$show_menu_user = TRUE;
}
unset($plugin_vars);
}
$global_plugins['plugin_controls'] = array('show_menu_user' => $show_menu_user);
SE_DEBUG ? $_benchmark->end('plugins') : NULL;
SE_DEBUG ? $_benchmark->start('page') : NULL;
// CHECK TO SEE IF SITE IS ONLINE OR NOT, ADMIN NOT LOGGED IN, DISPLAY OFFLINE PAGE
if (!$setting['setting_online'] && !$admin->admin_exists) {
$page = "offline";
include "footer.php";
}
// CALL HEADER HOOK
($hook = SE_Hook::exists('se_header')) ? SE_Hook::call($hook, array()) : NULL;
// CHECK IF LOGGED-IN USER IS ON OWNER'S BLOCKLIST
if ($user->user_exists && $owner->user_exists && $owner->user_blocked($user->user_info['user_id'])) {
// ASSIGN VARIABLES AND DISPLAY ERROR PAGE
$page = "error";
$smarty->assign('error_header', 639);
$smarty->assign('error_message', 640);
$smarty->assign('error_submit', 641);
include "footer.php";
}
// CHECK TO SEE IF USER HAS BEEN BLOCKED BY IP
if (check_ip_in_banned_list($_SERVER['REMOTE_ADDR'], $setting['setting_banned_ips'])) {
// LOGOUT IF LOGGED IN
if ($user->user_exists) {
$user->user_logout();
}
// ASSIGN VARIABLES AND DISPLAY ERROR PAGE
$page = "error";
function user_message_send($to, $subject, $message, $convo_id = NULL)
{
global $database, $notify, $url;
$recipients = array();
$recipients_full = array();
// VALIDATE CONVERSATION ID
if (!$convo_id || !is_numeric($convo_id)) {
$convo_id = 0;
}
// CHECK TO SEE IF MESSAGE IS EMPTY
if (!trim($message)) {
$this->is_error = 796;
}
// NEW MESSAGE
if (!$convo_id) {
// ORGANIZE RECIPIENTS
$tos = array_filter(preg_split('/[\\s,;]+?/', $to));
array_splice($tos, $this->level_info['level_message_recipients']);
// LOOP OVER RECIPIENTS
foreach ($tos as $to_username) {
// CANT SEND TO SELF
if (strtolower($to_username) == strtolower($this->user_info['user_username'])) {
continue;
}
// GET TO USER OBJECT
$to_user = new SEUser(array(NULL, $to_username));
// CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES
if (!$to_user->user_exists) {
continue;
}
if ($to_user->user_blocked($this->user_info['user_id'])) {
continue;
}
if (!$this->level_info['level_message_allow']) {
continue;
}
// CHECK MESSAGE TYPES AND ADD RECIPIENT
if ($this->level_info['level_message_allow'] == 2 || $this->level_info['level_message_allow'] == 1 && $this->user_friended($to_user->user_info['user_id'])) {
$recipients_full[$to_user->user_info['user_id']] =& $to_user;
$recipients[] = $to_user->user_info['user_id'];
}
}
// ENSURE THERE ARE RECIPIENTS
if (empty($recipients)) {
$this->is_error = 795;
}
// IF NO ERROR, CREATE CONVERSATION
if (!$this->is_error) {
// CREATE CONVO
$sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('" . addslashes($subject) . "', '" . (count($recipients) + 1) . "')";
$resource = $database->database_query($sql);
$convo_id = $database->database_insert_id();
// CREATE CONVOOPS
$sql = "\r\n INSERT INTO se_pmconvoops\r\n (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox)\r\n VALUES\r\n ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)";
//$is_first = TRUE;
foreach ($recipients as $to_user_id) {
$sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)";
}
// EXECUTE QUERY
$resource = $database->database_query($sql);
}
} else {
$sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'";
$resource = $database->database_query($sql);
$unauthorized = TRUE;
while ($pmconvoop_info = $database->database_fetch_assoc($resource)) {
if ($pmconvoop_info['pmconvoop_user_id'] != $this->user_info['user_id']) {
$recipients[] = $pmconvoop_info['pmconvoop_user_id'];
} else {
$unauthorized = FALSE;
}
}
// USER WAS NOT IN CONVERSATION
if ($unauthorized) {
$this->is_error = 39;
}
// FIX THIS CODE RANDOM NUMBER TEMP
}
// IF NO ERROR, ADD MESSAGE TO CONVERSATION
if (!$this->is_error) {
// LINK ALL LINKS
$message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\" target=\"_blank\">\\0</a>", $message);
$message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $message);
// RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS
$message = cleanHTML($message, "a");
// REPLACE NEWLINES IN BODY WITH BREAKS
$message = str_replace("\n", "<br>", $message);
$message = str_replace("'", "\\'", $message);
// INSERT MESSAGE
$pm_date = time();
$sql = "\r\n INSERT INTO se_pms\r\n (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body)\r\n VALUES\r\n ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}')\r\n ";
$resource = $database->database_query($sql);
// UPDATE PMCONVOOPS
$sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'";
$resource = $database->database_query($sql);
$sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'";
$resource = $database->database_query($sql);
// INSERT/SEND NOTIFICATIONS FOR RECIPIENTS
// GET RECIPIENTS IF NOT INITIAL MESSAGE
foreach ($recipients as $recipient_user_id) {
//if( empty($recipients_full[$recipient_user_id]) )
//{
$recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id));
//}
$current_recipient =& $recipients_full[$recipient_user_id];
// NOT A USER
if (!is_object($current_recipient) || !$current_recipient->user_exists) {
continue;
}
// ADD NOTIFICATION
$notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE);
// SEND EMAIL
$current_recipient->user_settings('usersetting_notify_message');
if ($current_recipient->usersetting_info['usersetting_notify_message']) {
send_systememail('message', $current_recipient->user_info[user_email], array($current_recipient->user_displayname, $this->user_displayname, "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
}
// CLEAN OUT THEM OLD MESSAGES
$num_inbox = $current_recipient->user_message_total(0, 0);
$num_outbox = $current_recipient->user_message_total(1, 0);
$num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox'];
$num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox'];
// CLEAN OUT INBOX
if ($num_inbox_delete > 0) {
$sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_inbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_inbox_delete}\r\n ";
$resource = $database->database_query($sql);
while ($result = $database->database_fetch_assoc($resource)) {
$delete_array[] = $result['pmconvo_id'];
}
// DELETE
$current_recipient->user_message_delete_selected($delete_array, 0);
}
// CLEAN OUT OUTBOX
if ($num_outbox_delete > 0) {
$sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_outbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_outbox_delete}\r\n ";
$resource = $database->database_query($sql);
while ($result = $database->database_fetch_assoc($resource)) {
$delete_array[] = $result['pmconvo_id'];
}
// DELETE
$current_recipient->user_message_delete_selected($delete_array, 1);
}
// CLEAR INACTIVE CONVERSATIONS
$this->user_message_cleanup();
}
}
return $convo_id;
}