[ Index ]

PHP Cross Reference of MyBB 1.8.17

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  if(!$mybb->user['pmfolders'])
  46  {
  47      $mybb->user['pmfolders'] = "1**$%%$2**$%%$3**$%%$4**";
  48  
  49      $sql_array = array(
  50           "pmfolders" => $mybb->user['pmfolders']
  51      );
  52      $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
  53  }
  54  
  55  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  56  
  57  $folder_id = $folder_name = '';
  58  
  59  $foldernames = array();
  60  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  61  foreach($foldersexploded as $key => $folders)
  62  {
  63      $folderinfo = explode("**", $folders, 2);
  64      if($mybb->input['fid'] == $folderinfo[0])
  65      {
  66          $sel = ' selected="selected"';
  67      }
  68      else
  69      {
  70          $sel = '';
  71      }
  72      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  73      $foldernames[$folderinfo[0]] = $folderinfo[1];
  74  
  75      $folder_id = $folderinfo[0];
  76      $folder_name = $folderinfo[1];
  77  
  78      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  79      eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  80      eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  81  }
  82  
  83  $from_fid = $mybb->input['fid'];
  84  
  85  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  86  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
  87  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
  88  
  89  usercp_menu();
  90  
  91  $plugins->run_hooks("private_start");
  92  
  93  // Make navigation
  94  add_breadcrumb($lang->nav_pms, "private.php");
  95  
  96  $mybb->input['action'] = $mybb->get_input('action');
  97  switch($mybb->input['action'])
  98  {
  99      case "send":
 100          add_breadcrumb($lang->nav_send);
 101          break;
 102      case "tracking":
 103          add_breadcrumb($lang->nav_tracking);
 104          break;
 105      case "folders":
 106          add_breadcrumb($lang->nav_folders);
 107          break;
 108      case "empty":
 109          add_breadcrumb($lang->nav_empty);
 110          break;
 111      case "export":
 112          add_breadcrumb($lang->nav_export);
 113          break;
 114      case "advanced_search":
 115          add_breadcrumb($lang->nav_search);
 116          break;
 117      case "results":
 118          add_breadcrumb($lang->nav_results);
 119          break;
 120  }
 121  
 122  if(!empty($mybb->input['preview']))
 123  {
 124      $mybb->input['action'] = "send";
 125  }
 126  
 127  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 128  {
 129      $plugins->run_hooks("private_do_search_start");
 130  
 131      // Simulate coming from our advanced search form with some preset options
 132      if($mybb->get_input('quick_search'))
 133      {
 134          $mybb->input['action'] = "do_search";
 135          $mybb->input['subject'] = 1;
 136          $mybb->input['message'] = 1;
 137          $mybb->input['folder'] = $mybb->input['fid'];
 138          unset($mybb->input['jumpto']);
 139          unset($mybb->input['fromfid']);
 140      }
 141  
 142      // Check if search flood checking is enabled and user is not admin
 143      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 144      {
 145          // Fetch the time this user last searched
 146          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 147          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 148          $last_search = $db->fetch_array($query);
 149          // Users last search was within the flood time, show the error
 150          if($last_search['sid'])
 151          {
 152              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 153              if($remaining_time == 1)
 154              {
 155                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 156              }
 157              else
 158              {
 159                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 160              }
 161              error($lang->error_searchflooding);
 162          }
 163      }
 164  
 165      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 166      {
 167          error($lang->error_nosearchresults);
 168      }
 169  
 170      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 171      {
 172          $resulttype = "pmmessages";
 173      }
 174      else
 175      {
 176          $resulttype = "pmsubjects";
 177      }
 178  
 179      $search_data = array(
 180          "keywords" => $mybb->get_input('keywords'),
 181          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 182          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 183          "sender" => $mybb->get_input('sender'),
 184          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 185          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 186      );
 187  
 188      if($db->can_search == true)
 189      {
 190          require_once  MYBB_ROOT."inc/functions_search.php";
 191  
 192          $search_results = privatemessage_perform_search_mysql($search_data);
 193      }
 194      else
 195      {
 196          error($lang->error_no_search_support);
 197      }
 198      $sid = md5(uniqid(microtime(), true));
 199      $searcharray = array(
 200          "sid" => $db->escape_string($sid),
 201          "uid" => $mybb->user['uid'],
 202          "dateline" => TIME_NOW,
 203          "ipaddress" => $db->escape_binary($session->packedip),
 204          "threads" => '',
 205          "posts" => '',
 206          "resulttype" => $resulttype,
 207          "querycache" => $search_results['querycache'],
 208          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 209      );
 210      $plugins->run_hooks("private_do_search_process");
 211  
 212      $db->insert_query("searchlog", $searcharray);
 213  
 214      // Sender sort won't work yet
 215      $sortby = array('subject', 'sender', 'dateline');
 216  
 217      if(in_array($mybb->get_input('sort'), $sortby))
 218      {
 219          $sortby = $mybb->get_input('sort');
 220      }
 221      else
 222      {
 223          $sortby = "dateline";
 224      }
 225  
 226      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 227      {
 228          $sortorder = "asc";
 229      }
 230      else
 231      {
 232          $sortorder = "desc";
 233      }
 234  
 235      $plugins->run_hooks("private_do_search_end");
 236      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 237  }
 238  
 239  if($mybb->input['action'] == "results")
 240  {
 241      $sid = $mybb->get_input('sid');
 242      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 243      $search = $db->fetch_array($query);
 244  
 245      if(!$search)
 246      {
 247          error($lang->error_invalidsearch);
 248      }
 249  
 250      $plugins->run_hooks("private_results_start");
 251  
 252      // Decide on our sorting fields and sorting order.
 253      $order = my_strtolower($mybb->get_input('order'));
 254      $sortby = my_strtolower($mybb->get_input('sortby'));
 255  
 256      $sortby_accepted = array('subject', 'username', 'dateline');
 257  
 258      if(in_array($sortby, $sortby_accepted))
 259      {
 260          $query_sortby = $sortby;
 261  
 262          if($query_sortby == "username")
 263          {
 264              $query_sortby = "fromusername";
 265          }
 266      }
 267      else
 268      {
 269          $sortby = $query_sortby = "dateline";
 270      }
 271  
 272      if($order != "asc")
 273      {
 274          $order = "desc";
 275      }
 276  
 277      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 278      {
 279          $mybb->settings['threadsperpage'] = 20;
 280      }
 281  
 282      // Work out pagination, which page we're at, as well as the limits.
 283      $perpage = $mybb->settings['threadsperpage'];
 284      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 285      if($page > 0)
 286      {
 287          $start = ($page-1) * $perpage;
 288      }
 289      else
 290      {
 291          $start = 0;
 292          $page = 1;
 293      }
 294      $end = $start + $perpage;
 295      $lower = $start+1;
 296      $upper = $end;
 297  
 298      // Work out if we have terms to highlight
 299      $highlight = "";
 300      if($search['keywords'])
 301      {
 302          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 303      }
 304  
 305      // Do Multi Pages
 306      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 307      $pmscount = $db->fetch_array($query);
 308  
 309      if($upper > $pmscount)
 310      {
 311          $upper = $pmscount;
 312      }
 313      $multipage = multipage($pmscount['total'], $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 314      $messagelist = '';
 315  
 316      $icon_cache = $cache->read("posticons");
 317  
 318      // Cache users in multiple recipients for sent & drafts folder
 319      // Get all recipients into an array
 320      $cached_users = $get_users = array();
 321      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 322      while($row = $db->fetch_array($users_query))
 323      {
 324          $recipients = my_unserialize($row['recipients']);
 325          if(is_array($recipients['to']) && count($recipients['to']))
 326          {
 327              $get_users = array_merge($get_users, $recipients['to']);
 328          }
 329  
 330          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 331          {
 332              $get_users = array_merge($get_users, $recipients['bcc']);
 333          }
 334      }
 335  
 336      $get_users = implode(',', array_unique($get_users));
 337  
 338      // Grab info
 339      if($get_users)
 340      {
 341          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 342          while($user = $db->fetch_array($users_query))
 343          {
 344              $cached_users[$user['uid']] = $user;
 345          }
 346      }
 347  
 348      $query = $db->query("
 349          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 350          FROM ".TABLE_PREFIX."privatemessages pm
 351          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 352          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 353          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 354          ORDER BY pm.{$query_sortby} {$order}
 355          LIMIT {$start}, {$perpage}
 356      ");
 357      while($message = $db->fetch_array($query))
 358      {
 359          $msgalt = $msgstatus = '';
 360  
 361          // Determine Folder Icon
 362          if($message['status'] == 0)
 363          {
 364              $msgstatus = 'new_pm';
 365              $msgalt = $lang->new_pm;
 366          }
 367          else if($message['status'] == 1)
 368          {
 369              $msgstatus = 'old_pm';
 370              $msgalt = $lang->old_pm;
 371          }
 372          else if($message['status'] == 3)
 373          {
 374              $msgstatus = 're_pm';
 375              $msgalt = $lang->reply_pm;
 376          }
 377          else if($message['status'] == 4)
 378          {
 379              $msgstatus = 'fw_pm';
 380              $msgalt = $lang->fwd_pm;
 381          }
 382  
 383          $folder = $message['folder'];
 384  
 385          $tofromuid = 0;
 386          if($folder == 2 || $folder == 3)
 387          {
 388              // Sent Items or Drafts Folder Check
 389              $recipients = my_unserialize($message['recipients']);
 390              $to_users = $bcc_users = '';
 391              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 392              {
 393                  foreach($recipients['to'] as $uid)
 394                  {
 395                      $profilelink = get_profile_link($uid);
 396                      $user = $cached_users[$uid];
 397                      $user['username'] = htmlspecialchars_uni($user['username']);
 398                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 399                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 400                  }
 401                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 402                  {
 403                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 404                      foreach($recipients['bcc'] as $uid)
 405                      {
 406                          $profilelink = get_profile_link($uid);
 407                          $user = $cached_users[$uid];
 408                          $user['username'] = htmlspecialchars_uni($user['username']);
 409                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 410                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 411                      }
 412                  }
 413  
 414                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 415              }
 416              else if($message['toid'])
 417              {
 418                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 419                  $tofromuid = $message['toid'];
 420              }
 421              else
 422              {
 423                  $tofromusername = $lang->not_sent;
 424              }
 425          }
 426          else
 427          {
 428              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 429              $tofromuid = $message['fromid'];
 430              if($tofromuid == 0)
 431              {
 432                  $tofromusername = $lang->mybb_engine;
 433              }
 434          }
 435  
 436          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 437  
 438          $denyreceipt = '';
 439  
 440          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 441          {
 442              $icon = $icon_cache[$message['icon']];
 443              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 444              $icon['path'] = htmlspecialchars_uni($icon['path']);
 445              $icon['name'] = htmlspecialchars_uni($icon['name']);
 446              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 447          }
 448          else
 449          {
 450              $icon = '&#009;';
 451          }
 452  
 453          if(!trim($message['subject']))
 454          {
 455              $message['subject'] = $lang->pm_no_subject;
 456          }
 457  
 458          $message['subject'] = $parser->parse_badwords($message['subject']);
 459  
 460          if(my_strlen($message['subject']) > 50)
 461          {
 462              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 463          }
 464          else
 465          {
 466              $message['subject'] = htmlspecialchars_uni($message['subject']);
 467          }
 468  
 469          if($message['folder'] != "3")
 470          {
 471              $senddate = my_date('relative', $message['dateline']);
 472          }
 473          else
 474          {
 475              $senddate = $lang->not_sent;
 476          }
 477  
 478          $foldername = $foldernames[$message['folder']];
 479  
 480          // What we do here is parse the post using our post parser, then strip the tags from it
 481          $parser_options = array(
 482              'allow_html' => 0,
 483              'allow_mycode' => 1,
 484              'allow_smilies' => 0,
 485              'allow_imgcode' => 0,
 486              'filter_badwords' => 1
 487          );
 488          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 489          if(my_strlen($message['message']) > 200)
 490          {
 491              $message['message'] = my_substr($message['message'], 0, 200)."...";
 492          }
 493  
 494          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 495      }
 496  
 497      if($db->num_rows($query) == 0)
 498      {
 499          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 500      }
 501  
 502      $plugins->run_hooks("private_results_end");
 503  
 504      eval("\$results = \"".$templates->get("private_search_results")."\";");
 505      output_page($results);
 506  }
 507  
 508  if($mybb->input['action'] == "advanced_search")
 509  {
 510      $plugins->run_hooks("private_advanced_search");
 511  
 512      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 513  
 514      output_page($advanced_search);
 515  }
 516  
 517  // Dismissing a new/unread PM notice
 518  if($mybb->input['action'] == "dismiss_notice")
 519  {
 520      if($mybb->user['pmnotice'] != 2)
 521      {
 522          exit;
 523      }
 524  
 525      // Verify incoming POST request
 526      verify_post_check($mybb->get_input('my_post_key'));
 527  
 528      $updated_user = array(
 529          "pmnotice" => 1
 530      );
 531      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 532  
 533      if(!empty($mybb->input['ajax']))
 534      {
 535          echo 1;
 536          exit;
 537      }
 538      else
 539      {
 540          header("Location: index.php");
 541          exit;
 542      }
 543  }
 544  
 545  $send_errors = '';
 546  
 547  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 548  {
 549      if($mybb->usergroup['cansendpms'] == 0)
 550      {
 551          error_no_permission();
 552      }
 553  
 554      // Verify incoming POST request
 555      verify_post_check($mybb->get_input('my_post_key'));
 556  
 557      $plugins->run_hooks("private_send_do_send");
 558  
 559      // Attempt to see if this PM is a duplicate or not
 560      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 561      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 562      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 563      $query = $db->query("
 564          SELECT pm.pmid
 565          FROM ".TABLE_PREFIX."privatemessages pm
 566          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 567          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 568          LIMIT 0, 1
 569      ");
 570      $duplicate_check = $db->fetch_field($query, "pmid");
 571      if($duplicate_check)
 572      {
 573          error($lang->error_pm_already_submitted);
 574      }
 575  
 576      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 577      $pmhandler = new PMDataHandler();
 578  
 579      $pm = array(
 580          "subject" => $mybb->get_input('subject'),
 581          "message" => $mybb->get_input('message'),
 582          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 583          "fromid" => $mybb->user['uid'],
 584          "do" => $mybb->get_input('do'),
 585          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 586          "ipaddress" => $session->packedip
 587      );
 588  
 589      // Split up any recipients we have
 590      $pm['to'] = $to;
 591      if(!empty($mybb->input['bcc']))
 592      {
 593          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 594          $pm['bcc'] = array_map("trim", $pm['bcc']);
 595      }
 596  
 597      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 598  
 599      if(!$mybb->usergroup['cantrackpms'])
 600      {
 601          $mybb->input['options']['readreceipt'] = false;
 602      }
 603  
 604      $pm['options'] = array();
 605      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 606      {
 607          $pm['options']['signature'] = 1;
 608      }
 609      else
 610      {
 611          $pm['options']['signature'] = 0;
 612      }
 613      if(isset($mybb->input['options']['disablesmilies']))
 614      {
 615          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 616      }
 617      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 618      {
 619          $pm['options']['savecopy'] = 1;
 620      }
 621      else
 622      {
 623          $pm['options']['savecopy'] = 0;
 624      }
 625      if(isset($mybb->input['options']['readreceipt']))
 626      {
 627          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 628      }
 629  
 630      if(!empty($mybb->input['saveasdraft']))
 631      {
 632          $pm['saveasdraft'] = 1;
 633      }
 634      $pmhandler->set_data($pm);
 635  
 636      // Now let the pm handler do all the hard work.
 637      if(!$pmhandler->validate_pm())
 638      {
 639          $pm_errors = $pmhandler->get_friendly_errors();
 640          $send_errors = inline_error($pm_errors);
 641          $mybb->input['action'] = "send";
 642      }
 643      else
 644      {
 645          $pminfo = $pmhandler->insert_pm();
 646          $plugins->run_hooks("private_do_send_end");
 647  
 648          if(isset($pminfo['draftsaved']))
 649          {
 650              redirect("private.php", $lang->redirect_pmsaved);
 651          }
 652          else
 653          {
 654              redirect("private.php", $lang->redirect_pmsent);
 655          }
 656      }
 657  }
 658  
 659  if($mybb->input['action'] == "send")
 660  {
 661      if($mybb->usergroup['cansendpms'] == 0)
 662      {
 663          error_no_permission();
 664      }
 665  
 666      $plugins->run_hooks("private_send_start");
 667  
 668      $smilieinserter = $codebuttons = '';
 669  
 670      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 671      {
 672          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 673          if($mybb->settings['pmsallowsmilies'] != 0)
 674          {
 675              $smilieinserter = build_clickable_smilies();
 676          }
 677      }
 678  
 679      $lang->post_icon = $lang->message_icon;
 680  
 681      $posticons = get_post_icons();
 682      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 683      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 684  
 685      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 686      $to = $bcc = '';
 687  
 688      if(!empty($mybb->input['preview']) || $send_errors)
 689      {
 690          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 691          if(isset($options['signature']) && $options['signature'] == 1)
 692          {
 693              $optionschecked['signature'] = 'checked="checked"';
 694          }
 695          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 696          {
 697              $optionschecked['disablesmilies'] = 'checked="checked"';
 698          }
 699          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 700          {
 701              $optionschecked['savecopy'] = 'checked="checked"';
 702          }
 703          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 704          {
 705              $optionschecked['readreceipt'] = 'checked="checked"';
 706          }
 707          $to = htmlspecialchars_uni($mybb->get_input('to'));
 708          $bcc = htmlspecialchars_uni($mybb->get_input('bcc'));
 709      }
 710  
 711      $preview = '';
 712      // Preview
 713      if(!empty($mybb->input['preview']))
 714      {
 715          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 716          $query = $db->query("
 717              SELECT u.username AS userusername, u.*, f.*
 718              FROM ".TABLE_PREFIX."users u
 719              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 720              WHERE u.uid='".$mybb->user['uid']."'
 721          ");
 722  
 723          $post = $db->fetch_array($query);
 724  
 725          $post['userusername'] = $mybb->user['username'];
 726          $post['postusername'] = $mybb->user['username'];
 727          $post['message'] = $mybb->get_input('message');
 728          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 729          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 730          if(!isset($options['disablesmilies']))
 731          {
 732              $options['disablesmilies'] = 0;
 733          }
 734          $post['smilieoff'] = $options['disablesmilies'];
 735          $post['dateline'] = TIME_NOW;
 736  
 737          if(!isset($options['signature']))
 738          {
 739              $post['includesig'] = 0;
 740          }
 741          else
 742          {
 743              $post['includesig'] = 1;
 744          }
 745  
 746          // Merge usergroup data from the cache
 747          $data_key = array(
 748              'title' => 'grouptitle',
 749              'usertitle' => 'groupusertitle',
 750              'stars' => 'groupstars',
 751              'starimage' => 'groupstarimage',
 752              'image' => 'groupimage',
 753              'namestyle' => 'namestyle',
 754              'usereputationsystem' => 'usereputationsystem'
 755          );
 756  
 757          foreach($data_key as $field => $key)
 758          {
 759              $post[$key] = $groupscache[$post['usergroup']][$field];
 760          }
 761  
 762          $postbit = build_postbit($post, 2);
 763          eval("\$preview = \"".$templates->get("previewpost")."\";");
 764      }
 765      else if(!$send_errors)
 766      {
 767          // New PM, so load default settings
 768          if($mybb->user['signature'] != '')
 769          {
 770              $optionschecked['signature'] = 'checked="checked"';
 771          }
 772          if($mybb->usergroup['cantrackpms'] == 1)
 773          {
 774              $optionschecked['readreceipt'] = 'checked="checked"';
 775          }
 776          $optionschecked['savecopy'] = 'checked="checked"';
 777      }
 778  
 779      // Draft, reply, forward
 780      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 781      {
 782          $query = $db->query("
 783              SELECT pm.*, u.username AS quotename
 784              FROM ".TABLE_PREFIX."privatemessages pm
 785              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 786              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 787          ");
 788  
 789          $pm = $db->fetch_array($query);
 790          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 791          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 792  
 793          if($pm['folder'] == "3")
 794          {
 795              // message saved in drafts
 796              $mybb->input['uid'] = $pm['toid'];
 797  
 798              if($pm['includesig'] == 1)
 799              {
 800                  $optionschecked['signature'] = 'checked="checked"';
 801              }
 802              if($pm['smilieoff'] == 1)
 803              {
 804                  $optionschecked['disablesmilies'] = 'checked="checked"';
 805              }
 806              if($pm['receipt'])
 807              {
 808                  $optionschecked['readreceipt'] = 'checked="checked"';
 809              }
 810  
 811              // Get list of recipients
 812              $recipients = my_unserialize($pm['recipients']);
 813              $comma = $recipientids = '';
 814              if(isset($recipients['to']) && is_array($recipients['to']))
 815              {
 816                  foreach($recipients['to'] as $recipient)
 817                  {
 818                      $recipient_list['to'][] = $recipient;
 819                      $recipientids .= $comma.$recipient;
 820                      $comma = ',';
 821                  }
 822              }
 823  
 824              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 825              {
 826                  foreach($recipients['bcc'] as $recipient)
 827                  {
 828                      $recipient_list['bcc'][] = $recipient;
 829                      $recipientids .= $comma.$recipient;
 830                      $comma = ',';
 831                  }
 832              }
 833  
 834              if(!empty($recipientids))
 835              {
 836                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 837                  while($user = $db->fetch_array($query))
 838                  {
 839                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 840                      {
 841                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 842                      }
 843                      else
 844                      {
 845                          $to .= htmlspecialchars_uni($user['username']).', ';
 846                      }
 847                  }
 848              }
 849          }
 850          else
 851          {
 852              // forward/reply
 853              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 854              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 855              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 856  
 857              require_once  MYBB_ROOT."inc/functions_posting.php";
 858  
 859              if($mybb->settings['maxpmquotedepth'] != '0')
 860              {
 861                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 862              }
 863  
 864              if($mybb->input['do'] == 'forward')
 865              {
 866                  $subject = "Fw: $subject";
 867              }
 868              elseif($mybb->input['do'] == 'reply')
 869              {
 870                  $subject = "Re: $subject";
 871                  $uid = $pm['fromid'];
 872                  if($mybb->user['uid'] == $uid)
 873                  {
 874                      $to = $mybb->user['username'];
 875                  }
 876                  else
 877                  {
 878                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 879                      $to = $db->fetch_field($query, 'username');
 880                  }
 881                  $to = htmlspecialchars_uni($to);
 882              }
 883              else if($mybb->input['do'] == 'replyall')
 884              {
 885                  $subject = "Re: $subject";
 886  
 887                  // Get list of recipients
 888                  $recipients = my_unserialize($pm['recipients']);
 889                  $recipientids = $pm['fromid'];
 890                  if(isset($recipients['to']) && is_array($recipients['to']))
 891                  {
 892                      foreach($recipients['to'] as $recipient)
 893                      {
 894                          if($recipient == $mybb->user['uid'])
 895                          {
 896                              continue;
 897                          }
 898                          $recipientids .= ','.$recipient;
 899                      }
 900                  }
 901                  $comma = '';
 902                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 903                  while($user = $db->fetch_array($query))
 904                  {
 905                      $to .= $comma.htmlspecialchars_uni($user['username']);
 906                      $comma = $lang->comma;
 907                  }
 908              }
 909          }
 910      }
 911  
 912      // New PM with recipient preset
 913      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 914      {
 915          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 916          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 917      }
 918  
 919      $max_recipients = '';
 920      if($mybb->usergroup['maxpmrecipients'] > 0)
 921      {
 922          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 923      }
 924  
 925      if($send_errors)
 926      {
 927          $to = htmlspecialchars_uni($mybb->get_input('to'));
 928          $bcc = htmlspecialchars_uni($mybb->get_input('bcc'));
 929      }
 930  
 931      // Load the auto complete javascript if it is enabled.
 932      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 933  
 934      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 935      $do = $mybb->get_input('do');
 936      if($do != "forward" && $do != "reply" && $do != "replyall")
 937      {
 938          $do = '';
 939      }
 940  
 941      $buddy_select_to = $buddy_select_bcc = '';
 942      // See if it's actually worth showing the buddylist icon.
 943      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 944      {
 945          $buddy_select = 'to';
 946          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 947          $buddy_select = 'bcc';
 948          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 949      }
 950  
 951      // Hide tracking option if no permission
 952      $private_send_tracking = '';
 953      if($mybb->usergroup['cantrackpms'])
 954      {
 955          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 956      }
 957  
 958      $plugins->run_hooks("private_send_end");
 959  
 960      eval("\$send = \"".$templates->get("private_send")."\";");
 961      output_page($send);
 962  }
 963  
 964  if($mybb->input['action'] == "read")
 965  {
 966      $plugins->run_hooks("private_read");
 967  
 968      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 969  
 970      $query = $db->query("
 971          SELECT pm.*, u.*, f.*
 972          FROM ".TABLE_PREFIX."privatemessages pm
 973          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 974          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 975          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 976      ");
 977      $pm = $db->fetch_array($query);
 978  
 979      if(!$pm)
 980      {
 981          error($lang->error_invalidpm);
 982      }
 983  
 984      if($pm['folder'] == 3)
 985      {
 986          header("Location: private.php?action=send&pmid={$pm['pmid']}");
 987          exit;
 988      }
 989  
 990      // If we've gotten a PM, attach the group info
 991      $data_key = array(
 992          'title' => 'grouptitle',
 993          'usertitle' => 'groupusertitle',
 994          'stars' => 'groupstars',
 995          'starimage' => 'groupstarimage',
 996          'image' => 'groupimage',
 997          'namestyle' => 'namestyle'
 998      );
 999  
1000      foreach($data_key as $field => $key)
1001      {
1002          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1003      }
1004  
1005      if($pm['receipt'] == 1)
1006      {
1007          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1008          {
1009              $receiptadd = 0;
1010          }
1011          else
1012          {
1013              $receiptadd = 2;
1014          }
1015      }
1016  
1017      $action_time = '';
1018      if($pm['status'] == 0)
1019      {
1020          $time = TIME_NOW;
1021          $updatearray = array(
1022              'status' => 1,
1023              'readtime' => $time
1024          );
1025  
1026          if(isset($receiptadd))
1027          {
1028              $updatearray['receipt'] = $receiptadd;
1029          }
1030  
1031          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1032  
1033          // Update the unread count - it has now changed.
1034          update_pm_count($mybb->user['uid'], 6);
1035  
1036          // Update PM notice value if this is our last unread PM
1037          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1038          {
1039              $updated_user = array(
1040                  "pmnotice" => 1
1041              );
1042              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1043          }
1044      }
1045      // Replied PM?
1046      else if($pm['status'] == 3 && $pm['statustime'])
1047      {
1048          $reply_string = $lang->you_replied_on;
1049          $reply_date = my_date('relative', $pm['statustime']);
1050  
1051          if((TIME_NOW - $pm['statustime']) < 3600)
1052          {
1053              // Relative string for the first hour
1054              $reply_string = $lang->you_replied;
1055          }
1056  
1057          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1058          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1059      }
1060      else if($pm['status'] == 4 && $pm['statustime'])
1061      {
1062          $forward_string = $lang->you_forwarded_on;
1063          $forward_date = my_date('relative', $pm['statustime']);
1064  
1065          if((TIME_NOW - $pm['statustime']) < 3600)
1066          {
1067              $forward_string = $lang->you_forwarded;
1068          }
1069  
1070          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1071          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1072      }
1073  
1074      $pm['userusername'] = $pm['username'];
1075      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1076  
1077      if($pm['fromid'] == 0)
1078      {
1079          $pm['username'] = $lang->mybb_engine;
1080      }
1081  
1082      if(!$pm['username'])
1083      {
1084          $pm['username'] = $lang->na;
1085      }
1086  
1087      // Fetch the recipients for this message
1088      $pm['recipients'] = my_unserialize($pm['recipients']);
1089  
1090      if(is_array($pm['recipients']['to']))
1091      {
1092          $uid_sql = implode(',', $pm['recipients']['to']);
1093      }
1094      else
1095      {
1096          $uid_sql = $pm['toid'];
1097          $pm['recipients']['to'] = array($pm['toid']);
1098      }
1099  
1100      $show_bcc = 0;
1101  
1102      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1103      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1104      {
1105          $show_bcc = 1;
1106          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1107      }
1108  
1109      // Fetch recipient names from the database
1110      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1111      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1112      while($recipient = $db->fetch_array($query))
1113      {
1114          // User is a BCC recipient
1115          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1116          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1117          {
1118              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1119              $bcc_form_val[] = $recipient['username'];
1120          }
1121          // User is a normal recipient
1122          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1123          {
1124              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1125          }
1126      }
1127  
1128      $bcc = '';
1129      if(count($bcc_recipients) > 0)
1130      {
1131          $bcc_recipients = implode(', ', $bcc_recipients);
1132          $bcc_form_val = implode(',', $bcc_form_val);
1133          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1134      }
1135      else
1136      {
1137          $bcc_form_val = '';
1138      }
1139  
1140      $replyall = false;
1141      if(count($to_recipients) > 1)
1142      {
1143          $replyall = true;
1144      }
1145  
1146      if(count($to_recipients) > 0)
1147      {
1148          $to_recipients = implode($lang->comma, $to_recipients);
1149      }
1150      else
1151      {
1152          $to_recipients = $lang->nobody;
1153      }
1154  
1155      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1156  
1157      add_breadcrumb($pm['subject']);
1158      $message = build_postbit($pm, 2);
1159  
1160      // Decide whether or not to show quick reply.
1161      $quickreply = '';
1162      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1163      {
1164          $trow = alt_trow();
1165  
1166          $optionschecked = array('savecopy' => 'checked="checked"');
1167          if(!empty($mybb->user['signature']))
1168          {
1169              $optionschecked['signature'] = 'checked="checked"';
1170          }
1171          if($mybb->usergroup['cantrackpms'] == 1)
1172          {
1173              $optionschecked['readreceipt'] = 'checked="checked"';
1174          }
1175  
1176          require_once  MYBB_ROOT.'inc/functions_posting.php';
1177  
1178          $quoted_message = array(
1179              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1180              'username' => $pm['username'],
1181              'quote_is_pm' => true
1182          );
1183          $quoted_message = parse_quoted_message($quoted_message);
1184  
1185          if($mybb->settings['maxpmquotedepth'] != '0')
1186          {
1187              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1188          }
1189  
1190          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1191  
1192          if($mybb->user['uid'] == $pm['fromid'])
1193          {
1194              $to = htmlspecialchars_uni($mybb->user['username']);
1195          }
1196          else
1197          {
1198              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1199              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1200          }
1201  
1202          $private_send_tracking = '';
1203          if($mybb->usergroup['cantrackpms'])
1204          {
1205              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1206  
1207              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1208          }
1209          
1210          $expaltext = (in_array("quickreply", $collapse)) ? "[+]" : "[-]";
1211          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1212      }
1213  
1214      $plugins->run_hooks("private_read_end");
1215  
1216      eval("\$read = \"".$templates->get("private_read")."\";");
1217      output_page($read);
1218  }
1219  
1220  if($mybb->input['action'] == "tracking")
1221  {
1222      if(!$mybb->usergroup['cantrackpms'])
1223      {
1224          error_no_permission();
1225      }
1226  
1227      $plugins->run_hooks("private_tracking_start");
1228      $readmessages = '';
1229      $unreadmessages = '';
1230  
1231      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1232      {
1233          $mybb->settings['postsperpage'] = 20;
1234      }
1235  
1236      // Figure out if we need to display multiple pages.
1237      $perpage = $mybb->settings['postsperpage'];
1238  
1239      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1240      $postcount = $db->fetch_field($query, "readpms");
1241  
1242      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1243      $pages = $postcount / $perpage;
1244      $pages = ceil($pages);
1245  
1246      if($mybb->get_input('read_page') == "last")
1247      {
1248          $page = $pages;
1249      }
1250  
1251      if($page > $pages || $page <= 0)
1252      {
1253          $page = 1;
1254      }
1255  
1256      if($page)
1257      {
1258          $start = ($page-1) * $perpage;
1259      }
1260      else
1261      {
1262          $start = 0;
1263          $page = 1;
1264      }
1265  
1266      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1267  
1268      $query = $db->query("
1269          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1270          FROM ".TABLE_PREFIX."privatemessages pm
1271          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1272          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1273          ORDER BY pm.readtime DESC
1274          LIMIT {$start}, {$perpage}
1275      ");
1276      while($readmessage = $db->fetch_array($query))
1277      {
1278          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1279          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1280          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1281          $readdate = my_date('relative', $readmessage['readtime']);
1282          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1283      }
1284  
1285      $stoptrackingread = '';
1286      if(!empty($readmessages))
1287      {
1288          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1289      }
1290  
1291      if(!$readmessages)
1292      {
1293          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1294      }
1295  
1296      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1297      $postcount = $db->fetch_field($query, "unreadpms");
1298  
1299      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1300      $pages = $postcount / $perpage;
1301      $pages = ceil($pages);
1302  
1303      if($mybb->get_input('unread_page') == "last")
1304      {
1305          $page = $pages;
1306      }
1307  
1308      if($page > $pages || $page <= 0)
1309      {
1310          $page = 1;
1311      }
1312  
1313      if($page)
1314      {
1315          $start = ($page-1) * $perpage;
1316      }
1317      else
1318      {
1319          $start = 0;
1320          $page = 1;
1321      }
1322  
1323      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1324  
1325      $query = $db->query("
1326          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1327          FROM ".TABLE_PREFIX."privatemessages pm
1328          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1329          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1330          ORDER BY pm.dateline DESC
1331          LIMIT {$start}, {$perpage}
1332      ");
1333      while($unreadmessage = $db->fetch_array($query))
1334      {
1335          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1336          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1337          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1338          $senddate = my_date('relative', $unreadmessage['dateline']);
1339          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1340      }
1341  
1342      $stoptrackingunread = '';
1343      if(!empty($unreadmessages))
1344      {
1345          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1346      }
1347  
1348      if(!$unreadmessages)
1349      {
1350          $lang->no_readmessages = $lang->no_unreadmessages;
1351          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1352      }
1353  
1354      $plugins->run_hooks("private_tracking_end");
1355  
1356      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1357      output_page($tracking);
1358  }
1359  
1360  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1361  {
1362      // Verify incoming POST request
1363      verify_post_check($mybb->get_input('my_post_key'));
1364  
1365      $plugins->run_hooks("private_do_tracking_start");
1366  
1367      if(!empty($mybb->input['stoptracking']))
1368      {
1369          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1370          if(!empty($mybb->input['readcheck']))
1371          {
1372              foreach($mybb->input['readcheck'] as $key => $val)
1373              {
1374                  $sql_array = array(
1375                      "receipt" => 0
1376                  );
1377                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1378              }
1379          }
1380          $plugins->run_hooks("private_do_tracking_end");
1381          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1382      }
1383      elseif(!empty($mybb->input['stoptrackingunread']))
1384      {
1385          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1386          if(!empty($mybb->input['unreadcheck']))
1387          {
1388              foreach($mybb->input['unreadcheck'] as $key => $val)
1389              {
1390                  $sql_array = array(
1391                      "receipt" => 0
1392                  );
1393                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1394              }
1395          }
1396          $plugins->run_hooks("private_do_tracking_end");
1397          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1398      }
1399      elseif(!empty($mybb->input['cancel']))
1400      {
1401          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1402          if(!empty($mybb->input['unreadcheck']))
1403          {
1404              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1405              {
1406                  $pmids[$pmid] = (int)$pmid;
1407              }
1408  
1409              $pmids = implode(",", $pmids);
1410              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1411              while($pm = $db->fetch_array($query))
1412              {
1413                  $pmuids[$pm['uid']] = $pm['uid'];
1414              }
1415  
1416              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1417              foreach($pmuids as $uid)
1418              {
1419                  // Message is canceled, update PM count for this user
1420                  update_pm_count($uid);
1421              }
1422          }
1423          $plugins->run_hooks("private_do_tracking_end");
1424          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1425      }
1426  }
1427  
1428  if($mybb->input['action'] == "stopalltracking")
1429  {
1430      // Verify incoming POST request
1431      verify_post_check($mybb->get_input('my_post_key'));
1432  
1433      $plugins->run_hooks("private_stopalltracking_start");
1434  
1435      $sql_array = array(
1436          "receipt" => 0
1437      );
1438      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1439  
1440      $plugins->run_hooks("private_stopalltracking_end");
1441      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1442  }
1443  
1444  if($mybb->input['action'] == "folders")
1445  {
1446      $plugins->run_hooks("private_folders_start");
1447  
1448      $folderlist = '';
1449      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1450      foreach($foldersexploded as $key => $folders)
1451      {
1452          $folderinfo = explode("**", $folders, 2);
1453          $foldername = $folderinfo[1];
1454          $fid = $folderinfo[0];
1455          $foldername = get_pm_folder_name($fid, $foldername);
1456  
1457          if($folderinfo[0] == "1" || $folderinfo[0] == "2" || $folderinfo[0] == "3" || $folderinfo[0] == "4")
1458          {
1459              $foldername2 = get_pm_folder_name($fid);
1460              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1461              unset($name);
1462          }
1463          else
1464          {
1465              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1466          }
1467      }
1468  
1469      $newfolders = '';
1470      for($i = 1; $i <= 5; ++$i)
1471      {
1472          $fid = "new$i";
1473          $foldername = '';
1474          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1475      }
1476  
1477      $plugins->run_hooks("private_folders_end");
1478  
1479      eval("\$folders = \"".$templates->get("private_folders")."\";");
1480      output_page($folders);
1481  }
1482  
1483  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1484  {
1485      // Verify incoming POST request
1486      verify_post_check($mybb->get_input('my_post_key'));
1487  
1488      $plugins->run_hooks("private_do_folders_start");
1489  
1490      $highestid = 2;
1491      $folders = '';
1492      $donefolders = array();
1493      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1494      foreach($mybb->input['folder'] as $key => $val)
1495      {
1496          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1497          {
1498              if(my_substr($key, 0, 3) == "new") // Create a new folder
1499              {
1500                  ++$highestid;
1501                  $fid = (int)$highestid;
1502              }
1503              else // Editing an existing folder
1504              {
1505                  if($key > $highestid)
1506                  {
1507                      $highestid = $key;
1508                  }
1509  
1510                  $fid = (int)$key;
1511                  // Use default language strings if empty or value is language string
1512                  switch($fid)
1513                  {
1514                      case 1:
1515                          if($val == $lang->folder_inbox || trim($val) == '')
1516                          {
1517                              $val = '';
1518                          }
1519                          break;
1520                      case 2:
1521                          if($val == $lang->folder_sent_items || trim($val) == '')
1522                          {
1523                              $val = '';
1524                          }
1525                          break;
1526                      case 3:
1527                          if($val == $lang->folder_drafts || trim($val) == '')
1528                          {
1529                              $val = '';
1530                          }
1531                          break;
1532                      case 4:
1533                          if($val == $lang->folder_trash || trim($val) == '')
1534                          {
1535                              $val = '';
1536                          }
1537                          break;
1538                  }
1539              }
1540  
1541              if($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4))
1542              {
1543                  // If the name only contains whitespace and it's not a default folder, print an error
1544                  error($lang->error_emptypmfoldername);
1545              }
1546  
1547              if($val != '' || ($key >= 1 && $key <= 4))
1548              {
1549                  // If there is a name or if this is a default folder, save it
1550                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1551  
1552                  if(my_strpos($foldername, "$%%$") === false)
1553                  {
1554                      if($folders != '')
1555                      {
1556                          $folders .= "$%%$";
1557                      }
1558                      $folders .= "$fid**$foldername";
1559                  }
1560                  else
1561                  {
1562                      error($lang->error_invalidpmfoldername);
1563                  }
1564              }
1565              else
1566              {
1567                  // Delete PMs from the folder
1568                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1569              }
1570          }
1571      }
1572  
1573      $sql_array = array(
1574          "pmfolders" => $folders
1575      );
1576      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1577  
1578      // Update PM count
1579      update_pm_count();
1580  
1581      $plugins->run_hooks("private_do_folders_end");
1582  
1583      redirect("private.php", $lang->redirect_pmfoldersupdated);
1584  }
1585  
1586  if($mybb->input['action'] == "empty")
1587  {
1588      if($mybb->user['totalpms'] == 0)
1589      {
1590          error($lang->error_nopms);
1591      }
1592  
1593      $plugins->run_hooks("private_empty_start");
1594  
1595      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1596      $folderlist = '';
1597      foreach($foldersexploded as $key => $folders)
1598      {
1599          $folderinfo = explode("**", $folders, 2);
1600          $fid = $folderinfo[0];
1601          $foldername = get_pm_folder_name($fid, $folderinfo[1]);
1602          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid' AND uid='".$mybb->user['uid']."'");
1603          $thing = $db->fetch_array($query);
1604          $foldercount = my_number_format($thing['pmsinfolder']);
1605          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1606      }
1607  
1608      $plugins->run_hooks("private_empty_end");
1609  
1610      eval("\$folders = \"".$templates->get("private_empty")."\";");
1611      output_page($folders);
1612  }
1613  
1614  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1615  {
1616      // Verify incoming POST request
1617      verify_post_check($mybb->get_input('my_post_key'));
1618  
1619      $plugins->run_hooks("private_do_empty_start");
1620  
1621      $emptyq = '';
1622      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1623      $keepunreadq = '';
1624      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1625      {
1626          $keepunreadq = " AND status!='0'";
1627      }
1628      if(!empty($mybb->input['empty']))
1629      {
1630          foreach($mybb->input['empty'] as $key => $val)
1631          {
1632              if($val == 1)
1633              {
1634                  $key = (int)$key;
1635                  if($emptyq)
1636                  {
1637                      $emptyq .= " OR ";
1638                  }
1639                  $emptyq .= "folder='$key'";
1640              }
1641          }
1642  
1643          if($emptyq != '')
1644          {
1645              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1646          }
1647      }
1648  
1649      // Update PM count
1650      update_pm_count();
1651  
1652      $plugins->run_hooks("private_do_empty_end");
1653      redirect("private.php", $lang->redirect_pmfoldersemptied);
1654  }
1655  
1656  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1657  {
1658      // Verify incoming POST request
1659      verify_post_check($mybb->get_input('my_post_key'));
1660  
1661      $plugins->run_hooks("private_do_stuff");
1662  
1663      if(!empty($mybb->input['hop']))
1664      {
1665          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1666      }
1667      elseif(!empty($mybb->input['moveto']))
1668      {
1669          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1670          if(!empty($mybb->input['check']))
1671          {
1672              foreach($mybb->input['check'] as $key => $val)
1673              {
1674                  $sql_array = array(
1675                      "folder" => $mybb->input['fid']
1676                  );
1677                  $db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
1678              }
1679          }
1680          // Update PM count
1681          update_pm_count();
1682  
1683          if(!empty($mybb->input['fromfid']))
1684          {
1685              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1686          }
1687          else
1688          {
1689              redirect("private.php", $lang->redirect_pmsmoved);
1690          }
1691      }
1692      elseif(!empty($mybb->input['delete']))
1693      {
1694          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1695          if(!empty($mybb->input['check']))
1696          {
1697              $pmssql = '';
1698              foreach($mybb->input['check'] as $key => $val)
1699              {
1700                  if($pmssql)
1701                  {
1702                      $pmssql .= ",";
1703                  }
1704                  $pmssql .= "'".(int)$key."'";
1705              }
1706  
1707              $deletepms = array();
1708              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1709              while($delpm = $db->fetch_array($query))
1710              {
1711                  $deletepms[$delpm['pmid']] = 1;
1712              }
1713  
1714              foreach($mybb->input['check'] as $key => $val)
1715              {
1716                  $key = (int)$key;
1717                  if(!empty($deletepms[$key]))
1718                  {
1719                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1720                  }
1721                  else
1722                  {
1723                      $sql_array = array(
1724                          "folder" => 4,
1725                          "deletetime" => TIME_NOW
1726                      );
1727                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1728                  }
1729              }
1730          }
1731          // Update PM count
1732          update_pm_count();
1733  
1734          if(!empty($mybb->input['fromfid']))
1735          {
1736              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1737          }
1738          else
1739          {
1740              redirect("private.php", $lang->redirect_pmsdeleted);
1741          }
1742      }
1743  }
1744  
1745  if($mybb->input['action'] == "delete")
1746  {
1747      // Verify incoming POST request
1748      verify_post_check($mybb->get_input('my_post_key'));
1749  
1750      $plugins->run_hooks("private_delete_start");
1751  
1752      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1753      if($db->num_rows($query) == 1)
1754      {
1755          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1756      }
1757      else
1758      {
1759          $sql_array = array(
1760              "folder" => 4,
1761              "deletetime" => TIME_NOW
1762          );
1763          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1764      }
1765  
1766      // Update PM count
1767      update_pm_count();
1768  
1769      $plugins->run_hooks("private_delete_end");
1770      redirect("private.php", $lang->redirect_pmsdeleted);
1771  }
1772  
1773  if($mybb->input['action'] == "export")
1774  {
1775      if($mybb->user['totalpms'] == 0)
1776      {
1777          error($lang->error_nopms);
1778      }
1779  
1780      $plugins->run_hooks("private_export_start");
1781  
1782      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1783      $folder_name = $folder_id = '';
1784      foreach($foldersexploded as $key => $folders)
1785      {
1786          $folderinfo = explode("**", $folders, 2);
1787          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1788  
1789          $folder_id = $folderinfo[0];
1790          $folder_name = $folderinfo[1];
1791  
1792          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1793      }
1794  
1795      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1796  
1797      $plugins->run_hooks("private_export_end");
1798  
1799      eval("\$archive = \"".$templates->get("private_archive")."\";");
1800  
1801      output_page($archive);
1802  }
1803  
1804  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1805  {
1806      // Verify incoming POST request
1807      verify_post_check($mybb->get_input('my_post_key'));
1808  
1809      $plugins->run_hooks("private_do_export_start");
1810  
1811      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1812      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1813      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1814      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1815      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1816      foreach($foldersexploded as $key => $folders)
1817      {
1818          $folderinfo = explode("**", $folders, 2);
1819          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1820          $foldersexploded[$key] = implode("**", $folderinfo);
1821      }
1822  
1823      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1824      {
1825          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1826      }
1827      else
1828      {
1829          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1830          {
1831              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1832              $wsql = "pm.dateline";
1833              if($mybb->get_input('dayway') == "older")
1834              {
1835                  $wsql .= "<=";
1836              }
1837              else
1838              {
1839                  $wsql .= ">=";
1840              }
1841              $wsql .= "'$datecut'";
1842          }
1843          else
1844          {
1845              $wsql = "1=1";
1846          }
1847  
1848          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1849          if(!empty($mybb->input['exportfolders']))
1850          {
1851              $folderlst = '';
1852              foreach($mybb->input['exportfolders'] as $key => $val)
1853              {
1854                  $val = $db->escape_string($val);
1855                  if($val == "all")
1856                  {
1857                      $folderlst = '';
1858                      break;
1859                  }
1860                  else
1861                  {
1862                      if(!$folderlst)
1863                      {
1864                          $folderlst = " AND pm.folder IN ('$val'";
1865                      }
1866                      else
1867                      {
1868                          $folderlst .= ",'$val'";
1869                      }
1870                  }
1871              }
1872              if($folderlst)
1873              {
1874                  $folderlst .= ")";
1875              }
1876              $wsql .= "$folderlst";
1877          }
1878          else
1879          {
1880              error($lang->error_pmnoarchivefolders);
1881          }
1882  
1883          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1884          {
1885              $wsql .= " AND pm.status!='0'";
1886          }
1887      }
1888      $query = $db->query("
1889          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1890          FROM ".TABLE_PREFIX."privatemessages pm
1891          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1892          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1893          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1894          ORDER BY pm.folder ASC, pm.dateline DESC
1895      ");
1896      $numpms = $db->num_rows($query);
1897      if(!$numpms)
1898      {
1899          error($lang->error_nopmsarchive);
1900      }
1901  
1902      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1903  
1904      $pmsdownload = $ids = '';
1905      while($message = $db->fetch_array($query))
1906      {
1907          if($message['folder'] == 2 || $message['folder'] == 3)
1908          { // Sent Items or Drafts Folder Check
1909              if($message['toid'])
1910              {
1911                  $tofromuid = $message['toid'];
1912                  if($mybb->input['exporttype'] == "txt")
1913                  {
1914                      $tofromusername = $message['tousername'];
1915                  }
1916                  else
1917                  {
1918                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1919                  }
1920              }
1921              else
1922              {
1923                  $tofromusername = $lang->not_sent;
1924              }
1925              $tofrom = $lang->to;
1926          }
1927          else
1928          {
1929              $tofromuid = $message['fromid'];
1930              if($mybb->input['exporttype'] == "txt")
1931              {
1932                  $tofromusername = $message['fromusername'];
1933              }
1934              else
1935              {
1936                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1937              }
1938  
1939              if($tofromuid == 0)
1940              {
1941                  $tofromusername = $lang->mybb_engine;
1942              }
1943              $tofrom = $lang->from;
1944          }
1945  
1946          if($tofromuid == 0)
1947          {
1948              $message['fromusername'] = $lang->mybb_engine;
1949          }
1950  
1951          if(!$message['toid'] && $message['folder'] == 3)
1952          {
1953              $message['tousername'] = $lang->not_sent;
1954          }
1955  
1956          $message['subject'] = $parser->parse_badwords($message['subject']);
1957          if($message['folder'] != "3")
1958          {
1959              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1960              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1961              $senddate .= " $lang->at $sendtime";
1962          }
1963          else
1964          {
1965              $senddate = $lang->not_sent;
1966          }
1967  
1968          if($mybb->input['exporttype'] == "html")
1969          {
1970              $parser_options = array(
1971                  "allow_html" => $mybb->settings['pmsallowhtml'],
1972                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1973                  "allow_smilies" => 0,
1974                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1975                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1976                  "me_username" => $mybb->user['username'],
1977                  "filter_badwords" => 1
1978              );
1979  
1980              $message['message'] = $parser->parse_message($message['message'], $parser_options);
1981              $message['subject'] = htmlspecialchars_uni($message['subject']);
1982          }
1983  
1984          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
1985          {
1986              $message['message'] = str_replace("\r\n", "\n", $message['message']);
1987              $message['message'] = str_replace("\n", "\r\n", $message['message']);
1988          }
1989  
1990          if($mybb->input['exporttype'] == "csv")
1991          {
1992              $message['message'] = my_escape_csv($message['message']);
1993              $message['subject'] = my_escape_csv($message['subject']);
1994              $message['tousername'] = my_escape_csv($message['tousername']);
1995              $message['fromusername'] = my_escape_csv($message['fromusername']);
1996          }
1997  
1998          if(empty($donefolder[$message['folder']]))
1999          {
2000              reset($foldersexploded);
2001              foreach($foldersexploded as $key => $val)
2002              {
2003                  $folderinfo = explode("**", $val, 2);
2004                  if($folderinfo[0] == $message['folder'])
2005                  {
2006                      $foldername = $folderinfo[1];
2007                      if($mybb->input['exporttype'] != "csv")
2008                      {
2009                          if($mybb->input['exporttype'] != "html")
2010                          {
2011                              $mybb->input['exporttype'] == "txt";
2012                          }
2013                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2014                      }
2015                      else
2016                      {
2017                          $foldername = my_escape_csv($folderinfo[1]);
2018                      }
2019                      $donefolder[$message['folder']] = 1;
2020                  }
2021              }
2022          }
2023  
2024          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2025          $ids .= ",'{$message['pmid']}'";
2026      }
2027  
2028      if($mybb->input['exporttype'] == "html")
2029      {
2030          // Gather global stylesheet for HTML
2031          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
2032          $css = $db->fetch_field($query, "stylesheet");
2033      }
2034  
2035      $plugins->run_hooks("private_do_export_end");
2036  
2037      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2038      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2039      { // delete the archived pms
2040          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2041          // Update PM count
2042          update_pm_count();
2043      }
2044  
2045      if($mybb->input['exporttype'] == "html")
2046      {
2047          $filename = "pm-archive.html";
2048          $contenttype = "text/html";
2049      }
2050      elseif($mybb->input['exporttype'] == "csv")
2051      {
2052          $filename = "pm-archive.csv";
2053          $contenttype = "application/octet-stream";
2054      }
2055      else
2056      {
2057          $filename = "pm-archive.txt";
2058          $contenttype = "text/plain";
2059      }
2060  
2061      $archived = str_replace("\\\'","'",$archived);
2062      header("Content-disposition: filename=$filename");
2063      header("Content-type: ".$contenttype);
2064  
2065      if($mybb->input['exporttype'] == "html")
2066      {
2067          output_page($archived);
2068      }
2069      else
2070      {
2071          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2072          echo $archived;
2073      }
2074  }
2075  
2076  if(!$mybb->input['action'])
2077  {
2078      $plugins->run_hooks("private_inbox");
2079  
2080      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2081      {
2082          $mybb->input['fid'] = 1;
2083      }
2084  
2085      $folder = $mybb->input['fid'];
2086      $foldername = $foldernames[$folder];
2087  
2088      if($folder == 2 || $folder == 3)
2089      { // Sent Items Folder
2090          $sender = $lang->sentto;
2091      }
2092      else
2093      {
2094          $sender = $lang->sender;
2095      }
2096  
2097      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2098      $ordersel = array('asc' => '', 'desc');
2099      switch(my_strtolower($mybb->input['order']))
2100      {
2101          case "asc":
2102              $sortordernow = "asc";
2103              $ordersel['asc'] = "selected=\"selected\"";
2104              $oppsort = $lang->desc;
2105              $oppsortnext = "desc";
2106              break;
2107          default:
2108              $sortordernow = "desc";
2109              $ordersel['desc'] = "selected=\"selected\"";
2110              $oppsort = $lang->asc;
2111              $oppsortnext = "asc";
2112              break;
2113      }
2114  
2115      // Sort by which field?
2116      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2117      switch($mybb->get_input('sortby'))
2118      {
2119          case "subject":
2120              $sortfield = "subject";
2121              break;
2122          case "username":
2123              $sortfield = "username";
2124              break;
2125          default:
2126              $sortby = "dateline";
2127              $sortfield = "dateline";
2128              $mybb->input['sortby'] = "dateline";
2129              break;
2130      }
2131      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2132      $sortsel[$sortby] = "selected=\"selected\"";
2133  
2134      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2135  
2136      // Do Multi Pages
2137      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");
2138      $pmscount = $db->fetch_array($query);
2139  
2140      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2141      {
2142          $mybb->settings['threadsperpage'] = 20;
2143      }
2144  
2145      $perpage = $mybb->settings['threadsperpage'];
2146      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2147  
2148      if($page > 0)
2149      {
2150          $start = ($page-1) *$perpage;
2151      }
2152      else
2153      {
2154          $start = 0;
2155          $page = 1;
2156      }
2157  
2158      $end = $start + $perpage;
2159      $lower = $start+1;
2160      $upper = $end;
2161  
2162      if($upper > $pmscount)
2163      {
2164          $upper = $pmscount;
2165      }
2166  
2167      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2168      {
2169          $page_url = "private.php?fid={$folder}&sortby={$sortby}&order={$sortordernow}";
2170      }
2171      else
2172      {
2173          $page_url = "private.php?fid={$folder}";
2174      }
2175  
2176      $multipage = multipage($pmscount['total'], $perpage, $page, $page_url);
2177      $messagelist = '';
2178  
2179      $icon_cache = $cache->read("posticons");
2180  
2181      // Cache users in multiple recipients for sent & drafts folder
2182      if($folder == 2 || $folder == 3)
2183      {
2184          if($sortfield == "username")
2185          {
2186              $u = "u.";
2187          }
2188          else
2189          {
2190              $u = "pm.";
2191          }
2192  
2193          // Get all recipients into an array
2194          $cached_users = $get_users = array();
2195          $users_query = $db->query("
2196              SELECT pm.recipients
2197              FROM ".TABLE_PREFIX."privatemessages pm
2198              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2199              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2200              ORDER BY {$u}{$sortfield} {$sortordernow}
2201              LIMIT {$start}, {$perpage}
2202          ");
2203          while($row = $db->fetch_array($users_query))
2204          {
2205              $recipients = my_unserialize($row['recipients']);
2206              if(is_array($recipients['to']) && count($recipients['to']))
2207              {
2208                  $get_users = array_merge($get_users, $recipients['to']);
2209              }
2210  
2211              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2212              {
2213                  $get_users = array_merge($get_users, $recipients['bcc']);
2214              }
2215          }
2216  
2217          $get_users = implode(',', array_unique($get_users));
2218  
2219          // Grab info
2220          if($get_users)
2221          {
2222              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2223              while($user = $db->fetch_array($users_query))
2224              {
2225                  $cached_users[$user['uid']] = $user;
2226              }
2227          }
2228      }
2229  
2230      if($folder == 2 || $folder == 3)
2231      {
2232          if($sortfield == "username")
2233          {
2234              $pm = "tu.";
2235          }
2236          else
2237          {
2238              $pm = "pm.";
2239          }
2240      }
2241      else
2242      {
2243          if($sortfield == "username")
2244          {
2245              $pm = "fu.";
2246          }
2247          else
2248          {
2249              $pm = "pm.";
2250          }
2251      }
2252  
2253      $query = $db->query("
2254          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2255          FROM ".TABLE_PREFIX."privatemessages pm
2256          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2257          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2258          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'
2259          ORDER BY {$pm}{$sortfield} {$sortordernow}
2260          LIMIT $start, $perpage
2261      ");
2262  
2263      if($db->num_rows($query) > 0)
2264      {
2265          while($message = $db->fetch_array($query))
2266          {
2267              $msgalt = $msgstatus = '';
2268  
2269              // Determine Folder Icon
2270              if($message['status'] == 0)
2271              {
2272                  $msgstatus = 'new_pm';
2273                  $msgalt = $lang->new_pm;
2274              }
2275              else if($message['status'] == 1)
2276              {
2277                  $msgstatus = 'old_pm';
2278                  $msgalt = $lang->old_pm;
2279              }
2280              else if($message['status'] == 3)
2281              {
2282                  $msgstatus = 're_pm';
2283                  $msgalt = $lang->reply_pm;
2284              }
2285              else if($message['status'] == 4)
2286              {
2287                  $msgstatus = 'fw_pm';
2288                  $msgalt = $lang->fwd_pm;
2289              }
2290  
2291              $tofromuid = 0;
2292              if($folder == 2 || $folder == 3)
2293              { // Sent Items or Drafts Folder Check
2294                  $recipients = my_unserialize($message['recipients']);
2295                  $to_users = $bcc_users = '';
2296                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2297                  {
2298                      foreach($recipients['to'] as $uid)
2299                      {
2300                          $profilelink = get_profile_link($uid);
2301                          $user = $cached_users[$uid];
2302                          $user['username'] = htmlspecialchars_uni($user['username']);
2303                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2304                          if(!$user['username'])
2305                          {
2306                              $username = $lang->na;
2307                          }
2308                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2309                      }
2310                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2311                      {
2312                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2313                          foreach($recipients['bcc'] as $uid)
2314                          {
2315                              $profilelink = get_profile_link($uid);
2316                              $user = $cached_users[$uid];
2317                              $user['username'] = htmlspecialchars_uni($user['username']);
2318                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2319                              if(!$user['username'])
2320                              {
2321                                  $username = $lang->na;
2322                              }
2323                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2324                          }
2325                      }
2326  
2327                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2328                  }
2329                  else if($message['toid'])
2330                  {
2331                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2332                      $tofromuid = $message['toid'];
2333                  }
2334                  else
2335                  {
2336                      $tofromusername = $lang->not_sent;
2337                  }
2338              }
2339              else
2340              {
2341                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2342                  $tofromuid = $message['fromid'];
2343                  if($tofromuid == 0)
2344                  {
2345                      $tofromusername = $lang->mybb_engine;
2346                  }
2347  
2348                  if(!$tofromusername)
2349                  {
2350                      $tofromuid = 0;
2351                      $tofromusername = $lang->na;
2352                  }
2353              }
2354  
2355              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2356  
2357              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2358              {
2359                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2360              }
2361              else
2362              {
2363                  $denyreceipt = '';
2364              }
2365  
2366              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2367              {
2368                  $icon = $icon_cache[$message['icon']];
2369                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2370                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2371                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2372                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2373              }
2374              else
2375              {
2376                  $icon = '&#009;';
2377              }
2378  
2379              if(!trim($message['subject']))
2380              {
2381                  $message['subject'] = $lang->pm_no_subject;
2382              }
2383  
2384              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2385              if($message['folder'] != "3")
2386              {
2387                  $senddate = my_date('relative', $message['dateline']);
2388              }
2389              else
2390              {
2391                  $senddate = $lang->not_sent;
2392              }
2393  
2394              $plugins->run_hooks("private_message");
2395  
2396              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2397          }
2398      }
2399      else
2400      {
2401          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2402      }
2403  
2404      $pmspacebar = '';
2405      if($mybb->usergroup['pmquota'] != 0)
2406      {
2407          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2408          $pmscount = $db->fetch_array($query);
2409          if($pmscount['total'] == 0)
2410          {
2411              $spaceused = 0;
2412          }
2413          else
2414          {
2415              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2416          }
2417          $spaceused2 = 100 - $spaceused;
2418          $belowhalf = $overhalf = '';
2419          if($spaceused <= "50")
2420          {
2421              $spaceused_severity = "low";
2422              $belowhalf = round($spaceused, 0)."%";
2423              if((int)$belowhalf > 100)
2424              {
2425                  $belowhalf = "100%";
2426              }
2427          }
2428          else
2429          {
2430              if($spaceused <= "75")
2431              {
2432                  $spaceused_severity = "medium";
2433              }
2434  
2435              else
2436              {
2437                  $spaceused_severity = "high";
2438              }
2439              
2440              $overhalf = round($spaceused, 0)."%";
2441              if((int)$overhalf > 100)
2442              {
2443                  $overhalf = "100%";
2444              }
2445          }
2446  
2447          if($spaceused > 100)
2448          {
2449              $spaceused = 100;
2450              $spaceused2 = 0;
2451          }
2452  
2453          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2454      }
2455  
2456      $composelink = '';
2457      if($mybb->usergroup['cansendpms'] == 1)
2458      {
2459          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2460      }
2461  
2462      $emptyexportlink = '';
2463      if($mybb->user['totalpms'] > 0)
2464      {
2465          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2466      }
2467  
2468      $limitwarning = '';
2469      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2470      {
2471          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2472      }
2473  
2474      $plugins->run_hooks("private_end");
2475  
2476      eval("\$folder = \"".$templates->get("private")."\";");
2477      output_page($folder);
2478  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1