[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  46  
  47  $folder_id = $folder_name = $folderjump_folder = $folderoplist_folder = $foldersearch_folder ='';
  48  
  49  $foldernames = array();
  50  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  51  foreach($foldersexploded as $key => $folders)
  52  {
  53      $folderinfo = explode("**", $folders, 2);
  54      if($mybb->input['fid'] == $folderinfo[0])
  55      {
  56          $sel = ' selected="selected"';
  57      }
  58      else
  59      {
  60          $sel = '';
  61      }
  62      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  63      $foldernames[$folderinfo[0]] = $folderinfo[1];
  64  
  65      $folder_id = $folderinfo[0];
  66      $folder_name = $folderinfo[1];
  67  
  68      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  69  
  70      // Manipulate search folder selection & move selector to omit "Unread"
  71      if($folder_id != 1)
  72      {
  73          if($folder_id == 0)
  74          {
  75              $folder_id = 1;
  76          }
  77          eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  78          eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  79      }
  80  }
  81  
  82  $from_fid = $mybb->input['fid'];
  83  
  84  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  85  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
  86  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
  87  
  88  usercp_menu();
  89  
  90  $plugins->run_hooks("private_start");
  91  
  92  // Make navigation
  93  add_breadcrumb($lang->nav_pms, "private.php");
  94  
  95  $mybb->input['action'] = $mybb->get_input('action');
  96  switch($mybb->input['action'])
  97  {
  98      case "send":
  99          add_breadcrumb($lang->nav_send);
 100          break;
 101      case "tracking":
 102          add_breadcrumb($lang->nav_tracking);
 103          break;
 104      case "folders":
 105          add_breadcrumb($lang->nav_folders);
 106          break;
 107      case "empty":
 108          add_breadcrumb($lang->nav_empty);
 109          break;
 110      case "export":
 111          add_breadcrumb($lang->nav_export);
 112          break;
 113      case "advanced_search":
 114          add_breadcrumb($lang->nav_search);
 115          break;
 116      case "results":
 117          add_breadcrumb($lang->nav_results);
 118          break;
 119  }
 120  
 121  if(!empty($mybb->input['preview']))
 122  {
 123      $mybb->input['action'] = "send";
 124  }
 125  
 126  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 127  {
 128      $plugins->run_hooks("private_do_search_start");
 129  
 130      // Simulate coming from our advanced search form with some preset options
 131      if($mybb->get_input('quick_search'))
 132      {
 133          $mybb->input['action'] = "do_search";
 134          $mybb->input['subject'] = 1;
 135          $mybb->input['message'] = 1;
 136          $mybb->input['folder'] = $mybb->input['fid'];
 137          unset($mybb->input['jumpto']);
 138          unset($mybb->input['fromfid']);
 139      }
 140  
 141      // Check if search flood checking is enabled and user is not admin
 142      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 143      {
 144          // Fetch the time this user last searched
 145          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 146          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 147          $last_search = $db->fetch_array($query);
 148          // Users last search was within the flood time, show the error
 149          if($last_search['sid'])
 150          {
 151              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 152              if($remaining_time == 1)
 153              {
 154                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 155              }
 156              else
 157              {
 158                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 159              }
 160              error($lang->error_searchflooding);
 161          }
 162      }
 163  
 164      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 165      {
 166          error($lang->error_nosearchresults);
 167      }
 168  
 169      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 170      {
 171          $resulttype = "pmmessages";
 172      }
 173      else
 174      {
 175          $resulttype = "pmsubjects";
 176      }
 177  
 178      $search_data = array(
 179          "keywords" => $mybb->get_input('keywords'),
 180          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 181          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 182          "sender" => $mybb->get_input('sender'),
 183          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 184          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 185      );
 186  
 187      if($db->can_search == true)
 188      {
 189          require_once  MYBB_ROOT."inc/functions_search.php";
 190  
 191          $search_results = privatemessage_perform_search_mysql($search_data);
 192      }
 193      else
 194      {
 195          error($lang->error_no_search_support);
 196      }
 197      $sid = md5(uniqid(microtime(), true));
 198      $searcharray = array(
 199          "sid" => $db->escape_string($sid),
 200          "uid" => $mybb->user['uid'],
 201          "dateline" => TIME_NOW,
 202          "ipaddress" => $db->escape_binary($session->packedip),
 203          "threads" => '',
 204          "posts" => '',
 205          "resulttype" => $resulttype,
 206          "querycache" => $search_results['querycache'],
 207          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 208      );
 209      $plugins->run_hooks("private_do_search_process");
 210  
 211      $db->insert_query("searchlog", $searcharray);
 212  
 213      // Sender sort won't work yet
 214      $sortby = array('subject', 'sender', 'dateline');
 215  
 216      if(in_array($mybb->get_input('sort'), $sortby))
 217      {
 218          $sortby = $mybb->get_input('sort');
 219      }
 220      else
 221      {
 222          $sortby = "dateline";
 223      }
 224  
 225      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 226      {
 227          $sortorder = "asc";
 228      }
 229      else
 230      {
 231          $sortorder = "desc";
 232      }
 233  
 234      $plugins->run_hooks("private_do_search_end");
 235      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 236  }
 237  
 238  if($mybb->input['action'] == "results")
 239  {
 240      $sid = $mybb->get_input('sid');
 241      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 242      $search = $db->fetch_array($query);
 243  
 244      if(!$search)
 245      {
 246          error($lang->error_invalidsearch);
 247      }
 248  
 249      $plugins->run_hooks("private_results_start");
 250  
 251      // Decide on our sorting fields and sorting order.
 252      $order = my_strtolower($mybb->get_input('order'));
 253      $sortby = my_strtolower($mybb->get_input('sortby'));
 254  
 255      $sortby_accepted = array('subject', 'username', 'dateline');
 256  
 257      if(in_array($sortby, $sortby_accepted))
 258      {
 259          $query_sortby = $sortby;
 260  
 261          if($query_sortby == "username")
 262          {
 263              $query_sortby = "fromusername";
 264          }
 265      }
 266      else
 267      {
 268          $sortby = $query_sortby = "dateline";
 269      }
 270  
 271      if($order != "asc")
 272      {
 273          $order = "desc";
 274      }
 275  
 276      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 277      {
 278          $mybb->settings['threadsperpage'] = 20;
 279      }
 280  
 281      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 282      $pmscount = $db->fetch_field($query, "total");
 283  
 284      // Work out pagination, which page we're at, as well as the limits.
 285      $perpage = $mybb->settings['threadsperpage'];
 286      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 287      if($page > 0)
 288      {
 289          $start = ($page-1) * $perpage;
 290          $pages = ceil($pmscount / $perpage);
 291          if($page > $pages)
 292          {
 293              $start = 0;
 294              $page = 1;
 295          }
 296      }
 297      else
 298      {
 299          $start = 0;
 300          $page = 1;
 301      }
 302      $end = $start + $perpage;
 303      $lower = $start+1;
 304      $upper = $end;
 305  
 306      // Work out if we have terms to highlight
 307      $highlight = "";
 308      if($search['keywords'])
 309      {
 310          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 311      }
 312  
 313      // Do Multi Pages
 314      if($upper > $pmscount)
 315      {
 316          $upper = $pmscount;
 317      }
 318      $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 319      $messagelist = '';
 320  
 321      $icon_cache = $cache->read("posticons");
 322  
 323      // Cache users in multiple recipients for sent & drafts folder
 324      // Get all recipients into an array
 325      $cached_users = $get_users = array();
 326      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 327      while($row = $db->fetch_array($users_query))
 328      {
 329          $recipients = my_unserialize($row['recipients']);
 330          if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to']))
 331          {
 332              $get_users = array_merge($get_users, $recipients['to']);
 333          }
 334  
 335          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 336          {
 337              $get_users = array_merge($get_users, $recipients['bcc']);
 338          }
 339      }
 340  
 341      $get_users = implode(',', array_unique($get_users));
 342  
 343      // Grab info
 344      if($get_users)
 345      {
 346          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 347          while($user = $db->fetch_array($users_query))
 348          {
 349              $cached_users[$user['uid']] = $user;
 350          }
 351      }
 352  
 353      $query = $db->query("
 354          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 355          FROM ".TABLE_PREFIX."privatemessages pm
 356          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 357          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 358          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 359          ORDER BY pm.{$query_sortby} {$order}
 360          LIMIT {$start}, {$perpage}
 361      ");
 362      while($message = $db->fetch_array($query))
 363      {
 364          $msgalt = $msgstatus = '';
 365  
 366          // Determine Folder Icon
 367          if($message['status'] == 0)
 368          {
 369              $msgstatus = 'new_pm';
 370              $msgalt = $lang->new_pm;
 371          }
 372          else if($message['status'] == 1)
 373          {
 374              $msgstatus = 'old_pm';
 375              $msgalt = $lang->old_pm;
 376          }
 377          else if($message['status'] == 3)
 378          {
 379              $msgstatus = 're_pm';
 380              $msgalt = $lang->reply_pm;
 381          }
 382          else if($message['status'] == 4)
 383          {
 384              $msgstatus = 'fw_pm';
 385              $msgalt = $lang->fwd_pm;
 386          }
 387  
 388          $folder = $message['folder'];
 389  
 390          $tofromuid = 0;
 391          if($folder == 2 || $folder == 3)
 392          {
 393              // Sent Items or Drafts Folder Check
 394              $recipients = my_unserialize($message['recipients']);
 395              $to_users = $bcc_users = '';
 396              if(
 397                  isset($recipients['to']) &&
 398                  (count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 399              )
 400              {
 401                  foreach($recipients['to'] as $uid)
 402                  {
 403                      $profilelink = get_profile_link($uid);
 404                      $user = $cached_users[$uid];
 405                      $user['username'] = htmlspecialchars_uni($user['username']);
 406                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 407                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 408                  }
 409                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 410                  {
 411                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 412                      foreach($recipients['bcc'] as $uid)
 413                      {
 414                          $profilelink = get_profile_link($uid);
 415                          $user = $cached_users[$uid];
 416                          $user['username'] = htmlspecialchars_uni($user['username']);
 417                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 418                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 419                      }
 420                  }
 421  
 422                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 423              }
 424              else if($message['toid'])
 425              {
 426                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 427                  $tofromuid = $message['toid'];
 428              }
 429              else
 430              {
 431                  $tofromusername = $lang->not_sent;
 432              }
 433          }
 434          else
 435          {
 436              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 437              $tofromuid = $message['fromid'];
 438              if($tofromuid == 0)
 439              {
 440                  $tofromusername = $lang->mybb_engine;
 441              }
 442          }
 443  
 444          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 445  
 446          $denyreceipt = '';
 447  
 448          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 449          {
 450              $icon = $icon_cache[$message['icon']];
 451              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 452              $icon['path'] = htmlspecialchars_uni($icon['path']);
 453              $icon['name'] = htmlspecialchars_uni($icon['name']);
 454              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 455          }
 456          else
 457          {
 458              $icon = '&#009;';
 459          }
 460  
 461          if(!trim($message['subject']))
 462          {
 463              $message['subject'] = $lang->pm_no_subject;
 464          }
 465  
 466          $message['subject'] = $parser->parse_badwords($message['subject']);
 467  
 468          if(my_strlen($message['subject']) > 50)
 469          {
 470              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 471          }
 472          else
 473          {
 474              $message['subject'] = htmlspecialchars_uni($message['subject']);
 475          }
 476  
 477          if($message['folder'] != "3")
 478          {
 479              $senddate = my_date('relative', $message['dateline']);
 480          }
 481          else
 482          {
 483              $senddate = $lang->not_sent;
 484          }
 485  
 486          $fid = "0";
 487          if((int)$message['folder'] > 1)
 488          {
 489              $fid = $message['folder'];
 490          }
 491          $foldername = $foldernames[$fid];
 492  
 493          // What we do here is parse the post using our post parser, then strip the tags from it
 494          $parser_options = array(
 495              'allow_html' => 0,
 496              'allow_mycode' => 1,
 497              'allow_smilies' => 0,
 498              'allow_imgcode' => 0,
 499              'filter_badwords' => 1
 500          );
 501          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 502          if(my_strlen($message['message']) > 200)
 503          {
 504              $message['message'] = my_substr($message['message'], 0, 200)."...";
 505          }
 506  
 507          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 508      }
 509  
 510      if($db->num_rows($query) == 0)
 511      {
 512          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 513      }
 514  
 515      $plugins->run_hooks("private_results_end");
 516  
 517      eval("\$results = \"".$templates->get("private_search_results")."\";");
 518      output_page($results);
 519  }
 520  
 521  if($mybb->input['action'] == "advanced_search")
 522  {
 523      $plugins->run_hooks("private_advanced_search");
 524  
 525      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 526  
 527      output_page($advanced_search);
 528  }
 529  
 530  // Dismissing a new/unread PM notice
 531  if($mybb->input['action'] == "dismiss_notice")
 532  {
 533      if($mybb->user['pmnotice'] != 2)
 534      {
 535          exit;
 536      }
 537  
 538      // Verify incoming POST request
 539      verify_post_check($mybb->get_input('my_post_key'));
 540  
 541      $updated_user = array(
 542          "pmnotice" => 1
 543      );
 544      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 545  
 546      if(!empty($mybb->input['ajax']))
 547      {
 548          echo 1;
 549          exit;
 550      }
 551      else
 552      {
 553          header("Location: index.php");
 554          exit;
 555      }
 556  }
 557  
 558  $send_errors = '';
 559  
 560  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 561  {
 562      if($mybb->usergroup['cansendpms'] == 0)
 563      {
 564          error_no_permission();
 565      }
 566  
 567      // Verify incoming POST request
 568      verify_post_check($mybb->get_input('my_post_key'));
 569  
 570      $plugins->run_hooks("private_send_do_send");
 571  
 572      // Attempt to see if this PM is a duplicate or not
 573      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 574      $to = array_unique($to); // Filter out any duplicates
 575      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 576      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 577      $query = $db->query("
 578          SELECT pm.pmid
 579          FROM ".TABLE_PREFIX."privatemessages pm
 580          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 581          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 582          LIMIT 0, 1
 583      ");
 584      if($db->num_rows($query) > 0)
 585      {
 586          error($lang->error_pm_already_submitted);
 587      }
 588  
 589      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 590      $pmhandler = new PMDataHandler();
 591  
 592      $pm = array(
 593          "subject" => $mybb->get_input('subject'),
 594          "message" => $mybb->get_input('message'),
 595          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 596          "fromid" => $mybb->user['uid'],
 597          "do" => $mybb->get_input('do'),
 598          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 599          "ipaddress" => $session->packedip
 600      );
 601  
 602      // Split up any recipients we have
 603      $pm['to'] = $to;
 604      if(!empty($mybb->input['bcc']))
 605      {
 606          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 607          $pm['bcc'] = array_map("trim", $pm['bcc']);
 608      }
 609  
 610      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 611  
 612      if(!$mybb->usergroup['cantrackpms'])
 613      {
 614          $mybb->input['options']['readreceipt'] = false;
 615      }
 616  
 617      $pm['options'] = array();
 618      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 619      {
 620          $pm['options']['signature'] = 1;
 621      }
 622      else
 623      {
 624          $pm['options']['signature'] = 0;
 625      }
 626      if(isset($mybb->input['options']['disablesmilies']))
 627      {
 628          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 629      }
 630      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 631      {
 632          $pm['options']['savecopy'] = 1;
 633      }
 634      else
 635      {
 636          $pm['options']['savecopy'] = 0;
 637      }
 638      if(isset($mybb->input['options']['readreceipt']))
 639      {
 640          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 641      }
 642  
 643      if(!empty($mybb->input['saveasdraft']))
 644      {
 645          $pm['saveasdraft'] = 1;
 646      }
 647      $pmhandler->set_data($pm);
 648  
 649      // Now let the pm handler do all the hard work.
 650      if(!$pmhandler->validate_pm())
 651      {
 652          $pm_errors = $pmhandler->get_friendly_errors();
 653          $send_errors = inline_error($pm_errors);
 654          $mybb->input['action'] = "send";
 655      }
 656      else
 657      {
 658          $pminfo = $pmhandler->insert_pm();
 659          $plugins->run_hooks("private_do_send_end");
 660  
 661          if(isset($pminfo['draftsaved']))
 662          {
 663              redirect("private.php", $lang->redirect_pmsaved);
 664          }
 665          else
 666          {
 667              redirect("private.php", $lang->redirect_pmsent);
 668          }
 669      }
 670  }
 671  
 672  if($mybb->input['action'] == "send")
 673  {
 674      if($mybb->usergroup['cansendpms'] == 0)
 675      {
 676          error_no_permission();
 677      }
 678  
 679      $plugins->run_hooks("private_send_start");
 680  
 681      $smilieinserter = $codebuttons = '';
 682  
 683      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 684      {
 685          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 686          if($mybb->settings['pmsallowsmilies'] != 0)
 687          {
 688              $smilieinserter = build_clickable_smilies();
 689          }
 690      }
 691  
 692      $lang->post_icon = $lang->message_icon;
 693  
 694      $posticons = get_post_icons();
 695      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 696      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 697  
 698      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 699      $to = $bcc = '';
 700  
 701      if(!empty($mybb->input['preview']) || $send_errors)
 702      {
 703          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 704          if(isset($options['signature']) && $options['signature'] == 1)
 705          {
 706              $optionschecked['signature'] = 'checked="checked"';
 707          }
 708          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 709          {
 710              $optionschecked['disablesmilies'] = 'checked="checked"';
 711          }
 712          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 713          {
 714              $optionschecked['savecopy'] = 'checked="checked"';
 715          }
 716          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 717          {
 718              $optionschecked['readreceipt'] = 'checked="checked"';
 719          }
 720          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 721          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 722      }
 723  
 724      $preview = '';
 725      // Preview
 726      if(!empty($mybb->input['preview']))
 727      {
 728          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 729          $query = $db->query("
 730              SELECT u.username AS userusername, u.*, f.*
 731              FROM ".TABLE_PREFIX."users u
 732              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 733              WHERE u.uid='".$mybb->user['uid']."'
 734          ");
 735  
 736          $post = $db->fetch_array($query);
 737  
 738          $post['userusername'] = $mybb->user['username'];
 739          $post['postusername'] = $mybb->user['username'];
 740          $post['message'] = $mybb->get_input('message');
 741          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 742          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 743          if(!isset($options['disablesmilies']))
 744          {
 745              $options['disablesmilies'] = 0;
 746          }
 747          $post['smilieoff'] = $options['disablesmilies'];
 748          $post['dateline'] = TIME_NOW;
 749  
 750          if(!isset($options['signature']))
 751          {
 752              $post['includesig'] = 0;
 753          }
 754          else
 755          {
 756              $post['includesig'] = 1;
 757          }
 758  
 759          // Merge usergroup data from the cache
 760          $data_key = array(
 761              'title' => 'grouptitle',
 762              'usertitle' => 'groupusertitle',
 763              'stars' => 'groupstars',
 764              'starimage' => 'groupstarimage',
 765              'image' => 'groupimage',
 766              'namestyle' => 'namestyle',
 767              'usereputationsystem' => 'usereputationsystem'
 768          );
 769  
 770          foreach($data_key as $field => $key)
 771          {
 772              $post[$key] = $groupscache[$post['usergroup']][$field];
 773          }
 774  
 775          $postbit = build_postbit($post, 2);
 776          eval("\$preview = \"".$templates->get("previewpost")."\";");
 777      }
 778      else if(!$send_errors)
 779      {
 780          // New PM, so load default settings
 781          if($mybb->user['signature'] != '')
 782          {
 783              $optionschecked['signature'] = 'checked="checked"';
 784          }
 785          if($mybb->usergroup['cantrackpms'] == 1)
 786          {
 787              $optionschecked['readreceipt'] = 'checked="checked"';
 788          }
 789          $optionschecked['savecopy'] = 'checked="checked"';
 790      }
 791  
 792      // Draft, reply, forward
 793      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 794      {
 795          $query = $db->query("
 796              SELECT pm.*, u.username AS quotename
 797              FROM ".TABLE_PREFIX."privatemessages pm
 798              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 799              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 800          ");
 801  
 802          $pm = $db->fetch_array($query);
 803          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 804          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 805  
 806          if($pm['folder'] == "3")
 807          {
 808              // message saved in drafts
 809              $mybb->input['uid'] = $pm['toid'];
 810  
 811              if($pm['includesig'] == 1)
 812              {
 813                  $optionschecked['signature'] = 'checked="checked"';
 814              }
 815              if($pm['smilieoff'] == 1)
 816              {
 817                  $optionschecked['disablesmilies'] = 'checked="checked"';
 818              }
 819              if($pm['receipt'])
 820              {
 821                  $optionschecked['readreceipt'] = 'checked="checked"';
 822              }
 823  
 824              // Get list of recipients
 825              $recipients = my_unserialize($pm['recipients']);
 826              $comma = $recipientids = '';
 827              if(isset($recipients['to']) && is_array($recipients['to']))
 828              {
 829                  foreach($recipients['to'] as $recipient)
 830                  {
 831                      $recipient_list['to'][] = $recipient;
 832                      $recipientids .= $comma.$recipient;
 833                      $comma = ',';
 834                  }
 835              }
 836  
 837              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 838              {
 839                  foreach($recipients['bcc'] as $recipient)
 840                  {
 841                      $recipient_list['bcc'][] = $recipient;
 842                      $recipientids .= $comma.$recipient;
 843                      $comma = ',';
 844                  }
 845              }
 846  
 847              if(!empty($recipientids))
 848              {
 849                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 850                  while($user = $db->fetch_array($query))
 851                  {
 852                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 853                      {
 854                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 855                      }
 856                      else
 857                      {
 858                          $to .= htmlspecialchars_uni($user['username']).', ';
 859                      }
 860                  }
 861              }
 862          }
 863          else
 864          {
 865              // forward/reply
 866              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 867              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 868              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 869  
 870              require_once  MYBB_ROOT."inc/functions_posting.php";
 871  
 872              if($mybb->settings['maxpmquotedepth'] != '0')
 873              {
 874                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 875              }
 876  
 877              if($mybb->input['do'] == 'forward')
 878              {
 879                  $subject = "Fw: $subject";
 880              }
 881              elseif($mybb->input['do'] == 'reply')
 882              {
 883                  $subject = "Re: $subject";
 884                  $uid = $pm['fromid'];
 885                  if($mybb->user['uid'] == $uid)
 886                  {
 887                      $to = $mybb->user['username'];
 888                  }
 889                  else
 890                  {
 891                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 892                      $to = $db->fetch_field($query, 'username');
 893                  }
 894                  $to = htmlspecialchars_uni($to);
 895              }
 896              else if($mybb->input['do'] == 'replyall')
 897              {
 898                  $subject = "Re: $subject";
 899  
 900                  // Get list of recipients
 901                  $recipients = my_unserialize($pm['recipients']);
 902                  $recipientids = $pm['fromid'];
 903                  if(isset($recipients['to']) && is_array($recipients['to']))
 904                  {
 905                      foreach($recipients['to'] as $recipient)
 906                      {
 907                          if($recipient == $mybb->user['uid'])
 908                          {
 909                              continue;
 910                          }
 911                          $recipientids .= ','.$recipient;
 912                      }
 913                  }
 914                  $comma = '';
 915                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 916                  while($user = $db->fetch_array($query))
 917                  {
 918                      $to .= $comma.htmlspecialchars_uni($user['username']);
 919                      $comma = $lang->comma;
 920                  }
 921              }
 922          }
 923      }
 924  
 925      // New PM with recipient preset
 926      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 927      {
 928          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 929          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 930      }
 931  
 932      $max_recipients = '';
 933      if($mybb->usergroup['maxpmrecipients'] > 0)
 934      {
 935          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 936      }
 937  
 938      if($send_errors)
 939      {
 940          $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
 941          $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));
 942      }
 943  
 944      // Load the auto complete javascript if it is enabled.
 945      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 946  
 947      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 948      $do = $mybb->get_input('do');
 949      if($do != "forward" && $do != "reply" && $do != "replyall")
 950      {
 951          $do = '';
 952      }
 953  
 954      $buddy_select_to = $buddy_select_bcc = '';
 955      // See if it's actually worth showing the buddylist icon.
 956      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 957      {
 958          $buddy_select = 'to';
 959          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 960          $buddy_select = 'bcc';
 961          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 962      }
 963  
 964      // Hide tracking option if no permission
 965      $private_send_tracking = '';
 966      if($mybb->usergroup['cantrackpms'])
 967      {
 968          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 969      }
 970  
 971      $plugins->run_hooks("private_send_end");
 972  
 973      eval("\$send = \"".$templates->get("private_send")."\";");
 974      output_page($send);
 975  }
 976  
 977  if($mybb->input['action'] == "read")
 978  {
 979      $plugins->run_hooks("private_read");
 980  
 981      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 982  
 983      $query = $db->query("
 984          SELECT pm.*, u.*, f.*
 985          FROM ".TABLE_PREFIX."privatemessages pm
 986          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 987          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 988          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 989      ");
 990      $pm = $db->fetch_array($query);
 991  
 992      if(!$pm)
 993      {
 994          error($lang->error_invalidpm);
 995      }
 996  
 997      if($pm['folder'] == 3)
 998      {
 999          header("Location: private.php?action=send&pmid={$pm['pmid']}");
1000          exit;
1001      }
1002  
1003      // If we've gotten a PM, attach the group info
1004      $data_key = array(
1005          'title' => 'grouptitle',
1006          'usertitle' => 'groupusertitle',
1007          'stars' => 'groupstars',
1008          'starimage' => 'groupstarimage',
1009          'image' => 'groupimage',
1010          'namestyle' => 'namestyle'
1011      );
1012  
1013      foreach($data_key as $field => $key)
1014      {
1015          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1016      }
1017  
1018      if($pm['receipt'] == 1)
1019      {
1020          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1021          {
1022              $receiptadd = 0;
1023          }
1024          else
1025          {
1026              $receiptadd = 2;
1027          }
1028      }
1029  
1030      $action_time = '';
1031      if($pm['status'] == 0)
1032      {
1033          $time = TIME_NOW;
1034          $updatearray = array(
1035              'status' => 1,
1036              'readtime' => $time
1037          );
1038  
1039          if(isset($receiptadd))
1040          {
1041              $updatearray['receipt'] = $receiptadd;
1042          }
1043  
1044          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1045  
1046          // Update the unread count - it has now changed.
1047          update_pm_count($mybb->user['uid'], 6);
1048  
1049          // Update PM notice value if this is our last unread PM
1050          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1051          {
1052              $updated_user = array(
1053                  "pmnotice" => 1
1054              );
1055              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1056          }
1057      }
1058      // Replied PM?
1059      else if($pm['status'] == 3 && $pm['statustime'])
1060      {
1061          $reply_string = $lang->you_replied_on;
1062          $reply_date = my_date('relative', $pm['statustime']);
1063  
1064          if((TIME_NOW - $pm['statustime']) < 3600)
1065          {
1066              // Relative string for the first hour
1067              $reply_string = $lang->you_replied;
1068          }
1069  
1070          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1071          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1072      }
1073      else if($pm['status'] == 4 && $pm['statustime'])
1074      {
1075          $forward_string = $lang->you_forwarded_on;
1076          $forward_date = my_date('relative', $pm['statustime']);
1077  
1078          if((TIME_NOW - $pm['statustime']) < 3600)
1079          {
1080              $forward_string = $lang->you_forwarded;
1081          }
1082  
1083          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1084          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1085      }
1086  
1087      $pm['userusername'] = $pm['username'];
1088      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1089  
1090      if($pm['fromid'] == 0)
1091      {
1092          $pm['username'] = $lang->mybb_engine;
1093      }
1094  
1095      if(!$pm['username'])
1096      {
1097          $pm['username'] = $lang->na;
1098      }
1099  
1100      // Fetch the recipients for this message
1101      $pm['recipients'] = my_unserialize($pm['recipients']);
1102  
1103      if(isset($pm['recipients']['to']) && is_array($pm['recipients']['to']))
1104      {
1105          $uid_sql = implode(',', $pm['recipients']['to']);
1106      }
1107      else
1108      {
1109          $uid_sql = $pm['toid'];
1110          $pm['recipients']['to'] = array($pm['toid']);
1111      }
1112  
1113      $show_bcc = 0;
1114  
1115      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1116      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1117      {
1118          $show_bcc = 1;
1119          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1120      }
1121  
1122      // Fetch recipient names from the database
1123      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1124      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1125      while($recipient = $db->fetch_array($query))
1126      {
1127          // User is a BCC recipient
1128          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1129          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1130          {
1131              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1132              $bcc_form_val[] = $recipient['username'];
1133          }
1134          // User is a normal recipient
1135          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1136          {
1137              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1138          }
1139      }
1140  
1141      $bcc = '';
1142      if(count($bcc_recipients) > 0)
1143      {
1144          $bcc_recipients = implode(', ', $bcc_recipients);
1145          $bcc_form_val = implode(',', $bcc_form_val);
1146          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1147      }
1148      else
1149      {
1150          $bcc_form_val = '';
1151      }
1152  
1153      $replyall = false;
1154      if(count($to_recipients) > 1)
1155      {
1156          $replyall = true;
1157      }
1158  
1159      if(count($to_recipients) > 0)
1160      {
1161          $to_recipients = implode($lang->comma, $to_recipients);
1162      }
1163      else
1164      {
1165          $to_recipients = $lang->nobody;
1166      }
1167  
1168      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1169  
1170      add_breadcrumb($pm['subject']);
1171      $message = build_postbit($pm, 2);
1172  
1173      // Decide whether or not to show quick reply.
1174      $quickreply = '';
1175      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1176      {
1177          $trow = alt_trow();
1178  
1179          $optionschecked = array('savecopy' => 'checked="checked"', 'signature' => '', 'disablesmilies' => '');
1180          if(!empty($mybb->user['signature']))
1181          {
1182              $optionschecked['signature'] = 'checked="checked"';
1183          }
1184          if($mybb->usergroup['cantrackpms'] == 1)
1185          {
1186              $optionschecked['readreceipt'] = 'checked="checked"';
1187          }
1188  
1189          require_once  MYBB_ROOT.'inc/functions_posting.php';
1190  
1191          $quoted_message = array(
1192              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1193              'username' => $pm['username'],
1194              'quote_is_pm' => true
1195          );
1196          $quoted_message = parse_quoted_message($quoted_message);
1197  
1198          if($mybb->settings['maxpmquotedepth'] != '0')
1199          {
1200              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1201          }
1202  
1203          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1204  
1205          if($mybb->user['uid'] == $pm['fromid'])
1206          {
1207              $to = htmlspecialchars_uni($mybb->user['username']);
1208          }
1209          else
1210          {
1211              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1212              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1213          }
1214  
1215          $private_send_tracking = '';
1216          if($mybb->usergroup['cantrackpms'])
1217          {
1218              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1219  
1220              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1221          }
1222  
1223          $postoptionschecked = $optionschecked; // Backwards compatability instead of correcting variable used in template
1224  
1225          if(!isset($collapsedthead['quickreply']))
1226          {
1227              $collapsedthead['quickreply'] = '';
1228          }
1229          if(!isset($collapsedimg['quickreply']))
1230          {
1231              $collapsedimg['quickreply'] = '';
1232          }
1233          if(!isset($collapsed['quickreply_e']))
1234          {
1235              $collapsed['quickreply_e'] = '';
1236          }
1237  
1238          $expaltext = (in_array("quickreply", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse;
1239          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1240      }
1241  
1242      $plugins->run_hooks("private_read_end");
1243  
1244      eval("\$read = \"".$templates->get("private_read")."\";");
1245      output_page($read);
1246  }
1247  
1248  if($mybb->input['action'] == "tracking")
1249  {
1250      if(!$mybb->usergroup['cantrackpms'])
1251      {
1252          error_no_permission();
1253      }
1254  
1255      $plugins->run_hooks("private_tracking_start");
1256      $readmessages = '';
1257      $unreadmessages = '';
1258  
1259      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1260      {
1261          $mybb->settings['postsperpage'] = 20;
1262      }
1263  
1264      // Figure out if we need to display multiple pages.
1265      $perpage = $mybb->settings['postsperpage'];
1266  
1267      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1268      $postcount = $db->fetch_field($query, "readpms");
1269  
1270      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1271      $pages = $postcount / $perpage;
1272      $pages = ceil($pages);
1273  
1274      if($mybb->get_input('read_page') == "last")
1275      {
1276          $page = $pages;
1277      }
1278  
1279      if($page > $pages || $page <= 0)
1280      {
1281          $page = 1;
1282      }
1283  
1284      if($page)
1285      {
1286          $start = ($page-1) * $perpage;
1287      }
1288      else
1289      {
1290          $start = 0;
1291          $page = 1;
1292      }
1293  
1294      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1295  
1296      $query = $db->query("
1297          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1298          FROM ".TABLE_PREFIX."privatemessages pm
1299          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1300          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1301          ORDER BY pm.readtime DESC
1302          LIMIT {$start}, {$perpage}
1303      ");
1304      while($readmessage = $db->fetch_array($query))
1305      {
1306          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1307          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1308          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1309          $readdate = my_date('relative', $readmessage['readtime']);
1310          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1311      }
1312  
1313      $stoptrackingread = '';
1314      if(!empty($readmessages))
1315      {
1316          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1317      }
1318  
1319      if(!$readmessages)
1320      {
1321          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1322      }
1323  
1324      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1325      $postcount = $db->fetch_field($query, "unreadpms");
1326  
1327      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1328      $pages = $postcount / $perpage;
1329      $pages = ceil($pages);
1330  
1331      if($mybb->get_input('unread_page') == "last")
1332      {
1333          $page = $pages;
1334      }
1335  
1336      if($page > $pages || $page <= 0)
1337      {
1338          $page = 1;
1339      }
1340  
1341      if($page)
1342      {
1343          $start = ($page-1) * $perpage;
1344      }
1345      else
1346      {
1347          $start = 0;
1348          $page = 1;
1349      }
1350  
1351      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1352  
1353      $query = $db->query("
1354          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1355          FROM ".TABLE_PREFIX."privatemessages pm
1356          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1357          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1358          ORDER BY pm.dateline DESC
1359          LIMIT {$start}, {$perpage}
1360      ");
1361      while($unreadmessage = $db->fetch_array($query))
1362      {
1363          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1364          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1365          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1366          $senddate = my_date('relative', $unreadmessage['dateline']);
1367          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1368      }
1369  
1370      $stoptrackingunread = '';
1371      if(!empty($unreadmessages))
1372      {
1373          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1374      }
1375  
1376      if(!$unreadmessages)
1377      {
1378          $lang->no_readmessages = $lang->no_unreadmessages;
1379          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1380      }
1381  
1382      $plugins->run_hooks("private_tracking_end");
1383  
1384      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1385      output_page($tracking);
1386  }
1387  
1388  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1389  {
1390      // Verify incoming POST request
1391      verify_post_check($mybb->get_input('my_post_key'));
1392  
1393      $plugins->run_hooks("private_do_tracking_start");
1394  
1395      if(!empty($mybb->input['stoptracking']))
1396      {
1397          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1398          if(!empty($mybb->input['readcheck']))
1399          {
1400              foreach($mybb->input['readcheck'] as $key => $val)
1401              {
1402                  $sql_array = array(
1403                      "receipt" => 0
1404                  );
1405                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1406              }
1407          }
1408          $plugins->run_hooks("private_do_tracking_end");
1409          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1410      }
1411      elseif(!empty($mybb->input['stoptrackingunread']))
1412      {
1413          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1414          if(!empty($mybb->input['unreadcheck']))
1415          {
1416              foreach($mybb->input['unreadcheck'] as $key => $val)
1417              {
1418                  $sql_array = array(
1419                      "receipt" => 0
1420                  );
1421                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1422              }
1423          }
1424          $plugins->run_hooks("private_do_tracking_end");
1425          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1426      }
1427      elseif(!empty($mybb->input['cancel']))
1428      {
1429          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1430          if(!empty($mybb->input['unreadcheck']))
1431          {
1432              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1433              {
1434                  $pmids[$pmid] = (int)$pmid;
1435              }
1436  
1437              $pmids = implode(",", $pmids);
1438              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1439              while($pm = $db->fetch_array($query))
1440              {
1441                  $pmuids[$pm['uid']] = $pm['uid'];
1442              }
1443  
1444              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1445              foreach($pmuids as $uid)
1446              {
1447                  // Message is canceled, update PM count for this user
1448                  update_pm_count($uid);
1449              }
1450          }
1451          $plugins->run_hooks("private_do_tracking_end");
1452          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1453      }
1454  }
1455  
1456  if($mybb->input['action'] == "stopalltracking")
1457  {
1458      // Verify incoming POST request
1459      verify_post_check($mybb->get_input('my_post_key'));
1460  
1461      $plugins->run_hooks("private_stopalltracking_start");
1462  
1463      $sql_array = array(
1464          "receipt" => 0
1465      );
1466      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1467  
1468      $plugins->run_hooks("private_stopalltracking_end");
1469      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1470  }
1471  
1472  if($mybb->input['action'] == "folders")
1473  {
1474      $plugins->run_hooks("private_folders_start");
1475  
1476      $folderlist = '';
1477      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1478      foreach($foldersexploded as $key => $folders)
1479      {
1480          $folderinfo = explode("**", $folders, 2);
1481          $foldername = $folderinfo[1];
1482          $fid = $folderinfo[0];
1483          $foldername = get_pm_folder_name($fid, $foldername);
1484  
1485          if((int)$folderinfo[0] < 5)
1486          {
1487              $foldername2 = get_pm_folder_name($fid);
1488              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1489              unset($name);
1490          }
1491          else
1492          {
1493              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1494          }
1495      }
1496  
1497      $newfolders = '';
1498      for($i = 1; $i <= 5; ++$i)
1499      {
1500          $fid = "new$i";
1501          $foldername = '';
1502          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1503      }
1504  
1505      $plugins->run_hooks("private_folders_end");
1506  
1507      eval("\$folders = \"".$templates->get("private_folders")."\";");
1508      output_page($folders);
1509  }
1510  
1511  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1512  {
1513      // Verify incoming POST request
1514      verify_post_check($mybb->get_input('my_post_key'));
1515  
1516      $plugins->run_hooks("private_do_folders_start");
1517  
1518      $highestid = 2;
1519      $folders = '';
1520      $donefolders = array();
1521      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1522      foreach($mybb->input['folder'] as $key => $val)
1523      {
1524          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1525          {
1526              if(my_substr($key, 0, 3) == "new") // Create a new folder
1527              {
1528                  ++$highestid;
1529                  $fid = (int)$highestid;
1530              }
1531              else // Editing an existing folder
1532              {
1533                  if($key > $highestid)
1534                  {
1535                      $highestid = $key;
1536                  }
1537  
1538                  $fid = (int)$key;
1539                  // Use default language strings if empty or value is language string
1540                  if($val == get_pm_folder_name($fid) || trim($val) == '')
1541                  {
1542                      $val = '';
1543                  }
1544              }
1545  
1546              if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4))
1547              {
1548                  // If the name only contains whitespace and it's not a default folder, print an error
1549                  error($lang->error_emptypmfoldername);
1550              }
1551  
1552              if($val != '' || (is_numeric($key) && $key <= 4))
1553              {
1554                  // If there is a name or if this is a default folder, save it
1555                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1556  
1557                  if(my_strpos($foldername, "$%%$") === false)
1558                  {
1559                      if($folders != '')
1560                      {
1561                          $folders .= "$%%$";
1562                      }
1563                      $folders .= "$fid**$foldername";
1564                  }
1565                  else
1566                  {
1567                      error($lang->error_invalidpmfoldername);
1568                  }
1569              }
1570              else
1571              {
1572                  // Delete PMs from the folder
1573                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1574              }
1575          }
1576      }
1577  
1578      $sql_array = array(
1579          "pmfolders" => $folders
1580      );
1581      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1582  
1583      // Update PM count
1584      update_pm_count();
1585  
1586      $plugins->run_hooks("private_do_folders_end");
1587  
1588      redirect("private.php", $lang->redirect_pmfoldersupdated);
1589  }
1590  
1591  if($mybb->input['action'] == "empty")
1592  {
1593      if($mybb->user['totalpms'] == 0)
1594      {
1595          error($lang->error_nopms);
1596      }
1597  
1598      $plugins->run_hooks("private_empty_start");
1599  
1600      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1601      $folderlist = '';
1602      foreach($foldersexploded as $key => $folders)
1603      {
1604          $folderinfo = explode("**", $folders, 2);
1605          $unread = ''; 
1606          $fid = $folderinfo[0];
1607          if($folderinfo[0] == "1")
1608          {
1609              $fid = "1";
1610              $unread = " AND status='0'";
1611          }
1612          if($folderinfo[0] == "0")
1613          {
1614              $fid = "1";
1615          }
1616          $foldername = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1617          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid'$unread AND uid='".$mybb->user['uid']."'");
1618          $thing = $db->fetch_array($query);
1619          $foldercount = my_number_format($thing['pmsinfolder']);
1620          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1621      }
1622  
1623      $plugins->run_hooks("private_empty_end");
1624  
1625      eval("\$folders = \"".$templates->get("private_empty")."\";");
1626      output_page($folders);
1627  }
1628  
1629  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1630  {
1631      // Verify incoming POST request
1632      verify_post_check($mybb->get_input('my_post_key'));
1633  
1634      $plugins->run_hooks("private_do_empty_start");
1635  
1636      $emptyq = '';
1637      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1638      $keepunreadq = '';
1639      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1640      {
1641          $keepunreadq = " AND status!='0'";
1642      }
1643      if(!empty($mybb->input['empty']))
1644      {
1645          foreach($mybb->input['empty'] as $key => $val)
1646          {
1647              if($val == 1)
1648              {
1649                  $key = (int)$key;
1650                  if($emptyq)
1651                  {
1652                      $emptyq .= " OR ";
1653                  }
1654                  $emptyq .= "folder='$key'";
1655              }
1656          }
1657  
1658          if($emptyq != '')
1659          {
1660              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1661          }
1662      }
1663  
1664      // Update PM count
1665      update_pm_count();
1666  
1667      $plugins->run_hooks("private_do_empty_end");
1668      redirect("private.php", $lang->redirect_pmfoldersemptied);
1669  }
1670  
1671  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1672  {
1673      // Verify incoming POST request
1674      verify_post_check($mybb->get_input('my_post_key'));
1675  
1676      $plugins->run_hooks("private_do_stuff");
1677  
1678      if(!empty($mybb->input['hop']))
1679      {
1680          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1681      }
1682      elseif(!empty($mybb->input['moveto']))
1683      {
1684          $pms = array_map('intval', array_keys($mybb->get_input('check', MyBB::INPUT_ARRAY)));
1685          if(!empty($pms))
1686          {
1687              if(!$mybb->input['fid'])
1688              {
1689                  $mybb->input['fid'] = 1;
1690              }
1691  
1692              if(array_key_exists($mybb->input['fid'], $foldernames))
1693              {
1694                  $db->update_query("privatemessages", array("folder" => $mybb->input['fid']), "pmid IN (".implode(",", $pms).") AND uid='".$mybb->user['uid']."'");
1695                  update_pm_count();
1696              }
1697              else
1698              {
1699                  error($lang->error_invalidmovefid);
1700              }
1701          }
1702  
1703          if(!empty($mybb->input['fromfid']))
1704          {
1705              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1706          }
1707          else
1708          {
1709              redirect("private.php", $lang->redirect_pmsmoved);
1710          }
1711      }
1712      elseif(!empty($mybb->input['delete']))
1713      {
1714          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1715          if(!empty($mybb->input['check']))
1716          {
1717              $pmssql = '';
1718              foreach($mybb->input['check'] as $key => $val)
1719              {
1720                  if($pmssql)
1721                  {
1722                      $pmssql .= ",";
1723                  }
1724                  $pmssql .= "'".(int)$key."'";
1725              }
1726  
1727              $deletepms = array();
1728              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1729              while($delpm = $db->fetch_array($query))
1730              {
1731                  $deletepms[$delpm['pmid']] = 1;
1732              }
1733  
1734              foreach($mybb->input['check'] as $key => $val)
1735              {
1736                  $key = (int)$key;
1737                  if(!empty($deletepms[$key]))
1738                  {
1739                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1740                  }
1741                  else
1742                  {
1743                      $sql_array = array(
1744                          "folder" => 4,
1745                          "deletetime" => TIME_NOW
1746                      );
1747                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1748                  }
1749              }
1750          }
1751          // Update PM count
1752          update_pm_count();
1753  
1754          if(!empty($mybb->input['fromfid']))
1755          {
1756              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1757          }
1758          else
1759          {
1760              redirect("private.php", $lang->redirect_pmsdeleted);
1761          }
1762      }
1763  }
1764  
1765  if($mybb->input['action'] == "delete")
1766  {
1767      // Verify incoming POST request
1768      verify_post_check($mybb->get_input('my_post_key'));
1769  
1770      $plugins->run_hooks("private_delete_start");
1771  
1772      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1773      if($db->num_rows($query) == 1)
1774      {
1775          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1776      }
1777      else
1778      {
1779          $sql_array = array(
1780              "folder" => 4,
1781              "deletetime" => TIME_NOW
1782          );
1783          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1784      }
1785  
1786      // Update PM count
1787      update_pm_count();
1788  
1789      $plugins->run_hooks("private_delete_end");
1790      redirect("private.php", $lang->redirect_pmsdeleted);
1791  }
1792  
1793  if($mybb->input['action'] == "export")
1794  {
1795      if($mybb->user['totalpms'] == 0)
1796      {
1797          error($lang->error_nopms);
1798      }
1799  
1800      $plugins->run_hooks("private_export_start");
1801  
1802      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1803      $folder_name = $folder_id = '';
1804      foreach($foldersexploded as $key => $folders)
1805      {
1806          $folderinfo = explode("**", $folders, 2);
1807          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1808  
1809          $folder_id = $folderinfo[0];
1810          $folder_name = $folderinfo[1];
1811  
1812          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1813      }
1814  
1815      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1816  
1817      $plugins->run_hooks("private_export_end");
1818  
1819      eval("\$archive = \"".$templates->get("private_archive")."\";");
1820  
1821      output_page($archive);
1822  }
1823  
1824  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1825  {
1826      // Verify incoming POST request
1827      verify_post_check($mybb->get_input('my_post_key'));
1828  
1829      $plugins->run_hooks("private_do_export_start");
1830  
1831      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1832      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1833      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1834      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1835      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1836      foreach($foldersexploded as $key => $folders)
1837      {
1838          $folderinfo = explode("**", $folders, 2);
1839          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1840          $foldersexploded[$key] = implode("**", $folderinfo);
1841      }
1842  
1843      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1844      {
1845          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1846      }
1847      else
1848      {
1849          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1850          {
1851              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1852              $wsql = "pm.dateline";
1853              if($mybb->get_input('dayway') == "older")
1854              {
1855                  $wsql .= "<=";
1856              }
1857              else
1858              {
1859                  $wsql .= ">=";
1860              }
1861              $wsql .= "'$datecut'";
1862          }
1863          else
1864          {
1865              $wsql = "1=1";
1866          }
1867  
1868          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1869          if(!empty($mybb->input['exportfolders']))
1870          {
1871              $folderlst = '';
1872              foreach($mybb->input['exportfolders'] as $key => $val)
1873              {
1874                  $val = $db->escape_string($val);
1875                  if($val == "all")
1876                  {
1877                      $folderlst = '';
1878                      break;
1879                  }
1880                  else
1881                  {
1882                      if(!$folderlst)
1883                      {
1884                          $folderlst = " AND pm.folder IN ('$val'";
1885                      }
1886                      else
1887                      {
1888                          $folderlst .= ",'$val'";
1889                      }
1890                  }
1891              }
1892              if($folderlst)
1893              {
1894                  $folderlst .= ")";
1895              }
1896              $wsql .= "$folderlst";
1897          }
1898          else
1899          {
1900              error($lang->error_pmnoarchivefolders);
1901          }
1902  
1903          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1904          {
1905              $wsql .= " AND pm.status!='0'";
1906          }
1907      }
1908      $query = $db->query("
1909          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1910          FROM ".TABLE_PREFIX."privatemessages pm
1911          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1912          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1913          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1914          ORDER BY pm.folder ASC, pm.dateline DESC
1915      ");
1916      $numpms = $db->num_rows($query);
1917      if(!$numpms)
1918      {
1919          error($lang->error_nopmsarchive);
1920      }
1921  
1922      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1923  
1924      $pmsdownload = $ids = '';
1925      while($message = $db->fetch_array($query))
1926      {
1927          if($message['folder'] == 2 || $message['folder'] == 3)
1928          { // Sent Items or Drafts Folder Check
1929              if($message['toid'])
1930              {
1931                  $tofromuid = $message['toid'];
1932                  if($mybb->input['exporttype'] == "txt")
1933                  {
1934                      $tofromusername = $message['tousername'];
1935                  }
1936                  else
1937                  {
1938                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1939                  }
1940              }
1941              else
1942              {
1943                  $tofromusername = $lang->not_sent;
1944              }
1945              $tofrom = $lang->to;
1946          }
1947          else
1948          {
1949              $tofromuid = $message['fromid'];
1950              if($mybb->input['exporttype'] == "txt")
1951              {
1952                  $tofromusername = $message['fromusername'];
1953              }
1954              else
1955              {
1956                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1957              }
1958  
1959              if($tofromuid == 0)
1960              {
1961                  $tofromusername = $lang->mybb_engine;
1962              }
1963              $tofrom = $lang->from;
1964          }
1965  
1966          if($tofromuid == 0)
1967          {
1968              $message['fromusername'] = $lang->mybb_engine;
1969          }
1970  
1971          if(!$message['toid'] && $message['folder'] == 3)
1972          {
1973              $message['tousername'] = $lang->not_sent;
1974          }
1975  
1976          $message['subject'] = $parser->parse_badwords($message['subject']);
1977          if($message['folder'] != "3")
1978          {
1979              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1980              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1981              $senddate .= " $lang->at $sendtime";
1982          }
1983          else
1984          {
1985              $senddate = $lang->not_sent;
1986          }
1987  
1988          if($mybb->input['exporttype'] == "html")
1989          {
1990              $parser_options = array(
1991                  "allow_html" => $mybb->settings['pmsallowhtml'],
1992                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1993                  "allow_smilies" => 0,
1994                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1995                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1996                  "me_username" => $mybb->user['username'],
1997                  "filter_badwords" => 1
1998              );
1999  
2000              $message['message'] = $parser->parse_message($message['message'], $parser_options);
2001              $message['subject'] = htmlspecialchars_uni($message['subject']);
2002          }
2003  
2004          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
2005          {
2006              $message['message'] = str_replace("\r\n", "\n", $message['message']);
2007              $message['message'] = str_replace("\n", "\r\n", $message['message']);
2008          }
2009  
2010          if($mybb->input['exporttype'] == "csv")
2011          {
2012              $message['message'] = my_escape_csv($message['message']);
2013              $message['subject'] = my_escape_csv($message['subject']);
2014              $message['tousername'] = my_escape_csv($message['tousername']);
2015              $message['fromusername'] = my_escape_csv($message['fromusername']);
2016          }
2017  
2018          if(empty($donefolder[$message['folder']]))
2019          {
2020              reset($foldersexploded);
2021              foreach($foldersexploded as $key => $val)
2022              {
2023                  $folderinfo = explode("**", $val, 2);
2024                  if($folderinfo[0] == $message['folder'])
2025                  {
2026                      $foldername = $folderinfo[1];
2027                      if($mybb->input['exporttype'] != "csv")
2028                      {
2029                          if($mybb->input['exporttype'] != "html")
2030                          {
2031                              $mybb->input['exporttype'] == "txt";
2032                          }
2033                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2034                      }
2035                      else
2036                      {
2037                          $foldername = my_escape_csv($folderinfo[1]);
2038                      }
2039                      $donefolder[$message['folder']] = 1;
2040                  }
2041              }
2042          }
2043  
2044          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2045          $ids .= ",'{$message['pmid']}'";
2046      }
2047  
2048      if($mybb->input['exporttype'] == "html")
2049      {
2050          // Gather global stylesheet for HTML
2051          $css_tid = empty($theme['tid']) ? '' : "'". (int)$theme['tid'] ."',";
2052          $query = $db->simple_select("themestylesheets", "stylesheet", "tid in ({$css_tid}'2','1') AND name = 'global.css'", array('order_by' => 'tid', 'order_dir' => 'DESC', 'limit' => 1));
2053          $css = $db->fetch_field($query, "stylesheet");
2054      }
2055  
2056      $plugins->run_hooks("private_do_export_end");
2057  
2058      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2059      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2060      { // delete the archived pms
2061          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2062          // Update PM count
2063          update_pm_count();
2064      }
2065  
2066      if($mybb->input['exporttype'] == "html")
2067      {
2068          $filename = "pm-archive.html";
2069          $contenttype = "text/html";
2070      }
2071      elseif($mybb->input['exporttype'] == "csv")
2072      {
2073          $filename = "pm-archive.csv";
2074          $contenttype = "application/octet-stream";
2075      }
2076      else
2077      {
2078          $filename = "pm-archive.txt";
2079          $contenttype = "text/plain";
2080      }
2081  
2082      $archived = str_replace("\\\'","'",$archived);
2083      header("Content-disposition: filename=$filename");
2084      header("Content-type: ".$contenttype);
2085  
2086      if($mybb->input['exporttype'] == "html")
2087      {
2088          output_page($archived);
2089      }
2090      else
2091      {
2092          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2093          echo $archived;
2094      }
2095  }
2096  
2097  if(!$mybb->input['action'])
2098  {
2099      $plugins->run_hooks("private_inbox");
2100  
2101      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2102      {
2103          $mybb->input['fid'] = 0;
2104      }
2105  
2106      $fid = (int)$mybb->input['fid'];
2107      $folder = !$fid ? 1 : $fid;
2108      $foldername = $foldernames[$fid];
2109  
2110      if($folder == 2 || $folder == 3)
2111      { // Sent Items Folder
2112          $sender = $lang->sentto;
2113      }
2114      else
2115      {
2116          $sender = $lang->sender;
2117      }
2118  
2119      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2120      $ordersel = array('asc' => '', 'desc');
2121      switch(my_strtolower($mybb->input['order']))
2122      {
2123          case "asc":
2124              $sortordernow = "asc";
2125              $ordersel['asc'] = "selected=\"selected\"";
2126              $oppsort = $lang->desc;
2127              $oppsortnext = "desc";
2128              break;
2129          default:
2130              $sortordernow = "desc";
2131              $ordersel['desc'] = "selected=\"selected\"";
2132              $oppsort = $lang->asc;
2133              $oppsortnext = "asc";
2134              break;
2135      }
2136  
2137      // Sort by which field?
2138      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2139      switch($mybb->get_input('sortby'))
2140      {
2141          case "subject":
2142              $sortfield = "subject";
2143              break;
2144          case "username":
2145              $sortfield = "username";
2146              break;
2147          default:
2148              $sortby = "dateline";
2149              $sortfield = "dateline";
2150              $mybb->input['sortby'] = "dateline";
2151              break;
2152      }
2153      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2154      $sortsel[$sortby] = "selected=\"selected\"";
2155  
2156      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2157  
2158      // Do Multi Pages
2159      $selective = "";
2160      if($fid == 1)
2161      {
2162          $selective = " AND status='0'";
2163      }
2164  
2165      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'$selective");
2166      $pmscount = $db->fetch_field($query, "total");
2167  
2168      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2169      {
2170          $mybb->settings['threadsperpage'] = 20;
2171      }
2172  
2173      $perpage = $mybb->settings['threadsperpage'];
2174      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2175  
2176      if($page > 0)
2177      {
2178          $start = ($page-1) *$perpage;
2179          $pages = ceil($pmscount / $perpage);
2180          if($page > $pages)
2181          {
2182              $start = 0;
2183              $page = 1;
2184          }
2185      }
2186      else
2187      {
2188          $start = 0;
2189          $page = 1;
2190      }
2191  
2192      $end = $start + $perpage;
2193      $lower = $start+1;
2194      $upper = $end;
2195  
2196      if($upper > $pmscount)
2197      {
2198          $upper = $pmscount;
2199      }
2200  
2201      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2202      {
2203          $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}";
2204      }
2205      else
2206      {
2207          $page_url = "private.php?fid={$fid}";
2208      }
2209  
2210      $multipage = multipage($pmscount, $perpage, $page, $page_url);
2211      $selective = $messagelist = '';
2212  
2213      $icon_cache = $cache->read("posticons");
2214  
2215      // Cache users in multiple recipients for sent & drafts folder
2216      if($folder == 2 || $folder == 3)
2217      {
2218          if($sortfield == "username")
2219          {
2220              $u = "u.";
2221          }
2222          else
2223          {
2224              $u = "pm.";
2225          }
2226  
2227          // Get all recipients into an array
2228          $cached_users = $get_users = array();
2229          $users_query = $db->query("
2230              SELECT pm.recipients
2231              FROM ".TABLE_PREFIX."privatemessages pm
2232              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2233              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2234              ORDER BY {$u}{$sortfield} {$sortordernow}
2235              LIMIT {$start}, {$perpage}
2236          ");
2237          while($row = $db->fetch_array($users_query))
2238          {
2239              $recipients = my_unserialize($row['recipients']);
2240              if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to']))
2241              {
2242                  $get_users = array_merge($get_users, $recipients['to']);
2243              }
2244  
2245              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2246              {
2247                  $get_users = array_merge($get_users, $recipients['bcc']);
2248              }
2249          }
2250  
2251          $get_users = implode(',', array_unique($get_users));
2252  
2253          // Grab info
2254          if($get_users)
2255          {
2256              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2257              while($user = $db->fetch_array($users_query))
2258              {
2259                  $cached_users[$user['uid']] = $user;
2260              }
2261          }
2262      }
2263  
2264      if($folder == 2 || $folder == 3)
2265      {
2266          if($sortfield == "username")
2267          {
2268              $pm = "tu.";
2269          }
2270          else
2271          {
2272              $pm = "pm.";
2273          }
2274      }
2275      else
2276      {
2277          if($fid == 1)
2278          {
2279              $selective = " AND pm.status='0'";
2280          }
2281  
2282          if($sortfield == "username")
2283          {
2284              $pm = "fu.";
2285          }
2286          else
2287          {
2288              $pm = "pm.";
2289          }
2290      }
2291  
2292      $query = $db->query("
2293          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2294          FROM ".TABLE_PREFIX."privatemessages pm
2295          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2296          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2297          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective}
2298          ORDER BY {$pm}{$sortfield} {$sortordernow}
2299          LIMIT $start, $perpage
2300      ");
2301  
2302      if($db->num_rows($query) > 0)
2303      {
2304          $bgcolor = alt_trow(true);
2305          while($message = $db->fetch_array($query))
2306          {
2307              $msgalt = $msgstatus = '';
2308  
2309              // Determine Folder Icon
2310              if($message['status'] == 0)
2311              {
2312                  $msgstatus = 'new_pm';
2313                  $msgalt = $lang->new_pm;
2314              }
2315              else if($message['status'] == 1)
2316              {
2317                  $msgstatus = 'old_pm';
2318                  $msgalt = $lang->old_pm;
2319              }
2320              else if($message['status'] == 3)
2321              {
2322                  $msgstatus = 're_pm';
2323                  $msgalt = $lang->reply_pm;
2324              }
2325              else if($message['status'] == 4)
2326              {
2327                  $msgstatus = 'fw_pm';
2328                  $msgalt = $lang->fwd_pm;
2329              }
2330  
2331              $tofromuid = 0;
2332              if($folder == 2 || $folder == 3)
2333              { // Sent Items or Drafts Folder Check
2334                  $recipients = my_unserialize($message['recipients']);
2335                  $to_users = $bcc_users = '';
2336                  if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2337                  {
2338                      foreach($recipients['to'] as $uid)
2339                      {
2340                          if(!isset($cached_users[$uid]))
2341                          {
2342                              continue;
2343                          }
2344                          $profilelink = get_profile_link($uid);
2345                          $user = $cached_users[$uid];
2346                          $user['username'] = htmlspecialchars_uni($user['username']);
2347                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2348                          if(!$user['username'])
2349                          {
2350                              $username = $lang->na;
2351                          }
2352                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2353                      }
2354                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2355                      {
2356                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2357                          foreach($recipients['bcc'] as $uid)
2358                          {
2359                              if(!isset($cached_users[$uid]))
2360                              {
2361                                  continue;
2362                              }
2363                              $profilelink = get_profile_link($uid);
2364                              $user = $cached_users[$uid];
2365                              $user['username'] = htmlspecialchars_uni($user['username']);
2366                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2367                              if(!$user['username'])
2368                              {
2369                                  $username = $lang->na;
2370                              }
2371                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2372                          }
2373                      }
2374  
2375                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2376                  }
2377                  else if($message['toid'])
2378                  {
2379                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2380                      $tofromuid = $message['toid'];
2381                  }
2382                  else
2383                  {
2384                      $tofromusername = $lang->not_sent;
2385                  }
2386              }
2387              else
2388              {
2389                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2390                  $tofromuid = $message['fromid'];
2391                  if($tofromuid == 0)
2392                  {
2393                      $tofromusername = $lang->mybb_engine;
2394                  }
2395  
2396                  if(!$tofromusername)
2397                  {
2398                      $tofromuid = 0;
2399                      $tofromusername = $lang->na;
2400                  }
2401              }
2402  
2403              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2404  
2405              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2406              {
2407                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2408              }
2409              else
2410              {
2411                  $denyreceipt = '';
2412              }
2413  
2414              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2415              {
2416                  $icon = $icon_cache[$message['icon']];
2417                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2418                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2419                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2420                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2421              }
2422              else
2423              {
2424                  $icon = '&#009;';
2425              }
2426  
2427              if(!trim($message['subject']))
2428              {
2429                  $message['subject'] = $lang->pm_no_subject;
2430              }
2431  
2432              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2433              if($message['folder'] != "3")
2434              {
2435                  $senddate = my_date('relative', $message['dateline']);
2436              }
2437              else
2438              {
2439                  $senddate = $lang->not_sent;
2440              }
2441  
2442              $plugins->run_hooks("private_message");
2443  
2444              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2445              $bgcolor = alt_trow();
2446          }
2447      }
2448      else
2449      {
2450          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2451      }
2452  
2453      $pmspacebar = '';
2454      if($mybb->usergroup['pmquota'] != 0)
2455      {
2456          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2457          $pmscount = $db->fetch_array($query);
2458          if($pmscount['total'] == 0)
2459          {
2460              $spaceused = 0;
2461          }
2462          else
2463          {
2464              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2465          }
2466          $spaceused2 = 100 - $spaceused;
2467          $belowhalf = $overhalf = '';
2468          if($spaceused <= "50")
2469          {
2470              $spaceused_severity = "low";
2471              $belowhalf = round($spaceused, 0)."%";
2472              if((int)$belowhalf > 100)
2473              {
2474                  $belowhalf = "100%";
2475              }
2476          }
2477          else
2478          {
2479              if($spaceused <= "75")
2480              {
2481                  $spaceused_severity = "medium";
2482              }
2483  
2484              else
2485              {
2486                  $spaceused_severity = "high";
2487              }
2488  
2489              $overhalf = round($spaceused, 0)."%";
2490              if((int)$overhalf > 100)
2491              {
2492                  $overhalf = "100%";
2493              }
2494          }
2495  
2496          if($spaceused > 100)
2497          {
2498              $spaceused = 100;
2499              $spaceused2 = 0;
2500          }
2501  
2502          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2503      }
2504  
2505      $composelink = '';
2506      if($mybb->usergroup['cansendpms'] == 1)
2507      {
2508          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2509      }
2510  
2511      $emptyexportlink = '';
2512      if($mybb->user['totalpms'] > 0)
2513      {
2514          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2515      }
2516  
2517      $limitwarning = '';
2518      if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])
2519      {
2520          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2521      }
2522  
2523      $plugins->run_hooks("private_end");
2524  
2525      eval("\$folder = \"".$templates->get("private")."\";");
2526      output_page($folder);
2527  }