[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  46  
  47  $folder_id = $folder_name = $folderjump_folder = $folderoplist_folder = $foldersearch_folder ='';
  48  
  49  $foldernames = array();
  50  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  51  foreach($foldersexploded as $key => $folders)
  52  {
  53      $folderinfo = explode("**", $folders, 2);
  54      if($mybb->input['fid'] == $folderinfo[0])
  55      {
  56          $sel = ' selected="selected"';
  57      }
  58      else
  59      {
  60          $sel = '';
  61      }
  62      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  63      $foldernames[$folderinfo[0]] = $folderinfo[1];
  64  
  65      $folder_id = $folderinfo[0];
  66      $folder_name = $folderinfo[1];
  67  
  68      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  69  
  70      // Manipulate search folder selection & move selector to omit "Unread"
  71      if($folder_id != 1)
  72      {
  73          if($folder_id == 0)
  74          {
  75              $folder_id = 1;
  76          }
  77          eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  78          eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  79      }
  80  }
  81  
  82  $from_fid = $mybb->input['fid'];
  83  
  84  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  85  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
  86  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
  87  
  88  usercp_menu();
  89  
  90  $plugins->run_hooks("private_start");
  91  
  92  // Make navigation
  93  add_breadcrumb($lang->nav_pms, "private.php");
  94  
  95  $mybb->input['action'] = $mybb->get_input('action');
  96  switch($mybb->input['action'])
  97  {
  98      case "send":
  99          add_breadcrumb($lang->nav_send);
 100          break;
 101      case "tracking":
 102          add_breadcrumb($lang->nav_tracking);
 103          break;
 104      case "folders":
 105          add_breadcrumb($lang->nav_folders);
 106          break;
 107      case "empty":
 108          add_breadcrumb($lang->nav_empty);
 109          break;
 110      case "export":
 111          add_breadcrumb($lang->nav_export);
 112          break;
 113      case "advanced_search":
 114          add_breadcrumb($lang->nav_search);
 115          break;
 116      case "results":
 117          add_breadcrumb($lang->nav_results);
 118          break;
 119  }
 120  
 121  if(!empty($mybb->input['preview']))
 122  {
 123      $mybb->input['action'] = "send";
 124  }
 125  
 126  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 127  {
 128      $plugins->run_hooks("private_do_search_start");
 129  
 130      // Simulate coming from our advanced search form with some preset options
 131      if($mybb->get_input('quick_search'))
 132      {
 133          $mybb->input['action'] = "do_search";
 134          $mybb->input['subject'] = 1;
 135          $mybb->input['message'] = 1;
 136          $mybb->input['folder'] = $mybb->input['fid'];
 137          unset($mybb->input['jumpto']);
 138          unset($mybb->input['fromfid']);
 139      }
 140  
 141      // Check if search flood checking is enabled and user is not admin
 142      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 143      {
 144          // Fetch the time this user last searched
 145          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 146          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 147          $last_search = $db->fetch_array($query);
 148          // Users last search was within the flood time, show the error
 149          if($last_search['sid'])
 150          {
 151              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 152              if($remaining_time == 1)
 153              {
 154                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 155              }
 156              else
 157              {
 158                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 159              }
 160              error($lang->error_searchflooding);
 161          }
 162      }
 163  
 164      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 165      {
 166          error($lang->error_nosearchresults);
 167      }
 168  
 169      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 170      {
 171          $resulttype = "pmmessages";
 172      }
 173      else
 174      {
 175          $resulttype = "pmsubjects";
 176      }
 177  
 178      $search_data = array(
 179          "keywords" => $mybb->get_input('keywords'),
 180          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 181          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 182          "sender" => $mybb->get_input('sender'),
 183          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 184          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 185      );
 186  
 187      if($db->can_search == true)
 188      {
 189          require_once  MYBB_ROOT."inc/functions_search.php";
 190  
 191          $search_results = privatemessage_perform_search_mysql($search_data);
 192      }
 193      else
 194      {
 195          error($lang->error_no_search_support);
 196      }
 197      $sid = md5(uniqid(microtime(), true));
 198      $searcharray = array(
 199          "sid" => $db->escape_string($sid),
 200          "uid" => $mybb->user['uid'],
 201          "dateline" => TIME_NOW,
 202          "ipaddress" => $db->escape_binary($session->packedip),
 203          "threads" => '',
 204          "posts" => '',
 205          "resulttype" => $resulttype,
 206          "querycache" => $search_results['querycache'],
 207          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 208      );
 209      $plugins->run_hooks("private_do_search_process");
 210  
 211      $db->insert_query("searchlog", $searcharray);
 212  
 213      // Sender sort won't work yet
 214      $sortby = array('subject', 'sender', 'dateline');
 215  
 216      if(in_array($mybb->get_input('sort'), $sortby))
 217      {
 218          $sortby = $mybb->get_input('sort');
 219      }
 220      else
 221      {
 222          $sortby = "dateline";
 223      }
 224  
 225      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 226      {
 227          $sortorder = "asc";
 228      }
 229      else
 230      {
 231          $sortorder = "desc";
 232      }
 233  
 234      $plugins->run_hooks("private_do_search_end");
 235      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 236  }
 237  
 238  if($mybb->input['action'] == "results")
 239  {
 240      $sid = $mybb->get_input('sid');
 241      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 242      $search = $db->fetch_array($query);
 243  
 244      if(!$search)
 245      {
 246          error($lang->error_invalidsearch);
 247      }
 248  
 249      $plugins->run_hooks("private_results_start");
 250  
 251      // Decide on our sorting fields and sorting order.
 252      $order = my_strtolower($mybb->get_input('order'));
 253      $sortby = my_strtolower($mybb->get_input('sortby'));
 254  
 255      $sortby_accepted = array('subject', 'username', 'dateline');
 256  
 257      if(in_array($sortby, $sortby_accepted))
 258      {
 259          $query_sortby = $sortby;
 260  
 261          if($query_sortby == "username")
 262          {
 263              $query_sortby = "fromusername";
 264          }
 265      }
 266      else
 267      {
 268          $sortby = $query_sortby = "dateline";
 269      }
 270  
 271      if($order != "asc")
 272      {
 273          $order = "desc";
 274      }
 275  
 276      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 277      {
 278          $mybb->settings['threadsperpage'] = 20;
 279      }
 280  
 281      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 282      $pmscount = $db->fetch_field($query, "total");
 283  
 284      // Work out pagination, which page we're at, as well as the limits.
 285      $perpage = $mybb->settings['threadsperpage'];
 286      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 287      if($page > 0)
 288      {
 289          $start = ($page-1) * $perpage;
 290          $pages = ceil($pmscount / $perpage);
 291          if($page > $pages)
 292          {
 293              $start = 0;
 294              $page = 1;
 295          }
 296      }
 297      else
 298      {
 299          $start = 0;
 300          $page = 1;
 301      }
 302      $end = $start + $perpage;
 303      $lower = $start+1;
 304      $upper = $end;
 305  
 306      // Work out if we have terms to highlight
 307      $highlight = "";
 308      if($search['keywords'])
 309      {
 310          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 311      }
 312  
 313      // Do Multi Pages
 314      if($upper > $pmscount)
 315      {
 316          $upper = $pmscount;
 317      }
 318      $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 319      $messagelist = '';
 320  
 321      $icon_cache = $cache->read("posticons");
 322  
 323      // Cache users in multiple recipients for sent & drafts folder
 324      // Get all recipients into an array
 325      $cached_users = $get_users = array();
 326      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 327      while($row = $db->fetch_array($users_query))
 328      {
 329          $recipients = my_unserialize($row['recipients']);
 330          if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to']))
 331          {
 332              $get_users = array_merge($get_users, $recipients['to']);
 333          }
 334  
 335          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 336          {
 337              $get_users = array_merge($get_users, $recipients['bcc']);
 338          }
 339      }
 340  
 341      $get_users = implode(',', array_unique($get_users));
 342  
 343      // Grab info
 344      if($get_users)
 345      {
 346          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 347          while($user = $db->fetch_array($users_query))
 348          {
 349              $cached_users[$user['uid']] = $user;
 350          }
 351      }
 352  
 353      $query = $db->query("
 354          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 355          FROM ".TABLE_PREFIX."privatemessages pm
 356          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 357          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 358          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 359          ORDER BY pm.{$query_sortby} {$order}
 360          LIMIT {$start}, {$perpage}
 361      ");
 362      while($message = $db->fetch_array($query))
 363      {
 364          $msgalt = $msgstatus = '';
 365  
 366          // Determine Folder Icon
 367          if($message['status'] == 0)
 368          {
 369              $msgstatus = 'new_pm';
 370              $msgalt = $lang->new_pm;
 371          }
 372          else if($message['status'] == 1)
 373          {
 374              $msgstatus = 'old_pm';
 375              $msgalt = $lang->old_pm;
 376          }
 377          else if($message['status'] == 3)
 378          {
 379              $msgstatus = 're_pm';
 380              $msgalt = $lang->reply_pm;
 381          }
 382          else if($message['status'] == 4)
 383          {
 384              $msgstatus = 'fw_pm';
 385              $msgalt = $lang->fwd_pm;
 386          }
 387  
 388          $folder = $message['folder'];
 389  
 390          $tofromuid = 0;
 391          if($folder == 2 || $folder == 3)
 392          {
 393              // Sent Items or Drafts Folder Check
 394              $recipients = my_unserialize($message['recipients']);
 395              $to_users = $bcc_users = '';
 396              if(
 397                  isset($recipients['to']) &&
 398                  (count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 399              )
 400              {
 401                  foreach($recipients['to'] as $uid)
 402                  {
 403                      $profilelink = get_profile_link($uid);
 404                      $user = $cached_users[$uid];
 405                      $user['username'] = htmlspecialchars_uni($user['username']);
 406                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 407                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 408                  }
 409                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 410                  {
 411                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 412                      foreach($recipients['bcc'] as $uid)
 413                      {
 414                          $profilelink = get_profile_link($uid);
 415                          $user = $cached_users[$uid];
 416                          $user['username'] = htmlspecialchars_uni($user['username']);
 417                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 418                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 419                      }
 420                  }
 421  
 422                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 423              }
 424              else if($message['toid'])
 425              {
 426                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 427                  $tofromuid = $message['toid'];
 428              }
 429              else
 430              {
 431                  $tofromusername = $lang->not_sent;
 432              }
 433          }
 434          else
 435          {
 436              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 437              $tofromuid = $message['fromid'];
 438              if($tofromuid == 0)
 439              {
 440                  $tofromusername = $lang->mybb_engine;
 441              }
 442          }
 443  
 444          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 445  
 446          $denyreceipt = '';
 447  
 448          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 449          {
 450              $icon = $icon_cache[$message['icon']];
 451              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 452              $icon['path'] = htmlspecialchars_uni($icon['path']);
 453              $icon['name'] = htmlspecialchars_uni($icon['name']);
 454              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 455          }
 456          else
 457          {
 458              $icon = '&#009;';
 459          }
 460  
 461          if(!trim($message['subject']))
 462          {
 463              $message['subject'] = $lang->pm_no_subject;
 464          }
 465  
 466          $message['subject'] = $parser->parse_badwords($message['subject']);
 467  
 468          if(my_strlen($message['subject']) > 50)
 469          {
 470              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 471          }
 472          else
 473          {
 474              $message['subject'] = htmlspecialchars_uni($message['subject']);
 475          }
 476  
 477          if($message['folder'] != "3")
 478          {
 479              $senddate = my_date('relative', $message['dateline']);
 480          }
 481          else
 482          {
 483              $senddate = $lang->not_sent;
 484          }
 485  
 486          $fid = "0";
 487          if((int)$message['folder'] > 1)
 488          {
 489              $fid = $message['folder'];
 490          }
 491          $foldername = $foldernames[$fid];
 492  
 493          // What we do here is parse the post using our post parser, then strip the tags from it
 494          $parser_options = array(
 495              'allow_html' => 0,
 496              'allow_mycode' => 1,
 497              'allow_smilies' => 0,
 498              'allow_imgcode' => 0,
 499              'filter_badwords' => 1
 500          );
 501          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 502          if(my_strlen($message['message']) > 200)
 503          {
 504              $message['message'] = my_substr($message['message'], 0, 200)."...";
 505          }
 506  
 507          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 508      }
 509  
 510      if($db->num_rows($query) == 0)
 511      {
 512          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 513      }
 514  
 515      $plugins->run_hooks("private_results_end");
 516  
 517      eval("\$results = \"".$templates->get("private_search_results")."\";");
 518      output_page($results);
 519  }
 520  
 521  if($mybb->input['action'] == "advanced_search")
 522  {
 523      $plugins->run_hooks("private_advanced_search");
 524  
 525      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 526  
 527      output_page($advanced_search);
 528  }
 529  
 530  // Dismissing a new/unread PM notice
 531  if($mybb->input['action'] == "dismiss_notice")
 532  {
 533      if($mybb->user['pmnotice'] != 2)
 534      {
 535          exit;
 536      }
 537  
 538      // Verify incoming POST request
 539      verify_post_check($mybb->get_input('my_post_key'));
 540  
 541      $updated_user = array(
 542          "pmnotice" => 1
 543      );
 544      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 545  
 546      if(!empty($mybb->input['ajax']))
 547      {
 548          echo 1;
 549          exit;
 550      }
 551      else
 552      {
 553          header("Location: index.php");
 554          exit;
 555      }
 556  }
 557  
 558  $send_errors = '';
 559  
 560  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 561  {
 562      if($mybb->usergroup['cansendpms'] == 0)
 563      {
 564          error_no_permission();
 565      }
 566  
 567      // Verify incoming POST request
 568      verify_post_check($mybb->get_input('my_post_key'));
 569  
 570      $plugins->run_hooks("private_send_do_send");
 571  
 572      // Attempt to see if this PM is a duplicate or not
 573      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 574      $to = array_unique($to); // Filter out any duplicates
 575      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 576      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 577      $query = $db->query("
 578          SELECT pm.pmid
 579          FROM ".TABLE_PREFIX."privatemessages pm
 580          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 581          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 582          LIMIT 0, 1
 583      ");
 584      if($db->num_rows($query) > 0)
 585      {
 586          error($lang->error_pm_already_submitted);
 587      }
 588  
 589      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 590      $pmhandler = new PMDataHandler();
 591  
 592      $pm = array(
 593          "subject" => $mybb->get_input('subject'),
 594          "message" => $mybb->get_input('message'),
 595          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 596          "fromid" => $mybb->user['uid'],
 597          "do" => $mybb->get_input('do'),
 598          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 599          "ipaddress" => $session->packedip
 600      );
 601  
 602      // Split up any recipients we have
 603      $pm['to'] = $to;
 604      if(!empty($mybb->input['bcc']))
 605      {
 606          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 607          $pm['bcc'] = array_map("trim", $pm['bcc']);
 608      }
 609  
 610      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 611  
 612      if(!$mybb->usergroup['cantrackpms'])
 613      {
 614          $mybb->input['options']['readreceipt'] = false;
 615      }
 616  
 617      $pm['options'] = array();
 618      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 619      {
 620          $pm['options']['signature'] = 1;
 621      }
 622      else
 623      {
 624          $pm['options']['signature'] = 0;
 625      }
 626      if(isset($mybb->input['options']['disablesmilies']))
 627      {
 628          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 629      }
 630      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 631      {
 632          $pm['options']['savecopy'] = 1;
 633      }
 634      else
 635      {
 636          $pm['options']['savecopy'] = 0;
 637      }
 638      if(isset($mybb->input['options']['readreceipt']))
 639      {
 640          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 641      }
 642  
 643      if(!empty($mybb->input['saveasdraft']))
 644      {
 645          $pm['saveasdraft'] = 1;
 646      }
 647      $pmhandler->set_data($pm);
 648  
 649      // Now let the pm handler do all the hard work.
 650      if(!$pmhandler->validate_pm())
 651      {
 652          $pm_errors = $pmhandler->get_friendly_errors();
 653          $send_errors = inline_error($pm_errors);
 654          $mybb->input['action'] = "send";
 655      }
 656      else
 657      {
 658          $pminfo = $pmhandler->insert_pm();
 659          $plugins->run_hooks("private_do_send_end");
 660  
 661          if(isset($pminfo['draftsaved']))
 662          {
 663              redirect("private.php", $lang->redirect_pmsaved);
 664          }
 665          else
 666          {
 667              redirect("private.php", $lang->redirect_pmsent);
 668          }
 669      }
 670  }
 671  
 672  if($mybb->input['action'] == "send")
 673  {
 674      if($mybb->usergroup['cansendpms'] == 0)
 675      {
 676          error_no_permission();
 677      }
 678  
 679      $plugins->run_hooks("private_send_start");
 680  
 681      $smilieinserter = $codebuttons = '';
 682  
 683      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 684      {
 685          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 686          if($mybb->settings['pmsallowsmilies'] != 0)
 687          {
 688              $smilieinserter = build_clickable_smilies();
 689          }
 690      }
 691  
 692      $lang->post_icon = $lang->message_icon;
 693  
 694      $posticons = get_post_icons();
 695      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 696      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 697  
 698      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 699      $to = $bcc = '';
 700  
 701      if(!empty($mybb->input['preview']) || $send_errors)
 702      {
 703          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 704          if(isset($options['signature']) && $options['signature'] == 1)
 705          {
 706              $optionschecked['signature'] = 'checked="checked"';
 707          }
 708          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 709          {
 710              $optionschecked['disablesmilies'] = 'checked="checked"';
 711          }
 712          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 713          {
 714              $optionschecked['savecopy'] = 'checked="checked"';
 715          }
 716          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 717          {
 718              $optionschecked['readreceipt'] = 'checked="checked"';
 719          }
 720          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 721          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 722      }
 723  
 724      $preview = '';
 725      // Preview
 726      if(!empty($mybb->input['preview']))
 727      {
 728          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 729          $query = $db->query("
 730              SELECT u.username AS userusername, u.*, f.*
 731              FROM ".TABLE_PREFIX."users u
 732              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 733              WHERE u.uid='".$mybb->user['uid']."'
 734          ");
 735  
 736          $post = $db->fetch_array($query);
 737  
 738          $post['userusername'] = $mybb->user['username'];
 739          $post['postusername'] = $mybb->user['username'];
 740          $post['message'] = $mybb->get_input('message');
 741          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 742          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 743          if(!isset($options['disablesmilies']))
 744          {
 745              $options['disablesmilies'] = 0;
 746          }
 747          $post['smilieoff'] = $options['disablesmilies'];
 748          $post['dateline'] = TIME_NOW;
 749  
 750          if(!isset($options['signature']))
 751          {
 752              $post['includesig'] = 0;
 753          }
 754          else
 755          {
 756              $post['includesig'] = 1;
 757          }
 758  
 759          // Merge usergroup data from the cache
 760          $data_key = array(
 761              'title' => 'grouptitle',
 762              'usertitle' => 'groupusertitle',
 763              'stars' => 'groupstars',
 764              'starimage' => 'groupstarimage',
 765              'image' => 'groupimage',
 766              'namestyle' => 'namestyle',
 767              'usereputationsystem' => 'usereputationsystem'
 768          );
 769  
 770          foreach($data_key as $field => $key)
 771          {
 772              $post[$key] = $groupscache[$post['usergroup']][$field];
 773          }
 774  
 775          $postbit = build_postbit($post, 2);
 776          eval("\$preview = \"".$templates->get("previewpost")."\";");
 777      }
 778      else if(!$send_errors)
 779      {
 780          // New PM, so load default settings
 781          if($mybb->user['signature'] != '')
 782          {
 783              $optionschecked['signature'] = 'checked="checked"';
 784          }
 785          if($mybb->usergroup['cantrackpms'] == 1)
 786          {
 787              $optionschecked['readreceipt'] = 'checked="checked"';
 788          }
 789          $optionschecked['savecopy'] = 'checked="checked"';
 790      }
 791  
 792      // Draft, reply, forward
 793      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 794      {
 795          $query = $db->query("
 796              SELECT pm.*, u.username AS quotename
 797              FROM ".TABLE_PREFIX."privatemessages pm
 798              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 799              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 800          ");
 801  
 802          $pm = $db->fetch_array($query);
 803          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 804          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 805  
 806          if($pm['folder'] == "3")
 807          {
 808              // message saved in drafts
 809              $mybb->input['uid'] = $pm['toid'];
 810  
 811              if($pm['includesig'] == 1)
 812              {
 813                  $optionschecked['signature'] = 'checked="checked"';
 814              }
 815              if($pm['smilieoff'] == 1)
 816              {
 817                  $optionschecked['disablesmilies'] = 'checked="checked"';
 818              }
 819              if($pm['receipt'])
 820              {
 821                  $optionschecked['readreceipt'] = 'checked="checked"';
 822              }
 823  
 824              // Get list of recipients
 825              $recipients = my_unserialize($pm['recipients']);
 826              $comma = $recipientids = '';
 827              if(isset($recipients['to']) && is_array($recipients['to']))
 828              {
 829                  foreach($recipients['to'] as $recipient)
 830                  {
 831                      $recipient_list['to'][] = $recipient;
 832                      $recipientids .= $comma.$recipient;
 833                      $comma = ',';
 834                  }
 835              }
 836  
 837              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 838              {
 839                  foreach($recipients['bcc'] as $recipient)
 840                  {
 841                      $recipient_list['bcc'][] = $recipient;
 842                      $recipientids .= $comma.$recipient;
 843                      $comma = ',';
 844                  }
 845              }
 846  
 847              if(!empty($recipientids))
 848              {
 849                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 850                  while($user = $db->fetch_array($query))
 851                  {
 852                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 853                      {
 854                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 855                      }
 856                      else
 857                      {
 858                          $to .= htmlspecialchars_uni($user['username']).', ';
 859                      }
 860                  }
 861              }
 862          }
 863          else
 864          {
 865              // forward/reply
 866              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 867              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 868              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 869  
 870              require_once  MYBB_ROOT."inc/functions_posting.php";
 871  
 872              if($mybb->settings['maxpmquotedepth'] != '0')
 873              {
 874                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 875              }
 876  
 877              if($mybb->input['do'] == 'forward')
 878              {
 879                  $subject = "Fw: $subject";
 880              }
 881              elseif($mybb->input['do'] == 'reply')
 882              {
 883                  $subject = "Re: $subject";
 884                  $uid = $pm['fromid'];
 885                  if($mybb->user['uid'] == $uid)
 886                  {
 887                      $to = $mybb->user['username'];
 888                  }
 889                  else
 890                  {
 891                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 892                      $to = $db->fetch_field($query, 'username');
 893                  }
 894                  $to = htmlspecialchars_uni($to);
 895              }
 896              else if($mybb->input['do'] == 'replyall')
 897              {
 898                  $subject = "Re: $subject";
 899  
 900                  // Get list of recipients
 901                  $recipients = my_unserialize($pm['recipients']);
 902                  $recipientids = $pm['fromid'];
 903                  if(isset($recipients['to']) && is_array($recipients['to']))
 904                  {
 905                      foreach($recipients['to'] as $recipient)
 906                      {
 907                          if($recipient == $mybb->user['uid'])
 908                          {
 909                              continue;
 910                          }
 911                          $recipientids .= ','.$recipient;
 912                      }
 913                  }
 914                  $comma = '';
 915                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 916                  while($user = $db->fetch_array($query))
 917                  {
 918                      $to .= $comma.htmlspecialchars_uni($user['username']);
 919                      $comma = $lang->comma;
 920                  }
 921              }
 922          }
 923      }
 924  
 925      // New PM with recipient preset
 926      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 927      {
 928          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 929          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 930      }
 931  
 932      $max_recipients = '';
 933      if($mybb->usergroup['maxpmrecipients'] > 0)
 934      {
 935          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 936      }
 937  
 938      if($send_errors)
 939      {
 940          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 941          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 942      }
 943  
 944      // Load the auto complete javascript if it is enabled.
 945      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 946  
 947      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 948      $do = $mybb->get_input('do');
 949      if($do != "forward" && $do != "reply" && $do != "replyall")
 950      {
 951          $do = '';
 952      }
 953  
 954      $buddy_select_to = $buddy_select_bcc = '';
 955      // See if it's actually worth showing the buddylist icon.
 956      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 957      {
 958          $buddy_select = 'to';
 959          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 960          $buddy_select = 'bcc';
 961          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 962      }
 963  
 964      // Hide tracking option if no permission
 965      $private_send_tracking = '';
 966      if($mybb->usergroup['cantrackpms'])
 967      {
 968          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 969      }
 970  
 971      $plugins->run_hooks("private_send_end");
 972  
 973      eval("\$send = \"".$templates->get("private_send")."\";");
 974      output_page($send);
 975  }
 976  
 977  if($mybb->input['action'] == "read")
 978  {
 979      $plugins->run_hooks("private_read");
 980  
 981      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 982  
 983      $query = $db->query("
 984          SELECT pm.*, u.*, f.*
 985          FROM ".TABLE_PREFIX."privatemessages pm
 986          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 987          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 988          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 989      ");
 990      $pm = $db->fetch_array($query);
 991  
 992      if(!$pm)
 993      {
 994          error($lang->error_invalidpm);
 995      }
 996  
 997      if($pm['folder'] == 3)
 998      {
 999          header("Location: private.php?action=send&pmid={$pm['pmid']}");
1000          exit;
1001      }
1002  
1003      // If we've gotten a PM, attach the group info
1004      $data_key = array(
1005          'title' => 'grouptitle',
1006          'usertitle' => 'groupusertitle',
1007          'stars' => 'groupstars',
1008          'starimage' => 'groupstarimage',
1009          'image' => 'groupimage',
1010          'namestyle' => 'namestyle'
1011      );
1012  
1013      if(isset($groupscache[$pm['usergroup']]))
1014      {
1015          foreach($data_key as $field => $key)
1016          {
1017              $pm[$key] = $groupscache[$pm['usergroup']][$field];
1018          }
1019      }
1020  
1021      if($pm['receipt'] == 1)
1022      {
1023          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1024          {
1025              $receiptadd = 0;
1026          }
1027          else
1028          {
1029              $receiptadd = 2;
1030          }
1031      }
1032  
1033      $action_time = '';
1034      if($pm['status'] == 0)
1035      {
1036          $time = TIME_NOW;
1037          $updatearray = array(
1038              'status' => 1,
1039              'readtime' => $time
1040          );
1041  
1042          if(isset($receiptadd))
1043          {
1044              $updatearray['receipt'] = $receiptadd;
1045          }
1046  
1047          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1048  
1049          // Update the unread count - it has now changed.
1050          update_pm_count($mybb->user['uid'], 6);
1051  
1052          // Update PM notice value if this is our last unread PM
1053          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1054          {
1055              $updated_user = array(
1056                  "pmnotice" => 1
1057              );
1058              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1059          }
1060      }
1061      // Replied PM?
1062      else if($pm['status'] == 3 && $pm['statustime'])
1063      {
1064          $reply_string = $lang->you_replied_on;
1065          $reply_date = my_date('relative', $pm['statustime']);
1066  
1067          if((TIME_NOW - $pm['statustime']) < 3600)
1068          {
1069              // Relative string for the first hour
1070              $reply_string = $lang->you_replied;
1071          }
1072  
1073          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1074          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1075      }
1076      else if($pm['status'] == 4 && $pm['statustime'])
1077      {
1078          $forward_string = $lang->you_forwarded_on;
1079          $forward_date = my_date('relative', $pm['statustime']);
1080  
1081          if((TIME_NOW - $pm['statustime']) < 3600)
1082          {
1083              $forward_string = $lang->you_forwarded;
1084          }
1085  
1086          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1087          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1088      }
1089  
1090      $pm['userusername'] = $pm['username'];
1091      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1092  
1093      if($pm['fromid'] == 0)
1094      {
1095          $pm['username'] = $lang->mybb_engine;
1096      }
1097  
1098      if(!$pm['username'])
1099      {
1100          $pm['username'] = $lang->na;
1101      }
1102  
1103      // Fetch the recipients for this message
1104      $pm['recipients'] = my_unserialize($pm['recipients']);
1105  
1106      if(isset($pm['recipients']['to']) && is_array($pm['recipients']['to']))
1107      {
1108          $uid_sql = implode(',', $pm['recipients']['to']);
1109      }
1110      else
1111      {
1112          $uid_sql = $pm['toid'];
1113          $pm['recipients']['to'] = array($pm['toid']);
1114      }
1115  
1116      $show_bcc = 0;
1117  
1118      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1119      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1120      {
1121          $show_bcc = 1;
1122          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1123      }
1124  
1125      // Fetch recipient names from the database
1126      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1127      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1128      while($recipient = $db->fetch_array($query))
1129      {
1130          // User is a BCC recipient
1131          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1132          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1133          {
1134              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1135              $bcc_form_val[] = $recipient['username'];
1136          }
1137          // User is a normal recipient
1138          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1139          {
1140              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1141          }
1142      }
1143  
1144      $bcc = '';
1145      if(count($bcc_recipients) > 0)
1146      {
1147          $bcc_recipients = implode(', ', $bcc_recipients);
1148          $bcc_form_val = implode(',', $bcc_form_val);
1149          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1150      }
1151      else
1152      {
1153          $bcc_form_val = '';
1154      }
1155  
1156      $replyall = false;
1157      if(count($to_recipients) > 1)
1158      {
1159          $replyall = true;
1160      }
1161  
1162      if(count($to_recipients) > 0)
1163      {
1164          $to_recipients = implode($lang->comma, $to_recipients);
1165      }
1166      else
1167      {
1168          $to_recipients = $lang->nobody;
1169      }
1170  
1171      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1172  
1173      add_breadcrumb($pm['subject']);
1174      $message = build_postbit($pm, 2);
1175  
1176      // Decide whether or not to show quick reply.
1177      $quickreply = '';
1178      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1179      {
1180          $trow = alt_trow();
1181  
1182          $optionschecked = array('savecopy' => 'checked="checked"', 'signature' => '', 'disablesmilies' => '');
1183          if(!empty($mybb->user['signature']))
1184          {
1185              $optionschecked['signature'] = 'checked="checked"';
1186          }
1187          if($mybb->usergroup['cantrackpms'] == 1)
1188          {
1189              $optionschecked['readreceipt'] = 'checked="checked"';
1190          }
1191  
1192          require_once  MYBB_ROOT.'inc/functions_posting.php';
1193  
1194          $quoted_message = array(
1195              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1196              'username' => $pm['username'],
1197              'quote_is_pm' => true
1198          );
1199          $quoted_message = parse_quoted_message($quoted_message);
1200  
1201          if($mybb->settings['maxpmquotedepth'] != '0')
1202          {
1203              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1204          }
1205  
1206          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1207  
1208          if($mybb->user['uid'] == $pm['fromid'])
1209          {
1210              $to = htmlspecialchars_uni($mybb->user['username']);
1211          }
1212          else
1213          {
1214              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1215              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1216          }
1217  
1218          $private_send_tracking = '';
1219          if($mybb->usergroup['cantrackpms'])
1220          {
1221              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1222  
1223              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1224          }
1225  
1226          $postoptionschecked = $optionschecked; // Backwards compatability instead of correcting variable used in template
1227  
1228          if(!isset($collapsedthead['quickreply']))
1229          {
1230              $collapsedthead['quickreply'] = '';
1231          }
1232          if(!isset($collapsedimg['quickreply']))
1233          {
1234              $collapsedimg['quickreply'] = '';
1235          }
1236          if(!isset($collapsed['quickreply_e']))
1237          {
1238              $collapsed['quickreply_e'] = '';
1239          }
1240  
1241          $expaltext = (in_array("quickreply", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
1242          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1243      }
1244  
1245      $plugins->run_hooks("private_read_end");
1246  
1247      eval("\$read = \"".$templates->get("private_read")."\";");
1248      output_page($read);
1249  }
1250  
1251  if($mybb->input['action'] == "tracking")
1252  {
1253      if(!$mybb->usergroup['cantrackpms'])
1254      {
1255          error_no_permission();
1256      }
1257  
1258      $plugins->run_hooks("private_tracking_start");
1259      $readmessages = '';
1260      $unreadmessages = '';
1261  
1262      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1263      {
1264          $mybb->settings['postsperpage'] = 20;
1265      }
1266  
1267      // Figure out if we need to display multiple pages.
1268      $perpage = $mybb->settings['postsperpage'];
1269  
1270      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1271      $postcount = $db->fetch_field($query, "readpms");
1272  
1273      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1274      $pages = $postcount / $perpage;
1275      $pages = ceil($pages);
1276  
1277      if($mybb->get_input('read_page') == "last")
1278      {
1279          $page = $pages;
1280      }
1281  
1282      if($page > $pages || $page <= 0)
1283      {
1284          $page = 1;
1285      }
1286  
1287      if($page)
1288      {
1289          $start = ($page-1) * $perpage;
1290      }
1291      else
1292      {
1293          $start = 0;
1294          $page = 1;
1295      }
1296  
1297      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1298  
1299      $query = $db->query("
1300          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1301          FROM ".TABLE_PREFIX."privatemessages pm
1302          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1303          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1304          ORDER BY pm.readtime DESC
1305          LIMIT {$start}, {$perpage}
1306      ");
1307      while($readmessage = $db->fetch_array($query))
1308      {
1309          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1310          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1311          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1312          $readdate = my_date('relative', $readmessage['readtime']);
1313          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1314      }
1315  
1316      $stoptrackingread = '';
1317      if(!empty($readmessages))
1318      {
1319          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1320      }
1321  
1322      if(!$readmessages)
1323      {
1324          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1325      }
1326  
1327      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1328      $postcount = $db->fetch_field($query, "unreadpms");
1329  
1330      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1331      $pages = $postcount / $perpage;
1332      $pages = ceil($pages);
1333  
1334      if($mybb->get_input('unread_page') == "last")
1335      {
1336          $page = $pages;
1337      }
1338  
1339      if($page > $pages || $page <= 0)
1340      {
1341          $page = 1;
1342      }
1343  
1344      if($page)
1345      {
1346          $start = ($page-1) * $perpage;
1347      }
1348      else
1349      {
1350          $start = 0;
1351          $page = 1;
1352      }
1353  
1354      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1355  
1356      $query = $db->query("
1357          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1358          FROM ".TABLE_PREFIX."privatemessages pm
1359          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1360          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1361          ORDER BY pm.dateline DESC
1362          LIMIT {$start}, {$perpage}
1363      ");
1364      while($unreadmessage = $db->fetch_array($query))
1365      {
1366          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1367          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1368          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1369          $senddate = my_date('relative', $unreadmessage['dateline']);
1370          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1371      }
1372  
1373      $stoptrackingunread = '';
1374      if(!empty($unreadmessages))
1375      {
1376          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1377      }
1378  
1379      if(!$unreadmessages)
1380      {
1381          $lang->no_readmessages = $lang->no_unreadmessages;
1382          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1383      }
1384  
1385      $plugins->run_hooks("private_tracking_end");
1386  
1387      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1388      output_page($tracking);
1389  }
1390  
1391  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1392  {
1393      // Verify incoming POST request
1394      verify_post_check($mybb->get_input('my_post_key'));
1395  
1396      $plugins->run_hooks("private_do_tracking_start");
1397  
1398      if(!empty($mybb->input['stoptracking']))
1399      {
1400          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1401          if(!empty($mybb->input['readcheck']))
1402          {
1403              foreach($mybb->input['readcheck'] as $key => $val)
1404              {
1405                  $sql_array = array(
1406                      "receipt" => 0
1407                  );
1408                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1409              }
1410          }
1411          $plugins->run_hooks("private_do_tracking_end");
1412          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1413      }
1414      elseif(!empty($mybb->input['stoptrackingunread']))
1415      {
1416          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1417          if(!empty($mybb->input['unreadcheck']))
1418          {
1419              foreach($mybb->input['unreadcheck'] as $key => $val)
1420              {
1421                  $sql_array = array(
1422                      "receipt" => 0
1423                  );
1424                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1425              }
1426          }
1427          $plugins->run_hooks("private_do_tracking_end");
1428          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1429      }
1430      elseif(!empty($mybb->input['cancel']))
1431      {
1432          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1433          if(!empty($mybb->input['unreadcheck']))
1434          {
1435              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1436              {
1437                  $pmids[$pmid] = (int)$pmid;
1438              }
1439  
1440              $pmids = implode(",", $pmids);
1441              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1442              while($pm = $db->fetch_array($query))
1443              {
1444                  $pmuids[$pm['uid']] = $pm['uid'];
1445              }
1446  
1447              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1448              foreach($pmuids as $uid)
1449              {
1450                  // Message is canceled, update PM count for this user
1451                  update_pm_count($uid);
1452              }
1453          }
1454          $plugins->run_hooks("private_do_tracking_end");
1455          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1456      }
1457  }
1458  
1459  if($mybb->input['action'] == "stopalltracking")
1460  {
1461      // Verify incoming POST request
1462      verify_post_check($mybb->get_input('my_post_key'));
1463  
1464      $plugins->run_hooks("private_stopalltracking_start");
1465  
1466      $sql_array = array(
1467          "receipt" => 0
1468      );
1469      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1470  
1471      $plugins->run_hooks("private_stopalltracking_end");
1472      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1473  }
1474  
1475  if($mybb->input['action'] == "folders")
1476  {
1477      $plugins->run_hooks("private_folders_start");
1478  
1479      $folderlist = '';
1480      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1481      foreach($foldersexploded as $key => $folders)
1482      {
1483          $folderinfo = explode("**", $folders, 2);
1484          $foldername = $folderinfo[1];
1485          $fid = $folderinfo[0];
1486          $foldername = get_pm_folder_name($fid, $foldername);
1487  
1488          if((int)$folderinfo[0] < 5)
1489          {
1490              $foldername2 = get_pm_folder_name($fid);
1491              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1492              unset($name);
1493          }
1494          else
1495          {
1496              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1497          }
1498      }
1499  
1500      $newfolders = '';
1501      for($i = 1; $i <= 5; ++$i)
1502      {
1503          $fid = "new$i";
1504          $foldername = '';
1505          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1506      }
1507  
1508      $plugins->run_hooks("private_folders_end");
1509  
1510      eval("\$folders = \"".$templates->get("private_folders")."\";");
1511      output_page($folders);
1512  }
1513  
1514  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1515  {
1516      // Verify incoming POST request
1517      verify_post_check($mybb->get_input('my_post_key'));
1518  
1519      $plugins->run_hooks("private_do_folders_start");
1520  
1521      $highestid = 2;
1522      $folders = '';
1523      $donefolders = array();
1524      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1525      foreach($mybb->input['folder'] as $key => $val)
1526      {
1527          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1528          {
1529              if(my_substr($key, 0, 3) == "new") // Create a new folder
1530              {
1531                  ++$highestid;
1532                  $fid = (int)$highestid;
1533              }
1534              else // Editing an existing folder
1535              {
1536                  if($key > $highestid)
1537                  {
1538                      $highestid = $key;
1539                  }
1540  
1541                  $fid = (int)$key;
1542                  // Use default language strings if empty or value is language string
1543                  if($val == get_pm_folder_name($fid) || trim($val) == '')
1544                  {
1545                      $val = '';
1546                  }
1547              }
1548  
1549              if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4))
1550              {
1551                  // If the name only contains whitespace and it's not a default folder, print an error
1552                  error($lang->error_emptypmfoldername);
1553              }
1554  
1555              if($val != '' || (is_numeric($key) && $key <= 4))
1556              {
1557                  // If there is a name or if this is a default folder, save it
1558                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1559  
1560                  if(my_strpos($foldername, "$%%$") === false)
1561                  {
1562                      if($folders != '')
1563                      {
1564                          $folders .= "$%%$";
1565                      }
1566                      $folders .= "$fid**$foldername";
1567                  }
1568                  else
1569                  {
1570                      error($lang->error_invalidpmfoldername);
1571                  }
1572              }
1573              else
1574              {
1575                  // Delete PMs from the folder
1576                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1577              }
1578          }
1579      }
1580  
1581      $sql_array = array(
1582          "pmfolders" => $folders
1583      );
1584      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1585  
1586      // Update PM count
1587      update_pm_count();
1588  
1589      $plugins->run_hooks("private_do_folders_end");
1590  
1591      redirect("private.php", $lang->redirect_pmfoldersupdated);
1592  }
1593  
1594  if($mybb->input['action'] == "empty")
1595  {
1596      if($mybb->user['totalpms'] == 0)
1597      {
1598          error($lang->error_nopms);
1599      }
1600  
1601      $plugins->run_hooks("private_empty_start");
1602  
1603      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1604      $folderlist = '';
1605      foreach($foldersexploded as $key => $folders)
1606      {
1607          $folderinfo = explode("**", $folders, 2);
1608          $unread = ''; 
1609          $fid = $folderinfo[0];
1610          if($folderinfo[0] == "1")
1611          {
1612              $fid = "1";
1613              $unread = " AND status='0'";
1614          }
1615          if($folderinfo[0] == "0")
1616          {
1617              $fid = "1";
1618          }
1619          $foldername = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1620          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid'$unread AND uid='".$mybb->user['uid']."'");
1621          $thing = $db->fetch_array($query);
1622          $foldercount = my_number_format($thing['pmsinfolder']);
1623          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1624      }
1625  
1626      $plugins->run_hooks("private_empty_end");
1627  
1628      eval("\$folders = \"".$templates->get("private_empty")."\";");
1629      output_page($folders);
1630  }
1631  
1632  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1633  {
1634      // Verify incoming POST request
1635      verify_post_check($mybb->get_input('my_post_key'));
1636  
1637      $plugins->run_hooks("private_do_empty_start");
1638  
1639      $emptyq = '';
1640      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1641      $keepunreadq = '';
1642      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1643      {
1644          $keepunreadq = " AND status!='0'";
1645      }
1646      if(!empty($mybb->input['empty']))
1647      {
1648          foreach($mybb->input['empty'] as $key => $val)
1649          {
1650              if($val == 1)
1651              {
1652                  $key = (int)$key;
1653                  if($emptyq)
1654                  {
1655                      $emptyq .= " OR ";
1656                  }
1657                  $emptyq .= "folder='$key'";
1658              }
1659          }
1660  
1661          if($emptyq != '')
1662          {
1663              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1664          }
1665      }
1666  
1667      // Update PM count
1668      update_pm_count();
1669  
1670      $plugins->run_hooks("private_do_empty_end");
1671      redirect("private.php", $lang->redirect_pmfoldersemptied);
1672  }
1673  
1674  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1675  {
1676      // Verify incoming POST request
1677      verify_post_check($mybb->get_input('my_post_key'));
1678  
1679      $plugins->run_hooks("private_do_stuff");
1680  
1681      if(!empty($mybb->input['hop']))
1682      {
1683          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1684      }
1685      elseif(!empty($mybb->input['moveto']))
1686      {
1687          $pms = array_map('intval', array_keys($mybb->get_input('check', MyBB::INPUT_ARRAY)));
1688          if(!empty($pms))
1689          {
1690              if(!$mybb->input['fid'])
1691              {
1692                  $mybb->input['fid'] = 1;
1693              }
1694  
1695              if(array_key_exists($mybb->input['fid'], $foldernames))
1696              {
1697                  $db->update_query("privatemessages", array("folder" => $mybb->input['fid']), "pmid IN (".implode(",", $pms).") AND uid='".$mybb->user['uid']."'");
1698                  update_pm_count();
1699              }
1700              else
1701              {
1702                  error($lang->error_invalidmovefid);
1703              }
1704          }
1705  
1706          if(!empty($mybb->input['fromfid']))
1707          {
1708              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1709          }
1710          else
1711          {
1712              redirect("private.php", $lang->redirect_pmsmoved);
1713          }
1714      }
1715      elseif(!empty($mybb->input['delete']))
1716      {
1717          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1718          if(!empty($mybb->input['check']))
1719          {
1720              $pmssql = '';
1721              foreach($mybb->input['check'] as $key => $val)
1722              {
1723                  if($pmssql)
1724                  {
1725                      $pmssql .= ",";
1726                  }
1727                  $pmssql .= "'".(int)$key."'";
1728              }
1729  
1730              $deletepms = array();
1731              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1732              while($delpm = $db->fetch_array($query))
1733              {
1734                  $deletepms[$delpm['pmid']] = 1;
1735              }
1736  
1737              foreach($mybb->input['check'] as $key => $val)
1738              {
1739                  $key = (int)$key;
1740                  if(!empty($deletepms[$key]))
1741                  {
1742                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1743                  }
1744                  else
1745                  {
1746                      $sql_array = array(
1747                          "folder" => 4,
1748                          "deletetime" => TIME_NOW
1749                      );
1750                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1751                  }
1752              }
1753          }
1754          // Update PM count
1755          update_pm_count();
1756  
1757          if(!empty($mybb->input['fromfid']))
1758          {
1759              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1760          }
1761          else
1762          {
1763              redirect("private.php", $lang->redirect_pmsdeleted);
1764          }
1765      }
1766  }
1767  
1768  if($mybb->input['action'] == "delete")
1769  {
1770      // Verify incoming POST request
1771      verify_post_check($mybb->get_input('my_post_key'));
1772  
1773      $plugins->run_hooks("private_delete_start");
1774  
1775      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1776      if($db->num_rows($query) == 1)
1777      {
1778          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1779      }
1780      else
1781      {
1782          $sql_array = array(
1783              "folder" => 4,
1784              "deletetime" => TIME_NOW
1785          );
1786          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1787      }
1788  
1789      // Update PM count
1790      update_pm_count();
1791  
1792      $plugins->run_hooks("private_delete_end");
1793      redirect("private.php", $lang->redirect_pmsdeleted);
1794  }
1795  
1796  if($mybb->input['action'] == "export")
1797  {
1798      if($mybb->user['totalpms'] == 0)
1799      {
1800          error($lang->error_nopms);
1801      }
1802  
1803      $plugins->run_hooks("private_export_start");
1804  
1805      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1806      $folderlist_folder = '';
1807      foreach($foldersexploded as $key => $folders)
1808      {
1809          $folderinfo = explode("**", $folders, 2);
1810          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1811  
1812          $folder_id = $folderinfo[0];
1813          $folder_name = $folderinfo[1];
1814  
1815          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1816      }
1817  
1818      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1819  
1820      $plugins->run_hooks("private_export_end");
1821  
1822      eval("\$archive = \"".$templates->get("private_archive")."\";");
1823  
1824      output_page($archive);
1825  }
1826  
1827  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1828  {
1829      // Verify incoming POST request
1830      verify_post_check($mybb->get_input('my_post_key'));
1831  
1832      $plugins->run_hooks("private_do_export_start");
1833  
1834      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1835      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1836      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1837      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1838      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1839      foreach($foldersexploded as $key => $folders)
1840      {
1841          $folderinfo = explode("**", $folders, 2);
1842          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1843          $foldersexploded[$key] = implode("**", $folderinfo);
1844      }
1845  
1846      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1847      {
1848          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1849      }
1850      else
1851      {
1852          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1853          {
1854              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1855              $wsql = "pm.dateline";
1856              if($mybb->get_input('dayway') == "older")
1857              {
1858                  $wsql .= "<=";
1859              }
1860              else
1861              {
1862                  $wsql .= ">=";
1863              }
1864              $wsql .= "'$datecut'";
1865          }
1866          else
1867          {
1868              $wsql = "1=1";
1869          }
1870  
1871          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1872          if(!empty($mybb->input['exportfolders']))
1873          {
1874              $folderlst = '';
1875              foreach($mybb->input['exportfolders'] as $key => $val)
1876              {
1877                  $val = $db->escape_string($val);
1878                  if($val == "all")
1879                  {
1880                      $folderlst = '';
1881                      break;
1882                  }
1883                  else
1884                  {
1885                      if(!$folderlst)
1886                      {
1887                          $folderlst = " AND pm.folder IN ('$val'";
1888                      }
1889                      else
1890                      {
1891                          $folderlst .= ",'$val'";
1892                      }
1893                  }
1894              }
1895              if($folderlst)
1896              {
1897                  $folderlst .= ")";
1898              }
1899              $wsql .= "$folderlst";
1900          }
1901          else
1902          {
1903              error($lang->error_pmnoarchivefolders);
1904          }
1905  
1906          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1907          {
1908              $wsql .= " AND pm.status!='0'";
1909          }
1910      }
1911      $query = $db->query("
1912          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1913          FROM ".TABLE_PREFIX."privatemessages pm
1914          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1915          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1916          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1917          ORDER BY pm.folder ASC, pm.dateline DESC
1918      ");
1919      $numpms = $db->num_rows($query);
1920      if(!$numpms)
1921      {
1922          error($lang->error_nopmsarchive);
1923      }
1924  
1925      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1926  
1927      $pmsdownload = $ids = '';
1928      while($message = $db->fetch_array($query))
1929      {
1930          if($message['folder'] == 2 || $message['folder'] == 3)
1931          { // Sent Items or Drafts Folder Check
1932              if($message['toid'])
1933              {
1934                  $tofromuid = $message['toid'];
1935                  if($mybb->input['exporttype'] == "txt")
1936                  {
1937                      $tofromusername = $message['tousername'];
1938                  }
1939                  else
1940                  {
1941                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1942                  }
1943              }
1944              else
1945              {
1946                  $tofromusername = $lang->not_sent;
1947              }
1948              $tofrom = $lang->to;
1949          }
1950          else
1951          {
1952              $tofromuid = $message['fromid'];
1953              if($mybb->input['exporttype'] == "txt")
1954              {
1955                  $tofromusername = $message['fromusername'];
1956              }
1957              else
1958              {
1959                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1960              }
1961  
1962              if($tofromuid == 0)
1963              {
1964                  $tofromusername = $lang->mybb_engine;
1965              }
1966              $tofrom = $lang->from;
1967          }
1968  
1969          if($tofromuid == 0)
1970          {
1971              $message['fromusername'] = $lang->mybb_engine;
1972          }
1973  
1974          if(!$message['toid'] && $message['folder'] == 3)
1975          {
1976              $message['tousername'] = $lang->not_sent;
1977          }
1978  
1979          $message['subject'] = $parser->parse_badwords($message['subject']);
1980          if($message['folder'] != "3")
1981          {
1982              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1983              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1984              $senddate .= " $lang->at $sendtime";
1985          }
1986          else
1987          {
1988              $senddate = $lang->not_sent;
1989          }
1990  
1991          if($mybb->input['exporttype'] == "html")
1992          {
1993              $parser_options = array(
1994                  "allow_html" => $mybb->settings['pmsallowhtml'],
1995                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1996                  "allow_smilies" => 0,
1997                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1998                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1999                  "me_username" => $mybb->user['username'],
2000                  "filter_badwords" => 1
2001              );
2002  
2003              $message['message'] = $parser->parse_message($message['message'], $parser_options);
2004              $message['subject'] = htmlspecialchars_uni($message['subject']);
2005          }
2006  
2007          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
2008          {
2009              $message['message'] = str_replace("\r\n", "\n", $message['message']);
2010              $message['message'] = str_replace("\n", "\r\n", $message['message']);
2011          }
2012  
2013          if($mybb->input['exporttype'] == "csv")
2014          {
2015              $message['message'] = my_escape_csv($message['message']);
2016              $message['subject'] = my_escape_csv($message['subject']);
2017              $message['tousername'] = my_escape_csv($message['tousername']);
2018              $message['fromusername'] = my_escape_csv($message['fromusername']);
2019          }
2020  
2021          if(empty($donefolder[$message['folder']]))
2022          {
2023              reset($foldersexploded);
2024              foreach($foldersexploded as $key => $val)
2025              {
2026                  $folderinfo = explode("**", $val, 2);
2027                  if($folderinfo[0] == $message['folder'])
2028                  {
2029                      $foldername = $folderinfo[1];
2030                      if($mybb->input['exporttype'] != "csv")
2031                      {
2032                          if($mybb->input['exporttype'] != "html")
2033                          {
2034                              $mybb->input['exporttype'] == "txt";
2035                          }
2036                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2037                      }
2038                      else
2039                      {
2040                          $foldername = my_escape_csv($folderinfo[1]);
2041                      }
2042                      $donefolder[$message['folder']] = 1;
2043                  }
2044              }
2045          }
2046  
2047          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2048          $ids .= ",'{$message['pmid']}'";
2049      }
2050  
2051      if($mybb->input['exporttype'] == "html")
2052      {
2053          // Gather global stylesheet for HTML
2054          $css_tid = empty($theme['tid']) ? '' : "'". (int)$theme['tid'] ."',";
2055          $query = $db->simple_select("themestylesheets", "stylesheet", "tid in ({$css_tid}'2','1') AND name = 'global.css'", array('order_by' => 'tid', 'order_dir' => 'DESC', 'limit' => 1));
2056          $css = $db->fetch_field($query, "stylesheet");
2057      }
2058  
2059      $plugins->run_hooks("private_do_export_end");
2060  
2061      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2062      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2063      { // delete the archived pms
2064          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2065          // Update PM count
2066          update_pm_count();
2067      }
2068  
2069      if($mybb->input['exporttype'] == "html")
2070      {
2071          $filename = "pm-archive.html";
2072          $contenttype = "text/html";
2073      }
2074      elseif($mybb->input['exporttype'] == "csv")
2075      {
2076          $filename = "pm-archive.csv";
2077          $contenttype = "application/octet-stream";
2078      }
2079      else
2080      {
2081          $filename = "pm-archive.txt";
2082          $contenttype = "text/plain";
2083      }
2084  
2085      $archived = str_replace("\\\'","'",$archived);
2086      header("Content-disposition: filename=$filename");
2087      header("Content-type: ".$contenttype);
2088  
2089      if($mybb->input['exporttype'] == "html")
2090      {
2091          output_page($archived);
2092      }
2093      else
2094      {
2095          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2096          echo $archived;
2097      }
2098  }
2099  
2100  if(!$mybb->input['action'])
2101  {
2102      $plugins->run_hooks("private_inbox");
2103  
2104      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2105      {
2106          $mybb->input['fid'] = 0;
2107      }
2108  
2109      $fid = (int)$mybb->input['fid'];
2110      $folder = !$fid ? 1 : $fid;
2111      $foldername = $foldernames[$fid];
2112  
2113      if($folder == 2 || $folder == 3)
2114      { // Sent Items Folder
2115          $sender = $lang->sentto;
2116      }
2117      else
2118      {
2119          $sender = $lang->sender;
2120      }
2121  
2122      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2123      $ordersel = array('asc' => '', 'desc');
2124      switch(my_strtolower($mybb->input['order']))
2125      {
2126          case "asc":
2127              $sortordernow = "asc";
2128              $ordersel['asc'] = "selected=\"selected\"";
2129              $oppsort = $lang->desc;
2130              $oppsortnext = "desc";
2131              break;
2132          default:
2133              $sortordernow = "desc";
2134              $ordersel['desc'] = "selected=\"selected\"";
2135              $oppsort = $lang->asc;
2136              $oppsortnext = "asc";
2137              break;
2138      }
2139  
2140      // Sort by which field?
2141      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2142      switch($mybb->get_input('sortby'))
2143      {
2144          case "subject":
2145              $sortfield = "subject";
2146              break;
2147          case "username":
2148              $sortfield = "username";
2149              break;
2150          default:
2151              $sortby = "dateline";
2152              $sortfield = "dateline";
2153              $mybb->input['sortby'] = "dateline";
2154              break;
2155      }
2156      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2157      $sortsel[$sortby] = "selected=\"selected\"";
2158  
2159      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2160  
2161      // Do Multi Pages
2162      $selective = "";
2163      if($fid == 1)
2164      {
2165          $selective = " AND status='0'";
2166      }
2167  
2168      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'$selective");
2169      $pmscount = $db->fetch_field($query, "total");
2170  
2171      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2172      {
2173          $mybb->settings['threadsperpage'] = 20;
2174      }
2175  
2176      $perpage = $mybb->settings['threadsperpage'];
2177      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2178  
2179      if($page > 0)
2180      {
2181          $start = ($page-1) *$perpage;
2182          $pages = ceil($pmscount / $perpage);
2183          if($page > $pages)
2184          {
2185              $start = 0;
2186              $page = 1;
2187          }
2188      }
2189      else
2190      {
2191          $start = 0;
2192          $page = 1;
2193      }
2194  
2195      $end = $start + $perpage;
2196      $lower = $start+1;
2197      $upper = $end;
2198  
2199      if($upper > $pmscount)
2200      {
2201          $upper = $pmscount;
2202      }
2203  
2204      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2205      {
2206          $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}";
2207      }
2208      else
2209      {
2210          $page_url = "private.php?fid={$fid}";
2211      }
2212  
2213      $multipage = multipage($pmscount, $perpage, $page, $page_url);
2214      $selective = $messagelist = '';
2215  
2216      $icon_cache = $cache->read("posticons");
2217  
2218      // Cache users in multiple recipients for sent & drafts folder
2219      if($folder == 2 || $folder == 3)
2220      {
2221          if($sortfield == "username")
2222          {
2223              $u = "u.";
2224          }
2225          else
2226          {
2227              $u = "pm.";
2228          }
2229  
2230          // Get all recipients into an array
2231          $cached_users = $get_users = array();
2232          $users_query = $db->query("
2233              SELECT pm.recipients
2234              FROM ".TABLE_PREFIX."privatemessages pm
2235              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2236              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2237              ORDER BY {$u}{$sortfield} {$sortordernow}
2238              LIMIT {$start}, {$perpage}
2239          ");
2240          while($row = $db->fetch_array($users_query))
2241          {
2242              $recipients = my_unserialize($row['recipients']);
2243              if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to']))
2244              {
2245                  $get_users = array_merge($get_users, $recipients['to']);
2246              }
2247  
2248              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2249              {
2250                  $get_users = array_merge($get_users, $recipients['bcc']);
2251              }
2252          }
2253  
2254          $get_users = implode(',', array_unique($get_users));
2255  
2256          // Grab info
2257          if($get_users)
2258          {
2259              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2260              while($user = $db->fetch_array($users_query))
2261              {
2262                  $cached_users[$user['uid']] = $user;
2263              }
2264          }
2265      }
2266  
2267      if($folder == 2 || $folder == 3)
2268      {
2269          if($sortfield == "username")
2270          {
2271              $pm = "tu.";
2272          }
2273          else
2274          {
2275              $pm = "pm.";
2276          }
2277      }
2278      else
2279      {
2280          if($fid == 1)
2281          {
2282              $selective = " AND pm.status='0'";
2283          }
2284  
2285          if($sortfield == "username")
2286          {
2287              $pm = "fu.";
2288          }
2289          else
2290          {
2291              $pm = "pm.";
2292          }
2293      }
2294  
2295      $query = $db->query("
2296          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2297          FROM ".TABLE_PREFIX."privatemessages pm
2298          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2299          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2300          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective}
2301          ORDER BY {$pm}{$sortfield} {$sortordernow}
2302          LIMIT $start, $perpage
2303      ");
2304  
2305      if($db->num_rows($query) > 0)
2306      {
2307          $bgcolor = alt_trow(true);
2308          while($message = $db->fetch_array($query))
2309          {
2310              $msgalt = $msgstatus = '';
2311  
2312              // Determine Folder Icon
2313              if($message['status'] == 0)
2314              {
2315                  $msgstatus = 'new_pm';
2316                  $msgalt = $lang->new_pm;
2317              }
2318              else if($message['status'] == 1)
2319              {
2320                  $msgstatus = 'old_pm';
2321                  $msgalt = $lang->old_pm;
2322              }
2323              else if($message['status'] == 3)
2324              {
2325                  $msgstatus = 're_pm';
2326                  $msgalt = $lang->reply_pm;
2327              }
2328              else if($message['status'] == 4)
2329              {
2330                  $msgstatus = 'fw_pm';
2331                  $msgalt = $lang->fwd_pm;
2332              }
2333  
2334              $tofromuid = 0;
2335              if($folder == 2 || $folder == 3)
2336              { // Sent Items or Drafts Folder Check
2337                  $recipients = my_unserialize($message['recipients']);
2338                  $to_users = $bcc_users = '';
2339                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2340                  {
2341                      foreach($recipients['to'] as $uid)
2342                      {
2343                          if(!isset($cached_users[$uid]))
2344                          {
2345                              continue;
2346                          }
2347                          $profilelink = get_profile_link($uid);
2348                          $user = $cached_users[$uid];
2349                          $user['username'] = htmlspecialchars_uni($user['username']);
2350                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2351                          if(!$user['username'])
2352                          {
2353                              $username = $lang->na;
2354                          }
2355                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2356                      }
2357                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2358                      {
2359                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2360                          foreach($recipients['bcc'] as $uid)
2361                          {
2362                              if(!isset($cached_users[$uid]))
2363                              {
2364                                  continue;
2365                              }
2366                              $profilelink = get_profile_link($uid);
2367                              $user = $cached_users[$uid];
2368                              $user['username'] = htmlspecialchars_uni($user['username']);
2369                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2370                              if(!$user['username'])
2371                              {
2372                                  $username = $lang->na;
2373                              }
2374                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2375                          }
2376                      }
2377  
2378                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2379                  }
2380                  else if($message['toid'])
2381                  {
2382                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2383                      $tofromuid = $message['toid'];
2384                  }
2385                  else
2386                  {
2387                      $tofromusername = $lang->not_sent;
2388                  }
2389              }
2390              else
2391              {
2392                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2393                  $tofromuid = $message['fromid'];
2394                  if($tofromuid == 0)
2395                  {
2396                      $tofromusername = $lang->mybb_engine;
2397                  }
2398  
2399                  if(!$tofromusername)
2400                  {
2401                      $tofromuid = 0;
2402                      $tofromusername = $lang->na;
2403                  }
2404              }
2405  
2406              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2407  
2408              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2409              {
2410                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2411              }
2412              else
2413              {
2414                  $denyreceipt = '';
2415              }
2416  
2417              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2418              {
2419                  $icon = $icon_cache[$message['icon']];
2420                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2421                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2422                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2423                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2424              }
2425              else
2426              {
2427                  $icon = '&#009;';
2428              }
2429  
2430              if(!trim($message['subject']))
2431              {
2432                  $message['subject'] = $lang->pm_no_subject;
2433              }
2434  
2435              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2436              if($message['folder'] != "3")
2437              {
2438                  $senddate = my_date('relative', $message['dateline']);
2439              }
2440              else
2441              {
2442                  $senddate = $lang->not_sent;
2443              }
2444  
2445              $plugins->run_hooks("private_message");
2446  
2447              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2448              $bgcolor = alt_trow();
2449          }
2450      }
2451      else
2452      {
2453          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2454      }
2455  
2456      $pmspacebar = '';
2457      if($mybb->usergroup['pmquota'] != 0)
2458      {
2459          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2460          $pmscount = $db->fetch_array($query);
2461          if($pmscount['total'] == 0)
2462          {
2463              $spaceused = 0;
2464          }
2465          else
2466          {
2467              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2468          }
2469          $spaceused2 = 100 - $spaceused;
2470          $belowhalf = $overhalf = '';
2471          if($spaceused <= "50")
2472          {
2473              $spaceused_severity = "low";
2474              $belowhalf = round($spaceused, 0)."%";
2475              if((int)$belowhalf > 100)
2476              {
2477                  $belowhalf = "100%";
2478              }
2479          }
2480          else
2481          {
2482              if($spaceused <= "75")
2483              {
2484                  $spaceused_severity = "medium";
2485              }
2486  
2487              else
2488              {
2489                  $spaceused_severity = "high";
2490              }
2491  
2492              $overhalf = round($spaceused, 0)."%";
2493              if((int)$overhalf > 100)
2494              {
2495                  $overhalf = "100%";
2496              }
2497          }
2498  
2499          if($spaceused > 100)
2500          {
2501              $spaceused = 100;
2502              $spaceused2 = 0;
2503          }
2504  
2505          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2506      }
2507  
2508      $composelink = '';
2509      if($mybb->usergroup['cansendpms'] == 1)
2510      {
2511          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2512      }
2513  
2514      $emptyexportlink = '';
2515      if($mybb->user['totalpms'] > 0)
2516      {
2517          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2518      }
2519  
2520      $limitwarning = '';
2521      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2522      {
2523          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2524      }
2525  
2526      $plugins->run_hooks("private_end");
2527  
2528      eval("\$folder = \"".$templates->get("private")."\";");
2529      output_page($folder);
2530  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref