[ Index ]

PHP Cross Reference of MyBB 1.8.26

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  46  
  47  $folder_id = $folder_name = '';
  48  
  49  $foldernames = array();
  50  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  51  foreach($foldersexploded as $key => $folders)
  52  {
  53      $folderinfo = explode("**", $folders, 2);
  54      if($mybb->input['fid'] == $folderinfo[0])
  55      {
  56          $sel = ' selected="selected"';
  57      }
  58      else
  59      {
  60          $sel = '';
  61      }
  62      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  63      $foldernames[$folderinfo[0]] = $folderinfo[1];
  64  
  65      $folder_id = $folderinfo[0];
  66      $folder_name = $folderinfo[1];
  67  
  68      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  69  
  70      // Manipulate search folder selection & move selector to omit "Unread"
  71      if($folder_id != 1)
  72      {
  73          if($folder_id == 0)
  74          {
  75              $folder_id = 1;
  76          }
  77          eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  78          eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  79      }
  80  }
  81  
  82  $from_fid = $mybb->input['fid'];
  83  
  84  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  85  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
  86  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
  87  
  88  usercp_menu();
  89  
  90  $plugins->run_hooks("private_start");
  91  
  92  // Make navigation
  93  add_breadcrumb($lang->nav_pms, "private.php");
  94  
  95  $mybb->input['action'] = $mybb->get_input('action');
  96  switch($mybb->input['action'])
  97  {
  98      case "send":
  99          add_breadcrumb($lang->nav_send);
 100          break;
 101      case "tracking":
 102          add_breadcrumb($lang->nav_tracking);
 103          break;
 104      case "folders":
 105          add_breadcrumb($lang->nav_folders);
 106          break;
 107      case "empty":
 108          add_breadcrumb($lang->nav_empty);
 109          break;
 110      case "export":
 111          add_breadcrumb($lang->nav_export);
 112          break;
 113      case "advanced_search":
 114          add_breadcrumb($lang->nav_search);
 115          break;
 116      case "results":
 117          add_breadcrumb($lang->nav_results);
 118          break;
 119  }
 120  
 121  if(!empty($mybb->input['preview']))
 122  {
 123      $mybb->input['action'] = "send";
 124  }
 125  
 126  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 127  {
 128      $plugins->run_hooks("private_do_search_start");
 129  
 130      // Simulate coming from our advanced search form with some preset options
 131      if($mybb->get_input('quick_search'))
 132      {
 133          $mybb->input['action'] = "do_search";
 134          $mybb->input['subject'] = 1;
 135          $mybb->input['message'] = 1;
 136          $mybb->input['folder'] = $mybb->input['fid'];
 137          unset($mybb->input['jumpto']);
 138          unset($mybb->input['fromfid']);
 139      }
 140  
 141      // Check if search flood checking is enabled and user is not admin
 142      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 143      {
 144          // Fetch the time this user last searched
 145          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 146          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 147          $last_search = $db->fetch_array($query);
 148          // Users last search was within the flood time, show the error
 149          if($last_search['sid'])
 150          {
 151              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 152              if($remaining_time == 1)
 153              {
 154                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 155              }
 156              else
 157              {
 158                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 159              }
 160              error($lang->error_searchflooding);
 161          }
 162      }
 163  
 164      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 165      {
 166          error($lang->error_nosearchresults);
 167      }
 168  
 169      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 170      {
 171          $resulttype = "pmmessages";
 172      }
 173      else
 174      {
 175          $resulttype = "pmsubjects";
 176      }
 177  
 178      $search_data = array(
 179          "keywords" => $mybb->get_input('keywords'),
 180          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 181          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 182          "sender" => $mybb->get_input('sender'),
 183          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 184          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 185      );
 186  
 187      if($db->can_search == true)
 188      {
 189          require_once  MYBB_ROOT."inc/functions_search.php";
 190  
 191          $search_results = privatemessage_perform_search_mysql($search_data);
 192      }
 193      else
 194      {
 195          error($lang->error_no_search_support);
 196      }
 197      $sid = md5(uniqid(microtime(), true));
 198      $searcharray = array(
 199          "sid" => $db->escape_string($sid),
 200          "uid" => $mybb->user['uid'],
 201          "dateline" => TIME_NOW,
 202          "ipaddress" => $db->escape_binary($session->packedip),
 203          "threads" => '',
 204          "posts" => '',
 205          "resulttype" => $resulttype,
 206          "querycache" => $search_results['querycache'],
 207          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 208      );
 209      $plugins->run_hooks("private_do_search_process");
 210  
 211      $db->insert_query("searchlog", $searcharray);
 212  
 213      // Sender sort won't work yet
 214      $sortby = array('subject', 'sender', 'dateline');
 215  
 216      if(in_array($mybb->get_input('sort'), $sortby))
 217      {
 218          $sortby = $mybb->get_input('sort');
 219      }
 220      else
 221      {
 222          $sortby = "dateline";
 223      }
 224  
 225      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 226      {
 227          $sortorder = "asc";
 228      }
 229      else
 230      {
 231          $sortorder = "desc";
 232      }
 233  
 234      $plugins->run_hooks("private_do_search_end");
 235      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 236  }
 237  
 238  if($mybb->input['action'] == "results")
 239  {
 240      $sid = $mybb->get_input('sid');
 241      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 242      $search = $db->fetch_array($query);
 243  
 244      if(!$search)
 245      {
 246          error($lang->error_invalidsearch);
 247      }
 248  
 249      $plugins->run_hooks("private_results_start");
 250  
 251      // Decide on our sorting fields and sorting order.
 252      $order = my_strtolower($mybb->get_input('order'));
 253      $sortby = my_strtolower($mybb->get_input('sortby'));
 254  
 255      $sortby_accepted = array('subject', 'username', 'dateline');
 256  
 257      if(in_array($sortby, $sortby_accepted))
 258      {
 259          $query_sortby = $sortby;
 260  
 261          if($query_sortby == "username")
 262          {
 263              $query_sortby = "fromusername";
 264          }
 265      }
 266      else
 267      {
 268          $sortby = $query_sortby = "dateline";
 269      }
 270  
 271      if($order != "asc")
 272      {
 273          $order = "desc";
 274      }
 275  
 276      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 277      {
 278          $mybb->settings['threadsperpage'] = 20;
 279      }
 280  
 281      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 282      $pmscount = $db->fetch_field($query, "total");
 283  
 284      // Work out pagination, which page we're at, as well as the limits.
 285      $perpage = $mybb->settings['threadsperpage'];
 286      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 287      if($page > 0)
 288      {
 289          $start = ($page-1) * $perpage;
 290          $pages = ceil($pmscount / $perpage);
 291          if($page > $pages)
 292          {
 293              $start = 0;
 294              $page = 1;
 295          }
 296      }
 297      else
 298      {
 299          $start = 0;
 300          $page = 1;
 301      }
 302      $end = $start + $perpage;
 303      $lower = $start+1;
 304      $upper = $end;
 305  
 306      // Work out if we have terms to highlight
 307      $highlight = "";
 308      if($search['keywords'])
 309      {
 310          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 311      }
 312  
 313      // Do Multi Pages
 314      if($upper > $pmscount)
 315      {
 316          $upper = $pmscount;
 317      }
 318      $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 319      $messagelist = '';
 320  
 321      $icon_cache = $cache->read("posticons");
 322  
 323      // Cache users in multiple recipients for sent & drafts folder
 324      // Get all recipients into an array
 325      $cached_users = $get_users = array();
 326      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 327      while($row = $db->fetch_array($users_query))
 328      {
 329          $recipients = my_unserialize($row['recipients']);
 330          if(is_array($recipients['to']) && count($recipients['to']))
 331          {
 332              $get_users = array_merge($get_users, $recipients['to']);
 333          }
 334  
 335          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 336          {
 337              $get_users = array_merge($get_users, $recipients['bcc']);
 338          }
 339      }
 340  
 341      $get_users = implode(',', array_unique($get_users));
 342  
 343      // Grab info
 344      if($get_users)
 345      {
 346          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 347          while($user = $db->fetch_array($users_query))
 348          {
 349              $cached_users[$user['uid']] = $user;
 350          }
 351      }
 352  
 353      $query = $db->query("
 354          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 355          FROM ".TABLE_PREFIX."privatemessages pm
 356          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 357          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 358          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 359          ORDER BY pm.{$query_sortby} {$order}
 360          LIMIT {$start}, {$perpage}
 361      ");
 362      while($message = $db->fetch_array($query))
 363      {
 364          $msgalt = $msgstatus = '';
 365  
 366          // Determine Folder Icon
 367          if($message['status'] == 0)
 368          {
 369              $msgstatus = 'new_pm';
 370              $msgalt = $lang->new_pm;
 371          }
 372          else if($message['status'] == 1)
 373          {
 374              $msgstatus = 'old_pm';
 375              $msgalt = $lang->old_pm;
 376          }
 377          else if($message['status'] == 3)
 378          {
 379              $msgstatus = 're_pm';
 380              $msgalt = $lang->reply_pm;
 381          }
 382          else if($message['status'] == 4)
 383          {
 384              $msgstatus = 'fw_pm';
 385              $msgalt = $lang->fwd_pm;
 386          }
 387  
 388          $folder = $message['folder'];
 389  
 390          $tofromuid = 0;
 391          if($folder == 2 || $folder == 3)
 392          {
 393              // Sent Items or Drafts Folder Check
 394              $recipients = my_unserialize($message['recipients']);
 395              $to_users = $bcc_users = '';
 396              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 397              {
 398                  foreach($recipients['to'] as $uid)
 399                  {
 400                      $profilelink = get_profile_link($uid);
 401                      $user = $cached_users[$uid];
 402                      $user['username'] = htmlspecialchars_uni($user['username']);
 403                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 404                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 405                  }
 406                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 407                  {
 408                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 409                      foreach($recipients['bcc'] as $uid)
 410                      {
 411                          $profilelink = get_profile_link($uid);
 412                          $user = $cached_users[$uid];
 413                          $user['username'] = htmlspecialchars_uni($user['username']);
 414                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 415                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 416                      }
 417                  }
 418  
 419                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 420              }
 421              else if($message['toid'])
 422              {
 423                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 424                  $tofromuid = $message['toid'];
 425              }
 426              else
 427              {
 428                  $tofromusername = $lang->not_sent;
 429              }
 430          }
 431          else
 432          {
 433              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 434              $tofromuid = $message['fromid'];
 435              if($tofromuid == 0)
 436              {
 437                  $tofromusername = $lang->mybb_engine;
 438              }
 439          }
 440  
 441          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 442  
 443          $denyreceipt = '';
 444  
 445          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 446          {
 447              $icon = $icon_cache[$message['icon']];
 448              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 449              $icon['path'] = htmlspecialchars_uni($icon['path']);
 450              $icon['name'] = htmlspecialchars_uni($icon['name']);
 451              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 452          }
 453          else
 454          {
 455              $icon = '&#009;';
 456          }
 457  
 458          if(!trim($message['subject']))
 459          {
 460              $message['subject'] = $lang->pm_no_subject;
 461          }
 462  
 463          $message['subject'] = $parser->parse_badwords($message['subject']);
 464  
 465          if(my_strlen($message['subject']) > 50)
 466          {
 467              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 468          }
 469          else
 470          {
 471              $message['subject'] = htmlspecialchars_uni($message['subject']);
 472          }
 473  
 474          if($message['folder'] != "3")
 475          {
 476              $senddate = my_date('relative', $message['dateline']);
 477          }
 478          else
 479          {
 480              $senddate = $lang->not_sent;
 481          }
 482  
 483          $fid = "0";
 484          if((int)$message['folder'] > 1)
 485          {
 486              $fid = $message['folder'];
 487          }
 488          $foldername = $foldernames[$fid];
 489  
 490          // What we do here is parse the post using our post parser, then strip the tags from it
 491          $parser_options = array(
 492              'allow_html' => 0,
 493              'allow_mycode' => 1,
 494              'allow_smilies' => 0,
 495              'allow_imgcode' => 0,
 496              'filter_badwords' => 1
 497          );
 498          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 499          if(my_strlen($message['message']) > 200)
 500          {
 501              $message['message'] = my_substr($message['message'], 0, 200)."...";
 502          }
 503  
 504          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 505      }
 506  
 507      if($db->num_rows($query) == 0)
 508      {
 509          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 510      }
 511  
 512      $plugins->run_hooks("private_results_end");
 513  
 514      eval("\$results = \"".$templates->get("private_search_results")."\";");
 515      output_page($results);
 516  }
 517  
 518  if($mybb->input['action'] == "advanced_search")
 519  {
 520      $plugins->run_hooks("private_advanced_search");
 521  
 522      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 523  
 524      output_page($advanced_search);
 525  }
 526  
 527  // Dismissing a new/unread PM notice
 528  if($mybb->input['action'] == "dismiss_notice")
 529  {
 530      if($mybb->user['pmnotice'] != 2)
 531      {
 532          exit;
 533      }
 534  
 535      // Verify incoming POST request
 536      verify_post_check($mybb->get_input('my_post_key'));
 537  
 538      $updated_user = array(
 539          "pmnotice" => 1
 540      );
 541      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 542  
 543      if(!empty($mybb->input['ajax']))
 544      {
 545          echo 1;
 546          exit;
 547      }
 548      else
 549      {
 550          header("Location: index.php");
 551          exit;
 552      }
 553  }
 554  
 555  $send_errors = '';
 556  
 557  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 558  {
 559      if($mybb->usergroup['cansendpms'] == 0)
 560      {
 561          error_no_permission();
 562      }
 563  
 564      // Verify incoming POST request
 565      verify_post_check($mybb->get_input('my_post_key'));
 566  
 567      $plugins->run_hooks("private_send_do_send");
 568  
 569      // Attempt to see if this PM is a duplicate or not
 570      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 571      $to = array_unique($to); // Filter out any duplicates
 572      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 573      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 574      $query = $db->query("
 575          SELECT pm.pmid
 576          FROM ".TABLE_PREFIX."privatemessages pm
 577          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 578          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 579          LIMIT 0, 1
 580      ");
 581      $duplicate_check = $db->fetch_field($query, "pmid");
 582      if($duplicate_check)
 583      {
 584          error($lang->error_pm_already_submitted);
 585      }
 586  
 587      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 588      $pmhandler = new PMDataHandler();
 589  
 590      $pm = array(
 591          "subject" => $mybb->get_input('subject'),
 592          "message" => $mybb->get_input('message'),
 593          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 594          "fromid" => $mybb->user['uid'],
 595          "do" => $mybb->get_input('do'),
 596          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 597          "ipaddress" => $session->packedip
 598      );
 599  
 600      // Split up any recipients we have
 601      $pm['to'] = $to;
 602      if(!empty($mybb->input['bcc']))
 603      {
 604          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 605          $pm['bcc'] = array_map("trim", $pm['bcc']);
 606      }
 607  
 608      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 609  
 610      if(!$mybb->usergroup['cantrackpms'])
 611      {
 612          $mybb->input['options']['readreceipt'] = false;
 613      }
 614  
 615      $pm['options'] = array();
 616      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 617      {
 618          $pm['options']['signature'] = 1;
 619      }
 620      else
 621      {
 622          $pm['options']['signature'] = 0;
 623      }
 624      if(isset($mybb->input['options']['disablesmilies']))
 625      {
 626          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 627      }
 628      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 629      {
 630          $pm['options']['savecopy'] = 1;
 631      }
 632      else
 633      {
 634          $pm['options']['savecopy'] = 0;
 635      }
 636      if(isset($mybb->input['options']['readreceipt']))
 637      {
 638          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 639      }
 640  
 641      if(!empty($mybb->input['saveasdraft']))
 642      {
 643          $pm['saveasdraft'] = 1;
 644      }
 645      $pmhandler->set_data($pm);
 646  
 647      // Now let the pm handler do all the hard work.
 648      if(!$pmhandler->validate_pm())
 649      {
 650          $pm_errors = $pmhandler->get_friendly_errors();
 651          $send_errors = inline_error($pm_errors);
 652          $mybb->input['action'] = "send";
 653      }
 654      else
 655      {
 656          $pminfo = $pmhandler->insert_pm();
 657          $plugins->run_hooks("private_do_send_end");
 658  
 659          if(isset($pminfo['draftsaved']))
 660          {
 661              redirect("private.php", $lang->redirect_pmsaved);
 662          }
 663          else
 664          {
 665              redirect("private.php", $lang->redirect_pmsent);
 666          }
 667      }
 668  }
 669  
 670  if($mybb->input['action'] == "send")
 671  {
 672      if($mybb->usergroup['cansendpms'] == 0)
 673      {
 674          error_no_permission();
 675      }
 676  
 677      $plugins->run_hooks("private_send_start");
 678  
 679      $smilieinserter = $codebuttons = '';
 680  
 681      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 682      {
 683          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 684          if($mybb->settings['pmsallowsmilies'] != 0)
 685          {
 686              $smilieinserter = build_clickable_smilies();
 687          }
 688      }
 689  
 690      $lang->post_icon = $lang->message_icon;
 691  
 692      $posticons = get_post_icons();
 693      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 694      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 695  
 696      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 697      $to = $bcc = '';
 698  
 699      if(!empty($mybb->input['preview']) || $send_errors)
 700      {
 701          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 702          if(isset($options['signature']) && $options['signature'] == 1)
 703          {
 704              $optionschecked['signature'] = 'checked="checked"';
 705          }
 706          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 707          {
 708              $optionschecked['disablesmilies'] = 'checked="checked"';
 709          }
 710          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 711          {
 712              $optionschecked['savecopy'] = 'checked="checked"';
 713          }
 714          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 715          {
 716              $optionschecked['readreceipt'] = 'checked="checked"';
 717          }
 718          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 719          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 720      }
 721  
 722      $preview = '';
 723      // Preview
 724      if(!empty($mybb->input['preview']))
 725      {
 726          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 727          $query = $db->query("
 728              SELECT u.username AS userusername, u.*, f.*
 729              FROM ".TABLE_PREFIX."users u
 730              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 731              WHERE u.uid='".$mybb->user['uid']."'
 732          ");
 733  
 734          $post = $db->fetch_array($query);
 735  
 736          $post['userusername'] = $mybb->user['username'];
 737          $post['postusername'] = $mybb->user['username'];
 738          $post['message'] = $mybb->get_input('message');
 739          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 740          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 741          if(!isset($options['disablesmilies']))
 742          {
 743              $options['disablesmilies'] = 0;
 744          }
 745          $post['smilieoff'] = $options['disablesmilies'];
 746          $post['dateline'] = TIME_NOW;
 747  
 748          if(!isset($options['signature']))
 749          {
 750              $post['includesig'] = 0;
 751          }
 752          else
 753          {
 754              $post['includesig'] = 1;
 755          }
 756  
 757          // Merge usergroup data from the cache
 758          $data_key = array(
 759              'title' => 'grouptitle',
 760              'usertitle' => 'groupusertitle',
 761              'stars' => 'groupstars',
 762              'starimage' => 'groupstarimage',
 763              'image' => 'groupimage',
 764              'namestyle' => 'namestyle',
 765              'usereputationsystem' => 'usereputationsystem'
 766          );
 767  
 768          foreach($data_key as $field => $key)
 769          {
 770              $post[$key] = $groupscache[$post['usergroup']][$field];
 771          }
 772  
 773          $postbit = build_postbit($post, 2);
 774          eval("\$preview = \"".$templates->get("previewpost")."\";");
 775      }
 776      else if(!$send_errors)
 777      {
 778          // New PM, so load default settings
 779          if($mybb->user['signature'] != '')
 780          {
 781              $optionschecked['signature'] = 'checked="checked"';
 782          }
 783          if($mybb->usergroup['cantrackpms'] == 1)
 784          {
 785              $optionschecked['readreceipt'] = 'checked="checked"';
 786          }
 787          $optionschecked['savecopy'] = 'checked="checked"';
 788      }
 789  
 790      // Draft, reply, forward
 791      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 792      {
 793          $query = $db->query("
 794              SELECT pm.*, u.username AS quotename
 795              FROM ".TABLE_PREFIX."privatemessages pm
 796              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 797              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 798          ");
 799  
 800          $pm = $db->fetch_array($query);
 801          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 802          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 803  
 804          if($pm['folder'] == "3")
 805          {
 806              // message saved in drafts
 807              $mybb->input['uid'] = $pm['toid'];
 808  
 809              if($pm['includesig'] == 1)
 810              {
 811                  $optionschecked['signature'] = 'checked="checked"';
 812              }
 813              if($pm['smilieoff'] == 1)
 814              {
 815                  $optionschecked['disablesmilies'] = 'checked="checked"';
 816              }
 817              if($pm['receipt'])
 818              {
 819                  $optionschecked['readreceipt'] = 'checked="checked"';
 820              }
 821  
 822              // Get list of recipients
 823              $recipients = my_unserialize($pm['recipients']);
 824              $comma = $recipientids = '';
 825              if(isset($recipients['to']) && is_array($recipients['to']))
 826              {
 827                  foreach($recipients['to'] as $recipient)
 828                  {
 829                      $recipient_list['to'][] = $recipient;
 830                      $recipientids .= $comma.$recipient;
 831                      $comma = ',';
 832                  }
 833              }
 834  
 835              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 836              {
 837                  foreach($recipients['bcc'] as $recipient)
 838                  {
 839                      $recipient_list['bcc'][] = $recipient;
 840                      $recipientids .= $comma.$recipient;
 841                      $comma = ',';
 842                  }
 843              }
 844  
 845              if(!empty($recipientids))
 846              {
 847                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 848                  while($user = $db->fetch_array($query))
 849                  {
 850                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 851                      {
 852                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 853                      }
 854                      else
 855                      {
 856                          $to .= htmlspecialchars_uni($user['username']).', ';
 857                      }
 858                  }
 859              }
 860          }
 861          else
 862          {
 863              // forward/reply
 864              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 865              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 866              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 867  
 868              require_once  MYBB_ROOT."inc/functions_posting.php";
 869  
 870              if($mybb->settings['maxpmquotedepth'] != '0')
 871              {
 872                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 873              }
 874  
 875              if($mybb->input['do'] == 'forward')
 876              {
 877                  $subject = "Fw: $subject";
 878              }
 879              elseif($mybb->input['do'] == 'reply')
 880              {
 881                  $subject = "Re: $subject";
 882                  $uid = $pm['fromid'];
 883                  if($mybb->user['uid'] == $uid)
 884                  {
 885                      $to = $mybb->user['username'];
 886                  }
 887                  else
 888                  {
 889                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 890                      $to = $db->fetch_field($query, 'username');
 891                  }
 892                  $to = htmlspecialchars_uni($to);
 893              }
 894              else if($mybb->input['do'] == 'replyall')
 895              {
 896                  $subject = "Re: $subject";
 897  
 898                  // Get list of recipients
 899                  $recipients = my_unserialize($pm['recipients']);
 900                  $recipientids = $pm['fromid'];
 901                  if(isset($recipients['to']) && is_array($recipients['to']))
 902                  {
 903                      foreach($recipients['to'] as $recipient)
 904                      {
 905                          if($recipient == $mybb->user['uid'])
 906                          {
 907                              continue;
 908                          }
 909                          $recipientids .= ','.$recipient;
 910                      }
 911                  }
 912                  $comma = '';
 913                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 914                  while($user = $db->fetch_array($query))
 915                  {
 916                      $to .= $comma.htmlspecialchars_uni($user['username']);
 917                      $comma = $lang->comma;
 918                  }
 919              }
 920          }
 921      }
 922  
 923      // New PM with recipient preset
 924      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 925      {
 926          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 927          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 928      }
 929  
 930      $max_recipients = '';
 931      if($mybb->usergroup['maxpmrecipients'] > 0)
 932      {
 933          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 934      }
 935  
 936      if($send_errors)
 937      {
 938          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 939          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 940      }
 941  
 942      // Load the auto complete javascript if it is enabled.
 943      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 944  
 945      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 946      $do = $mybb->get_input('do');
 947      if($do != "forward" && $do != "reply" && $do != "replyall")
 948      {
 949          $do = '';
 950      }
 951  
 952      $buddy_select_to = $buddy_select_bcc = '';
 953      // See if it's actually worth showing the buddylist icon.
 954      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 955      {
 956          $buddy_select = 'to';
 957          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 958          $buddy_select = 'bcc';
 959          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 960      }
 961  
 962      // Hide tracking option if no permission
 963      $private_send_tracking = '';
 964      if($mybb->usergroup['cantrackpms'])
 965      {
 966          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 967      }
 968  
 969      $plugins->run_hooks("private_send_end");
 970  
 971      eval("\$send = \"".$templates->get("private_send")."\";");
 972      output_page($send);
 973  }
 974  
 975  if($mybb->input['action'] == "read")
 976  {
 977      $plugins->run_hooks("private_read");
 978  
 979      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 980  
 981      $query = $db->query("
 982          SELECT pm.*, u.*, f.*
 983          FROM ".TABLE_PREFIX."privatemessages pm
 984          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 985          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 986          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 987      ");
 988      $pm = $db->fetch_array($query);
 989  
 990      if(!$pm)
 991      {
 992          error($lang->error_invalidpm);
 993      }
 994  
 995      if($pm['folder'] == 3)
 996      {
 997          header("Location: private.php?action=send&pmid={$pm['pmid']}");
 998          exit;
 999      }
1000  
1001      // If we've gotten a PM, attach the group info
1002      $data_key = array(
1003          'title' => 'grouptitle',
1004          'usertitle' => 'groupusertitle',
1005          'stars' => 'groupstars',
1006          'starimage' => 'groupstarimage',
1007          'image' => 'groupimage',
1008          'namestyle' => 'namestyle'
1009      );
1010  
1011      foreach($data_key as $field => $key)
1012      {
1013          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1014      }
1015  
1016      if($pm['receipt'] == 1)
1017      {
1018          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1019          {
1020              $receiptadd = 0;
1021          }
1022          else
1023          {
1024              $receiptadd = 2;
1025          }
1026      }
1027  
1028      $action_time = '';
1029      if($pm['status'] == 0)
1030      {
1031          $time = TIME_NOW;
1032          $updatearray = array(
1033              'status' => 1,
1034              'readtime' => $time
1035          );
1036  
1037          if(isset($receiptadd))
1038          {
1039              $updatearray['receipt'] = $receiptadd;
1040          }
1041  
1042          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1043  
1044          // Update the unread count - it has now changed.
1045          update_pm_count($mybb->user['uid'], 6);
1046  
1047          // Update PM notice value if this is our last unread PM
1048          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1049          {
1050              $updated_user = array(
1051                  "pmnotice" => 1
1052              );
1053              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1054          }
1055      }
1056      // Replied PM?
1057      else if($pm['status'] == 3 && $pm['statustime'])
1058      {
1059          $reply_string = $lang->you_replied_on;
1060          $reply_date = my_date('relative', $pm['statustime']);
1061  
1062          if((TIME_NOW - $pm['statustime']) < 3600)
1063          {
1064              // Relative string for the first hour
1065              $reply_string = $lang->you_replied;
1066          }
1067  
1068          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1069          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1070      }
1071      else if($pm['status'] == 4 && $pm['statustime'])
1072      {
1073          $forward_string = $lang->you_forwarded_on;
1074          $forward_date = my_date('relative', $pm['statustime']);
1075  
1076          if((TIME_NOW - $pm['statustime']) < 3600)
1077          {
1078              $forward_string = $lang->you_forwarded;
1079          }
1080  
1081          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1082          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1083      }
1084  
1085      $pm['userusername'] = $pm['username'];
1086      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1087  
1088      if($pm['fromid'] == 0)
1089      {
1090          $pm['username'] = $lang->mybb_engine;
1091      }
1092  
1093      if(!$pm['username'])
1094      {
1095          $pm['username'] = $lang->na;
1096      }
1097  
1098      // Fetch the recipients for this message
1099      $pm['recipients'] = my_unserialize($pm['recipients']);
1100  
1101      if(is_array($pm['recipients']['to']))
1102      {
1103          $uid_sql = implode(',', $pm['recipients']['to']);
1104      }
1105      else
1106      {
1107          $uid_sql = $pm['toid'];
1108          $pm['recipients']['to'] = array($pm['toid']);
1109      }
1110  
1111      $show_bcc = 0;
1112  
1113      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1114      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1115      {
1116          $show_bcc = 1;
1117          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1118      }
1119  
1120      // Fetch recipient names from the database
1121      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1122      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1123      while($recipient = $db->fetch_array($query))
1124      {
1125          // User is a BCC recipient
1126          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1127          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1128          {
1129              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1130              $bcc_form_val[] = $recipient['username'];
1131          }
1132          // User is a normal recipient
1133          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1134          {
1135              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1136          }
1137      }
1138  
1139      $bcc = '';
1140      if(count($bcc_recipients) > 0)
1141      {
1142          $bcc_recipients = implode(', ', $bcc_recipients);
1143          $bcc_form_val = implode(',', $bcc_form_val);
1144          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1145      }
1146      else
1147      {
1148          $bcc_form_val = '';
1149      }
1150  
1151      $replyall = false;
1152      if(count($to_recipients) > 1)
1153      {
1154          $replyall = true;
1155      }
1156  
1157      if(count($to_recipients) > 0)
1158      {
1159          $to_recipients = implode($lang->comma, $to_recipients);
1160      }
1161      else
1162      {
1163          $to_recipients = $lang->nobody;
1164      }
1165  
1166      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1167  
1168      add_breadcrumb($pm['subject']);
1169      $message = build_postbit($pm, 2);
1170  
1171      // Decide whether or not to show quick reply.
1172      $quickreply = '';
1173      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1174      {
1175          $trow = alt_trow();
1176  
1177          $optionschecked = array('savecopy' => 'checked="checked"');
1178          if(!empty($mybb->user['signature']))
1179          {
1180              $optionschecked['signature'] = 'checked="checked"';
1181          }
1182          if($mybb->usergroup['cantrackpms'] == 1)
1183          {
1184              $optionschecked['readreceipt'] = 'checked="checked"';
1185          }
1186  
1187          require_once  MYBB_ROOT.'inc/functions_posting.php';
1188  
1189          $quoted_message = array(
1190              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1191              'username' => $pm['username'],
1192              'quote_is_pm' => true
1193          );
1194          $quoted_message = parse_quoted_message($quoted_message);
1195  
1196          if($mybb->settings['maxpmquotedepth'] != '0')
1197          {
1198              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1199          }
1200  
1201          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1202  
1203          if($mybb->user['uid'] == $pm['fromid'])
1204          {
1205              $to = htmlspecialchars_uni($mybb->user['username']);
1206          }
1207          else
1208          {
1209              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1210              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1211          }
1212  
1213          $private_send_tracking = '';
1214          if($mybb->usergroup['cantrackpms'])
1215          {
1216              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1217  
1218              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1219          }
1220          
1221          $expaltext = (in_array("quickreply", $collapse)) ? "[+]" : "[-]";
1222          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1223      }
1224  
1225      $plugins->run_hooks("private_read_end");
1226  
1227      eval("\$read = \"".$templates->get("private_read")."\";");
1228      output_page($read);
1229  }
1230  
1231  if($mybb->input['action'] == "tracking")
1232  {
1233      if(!$mybb->usergroup['cantrackpms'])
1234      {
1235          error_no_permission();
1236      }
1237  
1238      $plugins->run_hooks("private_tracking_start");
1239      $readmessages = '';
1240      $unreadmessages = '';
1241  
1242      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1243      {
1244          $mybb->settings['postsperpage'] = 20;
1245      }
1246  
1247      // Figure out if we need to display multiple pages.
1248      $perpage = $mybb->settings['postsperpage'];
1249  
1250      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1251      $postcount = $db->fetch_field($query, "readpms");
1252  
1253      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1254      $pages = $postcount / $perpage;
1255      $pages = ceil($pages);
1256  
1257      if($mybb->get_input('read_page') == "last")
1258      {
1259          $page = $pages;
1260      }
1261  
1262      if($page > $pages || $page <= 0)
1263      {
1264          $page = 1;
1265      }
1266  
1267      if($page)
1268      {
1269          $start = ($page-1) * $perpage;
1270      }
1271      else
1272      {
1273          $start = 0;
1274          $page = 1;
1275      }
1276  
1277      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1278  
1279      $query = $db->query("
1280          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1281          FROM ".TABLE_PREFIX."privatemessages pm
1282          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1283          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1284          ORDER BY pm.readtime DESC
1285          LIMIT {$start}, {$perpage}
1286      ");
1287      while($readmessage = $db->fetch_array($query))
1288      {
1289          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1290          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1291          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1292          $readdate = my_date('relative', $readmessage['readtime']);
1293          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1294      }
1295  
1296      $stoptrackingread = '';
1297      if(!empty($readmessages))
1298      {
1299          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1300      }
1301  
1302      if(!$readmessages)
1303      {
1304          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1305      }
1306  
1307      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1308      $postcount = $db->fetch_field($query, "unreadpms");
1309  
1310      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1311      $pages = $postcount / $perpage;
1312      $pages = ceil($pages);
1313  
1314      if($mybb->get_input('unread_page') == "last")
1315      {
1316          $page = $pages;
1317      }
1318  
1319      if($page > $pages || $page <= 0)
1320      {
1321          $page = 1;
1322      }
1323  
1324      if($page)
1325      {
1326          $start = ($page-1) * $perpage;
1327      }
1328      else
1329      {
1330          $start = 0;
1331          $page = 1;
1332      }
1333  
1334      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1335  
1336      $query = $db->query("
1337          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1338          FROM ".TABLE_PREFIX."privatemessages pm
1339          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1340          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1341          ORDER BY pm.dateline DESC
1342          LIMIT {$start}, {$perpage}
1343      ");
1344      while($unreadmessage = $db->fetch_array($query))
1345      {
1346          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1347          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1348          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1349          $senddate = my_date('relative', $unreadmessage['dateline']);
1350          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1351      }
1352  
1353      $stoptrackingunread = '';
1354      if(!empty($unreadmessages))
1355      {
1356          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1357      }
1358  
1359      if(!$unreadmessages)
1360      {
1361          $lang->no_readmessages = $lang->no_unreadmessages;
1362          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1363      }
1364  
1365      $plugins->run_hooks("private_tracking_end");
1366  
1367      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1368      output_page($tracking);
1369  }
1370  
1371  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1372  {
1373      // Verify incoming POST request
1374      verify_post_check($mybb->get_input('my_post_key'));
1375  
1376      $plugins->run_hooks("private_do_tracking_start");
1377  
1378      if(!empty($mybb->input['stoptracking']))
1379      {
1380          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1381          if(!empty($mybb->input['readcheck']))
1382          {
1383              foreach($mybb->input['readcheck'] as $key => $val)
1384              {
1385                  $sql_array = array(
1386                      "receipt" => 0
1387                  );
1388                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1389              }
1390          }
1391          $plugins->run_hooks("private_do_tracking_end");
1392          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1393      }
1394      elseif(!empty($mybb->input['stoptrackingunread']))
1395      {
1396          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1397          if(!empty($mybb->input['unreadcheck']))
1398          {
1399              foreach($mybb->input['unreadcheck'] as $key => $val)
1400              {
1401                  $sql_array = array(
1402                      "receipt" => 0
1403                  );
1404                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1405              }
1406          }
1407          $plugins->run_hooks("private_do_tracking_end");
1408          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1409      }
1410      elseif(!empty($mybb->input['cancel']))
1411      {
1412          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1413          if(!empty($mybb->input['unreadcheck']))
1414          {
1415              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1416              {
1417                  $pmids[$pmid] = (int)$pmid;
1418              }
1419  
1420              $pmids = implode(",", $pmids);
1421              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1422              while($pm = $db->fetch_array($query))
1423              {
1424                  $pmuids[$pm['uid']] = $pm['uid'];
1425              }
1426  
1427              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1428              foreach($pmuids as $uid)
1429              {
1430                  // Message is canceled, update PM count for this user
1431                  update_pm_count($uid);
1432              }
1433          }
1434          $plugins->run_hooks("private_do_tracking_end");
1435          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1436      }
1437  }
1438  
1439  if($mybb->input['action'] == "stopalltracking")
1440  {
1441      // Verify incoming POST request
1442      verify_post_check($mybb->get_input('my_post_key'));
1443  
1444      $plugins->run_hooks("private_stopalltracking_start");
1445  
1446      $sql_array = array(
1447          "receipt" => 0
1448      );
1449      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1450  
1451      $plugins->run_hooks("private_stopalltracking_end");
1452      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1453  }
1454  
1455  if($mybb->input['action'] == "folders")
1456  {
1457      $plugins->run_hooks("private_folders_start");
1458  
1459      $folderlist = '';
1460      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1461      foreach($foldersexploded as $key => $folders)
1462      {
1463          $folderinfo = explode("**", $folders, 2);
1464          $foldername = $folderinfo[1];
1465          $fid = $folderinfo[0];
1466          $foldername = get_pm_folder_name($fid, $foldername);
1467  
1468          if((int)$folderinfo[0] < 5)
1469          {
1470              $foldername2 = get_pm_folder_name($fid);
1471              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1472              unset($name);
1473          }
1474          else
1475          {
1476              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1477          }
1478      }
1479  
1480      $newfolders = '';
1481      for($i = 1; $i <= 5; ++$i)
1482      {
1483          $fid = "new$i";
1484          $foldername = '';
1485          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1486      }
1487  
1488      $plugins->run_hooks("private_folders_end");
1489  
1490      eval("\$folders = \"".$templates->get("private_folders")."\";");
1491      output_page($folders);
1492  }
1493  
1494  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1495  {
1496      // Verify incoming POST request
1497      verify_post_check($mybb->get_input('my_post_key'));
1498  
1499      $plugins->run_hooks("private_do_folders_start");
1500  
1501      $highestid = 2;
1502      $folders = '';
1503      $donefolders = array();
1504      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1505      foreach($mybb->input['folder'] as $key => $val)
1506      {
1507          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1508          {
1509              if(my_substr($key, 0, 3) == "new") // Create a new folder
1510              {
1511                  ++$highestid;
1512                  $fid = (int)$highestid;
1513              }
1514              else // Editing an existing folder
1515              {
1516                  if($key > $highestid)
1517                  {
1518                      $highestid = $key;
1519                  }
1520  
1521                  $fid = (int)$key;
1522                  // Use default language strings if empty or value is language string
1523                  if($val == get_pm_folder_name($fid) || trim($val) == '')
1524                  {
1525                      $val = '';
1526                  }
1527              }
1528  
1529              if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4))
1530              {
1531                  // If the name only contains whitespace and it's not a default folder, print an error
1532                  error($lang->error_emptypmfoldername);
1533              }
1534  
1535              if($val != '' || (is_numeric($key) && $key <= 4))
1536              {
1537                  // If there is a name or if this is a default folder, save it
1538                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1539  
1540                  if(my_strpos($foldername, "$%%$") === false)
1541                  {
1542                      if($folders != '')
1543                      {
1544                          $folders .= "$%%$";
1545                      }
1546                      $folders .= "$fid**$foldername";
1547                  }
1548                  else
1549                  {
1550                      error($lang->error_invalidpmfoldername);
1551                  }
1552              }
1553              else
1554              {
1555                  // Delete PMs from the folder
1556                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1557              }
1558          }
1559      }
1560  
1561      $sql_array = array(
1562          "pmfolders" => $folders
1563      );
1564      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1565  
1566      // Update PM count
1567      update_pm_count();
1568  
1569      $plugins->run_hooks("private_do_folders_end");
1570  
1571      redirect("private.php", $lang->redirect_pmfoldersupdated);
1572  }
1573  
1574  if($mybb->input['action'] == "empty")
1575  {
1576      if($mybb->user['totalpms'] == 0)
1577      {
1578          error($lang->error_nopms);
1579      }
1580  
1581      $plugins->run_hooks("private_empty_start");
1582  
1583      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1584      $folderlist = $unread = '';
1585      foreach($foldersexploded as $key => $folders)
1586      {
1587          $folderinfo = explode("**", $folders, 2);
1588          $fid = $folderinfo[0];
1589          if($folderinfo[0] == "1")
1590          {
1591              $fid = "1";
1592              $unread = " AND status='0'";
1593          }
1594          if($folderinfo[0] == "0")
1595          {
1596              $fid = "1";
1597          }
1598          $foldername = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1599          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid'$unread AND uid='".$mybb->user['uid']."'");
1600          $thing = $db->fetch_array($query);
1601          $foldercount = my_number_format($thing['pmsinfolder']);
1602          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1603      }
1604  
1605      $plugins->run_hooks("private_empty_end");
1606  
1607      eval("\$folders = \"".$templates->get("private_empty")."\";");
1608      output_page($folders);
1609  }
1610  
1611  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1612  {
1613      // Verify incoming POST request
1614      verify_post_check($mybb->get_input('my_post_key'));
1615  
1616      $plugins->run_hooks("private_do_empty_start");
1617  
1618      $emptyq = '';
1619      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1620      $keepunreadq = '';
1621      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1622      {
1623          $keepunreadq = " AND status!='0'";
1624      }
1625      if(!empty($mybb->input['empty']))
1626      {
1627          foreach($mybb->input['empty'] as $key => $val)
1628          {
1629              if($val == 1)
1630              {
1631                  $key = (int)$key;
1632                  if($emptyq)
1633                  {
1634                      $emptyq .= " OR ";
1635                  }
1636                  $emptyq .= "folder='$key'";
1637              }
1638          }
1639  
1640          if($emptyq != '')
1641          {
1642              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1643          }
1644      }
1645  
1646      // Update PM count
1647      update_pm_count();
1648  
1649      $plugins->run_hooks("private_do_empty_end");
1650      redirect("private.php", $lang->redirect_pmfoldersemptied);
1651  }
1652  
1653  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1654  {
1655      // Verify incoming POST request
1656      verify_post_check($mybb->get_input('my_post_key'));
1657  
1658      $plugins->run_hooks("private_do_stuff");
1659  
1660      if(!empty($mybb->input['hop']))
1661      {
1662          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1663      }
1664      elseif(!empty($mybb->input['moveto']))
1665      {
1666          $pms = array_map('intval', array_keys($mybb->get_input('check', MyBB::INPUT_ARRAY)));
1667          if(!empty($pms))
1668          {
1669              if(!$mybb->input['fid'])
1670              {
1671                  $mybb->input['fid'] = 1;
1672              }
1673  
1674              if(array_key_exists($mybb->input['fid'], $foldernames))
1675              {
1676                  $db->update_query("privatemessages", array("folder" => $mybb->input['fid']), "pmid IN (".implode(",", $pms).") AND uid='".$mybb->user['uid']."'");
1677                  update_pm_count();
1678              }
1679              else
1680              {
1681                  error($lang->error_invalidmovefid);
1682              }
1683          }
1684  
1685          if(!empty($mybb->input['fromfid']))
1686          {
1687              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1688          }
1689          else
1690          {
1691              redirect("private.php", $lang->redirect_pmsmoved);
1692          }
1693      }
1694      elseif(!empty($mybb->input['delete']))
1695      {
1696          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1697          if(!empty($mybb->input['check']))
1698          {
1699              $pmssql = '';
1700              foreach($mybb->input['check'] as $key => $val)
1701              {
1702                  if($pmssql)
1703                  {
1704                      $pmssql .= ",";
1705                  }
1706                  $pmssql .= "'".(int)$key."'";
1707              }
1708  
1709              $deletepms = array();
1710              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1711              while($delpm = $db->fetch_array($query))
1712              {
1713                  $deletepms[$delpm['pmid']] = 1;
1714              }
1715  
1716              foreach($mybb->input['check'] as $key => $val)
1717              {
1718                  $key = (int)$key;
1719                  if(!empty($deletepms[$key]))
1720                  {
1721                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1722                  }
1723                  else
1724                  {
1725                      $sql_array = array(
1726                          "folder" => 4,
1727                          "deletetime" => TIME_NOW
1728                      );
1729                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1730                  }
1731              }
1732          }
1733          // Update PM count
1734          update_pm_count();
1735  
1736          if(!empty($mybb->input['fromfid']))
1737          {
1738              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1739          }
1740          else
1741          {
1742              redirect("private.php", $lang->redirect_pmsdeleted);
1743          }
1744      }
1745  }
1746  
1747  if($mybb->input['action'] == "delete")
1748  {
1749      // Verify incoming POST request
1750      verify_post_check($mybb->get_input('my_post_key'));
1751  
1752      $plugins->run_hooks("private_delete_start");
1753  
1754      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1755      if($db->num_rows($query) == 1)
1756      {
1757          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1758      }
1759      else
1760      {
1761          $sql_array = array(
1762              "folder" => 4,
1763              "deletetime" => TIME_NOW
1764          );
1765          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1766      }
1767  
1768      // Update PM count
1769      update_pm_count();
1770  
1771      $plugins->run_hooks("private_delete_end");
1772      redirect("private.php", $lang->redirect_pmsdeleted);
1773  }
1774  
1775  if($mybb->input['action'] == "export")
1776  {
1777      if($mybb->user['totalpms'] == 0)
1778      {
1779          error($lang->error_nopms);
1780      }
1781  
1782      $plugins->run_hooks("private_export_start");
1783  
1784      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1785      $folder_name = $folder_id = '';
1786      foreach($foldersexploded as $key => $folders)
1787      {
1788          $folderinfo = explode("**", $folders, 2);
1789          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1790  
1791          $folder_id = $folderinfo[0];
1792          $folder_name = $folderinfo[1];
1793  
1794          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1795      }
1796  
1797      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1798  
1799      $plugins->run_hooks("private_export_end");
1800  
1801      eval("\$archive = \"".$templates->get("private_archive")."\";");
1802  
1803      output_page($archive);
1804  }
1805  
1806  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1807  {
1808      // Verify incoming POST request
1809      verify_post_check($mybb->get_input('my_post_key'));
1810  
1811      $plugins->run_hooks("private_do_export_start");
1812  
1813      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1814      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1815      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1816      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1817      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1818      foreach($foldersexploded as $key => $folders)
1819      {
1820          $folderinfo = explode("**", $folders, 2);
1821          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1822          $foldersexploded[$key] = implode("**", $folderinfo);
1823      }
1824  
1825      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1826      {
1827          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1828      }
1829      else
1830      {
1831          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1832          {
1833              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1834              $wsql = "pm.dateline";
1835              if($mybb->get_input('dayway') == "older")
1836              {
1837                  $wsql .= "<=";
1838              }
1839              else
1840              {
1841                  $wsql .= ">=";
1842              }
1843              $wsql .= "'$datecut'";
1844          }
1845          else
1846          {
1847              $wsql = "1=1";
1848          }
1849  
1850          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1851          if(!empty($mybb->input['exportfolders']))
1852          {
1853              $folderlst = '';
1854              foreach($mybb->input['exportfolders'] as $key => $val)
1855              {
1856                  $val = $db->escape_string($val);
1857                  if($val == "all")
1858                  {
1859                      $folderlst = '';
1860                      break;
1861                  }
1862                  else
1863                  {
1864                      if(!$folderlst)
1865                      {
1866                          $folderlst = " AND pm.folder IN ('$val'";
1867                      }
1868                      else
1869                      {
1870                          $folderlst .= ",'$val'";
1871                      }
1872                  }
1873              }
1874              if($folderlst)
1875              {
1876                  $folderlst .= ")";
1877              }
1878              $wsql .= "$folderlst";
1879          }
1880          else
1881          {
1882              error($lang->error_pmnoarchivefolders);
1883          }
1884  
1885          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1886          {
1887              $wsql .= " AND pm.status!='0'";
1888          }
1889      }
1890      $query = $db->query("
1891          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1892          FROM ".TABLE_PREFIX."privatemessages pm
1893          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1894          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1895          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1896          ORDER BY pm.folder ASC, pm.dateline DESC
1897      ");
1898      $numpms = $db->num_rows($query);
1899      if(!$numpms)
1900      {
1901          error($lang->error_nopmsarchive);
1902      }
1903  
1904      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1905  
1906      $pmsdownload = $ids = '';
1907      while($message = $db->fetch_array($query))
1908      {
1909          if($message['folder'] == 2 || $message['folder'] == 3)
1910          { // Sent Items or Drafts Folder Check
1911              if($message['toid'])
1912              {
1913                  $tofromuid = $message['toid'];
1914                  if($mybb->input['exporttype'] == "txt")
1915                  {
1916                      $tofromusername = $message['tousername'];
1917                  }
1918                  else
1919                  {
1920                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1921                  }
1922              }
1923              else
1924              {
1925                  $tofromusername = $lang->not_sent;
1926              }
1927              $tofrom = $lang->to;
1928          }
1929          else
1930          {
1931              $tofromuid = $message['fromid'];
1932              if($mybb->input['exporttype'] == "txt")
1933              {
1934                  $tofromusername = $message['fromusername'];
1935              }
1936              else
1937              {
1938                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1939              }
1940  
1941              if($tofromuid == 0)
1942              {
1943                  $tofromusername = $lang->mybb_engine;
1944              }
1945              $tofrom = $lang->from;
1946          }
1947  
1948          if($tofromuid == 0)
1949          {
1950              $message['fromusername'] = $lang->mybb_engine;
1951          }
1952  
1953          if(!$message['toid'] && $message['folder'] == 3)
1954          {
1955              $message['tousername'] = $lang->not_sent;
1956          }
1957  
1958          $message['subject'] = $parser->parse_badwords($message['subject']);
1959          if($message['folder'] != "3")
1960          {
1961              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1962              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1963              $senddate .= " $lang->at $sendtime";
1964          }
1965          else
1966          {
1967              $senddate = $lang->not_sent;
1968          }
1969  
1970          if($mybb->input['exporttype'] == "html")
1971          {
1972              $parser_options = array(
1973                  "allow_html" => $mybb->settings['pmsallowhtml'],
1974                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1975                  "allow_smilies" => 0,
1976                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1977                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1978                  "me_username" => $mybb->user['username'],
1979                  "filter_badwords" => 1
1980              );
1981  
1982              $message['message'] = $parser->parse_message($message['message'], $parser_options);
1983              $message['subject'] = htmlspecialchars_uni($message['subject']);
1984          }
1985  
1986          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
1987          {
1988              $message['message'] = str_replace("\r\n", "\n", $message['message']);
1989              $message['message'] = str_replace("\n", "\r\n", $message['message']);
1990          }
1991  
1992          if($mybb->input['exporttype'] == "csv")
1993          {
1994              $message['message'] = my_escape_csv($message['message']);
1995              $message['subject'] = my_escape_csv($message['subject']);
1996              $message['tousername'] = my_escape_csv($message['tousername']);
1997              $message['fromusername'] = my_escape_csv($message['fromusername']);
1998          }
1999  
2000          if(empty($donefolder[$message['folder']]))
2001          {
2002              reset($foldersexploded);
2003              foreach($foldersexploded as $key => $val)
2004              {
2005                  $folderinfo = explode("**", $val, 2);
2006                  if($folderinfo[0] == $message['folder'])
2007                  {
2008                      $foldername = $folderinfo[1];
2009                      if($mybb->input['exporttype'] != "csv")
2010                      {
2011                          if($mybb->input['exporttype'] != "html")
2012                          {
2013                              $mybb->input['exporttype'] == "txt";
2014                          }
2015                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2016                      }
2017                      else
2018                      {
2019                          $foldername = my_escape_csv($folderinfo[1]);
2020                      }
2021                      $donefolder[$message['folder']] = 1;
2022                  }
2023              }
2024          }
2025  
2026          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2027          $ids .= ",'{$message['pmid']}'";
2028      }
2029  
2030      if($mybb->input['exporttype'] == "html")
2031      {
2032          // Gather global stylesheet for HTML
2033          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
2034          $css = $db->fetch_field($query, "stylesheet");
2035      }
2036  
2037      $plugins->run_hooks("private_do_export_end");
2038  
2039      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2040      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2041      { // delete the archived pms
2042          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2043          // Update PM count
2044          update_pm_count();
2045      }
2046  
2047      if($mybb->input['exporttype'] == "html")
2048      {
2049          $filename = "pm-archive.html";
2050          $contenttype = "text/html";
2051      }
2052      elseif($mybb->input['exporttype'] == "csv")
2053      {
2054          $filename = "pm-archive.csv";
2055          $contenttype = "application/octet-stream";
2056      }
2057      else
2058      {
2059          $filename = "pm-archive.txt";
2060          $contenttype = "text/plain";
2061      }
2062  
2063      $archived = str_replace("\\\'","'",$archived);
2064      header("Content-disposition: filename=$filename");
2065      header("Content-type: ".$contenttype);
2066  
2067      if($mybb->input['exporttype'] == "html")
2068      {
2069          output_page($archived);
2070      }
2071      else
2072      {
2073          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2074          echo $archived;
2075      }
2076  }
2077  
2078  if(!$mybb->input['action'])
2079  {
2080      $plugins->run_hooks("private_inbox");
2081  
2082      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2083      {
2084          $mybb->input['fid'] = 0;
2085      }
2086  
2087      $fid = (int)$mybb->input['fid'];
2088      $folder = !$fid ? 1 : $fid;
2089      $foldername = $foldernames[$fid];
2090  
2091      if($folder == 2 || $folder == 3)
2092      { // Sent Items Folder
2093          $sender = $lang->sentto;
2094      }
2095      else
2096      {
2097          $sender = $lang->sender;
2098      }
2099  
2100      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2101      $ordersel = array('asc' => '', 'desc');
2102      switch(my_strtolower($mybb->input['order']))
2103      {
2104          case "asc":
2105              $sortordernow = "asc";
2106              $ordersel['asc'] = "selected=\"selected\"";
2107              $oppsort = $lang->desc;
2108              $oppsortnext = "desc";
2109              break;
2110          default:
2111              $sortordernow = "desc";
2112              $ordersel['desc'] = "selected=\"selected\"";
2113              $oppsort = $lang->asc;
2114              $oppsortnext = "asc";
2115              break;
2116      }
2117  
2118      // Sort by which field?
2119      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2120      switch($mybb->get_input('sortby'))
2121      {
2122          case "subject":
2123              $sortfield = "subject";
2124              break;
2125          case "username":
2126              $sortfield = "username";
2127              break;
2128          default:
2129              $sortby = "dateline";
2130              $sortfield = "dateline";
2131              $mybb->input['sortby'] = "dateline";
2132              break;
2133      }
2134      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2135      $sortsel[$sortby] = "selected=\"selected\"";
2136  
2137      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2138  
2139      // Do Multi Pages
2140      $selective = "";
2141      if($fid == 1)
2142      {
2143          $selective = " AND status='0'";
2144      }
2145  
2146      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'$selective");
2147      $pmscount = $db->fetch_field($query, "total");
2148  
2149      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2150      {
2151          $mybb->settings['threadsperpage'] = 20;
2152      }
2153  
2154      $perpage = $mybb->settings['threadsperpage'];
2155      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2156  
2157      if($page > 0)
2158      {
2159          $start = ($page-1) *$perpage;
2160          $pages = ceil($pmscount / $perpage);
2161          if($page > $pages)
2162          {
2163              $start = 0;
2164              $page = 1;
2165          }
2166      }
2167      else
2168      {
2169          $start = 0;
2170          $page = 1;
2171      }
2172  
2173      $end = $start + $perpage;
2174      $lower = $start+1;
2175      $upper = $end;
2176  
2177      if($upper > $pmscount)
2178      {
2179          $upper = $pmscount;
2180      }
2181  
2182      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2183      {
2184          $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}";
2185      }
2186      else
2187      {
2188          $page_url = "private.php?fid={$fid}";
2189      }
2190  
2191      $multipage = multipage($pmscount, $perpage, $page, $page_url);
2192      $selective = $messagelist = '';
2193  
2194      $icon_cache = $cache->read("posticons");
2195  
2196      // Cache users in multiple recipients for sent & drafts folder
2197      if($folder == 2 || $folder == 3)
2198      {
2199          if($sortfield == "username")
2200          {
2201              $u = "u.";
2202          }
2203          else
2204          {
2205              $u = "pm.";
2206          }
2207  
2208          // Get all recipients into an array
2209          $cached_users = $get_users = array();
2210          $users_query = $db->query("
2211              SELECT pm.recipients
2212              FROM ".TABLE_PREFIX."privatemessages pm
2213              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2214              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2215              ORDER BY {$u}{$sortfield} {$sortordernow}
2216              LIMIT {$start}, {$perpage}
2217          ");
2218          while($row = $db->fetch_array($users_query))
2219          {
2220              $recipients = my_unserialize($row['recipients']);
2221              if(is_array($recipients['to']) && count($recipients['to']))
2222              {
2223                  $get_users = array_merge($get_users, $recipients['to']);
2224              }
2225  
2226              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2227              {
2228                  $get_users = array_merge($get_users, $recipients['bcc']);
2229              }
2230          }
2231  
2232          $get_users = implode(',', array_unique($get_users));
2233  
2234          // Grab info
2235          if($get_users)
2236          {
2237              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2238              while($user = $db->fetch_array($users_query))
2239              {
2240                  $cached_users[$user['uid']] = $user;
2241              }
2242          }
2243      }
2244  
2245      if($folder == 2 || $folder == 3)
2246      {
2247          if($sortfield == "username")
2248          {
2249              $pm = "tu.";
2250          }
2251          else
2252          {
2253              $pm = "pm.";
2254          }
2255      }
2256      else
2257      {
2258          if($fid == 1)
2259          {
2260              $selective = " AND pm.status='0'";
2261          }
2262  
2263          if($sortfield == "username")
2264          {
2265              $pm = "fu.";
2266          }
2267          else
2268          {
2269              $pm = "pm.";
2270          }
2271      }
2272  
2273      $query = $db->query("
2274          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2275          FROM ".TABLE_PREFIX."privatemessages pm
2276          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2277          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2278          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective}
2279          ORDER BY {$pm}{$sortfield} {$sortordernow}
2280          LIMIT $start, $perpage
2281      ");
2282  
2283      if($db->num_rows($query) > 0)
2284      {
2285          while($message = $db->fetch_array($query))
2286          {
2287              $msgalt = $msgstatus = '';
2288  
2289              // Determine Folder Icon
2290              if($message['status'] == 0)
2291              {
2292                  $msgstatus = 'new_pm';
2293                  $msgalt = $lang->new_pm;
2294              }
2295              else if($message['status'] == 1)
2296              {
2297                  $msgstatus = 'old_pm';
2298                  $msgalt = $lang->old_pm;
2299              }
2300              else if($message['status'] == 3)
2301              {
2302                  $msgstatus = 're_pm';
2303                  $msgalt = $lang->reply_pm;
2304              }
2305              else if($message['status'] == 4)
2306              {
2307                  $msgstatus = 'fw_pm';
2308                  $msgalt = $lang->fwd_pm;
2309              }
2310  
2311              $tofromuid = 0;
2312              if($folder == 2 || $folder == 3)
2313              { // Sent Items or Drafts Folder Check
2314                  $recipients = my_unserialize($message['recipients']);
2315                  $to_users = $bcc_users = '';
2316                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2317                  {
2318                      foreach($recipients['to'] as $uid)
2319                      {
2320                          $profilelink = get_profile_link($uid);
2321                          $user = $cached_users[$uid];
2322                          $user['username'] = htmlspecialchars_uni($user['username']);
2323                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2324                          if(!$user['username'])
2325                          {
2326                              $username = $lang->na;
2327                          }
2328                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2329                      }
2330                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2331                      {
2332                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2333                          foreach($recipients['bcc'] as $uid)
2334                          {
2335                              $profilelink = get_profile_link($uid);
2336                              $user = $cached_users[$uid];
2337                              $user['username'] = htmlspecialchars_uni($user['username']);
2338                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2339                              if(!$user['username'])
2340                              {
2341                                  $username = $lang->na;
2342                              }
2343                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2344                          }
2345                      }
2346  
2347                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2348                  }
2349                  else if($message['toid'])
2350                  {
2351                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2352                      $tofromuid = $message['toid'];
2353                  }
2354                  else
2355                  {
2356                      $tofromusername = $lang->not_sent;
2357                  }
2358              }
2359              else
2360              {
2361                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2362                  $tofromuid = $message['fromid'];
2363                  if($tofromuid == 0)
2364                  {
2365                      $tofromusername = $lang->mybb_engine;
2366                  }
2367  
2368                  if(!$tofromusername)
2369                  {
2370                      $tofromuid = 0;
2371                      $tofromusername = $lang->na;
2372                  }
2373              }
2374  
2375              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2376  
2377              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2378              {
2379                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2380              }
2381              else
2382              {
2383                  $denyreceipt = '';
2384              }
2385  
2386              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2387              {
2388                  $icon = $icon_cache[$message['icon']];
2389                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2390                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2391                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2392                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2393              }
2394              else
2395              {
2396                  $icon = '&#009;';
2397              }
2398  
2399              if(!trim($message['subject']))
2400              {
2401                  $message['subject'] = $lang->pm_no_subject;
2402              }
2403  
2404              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2405              if($message['folder'] != "3")
2406              {
2407                  $senddate = my_date('relative', $message['dateline']);
2408              }
2409              else
2410              {
2411                  $senddate = $lang->not_sent;
2412              }
2413  
2414              $plugins->run_hooks("private_message");
2415  
2416              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2417          }
2418      }
2419      else
2420      {
2421          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2422      }
2423  
2424      $pmspacebar = '';
2425      if($mybb->usergroup['pmquota'] != 0)
2426      {
2427          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2428          $pmscount = $db->fetch_array($query);
2429          if($pmscount['total'] == 0)
2430          {
2431              $spaceused = 0;
2432          }
2433          else
2434          {
2435              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2436          }
2437          $spaceused2 = 100 - $spaceused;
2438          $belowhalf = $overhalf = '';
2439          if($spaceused <= "50")
2440          {
2441              $spaceused_severity = "low";
2442              $belowhalf = round($spaceused, 0)."%";
2443              if((int)$belowhalf > 100)
2444              {
2445                  $belowhalf = "100%";
2446              }
2447          }
2448          else
2449          {
2450              if($spaceused <= "75")
2451              {
2452                  $spaceused_severity = "medium";
2453              }
2454  
2455              else
2456              {
2457                  $spaceused_severity = "high";
2458              }
2459              
2460              $overhalf = round($spaceused, 0)."%";
2461              if((int)$overhalf > 100)
2462              {
2463                  $overhalf = "100%";
2464              }
2465          }
2466  
2467          if($spaceused > 100)
2468          {
2469              $spaceused = 100;
2470              $spaceused2 = 0;
2471          }
2472  
2473          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2474      }
2475  
2476      $composelink = '';
2477      if($mybb->usergroup['cansendpms'] == 1)
2478      {
2479          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2480      }
2481  
2482      $emptyexportlink = '';
2483      if($mybb->user['totalpms'] > 0)
2484      {
2485          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2486      }
2487  
2488      $limitwarning = '';
2489      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2490      {
2491          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2492      }
2493  
2494      $plugins->run_hooks("private_end");
2495  
2496      eval("\$folder = \"".$templates->get("private")."\";");
2497      output_page($folder);
2498  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref