sendmsg.pl
Copying Source is Forbidden
207 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use HTML::Restrict;
9
use URI::Escape;
10
11
use lib "/var/www/html/Pm";
12
13
use Html qw(pre_html_header
14
header
15
dropdown
16
get_config_forDropdowns
17
);
18
use Date qw(get_today get_time);
19
use Bc_chef qw(cookie_get);
20
use Bc_misc qw(get_param shorten_str);
21
use Bc_sql qw(
22
get_constant
23
sql_execute
24
user_exists
25
$QUERY_PAGE
26
$QUERY_UID
27
$LOGGEDIN
28
new_msgid
29
30
$DB
31
);
32
33
use Security qw(banned);
34
use Redir qw(error_redir);
35
use User qw(get_user_stat);
36
37
my $DEBUG = 1;
38
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN)) {
39
my $msg = "Access Denied";
40
if ($DEBUG) { $msg .= " (sendmsg.pl)"; }
41
print error_redir("/", $msg);
42
43
exit 1;
44
}
45
46
my $output = pre_html_header({type=>'text/plain'}); # this is JUST a placeholder
47
48
my $to_uid = get_param($QUERY_UID);
49
50
if (lc($LOGGEDIN) eq lc($to_uid)) {
51
$output .= "no need to talk to yourself... ($to_uid)<br>\n";
52
} else {
53
if ($to_uid) {
54
$output .= "got 'to' uid: $to_uid (";
55
if (user_exists($to_uid)) {
56
$output .= "valid)<br>\n";
57
# now, grab the remaining msg data
58
my %msg;
59
$msg{ID} = new_msgid();
60
$msg{from_ID} = $LOGGEDIN;
61
$msg{to_ID} = $to_uid;
62
$msg{sent} = get_today("db", 1);
63
$msg{sent_time} = get_time(0, 1);
64
$msg{subject} = get_param("subject");
65
$msg{msg} = get_param("msg");
66
$msg{seen} = 1;
67
$msg{deled} = 1;
68
# subject and msg need to be parsed for 'bad input' (like html)
69
$msg{subj} =~ s/\<(.)*>//g;
70
$msg{msg} =~ s/\<(.)*>//g;
71
72
if ($msg{ID} and $msg{from_ID} and $msg{to_ID} and
73
$msg{sent} and $msg{subject} and $msg{msg} and
74
$msg{seen} and $msg{deled}) {
75
$msg{msg} = uri_escape($msg{msg});
76
my $sql = "insert into messages values(" . $DB->quote($msg{ID}) . ", " . $DB->quote($msg{from_ID}) . ", " . $DB->quote($msg{to_ID}) . ", ";
77
$sql .= $DB->quote($msg{sent}) . ", " . $DB->quote($msg{subject}) . ", " . $DB->quote($msg{msg}) . ", " . $DB->quote($msg{seen}) . ", ";
78
$sql .= $DB->quote($msg{deled}) . ")";# . ", " . $DB->quote($msg{sent_time}) . ")";
79
my $result = sql_execute($sql, "sendmsg.pl");
80
81
if ($result eq 1) {
82
$output = pre_html_header({type=>'text/plain'}) . "1";
83
} else {
84
if ($DEBUG) {
85
$output .= "sql execute failed: $sql<br>\n";
86
} else {
87
$output .= "failed to send msg! wtf? how??<br>\n";
88
}
89
}
90
} else {
91
my $e = cookie_get("e");
92
my $n = cookie_get("n");
93
my $class = "error";
94
my $onload = "";
95
if ($e or $n) {
96
$onload = "setTimeout(removeMsg, " . Bc_sql::get_constant("REMOVE_MSG_TIMEOUT") . ");";
97
}
98
99
my $flag_id = get_param(get_constant("FLAG_ID"));
100
101
$output = pre_html_header() . header("Send Message", "?nobg_img=1&nogrid=1", "", $onload);
102
if ($flag_id) {
103
$output .= "<table border=0 cellpadding=0 cellspacing=0 class=fullsize><tr><td align=center height=1>\n";
104
$output .= " <table border=0 cellpadding=0 cellspacing=0 width=100%><tr><td valign=top>\n";
105
$output .= " <button class=yellow onclick=\"document.location.reload();\" type=button>Reload</button>\n";
106
$output .= " </td><td align=center width=100%>\n";
107
$output .= " <h3 class=subnavbar>Send Message to<br><i>" . shorten_str(get_user_stat($to_uid, "nickname"), 20) . "</i></h3>\n";
108
$output .= " </td><td align=right class=nowrap valign=top>\n";
109
$output .= " <button class=cancel onclick=\"window.history.back();\" type=button>Cancel</button>\n";
110
$output .= " <button class=cancel onclick=\"document.location.href='./edit_ustats.pl?$QUERY_UID=$to_uid';\" type=button>X</button>\n";
111
$output .= " </td></tr></table>\n";
112
$output .= "</td></tr><tr><td class=spacery_large>\n";
113
$output .= "</td></tr><tr><td height=1>\n";
114
$output .= " <table border=0 cellpadding=0 cellspacing=0 width=100%><tr><td width=1>\n";
115
$output .= " <script>\n";
116
$output .= " function loadMsg() {\n";
117
$output .= " var sdd = document.getElementById('subjects');\n";
118
$output .= " var flagged_id = '$flag_id';\n";
119
$output .= " var flag_data = hrequest('/getflag.pl?id=$flag_id');\n";
120
$output .= " flag_data.then(function(fresult) {\n";
121
$output .= " //console.log('flag data retrieved (id: $flag_id)');\n";
122
$output .= " var sender_id = '$LOGGEDIN';\n";
123
$output .= " var sender_name = '" . get_user_stat($LOGGEDIN, "nickname") . "';\n";
124
$output .= "\n";
125
$output .= " // fresult = name,value|name,value....\n";
126
$output .= " // all table row's values from flagged table are returned\n";
127
$output .= " // we only need three: flagger_ID and content_ID and type\n";
128
$output .= " // a fourth value is also required: flagged by nickname\n";
129
$output .= " var by_id = '(none)';\n";
130
$output .= " var content_id = '(none)';\n";
131
$output .= " var type = '(none)';\n";
132
$output .= " var by_name = '(none)';\n";
133
$output .= "\n";
134
$output .= " // set above values to the associated values embedded in fresult\n";
135
$output .= " var flag = fresult.split('\\|');\n";
136
$output .= " if (flag.length) {\n";
137
$output .= " //console.log('flag data splitted into ' + flag.length + ' parts');\n";
138
$output .= " //console.log(fresult);\n";
139
$output .= " }\n";
140
$output .= "\n";
141
$output .= " var msg_data = hrequest('/getmodmsg.pl?id=' + sdd.options[sdd.selectedIndex].value);\n";
142
$output .= " msg_data.then(function(mresult) {\n";
143
$output .= " //console.log('message data retrieved');\n";
144
$output .= " });\n";
145
$output .= " });\n";
146
$output .= " }\n";
147
$output .= "\n";
148
$output .= " </script>\n";
149
$output .= " Subject:\n";
150
$output .= " </td><td class=spacerx></td><td>\n";
151
# now populate this select box with all the right shit
152
# oh, i have a function to make the box for me. just need the data to give to the function.
153
# ugh.
154
# dropdown($id, $title, $selected, $class, $onChange, $spacing, $extras,
155
# $separator, $dataRef, $add999, $special_select_arrayRef, $special_select_colour)
156
my @subjs = get_config_forDropdowns("mod_subjects");
157
$output .= dropdown(
158
"subjects", # id
159
"", # title
160
-1, # selected value
161
"", # css class
162
"loadMsg();", # onchange
163
" ", # spacing
164
"style=\"width: 98%;\"", # extra html attributes
165
"", # separator
166
\@subjs, # data reference
167
"", # add "any" option
168
"", # array of "special" items to colourize
169
"" # background colour of "special" items
170
);
171
$output .= " </td></tr></table>\n";
172
$output .= "</td></tr><tr><td class=spacery>\n";
173
$output .= "</td></tr><tr><td valign=top>\n";
174
$output .= " <textarea id=msgarea style='resize: none; width: 100%; height: 100%;' readonly></textarea>\n";
175
$output .= "</td></tr><tr><td class=spacery>\n";
176
$output .= "</td></tr><tr><td align=right height=1>\n";
177
$output .= " <table border=0 cellpadding=0 cellspacing=0 width=100%><tr>";
178
179
if ($e or $n) {
180
$output .= "<td align=left>\n";
181
my $msg = $e;
182
if ($n) { $msg = $n; $class = "notice" }
183
$output .= " <div class='MSGS $class' id=MSGS>$msg</div>\n";
184
$output .= " </td><td class=spacerx></td><td align=right width=1>\n";
185
} else {
186
$output .= "<td align=right class=nowrap>\n";
187
}
188
$output .= " <button class=red onclick=\"document.location.reload();\" type=button>Edit</button>\n";
189
$output .= " <button class=green onclick=\"document.location.reload();\" type=button>Send</button>\n";
190
$output .= " </td></tr></table>\n";
191
$output .= "</td></tr></table>\n";
192
} else {
193
# invalid or no flag id given
194
$output .= "invalid or no flag id given<br>\n";
195
}
196
}
197
} else {
198
$output .= "invalid)<br>\n";
199
}
200
} else {
201
$output .= "please provide a user id to send a msg to<br>\n";
202
}
203
}
204
205
print $output;
206
207
exit 1;