Mambo API

[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3  * @package Mambo
   4  * @subpackage Messages
   5  * @author Mambo Foundation Inc see README.php
   6  * @copyright (C) 2000 - 2009 Mambo Foundation Inc.
   7  * See COPYRIGHT.php for copyright notices and details.
   8  * @license GNU/GPL Version 2, see LICENSE.php
   9  *
  10  * Redistributions of files must retain the above copyright notice.
  11  *
  12  * Mambo is free software; you can redistribute it and/or
  13  * modify it under the terms of the GNU General Public License
  14  * as published by the Free Software Foundation; version 2 of the License.
  15  */
  16  
  17  /** ensure this file is being included by a parent file */
  18  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
  19  
  20  require_once( $mainframe->getPath( 'admin_html' ) );
  21  require_once( $mainframe->getPath( 'class' ) );
  22  
  23  $task = trim( mosGetParam( $_REQUEST, 'task', null ) );
  24  $cid = mosGetParam( $_REQUEST, 'cid', array( 0 ) );
  25  if (!is_array( $cid )) {
  26      $cid = array ( 0 );
  27  }
  28  
  29  switch ($task) {
  30      case "view":
  31          viewMessage( $cid[0], $option );
  32          break;
  33  
  34      case "new":
  35          newMessage( $option, NULL, NULL );
  36          break;
  37  
  38      case "reply":
  39          newMessage(
  40              $option,
  41              mosGetParam( $_REQUEST, 'userid', 0 ),
  42              mosGetParam( $_REQUEST, 'subject', '' )
  43          );
  44          break;
  45  
  46      case "save":
  47          saveMessage( $option );
  48          break;
  49  
  50      case "remove":
  51          removeMessage( $cid, $option );
  52          break;
  53  
  54      case "config":
  55          editConfig( $option );
  56          break;
  57  
  58      case "saveconfig":
  59          saveConfig( $option );
  60          break;
  61  
  62      default:
  63          showMessages( $option );
  64          break;
  65  }
  66  
  67  function editConfig( $option ) {
  68      global $database, $my;
  69  
  70      // @RawSQLUse, trivial_implementation, SELECT
  71      $database->setQuery( "SELECT cfg_name, cfg_value FROM #__messages_cfg WHERE user_id='$my->id'" );
  72      $data = $database->loadObjectList( 'cfg_name' );
  73  
  74      $vars = array();
  75      $vars['lock'] = mosHTML::yesnoSelectList( "vars[lock]", 'class="inputbox" size="1"', @$data['lock']->cfg_value );
  76      $vars['mail_on_new'] = mosHTML::yesnoSelectList( "vars[mail_on_new]", 'class="inputbox" size="1"', @$data['mail_on_new']->cfg_value );
  77  
  78      HTML_messages::editConfig( $vars, $option );
  79  
  80  }
  81  
  82  function saveConfig( $option ) {
  83      global $database, $my;
  84  
  85      // @RawSQLUse, trivial_implementation, DELETE
  86      $database->setQuery( "DELETE FROM #__messages_cfg WHERE user_id='$my->id'" );
  87      $database->query();
  88  
  89      $vars = mosGetParam( $_POST, 'vars', array() );
  90      foreach ($vars as $k=>$v) {
  91          $v = $database->getEscaped( $v );
  92          // @RawSQLUse, trivial_implementation, INSERT
  93          $database->setQuery( "INSERT INTO #__messages_cfg (user_id,cfg_name,cfg_value)"
  94              . "\nVALUES ('$my->id','$k','$v')"
  95          );
  96          $database->query();
  97      }
  98      mosRedirect( "index2.php?option=$option" );
  99  }
 100  
 101  function newMessage( $option, $user, $subject ) {
 102      global $database, $mainframe, $my, $acl;
 103  
 104      // get available backend user groups
 105      $gid = $acl->get_group_id( 'Public Backend', 'ARO' );
 106      $gids = $acl->get_group_children( $gid, 'ARO', 'RECURSE' );
 107      $gids = implode( ',', $gids );
 108  
 109      // get list of usernames
 110      $recipients = array( mosHTML::makeOption( '0', '- Select User -' ) );
 111      // @RawSQLUse, trivial_implementation, SELECT, CONCEPT
 112      $database->setQuery( "SELECT id AS value, username AS text FROM #__users"
 113      ."\n WHERE gid IN ($gids)"
 114      . "\n ORDER BY name" );
 115      $recipients = array_merge( $recipients, $database->loadObjectList() );
 116  
 117      $recipientslist =
 118          mosHTML::selectList(
 119              $recipients,
 120              'user_id_to',
 121              'class="inputbox" size="1"',
 122              'value',
 123              'text',
 124              $user
 125          );
 126      HTML_messages::newMessage($option, $recipientslist, $subject );
 127  }
 128  
 129  function saveMessage( $option ) {
 130      global $database, $mainframe, $my, $mosConfig_absolute_path;
 131      global $mosConfig_mailfrom, $mosConfig_fromname;
 132  
 133      require_once ($mosConfig_absolute_path."/includes/mambofunc.php");
 134  
 135      $row = new mosMessage( $database );
 136      if (!$row->bind( $_POST )) {
 137          echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
 138          exit();
 139      }
 140      
 141      require_once(mamboCore::get('mosConfig_absolute_path').'/includes/phpInputFilter/class.inputfilter.php');
 142      $iFilter = new InputFilter( null, null, 1, 1 );
 143      $row->subject = trim( $iFilter->process( $row->subject ) );
 144      $row->message = trim( $iFilter->process( $row->message ) );
 145      
 146      if (!$row->send()) {
 147          mosRedirect( "index2.php?option=com_messages&mosmsg=" . $row->getError() );
 148      }
 149  
 150      $msg     = $row->subject.' - '.$row->message;
 151  
 152      // @RawSQLUse, trivial_implementation, SELECT, CONCEPT
 153      $sql = "SELECT a.id, a.name, a.email"
 154          . "\nFROM #__users AS a"
 155          . "\nWHERE a.sendEmail = '1'"
 156          . "\nAND a.id = '".$row->user_id_to."'"
 157      ;
 158      $database->setQuery( $sql );
 159      $rows = $database->loadObjectList();
 160  
 161      if ($rows) {
 162          foreach($rows as $row){
 163              $recipient = $row->email;
 164              $subject = "New private message from ".$row->name;
 165              mosMail($mosConfig_mailfrom, $mosConfig_fromname, $recipient, $subject, $msg);
 166          }
 167      }
 168      mosRedirect( "index2.php?option=com_messages" );
 169  }
 170  
 171  function showMessages( $option ) {
 172      global $database, $mainframe, $my, $mosConfig_list_limit;
 173  
 174      $limit = $mainframe->getUserStateFromRequest( "viewlistlimit", 'limit', $mosConfig_list_limit );
 175      $limitstart = $mainframe->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 );
 176      $search = $mainframe->getUserStateFromRequest( "search{$option}", 'search', '' );
 177      $search = $database->getEscaped( trim( strtolower( $search ) ) );
 178  
 179      $wheres = array();
 180      $wheres[] = " a.user_id_to='$my->id'";
 181  
 182      if (isset($search) && $search!= "") {
 183          $wheres[] = "(u.username LIKE '%$search%' OR email LIKE '%$search%' OR u.name LIKE '%$search%')";
 184      }
 185  
 186      $database->setQuery( "SELECT COUNT(*)"
 187          . "\nFROM #__messages AS a"
 188          . "\nINNER JOIN #__users AS u ON u.id = a.user_id_from"
 189          . ($wheres ? " WHERE " . implode( " AND ", $wheres ) : "" )
 190      );
 191      $total = $database->loadResult();
 192  
 193      require_once( $GLOBALS['mosConfig_absolute_path'] . '/administrator/includes/pageNavigation.php' );
 194      $pageNav = new mosPageNav( $total, $limitstart, $limit  );
 195  
 196      $database->setQuery( "SELECT a.*, u.name AS user_from"
 197          . "\nFROM #__messages AS a"
 198          . "\nINNER JOIN #__users AS u ON u.id = a.user_id_from"
 199          . ($wheres ? " WHERE " . implode( " AND ", $wheres ) : "" )
 200          . "\nORDER BY date_time DESC"
 201          . "\nLIMIT $pageNav->limitstart, $pageNav->limit"
 202      );
 203  
 204      $rows = $database->loadObjectList();
 205      if ($database->getErrorNum()) {
 206          echo $database->stderr();
 207          return false;
 208      }
 209  
 210      HTML_messages::showMessages( $rows, $pageNav, $search, $option );
 211  }
 212  
 213  function viewMessage( $uid='0', $option ) {
 214      global $database, $my, $acl;
 215  
 216      $row = null;
 217      $database->setQuery( "SELECT a.*, u.name AS user_from"
 218          . "\nFROM #__messages AS a"
 219          . "\nINNER JOIN #__users AS u ON u.id = a.user_id_from"
 220          . "\nWHERE a.message_id='$uid'"
 221          . "\nORDER BY date_time DESC"
 222      );
 223      $database->loadObject( $row );
 224  
 225      // @RawSQLUse, trivial_implementation, UPDATE
 226      $database->setQuery( "UPDATE #__messages SET state='1' WHERE message_id='$uid'" );
 227      $database->query();
 228  
 229      HTML_messages::viewMessage( $row, $option );
 230  }
 231  
 232  function removeMessage( $cid, $option ) {
 233      global $database;
 234  
 235      if (!is_array( $cid ) || count( $cid ) < 1) {
 236          echo "<script> alert('".T_('Select an item to delete')."'); window.history.go(-1);</script>\n";
 237          exit;
 238      }
 239      if (count( $cid )) {
 240          $cids = implode( ',', $cid );
 241          // @RawSQLUse, trivial_implementation, DELETE
 242          $database->setQuery( "DELETE FROM #__messages WHERE message_id IN ($cids)" );
 243          if (!$database->query()) {
 244              echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>\n";
 245          }
 246      }
 247  
 248      $limit = intval( mosGetParam( $_REQUEST, 'limit', 10 ) );
 249      $limitstart    = intval( mosGetParam( $_REQUEST, 'limitstart', 0 ) );
 250      mosRedirect( "index2.php?option=$option&limit=$limit&limitstart=$limitstart" );
 251  }
 252  
 253  ?>