diff --git a/contrib/pm/main.php b/contrib/pm/main.php
new file mode 100644
index 00000000..1a23814e
--- /dev/null
+++ b/contrib/pm/main.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * Name: Private Messaging
+ * Author: Shish <webmaster@shishnet.org>
+ * License: GPLv2
+ * Description: Allow users to send messages to eachother
+ */
+
+class PM implements Extension {
+	var $theme;
+
+	public function receive_event(Event $event) {
+		if(is_null($this->theme)) $this->theme = get_theme_object($this);
+
+		if($event instanceof InitExtEvent) {
+			global $config;
+			if($config->get_int("pm_version") < 1) {
+				$this->install();
+			}
+		}
+
+		/*
+		if($event instanceof UserBlockBuildingEvent) {
+			if(!$event->user->is_anonymous()) {
+				$event->add_link("Private Messages", make_link("pm"));
+			}
+		}
+		*/
+
+		if($event instanceof UserPageBuildingEvent) {
+			global $user;
+			$duser = $event->user;
+			if(!$user->is_anonymous()) {
+				if(($user->id == $duser->id) || $user->is_admin()) {
+					$this->theme->display_pms($event->page, $this->get_pms($duser));
+				}
+				if($user->id != $duser->id) {
+					$this->theme->display_composer($event->page, $user, $duser);
+				}
+			}
+		}
+
+		if(($event instanceof PageRequestEvent) && $event->page_matches("pm/read")) {
+			global $database;
+			global $config;
+			global $user;
+			$pm_id = int_escape($event->get_arg(0));
+			$pm = $database->get_row("SELECT * FROM private_message WHERE id = ?", array($pm_id));
+			if(is_null($pm)) {
+				// error
+			}
+			else if(($pm["to_id"] == $user->id) || $user->is_admin()) {
+				$from_user = User::by_id($config, $database, int_escape($pm["from_id"]));
+				$this->theme->display_message($event->page, $from_user, $event->user, $pm);
+			}
+			else {
+				// else
+			}
+		}
+
+		if(($event instanceof PageRequestEvent) && $event->page_matches("pm/delete")) {
+			global $database;
+			global $config;
+			global $user;
+			$pm_id = int_escape($event->get_arg(0));
+			$pm = $database->get_row("SELECT * FROM private_message WHERE id = ?", array($pm_id));
+			if(is_null($pm)) {
+				// error
+			}
+			else if(($pm["to_id"] == $user->id) || $user->is_admin()) {
+				$database->execute("DELETE FROM private_message WHERE id = ?", array($pm_id));
+				$event->page->set_mode("redirect");
+				$event->page->set_redirect(make_link("user"));
+			}
+			else {
+				// else
+			}
+		}
+	}
+
+	protected function install() {
+		global $database;
+		global $config;
+		
+		// shortcut to latest
+		if($config->get_int("pm_version") < 1) {
+			$database->execute("
+				CREATE TABLE private_message (
+					id {$database->engine->auto_increment},
+					from_id INTEGER NOT NULL,
+					from_ip VARCHAR(15) NOT NULL,
+					to_id INTEGER NOT NULL,
+					sent_date DATETIME NOT NULL,
+					subject VARCHAR(64) NOT NULL,
+					message TEXT NOT NULL,
+					is_read ENUM('Y', 'N') NOT NULL DEFAULT 'N',
+					INDEX (to_id)
+				) {$database->engine->create_table_extras};
+			");
+			$config->set_int("pm_version", 1);
+		}
+	}
+
+	private function get_pms(User $user) {
+		global $database;
+
+		return $database->get_all("
+			SELECT private_message.*,user_from.name AS from_name
+			FROM private_message
+			JOIN users AS user_from ON user_from.id=from_id
+			WHERE to_id = ?
+			", array($user->id));
+	}
+}
+add_event_listener(new PM());
+?>
diff --git a/contrib/pm/theme.php b/contrib/pm/theme.php
new file mode 100644
index 00000000..edc571d1
--- /dev/null
+++ b/contrib/pm/theme.php
@@ -0,0 +1,46 @@
+<?php
+
+class PMTheme extends Themelet {
+	public function display_pms(Page $page, $pms) {
+		$html = "<table>";
+		$html .= "<tr><th>Subject</th><th>From</th><th>Date</th><th>Action</th></tr>";
+		foreach($pms as $pm) {
+			$h_subject = html_escape($pm["subject"]);
+			$h_from = html_escape($pm["from_name"]);
+			$from_url = make_link("user/".url_escape($pm["from_name"]));
+			$pm_url = make_link("pm/read/".$pm["id"]);
+			$del_url = make_link("pm/delete/".$pm["id"]);
+			$h_date = html_escape($pm["sent_date"]);
+			if($pm["is_read"] == "N") $h_subject = "<b>$h_subject</b>";
+			$html .= "<tr><td><a href='$pm_url'>$h_subject</a></td>
+			<td><a href='$from_url'>$h_from</a></td><td>$h_date</td>
+			<td><form action='$del_url'><input type='submit' value='Delete'></form></td></tr>";
+		}
+		$html .= "</table>";
+		$page->add_block(new Block("Private Messages", $html, "main", 10));
+	}
+
+	public function display_composer(Page $page, User $from, User $to) {
+		$post_url = make_link("pm/send");
+		$to_id = $to->id;
+		$html = <<<EOD
+<form action="$post_url" method="POST">
+<input type="hidden" name="to_id" value="$to_id">
+<table style="width: 400px;">
+<tr><td>Subject:</td><td><input type="text" name="subject"></td></tr>
+<tr><td colspan="2"><textarea style="width: 100%" rows="6" name="message"></textarea></td></tr>
+<tr><td colspan="2"><input type="submit" value="Send"></td></tr>
+</table>
+</form>
+EOD;
+		$page->add_block(new Block("Write a PM", $html, "main", 20));
+	}
+
+	public function display_message(Page $page, User $from, User $to, $pm) {
+		$this->display_composer($page, $to, $from);
+		$page->set_title("Private Message");
+		$page->set_heading(html_escape($pm["subject"]));
+		$page->add_block(new Block("Message", format_text($pm["message"]), "main", 10));
+	}
+}
+?>