[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  $update = false;
  46  if(!$mybb->user['pmfolders'])
  47  {
  48      $update = true;
  49      $mybb->user['pmfolders'] = "0**$%%$1**$%%$2**$%%$3**$%%$4**";
  50  }
  51  elseif ((int)my_substr($mybb->user['pmfolders'], 0, 1) != 0)
  52  {
  53      // Old folder structure. Need to update
  54      // Since MyBB 1.8.20 fid[0] represents 'Inbox' and fid[1] represents 'Unread'
  55      $update = true;
  56      $mybb->user['pmfolders'] = '0'. ltrim(str_replace("$%%$2**", "$%%$1**$%%$2**", $mybb->user['pmfolders']), '1');
  57  }
  58  
  59  // Folder structure update required?
  60  if($update)
  61  {
  62      $sql_array = array(
  63           "pmfolders" => $db->escape_string($mybb->user['pmfolders']),
  64      );
  65      $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
  66  }
  67  
  68  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  69  
  70  $folder_id = $folder_name = '';
  71  
  72  $foldernames = array();
  73  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  74  foreach($foldersexploded as $key => $folders)
  75  {
  76      $folderinfo = explode("**", $folders, 2);
  77      if($mybb->input['fid'] == $folderinfo[0])
  78      {
  79          $sel = ' selected="selected"';
  80      }
  81      else
  82      {
  83          $sel = '';
  84      }
  85      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  86      $foldernames[$folderinfo[0]] = $folderinfo[1];
  87  
  88      $folder_id = $folderinfo[0];
  89      $folder_name = $folderinfo[1];
  90  
  91      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  92      eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  93      // Manipulate search folder selection to omit "Unread"
  94      if($folder_id != 1)
  95      {
  96          if($folder_id == 0)
  97          {
  98              $folder_id = 1;
  99          }
 100          eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
 101      }
 102  }
 103  
 104  $from_fid = $mybb->input['fid'];
 105  
 106  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
 107  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
 108  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
 109  
 110  usercp_menu();
 111  
 112  $plugins->run_hooks("private_start");
 113  
 114  // Make navigation
 115  add_breadcrumb($lang->nav_pms, "private.php");
 116  
 117  $mybb->input['action'] = $mybb->get_input('action');
 118  switch($mybb->input['action'])
 119  {
 120      case "send":
 121          add_breadcrumb($lang->nav_send);
 122          break;
 123      case "tracking":
 124          add_breadcrumb($lang->nav_tracking);
 125          break;
 126      case "folders":
 127          add_breadcrumb($lang->nav_folders);
 128          break;
 129      case "empty":
 130          add_breadcrumb($lang->nav_empty);
 131          break;
 132      case "export":
 133          add_breadcrumb($lang->nav_export);
 134          break;
 135      case "advanced_search":
 136          add_breadcrumb($lang->nav_search);
 137          break;
 138      case "results":
 139          add_breadcrumb($lang->nav_results);
 140          break;
 141  }
 142  
 143  if(!empty($mybb->input['preview']))
 144  {
 145      $mybb->input['action'] = "send";
 146  }
 147  
 148  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 149  {
 150      $plugins->run_hooks("private_do_search_start");
 151  
 152      // Simulate coming from our advanced search form with some preset options
 153      if($mybb->get_input('quick_search'))
 154      {
 155          $mybb->input['action'] = "do_search";
 156          $mybb->input['subject'] = 1;
 157          $mybb->input['message'] = 1;
 158          $mybb->input['folder'] = $mybb->input['fid'];
 159          unset($mybb->input['jumpto']);
 160          unset($mybb->input['fromfid']);
 161      }
 162  
 163      // Check if search flood checking is enabled and user is not admin
 164      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 165      {
 166          // Fetch the time this user last searched
 167          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 168          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 169          $last_search = $db->fetch_array($query);
 170          // Users last search was within the flood time, show the error
 171          if($last_search['sid'])
 172          {
 173              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 174              if($remaining_time == 1)
 175              {
 176                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 177              }
 178              else
 179              {
 180                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 181              }
 182              error($lang->error_searchflooding);
 183          }
 184      }
 185  
 186      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 187      {
 188          error($lang->error_nosearchresults);
 189      }
 190  
 191      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 192      {
 193          $resulttype = "pmmessages";
 194      }
 195      else
 196      {
 197          $resulttype = "pmsubjects";
 198      }
 199  
 200      $search_data = array(
 201          "keywords" => $mybb->get_input('keywords'),
 202          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 203          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 204          "sender" => $mybb->get_input('sender'),
 205          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 206          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 207      );
 208  
 209      if($db->can_search == true)
 210      {
 211          require_once  MYBB_ROOT."inc/functions_search.php";
 212  
 213          $search_results = privatemessage_perform_search_mysql($search_data);
 214      }
 215      else
 216      {
 217          error($lang->error_no_search_support);
 218      }
 219      $sid = md5(uniqid(microtime(), true));
 220      $searcharray = array(
 221          "sid" => $db->escape_string($sid),
 222          "uid" => $mybb->user['uid'],
 223          "dateline" => TIME_NOW,
 224          "ipaddress" => $db->escape_binary($session->packedip),
 225          "threads" => '',
 226          "posts" => '',
 227          "resulttype" => $resulttype,
 228          "querycache" => $search_results['querycache'],
 229          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 230      );
 231      $plugins->run_hooks("private_do_search_process");
 232  
 233      $db->insert_query("searchlog", $searcharray);
 234  
 235      // Sender sort won't work yet
 236      $sortby = array('subject', 'sender', 'dateline');
 237  
 238      if(in_array($mybb->get_input('sort'), $sortby))
 239      {
 240          $sortby = $mybb->get_input('sort');
 241      }
 242      else
 243      {
 244          $sortby = "dateline";
 245      }
 246  
 247      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 248      {
 249          $sortorder = "asc";
 250      }
 251      else
 252      {
 253          $sortorder = "desc";
 254      }
 255  
 256      $plugins->run_hooks("private_do_search_end");
 257      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 258  }
 259  
 260  if($mybb->input['action'] == "results")
 261  {
 262      $sid = $mybb->get_input('sid');
 263      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 264      $search = $db->fetch_array($query);
 265  
 266      if(!$search)
 267      {
 268          error($lang->error_invalidsearch);
 269      }
 270  
 271      $plugins->run_hooks("private_results_start");
 272  
 273      // Decide on our sorting fields and sorting order.
 274      $order = my_strtolower($mybb->get_input('order'));
 275      $sortby = my_strtolower($mybb->get_input('sortby'));
 276  
 277      $sortby_accepted = array('subject', 'username', 'dateline');
 278  
 279      if(in_array($sortby, $sortby_accepted))
 280      {
 281          $query_sortby = $sortby;
 282  
 283          if($query_sortby == "username")
 284          {
 285              $query_sortby = "fromusername";
 286          }
 287      }
 288      else
 289      {
 290          $sortby = $query_sortby = "dateline";
 291      }
 292  
 293      if($order != "asc")
 294      {
 295          $order = "desc";
 296      }
 297  
 298      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 299      {
 300          $mybb->settings['threadsperpage'] = 20;
 301      }
 302  
 303      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 304      $pmscount = $db->fetch_field($query, "total");
 305  
 306      // Work out pagination, which page we're at, as well as the limits.
 307      $perpage = $mybb->settings['threadsperpage'];
 308      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 309      if($page > 0)
 310      {
 311          $start = ($page-1) * $perpage;
 312          $pages = ceil($pmscount / $perpage);
 313          if($page > $pages)
 314          {
 315              $start = 0;
 316              $page = 1;
 317          }
 318      }
 319      else
 320      {
 321          $start = 0;
 322          $page = 1;
 323      }
 324      $end = $start + $perpage;
 325      $lower = $start+1;
 326      $upper = $end;
 327  
 328      // Work out if we have terms to highlight
 329      $highlight = "";
 330      if($search['keywords'])
 331      {
 332          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 333      }
 334  
 335      // Do Multi Pages
 336      if($upper > $pmscount)
 337      {
 338          $upper = $pmscount;
 339      }
 340      $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 341      $messagelist = '';
 342  
 343      $icon_cache = $cache->read("posticons");
 344  
 345      // Cache users in multiple recipients for sent & drafts folder
 346      // Get all recipients into an array
 347      $cached_users = $get_users = array();
 348      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 349      while($row = $db->fetch_array($users_query))
 350      {
 351          $recipients = my_unserialize($row['recipients']);
 352          if(is_array($recipients['to']) && count($recipients['to']))
 353          {
 354              $get_users = array_merge($get_users, $recipients['to']);
 355          }
 356  
 357          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 358          {
 359              $get_users = array_merge($get_users, $recipients['bcc']);
 360          }
 361      }
 362  
 363      $get_users = implode(',', array_unique($get_users));
 364  
 365      // Grab info
 366      if($get_users)
 367      {
 368          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 369          while($user = $db->fetch_array($users_query))
 370          {
 371              $cached_users[$user['uid']] = $user;
 372          }
 373      }
 374  
 375      $query = $db->query("
 376          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 377          FROM ".TABLE_PREFIX."privatemessages pm
 378          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 379          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 380          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 381          ORDER BY pm.{$query_sortby} {$order}
 382          LIMIT {$start}, {$perpage}
 383      ");
 384      while($message = $db->fetch_array($query))
 385      {
 386          $msgalt = $msgstatus = '';
 387  
 388          // Determine Folder Icon
 389          if($message['status'] == 0)
 390          {
 391              $msgstatus = 'new_pm';
 392              $msgalt = $lang->new_pm;
 393          }
 394          else if($message['status'] == 1)
 395          {
 396              $msgstatus = 'old_pm';
 397              $msgalt = $lang->old_pm;
 398          }
 399          else if($message['status'] == 3)
 400          {
 401              $msgstatus = 're_pm';
 402              $msgalt = $lang->reply_pm;
 403          }
 404          else if($message['status'] == 4)
 405          {
 406              $msgstatus = 'fw_pm';
 407              $msgalt = $lang->fwd_pm;
 408          }
 409  
 410          $folder = $message['folder'];
 411  
 412          $tofromuid = 0;
 413          if($folder == 2 || $folder == 3)
 414          {
 415              // Sent Items or Drafts Folder Check
 416              $recipients = my_unserialize($message['recipients']);
 417              $to_users = $bcc_users = '';
 418              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 419              {
 420                  foreach($recipients['to'] as $uid)
 421                  {
 422                      $profilelink = get_profile_link($uid);
 423                      $user = $cached_users[$uid];
 424                      $user['username'] = htmlspecialchars_uni($user['username']);
 425                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 426                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 427                  }
 428                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 429                  {
 430                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 431                      foreach($recipients['bcc'] as $uid)
 432                      {
 433                          $profilelink = get_profile_link($uid);
 434                          $user = $cached_users[$uid];
 435                          $user['username'] = htmlspecialchars_uni($user['username']);
 436                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 437                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 438                      }
 439                  }
 440  
 441                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 442              }
 443              else if($message['toid'])
 444              {
 445                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 446                  $tofromuid = $message['toid'];
 447              }
 448              else
 449              {
 450                  $tofromusername = $lang->not_sent;
 451              }
 452          }
 453          else
 454          {
 455              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 456              $tofromuid = $message['fromid'];
 457              if($tofromuid == 0)
 458              {
 459                  $tofromusername = $lang->mybb_engine;
 460              }
 461          }
 462  
 463          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 464  
 465          $denyreceipt = '';
 466  
 467          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 468          {
 469              $icon = $icon_cache[$message['icon']];
 470              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 471              $icon['path'] = htmlspecialchars_uni($icon['path']);
 472              $icon['name'] = htmlspecialchars_uni($icon['name']);
 473              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 474          }
 475          else
 476          {
 477              $icon = '&#009;';
 478          }
 479  
 480          if(!trim($message['subject']))
 481          {
 482              $message['subject'] = $lang->pm_no_subject;
 483          }
 484  
 485          $message['subject'] = $parser->parse_badwords($message['subject']);
 486  
 487          if(my_strlen($message['subject']) > 50)
 488          {
 489              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 490          }
 491          else
 492          {
 493              $message['subject'] = htmlspecialchars_uni($message['subject']);
 494          }
 495  
 496          if($message['folder'] != "3")
 497          {
 498              $senddate = my_date('relative', $message['dateline']);
 499          }
 500          else
 501          {
 502              $senddate = $lang->not_sent;
 503          }
 504  
 505          $fid = "0";
 506          if((int)$message['folder'] > 1)
 507          {
 508              $fid = $message['folder'];
 509          }
 510          $foldername = $foldernames[$fid];
 511  
 512          // What we do here is parse the post using our post parser, then strip the tags from it
 513          $parser_options = array(
 514              'allow_html' => 0,
 515              'allow_mycode' => 1,
 516              'allow_smilies' => 0,
 517              'allow_imgcode' => 0,
 518              'filter_badwords' => 1
 519          );
 520          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 521          if(my_strlen($message['message']) > 200)
 522          {
 523              $message['message'] = my_substr($message['message'], 0, 200)."...";
 524          }
 525  
 526          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 527      }
 528  
 529      if($db->num_rows($query) == 0)
 530      {
 531          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 532      }
 533  
 534      $plugins->run_hooks("private_results_end");
 535  
 536      eval("\$results = \"".$templates->get("private_search_results")."\";");
 537      output_page($results);
 538  }
 539  
 540  if($mybb->input['action'] == "advanced_search")
 541  {
 542      $plugins->run_hooks("private_advanced_search");
 543  
 544      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 545  
 546      output_page($advanced_search);
 547  }
 548  
 549  // Dismissing a new/unread PM notice
 550  if($mybb->input['action'] == "dismiss_notice")
 551  {
 552      if($mybb->user['pmnotice'] != 2)
 553      {
 554          exit;
 555      }
 556  
 557      // Verify incoming POST request
 558      verify_post_check($mybb->get_input('my_post_key'));
 559  
 560      $updated_user = array(
 561          "pmnotice" => 1
 562      );
 563      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 564  
 565      if(!empty($mybb->input['ajax']))
 566      {
 567          echo 1;
 568          exit;
 569      }
 570      else
 571      {
 572          header("Location: index.php");
 573          exit;
 574      }
 575  }
 576  
 577  $send_errors = '';
 578  
 579  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 580  {
 581      if($mybb->usergroup['cansendpms'] == 0)
 582      {
 583          error_no_permission();
 584      }
 585  
 586      // Verify incoming POST request
 587      verify_post_check($mybb->get_input('my_post_key'));
 588  
 589      $plugins->run_hooks("private_send_do_send");
 590  
 591      // Attempt to see if this PM is a duplicate or not
 592      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 593      $to = array_unique($to); // Filter out any duplicates
 594      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 595      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 596      $query = $db->query("
 597          SELECT pm.pmid
 598          FROM ".TABLE_PREFIX."privatemessages pm
 599          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 600          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 601          LIMIT 0, 1
 602      ");
 603      $duplicate_check = $db->fetch_field($query, "pmid");
 604      if($duplicate_check)
 605      {
 606          error($lang->error_pm_already_submitted);
 607      }
 608  
 609      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 610      $pmhandler = new PMDataHandler();
 611  
 612      $pm = array(
 613          "subject" => $mybb->get_input('subject'),
 614          "message" => $mybb->get_input('message'),
 615          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 616          "fromid" => $mybb->user['uid'],
 617          "do" => $mybb->get_input('do'),
 618          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 619          "ipaddress" => $session->packedip
 620      );
 621  
 622      // Split up any recipients we have
 623      $pm['to'] = $to;
 624      if(!empty($mybb->input['bcc']))
 625      {
 626          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 627          $pm['bcc'] = array_map("trim", $pm['bcc']);
 628      }
 629  
 630      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 631  
 632      if(!$mybb->usergroup['cantrackpms'])
 633      {
 634          $mybb->input['options']['readreceipt'] = false;
 635      }
 636  
 637      $pm['options'] = array();
 638      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 639      {
 640          $pm['options']['signature'] = 1;
 641      }
 642      else
 643      {
 644          $pm['options']['signature'] = 0;
 645      }
 646      if(isset($mybb->input['options']['disablesmilies']))
 647      {
 648          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 649      }
 650      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 651      {
 652          $pm['options']['savecopy'] = 1;
 653      }
 654      else
 655      {
 656          $pm['options']['savecopy'] = 0;
 657      }
 658      if(isset($mybb->input['options']['readreceipt']))
 659      {
 660          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 661      }
 662  
 663      if(!empty($mybb->input['saveasdraft']))
 664      {
 665          $pm['saveasdraft'] = 1;
 666      }
 667      $pmhandler->set_data($pm);
 668  
 669      // Now let the pm handler do all the hard work.
 670      if(!$pmhandler->validate_pm())
 671      {
 672          $pm_errors = $pmhandler->get_friendly_errors();
 673          $send_errors = inline_error($pm_errors);
 674          $mybb->input['action'] = "send";
 675      }
 676      else
 677      {
 678          $pminfo = $pmhandler->insert_pm();
 679          $plugins->run_hooks("private_do_send_end");
 680  
 681          if(isset($pminfo['draftsaved']))
 682          {
 683              redirect("private.php", $lang->redirect_pmsaved);
 684          }
 685          else
 686          {
 687              redirect("private.php", $lang->redirect_pmsent);
 688          }
 689      }
 690  }
 691  
 692  if($mybb->input['action'] == "send")
 693  {
 694      if($mybb->usergroup['cansendpms'] == 0)
 695      {
 696          error_no_permission();
 697      }
 698  
 699      $plugins->run_hooks("private_send_start");
 700  
 701      $smilieinserter = $codebuttons = '';
 702  
 703      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 704      {
 705          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 706          if($mybb->settings['pmsallowsmilies'] != 0)
 707          {
 708              $smilieinserter = build_clickable_smilies();
 709          }
 710      }
 711  
 712      $lang->post_icon = $lang->message_icon;
 713  
 714      $posticons = get_post_icons();
 715      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 716      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 717  
 718      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 719      $to = $bcc = '';
 720  
 721      if(!empty($mybb->input['preview']) || $send_errors)
 722      {
 723          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 724          if(isset($options['signature']) && $options['signature'] == 1)
 725          {
 726              $optionschecked['signature'] = 'checked="checked"';
 727          }
 728          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 729          {
 730              $optionschecked['disablesmilies'] = 'checked="checked"';
 731          }
 732          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 733          {
 734              $optionschecked['savecopy'] = 'checked="checked"';
 735          }
 736          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 737          {
 738              $optionschecked['readreceipt'] = 'checked="checked"';
 739          }
 740          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 741          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 742      }
 743  
 744      $preview = '';
 745      // Preview
 746      if(!empty($mybb->input['preview']))
 747      {
 748          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 749          $query = $db->query("
 750              SELECT u.username AS userusername, u.*, f.*
 751              FROM ".TABLE_PREFIX."users u
 752              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 753              WHERE u.uid='".$mybb->user['uid']."'
 754          ");
 755  
 756          $post = $db->fetch_array($query);
 757  
 758          $post['userusername'] = $mybb->user['username'];
 759          $post['postusername'] = $mybb->user['username'];
 760          $post['message'] = $mybb->get_input('message');
 761          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 762          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 763          if(!isset($options['disablesmilies']))
 764          {
 765              $options['disablesmilies'] = 0;
 766          }
 767          $post['smilieoff'] = $options['disablesmilies'];
 768          $post['dateline'] = TIME_NOW;
 769  
 770          if(!isset($options['signature']))
 771          {
 772              $post['includesig'] = 0;
 773          }
 774          else
 775          {
 776              $post['includesig'] = 1;
 777          }
 778  
 779          // Merge usergroup data from the cache
 780          $data_key = array(
 781              'title' => 'grouptitle',
 782              'usertitle' => 'groupusertitle',
 783              'stars' => 'groupstars',
 784              'starimage' => 'groupstarimage',
 785              'image' => 'groupimage',
 786              'namestyle' => 'namestyle',
 787              'usereputationsystem' => 'usereputationsystem'
 788          );
 789  
 790          foreach($data_key as $field => $key)
 791          {
 792              $post[$key] = $groupscache[$post['usergroup']][$field];
 793          }
 794  
 795          $postbit = build_postbit($post, 2);
 796          eval("\$preview = \"".$templates->get("previewpost")."\";");
 797      }
 798      else if(!$send_errors)
 799      {
 800          // New PM, so load default settings
 801          if($mybb->user['signature'] != '')
 802          {
 803              $optionschecked['signature'] = 'checked="checked"';
 804          }
 805          if($mybb->usergroup['cantrackpms'] == 1)
 806          {
 807              $optionschecked['readreceipt'] = 'checked="checked"';
 808          }
 809          $optionschecked['savecopy'] = 'checked="checked"';
 810      }
 811  
 812      // Draft, reply, forward
 813      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 814      {
 815          $query = $db->query("
 816              SELECT pm.*, u.username AS quotename
 817              FROM ".TABLE_PREFIX."privatemessages pm
 818              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 819              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 820          ");
 821  
 822          $pm = $db->fetch_array($query);
 823          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 824          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 825  
 826          if($pm['folder'] == "3")
 827          {
 828              // message saved in drafts
 829              $mybb->input['uid'] = $pm['toid'];
 830  
 831              if($pm['includesig'] == 1)
 832              {
 833                  $optionschecked['signature'] = 'checked="checked"';
 834              }
 835              if($pm['smilieoff'] == 1)
 836              {
 837                  $optionschecked['disablesmilies'] = 'checked="checked"';
 838              }
 839              if($pm['receipt'])
 840              {
 841                  $optionschecked['readreceipt'] = 'checked="checked"';
 842              }
 843  
 844              // Get list of recipients
 845              $recipients = my_unserialize($pm['recipients']);
 846              $comma = $recipientids = '';
 847              if(isset($recipients['to']) && is_array($recipients['to']))
 848              {
 849                  foreach($recipients['to'] as $recipient)
 850                  {
 851                      $recipient_list['to'][] = $recipient;
 852                      $recipientids .= $comma.$recipient;
 853                      $comma = ',';
 854                  }
 855              }
 856  
 857              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 858              {
 859                  foreach($recipients['bcc'] as $recipient)
 860                  {
 861                      $recipient_list['bcc'][] = $recipient;
 862                      $recipientids .= $comma.$recipient;
 863                      $comma = ',';
 864                  }
 865              }
 866  
 867              if(!empty($recipientids))
 868              {
 869                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 870                  while($user = $db->fetch_array($query))
 871                  {
 872                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 873                      {
 874                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 875                      }
 876                      else
 877                      {
 878                          $to .= htmlspecialchars_uni($user['username']).', ';
 879                      }
 880                  }
 881              }
 882          }
 883          else
 884          {
 885              // forward/reply
 886              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 887              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 888              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 889  
 890              require_once  MYBB_ROOT."inc/functions_posting.php";
 891  
 892              if($mybb->settings['maxpmquotedepth'] != '0')
 893              {
 894                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 895              }
 896  
 897              if($mybb->input['do'] == 'forward')
 898              {
 899                  $subject = "Fw: $subject";
 900              }
 901              elseif($mybb->input['do'] == 'reply')
 902              {
 903                  $subject = "Re: $subject";
 904                  $uid = $pm['fromid'];
 905                  if($mybb->user['uid'] == $uid)
 906                  {
 907                      $to = $mybb->user['username'];
 908                  }
 909                  else
 910                  {
 911                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 912                      $to = $db->fetch_field($query, 'username');
 913                  }
 914                  $to = htmlspecialchars_uni($to);
 915              }
 916              else if($mybb->input['do'] == 'replyall')
 917              {
 918                  $subject = "Re: $subject";
 919  
 920                  // Get list of recipients
 921                  $recipients = my_unserialize($pm['recipients']);
 922                  $recipientids = $pm['fromid'];
 923                  if(isset($recipients['to']) && is_array($recipients['to']))
 924                  {
 925                      foreach($recipients['to'] as $recipient)
 926                      {
 927                          if($recipient == $mybb->user['uid'])
 928                          {
 929                              continue;
 930                          }
 931                          $recipientids .= ','.$recipient;
 932                      }
 933                  }
 934                  $comma = '';
 935                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 936                  while($user = $db->fetch_array($query))
 937                  {
 938                      $to .= $comma.htmlspecialchars_uni($user['username']);
 939                      $comma = $lang->comma;
 940                  }
 941              }
 942          }
 943      }
 944  
 945      // New PM with recipient preset
 946      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 947      {
 948          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 949          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 950      }
 951  
 952      $max_recipients = '';
 953      if($mybb->usergroup['maxpmrecipients'] > 0)
 954      {
 955          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 956      }
 957  
 958      if($send_errors)
 959      {
 960          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 961          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 962      }
 963  
 964      // Load the auto complete javascript if it is enabled.
 965      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 966  
 967      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 968      $do = $mybb->get_input('do');
 969      if($do != "forward" && $do != "reply" && $do != "replyall")
 970      {
 971          $do = '';
 972      }
 973  
 974      $buddy_select_to = $buddy_select_bcc = '';
 975      // See if it's actually worth showing the buddylist icon.
 976      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 977      {
 978          $buddy_select = 'to';
 979          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 980          $buddy_select = 'bcc';
 981          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 982      }
 983  
 984      // Hide tracking option if no permission
 985      $private_send_tracking = '';
 986      if($mybb->usergroup['cantrackpms'])
 987      {
 988          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 989      }
 990  
 991      $plugins->run_hooks("private_send_end");
 992  
 993      eval("\$send = \"".$templates->get("private_send")."\";");
 994      output_page($send);
 995  }
 996  
 997  if($mybb->input['action'] == "read")
 998  {
 999      $plugins->run_hooks("private_read");
1000  
1001      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
1002  
1003      $query = $db->query("
1004          SELECT pm.*, u.*, f.*
1005          FROM ".TABLE_PREFIX."privatemessages pm
1006          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
1007          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1008          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
1009      ");
1010      $pm = $db->fetch_array($query);
1011  
1012      if(!$pm)
1013      {
1014          error($lang->error_invalidpm);
1015      }
1016  
1017      if($pm['folder'] == 3)
1018      {
1019          header("Location: private.php?action=send&pmid={$pm['pmid']}");
1020          exit;
1021      }
1022  
1023      // If we've gotten a PM, attach the group info
1024      $data_key = array(
1025          'title' => 'grouptitle',
1026          'usertitle' => 'groupusertitle',
1027          'stars' => 'groupstars',
1028          'starimage' => 'groupstarimage',
1029          'image' => 'groupimage',
1030          'namestyle' => 'namestyle'
1031      );
1032  
1033      foreach($data_key as $field => $key)
1034      {
1035          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1036      }
1037  
1038      if($pm['receipt'] == 1)
1039      {
1040          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1041          {
1042              $receiptadd = 0;
1043          }
1044          else
1045          {
1046              $receiptadd = 2;
1047          }
1048      }
1049  
1050      $action_time = '';
1051      if($pm['status'] == 0)
1052      {
1053          $time = TIME_NOW;
1054          $updatearray = array(
1055              'status' => 1,
1056              'readtime' => $time
1057          );
1058  
1059          if(isset($receiptadd))
1060          {
1061              $updatearray['receipt'] = $receiptadd;
1062          }
1063  
1064          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1065  
1066          // Update the unread count - it has now changed.
1067          update_pm_count($mybb->user['uid'], 6);
1068  
1069          // Update PM notice value if this is our last unread PM
1070          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1071          {
1072              $updated_user = array(
1073                  "pmnotice" => 1
1074              );
1075              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1076          }
1077      }
1078      // Replied PM?
1079      else if($pm['status'] == 3 && $pm['statustime'])
1080      {
1081          $reply_string = $lang->you_replied_on;
1082          $reply_date = my_date('relative', $pm['statustime']);
1083  
1084          if((TIME_NOW - $pm['statustime']) < 3600)
1085          {
1086              // Relative string for the first hour
1087              $reply_string = $lang->you_replied;
1088          }
1089  
1090          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1091          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1092      }
1093      else if($pm['status'] == 4 && $pm['statustime'])
1094      {
1095          $forward_string = $lang->you_forwarded_on;
1096          $forward_date = my_date('relative', $pm['statustime']);
1097  
1098          if((TIME_NOW - $pm['statustime']) < 3600)
1099          {
1100              $forward_string = $lang->you_forwarded;
1101          }
1102  
1103          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1104          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1105      }
1106  
1107      $pm['userusername'] = $pm['username'];
1108      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1109  
1110      if($pm['fromid'] == 0)
1111      {
1112          $pm['username'] = $lang->mybb_engine;
1113      }
1114  
1115      if(!$pm['username'])
1116      {
1117          $pm['username'] = $lang->na;
1118      }
1119  
1120      // Fetch the recipients for this message
1121      $pm['recipients'] = my_unserialize($pm['recipients']);
1122  
1123      if(is_array($pm['recipients']['to']))
1124      {
1125          $uid_sql = implode(',', $pm['recipients']['to']);
1126      }
1127      else
1128      {
1129          $uid_sql = $pm['toid'];
1130          $pm['recipients']['to'] = array($pm['toid']);
1131      }
1132  
1133      $show_bcc = 0;
1134  
1135      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1136      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1137      {
1138          $show_bcc = 1;
1139          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1140      }
1141  
1142      // Fetch recipient names from the database
1143      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1144      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1145      while($recipient = $db->fetch_array($query))
1146      {
1147          // User is a BCC recipient
1148          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1149          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1150          {
1151              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1152              $bcc_form_val[] = $recipient['username'];
1153          }
1154          // User is a normal recipient
1155          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1156          {
1157              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1158          }
1159      }
1160  
1161      $bcc = '';
1162      if(count($bcc_recipients) > 0)
1163      {
1164          $bcc_recipients = implode(', ', $bcc_recipients);
1165          $bcc_form_val = implode(',', $bcc_form_val);
1166          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1167      }
1168      else
1169      {
1170          $bcc_form_val = '';
1171      }
1172  
1173      $replyall = false;
1174      if(count($to_recipients) > 1)
1175      {
1176          $replyall = true;
1177      }
1178  
1179      if(count($to_recipients) > 0)
1180      {
1181          $to_recipients = implode($lang->comma, $to_recipients);
1182      }
1183      else
1184      {
1185          $to_recipients = $lang->nobody;
1186      }
1187  
1188      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1189  
1190      add_breadcrumb($pm['subject']);
1191      $message = build_postbit($pm, 2);
1192  
1193      // Decide whether or not to show quick reply.
1194      $quickreply = '';
1195      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1196      {
1197          $trow = alt_trow();
1198  
1199          $optionschecked = array('savecopy' => 'checked="checked"');
1200          if(!empty($mybb->user['signature']))
1201          {
1202              $optionschecked['signature'] = 'checked="checked"';
1203          }
1204          if($mybb->usergroup['cantrackpms'] == 1)
1205          {
1206              $optionschecked['readreceipt'] = 'checked="checked"';
1207          }
1208  
1209          require_once  MYBB_ROOT.'inc/functions_posting.php';
1210  
1211          $quoted_message = array(
1212              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1213              'username' => $pm['username'],
1214              'quote_is_pm' => true
1215          );
1216          $quoted_message = parse_quoted_message($quoted_message);
1217  
1218          if($mybb->settings['maxpmquotedepth'] != '0')
1219          {
1220              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1221          }
1222  
1223          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1224  
1225          if($mybb->user['uid'] == $pm['fromid'])
1226          {
1227              $to = htmlspecialchars_uni($mybb->user['username']);
1228          }
1229          else
1230          {
1231              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1232              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1233          }
1234  
1235          $private_send_tracking = '';
1236          if($mybb->usergroup['cantrackpms'])
1237          {
1238              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1239  
1240              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1241          }
1242          
1243          $expaltext = (in_array("quickreply", $collapse)) ? "[+]" : "[-]";
1244          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1245      }
1246  
1247      $plugins->run_hooks("private_read_end");
1248  
1249      eval("\$read = \"".$templates->get("private_read")."\";");
1250      output_page($read);
1251  }
1252  
1253  if($mybb->input['action'] == "tracking")
1254  {
1255      if(!$mybb->usergroup['cantrackpms'])
1256      {
1257          error_no_permission();
1258      }
1259  
1260      $plugins->run_hooks("private_tracking_start");
1261      $readmessages = '';
1262      $unreadmessages = '';
1263  
1264      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1265      {
1266          $mybb->settings['postsperpage'] = 20;
1267      }
1268  
1269      // Figure out if we need to display multiple pages.
1270      $perpage = $mybb->settings['postsperpage'];
1271  
1272      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1273      $postcount = $db->fetch_field($query, "readpms");
1274  
1275      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1276      $pages = $postcount / $perpage;
1277      $pages = ceil($pages);
1278  
1279      if($mybb->get_input('read_page') == "last")
1280      {
1281          $page = $pages;
1282      }
1283  
1284      if($page > $pages || $page <= 0)
1285      {
1286          $page = 1;
1287      }
1288  
1289      if($page)
1290      {
1291          $start = ($page-1) * $perpage;
1292      }
1293      else
1294      {
1295          $start = 0;
1296          $page = 1;
1297      }
1298  
1299      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1300  
1301      $query = $db->query("
1302          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1303          FROM ".TABLE_PREFIX."privatemessages pm
1304          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1305          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1306          ORDER BY pm.readtime DESC
1307          LIMIT {$start}, {$perpage}
1308      ");
1309      while($readmessage = $db->fetch_array($query))
1310      {
1311          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1312          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1313          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1314          $readdate = my_date('relative', $readmessage['readtime']);
1315          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1316      }
1317  
1318      $stoptrackingread = '';
1319      if(!empty($readmessages))
1320      {
1321          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1322      }
1323  
1324      if(!$readmessages)
1325      {
1326          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1327      }
1328  
1329      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1330      $postcount = $db->fetch_field($query, "unreadpms");
1331  
1332      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1333      $pages = $postcount / $perpage;
1334      $pages = ceil($pages);
1335  
1336      if($mybb->get_input('unread_page') == "last")
1337      {
1338          $page = $pages;
1339      }
1340  
1341      if($page > $pages || $page <= 0)
1342      {
1343          $page = 1;
1344      }
1345  
1346      if($page)
1347      {
1348          $start = ($page-1) * $perpage;
1349      }
1350      else
1351      {
1352          $start = 0;
1353          $page = 1;
1354      }
1355  
1356      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1357  
1358      $query = $db->query("
1359          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1360          FROM ".TABLE_PREFIX."privatemessages pm
1361          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1362          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1363          ORDER BY pm.dateline DESC
1364          LIMIT {$start}, {$perpage}
1365      ");
1366      while($unreadmessage = $db->fetch_array($query))
1367      {
1368          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1369          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1370          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1371          $senddate = my_date('relative', $unreadmessage['dateline']);
1372          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1373      }
1374  
1375      $stoptrackingunread = '';
1376      if(!empty($unreadmessages))
1377      {
1378          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1379      }
1380  
1381      if(!$unreadmessages)
1382      {
1383          $lang->no_readmessages = $lang->no_unreadmessages;
1384          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1385      }
1386  
1387      $plugins->run_hooks("private_tracking_end");
1388  
1389      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1390      output_page($tracking);
1391  }
1392  
1393  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1394  {
1395      // Verify incoming POST request
1396      verify_post_check($mybb->get_input('my_post_key'));
1397  
1398      $plugins->run_hooks("private_do_tracking_start");
1399  
1400      if(!empty($mybb->input['stoptracking']))
1401      {
1402          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1403          if(!empty($mybb->input['readcheck']))
1404          {
1405              foreach($mybb->input['readcheck'] as $key => $val)
1406              {
1407                  $sql_array = array(
1408                      "receipt" => 0
1409                  );
1410                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1411              }
1412          }
1413          $plugins->run_hooks("private_do_tracking_end");
1414          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1415      }
1416      elseif(!empty($mybb->input['stoptrackingunread']))
1417      {
1418          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1419          if(!empty($mybb->input['unreadcheck']))
1420          {
1421              foreach($mybb->input['unreadcheck'] as $key => $val)
1422              {
1423                  $sql_array = array(
1424                      "receipt" => 0
1425                  );
1426                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1427              }
1428          }
1429          $plugins->run_hooks("private_do_tracking_end");
1430          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1431      }
1432      elseif(!empty($mybb->input['cancel']))
1433      {
1434          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1435          if(!empty($mybb->input['unreadcheck']))
1436          {
1437              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1438              {
1439                  $pmids[$pmid] = (int)$pmid;
1440              }
1441  
1442              $pmids = implode(",", $pmids);
1443              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1444              while($pm = $db->fetch_array($query))
1445              {
1446                  $pmuids[$pm['uid']] = $pm['uid'];
1447              }
1448  
1449              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1450              foreach($pmuids as $uid)
1451              {
1452                  // Message is canceled, update PM count for this user
1453                  update_pm_count($uid);
1454              }
1455          }
1456          $plugins->run_hooks("private_do_tracking_end");
1457          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1458      }
1459  }
1460  
1461  if($mybb->input['action'] == "stopalltracking")
1462  {
1463      // Verify incoming POST request
1464      verify_post_check($mybb->get_input('my_post_key'));
1465  
1466      $plugins->run_hooks("private_stopalltracking_start");
1467  
1468      $sql_array = array(
1469          "receipt" => 0
1470      );
1471      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1472  
1473      $plugins->run_hooks("private_stopalltracking_end");
1474      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1475  }
1476  
1477  if($mybb->input['action'] == "folders")
1478  {
1479      $plugins->run_hooks("private_folders_start");
1480  
1481      $folderlist = '';
1482      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1483      foreach($foldersexploded as $key => $folders)
1484      {
1485          $folderinfo = explode("**", $folders, 2);
1486          $foldername = $folderinfo[1];
1487          $fid = $folderinfo[0];
1488          $foldername = get_pm_folder_name($fid, $foldername);
1489  
1490          if((int)$folderinfo[0] < 5)
1491          {
1492              $foldername2 = get_pm_folder_name($fid);
1493              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1494              unset($name);
1495          }
1496          else
1497          {
1498              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1499          }
1500      }
1501  
1502      $newfolders = '';
1503      for($i = 1; $i <= 5; ++$i)
1504      {
1505          $fid = "new$i";
1506          $foldername = '';
1507          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1508      }
1509  
1510      $plugins->run_hooks("private_folders_end");
1511  
1512      eval("\$folders = \"".$templates->get("private_folders")."\";");
1513      output_page($folders);
1514  }
1515  
1516  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1517  {
1518      // Verify incoming POST request
1519      verify_post_check($mybb->get_input('my_post_key'));
1520  
1521      $plugins->run_hooks("private_do_folders_start");
1522  
1523      $highestid = 2;
1524      $folders = '';
1525      $donefolders = array();
1526      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1527      foreach($mybb->input['folder'] as $key => $val)
1528      {
1529          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1530          {
1531              if(my_substr($key, 0, 3) == "new") // Create a new folder
1532              {
1533                  ++$highestid;
1534                  $fid = (int)$highestid;
1535              }
1536              else // Editing an existing folder
1537              {
1538                  if($key > $highestid)
1539                  {
1540                      $highestid = $key;
1541                  }
1542  
1543                  $fid = (int)$key;
1544                  // Use default language strings if empty or value is language string
1545                  if($val == get_pm_folder_name($fid) || trim($val) == '')
1546                  {
1547                      $val = '';
1548                  }
1549              }
1550  
1551              if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4))
1552              {
1553                  // If the name only contains whitespace and it's not a default folder, print an error
1554                  error($lang->error_emptypmfoldername);
1555              }
1556  
1557              if($val != '' || (is_numeric($key) && $key <= 4))
1558              {
1559                  // If there is a name or if this is a default folder, save it
1560                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1561  
1562                  if(my_strpos($foldername, "$%%$") === false)
1563                  {
1564                      if($folders != '')
1565                      {
1566                          $folders .= "$%%$";
1567                      }
1568                      $folders .= "$fid**$foldername";
1569                  }
1570                  else
1571                  {
1572                      error($lang->error_invalidpmfoldername);
1573                  }
1574              }
1575              else
1576              {
1577                  // Delete PMs from the folder
1578                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1579              }
1580          }
1581      }
1582  
1583      $sql_array = array(
1584          "pmfolders" => $folders
1585      );
1586      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1587  
1588      // Update PM count
1589      update_pm_count();
1590  
1591      $plugins->run_hooks("private_do_folders_end");
1592  
1593      redirect("private.php", $lang->redirect_pmfoldersupdated);
1594  }
1595  
1596  if($mybb->input['action'] == "empty")
1597  {
1598      if($mybb->user['totalpms'] == 0)
1599      {
1600          error($lang->error_nopms);
1601      }
1602  
1603      $plugins->run_hooks("private_empty_start");
1604  
1605      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1606      $folderlist = $unread = '';
1607      foreach($foldersexploded as $key => $folders)
1608      {
1609          $folderinfo = explode("**", $folders, 2);
1610          $fid = $folderinfo[0];
1611          if($folderinfo[0] == "1")
1612          {
1613              $fid = "1";
1614              $unread = " AND status='0'";
1615          }
1616          if($folderinfo[0] == "0")
1617          {
1618              $fid = "1";
1619          }
1620          $foldername = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1621          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid'$unread AND uid='".$mybb->user['uid']."'");
1622          $thing = $db->fetch_array($query);
1623          $foldercount = my_number_format($thing['pmsinfolder']);
1624          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1625      }
1626  
1627      $plugins->run_hooks("private_empty_end");
1628  
1629      eval("\$folders = \"".$templates->get("private_empty")."\";");
1630      output_page($folders);
1631  }
1632  
1633  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1634  {
1635      // Verify incoming POST request
1636      verify_post_check($mybb->get_input('my_post_key'));
1637  
1638      $plugins->run_hooks("private_do_empty_start");
1639  
1640      $emptyq = '';
1641      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1642      $keepunreadq = '';
1643      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1644      {
1645          $keepunreadq = " AND status!='0'";
1646      }
1647      if(!empty($mybb->input['empty']))
1648      {
1649          foreach($mybb->input['empty'] as $key => $val)
1650          {
1651              if($val == 1)
1652              {
1653                  $key = (int)$key;
1654                  if($emptyq)
1655                  {
1656                      $emptyq .= " OR ";
1657                  }
1658                  $emptyq .= "folder='$key'";
1659              }
1660          }
1661  
1662          if($emptyq != '')
1663          {
1664              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1665          }
1666      }
1667  
1668      // Update PM count
1669      update_pm_count();
1670  
1671      $plugins->run_hooks("private_do_empty_end");
1672      redirect("private.php", $lang->redirect_pmfoldersemptied);
1673  }
1674  
1675  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1676  {
1677      // Verify incoming POST request
1678      verify_post_check($mybb->get_input('my_post_key'));
1679  
1680      $plugins->run_hooks("private_do_stuff");
1681  
1682      if(!empty($mybb->input['hop']))
1683      {
1684          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1685      }
1686      elseif(!empty($mybb->input['moveto']))
1687      {
1688          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1689          if(!empty($mybb->input['check']))
1690          {
1691              foreach($mybb->input['check'] as $key => $val)
1692              {
1693                  $sql_array = array(
1694                      "folder" => $mybb->input['fid']
1695                  );
1696                  $db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
1697              }
1698          }
1699          // Update PM count
1700          update_pm_count();
1701  
1702          if(!empty($mybb->input['fromfid']))
1703          {
1704              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1705          }
1706          else
1707          {
1708              redirect("private.php", $lang->redirect_pmsmoved);
1709          }
1710      }
1711      elseif(!empty($mybb->input['delete']))
1712      {
1713          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1714          if(!empty($mybb->input['check']))
1715          {
1716              $pmssql = '';
1717              foreach($mybb->input['check'] as $key => $val)
1718              {
1719                  if($pmssql)
1720                  {
1721                      $pmssql .= ",";
1722                  }
1723                  $pmssql .= "'".(int)$key."'";
1724              }
1725  
1726              $deletepms = array();
1727              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1728              while($delpm = $db->fetch_array($query))
1729              {
1730                  $deletepms[$delpm['pmid']] = 1;
1731              }
1732  
1733              foreach($mybb->input['check'] as $key => $val)
1734              {
1735                  $key = (int)$key;
1736                  if(!empty($deletepms[$key]))
1737                  {
1738                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1739                  }
1740                  else
1741                  {
1742                      $sql_array = array(
1743                          "folder" => 4,
1744                          "deletetime" => TIME_NOW
1745                      );
1746                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1747                  }
1748              }
1749          }
1750          // Update PM count
1751          update_pm_count();
1752  
1753          if(!empty($mybb->input['fromfid']))
1754          {
1755              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1756          }
1757          else
1758          {
1759              redirect("private.php", $lang->redirect_pmsdeleted);
1760          }
1761      }
1762  }
1763  
1764  if($mybb->input['action'] == "delete")
1765  {
1766      // Verify incoming POST request
1767      verify_post_check($mybb->get_input('my_post_key'));
1768  
1769      $plugins->run_hooks("private_delete_start");
1770  
1771      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1772      if($db->num_rows($query) == 1)
1773      {
1774          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1775      }
1776      else
1777      {
1778          $sql_array = array(
1779              "folder" => 4,
1780              "deletetime" => TIME_NOW
1781          );
1782          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1783      }
1784  
1785      // Update PM count
1786      update_pm_count();
1787  
1788      $plugins->run_hooks("private_delete_end");
1789      redirect("private.php", $lang->redirect_pmsdeleted);
1790  }
1791  
1792  if($mybb->input['action'] == "export")
1793  {
1794      if($mybb->user['totalpms'] == 0)
1795      {
1796          error($lang->error_nopms);
1797      }
1798  
1799      $plugins->run_hooks("private_export_start");
1800  
1801      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1802      $folder_name = $folder_id = '';
1803      foreach($foldersexploded as $key => $folders)
1804      {
1805          $folderinfo = explode("**", $folders, 2);
1806          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1807  
1808          $folder_id = $folderinfo[0];
1809          $folder_name = $folderinfo[1];
1810  
1811          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1812      }
1813  
1814      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1815  
1816      $plugins->run_hooks("private_export_end");
1817  
1818      eval("\$archive = \"".$templates->get("private_archive")."\";");
1819  
1820      output_page($archive);
1821  }
1822  
1823  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1824  {
1825      // Verify incoming POST request
1826      verify_post_check($mybb->get_input('my_post_key'));
1827  
1828      $plugins->run_hooks("private_do_export_start");
1829  
1830      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1831      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1832      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1833      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1834      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1835      foreach($foldersexploded as $key => $folders)
1836      {
1837          $folderinfo = explode("**", $folders, 2);
1838          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1839          $foldersexploded[$key] = implode("**", $folderinfo);
1840      }
1841  
1842      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1843      {
1844          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1845      }
1846      else
1847      {
1848          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1849          {
1850              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1851              $wsql = "pm.dateline";
1852              if($mybb->get_input('dayway') == "older")
1853              {
1854                  $wsql .= "<=";
1855              }
1856              else
1857              {
1858                  $wsql .= ">=";
1859              }
1860              $wsql .= "'$datecut'";
1861          }
1862          else
1863          {
1864              $wsql = "1=1";
1865          }
1866  
1867          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1868          if(!empty($mybb->input['exportfolders']))
1869          {
1870              $folderlst = '';
1871              foreach($mybb->input['exportfolders'] as $key => $val)
1872              {
1873                  $val = $db->escape_string($val);
1874                  if($val == "all")
1875                  {
1876                      $folderlst = '';
1877                      break;
1878                  }
1879                  else
1880                  {
1881                      if(!$folderlst)
1882                      {
1883                          $folderlst = " AND pm.folder IN ('$val'";
1884                      }
1885                      else
1886                      {
1887                          $folderlst .= ",'$val'";
1888                      }
1889                  }
1890              }
1891              if($folderlst)
1892              {
1893                  $folderlst .= ")";
1894              }
1895              $wsql .= "$folderlst";
1896          }
1897          else
1898          {
1899              error($lang->error_pmnoarchivefolders);
1900          }
1901  
1902          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1903          {
1904              $wsql .= " AND pm.status!='0'";
1905          }
1906      }
1907      $query = $db->query("
1908          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1909          FROM ".TABLE_PREFIX."privatemessages pm
1910          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1911          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1912          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1913          ORDER BY pm.folder ASC, pm.dateline DESC
1914      ");
1915      $numpms = $db->num_rows($query);
1916      if(!$numpms)
1917      {
1918          error($lang->error_nopmsarchive);
1919      }
1920  
1921      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1922  
1923      $pmsdownload = $ids = '';
1924      while($message = $db->fetch_array($query))
1925      {
1926          if($message['folder'] == 2 || $message['folder'] == 3)
1927          { // Sent Items or Drafts Folder Check
1928              if($message['toid'])
1929              {
1930                  $tofromuid = $message['toid'];
1931                  if($mybb->input['exporttype'] == "txt")
1932                  {
1933                      $tofromusername = $message['tousername'];
1934                  }
1935                  else
1936                  {
1937                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1938                  }
1939              }
1940              else
1941              {
1942                  $tofromusername = $lang->not_sent;
1943              }
1944              $tofrom = $lang->to;
1945          }
1946          else
1947          {
1948              $tofromuid = $message['fromid'];
1949              if($mybb->input['exporttype'] == "txt")
1950              {
1951                  $tofromusername = $message['fromusername'];
1952              }
1953              else
1954              {
1955                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1956              }
1957  
1958              if($tofromuid == 0)
1959              {
1960                  $tofromusername = $lang->mybb_engine;
1961              }
1962              $tofrom = $lang->from;
1963          }
1964  
1965          if($tofromuid == 0)
1966          {
1967              $message['fromusername'] = $lang->mybb_engine;
1968          }
1969  
1970          if(!$message['toid'] && $message['folder'] == 3)
1971          {
1972              $message['tousername'] = $lang->not_sent;
1973          }
1974  
1975          $message['subject'] = $parser->parse_badwords($message['subject']);
1976          if($message['folder'] != "3")
1977          {
1978              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1979              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1980              $senddate .= " $lang->at $sendtime";
1981          }
1982          else
1983          {
1984              $senddate = $lang->not_sent;
1985          }
1986  
1987          if($mybb->input['exporttype'] == "html")
1988          {
1989              $parser_options = array(
1990                  "allow_html" => $mybb->settings['pmsallowhtml'],
1991                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1992                  "allow_smilies" => 0,
1993                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1994                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1995                  "me_username" => $mybb->user['username'],
1996                  "filter_badwords" => 1
1997              );
1998  
1999              $message['message'] = $parser->parse_message($message['message'], $parser_options);
2000              $message['subject'] = htmlspecialchars_uni($message['subject']);
2001          }
2002  
2003          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
2004          {
2005              $message['message'] = str_replace("\r\n", "\n", $message['message']);
2006              $message['message'] = str_replace("\n", "\r\n", $message['message']);
2007          }
2008  
2009          if($mybb->input['exporttype'] == "csv")
2010          {
2011              $message['message'] = my_escape_csv($message['message']);
2012              $message['subject'] = my_escape_csv($message['subject']);
2013              $message['tousername'] = my_escape_csv($message['tousername']);
2014              $message['fromusername'] = my_escape_csv($message['fromusername']);
2015          }
2016  
2017          if(empty($donefolder[$message['folder']]))
2018          {
2019              reset($foldersexploded);
2020              foreach($foldersexploded as $key => $val)
2021              {
2022                  $folderinfo = explode("**", $val, 2);
2023                  if($folderinfo[0] == $message['folder'])
2024                  {
2025                      $foldername = $folderinfo[1];
2026                      if($mybb->input['exporttype'] != "csv")
2027                      {
2028                          if($mybb->input['exporttype'] != "html")
2029                          {
2030                              $mybb->input['exporttype'] == "txt";
2031                          }
2032                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2033                      }
2034                      else
2035                      {
2036                          $foldername = my_escape_csv($folderinfo[1]);
2037                      }
2038                      $donefolder[$message['folder']] = 1;
2039                  }
2040              }
2041          }
2042  
2043          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2044          $ids .= ",'{$message['pmid']}'";
2045      }
2046  
2047      if($mybb->input['exporttype'] == "html")
2048      {
2049          // Gather global stylesheet for HTML
2050          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
2051          $css = $db->fetch_field($query, "stylesheet");
2052      }
2053  
2054      $plugins->run_hooks("private_do_export_end");
2055  
2056      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2057      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2058      { // delete the archived pms
2059          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2060          // Update PM count
2061          update_pm_count();
2062      }
2063  
2064      if($mybb->input['exporttype'] == "html")
2065      {
2066          $filename = "pm-archive.html";
2067          $contenttype = "text/html";
2068      }
2069      elseif($mybb->input['exporttype'] == "csv")
2070      {
2071          $filename = "pm-archive.csv";
2072          $contenttype = "application/octet-stream";
2073      }
2074      else
2075      {
2076          $filename = "pm-archive.txt";
2077          $contenttype = "text/plain";
2078      }
2079  
2080      $archived = str_replace("\\\'","'",$archived);
2081      header("Content-disposition: filename=$filename");
2082      header("Content-type: ".$contenttype);
2083  
2084      if($mybb->input['exporttype'] == "html")
2085      {
2086          output_page($archived);
2087      }
2088      else
2089      {
2090          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2091          echo $archived;
2092      }
2093  }
2094  
2095  if(!$mybb->input['action'])
2096  {
2097      $plugins->run_hooks("private_inbox");
2098  
2099      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2100      {
2101          $mybb->input['fid'] = 0;
2102      }
2103  
2104      $fid = (int)$mybb->input['fid'];
2105      $folder = !$fid ? 1 : $fid;
2106      $foldername = $foldernames[$fid];
2107  
2108      if($folder == 2 || $folder == 3)
2109      { // Sent Items Folder
2110          $sender = $lang->sentto;
2111      }
2112      else
2113      {
2114          $sender = $lang->sender;
2115      }
2116  
2117      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2118      $ordersel = array('asc' => '', 'desc');
2119      switch(my_strtolower($mybb->input['order']))
2120      {
2121          case "asc":
2122              $sortordernow = "asc";
2123              $ordersel['asc'] = "selected=\"selected\"";
2124              $oppsort = $lang->desc;
2125              $oppsortnext = "desc";
2126              break;
2127          default:
2128              $sortordernow = "desc";
2129              $ordersel['desc'] = "selected=\"selected\"";
2130              $oppsort = $lang->asc;
2131              $oppsortnext = "asc";
2132              break;
2133      }
2134  
2135      // Sort by which field?
2136      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2137      switch($mybb->get_input('sortby'))
2138      {
2139          case "subject":
2140              $sortfield = "subject";
2141              break;
2142          case "username":
2143              $sortfield = "username";
2144              break;
2145          default:
2146              $sortby = "dateline";
2147              $sortfield = "dateline";
2148              $mybb->input['sortby'] = "dateline";
2149              break;
2150      }
2151      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2152      $sortsel[$sortby] = "selected=\"selected\"";
2153  
2154      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2155  
2156      // Do Multi Pages
2157      $selective = "";
2158      if($fid == 1)
2159      {
2160          $selective = " AND status='0'";
2161      }
2162  
2163      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'$selective");
2164      $pmscount = $db->fetch_field($query, "total");
2165  
2166      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2167      {
2168          $mybb->settings['threadsperpage'] = 20;
2169      }
2170  
2171      $perpage = $mybb->settings['threadsperpage'];
2172      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2173  
2174      if($page > 0)
2175      {
2176          $start = ($page-1) *$perpage;
2177          $pages = ceil($pmscount / $perpage);
2178          if($page > $pages)
2179          {
2180              $start = 0;
2181              $page = 1;
2182          }
2183      }
2184      else
2185      {
2186          $start = 0;
2187          $page = 1;
2188      }
2189  
2190      $end = $start + $perpage;
2191      $lower = $start+1;
2192      $upper = $end;
2193  
2194      if($upper > $pmscount)
2195      {
2196          $upper = $pmscount;
2197      }
2198  
2199      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2200      {
2201          $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}";
2202      }
2203      else
2204      {
2205          $page_url = "private.php?fid={$fid}";
2206      }
2207  
2208      $multipage = multipage($pmscount, $perpage, $page, $page_url);
2209      $selective = $messagelist = '';
2210  
2211      $icon_cache = $cache->read("posticons");
2212  
2213      // Cache users in multiple recipients for sent & drafts folder
2214      if($folder == 2 || $folder == 3)
2215      {
2216          if($sortfield == "username")
2217          {
2218              $u = "u.";
2219          }
2220          else
2221          {
2222              $u = "pm.";
2223          }
2224  
2225          // Get all recipients into an array
2226          $cached_users = $get_users = array();
2227          $users_query = $db->query("
2228              SELECT pm.recipients
2229              FROM ".TABLE_PREFIX."privatemessages pm
2230              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2231              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2232              ORDER BY {$u}{$sortfield} {$sortordernow}
2233              LIMIT {$start}, {$perpage}
2234          ");
2235          while($row = $db->fetch_array($users_query))
2236          {
2237              $recipients = my_unserialize($row['recipients']);
2238              if(is_array($recipients['to']) && count($recipients['to']))
2239              {
2240                  $get_users = array_merge($get_users, $recipients['to']);
2241              }
2242  
2243              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2244              {
2245                  $get_users = array_merge($get_users, $recipients['bcc']);
2246              }
2247          }
2248  
2249          $get_users = implode(',', array_unique($get_users));
2250  
2251          // Grab info
2252          if($get_users)
2253          {
2254              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2255              while($user = $db->fetch_array($users_query))
2256              {
2257                  $cached_users[$user['uid']] = $user;
2258              }
2259          }
2260      }
2261  
2262      if($folder == 2 || $folder == 3)
2263      {
2264          if($sortfield == "username")
2265          {
2266              $pm = "tu.";
2267          }
2268          else
2269          {
2270              $pm = "pm.";
2271          }
2272      }
2273      else
2274      {
2275          if($fid == 1)
2276          {
2277              $selective = " AND pm.status='0'";
2278          }
2279  
2280          if($sortfield == "username")
2281          {
2282              $pm = "fu.";
2283          }
2284          else
2285          {
2286              $pm = "pm.";
2287          }
2288      }
2289  
2290      $query = $db->query("
2291          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2292          FROM ".TABLE_PREFIX."privatemessages pm
2293          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2294          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2295          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective}
2296          ORDER BY {$pm}{$sortfield} {$sortordernow}
2297          LIMIT $start, $perpage
2298      ");
2299  
2300      if($db->num_rows($query) > 0)
2301      {
2302          while($message = $db->fetch_array($query))
2303          {
2304              $msgalt = $msgstatus = '';
2305  
2306              // Determine Folder Icon
2307              if($message['status'] == 0)
2308              {
2309                  $msgstatus = 'new_pm';
2310                  $msgalt = $lang->new_pm;
2311              }
2312              else if($message['status'] == 1)
2313              {
2314                  $msgstatus = 'old_pm';
2315                  $msgalt = $lang->old_pm;
2316              }
2317              else if($message['status'] == 3)
2318              {
2319                  $msgstatus = 're_pm';
2320                  $msgalt = $lang->reply_pm;
2321              }
2322              else if($message['status'] == 4)
2323              {
2324                  $msgstatus = 'fw_pm';
2325                  $msgalt = $lang->fwd_pm;
2326              }
2327  
2328              $tofromuid = 0;
2329              if($folder == 2 || $folder == 3)
2330              { // Sent Items or Drafts Folder Check
2331                  $recipients = my_unserialize($message['recipients']);
2332                  $to_users = $bcc_users = '';
2333                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2334                  {
2335                      foreach($recipients['to'] as $uid)
2336                      {
2337                          $profilelink = get_profile_link($uid);
2338                          $user = $cached_users[$uid];
2339                          $user['username'] = htmlspecialchars_uni($user['username']);
2340                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2341                          if(!$user['username'])
2342                          {
2343                              $username = $lang->na;
2344                          }
2345                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2346                      }
2347                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2348                      {
2349                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2350                          foreach($recipients['bcc'] as $uid)
2351                          {
2352                              $profilelink = get_profile_link($uid);
2353                              $user = $cached_users[$uid];
2354                              $user['username'] = htmlspecialchars_uni($user['username']);
2355                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2356                              if(!$user['username'])
2357                              {
2358                                  $username = $lang->na;
2359                              }
2360                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2361                          }
2362                      }
2363  
2364                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2365                  }
2366                  else if($message['toid'])
2367                  {
2368                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2369                      $tofromuid = $message['toid'];
2370                  }
2371                  else
2372                  {
2373                      $tofromusername = $lang->not_sent;
2374                  }
2375              }
2376              else
2377              {
2378                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2379                  $tofromuid = $message['fromid'];
2380                  if($tofromuid == 0)
2381                  {
2382                      $tofromusername = $lang->mybb_engine;
2383                  }
2384  
2385                  if(!$tofromusername)
2386                  {
2387                      $tofromuid = 0;
2388                      $tofromusername = $lang->na;
2389                  }
2390              }
2391  
2392              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2393  
2394              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2395              {
2396                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2397              }
2398              else
2399              {
2400                  $denyreceipt = '';
2401              }
2402  
2403              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2404              {
2405                  $icon = $icon_cache[$message['icon']];
2406                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2407                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2408                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2409                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2410              }
2411              else
2412              {
2413                  $icon = '&#009;';
2414              }
2415  
2416              if(!trim($message['subject']))
2417              {
2418                  $message['subject'] = $lang->pm_no_subject;
2419              }
2420  
2421              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2422              if($message['folder'] != "3")
2423              {
2424                  $senddate = my_date('relative', $message['dateline']);
2425              }
2426              else
2427              {
2428                  $senddate = $lang->not_sent;
2429              }
2430  
2431              $plugins->run_hooks("private_message");
2432  
2433              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2434          }
2435      }
2436      else
2437      {
2438          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2439      }
2440  
2441      $pmspacebar = '';
2442      if($mybb->usergroup['pmquota'] != 0)
2443      {
2444          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2445          $pmscount = $db->fetch_array($query);
2446          if($pmscount['total'] == 0)
2447          {
2448              $spaceused = 0;
2449          }
2450          else
2451          {
2452              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2453          }
2454          $spaceused2 = 100 - $spaceused;
2455          $belowhalf = $overhalf = '';
2456          if($spaceused <= "50")
2457          {
2458              $spaceused_severity = "low";
2459              $belowhalf = round($spaceused, 0)."%";
2460              if((int)$belowhalf > 100)
2461              {
2462                  $belowhalf = "100%";
2463              }
2464          }
2465          else
2466          {
2467              if($spaceused <= "75")
2468              {
2469                  $spaceused_severity = "medium";
2470              }
2471  
2472              else
2473              {
2474                  $spaceused_severity = "high";
2475              }
2476              
2477              $overhalf = round($spaceused, 0)."%";
2478              if((int)$overhalf > 100)
2479              {
2480                  $overhalf = "100%";
2481              }
2482          }
2483  
2484          if($spaceused > 100)
2485          {
2486              $spaceused = 100;
2487              $spaceused2 = 0;
2488          }
2489  
2490          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2491      }
2492  
2493      $composelink = '';
2494      if($mybb->usergroup['cansendpms'] == 1)
2495      {
2496          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2497      }
2498  
2499      $emptyexportlink = '';
2500      if($mybb->user['totalpms'] > 0)
2501      {
2502          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2503      }
2504  
2505      $limitwarning = '';
2506      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2507      {
2508          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2509      }
2510  
2511      $plugins->run_hooks("private_end");
2512  
2513      eval("\$folder = \"".$templates->get("private")."\";");
2514      output_page($folder);
2515  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1