* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Compose private message
* Called from ucp_pm with mode == 'compose'
*/
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
global $phpbb_root_path, $phpEx, $config;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
// Needed for handle_message_list_actions()
global $refresh, $submit, $preview;
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
if (!$action)
{
$action = 'post';
}
add_form_key('ucp_pm_compose');
// Grab only parameters needed here
$to_user_id = $request->variable('u', 0);
$to_group_id = $request->variable('g', 0);
$msg_id = $request->variable('p', 0);
$draft_id = $request->variable('d', 0);
$lastclick = $request->variable('lastclick', 0);
// Reply to all triggered (quote/reply)
$reply_to_all = $request->variable('reply_to_all', 0);
$address_list = $request->variable('address_list', array('' => array(0 => '')));
$preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false;
$load = (isset($_POST['load'])) ? true : false;
$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
$delete = (isset($_POST['delete'])) ? true : false;
$remove_u = (isset($_REQUEST['remove_u'])) ? true : false;
$remove_g = (isset($_REQUEST['remove_g'])) ? true : false;
$add_to = (isset($_REQUEST['add_to'])) ? true : false;
$add_bcc = (isset($_REQUEST['add_bcc'])) ? true : false;
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load
|| $remove_u || $remove_g || $add_to || $add_bcc;
$submit = $request->is_set_post('post') && !$refresh && !$preview;
$action = ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action;
$select_single = ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? false : true;
$error = array();
$current_time = time();
/** @var \phpbb\group\helper $group_helper */
$group_helper = $phpbb_container->get('group_helper');
// Was cancel pressed? If so then redirect to the appropriate page
if ($cancel || ($current_time - $lastclick < 2 && $submit))
{
if ($msg_id)
{
redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&action=view_message&p=' . $msg_id));
}
redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'));
}
// Since viewtopic.php language entries are used in several modes,
// we include the language file here
$user->add_lang('viewtopic');
/**
* Modify the default vars before composing a PM
*
* @event core.ucp_pm_compose_modify_data
* @var int msg_id post_id in the page request
* @var int to_user_id The id of whom the message is to
* @var int to_group_id The id of the group the message is to
* @var bool submit Whether the form has been submitted
* @var bool preview Whether the user is previewing the PM or not
* @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies
* @var bool delete Whether the user is deleting the PM
* @var int reply_to_all Value of reply_to_all request variable.
* @since 3.1.4-RC1
*/
$vars = array(
'msg_id',
'to_user_id',
'to_group_id',
'submit',
'preview',
'action',
'delete',
'reply_to_all',
);
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_data', compact($vars)));
// Output PM_TO box if message composing
if ($action != 'edit')
{
// Add groups to PM box
if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group'))
{
$sql = 'SELECT g.group_id, g.group_name, g.group_type
FROM ' . GROUPS_TABLE . ' g';
if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel'))
{
$sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug
ON (
g.group_id = ug.group_id
AND ug.user_id = ' . $user->data['user_id'] . '
AND ug.user_pending = 0
)
WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')';
}
$sql .= ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? ' WHERE ' : ' AND ';
$sql .= 'g.group_receive_pm = 1
ORDER BY g.group_type DESC, g.group_name ASC';
$result = $db->sql_query($sql);
$group_options = '';
while ($row = $db->sql_fetchrow($result))
{
$group_options .= '';
}
$db->sql_freeresult($result);
}
$template->assign_vars(array(
'S_SHOW_PM_BOX' => true,
'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false,
'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '',
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single),
));
}
$sql = '';
$folder_id = 0;
// What is all this following SQL for? Well, we need to know
// some basic information in all cases before we do anything.
switch ($action)
{
case 'post':
if (!$auth->acl_get('u_sendpm'))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_SEND_MESSAGE');
}
break;
case 'reply':
case 'quote':
case 'forward':
case 'quotepost':
if (!$msg_id)
{
trigger_error('NO_MESSAGE');
}
if (!$auth->acl_get('u_sendpm'))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_SEND_MESSAGE');
}
if ($action == 'quotepost')
{
$sql = 'SELECT p.post_id as msg_id, p.forum_id, p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u
WHERE p.post_id = $msg_id
AND t.topic_id = p.topic_id
AND u.user_id = p.poster_id";
}
else
{
$sql = 'SELECT t.folder_id, p.*, u.username as quote_username
FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE t.user_id = ' . $user->data['user_id'] . "
AND p.author_id = u.user_id
AND t.msg_id = p.msg_id
AND p.msg_id = $msg_id";
}
break;
case 'edit':
if (!$msg_id)
{
trigger_error('NO_MESSAGE');
}
// check for outbox (not read) status, we do not allow editing if one user already having the message
$sql = 'SELECT p.*, t.folder_id
FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p
WHERE t.user_id = ' . $user->data['user_id'] . '
AND t.folder_id = ' . PRIVMSGS_OUTBOX . "
AND t.msg_id = $msg_id
AND t.msg_id = p.msg_id";
break;
case 'delete':
if (!$auth->acl_get('u_pm_delete'))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_DELETE_MESSAGE');
}
if (!$msg_id)
{
trigger_error('NO_MESSAGE');
}
$sql = 'SELECT msg_id, pm_unread, pm_new, author_id, folder_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . "
AND msg_id = $msg_id";
break;
case 'smilies':
generate_smilies('window', 0);
break;
default:
trigger_error('NO_ACTION_MODE', E_USER_ERROR);
break;
}
if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward')))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_FORWARD_MESSAGE');
}
if ($action == 'edit' && !$auth->acl_get('u_pm_edit'))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_EDIT_MESSAGE');
}
if ($sql)
{
/**
* Alter sql query to get message for user to write the PM
*
* @event core.ucp_pm_compose_compose_pm_basic_info_query_before
* @var string sql String with the query to be executed
* @var int msg_id topic_id in the page request
* @var int to_user_id The id of whom the message is to
* @var int to_group_id The id of the group whom the message is to
* @var bool submit Whether the user is sending the PM or not
* @var bool preview Whether the user is previewing the PM or not
* @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies
* @var bool delete Whether the user is deleting the PM
* @var int reply_to_all Value of reply_to_all request variable.
* @since 3.1.0-RC5
* @changed 3.2.0-a1 Removed undefined variables
*/
$vars = array(
'sql',
'msg_id',
'to_user_id',
'to_group_id',
'submit',
'preview',
'action',
'delete',
'reply_to_all',
);
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars)));
$result = $db->sql_query($sql);
$post = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$post)
{
// If editing it could be the recipient already read the message...
if ($action == 'edit')
{
$sql = 'SELECT p.*, t.folder_id
FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p
WHERE t.user_id = ' . $user->data['user_id'] . "
AND t.msg_id = $msg_id
AND t.msg_id = p.msg_id";
$result = $db->sql_query($sql);
$post = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($post)
{
trigger_error('NO_EDIT_READ_MESSAGE');
}
}
trigger_error('NO_MESSAGE');
}
if ($action == 'quotepost')
{
if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read')))
{
send_status_line(403, 'Forbidden');
trigger_error('NOT_AUTHORISED');
}
/**
* Get the result of querying for the post to be quoted in the pm message
*
* @event core.ucp_pm_compose_quotepost_query_after
* @var string sql The original SQL used in the query
* @var array post Associative array with the data of the quoted post
* @var array msg_id The post_id that was searched to get the message for quoting
* @var int to_user_id Users the message is sent to
* @var int to_group_id Groups the message is sent to
* @var bool submit Whether the user is sending the PM or not
* @var bool preview Whether the user is previewing the PM or not
* @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies
* @var bool delete If deleting message
* @var int reply_to_all Value of reply_to_all request variable.
* @since 3.1.0-RC5
* @changed 3.2.0-a1 Removed undefined variables
*/
$vars = array(
'sql',
'post',
'msg_id',
'to_user_id',
'to_group_id',
'submit',
'preview',
'action',
'delete',
'reply_to_all',
);
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_quotepost_query_after', compact($vars)));
// Passworded forum?
if ($post['forum_id'])
{
$sql = 'SELECT forum_id, forum_name, forum_password
FROM ' . FORUMS_TABLE . '
WHERE forum_id = ' . (int) $post['forum_id'];
$result = $db->sql_query($sql);
$forum_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!empty($forum_data['forum_password']))
{
login_forum_box($forum_data);
}
}
}
$msg_id = (int) $post['msg_id'];
$folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0;
$message_text = (isset($post['message_text'])) ? $post['message_text'] : '';
if ((!$post['author_id'] || ($post['author_id'] == ANONYMOUS && $action != 'delete')) && $msg_id)
{
trigger_error('NO_AUTHOR');
}
if ($action == 'quotepost')
{
// Decode text for message display
decode_message($message_text, $post['bbcode_uid']);
}
if ($action != 'delete')
{
$enable_urls = $post['enable_magic_url'];
$enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0;
$message_attachment = (isset($post['message_attachment'])) ? $post['message_attachment'] : 0;
$message_subject = $post['message_subject'];
$message_time = $post['message_time'];
$bbcode_uid = $post['bbcode_uid'];
$quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : '';
$icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0;
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !count($address_list) && !$refresh && !$submit && !$preview)
{
// Add the original author as the recipient if quoting a post or only replying and not having checked "reply to all"
if ($action == 'quotepost' || !$reply_to_all)
{
$address_list = array('u' => array($post['author_id'] => 'to'));
}
else
{
// We try to include every previously listed member from the TO Header - Reply to all
$address_list = rebuild_header(array('to' => $post['to_address']));
// Add the author (if he is already listed then this is no shame (it will be overwritten))
$address_list['u'][$post['author_id']] = 'to';
// Now, make sure the user itself is not listed. ;)
if (isset($address_list['u'][$user->data['user_id']]))
{
unset($address_list['u'][$user->data['user_id']]);
}
}
}
else if ($action == 'edit' && !count($address_list) && !$refresh && !$submit && !$preview)
{
// Rebuild TO and BCC Header
$address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address']));
}
if ($action == 'quotepost')
{
$check_value = 0;
}
else
{
$check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1);
}
}
}
else
{
$message_attachment = 0;
$message_text = $message_subject = '';
/**
* Predefine message text and subject
*
* @event core.ucp_pm_compose_predefined_message
* @var string message_text Message text
* @var string message_subject Messate subject
* @since 3.1.11-RC1
*/
$vars = array('message_text', 'message_subject');
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_predefined_message', compact($vars)));
if ($to_user_id && $to_user_id != ANONYMOUS && $action == 'post')
{
$address_list['u'][$to_user_id] = 'to';
}
else if ($to_group_id && $action == 'post')
{
$address_list['g'][$to_group_id] = 'to';
}
$check_value = 0;
}
if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_GROUP_MESSAGE');
}
if ($action == 'edit' && !$refresh && !$preview && !$submit)
{
if (!($message_time > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']))
{
trigger_error('CANNOT_EDIT_MESSAGE_TIME');
}
}
if ($action == 'post')
{
$template->assign_var('S_NEW_MESSAGE', true);
}
if (!isset($icon_id))
{
$icon_id = 0;
}
/* @var $plupload \phpbb\plupload\plupload */
$plupload = $phpbb_container->get('plupload');
$message_parser = new parse_message();
$message_parser->set_plupload($plupload);
$message_parser->message = ($action == 'reply') ? '' : $message_text;
unset($message_text);
$s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id);
$s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : '');
// Delete triggered ?
if ($action == 'delete')
{
// Folder id has been determined by the SQL Statement
// $folder_id = $request->variable('f', PRIVMSGS_NO_BOX);
// Do we need to confirm ?
if (confirm_box(true))
{
delete_pm($user->data['user_id'], $msg_id, $folder_id);
// jump to next message in "history"? nope, not for the moment. But able to be included later.
$meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&folder=$folder_id");
$message = $user->lang['MESSAGE_DELETED'];
meta_refresh(3, $meta_info);
$message .= '
' . sprintf($user->lang['RETURN_FOLDER'], '', '');
trigger_error($message);
}
else
{
$s_hidden_fields = array(
'p' => $msg_id,
'f' => $folder_id,
'action' => 'delete'
);
// "{$phpbb_root_path}ucp.$phpEx?i=pm&mode=compose"
confirm_box(false, 'DELETE_MESSAGE', build_hidden_fields($s_hidden_fields));
}
redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&action=view_message&p=' . $msg_id));
}
// Get maximum number of allowed recipients
$max_recipients = phpbb_get_max_setting_from_group($db, $user->data['user_id'], 'max_recipients');
// If it is 0, there is no limit set and we use the maximum value within the config.
$max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients;
// If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients
if (($action == 'reply' || $action == 'quote') && $max_recipients && $reply_to_all)
{
// We try to include every previously listed member from the TO Header
$list = rebuild_header(array('to' => $post['to_address']));
// Can be an empty array too ;)
$list = (!empty($list['u'])) ? $list['u'] : array();
$list[$post['author_id']] = 'to';
if (isset($list[$user->data['user_id']]))
{
unset($list[$user->data['user_id']]);
}
$max_recipients = ($max_recipients < count($list)) ? count($list) : $max_recipients;
unset($list);
}
// Handle User/Group adding/removing
handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc);
// Check mass pm to group permission
if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')) && !empty($address_list['g']))
{
$address_list = array();
$error[] = $user->lang['NO_AUTH_GROUP_MESSAGE'];
}
// Check mass pm to users permission
if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1)
{
$address_list = get_recipients($address_list, 1);
$error[] = $user->lang('TOO_MANY_RECIPIENTS', 1);
}
// Check for too many recipients
if (!empty($address_list['u']) && $max_recipients && count($address_list['u']) > $max_recipients)
{
$address_list = get_recipients($address_list, $max_recipients);
$error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients);
}
// Always check if the submitted attachment data is valid and belongs to the user.
// Further down (especially in submit_post()) we do not check this again.
$message_parser->get_submitted_attachment_data();
if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit')
{
// Do not change to SELECT *
$sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
FROM ' . ATTACHMENTS_TABLE . "
WHERE post_msg_id = $msg_id
AND in_message = 1
AND is_orphan = 0
ORDER BY filetime DESC";
$result = $db->sql_query($sql);
$message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
$db->sql_freeresult($result);
}
if (!in_array($action, array('quote', 'edit', 'delete', 'forward')))
{
$enable_sig = ($config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig') && $user->optionget('attachsig'));
$enable_smilies = ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smilies'));
$enable_bbcode = ($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') && $user->optionget('bbcode'));
$enable_urls = true;
}
$drafts = false;
// User own some drafts?
if ($auth->acl_get('u_savedrafts') && $action != 'delete')
{
$sql = 'SELECT draft_id
FROM ' . DRAFTS_TABLE . '
WHERE forum_id = 0
AND topic_id = 0
AND user_id = ' . $user->data['user_id'] .
(($draft_id) ? " AND draft_id <> $draft_id" : '');
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
$drafts = true;
}
}
if ($action == 'edit')
{
$message_parser->bbcode_uid = $bbcode_uid;
}
$bbcode_status = ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false;
$smilies_status = ($config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies')) ? true : false;
$img_status = ($config['auth_img_pm'] && $auth->acl_get('u_pm_img')) ? true : false;
$flash_status = ($config['auth_flash_pm'] && $auth->acl_get('u_pm_flash')) ? true : false;
$url_status = ($config['allow_post_links']) ? true : false;
// Save Draft
if ($save && $auth->acl_get('u_savedrafts'))
{
$subject = $request->variable('subject', '', true);
$subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject;
$message = $request->variable('message', '', true);
if ($subject && $message)
{
if (confirm_box(true))
{
$sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => $user->data['user_id'],
'topic_id' => 0,
'forum_id' => 0,
'save_time' => $current_time,
'draft_subject' => $subject,
'draft_message' => $message
)
);
$db->sql_query($sql);
$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=$mode");
meta_refresh(3, $redirect_url);
$message = $user->lang['DRAFT_SAVED'] . '