From 8c750c3cc327d1ff8d3214a3643e689d8d3a0989 Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@n0v4.com>
Date: Mon, 11 Apr 2011 05:15:15 +1000
Subject: [PATCH] Allow admins to read other user PMs

---
 inc/config.php |  2 ++
 mod.php        | 36 +++++++++++++++++++++++++++++-------
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index abe8db62..c61fb5d0 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -366,6 +366,8 @@
 	$config['mod']['modlog'] = ADMIN;
 	// Create a PM (viewing mod usernames)
 	$config['mod']['create_pm'] = JANITOR;
+	// Read any PM, sent to or from anybody
+	$config['mod']['master_pm'] = ADMIN;
 	// Rebuild everything
 	$config['mod']['rebuild'] = ADMIN;
 	// Search through posts
diff --git a/mod.php b/mod.php
index 15a602c2..06331a2a 100644
--- a/mod.php
+++ b/mod.php
@@ -314,9 +314,14 @@
 		} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
 			$id = $match[1];
 			
-			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
+			if($mod['type'] >= $config['mod']['master_pm']) {
+				$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
+			} else {
+				$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
+				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+			}
+			
 			$query->bindValue(':id', $id, PDO::PARAM_INT);
-			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
 			$query->execute() or error(db_error($query));
 			
 			if(!$pm = $query->fetch()) {
@@ -337,15 +342,32 @@
 				$query->bindValue(':id', $id, PDO::PARAM_INT);
 				$query->execute() or error(db_error($query));
 				
+				if($pm['to'] != $mod['id']) {
+					$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
+					$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
+					$query->execute() or error(db_error($query));
+					
+					if($_mod = $query->fetch()) {
+						$__to = $_mod['username'];
+					} else {
+						$__to = '<em>??</em>';
+					}
+				}
+				
 				modLog('Read a PM');
 				
-				$body = '<form action="" method="post"><table><th>From</th><td>' .
-					($mod['type'] >= $config['mod']['editusers'] ?
-						'<a href="?/users/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' :
-						htmlentities($pm['username'])
-					) .
+				$body = '<form action="" method="post"><table>' . 
+				
+				'<th>From</th><td>' .
+					'<a href="?/new_PM/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' .
 				'</td></tr>' .
 				
+				(isset($__to) ?
+					'<th>To</th><td>' .
+						'<a href="?/new_PM/' . $pm['to'] . '">' . htmlentities($__to) . '</a>' .
+					'</td></tr>'
+				: '') .
+				
 				'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
 				
 				'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .