));
} else {
unset($namedRecipientList[$recipientType][$index]);
}
}
// Now see if we can resolove the entered name to an actual user
if (!empty($namedRecipientList[$recipientType])) {
$foundMembers = findMembers($namedRecipientList[$recipientType]);
// Assume all are not found, until proven otherwise.
$namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
// Make sure we only have each member listed once, incase they did not use the select list
foreach ($foundMembers as $member) {
$testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email']));
if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
$recipientList[$recipientType][] = $member['id'];
// Get rid of this username, since we found it.
$namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
}
}
}
}
// Selected a recipient to be deleted? Remove them now.
if (!empty($_POST['delete_recipient'])) {
$recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
}
// Make sure we don't include the same name twice
$recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
}
// Are we changing the recipients some how?
$is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
// Check if there's at least one recipient.
if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
$post_errors->addError('no_to');
}
// Make sure that we remove the members who did get it from the screen.
if (!$is_recipient_change) {
foreach (array_keys($recipientList) as $recipientType) {
if (!empty($namesNotFound[$recipientType])) {
$post_errors->addError('bad_' . $recipientType);
// Since we already have a post error, remove the previous one.
$post_errors->removeError('no_to');
foreach ($namesNotFound[$recipientType] as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes like no subject or message?
if ($_REQUEST['subject'] == '') {
$post_errors->addError('no_subject');
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors->addError('no_message');
} elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors->addError('long_message');
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors->addError('no_message');
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$post_errors->addError($error);
}
}
}
// If they made any errors, give them a chance to make amends.
if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']);
$context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors->addError('bad_' . $recipientType);
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError($namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) {
savePMDraft($recipientList);
return messagePostError($namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Finally do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
require_once SUBSDIR . '/PersonalMessage.subs.php';
setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']);
}
// If one or more of the recipients were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
// If we had a PM draft for this one, then its time to remove it since it was just sent
if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) {
deleteDrafts($_POST['id_pm_draft'], $user_info['id']);
}
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
function MessagePost2()
{
global $txt, $ID_MEMBER, $context, $sourcedir;
global $db_prefix, $user_info, $modSettings, $scripturl, $func;
isAllowedTo('pm_send');
require_once $sourcedir . '/Subs-Auth.php';
if (loadLanguage('PersonalMessage', '', false) === false) {
loadLanguage('InstantMessage');
}
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail'))) {
// How many messages have they sent this last hour?
$request = db_query("\n\t\t\tSELECT COUNT(pr.ID_PM) AS postCount\n\t\t\tFROM ({$db_prefix}personal_messages AS pm, {$db_prefix}pm_recipients AS pr)\n\t\t\tWHERE pm.ID_MEMBER_FROM = {$ID_MEMBER}\n\t\t\t\tAND pm.msgtime > " . (time() - 3600) . "\n\t\t\t\tAND pr.ID_PM = pm.ID_PM", __FILE__, __LINE__);
list($postCount) = mysql_fetch_row($request);
mysql_free_result($request);
if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) {
// Excempt moderators.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}moderators\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_error(sprintf($txt['pm_too_many_per_hour'], $modSettings['pm_posts_per_hour']));
}
mysql_free_result($request);
}
}
// Initialize the errors we're about to make.
$post_errors = array();
// If your session timed out, show an error, but do allow to re-submit.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : stripslashes($_POST['to']);
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : stripslashes($_POST['bcc']);
// Did they make any mistakes?
if ($_REQUEST['subject'] == '') {
$post_errors[] = 'no_subject';
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
}
if (empty($_REQUEST['to']) && empty($_REQUEST['bcc']) && empty($_REQUEST['u'])) {
$post_errors[] = 'no_to';
}
// Wrong verification code?
if (!$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification'] && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) {
$post_errors[] = 'wrong_verification_code';
}
// If they did, give a chance to make ammends.
if (!empty($post_errors)) {
return messagePostError($post_errors, $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc']));
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = $func['htmlspecialchars'](stripslashes($_REQUEST['subject']));
$context['preview_message'] = $func['htmlspecialchars'](stripslashes($_REQUEST['message']), ENT_QUOTES);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt[507] . ' - ' . $context['preview_subject'];
// Pretend they messed up :P.
return messagePostError(array(), $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc']));
}
// Protect from message spamming.
spamProtection('spam');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Initialize member ID array.
$recipients = array('to' => array(), 'bcc' => array());
// Format the to and bcc members.
$input = array('to' => array(), 'bcc' => array());
if (empty($_REQUEST['u'])) {
// To who..?
if (!empty($_REQUEST['to'])) {
// We're going to take out the "s anyway ;).
$_REQUEST['to'] = strtr($_REQUEST['to'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['to'], $matches);
$input['to'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['to']))));
}
// Your secret's safe with me!
if (!empty($_REQUEST['bcc'])) {
// We're going to take out the "s anyway ;).
$_REQUEST['bcc'] = strtr($_REQUEST['bcc'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['bcc'], $matches);
$input['bcc'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['bcc']))));
}
foreach ($input as $rec_type => $rec) {
foreach ($rec as $index => $member) {
if (strlen(trim($member)) > 0) {
$input[$rec_type][$index] = $func['htmlspecialchars']($func['strtolower'](stripslashes(trim($member))));
} else {
unset($input[$rec_type][$index]);
}
}
}
// Find the requested members - bcc and to.
$foundMembers = findMembers(array_merge($input['to'], $input['bcc']));
// Store IDs of the members that were found.
foreach ($foundMembers as $member) {
// It's easier this way.
$member['name'] = strtr($member['name'], array(''' => '\''));
foreach ($input as $rec_type => $to_members) {
if (array_intersect(array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email'])), $to_members)) {
$recipients[$rec_type][] = $member['id'];
// Get rid of this username. The ones that remain were not found.
$input[$rec_type] = array_diff($input[$rec_type], array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email'])));
}
}
}
} else {
$_REQUEST['u'] = explode(',', $_REQUEST['u']);
foreach ($_REQUEST['u'] as $key => $uID) {
$_REQUEST['u'][$key] = (int) $uID;
}
$request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE ID_MEMBER IN (" . implode(',', $_REQUEST['u']) . ")\n\t\t\tLIMIT " . count($_REQUEST['u']), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
$recipients['to'][] = $row['ID_MEMBER'];
}
mysql_free_result($request);
}
// Before we send the PM, let's make sure we don't have an abuse of numbers.
if (!empty($modSettings['max_pm_recipients']) && count($recipients['to']) + count($recipients['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
} else {
if (!empty($recipients['to']) || !empty($recipients['bcc'])) {
$context['send_log'] = sendpm($recipients, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']));
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
}
// Add a log message for all recipients that were not found.
foreach ($input as $rec_type => $rec) {
// Either bad_to or bad_bcc.
if (!empty($rec) && !in_array('bad_' . $rec_type, $post_errors)) {
$post_errors[] = 'bad_' . $rec_type;
}
foreach ($rec as $i => $member) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $input[$rec_type][$i]);
}
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
db_query("\n\t\t\tUPDATE {$db_prefix}pm_recipients\n\t\t\tSET is_read = is_read | 2\n\t\t\tWHERE ID_PM = " . (int) $_REQUEST['replied_to'] . "\n\t\t\t\tAND ID_MEMBER = {$ID_MEMBER}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
}
// If one or more of the recipient were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($post_errors, empty($input['to']) ? '' : '"' . implode('", "', $input['to']) . '"', empty($input['bcc']) ? '' : '"' . implode('", "', $input['bcc']) . '"');
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
/**
* Reads a draft in from the user_drafts table
*
* - Only loads the draft of a given type 0 for post, 1 for pm draft
* - Validates that the draft is the users draft
* - Optionally loads the draft in to context or superglobal for loading in to the form
*
* @package Drafts
* @param int $id_draft - draft to load
* @param int $type - type of draft
* @param bool $check - validate the user
* @param bool $load - load it for use in a form
*/
function loadDraft($id_draft, $type = 0, $check = true, $load = false)
{
global $context, $user_info, $modSettings;
// Like purell always clean to be sure
$id_draft = (int) $id_draft;
$type = (int) $type;
// Nothing to read, nothing to do
if (empty($id_draft)) {
return false;
}
// Load in this draft from the DB
$drafts_keep_days = !empty($modSettings['drafts_keep_days']) ? time() - $modSettings['drafts_keep_days'] * 86400 : 0;
$draft_info = load_draft($id_draft, $user_info['id'], $type, $drafts_keep_days, $check);
// Load it up for the templates as well
if (!empty($load) && !empty($draft_info)) {
if ($type === 0) {
// A standard post draft?
$context['sticky'] = !empty($draft_info['is_sticky']) ? $draft_info['is_sticky'] : '';
$context['locked'] = !empty($draft_info['locked']) ? $draft_info['locked'] : '';
$context['use_smileys'] = !empty($draft_info['smileys_enabled']) ? true : false;
$context['icon'] = !empty($draft_info['icon']) ? $draft_info['icon'] : 'xx';
$context['message'] = !empty($draft_info['body']) ? $draft_info['body'] : '';
$context['subject'] = !empty($draft_info['subject']) ? $draft_info['subject'] : '';
$context['board'] = !empty($draft_info['board_id']) ? $draft_info['id_board'] : '';
$context['id_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0;
} elseif ($type === 1) {
// One of those pm drafts? then set it up like we have an error
$_REQUEST['subject'] = !empty($draft_info['subject']) ? $draft_info['subject'] : '';
$_REQUEST['message'] = !empty($draft_info['body']) ? $draft_info['body'] : '';
$_REQUEST['replied_to'] = !empty($draft_info['id_reply']) ? $draft_info['id_reply'] : 0;
$context['id_pm_draft'] = !empty($draft_info['id_draft']) ? $draft_info['id_draft'] : 0;
$recipients = unserialize($draft_info['to_list']);
// Make sure we only have integers in this array
$recipients['to'] = array_map('intval', $recipients['to']);
$recipients['bcc'] = array_map('intval', $recipients['bcc']);
// Pretend we messed up to populate the pm message form
messagePostError(array(), $recipients);
return true;
}
}
return $draft_info;
}
