[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  if(!$mybb->user['pmfolders'])
  46  {
  47      $mybb->user['pmfolders'] = "1**$%%$2**$%%$3**$%%$4**";
  48  
  49      $sql_array = array(
  50           "pmfolders" => $mybb->user['pmfolders']
  51      );
  52      $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
  53  }
  54  
  55  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  56  
  57  $folder_id = $folder_name = '';
  58  
  59  $foldernames = array();
  60  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  61  foreach($foldersexploded as $key => $folders)
  62  {
  63      $folderinfo = explode("**", $folders, 2);
  64      if($mybb->input['fid'] == $folderinfo[0])
  65      {
  66          $sel = ' selected="selected"';
  67      }
  68      else
  69      {
  70          $sel = '';
  71      }
  72      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  73      $foldernames[$folderinfo[0]] = $folderinfo[1];
  74  
  75      $folder_id = $folderinfo[0];
  76      $folder_name = $folderinfo[1];
  77  
  78      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  79      eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  80      eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  81  }
  82  
  83  $from_fid = $mybb->input['fid'];
  84  
  85  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  86  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
  87  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
  88  
  89  usercp_menu();
  90  
  91  $plugins->run_hooks("private_start");
  92  
  93  // Make navigation
  94  add_breadcrumb($lang->nav_pms, "private.php");
  95  
  96  $mybb->input['action'] = $mybb->get_input('action');
  97  switch($mybb->input['action'])
  98  {
  99      case "send":
 100          add_breadcrumb($lang->nav_send);
 101          break;
 102      case "tracking":
 103          add_breadcrumb($lang->nav_tracking);
 104          break;
 105      case "folders":
 106          add_breadcrumb($lang->nav_folders);
 107          break;
 108      case "empty":
 109          add_breadcrumb($lang->nav_empty);
 110          break;
 111      case "export":
 112          add_breadcrumb($lang->nav_export);
 113          break;
 114      case "advanced_search":
 115          add_breadcrumb($lang->nav_search);
 116          break;
 117      case "results":
 118          add_breadcrumb($lang->nav_results);
 119          break;
 120  }
 121  
 122  if(!empty($mybb->input['preview']))
 123  {
 124      $mybb->input['action'] = "send";
 125  }
 126  
 127  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 128  {
 129      $plugins->run_hooks("private_do_search_start");
 130  
 131      // Simulate coming from our advanced search form with some preset options
 132      if($mybb->get_input('quick_search'))
 133      {
 134          $mybb->input['action'] = "do_search";
 135          $mybb->input['subject'] = 1;
 136          $mybb->input['message'] = 1;
 137          $mybb->input['folder'] = $mybb->input['fid'];
 138          unset($mybb->input['jumpto']);
 139          unset($mybb->input['fromfid']);
 140      }
 141  
 142      // Check if search flood checking is enabled and user is not admin
 143      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 144      {
 145          // Fetch the time this user last searched
 146          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 147          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 148          $last_search = $db->fetch_array($query);
 149          // Users last search was within the flood time, show the error
 150          if($last_search['sid'])
 151          {
 152              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 153              if($remaining_time == 1)
 154              {
 155                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 156              }
 157              else
 158              {
 159                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 160              }
 161              error($lang->error_searchflooding);
 162          }
 163      }
 164  
 165      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 166      {
 167          error($lang->error_nosearchresults);
 168      }
 169  
 170      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 171      {
 172          $resulttype = "pmmessages";
 173      }
 174      else
 175      {
 176          $resulttype = "pmsubjects";
 177      }
 178  
 179      $search_data = array(
 180          "keywords" => $mybb->get_input('keywords'),
 181          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 182          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 183          "sender" => $mybb->get_input('sender'),
 184          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 185          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 186      );
 187  
 188      if($db->can_search == true)
 189      {
 190          require_once  MYBB_ROOT."inc/functions_search.php";
 191  
 192          $search_results = privatemessage_perform_search_mysql($search_data);
 193      }
 194      else
 195      {
 196          error($lang->error_no_search_support);
 197      }
 198      $sid = md5(uniqid(microtime(), true));
 199      $searcharray = array(
 200          "sid" => $db->escape_string($sid),
 201          "uid" => $mybb->user['uid'],
 202          "dateline" => TIME_NOW,
 203          "ipaddress" => $db->escape_binary($session->packedip),
 204          "threads" => '',
 205          "posts" => '',
 206          "resulttype" => $resulttype,
 207          "querycache" => $search_results['querycache'],
 208          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 209      );
 210      $plugins->run_hooks("private_do_search_process");
 211  
 212      $db->insert_query("searchlog", $searcharray);
 213  
 214      // Sender sort won't work yet
 215      $sortby = array('subject', 'sender', 'dateline');
 216  
 217      if(in_array($mybb->get_input('sort'), $sortby))
 218      {
 219          $sortby = $mybb->get_input('sort');
 220      }
 221      else
 222      {
 223          $sortby = "dateline";
 224      }
 225  
 226      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 227      {
 228          $sortorder = "asc";
 229      }
 230      else
 231      {
 232          $sortorder = "desc";
 233      }
 234  
 235      $plugins->run_hooks("private_do_search_end");
 236      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 237  }
 238  
 239  if($mybb->input['action'] == "results")
 240  {
 241      $sid = $mybb->get_input('sid');
 242      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 243      $search = $db->fetch_array($query);
 244  
 245      if(!$search)
 246      {
 247          error($lang->error_invalidsearch);
 248      }
 249  
 250      $plugins->run_hooks("private_results_start");
 251  
 252      // Decide on our sorting fields and sorting order.
 253      $order = my_strtolower($mybb->get_input('order'));
 254      $sortby = my_strtolower($mybb->get_input('sortby'));
 255  
 256      $sortby_accepted = array('subject', 'username', 'dateline');
 257  
 258      if(in_array($sortby, $sortby_accepted))
 259      {
 260          $query_sortby = $sortby;
 261  
 262          if($query_sortby == "username")
 263          {
 264              $query_sortby = "fromusername";
 265          }
 266      }
 267      else
 268      {
 269          $sortby = $query_sortby = "dateline";
 270      }
 271  
 272      if($order != "asc")
 273      {
 274          $order = "desc";
 275      }
 276  
 277      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 278      {
 279          $mybb->settings['threadsperpage'] = 20;
 280      }
 281  
 282      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 283      $pmscount = $db->fetch_field($query, "total");
 284  
 285      // Work out pagination, which page we're at, as well as the limits.
 286      $perpage = $mybb->settings['threadsperpage'];
 287      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 288      if($page > 0)
 289      {
 290          $start = ($page-1) * $perpage;
 291          $pages = ceil($pmscount / $perpage);
 292          if($page > $pages)
 293          {
 294              $start = 0;
 295              $page = 1;
 296          }
 297      }
 298      else
 299      {
 300          $start = 0;
 301          $page = 1;
 302      }
 303      $end = $start + $perpage;
 304      $lower = $start+1;
 305      $upper = $end;
 306  
 307      // Work out if we have terms to highlight
 308      $highlight = "";
 309      if($search['keywords'])
 310      {
 311          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 312      }
 313  
 314      // Do Multi Pages
 315      if($upper > $pmscount)
 316      {
 317          $upper = $pmscount;
 318      }
 319      $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 320      $messagelist = '';
 321  
 322      $icon_cache = $cache->read("posticons");
 323  
 324      // Cache users in multiple recipients for sent & drafts folder
 325      // Get all recipients into an array
 326      $cached_users = $get_users = array();
 327      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 328      while($row = $db->fetch_array($users_query))
 329      {
 330          $recipients = my_unserialize($row['recipients']);
 331          if(is_array($recipients['to']) && count($recipients['to']))
 332          {
 333              $get_users = array_merge($get_users, $recipients['to']);
 334          }
 335  
 336          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 337          {
 338              $get_users = array_merge($get_users, $recipients['bcc']);
 339          }
 340      }
 341  
 342      $get_users = implode(',', array_unique($get_users));
 343  
 344      // Grab info
 345      if($get_users)
 346      {
 347          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 348          while($user = $db->fetch_array($users_query))
 349          {
 350              $cached_users[$user['uid']] = $user;
 351          }
 352      }
 353  
 354      $query = $db->query("
 355          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 356          FROM ".TABLE_PREFIX."privatemessages pm
 357          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 358          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 359          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 360          ORDER BY pm.{$query_sortby} {$order}
 361          LIMIT {$start}, {$perpage}
 362      ");
 363      while($message = $db->fetch_array($query))
 364      {
 365          $msgalt = $msgstatus = '';
 366  
 367          // Determine Folder Icon
 368          if($message['status'] == 0)
 369          {
 370              $msgstatus = 'new_pm';
 371              $msgalt = $lang->new_pm;
 372          }
 373          else if($message['status'] == 1)
 374          {
 375              $msgstatus = 'old_pm';
 376              $msgalt = $lang->old_pm;
 377          }
 378          else if($message['status'] == 3)
 379          {
 380              $msgstatus = 're_pm';
 381              $msgalt = $lang->reply_pm;
 382          }
 383          else if($message['status'] == 4)
 384          {
 385              $msgstatus = 'fw_pm';
 386              $msgalt = $lang->fwd_pm;
 387          }
 388  
 389          $folder = $message['folder'];
 390  
 391          $tofromuid = 0;
 392          if($folder == 2 || $folder == 3)
 393          {
 394              // Sent Items or Drafts Folder Check
 395              $recipients = my_unserialize($message['recipients']);
 396              $to_users = $bcc_users = '';
 397              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 398              {
 399                  foreach($recipients['to'] as $uid)
 400                  {
 401                      $profilelink = get_profile_link($uid);
 402                      $user = $cached_users[$uid];
 403                      $user['username'] = htmlspecialchars_uni($user['username']);
 404                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 405                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 406                  }
 407                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 408                  {
 409                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 410                      foreach($recipients['bcc'] as $uid)
 411                      {
 412                          $profilelink = get_profile_link($uid);
 413                          $user = $cached_users[$uid];
 414                          $user['username'] = htmlspecialchars_uni($user['username']);
 415                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 416                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 417                      }
 418                  }
 419  
 420                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 421              }
 422              else if($message['toid'])
 423              {
 424                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 425                  $tofromuid = $message['toid'];
 426              }
 427              else
 428              {
 429                  $tofromusername = $lang->not_sent;
 430              }
 431          }
 432          else
 433          {
 434              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 435              $tofromuid = $message['fromid'];
 436              if($tofromuid == 0)
 437              {
 438                  $tofromusername = $lang->mybb_engine;
 439              }
 440          }
 441  
 442          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 443  
 444          $denyreceipt = '';
 445  
 446          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 447          {
 448              $icon = $icon_cache[$message['icon']];
 449              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 450              $icon['path'] = htmlspecialchars_uni($icon['path']);
 451              $icon['name'] = htmlspecialchars_uni($icon['name']);
 452              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 453          }
 454          else
 455          {
 456              $icon = '&#009;';
 457          }
 458  
 459          if(!trim($message['subject']))
 460          {
 461              $message['subject'] = $lang->pm_no_subject;
 462          }
 463  
 464          $message['subject'] = $parser->parse_badwords($message['subject']);
 465  
 466          if(my_strlen($message['subject']) > 50)
 467          {
 468              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 469          }
 470          else
 471          {
 472              $message['subject'] = htmlspecialchars_uni($message['subject']);
 473          }
 474  
 475          if($message['folder'] != "3")
 476          {
 477              $senddate = my_date('relative', $message['dateline']);
 478          }
 479          else
 480          {
 481              $senddate = $lang->not_sent;
 482          }
 483  
 484          $foldername = $foldernames[$message['folder']];
 485  
 486          // What we do here is parse the post using our post parser, then strip the tags from it
 487          $parser_options = array(
 488              'allow_html' => 0,
 489              'allow_mycode' => 1,
 490              'allow_smilies' => 0,
 491              'allow_imgcode' => 0,
 492              'filter_badwords' => 1
 493          );
 494          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 495          if(my_strlen($message['message']) > 200)
 496          {
 497              $message['message'] = my_substr($message['message'], 0, 200)."...";
 498          }
 499  
 500          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 501      }
 502  
 503      if($db->num_rows($query) == 0)
 504      {
 505          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 506      }
 507  
 508      $plugins->run_hooks("private_results_end");
 509  
 510      eval("\$results = \"".$templates->get("private_search_results")."\";");
 511      output_page($results);
 512  }
 513  
 514  if($mybb->input['action'] == "advanced_search")
 515  {
 516      $plugins->run_hooks("private_advanced_search");
 517  
 518      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 519  
 520      output_page($advanced_search);
 521  }
 522  
 523  // Dismissing a new/unread PM notice
 524  if($mybb->input['action'] == "dismiss_notice")
 525  {
 526      if($mybb->user['pmnotice'] != 2)
 527      {
 528          exit;
 529      }
 530  
 531      // Verify incoming POST request
 532      verify_post_check($mybb->get_input('my_post_key'));
 533  
 534      $updated_user = array(
 535          "pmnotice" => 1
 536      );
 537      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 538  
 539      if(!empty($mybb->input['ajax']))
 540      {
 541          echo 1;
 542          exit;
 543      }
 544      else
 545      {
 546          header("Location: index.php");
 547          exit;
 548      }
 549  }
 550  
 551  $send_errors = '';
 552  
 553  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 554  {
 555      if($mybb->usergroup['cansendpms'] == 0)
 556      {
 557          error_no_permission();
 558      }
 559  
 560      // Verify incoming POST request
 561      verify_post_check($mybb->get_input('my_post_key'));
 562  
 563      $plugins->run_hooks("private_send_do_send");
 564  
 565      // Attempt to see if this PM is a duplicate or not
 566      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 567      $to = array_unique($to); // Filter out any duplicates
 568      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 569      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 570      $query = $db->query("
 571          SELECT pm.pmid
 572          FROM ".TABLE_PREFIX."privatemessages pm
 573          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 574          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 575          LIMIT 0, 1
 576      ");
 577      $duplicate_check = $db->fetch_field($query, "pmid");
 578      if($duplicate_check)
 579      {
 580          error($lang->error_pm_already_submitted);
 581      }
 582  
 583      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 584      $pmhandler = new PMDataHandler();
 585  
 586      $pm = array(
 587          "subject" => $mybb->get_input('subject'),
 588          "message" => $mybb->get_input('message'),
 589          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 590          "fromid" => $mybb->user['uid'],
 591          "do" => $mybb->get_input('do'),
 592          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 593          "ipaddress" => $session->packedip
 594      );
 595  
 596      // Split up any recipients we have
 597      $pm['to'] = $to;
 598      if(!empty($mybb->input['bcc']))
 599      {
 600          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 601          $pm['bcc'] = array_map("trim", $pm['bcc']);
 602      }
 603  
 604      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 605  
 606      if(!$mybb->usergroup['cantrackpms'])
 607      {
 608          $mybb->input['options']['readreceipt'] = false;
 609      }
 610  
 611      $pm['options'] = array();
 612      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 613      {
 614          $pm['options']['signature'] = 1;
 615      }
 616      else
 617      {
 618          $pm['options']['signature'] = 0;
 619      }
 620      if(isset($mybb->input['options']['disablesmilies']))
 621      {
 622          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 623      }
 624      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 625      {
 626          $pm['options']['savecopy'] = 1;
 627      }
 628      else
 629      {
 630          $pm['options']['savecopy'] = 0;
 631      }
 632      if(isset($mybb->input['options']['readreceipt']))
 633      {
 634          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 635      }
 636  
 637      if(!empty($mybb->input['saveasdraft']))
 638      {
 639          $pm['saveasdraft'] = 1;
 640      }
 641      $pmhandler->set_data($pm);
 642  
 643      // Now let the pm handler do all the hard work.
 644      if(!$pmhandler->validate_pm())
 645      {
 646          $pm_errors = $pmhandler->get_friendly_errors();
 647          $send_errors = inline_error($pm_errors);
 648          $mybb->input['action'] = "send";
 649      }
 650      else
 651      {
 652          $pminfo = $pmhandler->insert_pm();
 653          $plugins->run_hooks("private_do_send_end");
 654  
 655          if(isset($pminfo['draftsaved']))
 656          {
 657              redirect("private.php", $lang->redirect_pmsaved);
 658          }
 659          else
 660          {
 661              redirect("private.php", $lang->redirect_pmsent);
 662          }
 663      }
 664  }
 665  
 666  if($mybb->input['action'] == "send")
 667  {
 668      if($mybb->usergroup['cansendpms'] == 0)
 669      {
 670          error_no_permission();
 671      }
 672  
 673      $plugins->run_hooks("private_send_start");
 674  
 675      $smilieinserter = $codebuttons = '';
 676  
 677      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 678      {
 679          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 680          if($mybb->settings['pmsallowsmilies'] != 0)
 681          {
 682              $smilieinserter = build_clickable_smilies();
 683          }
 684      }
 685  
 686      $lang->post_icon = $lang->message_icon;
 687  
 688      $posticons = get_post_icons();
 689      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 690      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 691  
 692      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 693      $to = $bcc = '';
 694  
 695      if(!empty($mybb->input['preview']) || $send_errors)
 696      {
 697          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 698          if(isset($options['signature']) && $options['signature'] == 1)
 699          {
 700              $optionschecked['signature'] = 'checked="checked"';
 701          }
 702          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 703          {
 704              $optionschecked['disablesmilies'] = 'checked="checked"';
 705          }
 706          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 707          {
 708              $optionschecked['savecopy'] = 'checked="checked"';
 709          }
 710          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 711          {
 712              $optionschecked['readreceipt'] = 'checked="checked"';
 713          }
 714          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 715          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 716      }
 717  
 718      $preview = '';
 719      // Preview
 720      if(!empty($mybb->input['preview']))
 721      {
 722          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 723          $query = $db->query("
 724              SELECT u.username AS userusername, u.*, f.*
 725              FROM ".TABLE_PREFIX."users u
 726              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 727              WHERE u.uid='".$mybb->user['uid']."'
 728          ");
 729  
 730          $post = $db->fetch_array($query);
 731  
 732          $post['userusername'] = $mybb->user['username'];
 733          $post['postusername'] = $mybb->user['username'];
 734          $post['message'] = $mybb->get_input('message');
 735          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 736          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 737          if(!isset($options['disablesmilies']))
 738          {
 739              $options['disablesmilies'] = 0;
 740          }
 741          $post['smilieoff'] = $options['disablesmilies'];
 742          $post['dateline'] = TIME_NOW;
 743  
 744          if(!isset($options['signature']))
 745          {
 746              $post['includesig'] = 0;
 747          }
 748          else
 749          {
 750              $post['includesig'] = 1;
 751          }
 752  
 753          // Merge usergroup data from the cache
 754          $data_key = array(
 755              'title' => 'grouptitle',
 756              'usertitle' => 'groupusertitle',
 757              'stars' => 'groupstars',
 758              'starimage' => 'groupstarimage',
 759              'image' => 'groupimage',
 760              'namestyle' => 'namestyle',
 761              'usereputationsystem' => 'usereputationsystem'
 762          );
 763  
 764          foreach($data_key as $field => $key)
 765          {
 766              $post[$key] = $groupscache[$post['usergroup']][$field];
 767          }
 768  
 769          $postbit = build_postbit($post, 2);
 770          eval("\$preview = \"".$templates->get("previewpost")."\";");
 771      }
 772      else if(!$send_errors)
 773      {
 774          // New PM, so load default settings
 775          if($mybb->user['signature'] != '')
 776          {
 777              $optionschecked['signature'] = 'checked="checked"';
 778          }
 779          if($mybb->usergroup['cantrackpms'] == 1)
 780          {
 781              $optionschecked['readreceipt'] = 'checked="checked"';
 782          }
 783          $optionschecked['savecopy'] = 'checked="checked"';
 784      }
 785  
 786      // Draft, reply, forward
 787      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 788      {
 789          $query = $db->query("
 790              SELECT pm.*, u.username AS quotename
 791              FROM ".TABLE_PREFIX."privatemessages pm
 792              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 793              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 794          ");
 795  
 796          $pm = $db->fetch_array($query);
 797          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 798          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 799  
 800          if($pm['folder'] == "3")
 801          {
 802              // message saved in drafts
 803              $mybb->input['uid'] = $pm['toid'];
 804  
 805              if($pm['includesig'] == 1)
 806              {
 807                  $optionschecked['signature'] = 'checked="checked"';
 808              }
 809              if($pm['smilieoff'] == 1)
 810              {
 811                  $optionschecked['disablesmilies'] = 'checked="checked"';
 812              }
 813              if($pm['receipt'])
 814              {
 815                  $optionschecked['readreceipt'] = 'checked="checked"';
 816              }
 817  
 818              // Get list of recipients
 819              $recipients = my_unserialize($pm['recipients']);
 820              $comma = $recipientids = '';
 821              if(isset($recipients['to']) && is_array($recipients['to']))
 822              {
 823                  foreach($recipients['to'] as $recipient)
 824                  {
 825                      $recipient_list['to'][] = $recipient;
 826                      $recipientids .= $comma.$recipient;
 827                      $comma = ',';
 828                  }
 829              }
 830  
 831              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 832              {
 833                  foreach($recipients['bcc'] as $recipient)
 834                  {
 835                      $recipient_list['bcc'][] = $recipient;
 836                      $recipientids .= $comma.$recipient;
 837                      $comma = ',';
 838                  }
 839              }
 840  
 841              if(!empty($recipientids))
 842              {
 843                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 844                  while($user = $db->fetch_array($query))
 845                  {
 846                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 847                      {
 848                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 849                      }
 850                      else
 851                      {
 852                          $to .= htmlspecialchars_uni($user['username']).', ';
 853                      }
 854                  }
 855              }
 856          }
 857          else
 858          {
 859              // forward/reply
 860              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 861              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 862              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 863  
 864              require_once  MYBB_ROOT."inc/functions_posting.php";
 865  
 866              if($mybb->settings['maxpmquotedepth'] != '0')
 867              {
 868                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 869              }
 870  
 871              if($mybb->input['do'] == 'forward')
 872              {
 873                  $subject = "Fw: $subject";
 874              }
 875              elseif($mybb->input['do'] == 'reply')
 876              {
 877                  $subject = "Re: $subject";
 878                  $uid = $pm['fromid'];
 879                  if($mybb->user['uid'] == $uid)
 880                  {
 881                      $to = $mybb->user['username'];
 882                  }
 883                  else
 884                  {
 885                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 886                      $to = $db->fetch_field($query, 'username');
 887                  }
 888                  $to = htmlspecialchars_uni($to);
 889              }
 890              else if($mybb->input['do'] == 'replyall')
 891              {
 892                  $subject = "Re: $subject";
 893  
 894                  // Get list of recipients
 895                  $recipients = my_unserialize($pm['recipients']);
 896                  $recipientids = $pm['fromid'];
 897                  if(isset($recipients['to']) && is_array($recipients['to']))
 898                  {
 899                      foreach($recipients['to'] as $recipient)
 900                      {
 901                          if($recipient == $mybb->user['uid'])
 902                          {
 903                              continue;
 904                          }
 905                          $recipientids .= ','.$recipient;
 906                      }
 907                  }
 908                  $comma = '';
 909                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 910                  while($user = $db->fetch_array($query))
 911                  {
 912                      $to .= $comma.htmlspecialchars_uni($user['username']);
 913                      $comma = $lang->comma;
 914                  }
 915              }
 916          }
 917      }
 918  
 919      // New PM with recipient preset
 920      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 921      {
 922          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 923          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 924      }
 925  
 926      $max_recipients = '';
 927      if($mybb->usergroup['maxpmrecipients'] > 0)
 928      {
 929          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 930      }
 931  
 932      if($send_errors)
 933      {
 934          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 935          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 936      }
 937  
 938      // Load the auto complete javascript if it is enabled.
 939      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 940  
 941      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 942      $do = $mybb->get_input('do');
 943      if($do != "forward" && $do != "reply" && $do != "replyall")
 944      {
 945          $do = '';
 946      }
 947  
 948      $buddy_select_to = $buddy_select_bcc = '';
 949      // See if it's actually worth showing the buddylist icon.
 950      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 951      {
 952          $buddy_select = 'to';
 953          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 954          $buddy_select = 'bcc';
 955          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 956      }
 957  
 958      // Hide tracking option if no permission
 959      $private_send_tracking = '';
 960      if($mybb->usergroup['cantrackpms'])
 961      {
 962          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 963      }
 964  
 965      $plugins->run_hooks("private_send_end");
 966  
 967      eval("\$send = \"".$templates->get("private_send")."\";");
 968      output_page($send);
 969  }
 970  
 971  if($mybb->input['action'] == "read")
 972  {
 973      $plugins->run_hooks("private_read");
 974  
 975      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 976  
 977      $query = $db->query("
 978          SELECT pm.*, u.*, f.*
 979          FROM ".TABLE_PREFIX."privatemessages pm
 980          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 981          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 982          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 983      ");
 984      $pm = $db->fetch_array($query);
 985  
 986      if(!$pm)
 987      {
 988          error($lang->error_invalidpm);
 989      }
 990  
 991      if($pm['folder'] == 3)
 992      {
 993          header("Location: private.php?action=send&pmid={$pm['pmid']}");
 994          exit;
 995      }
 996  
 997      // If we've gotten a PM, attach the group info
 998      $data_key = array(
 999          'title' => 'grouptitle',
1000          'usertitle' => 'groupusertitle',
1001          'stars' => 'groupstars',
1002          'starimage' => 'groupstarimage',
1003          'image' => 'groupimage',
1004          'namestyle' => 'namestyle'
1005      );
1006  
1007      foreach($data_key as $field => $key)
1008      {
1009          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1010      }
1011  
1012      if($pm['receipt'] == 1)
1013      {
1014          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1015          {
1016              $receiptadd = 0;
1017          }
1018          else
1019          {
1020              $receiptadd = 2;
1021          }
1022      }
1023  
1024      $action_time = '';
1025      if($pm['status'] == 0)
1026      {
1027          $time = TIME_NOW;
1028          $updatearray = array(
1029              'status' => 1,
1030              'readtime' => $time
1031          );
1032  
1033          if(isset($receiptadd))
1034          {
1035              $updatearray['receipt'] = $receiptadd;
1036          }
1037  
1038          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1039  
1040          // Update the unread count - it has now changed.
1041          update_pm_count($mybb->user['uid'], 6);
1042  
1043          // Update PM notice value if this is our last unread PM
1044          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1045          {
1046              $updated_user = array(
1047                  "pmnotice" => 1
1048              );
1049              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1050          }
1051      }
1052      // Replied PM?
1053      else if($pm['status'] == 3 && $pm['statustime'])
1054      {
1055          $reply_string = $lang->you_replied_on;
1056          $reply_date = my_date('relative', $pm['statustime']);
1057  
1058          if((TIME_NOW - $pm['statustime']) < 3600)
1059          {
1060              // Relative string for the first hour
1061              $reply_string = $lang->you_replied;
1062          }
1063  
1064          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1065          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1066      }
1067      else if($pm['status'] == 4 && $pm['statustime'])
1068      {
1069          $forward_string = $lang->you_forwarded_on;
1070          $forward_date = my_date('relative', $pm['statustime']);
1071  
1072          if((TIME_NOW - $pm['statustime']) < 3600)
1073          {
1074              $forward_string = $lang->you_forwarded;
1075          }
1076  
1077          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1078          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1079      }
1080  
1081      $pm['userusername'] = $pm['username'];
1082      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1083  
1084      if($pm['fromid'] == 0)
1085      {
1086          $pm['username'] = $lang->mybb_engine;
1087      }
1088  
1089      if(!$pm['username'])
1090      {
1091          $pm['username'] = $lang->na;
1092      }
1093  
1094      // Fetch the recipients for this message
1095      $pm['recipients'] = my_unserialize($pm['recipients']);
1096  
1097      if(is_array($pm['recipients']['to']))
1098      {
1099          $uid_sql = implode(',', $pm['recipients']['to']);
1100      }
1101      else
1102      {
1103          $uid_sql = $pm['toid'];
1104          $pm['recipients']['to'] = array($pm['toid']);
1105      }
1106  
1107      $show_bcc = 0;
1108  
1109      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1110      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1111      {
1112          $show_bcc = 1;
1113          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1114      }
1115  
1116      // Fetch recipient names from the database
1117      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1118      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1119      while($recipient = $db->fetch_array($query))
1120      {
1121          // User is a BCC recipient
1122          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1123          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1124          {
1125              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1126              $bcc_form_val[] = $recipient['username'];
1127          }
1128          // User is a normal recipient
1129          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1130          {
1131              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1132          }
1133      }
1134  
1135      $bcc = '';
1136      if(count($bcc_recipients) > 0)
1137      {
1138          $bcc_recipients = implode(', ', $bcc_recipients);
1139          $bcc_form_val = implode(',', $bcc_form_val);
1140          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1141      }
1142      else
1143      {
1144          $bcc_form_val = '';
1145      }
1146  
1147      $replyall = false;
1148      if(count($to_recipients) > 1)
1149      {
1150          $replyall = true;
1151      }
1152  
1153      if(count($to_recipients) > 0)
1154      {
1155          $to_recipients = implode($lang->comma, $to_recipients);
1156      }
1157      else
1158      {
1159          $to_recipients = $lang->nobody;
1160      }
1161  
1162      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1163  
1164      add_breadcrumb($pm['subject']);
1165      $message = build_postbit($pm, 2);
1166  
1167      // Decide whether or not to show quick reply.
1168      $quickreply = '';
1169      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1170      {
1171          $trow = alt_trow();
1172  
1173          $optionschecked = array('savecopy' => 'checked="checked"');
1174          if(!empty($mybb->user['signature']))
1175          {
1176              $optionschecked['signature'] = 'checked="checked"';
1177          }
1178          if($mybb->usergroup['cantrackpms'] == 1)
1179          {
1180              $optionschecked['readreceipt'] = 'checked="checked"';
1181          }
1182  
1183          require_once  MYBB_ROOT.'inc/functions_posting.php';
1184  
1185          $quoted_message = array(
1186              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1187              'username' => $pm['username'],
1188              'quote_is_pm' => true
1189          );
1190          $quoted_message = parse_quoted_message($quoted_message);
1191  
1192          if($mybb->settings['maxpmquotedepth'] != '0')
1193          {
1194              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1195          }
1196  
1197          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1198  
1199          if($mybb->user['uid'] == $pm['fromid'])
1200          {
1201              $to = htmlspecialchars_uni($mybb->user['username']);
1202          }
1203          else
1204          {
1205              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1206              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1207          }
1208  
1209          $private_send_tracking = '';
1210          if($mybb->usergroup['cantrackpms'])
1211          {
1212              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1213  
1214              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1215          }
1216          
1217          $expaltext = (in_array("quickreply", $collapse)) ? "[+]" : "[-]";
1218          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1219      }
1220  
1221      $plugins->run_hooks("private_read_end");
1222  
1223      eval("\$read = \"".$templates->get("private_read")."\";");
1224      output_page($read);
1225  }
1226  
1227  if($mybb->input['action'] == "tracking")
1228  {
1229      if(!$mybb->usergroup['cantrackpms'])
1230      {
1231          error_no_permission();
1232      }
1233  
1234      $plugins->run_hooks("private_tracking_start");
1235      $readmessages = '';
1236      $unreadmessages = '';
1237  
1238      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1239      {
1240          $mybb->settings['postsperpage'] = 20;
1241      }
1242  
1243      // Figure out if we need to display multiple pages.
1244      $perpage = $mybb->settings['postsperpage'];
1245  
1246      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1247      $postcount = $db->fetch_field($query, "readpms");
1248  
1249      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1250      $pages = $postcount / $perpage;
1251      $pages = ceil($pages);
1252  
1253      if($mybb->get_input('read_page') == "last")
1254      {
1255          $page = $pages;
1256      }
1257  
1258      if($page > $pages || $page <= 0)
1259      {
1260          $page = 1;
1261      }
1262  
1263      if($page)
1264      {
1265          $start = ($page-1) * $perpage;
1266      }
1267      else
1268      {
1269          $start = 0;
1270          $page = 1;
1271      }
1272  
1273      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1274  
1275      $query = $db->query("
1276          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1277          FROM ".TABLE_PREFIX."privatemessages pm
1278          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1279          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1280          ORDER BY pm.readtime DESC
1281          LIMIT {$start}, {$perpage}
1282      ");
1283      while($readmessage = $db->fetch_array($query))
1284      {
1285          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1286          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1287          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1288          $readdate = my_date('relative', $readmessage['readtime']);
1289          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1290      }
1291  
1292      $stoptrackingread = '';
1293      if(!empty($readmessages))
1294      {
1295          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1296      }
1297  
1298      if(!$readmessages)
1299      {
1300          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1301      }
1302  
1303      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1304      $postcount = $db->fetch_field($query, "unreadpms");
1305  
1306      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1307      $pages = $postcount / $perpage;
1308      $pages = ceil($pages);
1309  
1310      if($mybb->get_input('unread_page') == "last")
1311      {
1312          $page = $pages;
1313      }
1314  
1315      if($page > $pages || $page <= 0)
1316      {
1317          $page = 1;
1318      }
1319  
1320      if($page)
1321      {
1322          $start = ($page-1) * $perpage;
1323      }
1324      else
1325      {
1326          $start = 0;
1327          $page = 1;
1328      }
1329  
1330      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1331  
1332      $query = $db->query("
1333          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1334          FROM ".TABLE_PREFIX."privatemessages pm
1335          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1336          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1337          ORDER BY pm.dateline DESC
1338          LIMIT {$start}, {$perpage}
1339      ");
1340      while($unreadmessage = $db->fetch_array($query))
1341      {
1342          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1343          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1344          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1345          $senddate = my_date('relative', $unreadmessage['dateline']);
1346          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1347      }
1348  
1349      $stoptrackingunread = '';
1350      if(!empty($unreadmessages))
1351      {
1352          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1353      }
1354  
1355      if(!$unreadmessages)
1356      {
1357          $lang->no_readmessages = $lang->no_unreadmessages;
1358          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1359      }
1360  
1361      $plugins->run_hooks("private_tracking_end");
1362  
1363      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1364      output_page($tracking);
1365  }
1366  
1367  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1368  {
1369      // Verify incoming POST request
1370      verify_post_check($mybb->get_input('my_post_key'));
1371  
1372      $plugins->run_hooks("private_do_tracking_start");
1373  
1374      if(!empty($mybb->input['stoptracking']))
1375      {
1376          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1377          if(!empty($mybb->input['readcheck']))
1378          {
1379              foreach($mybb->input['readcheck'] as $key => $val)
1380              {
1381                  $sql_array = array(
1382                      "receipt" => 0
1383                  );
1384                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1385              }
1386          }
1387          $plugins->run_hooks("private_do_tracking_end");
1388          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1389      }
1390      elseif(!empty($mybb->input['stoptrackingunread']))
1391      {
1392          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1393          if(!empty($mybb->input['unreadcheck']))
1394          {
1395              foreach($mybb->input['unreadcheck'] as $key => $val)
1396              {
1397                  $sql_array = array(
1398                      "receipt" => 0
1399                  );
1400                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1401              }
1402          }
1403          $plugins->run_hooks("private_do_tracking_end");
1404          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1405      }
1406      elseif(!empty($mybb->input['cancel']))
1407      {
1408          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1409          if(!empty($mybb->input['unreadcheck']))
1410          {
1411              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1412              {
1413                  $pmids[$pmid] = (int)$pmid;
1414              }
1415  
1416              $pmids = implode(",", $pmids);
1417              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1418              while($pm = $db->fetch_array($query))
1419              {
1420                  $pmuids[$pm['uid']] = $pm['uid'];
1421              }
1422  
1423              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1424              foreach($pmuids as $uid)
1425              {
1426                  // Message is canceled, update PM count for this user
1427                  update_pm_count($uid);
1428              }
1429          }
1430          $plugins->run_hooks("private_do_tracking_end");
1431          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1432      }
1433  }
1434  
1435  if($mybb->input['action'] == "stopalltracking")
1436  {
1437      // Verify incoming POST request
1438      verify_post_check($mybb->get_input('my_post_key'));
1439  
1440      $plugins->run_hooks("private_stopalltracking_start");
1441  
1442      $sql_array = array(
1443          "receipt" => 0
1444      );
1445      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1446  
1447      $plugins->run_hooks("private_stopalltracking_end");
1448      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1449  }
1450  
1451  if($mybb->input['action'] == "folders")
1452  {
1453      $plugins->run_hooks("private_folders_start");
1454  
1455      $folderlist = '';
1456      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1457      foreach($foldersexploded as $key => $folders)
1458      {
1459          $folderinfo = explode("**", $folders, 2);
1460          $foldername = $folderinfo[1];
1461          $fid = $folderinfo[0];
1462          $foldername = get_pm_folder_name($fid, $foldername);
1463  
1464          if($folderinfo[0] == "1" || $folderinfo[0] == "2" || $folderinfo[0] == "3" || $folderinfo[0] == "4")
1465          {
1466              $foldername2 = get_pm_folder_name($fid);
1467              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1468              unset($name);
1469          }
1470          else
1471          {
1472              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1473          }
1474      }
1475  
1476      $newfolders = '';
1477      for($i = 1; $i <= 5; ++$i)
1478      {
1479          $fid = "new$i";
1480          $foldername = '';
1481          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1482      }
1483  
1484      $plugins->run_hooks("private_folders_end");
1485  
1486      eval("\$folders = \"".$templates->get("private_folders")."\";");
1487      output_page($folders);
1488  }
1489  
1490  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1491  {
1492      // Verify incoming POST request
1493      verify_post_check($mybb->get_input('my_post_key'));
1494  
1495      $plugins->run_hooks("private_do_folders_start");
1496  
1497      $highestid = 2;
1498      $folders = '';
1499      $donefolders = array();
1500      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1501      foreach($mybb->input['folder'] as $key => $val)
1502      {
1503          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1504          {
1505              if(my_substr($key, 0, 3) == "new") // Create a new folder
1506              {
1507                  ++$highestid;
1508                  $fid = (int)$highestid;
1509              }
1510              else // Editing an existing folder
1511              {
1512                  if($key > $highestid)
1513                  {
1514                      $highestid = $key;
1515                  }
1516  
1517                  $fid = (int)$key;
1518                  // Use default language strings if empty or value is language string
1519                  switch($fid)
1520                  {
1521                      case 1:
1522                          if($val == $lang->folder_inbox || trim($val) == '')
1523                          {
1524                              $val = '';
1525                          }
1526                          break;
1527                      case 2:
1528                          if($val == $lang->folder_sent_items || trim($val) == '')
1529                          {
1530                              $val = '';
1531                          }
1532                          break;
1533                      case 3:
1534                          if($val == $lang->folder_drafts || trim($val) == '')
1535                          {
1536                              $val = '';
1537                          }
1538                          break;
1539                      case 4:
1540                          if($val == $lang->folder_trash || trim($val) == '')
1541                          {
1542                              $val = '';
1543                          }
1544                          break;
1545                  }
1546              }
1547  
1548              if($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4))
1549              {
1550                  // If the name only contains whitespace and it's not a default folder, print an error
1551                  error($lang->error_emptypmfoldername);
1552              }
1553  
1554              if($val != '' || ($key >= 1 && $key <= 4))
1555              {
1556                  // If there is a name or if this is a default folder, save it
1557                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1558  
1559                  if(my_strpos($foldername, "$%%$") === false)
1560                  {
1561                      if($folders != '')
1562                      {
1563                          $folders .= "$%%$";
1564                      }
1565                      $folders .= "$fid**$foldername";
1566                  }
1567                  else
1568                  {
1569                      error($lang->error_invalidpmfoldername);
1570                  }
1571              }
1572              else
1573              {
1574                  // Delete PMs from the folder
1575                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1576              }
1577          }
1578      }
1579  
1580      $sql_array = array(
1581          "pmfolders" => $folders
1582      );
1583      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1584  
1585      // Update PM count
1586      update_pm_count();
1587  
1588      $plugins->run_hooks("private_do_folders_end");
1589  
1590      redirect("private.php", $lang->redirect_pmfoldersupdated);
1591  }
1592  
1593  if($mybb->input['action'] == "empty")
1594  {
1595      if($mybb->user['totalpms'] == 0)
1596      {
1597          error($lang->error_nopms);
1598      }
1599  
1600      $plugins->run_hooks("private_empty_start");
1601  
1602      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1603      $folderlist = '';
1604      foreach($foldersexploded as $key => $folders)
1605      {
1606          $folderinfo = explode("**", $folders, 2);
1607          $fid = $folderinfo[0];
1608          $foldername = get_pm_folder_name($fid, $folderinfo[1]);
1609          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid' AND uid='".$mybb->user['uid']."'");
1610          $thing = $db->fetch_array($query);
1611          $foldercount = my_number_format($thing['pmsinfolder']);
1612          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1613      }
1614  
1615      $plugins->run_hooks("private_empty_end");
1616  
1617      eval("\$folders = \"".$templates->get("private_empty")."\";");
1618      output_page($folders);
1619  }
1620  
1621  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1622  {
1623      // Verify incoming POST request
1624      verify_post_check($mybb->get_input('my_post_key'));
1625  
1626      $plugins->run_hooks("private_do_empty_start");
1627  
1628      $emptyq = '';
1629      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1630      $keepunreadq = '';
1631      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1632      {
1633          $keepunreadq = " AND status!='0'";
1634      }
1635      if(!empty($mybb->input['empty']))
1636      {
1637          foreach($mybb->input['empty'] as $key => $val)
1638          {
1639              if($val == 1)
1640              {
1641                  $key = (int)$key;
1642                  if($emptyq)
1643                  {
1644                      $emptyq .= " OR ";
1645                  }
1646                  $emptyq .= "folder='$key'";
1647              }
1648          }
1649  
1650          if($emptyq != '')
1651          {
1652              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1653          }
1654      }
1655  
1656      // Update PM count
1657      update_pm_count();
1658  
1659      $plugins->run_hooks("private_do_empty_end");
1660      redirect("private.php", $lang->redirect_pmfoldersemptied);
1661  }
1662  
1663  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1664  {
1665      // Verify incoming POST request
1666      verify_post_check($mybb->get_input('my_post_key'));
1667  
1668      $plugins->run_hooks("private_do_stuff");
1669  
1670      if(!empty($mybb->input['hop']))
1671      {
1672          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1673      }
1674      elseif(!empty($mybb->input['moveto']))
1675      {
1676          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1677          if(!empty($mybb->input['check']))
1678          {
1679              foreach($mybb->input['check'] as $key => $val)
1680              {
1681                  $sql_array = array(
1682                      "folder" => $mybb->input['fid']
1683                  );
1684                  $db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
1685              }
1686          }
1687          // Update PM count
1688          update_pm_count();
1689  
1690          if(!empty($mybb->input['fromfid']))
1691          {
1692              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1693          }
1694          else
1695          {
1696              redirect("private.php", $lang->redirect_pmsmoved);
1697          }
1698      }
1699      elseif(!empty($mybb->input['delete']))
1700      {
1701          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1702          if(!empty($mybb->input['check']))
1703          {
1704              $pmssql = '';
1705              foreach($mybb->input['check'] as $key => $val)
1706              {
1707                  if($pmssql)
1708                  {
1709                      $pmssql .= ",";
1710                  }
1711                  $pmssql .= "'".(int)$key."'";
1712              }
1713  
1714              $deletepms = array();
1715              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1716              while($delpm = $db->fetch_array($query))
1717              {
1718                  $deletepms[$delpm['pmid']] = 1;
1719              }
1720  
1721              foreach($mybb->input['check'] as $key => $val)
1722              {
1723                  $key = (int)$key;
1724                  if(!empty($deletepms[$key]))
1725                  {
1726                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1727                  }
1728                  else
1729                  {
1730                      $sql_array = array(
1731                          "folder" => 4,
1732                          "deletetime" => TIME_NOW
1733                      );
1734                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1735                  }
1736              }
1737          }
1738          // Update PM count
1739          update_pm_count();
1740  
1741          if(!empty($mybb->input['fromfid']))
1742          {
1743              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1744          }
1745          else
1746          {
1747              redirect("private.php", $lang->redirect_pmsdeleted);
1748          }
1749      }
1750  }
1751  
1752  if($mybb->input['action'] == "delete")
1753  {
1754      // Verify incoming POST request
1755      verify_post_check($mybb->get_input('my_post_key'));
1756  
1757      $plugins->run_hooks("private_delete_start");
1758  
1759      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1760      if($db->num_rows($query) == 1)
1761      {
1762          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1763      }
1764      else
1765      {
1766          $sql_array = array(
1767              "folder" => 4,
1768              "deletetime" => TIME_NOW
1769          );
1770          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1771      }
1772  
1773      // Update PM count
1774      update_pm_count();
1775  
1776      $plugins->run_hooks("private_delete_end");
1777      redirect("private.php", $lang->redirect_pmsdeleted);
1778  }
1779  
1780  if($mybb->input['action'] == "export")
1781  {
1782      if($mybb->user['totalpms'] == 0)
1783      {
1784          error($lang->error_nopms);
1785      }
1786  
1787      $plugins->run_hooks("private_export_start");
1788  
1789      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1790      $folder_name = $folder_id = '';
1791      foreach($foldersexploded as $key => $folders)
1792      {
1793          $folderinfo = explode("**", $folders, 2);
1794          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1795  
1796          $folder_id = $folderinfo[0];
1797          $folder_name = $folderinfo[1];
1798  
1799          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1800      }
1801  
1802      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1803  
1804      $plugins->run_hooks("private_export_end");
1805  
1806      eval("\$archive = \"".$templates->get("private_archive")."\";");
1807  
1808      output_page($archive);
1809  }
1810  
1811  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1812  {
1813      // Verify incoming POST request
1814      verify_post_check($mybb->get_input('my_post_key'));
1815  
1816      $plugins->run_hooks("private_do_export_start");
1817  
1818      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1819      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1820      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1821      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1822      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1823      foreach($foldersexploded as $key => $folders)
1824      {
1825          $folderinfo = explode("**", $folders, 2);
1826          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1827          $foldersexploded[$key] = implode("**", $folderinfo);
1828      }
1829  
1830      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1831      {
1832          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1833      }
1834      else
1835      {
1836          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1837          {
1838              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1839              $wsql = "pm.dateline";
1840              if($mybb->get_input('dayway') == "older")
1841              {
1842                  $wsql .= "<=";
1843              }
1844              else
1845              {
1846                  $wsql .= ">=";
1847              }
1848              $wsql .= "'$datecut'";
1849          }
1850          else
1851          {
1852              $wsql = "1=1";
1853          }
1854  
1855          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1856          if(!empty($mybb->input['exportfolders']))
1857          {
1858              $folderlst = '';
1859              foreach($mybb->input['exportfolders'] as $key => $val)
1860              {
1861                  $val = $db->escape_string($val);
1862                  if($val == "all")
1863                  {
1864                      $folderlst = '';
1865                      break;
1866                  }
1867                  else
1868                  {
1869                      if(!$folderlst)
1870                      {
1871                          $folderlst = " AND pm.folder IN ('$val'";
1872                      }
1873                      else
1874                      {
1875                          $folderlst .= ",'$val'";
1876                      }
1877                  }
1878              }
1879              if($folderlst)
1880              {
1881                  $folderlst .= ")";
1882              }
1883              $wsql .= "$folderlst";
1884          }
1885          else
1886          {
1887              error($lang->error_pmnoarchivefolders);
1888          }
1889  
1890          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1891          {
1892              $wsql .= " AND pm.status!='0'";
1893          }
1894      }
1895      $query = $db->query("
1896          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1897          FROM ".TABLE_PREFIX."privatemessages pm
1898          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1899          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1900          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1901          ORDER BY pm.folder ASC, pm.dateline DESC
1902      ");
1903      $numpms = $db->num_rows($query);
1904      if(!$numpms)
1905      {
1906          error($lang->error_nopmsarchive);
1907      }
1908  
1909      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1910  
1911      $pmsdownload = $ids = '';
1912      while($message = $db->fetch_array($query))
1913      {
1914          if($message['folder'] == 2 || $message['folder'] == 3)
1915          { // Sent Items or Drafts Folder Check
1916              if($message['toid'])
1917              {
1918                  $tofromuid = $message['toid'];
1919                  if($mybb->input['exporttype'] == "txt")
1920                  {
1921                      $tofromusername = $message['tousername'];
1922                  }
1923                  else
1924                  {
1925                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1926                  }
1927              }
1928              else
1929              {
1930                  $tofromusername = $lang->not_sent;
1931              }
1932              $tofrom = $lang->to;
1933          }
1934          else
1935          {
1936              $tofromuid = $message['fromid'];
1937              if($mybb->input['exporttype'] == "txt")
1938              {
1939                  $tofromusername = $message['fromusername'];
1940              }
1941              else
1942              {
1943                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1944              }
1945  
1946              if($tofromuid == 0)
1947              {
1948                  $tofromusername = $lang->mybb_engine;
1949              }
1950              $tofrom = $lang->from;
1951          }
1952  
1953          if($tofromuid == 0)
1954          {
1955              $message['fromusername'] = $lang->mybb_engine;
1956          }
1957  
1958          if(!$message['toid'] && $message['folder'] == 3)
1959          {
1960              $message['tousername'] = $lang->not_sent;
1961          }
1962  
1963          $message['subject'] = $parser->parse_badwords($message['subject']);
1964          if($message['folder'] != "3")
1965          {
1966              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1967              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1968              $senddate .= " $lang->at $sendtime";
1969          }
1970          else
1971          {
1972              $senddate = $lang->not_sent;
1973          }
1974  
1975          if($mybb->input['exporttype'] == "html")
1976          {
1977              $parser_options = array(
1978                  "allow_html" => $mybb->settings['pmsallowhtml'],
1979                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1980                  "allow_smilies" => 0,
1981                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1982                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1983                  "me_username" => $mybb->user['username'],
1984                  "filter_badwords" => 1
1985              );
1986  
1987              $message['message'] = $parser->parse_message($message['message'], $parser_options);
1988              $message['subject'] = htmlspecialchars_uni($message['subject']);
1989          }
1990  
1991          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
1992          {
1993              $message['message'] = str_replace("\r\n", "\n", $message['message']);
1994              $message['message'] = str_replace("\n", "\r\n", $message['message']);
1995          }
1996  
1997          if($mybb->input['exporttype'] == "csv")
1998          {
1999              $message['message'] = my_escape_csv($message['message']);
2000              $message['subject'] = my_escape_csv($message['subject']);
2001              $message['tousername'] = my_escape_csv($message['tousername']);
2002              $message['fromusername'] = my_escape_csv($message['fromusername']);
2003          }
2004  
2005          if(empty($donefolder[$message['folder']]))
2006          {
2007              reset($foldersexploded);
2008              foreach($foldersexploded as $key => $val)
2009              {
2010                  $folderinfo = explode("**", $val, 2);
2011                  if($folderinfo[0] == $message['folder'])
2012                  {
2013                      $foldername = $folderinfo[1];
2014                      if($mybb->input['exporttype'] != "csv")
2015                      {
2016                          if($mybb->input['exporttype'] != "html")
2017                          {
2018                              $mybb->input['exporttype'] == "txt";
2019                          }
2020                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2021                      }
2022                      else
2023                      {
2024                          $foldername = my_escape_csv($folderinfo[1]);
2025                      }
2026                      $donefolder[$message['folder']] = 1;
2027                  }
2028              }
2029          }
2030  
2031          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2032          $ids .= ",'{$message['pmid']}'";
2033      }
2034  
2035      if($mybb->input['exporttype'] == "html")
2036      {
2037          // Gather global stylesheet for HTML
2038          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
2039          $css = $db->fetch_field($query, "stylesheet");
2040      }
2041  
2042      $plugins->run_hooks("private_do_export_end");
2043  
2044      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2045      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2046      { // delete the archived pms
2047          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2048          // Update PM count
2049          update_pm_count();
2050      }
2051  
2052      if($mybb->input['exporttype'] == "html")
2053      {
2054          $filename = "pm-archive.html";
2055          $contenttype = "text/html";
2056      }
2057      elseif($mybb->input['exporttype'] == "csv")
2058      {
2059          $filename = "pm-archive.csv";
2060          $contenttype = "application/octet-stream";
2061      }
2062      else
2063      {
2064          $filename = "pm-archive.txt";
2065          $contenttype = "text/plain";
2066      }
2067  
2068      $archived = str_replace("\\\'","'",$archived);
2069      header("Content-disposition: filename=$filename");
2070      header("Content-type: ".$contenttype);
2071  
2072      if($mybb->input['exporttype'] == "html")
2073      {
2074          output_page($archived);
2075      }
2076      else
2077      {
2078          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2079          echo $archived;
2080      }
2081  }
2082  
2083  if(!$mybb->input['action'])
2084  {
2085      $plugins->run_hooks("private_inbox");
2086  
2087      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2088      {
2089          $mybb->input['fid'] = 1;
2090      }
2091  
2092      $folder = $mybb->input['fid'];
2093      $foldername = $foldernames[$folder];
2094  
2095      if($folder == 2 || $folder == 3)
2096      { // Sent Items Folder
2097          $sender = $lang->sentto;
2098      }
2099      else
2100      {
2101          $sender = $lang->sender;
2102      }
2103  
2104      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2105      $ordersel = array('asc' => '', 'desc');
2106      switch(my_strtolower($mybb->input['order']))
2107      {
2108          case "asc":
2109              $sortordernow = "asc";
2110              $ordersel['asc'] = "selected=\"selected\"";
2111              $oppsort = $lang->desc;
2112              $oppsortnext = "desc";
2113              break;
2114          default:
2115              $sortordernow = "desc";
2116              $ordersel['desc'] = "selected=\"selected\"";
2117              $oppsort = $lang->asc;
2118              $oppsortnext = "asc";
2119              break;
2120      }
2121  
2122      // Sort by which field?
2123      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2124      switch($mybb->get_input('sortby'))
2125      {
2126          case "subject":
2127              $sortfield = "subject";
2128              break;
2129          case "username":
2130              $sortfield = "username";
2131              break;
2132          default:
2133              $sortby = "dateline";
2134              $sortfield = "dateline";
2135              $mybb->input['sortby'] = "dateline";
2136              break;
2137      }
2138      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2139      $sortsel[$sortby] = "selected=\"selected\"";
2140  
2141      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2142  
2143      // Do Multi Pages
2144      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");
2145      $pmscount = $db->fetch_field($query, "total");
2146  
2147      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2148      {
2149          $mybb->settings['threadsperpage'] = 20;
2150      }
2151  
2152      $perpage = $mybb->settings['threadsperpage'];
2153      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2154  
2155      if($page > 0)
2156      {
2157          $start = ($page-1) *$perpage;
2158          $pages = ceil($pmscount / $perpage);
2159          if($page > $pages)
2160          {
2161              $start = 0;
2162              $page = 1;
2163          }
2164      }
2165      else
2166      {
2167          $start = 0;
2168          $page = 1;
2169      }
2170  
2171      $end = $start + $perpage;
2172      $lower = $start+1;
2173      $upper = $end;
2174  
2175      if($upper > $pmscount)
2176      {
2177          $upper = $pmscount;
2178      }
2179  
2180      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2181      {
2182          $page_url = "private.php?fid={$folder}&sortby={$sortby}&order={$sortordernow}";
2183      }
2184      else
2185      {
2186          $page_url = "private.php?fid={$folder}";
2187      }
2188  
2189      $multipage = multipage($pmscount, $perpage, $page, $page_url);
2190      $messagelist = '';
2191  
2192      $icon_cache = $cache->read("posticons");
2193  
2194      // Cache users in multiple recipients for sent & drafts folder
2195      if($folder == 2 || $folder == 3)
2196      {
2197          if($sortfield == "username")
2198          {
2199              $u = "u.";
2200          }
2201          else
2202          {
2203              $u = "pm.";
2204          }
2205  
2206          // Get all recipients into an array
2207          $cached_users = $get_users = array();
2208          $users_query = $db->query("
2209              SELECT pm.recipients
2210              FROM ".TABLE_PREFIX."privatemessages pm
2211              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2212              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2213              ORDER BY {$u}{$sortfield} {$sortordernow}
2214              LIMIT {$start}, {$perpage}
2215          ");
2216          while($row = $db->fetch_array($users_query))
2217          {
2218              $recipients = my_unserialize($row['recipients']);
2219              if(is_array($recipients['to']) && count($recipients['to']))
2220              {
2221                  $get_users = array_merge($get_users, $recipients['to']);
2222              }
2223  
2224              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2225              {
2226                  $get_users = array_merge($get_users, $recipients['bcc']);
2227              }
2228          }
2229  
2230          $get_users = implode(',', array_unique($get_users));
2231  
2232          // Grab info
2233          if($get_users)
2234          {
2235              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2236              while($user = $db->fetch_array($users_query))
2237              {
2238                  $cached_users[$user['uid']] = $user;
2239              }
2240          }
2241      }
2242  
2243      if($folder == 2 || $folder == 3)
2244      {
2245          if($sortfield == "username")
2246          {
2247              $pm = "tu.";
2248          }
2249          else
2250          {
2251              $pm = "pm.";
2252          }
2253      }
2254      else
2255      {
2256          if($sortfield == "username")
2257          {
2258              $pm = "fu.";
2259          }
2260          else
2261          {
2262              $pm = "pm.";
2263          }
2264      }
2265  
2266      $query = $db->query("
2267          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2268          FROM ".TABLE_PREFIX."privatemessages pm
2269          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2270          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2271          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'
2272          ORDER BY {$pm}{$sortfield} {$sortordernow}
2273          LIMIT $start, $perpage
2274      ");
2275  
2276      if($db->num_rows($query) > 0)
2277      {
2278          while($message = $db->fetch_array($query))
2279          {
2280              $msgalt = $msgstatus = '';
2281  
2282              // Determine Folder Icon
2283              if($message['status'] == 0)
2284              {
2285                  $msgstatus = 'new_pm';
2286                  $msgalt = $lang->new_pm;
2287              }
2288              else if($message['status'] == 1)
2289              {
2290                  $msgstatus = 'old_pm';
2291                  $msgalt = $lang->old_pm;
2292              }
2293              else if($message['status'] == 3)
2294              {
2295                  $msgstatus = 're_pm';
2296                  $msgalt = $lang->reply_pm;
2297              }
2298              else if($message['status'] == 4)
2299              {
2300                  $msgstatus = 'fw_pm';
2301                  $msgalt = $lang->fwd_pm;
2302              }
2303  
2304              $tofromuid = 0;
2305              if($folder == 2 || $folder == 3)
2306              { // Sent Items or Drafts Folder Check
2307                  $recipients = my_unserialize($message['recipients']);
2308                  $to_users = $bcc_users = '';
2309                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2310                  {
2311                      foreach($recipients['to'] as $uid)
2312                      {
2313                          $profilelink = get_profile_link($uid);
2314                          $user = $cached_users[$uid];
2315                          $user['username'] = htmlspecialchars_uni($user['username']);
2316                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2317                          if(!$user['username'])
2318                          {
2319                              $username = $lang->na;
2320                          }
2321                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2322                      }
2323                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2324                      {
2325                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2326                          foreach($recipients['bcc'] as $uid)
2327                          {
2328                              $profilelink = get_profile_link($uid);
2329                              $user = $cached_users[$uid];
2330                              $user['username'] = htmlspecialchars_uni($user['username']);
2331                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2332                              if(!$user['username'])
2333                              {
2334                                  $username = $lang->na;
2335                              }
2336                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2337                          }
2338                      }
2339  
2340                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2341                  }
2342                  else if($message['toid'])
2343                  {
2344                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2345                      $tofromuid = $message['toid'];
2346                  }
2347                  else
2348                  {
2349                      $tofromusername = $lang->not_sent;
2350                  }
2351              }
2352              else
2353              {
2354                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2355                  $tofromuid = $message['fromid'];
2356                  if($tofromuid == 0)
2357                  {
2358                      $tofromusername = $lang->mybb_engine;
2359                  }
2360  
2361                  if(!$tofromusername)
2362                  {
2363                      $tofromuid = 0;
2364                      $tofromusername = $lang->na;
2365                  }
2366              }
2367  
2368              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2369  
2370              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2371              {
2372                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2373              }
2374              else
2375              {
2376                  $denyreceipt = '';
2377              }
2378  
2379              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2380              {
2381                  $icon = $icon_cache[$message['icon']];
2382                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2383                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2384                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2385                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2386              }
2387              else
2388              {
2389                  $icon = '&#009;';
2390              }
2391  
2392              if(!trim($message['subject']))
2393              {
2394                  $message['subject'] = $lang->pm_no_subject;
2395              }
2396  
2397              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2398              if($message['folder'] != "3")
2399              {
2400                  $senddate = my_date('relative', $message['dateline']);
2401              }
2402              else
2403              {
2404                  $senddate = $lang->not_sent;
2405              }
2406  
2407              $plugins->run_hooks("private_message");
2408  
2409              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2410          }
2411      }
2412      else
2413      {
2414          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2415      }
2416  
2417      $pmspacebar = '';
2418      if($mybb->usergroup['pmquota'] != 0)
2419      {
2420          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2421          $pmscount = $db->fetch_array($query);
2422          if($pmscount['total'] == 0)
2423          {
2424              $spaceused = 0;
2425          }
2426          else
2427          {
2428              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2429          }
2430          $spaceused2 = 100 - $spaceused;
2431          $belowhalf = $overhalf = '';
2432          if($spaceused <= "50")
2433          {
2434              $spaceused_severity = "low";
2435              $belowhalf = round($spaceused, 0)."%";
2436              if((int)$belowhalf > 100)
2437              {
2438                  $belowhalf = "100%";
2439              }
2440          }
2441          else
2442          {
2443              if($spaceused <= "75")
2444              {
2445                  $spaceused_severity = "medium";
2446              }
2447  
2448              else
2449              {
2450                  $spaceused_severity = "high";
2451              }
2452              
2453              $overhalf = round($spaceused, 0)."%";
2454              if((int)$overhalf > 100)
2455              {
2456                  $overhalf = "100%";
2457              }
2458          }
2459  
2460          if($spaceused > 100)
2461          {
2462              $spaceused = 100;
2463              $spaceused2 = 0;
2464          }
2465  
2466          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2467      }
2468  
2469      $composelink = '';
2470      if($mybb->usergroup['cansendpms'] == 1)
2471      {
2472          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2473      }
2474  
2475      $emptyexportlink = '';
2476      if($mybb->user['totalpms'] > 0)
2477      {
2478          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2479      }
2480  
2481      $limitwarning = '';
2482      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2483      {
2484          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2485      }
2486  
2487      $plugins->run_hooks("private_end");
2488  
2489      eval("\$folder = \"".$templates->get("private")."\";");
2490      output_page($folder);
2491  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1