b2evolution PHP Cross Reference Blogging Systems

Source: /inc/messaging/messages.ctrl.php - 226 lines - 6666 bytes - Text - Print

Description: This file is part of b2evolution - {@link http://b2evolution.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file is part of b2evolution - {@link http://b2evolution.net/}
   4   * See also {@link http://sourceforge.net/projects/evocms/}.
   5   *
   6   * @copyright (c)2009-2014 by Francois PLANQUE - {@link http://fplanque.net/}
   7   * Parts of this file are copyright (c)2009 by The Evo Factory - {@link http://www.evofactory.com/}.
   8   *
   9   * Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
  10   *
  11   * {@internal Open Source relicensing agreement:
  12   * The Evo Factory grants Francois PLANQUE the right to license
  13   * The Evo Factory's contributions to this file and the b2evolution project
  14   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  15   * }}
  16   *
  17   * @package messaging
  18   *
  19   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  20   * @author efy-maxim: Evo Factory / Maxim.
  21   * @author fplanque: Francois Planque.
  22   *
  23   * @version $Id: messages.ctrl.php 6136 2014-03-08 07:59:48Z manuel $
  24   */
  25  
  26  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  27  
  28  // Load classes
  29  load_class( 'messaging/model/_thread.class.php', 'Thread' );
  30  load_class( 'messaging/model/_message.class.php', 'Message' );
  31  
  32  
  33  /**
  34   * @var User
  35   */
  36  global $current_User;
  37  
  38  // Check minimum permission:
  39  if( !$current_User->check_perm( 'perm_messaging', 'reply' ) )
  40  {
  41      $Messages->add( T_('You are not allowed to view messages.') );
  42      header_redirect( $admin_url );
  43  }
  44  
  45  // Get action parameter from request:
  46  param_action();
  47  
  48  /**
  49   * @var set TRUE if we want to see a messages as abuse manager
  50   */
  51  global $perm_abuse_management;
  52  
  53  $tab = param( 'tab', 'string' );
  54  if( $tab == 'abuse' && $current_User->check_perm( 'perm_messaging', 'abuse' ) )
  55  {    // We go from abuse management and have a permissions
  56      $perm_abuse_management = true;
  57  }
  58  else
  59  {
  60      $perm_abuse_management = false;
  61  }
  62  
  63  if( param( 'thrd_ID', 'integer', '', true) )
  64  {// Load thread from cache:
  65      $ThreadCache = & get_ThreadCache();
  66      if( ($edited_Thread = & $ThreadCache->get_by_ID( $thrd_ID, false )) === false )
  67      {    // Thread doesn't exists with this ID
  68          unset( $edited_Thread );
  69          forget_param( 'thrd_ID' );
  70          $Messages->add( T_('The requested thread does not exist any longer.'), 'error' );
  71          $action = 'nil';
  72      }
  73      else if( ! $edited_Thread->check_thread_recipient( $current_User->ID ) && ! $perm_abuse_management )
  74      {    // Current user is not recipient of this thread and he is not abuse manager
  75          unset( $edited_Thread );
  76          forget_param( 'thrd_ID' );
  77          $Messages->add( T_('You are not allowed to view this thread.'), 'error' );
  78          $action = 'nil';
  79      }
  80  }
  81  
  82  if( param( 'msg_ID', 'integer', '', true) )
  83  {// Load message from cache:
  84      $MessageCache = & get_MessageCache();
  85      if( ($edited_Message = & $MessageCache->get_by_ID( $msg_ID, false )) === false )
  86      {    unset( $edited_Message );
  87          forget_param( 'msg_ID' );
  88          $Messages->add( T_('The requested message does not exist any longer.'), 'error' );
  89          $action = 'nil';
  90      }
  91  }
  92  
  93  if( empty( $thrd_ID ) )
  94  {
  95      $Messages->add( T_( 'Can\'t show messages without thread!' ), 'error' );
  96      $action = 'nil';
  97  }
  98  else
  99  {
 100      // Preload users to show theirs avatars
 101      load_messaging_thread_recipients( $thrd_ID );
 102  }
 103  
 104  
 105  $param_tab = '';
 106  if( $perm_abuse_management )
 107  {    // After completing of the action ( create | delete ) we want back to the abuse managment
 108      $param_tab = '&tab=abuse';
 109  }
 110  
 111  switch( $action )
 112  {
 113      case 'create': // Record new message
 114          // Check that this action request is not a CSRF hacked request:
 115          $Session->assert_received_crumb( 'messaging_messages' );
 116  
 117          // Try to create the new message
 118          if( create_new_message( $thrd_ID ) )
 119          {
 120              // Redirect so that a reload doesn't write to the DB twice:
 121              header_redirect( '?ctrl=messages&thrd_ID='.$thrd_ID.$param_tab, 303 ); // Will EXIT
 122              // We have EXITed already at this point!!
 123          }
 124          break;
 125  
 126      case 'delete':
 127          // Delete message:
 128  
 129          // Check that this action request is not a CSRF hacked request:
 130          $Session->assert_received_crumb( 'messaging_messages' );
 131  
 132          // Check permission:
 133          $current_User->check_perm( 'perm_messaging', 'delete', true );
 134  
 135          // Make sure we got an msg_ID:
 136          param( 'msg_ID', 'integer', true );
 137  
 138          if( param( 'confirm', 'integer', 0 ) )
 139          { // confirmed, Delete from DB:
 140              $edited_Message->dbdelete();
 141              unset( $edited_Message );
 142              forget_param( 'msg_ID' );
 143              $Messages->add( T_('Message deleted.'), 'success' );
 144  
 145              // Redirect so that a reload doesn't write to the DB twice:
 146              header_redirect( '?ctrl=messages&thrd_ID='.$thrd_ID.$param_tab, 303 ); // Will EXIT
 147              // We have EXITed already at this point!!
 148          }
 149          else
 150          {    // not confirmed, Check for restrictions:
 151              if( ! $edited_Message->check_delete( T_('Cannot delete message.') ) )
 152              {    // There are restrictions:
 153                  $action = 'view';
 154              }
 155          }
 156          break;
 157  
 158      default:
 159          // View messages, this not require crumb check
 160  
 161          if( empty( $edited_Thread ) )
 162          { // there are no thread what to show
 163              break;
 164          }
 165  
 166          // Mark this edited Thread as read by current User, because all messages will be displayed
 167          // No need to check permission because if the given user is not part of the thread the update won't modify anything.
 168          mark_as_read_by_user( $edited_Thread->ID, $current_User->ID );
 169          break;
 170  
 171  }
 172  
 173  $AdminUI->breadcrumbpath_init( false );  // fp> I'm playing with the idea of keeping the current blog in the path here...
 174  $AdminUI->breadcrumbpath_add( T_('Messages'), '?ctrl=threads' );
 175  if( $perm_abuse_management )
 176  {    // We see a messages from abuse management
 177      $AdminUI->breadcrumbpath_add( T_('Abuse Management'), '?ctrl=abuse' );
 178      $AdminUI->set_path( 'messaging', 'abuse' );
 179  }
 180  else
 181  {    // Set options path:
 182      $AdminUI->set_path( 'messaging', 'threads' );
 183  }
 184  
 185  
 186  // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
 187  $AdminUI->disp_html_head();
 188  
 189  // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
 190  $AdminUI->disp_body_top();
 191  
 192  $AdminUI->disp_payload_begin();
 193  
 194  /**
 195   * Display payload:
 196   */
 197  switch( $action )
 198  {
 199      case 'nil':
 200          // Do nothing
 201          break;
 202  
 203      case 'delete':
 204          if( $perm_abuse_management )
 205          {    // Save a tab param for hidden fields of the form
 206              memorize_param( 'tab', 'string', 'abuse' );
 207          }
 208          // We need to ask for confirmation:
 209          $edited_Message->confirm_delete( T_('Delete message?'),
 210                  'messaging_messages', $action, get_memorized( 'action' ) );
 211      default:
 212          // No specific request, list all messages:
 213          // Cleanup context:
 214          forget_param( 'msg_ID' );
 215          // Display messages list:
 216          $action = 'create';
 217          $AdminUI->disp_view( 'messaging/views/_message_list.view.php' );
 218          break;
 219  }
 220  
 221  $AdminUI->disp_payload_end();
 222  
 223  // Display body bottom, debug info and close </html>:
 224  $AdminUI->disp_global_footer();
 225  
 226  ?>

title

Description

title

Description

title

Description

title

title

Body