> This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ include_once('config.php'); if(isset($_COOKIE['PHPSESSID'])){session_start();} if(!isset($_SESSION['id'])){header('Location: '.BASEURL.'/login?returnto='.urlencode($_SERVER['REQUEST_URI']));} include_once('db.php'); include_once('nonce.php'); include_once('rpc.php'); function getdisplayname($username) { static $cache=Array(); if(isset($cache[$username])){return $cache[$username];} $user=explode('@', $username); if(count($user)!=2){return $username;} // Invalid username, fall back on username $obj=rpc_get($user[1], 'user/'.$user[0]); if(isset($obj['error'])){return $username;} // RPC error, fall back on username $cache[$username]=$obj['displayname']; return $obj['displayname']; } $error=''; $info=''; // Resolve chain ID if(isset($path[2]) && $path[2]!='new' && $path[2]!='') { $chain=mysqli_real_escape_string($db, $path[2]); $res=mysqli_query($db, 'select sender, recipient, subject from messages where user='.(int)$_SESSION['id'].' and chain="'.$chain.'" and latest'); if(!($res=mysqli_fetch_row($res))) { $error='Message chain not found'; }else{ $to=$res[($res[0]==$_SESSION['name'].'@'.DOMAIN)?1:0]; $subject=$res[2]; } }else{ $chain=''; $to=$_POST['to']; $subject=''; } // Send message if($error=='' && isset($_POST['msg']) && isset($_POST['subject']) && ($path[2]!='new' || isset($_POST['to'])) && checknonce()) { $touser=explode('@', $to); if(count($touser)!=2){$error='Invalid recipient';}else{ // Store in DB $subject=$_POST['subject']; $to_esc=mysqli_real_escape_string($db, $to); $from=mysqli_real_escape_string($db, $_SESSION['name'].'@'.DOMAIN); $timestamp=mysqli_real_escape_string($db, date('Y-m-d H:i:s')); $subject_esc=mysqli_real_escape_string($db, $subject); $msg=mysqli_real_escape_string($db, $_POST['msg']); $q='insert into messages(user, recipient, sender, sent, subject, message, msgread, latest'.(($chain=='')?'':', chain').') '; $q.='values('.(int)$_SESSION['id'].', "'.$to_esc.'", "'.$from.'", "'.$timestamp.'", "'.$subject_esc.'", "'.$msg.'", true, true'.(($chain=='')?'':', "'.$chain.'"').')'; if(!mysqli_query($db, $q)){$error='Database error, message not sent';}else{ $id=(int)mysqli_insert_id($db); if($chain=='') // Set chain ID for new chain { $path[2]=$id.'_'.DOMAIN; $chain=mysqli_real_escape_string($db, $path[2]); mysqli_query($db, 'update messages set chain="'.$chain.'" where id='.(int)$id); } // Send it to recipient's node $msg=Array('subject'=>$subject, 'from'=>$_SESSION['name'], 'message'=>$_POST['msg'], 'chain'=>$path[2]); $data=rpc_post($touser[1], 'messages/'.$touser[0], $msg); if(isset($data['error'])) { $error=$data['error']; // Delete the failed message from database mysqli_query($db, 'delete from messages where user='.(int)$_SESSION['id'].' and id='.$id); }else{ $info=_('Message sent'); // Update 'latest' on messages which are now old mysqli_query($db, 'update messages set latest=false where chain="'.$chain.'" and user='.(int)$_SESSION['id'].' and id!='.$id.' and sent<"'.$timestamp.'"'); } }} // Error checks } $messages=''; $header=''; // One view for overview, one view for thread/new if(!isset($path[2]) || $path[2]=='') // Overview { $header=''._('To/From').''._('Subject').''._('Date').''; $res=mysqli_query($db, 'select id, recipient, sender, sent, subject, message, msgread, chain from messages where user='.(int)$_SESSION['id'].' and latest order by sent desc'); while($row=mysqli_fetch_assoc($res)) { $user=(($row['recipient']==$_SESSION['name'].'@'.DOMAIN)?$row['sender']:$row['recipient']); $user=''.htmlentities(getdisplayname($user)).''; $subjectline=htmlentities($row['subject']); $chain=htmlentities($row['chain']); $aclass=($row['msgread']?'':' class="highlight"'); // Highlight link if unread $messages.=''; $messages.=' '.$user.''; $messages.=' '.$subjectline.''; $messages.=' '.htmlentities($row['sent']).''; $messages.=''; } } elseif($error=='' && $path[2]!='new') // Thread view { include_once('parsedown/Parsedown.php'); $md=new Parsedown(); $res=mysqli_query($db, 'select id, recipient, sender, sent, subject, message, msgread from messages where user='.(int)$_SESSION['id'].' and chain="'.$chain.'" order by sent asc'); while($row=mysqli_fetch_assoc($res)) { $sender=htmlentities($row['sender']); $displayname=htmlentities(getdisplayname($row['sender'])); $msg=$md->text(htmlentities($row['message'])); $time=htmlentities($row['sent']); // TODO: CSS for this $messages.='

'.$displayname.' '.$time.'

'.$msg.'

'; } mysqli_query($db, 'update messages set msgread=true where user='.(int)$_SESSION['id'].' and chain="'.$chain.'" order by sent asc'); // TODO: Option to block user } if($path[2]=='new') { $to=''._('To:').'
'; }else{ $to=_('To:').' '.htmlentities($to).'
'; } if($error!=''){$info=''.$error.'';} include_once('head.php'); ?>

'._('Reply').'')?>