From fb6599272d976d7dcadebc6f7c1e154793a07f18 Mon Sep 17 00:00:00 2001
From: Cristian Fasanando <cristian.fasanando@beeznest.com>
Date: Tue, 15 Dec 2009 15:18:12 -0500
Subject: [PATCH] message for group is now sent only a message  - partial
 BT#190

---
 main/inc/lib/message.lib.php               | 165 +++++++++++++--------
 main/messages/download.php                 |  11 +-
 main/social/group_invitation.php           |   3 +-
 main/social/groups.php                     |  18 ++-
 main/social/message_for_group_form.inc.php |   1 +
 5 files changed, 126 insertions(+), 72 deletions(-)

diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php
index 67ca42aaf5..a5743aef43 100755
--- a/main/inc/lib/message.lib.php
+++ b/main/inc/lib/message.lib.php
@@ -22,7 +22,8 @@ require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php';
  */
 define('MESSAGE_STATUS_NEW',				'0');
 define('MESSAGE_STATUS_UNREAD',				'1');
-define('MESSAGE_STATUS_DELETED',			'2');
+define('MESSAGE_STATUS_DELETED',			'3');
+define('MESSAGE_STATUS_OUTBOX',				'4');
 
 define('MESSAGE_STATUS_INVITATION_PENDING',	'5');
 define('MESSAGE_STATUS_INVITATION_ACCEPTED','6');
@@ -192,10 +193,33 @@ class MessageManager
 	        $content = api_convert_encoding($content,$charset,'UTF-8');
 	        $content = Database::escape_string($content);
 			//message in inbox
-			$sql = "SELECT COUNT(*) as count FROM $table_message WHERE user_sender_id = ".$user_sender_id." AND user_receiver_id='$receiver_user_id' AND title = '$title' AND content ='$content' AND group_id = '$group_id' AND parent_id = '$parent_id'";
-			$res_exist = Database::query($sql,__FILE__,__LINE__);
-			$row_exist = Database::fetch_array($res_exist,'ASSOC');
-			if ($row_exist['count'] == 0) {
+			
+			//useless query
+			//echo $sql = "SELECT COUNT(*) as count FROM $table_message WHERE user_sender_id = ".$user_sender_id." AND user_receiver_id='$receiver_user_id' AND title = '$title' AND content ='$content' AND group_id = '$group_id' AND parent_id = '$parent_id'";		
+			//$res_exist = Database::query($sql,__FILE__,__LINE__);
+			//$row_exist = Database::fetch_array($res_exist,'ASSOC');
+			
+			//We should ALWAYS sent emails
+			//if ($row_exist['count'] == 0) {
+			
+			//message in inbox for user friend								 
+			$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ".
+					 " VALUES ('$user_sender_id', '$receiver_user_id', '1', '".date('Y-m-d H:i:s')."','$title','$content','$group_id','$parent_id')";
+			$result = Database::query($query,__FILE__,__LINE__);				
+			$inbox_last_id = Database::insert_id();		
+						
+			// save attachment file for inbox messages
+			if (is_array($file_attachments)) {
+				$i = 0;
+				foreach ($file_attachments as $file_attach) {						
+					if ($file_attach['error'] == 0) {
+						self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id,$group_id);
+					}
+					$i++;	
+				}
+			}
+				
+			if (empty($group_id)) {	
 				//message in outbox for user friend or group
 				$sql = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ".
 						 " VALUES ('$user_sender_id', '$receiver_user_id', '4', '".date('Y-m-d H:i:s')."','$title','$content', '$group_id', '$parent_id')";
@@ -212,54 +236,56 @@ class MessageManager
 						$o++;
 					}
 				}
-				
-				if (!empty($group_id)) {
-					//message in inbox for group										
-					$users_by_group = GroupPortalManager::get_all_users_by_group($group_id);
-					$users_ids = array_keys($users_by_group);	
-					if (is_array($users_ids) && count($users_ids) > 0) {				
-						foreach ($users_ids as $user_id) {
-							$receiver_user_id = $user_id;														 
-							$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ".
-									 " VALUES ('$user_sender_id', '$receiver_user_id', '1', '".date('Y-m-d H:i:s')."','$title','$content','$group_id','$parent_id')";
-							$result = Database::query($query,__FILE__,__LINE__);				
-							$inbox_last_id = Database::insert_id();					
-							// save attachment file for inbox messages
-							if (is_array($file_attachments)) {
-								$i = 0;
-								foreach ($file_attachments as $file_attach) {						
-									if ($file_attach['error'] == 0) {
-										self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id);
-									}
-									$i++;
+			}
+			/*
+			if (!empty($group_id)) {
+				//message in inbox for group										
+				$users_by_group = GroupPortalManager::get_all_users_by_group($group_id);
+				$users_ids = array_keys($users_by_group);	
+				if (is_array($users_ids) && count($users_ids) > 0) {				
+					foreach ($users_ids as $user_id) {
+						$receiver_user_id = $user_id;														 
+						$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ".
+								 " VALUES ('$user_sender_id', '$receiver_user_id', '1', '".date('Y-m-d H:i:s')."','$title','$content','$group_id','$parent_id')";
+						$result = Database::query($query,__FILE__,__LINE__);				
+						$inbox_last_id = Database::insert_id();					
+						// save attachment file for inbox messages
+						if (is_array($file_attachments)) {
+							$i = 0;
+							foreach ($file_attachments as $file_attach) {						
+								if ($file_attach['error'] == 0) {
+									self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id);
 								}
-							}						
-							// update parent id for other receiver users belongs the group						
-							if (!empty($parent_id)) {
-								self::update_parent_ids_from_reply($parent_id, $receiver_user_id, $inbox_last_id);
-							}													
-						}
-					}
-				} else {		
-								
-					//message in inbox for user friend								 
-					$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ".
-							 " VALUES ('$user_sender_id', '$receiver_user_id', '1', '".date('Y-m-d H:i:s')."','$title','$content','$group_id','$parent_id')";
-					$result = Database::query($query,__FILE__,__LINE__);				
-					$inbox_last_id = Database::insert_id();					
-					// save attachment file for inbox messages
-					if (is_array($file_attachments)) {
-						$i = 0;
-						foreach ($file_attachments as $file_attach) {						
-							if ($file_attach['error'] == 0) {
-								self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id);
+								$i++;
 							}
-							$i++;	
+						}						
+						// update parent id for other receiver users belongs the group						
+						if (!empty($parent_id)) {
+							self::update_parent_ids_from_reply($parent_id, $receiver_user_id, $inbox_last_id);
+						}													
+					}
+				}
+			} else {		
+							
+				//message in inbox for user friend								 
+				$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id ) ".
+						 " VALUES ('$user_sender_id', '$receiver_user_id', '1', '".date('Y-m-d H:i:s')."','$title','$content','$group_id','$parent_id')";
+				$result = Database::query($query,__FILE__,__LINE__);				
+				$inbox_last_id = Database::insert_id();					
+				// save attachment file for inbox messages
+				if (is_array($file_attachments)) {
+					$i = 0;
+					foreach ($file_attachments as $file_attach) {						
+						if ($file_attach['error'] == 0) {
+							self::save_message_attachment_file($file_attach,$file_comments[$i],$inbox_last_id,null,$receiver_user_id);
 						}
-					}					
-				}														
-				return $result;
-			}
+						$i++;	
+					}
+				}					
+			}	
+			*/													
+			return $result;
+			//}
         }         
 		return false;
 	}
@@ -344,7 +370,7 @@ class MessageManager
 		return false;
 	}
 	
-	public static function save_message_attachment_file($file_attach,$file_comment,$message_id,$receiver_user_id=0,$sender_user_id=0) {
+	public static function save_message_attachment_file($file_attach,$file_comment,$message_id,$receiver_user_id=0,$sender_user_id=0,$group_id=0) {
 
 		$tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
 
@@ -367,7 +393,13 @@ class MessageManager
 			}			
 			
 			// User-reserved directory where photos have to be placed.
-			$path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true);
+			
+			if (!empty($group_id)) {
+				$path_user_info = GroupPortalManager::get_group_picture_path_by_id($group_id, 'system', true);
+			} else {
+				$path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true);	
+			}
+
 			$path_message_attach = $path_user_info['dir'].'message_attachments/';
 					
 			// If this directory does not exist - we create it.
@@ -398,7 +430,7 @@ class MessageManager
 	 * @param  int		message user id (receiver user id or sender user id) 
 	 * @return void
 	 */
-	public static function delete_message_attachment_file($message_id,$message_uid) {
+	public static function delete_message_attachment_file($message_id,$message_uid,$group_id=0) {
 
 		$message_id = intval($message_id);		
 		$message_uid = intval($message_uid);
@@ -411,7 +443,13 @@ class MessageManager
 			$path 		= $row['path'];
 			$attach_id  = $row['id'];			
 			$new_path 	= $path.'_DELETED_'.$attach_id;
-			$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);
+			
+			if (!empty($group_id)) {
+				$path_user_info = GroupPortalManager::get_group_picture_path_by_id($group_id, 'system', true);
+			} else {
+				$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);	
+			}
+
 			$path_message_attach = $path_user_info['dir'].'message_attachments/';					
 			if (is_file($path_message_attach.$path)) {				
 				if(rename($path_message_attach.$path, $path_message_attach.$new_path)) {					
@@ -442,7 +480,7 @@ class MessageManager
 	 	$table_message = Database::get_main_table(TABLE_MESSAGE);
 	 	$current_uid = api_get_user_id();
 	 	$group_id = intval($group_id);	 			
-		$query = "SELECT * FROM $table_message WHERE group_id='$group_id' AND msg_status <> 4 AND user_receiver_id = '$current_uid' ORDER BY id";		
+		$query = "SELECT * FROM $table_message WHERE group_id='$group_id' AND msg_status <> 4 ORDER BY id";		
 		$rs = Database::query($query,__FILE__,__LINE__);		
 		$data = array();
 		if (Database::num_rows($rs) > 0) {
@@ -573,7 +611,7 @@ class MessageManager
 		$row = Database::fetch_array($result);
 		
 		// get file attachments by message id
-		$files_attachments = self::get_links_message_attachment_files($message_id);
+		$files_attachments = self::get_links_message_attachment_files($message_id,$source);
 		
 		$user_con = self::users_connected_by_id();
 		$band=0;
@@ -659,7 +697,7 @@ class MessageManager
 		$path='outbox.php';
 
 		// get file attachments by message id
-		$files_attachments = self::get_links_message_attachment_files($message_id);
+		$files_attachments = self::get_links_message_attachment_files($message_id,'outbox');
 	
 		$row = Database::fetch_array($result);
 		$user_con = self::users_connected_by_id();
@@ -821,9 +859,10 @@ class MessageManager
 	/**
 	 * Get array of links (download) for message attachment files    
 	 * @param int  		message id 
+	 * @param string	type message list (inbox/outbox)
 	 * @return array 
 	 */	
-	public static function get_links_message_attachment_files($message_id) {
+	public static function get_links_message_attachment_files($message_id,$type='') {
 		
 		$tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
 		$message_id = intval($message_id);
@@ -831,11 +870,15 @@ class MessageManager
 		// get file attachments by message id
 		$links_attach_file = array();
 		if (!empty($message_id)) {
-			$sql = "SELECT * FROM $tbl_message_attach WHERE message_id = '$message_id'";
+			
+			$sql = "SELECT * FROM $tbl_message_attach WHERE message_id = '$message_id'";		
+				
 			$rs_file = Database::query($sql,__FILE__,__LINE__);				
 			if (Database::num_rows($rs_file) > 0) {
-				$attach_icon = Display::return_icon('attachment.gif');						
-				$archiveURL=api_get_path(WEB_CODE_PATH).'messages/download.php?type=inbox&file=';				
+				$attach_icon = Display::return_icon('attachment.gif');
+
+				$archiveURL=api_get_path(WEB_CODE_PATH).'messages/download.php?type='.$type.'&file=';				
+				
 				while ($row_file = Database::fetch_array($rs_file)) {
 					$archiveFile= $row_file['path'];
 					$filename 	= $row_file['filename'];
diff --git a/main/messages/download.php b/main/messages/download.php
index 27fcf112d0..e5e5844811 100755
--- a/main/messages/download.php
+++ b/main/messages/download.php
@@ -21,6 +21,7 @@ session_cache_limiter('public');
 
 require_once '../inc/global.inc.php';
 require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
+require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php';
 require_once api_get_path(LIBRARY_PATH).'document.lib.php';
 
 // IMPORTANT to avoid caching of documents
@@ -46,10 +47,9 @@ $title = str_replace(' ','_', $row['filename']);
 $message_id = $row['message_id'];
 
 // allow download only for user sender and user receiver
-$sql = "SELECT user_sender_id, user_receiver_id FROM $tbl_messsage WHERE id = '$message_id'";
+$sql = "SELECT user_sender_id, user_receiver_id, group_id FROM $tbl_messsage WHERE id = '$message_id'";
 $rs= Database::query($sql, __FILE__, __LINE__);
 $row_users= Database::fetch_row($rs);
-
 $current_uid = api_get_user_id(); 
 if (!in_array($current_uid,$row_users)) {
 	api_not_allowed();
@@ -66,7 +66,12 @@ if (in_array($_GET['type'],$message_type)) {
 	}	
 }
 
-$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);
+if (!empty($row_users[2])) {	
+	$path_user_info = GroupPortalManager::get_group_picture_path_by_id($row_users[2], 'system', true);
+} else {
+	$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);	
+}
+
 $full_file_name = $path_user_info['dir'].'message_attachments/'.$file_url;
 
 // launch event
diff --git a/main/social/group_invitation.php b/main/social/group_invitation.php
index d6eb2100b7..7cca0f0417 100755
--- a/main/social/group_invitation.php
+++ b/main/social/group_invitation.php
@@ -14,6 +14,7 @@ $cidReset=true;
 // including some necessary dokeos files
 require('../inc/global.inc.php');
 require_once ('../inc/lib/xajax/xajax.inc.php');
+
 api_block_anonymous_users();
 
 $xajax = new xajax();
@@ -354,7 +355,7 @@ if ($add_type=='multiple') {
 ?>
 
 <input type="hidden" name="form_sent" value="1" />
-<input type="hidden" name="id" value="<?=$group_id?>" />
+<input type="hidden" name="id" value="<?php echo $group_id?>" />
 <input type="hidden" name="add_type"  />
 
 <?php
diff --git a/main/social/groups.php b/main/social/groups.php
index bfde20aacd..fadf65dcc8 100755
--- a/main/social/groups.php
+++ b/main/social/groups.php
@@ -19,7 +19,6 @@ $this_section = SECTION_SOCIAL;
 
 $htmlHeadXtra[] = '<script type="text/javascript" src="/main/inc/lib/javascript/jquery.js"></script>';
 $htmlHeadXtra[] = '<script type="text/javascript" src="/main/inc/lib/javascript/thickbox.js"></script>';
-//$htmlHeadXtra[] = '<script type="text/javascript" src="/main/inc/lib/javascript/ajaxfileupload.js"></script>';
 $htmlHeadXtra[] = '<link rel="stylesheet" href="/main/inc/lib/javascript/thickbox.css" type="text/css" media="projection, screen">';
 
 $htmlHeadXtra[] = '<script type="text/javascript">
@@ -68,12 +67,17 @@ $interbreadcrumb[]= array ('url' =>'#','name' => get_lang('Groups'));
 Display :: display_header($tool_name, 'Groups');
 
 // save message group
-if (isset($_POST['action']) && $_POST['action']=='send_message_group') {	
-	$title = $_POST['title'];
-	$content = $_POST['content'];
-	$group_id = $_POST['group_id'];
-	$parent_id = $_POST['parent_id'];	
-	MessageManager::send_message(0, $title, $content, $_FILES, '', $group_id, $parent_id);
+if (isset($_POST['token']) && $_POST['token'] == $_SESSION['sec_token']) {
+	if (isset($_POST['action']) && $_POST['action']=='send_message_group') {	
+		$title = $_POST['title'];
+		$content = $_POST['content'];
+		$group_id = $_POST['group_id'];
+		$parent_id = $_POST['parent_id'];	
+		MessageManager::send_message(0, $title, $content, $_FILES, '', $group_id, $parent_id);
+		Security::clear_token();
+	}	
+} else {
+	$tok = Security::get_token();	
 }
 
 //show the action menu
diff --git a/main/social/message_for_group_form.inc.php b/main/social/message_for_group_form.inc.php
index 89f2b8929d..a36b0b1bf6 100755
--- a/main/social/message_for_group_form.inc.php
+++ b/main/social/message_for_group_form.inc.php
@@ -46,6 +46,7 @@ if (!empty($group_id)) {
 <input type="hidden" name="action" value="send_message_group" />
 <input type="hidden" name="group_id" value="<?php echo $group_id ?>" />
 <input type="hidden" name="parent_id" value="<?php echo $message_id ?>" />
+<input type="text" name="token" value="<?php echo $_SESSION['sec_token'] ?>" />
 <table width="600" border="0" height="220">
     <tr height="180">
         <td align="left">