1

Topic: Private Message Mod, monitoring messages

Out of curiosity, I would like to know if this is at all possible.

Is there any way for the administrator (me) to be able to view/monitor Private Messages sent on my website?  For security and abuse reasons, this could come in handy and it was brought up to me that I may need to be able to do this as I think I have a user harassing a different user (would like to try and confirm, get proof).

I don't have shell access to my server as it is not hosted at home. It's a virtual server, but I do have a fair amount of access to do things. This webhost does not block and try to restrict me very much...I do have phpmyadmin to look at the sql database.

Is there anything I can look at or do...mod in any way to be able to view the private messages of the users on my board?

Re: Private Message Mod, monitoring messages

This looks like a job for a plugin! big_smile
Tell me what features you want, I'll see if I can write one (although keep in mind that your users should be aware that you're monitoring their messages)

3

Re: Private Message Mod, monitoring messages

The only thing I think I need is to be able to view the inbox of the users is all.  Global access I guess. Maybe a notification...say X user receives a PM, I could get an email to let me know so I can check it.

If something like this works, I would make an announcement that I can check and verify these things for abuse reasons...hell, maybe just bluffing about it might make them stop if it's true. I might try that as well...

On a side note, the only other thing that the private message mod needs is checkboxes to delete multiple messages at once wink

4 (edited by Smartys 2006-06-19 17:12)

Re: Private Message Mod, monitoring messages

Well, talk to Connor about that tongue
In terms of features I meant what exactly the plugin should allow. I'll give some examples.

Searching (which actually is most of the features): I assume you would be able to enter keywords. Should I also allow you to limit who the to and/or from user is? Should it include both the subject and the content (and should I allow you to pick and choose which to search if so, I'm assuming that the PM mod allows for PMs with subjects).
Viewing: Should the layout be similar to how it is when viewing an inbox, with the ability to click on PMs and view the content, or should it all be on one page (personally I'd go with the PM mod like layout)
Deleting: Should the plugin allow you to delete PMs (in case you use it to detect spam, say). And if so, should it have a mass deleting function (I would go with "Yes" here)
Edit: Also, any/all sorting options that may come up (or I could go with the default "sort by time descending")

And any other feature you may come up with, I'll take a look at some plugins for other forum softwares and see what they allow

Tell me what you want and I'll code it, I don't have a lot of other stuff tongue

5

Re: Private Message Mod, monitoring messages

Thanks Smartys.  I'm not sure what other forum softwares allow for when it comes to Private Messaging.  I know that being able to view PM's is a little...touchy to say the least as to invading privacy.  But I guess the website is mine, I pay for it and they are using my site. I feel I should be able to monitor it for abuse as needed. (I have had this person forward me a particular PM, but I'm not sure if it was edited or not. The offending person is someone I have known for sometime and I don't see them doing this kind of thing, but that may or may not mean anything).

A search would be good and the page layout can be just the same as the normal inbox view and such. Being able to delete them and even a mass deleting function would be very handy as well. The PM mod does have subjects...in fact the PM's look just like a post, just private to the intended user. Letting it sort by time descending would work just fine. I can also refine the search if needed.

Re: Private Message Mod, monitoring messages

OK then, off I am to make a plugin!

7

Re: Private Message Mod, monitoring messages

I dropped you an email as well concerning this.  Thanks again Smartys.

8 (edited by Smartys 2006-07-20 00:08)

Re: Private Message Mod, monitoring messages

The code for the plugin is

<?php
/***********************************************************************

  Copyright (C) 2002-2005  Neal Poole (smartys@gmail.com)

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA

************************************************************************/

// Make sure no one attempts to run this script "directly"
if (!defined('PUN'))
    exit;

// Tell admin_loader.php that this is indeed a plugin and that it is loaded
define('PUN_PLUGIN_LOADED', 1);

// We're adding an index
if (isset($_POST['index']))
{
    // Turn off PHP time limit
    @set_time_limit(0);
    
    // Lets go through the list of indexes and see if we already did this
    $result = $db->query('SHOW INDEX FROM '.$db->prefix.'messages') or error('Unable to check for index', __FILE__, __LINE__, $db->error());
    while ($cur_index = $db->fetch_assoc($result))
    {
        if ($cur_index['Key_name'] == 'pm_message_idx')
            message('It looks like you have already created the correct index');
    }
    
    // Add the index
    $db->query('ALTER TABLE '.$db->prefix.'messages ADD FULLTEXT INDEX pm_message_idx (message)') or error('Unable to add index', __FILE__, __LINE__, $db->error());
    
    message('The index was successfully added.');
}

// If we're deleting messages
else if (isset($_POST['delete']))
{
    confirm_referrer('admin_loader.php');
    
    if (!isset($_POST['del_message']) || empty($_POST['del_message']))
        message('You must select at least one message to delete!');
        
    $messages = array_values(array_map("intval", $_POST['del_message']));
    $messages = implode(',', $messages);

    $db->query('DELETE FROM '.$db->prefix.'messages WHERE id IN ('.$messages.')') or error('Unable to delete messages', __FILE__, __LINE__, $db->error());
    
    message('Messages deleted');
}

// If we're trying to view a message
else if (isset($_GET['view_id']))
{
    require PUN_ROOT.'include/parser.php';

    $id = intval($_GET['view_id']);
    
    $result = $db->query('SELECT m.*, u.username AS owner_name FROM '.$db->prefix.'messages AS m INNER JOIN '.$db->prefix.'users AS u ON (u.id = m.owner) WHERE m.id = '.$id) or error('Unable to fetch message', __FILE__, __LINE__, $db->error());
    
    if ($db->num_rows($result) < 1)
        message($lang_common['Bad request']);
    
    // Display the admin navigation menu
    generate_admin_menu($plugin);
    
    $message = $db->fetch_assoc($result);
    $message['smileys'] = isset($message['smileys']) ? $message['smileys'] : $pun_user['show_smilies'];
    $message['message'] = parse_message($message['message'], (int)(!$message['smileys']));
    
?>

    <div id="p<?php echo $message['id'] ?>" class="blockpost row_odd firstpost blockform">
        <h2><span>View Message</span></h2>
        <div class="box">
            <div class="inbox">
                <div class="postleft">
                    <dl>
                        <dt><small>On <?php echo format_time($message['posted']) ?>, <strong><a href="profile.php?id=<?php echo $message['sender_id'] ?>"><?php echo pun_htmlspecialchars($message['sender']) ?></a></strong> sent the following message to <strong><a href="profile.php?id=<?php echo $message['owner'] ?>"><?php echo pun_htmlspecialchars($message['owner_name']) ?></a></strong></small></dt>
                    </dl>
                </div>
                <div class="postright">
                    <div class="postmsg">
                        <?php echo $message['message']."\n" ?>
                    </div>
                </div>
            </div>
        </div>
    </div>
    
<?php

}

// If the "Search" button was clicked
else if (isset($_POST['search']))
{
    $sender = intval($_POST['sender']);
    $recipient = intval($_POST['recipient']);
    
    if ($sender < 1 || $recipient < 1)
        message($lang_common['Bad request']);
    
    $keywords = trim($db->escape($_POST['keywords']));
    
    // Form the correct where statement
    $where_sql = array();
    if (strlen($keywords) > 0)
        $where_sql[] = 'match(message) against ("'.$keywords.'" IN BOOLEAN MODE)';
    if ($sender > 1)
        $where_sql[] = 'sender_id = '.$sender;
    if ($recipient > 1)
        $where_sql[] = 'owner =  '.$recipient;
    
    if (empty($where_sql))
        message('You must enter at least one keyword and/or a sender and/or a recipient if you wish to search');
    
    // Format the SQL properly
    $where_sql = implode(' and ', $where_sql);
    
    $result = $db->query('SELECT m.*, u.username AS owner_name FROM '.$db->prefix.'messages AS m INNER JOIN '.$db->prefix.'users AS u ON (u.id = m.owner) WHERE '.$where_sql.' ORDER BY posted DESC') or error('Unable to fetch messages list', __FILE__, __LINE__, $db->error());
    
    if ($db->num_rows($result) < 1)
        message('No messages matched your search criteria');
?>
    <div class="blocktable">
        <h2><span>Search Results</span></h2>
        <form id="search_results" method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
        <div class="box">
            <div class="inbox">
                <table cellspacing="0">
                    <tr>
                        <th width="20"></th>
                        <th>Subject</th>
                        <th>Sender</th>
                        <th>Reciever</th>
                        <th>Date Sent</th>
                    </tr>
<?php
    while ($cur_message = $db->fetch_assoc($result))
    {
    
?>
                    <tr>
                        <td><input type="checkbox" name="del_message[]" value="<?php echo $cur_message['id'] ?>" /></td>
                        <td><a href="<?php echo $_SERVER['REQUEST_URI'] ?>&view_id=<?php echo $cur_message['id'] ?>"><?php echo pun_htmlspecialchars($cur_message['subject']) ?></a></td>
                        <td><a href="profile.php?id=<?php echo $cur_message['sender_id'] ?>"><?php echo pun_htmlspecialchars($cur_message['sender']) ?></a></td>
                        <td><a href="profile.php?id=<?php echo $cur_message['owner'] ?>"><?php echo pun_htmlspecialchars($cur_message['owner_name']) ?></a></td>
                        <td><?php echo format_time($cur_message['posted']) ?></td>
                    </tr>
<?php

    }
?>
                </table>
            </div>
        </div>
        <p><input type="submit" name="delete" value="Delete multiple messages" /></p>
        </form>
<?php
}

else    // If not, we show the form
{
    $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE id > 1 ORDER BY id ASC') or error('Unable to grab user list', __FILE__, __LINE__, $db->error());
    
    $users = array();
    while ($cur_user = $db->fetch_assoc($result))
    {
        $users[] = $cur_user;
    }
    
    // Display the admin navigation menu
    generate_admin_menu($plugin);

?>
    <div id="exampleplugin" class="blockform">
        <h2><span>Monitor Private Messages</span></h2>
        <div class="box">
            <div class="inbox">
                <p>This plugin allows you to easily and simply monitor the private messages sent by your users</p>
                
                <form id="search" method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>&foo=bar">
                <div class="inform">
                    <fieldset>
                        <legend>New search</legend>
                        <div class="infldset">
                            <label class="conl">Keyword search<br /><input type="text" name="keywords" size="40" maxlength="100" /><br /></label>
                            <label class="conl">Sender search<br /><select name="sender"><option value="1">All users</option><?php foreach ($users as $key => $val) echo '<option value="'.$val['id'].'">'.pun_htmlspecialchars($val['username']).'</option>'; ?></select><br /></label>
                            <label class="conl">Recipient search<br /><select name="recipient"><option value="1">All users</option><?php foreach ($users as $key => $val) echo '<option value="'.$val['id'].'">'.pun_htmlspecialchars($val['username']).'</option>'; ?></select><br /></label>
                            <p class="clearb">To search by keyword, enter a term or terms to search for. Separate terms with spaces. To search by author or recipient, Choose the user's username from the dropdown box. You may use * as a wildcard for your keywords.</p>
                        </div>
                    </fieldset>
                </div>
                <p><input type="submit" name="search" value="Submit" accesskey="s" /></p>
                </form>
            </div>
            <form id="index" method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>&foo=bar">
            <div class="inform">
                <fieldset>
                    <legend>Start Indexing</legend>
                    <div class="infldset">
                        <p class="clearb">The first time you run this script, it is recommended that you let it add an index to your messages table so that you may search much more quickly. Note that the indexing may take an extremely long time, please do not hit Stop in your browser while this is happening. Keep in mind that this need only be run <strong>once</strong>.</p>
                        <p><input type="submit" name="index" value="Start the indexing!" /></p>
                    </div>
                </fieldset>
            </div>
            </form>
        </div>
    </div>
<?php

}

// Note that the script just ends here. The footer will be included by admin_loader.php.

Kato reported an issue with viewing a private message, I did not have an issue. If anyone else tries it and has an issue and can give me access to try and debug it, that would be great (or if you just see the error tongue)

Edit: Small CSS issue has been fixed
Edit2: Added some code when indexing to ensure the index isn't run twice
Edit3: Fixed a small issue that occured in Kato's situation, which seemed to have something to do with MySQL queries in parser.php

Re: Private Message Mod, monitoring messages

Hi Smartys
Thank you for this nice plugin. Nevertheless I have a message of error "Bad request. The link you followed is incorrect or outdated" when loading this plugin. I have it therefore uploaded on a new installation of punBB and I have the same error.
I assume that there are not modifications to make, otherwise to upload the pluging in directory. Have you an idea of problem? Thank you in advance.

Regards

Re: Private Message Mod, monitoring messages

What did you call the plugin file?

11

Re: Private Message Mod, monitoring messages

when i try to index with it, i get message.

An error was encountered
Error: Unable to add index.

Re: Private Message Mod, monitoring messages

Enable debug mode, post the full error

13 (edited by falconflyz 2006-07-19 21:09)

Re: Private Message Mod, monitoring messages

Smartys wrote:

What did you call the plugin file?

Excuse me if I badly understood, but I thought that code given just before was a plugin file to call AP_PM-Monitoring.php for instance. If it is not case, can you tell me how use it?
Many thanks

Re: Private Message Mod, monitoring messages

Yes, post that code in a file called AP_PM_Monitoring.php, and it should work.

15 (edited by Mark 2006-07-19 21:22)

Re: Private Message Mod, monitoring messages

nice, but i think i see a little bug tongue
you fill in the form as so...

Keyword search       Sender search       Recipient search     
  left blank                      user1                      user2


and it shows this...

Subject               Sender       Reciever      Date                  Sent
RE: hello             user1          user2      Yesterday         00:03:52
hello                    user1          user2      Yesterday         00:03:04

which is a little wrong hmm

Re: Private Message Mod, monitoring messages

Hi elbekko
It is what I made on several forums, but without succes.
Allways:

Bad request. The link you followed is incorrect or outdated

@+

Re: Private Message Mod, monitoring messages

falconflyz: If you're calling it AP_PM_Monitoring.php (as opposed to AP_PM-Monitoring.php) I'm not sure what your issue is
Mark: Why is that wrong?
A. I can't see an issue with my code
B. Can't I send a message, send a reply, and have the person reply as well? You're just seeing the original messages and the reply to the reply

Re: Private Message Mod, monitoring messages

Just! There was an error in the name of my file; now it OK. This plugin works fine. Thanks a lot.
Regards

19

Re: Private Message Mod, monitoring messages

smartys, its wrong because user1 only sent 1 message. according to that he sent 2.

Re: Private Message Mod, monitoring messages

So it's finding a message that doesn't exist and filling it with fake data? I don't think so tongue
Here's what I think is happening, I'll star the messages that the plugin is looking at
* User1 sends message to User2
User2 sends reply to User1
* User1 responds to User2's reply

21

Re: Private Message Mod, monitoring messages

Mark wrote:

when i try to index with it, i get message.

An error was encountered
Error: Unable to add index.

I get this error as well...and I still have that same error I initially emailed you about Smarty.  You on MSN or anything right now that we could talk a little?

22 (edited by Smartys 2006-07-19 23:20)

Re: Private Message Mod, monitoring messages

I don't use MSN wink
However, I do have free time tongue

23

Re: Private Message Mod, monitoring messages

You use any IM client at all?

24 (edited by Smartys 2006-07-19 23:21)

Re: Private Message Mod, monitoring messages

I'll come on any IRC network you want and I use ICQ tongue

25

Re: Private Message Mod, monitoring messages

ICQ is the way to go.  My number is 13699897.  (I wish more people still used ICQ)