public/takemessage.php

<?php
require "../include/bittorrent.php";
dbconn();
require_once(get_langfile_path());
//require_once(get_langfile_path("",true));
loggedinorreturn();

if ($_SERVER["REQUEST_METHOD"] != "POST")
	stderr($lang_takemessage['std_error'], $lang_takemessage['std_permission_denied']);

	$origmsg = intval($_POST["origmsg"] ?? 0);
	$msg = trim($_POST["body"]);
	if (isset($_POST['forward']) && $_POST['forward'] == 1) //this is forwarding
	{
		if (!$origmsg)
			stderr($lang_takemessage['std_error'], $lang_takemessage['std_invalid_id']);
		$res = sql_query("SELECT * FROM messages WHERE id=" . sqlesc($origmsg) . " AND (receiver=" . sqlesc($CURUSER['id']) . " OR sender=" . sqlesc($CURUSER['id']) .") LIMIT 1") or sqlerr(__FILE__,__LINE__);
		$origmsgrow = mysql_fetch_assoc($res);
		if (!$origmsgrow)
			stderr($lang_takemessage['std_error'], $lang_takemessage['std_no_permission_forwarding']);
		if(!$_POST['to'])
			stderr($lang_takemessage['std_error'], $lang_takemessage['std_must_enter_username']);
		$receiver = get_user_id_from_name(trim($_POST['to']));
        $locale = get_user_locale($receiver);
		if ($origmsgrow['sender'] == 0)
		{
			$origfrom = nexus_trans("message.msg_system", [], $locale);
		}
		else
		{
			$origmsgsendername = get_plain_username($origmsgrow['sender']);
			$origfrom = "[url=userdetails.php?id=".$origmsgrow['sender']."]".$origmsgsendername."[/url]";
		}
		$msg = "-------- ".nexus_trans("message.msg_original_message_from", [], $locale) . $origfrom . " --------\n" . $origmsgrow['msg']."\n\n".($msg ? "-------- [url=userdetails.php?id=".$CURUSER["id"]."]".$CURUSER["username"]."[/url][i] Wrote at ".date("Y-m-d H:i:s").":[/i] --------\n".$msg : "");

	}
	else
	{
		$receiver = intval($_POST["receiver"] ?? 0);
		if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg)))
			stderr($lang_takemessage['std_error'],$lang_takemessage['std_invalid_id']);
		$bodyadd = "";
		if (!$msg)
			stderr($lang_takemessage['std_error'],$lang_takemessage['std_please_enter_something']);
	}
	$save = $_POST["save"];
	$returnto = $_POST["returnto"];

	// Anti Flood Code
	// This code ensures that a member can only send one PM every 10 seconds.
	if (!user_can('staffmem')) {
		if (strtotime($CURUSER['last_pm']) > (TIMENOW - 10))
		{
			$secs = 60 - (TIMENOW - strtotime($CURUSER['last_pm']));
			stderr($lang_takemessage['std_error'],$lang_takemessage['std_message_flooding_denied'].$secs.$lang_takemessage['std_before_sending_pm']);
		}
	}

	// Change
	$save = ($save == 'yes') ? "yes" : "no";
	// End of Change

	$res = sql_query("SELECT id,username,parked,email,acceptpms, notifs, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=".sqlesc($receiver)) or sqlerr(__FILE__, __LINE__);
	$user = mysql_fetch_assoc($res);
	if (!$user)
		stderr($lang_takemessage['std_error'], $lang_takemessage['std_user_not_exist']);

	//Make sure recipient wants this message
	if (!user_can('staffmem'))
	{
		if ($user["parked"] == "yes")
		stderr($lang_takemessage['std_refused'], $lang_takemessage['std_account_parked']);
		if ($user["acceptpms"] == "yes")
		{
			$res2 = sql_query("SELECT * FROM blocks WHERE userid=".sqlesc($receiver)." AND blockid=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__);
			if (mysql_num_rows($res2) == 1)
			stderr($lang_takemessage['std_refused'], $lang_takemessage['std_user_blocks_your_pms']);
		}
		elseif ($user["acceptpms"] == "friends")
		{
			$res2 = sql_query("SELECT * FROM friends WHERE userid=".sqlesc($receiver)." AND friendid=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__);
			if (mysql_num_rows($res2) != 1)
			stderr($lang_takemessage['std_refused'], $lang_takemessage['std_user_accepts_friends_pms']);
		}
		elseif ($user["acceptpms"] == "no")
		stderr($lang_takemessage['std_refused'], $lang_takemessage['std_user_blocks_all_pms']);
	}

	$subject = trim($_POST['subject']);

	\App\Models\Message::add([
		'sender' => $CURUSER["id"],
		'receiver' => $receiver,
		'msg' => $msg,
		'subject' => $subject,
		'added' => now(),
		'saved' => $save,
		'location' => 1,
	]);

	$Cache->delete_value('user_'.$CURUSER["id"].'_outbox_count');

	$msgid=mysql_insert_id();
	$date=date("Y-m-d H:i:s");
	// Update Last PM sent...
	sql_query("UPDATE users SET last_pm = NOW() WHERE id = ".sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);

	// Send notification email.
if ($emailnotify_smtp=='yes' && $smtptype != 'none'){
	$mystring = $user['notifs'];
	$findme  = '[pm]';
	$pos = strpos($mystring, $findme);
	if ($pos === false)
	$sm = false;
	else
	$sm = true;

	if ($sm)
	{

		$username = trim($CURUSER["username"]);
		$msg_receiver = trim($user["username"]);
		$prefix = get_protocol_prefix();
        $locale = get_user_locale($user['id']);
		$title = "$SITENAME ".nexus_trans("message.mail_received_pm_from", [], $locale) . $username . "!";
        $mailDear = nexus_trans("message.mail_dear", [], $locale);
        $mailYouReceivedAPm = nexus_trans("message.mail_you_received_a_pm", [], $locale);
        $mailSender = nexus_trans("message.mail_sender", [], $locale);
        $mailSubject = nexus_trans("message.mail_subject", [], $locale);
        $mailDate = nexus_trans("message.mail_date", [], $locale);
        $mailYouFollowingUrl = nexus_trans("message.mail_use_following_url", [], $locale);
        $mailHere = nexus_trans("message.mail_here", [], $locale);
        $mailYouFollowingUrl1 = nexus_trans("message.mail_use_following_url_1", [], $locale);
        $mailYours = nexus_trans("message.mail_yours", [], $locale);
        $siteName = \App\Models\Setting::getSiteName();
        $mailTheSiteTeam = sprintf(nexus_trans("message.mail_the_site_team", [], $locale), $siteName);
		$body = <<<EOD
		{$mailDear}$msg_receiver,

		{$mailYouReceivedAPm}

		{$mailSender}: $username
		{$mailSubject}: $subject
		{$mailDate}: $date

		{$mailYouFollowingUrl}<b><a href="javascript:void(null)" onclick="window.open('$prefix$BASEURL/messages.php?action=viewmessage&id=$msgid')">{$mailHere}</a></b>{$mailYouFollowingUrl1}<br />
$prefix$BASEURL/messages.php?action=viewmessage&id=$msgid

		------{$mailYours}
		{$mailTheSiteTeam}
EOD;

		sent_mail($user["email"],$SITENAME,$SITEEMAIL,$title,str_replace("<br />","<br />",nl2br($body)),"sendmessage",false,false,'');

	}
}
	$delete = $_POST["delete"];

	if ($origmsg)
	{
		if ($delete == "yes")
		{
			// Make sure receiver of $origmsg is current user
			$res = sql_query("SELECT * FROM messages WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
			if (mysql_num_rows($res) == 1)
			{
				$arr = mysql_fetch_assoc($res);
				if ($arr["receiver"] != $CURUSER["id"])
				stderr("w00t","This shouldn't happen.");
				if ($arr["saved"] == "no")
				sql_query("DELETE FROM messages WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);
				elseif ($arr["saved"] == "yes")
				sql_query("UPDATE messages SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);

			}
		}
		if (!$returnto)
		$returnto = "" . get_protocol_prefix() . "$BASEURL/messages.php";
	}

	if ($returnto)
	{
		header("Location: $returnto");
		die;
	}

	stdhead();
	stdmsg($lang_takemessage['std_succeeded'], (($n_pms > 1) ? "$n".$lang_takemessage['std_messages_out_of']."$n_pms".$lang_takemessage['std_were'] : $lang_takemessage['std_message_was']).
	$lang_takemessage['std_successfully_sent'] . ($l ? " $l profile comment" . (($l>1) ? $lang_takemessage['std_s_were'] : $lang_takemessage['std_was']) . $lang_takemessage['std_updated'] : ""));
stdfoot();
exit;
?>
init 2020-12-26 01:42:23 +08:00			`<?php`
add composer 2021-01-13 19:32:26 +08:00			`require "../include/bittorrent.php";`
init 2020-12-26 01:42:23 +08:00			`dbconn();`
			`require_once(get_langfile_path());`
cancel include lang/_target 2025-04-21 11:57:24 +07:00			`//require_once(get_langfile_path("",true));`
init 2020-12-26 01:42:23 +08:00			`loggedinorreturn();`

			`if ($_SERVER["REQUEST_METHOD"] != "POST")`
			`stderr($lang_takemessage['std_error'], $lang_takemessage['std_permission_denied']);`

recover some $_GET & $POST variable keep be integer 2021-01-06 00:56:13 +08:00			`$origmsg = intval($_POST["origmsg"] ?? 0);`
init 2020-12-26 01:42:23 +08:00			`$msg = trim($_POST["body"]);`
settings load from database and i18n from config files 2021-01-12 21:14:02 +08:00			`if (isset($_POST['forward']) && $_POST['forward'] == 1) //this is forwarding`
init 2020-12-26 01:42:23 +08:00			`{`
			`if (!$origmsg)`
			`stderr($lang_takemessage['std_error'], $lang_takemessage['std_invalid_id']);`
			`$res = sql_query("SELECT * FROM messages WHERE id=" . sqlesc($origmsg) . " AND (receiver=" . sqlesc($CURUSER['id']) . " OR sender=" . sqlesc($CURUSER['id']) .") LIMIT 1") or sqlerr(__FILE__,__LINE__);`
			`$origmsgrow = mysql_fetch_assoc($res);`
			`if (!$origmsgrow)`
			`stderr($lang_takemessage['std_error'], $lang_takemessage['std_no_permission_forwarding']);`
			`if(!$_POST['to'])`
			`stderr($lang_takemessage['std_error'], $lang_takemessage['std_must_enter_username']);`
			`$receiver = get_user_id_from_name(trim($_POST['to']));`
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`$locale = get_user_locale($receiver);`
init 2020-12-26 01:42:23 +08:00			`if ($origmsgrow['sender'] == 0)`
			`{`
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`$origfrom = nexus_trans("message.msg_system", [], $locale);`
init 2020-12-26 01:42:23 +08:00			`}`
			`else`
			`{`
			`$origmsgsendername = get_plain_username($origmsgrow['sender']);`
			`$origfrom = "[url=userdetails.php?id=".$origmsgrow['sender']."]".$origmsgsendername."[/url]";`
			`}`
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`$msg = "-------- ".nexus_trans("message.msg_original_message_from", [], $locale) . $origfrom . " --------\n" . $origmsgrow['msg']."\n\n".($msg ? "-------- [url=userdetails.php?id=".$CURUSER["id"]."]".$CURUSER["username"]."[/url][i] Wrote at ".date("Y-m-d H:i:s").":[/i] --------\n".$msg : "");`
Refactoring user permissions 2022-08-20 19:11:28 +08:00
init 2020-12-26 01:42:23 +08:00			`}`
			`else`
			`{`
recover some $_GET & $POST variable keep be integer 2021-01-06 00:56:13 +08:00			`$receiver = intval($_POST["receiver"] ?? 0);`
init 2020-12-26 01:42:23 +08:00			`if (!is_valid_id($receiver) \|\| ($origmsg && !is_valid_id($origmsg)))`
			`stderr($lang_takemessage['std_error'],$lang_takemessage['std_invalid_id']);`
			`$bodyadd = "";`
			`if (!$msg)`
			`stderr($lang_takemessage['std_error'],$lang_takemessage['std_please_enter_something']);`
			`}`
			`$save = $_POST["save"];`
			`$returnto = $_POST["returnto"];`

			`// Anti Flood Code`
			`// This code ensures that a member can only send one PM every 10 seconds.`
Refactoring user permissions 2022-08-20 19:11:28 +08:00			`if (!user_can('staffmem')) {`
init 2020-12-26 01:42:23 +08:00			`if (strtotime($CURUSER['last_pm']) > (TIMENOW - 10))`
			`{`
			`$secs = 60 - (TIMENOW - strtotime($CURUSER['last_pm']));`
			`stderr($lang_takemessage['std_error'],$lang_takemessage['std_message_flooding_denied'].$secs.$lang_takemessage['std_before_sending_pm']);`
			`}`
			`}`

			`// Change`
			`$save = ($save == 'yes') ? "yes" : "no";`
			`// End of Change`

			`$res = sql_query("SELECT id,username,parked,email,acceptpms, notifs, UNIX_TIMESTAMP(last_access) as la FROM users WHERE id=".sqlesc($receiver)) or sqlerr(__FILE__, __LINE__);`
			`$user = mysql_fetch_assoc($res);`
			`if (!$user)`
			`stderr($lang_takemessage['std_error'], $lang_takemessage['std_user_not_exist']);`

			`//Make sure recipient wants this message`
Refactoring user permissions 2022-08-20 19:11:28 +08:00			`if (!user_can('staffmem'))`
init 2020-12-26 01:42:23 +08:00			`{`
			`if ($user["parked"] == "yes")`
			`stderr($lang_takemessage['std_refused'], $lang_takemessage['std_account_parked']);`
			`if ($user["acceptpms"] == "yes")`
			`{`
			`$res2 = sql_query("SELECT * FROM blocks WHERE userid=".sqlesc($receiver)." AND blockid=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__);`
			`if (mysql_num_rows($res2) == 1)`
			`stderr($lang_takemessage['std_refused'], $lang_takemessage['std_user_blocks_your_pms']);`
			`}`
			`elseif ($user["acceptpms"] == "friends")`
			`{`
			`$res2 = sql_query("SELECT * FROM friends WHERE userid=".sqlesc($receiver)." AND friendid=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__);`
			`if (mysql_num_rows($res2) != 1)`
			`stderr($lang_takemessage['std_refused'], $lang_takemessage['std_user_accepts_friends_pms']);`
			`}`
			`elseif ($user["acceptpms"] == "no")`
			`stderr($lang_takemessage['std_refused'], $lang_takemessage['std_user_blocks_all_pms']);`
			`}`

			`$subject = trim($_POST['subject']);`
新增候选提醒到管理组 1. 新增候选提醒到管理组消息 2. 修改发送私信的实现为message::add() 2025-09-16 20:14:51 +08:00
			`\App\Models\Message::add([`
			`'sender' => $CURUSER["id"],`
			`'receiver' => $receiver,`
			`'msg' => $msg,`
			`'subject' => $subject,`
			`'added' => now(),`
			`'saved' => $save,`
			`'location' => 1,`
			`]);`

init 2020-12-26 01:42:23 +08:00			`$Cache->delete_value('user_'.$CURUSER["id"].'_outbox_count');`
Refactoring user permissions 2022-08-20 19:11:28 +08:00
init 2020-12-26 01:42:23 +08:00			`$msgid=mysql_insert_id();`
			`$date=date("Y-m-d H:i:s");`
			`// Update Last PM sent...`
			`sql_query("UPDATE users SET last_pm = NOW() WHERE id = ".sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);`

			`// Send notification email.`
			`if ($emailnotify_smtp=='yes' && $smtptype != 'none'){`
			`$mystring = $user['notifs'];`
			`$findme = '[pm]';`
			`$pos = strpos($mystring, $findme);`
			`if ($pos === false)`
			`$sm = false;`
			`else`
			`$sm = true;`

			`if ($sm)`
			`{`

			`$username = trim($CURUSER["username"]);`
			`$msg_receiver = trim($user["username"]);`
			`$prefix = get_protocol_prefix();`
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`$locale = get_user_locale($user['id']);`
			`$title = "$SITENAME ".nexus_trans("message.mail_received_pm_from", [], $locale) . $username . "!";`
			`$mailDear = nexus_trans("message.mail_dear", [], $locale);`
			`$mailYouReceivedAPm = nexus_trans("message.mail_you_received_a_pm", [], $locale);`
			`$mailSender = nexus_trans("message.mail_sender", [], $locale);`
			`$mailSubject = nexus_trans("message.mail_subject", [], $locale);`
			`$mailDate = nexus_trans("message.mail_date", [], $locale);`
			`$mailYouFollowingUrl = nexus_trans("message.mail_use_following_url", [], $locale);`
			`$mailHere = nexus_trans("message.mail_here", [], $locale);`
			`$mailYouFollowingUrl1 = nexus_trans("message.mail_use_following_url_1", [], $locale);`
			`$mailYours = nexus_trans("message.mail_yours", [], $locale);`
			`$siteName = \App\Models\Setting::getSiteName();`
			`$mailTheSiteTeam = sprintf(nexus_trans("message.mail_the_site_team", [], $locale), $siteName);`
init 2020-12-26 01:42:23 +08:00			`$body = <<<EOD`
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`{$mailDear}$msg_receiver,`
Refactoring user permissions 2022-08-20 19:11:28 +08:00
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`{$mailYouReceivedAPm}`
Refactoring user permissions 2022-08-20 19:11:28 +08:00
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`{$mailSender}: $username`
			`{$mailSubject}: $subject`
			`{$mailDate}: $date`
Refactoring user permissions 2022-08-20 19:11:28 +08:00
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`{$mailYouFollowingUrl}<b><a href="javascript:void(null)" onclick="window.open('$prefix$BASEURL/messages.php?action=viewmessage&id=$msgid')">{$mailHere}</a></b>{$mailYouFollowingUrl1}<br />`
init 2020-12-26 01:42:23 +08:00			`$prefix$BASEURL/messages.php?action=viewmessage&id=$msgid`
Refactoring user permissions 2022-08-20 19:11:28 +08:00
add lang: nl + deprecate lang/_target 2025-04-21 02:53:56 +07:00			`------{$mailYours}`
			`{$mailTheSiteTeam}`
init 2020-12-26 01:42:23 +08:00			`EOD;`

remove sent_mail() change encode 2021-02-04 19:28:27 +08:00			`sent_mail($user["email"],$SITENAME,$SITEEMAIL,$title,str_replace("<br />","<br />",nl2br($body)),"sendmessage",false,false,'');`
init 2020-12-26 01:42:23 +08:00
			`}`
			`}`
			`$delete = $_POST["delete"];`

			`if ($origmsg)`
			`{`
			`if ($delete == "yes")`
			`{`
			`// Make sure receiver of $origmsg is current user`
			`$res = sql_query("SELECT * FROM messages WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);`
			`if (mysql_num_rows($res) == 1)`
			`{`
			`$arr = mysql_fetch_assoc($res);`
			`if ($arr["receiver"] != $CURUSER["id"])`
			`stderr("w00t","This shouldn't happen.");`
			`if ($arr["saved"] == "no")`
			`sql_query("DELETE FROM messages WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);`
			`elseif ($arr["saved"] == "yes")`
			`sql_query("UPDATE messages SET location = '0' WHERE id=$origmsg") or sqlerr(__FILE__, __LINE__);`

			`}`
			`}`
			`if (!$returnto)`
			`$returnto = "" . get_protocol_prefix() . "$BASEURL/messages.php";`
			`}`

			`if ($returnto)`
			`{`
			`header("Location: $returnto");`
			`die;`
			`}`

			`stdhead();`
			`stdmsg($lang_takemessage['std_succeeded'], (($n_pms > 1) ? "$n".$lang_takemessage['std_messages_out_of']."$n_pms".$lang_takemessage['std_were'] : $lang_takemessage['std_message_was']).`
			`$lang_takemessage['std_successfully_sent'] . ($l ? " $l profile comment" . (($l>1) ? $lang_takemessage['std_s_were'] : $lang_takemessage['std_was']) . $lang_takemessage['std_updated'] : ""));`
			`stdfoot();`
			`exit;`
			`?>`