Please make sure IN_MYBB is defined."); } /** * PM handling class, provides common structure to handle private messaging data. * */ class PMDataHandler extends DataHandler { /** * The language file used in the data handler. * * @var string */ public $language_file = 'datahandler_pm'; /** * The prefix for the language variables used in the data handler. * * @var string */ public $language_prefix = 'pmdata'; /** * Array of data inserted in to a private message. * * @var array */ public $pm_insert_data = array(); /** * Array of data used to update a private message. * * @var array */ public $pm_update_data = array(); /** * PM ID currently being manipulated by the datahandlers. * * @var int */ public $pmid = 0; /** * Values to be returned after inserting a PM. * * @var array */ public $return_values = array(); /** * Verifies a private message subject. * * @return boolean True when valid, false when invalid. */ function verify_subject() { $subject = &$this->data['subject']; // Subject is over 85 characters, too long. if(my_strlen($subject) > 85) { $this->set_error("too_long_subject"); return false; } // No subject, apply the default [no subject] if(!trim_blank_chrs($subject)) { $this->set_error("missing_subject"); return false; } return true; } /** * Verifies if a message for a PM is valid. * * @return boolean True when valid, false when invalid. */ function verify_message() { $message = &$this->data['message']; // No message, return an error. if(trim_blank_chrs($message) == '') { $this->set_error("missing_message"); return false; } // If the length of message is beyond SQL limitation for 'text' field else if(strlen($message) > 65535) { $this->set_error("message_too_long", array('65535', strlen($message))); return false; } return true; } /** * Verifies if the specified sender is valid or not. * * @return boolean True when valid, false when invalid. */ function verify_sender() { global $db, $mybb, $lang; $pm = &$this->data; // Return if we've already validated if(!empty($pm['sender'])) { return true; } // Fetch the senders profile data. $sender = get_user($pm['fromid']); // Collect user permissions for the sender. $sender_permissions = user_permissions($pm['fromid']); // Check if the sender is over their quota or not - if they are, disable draft sending if(isset($pm['options']['savecopy']) && $pm['options']['savecopy'] != 0 && empty($pm['saveasdraft'])) { if($sender_permissions['pmquota'] != 0 && $sender['totalpms'] >= $sender_permissions['pmquota'] && $this->admin_override != true) { $pm['options']['savecopy'] = 0; } } // Assign the sender information to the data. $pm['sender'] = array( "uid" => $sender['uid'], "username" => $sender['username'] ); return true; } /** * Verifies if an array of recipients for a private message are valid * * @return boolean True when valid, false when invalid. */ function verify_recipient() { global $cache, $db, $mybb, $lang; $pm = &$this->data; $recipients = array(); $invalid_recipients = array(); // We have our recipient usernames but need to fetch user IDs if(array_key_exists("to", $pm)) { foreach(array("to", "bcc") as $recipient_type) { if(!isset($pm[$recipient_type])) { $pm[$recipient_type] = array(); } if(!is_array($pm[$recipient_type])) { $pm[$recipient_type] = array($pm[$recipient_type]); } $pm[$recipient_type] = array_map('trim', $pm[$recipient_type]); $pm[$recipient_type] = array_filter($pm[$recipient_type]); // No recipients? Skip query if(empty($pm[$recipient_type])) { if($recipient_type == 'to' && empty($pm['saveasdraft'])) { $this->set_error("no_recipients"); return false; } continue; } $recipientUsernames = array_map(array($db, 'escape_string'), $pm[$recipient_type]); $recipientUsernames = "'".implode("','", $recipientUsernames)."'"; $query = $db->simple_select('users', '*', 'username IN('.$recipientUsernames.')'); $validUsernames = array(); while($user = $db->fetch_array($query)) { if($recipient_type == "bcc") { $user['bcc'] = 1; } $recipients[] = $user; $validUsernames[] = $user['username']; } foreach($pm[$recipient_type] as $username) { if(!in_array($username, $validUsernames)) { $invalid_recipients[] = $username; } } } } // We have recipient IDs else { foreach(array("toid", "bccid") as $recipient_type) { if(!isset($pm[$recipient_type])) { $pm[$recipient_type] = array(); } if(!is_array($pm[$recipient_type])) { $pm[$recipient_type] = array($pm[$recipient_type]); } $pm[$recipient_type] = array_map('intval', $pm[$recipient_type]); $pm[$recipient_type] = array_filter($pm[$recipient_type]); // No recipients? Skip query if(empty($pm[$recipient_type])) { if($recipient_type == 'toid' && !$pm['saveasdraft']) { $this->set_error("no_recipients"); return false; } continue; } $recipientUids = "'".implode("','", $pm[$recipient_type])."'"; $query = $db->simple_select('users', '*', 'uid IN('.$recipientUids.')'); $validUids = array(); while($user = $db->fetch_array($query)) { if($recipient_type == "bccid") { $user['bcc'] = 1; } $recipients[] = $user; $validUids[] = $user['uid']; } foreach($pm[$recipient_type] as $uid) { if(!in_array($uid, $validUids)) { $invalid_recipients[] = $uid; } } } } // If we have one or more invalid recipients and we're not saving a draft, error if(count($invalid_recipients) > 0) { $invalid_recipients = implode($lang->comma, array_map("htmlspecialchars_uni", $invalid_recipients)); $this->set_error("invalid_recipients", array($invalid_recipients)); return false; } $sender_permissions = user_permissions($pm['fromid']); // Are we trying to send this message to more users than the permissions allow? if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true) { $this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients'])); } // Now we're done with that we loop through each recipient $pm['recipients'] = array(); foreach($recipients as $user) { // Collect group permissions for this recipient. $recipient_permissions = user_permissions($user['uid']); // See if the sender is on the recipients ignore list and that either // - admin_override is set or // - sender is an administrator if($this->admin_override != true && $sender_permissions['canoverridepm'] != 1) { if(!empty($user['ignorelist']) && strpos(','.$user['ignorelist'].',', ','.$pm['fromid'].',') !== false) { $this->set_error("recipient_is_ignoring", array(htmlspecialchars_uni($user['username']))); } // Is the recipient only allowing private messages from their buddy list? if(empty($pm['saveasdraft']) && $mybb->settings['allowbuddyonly'] == 1 && $user['receivefrombuddy'] == 1 && !empty($user['buddylist']) && strpos(','.$user['buddylist'].',', ','.$pm['fromid'].',') === false) { $this->set_error('recipient_has_buddy_only', array(htmlspecialchars_uni($user['username']))); } // Can the recipient actually receive private messages based on their permissions or user setting? if(($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && empty($pm['saveasdraft'])) { $this->set_error("recipient_pms_disabled", array(htmlspecialchars_uni($user['username']))); return false; } } // Check to see if the user has reached their private message quota - if they have, email them. if($recipient_permissions['pmquota'] != 0 && $user['totalpms'] >= $recipient_permissions['pmquota'] && $sender_permissions['cancp'] != 1 && empty($pm['saveasdraft']) && !$this->admin_override) { if(trim($user['language']) != '' && $lang->language_exists($user['language'])) { $uselang = trim($user['language']); } elseif($mybb->settings['bblanguage']) { $uselang = $mybb->settings['bblanguage']; } else { $uselang = "english"; } if($uselang == $mybb->settings['bblanguage'] || !$uselang) { $emailsubject = $lang->emailsubject_reachedpmquota; $emailmessage = $lang->email_reachedpmquota; } else { $userlang = new MyLanguage; $userlang->set_path(MYBB_ROOT."inc/languages"); $userlang->set_language($uselang); $userlang->load("messages"); $emailsubject = $userlang->emailsubject_reachedpmquota; $emailmessage = $userlang->email_reachedpmquota; } $emailmessage = $lang->sprintf($emailmessage, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']); $emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname'], $pm['subject']); $new_email = array( "mailto" => $db->escape_string($user['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => '' ); $db->insert_query("mailqueue", $new_email); $cache->update_mailqueue(); if($this->admin_override != true) { $this->set_error("recipient_reached_quota", array(htmlspecialchars_uni($user['username']))); } } // Everything looks good, assign some specifics about the recipient $pm['recipients'][$user['uid']] = array( "uid" => $user['uid'], "username" => $user['username'], "email" => $user['email'], "lastactive" => $user['lastactive'], "pmnotice" => $user['pmnotice'], "pmnotify" => $user['pmnotify'], "language" => $user['language'] ); // If this recipient is defined as a BCC recipient, save it if(isset($user['bcc']) && $user['bcc'] == 1) { $pm['recipients'][$user['uid']]['bcc'] = 1; } } return true; } /** * Verify that the user is not flooding the system. * * @return boolean */ function verify_pm_flooding() { global $mybb, $db; $pm = &$this->data; // Check if post flooding is enabled within MyBB or if the admin override option is specified. if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] != 0 && $this->admin_override == false && !is_moderator(0, '', $pm['fromid'])) { // Fetch the senders profile data. $sender = get_user($pm['fromid']); // Calculate last post $query = $db->simple_select("privatemessages", "dateline", "fromid='".$db->escape_string($pm['fromid'])."' AND toid != '0'", array('order_by' => 'dateline', 'order_dir' => 'desc', 'limit' => 1)); $sender['lastpm'] = $db->fetch_field($query, "dateline"); // A little bit of calculation magic and moderator status checking. if(TIME_NOW-$sender['lastpm'] <= $mybb->settings['pmfloodsecs']) { // Oops, user has been flooding - throw back error message. $time_to_wait = ($mybb->settings['pmfloodsecs'] - (TIME_NOW-$sender['lastpm'])) + 1; if($time_to_wait == 1) { $this->set_error("pm_flooding_one_second"); } else { $this->set_error("pm_flooding", array($time_to_wait)); } return false; } } // All is well that ends well - return true. return true; } /** * Verifies if the various 'options' for sending PMs are valid. * * @return boolean True when valid, false when invalid. */ function verify_options() { $options = &$this->data['options']; $this->verify_yesno_option($options, 'signature', 1); $this->verify_yesno_option($options, 'savecopy', 1); $this->verify_yesno_option($options, 'disablesmilies', 0); // Requesting a read receipt? if(isset($options['readreceipt']) && $options['readreceipt'] == 1) { $options['readreceipt'] = 1; } else { $options['readreceipt'] = 0; } return true; } /** * Validate an entire private message. * * @return boolean True when valid, false when invalid. */ function validate_pm() { global $plugins; $pm = &$this->data; if(empty($pm['savedraft'])) { $this->verify_pm_flooding(); } // Verify all PM assets. $this->verify_subject(); $this->verify_sender(); $this->verify_recipient(); $this->verify_message(); $this->verify_options(); $plugins->run_hooks("datahandler_pm_validate", $this); // Choose the appropriate folder to save in. if(!empty($pm['saveasdraft'])) { $pm['folder'] = 3; } else { $pm['folder'] = 1; } // We are done validating, return. $this->set_validated(true); if(count($this->get_errors()) > 0) { return false; } else { return true; } } /** * Insert a new private message. * * @return array Array of PM useful data. */ function insert_pm() { global $cache, $db, $mybb, $plugins, $lang; // Yes, validating is required. if(!$this->get_validated()) { die("The PM needs to be validated before inserting it into the DB."); } if(count($this->get_errors()) > 0) { die("The PM is not valid."); } // Assign data to common variable $pm = &$this->data; if(empty($pm['pmid'])) { $pm['pmid'] = 0; } $pm['pmid'] = (int)$pm['pmid']; if(empty($pm['icon']) || $pm['icon'] < 0) { $pm['icon'] = 0; } $uid = 0; // Build recipient list $recipient_list = array(); if(isset($pm['recipients']) && is_array($pm['recipients'])) { foreach($pm['recipients'] as $recipient) { if(!empty($recipient['bcc'])) { $recipient_list['bcc'][] = $recipient['uid']; } else { $recipient_list['to'][] = $recipient['uid']; $uid = $recipient['uid']; } } } $this->pm_insert_data = array( 'fromid' => (int)$pm['sender']['uid'], 'folder' => $pm['folder'], 'subject' => $db->escape_string($pm['subject']), 'icon' => (int)$pm['icon'], 'message' => $db->escape_string($pm['message']), 'dateline' => TIME_NOW, 'status' => 0, 'includesig' => $pm['options']['signature'], 'smilieoff' => $pm['options']['disablesmilies'], 'receipt' => (int)$pm['options']['readreceipt'], 'readtime' => 0, 'recipients' => $db->escape_string(my_serialize($recipient_list)), 'ipaddress' => $db->escape_binary($pm['ipaddress']) ); // Check if we're updating a draft or not. $query = $db->simple_select("privatemessages", "pmid, deletetime", "folder='3' AND uid='".(int)$pm['sender']['uid']."' AND pmid='{$pm['pmid']}'"); $draftcheck = $db->fetch_array($query); // This PM was previously a draft if($draftcheck) { if($draftcheck['deletetime']) { // This draft was a reply to a PM $pm['pmid'] = $draftcheck['deletetime']; $pm['do'] = "reply"; } // Delete the old draft as we no longer need it $db->delete_query("privatemessages", "pmid='{$draftcheck['pmid']}'"); } // Saving this message as a draft if(!empty($pm['saveasdraft'])) { $this->pm_insert_data['uid'] = $pm['sender']['uid']; // If this is a reply, then piggyback into the deletetime to let us know in the future if($pm['do'] == "reply" || $pm['do'] == "replyall") { $this->pm_insert_data['deletetime'] = $pm['pmid']; } $plugins->run_hooks("datahandler_pm_insert_updatedraft", $this); $this->pmid = $db->insert_query("privatemessages", $this->pm_insert_data); $plugins->run_hooks("datahandler_pm_insert_updatedraft_commit", $this); // If this is a draft, end it here - below deals with complete messages return array( "draftsaved" => 1 ); } $this->pmid = array(); // Save a copy of the PM for each of our recipients foreach($pm['recipients'] as $recipient) { // Send email notification of new PM if it is enabled for the recipient $query = $db->simple_select("privatemessages", "dateline", "uid='".$recipient['uid']."' AND folder='1'", array('order_by' => 'dateline', 'order_dir' => 'desc', 'limit' => 1)); $lastpm = $db->fetch_array($query); if($recipient['pmnotify'] == 1 && (empty($lastpm['dateline']) || $recipient['lastactive'] > $lastpm['dateline'])) { if($recipient['language'] != "" && $lang->language_exists($recipient['language'])) { $uselang = $recipient['language']; } elseif($mybb->settings['bblanguage']) { $uselang = $mybb->settings['bblanguage']; } else { $uselang = "english"; } if($uselang == $mybb->settings['bblanguage'] && !empty($lang->emailsubject_newpm)) { $emailsubject = $lang->emailsubject_newpm; $emailmessage = $lang->email_newpm; } else { $userlang = new MyLanguage; $userlang->set_path(MYBB_ROOT."inc/languages"); $userlang->set_language($uselang); $userlang->load("messages"); $emailsubject = $userlang->emailsubject_newpm; $emailmessage = $userlang->email_newpm; } if(!$pm['sender']['username']) { $pm['sender']['username'] = $lang->mybb_engine; } require_once MYBB_ROOT.'inc/class_parser.php'; $parser = new Postparser; $parser_options = array( 'me_username' => $pm['sender']['username'], 'filter_badwords' => 1 ); $pm['message'] = $parser->text_parse_message($pm['message'], $parser_options); $emailmessage = $lang->sprintf($emailmessage, $recipient['username'], $pm['sender']['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $pm['message']); $emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname'], $pm['subject']); $new_email = array( "mailto" => $db->escape_string($recipient['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => '' ); $db->insert_query("mailqueue", $new_email); $cache->update_mailqueue(); } $this->pm_insert_data['uid'] = $recipient['uid']; $this->pm_insert_data['toid'] = $recipient['uid']; $plugins->run_hooks("datahandler_pm_insert", $this); $this->pmid[] = $db->insert_query("privatemessages", $this->pm_insert_data); $plugins->run_hooks("datahandler_pm_insert_commit", $this); // If PM noices/alerts are on, show! if($recipient['pmnotice'] == 1) { $updated_user = array( "pmnotice" => 2 ); $db->update_query("users", $updated_user, "uid='{$recipient['uid']}'"); } // Update private message count (total, new and unread) for recipient require_once MYBB_ROOT."/inc/functions_user.php"; update_pm_count($recipient['uid'], 7, $recipient['lastactive']); } // Are we replying or forwarding an existing PM? if($pm['pmid']) { if($pm['do'] == "reply" || $pm['do'] == "replyall") { $sql_array = array( 'status' => 3, 'statustime' => TIME_NOW ); $db->update_query("privatemessages", $sql_array, "pmid={$pm['pmid']} AND uid={$pm['sender']['uid']}"); } elseif($pm['do'] == "forward") { $sql_array = array( 'status' => 4, 'statustime' => TIME_NOW ); $db->update_query("privatemessages", $sql_array, "pmid={$pm['pmid']} AND uid={$pm['sender']['uid']}"); } } // If we're saving a copy if($pm['options']['savecopy'] != 0) { if(isset($recipient_list['to']) && is_array($recipient_list['to']) && count($recipient_list['to']) == 1) { $this->pm_insert_data['toid'] = $uid; } else { $this->pm_insert_data['toid'] = 0; } $this->pm_insert_data['uid'] = (int)$pm['sender']['uid']; $this->pm_insert_data['folder'] = 2; $this->pm_insert_data['status'] = 1; $this->pm_insert_data['receipt'] = 0; $plugins->run_hooks("datahandler_pm_insert_savedcopy", $this); $db->insert_query("privatemessages", $this->pm_insert_data); $plugins->run_hooks("datahandler_pm_insert_savedcopy_commit", $this); // Because the sender saved a copy, update their total pm count require_once MYBB_ROOT."/inc/functions_user.php"; update_pm_count($pm['sender']['uid'], 1); } // Return back with appropriate data $this->return_values = array( "messagesent" => 1, "pmids" => $this->pmid ); $plugins->run_hooks("datahandler_pm_insert_end", $this); return $this->return_values; } }