From 9c9ead2b082c82a28febfdd409551bc647c50ab3 Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@n0v4.com>
Date: Thu, 17 Mar 2011 16:52:43 +1100
Subject: [PATCH] Beta PM system

---
 inc/display.php  |   8 ++--
 inc/mod.php      |  16 +++++++
 inc/template.php |  17 ++++---
 mod.php          | 119 ++++++++++++++++++++++++++++++++++++++++++++++-
 style.css        |   4 ++
 5 files changed, 151 insertions(+), 13 deletions(-)
diff --git a/inc/display.php b/inc/display.php
index b3e7a35a..41b99461 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -127,11 +127,11 @@
 				
 				// Delete
 				if($this->mod['type'] >= $config['mod']['delete'])
-					$built .= ' <a title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . $config['mod']['link_delete'] . '</a>';
+					$built .= ' <a onclick="return confirm(\'Are you sure you want to delete this?\')" title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . $config['mod']['link_delete'] . '</a>';
 				
 				// Delete all posts by IP
 				if($this->mod['type'] >= $config['mod']['deletebyip'])
-					$built .= ' <a title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . $config['mod']['link_deletebyip'] . '</a>';
+					$built .= ' <a onclick="return confirm(\'Are you sure you want to delete all posts by IP?\')" title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . $config['mod']['link_deletebyip'] . '</a>';
 				
 				// Ban
 				if($this->mod['type'] >= $config['mod']['ban'])
@@ -274,11 +274,11 @@
 				
 				// Delete
 				if($this->mod['type'] >= $config['mod']['delete'])
-					$built .= ' <a title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . $config['mod']['link_delete'] . '</a>';
+					$built .= ' <a onclick="return confirm(\'Are you sure you want to delete this?\')" title="Delete" href="?/' . $board['uri'] . '/delete/' . $this->id . '">' . $config['mod']['link_delete'] . '</a>';
 				
 				// Delete all posts by IP
 				if($this->mod['type'] >= $config['mod']['deletebyip'])
-					$built .= ' <a title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . $config['mod']['link_deletebyip'] . '</a>';
+					$built .= ' <a onclick="return confirm(\'Are you sure you want to delete all posts by IP?\')" title="Delete all posts by IP" href="?/' . $board['uri'] . '/deletebyip/' . $this->id . '">' . $config['mod']['link_deletebyip'] . '</a>';
 				
 				// Ban
 				if($this->mod['type'] >= $config['mod']['ban'])
diff --git a/inc/mod.php b/inc/mod.php
index 51ff7785..bc54a23a 100644
--- a/inc/mod.php
+++ b/inc/mod.php
@@ -56,6 +56,22 @@
 		unset($_SESSION['mod']);
 	}
 	
+	function create_pm_header() {
+		global $mod;
+		$query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1");
+		$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if($pm = $query->fetch()) {
+			return 'You have <a href="?/PM/' . $pm['id'] . '">an unread PM</a>' .
+			($query->rowCount() > 1 ?
+				', plus ' . ($query->rowCount()-1) . ' more waiting'
+			: '') . '.';
+		}
+		
+		return false;
+	}
+	
 	function modLog($action) {
 		global $mod;
 		$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)");
diff --git a/inc/template.php b/inc/template.php
index d8961167..c0c754f1 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -5,10 +5,7 @@
 	// savetheinternet@n0v4.com
 	
 	// -----------------------------------------------------
-	// Standard configuration	
-	//
-	// Folder where the template files are kept
-	$templateDir = $config['dir']['template'];
+	// Standard configuration
 	//
 	// Enable global things like %gentime, etc.
 	$templateGlobals = true;
@@ -170,12 +167,18 @@
 	}
 	
 	function Element($templateFile, array $options) {
-		global $templateDir;
+		global $config;
+		
+		// Small little hack to add the PM system
+		if(function_exists('create_pm_header') && @$options['mod']) {
+			$options['pm'] = create_pm_header();
+		}
+		
 		// Read the template file
-		if($template = @file_get_contents("${templateDir}/${templateFile}")) {
+		if($template = @file_get_contents("{$config['dir']['template']}/${templateFile}")) {
 			return templateParse($template, $options, null, $templateFile);
 		} else {
-			throw new Exception("Template file '${templateFile}' does not exist or is empty in '${templateDir}'!");
+			throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
 		}
 	}
 	
diff --git a/mod.php b/mod.php
index 56c0e38a..ad3ee85d 100644
--- a/mod.php
+++ b/mod.php
@@ -146,6 +146,119 @@
 				'mod'=>true
 				)
 			);
+		} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
+			$id = $match[1];
+			
+			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
+			$query->bindValue(':id', $id, PDO::PARAM_INT);
+			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if(!$pm = $query->fetch()) {
+				// Mod doesn't exist
+				error($config['error']['404']);
+			}
+			
+			if(isset($_POST['delete'])) {
+				$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
+				$query->bindValue(':id', $id, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				header('Location: ?/', true, $config['redirect_http']);
+			} else {
+				$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
+				$query->bindValue(':id', $id, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				$body = '<form action="" method="post"><table><th>From</th><td>' .
+					($mod['type'] >= $config['mod']['editusers'] ?
+						'<a href="?/users/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' :
+						htmlentities($pm['username'])
+					) .
+				'</td></tr>' .
+				
+				'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
+				
+				'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
+				
+				'</table>' . 
+				
+				'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
+				
+				'</form>';
+				
+				echo Element('page.html', Array(
+					'index'=>$config['root'],
+					'title'=>'Private message',
+					'body'=>$body,
+					'mod'=>true
+					)
+				);
+			}
+		} elseif(preg_match('/^\/new_PM\/(\d+)$/', $query, $match)) {
+			if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']);
+			
+			$to = $match[1];
+			
+			$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
+			$query->bindValue(':id', $to, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if(!$to = $query->fetch()) {
+				// Mod doesn't exist
+				error($config['error']['404']);
+			}
+			
+			if(isset($_POST['message'])) {
+				// Post message
+				$message = $_POST['message'];
+				
+				if(empty($message))
+					error($config['error']['tooshort_body']);
+				
+				markup($message);
+				
+				$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
+				$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
+				$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
+				$query->bindValue(':message', $message);
+				$query->bindValue(':time', time(), PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				echo Element('page.html', Array(
+					'index'=>$config['root'],
+					'title'=>'PM sent',
+					'body'=>'<p style="text-align:center">Message sent successfully to ' . htmlentities($to['username']) . '.</p>',
+					'mod'=>true
+					)
+				);
+			} else {
+				$body = '<form action="" method="post">' .
+				
+				'<table>' . 
+				
+				'<tr><th>To</th><td>' .
+					($mod['type'] >= $config['mod']['editusers'] ?
+						'<a href="?/users/' . $to['id'] . '">' . htmlentities($to['username']) . '</a>' :
+						htmlentities($to['username'])
+					) .
+				'</td>' .
+				
+				'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40"></textarea></td>' .
+				
+				'</table>' .
+				
+				'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
+				
+				'</form>';
+				
+				echo Element('page.html', Array(
+					'index'=>$config['root'],
+					'title'=>'New PM for ' . htmlentities($to['username']),
+					'body'=>$body
+					,'mod'=>true
+					)
+				);
+			}
 		} elseif(preg_match('/^\/users$/', $query)) {
 			if($mod['type'] < $config['mod']['manageusers']) error($config['error']['noaccess']);
 			
@@ -185,8 +298,10 @@
 						) .
 						($mod['type'] >= $config['mod']['editusers'] ?
 							'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
-						: ''
-						) .
+						: '' ) .
+						($mod['type'] >= $config['mod']['create_pm'] ?
+							'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod['id'] . '">[PM]</a>'
+						: '' ) .
 					'</td></tr>';
 			}
 			
diff --git a/style.css b/style.css
index 50bcc718..87230471 100644
--- a/style.css
+++ b/style.css
@@ -353,4 +353,8 @@ table.modlog tr th {
 td.minimal {
 	width: 1%;
 	white-space: nowrap;
+}
+div.top_notice {
+	text-align: center;
+	margin: 5px auto;
 }
\ No newline at end of file

From	' . + ($mod['type'] >= $config['mod']['editusers'] ? + '' . htmlentities($pm['username']) . '' : + htmlentities($pm['username']) + ) . + '
Date	' . date($config['post_date'], $pm['time']) . '
Message	' . $pm['message'] . '