From f9b181e0ce92fbc2d91d64a0570a74e73156c5fe Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Wed, 13 Jun 2001 17:36:58 +0000
Subject: Moved prepare message to post.php to enable privmsg to use it

git-svn-id: file:///svn/phpbb/trunk@487 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/post.php |  30 ++-
 phpBB/posting.php       | 470 +++++++++++++++++++----------------------
 phpBB/privmsg.php       | 543 +++++++++++++++++++++++++++++++++++-------------
 3 files changed, 646 insertions(+), 397 deletions(-)

(limited to 'phpBB')

diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php
index a6f3cdad39..d5963bd542 100644
--- a/phpBB/includes/post.php
+++ b/phpBB/includes/post.php
@@ -1,4 +1,4 @@
-'<?php
+<?php
 /***************************************************************************  
  *
  *                            -------------------                         
@@ -22,5 +22,33 @@
  * 
  ***************************************************************************/ 
 
+//
+// This function will prepare a posted message for 
+// entry into the database.
+//
+function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
+{
+	$message = trim($message);
+
+	if(!$html_on)
+	{
+		$message = htmlspecialchars($message);
+	}
+
+	if($bbcode_on)
+	{
+		$message = bbencode_first_pass($message, $bbcode_uid);
+	}
+
+	if($smile_on)
+	{
+		// No smile() function yet, write one...
+		//$message = smile($message);
+	}
+
+	$message = addslashes($message);
+
+	return($message);
+}
 
 ?>
diff --git a/phpBB/posting.php b/phpBB/posting.php
index c25790a201..c224668d4e 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -22,43 +22,18 @@
  ***************************************************************************/
 include('extension.inc');
 include('common.'.$phpEx);
+include('includes/post.'.$phpEx);
 include('includes/bbcode.'.$phpEx);
 
 //
-// Posting specific functions.
+// Start session management
 //
-
-// This function will prepare the message for entry into the database.
-function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
-{
-	$message = trim($message);
-
-	if(!$html_on)
-	{
-		$message = htmlspecialchars($message);
-	}
-
-	if($bbcode_on)
-	{
-		$message = bbencode_first_pass($message, $bbcode_uid);
-	}
-
-	if($smile_on)
-	{
-		// No smile() function yet, write one...
-		//$message = smile($message);
-	}
-
-	$message = addslashes($message);
-	return($message);
-}
+$userdata = session_pagestart($user_ip, PAGE_POSTING, $session_length);
+init_userprefs($userdata);
 //
-// End Posting specific functions.
+// End session management
 //
 
-//
-// Start program proper
-//
 if(!isset($HTTP_GET_VARS['forum']) && !isset($HTTP_POST_VARS['forum']))  // For backward compatibility
 {
 	$forum_id = ($HTTP_GET_VARS[POST_FORUM_URL]) ? $HTTP_GET_VARS[POST_FORUM_URL] : $HTTP_POST_VARS[POST_FORUM_URL];
@@ -71,32 +46,46 @@ else
 $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : ( (isset($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : "");
 
 //
-// Start session management
-//
-$userdata = session_pagestart($user_ip, PAGE_POSTING, $session_length);
-init_userprefs($userdata);
-//
-// End session management
+// Set initial conditions
 //
+$is_first_post = (($HTTP_GET_VARS['is_first_post'] == 1) || ($HTTP_POST_VARS['is_first_post'] == 1)) ? TRUE : FALSE;
+$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
+$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
+$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
+$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];
+$notify = (isset($HTTP_POST_VARS['notify'])) ? $HTTP_POST_VARS['notify'] : $userdata["always_notify"];
+$annouce = (isset($HTTP_POST_VARS['annouce'])) ? $HTTP_POST_VARS['annouce'] : "";
+$unannouce = (isset($HTTP_POST_VARS['unannouce'])) ? $HTTP_POST_VARS['unannouce'] : "";
+$sticky = (isset($HTTP_POST_VARS['sticky'])) ? $HTTP_POST_VARS['sticky'] : "";
+$unstick = (isset($HTTP_POST_VARS['unstick'])) ? $HTTP_POST_VARS['unstick'] : "";
+$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;
 
+if($annouce)
+{
+	$topic_type = ANNOUCE;
+}
+else if($sticky)
+{
+	$topic_type = STICKY;
+}
+else
+{
+	$topic_type = NORMAL;
+}
 
 //
 // Auth code
 //
-
-// This is a quick check to see if it works
-// can probably be placed better ...
-
 switch($mode)
 {
 	case 'newtopic':
-		if(isset($HTTP_POST_VARS['annouce']))
+		if($topic_type == ANNOUNCE)
 		{
 			$auth_type = AUTH_ANNOUCE;
 			$is_auth_type = "auth_announce";
 			$error_string = $lang['can_post_announcements'];
 		}
-		else if(isset($HTTP_POST_VARS['sticky']))
+		else if($topic_type == STICKY)
 		{
 			$auth_type = AUTH_STICKY;
 			$is_auth_type = "auth_sticky";
@@ -137,7 +126,6 @@ if(!$is_auth[$is_auth_type])
 {
 	//
 	// Ooopss, user is not authed
-	// to read this forum ...
 	//
 	include('includes/page_header.'.$phpEx);
 
@@ -153,42 +141,12 @@ if(!$is_auth[$is_auth_type])
 
 	include('includes/page_tail.'.$phpEx);
 }
-
 //
 // End Auth
 //
 
 $error = FALSE;
 
-//
-// Set initial conditions
-//
-$is_first_post = (($HTTP_GET_VARS['is_first_post'] == 1) || ($HTTP_POST_VARS['is_first_post'] == 1)) ? TRUE : FALSE;
-$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
-$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
-$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
-$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];
-$notify = (isset($HTTP_POST_VARS['notify'])) ? $HTTP_POST_VARS['notify'] : $userdata["always_notify"];
-$annouce = (isset($HTTP_POST_VARS['annouce'])) ? $HTTP_POST_VARS['annouce'] : "";
-$unannouce = (isset($HTTP_POST_VARS['unannouce'])) ? $HTTP_POST_VARS['unannouce'] : "";
-$sticky = (isset($HTTP_POST_VARS['sticky'])) ? $HTTP_POST_VARS['sticky'] : "";
-$unstick = (isset($HTTP_POST_VARS['unstick'])) ? $HTTP_POST_VARS['unstick'] : "";
-$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;
-
-
-if($annouce)
-{
-	$topic_type = ANNOUCE;
-}
-else if($sticky)
-{
-	$topic_type = STICKY;
-}
-else
-{
-	$topic_type = NORMAL;
-}
-
 //
 // Prepare our message and subject on a 'submit'
 //
@@ -199,13 +157,13 @@ if(isset($HTTP_POST_VARS['submit']) || $preview)
 	//
 	if($mode != 'editpost' && !$preview)
 	{
-		$sql = "SELECT max(post_time) AS last_post_time
-			FROM ".POSTS_TABLE."
+		$sql = "SELECT MAX(post_time) AS last_post_time
+			FROM " . POSTS_TABLE . "
 			WHERE poster_ip = '$user_ip'";
 		if($result = $db->sql_query($sql))
 		{
-			$db_row = $db->sql_fetchrowset($result);
-			$last_post_time = $db_row[0]['last_post_time'];
+			$db_row = $db->sql_fetchrow($result);
+			$last_post_time = $db_row['last_post_time'];
 			$current_time = get_gmt_ts();
 
 			if(($current_time - $last_post_time) < $board_config['flood_interval'])
@@ -349,8 +307,8 @@ switch($mode)
 			if($db->sql_query($sql))
 			{
 				$new_topic_id = $db->sql_nextid();
-				$sql = "INSERT INTO ".POSTS_TABLE." (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid)
-						  VALUES ($new_topic_id, $forum_id, ".$userdata['user_id'].", '".$username."', $topic_time, '$user_ip', '$uid')";
+				$sql = "INSERT INTO ".POSTS_TABLE." (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid) 
+					VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$uid')";
 
 				if($db->sql_query($sql))
 				{
@@ -979,7 +937,7 @@ if(empty($username))
 //
 // Start: Preview Post
 //
-if($preview)
+if($preview && !$error)
 {
 	$preview_message = $message;
 	$uid = make_bbcode_uid();
@@ -1011,205 +969,205 @@ if($preview)
 
 if(!isset($HTTP_GET_VARS[POST_FORUM_URL]) && !isset($HTTP_POST_VARS[POST_FORUM_URL]))
 {
-	error_die(GENERAL_ERROR, "Sorry, no there is no such forum");
+	error_die(GENERAL_ERROR, "Sorry but there is no such forum");
 }
 
-		$sql = "SELECT forum_name
-					FROM ".FORUMS_TABLE."
-					WHERE forum_id = $forum_id";
-		if(!$result = $db->sql_query($sql))
-		{
-			error_die(SQL_QUERY, "Could not obtain forum/forum access information.", __LINE__, __FILE__);
-		}
-		$forum_info = $db->sql_fetchrow($result);
-		$forum_name = stripslashes($forum_info['forum_name']);
-
-		$template->set_filenames(array(
-			"body" => "posting_body.tpl",
-			"jumpbox" => "jumpbox.tpl")
-		);
-		$jumpbox = make_jumpbox();
-		$template->assign_vars(array(
-			"JUMPBOX_LIST" => $jumpbox,
-			"SELECT_NAME" => POST_FORUM_URL)
-		);
-		$template->assign_var_from_handle("JUMPBOX", "jumpbox");
-
-		$template->assign_vars(array(
-			"FORUM_ID" => $forum_id,
-			"FORUM_NAME" => $forum_name,
-
-			"L_POSTNEWIN" => $section_title,
-
-			"U_VIEW_FORUM" => append_sid("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id"))
-		);
-
-		if($userdata['session_logged_in'])
-		{
-			$username_input = $userdata["username"];
-			$password_input = "";
-		}
-		else
-		{
-			$username_input = '<input type="text" name="username" value="' . $username . '" size="25" maxlength="50">';
-			$password_input = '<input type="password" name="password" size="25" maxlenght="40">';
-		}
-		$subject_input = '<input type="text" name="subject" value="'.$subject.'" size="50" maxlength="255">';
-		$message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">'.$message.'</textarea>';
+$sql = "SELECT forum_name
+			FROM ".FORUMS_TABLE."
+			WHERE forum_id = $forum_id";
+if(!$result = $db->sql_query($sql))
+{
+	error_die(SQL_QUERY, "Could not obtain forum/forum access information.", __LINE__, __FILE__);
+}
+$forum_info = $db->sql_fetchrow($result);
+$forum_name = stripslashes($forum_info['forum_name']);
+
+$template->set_filenames(array(
+	"body" => "posting_body.tpl",
+	"jumpbox" => "jumpbox.tpl")
+);
+$jumpbox = make_jumpbox();
+$template->assign_vars(array(
+	"JUMPBOX_LIST" => $jumpbox,
+	"SELECT_NAME" => POST_FORUM_URL)
+);
+$template->assign_var_from_handle("JUMPBOX", "jumpbox");
+
+$template->assign_vars(array(
+	"FORUM_ID" => $forum_id,
+	"FORUM_NAME" => $forum_name,
+
+	"L_POSTNEWIN" => $section_title,
+
+	"U_VIEW_FORUM" => append_sid("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id"))
+);
+
+if($userdata['session_logged_in'])
+{
+	$username_input = $userdata["username"];
+	$password_input = "";
+}
+else
+{
+	$username_input = '<input type="text" name="username" value="' . $username . '" size="25" maxlength="50">';
+	$password_input = '<input type="password" name="password" size="25" maxlenght="40">';
+}
+$subject_input = '<input type="text" name="subject" value="'.$subject.'" size="50" maxlength="255">';
+$message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">'.$message.'</textarea>';
 
-		if($board_config['allow_html'])
-		{
-			$html_status = $lang['HTML'] . $lang['is_ON'];
-			$html_toggle = '<input type="checkbox" name="disable_html" ';
-			if($disable_html)
-			{
-				$html_toggle .= 'checked';
-			}
-			$html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'];
-		}
-		else
-		{
-			$html_status = $lang['HTML'] . $lang['is_OFF'];
-		}
+if($board_config['allow_html'])
+{
+	$html_status = $lang['HTML'] . $lang['is_ON'];
+	$html_toggle = '<input type="checkbox" name="disable_html" ';
+	if($disable_html)
+	{
+		$html_toggle .= 'checked';
+	}
+	$html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'];
+}
+else
+{
+	$html_status = $lang['HTML'] . $lang['is_OFF'];
+}
+
+if($board_config['allow_bbcode'])
+{
+	$bbcode_status = $lang['BBCode'] . $lang['is_ON'];
+	$bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';
+	if($disable_bbcode)
+	{
+		$bbcode_toggle .= "checked";
+	}
+	$bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'];
+}
+else
+{
+	$bbcode_status = $lang['BBCode'] . $lang['is_OFF'];
+}
 
-		if($board_config['allow_bbcode'])
+if($board_config['allow_smilies'])
+{
+	$smile_toggle = '<input type="checkbox" name="disable_smile" ';
+	if($disable_smilies)
+	{
+		$smile_toggle .= "checked";
+	}
+	$smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'];
+}
+
+$sig_toggle = '<input type="checkbox" name="attach_sig" ';
+if($attach_sig)
+{
+	$sig_toggle .= "checked";
+}
+$sig_toggle .= "> " . $lang['Attach_signature'];
+
+if($mode == 'newtopic' || ($mode == 'editpost' && $is_first_post))
+{
+	if($is_auth['auth_announce'])
+	{
+		if(!$is_annouce)
 		{
-			$bbcode_status = $l_bbcodeis . " " . $l_on;
-			$bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';
-			if($disable_bbcode)
+			$annouce_toggle = '<input type="checkbox" name="annouce" ';
+			if($annouce)
 			{
-				$bbcode_toggle .= "checked";
+				$announce_toggle .= "checked";
 			}
-			$bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'];
+			$annouce_toggle .= '> '.$lang['Post_Annoucement'];
 		}
 		else
 		{
-			$bbcode_status = $lang['BBCode'] . $lang['is_OFF'];
-		}
-
-		if($board_config['allow_smilies'])
-		{
-			$smile_toggle = '<input type="checkbox" name="disable_smile" ';
-			if($disable_smilies)
+			$annouce_toggle = '<input type="checkbox" name="unannouce" ';
+			if($unannouce)
 			{
-				$smile_toggle .= "checked";
+				$announce_toggle .= "checked";
 			}
-			$smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'];
-		}
-
-		$sig_toggle = '<input type="checkbox" name="attach_sig" ';
-		if($attach_sig)
-		{
-			$sig_toggle .= "checked";
+			$annouce_toggle .= '> '.$lang['Un_announce'];
 		}
-		$sig_toggle .= "> " . $lang['Attach_signature'];
+	}
 
-		if($mode == 'newtopic' || ($mode == 'editpost' && $is_first_post))
+	if($is_auth['auth_sticky'])
+	{
+		if(!$is_stuck)
 		{
-			if($is_auth['auth_announce'])
+			$sticky_toggle = '<input type="checkbox" name="sticky" ';
+			if($sticky)
 			{
-				if(!$is_annouce)
-				{
-					$annouce_toggle = '<input type="checkbox" name="annouce" ';
-					if($annouce)
-					{
-						$announce_toggle .= "checked";
-					}
-					$annouce_toggle .= '> '.$lang['Post_Annoucement'];
-				}
-				else
-				{
-					$annouce_toggle = '<input type="checkbox" name="unannouce" ';
-					if($unannouce)
-					{
-						$announce_toggle .= "checked";
-					}
-					$annouce_toggle .= '> '.$lang['Un_announce'];
-				}
-			}
-
-			if($is_auth['auth_sticky'])
-			{
-				if(!$is_stuck)
-				{
-					$sticky_toggle = '<input type="checkbox" name="sticky" ';
-					if($sticky)
-					{
-						$sticky_toggle .= "checked";
-					}
-					$sticky_toggle .= '> '.$lang['Post_Sticky'];
-				}
-				else
-				{
-					$sticky_toggle = '<input type="checkbox" name="unstick" ';
-					if($unstick)
-					{
-						$sticky_toggle .= "checked";
-					}
-					$sticky_toggle .= '> '.$lang['Un_stick'];
-				}
+				$sticky_toggle .= "checked";
 			}
+			$sticky_toggle .= '> '.$lang['Post_Sticky'];
 		}
-
-
-		if($mode == 'newtopic' || ($mode == 'editpost' && $notify_show))
+		else
 		{
-			$notify_toggle = '<input type="checkbox" name="notify" ';
-			if($notify)
+			$sticky_toggle = '<input type="checkbox" name="unstick" ';
+			if($unstick)
 			{
-				$notify_toggle .= "checked";
+				$sticky_toggle .= "checked";
 			}
-			$notify_toggle .= "> " . $lang['Notify'];
+			$sticky_toggle .= '> '.$lang['Un_stick'];
 		}
+	}
+}
 
-		if($mode == 'reply' || $mode == 'editpost')
-		{
-			$topic_id = ($HTTP_GET_VARS[POST_TOPIC_URL]) ? $HTTP_GET_VARS[POST_TOPIC_URL] : $HTTP_POST_VARS[POST_TOPIC_URL];
-			$post_id = ($HTTP_GET_VARS[POST_POST_URL]) ? $HTTP_GET_VARS[POST_POST_URL] : $HTTP_POST_VARS[POST_POST_URL];
-		}
-		$hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"" . POST_FORUM_URL . "\" value=\"$forum_id\"><input type=\"hidden\" name=\"" . POST_TOPIC_URL . "\" value=\"$topic_id\"><input type=\"hidden\" name=\"" . POST_POST_URL . "\" value=\"$post_id\"><input type=\"hidden\" name=\"is_first_post\" value=\"$is_first_post\">";
+if($mode == 'newtopic' || ($mode == 'editpost' && $notify_show))
+{
+	$notify_toggle = '<input type="checkbox" name="notify" ';
+	if($notify)
+	{
+		$notify_toggle .= "checked";
+	}
+	$notify_toggle .= "> " . $lang['Notify'];
+}
 
-		if($mode == 'newtopic')
-		{
-			$post_a = $lang['Post_a_new_topic'];
-		}
-		else if($mode == 'reply')
-		{
-			$post_a = $lang['Post_a_reply'];
-		}
-		else if($mode == 'editpost')
-		{
-			$post_a = $lang['Edit_Post'];
-		}
+if($mode == 'reply' || $mode == 'editpost')
+{
+	$topic_id = ($HTTP_GET_VARS[POST_TOPIC_URL]) ? $HTTP_GET_VARS[POST_TOPIC_URL] : $HTTP_POST_VARS[POST_TOPIC_URL];
+	$post_id = ($HTTP_GET_VARS[POST_POST_URL]) ? $HTTP_GET_VARS[POST_POST_URL] : $HTTP_POST_VARS[POST_POST_URL];
+}
+$hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"" . POST_FORUM_URL . "\" value=\"$forum_id\"><input type=\"hidden\" name=\"" . POST_TOPIC_URL . "\" value=\"$topic_id\"><input type=\"hidden\" name=\"" . POST_POST_URL . "\" value=\"$post_id\"><input type=\"hidden\" name=\"is_first_post\" value=\"$is_first_post\">";
+
+if($mode == 'newtopic')
+{
+	$post_a = $lang['Post_a_new_topic'];
+}
+else if($mode == 'reply')
+{
+	$post_a = $lang['Post_a_reply'];
+}
+else if($mode == 'editpost')
+{
+	$post_a = $lang['Edit_Post'];
+}
 		
-		$template->assign_vars(array(
-			"USERNAME_INPUT" => $username_input,
-			"PASSWORD_INPUT" => $password_input,
-			"SUBJECT_INPUT" => $subject_input,
-			"MESSAGE_INPUT" => $message_input,
-			"HTML_STATUS" => $html_status,
-			"HTML_TOGGLE" => $html_toggle,
-			"SMILE_TOGGLE" => $smile_toggle,
-			"SIG_TOGGLE" => $sig_toggle,
-			"ANNOUNCE_TOGGLE" => $annouce_toggle,
-			"STICKY_TOGGLE" => $sticky_toggle,
-			"NOTIFY_TOGGLE" => $notify_toggle,
-			"BBCODE_TOGGLE" => $bbcode_toggle,
-			"BBCODE_STATUS" => $bbcode_status,
-
-			"L_SUBJECT" => $lang['Subject'],
-			"L_MESSAGE_BODY" => $lang['Message_body'],
-			"L_OPTIONS" => $lang['Options'],
-			"L_PREVIEW" => $lang['Preview'],
-			"L_SUBMIT" => $lang['Submit_post'],
-			"L_CANCEL" => $lang['Cancel_post'],
-			"L_POST_A" => $post_a,
-
-			"S_POST_ACTION" => append_sid("posting.$phpEx"),
-			"S_HIDDEN_FORM_FIELDS" => $hidden_form_fields)
-		);
-
-		$template->pparse("body");
-
-		include('includes/page_tail.'.$phpEx);
+$template->assign_vars(array(
+	"USERNAME_INPUT" => $username_input,
+	"PASSWORD_INPUT" => $password_input,
+	"SUBJECT_INPUT" => $subject_input,
+	"MESSAGE_INPUT" => $message_input,
+	"HTML_STATUS" => $html_status,
+	"HTML_TOGGLE" => $html_toggle,
+	"SMILE_TOGGLE" => $smile_toggle,
+	"SIG_TOGGLE" => $sig_toggle,
+	"ANNOUNCE_TOGGLE" => $annouce_toggle,
+	"STICKY_TOGGLE" => $sticky_toggle,
+	"NOTIFY_TOGGLE" => $notify_toggle,
+	"BBCODE_TOGGLE" => $bbcode_toggle,
+	"BBCODE_STATUS" => $bbcode_status,
+
+	"L_SUBJECT" => $lang['Subject'],
+	"L_MESSAGE_BODY" => $lang['Message_body'],
+	"L_OPTIONS" => $lang['Options'],
+	"L_PREVIEW" => $lang['Preview'],
+	"L_SUBMIT" => $lang['Submit_post'],
+	"L_CANCEL" => $lang['Cancel_post'],
+	"L_POST_A" => $post_a,
+
+	"S_POST_ACTION" => append_sid("posting.$phpEx"),
+	"S_HIDDEN_FORM_FIELDS" => $hidden_form_fields)
+);
+
+$template->pparse("body");
+
+include('includes/page_tail.'.$phpEx);
+
 ?>
\ No newline at end of file
diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php
index 5f9a1454a8..a40c5c1312 100644
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -23,6 +23,7 @@
  ***************************************************************************/
 include('extension.inc');
 include('common.'.$phpEx);
+include('includes/post.'.$phpEx);
 include('includes/bbcode.'.$phpEx);
 
 $pagetype = "privmsgs";
@@ -37,16 +38,17 @@ init_userprefs($userdata);
 // End session management
 //
 
-$folder = (!empty($HTTP_GET_VARS['folder'])) ? $HTTP_GET_VARS['folder'] : "inbox";
-$mode = (!empty($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : "";
+$folder = (!empty($HTTP_GET_VARS['folder'])) ? $HTTP_GET_VARS['folder'] : ( (!empty($HTTP_POST_VARS['folder'])) ? $HTTP_POST_VARS['folder'] : "inbox" );
+if(empty($HTTP_POST_VARS['cancel']))
+{
+	$mode = (!empty($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : ( (!empty($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : "" );
+}
+else
+{
+	$mode = "";
+}
 $start = (!empty($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0;
 
-//
-// Output page header and
-// open the index body template
-//
-include('includes/page_header.'.$phpEx);
-
 //
 // Start main
 //
@@ -67,13 +69,13 @@ if($mode == "read")
 		$folder = $HTTP_GET_VARS['folder']; 
 		if($folder == "inbox" || $folder == "saved")
 		{
-			$user_to_sql = "AND pm.privmsgs_to_groupid = ug2.group_id AND ug2.user_id = " . $userdata['user_id'];
-			$user_from_sql = "AND pm.privmsgs_from_groupid = ug.group_id AND u.user_id = ug.user_id";
+			$user_to_sql = "AND pm.privmsgs_to_userid = " . $userdata['user_id'];
+			$user_from_sql = "AND u.user_id = pm.privmsgs_from_userid";
 		}
 		else
 		{
-			$user_to_sql = "AND pm.privmsgs_to_groupid = ug.group_id AND u.user_id = ug.user_id";
-			$user_from_sql = "AND pm.privmsgs_from_groupid = ug2.group_id AND ug2.user_id = " . $userdata['user_id'];
+			$user_to_sql = "AND u.user_id = pm.privmsgs_to_userid";
+			$user_from_sql = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'];
 		}
 	}
 	else
@@ -82,6 +84,8 @@ if($mode == "read")
 
 	}
 
+	include('includes/page_header.'.$phpEx);
+
 	//
 	// Load templates
 	//
@@ -96,8 +100,8 @@ if($mode == "read")
 	);
 	$template->assign_var_from_handle("JUMPBOX", "jumpbox");
 
-	$sql = "SELECT u.username, u.user_id, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_viewemail, u.user_sig, u.user_avatar, pm.privmsgs_id, pm.privmsgs_type, pm.privmsgs_date, pm.privmsgs_subject, pm.privmsgs_bbcode_uid, pmt.privmsgs_text 
-		FROM ".PRIVMSGS_TABLE." pm, " . PRIVMSGS_TEXT_TABLE . " pmt, ".USERS_TABLE." u, " . USER_GROUP_TABLE . " ug,  " . USER_GROUP_TABLE . " ug2
+	$sql = "SELECT u.username, u.user_id, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_viewemail, u.user_sig, u.user_avatar, pm.privmsgs_id, pm.privmsgs_type, pm.privmsgs_subject, pm.privmsgs_from_userid, pm.privmsgs_to_userid, pm.privmsgs_date, pm.privmsgs_ip, pm.privmsgs_bbcode_uid, pmt.privmsgs_text 
+		FROM ".PRIVMSGS_TABLE." pm, " . PRIVMSGS_TEXT_TABLE . " pmt, ".USERS_TABLE." u  
 		WHERE pm.privmsgs_id = $privmsgs_id 
 			AND pmt.privmsgs_text_id = pm.privmsgs_id 
 			$user_to_sql 
@@ -117,6 +121,32 @@ if($mode == "read")
 		{
 			error_die(SQL_QUERY, "Could not update private message read status.", __LINE__, __FILE__);
 		}
+
+		//
+		// This makes a copy of the post and stores
+		// it as a SENT message from the sendee. Perhaps
+		// not the most DB friendly way but a lot easier
+		// to manage, besides the admin will be able to
+		// set limits on numbers of storable posts for
+		// users ... hopefully!
+		//
+		$sql = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_bbcode_uid) 
+			VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . stripslashes($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', '" . $privmsg['privmsgs_bbcode_uid'] . "')";
+		if(!$pm_sent_status = $db->sql_query($sql))
+		{
+			error_die(SQL_QUERY, "Could not insert private message sent info.", __LINE__, __FILE__);
+		}
+		else
+		{
+			$privmsg_sent_id = $db->sql_nextid($pm_sent_status);
+
+			$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_text) 
+				VALUES ($privmsg_sent_id, '" . stripslashes($privmsg['privmsgs_text']) . "')";
+			if(!$pm_sent_text_status = $db->sql_query($sql))
+			{
+				error_die(SQL_QUERY, "Could not insert private message sent text.", __LINE__, __FILE__);
+			}
+		}
 	}
 
 	//
@@ -155,17 +185,22 @@ if($mode == "read")
 
 	$poster = stripslashes($privmsg['username']);
 	$poster_id = $privmsg['user_id'];
+
 	$post_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['default_timezone']);
-	$poster_avatar = ($privmsg['user_avatar'] != "" && $userdata['user_id'] != ANONYMOUS) ? "<img src=\"".$board_config['avatar_path']."/".$privmsg['user_avatar']."\">" : "";
 
-	$profile_img = "<a href=\"".append_sid("profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=$poster_id")."\"><img src=\"".$images['profile']."\" alt=\"$l_profileof $poster\" border=\"0\"></a>";
-	$email_img = ($privmsg['user_viewemail'] == 1) ? "<a href=\"mailto:".$privmsg['user_email']."\"><img src=\"".$images['email']."\" alt=\"$l_email $poster\" border=\"0\"></a>" : "";
-	$www_img = ($privmsg['user_website']) ? "<a href=\"".$privmsg['user_website']."\"><img src=\"".$images['www']."\" alt=\"$l_viewsite\" border=\"0\"></a>" : "";
+	$poster_avatar = ($privmsg['user_avatar'] != "" && $userdata['user_id'] != ANONYMOUS) ? "<img src=\"" . $board_config['avatar_path'] . "/" . $privmsg['user_avatar'] . "\">" : "";
+
+	$profile_img = "<a href=\"" . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id") . "\"><img src=\"" . $images['profile'] . "\" alt=\"$l_profileof $poster\" border=\"0\"></a>";
+
+	$email_img = ($privmsg['user_viewemail'] == 1) ? "<a href=\"mailto:" . $privmsg['user_email'] . "\"><img src=\"" .$images['email'] . "\" alt=\"$l_email $poster\" border=\"0\"></a>" : "";
+
+	$www_img = ($privmsg['user_website']) ? "<a href=\"" . $privmsg['user_website'] . "\"><img src=\"" . $images['www'] . "\" alt=\"$l_viewsite\" border=\"0\"></a>" : "";
 
 	if($privmsg['user_icq'])
 	{
-		$icq_status_img = "<a href=\"http://wwp.icq.com/".$privmsg['user_icq']."#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=".$privmsg['user_icq']."&img=5\" alt=\"$l_icqstatus\" border=\"0\"></a>";
-		$icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$privmsg['user_icq']."\"><img src=\"".$images['icq']."\" alt=\"$l_icq\" border=\"0\"></a>";
+		$icq_status_img = "<a href=\"http://wwp.icq.com/" . $privmsg['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $privmsg['user_icq'] . "&img=5\" alt=\"$l_icqstatus\" border=\"0\"></a>";
+
+		$icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $privmsg['user_icq'] . "\"><img src=\"" . $images['icq'] . "\" alt=\"$l_icq\" border=\"0\"></a>";
 	}
 	else
 	{
@@ -173,9 +208,11 @@ if($mode == "read")
 		$icq_add_img = "";
 	}
 
-	$aim_img = ($privmsg['user_aim']) ? "<a href=\"aim:goim?screenname=".$privmsg['user_aim']."&message=Hello+Are+you+there?\"><img src=\"".$images['aim']."\" border=\"0\"></a>" : "";
-	$msn_img = ($privmsg['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=$poster_id\"><img src=\"".$images['msn']."\" border=\"0\"></a>" : "";
-	$yim_img = ($privmsg['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=".$privmsg['user_yim']."&.src=pg\"><img src=\"".$images['yim']."\" border=\"0\"></a>" : "";
+	$aim_img = ($privmsg['user_aim']) ? "<a href=\"aim:goim?screenname=" . $privmsg['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['aim'] . "\" border=\"0\"></a>" : "";
+
+	$msn_img = ($privmsg['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['msn'] . "\" border=\"0\"></a>" : "";
+
+	$yim_img = ($privmsg['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $privmsg['user_yim'] . "&.src=pg\"><img src=\"" . $images['yim'] . "\" border=\"0\"></a>" : "";
 
 	if($folder == "inbox")
 	{
@@ -183,8 +220,10 @@ if($mode == "read")
 	}
 
 	$post_subject = stripslashes($privmsg['privmsgs_subject']);
+
 	$message = stripslashes($privmsg['privmsgs_text']);
 	$bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
+
 	$user_sig = stripslashes($privmsg['user_sig']);
 
 	if(!$board_config['allow_html'])
@@ -230,10 +269,23 @@ if($mode == "read")
 	include('includes/page_tail.'.$phpEx);
 
 }
-else if($mode == "post" || $mode == "reply")
+else if($mode == "post" || $mode == "reply" || $mode == "edit")
 {
 
-	if($mode == "reply")
+	if(!$userdata['session_logged_in'])
+	{
+		header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=$folder&mode=$mode"));
+	}
+
+	$disable_html = (isset($HTTP_POST_VARS['disable_html'])) ? $HTTP_POST_VARS['disable_html'] : !$userdata['user_allowhtml'];
+	$disable_bbcode = (isset($HTTP_POST_VARS['disable_bbcode'])) ? $HTTP_POST_VARS['disable_bbcode'] : !$userdata['user_allowbbcode'];
+	$disable_smilies = (isset($HTTP_POST_VARS['disable_smile'])) ? $HTTP_POST_VARS['disable_smile'] : !$userdata['user_allowsmile'];
+	$attach_sig = (isset($HTTP_POST_VARS['attach_sig'])) ? $HTTP_POST_VARS['attach_sig'] : $userdata['user_attachsig'];
+	$preview = (isset($HTTP_POST_VARS['preview'])) ? TRUE : FALSE;
+
+	$username = (isset($HTTP_POST_VARS['username'])) ? $HTTP_POST_VARS['username'] : "";
+
+	if($mode == "reply" || $mode == "edit")
 	{
 		if(!empty($HTTP_GET_VARS[POST_POST_URL]))
 		{
@@ -246,12 +298,187 @@ else if($mode == "post" || $mode == "reply")
 		}
 	}
 
+	if!empty($HTTP_GET_VARS[POST_USERS_URL]))
+	{
+		$sql = "SELECT username 
+			FROM " . USERS_TABLE . " 
+			WHERE user_id = " . $HTTP_GET_VARS[POST_USERS_URL];
+		if(!$result = $db->sql_query($sql))
+		{
+			$error = TRUE;
+			$error_msg = $lang['No_such_user'];
+		}
+		else
+		{
+			list($username) = $db->sql_fetchrow($result);
+		}
+	}
+
+	if($HTTP_POST_VARS['submit'] || $preview)
+	{
+		//
+		// Flood control
+		//
+		if($mode != 'edit' && !$preview)
+		{
+			$sql = "SELECT MAX(privmsgs_date) AS last_post_time
+				FROM " . PRIVMSGS_TABLE . "
+				WHERE privmsgs_ip = '$user_ip'";
+			if($result = $db->sql_query($sql))
+			{
+				$db_row = $db->sql_fetchrow($result);
+				$last_post_time = $db_row['last_post_time'];
+				$current_time = get_gmt_ts();
+
+				if(($current_time - $last_post_time) < $board_config['flood_interval'])
+				{
+					$error = TRUE;
+					$error_msg = $lang['Flood_Error'];
+				}
+			}
+		}
+		//
+		// End: Flood control
+		//
+
+		$subject = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['subject'])));
+		if($mode == "post" && empty($subject))
+		{
+			$error = TRUE;
+			if(isset($error_msg))
+			{
+				$error_msg .= "<br />";
+			}
+			$error_msg .= $lang['Empty_subject'];
+		}
+
+		if(!empty($HTTP_POST_VARS['message']))
+		{
+			if(!$error && !$preview)
+			{
+				$html_on = ($disable_html) ? FALSE : TRUE;
+				$bbcode_on = ($diable_bbcode) ? FALSE : TRUE;
+				$smile_on = ($disable_smilies) ? FALSE : TRUE;
+
+				$message = prepare_message($HTTP_POST_VARS['message'], $html_on, $bbcode_on, $smile_on, $uid);
+
+				if($attach_sig && !empty($userdata['user_sig']))
+				{
+					$message .= "[addsig]";
+				}
+			}
+			else
+			{
+				// do stripslashes incase magic_quotes is on.
+				$message = stripslashes($HTTP_POST_VARS['message']);
+			}
+		}
+		else
+		{
+			$error = TRUE;
+			if(isset($error_msg))
+			{
+				$error_msg .= "<br />";
+			}
+			$error_msg .= $lang['Empty_msg'];
+		}
+
+		if(!empty($HTTP_POST_VARS['to_userid']))
+		{
+			$to_user_id = $HTTP_POST_VARS['to_userid'];
+		}
+		else
+		{
+			$error = TRUE;
+			if(isset($error_msg))
+			{
+				$error_msg .= "<br />";
+			}
+			$error_msg .= $lang['No_to_user'];
+		}		
+
+		if($HTTP_POST_VARS['submit'] && !$preview)
+		{
+			$sql = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_bbcode_uid) 
+				VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . stripslashes($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', '" . $privmsg['privmsgs_bbcode_uid'] . "')";
+			if(!$pm_sent_status = $db->sql_query($sql))
+			{
+				error_die(SQL_QUERY, "Could not insert private message sent info.", __LINE__, __FILE__);
+			}
+			else
+			{
+				$privmsg_sent_id = $db->sql_nextid($pm_sent_status);
+
+				$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_text) 
+					VALUES ($privmsg_sent_id, '" . stripslashes($privmsg['privmsgs_text']) . "')";
+				if(!$pm_sent_text_status = $db->sql_query($sql))
+				{
+					error_die(SQL_QUERY, "Could not insert private message sent text.", __LINE__, __FILE__);
+				}
+			}
+
+
+
+
+		}
+	}
+
+	//
+	// Obtain list of groups/users is
+	// this user is a group moderator
+	//
+	if($mode == "post")
+	{
+		unset($mod_group_list);
+		$sql = "SELECT g.group_id, g.group_name, g.group_moderator, g.group_single_user, u.username 
+			FROM phpbb_groups g, phpbb_user_group ug, phpbb_users u 
+			WHERE g.group_moderator = " . $userdata['user_id'] ." 
+				AND ug.group_id = g.group_id 
+				AND u.user_id = ug.user_id";
+		if(!$group_status = $db->sql_query($sql))
+		{
+			error_die(SQL_QUERY, "Could not obtain group moderator list.", __LINE__, __FILE__);
+		}
+		if($db->sql_numrows($group_status))
+		{
+			$mod_group_list = $db->sql_fetchrowset($group_status);
+		}
+	}
+
+
+
+	include('includes/page_header.'.$phpEx);
+
+	if($preview && !$error)
+	{
+		$preview_message = $message;
+		$uid = make_bbcode_uid();
+		$preview_message = prepare_message($preview_message, TRUE, TRUE, TRUE, $uid);
+		$preview_message = bbencode_second_pass($preview_message, $uid);
+		$preview_message = make_clickable($preview_message);
+
+		$template->set_filenames(array(
+			"preview" => "posting_preview.tpl")
+		);
+		$template->assign_vars(array(
+			"TOPIC_TITLE" => $subject, 
+			"POST_SUBJECT" => $subject, 
+			"ROW_COLOR" => "#" . $theme['td_color1'],
+			"POSTER_NAME" => $username,
+			"POST_DATE" => create_date($board_config['default_dateformat'], time(), $board_config['default_timezone']),
+			"MESSAGE" => stripslashes(nl2br($preview_message)),
+		
+			"L_PREVIEW" => $lang['Preview'],
+			"L_POSTED" => $lang['Posted'])
+		);
+		$template->pparse("preview");
+	}
 
 	//
 	// Load templates
 	//
 	$template->set_filenames(array(
-		"body" => "posting_body.tpl",
+		"body" => "privmsgs_posting_body.tpl",
 		"jumpbox" => "jumpbox.tpl")
 	);
 	$jumpbox = make_jumpbox();
@@ -261,6 +488,93 @@ else if($mode == "post" || $mode == "reply")
 	);
 	$template->assign_var_from_handle("JUMPBOX", "jumpbox");
 
+	if($board_config['allow_html'])
+	{
+		$html_status = $lang['HTML'] . $lang['is_ON'];
+		$html_toggle = '<input type="checkbox" name="disable_html" ';
+		if($disable_html)
+		{
+			$html_toggle .= 'checked';
+		}
+		$html_toggle .= "> " . $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'];
+	}
+	else
+	{
+		$html_status = $lang['HTML'] . $lang['is_OFF'];
+	}
+
+	if($board_config['allow_bbcode'])
+	{
+		$bbcode_status = $lang['BBCode'] . $lang['is_ON'];
+		$bbcode_toggle = '<input type="checkbox" name="disable_bbcode" ';
+		if($disable_bbcode)
+		{
+			$bbcode_toggle .= "checked";
+		}
+		$bbcode_toggle .= "> " . $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'];
+	}
+	else
+	{
+		$bbcode_status = $lang['BBCode'] . $lang['is_OFF'];
+	}
+		
+	if($board_config['allow_smilies'])
+	{
+		$smile_toggle = '<input type="checkbox" name="disable_smile" ';
+		if($disable_smilies)
+		{
+			$smile_toggle .= "checked";
+		}
+		$smile_toggle .= "> " . $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'];
+	}
+
+	$sig_toggle = '<input type="checkbox" name="attach_sig" ';
+	if($attach_sig)
+	{
+		$sig_toggle .= "checked";
+	}
+	$sig_toggle .= "> " . $lang['Attach_signature'];
+
+	if($mode == 'post')
+	{
+		$post_a = $lang['Post_a_new_topic'];
+	}
+	else if($mode == 'reply')
+	{
+		$post_a = $lang['Post_a_reply'];
+	}
+	else if($mode == 'editpost')
+	{
+		$post_a = $lang['Edit_Post'];
+	}
+
+	$hidden_form_fields = "<input type=\"hidden\" name=\"mode\" value=\"$mode\"><input type=\"hidden\" name=\"folder\" value=\"$folder\">";
+
+	$template->assign_vars(array(
+		"SUBJECT_INPUT" => $subject_input,
+		"MESSAGE_INPUT" => $message_input,
+		"HTML_STATUS" => $html_status,
+		"HTML_TOGGLE" => $html_toggle,
+		"SMILE_TOGGLE" => $smile_toggle,
+		"SIG_TOGGLE" => $sig_toggle,
+		"ANNOUNCE_TOGGLE" => $annouce_toggle,
+		"STICKY_TOGGLE" => $sticky_toggle,
+		"NOTIFY_TOGGLE" => $notify_toggle,
+		"BBCODE_TOGGLE" => $bbcode_toggle,
+		"BBCODE_STATUS" => $bbcode_status,
+
+		"L_SUBJECT" => $lang['Subject'],
+		"L_MESSAGE_BODY" => $lang['Message_body'],
+		"L_OPTIONS" => $lang['Options'],
+		"L_PREVIEW" => $lang['Preview'],
+		"L_SUBMIT" => $lang['Submit_post'],
+		"L_CANCEL" => $lang['Cancel_post'],
+		"L_POST_A" => $post_a,
+
+		"S_POST_ACTION" => append_sid("privmsg.$phpEx"),
+		"S_HIDDEN_FORM_FIELDS" => $hidden_form_fields)
+	);
+
 	$template->pparse("body");
 
 	include('includes/page_tail.'.$phpEx);
@@ -270,21 +584,8 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
 {
 	if(!$userdata['session_logged_in'])
 	{
-		// Error
-	}
-
-	$sql = "SELECT g.group_id 
-		FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g 
-		WHERE ug.user_id = " . $userdata['user_id'] . " 
-			AND ug.group_id = g.group_id 
-			AND g.group_single_user = 1";
-	if(!$ug_status = $db->sql_query($sql))
-	{
-		error_die(SQL_QUERY, "Could not obtain group_id information.", __LINE__, __FILE__);
+		header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
 	}
-	$group_id_row = $db->sql_fetchrow($ug_status);
-
-	$group_id = $group_id_row['group_id'];
 
 	$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " 
 		WHERE ";
@@ -293,7 +594,6 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
 	{
 		$delete_ary = $HTTP_POST_VARS['mark'];
 		
-
 		for($i = 0; $i < count($delete_ary); $i++)
 		{
 			$delete_sql .= "privmsgs_id = " . $delete_ary[$i] . " ";
@@ -304,23 +604,22 @@ else if( ( isset($HTTP_POST_VARS['delete']) && !empty($HTTP_POST_VARS['mark']) )
 		}
 
 		$delete_sql .= "AND ";
-		
 	}
 
 	switch($folder)
 	{
 		case 'inbox':
-			$delete_sql .= "privmsgs_to_groupid = $group_id AND ( 
+			$delete_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND ( 
 				privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )";
 			break;
 		case 'outbox':
-			$delete_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_NEW_MAIL;
+			$delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_NEW_MAIL;
 			break;
 		case 'sentbox':
-			$delete_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
+			$delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 			break;
-		case 'savedbox':
-			$delete_sql .= "( privmsgs_from_groupid = $group_id OR privmsgs_to_groupid = $group_id ) 
+		case 'savebox':
+			$delete_sql .= "( privmsgs_from_userid = " . $userdata['user_id'] . " OR privmsgs_to_userid = " . $userdata['user_id'] . " ) 
 				AND privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
 			break;
 	}
@@ -335,22 +634,9 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
 {
 	if(!$userdata['session_logged_in'])
 	{
-		// Error
+		header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
 	}
 
-	$sql = "SELECT g.group_id 
-		FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g 
-		WHERE ug.user_id = " . $userdata['user_id'] . " 
-			AND ug.group_id = g.group_id 
-			AND g.group_single_user = 1";
-	if(!$ug_status = $db->sql_query($sql))
-	{
-		error_die(SQL_QUERY, "Could not obtain group_id information.", __LINE__, __FILE__);
-	}
-	$group_id_row = $db->sql_fetchrow($ug_status);
-
-	$group_id = $group_id_row['group_id'];
-
 	$saved_sql = "UPDATE " . PRIVMSGS_TABLE . "  
 		SET privmsgs_type = " . PRIVMSGS_SAVED_MAIL . " 
 		WHERE ";
@@ -375,11 +661,11 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
 	switch($folder)
 	{
 		case 'inbox':
-			$saved_sql .= "privmsgs_to_groupid = $group_id AND ( 
+			$saved_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND ( 
 				privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )";
 			break;
 		case 'sentbox':
-			$saved_sql .= "privmsgs_from_groupid = $group_id AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
+			$saved_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_READ_MAIL;
 			break;
 	}
 
@@ -390,12 +676,25 @@ else if(isset($HTTP_POST_VARS['save']) && $folder != "savebox" && $folder != "ou
 
 	$folder = "savebox";
 
+}
+else if($HTTP_POST_VARS['cancel'])
+{
+	$folder = "inbox";
+	$mode = "";
+
 }
 
 //
 // Default page
 //
 
+if(!$userdata['session_logged_in'])
+{
+	header(append_sid("Location: login.$phpEx?forward_page=privmsg.$phpEx&folder=inbox"));
+}
+
+include('includes/page_header.'.$phpEx);
+
 //
 // Load templates
 //
@@ -445,81 +744,52 @@ $template->assign_vars(array(
 	"S_POST_NEW_MSG" => $post_new_mesg_url)
 );
 
+$sql_tot = "SELECT COUNT(privmsgs_id)_total FROM " . PRIVMSGS_TABLE . " ";
+$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, u.user_id, u.username FROM " . PRIVMSGS_TABLE . " pm, " . USERS_TABLE . " u ";
+
 switch($folder)
 {
 	case 'inbox':
-		$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug  
-			WHERE ug.group_id = pm.privmsgs_to_groupid 
-				AND ug.user_id = " . $userdata['user_id'] . " 
-				AND ( pm.privmsgs_type =  " . PRIVMSGS_SENT_MAIL . " 
-					OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";
-
-		$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g 
-			WHERE ug.group_id = pm.privmsgs_from_groupid 
-				AND g.group_id = ug.group_id 
-				AND ug2.group_id = pm.privmsgs_to_groupid 
-				AND ug2.user_id = " . $userdata['user_id'] . " 
-				AND  ( pm.privmsgs_type =  " . PRIVMSGS_SENT_MAIL . " 
-					OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " ) 
-			ORDER BY pm.privmsgs_date DESC 
-			LIMIT $start, " . $board_config['topics_per_page'];
+		$sql_tot .= "WHERE privmsgs_to_userid = " . $userdata['user_id'] . " 
+			AND ( privmsgs_type =  " . PRIVMSGS_NEW_MAIL . " 
+				OR privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";
+
+		$sql .= "WHERE pm.privmsgs_to_userid = " . $userdata['user_id'] . " 
+			AND u.user_id = pm.privmsgs_from_userid 
+			AND ( pm.privmsgs_type =  " . PRIVMSGS_NEW_MAIL . " 
+				OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " )";
 		break;
 
 	case 'outbox':
-		$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug  
-			WHERE ug.group_id = pm.privmsgs_from_groupid 
-				AND ug.user_id = " . $userdata['user_id'] . "
-				AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
-
-		$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g 
-			WHERE ug.group_id = pm.privmsgs_to_groupid 
-				AND g.group_id = ug.group_id 
-				AND ug2.group_id = pm.privmsgs_from_groupid 
-				AND ug2.user_id = " . $userdata['user_id'] . "
-				AND pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
-			ORDER BY pm.privmsgs_date DESC 
-			LIMIT $start, " . $board_config['topics_per_page'];
-			break;
+		$sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . " 
+			AND privmsgs_type =  " . PRIVMSGS_NEW_MAIL;
+
+		$sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . " 
+			AND u.user_id = pm.privmsgs_to_userid 
+			AND pm.privmsgs_type =  " . PRIVMSGS_NEW_MAIL;
+		break;
 
 	case 'sentbox':
-		$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug  
-			WHERE ug.group_id = pm.privmsgs_from_groupid 
-				AND ug.user_id = " . $userdata['user_id'] . "
-				AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
-
-		$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g 
-			WHERE ug.group_id = pm.privmsgs_to_groupid 
-				AND g.group_id = ug.group_id 
-				AND ug2.group_id = pm.privmsgs_from_groupid 
-				AND ug2.user_id = " . $userdata['user_id'] . "
-				AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
-			ORDER BY pm.privmsgs_date DESC 
-			LIMIT $start, " . $board_config['topics_per_page'];
+		$sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . " 
+			AND privmsgs_type =  " . PRIVMSGS_SENT_MAIL;
+
+		$sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . " 
+			AND u.user_id = pm.privmsgs_to_userid 
+			AND pm.privmsgs_type =  " . PRIVMSGS_SENT_MAIL;
 		break;
 
 	case 'savebox':
-		$sql_tot = "SELECT COUNT(pm.privmsgs_id) AS pm_total 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug  
-			WHERE ug.group_id = pm.privmsgs_to_groupid 
-				AND ug.user_id = " . $userdata['user_id'] . " 
-				AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
-
-		$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, ug.user_id, g.group_name, g.group_single_user 
-			FROM " . PRIVMSGS_TABLE . " pm, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g 
-			WHERE ug.group_id = pm.privmsgs_from_groupid 
-				AND g.group_id = ug.group_id 
-				AND ug2.group_id = pm.privmsgs_to_groupid 
-				AND ug2.user_id = " . $userdata['user_id'] . " 
-				AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL . "
-			ORDER BY pm.privmsgs_date DESC 
-			LIMIT $start, " . $board_config['topics_per_page'];			break;
+		$sql_tot .= "WHERE privmsgs_to_userid = " . $userdata['user_id'] . " 
+			AND privmsgs_type = " . PRIVMSGS_SAVED_MAIL; 
+
+		$sql .= "WHERE pm.privmsgs_to_userid = " . $userdata['user_id'] . " 
+			AND u.user_id = pm.privmsgs_from_userid 
+			AND pm.privmsgs_type = " . PRIVMSGS_SAVED_MAIL;
+		break;
 }
+
+$sql .= " ORDER BY pm.privmsgs_date DESC LIMIT $start, " . $board_config['topics_per_page'];
+
 if(!$pm_tot_status = $db->sql_query($sql_tot))
 {
 	error_die(SQL_QUERY, "Could not query private message information.", __LINE__, __FILE__);
@@ -532,34 +802,27 @@ $pm_total = $db->sql_numrows($pm_tot_status);
 $pm_list = $db->sql_fetchrowset($pm_status);
 
 //
-// Okay, let's build the index
+// Okay, let's build the correct folder
 //
 
 for($i = 0; $i < count($pm_list); $i++)
 {
-
 	$privmsg_id = $pm_list[$i]['privmsgs_id'];
+
 	$flag = $pm_list[$i]['privmsgs_type'];
-	$icon_flag = ($flag == PRIVMSGS_READ_MAIL || $flag == PRIVMSGS_SENT_MAIL) ? "<img src=\"images/msg_read.gif\">" : "<img src=\"images/msg_unread.gif\">";
+	$icon_flag = ($flag == PRIVMSGS_READ_MAIL || $flag == PRIVMSGS_SAVED_MAIL || $flag == PRIVMSGS_SENT_MAIL) ? "<img src=\"images/msg_read.gif\">" : "<img src=\"images/msg_unread.gif\">";
 
 	$msg_userid = $pm_list[$i]['user_id'];
-	$msg_username = stripslashes($pm_list[$i]['group_name']);
+	$msg_username = stripslashes($pm_list[$i]['username']);
 
-	if($pm_list[$i]['group_single_user'])
-	{
-		$u_from_user_profile = "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid";
-	}
-	else
-	{
-		$u_from_user_profile = "groupadmin.$phpEx?" . POST_GROUPS_URL . "=$msg_userid";
-	}
+	$u_from_user_profile = "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$msg_userid";
 
 	$msg_subject = stripslashes($pm_list[$i]['privmsgs_subject']);
 	$u_subject = "privmsg.$phpEx?folder=$folder&mode=read&" . POST_POST_URL . "=$privmsg_id";
 
 	$msg_date = create_date($board_config['default_dateformat'], $pm_list[$i]['privmsgs_date'], $board_config['default_timezone']);
 
-	if($flag == PRIVMSGS_NEW_MAIL && $mode == "inbox")
+	if($flag == PRIVMSGS_NEW_MAIL && $folder == "inbox")
 	{
 		$msg_subject = "<b>" . $msg_subject . "</b>";
 		$msg_date = "<b>" . $msg_date . "</b>";
@@ -583,7 +846,7 @@ for($i = 0; $i < count($pm_list); $i++)
 } // for ... 
 
 $template->assign_vars(array(
-	"PAGINATION" => generate_pagination("privmsg.$phpEx?mode=$mode", $pm_total, $board_config['topics_per_page'], $start),
+	"PAGINATION" => generate_pagination("privmsg.$phpEx?folder=$folder", $pm_total, $board_config['topics_per_page'], $start),
 	"ON_PAGE" => (floor($start/$board_config['topics_per_page'])+1),
 	"TOTAL_PAGES" => ceil(($pm_total)/$board_config['topics_per_page']),
 
-- 
cgit v1.2.1