/** * Allows the user to report a personal message to an administrator. * * - In the first instance requires that the ID of the message to report is passed through $_GET. * - It allows the user to report to either a particular administrator - or the whole admin team. * - It will forward on a copy of the original message without allowing the reporter to make changes. * * @uses report_message sub-template. */ function ReportMessage() { global $txt, $context, $scripturl, $sourcedir; global $user_info, $language, $modSettings, $smcFunc; // Check that this feature is even enabled! if (empty($modSettings['enableReportPM']) || empty($_REQUEST['pmsg'])) { fatal_lang_error('no_access', false); } $pmsg = (int) $_REQUEST['pmsg']; if (!isAccessiblePM($pmsg, 'inbox')) { fatal_lang_error('no_access', false); } $context['pm_id'] = $pmsg; $context['page_title'] = $txt['pm_report_title']; // If we're here, just send the user to the template, with a few useful context bits. if (!isset($_POST['report'])) { $context['sub_template'] = 'report_message'; // @todo I don't like being able to pick who to send it to. Favoritism, etc. sucks. // Now, get all the administrators. $request = $smcFunc['db_query']('', ' SELECT id_member, real_name FROM {db_prefix}members WHERE id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 ORDER BY real_name', array('admin_group' => 1)); $context['admins'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['admins'][$row['id_member']] = $row['real_name']; } $smcFunc['db_free_result']($request); // How many admins in total? $context['admin_count'] = count($context['admins']); } else { // Check the session before proceeding any further! checkSession('post'); // First, pull out the message contents, and verify it actually went to them! $request = $smcFunc['db_query']('', ' SELECT pm.subject, pm.body, pm.msgtime, pm.id_member_from, IFNULL(m.real_name, pm.from_name) AS sender_name FROM {db_prefix}personal_messages AS pm INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm) LEFT JOIN {db_prefix}members AS m ON (m.id_member = pm.id_member_from) WHERE pm.id_pm = {int:id_pm} AND pmr.id_member = {int:current_member} AND pmr.deleted = {int:not_deleted} LIMIT 1', array('current_member' => $user_info['id'], 'id_pm' => $context['pm_id'], 'not_deleted' => 0)); // Can only be a hacker here! if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_access', false); } list($subject, $body, $time, $memberFromID, $memberFromName) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Remove the line breaks... $body = preg_replace('~<br ?/?' . '>~i', "\n", $body); // Get any other recipients of the email. $request = $smcFunc['db_query']('', ' SELECT mem_to.id_member AS id_member_to, mem_to.real_name AS to_name, pmr.bcc FROM {db_prefix}pm_recipients AS pmr LEFT JOIN {db_prefix}members AS mem_to ON (mem_to.id_member = pmr.id_member) WHERE pmr.id_pm = {int:id_pm} AND pmr.id_member != {int:current_member}', array('current_member' => $user_info['id'], 'id_pm' => $context['pm_id'])); $recipients = array(); $hidden_recipients = 0; while ($row = $smcFunc['db_fetch_assoc']($request)) { // If it's hidden still don't reveal their names - privacy after all ;) if ($row['bcc']) { $hidden_recipients++; } else { $recipients[] = '[url=' . $scripturl . '?action=profile;u=' . $row['id_member_to'] . ']' . $row['to_name'] . '[/url]'; } } $smcFunc['db_free_result']($request); if ($hidden_recipients) { $recipients[] = sprintf($txt['pm_report_pm_hidden'], $hidden_recipients); } // Now let's get out and loop through the admins. $request = $smcFunc['db_query']('', ' SELECT id_member, real_name, lngfile FROM {db_prefix}members WHERE (id_group = {int:admin_id} OR FIND_IN_SET({int:admin_id}, additional_groups) != 0) ' . (empty($_POST['id_admin']) ? '' : 'AND id_member = {int:specific_admin}') . ' ORDER BY lngfile', array('admin_id' => 1, 'specific_admin' => isset($_POST['id_admin']) ? (int) $_POST['id_admin'] : 0)); // Maybe we shouldn't advertise this? if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_access', false); } $memberFromName = un_htmlspecialchars($memberFromName); // Prepare the message storage array. $messagesToSend = array(); // Loop through each admin, and add them to the right language pile... while ($row = $smcFunc['db_fetch_assoc']($request)) { // Need to send in the correct language! $cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']; if (!isset($messagesToSend[$cur_language])) { loadLanguage('PersonalMessage', $cur_language, false); // Make the body. $report_body = str_replace(array('{REPORTER}', '{SENDER}'), array(un_htmlspecialchars($user_info['name']), $memberFromName), $txt['pm_report_pm_user_sent']); $report_body .= "\n" . '[b]' . $_POST['reason'] . '[/b]' . "\n\n"; if (!empty($recipients)) { $report_body .= $txt['pm_report_pm_other_recipients'] . ' ' . implode(', ', $recipients) . "\n\n"; } $report_body .= $txt['pm_report_pm_unedited_below'] . "\n" . '[quote author=' . (empty($memberFromID) ? '"' . $memberFromName . '"' : $memberFromName . ' link=action=profile;u=' . $memberFromID . ' date=' . $time) . ']' . "\n" . un_htmlspecialchars($body) . '[/quote]'; // Plonk it in the array ;) $messagesToSend[$cur_language] = array('subject' => ($smcFunc['strpos']($subject, $txt['pm_report_pm_subject']) === false ? $txt['pm_report_pm_subject'] : '') . un_htmlspecialchars($subject), 'body' => $report_body, 'recipients' => array('to' => array(), 'bcc' => array())); } // Add them to the list. $messagesToSend[$cur_language]['recipients']['to'][$row['id_member']] = $row['id_member']; } $smcFunc['db_free_result']($request); // Send a different email for each language. foreach ($messagesToSend as $lang => $message) { sendpm($message['recipients'], $message['subject'], $message['body']); } // Give the user their own language back! if (!empty($modSettings['userLanguage'])) { loadLanguage('PersonalMessage', '', false); } // Leave them with a template. $context['sub_template'] = 'report_message_complete'; } }
/** * Allows the user to mark a personal message as unread so they remember to come back to it */ public function action_markunread() { global $context; checkSession('request'); $pmsg = !empty($_REQUEST['pmsg']) ? (int) $_REQUEST['pmsg'] : null; // Marking a message as unread, we need a message that was sent to them // Can't mark your own reply as unread, that would be weird if (!is_null($pmsg) && checkPMReceived($pmsg)) { // Make sure this is accessible, should be of course if (!isAccessiblePM($pmsg, 'inbox')) { fatal_lang_error('no_access', false); } // Well then, you get to hear about it all over again markMessagesUnread($pmsg); } // Back to the folder. redirectexit($context['current_label_redirect']); }