mail, i18n, etc.

11 years ago · b399b20dee
16 changed files with 409 additions and 181 deletions
--- a/boot.php
+++ b/boot.php
@ -19,7 +19,7 @@ define ( 'NOTIFY_WALL',    0x0004 );
 define ( 'NOTIFY_COMMENT', 0x0008 );
 define ( 'NOTIFY_MAIL',    0x0010 );

-
+define ( 'NAMESPACE_DFRN' , 'http://purl.org/macgirvin/dfrn/1.0' ); 


 if(! class_exists('App')) {
--- a/database.sql
+++ b/database.sql
@ -178,7 +178,7 @@ CREATE TABLE IF NOT EXISTS `item` (
 --

 CREATE TABLE IF NOT EXISTS `mail` (
-  `id` int(10) unsigned NOT NULL,
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `uid` int(10) unsigned NOT NULL,
  `from-name` char(255) NOT NULL,
  `from-photo` char(255) NOT NULL,
@ -314,6 +314,10 @@ CREATE TABLE IF NOT EXISTS `user` (
  `blocked` tinyint(1) unsigned NOT NULL DEFAULT '0',
  `notify-flags` int(11) unsigned NOT NULL DEFAULT '65535',
  `pwdreset` char(255) NOT NULL,
+  `allow_cid` mediumtext NOT NULL,
+  `allow_gid` mediumtext NOT NULL,
+  `deny_cid` mediumtext NOT NULL,
+  `deny_gid` mediumtext NOT NULL,
  PRIMARY KEY (`uid`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;

--- a/include/auth.php
+++ b/include/auth.php
@ -46,7 +46,7 @@ else {

 	if((x($_POST,'auth-params')) && $_POST['auth-params'] == 'login') {
 		$r = q("SELECT * FROM `user` 
-			WHERE `email` = '%s' AND `password` = '%s' LIMIT 1",
+			WHERE `email` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
 			dbesc(trim($_POST['login-name'])),
 			dbesc($encrypted));
 		if(($r === false) || (! count($r))) {
--- a/include/login.php
+++ b/include/login.php
@ -1,19 +0,0 @@
-
-<form action="process-login" method="post" >
-<div class="login-name-wrapper">
-	<label for="login-name" id="label-login-name">Email address: </label>
-	<input type="text" maxlength="60" name="login-name" id="login-name" value="" />
-</div>
-<div class="login-password-wrapper">
-	<label for="login-password" id="label-login-password">Password: </label>
-	<input type="password" maxlength="60" name="password" id="password" value="" />
-</div>
-</div>
-<div class="login-extra-links">
-	<?php if($register) { ?>
-	<a href="register" name="Register" id="register" >Register</a>
-	<?php } ?>
-	<a href="lost-password" name="Lost your password?" id="lost-password">Password Reset</a>
-</div>
-	<input type="submit" name="submit" id="login-submit" value="Login" />
-</form>
--- a/include/notifier.php
+++ b/include/notifier.php
@ -23,6 +23,7 @@ dbg(3);

 	switch($cmd) {

+		case 'mail':
 		default:
 			$item_id = intval($argv[3]);
 			if(! $item_id)
@ -33,24 +34,38 @@ dbg(3);

 	$recipients = array();

-	// find ancestors
+	if($cmd == 'mail') {

-	$r = q("SELECT `parent`, `uid`, `edited` FROM `item` WHERE `id` = %d LIMIT 1",
-		intval($item_id)
-	);
-	if(! count($r))
-		killme();
+		$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
+				intval($item_id)
+		);
+		if(! count($message))
+			killme();
+		$uid = $message[0]['uid'];
+		$recipients[] = $message[0]['contact-id'];
+		$item = $message[0];
+
+	}
+	else {
+		// find ancestors

-	$parent = $r[0]['parent'];
-	$uid = $r[0]['uid'];
-	$updated = $r[0]['edited'];
+		$r = q("SELECT `parent`, `uid`, `edited` FROM `item` WHERE `id` = %d LIMIT 1",
+			intval($item_id)
+		);
+		if(! count($r))
+			killme();

-	$items = q("SELECT * FROM `item` WHERE `parent` = %d ORDER BY `id` ASC",
-		intval($parent)
-	);
+		$parent = $r[0]['parent'];
+		$uid = $r[0]['uid'];
+		$updated = $r[0]['edited'];

-	if(! count($items))
-		killme();
+		$items = q("SELECT * FROM `item` WHERE `parent` = %d ORDER BY `id` ASC",
+			intval($parent)
+		);
+
+		if(! count($items))
+			killme();
+	}

 	$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
 		intval($uid)
@ -61,53 +76,56 @@ dbg(3);
 	else
 		killme();

+	if($cmd != 'mail') {

-	require_once('include/group.php');
+		require_once('include/group.php');

-	$parent = $items[0];
+		$parent = $items[0];

-	if($parent['type'] == 'remote') {
-		// local followup to remote post
-		$followup = true;
-		$conversant_str = dbesc($parent['contact-id']);
-	}
-	else {
-		$followup = false;
+		if($parent['type'] == 'remote') {
+			// local followup to remote post
+			$followup = true;
+			$conversant_str = dbesc($parent['contact-id']);
+		}
+		else {
+			$followup = false;

-		$allow_people = expand_acl($parent['allow_cid']);
-		$allow_groups = expand_groups(expand_acl($parent['allow_gid']));
-		$deny_people = expand_acl($parent['deny_cid']);
-		$deny_groups = expand_groups(expand_acl($parent['deny_gid']));
+			$allow_people = expand_acl($parent['allow_cid']);
+			$allow_groups = expand_groups(expand_acl($parent['allow_gid']));
+			$deny_people = expand_acl($parent['deny_cid']);
+			$deny_groups = expand_groups(expand_acl($parent['deny_gid']));

-		$conversants = array();
+			$conversants = array();

-		foreach($items as $item) {
-			$recipients[] = $item['contact-id'];
-			$conversants[] = $item['contact-id'];
-		}
+			foreach($items as $item) {
+				$recipients[] = $item['contact-id'];
+				$conversants[] = $item['contact-id'];
+			}

-		$conversants = array_unique($conversants,SORT_NUMERIC);
+			$conversants = array_unique($conversants,SORT_NUMERIC);


-		$recipients = array_unique(array_merge($recipients,$allow_people,$allow_groups),SORT_NUMERIC);
-		$deny = array_unique(array_merge($deny_people,$deny_groups),SORT_NUMERIC);
-		$recipients = array_diff($recipients,$deny);
+			$recipients = array_unique(array_merge($recipients,$allow_people,$allow_groups),SORT_NUMERIC);
+			$deny = array_unique(array_merge($deny_people,$deny_groups),SORT_NUMERIC);
+			$recipients = array_diff($recipients,$deny);
 	
-		$conversant_str = dbesc(implode(', ',$conversants));
-	}
+			$conversant_str = dbesc(implode(', ',$conversants));
+		}

-	$r = q("SELECT * FROM `contact` WHERE `id` IN ( $conversant_str ) AND `blocked` = 0 AND `pending` = 0");
+		$r = q("SELECT * FROM `contact` WHERE `id` IN ( $conversant_str ) AND `blocked` = 0 AND `pending` = 0");

-	if( ! count($r))
-		killme();
+		if( ! count($r))
+			killme();

-	$contacts = $r;
+		$contacts = $r;

+		$tomb_template = file_get_contents('view/atom_tomb.tpl');
+		$item_template = file_get_contents('view/atom_item.tpl');
+		$cmnt_template = file_get_contents('view/atom_cmnt.tpl');
+	}

 	$feed_template = file_get_contents('view/atom_feed.tpl');
-	$tomb_template = file_get_contents('view/atom_tomb.tpl');
-	$item_template = file_get_contents('view/atom_item.tpl');
-	$cmnt_template = file_get_contents('view/atom_cmnt.tpl');
+	$mail_template = file_get_contents('view/atom_mail.tpl');

 	$atom = '';

@ -122,71 +140,88 @@ dbg(3);
 			'$photo' => xmlify($owner['photo'])
 	));

-	if($followup) {
-		foreach($items as $item) {
-			if($item['id'] == $item_id) {
-				$atom .= replace_macros($cmnt_template, array(
-					'$name' => xmlify($owner['name']),
-					'$profile_page' => xmlify($owner['url']),
-					'$thumb' => xmlify($owner['thumb']),
-					'$item_id' => xmlify($item['uri']),
-					'$title' => xmlify($item['title']),
-					'$published' => xmlify(datetime_convert('UTC', 'UTC', 
-						$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
-					'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
-						$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
-					'$content' =>xmlify($item['body']),
-					'$parent_id' => xmlify($item['parent-uri']),
-					'$comment_allow' => 0
-				));
-			}
-		}
+	if($cmd == 'mail') {
+		$atom .= replace_macros($mail_template, array(
+			'$name' => xmlify($owner['name']),
+			'$profile_page' => xmlify($owner['url']),
+			'$thumb' => xmlify($owner['thumb']),
+			'$item_id' => xmlify($item['uri']),
+			'$subject' => xmlify($item['title']),
+			'$created' => xmlify(datetime_convert('UTC', 'UTC', 
+				$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+			'$content' =>xmlify($item['body']),
+			'$parent_id' => xmlify($item['parent-uri'])
+
+		));
 	}
 	else {
-		foreach($items as $item) {
-			if($item['deleted']) {
-				$atom .= replace_macros($tomb_template, array(
-					'$id' => xmlify($item['uri']),
-					'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
-						$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z'))
-				));
+
+		if($followup) {
+			foreach($items as $item) {
+				if($item['id'] == $item_id) {
+					$atom .= replace_macros($cmnt_template, array(
+						'$name' => xmlify($owner['name']),
+						'$profile_page' => xmlify($owner['url']),
+						'$thumb' => xmlify($owner['thumb']),
+						'$item_id' => xmlify($item['uri']),
+						'$title' => xmlify($item['title']),
+						'$published' => xmlify(datetime_convert('UTC', 'UTC', 
+							$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+						'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
+							$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+						'$content' =>xmlify($item['body']),
+						'$parent_id' => xmlify($item['parent-uri']),
+						'$comment_allow' => 0
+					));
+				}
 			}
-			else {
-				foreach($contacts as $contact) {
-					if($item['contact-id'] == $contact['id']) {
-						if($item['parent'] == $item['id']) {
-							$atom .= replace_macros($item_template, array(
-								'$name' => xmlify($contact['name']),
-								'$profile_page' => xmlify($contact['url']),
-								'$thumb' => xmlify($contact['thumb']),
-								'$owner_name' => xmlify($item['owner-name']),
-								'$owner_profile_page' => xmlify($item['owner-link']),
-								'$owner_thumb' => xmlify($item['owner-avatar']),
-								'$item_id' => xmlify($item['uri']),
-								'$title' => xmlify($item['title']),
-								'$published' => xmlify(datetime_convert('UTC', 'UTC', 
-									$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
-								'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
-									$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
-								'$content' =>xmlify($item['body']),
-								'$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0)
-							));
-						}
-						else {
-							$atom .= replace_macros($cmnt_template, array(
-								'$name' => xmlify($contact['name']),
-								'$profile_page' => xmlify($contact['url']),
-								'$thumb' => xmlify($contact['thumb']),
-								'$item_id' => xmlify($item['uri']),
-								'$title' => xmlify($item['title']),
-								'$published' => xmlify(datetime_convert('UTC', 'UTC', 
-									$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
-								'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
-									$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
-								'$content' =>xmlify($item['body']),
-								'$parent_id' => xmlify($item['parent-uri']),
-								'$comment_allow' => (($item['last-child']) ? 1 : 0)
-							));
+		}
+		else {
+			foreach($items as $item) {
+				if($item['deleted']) {
+					$atom .= replace_macros($tomb_template, array(
+						'$id' => xmlify($item['uri']),
+						'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
+							$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z'))
+					));
+				}
+				else {
+					foreach($contacts as $contact) {
+						if($item['contact-id'] == $contact['id']) {
+							if($item['parent'] == $item['id']) {
+								$atom .= replace_macros($item_template, array(
+									'$name' => xmlify($contact['name']),
+									'$profile_page' => xmlify($contact['url']),
+									'$thumb' => xmlify($contact['thumb']),
+									'$owner_name' => xmlify($item['owner-name']),
+									'$owner_profile_page' => xmlify($item['owner-link']),
+									'$owner_thumb' => xmlify($item['owner-avatar']),
+									'$item_id' => xmlify($item['uri']),
+									'$title' => xmlify($item['title']),
+									'$published' => xmlify(datetime_convert('UTC', 'UTC', 
+										$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+									'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
+										$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+									'$content' =>xmlify($item['body']),
+									'$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0)
+								));
+							}
+							else {
+								$atom .= replace_macros($cmnt_template, array(
+									'$name' => xmlify($contact['name']),
+									'$profile_page' => xmlify($contact['url']),
+									'$thumb' => xmlify($contact['thumb']),
+									'$item_id' => xmlify($item['uri']),
+									'$title' => xmlify($item['title']),
+									'$published' => xmlify(datetime_convert('UTC', 'UTC', 
+										$item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+									'$updated' => xmlify(datetime_convert('UTC', 'UTC', 
+										$item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+									'$content' =>xmlify($item['body']),
+									'$parent_id' => xmlify($item['parent-uri']),
+									'$comment_allow' => (($item['last-child']) ? 1 : 0)
+								));
+							}
 						}
 					}
 				}
@ -194,7 +229,7 @@ dbg(3);
 		}
 	}
 	$atom .= "</feed>\r\n";
-
+echo $atom;
 	// create a clone of this feed but with comments disabled to send to those who can't respond. 

 	$atom_nowrite = str_replace('<dfrn:comment-allow>1','<dfrn:comment-allow>0',$atom);
@ -242,13 +277,30 @@ echo $xml;

 		openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']);

-		if(strlen($rr['dfrn-id']) && (! ($rr['blocked']) || ($rr['readonly'])))
+		if($cmd == 'mail') {
 			$postvars['data'] = $atom;
-		else
+		}
+		elseif(strlen($rr['dfrn-id']) && (! ($rr['blocked']) || ($rr['readonly']))) {
+			$postvars['data'] = $atom;
+		}
+		else {
 			$postvars['data'] = $atom_nowrite;
+		}

 		$xml = post_url($rr['notify'],$postvars);
 echo $xml;
+
+		$res = simplexml_load_string($xml);
+
+		// Currently there is no retry attempt for failed mail delivery.
+		// We need to handle this in the UI, report the non-deliverables and try again
+ 
+		if(($cmd == 'mail) && (intval($res->status) == 0)) {
+
+			$r = q("UPDATE `mail` SET `delivered` = 1 WHERE `id` = %d LIMIT 1",
+				intval($item_id)
+			);
+		}
 	}

 	killme();
--- a/mod/contacts.php
+++ b/mod/contacts.php
@ -234,6 +234,12 @@ function contacts_content(&$a) {
 			break;
 	}

+	$r = q("SELECT COUNT(*) AS `total` FROM `contact` 
+		WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ",
+		intval($_SESSION['uid']));
+	if(count($r))
+		$a->set_pager_total($r[0]['total']);
+
 	$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ",
 		intval($_SESSION['uid']));

@ -275,6 +281,8 @@ function contacts_content(&$a) {
 			));
 		}
 		$o .= '<div id="contact-edit-end"></div>';
+		$o .= paginate($a);
+
 	}
 	return $o;
 }
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@ -46,6 +46,37 @@ dbg(3);
 	$feed->enable_order_by_date(false);
 	$feed->init();

+	$ismail = false;
+
+	$rawmail = $feed->get_feed_tags( NAMESPACE_DFRN, 'mail' );
+	if(isset($rawmail[0]['child'][NAMESPACE_DFRN])) {
+		$ismail = true;
+		$base = $rawmail[0]['child'][NAMESPACE_DFRN];
+
+		$msg = array();
+		$msg['uid'] = $importer['uid'];
+		$msg['from-name'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['name'][0]['data']));
+		$msg['from-photo'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']));
+		$msg['from-url'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']));
+		$msg['contact-id'] = $importer['id'];
+		$msg['title'] = notags(unxmlify($base['subject'][0]['data']));
+		$msg['body'] = escape_tags(unxmlify($base['content'][0]['data']));
+		$msg['delivered'] = 1;
+		$msg['seen'] = 0;
+		$msg['replied'] = 0;
+		$msg['uri'] = notags(unxmlify($base['id'][0]['data']));
+		$msg['parent-uri'] = notags(unxmlify($base['in-reply-to'][0]['data']));
+		$msg['created'] = datetime_convert(notags(unxmlify('UTC','UTC',$base['sentdate'][0]['data'])));
+
+		$r = q("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) 
+			. "`) VALUES ('" . implode("', '", array_values($msg)) . "')" );
+
+		// send email notification if requested.
+
+		xml_status(0);
+		return;
+	}	
+
 	foreach($feed->get_items() as $item) {

 		$deleted = false;
--- a/mod/message.php
+++ b/mod/message.php
@ -7,11 +7,79 @@ function message_init(&$a) {

 }

+function message_post(&$a) {

+	if(! local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}

+	$replyto = notags(trim($_POST['replyto']));
+	$recipient = intval($_POST['messageto']);
+	$subject = notags(trim($_POST['subject']));
+	$body = escape_tags(trim($_POST['body']));

+	if(! $recipient) {
+		notice( t('No recipient selected.') . EOL );
+		return;
+	}

+	$me = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
+		intval($_SESSION['uid'])
+	);
+	$contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+			intval($recipient),
+			intval($_SESSION['uid'])
+	);

+	if(! (count($me) && (count($contact)))) {
+		notice( t('Unable to locate contact information.') . EOL );
+		return;
+	}
+
+	$hash = random_string();
+ 	$uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . $_SESSION['uid'] . ':' . $hash ;
+
+	if(! strlen($replyto))
+		$replyto = $uri;
+
+	$r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`, 
+		`contact-id`, `title`, `body`, `delivered`, `seen`, `replied`, `uri`, `parent-uri`, `created`)
+		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s' )",
+		intval($_SESSION['uid']),
+		dbesc($me[0]['name']),
+		dbesc($me[0]['thumb']),
+		dbesc($me[0]['url']),
+		intval($recipient),
+		dbesc($subject),
+		dbesc($body),
+		0,
+		0,
+		0,
+		dbesc($uri),
+		dbesc($replyto),
+		datetime_convert()
+	);
+	$r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1",
+		dbesc($uri),
+		intval($_SESSION['uid'])
+	);
+	if(count($r))
+		$post_id = $r[0]['id'];
+
+	$url = $a->get_baseurl();
+
+	if($post_id) {
+		proc_close(proc_open("php include/notifier.php \"$url\" \"mail\" \"$post_id\" > mail.log &",
+			array(),$foo));
+		notice( t('Message sent.') . EOL );
+	}
+	else {
+		notice( t('Message could not be sent.') . EOL );
+	}
+	return;
+
+}

 function message_content(&$a) {

@ -20,16 +88,25 @@ function message_content(&$a) {
 		return;
 	}

+	$myprofile = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
+
 	if(($a->argc > 1) && ($a->argv[1] == 'new')) {
 		
 		$tpl = file_get_contents('view/jot-header.tpl');
 	
 		$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));

-		$select .= contact_select('messageto','message-to-select');
+		$select .= contact_select('messageto','message-to-select', false, 4, true);
 		$tpl = file_get_contents('view/prv_message.tpl');
 		$o = replace_macros($tpl,array(
-			'$select' => $select
+			'$header' => t('Send Private Message'),
+			'$to' => t('To:'),
+			'$subject' => t('Subject:'),
+			'$yourmessage' => t('Your message:'),
+			'$select' => $select,
+			'$upload' => t('Upload photo'),
+			'$insert' => t('Insert web link'),
+			'$wait' => t('Please wait')

 		));

@ -38,8 +115,19 @@ function message_content(&$a) {

 	if($a->argc == 1) {

-		$r = q("SELECT * FROM `mail` WHERE `seen` = 0 AND `uid` = %d LIMIT %d , %d ",
+		$r = q("SELECT count(*) AS `total` FROM `mail` 
+			WHERE `mail`.`uid` = %d AND `from-url` != '%s' ",
+			intval($_SESSION['uid']),
+			dbesc($myprofile)
+		);
+		if(count($r))
+			$a->set_pager_total($r[0]['total']);
+	
+		$r = q("SELECT `mail`.*, `contact`.`name`, `contact`.`url`, `contact`.`thumb` 
+			FROM `mail` LEFT JOIN `contact` ON `mail`.`contact-id` = `contact`.`id` 
+			WHERE `mail`.`uid` = %d AND `from-url` != '%s' LIMIT %d , %d ",
 			intval($_SESSION['uid']),
+			dbesc($myprofile),
 			intval($a->pager['start']),
 			intval($a->pager['itemspage'])
 		);
@ -48,8 +136,20 @@ function message_content(&$a) {
 			return;
 		}

-
+		$tpl = file_get_contents('view/mail_list.tpl');
+		foreach($r as $rr) {
+			$o .= replace_macros($tpl, array(
+				'$id' => $rr['id'],
+				'$from_name' =>$rr['from-name'],
+				'$from_url' => $a->get_baseurl() . '/redir/' . $rr['contact-id'],
+				'$from_photo' => $rr['from-photo'],
+				'$subject' => (($rr['seen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>'),
+				'$to_name' => $rr['name'],
+				'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['created'],'D, d M Y - g:i A')
+			));
+		}
+		$o .= paginate($a);	
+		return $o;
 	}

-
 }
--- a/mod/settings.php
+++ b/mod/settings.php
@ -116,11 +116,12 @@ function settings_post(&$a) {
 if(! function_exists('settings_content')) {
 function settings_content(&$a) {

-	if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
-		$_SESSION['sysmsg'] .= "Permission denied." . EOL;
+	if(! local_user()) {
+		notice( t('Permission denied.') . EOL );
 		return;
 	}

+	require_once('view/acl_selectors.php');

 	$username = $a->user['username'];
 	$email    = $a->user['email'];
@ -159,8 +160,9 @@ function settings_content(&$a) {
 		'$email' => $email,
 		'$nickname_block' => $nickname_block,
 		'$timezone' => $timezone,
-		'$zoneselect' => select_timezone($timezone)
-		));
+		'$zoneselect' => select_timezone($timezone),
+		'$acl_select' => populate_acl()
+	));

 	return $o;

--- a/mod/viewcontacts.php
+++ b/mod/viewcontacts.php
@ -22,7 +22,7 @@ function viewcontacts_content(&$a) {
 		intval($a->profile['uid'])
 	);
 	if(count($r))
-		$a->pager['totalitems'] = $r[0]['total'];
+		$a->set_pager_total($r[0]['total']);

 	$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 ORDER BY `name` ASC LIMIT %d , %d ",
 		intval($a->profile['uid']),
--- a/view/acl_selectors.php
+++ b/view/acl_selectors.php
@ -30,14 +30,25 @@ function group_select($selname,$selclass,$preselected = false,$size = 4) {



-function contact_select($selname,$selclass,$preselected = false,$size = 4) {
+function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false) {

 	$o = '';

-	$o .= "<select name=\"{$selname}[]\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" />\r\n";
+	// When used for private messages, we limit correspondence to mutual friends and the selector
+	// to one recipient. By default our selector allows multiple selects amongst all contacts.
+
+	if($privmail) {
+		$sql_extra = " AND `issued-id` != '' AND `dfrn-id` != '' ";
+		$o .= "<select name=\"$selname\" class=\"$selclass\" size=\"$size\" />\r\n";
+	}
+	else {
+		$sql_extra = '';
+		$o .= "<select name=\"{$selname}[]\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" />\r\n";
+	}

 	$r = q("SELECT `id`, `name` FROM `contact` 
 		WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 
+		$sql_extra
 		ORDER BY `name` ASC ",
 		$_SESSION['uid']
 	);
@ -62,39 +73,39 @@ function contact_select($selname,$selclass,$preselected = false,$size = 4) {
 function populate_acl() {

 	$o = '';
-	$o .= "<div id=\"acl-wrapper\">";
-	$o .= "<div id=\"acl-permit-outer-wrapper\">";
-	$o .= "<div id=\"acl-permit-text\">Visible To:</div>";
-	$o .= "<div id=\"acl-permit-text-end\"></div>";
-	$o .= "<div id=\"acl-permit-wrapper\">";
-	$o .= "<div id=\"group_allow_wrapper\">";
-	$o .= "<label id=\"acl-allow-group-label\" for=\"group_allow\" >Groups</label>";
+	$o .= '<div id="acl-wrapper">';
+	$o .= '<div id="acl-permit-outer-wrapper">';
+	$o .= '<div id="acl-permit-text">' . t('Visible To:') . '</div>';
+	$o .= '<div id="acl-permit-text-end"></div>';
+	$o .= '<div id="acl-permit-wrapper">';
+	$o .= '<div id="group_allow_wrapper">';
+	$o .= '<label id="acl-allow-group-label" for="group_allow" >' . t('Groups') . '</label>';
 	$o .= group_select('group_allow','group_allow');
-	$o .= "</div>";
-	$o .= "<div id=\"contact_allow_wrapper\">";
-	$o .= "<label id=\"acl-allow-contact-label\" for=\"contact_allow\" >Contacts</label>";
+	$o .= '</div>';
+	$o .= '<div id="contact_allow_wrapper">';
+	$o .= '<label id="acl-allow-contact-label" for="contact_allow" >' . t('Contacts') . '</label>';
 	$o .= contact_select('contact_allow','contact_allow');
-	$o .= "</div>";
-	$o .= "</div>\r\n";
-	$o .= "<div id=\"acl-allow-end\"></div>\r\n";
-	$o .= "</div>";
-	$o .= "<div id=\"acl-deny-outer-wrapper\">";
-	$o .= "<div id=\"acl-deny-text\">Except For:</div>";
-	$o .= "<div id=\"acl-deny-text-end\"></div>";
-	$o .= "<div id=\"acl-deny-wrapper\">";
-	$o .= "<div id=\"group_deny_wrapper\" >";
-	$o .= "<label id=\"acl-deny-group-label\" for=\"group_deny\" >Groups</label>";
+	$o .= '</div>';
+	$o .= '</div>' . "\r\n";
+	$o .= '<div id="acl-allow-end"></div>' . "\r\n";
+	$o .= '</div>';
+	$o .= '<div id="acl-deny-outer-wrapper">';
+	$o .= '<div id="acl-deny-text">' . t('Except For:') . '</div>';
+	$o .= '<div id="acl-deny-text-end"></div>';
+	$o .= '<div id="acl-deny-wrapper">';
+	$o .= '<div id="group_deny_wrapper" >';
+	$o .= '<label id="acl-deny-group-label" for="group_deny" >' . t('Groups') . '</label>';
 	$o .= group_select('group_deny','group_deny');
-	$o .= "</div>";
-	$o .= "<div id=\"contact_deny_wrapper\" >";
-	$o .= "<label id=\"acl-deny-contact-label\" for=\"contact_deny\" >Contacts</label>";
+	$o .= '</div>';
+	$o .= '<div id="contact_deny_wrapper" >';
+	$o .= '<label id="acl-deny-contact-label" for="contact_deny" >' . t('Contacts') . '</label>';
 	$o .= contact_select('contact_deny','contact_deny');
-	$o .= "</div>";
-	$o .= "</div>\r\n";
-	$o .= "<div id=\"acl-deny-end\"></div>\r\n";
-	$o .= "</div>";
-	$o .= "</div>\r\n";
-	$o .= "<div id=\"acl-wrapper-end\"></div>";
+	$o .= '</div>';
+	$o .= '</div>' . "\r\n";
+	$o .= '<div id="acl-deny-end"></div>' . "\r\n";
+	$o .= '</div>';
+	$o .= '</div>' . "\r\n";
+	$o .= '<div id="acl-wrapper-end"></div>' . "\r\n";
 	return $o;

 }
--- a/view/atom_mail.tpl
+++ b/view/atom_mail.tpl
@ -2,9 +2,9 @@
 <dfrn:mail>

 	<dfrn:sender>
-		<dfrn:name>$owner_name</dfrn:name>
-		<dfrn:uri>$owner_profile_page</dfrn:uri>
-		<dfrn:avatar>$owner_thumb</dfrn:avatar>
+		<dfrn:name>$name</dfrn:name>
+		<dfrn:uri>$profile_page</dfrn:uri>
+		<dfrn:avatar>$thumb</dfrn:avatar>
 	</dfrn:sender>

 	<dfrn:id>$item_id</dfrn:id>
--- a/view/jot-header.tpl
+++ b/view/jot-header.tpl
@ -6,7 +6,7 @@
 tinyMCE.init({
 	theme : "advanced",
 	mode : "specific_textareas",
-	editor_selector: "profile-jot-text",
+	editor_selector: /(profile-jot-text|prvmail-text)/,
 	plugins : "bbcode",
 	theme_advanced_buttons1 : "bold,italic,underline,undo,redo,link,unlink,image,forecolor",
 	theme_advanced_buttons2 : "",
--- a/view/mail_list.tpl
+++ b/view/mail_list.tpl
@ -0,0 +1,9 @@
+<div class="mail-list-outside-wrapper">
+	<div class="mail-list-sender" >
+		<a href="$from_url" class="mail-list-sender-url" ><img class="mail-list-sender-photo" src="$from_photo" alt="$from_name" /></a>
+		<div class="mail-list-sender-name" >$from_name</div>
+	</div>
+	<div class="mail-list-date">$date</div>
+	<div class="mail-list-subject"><a href="message/$id" class="mail-list-link">$subject</a></div>
+</div>
+<div class="mail-list-outside-wrapper-end"></div>
--- a/view/prv_message.tpl
+++ b/view/prv_message.tpl
@ -1,22 +1,29 @@

+<h3>$header</h3>
+
 <div id="prvmail-wrapper" >
 <form id="prvmail-form" action="message" method="post" >

+<div id="prvmail-to-label">$to</div>
 $select

-<textarea rows="5" cols="64" class="prvmail-text" id="prvmail-text" name="body" ></textarea>
+<div id="prvmail-subject-label">$subject</div>
+<input type="text" size="64" maxlength="255" id="prvmail-subject" name="subject" />
+
+<div id="prvmail-message-label">$yourmessage</div>
+<textarea rows="8" cols="72" class="prvmail-text" id="prvmail-text" name="body" ></textarea>

 </div>
 <div id="prvmail-submit-wrapper" >
 <input type="submit" id="prvmail-submit" name="submit" value="Submit" />
 	<div id="prvmail-upload-wrapper" >
-		<div id="prvmail-upload-div" ><img id="prvmail-upload" src="images/camera-icon.gif" alt="Upload Photo" title="Upload Photo" /></div>
+		<div id="prvmail-upload-div" ><img id="prvmail-upload" src="images/camera-icon.gif" alt="$upload" title="$upload" /></div>
 	</div> 
 	<div id="prvmail-link-wrapper" >
-		<img id="prvmail-link" src="images/link-icon.gif" alt="Insert web link" title="Insert web link" onclick="jotGetLink();" />
+		<img id="prvmail-link" src="images/link-icon.gif" alt="$insert" title="$insert" onclick="jotGetLink();" />
 	</div> 
 	<div id="prvmail-rotator-wrapper" >
-		<img id="prvmail-rotator" src="images/rotator.gif" alt="Please wait" title="Please wait" style="display: none;" />
+		<img id="prvmail-rotator" src="images/rotator.gif" alt="$wait" title="$wait" style="display: none;" />
 	</div> 
 </div>
 <div id="prvmail-end"></div>
--- a/view/style.css
+++ b/view/style.css
@ -1051,4 +1051,27 @@ input#dfrn-url {
 }	
 #group-edit-name-end {
 	clear: both;
+}
+
+#prvmail-to-label, #prvmail-subject-label, #prvmail-message-label {
+	margin-bottom: 10px;
+	margin-top: 20px;
+}
+
+#prvmail-submit {
+	float: left;
+	margin-top: 10px;
+	margin-right: 30px;
+}
+#prvmail-upload-wrapper,
+#prvmail-link-wrapper,
+#prvmail-rotator-wrapper {
+	float: left;
+	margin-top: 10px;
+	margin-right: 10px;
+	width: 24px;
+}
+
+#prvmail-end {
+	clear: both;
 }