[ Index ]

PHP Cross Reference of MyBB 1.8.20

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  $update = false;
  46  if(!$mybb->user['pmfolders'])
  47  {
  48      $update = true;
  49      $mybb->user['pmfolders'] = "0**$%%$1**$%%$2**$%%$3**$%%$4**";
  50  }
  51  elseif ((int)my_substr($mybb->user['pmfolders'], 0, 1) != 0)
  52  {
  53      // Old folder structure. Need to update
  54      // Since MyBB 1.8.20 fid[0] represents 'Inbox' and fid[1] represents 'Unread'
  55      $update = true;
  56      $mybb->user['pmfolders'] = '0'. ltrim(str_replace("$%%$2**", "$%%$1**$%%$2**", $mybb->user['pmfolders']), '1');
  57  }
  58  
  59  // Folder structure update required?
  60  if($update)
  61  {
  62      $sql_array = array(
  63           "pmfolders" => $mybb->user['pmfolders']
  64      );
  65      $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
  66  }
  67  
  68  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  69  
  70  $folder_id = $folder_name = '';
  71  
  72  $foldernames = array();
  73  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  74  foreach($foldersexploded as $key => $folders)
  75  {
  76      $folderinfo = explode("**", $folders, 2);
  77      if($mybb->input['fid'] == $folderinfo[0])
  78      {
  79          $sel = ' selected="selected"';
  80      }
  81      else
  82      {
  83          $sel = '';
  84      }
  85      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  86      $foldernames[$folderinfo[0]] = $folderinfo[1];
  87  
  88      $folder_id = $folderinfo[0];
  89      $folder_name = $folderinfo[1];
  90  
  91      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  92      eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  93      eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  94  }
  95  
  96  $from_fid = $mybb->input['fid'];
  97  
  98  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  99  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
 100  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
 101  
 102  usercp_menu();
 103  
 104  $plugins->run_hooks("private_start");
 105  
 106  // Make navigation
 107  add_breadcrumb($lang->nav_pms, "private.php");
 108  
 109  $mybb->input['action'] = $mybb->get_input('action');
 110  switch($mybb->input['action'])
 111  {
 112      case "send":
 113          add_breadcrumb($lang->nav_send);
 114          break;
 115      case "tracking":
 116          add_breadcrumb($lang->nav_tracking);
 117          break;
 118      case "folders":
 119          add_breadcrumb($lang->nav_folders);
 120          break;
 121      case "empty":
 122          add_breadcrumb($lang->nav_empty);
 123          break;
 124      case "export":
 125          add_breadcrumb($lang->nav_export);
 126          break;
 127      case "advanced_search":
 128          add_breadcrumb($lang->nav_search);
 129          break;
 130      case "results":
 131          add_breadcrumb($lang->nav_results);
 132          break;
 133  }
 134  
 135  if(!empty($mybb->input['preview']))
 136  {
 137      $mybb->input['action'] = "send";
 138  }
 139  
 140  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 141  {
 142      $plugins->run_hooks("private_do_search_start");
 143  
 144      // Simulate coming from our advanced search form with some preset options
 145      if($mybb->get_input('quick_search'))
 146      {
 147          $mybb->input['action'] = "do_search";
 148          $mybb->input['subject'] = 1;
 149          $mybb->input['message'] = 1;
 150          $mybb->input['folder'] = $mybb->input['fid'];
 151          unset($mybb->input['jumpto']);
 152          unset($mybb->input['fromfid']);
 153      }
 154  
 155      // Check if search flood checking is enabled and user is not admin
 156      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 157      {
 158          // Fetch the time this user last searched
 159          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 160          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 161          $last_search = $db->fetch_array($query);
 162          // Users last search was within the flood time, show the error
 163          if($last_search['sid'])
 164          {
 165              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 166              if($remaining_time == 1)
 167              {
 168                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 169              }
 170              else
 171              {
 172                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 173              }
 174              error($lang->error_searchflooding);
 175          }
 176      }
 177  
 178      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 179      {
 180          error($lang->error_nosearchresults);
 181      }
 182  
 183      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 184      {
 185          $resulttype = "pmmessages";
 186      }
 187      else
 188      {
 189          $resulttype = "pmsubjects";
 190      }
 191  
 192      $search_data = array(
 193          "keywords" => $mybb->get_input('keywords'),
 194          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 195          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 196          "sender" => $mybb->get_input('sender'),
 197          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 198          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 199      );
 200  
 201      if($db->can_search == true)
 202      {
 203          require_once  MYBB_ROOT."inc/functions_search.php";
 204  
 205          $search_results = privatemessage_perform_search_mysql($search_data);
 206      }
 207      else
 208      {
 209          error($lang->error_no_search_support);
 210      }
 211      $sid = md5(uniqid(microtime(), true));
 212      $searcharray = array(
 213          "sid" => $db->escape_string($sid),
 214          "uid" => $mybb->user['uid'],
 215          "dateline" => TIME_NOW,
 216          "ipaddress" => $db->escape_binary($session->packedip),
 217          "threads" => '',
 218          "posts" => '',
 219          "resulttype" => $resulttype,
 220          "querycache" => $search_results['querycache'],
 221          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 222      );
 223      $plugins->run_hooks("private_do_search_process");
 224  
 225      $db->insert_query("searchlog", $searcharray);
 226  
 227      // Sender sort won't work yet
 228      $sortby = array('subject', 'sender', 'dateline');
 229  
 230      if(in_array($mybb->get_input('sort'), $sortby))
 231      {
 232          $sortby = $mybb->get_input('sort');
 233      }
 234      else
 235      {
 236          $sortby = "dateline";
 237      }
 238  
 239      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 240      {
 241          $sortorder = "asc";
 242      }
 243      else
 244      {
 245          $sortorder = "desc";
 246      }
 247  
 248      $plugins->run_hooks("private_do_search_end");
 249      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 250  }
 251  
 252  if($mybb->input['action'] == "results")
 253  {
 254      $sid = $mybb->get_input('sid');
 255      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 256      $search = $db->fetch_array($query);
 257  
 258      if(!$search)
 259      {
 260          error($lang->error_invalidsearch);
 261      }
 262  
 263      $plugins->run_hooks("private_results_start");
 264  
 265      // Decide on our sorting fields and sorting order.
 266      $order = my_strtolower($mybb->get_input('order'));
 267      $sortby = my_strtolower($mybb->get_input('sortby'));
 268  
 269      $sortby_accepted = array('subject', 'username', 'dateline');
 270  
 271      if(in_array($sortby, $sortby_accepted))
 272      {
 273          $query_sortby = $sortby;
 274  
 275          if($query_sortby == "username")
 276          {
 277              $query_sortby = "fromusername";
 278          }
 279      }
 280      else
 281      {
 282          $sortby = $query_sortby = "dateline";
 283      }
 284  
 285      if($order != "asc")
 286      {
 287          $order = "desc";
 288      }
 289  
 290      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 291      {
 292          $mybb->settings['threadsperpage'] = 20;
 293      }
 294  
 295      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 296      $pmscount = $db->fetch_field($query, "total");
 297  
 298      // Work out pagination, which page we're at, as well as the limits.
 299      $perpage = $mybb->settings['threadsperpage'];
 300      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 301      if($page > 0)
 302      {
 303          $start = ($page-1) * $perpage;
 304          $pages = ceil($pmscount / $perpage);
 305          if($page > $pages)
 306          {
 307              $start = 0;
 308              $page = 1;
 309          }
 310      }
 311      else
 312      {
 313          $start = 0;
 314          $page = 1;
 315      }
 316      $end = $start + $perpage;
 317      $lower = $start+1;
 318      $upper = $end;
 319  
 320      // Work out if we have terms to highlight
 321      $highlight = "";
 322      if($search['keywords'])
 323      {
 324          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 325      }
 326  
 327      // Do Multi Pages
 328      if($upper > $pmscount)
 329      {
 330          $upper = $pmscount;
 331      }
 332      $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 333      $messagelist = '';
 334  
 335      $icon_cache = $cache->read("posticons");
 336  
 337      // Cache users in multiple recipients for sent & drafts folder
 338      // Get all recipients into an array
 339      $cached_users = $get_users = array();
 340      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 341      while($row = $db->fetch_array($users_query))
 342      {
 343          $recipients = my_unserialize($row['recipients']);
 344          if(is_array($recipients['to']) && count($recipients['to']))
 345          {
 346              $get_users = array_merge($get_users, $recipients['to']);
 347          }
 348  
 349          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 350          {
 351              $get_users = array_merge($get_users, $recipients['bcc']);
 352          }
 353      }
 354  
 355      $get_users = implode(',', array_unique($get_users));
 356  
 357      // Grab info
 358      if($get_users)
 359      {
 360          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 361          while($user = $db->fetch_array($users_query))
 362          {
 363              $cached_users[$user['uid']] = $user;
 364          }
 365      }
 366  
 367      $query = $db->query("
 368          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 369          FROM ".TABLE_PREFIX."privatemessages pm
 370          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 371          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 372          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 373          ORDER BY pm.{$query_sortby} {$order}
 374          LIMIT {$start}, {$perpage}
 375      ");
 376      while($message = $db->fetch_array($query))
 377      {
 378          $msgalt = $msgstatus = '';
 379  
 380          // Determine Folder Icon
 381          if($message['status'] == 0)
 382          {
 383              $msgstatus = 'new_pm';
 384              $msgalt = $lang->new_pm;
 385          }
 386          else if($message['status'] == 1)
 387          {
 388              $msgstatus = 'old_pm';
 389              $msgalt = $lang->old_pm;
 390          }
 391          else if($message['status'] == 3)
 392          {
 393              $msgstatus = 're_pm';
 394              $msgalt = $lang->reply_pm;
 395          }
 396          else if($message['status'] == 4)
 397          {
 398              $msgstatus = 'fw_pm';
 399              $msgalt = $lang->fwd_pm;
 400          }
 401  
 402          $folder = $message['folder'];
 403  
 404          $tofromuid = 0;
 405          if($folder == 2 || $folder == 3)
 406          {
 407              // Sent Items or Drafts Folder Check
 408              $recipients = my_unserialize($message['recipients']);
 409              $to_users = $bcc_users = '';
 410              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 411              {
 412                  foreach($recipients['to'] as $uid)
 413                  {
 414                      $profilelink = get_profile_link($uid);
 415                      $user = $cached_users[$uid];
 416                      $user['username'] = htmlspecialchars_uni($user['username']);
 417                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 418                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 419                  }
 420                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 421                  {
 422                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 423                      foreach($recipients['bcc'] as $uid)
 424                      {
 425                          $profilelink = get_profile_link($uid);
 426                          $user = $cached_users[$uid];
 427                          $user['username'] = htmlspecialchars_uni($user['username']);
 428                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 429                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 430                      }
 431                  }
 432  
 433                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 434              }
 435              else if($message['toid'])
 436              {
 437                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 438                  $tofromuid = $message['toid'];
 439              }
 440              else
 441              {
 442                  $tofromusername = $lang->not_sent;
 443              }
 444          }
 445          else
 446          {
 447              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 448              $tofromuid = $message['fromid'];
 449              if($tofromuid == 0)
 450              {
 451                  $tofromusername = $lang->mybb_engine;
 452              }
 453          }
 454  
 455          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 456  
 457          $denyreceipt = '';
 458  
 459          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 460          {
 461              $icon = $icon_cache[$message['icon']];
 462              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 463              $icon['path'] = htmlspecialchars_uni($icon['path']);
 464              $icon['name'] = htmlspecialchars_uni($icon['name']);
 465              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 466          }
 467          else
 468          {
 469              $icon = '&#009;';
 470          }
 471  
 472          if(!trim($message['subject']))
 473          {
 474              $message['subject'] = $lang->pm_no_subject;
 475          }
 476  
 477          $message['subject'] = $parser->parse_badwords($message['subject']);
 478  
 479          if(my_strlen($message['subject']) > 50)
 480          {
 481              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 482          }
 483          else
 484          {
 485              $message['subject'] = htmlspecialchars_uni($message['subject']);
 486          }
 487  
 488          if($message['folder'] != "3")
 489          {
 490              $senddate = my_date('relative', $message['dateline']);
 491          }
 492          else
 493          {
 494              $senddate = $lang->not_sent;
 495          }
 496  
 497          $foldername = $foldernames[$message['folder']];
 498  
 499          // What we do here is parse the post using our post parser, then strip the tags from it
 500          $parser_options = array(
 501              'allow_html' => 0,
 502              'allow_mycode' => 1,
 503              'allow_smilies' => 0,
 504              'allow_imgcode' => 0,
 505              'filter_badwords' => 1
 506          );
 507          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 508          if(my_strlen($message['message']) > 200)
 509          {
 510              $message['message'] = my_substr($message['message'], 0, 200)."...";
 511          }
 512  
 513          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 514      }
 515  
 516      if($db->num_rows($query) == 0)
 517      {
 518          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 519      }
 520  
 521      $plugins->run_hooks("private_results_end");
 522  
 523      eval("\$results = \"".$templates->get("private_search_results")."\";");
 524      output_page($results);
 525  }
 526  
 527  if($mybb->input['action'] == "advanced_search")
 528  {
 529      $plugins->run_hooks("private_advanced_search");
 530  
 531      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 532  
 533      output_page($advanced_search);
 534  }
 535  
 536  // Dismissing a new/unread PM notice
 537  if($mybb->input['action'] == "dismiss_notice")
 538  {
 539      if($mybb->user['pmnotice'] != 2)
 540      {
 541          exit;
 542      }
 543  
 544      // Verify incoming POST request
 545      verify_post_check($mybb->get_input('my_post_key'));
 546  
 547      $updated_user = array(
 548          "pmnotice" => 1
 549      );
 550      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 551  
 552      if(!empty($mybb->input['ajax']))
 553      {
 554          echo 1;
 555          exit;
 556      }
 557      else
 558      {
 559          header("Location: index.php");
 560          exit;
 561      }
 562  }
 563  
 564  $send_errors = '';
 565  
 566  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 567  {
 568      if($mybb->usergroup['cansendpms'] == 0)
 569      {
 570          error_no_permission();
 571      }
 572  
 573      // Verify incoming POST request
 574      verify_post_check($mybb->get_input('my_post_key'));
 575  
 576      $plugins->run_hooks("private_send_do_send");
 577  
 578      // Attempt to see if this PM is a duplicate or not
 579      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 580      $to = array_unique($to); // Filter out any duplicates
 581      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 582      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 583      $query = $db->query("
 584          SELECT pm.pmid
 585          FROM ".TABLE_PREFIX."privatemessages pm
 586          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 587          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 588          LIMIT 0, 1
 589      ");
 590      $duplicate_check = $db->fetch_field($query, "pmid");
 591      if($duplicate_check)
 592      {
 593          error($lang->error_pm_already_submitted);
 594      }
 595  
 596      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 597      $pmhandler = new PMDataHandler();
 598  
 599      $pm = array(
 600          "subject" => $mybb->get_input('subject'),
 601          "message" => $mybb->get_input('message'),
 602          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 603          "fromid" => $mybb->user['uid'],
 604          "do" => $mybb->get_input('do'),
 605          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 606          "ipaddress" => $session->packedip
 607      );
 608  
 609      // Split up any recipients we have
 610      $pm['to'] = $to;
 611      if(!empty($mybb->input['bcc']))
 612      {
 613          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 614          $pm['bcc'] = array_map("trim", $pm['bcc']);
 615      }
 616  
 617      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 618  
 619      if(!$mybb->usergroup['cantrackpms'])
 620      {
 621          $mybb->input['options']['readreceipt'] = false;
 622      }
 623  
 624      $pm['options'] = array();
 625      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 626      {
 627          $pm['options']['signature'] = 1;
 628      }
 629      else
 630      {
 631          $pm['options']['signature'] = 0;
 632      }
 633      if(isset($mybb->input['options']['disablesmilies']))
 634      {
 635          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 636      }
 637      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 638      {
 639          $pm['options']['savecopy'] = 1;
 640      }
 641      else
 642      {
 643          $pm['options']['savecopy'] = 0;
 644      }
 645      if(isset($mybb->input['options']['readreceipt']))
 646      {
 647          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 648      }
 649  
 650      if(!empty($mybb->input['saveasdraft']))
 651      {
 652          $pm['saveasdraft'] = 1;
 653      }
 654      $pmhandler->set_data($pm);
 655  
 656      // Now let the pm handler do all the hard work.
 657      if(!$pmhandler->validate_pm())
 658      {
 659          $pm_errors = $pmhandler->get_friendly_errors();
 660          $send_errors = inline_error($pm_errors);
 661          $mybb->input['action'] = "send";
 662      }
 663      else
 664      {
 665          $pminfo = $pmhandler->insert_pm();
 666          $plugins->run_hooks("private_do_send_end");
 667  
 668          if(isset($pminfo['draftsaved']))
 669          {
 670              redirect("private.php", $lang->redirect_pmsaved);
 671          }
 672          else
 673          {
 674              redirect("private.php", $lang->redirect_pmsent);
 675          }
 676      }
 677  }
 678  
 679  if($mybb->input['action'] == "send")
 680  {
 681      if($mybb->usergroup['cansendpms'] == 0)
 682      {
 683          error_no_permission();
 684      }
 685  
 686      $plugins->run_hooks("private_send_start");
 687  
 688      $smilieinserter = $codebuttons = '';
 689  
 690      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 691      {
 692          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 693          if($mybb->settings['pmsallowsmilies'] != 0)
 694          {
 695              $smilieinserter = build_clickable_smilies();
 696          }
 697      }
 698  
 699      $lang->post_icon = $lang->message_icon;
 700  
 701      $posticons = get_post_icons();
 702      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 703      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 704  
 705      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 706      $to = $bcc = '';
 707  
 708      if(!empty($mybb->input['preview']) || $send_errors)
 709      {
 710          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 711          if(isset($options['signature']) && $options['signature'] == 1)
 712          {
 713              $optionschecked['signature'] = 'checked="checked"';
 714          }
 715          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 716          {
 717              $optionschecked['disablesmilies'] = 'checked="checked"';
 718          }
 719          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 720          {
 721              $optionschecked['savecopy'] = 'checked="checked"';
 722          }
 723          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 724          {
 725              $optionschecked['readreceipt'] = 'checked="checked"';
 726          }
 727          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 728          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 729      }
 730  
 731      $preview = '';
 732      // Preview
 733      if(!empty($mybb->input['preview']))
 734      {
 735          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 736          $query = $db->query("
 737              SELECT u.username AS userusername, u.*, f.*
 738              FROM ".TABLE_PREFIX."users u
 739              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 740              WHERE u.uid='".$mybb->user['uid']."'
 741          ");
 742  
 743          $post = $db->fetch_array($query);
 744  
 745          $post['userusername'] = $mybb->user['username'];
 746          $post['postusername'] = $mybb->user['username'];
 747          $post['message'] = $mybb->get_input('message');
 748          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 749          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 750          if(!isset($options['disablesmilies']))
 751          {
 752              $options['disablesmilies'] = 0;
 753          }
 754          $post['smilieoff'] = $options['disablesmilies'];
 755          $post['dateline'] = TIME_NOW;
 756  
 757          if(!isset($options['signature']))
 758          {
 759              $post['includesig'] = 0;
 760          }
 761          else
 762          {
 763              $post['includesig'] = 1;
 764          }
 765  
 766          // Merge usergroup data from the cache
 767          $data_key = array(
 768              'title' => 'grouptitle',
 769              'usertitle' => 'groupusertitle',
 770              'stars' => 'groupstars',
 771              'starimage' => 'groupstarimage',
 772              'image' => 'groupimage',
 773              'namestyle' => 'namestyle',
 774              'usereputationsystem' => 'usereputationsystem'
 775          );
 776  
 777          foreach($data_key as $field => $key)
 778          {
 779              $post[$key] = $groupscache[$post['usergroup']][$field];
 780          }
 781  
 782          $postbit = build_postbit($post, 2);
 783          eval("\$preview = \"".$templates->get("previewpost")."\";");
 784      }
 785      else if(!$send_errors)
 786      {
 787          // New PM, so load default settings
 788          if($mybb->user['signature'] != '')
 789          {
 790              $optionschecked['signature'] = 'checked="checked"';
 791          }
 792          if($mybb->usergroup['cantrackpms'] == 1)
 793          {
 794              $optionschecked['readreceipt'] = 'checked="checked"';
 795          }
 796          $optionschecked['savecopy'] = 'checked="checked"';
 797      }
 798  
 799      // Draft, reply, forward
 800      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 801      {
 802          $query = $db->query("
 803              SELECT pm.*, u.username AS quotename
 804              FROM ".TABLE_PREFIX."privatemessages pm
 805              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 806              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 807          ");
 808  
 809          $pm = $db->fetch_array($query);
 810          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 811          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 812  
 813          if($pm['folder'] == "3")
 814          {
 815              // message saved in drafts
 816              $mybb->input['uid'] = $pm['toid'];
 817  
 818              if($pm['includesig'] == 1)
 819              {
 820                  $optionschecked['signature'] = 'checked="checked"';
 821              }
 822              if($pm['smilieoff'] == 1)
 823              {
 824                  $optionschecked['disablesmilies'] = 'checked="checked"';
 825              }
 826              if($pm['receipt'])
 827              {
 828                  $optionschecked['readreceipt'] = 'checked="checked"';
 829              }
 830  
 831              // Get list of recipients
 832              $recipients = my_unserialize($pm['recipients']);
 833              $comma = $recipientids = '';
 834              if(isset($recipients['to']) && is_array($recipients['to']))
 835              {
 836                  foreach($recipients['to'] as $recipient)
 837                  {
 838                      $recipient_list['to'][] = $recipient;
 839                      $recipientids .= $comma.$recipient;
 840                      $comma = ',';
 841                  }
 842              }
 843  
 844              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 845              {
 846                  foreach($recipients['bcc'] as $recipient)
 847                  {
 848                      $recipient_list['bcc'][] = $recipient;
 849                      $recipientids .= $comma.$recipient;
 850                      $comma = ',';
 851                  }
 852              }
 853  
 854              if(!empty($recipientids))
 855              {
 856                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 857                  while($user = $db->fetch_array($query))
 858                  {
 859                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 860                      {
 861                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 862                      }
 863                      else
 864                      {
 865                          $to .= htmlspecialchars_uni($user['username']).', ';
 866                      }
 867                  }
 868              }
 869          }
 870          else
 871          {
 872              // forward/reply
 873              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 874              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 875              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 876  
 877              require_once  MYBB_ROOT."inc/functions_posting.php";
 878  
 879              if($mybb->settings['maxpmquotedepth'] != '0')
 880              {
 881                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 882              }
 883  
 884              if($mybb->input['do'] == 'forward')
 885              {
 886                  $subject = "Fw: $subject";
 887              }
 888              elseif($mybb->input['do'] == 'reply')
 889              {
 890                  $subject = "Re: $subject";
 891                  $uid = $pm['fromid'];
 892                  if($mybb->user['uid'] == $uid)
 893                  {
 894                      $to = $mybb->user['username'];
 895                  }
 896                  else
 897                  {
 898                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 899                      $to = $db->fetch_field($query, 'username');
 900                  }
 901                  $to = htmlspecialchars_uni($to);
 902              }
 903              else if($mybb->input['do'] == 'replyall')
 904              {
 905                  $subject = "Re: $subject";
 906  
 907                  // Get list of recipients
 908                  $recipients = my_unserialize($pm['recipients']);
 909                  $recipientids = $pm['fromid'];
 910                  if(isset($recipients['to']) && is_array($recipients['to']))
 911                  {
 912                      foreach($recipients['to'] as $recipient)
 913                      {
 914                          if($recipient == $mybb->user['uid'])
 915                          {
 916                              continue;
 917                          }
 918                          $recipientids .= ','.$recipient;
 919                      }
 920                  }
 921                  $comma = '';
 922                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 923                  while($user = $db->fetch_array($query))
 924                  {
 925                      $to .= $comma.htmlspecialchars_uni($user['username']);
 926                      $comma = $lang->comma;
 927                  }
 928              }
 929          }
 930      }
 931  
 932      // New PM with recipient preset
 933      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 934      {
 935          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 936          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 937      }
 938  
 939      $max_recipients = '';
 940      if($mybb->usergroup['maxpmrecipients'] > 0)
 941      {
 942          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 943      }
 944  
 945      if($send_errors)
 946      {
 947          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 948          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 949      }
 950  
 951      // Load the auto complete javascript if it is enabled.
 952      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 953  
 954      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 955      $do = $mybb->get_input('do');
 956      if($do != "forward" && $do != "reply" && $do != "replyall")
 957      {
 958          $do = '';
 959      }
 960  
 961      $buddy_select_to = $buddy_select_bcc = '';
 962      // See if it's actually worth showing the buddylist icon.
 963      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 964      {
 965          $buddy_select = 'to';
 966          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 967          $buddy_select = 'bcc';
 968          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 969      }
 970  
 971      // Hide tracking option if no permission
 972      $private_send_tracking = '';
 973      if($mybb->usergroup['cantrackpms'])
 974      {
 975          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 976      }
 977  
 978      $plugins->run_hooks("private_send_end");
 979  
 980      eval("\$send = \"".$templates->get("private_send")."\";");
 981      output_page($send);
 982  }
 983  
 984  if($mybb->input['action'] == "read")
 985  {
 986      $plugins->run_hooks("private_read");
 987  
 988      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 989  
 990      $query = $db->query("
 991          SELECT pm.*, u.*, f.*
 992          FROM ".TABLE_PREFIX."privatemessages pm
 993          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 994          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 995          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 996      ");
 997      $pm = $db->fetch_array($query);
 998  
 999      if(!$pm)
1000      {
1001          error($lang->error_invalidpm);
1002      }
1003  
1004      if($pm['folder'] == 3)
1005      {
1006          header("Location: private.php?action=send&pmid={$pm['pmid']}");
1007          exit;
1008      }
1009  
1010      // If we've gotten a PM, attach the group info
1011      $data_key = array(
1012          'title' => 'grouptitle',
1013          'usertitle' => 'groupusertitle',
1014          'stars' => 'groupstars',
1015          'starimage' => 'groupstarimage',
1016          'image' => 'groupimage',
1017          'namestyle' => 'namestyle'
1018      );
1019  
1020      foreach($data_key as $field => $key)
1021      {
1022          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1023      }
1024  
1025      if($pm['receipt'] == 1)
1026      {
1027          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1028          {
1029              $receiptadd = 0;
1030          }
1031          else
1032          {
1033              $receiptadd = 2;
1034          }
1035      }
1036  
1037      $action_time = '';
1038      if($pm['status'] == 0)
1039      {
1040          $time = TIME_NOW;
1041          $updatearray = array(
1042              'status' => 1,
1043              'readtime' => $time
1044          );
1045  
1046          if(isset($receiptadd))
1047          {
1048              $updatearray['receipt'] = $receiptadd;
1049          }
1050  
1051          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1052  
1053          // Update the unread count - it has now changed.
1054          update_pm_count($mybb->user['uid'], 6);
1055  
1056          // Update PM notice value if this is our last unread PM
1057          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1058          {
1059              $updated_user = array(
1060                  "pmnotice" => 1
1061              );
1062              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1063          }
1064      }
1065      // Replied PM?
1066      else if($pm['status'] == 3 && $pm['statustime'])
1067      {
1068          $reply_string = $lang->you_replied_on;
1069          $reply_date = my_date('relative', $pm['statustime']);
1070  
1071          if((TIME_NOW - $pm['statustime']) < 3600)
1072          {
1073              // Relative string for the first hour
1074              $reply_string = $lang->you_replied;
1075          }
1076  
1077          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1078          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1079      }
1080      else if($pm['status'] == 4 && $pm['statustime'])
1081      {
1082          $forward_string = $lang->you_forwarded_on;
1083          $forward_date = my_date('relative', $pm['statustime']);
1084  
1085          if((TIME_NOW - $pm['statustime']) < 3600)
1086          {
1087              $forward_string = $lang->you_forwarded;
1088          }
1089  
1090          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1091          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1092      }
1093  
1094      $pm['userusername'] = $pm['username'];
1095      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1096  
1097      if($pm['fromid'] == 0)
1098      {
1099          $pm['username'] = $lang->mybb_engine;
1100      }
1101  
1102      if(!$pm['username'])
1103      {
1104          $pm['username'] = $lang->na;
1105      }
1106  
1107      // Fetch the recipients for this message
1108      $pm['recipients'] = my_unserialize($pm['recipients']);
1109  
1110      if(is_array($pm['recipients']['to']))
1111      {
1112          $uid_sql = implode(',', $pm['recipients']['to']);
1113      }
1114      else
1115      {
1116          $uid_sql = $pm['toid'];
1117          $pm['recipients']['to'] = array($pm['toid']);
1118      }
1119  
1120      $show_bcc = 0;
1121  
1122      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1123      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1124      {
1125          $show_bcc = 1;
1126          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1127      }
1128  
1129      // Fetch recipient names from the database
1130      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1131      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1132      while($recipient = $db->fetch_array($query))
1133      {
1134          // User is a BCC recipient
1135          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1136          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1137          {
1138              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1139              $bcc_form_val[] = $recipient['username'];
1140          }
1141          // User is a normal recipient
1142          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1143          {
1144              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1145          }
1146      }
1147  
1148      $bcc = '';
1149      if(count($bcc_recipients) > 0)
1150      {
1151          $bcc_recipients = implode(', ', $bcc_recipients);
1152          $bcc_form_val = implode(',', $bcc_form_val);
1153          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1154      }
1155      else
1156      {
1157          $bcc_form_val = '';
1158      }
1159  
1160      $replyall = false;
1161      if(count($to_recipients) > 1)
1162      {
1163          $replyall = true;
1164      }
1165  
1166      if(count($to_recipients) > 0)
1167      {
1168          $to_recipients = implode($lang->comma, $to_recipients);
1169      }
1170      else
1171      {
1172          $to_recipients = $lang->nobody;
1173      }
1174  
1175      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1176  
1177      add_breadcrumb($pm['subject']);
1178      $message = build_postbit($pm, 2);
1179  
1180      // Decide whether or not to show quick reply.
1181      $quickreply = '';
1182      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1183      {
1184          $trow = alt_trow();
1185  
1186          $optionschecked = array('savecopy' => 'checked="checked"');
1187          if(!empty($mybb->user['signature']))
1188          {
1189              $optionschecked['signature'] = 'checked="checked"';
1190          }
1191          if($mybb->usergroup['cantrackpms'] == 1)
1192          {
1193              $optionschecked['readreceipt'] = 'checked="checked"';
1194          }
1195  
1196          require_once  MYBB_ROOT.'inc/functions_posting.php';
1197  
1198          $quoted_message = array(
1199              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1200              'username' => $pm['username'],
1201              'quote_is_pm' => true
1202          );
1203          $quoted_message = parse_quoted_message($quoted_message);
1204  
1205          if($mybb->settings['maxpmquotedepth'] != '0')
1206          {
1207              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1208          }
1209  
1210          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1211  
1212          if($mybb->user['uid'] == $pm['fromid'])
1213          {
1214              $to = htmlspecialchars_uni($mybb->user['username']);
1215          }
1216          else
1217          {
1218              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1219              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1220          }
1221  
1222          $private_send_tracking = '';
1223          if($mybb->usergroup['cantrackpms'])
1224          {
1225              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1226  
1227              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1228          }
1229          
1230          $expaltext = (in_array("quickreply", $collapse)) ? "[+]" : "[-]";
1231          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1232      }
1233  
1234      $plugins->run_hooks("private_read_end");
1235  
1236      eval("\$read = \"".$templates->get("private_read")."\";");
1237      output_page($read);
1238  }
1239  
1240  if($mybb->input['action'] == "tracking")
1241  {
1242      if(!$mybb->usergroup['cantrackpms'])
1243      {
1244          error_no_permission();
1245      }
1246  
1247      $plugins->run_hooks("private_tracking_start");
1248      $readmessages = '';
1249      $unreadmessages = '';
1250  
1251      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1252      {
1253          $mybb->settings['postsperpage'] = 20;
1254      }
1255  
1256      // Figure out if we need to display multiple pages.
1257      $perpage = $mybb->settings['postsperpage'];
1258  
1259      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1260      $postcount = $db->fetch_field($query, "readpms");
1261  
1262      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1263      $pages = $postcount / $perpage;
1264      $pages = ceil($pages);
1265  
1266      if($mybb->get_input('read_page') == "last")
1267      {
1268          $page = $pages;
1269      }
1270  
1271      if($page > $pages || $page <= 0)
1272      {
1273          $page = 1;
1274      }
1275  
1276      if($page)
1277      {
1278          $start = ($page-1) * $perpage;
1279      }
1280      else
1281      {
1282          $start = 0;
1283          $page = 1;
1284      }
1285  
1286      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1287  
1288      $query = $db->query("
1289          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1290          FROM ".TABLE_PREFIX."privatemessages pm
1291          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1292          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1293          ORDER BY pm.readtime DESC
1294          LIMIT {$start}, {$perpage}
1295      ");
1296      while($readmessage = $db->fetch_array($query))
1297      {
1298          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1299          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1300          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1301          $readdate = my_date('relative', $readmessage['readtime']);
1302          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1303      }
1304  
1305      $stoptrackingread = '';
1306      if(!empty($readmessages))
1307      {
1308          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1309      }
1310  
1311      if(!$readmessages)
1312      {
1313          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1314      }
1315  
1316      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1317      $postcount = $db->fetch_field($query, "unreadpms");
1318  
1319      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1320      $pages = $postcount / $perpage;
1321      $pages = ceil($pages);
1322  
1323      if($mybb->get_input('unread_page') == "last")
1324      {
1325          $page = $pages;
1326      }
1327  
1328      if($page > $pages || $page <= 0)
1329      {
1330          $page = 1;
1331      }
1332  
1333      if($page)
1334      {
1335          $start = ($page-1) * $perpage;
1336      }
1337      else
1338      {
1339          $start = 0;
1340          $page = 1;
1341      }
1342  
1343      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1344  
1345      $query = $db->query("
1346          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1347          FROM ".TABLE_PREFIX."privatemessages pm
1348          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1349          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1350          ORDER BY pm.dateline DESC
1351          LIMIT {$start}, {$perpage}
1352      ");
1353      while($unreadmessage = $db->fetch_array($query))
1354      {
1355          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1356          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1357          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1358          $senddate = my_date('relative', $unreadmessage['dateline']);
1359          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1360      }
1361  
1362      $stoptrackingunread = '';
1363      if(!empty($unreadmessages))
1364      {
1365          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1366      }
1367  
1368      if(!$unreadmessages)
1369      {
1370          $lang->no_readmessages = $lang->no_unreadmessages;
1371          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1372      }
1373  
1374      $plugins->run_hooks("private_tracking_end");
1375  
1376      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1377      output_page($tracking);
1378  }
1379  
1380  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1381  {
1382      // Verify incoming POST request
1383      verify_post_check($mybb->get_input('my_post_key'));
1384  
1385      $plugins->run_hooks("private_do_tracking_start");
1386  
1387      if(!empty($mybb->input['stoptracking']))
1388      {
1389          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1390          if(!empty($mybb->input['readcheck']))
1391          {
1392              foreach($mybb->input['readcheck'] as $key => $val)
1393              {
1394                  $sql_array = array(
1395                      "receipt" => 0
1396                  );
1397                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1398              }
1399          }
1400          $plugins->run_hooks("private_do_tracking_end");
1401          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1402      }
1403      elseif(!empty($mybb->input['stoptrackingunread']))
1404      {
1405          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1406          if(!empty($mybb->input['unreadcheck']))
1407          {
1408              foreach($mybb->input['unreadcheck'] as $key => $val)
1409              {
1410                  $sql_array = array(
1411                      "receipt" => 0
1412                  );
1413                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1414              }
1415          }
1416          $plugins->run_hooks("private_do_tracking_end");
1417          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1418      }
1419      elseif(!empty($mybb->input['cancel']))
1420      {
1421          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1422          if(!empty($mybb->input['unreadcheck']))
1423          {
1424              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1425              {
1426                  $pmids[$pmid] = (int)$pmid;
1427              }
1428  
1429              $pmids = implode(",", $pmids);
1430              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1431              while($pm = $db->fetch_array($query))
1432              {
1433                  $pmuids[$pm['uid']] = $pm['uid'];
1434              }
1435  
1436              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1437              foreach($pmuids as $uid)
1438              {
1439                  // Message is canceled, update PM count for this user
1440                  update_pm_count($uid);
1441              }
1442          }
1443          $plugins->run_hooks("private_do_tracking_end");
1444          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1445      }
1446  }
1447  
1448  if($mybb->input['action'] == "stopalltracking")
1449  {
1450      // Verify incoming POST request
1451      verify_post_check($mybb->get_input('my_post_key'));
1452  
1453      $plugins->run_hooks("private_stopalltracking_start");
1454  
1455      $sql_array = array(
1456          "receipt" => 0
1457      );
1458      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1459  
1460      $plugins->run_hooks("private_stopalltracking_end");
1461      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1462  }
1463  
1464  if($mybb->input['action'] == "folders")
1465  {
1466      $plugins->run_hooks("private_folders_start");
1467  
1468      $folderlist = '';
1469      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1470      foreach($foldersexploded as $key => $folders)
1471      {
1472          $folderinfo = explode("**", $folders, 2);
1473          $foldername = $folderinfo[1];
1474          $fid = $folderinfo[0];
1475          $foldername = get_pm_folder_name($fid, $foldername);
1476  
1477          if((int)$folderinfo[0] < 5)
1478          {
1479              $foldername2 = get_pm_folder_name($fid);
1480              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1481              unset($name);
1482          }
1483          else
1484          {
1485              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1486          }
1487      }
1488  
1489      $newfolders = '';
1490      for($i = 1; $i <= 5; ++$i)
1491      {
1492          $fid = "new$i";
1493          $foldername = '';
1494          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1495      }
1496  
1497      $plugins->run_hooks("private_folders_end");
1498  
1499      eval("\$folders = \"".$templates->get("private_folders")."\";");
1500      output_page($folders);
1501  }
1502  
1503  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1504  {
1505      // Verify incoming POST request
1506      verify_post_check($mybb->get_input('my_post_key'));
1507  
1508      $plugins->run_hooks("private_do_folders_start");
1509  
1510      $highestid = 2;
1511      $folders = '';
1512      $donefolders = array();
1513      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1514      foreach($mybb->input['folder'] as $key => $val)
1515      {
1516          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1517          {
1518              if(my_substr($key, 0, 3) == "new") // Create a new folder
1519              {
1520                  ++$highestid;
1521                  $fid = (int)$highestid;
1522              }
1523              else // Editing an existing folder
1524              {
1525                  if($key > $highestid)
1526                  {
1527                      $highestid = $key;
1528                  }
1529  
1530                  $fid = (int)$key;
1531                  // Use default language strings if empty or value is language string
1532                  if($val == get_pm_folder_name($fid) || trim($val) == '')
1533                  {
1534                      $val = '';
1535                  }
1536              }
1537  
1538              if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4))
1539              {
1540                  // If the name only contains whitespace and it's not a default folder, print an error
1541                  error($lang->error_emptypmfoldername);
1542              }
1543  
1544              if($val != '' || (is_numeric($key) && $key <= 4))
1545              {
1546                  // If there is a name or if this is a default folder, save it
1547                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1548  
1549                  if(my_strpos($foldername, "$%%$") === false)
1550                  {
1551                      if($folders != '')
1552                      {
1553                          $folders .= "$%%$";
1554                      }
1555                      $folders .= "$fid**$foldername";
1556                  }
1557                  else
1558                  {
1559                      error($lang->error_invalidpmfoldername);
1560                  }
1561              }
1562              else
1563              {
1564                  // Delete PMs from the folder
1565                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1566              }
1567          }
1568      }
1569  
1570      $sql_array = array(
1571          "pmfolders" => $folders
1572      );
1573      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1574  
1575      // Update PM count
1576      update_pm_count();
1577  
1578      $plugins->run_hooks("private_do_folders_end");
1579  
1580      redirect("private.php", $lang->redirect_pmfoldersupdated);
1581  }
1582  
1583  if($mybb->input['action'] == "empty")
1584  {
1585      if($mybb->user['totalpms'] == 0)
1586      {
1587          error($lang->error_nopms);
1588      }
1589  
1590      $plugins->run_hooks("private_empty_start");
1591  
1592      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1593      $folderlist = '';
1594      foreach($foldersexploded as $key => $folders)
1595      {
1596          $folderinfo = explode("**", $folders, 2);
1597          $fid = $folderinfo[0];
1598          $foldername = get_pm_folder_name($fid, $folderinfo[1]);
1599          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid' AND uid='".$mybb->user['uid']."'");
1600          $thing = $db->fetch_array($query);
1601          $foldercount = my_number_format($thing['pmsinfolder']);
1602          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1603      }
1604  
1605      $plugins->run_hooks("private_empty_end");
1606  
1607      eval("\$folders = \"".$templates->get("private_empty")."\";");
1608      output_page($folders);
1609  }
1610  
1611  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1612  {
1613      // Verify incoming POST request
1614      verify_post_check($mybb->get_input('my_post_key'));
1615  
1616      $plugins->run_hooks("private_do_empty_start");
1617  
1618      $emptyq = '';
1619      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1620      $keepunreadq = '';
1621      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1622      {
1623          $keepunreadq = " AND status!='0'";
1624      }
1625      if(!empty($mybb->input['empty']))
1626      {
1627          foreach($mybb->input['empty'] as $key => $val)
1628          {
1629              if($val == 1)
1630              {
1631                  $key = (int)$key;
1632                  if($emptyq)
1633                  {
1634                      $emptyq .= " OR ";
1635                  }
1636                  $emptyq .= "folder='$key'";
1637              }
1638          }
1639  
1640          if($emptyq != '')
1641          {
1642              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1643          }
1644      }
1645  
1646      // Update PM count
1647      update_pm_count();
1648  
1649      $plugins->run_hooks("private_do_empty_end");
1650      redirect("private.php", $lang->redirect_pmfoldersemptied);
1651  }
1652  
1653  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1654  {
1655      // Verify incoming POST request
1656      verify_post_check($mybb->get_input('my_post_key'));
1657  
1658      $plugins->run_hooks("private_do_stuff");
1659  
1660      if(!empty($mybb->input['hop']))
1661      {
1662          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1663      }
1664      elseif(!empty($mybb->input['moveto']))
1665      {
1666          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1667          if(!empty($mybb->input['check']))
1668          {
1669              foreach($mybb->input['check'] as $key => $val)
1670              {
1671                  $sql_array = array(
1672                      "folder" => $mybb->input['fid']
1673                  );
1674                  $db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
1675              }
1676          }
1677          // Update PM count
1678          update_pm_count();
1679  
1680          if(!empty($mybb->input['fromfid']))
1681          {
1682              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1683          }
1684          else
1685          {
1686              redirect("private.php", $lang->redirect_pmsmoved);
1687          }
1688      }
1689      elseif(!empty($mybb->input['delete']))
1690      {
1691          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1692          if(!empty($mybb->input['check']))
1693          {
1694              $pmssql = '';
1695              foreach($mybb->input['check'] as $key => $val)
1696              {
1697                  if($pmssql)
1698                  {
1699                      $pmssql .= ",";
1700                  }
1701                  $pmssql .= "'".(int)$key."'";
1702              }
1703  
1704              $deletepms = array();
1705              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1706              while($delpm = $db->fetch_array($query))
1707              {
1708                  $deletepms[$delpm['pmid']] = 1;
1709              }
1710  
1711              foreach($mybb->input['check'] as $key => $val)
1712              {
1713                  $key = (int)$key;
1714                  if(!empty($deletepms[$key]))
1715                  {
1716                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1717                  }
1718                  else
1719                  {
1720                      $sql_array = array(
1721                          "folder" => 4,
1722                          "deletetime" => TIME_NOW
1723                      );
1724                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1725                  }
1726              }
1727          }
1728          // Update PM count
1729          update_pm_count();
1730  
1731          if(!empty($mybb->input['fromfid']))
1732          {
1733              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1734          }
1735          else
1736          {
1737              redirect("private.php", $lang->redirect_pmsdeleted);
1738          }
1739      }
1740  }
1741  
1742  if($mybb->input['action'] == "delete")
1743  {
1744      // Verify incoming POST request
1745      verify_post_check($mybb->get_input('my_post_key'));
1746  
1747      $plugins->run_hooks("private_delete_start");
1748  
1749      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1750      if($db->num_rows($query) == 1)
1751      {
1752          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1753      }
1754      else
1755      {
1756          $sql_array = array(
1757              "folder" => 4,
1758              "deletetime" => TIME_NOW
1759          );
1760          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1761      }
1762  
1763      // Update PM count
1764      update_pm_count();
1765  
1766      $plugins->run_hooks("private_delete_end");
1767      redirect("private.php", $lang->redirect_pmsdeleted);
1768  }
1769  
1770  if($mybb->input['action'] == "export")
1771  {
1772      if($mybb->user['totalpms'] == 0)
1773      {
1774          error($lang->error_nopms);
1775      }
1776  
1777      $plugins->run_hooks("private_export_start");
1778  
1779      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1780      $folder_name = $folder_id = '';
1781      foreach($foldersexploded as $key => $folders)
1782      {
1783          $folderinfo = explode("**", $folders, 2);
1784          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1785  
1786          $folder_id = $folderinfo[0];
1787          $folder_name = $folderinfo[1];
1788  
1789          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1790      }
1791  
1792      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1793  
1794      $plugins->run_hooks("private_export_end");
1795  
1796      eval("\$archive = \"".$templates->get("private_archive")."\";");
1797  
1798      output_page($archive);
1799  }
1800  
1801  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1802  {
1803      // Verify incoming POST request
1804      verify_post_check($mybb->get_input('my_post_key'));
1805  
1806      $plugins->run_hooks("private_do_export_start");
1807  
1808      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1809      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1810      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1811      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1812      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1813      foreach($foldersexploded as $key => $folders)
1814      {
1815          $folderinfo = explode("**", $folders, 2);
1816          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1817          $foldersexploded[$key] = implode("**", $folderinfo);
1818      }
1819  
1820      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1821      {
1822          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1823      }
1824      else
1825      {
1826          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1827          {
1828              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1829              $wsql = "pm.dateline";
1830              if($mybb->get_input('dayway') == "older")
1831              {
1832                  $wsql .= "<=";
1833              }
1834              else
1835              {
1836                  $wsql .= ">=";
1837              }
1838              $wsql .= "'$datecut'";
1839          }
1840          else
1841          {
1842              $wsql = "1=1";
1843          }
1844  
1845          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1846          if(!empty($mybb->input['exportfolders']))
1847          {
1848              $folderlst = '';
1849              foreach($mybb->input['exportfolders'] as $key => $val)
1850              {
1851                  $val = $db->escape_string($val);
1852                  if($val == "all")
1853                  {
1854                      $folderlst = '';
1855                      break;
1856                  }
1857                  else
1858                  {
1859                      if(!$folderlst)
1860                      {
1861                          $folderlst = " AND pm.folder IN ('$val'";
1862                      }
1863                      else
1864                      {
1865                          $folderlst .= ",'$val'";
1866                      }
1867                  }
1868              }
1869              if($folderlst)
1870              {
1871                  $folderlst .= ")";
1872              }
1873              $wsql .= "$folderlst";
1874          }
1875          else
1876          {
1877              error($lang->error_pmnoarchivefolders);
1878          }
1879  
1880          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1881          {
1882              $wsql .= " AND pm.status!='0'";
1883          }
1884      }
1885      $query = $db->query("
1886          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1887          FROM ".TABLE_PREFIX."privatemessages pm
1888          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1889          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1890          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1891          ORDER BY pm.folder ASC, pm.dateline DESC
1892      ");
1893      $numpms = $db->num_rows($query);
1894      if(!$numpms)
1895      {
1896          error($lang->error_nopmsarchive);
1897      }
1898  
1899      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1900  
1901      $pmsdownload = $ids = '';
1902      while($message = $db->fetch_array($query))
1903      {
1904          if($message['folder'] == 2 || $message['folder'] == 3)
1905          { // Sent Items or Drafts Folder Check
1906              if($message['toid'])
1907              {
1908                  $tofromuid = $message['toid'];
1909                  if($mybb->input['exporttype'] == "txt")
1910                  {
1911                      $tofromusername = $message['tousername'];
1912                  }
1913                  else
1914                  {
1915                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1916                  }
1917              }
1918              else
1919              {
1920                  $tofromusername = $lang->not_sent;
1921              }
1922              $tofrom = $lang->to;
1923          }
1924          else
1925          {
1926              $tofromuid = $message['fromid'];
1927              if($mybb->input['exporttype'] == "txt")
1928              {
1929                  $tofromusername = $message['fromusername'];
1930              }
1931              else
1932              {
1933                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1934              }
1935  
1936              if($tofromuid == 0)
1937              {
1938                  $tofromusername = $lang->mybb_engine;
1939              }
1940              $tofrom = $lang->from;
1941          }
1942  
1943          if($tofromuid == 0)
1944          {
1945              $message['fromusername'] = $lang->mybb_engine;
1946          }
1947  
1948          if(!$message['toid'] && $message['folder'] == 3)
1949          {
1950              $message['tousername'] = $lang->not_sent;
1951          }
1952  
1953          $message['subject'] = $parser->parse_badwords($message['subject']);
1954          if($message['folder'] != "3")
1955          {
1956              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1957              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1958              $senddate .= " $lang->at $sendtime";
1959          }
1960          else
1961          {
1962              $senddate = $lang->not_sent;
1963          }
1964  
1965          if($mybb->input['exporttype'] == "html")
1966          {
1967              $parser_options = array(
1968                  "allow_html" => $mybb->settings['pmsallowhtml'],
1969                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1970                  "allow_smilies" => 0,
1971                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1972                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1973                  "me_username" => $mybb->user['username'],
1974                  "filter_badwords" => 1
1975              );
1976  
1977              $message['message'] = $parser->parse_message($message['message'], $parser_options);
1978              $message['subject'] = htmlspecialchars_uni($message['subject']);
1979          }
1980  
1981          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
1982          {
1983              $message['message'] = str_replace("\r\n", "\n", $message['message']);
1984              $message['message'] = str_replace("\n", "\r\n", $message['message']);
1985          }
1986  
1987          if($mybb->input['exporttype'] == "csv")
1988          {
1989              $message['message'] = my_escape_csv($message['message']);
1990              $message['subject'] = my_escape_csv($message['subject']);
1991              $message['tousername'] = my_escape_csv($message['tousername']);
1992              $message['fromusername'] = my_escape_csv($message['fromusername']);
1993          }
1994  
1995          if(empty($donefolder[$message['folder']]))
1996          {
1997              reset($foldersexploded);
1998              foreach($foldersexploded as $key => $val)
1999              {
2000                  $folderinfo = explode("**", $val, 2);
2001                  if($folderinfo[0] == $message['folder'])
2002                  {
2003                      $foldername = $folderinfo[1];
2004                      if($mybb->input['exporttype'] != "csv")
2005                      {
2006                          if($mybb->input['exporttype'] != "html")
2007                          {
2008                              $mybb->input['exporttype'] == "txt";
2009                          }
2010                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2011                      }
2012                      else
2013                      {
2014                          $foldername = my_escape_csv($folderinfo[1]);
2015                      }
2016                      $donefolder[$message['folder']] = 1;
2017                  }
2018              }
2019          }
2020  
2021          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2022          $ids .= ",'{$message['pmid']}'";
2023      }
2024  
2025      if($mybb->input['exporttype'] == "html")
2026      {
2027          // Gather global stylesheet for HTML
2028          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
2029          $css = $db->fetch_field($query, "stylesheet");
2030      }
2031  
2032      $plugins->run_hooks("private_do_export_end");
2033  
2034      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2035      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2036      { // delete the archived pms
2037          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2038          // Update PM count
2039          update_pm_count();
2040      }
2041  
2042      if($mybb->input['exporttype'] == "html")
2043      {
2044          $filename = "pm-archive.html";
2045          $contenttype = "text/html";
2046      }
2047      elseif($mybb->input['exporttype'] == "csv")
2048      {
2049          $filename = "pm-archive.csv";
2050          $contenttype = "application/octet-stream";
2051      }
2052      else
2053      {
2054          $filename = "pm-archive.txt";
2055          $contenttype = "text/plain";
2056      }
2057  
2058      $archived = str_replace("\\\'","'",$archived);
2059      header("Content-disposition: filename=$filename");
2060      header("Content-type: ".$contenttype);
2061  
2062      if($mybb->input['exporttype'] == "html")
2063      {
2064          output_page($archived);
2065      }
2066      else
2067      {
2068          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2069          echo $archived;
2070      }
2071  }
2072  
2073  if(!$mybb->input['action'])
2074  {
2075      $plugins->run_hooks("private_inbox");
2076  
2077      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2078      {
2079          $mybb->input['fid'] = 0;
2080      }
2081  
2082      $fid = (int)$mybb->input['fid'];
2083      $folder = !$fid ? 1 : $fid;
2084      $foldername = $foldernames[$fid];
2085  
2086      if($folder == 2 || $folder == 3)
2087      { // Sent Items Folder
2088          $sender = $lang->sentto;
2089      }
2090      else
2091      {
2092          $sender = $lang->sender;
2093      }
2094  
2095      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2096      $ordersel = array('asc' => '', 'desc');
2097      switch(my_strtolower($mybb->input['order']))
2098      {
2099          case "asc":
2100              $sortordernow = "asc";
2101              $ordersel['asc'] = "selected=\"selected\"";
2102              $oppsort = $lang->desc;
2103              $oppsortnext = "desc";
2104              break;
2105          default:
2106              $sortordernow = "desc";
2107              $ordersel['desc'] = "selected=\"selected\"";
2108              $oppsort = $lang->asc;
2109              $oppsortnext = "asc";
2110              break;
2111      }
2112  
2113      // Sort by which field?
2114      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2115      switch($mybb->get_input('sortby'))
2116      {
2117          case "subject":
2118              $sortfield = "subject";
2119              break;
2120          case "username":
2121              $sortfield = "username";
2122              break;
2123          default:
2124              $sortby = "dateline";
2125              $sortfield = "dateline";
2126              $mybb->input['sortby'] = "dateline";
2127              break;
2128      }
2129      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2130      $sortsel[$sortby] = "selected=\"selected\"";
2131  
2132      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2133  
2134      // Do Multi Pages
2135      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");
2136      $pmscount = $db->fetch_field($query, "total");
2137  
2138      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2139      {
2140          $mybb->settings['threadsperpage'] = 20;
2141      }
2142  
2143      $perpage = $mybb->settings['threadsperpage'];
2144      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2145  
2146      if($page > 0)
2147      {
2148          $start = ($page-1) *$perpage;
2149          $pages = ceil($pmscount / $perpage);
2150          if($page > $pages)
2151          {
2152              $start = 0;
2153              $page = 1;
2154          }
2155      }
2156      else
2157      {
2158          $start = 0;
2159          $page = 1;
2160      }
2161  
2162      $end = $start + $perpage;
2163      $lower = $start+1;
2164      $upper = $end;
2165  
2166      if($upper > $pmscount)
2167      {
2168          $upper = $pmscount;
2169      }
2170  
2171      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2172      {
2173          $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}";
2174      }
2175      else
2176      {
2177          $page_url = "private.php?fid={$fid}";
2178      }
2179  
2180      $multipage = multipage($pmscount, $perpage, $page, $page_url);
2181      $selective = $messagelist = '';
2182  
2183      $icon_cache = $cache->read("posticons");
2184  
2185      // Cache users in multiple recipients for sent & drafts folder
2186      if($folder == 2 || $folder == 3)
2187      {
2188          if($sortfield == "username")
2189          {
2190              $u = "u.";
2191          }
2192          else
2193          {
2194              $u = "pm.";
2195          }
2196  
2197          // Get all recipients into an array
2198          $cached_users = $get_users = array();
2199          $users_query = $db->query("
2200              SELECT pm.recipients
2201              FROM ".TABLE_PREFIX."privatemessages pm
2202              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2203              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2204              ORDER BY {$u}{$sortfield} {$sortordernow}
2205              LIMIT {$start}, {$perpage}
2206          ");
2207          while($row = $db->fetch_array($users_query))
2208          {
2209              $recipients = my_unserialize($row['recipients']);
2210              if(is_array($recipients['to']) && count($recipients['to']))
2211              {
2212                  $get_users = array_merge($get_users, $recipients['to']);
2213              }
2214  
2215              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2216              {
2217                  $get_users = array_merge($get_users, $recipients['bcc']);
2218              }
2219          }
2220  
2221          $get_users = implode(',', array_unique($get_users));
2222  
2223          // Grab info
2224          if($get_users)
2225          {
2226              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2227              while($user = $db->fetch_array($users_query))
2228              {
2229                  $cached_users[$user['uid']] = $user;
2230              }
2231          }
2232      }
2233  
2234      if($folder == 2 || $folder == 3)
2235      {
2236          if($sortfield == "username")
2237          {
2238              $pm = "tu.";
2239          }
2240          else
2241          {
2242              $pm = "pm.";
2243          }
2244      }
2245      else
2246      {
2247          if($fid == 1)
2248          {
2249              $selective = ' AND pm.status="0"';
2250          }
2251  
2252          if($sortfield == "username")
2253          {
2254              $pm = "fu.";
2255          }
2256          else
2257          {
2258              $pm = "pm.";
2259          }
2260      }
2261  
2262      $query = $db->query("
2263          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2264          FROM ".TABLE_PREFIX."privatemessages pm
2265          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2266          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2267          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective}
2268          ORDER BY {$pm}{$sortfield} {$sortordernow}
2269          LIMIT $start, $perpage
2270      ");
2271  
2272      if($db->num_rows($query) > 0)
2273      {
2274          while($message = $db->fetch_array($query))
2275          {
2276              $msgalt = $msgstatus = '';
2277  
2278              // Determine Folder Icon
2279              if($message['status'] == 0)
2280              {
2281                  $msgstatus = 'new_pm';
2282                  $msgalt = $lang->new_pm;
2283              }
2284              else if($message['status'] == 1)
2285              {
2286                  $msgstatus = 'old_pm';
2287                  $msgalt = $lang->old_pm;
2288              }
2289              else if($message['status'] == 3)
2290              {
2291                  $msgstatus = 're_pm';
2292                  $msgalt = $lang->reply_pm;
2293              }
2294              else if($message['status'] == 4)
2295              {
2296                  $msgstatus = 'fw_pm';
2297                  $msgalt = $lang->fwd_pm;
2298              }
2299  
2300              $tofromuid = 0;
2301              if($folder == 2 || $folder == 3)
2302              { // Sent Items or Drafts Folder Check
2303                  $recipients = my_unserialize($message['recipients']);
2304                  $to_users = $bcc_users = '';
2305                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2306                  {
2307                      foreach($recipients['to'] as $uid)
2308                      {
2309                          $profilelink = get_profile_link($uid);
2310                          $user = $cached_users[$uid];
2311                          $user['username'] = htmlspecialchars_uni($user['username']);
2312                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2313                          if(!$user['username'])
2314                          {
2315                              $username = $lang->na;
2316                          }
2317                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2318                      }
2319                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2320                      {
2321                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2322                          foreach($recipients['bcc'] as $uid)
2323                          {
2324                              $profilelink = get_profile_link($uid);
2325                              $user = $cached_users[$uid];
2326                              $user['username'] = htmlspecialchars_uni($user['username']);
2327                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2328                              if(!$user['username'])
2329                              {
2330                                  $username = $lang->na;
2331                              }
2332                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2333                          }
2334                      }
2335  
2336                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2337                  }
2338                  else if($message['toid'])
2339                  {
2340                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2341                      $tofromuid = $message['toid'];
2342                  }
2343                  else
2344                  {
2345                      $tofromusername = $lang->not_sent;
2346                  }
2347              }
2348              else
2349              {
2350                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2351                  $tofromuid = $message['fromid'];
2352                  if($tofromuid == 0)
2353                  {
2354                      $tofromusername = $lang->mybb_engine;
2355                  }
2356  
2357                  if(!$tofromusername)
2358                  {
2359                      $tofromuid = 0;
2360                      $tofromusername = $lang->na;
2361                  }
2362              }
2363  
2364              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2365  
2366              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2367              {
2368                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2369              }
2370              else
2371              {
2372                  $denyreceipt = '';
2373              }
2374  
2375              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2376              {
2377                  $icon = $icon_cache[$message['icon']];
2378                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2379                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2380                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2381                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2382              }
2383              else
2384              {
2385                  $icon = '&#009;';
2386              }
2387  
2388              if(!trim($message['subject']))
2389              {
2390                  $message['subject'] = $lang->pm_no_subject;
2391              }
2392  
2393              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2394              if($message['folder'] != "3")
2395              {
2396                  $senddate = my_date('relative', $message['dateline']);
2397              }
2398              else
2399              {
2400                  $senddate = $lang->not_sent;
2401              }
2402  
2403              $plugins->run_hooks("private_message");
2404  
2405              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2406          }
2407      }
2408      else
2409      {
2410          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2411      }
2412  
2413      $pmspacebar = '';
2414      if($mybb->usergroup['pmquota'] != 0)
2415      {
2416          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2417          $pmscount = $db->fetch_array($query);
2418          if($pmscount['total'] == 0)
2419          {
2420              $spaceused = 0;
2421          }
2422          else
2423          {
2424              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2425          }
2426          $spaceused2 = 100 - $spaceused;
2427          $belowhalf = $overhalf = '';
2428          if($spaceused <= "50")
2429          {
2430              $spaceused_severity = "low";
2431              $belowhalf = round($spaceused, 0)."%";
2432              if((int)$belowhalf > 100)
2433              {
2434                  $belowhalf = "100%";
2435              }
2436          }
2437          else
2438          {
2439              if($spaceused <= "75")
2440              {
2441                  $spaceused_severity = "medium";
2442              }
2443  
2444              else
2445              {
2446                  $spaceused_severity = "high";
2447              }
2448              
2449              $overhalf = round($spaceused, 0)."%";
2450              if((int)$overhalf > 100)
2451              {
2452                  $overhalf = "100%";
2453              }
2454          }
2455  
2456          if($spaceused > 100)
2457          {
2458              $spaceused = 100;
2459              $spaceused2 = 0;
2460          }
2461  
2462          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2463      }
2464  
2465      $composelink = '';
2466      if($mybb->usergroup['cansendpms'] == 1)
2467      {
2468          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2469      }
2470  
2471      $emptyexportlink = '';
2472      if($mybb->user['totalpms'] > 0)
2473      {
2474          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2475      }
2476  
2477      $limitwarning = '';
2478      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2479      {
2480          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2481      }
2482  
2483      $plugins->run_hooks("private_end");
2484  
2485      eval("\$folder = \"".$templates->get("private")."\";");
2486      output_page($folder);
2487  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1