| [ Index ] |
PHP Cross Reference of MyBB 1.8.37 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define("IGNORE_CLEAN_VARS", "sid"); 13 define('THIS_SCRIPT', 'private.php'); 14 15 $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop"; 16 $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop"; 17 $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start"; 18 $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read"; 19 $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder"; 20 $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink"; 21 $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link"; 22 $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home"; 23 $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find"; 24 $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm"; 25 26 require_once "./global.php"; 27 require_once MYBB_ROOT."inc/functions_post.php"; 28 require_once MYBB_ROOT."inc/functions_user.php"; 29 require_once MYBB_ROOT."inc/class_parser.php"; 30 $parser = new postParser; 31 32 // Load global language phrases 33 $lang->load("private"); 34 35 if($mybb->settings['enablepms'] == 0) 36 { 37 error($lang->pms_disabled); 38 } 39 40 if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0) 41 { 42 error_no_permission(); 43 } 44 45 $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT); 46 47 $folder_id = $folder_name = $folderjump_folder = $folderoplist_folder = $foldersearch_folder =''; 48 49 $foldernames = array(); 50 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 51 foreach($foldersexploded as $key => $folders) 52 { 53 $folderinfo = explode("**", $folders, 2); 54 if($mybb->input['fid'] == $folderinfo[0]) 55 { 56 $sel = ' selected="selected"'; 57 } 58 else 59 { 60 $sel = ''; 61 } 62 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 63 $foldernames[$folderinfo[0]] = $folderinfo[1]; 64 65 $folder_id = $folderinfo[0]; 66 $folder_name = $folderinfo[1]; 67 68 eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";"); 69 70 // Manipulate search folder selection & move selector to omit "Unread" 71 if($folder_id != 1) 72 { 73 if($folder_id == 0) 74 { 75 $folder_id = 1; 76 } 77 eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";"); 78 eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";"); 79 } 80 } 81 82 $from_fid = $mybb->input['fid']; 83 84 eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";"); 85 eval("\$folderoplist = \"".$templates->get("private_move")."\";"); 86 eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";"); 87 88 usercp_menu(); 89 90 $plugins->run_hooks("private_start"); 91 92 // Make navigation 93 add_breadcrumb($lang->nav_pms, "private.php"); 94 95 $mybb->input['action'] = $mybb->get_input('action'); 96 switch($mybb->input['action']) 97 { 98 case "send": 99 add_breadcrumb($lang->nav_send); 100 break; 101 case "tracking": 102 add_breadcrumb($lang->nav_tracking); 103 break; 104 case "folders": 105 add_breadcrumb($lang->nav_folders); 106 break; 107 case "empty": 108 add_breadcrumb($lang->nav_empty); 109 break; 110 case "export": 111 add_breadcrumb($lang->nav_export); 112 break; 113 case "advanced_search": 114 add_breadcrumb($lang->nav_search); 115 break; 116 case "results": 117 add_breadcrumb($lang->nav_results); 118 break; 119 } 120 121 if(!empty($mybb->input['preview'])) 122 { 123 $mybb->input['action'] = "send"; 124 } 125 126 if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post") 127 { 128 $plugins->run_hooks("private_do_search_start"); 129 130 // Simulate coming from our advanced search form with some preset options 131 if($mybb->get_input('quick_search')) 132 { 133 $mybb->input['action'] = "do_search"; 134 $mybb->input['subject'] = 1; 135 $mybb->input['message'] = 1; 136 $mybb->input['folder'] = $mybb->input['fid']; 137 unset($mybb->input['jumpto']); 138 unset($mybb->input['fromfid']); 139 } 140 141 // Check if search flood checking is enabled and user is not admin 142 if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1) 143 { 144 // Fetch the time this user last searched 145 $timecut = TIME_NOW-$mybb->settings['searchfloodtime']; 146 $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC")); 147 $last_search = $db->fetch_array($query); 148 // Users last search was within the flood time, show the error 149 if($last_search['sid']) 150 { 151 $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']); 152 if($remaining_time == 1) 153 { 154 $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']); 155 } 156 else 157 { 158 $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time); 159 } 160 error($lang->error_searchflooding); 161 } 162 } 163 164 if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1) 165 { 166 error($lang->error_nosearchresults); 167 } 168 169 if($mybb->get_input('message', MyBB::INPUT_INT) == 1) 170 { 171 $resulttype = "pmmessages"; 172 } 173 else 174 { 175 $resulttype = "pmsubjects"; 176 } 177 178 $search_data = array( 179 "keywords" => $mybb->get_input('keywords'), 180 "subject" => $mybb->get_input('subject', MyBB::INPUT_INT), 181 "message" => $mybb->get_input('message', MyBB::INPUT_INT), 182 "sender" => $mybb->get_input('sender'), 183 "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY), 184 "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY) 185 ); 186 187 if($db->can_search == true) 188 { 189 require_once MYBB_ROOT."inc/functions_search.php"; 190 191 $search_results = privatemessage_perform_search_mysql($search_data); 192 } 193 else 194 { 195 error($lang->error_no_search_support); 196 } 197 $sid = md5(uniqid(microtime(), true)); 198 $searcharray = array( 199 "sid" => $db->escape_string($sid), 200 "uid" => $mybb->user['uid'], 201 "dateline" => TIME_NOW, 202 "ipaddress" => $db->escape_binary($session->packedip), 203 "threads" => '', 204 "posts" => '', 205 "resulttype" => $resulttype, 206 "querycache" => $search_results['querycache'], 207 "keywords" => $db->escape_string($mybb->get_input('keywords')), 208 ); 209 $plugins->run_hooks("private_do_search_process"); 210 211 $db->insert_query("searchlog", $searcharray); 212 213 // Sender sort won't work yet 214 $sortby = array('subject', 'sender', 'dateline'); 215 216 if(in_array($mybb->get_input('sort'), $sortby)) 217 { 218 $sortby = $mybb->get_input('sort'); 219 } 220 else 221 { 222 $sortby = "dateline"; 223 } 224 225 if(my_strtolower($mybb->get_input('sortordr')) == "asc") 226 { 227 $sortorder = "asc"; 228 } 229 else 230 { 231 $sortorder = "desc"; 232 } 233 234 $plugins->run_hooks("private_do_search_end"); 235 redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults); 236 } 237 238 if($mybb->input['action'] == "results") 239 { 240 $sid = $mybb->get_input('sid'); 241 $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'"); 242 $search = $db->fetch_array($query); 243 244 if(!$search) 245 { 246 error($lang->error_invalidsearch); 247 } 248 249 $plugins->run_hooks("private_results_start"); 250 251 // Decide on our sorting fields and sorting order. 252 $order = my_strtolower($mybb->get_input('order')); 253 $sortby = my_strtolower($mybb->get_input('sortby')); 254 255 $sortby_accepted = array('subject', 'username', 'dateline'); 256 257 if(in_array($sortby, $sortby_accepted)) 258 { 259 $query_sortby = $sortby; 260 261 if($query_sortby == "username") 262 { 263 $query_sortby = "fromusername"; 264 } 265 } 266 else 267 { 268 $sortby = $query_sortby = "dateline"; 269 } 270 271 if($order != "asc") 272 { 273 $order = "desc"; 274 } 275 276 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 277 { 278 $mybb->settings['threadsperpage'] = 20; 279 } 280 281 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")"); 282 $pmscount = $db->fetch_field($query, "total"); 283 284 // Work out pagination, which page we're at, as well as the limits. 285 $perpage = $mybb->settings['threadsperpage']; 286 $page = $mybb->get_input('page', MyBB::INPUT_INT); 287 if($page > 0) 288 { 289 $start = ($page-1) * $perpage; 290 $pages = ceil($pmscount / $perpage); 291 if($page > $pages) 292 { 293 $start = 0; 294 $page = 1; 295 } 296 } 297 else 298 { 299 $start = 0; 300 $page = 1; 301 } 302 $end = $start + $perpage; 303 $lower = $start+1; 304 $upper = $end; 305 306 // Work out if we have terms to highlight 307 $highlight = ""; 308 if($search['keywords']) 309 { 310 $highlight = "&highlight=".urlencode($search['keywords']); 311 } 312 313 // Do Multi Pages 314 if($upper > $pmscount) 315 { 316 $upper = $pmscount; 317 } 318 $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&sortby={$sortby}&order={$order}"); 319 $messagelist = ''; 320 321 $icon_cache = $cache->read("posticons"); 322 323 // Cache users in multiple recipients for sent & drafts folder 324 // Get all recipients into an array 325 $cached_users = $get_users = array(); 326 $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order)); 327 while($row = $db->fetch_array($users_query)) 328 { 329 $recipients = my_unserialize($row['recipients']); 330 if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to'])) 331 { 332 $get_users = array_merge($get_users, $recipients['to']); 333 } 334 335 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 336 { 337 $get_users = array_merge($get_users, $recipients['bcc']); 338 } 339 } 340 341 $get_users = implode(',', array_unique($get_users)); 342 343 // Grab info 344 if($get_users) 345 { 346 $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})"); 347 while($user = $db->fetch_array($users_query)) 348 { 349 $cached_users[$user['uid']] = $user; 350 } 351 } 352 353 $query = $db->query(" 354 SELECT pm.*, fu.username AS fromusername, tu.username as tousername 355 FROM ".TABLE_PREFIX."privatemessages pm 356 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 357 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 358 WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}' 359 ORDER BY pm.{$query_sortby} {$order} 360 LIMIT {$start}, {$perpage} 361 "); 362 while($message = $db->fetch_array($query)) 363 { 364 $msgalt = $msgstatus = ''; 365 366 // Determine Folder Icon 367 if($message['status'] == 0) 368 { 369 $msgstatus = 'new_pm'; 370 $msgalt = $lang->new_pm; 371 } 372 else if($message['status'] == 1) 373 { 374 $msgstatus = 'old_pm'; 375 $msgalt = $lang->old_pm; 376 } 377 else if($message['status'] == 3) 378 { 379 $msgstatus = 're_pm'; 380 $msgalt = $lang->reply_pm; 381 } 382 else if($message['status'] == 4) 383 { 384 $msgstatus = 'fw_pm'; 385 $msgalt = $lang->fwd_pm; 386 } 387 388 $folder = $message['folder']; 389 390 $tofromuid = 0; 391 if($folder == 2 || $folder == 3) 392 { 393 // Sent Items or Drafts Folder Check 394 $recipients = my_unserialize($message['recipients']); 395 $to_users = $bcc_users = ''; 396 if( 397 isset($recipients['to']) && 398 (count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0)) 399 ) 400 { 401 foreach($recipients['to'] as $uid) 402 { 403 $profilelink = get_profile_link($uid); 404 $user = $cached_users[$uid]; 405 $user['username'] = htmlspecialchars_uni($user['username']); 406 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 407 eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 408 } 409 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 410 { 411 eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";"); 412 foreach($recipients['bcc'] as $uid) 413 { 414 $profilelink = get_profile_link($uid); 415 $user = $cached_users[$uid]; 416 $user['username'] = htmlspecialchars_uni($user['username']); 417 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 418 eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 419 } 420 } 421 422 eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";"); 423 } 424 else if($message['toid']) 425 { 426 $tofromusername = htmlspecialchars_uni($message['tousername']); 427 $tofromuid = $message['toid']; 428 } 429 else 430 { 431 $tofromusername = $lang->not_sent; 432 } 433 } 434 else 435 { 436 $tofromusername = htmlspecialchars_uni($message['fromusername']); 437 $tofromuid = $message['fromid']; 438 if($tofromuid == 0) 439 { 440 $tofromusername = $lang->mybb_engine; 441 } 442 } 443 444 $tofromusername = build_profile_link($tofromusername, $tofromuid); 445 446 $denyreceipt = ''; 447 448 if($message['icon'] > 0 && $icon_cache[$message['icon']]) 449 { 450 $icon = $icon_cache[$message['icon']]; 451 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 452 $icon['path'] = htmlspecialchars_uni($icon['path']); 453 $icon['name'] = htmlspecialchars_uni($icon['name']); 454 eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";"); 455 } 456 else 457 { 458 $icon = '	'; 459 } 460 461 if(!trim($message['subject'])) 462 { 463 $message['subject'] = $lang->pm_no_subject; 464 } 465 466 $message['subject'] = $parser->parse_badwords($message['subject']); 467 468 if(my_strlen($message['subject']) > 50) 469 { 470 $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."..."); 471 } 472 else 473 { 474 $message['subject'] = htmlspecialchars_uni($message['subject']); 475 } 476 477 if($message['folder'] != "3") 478 { 479 $senddate = my_date('relative', $message['dateline']); 480 } 481 else 482 { 483 $senddate = $lang->not_sent; 484 } 485 486 $fid = "0"; 487 if((int)$message['folder'] > 1) 488 { 489 $fid = $message['folder']; 490 } 491 $foldername = $foldernames[$fid]; 492 493 // What we do here is parse the post using our post parser, then strip the tags from it 494 $parser_options = array( 495 'allow_html' => 0, 496 'allow_mycode' => 1, 497 'allow_smilies' => 0, 498 'allow_imgcode' => 0, 499 'filter_badwords' => 1 500 ); 501 $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options)); 502 if(my_strlen($message['message']) > 200) 503 { 504 $message['message'] = my_substr($message['message'], 0, 200)."..."; 505 } 506 507 eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";"); 508 } 509 510 if($db->num_rows($query) == 0) 511 { 512 eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";"); 513 } 514 515 $plugins->run_hooks("private_results_end"); 516 517 eval("\$results = \"".$templates->get("private_search_results")."\";"); 518 output_page($results); 519 } 520 521 if($mybb->input['action'] == "advanced_search") 522 { 523 $plugins->run_hooks("private_advanced_search"); 524 525 eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";"); 526 527 output_page($advanced_search); 528 } 529 530 // Dismissing a new/unread PM notice 531 if($mybb->input['action'] == "dismiss_notice") 532 { 533 if($mybb->user['pmnotice'] != 2) 534 { 535 exit; 536 } 537 538 // Verify incoming POST request 539 verify_post_check($mybb->get_input('my_post_key')); 540 541 $updated_user = array( 542 "pmnotice" => 1 543 ); 544 $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'"); 545 546 if(!empty($mybb->input['ajax'])) 547 { 548 echo 1; 549 exit; 550 } 551 else 552 { 553 header("Location: index.php"); 554 exit; 555 } 556 } 557 558 $send_errors = ''; 559 560 if($mybb->input['action'] == "do_send" && $mybb->request_method == "post") 561 { 562 if($mybb->usergroup['cansendpms'] == 0) 563 { 564 error_no_permission(); 565 } 566 567 // Verify incoming POST request 568 verify_post_check($mybb->get_input('my_post_key')); 569 570 $plugins->run_hooks("private_send_do_send"); 571 572 // Attempt to see if this PM is a duplicate or not 573 $to = array_map("trim", explode(",", $mybb->get_input('to'))); 574 $to = array_unique($to); // Filter out any duplicates 575 $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to))); 576 $time_cutoff = TIME_NOW - (5 * 60 * 60); 577 $query = $db->query(" 578 SELECT pm.pmid 579 FROM ".TABLE_PREFIX."privatemessages pm 580 LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid) 581 WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3' 582 LIMIT 0, 1 583 "); 584 if($db->num_rows($query) > 0) 585 { 586 error($lang->error_pm_already_submitted); 587 } 588 589 require_once MYBB_ROOT."inc/datahandlers/pm.php"; 590 $pmhandler = new PMDataHandler(); 591 592 $pm = array( 593 "subject" => $mybb->get_input('subject'), 594 "message" => $mybb->get_input('message'), 595 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 596 "fromid" => $mybb->user['uid'], 597 "do" => $mybb->get_input('do'), 598 "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT), 599 "ipaddress" => $session->packedip 600 ); 601 602 // Split up any recipients we have 603 $pm['to'] = $to; 604 if(!empty($mybb->input['bcc'])) 605 { 606 $pm['bcc'] = explode(",", $mybb->get_input('bcc')); 607 $pm['bcc'] = array_map("trim", $pm['bcc']); 608 } 609 610 $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY); 611 612 if(!$mybb->usergroup['cantrackpms']) 613 { 614 $mybb->input['options']['readreceipt'] = false; 615 } 616 617 $pm['options'] = array(); 618 if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1) 619 { 620 $pm['options']['signature'] = 1; 621 } 622 else 623 { 624 $pm['options']['signature'] = 0; 625 } 626 if(isset($mybb->input['options']['disablesmilies'])) 627 { 628 $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies']; 629 } 630 if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1) 631 { 632 $pm['options']['savecopy'] = 1; 633 } 634 else 635 { 636 $pm['options']['savecopy'] = 0; 637 } 638 if(isset($mybb->input['options']['readreceipt'])) 639 { 640 $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt']; 641 } 642 643 if(!empty($mybb->input['saveasdraft'])) 644 { 645 $pm['saveasdraft'] = 1; 646 } 647 $pmhandler->set_data($pm); 648 649 // Now let the pm handler do all the hard work. 650 if(!$pmhandler->validate_pm()) 651 { 652 $pm_errors = $pmhandler->get_friendly_errors(); 653 $send_errors = inline_error($pm_errors); 654 $mybb->input['action'] = "send"; 655 } 656 else 657 { 658 $pminfo = $pmhandler->insert_pm(); 659 $plugins->run_hooks("private_do_send_end"); 660 661 if(isset($pminfo['draftsaved'])) 662 { 663 redirect("private.php", $lang->redirect_pmsaved); 664 } 665 else 666 { 667 redirect("private.php", $lang->redirect_pmsent); 668 } 669 } 670 } 671 672 if($mybb->input['action'] == "send") 673 { 674 if($mybb->usergroup['cansendpms'] == 0) 675 { 676 error_no_permission(); 677 } 678 679 $plugins->run_hooks("private_send_start"); 680 681 $smilieinserter = $codebuttons = ''; 682 683 if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 684 { 685 $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']); 686 if($mybb->settings['pmsallowsmilies'] != 0) 687 { 688 $smilieinserter = build_clickable_smilies(); 689 } 690 } 691 692 $lang->post_icon = $lang->message_icon; 693 694 $posticons = get_post_icons(); 695 $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message'))); 696 $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject'))); 697 698 $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => ''); 699 $to = $bcc = ''; 700 701 if(!empty($mybb->input['preview']) || $send_errors) 702 { 703 $options = $mybb->get_input('options', MyBB::INPUT_ARRAY); 704 if(isset($options['signature']) && $options['signature'] == 1) 705 { 706 $optionschecked['signature'] = 'checked="checked"'; 707 } 708 if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1) 709 { 710 $optionschecked['disablesmilies'] = 'checked="checked"'; 711 } 712 if(isset($options['savecopy']) && $options['savecopy'] != 0) 713 { 714 $optionschecked['savecopy'] = 'checked="checked"'; 715 } 716 if(isset($options['readreceipt']) && $options['readreceipt'] != 0) 717 { 718 $optionschecked['readreceipt'] = 'checked="checked"'; 719 } 720 $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to')))))); 721 $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc')))))); 722 } 723 724 $preview = ''; 725 // Preview 726 if(!empty($mybb->input['preview'])) 727 { 728 $options = $mybb->get_input('options', MyBB::INPUT_ARRAY); 729 $query = $db->query(" 730 SELECT u.username AS userusername, u.*, f.* 731 FROM ".TABLE_PREFIX."users u 732 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 733 WHERE u.uid='".$mybb->user['uid']."' 734 "); 735 736 $post = $db->fetch_array($query); 737 738 $post['userusername'] = $mybb->user['username']; 739 $post['postusername'] = $mybb->user['username']; 740 $post['message'] = $mybb->get_input('message'); 741 $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject')); 742 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 743 if(!isset($options['disablesmilies'])) 744 { 745 $options['disablesmilies'] = 0; 746 } 747 $post['smilieoff'] = $options['disablesmilies']; 748 $post['dateline'] = TIME_NOW; 749 750 if(!isset($options['signature'])) 751 { 752 $post['includesig'] = 0; 753 } 754 else 755 { 756 $post['includesig'] = 1; 757 } 758 759 // Merge usergroup data from the cache 760 $data_key = array( 761 'title' => 'grouptitle', 762 'usertitle' => 'groupusertitle', 763 'stars' => 'groupstars', 764 'starimage' => 'groupstarimage', 765 'image' => 'groupimage', 766 'namestyle' => 'namestyle', 767 'usereputationsystem' => 'usereputationsystem' 768 ); 769 770 foreach($data_key as $field => $key) 771 { 772 $post[$key] = $groupscache[$post['usergroup']][$field]; 773 } 774 775 $postbit = build_postbit($post, 2); 776 eval("\$preview = \"".$templates->get("previewpost")."\";"); 777 } 778 else if(!$send_errors) 779 { 780 // New PM, so load default settings 781 if($mybb->user['signature'] != '') 782 { 783 $optionschecked['signature'] = 'checked="checked"'; 784 } 785 if($mybb->usergroup['cantrackpms'] == 1) 786 { 787 $optionschecked['readreceipt'] = 'checked="checked"'; 788 } 789 $optionschecked['savecopy'] = 'checked="checked"'; 790 } 791 792 // Draft, reply, forward 793 if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors) 794 { 795 $query = $db->query(" 796 SELECT pm.*, u.username AS quotename 797 FROM ".TABLE_PREFIX."privatemessages pm 798 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid) 799 WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}' 800 "); 801 802 $pm = $db->fetch_array($query); 803 $message = htmlspecialchars_uni($parser->parse_badwords($pm['message'])); 804 $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); 805 806 if($pm['folder'] == "3") 807 { 808 // message saved in drafts 809 $mybb->input['uid'] = $pm['toid']; 810 811 if($pm['includesig'] == 1) 812 { 813 $optionschecked['signature'] = 'checked="checked"'; 814 } 815 if($pm['smilieoff'] == 1) 816 { 817 $optionschecked['disablesmilies'] = 'checked="checked"'; 818 } 819 if($pm['receipt']) 820 { 821 $optionschecked['readreceipt'] = 'checked="checked"'; 822 } 823 824 // Get list of recipients 825 $recipients = my_unserialize($pm['recipients']); 826 $comma = $recipientids = ''; 827 if(isset($recipients['to']) && is_array($recipients['to'])) 828 { 829 foreach($recipients['to'] as $recipient) 830 { 831 $recipient_list['to'][] = $recipient; 832 $recipientids .= $comma.$recipient; 833 $comma = ','; 834 } 835 } 836 837 if(isset($recipients['bcc']) && is_array($recipients['bcc'])) 838 { 839 foreach($recipients['bcc'] as $recipient) 840 { 841 $recipient_list['bcc'][] = $recipient; 842 $recipientids .= $comma.$recipient; 843 $comma = ','; 844 } 845 } 846 847 if(!empty($recipientids)) 848 { 849 $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})"); 850 while($user = $db->fetch_array($query)) 851 { 852 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc'])) 853 { 854 $bcc .= htmlspecialchars_uni($user['username']).', '; 855 } 856 else 857 { 858 $to .= htmlspecialchars_uni($user['username']).', '; 859 } 860 } 861 } 862 } 863 else 864 { 865 // forward/reply 866 $subject = preg_replace("#(FW|RE):( *)#is", '', $subject); 867 $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]"; 868 $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message); 869 870 require_once MYBB_ROOT."inc/functions_posting.php"; 871 872 if($mybb->settings['maxpmquotedepth'] != '0') 873 { 874 $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']); 875 } 876 877 if($mybb->input['do'] == 'forward') 878 { 879 $subject = "Fw: $subject"; 880 } 881 elseif($mybb->input['do'] == 'reply') 882 { 883 $subject = "Re: $subject"; 884 $uid = $pm['fromid']; 885 if($mybb->user['uid'] == $uid) 886 { 887 $to = $mybb->user['username']; 888 } 889 else 890 { 891 $query = $db->simple_select('users', 'username', "uid='{$uid}'"); 892 $to = $db->fetch_field($query, 'username'); 893 } 894 $to = htmlspecialchars_uni($to); 895 } 896 else if($mybb->input['do'] == 'replyall') 897 { 898 $subject = "Re: $subject"; 899 900 // Get list of recipients 901 $recipients = my_unserialize($pm['recipients']); 902 $recipientids = $pm['fromid']; 903 if(isset($recipients['to']) && is_array($recipients['to'])) 904 { 905 foreach($recipients['to'] as $recipient) 906 { 907 if($recipient == $mybb->user['uid']) 908 { 909 continue; 910 } 911 $recipientids .= ','.$recipient; 912 } 913 } 914 $comma = ''; 915 $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})"); 916 while($user = $db->fetch_array($query)) 917 { 918 $to .= $comma.htmlspecialchars_uni($user['username']); 919 $comma = $lang->comma; 920 } 921 } 922 } 923 } 924 925 // New PM with recipient preset 926 if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview'])) 927 { 928 $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 929 $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', '; 930 } 931 932 $max_recipients = ''; 933 if($mybb->usergroup['maxpmrecipients'] > 0) 934 { 935 $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']); 936 } 937 938 if($send_errors) 939 { 940 $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to')))))); 941 $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc')))))); 942 } 943 944 // Load the auto complete javascript if it is enabled. 945 eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";"); 946 947 $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT); 948 $do = $mybb->get_input('do'); 949 if($do != "forward" && $do != "reply" && $do != "replyall") 950 { 951 $do = ''; 952 } 953 954 $buddy_select_to = $buddy_select_bcc = ''; 955 // See if it's actually worth showing the buddylist icon. 956 if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1) 957 { 958 $buddy_select = 'to'; 959 eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";"); 960 $buddy_select = 'bcc'; 961 eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";"); 962 } 963 964 // Hide tracking option if no permission 965 $private_send_tracking = ''; 966 if($mybb->usergroup['cantrackpms']) 967 { 968 eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";"); 969 } 970 971 $plugins->run_hooks("private_send_end"); 972 973 eval("\$send = \"".$templates->get("private_send")."\";"); 974 output_page($send); 975 } 976 977 if($mybb->input['action'] == "read") 978 { 979 $plugins->run_hooks("private_read"); 980 981 $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT); 982 983 $query = $db->query(" 984 SELECT pm.*, u.*, f.* 985 FROM ".TABLE_PREFIX."privatemessages pm 986 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid) 987 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 988 WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."' 989 "); 990 $pm = $db->fetch_array($query); 991 992 if(!$pm) 993 { 994 error($lang->error_invalidpm); 995 } 996 997 if($pm['folder'] == 3) 998 { 999 header("Location: private.php?action=send&pmid={$pm['pmid']}"); 1000 exit; 1001 } 1002 1003 // If we've gotten a PM, attach the group info 1004 $data_key = array( 1005 'title' => 'grouptitle', 1006 'usertitle' => 'groupusertitle', 1007 'stars' => 'groupstars', 1008 'starimage' => 'groupstarimage', 1009 'image' => 'groupimage', 1010 'namestyle' => 'namestyle' 1011 ); 1012 1013 if(isset($groupscache[$pm['usergroup']])) 1014 { 1015 foreach($data_key as $field => $key) 1016 { 1017 $pm[$key] = $groupscache[$pm['usergroup']][$field]; 1018 } 1019 } 1020 1021 if($pm['receipt'] == 1) 1022 { 1023 if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1) 1024 { 1025 $receiptadd = 0; 1026 } 1027 else 1028 { 1029 $receiptadd = 2; 1030 } 1031 } 1032 1033 $action_time = ''; 1034 if($pm['status'] == 0) 1035 { 1036 $time = TIME_NOW; 1037 $updatearray = array( 1038 'status' => 1, 1039 'readtime' => $time 1040 ); 1041 1042 if(isset($receiptadd)) 1043 { 1044 $updatearray['receipt'] = $receiptadd; 1045 } 1046 1047 $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'"); 1048 1049 // Update the unread count - it has now changed. 1050 update_pm_count($mybb->user['uid'], 6); 1051 1052 // Update PM notice value if this is our last unread PM 1053 if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2) 1054 { 1055 $updated_user = array( 1056 "pmnotice" => 1 1057 ); 1058 $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'"); 1059 } 1060 } 1061 // Replied PM? 1062 else if($pm['status'] == 3 && $pm['statustime']) 1063 { 1064 $reply_string = $lang->you_replied_on; 1065 $reply_date = my_date('relative', $pm['statustime']); 1066 1067 if((TIME_NOW - $pm['statustime']) < 3600) 1068 { 1069 // Relative string for the first hour 1070 $reply_string = $lang->you_replied; 1071 } 1072 1073 $actioned_on = $lang->sprintf($reply_string, $reply_date); 1074 eval("\$action_time = \"".$templates->get("private_read_action")."\";"); 1075 } 1076 else if($pm['status'] == 4 && $pm['statustime']) 1077 { 1078 $forward_string = $lang->you_forwarded_on; 1079 $forward_date = my_date('relative', $pm['statustime']); 1080 1081 if((TIME_NOW - $pm['statustime']) < 3600) 1082 { 1083 $forward_string = $lang->you_forwarded; 1084 } 1085 1086 $actioned_on = $lang->sprintf($forward_string, $forward_date); 1087 eval("\$action_time = \"".$templates->get("private_read_action")."\";"); 1088 } 1089 1090 $pm['userusername'] = $pm['username']; 1091 $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); 1092 1093 if($pm['fromid'] == 0) 1094 { 1095 $pm['username'] = $lang->mybb_engine; 1096 } 1097 1098 if(!$pm['username']) 1099 { 1100 $pm['username'] = $lang->na; 1101 } 1102 1103 // Fetch the recipients for this message 1104 $pm['recipients'] = my_unserialize($pm['recipients']); 1105 1106 if(isset($pm['recipients']['to']) && is_array($pm['recipients']['to'])) 1107 { 1108 $uid_sql = implode(',', $pm['recipients']['to']); 1109 } 1110 else 1111 { 1112 $uid_sql = $pm['toid']; 1113 $pm['recipients']['to'] = array($pm['toid']); 1114 } 1115 1116 $show_bcc = 0; 1117 1118 // If we have any BCC recipients and this user is an Administrator, add them on to the query 1119 if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1) 1120 { 1121 $show_bcc = 1; 1122 $uid_sql .= ','.implode(',', $pm['recipients']['bcc']); 1123 } 1124 1125 // Fetch recipient names from the database 1126 $bcc_recipients = $to_recipients = $bcc_form_val = array(); 1127 $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})"); 1128 while($recipient = $db->fetch_array($query)) 1129 { 1130 // User is a BCC recipient 1131 $recipient['username'] = htmlspecialchars_uni($recipient['username']); 1132 if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc'])) 1133 { 1134 $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']); 1135 $bcc_form_val[] = $recipient['username']; 1136 } 1137 // User is a normal recipient 1138 else if(in_array($recipient['uid'], $pm['recipients']['to'])) 1139 { 1140 $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']); 1141 } 1142 } 1143 1144 $bcc = ''; 1145 if(count($bcc_recipients) > 0) 1146 { 1147 $bcc_recipients = implode(', ', $bcc_recipients); 1148 $bcc_form_val = implode(',', $bcc_form_val); 1149 eval("\$bcc = \"".$templates->get("private_read_bcc")."\";"); 1150 } 1151 else 1152 { 1153 $bcc_form_val = ''; 1154 } 1155 1156 $replyall = false; 1157 if(count($to_recipients) > 1) 1158 { 1159 $replyall = true; 1160 } 1161 1162 if(count($to_recipients) > 0) 1163 { 1164 $to_recipients = implode($lang->comma, $to_recipients); 1165 } 1166 else 1167 { 1168 $to_recipients = $lang->nobody; 1169 } 1170 1171 eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";"); 1172 1173 add_breadcrumb($pm['subject']); 1174 $message = build_postbit($pm, 2); 1175 1176 // Decide whether or not to show quick reply. 1177 $quickreply = ''; 1178 if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3) 1179 { 1180 $trow = alt_trow(); 1181 1182 $optionschecked = array('savecopy' => 'checked="checked"', 'signature' => '', 'disablesmilies' => ''); 1183 if(!empty($mybb->user['signature'])) 1184 { 1185 $optionschecked['signature'] = 'checked="checked"'; 1186 } 1187 if($mybb->usergroup['cantrackpms'] == 1) 1188 { 1189 $optionschecked['readreceipt'] = 'checked="checked"'; 1190 } 1191 1192 require_once MYBB_ROOT.'inc/functions_posting.php'; 1193 1194 $quoted_message = array( 1195 'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])), 1196 'username' => $pm['username'], 1197 'quote_is_pm' => true 1198 ); 1199 $quoted_message = parse_quoted_message($quoted_message); 1200 1201 if($mybb->settings['maxpmquotedepth'] != '0') 1202 { 1203 $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']); 1204 } 1205 1206 $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']); 1207 1208 if($mybb->user['uid'] == $pm['fromid']) 1209 { 1210 $to = htmlspecialchars_uni($mybb->user['username']); 1211 } 1212 else 1213 { 1214 $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'"); 1215 $to = htmlspecialchars_uni($db->fetch_field($query, 'username')); 1216 } 1217 1218 $private_send_tracking = ''; 1219 if($mybb->usergroup['cantrackpms']) 1220 { 1221 $lang->options_read_receipt = $lang->quickreply_read_receipt; 1222 1223 eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";"); 1224 } 1225 1226 $postoptionschecked = $optionschecked; // Backwards compatability instead of correcting variable used in template 1227 1228 if(!isset($collapsedthead['quickreply'])) 1229 { 1230 $collapsedthead['quickreply'] = ''; 1231 } 1232 if(!isset($collapsedimg['quickreply'])) 1233 { 1234 $collapsedimg['quickreply'] = ''; 1235 } 1236 if(!isset($collapsed['quickreply_e'])) 1237 { 1238 $collapsed['quickreply_e'] = ''; 1239 } 1240 1241 $expaltext = (in_array("quickreply", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 1242 eval("\$quickreply = \"".$templates->get("private_quickreply")."\";"); 1243 } 1244 1245 $plugins->run_hooks("private_read_end"); 1246 1247 eval("\$read = \"".$templates->get("private_read")."\";"); 1248 output_page($read); 1249 } 1250 1251 if($mybb->input['action'] == "tracking") 1252 { 1253 if(!$mybb->usergroup['cantrackpms']) 1254 { 1255 error_no_permission(); 1256 } 1257 1258 $plugins->run_hooks("private_tracking_start"); 1259 $readmessages = ''; 1260 $unreadmessages = ''; 1261 1262 if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1) 1263 { 1264 $mybb->settings['postsperpage'] = 20; 1265 } 1266 1267 // Figure out if we need to display multiple pages. 1268 $perpage = $mybb->settings['postsperpage']; 1269 1270 $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'"); 1271 $postcount = $db->fetch_field($query, "readpms"); 1272 1273 $page = $mybb->get_input('read_page', MyBB::INPUT_INT); 1274 $pages = $postcount / $perpage; 1275 $pages = ceil($pages); 1276 1277 if($mybb->get_input('read_page') == "last") 1278 { 1279 $page = $pages; 1280 } 1281 1282 if($page > $pages || $page <= 0) 1283 { 1284 $page = 1; 1285 } 1286 1287 if($page) 1288 { 1289 $start = ($page-1) * $perpage; 1290 } 1291 else 1292 { 1293 $start = 0; 1294 $page = 1; 1295 } 1296 1297 $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&read_page={page}"); 1298 1299 $query = $db->query(" 1300 SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername 1301 FROM ".TABLE_PREFIX."privatemessages pm 1302 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 1303 WHERE pm.receipt='2' AND pm.folder!='3' AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."' 1304 ORDER BY pm.readtime DESC 1305 LIMIT {$start}, {$perpage} 1306 "); 1307 while($readmessage = $db->fetch_array($query)) 1308 { 1309 $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject'])); 1310 $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']); 1311 $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']); 1312 $readdate = my_date('relative', $readmessage['readtime']); 1313 eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";"); 1314 } 1315 1316 $stoptrackingread = ''; 1317 if(!empty($readmessages)) 1318 { 1319 eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";"); 1320 } 1321 1322 if(!$readmessages) 1323 { 1324 eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";"); 1325 } 1326 1327 $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'"); 1328 $postcount = $db->fetch_field($query, "unreadpms"); 1329 1330 $page = $mybb->get_input('unread_page', MyBB::INPUT_INT); 1331 $pages = $postcount / $perpage; 1332 $pages = ceil($pages); 1333 1334 if($mybb->get_input('unread_page') == "last") 1335 { 1336 $page = $pages; 1337 } 1338 1339 if($page > $pages || $page <= 0) 1340 { 1341 $page = 1; 1342 } 1343 1344 if($page) 1345 { 1346 $start = ($page-1) * $perpage; 1347 } 1348 else 1349 { 1350 $start = 0; 1351 $page = 1; 1352 } 1353 1354 $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&unread_page={page}"); 1355 1356 $query = $db->query(" 1357 SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername 1358 FROM ".TABLE_PREFIX."privatemessages pm 1359 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 1360 WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."' 1361 ORDER BY pm.dateline DESC 1362 LIMIT {$start}, {$perpage} 1363 "); 1364 while($unreadmessage = $db->fetch_array($query)) 1365 { 1366 $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject'])); 1367 $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']); 1368 $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']); 1369 $senddate = my_date('relative', $unreadmessage['dateline']); 1370 eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";"); 1371 } 1372 1373 $stoptrackingunread = ''; 1374 if(!empty($unreadmessages)) 1375 { 1376 eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";"); 1377 } 1378 1379 if(!$unreadmessages) 1380 { 1381 $lang->no_readmessages = $lang->no_unreadmessages; 1382 eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";"); 1383 } 1384 1385 $plugins->run_hooks("private_tracking_end"); 1386 1387 eval("\$tracking = \"".$templates->get("private_tracking")."\";"); 1388 output_page($tracking); 1389 } 1390 1391 if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post") 1392 { 1393 // Verify incoming POST request 1394 verify_post_check($mybb->get_input('my_post_key')); 1395 1396 $plugins->run_hooks("private_do_tracking_start"); 1397 1398 if(!empty($mybb->input['stoptracking'])) 1399 { 1400 $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY); 1401 if(!empty($mybb->input['readcheck'])) 1402 { 1403 foreach($mybb->input['readcheck'] as $key => $val) 1404 { 1405 $sql_array = array( 1406 "receipt" => 0 1407 ); 1408 $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']); 1409 } 1410 } 1411 $plugins->run_hooks("private_do_tracking_end"); 1412 redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped); 1413 } 1414 elseif(!empty($mybb->input['stoptrackingunread'])) 1415 { 1416 $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY); 1417 if(!empty($mybb->input['unreadcheck'])) 1418 { 1419 foreach($mybb->input['unreadcheck'] as $key => $val) 1420 { 1421 $sql_array = array( 1422 "receipt" => 0 1423 ); 1424 $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']); 1425 } 1426 } 1427 $plugins->run_hooks("private_do_tracking_end"); 1428 redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped); 1429 } 1430 elseif(!empty($mybb->input['cancel'])) 1431 { 1432 $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY); 1433 if(!empty($mybb->input['unreadcheck'])) 1434 { 1435 foreach($mybb->input['unreadcheck'] as $pmid => $val) 1436 { 1437 $pmids[$pmid] = (int)$pmid; 1438 } 1439 1440 $pmids = implode(",", $pmids); 1441 $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'"); 1442 while($pm = $db->fetch_array($query)) 1443 { 1444 $pmuids[$pm['uid']] = $pm['uid']; 1445 } 1446 1447 $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'"); 1448 foreach($pmuids as $uid) 1449 { 1450 // Message is canceled, update PM count for this user 1451 update_pm_count($uid); 1452 } 1453 } 1454 $plugins->run_hooks("private_do_tracking_end"); 1455 redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled); 1456 } 1457 } 1458 1459 if($mybb->input['action'] == "stopalltracking") 1460 { 1461 // Verify incoming POST request 1462 verify_post_check($mybb->get_input('my_post_key')); 1463 1464 $plugins->run_hooks("private_stopalltracking_start"); 1465 1466 $sql_array = array( 1467 "receipt" => 0 1468 ); 1469 $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']); 1470 1471 $plugins->run_hooks("private_stopalltracking_end"); 1472 redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped); 1473 } 1474 1475 if($mybb->input['action'] == "folders") 1476 { 1477 $plugins->run_hooks("private_folders_start"); 1478 1479 $folderlist = ''; 1480 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1481 foreach($foldersexploded as $key => $folders) 1482 { 1483 $folderinfo = explode("**", $folders, 2); 1484 $foldername = $folderinfo[1]; 1485 $fid = $folderinfo[0]; 1486 $foldername = get_pm_folder_name($fid, $foldername); 1487 1488 if((int)$folderinfo[0] < 5) 1489 { 1490 $foldername2 = get_pm_folder_name($fid); 1491 eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";"); 1492 unset($name); 1493 } 1494 else 1495 { 1496 eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";"); 1497 } 1498 } 1499 1500 $newfolders = ''; 1501 for($i = 1; $i <= 5; ++$i) 1502 { 1503 $fid = "new$i"; 1504 $foldername = ''; 1505 eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";"); 1506 } 1507 1508 $plugins->run_hooks("private_folders_end"); 1509 1510 eval("\$folders = \"".$templates->get("private_folders")."\";"); 1511 output_page($folders); 1512 } 1513 1514 if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post") 1515 { 1516 // Verify incoming POST request 1517 verify_post_check($mybb->get_input('my_post_key')); 1518 1519 $plugins->run_hooks("private_do_folders_start"); 1520 1521 $highestid = 2; 1522 $folders = ''; 1523 $donefolders = array(); 1524 $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY); 1525 foreach($mybb->input['folder'] as $key => $val) 1526 { 1527 if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now 1528 { 1529 if(my_substr($key, 0, 3) == "new") // Create a new folder 1530 { 1531 ++$highestid; 1532 $fid = (int)$highestid; 1533 } 1534 else // Editing an existing folder 1535 { 1536 if($key > $highestid) 1537 { 1538 $highestid = $key; 1539 } 1540 1541 $fid = (int)$key; 1542 // Use default language strings if empty or value is language string 1543 if($val == get_pm_folder_name($fid) || trim($val) == '') 1544 { 1545 $val = ''; 1546 } 1547 } 1548 1549 if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4)) 1550 { 1551 // If the name only contains whitespace and it's not a default folder, print an error 1552 error($lang->error_emptypmfoldername); 1553 } 1554 1555 if($val != '' || (is_numeric($key) && $key <= 4)) 1556 { 1557 // If there is a name or if this is a default folder, save it 1558 $foldername = $db->escape_string(htmlspecialchars_uni($val)); 1559 1560 if(my_strpos($foldername, "$%%$") === false) 1561 { 1562 if($folders != '') 1563 { 1564 $folders .= "$%%$"; 1565 } 1566 $folders .= "$fid**$foldername"; 1567 } 1568 else 1569 { 1570 error($lang->error_invalidpmfoldername); 1571 } 1572 } 1573 else 1574 { 1575 // Delete PMs from the folder 1576 $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'"); 1577 } 1578 } 1579 } 1580 1581 $sql_array = array( 1582 "pmfolders" => $folders 1583 ); 1584 $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'"); 1585 1586 // Update PM count 1587 update_pm_count(); 1588 1589 $plugins->run_hooks("private_do_folders_end"); 1590 1591 redirect("private.php", $lang->redirect_pmfoldersupdated); 1592 } 1593 1594 if($mybb->input['action'] == "empty") 1595 { 1596 if($mybb->user['totalpms'] == 0) 1597 { 1598 error($lang->error_nopms); 1599 } 1600 1601 $plugins->run_hooks("private_empty_start"); 1602 1603 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1604 $folderlist = ''; 1605 foreach($foldersexploded as $key => $folders) 1606 { 1607 $folderinfo = explode("**", $folders, 2); 1608 $unread = ''; 1609 $fid = $folderinfo[0]; 1610 if($folderinfo[0] == "1") 1611 { 1612 $fid = "1"; 1613 $unread = " AND status='0'"; 1614 } 1615 if($folderinfo[0] == "0") 1616 { 1617 $fid = "1"; 1618 } 1619 $foldername = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1620 $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid'$unread AND uid='".$mybb->user['uid']."'"); 1621 $thing = $db->fetch_array($query); 1622 $foldercount = my_number_format($thing['pmsinfolder']); 1623 eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";"); 1624 } 1625 1626 $plugins->run_hooks("private_empty_end"); 1627 1628 eval("\$folders = \"".$templates->get("private_empty")."\";"); 1629 output_page($folders); 1630 } 1631 1632 if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post") 1633 { 1634 // Verify incoming POST request 1635 verify_post_check($mybb->get_input('my_post_key')); 1636 1637 $plugins->run_hooks("private_do_empty_start"); 1638 1639 $emptyq = ''; 1640 $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY); 1641 $keepunreadq = ''; 1642 if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1) 1643 { 1644 $keepunreadq = " AND status!='0'"; 1645 } 1646 if(!empty($mybb->input['empty'])) 1647 { 1648 foreach($mybb->input['empty'] as $key => $val) 1649 { 1650 if($val == 1) 1651 { 1652 $key = (int)$key; 1653 if($emptyq) 1654 { 1655 $emptyq .= " OR "; 1656 } 1657 $emptyq .= "folder='$key'"; 1658 } 1659 } 1660 1661 if($emptyq != '') 1662 { 1663 $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}"); 1664 } 1665 } 1666 1667 // Update PM count 1668 update_pm_count(); 1669 1670 $plugins->run_hooks("private_do_empty_end"); 1671 redirect("private.php", $lang->redirect_pmfoldersemptied); 1672 } 1673 1674 if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post") 1675 { 1676 // Verify incoming POST request 1677 verify_post_check($mybb->get_input('my_post_key')); 1678 1679 $plugins->run_hooks("private_do_stuff"); 1680 1681 if(!empty($mybb->input['hop'])) 1682 { 1683 header("Location: private.php?fid=".$mybb->get_input('jumpto')); 1684 } 1685 elseif(!empty($mybb->input['moveto'])) 1686 { 1687 $pms = array_map('intval', array_keys($mybb->get_input('check', MyBB::INPUT_ARRAY))); 1688 if(!empty($pms)) 1689 { 1690 if(!$mybb->input['fid']) 1691 { 1692 $mybb->input['fid'] = 1; 1693 } 1694 1695 if(array_key_exists($mybb->input['fid'], $foldernames)) 1696 { 1697 $db->update_query("privatemessages", array("folder" => $mybb->input['fid']), "pmid IN (".implode(",", $pms).") AND uid='".$mybb->user['uid']."'"); 1698 update_pm_count(); 1699 } 1700 else 1701 { 1702 error($lang->error_invalidmovefid); 1703 } 1704 } 1705 1706 if(!empty($mybb->input['fromfid'])) 1707 { 1708 redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved); 1709 } 1710 else 1711 { 1712 redirect("private.php", $lang->redirect_pmsmoved); 1713 } 1714 } 1715 elseif(!empty($mybb->input['delete'])) 1716 { 1717 $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY); 1718 if(!empty($mybb->input['check'])) 1719 { 1720 $pmssql = ''; 1721 foreach($mybb->input['check'] as $key => $val) 1722 { 1723 if($pmssql) 1724 { 1725 $pmssql .= ","; 1726 } 1727 $pmssql .= "'".(int)$key."'"; 1728 } 1729 1730 $deletepms = array(); 1731 $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid')); 1732 while($delpm = $db->fetch_array($query)) 1733 { 1734 $deletepms[$delpm['pmid']] = 1; 1735 } 1736 1737 foreach($mybb->input['check'] as $key => $val) 1738 { 1739 $key = (int)$key; 1740 if(!empty($deletepms[$key])) 1741 { 1742 $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'"); 1743 } 1744 else 1745 { 1746 $sql_array = array( 1747 "folder" => 4, 1748 "deletetime" => TIME_NOW 1749 ); 1750 $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'"); 1751 } 1752 } 1753 } 1754 // Update PM count 1755 update_pm_count(); 1756 1757 if(!empty($mybb->input['fromfid'])) 1758 { 1759 redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted); 1760 } 1761 else 1762 { 1763 redirect("private.php", $lang->redirect_pmsdeleted); 1764 } 1765 } 1766 } 1767 1768 if($mybb->input['action'] == "delete") 1769 { 1770 // Verify incoming POST request 1771 verify_post_check($mybb->get_input('my_post_key')); 1772 1773 $plugins->run_hooks("private_delete_start"); 1774 1775 $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid')); 1776 if($db->num_rows($query) == 1) 1777 { 1778 $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'"); 1779 } 1780 else 1781 { 1782 $sql_array = array( 1783 "folder" => 4, 1784 "deletetime" => TIME_NOW 1785 ); 1786 $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'"); 1787 } 1788 1789 // Update PM count 1790 update_pm_count(); 1791 1792 $plugins->run_hooks("private_delete_end"); 1793 redirect("private.php", $lang->redirect_pmsdeleted); 1794 } 1795 1796 if($mybb->input['action'] == "export") 1797 { 1798 if($mybb->user['totalpms'] == 0) 1799 { 1800 error($lang->error_nopms); 1801 } 1802 1803 $plugins->run_hooks("private_export_start"); 1804 1805 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1806 $folderlist_folder = ''; 1807 foreach($foldersexploded as $key => $folders) 1808 { 1809 $folderinfo = explode("**", $folders, 2); 1810 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1811 1812 $folder_id = $folderinfo[0]; 1813 $folder_name = $folderinfo[1]; 1814 1815 eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";"); 1816 } 1817 1818 eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";"); 1819 1820 $plugins->run_hooks("private_export_end"); 1821 1822 eval("\$archive = \"".$templates->get("private_archive")."\";"); 1823 1824 output_page($archive); 1825 } 1826 1827 if($mybb->input['action'] == "do_export" && $mybb->request_method == "post") 1828 { 1829 // Verify incoming POST request 1830 verify_post_check($mybb->get_input('my_post_key')); 1831 1832 $plugins->run_hooks("private_do_export_start"); 1833 1834 $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username'])); 1835 $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0); 1836 $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0); 1837 $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime); 1838 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1839 foreach($foldersexploded as $key => $folders) 1840 { 1841 $folderinfo = explode("**", $folders, 2); 1842 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1843 $foldersexploded[$key] = implode("**", $folderinfo); 1844 } 1845 1846 if($mybb->get_input('pmid', MyBB::INPUT_INT)) 1847 { 1848 $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'"; 1849 } 1850 else 1851 { 1852 if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard")) 1853 { 1854 $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400); 1855 $wsql = "pm.dateline"; 1856 if($mybb->get_input('dayway') == "older") 1857 { 1858 $wsql .= "<="; 1859 } 1860 else 1861 { 1862 $wsql .= ">="; 1863 } 1864 $wsql .= "'$datecut'"; 1865 } 1866 else 1867 { 1868 $wsql = "1=1"; 1869 } 1870 1871 $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY); 1872 if(!empty($mybb->input['exportfolders'])) 1873 { 1874 $folderlst = ''; 1875 foreach($mybb->input['exportfolders'] as $key => $val) 1876 { 1877 $val = $db->escape_string($val); 1878 if($val == "all") 1879 { 1880 $folderlst = ''; 1881 break; 1882 } 1883 else 1884 { 1885 if(!$folderlst) 1886 { 1887 $folderlst = " AND pm.folder IN ('$val'"; 1888 } 1889 else 1890 { 1891 $folderlst .= ",'$val'"; 1892 } 1893 } 1894 } 1895 if($folderlst) 1896 { 1897 $folderlst .= ")"; 1898 } 1899 $wsql .= "$folderlst"; 1900 } 1901 else 1902 { 1903 error($lang->error_pmnoarchivefolders); 1904 } 1905 1906 if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1) 1907 { 1908 $wsql .= " AND pm.status!='0'"; 1909 } 1910 } 1911 $query = $db->query(" 1912 SELECT pm.*, fu.username AS fromusername, tu.username AS tousername 1913 FROM ".TABLE_PREFIX."privatemessages pm 1914 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 1915 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 1916 WHERE $wsql AND pm.uid='".$mybb->user['uid']."' 1917 ORDER BY pm.folder ASC, pm.dateline DESC 1918 "); 1919 $numpms = $db->num_rows($query); 1920 if(!$numpms) 1921 { 1922 error($lang->error_nopmsarchive); 1923 } 1924 1925 $mybb->input['exporttype'] = $mybb->get_input('exporttype'); 1926 1927 $pmsdownload = $ids = ''; 1928 while($message = $db->fetch_array($query)) 1929 { 1930 if($message['folder'] == 2 || $message['folder'] == 3) 1931 { // Sent Items or Drafts Folder Check 1932 if($message['toid']) 1933 { 1934 $tofromuid = $message['toid']; 1935 if($mybb->input['exporttype'] == "txt") 1936 { 1937 $tofromusername = $message['tousername']; 1938 } 1939 else 1940 { 1941 $tofromusername = build_profile_link($message['tousername'], $tofromuid); 1942 } 1943 } 1944 else 1945 { 1946 $tofromusername = $lang->not_sent; 1947 } 1948 $tofrom = $lang->to; 1949 } 1950 else 1951 { 1952 $tofromuid = $message['fromid']; 1953 if($mybb->input['exporttype'] == "txt") 1954 { 1955 $tofromusername = $message['fromusername']; 1956 } 1957 else 1958 { 1959 $tofromusername = build_profile_link($message['fromusername'], $tofromuid); 1960 } 1961 1962 if($tofromuid == 0) 1963 { 1964 $tofromusername = $lang->mybb_engine; 1965 } 1966 $tofrom = $lang->from; 1967 } 1968 1969 if($tofromuid == 0) 1970 { 1971 $message['fromusername'] = $lang->mybb_engine; 1972 } 1973 1974 if(!$message['toid'] && $message['folder'] == 3) 1975 { 1976 $message['tousername'] = $lang->not_sent; 1977 } 1978 1979 $message['subject'] = $parser->parse_badwords($message['subject']); 1980 if($message['folder'] != "3") 1981 { 1982 $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false); 1983 $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false); 1984 $senddate .= " $lang->at $sendtime"; 1985 } 1986 else 1987 { 1988 $senddate = $lang->not_sent; 1989 } 1990 1991 if($mybb->input['exporttype'] == "html") 1992 { 1993 $parser_options = array( 1994 "allow_html" => $mybb->settings['pmsallowhtml'], 1995 "allow_mycode" => $mybb->settings['pmsallowmycode'], 1996 "allow_smilies" => 0, 1997 "allow_imgcode" => $mybb->settings['pmsallowimgcode'], 1998 "allow_videocode" => $mybb->settings['pmsallowvideocode'], 1999 "me_username" => $mybb->user['username'], 2000 "filter_badwords" => 1 2001 ); 2002 2003 $message['message'] = $parser->parse_message($message['message'], $parser_options); 2004 $message['subject'] = htmlspecialchars_uni($message['subject']); 2005 } 2006 2007 if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv") 2008 { 2009 $message['message'] = str_replace("\r\n", "\n", $message['message']); 2010 $message['message'] = str_replace("\n", "\r\n", $message['message']); 2011 } 2012 2013 if($mybb->input['exporttype'] == "csv") 2014 { 2015 $message['message'] = my_escape_csv($message['message']); 2016 $message['subject'] = my_escape_csv($message['subject']); 2017 $message['tousername'] = my_escape_csv($message['tousername']); 2018 $message['fromusername'] = my_escape_csv($message['fromusername']); 2019 } 2020 2021 if(empty($donefolder[$message['folder']])) 2022 { 2023 reset($foldersexploded); 2024 foreach($foldersexploded as $key => $val) 2025 { 2026 $folderinfo = explode("**", $val, 2); 2027 if($folderinfo[0] == $message['folder']) 2028 { 2029 $foldername = $folderinfo[1]; 2030 if($mybb->input['exporttype'] != "csv") 2031 { 2032 if($mybb->input['exporttype'] != "html") 2033 { 2034 $mybb->input['exporttype'] == "txt"; 2035 } 2036 eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";"); 2037 } 2038 else 2039 { 2040 $foldername = my_escape_csv($folderinfo[1]); 2041 } 2042 $donefolder[$message['folder']] = 1; 2043 } 2044 } 2045 } 2046 2047 eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";"); 2048 $ids .= ",'{$message['pmid']}'"; 2049 } 2050 2051 if($mybb->input['exporttype'] == "html") 2052 { 2053 // Gather global stylesheet for HTML 2054 $css_tid = empty($theme['tid']) ? '' : "'". (int)$theme['tid'] ."',"; 2055 $query = $db->simple_select("themestylesheets", "stylesheet", "tid in ({$css_tid}'2','1') AND name = 'global.css'", array('order_by' => 'tid', 'order_dir' => 'DESC', 'limit' => 1)); 2056 $css = $db->fetch_field($query, "stylesheet"); 2057 } 2058 2059 $plugins->run_hooks("private_do_export_end"); 2060 2061 eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";"); 2062 if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1) 2063 { // delete the archived pms 2064 $db->delete_query("privatemessages", "pmid IN ('0'$ids)"); 2065 // Update PM count 2066 update_pm_count(); 2067 } 2068 2069 if($mybb->input['exporttype'] == "html") 2070 { 2071 $filename = "pm-archive.html"; 2072 $contenttype = "text/html"; 2073 } 2074 elseif($mybb->input['exporttype'] == "csv") 2075 { 2076 $filename = "pm-archive.csv"; 2077 $contenttype = "application/octet-stream"; 2078 } 2079 else 2080 { 2081 $filename = "pm-archive.txt"; 2082 $contenttype = "text/plain"; 2083 } 2084 2085 $archived = str_replace("\\\'","'",$archived); 2086 header("Content-disposition: filename=$filename"); 2087 header("Content-type: ".$contenttype); 2088 2089 if($mybb->input['exporttype'] == "html") 2090 { 2091 output_page($archived); 2092 } 2093 else 2094 { 2095 echo "\xEF\xBB\xBF"; // UTF-8 BOM 2096 echo $archived; 2097 } 2098 } 2099 2100 if(!$mybb->input['action']) 2101 { 2102 $plugins->run_hooks("private_inbox"); 2103 2104 if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames)) 2105 { 2106 $mybb->input['fid'] = 0; 2107 } 2108 2109 $fid = (int)$mybb->input['fid']; 2110 $folder = !$fid ? 1 : $fid; 2111 $foldername = $foldernames[$fid]; 2112 2113 if($folder == 2 || $folder == 3) 2114 { // Sent Items Folder 2115 $sender = $lang->sentto; 2116 } 2117 else 2118 { 2119 $sender = $lang->sender; 2120 } 2121 2122 $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order')); 2123 $ordersel = array('asc' => '', 'desc'); 2124 switch(my_strtolower($mybb->input['order'])) 2125 { 2126 case "asc": 2127 $sortordernow = "asc"; 2128 $ordersel['asc'] = "selected=\"selected\""; 2129 $oppsort = $lang->desc; 2130 $oppsortnext = "desc"; 2131 break; 2132 default: 2133 $sortordernow = "desc"; 2134 $ordersel['desc'] = "selected=\"selected\""; 2135 $oppsort = $lang->asc; 2136 $oppsortnext = "asc"; 2137 break; 2138 } 2139 2140 // Sort by which field? 2141 $sortby = htmlspecialchars_uni($mybb->get_input('sortby')); 2142 switch($mybb->get_input('sortby')) 2143 { 2144 case "subject": 2145 $sortfield = "subject"; 2146 break; 2147 case "username": 2148 $sortfield = "username"; 2149 break; 2150 default: 2151 $sortby = "dateline"; 2152 $sortfield = "dateline"; 2153 $mybb->input['sortby'] = "dateline"; 2154 break; 2155 } 2156 $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => ''); 2157 $sortsel[$sortby] = "selected=\"selected\""; 2158 2159 eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";"); 2160 2161 // Do Multi Pages 2162 $selective = ""; 2163 if($fid == 1) 2164 { 2165 $selective = " AND status='0'"; 2166 } 2167 2168 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'$selective"); 2169 $pmscount = $db->fetch_field($query, "total"); 2170 2171 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 2172 { 2173 $mybb->settings['threadsperpage'] = 20; 2174 } 2175 2176 $perpage = $mybb->settings['threadsperpage']; 2177 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2178 2179 if($page > 0) 2180 { 2181 $start = ($page-1) *$perpage; 2182 $pages = ceil($pmscount / $perpage); 2183 if($page > $pages) 2184 { 2185 $start = 0; 2186 $page = 1; 2187 } 2188 } 2189 else 2190 { 2191 $start = 0; 2192 $page = 1; 2193 } 2194 2195 $end = $start + $perpage; 2196 $lower = $start+1; 2197 $upper = $end; 2198 2199 if($upper > $pmscount) 2200 { 2201 $upper = $pmscount; 2202 } 2203 2204 if($mybb->input['order'] || ($sortby && $sortby != "dateline")) 2205 { 2206 $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}"; 2207 } 2208 else 2209 { 2210 $page_url = "private.php?fid={$fid}"; 2211 } 2212 2213 $multipage = multipage($pmscount, $perpage, $page, $page_url); 2214 $selective = $messagelist = ''; 2215 2216 $icon_cache = $cache->read("posticons"); 2217 2218 // Cache users in multiple recipients for sent & drafts folder 2219 if($folder == 2 || $folder == 3) 2220 { 2221 if($sortfield == "username") 2222 { 2223 $u = "u."; 2224 } 2225 else 2226 { 2227 $u = "pm."; 2228 } 2229 2230 // Get all recipients into an array 2231 $cached_users = $get_users = array(); 2232 $users_query = $db->query(" 2233 SELECT pm.recipients 2234 FROM ".TABLE_PREFIX."privatemessages pm 2235 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 2236 WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}' 2237 ORDER BY {$u}{$sortfield} {$sortordernow} 2238 LIMIT {$start}, {$perpage} 2239 "); 2240 while($row = $db->fetch_array($users_query)) 2241 { 2242 $recipients = my_unserialize($row['recipients']); 2243 if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to'])) 2244 { 2245 $get_users = array_merge($get_users, $recipients['to']); 2246 } 2247 2248 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 2249 { 2250 $get_users = array_merge($get_users, $recipients['bcc']); 2251 } 2252 } 2253 2254 $get_users = implode(',', array_unique($get_users)); 2255 2256 // Grab info 2257 if($get_users) 2258 { 2259 $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})"); 2260 while($user = $db->fetch_array($users_query)) 2261 { 2262 $cached_users[$user['uid']] = $user; 2263 } 2264 } 2265 } 2266 2267 if($folder == 2 || $folder == 3) 2268 { 2269 if($sortfield == "username") 2270 { 2271 $pm = "tu."; 2272 } 2273 else 2274 { 2275 $pm = "pm."; 2276 } 2277 } 2278 else 2279 { 2280 if($fid == 1) 2281 { 2282 $selective = " AND pm.status='0'"; 2283 } 2284 2285 if($sortfield == "username") 2286 { 2287 $pm = "fu."; 2288 } 2289 else 2290 { 2291 $pm = "pm."; 2292 } 2293 } 2294 2295 $query = $db->query(" 2296 SELECT pm.*, fu.username AS fromusername, tu.username as tousername 2297 FROM ".TABLE_PREFIX."privatemessages pm 2298 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 2299 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 2300 WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective} 2301 ORDER BY {$pm}{$sortfield} {$sortordernow} 2302 LIMIT $start, $perpage 2303 "); 2304 2305 if($db->num_rows($query) > 0) 2306 { 2307 $bgcolor = alt_trow(true); 2308 while($message = $db->fetch_array($query)) 2309 { 2310 $msgalt = $msgstatus = ''; 2311 2312 // Determine Folder Icon 2313 if($message['status'] == 0) 2314 { 2315 $msgstatus = 'new_pm'; 2316 $msgalt = $lang->new_pm; 2317 } 2318 else if($message['status'] == 1) 2319 { 2320 $msgstatus = 'old_pm'; 2321 $msgalt = $lang->old_pm; 2322 } 2323 else if($message['status'] == 3) 2324 { 2325 $msgstatus = 're_pm'; 2326 $msgalt = $lang->reply_pm; 2327 } 2328 else if($message['status'] == 4) 2329 { 2330 $msgstatus = 'fw_pm'; 2331 $msgalt = $lang->fwd_pm; 2332 } 2333 2334 $tofromuid = 0; 2335 if($folder == 2 || $folder == 3) 2336 { // Sent Items or Drafts Folder Check 2337 $recipients = my_unserialize($message['recipients']); 2338 $to_users = $bcc_users = ''; 2339 if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0)) 2340 { 2341 foreach($recipients['to'] as $uid) 2342 { 2343 if(!isset($cached_users[$uid])) 2344 { 2345 continue; 2346 } 2347 $profilelink = get_profile_link($uid); 2348 $user = $cached_users[$uid]; 2349 $user['username'] = htmlspecialchars_uni($user['username']); 2350 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2351 if(!$user['username']) 2352 { 2353 $username = $lang->na; 2354 } 2355 eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 2356 } 2357 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 2358 { 2359 eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";"); 2360 foreach($recipients['bcc'] as $uid) 2361 { 2362 if(!isset($cached_users[$uid])) 2363 { 2364 continue; 2365 } 2366 $profilelink = get_profile_link($uid); 2367 $user = $cached_users[$uid]; 2368 $user['username'] = htmlspecialchars_uni($user['username']); 2369 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2370 if(!$user['username']) 2371 { 2372 $username = $lang->na; 2373 } 2374 eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 2375 } 2376 } 2377 2378 eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";"); 2379 } 2380 else if($message['toid']) 2381 { 2382 $tofromusername = htmlspecialchars_uni($message['tousername']); 2383 $tofromuid = $message['toid']; 2384 } 2385 else 2386 { 2387 $tofromusername = $lang->not_sent; 2388 } 2389 } 2390 else 2391 { 2392 $tofromusername = htmlspecialchars_uni($message['fromusername']); 2393 $tofromuid = $message['fromid']; 2394 if($tofromuid == 0) 2395 { 2396 $tofromusername = $lang->mybb_engine; 2397 } 2398 2399 if(!$tofromusername) 2400 { 2401 $tofromuid = 0; 2402 $tofromusername = $lang->na; 2403 } 2404 } 2405 2406 $tofromusername = build_profile_link($tofromusername, $tofromuid); 2407 2408 if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2) 2409 { 2410 eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";"); 2411 } 2412 else 2413 { 2414 $denyreceipt = ''; 2415 } 2416 2417 if($message['icon'] > 0 && $icon_cache[$message['icon']]) 2418 { 2419 $icon = $icon_cache[$message['icon']]; 2420 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 2421 $icon['path'] = htmlspecialchars_uni($icon['path']); 2422 $icon['name'] = htmlspecialchars_uni($icon['name']); 2423 eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";"); 2424 } 2425 else 2426 { 2427 $icon = '	'; 2428 } 2429 2430 if(!trim($message['subject'])) 2431 { 2432 $message['subject'] = $lang->pm_no_subject; 2433 } 2434 2435 $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject'])); 2436 if($message['folder'] != "3") 2437 { 2438 $senddate = my_date('relative', $message['dateline']); 2439 } 2440 else 2441 { 2442 $senddate = $lang->not_sent; 2443 } 2444 2445 $plugins->run_hooks("private_message"); 2446 2447 eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";"); 2448 $bgcolor = alt_trow(); 2449 } 2450 } 2451 else 2452 { 2453 eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";"); 2454 } 2455 2456 $pmspacebar = ''; 2457 if($mybb->usergroup['pmquota'] != 0) 2458 { 2459 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'"); 2460 $pmscount = $db->fetch_array($query); 2461 if($pmscount['total'] == 0) 2462 { 2463 $spaceused = 0; 2464 } 2465 else 2466 { 2467 $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100; 2468 } 2469 $spaceused2 = 100 - $spaceused; 2470 $belowhalf = $overhalf = ''; 2471 if($spaceused <= "50") 2472 { 2473 $spaceused_severity = "low"; 2474 $belowhalf = round($spaceused, 0)."%"; 2475 if((int)$belowhalf > 100) 2476 { 2477 $belowhalf = "100%"; 2478 } 2479 } 2480 else 2481 { 2482 if($spaceused <= "75") 2483 { 2484 $spaceused_severity = "medium"; 2485 } 2486 2487 else 2488 { 2489 $spaceused_severity = "high"; 2490 } 2491 2492 $overhalf = round($spaceused, 0)."%"; 2493 if((int)$overhalf > 100) 2494 { 2495 $overhalf = "100%"; 2496 } 2497 } 2498 2499 if($spaceused > 100) 2500 { 2501 $spaceused = 100; 2502 $spaceused2 = 0; 2503 } 2504 2505 eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";"); 2506 } 2507 2508 $composelink = ''; 2509 if($mybb->usergroup['cansendpms'] == 1) 2510 { 2511 eval("\$composelink = \"".$templates->get("private_composelink")."\";"); 2512 } 2513 2514 $emptyexportlink = ''; 2515 if($mybb->user['totalpms'] > 0) 2516 { 2517 eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";"); 2518 } 2519 2520 $limitwarning = ''; 2521 if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota']) 2522 { 2523 eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";"); 2524 } 2525 2526 $plugins->run_hooks("private_end"); 2527 2528 eval("\$folder = \"".$templates->get("private")."\";"); 2529 output_page($folder); 2530 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |