| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define("IGNORE_CLEAN_VARS", "sid"); 13 define('THIS_SCRIPT', 'private.php'); 14 15 $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop"; 16 $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop"; 17 $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start"; 18 $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read"; 19 $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder"; 20 $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink"; 21 $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link"; 22 $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home"; 23 $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find"; 24 $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm"; 25 26 require_once "./global.php"; 27 require_once MYBB_ROOT."inc/functions_post.php"; 28 require_once MYBB_ROOT."inc/functions_user.php"; 29 require_once MYBB_ROOT."inc/class_parser.php"; 30 $parser = new postParser; 31 32 // Load global language phrases 33 $lang->load("private"); 34 35 if($mybb->settings['enablepms'] == 0) 36 { 37 error($lang->pms_disabled); 38 } 39 40 if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0) 41 { 42 error_no_permission(); 43 } 44 45 $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT); 46 47 $folder_id = $folder_name = $folderjump_folder = $folderoplist_folder = $foldersearch_folder =''; 48 49 $foldernames = array(); 50 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 51 foreach($foldersexploded as $key => $folders) 52 { 53 $folderinfo = explode("**", $folders, 2); 54 if($mybb->input['fid'] == $folderinfo[0]) 55 { 56 $sel = ' selected="selected"'; 57 } 58 else 59 { 60 $sel = ''; 61 } 62 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 63 $foldernames[$folderinfo[0]] = $folderinfo[1]; 64 65 $folder_id = $folderinfo[0]; 66 $folder_name = $folderinfo[1]; 67 68 eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";"); 69 70 // Manipulate search folder selection & move selector to omit "Unread" 71 if($folder_id != 1) 72 { 73 if($folder_id == 0) 74 { 75 $folder_id = 1; 76 } 77 eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";"); 78 eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";"); 79 } 80 } 81 82 $from_fid = $mybb->input['fid']; 83 84 eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";"); 85 eval("\$folderoplist = \"".$templates->get("private_move")."\";"); 86 eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";"); 87 88 usercp_menu(); 89 90 $plugins->run_hooks("private_start"); 91 92 // Make navigation 93 add_breadcrumb($lang->nav_pms, "private.php"); 94 95 $mybb->input['action'] = $mybb->get_input('action'); 96 switch($mybb->input['action']) 97 { 98 case "send": 99 add_breadcrumb($lang->nav_send); 100 break; 101 case "tracking": 102 add_breadcrumb($lang->nav_tracking); 103 break; 104 case "folders": 105 add_breadcrumb($lang->nav_folders); 106 break; 107 case "empty": 108 add_breadcrumb($lang->nav_empty); 109 break; 110 case "export": 111 add_breadcrumb($lang->nav_export); 112 break; 113 case "advanced_search": 114 add_breadcrumb($lang->nav_search); 115 break; 116 case "results": 117 add_breadcrumb($lang->nav_results); 118 break; 119 } 120 121 if(!empty($mybb->input['preview'])) 122 { 123 $mybb->input['action'] = "send"; 124 } 125 126 if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post") 127 { 128 $plugins->run_hooks("private_do_search_start"); 129 130 // Simulate coming from our advanced search form with some preset options 131 if($mybb->get_input('quick_search')) 132 { 133 $mybb->input['action'] = "do_search"; 134 $mybb->input['subject'] = 1; 135 $mybb->input['message'] = 1; 136 $mybb->input['folder'] = $mybb->input['fid']; 137 unset($mybb->input['jumpto']); 138 unset($mybb->input['fromfid']); 139 } 140 141 // Check if search flood checking is enabled and user is not admin 142 if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1) 143 { 144 // Fetch the time this user last searched 145 $timecut = TIME_NOW-$mybb->settings['searchfloodtime']; 146 $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC")); 147 $last_search = $db->fetch_array($query); 148 // Users last search was within the flood time, show the error 149 if(isset($last_search['sid'])) 150 { 151 $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']); 152 if($remaining_time == 1) 153 { 154 $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']); 155 } 156 else 157 { 158 $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time); 159 } 160 error($lang->error_searchflooding); 161 } 162 } 163 164 if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1) 165 { 166 error($lang->error_nosearchresults); 167 } 168 169 if($mybb->get_input('message', MyBB::INPUT_INT) == 1) 170 { 171 $resulttype = "pmmessages"; 172 } 173 else 174 { 175 $resulttype = "pmsubjects"; 176 } 177 178 $search_data = array( 179 "keywords" => $mybb->get_input('keywords'), 180 "subject" => $mybb->get_input('subject', MyBB::INPUT_INT), 181 "message" => $mybb->get_input('message', MyBB::INPUT_INT), 182 "sender" => $mybb->get_input('sender'), 183 "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY), 184 "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY) 185 ); 186 187 if($db->can_search == true) 188 { 189 require_once MYBB_ROOT."inc/functions_search.php"; 190 191 $search_results = privatemessage_perform_search_mysql($search_data); 192 } 193 else 194 { 195 error($lang->error_no_search_support); 196 } 197 $sid = md5(uniqid(microtime(), true)); 198 $searcharray = array( 199 "sid" => $db->escape_string($sid), 200 "uid" => $mybb->user['uid'], 201 "dateline" => TIME_NOW, 202 "ipaddress" => $db->escape_binary($session->packedip), 203 "threads" => '', 204 "posts" => '', 205 "resulttype" => $resulttype, 206 "querycache" => $search_results['querycache'], 207 "keywords" => $db->escape_string($mybb->get_input('keywords')), 208 ); 209 $plugins->run_hooks("private_do_search_process"); 210 211 $db->insert_query("searchlog", $searcharray); 212 213 // Sender sort won't work yet 214 $sortby = array('subject', 'sender', 'dateline'); 215 216 if(in_array($mybb->get_input('sort'), $sortby)) 217 { 218 $sortby = $mybb->get_input('sort'); 219 } 220 else 221 { 222 $sortby = "dateline"; 223 } 224 225 if(my_strtolower($mybb->get_input('sortordr')) == "asc") 226 { 227 $sortorder = "asc"; 228 } 229 else 230 { 231 $sortorder = "desc"; 232 } 233 234 $plugins->run_hooks("private_do_search_end"); 235 redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults); 236 } 237 238 if($mybb->input['action'] == "results") 239 { 240 $sid = $mybb->get_input('sid'); 241 $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'"); 242 $search = $db->fetch_array($query); 243 244 if(!$search) 245 { 246 error($lang->error_invalidsearch); 247 } 248 249 $plugins->run_hooks("private_results_start"); 250 251 // Decide on our sorting fields and sorting order. 252 $order = my_strtolower($mybb->get_input('order')); 253 $sortby = my_strtolower($mybb->get_input('sortby')); 254 255 $sortby_accepted = array('subject', 'username', 'dateline'); 256 257 if(in_array($sortby, $sortby_accepted)) 258 { 259 $query_sortby = $sortby; 260 261 if($query_sortby == "username") 262 { 263 $query_sortby = "fromusername"; 264 } 265 } 266 else 267 { 268 $sortby = $query_sortby = "dateline"; 269 } 270 271 if($order != "asc") 272 { 273 $order = "desc"; 274 } 275 276 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 277 { 278 $mybb->settings['threadsperpage'] = 20; 279 } 280 281 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")"); 282 $pmscount = $db->fetch_field($query, "total"); 283 284 // Work out pagination, which page we're at, as well as the limits. 285 $perpage = $mybb->settings['threadsperpage']; 286 $page = $mybb->get_input('page', MyBB::INPUT_INT); 287 if($page > 0) 288 { 289 $start = ($page-1) * $perpage; 290 $pages = ceil($pmscount / $perpage); 291 if($page > $pages) 292 { 293 $start = 0; 294 $page = 1; 295 } 296 } 297 else 298 { 299 $start = 0; 300 $page = 1; 301 } 302 $end = $start + $perpage; 303 $lower = $start+1; 304 $upper = $end; 305 306 // Work out if we have terms to highlight 307 $highlight = ""; 308 if($search['keywords']) 309 { 310 $highlight = "&highlight=".urlencode($search['keywords']); 311 } 312 313 // Do Multi Pages 314 if($upper > $pmscount) 315 { 316 $upper = $pmscount; 317 } 318 $multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&sortby={$sortby}&order={$order}"); 319 $messagelist = ''; 320 321 $icon_cache = array(); 322 323 if($mybb->settings['allowposticons'] == 1) 324 { 325 $icon_cache = (array)$cache->read("posticons"); 326 } 327 328 // Cache users in multiple recipients for sent & drafts folder 329 // Get all recipients into an array 330 $cached_users = $get_users = array(); 331 $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order)); 332 while($row = $db->fetch_array($users_query)) 333 { 334 $recipients = my_unserialize($row['recipients']); 335 if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to'])) 336 { 337 $get_users = array_merge($get_users, $recipients['to']); 338 } 339 340 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 341 { 342 $get_users = array_merge($get_users, $recipients['bcc']); 343 } 344 } 345 346 $get_users = implode(',', array_unique($get_users)); 347 348 // Grab info 349 if($get_users) 350 { 351 $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})"); 352 while($user = $db->fetch_array($users_query)) 353 { 354 $cached_users[$user['uid']] = $user; 355 } 356 } 357 358 $query = $db->query(" 359 SELECT pm.*, fu.username AS fromusername, tu.username as tousername 360 FROM ".TABLE_PREFIX."privatemessages pm 361 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 362 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 363 WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}' 364 ORDER BY pm.{$query_sortby} {$order} 365 LIMIT {$start}, {$perpage} 366 "); 367 while($message = $db->fetch_array($query)) 368 { 369 $msgalt = $msgstatus = ''; 370 371 // Determine Folder Icon 372 if($message['status'] == 0) 373 { 374 $msgstatus = 'new_pm'; 375 $msgalt = $lang->new_pm; 376 } 377 else if($message['status'] == 1) 378 { 379 $msgstatus = 'old_pm'; 380 $msgalt = $lang->old_pm; 381 } 382 else if($message['status'] == 3) 383 { 384 $msgstatus = 're_pm'; 385 $msgalt = $lang->reply_pm; 386 } 387 else if($message['status'] == 4) 388 { 389 $msgstatus = 'fw_pm'; 390 $msgalt = $lang->fwd_pm; 391 } 392 393 $folder = $message['folder']; 394 395 $tofromuid = 0; 396 if($folder == 2 || $folder == 3) 397 { 398 // Sent Items or Drafts Folder Check 399 $recipients = my_unserialize($message['recipients']); 400 $to_users = $bcc_users = ''; 401 if( 402 isset($recipients['to']) && 403 (count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0)) 404 ) 405 { 406 foreach($recipients['to'] as $uid) 407 { 408 $profilelink = get_profile_link($uid); 409 $user = $cached_users[$uid]; 410 $user['username'] = htmlspecialchars_uni($user['username']); 411 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 412 eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 413 } 414 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 415 { 416 eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";"); 417 foreach($recipients['bcc'] as $uid) 418 { 419 $profilelink = get_profile_link($uid); 420 $user = $cached_users[$uid]; 421 $user['username'] = htmlspecialchars_uni($user['username']); 422 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 423 eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 424 } 425 } 426 427 eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";"); 428 } 429 else if($message['toid']) 430 { 431 $tofromusername = htmlspecialchars_uni($message['tousername']); 432 $tofromuid = $message['toid']; 433 } 434 else 435 { 436 $tofromusername = $lang->not_sent; 437 } 438 } 439 else 440 { 441 $tofromusername = htmlspecialchars_uni($message['fromusername']); 442 $tofromuid = $message['fromid']; 443 if($tofromuid == 0) 444 { 445 $tofromusername = $lang->mybb_engine; 446 } 447 } 448 449 $tofromusername = build_profile_link($tofromusername, $tofromuid); 450 451 $denyreceipt = ''; 452 453 if($message['icon'] > 0 && !empty($icon_cache[$message['icon']])) 454 { 455 $icon = $icon_cache[$message['icon']]; 456 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 457 $icon['path'] = htmlspecialchars_uni($icon['path']); 458 $icon['name'] = htmlspecialchars_uni($icon['name']); 459 eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";"); 460 } 461 else 462 { 463 $icon = '	'; 464 } 465 466 if(!trim($message['subject'])) 467 { 468 $message['subject'] = $lang->pm_no_subject; 469 } 470 471 $message['subject'] = $parser->parse_badwords($message['subject']); 472 473 if(my_strlen($message['subject']) > 50) 474 { 475 $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."..."); 476 } 477 else 478 { 479 $message['subject'] = htmlspecialchars_uni($message['subject']); 480 } 481 482 if($message['folder'] != "3") 483 { 484 $senddate = my_date('relative', $message['dateline']); 485 } 486 else 487 { 488 $senddate = $lang->not_sent; 489 } 490 491 $fid = "0"; 492 if((int)$message['folder'] > 1) 493 { 494 $fid = $message['folder']; 495 } 496 $foldername = $foldernames[$fid]; 497 498 // What we do here is parse the post using our post parser, then strip the tags from it 499 $parser_options = array( 500 'allow_html' => 0, 501 'allow_mycode' => 1, 502 'allow_smilies' => 0, 503 'allow_imgcode' => 0, 504 'filter_badwords' => 1 505 ); 506 $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options)); 507 if(my_strlen($message['message']) > 200) 508 { 509 $message['message'] = my_substr($message['message'], 0, 200)."..."; 510 } 511 512 eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";"); 513 } 514 515 if($db->num_rows($query) == 0) 516 { 517 eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";"); 518 } 519 520 $plugins->run_hooks("private_results_end"); 521 522 eval("\$results = \"".$templates->get("private_search_results")."\";"); 523 output_page($results); 524 } 525 526 if($mybb->input['action'] == "advanced_search") 527 { 528 $plugins->run_hooks("private_advanced_search"); 529 530 eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";"); 531 532 output_page($advanced_search); 533 } 534 535 // Dismissing a new/unread PM notice 536 if($mybb->input['action'] == "dismiss_notice") 537 { 538 if($mybb->user['pmnotice'] != 2) 539 { 540 exit; 541 } 542 543 // Verify incoming POST request 544 verify_post_check($mybb->get_input('my_post_key')); 545 546 $updated_user = array( 547 "pmnotice" => 1 548 ); 549 $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'"); 550 551 if(!empty($mybb->input['ajax'])) 552 { 553 echo 1; 554 exit; 555 } 556 else 557 { 558 header("Location: index.php"); 559 exit; 560 } 561 } 562 563 $send_errors = ''; 564 565 if($mybb->input['action'] == "do_send" && $mybb->request_method == "post") 566 { 567 if($mybb->usergroup['cansendpms'] == 0) 568 { 569 error_no_permission(); 570 } 571 572 // Verify incoming POST request 573 verify_post_check($mybb->get_input('my_post_key')); 574 575 $plugins->run_hooks("private_send_do_send"); 576 577 // Attempt to see if this PM is a duplicate or not 578 $to = array_map("trim", explode(",", $mybb->get_input('to'))); 579 $to = array_unique($to); // Filter out any duplicates 580 $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to))); 581 $time_cutoff = TIME_NOW - (5 * 60 * 60); 582 $query = $db->query(" 583 SELECT pm.pmid 584 FROM ".TABLE_PREFIX."privatemessages pm 585 LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid) 586 WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3' 587 LIMIT 0, 1 588 "); 589 if($db->num_rows($query) > 0) 590 { 591 error($lang->error_pm_already_submitted); 592 } 593 594 require_once MYBB_ROOT."inc/datahandlers/pm.php"; 595 $pmhandler = new PMDataHandler(); 596 597 $pm = array( 598 "subject" => $mybb->get_input('subject'), 599 "message" => $mybb->get_input('message'), 600 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 601 "fromid" => $mybb->user['uid'], 602 "do" => $mybb->get_input('do'), 603 "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT), 604 "ipaddress" => $session->packedip 605 ); 606 607 // Split up any recipients we have 608 $pm['to'] = $to; 609 if(!empty($mybb->input['bcc'])) 610 { 611 $pm['bcc'] = explode(",", $mybb->get_input('bcc')); 612 $pm['bcc'] = array_map("trim", $pm['bcc']); 613 } 614 615 $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY); 616 617 if(!$mybb->usergroup['cantrackpms']) 618 { 619 $mybb->input['options']['readreceipt'] = false; 620 } 621 622 $pm['options'] = array(); 623 if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1) 624 { 625 $pm['options']['signature'] = 1; 626 } 627 else 628 { 629 $pm['options']['signature'] = 0; 630 } 631 if(isset($mybb->input['options']['disablesmilies'])) 632 { 633 $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies']; 634 } 635 if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1) 636 { 637 $pm['options']['savecopy'] = 1; 638 } 639 else 640 { 641 $pm['options']['savecopy'] = 0; 642 } 643 if(isset($mybb->input['options']['readreceipt'])) 644 { 645 $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt']; 646 } 647 648 if(!empty($mybb->input['saveasdraft'])) 649 { 650 $pm['saveasdraft'] = 1; 651 } 652 $pmhandler->set_data($pm); 653 654 // Now let the pm handler do all the hard work. 655 if(!$pmhandler->validate_pm()) 656 { 657 $pm_errors = $pmhandler->get_friendly_errors(); 658 $send_errors = inline_error($pm_errors); 659 $mybb->input['action'] = "send"; 660 } 661 else 662 { 663 $pminfo = $pmhandler->insert_pm(); 664 $plugins->run_hooks("private_do_send_end"); 665 666 if(isset($pminfo['draftsaved'])) 667 { 668 redirect("private.php", $lang->redirect_pmsaved); 669 } 670 else 671 { 672 redirect("private.php", $lang->redirect_pmsent); 673 } 674 } 675 } 676 677 if($mybb->input['action'] == "send") 678 { 679 if($mybb->usergroup['cansendpms'] == 0) 680 { 681 error_no_permission(); 682 } 683 684 $plugins->run_hooks("private_send_start"); 685 686 $smilieinserter = $codebuttons = ''; 687 688 if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 689 { 690 $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']); 691 if($mybb->settings['pmsallowsmilies'] != 0) 692 { 693 $smilieinserter = build_clickable_smilies(); 694 } 695 } 696 697 $lang->post_icon = $lang->message_icon; 698 699 $posticons = ''; 700 701 if($mybb->settings['allowposticons'] == 1) 702 { 703 $posticons = get_post_icons(); 704 } 705 706 $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message'))); 707 $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject'))); 708 709 $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => ''); 710 $to = $bcc = ''; 711 712 if(!empty($mybb->input['preview']) || $send_errors) 713 { 714 $options = $mybb->get_input('options', MyBB::INPUT_ARRAY); 715 if(isset($options['signature']) && $options['signature'] == 1) 716 { 717 $optionschecked['signature'] = 'checked="checked"'; 718 } 719 if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1) 720 { 721 $optionschecked['disablesmilies'] = 'checked="checked"'; 722 } 723 if(isset($options['savecopy']) && $options['savecopy'] != 0) 724 { 725 $optionschecked['savecopy'] = 'checked="checked"'; 726 } 727 if(isset($options['readreceipt']) && $options['readreceipt'] != 0) 728 { 729 $optionschecked['readreceipt'] = 'checked="checked"'; 730 } 731 $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to')))))); 732 $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc')))))); 733 } 734 735 $preview = ''; 736 // Preview 737 if(!empty($mybb->input['preview'])) 738 { 739 $query = $db->query(" 740 SELECT u.username AS userusername, u.*, f.* 741 FROM ".TABLE_PREFIX."users u 742 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 743 WHERE u.uid='".$mybb->user['uid']."' 744 "); 745 746 $post = $db->fetch_array($query); 747 748 $post['userusername'] = $mybb->user['username']; 749 $post['postusername'] = $mybb->user['username']; 750 $post['message'] = $mybb->get_input('message'); 751 $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject')); 752 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 753 $post['to'] = $to; 754 $post['bcc'] = $bcc; 755 if(!isset($options['disablesmilies'])) 756 { 757 $options['disablesmilies'] = 0; 758 } 759 $post['smilieoff'] = $options['disablesmilies']; 760 $post['dateline'] = TIME_NOW; 761 762 if(!isset($options['signature'])) 763 { 764 $post['includesig'] = 0; 765 } 766 else 767 { 768 $post['includesig'] = 1; 769 } 770 771 $post['options'] = $options; 772 773 // Merge usergroup data from the cache 774 $data_key = array( 775 'title' => 'grouptitle', 776 'usertitle' => 'groupusertitle', 777 'stars' => 'groupstars', 778 'starimage' => 'groupstarimage', 779 'image' => 'groupimage', 780 'namestyle' => 'namestyle', 781 'usereputationsystem' => 'usereputationsystem' 782 ); 783 784 foreach($data_key as $field => $key) 785 { 786 $post[$key] = $groupscache[$post['usergroup']][$field]; 787 } 788 789 require_once MYBB_ROOT . "inc/datahandlers/pm.php"; 790 $pmhandler = new PMDataHandler(); 791 $pmhandler->set_data($post); 792 793 $send_errors = ''; 794 $display_preview = true; 795 if(!$pmhandler->validate_pm()) 796 { 797 $send_errors = $pmhandler->get_friendly_errors(); 798 if(!empty($send_errors)) 799 { 800 $send_errors = inline_error($send_errors); 801 } 802 803 $display_preview = false; 804 } 805 806 if($display_preview) 807 { 808 $postbit = build_postbit($post, 2); 809 } 810 eval("\$preview = \"".$templates->get("previewpost")."\";"); 811 } 812 else if(!$send_errors) 813 { 814 // New PM, so load default settings 815 if($mybb->user['signature'] != '') 816 { 817 $optionschecked['signature'] = 'checked="checked"'; 818 } 819 if($mybb->usergroup['cantrackpms'] == 1) 820 { 821 $optionschecked['readreceipt'] = 'checked="checked"'; 822 } 823 $optionschecked['savecopy'] = 'checked="checked"'; 824 } 825 826 // Draft, reply, forward 827 if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors) 828 { 829 $query = $db->query(" 830 SELECT pm.*, u.username AS quotename 831 FROM ".TABLE_PREFIX."privatemessages pm 832 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid) 833 WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}' 834 "); 835 836 $pm = $db->fetch_array($query); 837 $message = htmlspecialchars_uni($parser->parse_badwords($pm['message'])); 838 $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); 839 840 if($pm['folder'] == "3") 841 { 842 // message saved in drafts 843 $mybb->input['uid'] = $pm['toid']; 844 845 if($pm['includesig'] == 1) 846 { 847 $optionschecked['signature'] = 'checked="checked"'; 848 } 849 if($pm['smilieoff'] == 1) 850 { 851 $optionschecked['disablesmilies'] = 'checked="checked"'; 852 } 853 if($pm['receipt']) 854 { 855 $optionschecked['readreceipt'] = 'checked="checked"'; 856 } 857 858 // Get list of recipients 859 $recipients = my_unserialize($pm['recipients']); 860 $comma = $recipientids = ''; 861 if(isset($recipients['to']) && is_array($recipients['to'])) 862 { 863 foreach($recipients['to'] as $recipient) 864 { 865 $recipient_list['to'][] = $recipient; 866 $recipientids .= $comma.$recipient; 867 $comma = ','; 868 } 869 } 870 871 if(isset($recipients['bcc']) && is_array($recipients['bcc'])) 872 { 873 foreach($recipients['bcc'] as $recipient) 874 { 875 $recipient_list['bcc'][] = $recipient; 876 $recipientids .= $comma.$recipient; 877 $comma = ','; 878 } 879 } 880 881 if(!empty($recipientids)) 882 { 883 $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})"); 884 while($user = $db->fetch_array($query)) 885 { 886 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc'])) 887 { 888 $bcc .= htmlspecialchars_uni($user['username']).', '; 889 } 890 else 891 { 892 $to .= htmlspecialchars_uni($user['username']).', '; 893 } 894 } 895 } 896 } 897 else 898 { 899 // forward/reply 900 $subject = preg_replace("#(FW|RE):( *)#is", '', $subject); 901 $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]"; 902 $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message); 903 904 require_once MYBB_ROOT."inc/functions_posting.php"; 905 906 if($mybb->settings['maxpmquotedepth'] != '0') 907 { 908 $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']); 909 } 910 911 if($mybb->input['do'] == 'forward') 912 { 913 $subject = "Fw: $subject"; 914 } 915 elseif($mybb->input['do'] == 'reply') 916 { 917 $subject = "Re: $subject"; 918 $uid = $pm['fromid']; 919 if($mybb->user['uid'] == $uid) 920 { 921 $to = $mybb->user['username']; 922 } 923 else 924 { 925 $query = $db->simple_select('users', 'username', "uid='{$uid}'"); 926 $to = $db->fetch_field($query, 'username'); 927 } 928 $to = htmlspecialchars_uni($to); 929 } 930 else if($mybb->input['do'] == 'replyall') 931 { 932 $subject = "Re: $subject"; 933 934 // Get list of recipients 935 $recipients = my_unserialize($pm['recipients']); 936 $recipientids = $pm['fromid']; 937 if(isset($recipients['to']) && is_array($recipients['to'])) 938 { 939 foreach($recipients['to'] as $recipient) 940 { 941 if($recipient == $mybb->user['uid']) 942 { 943 continue; 944 } 945 $recipientids .= ','.$recipient; 946 } 947 } 948 $comma = ''; 949 $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})"); 950 while($user = $db->fetch_array($query)) 951 { 952 $to .= $comma.htmlspecialchars_uni($user['username']); 953 $comma = $lang->comma; 954 } 955 } 956 } 957 } 958 959 // New PM with recipient preset 960 if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview'])) 961 { 962 $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 963 $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', '; 964 } 965 966 $max_recipients = ''; 967 if($mybb->usergroup['maxpmrecipients'] > 0) 968 { 969 $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']); 970 } 971 972 if($send_errors) 973 { 974 $to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to')))))); 975 $bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc')))))); 976 } 977 978 // Load the auto complete javascript if it is enabled. 979 eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";"); 980 981 $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT); 982 $do = $mybb->get_input('do'); 983 if($do != "forward" && $do != "reply" && $do != "replyall") 984 { 985 $do = ''; 986 } 987 988 $buddy_select_to = $buddy_select_bcc = ''; 989 // See if it's actually worth showing the buddylist icon. 990 if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1) 991 { 992 $buddy_select = 'to'; 993 eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";"); 994 $buddy_select = 'bcc'; 995 eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";"); 996 } 997 998 // Hide tracking option if no permission 999 $private_send_tracking = ''; 1000 if($mybb->usergroup['cantrackpms']) 1001 { 1002 eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";"); 1003 } 1004 1005 $plugins->run_hooks("private_send_end"); 1006 1007 eval("\$send = \"".$templates->get("private_send")."\";"); 1008 output_page($send); 1009 } 1010 1011 if($mybb->input['action'] == "read") 1012 { 1013 $plugins->run_hooks("private_read"); 1014 1015 $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT); 1016 1017 $query = $db->query(" 1018 SELECT pm.*, u.*, f.* 1019 FROM ".TABLE_PREFIX."privatemessages pm 1020 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid) 1021 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 1022 WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."' 1023 "); 1024 $pm = $db->fetch_array($query); 1025 1026 if(!$pm) 1027 { 1028 error($lang->error_invalidpm); 1029 } 1030 1031 if($pm['folder'] == 3) 1032 { 1033 header("Location: private.php?action=send&pmid={$pm['pmid']}"); 1034 exit; 1035 } 1036 1037 // If we've gotten a PM, attach the group info 1038 $data_key = array( 1039 'title' => 'grouptitle', 1040 'usertitle' => 'groupusertitle', 1041 'stars' => 'groupstars', 1042 'starimage' => 'groupstarimage', 1043 'image' => 'groupimage', 1044 'namestyle' => 'namestyle' 1045 ); 1046 1047 if(isset($groupscache[$pm['usergroup']])) 1048 { 1049 foreach($data_key as $field => $key) 1050 { 1051 $pm[$key] = $groupscache[$pm['usergroup']][$field]; 1052 } 1053 } 1054 1055 if($pm['receipt'] == 1) 1056 { 1057 if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1) 1058 { 1059 $receiptadd = 0; 1060 } 1061 else 1062 { 1063 $receiptadd = 2; 1064 } 1065 } 1066 1067 $action_time = ''; 1068 if($pm['status'] == 0) 1069 { 1070 $time = TIME_NOW; 1071 $updatearray = array( 1072 'status' => 1, 1073 'readtime' => $time 1074 ); 1075 1076 if(isset($receiptadd)) 1077 { 1078 $updatearray['receipt'] = $receiptadd; 1079 } 1080 1081 $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'"); 1082 1083 // Update the unread count - it has now changed. 1084 update_pm_count($mybb->user['uid'], 6); 1085 1086 // Update PM notice value if this is our last unread PM 1087 if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2) 1088 { 1089 $updated_user = array( 1090 "pmnotice" => 1 1091 ); 1092 $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'"); 1093 } 1094 } 1095 // Replied PM? 1096 else if($pm['status'] == 3 && $pm['statustime']) 1097 { 1098 $reply_string = $lang->you_replied_on; 1099 $reply_date = my_date('relative', $pm['statustime']); 1100 1101 if((TIME_NOW - $pm['statustime']) < 3600) 1102 { 1103 // Relative string for the first hour 1104 $reply_string = $lang->you_replied; 1105 } 1106 1107 $actioned_on = $lang->sprintf($reply_string, $reply_date); 1108 eval("\$action_time = \"".$templates->get("private_read_action")."\";"); 1109 } 1110 else if($pm['status'] == 4 && $pm['statustime']) 1111 { 1112 $forward_string = $lang->you_forwarded_on; 1113 $forward_date = my_date('relative', $pm['statustime']); 1114 1115 if((TIME_NOW - $pm['statustime']) < 3600) 1116 { 1117 $forward_string = $lang->you_forwarded; 1118 } 1119 1120 $actioned_on = $lang->sprintf($forward_string, $forward_date); 1121 eval("\$action_time = \"".$templates->get("private_read_action")."\";"); 1122 } 1123 1124 $pm['userusername'] = $pm['username']; 1125 $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); 1126 1127 if($pm['fromid'] == 0) 1128 { 1129 $pm['username'] = $lang->mybb_engine; 1130 } 1131 1132 if(!$pm['username']) 1133 { 1134 $pm['username'] = $lang->na; 1135 } 1136 1137 // Fetch the recipients for this message 1138 $pm['recipients'] = my_unserialize($pm['recipients']); 1139 1140 if(isset($pm['recipients']['to']) && is_array($pm['recipients']['to'])) 1141 { 1142 $uid_sql = implode(',', $pm['recipients']['to']); 1143 } 1144 else 1145 { 1146 $uid_sql = $pm['toid']; 1147 $pm['recipients']['to'] = array($pm['toid']); 1148 } 1149 1150 $show_bcc = 0; 1151 1152 // If we have any BCC recipients and this user is an Administrator, add them on to the query 1153 if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1) 1154 { 1155 $show_bcc = 1; 1156 $uid_sql .= ','.implode(',', $pm['recipients']['bcc']); 1157 } 1158 1159 // Fetch recipient names from the database 1160 $bcc_recipients = $to_recipients = $bcc_form_val = array(); 1161 $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})"); 1162 while($recipient = $db->fetch_array($query)) 1163 { 1164 // User is a BCC recipient 1165 $recipient['username'] = htmlspecialchars_uni($recipient['username']); 1166 if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc'])) 1167 { 1168 $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']); 1169 $bcc_form_val[] = $recipient['username']; 1170 } 1171 // User is a normal recipient 1172 else if(in_array($recipient['uid'], $pm['recipients']['to'])) 1173 { 1174 $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']); 1175 } 1176 } 1177 1178 $bcc = ''; 1179 if(count($bcc_recipients) > 0) 1180 { 1181 $bcc_recipients = implode(', ', $bcc_recipients); 1182 $bcc_form_val = implode(',', $bcc_form_val); 1183 eval("\$bcc = \"".$templates->get("private_read_bcc")."\";"); 1184 } 1185 else 1186 { 1187 $bcc_form_val = ''; 1188 } 1189 1190 $replyall = false; 1191 if(count($to_recipients) > 1) 1192 { 1193 $replyall = true; 1194 } 1195 1196 if(count($to_recipients) > 0) 1197 { 1198 $to_recipients = implode($lang->comma, $to_recipients); 1199 } 1200 else 1201 { 1202 $to_recipients = $lang->nobody; 1203 } 1204 1205 eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";"); 1206 1207 add_breadcrumb($pm['subject']); 1208 $message = build_postbit($pm, 2); 1209 1210 // Decide whether or not to show quick reply. 1211 $quickreply = ''; 1212 if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3) 1213 { 1214 $trow = alt_trow(); 1215 1216 $optionschecked = array('savecopy' => 'checked="checked"', 'signature' => '', 'disablesmilies' => ''); 1217 if(!empty($mybb->user['signature'])) 1218 { 1219 $optionschecked['signature'] = 'checked="checked"'; 1220 } 1221 if($mybb->usergroup['cantrackpms'] == 1) 1222 { 1223 $optionschecked['readreceipt'] = 'checked="checked"'; 1224 } 1225 1226 require_once MYBB_ROOT.'inc/functions_posting.php'; 1227 1228 $quoted_message = array( 1229 'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])), 1230 'username' => $pm['username'], 1231 'quote_is_pm' => true 1232 ); 1233 $quoted_message = parse_quoted_message($quoted_message); 1234 1235 if($mybb->settings['maxpmquotedepth'] != '0') 1236 { 1237 $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']); 1238 } 1239 1240 $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']); 1241 1242 if($mybb->user['uid'] == $pm['fromid']) 1243 { 1244 $to = htmlspecialchars_uni($mybb->user['username']); 1245 } 1246 else 1247 { 1248 $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'"); 1249 $to = htmlspecialchars_uni($db->fetch_field($query, 'username')); 1250 } 1251 1252 $private_send_tracking = ''; 1253 if($mybb->usergroup['cantrackpms']) 1254 { 1255 $lang->options_read_receipt = $lang->quickreply_read_receipt; 1256 1257 eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";"); 1258 } 1259 1260 $postoptionschecked = $optionschecked; // Backwards compatability instead of correcting variable used in template 1261 1262 if(!isset($collapsedthead['quickreply'])) 1263 { 1264 $collapsedthead['quickreply'] = ''; 1265 } 1266 if(!isset($collapsedimg['quickreply'])) 1267 { 1268 $collapsedimg['quickreply'] = ''; 1269 } 1270 if(!isset($collapsed['quickreply_e'])) 1271 { 1272 $collapsed['quickreply_e'] = ''; 1273 } 1274 1275 $expaltext = (in_array("quickreply", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 1276 eval("\$quickreply = \"".$templates->get("private_quickreply")."\";"); 1277 } 1278 1279 $plugins->run_hooks("private_read_end"); 1280 1281 eval("\$read = \"".$templates->get("private_read")."\";"); 1282 output_page($read); 1283 } 1284 1285 if($mybb->input['action'] == "tracking") 1286 { 1287 if(!$mybb->usergroup['cantrackpms']) 1288 { 1289 error_no_permission(); 1290 } 1291 1292 $plugins->run_hooks("private_tracking_start"); 1293 $readmessages = ''; 1294 $unreadmessages = ''; 1295 1296 if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1) 1297 { 1298 $mybb->settings['postsperpage'] = 20; 1299 } 1300 1301 // Figure out if we need to display multiple pages. 1302 $perpage = $mybb->settings['postsperpage']; 1303 1304 $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'"); 1305 $postcount = $db->fetch_field($query, "readpms"); 1306 1307 $page = $mybb->get_input('read_page', MyBB::INPUT_INT); 1308 $pages = $postcount / $perpage; 1309 $pages = ceil($pages); 1310 1311 if($mybb->get_input('read_page') == "last") 1312 { 1313 $page = $pages; 1314 } 1315 1316 if($page > $pages || $page <= 0) 1317 { 1318 $page = 1; 1319 } 1320 1321 if($page) 1322 { 1323 $start = ($page-1) * $perpage; 1324 } 1325 else 1326 { 1327 $start = 0; 1328 $page = 1; 1329 } 1330 1331 $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&read_page={page}"); 1332 1333 $query = $db->query(" 1334 SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername 1335 FROM ".TABLE_PREFIX."privatemessages pm 1336 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 1337 WHERE pm.receipt='2' AND pm.folder!='3' AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."' 1338 ORDER BY pm.readtime DESC 1339 LIMIT {$start}, {$perpage} 1340 "); 1341 while($readmessage = $db->fetch_array($query)) 1342 { 1343 $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject'])); 1344 $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']); 1345 $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']); 1346 $readdate = my_date('relative', $readmessage['readtime']); 1347 eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";"); 1348 } 1349 1350 $stoptrackingread = ''; 1351 if(!empty($readmessages)) 1352 { 1353 eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";"); 1354 } 1355 1356 if(!$readmessages) 1357 { 1358 eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";"); 1359 } 1360 1361 $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'"); 1362 $postcount = $db->fetch_field($query, "unreadpms"); 1363 1364 $page = $mybb->get_input('unread_page', MyBB::INPUT_INT); 1365 $pages = $postcount / $perpage; 1366 $pages = ceil($pages); 1367 1368 if($mybb->get_input('unread_page') == "last") 1369 { 1370 $page = $pages; 1371 } 1372 1373 if($page > $pages || $page <= 0) 1374 { 1375 $page = 1; 1376 } 1377 1378 if($page) 1379 { 1380 $start = ($page-1) * $perpage; 1381 } 1382 else 1383 { 1384 $start = 0; 1385 $page = 1; 1386 } 1387 1388 $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&unread_page={page}"); 1389 1390 $query = $db->query(" 1391 SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername 1392 FROM ".TABLE_PREFIX."privatemessages pm 1393 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 1394 WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."' 1395 ORDER BY pm.dateline DESC 1396 LIMIT {$start}, {$perpage} 1397 "); 1398 while($unreadmessage = $db->fetch_array($query)) 1399 { 1400 $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject'])); 1401 $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']); 1402 $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']); 1403 $senddate = my_date('relative', $unreadmessage['dateline']); 1404 eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";"); 1405 } 1406 1407 $stoptrackingunread = ''; 1408 if(!empty($unreadmessages)) 1409 { 1410 eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";"); 1411 } 1412 1413 if(!$unreadmessages) 1414 { 1415 $lang->no_readmessages = $lang->no_unreadmessages; 1416 eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";"); 1417 } 1418 1419 $plugins->run_hooks("private_tracking_end"); 1420 1421 eval("\$tracking = \"".$templates->get("private_tracking")."\";"); 1422 output_page($tracking); 1423 } 1424 1425 if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post") 1426 { 1427 // Verify incoming POST request 1428 verify_post_check($mybb->get_input('my_post_key')); 1429 1430 $plugins->run_hooks("private_do_tracking_start"); 1431 1432 if(!empty($mybb->input['stoptracking'])) 1433 { 1434 $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY); 1435 if(!empty($mybb->input['readcheck'])) 1436 { 1437 foreach($mybb->input['readcheck'] as $key => $val) 1438 { 1439 $sql_array = array( 1440 "receipt" => 0 1441 ); 1442 $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']); 1443 } 1444 } 1445 $plugins->run_hooks("private_do_tracking_end"); 1446 redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped); 1447 } 1448 elseif(!empty($mybb->input['stoptrackingunread'])) 1449 { 1450 $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY); 1451 if(!empty($mybb->input['unreadcheck'])) 1452 { 1453 foreach($mybb->input['unreadcheck'] as $key => $val) 1454 { 1455 $sql_array = array( 1456 "receipt" => 0 1457 ); 1458 $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']); 1459 } 1460 } 1461 $plugins->run_hooks("private_do_tracking_end"); 1462 redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped); 1463 } 1464 elseif(!empty($mybb->input['cancel'])) 1465 { 1466 $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY); 1467 if(!empty($mybb->input['unreadcheck'])) 1468 { 1469 foreach($mybb->input['unreadcheck'] as $pmid => $val) 1470 { 1471 $pmids[$pmid] = (int)$pmid; 1472 } 1473 1474 $pmids = implode(",", $pmids); 1475 $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'"); 1476 while($pm = $db->fetch_array($query)) 1477 { 1478 $pmuids[$pm['uid']] = $pm['uid']; 1479 } 1480 1481 $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'"); 1482 foreach($pmuids as $uid) 1483 { 1484 // Message is canceled, update PM count for this user 1485 update_pm_count($uid); 1486 } 1487 } 1488 $plugins->run_hooks("private_do_tracking_end"); 1489 redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled); 1490 } 1491 } 1492 1493 if($mybb->input['action'] == "stopalltracking") 1494 { 1495 // Verify incoming POST request 1496 verify_post_check($mybb->get_input('my_post_key')); 1497 1498 $plugins->run_hooks("private_stopalltracking_start"); 1499 1500 $sql_array = array( 1501 "receipt" => 0 1502 ); 1503 $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']); 1504 1505 $plugins->run_hooks("private_stopalltracking_end"); 1506 redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped); 1507 } 1508 1509 if($mybb->input['action'] == "folders") 1510 { 1511 $plugins->run_hooks("private_folders_start"); 1512 1513 $folderlist = ''; 1514 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1515 foreach($foldersexploded as $key => $folders) 1516 { 1517 $folderinfo = explode("**", $folders, 2); 1518 $foldername = $folderinfo[1]; 1519 $fid = $folderinfo[0]; 1520 $foldername = get_pm_folder_name($fid, $foldername); 1521 1522 if((int)$folderinfo[0] < 5) 1523 { 1524 $foldername2 = get_pm_folder_name($fid); 1525 eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";"); 1526 unset($name); 1527 } 1528 else 1529 { 1530 eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";"); 1531 } 1532 } 1533 1534 $newfolders = ''; 1535 for($i = 1; $i <= 5; ++$i) 1536 { 1537 $fid = "new$i"; 1538 $foldername = ''; 1539 eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";"); 1540 } 1541 1542 $plugins->run_hooks("private_folders_end"); 1543 1544 eval("\$folders = \"".$templates->get("private_folders")."\";"); 1545 output_page($folders); 1546 } 1547 1548 if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post") 1549 { 1550 // Verify incoming POST request 1551 verify_post_check($mybb->get_input('my_post_key')); 1552 1553 $plugins->run_hooks("private_do_folders_start"); 1554 1555 $highestid = 2; 1556 $folders = ''; 1557 $donefolders = array(); 1558 $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY); 1559 $mybb->input['folder'] = array_replace(array_fill_keys(range(0, 4), ''), $mybb->input['folder']); 1560 foreach($mybb->input['folder'] as $key => $val) 1561 { 1562 if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now 1563 { 1564 if(my_substr($key, 0, 3) == "new") // Create a new folder 1565 { 1566 ++$highestid; 1567 $fid = (int)$highestid; 1568 } 1569 else // Editing an existing folder 1570 { 1571 if($key > $highestid) 1572 { 1573 $highestid = $key; 1574 } 1575 1576 $fid = (int)$key; 1577 // Use default language strings if empty or value is language string 1578 if($val == get_pm_folder_name($fid) || trim($val) == '') 1579 { 1580 $val = ''; 1581 } 1582 } 1583 1584 if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4)) 1585 { 1586 // If the name only contains whitespace and it's not a default folder, print an error 1587 error($lang->error_emptypmfoldername); 1588 } 1589 1590 if($val != '' || (is_numeric($key) && $key <= 4)) 1591 { 1592 // If there is a name or if this is a default folder, save it 1593 $foldername = $db->escape_string(htmlspecialchars_uni($val)); 1594 1595 if(my_strpos($foldername, "$%%$") === false) 1596 { 1597 if($folders != '') 1598 { 1599 $folders .= "$%%$"; 1600 } 1601 $folders .= "$fid**$foldername"; 1602 } 1603 else 1604 { 1605 error($lang->error_invalidpmfoldername); 1606 } 1607 } 1608 else 1609 { 1610 // Delete PMs from the folder 1611 $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'"); 1612 } 1613 } 1614 } 1615 1616 $sql_array = array( 1617 "pmfolders" => $folders 1618 ); 1619 $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'"); 1620 1621 // Update PM count 1622 update_pm_count(); 1623 1624 $plugins->run_hooks("private_do_folders_end"); 1625 1626 redirect("private.php", $lang->redirect_pmfoldersupdated); 1627 } 1628 1629 if($mybb->input['action'] == "empty") 1630 { 1631 if($mybb->user['totalpms'] == 0) 1632 { 1633 error($lang->error_nopms); 1634 } 1635 1636 $plugins->run_hooks("private_empty_start"); 1637 1638 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1639 $folderlist = ''; 1640 foreach($foldersexploded as $key => $folders) 1641 { 1642 $folderinfo = explode("**", $folders, 2); 1643 $unread = ''; 1644 $fid = $folderinfo[0]; 1645 if($folderinfo[0] == "1") 1646 { 1647 $fid = "1"; 1648 $unread = " AND status='0'"; 1649 } 1650 if($folderinfo[0] == "0") 1651 { 1652 $fid = "1"; 1653 } 1654 $foldername = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1655 $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid'$unread AND uid='".$mybb->user['uid']."'"); 1656 $thing = $db->fetch_array($query); 1657 $foldercount = my_number_format($thing['pmsinfolder']); 1658 eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";"); 1659 } 1660 1661 $plugins->run_hooks("private_empty_end"); 1662 1663 eval("\$folders = \"".$templates->get("private_empty")."\";"); 1664 output_page($folders); 1665 } 1666 1667 if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post") 1668 { 1669 // Verify incoming POST request 1670 verify_post_check($mybb->get_input('my_post_key')); 1671 1672 $plugins->run_hooks("private_do_empty_start"); 1673 1674 $emptyq = ''; 1675 $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY); 1676 $keepunreadq = ''; 1677 if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1) 1678 { 1679 $keepunreadq = " AND status!='0'"; 1680 } 1681 if(!empty($mybb->input['empty'])) 1682 { 1683 foreach($mybb->input['empty'] as $key => $val) 1684 { 1685 if($val == 1) 1686 { 1687 $key = (int)$key; 1688 if($emptyq) 1689 { 1690 $emptyq .= " OR "; 1691 } 1692 $emptyq .= "folder='$key'"; 1693 } 1694 } 1695 1696 if($emptyq != '') 1697 { 1698 $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}"); 1699 } 1700 } 1701 1702 // Update PM count 1703 update_pm_count(); 1704 1705 $plugins->run_hooks("private_do_empty_end"); 1706 redirect("private.php", $lang->redirect_pmfoldersemptied); 1707 } 1708 1709 if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post") 1710 { 1711 // Verify incoming POST request 1712 verify_post_check($mybb->get_input('my_post_key')); 1713 1714 $plugins->run_hooks("private_do_stuff"); 1715 1716 if(!empty($mybb->input['hop'])) 1717 { 1718 header("Location: private.php?fid=".$mybb->get_input('jumpto')); 1719 } 1720 elseif(!empty($mybb->input['moveto'])) 1721 { 1722 $pms = array_map('intval', array_keys($mybb->get_input('check', MyBB::INPUT_ARRAY))); 1723 if(!empty($pms)) 1724 { 1725 if(!$mybb->input['fid']) 1726 { 1727 $mybb->input['fid'] = 1; 1728 } 1729 1730 if(array_key_exists($mybb->input['fid'], $foldernames)) 1731 { 1732 $db->update_query("privatemessages", array("folder" => $mybb->input['fid']), "pmid IN (".implode(",", $pms).") AND uid='".$mybb->user['uid']."'"); 1733 update_pm_count(); 1734 } 1735 else 1736 { 1737 error($lang->error_invalidmovefid); 1738 } 1739 } 1740 1741 if(!empty($mybb->input['fromfid'])) 1742 { 1743 redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved); 1744 } 1745 else 1746 { 1747 redirect("private.php", $lang->redirect_pmsmoved); 1748 } 1749 } 1750 elseif(!empty($mybb->input['delete'])) 1751 { 1752 $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY); 1753 if(!empty($mybb->input['check'])) 1754 { 1755 $pmssql = ''; 1756 foreach($mybb->input['check'] as $key => $val) 1757 { 1758 if($pmssql) 1759 { 1760 $pmssql .= ","; 1761 } 1762 $pmssql .= "'".(int)$key."'"; 1763 } 1764 1765 $deletepms = array(); 1766 $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid')); 1767 while($delpm = $db->fetch_array($query)) 1768 { 1769 $deletepms[$delpm['pmid']] = 1; 1770 } 1771 1772 foreach($mybb->input['check'] as $key => $val) 1773 { 1774 $key = (int)$key; 1775 if(!empty($deletepms[$key])) 1776 { 1777 $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'"); 1778 } 1779 else 1780 { 1781 $sql_array = array( 1782 "folder" => 4, 1783 "deletetime" => TIME_NOW 1784 ); 1785 $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'"); 1786 } 1787 } 1788 } 1789 // Update PM count 1790 update_pm_count(); 1791 1792 if(!empty($mybb->input['fromfid'])) 1793 { 1794 redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted); 1795 } 1796 else 1797 { 1798 redirect("private.php", $lang->redirect_pmsdeleted); 1799 } 1800 } 1801 } 1802 1803 if($mybb->input['action'] == "delete") 1804 { 1805 // Verify incoming POST request 1806 verify_post_check($mybb->get_input('my_post_key')); 1807 1808 $plugins->run_hooks("private_delete_start"); 1809 1810 $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid')); 1811 if($db->num_rows($query) == 1) 1812 { 1813 $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'"); 1814 } 1815 else 1816 { 1817 $sql_array = array( 1818 "folder" => 4, 1819 "deletetime" => TIME_NOW 1820 ); 1821 $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'"); 1822 } 1823 1824 // Update PM count 1825 update_pm_count(); 1826 1827 $plugins->run_hooks("private_delete_end"); 1828 redirect("private.php", $lang->redirect_pmsdeleted); 1829 } 1830 1831 if($mybb->input['action'] == "export") 1832 { 1833 if($mybb->user['totalpms'] == 0) 1834 { 1835 error($lang->error_nopms); 1836 } 1837 1838 $plugins->run_hooks("private_export_start"); 1839 1840 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1841 $folderlist_folder = ''; 1842 foreach($foldersexploded as $key => $folders) 1843 { 1844 $folderinfo = explode("**", $folders, 2); 1845 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1846 1847 $folder_id = $folderinfo[0]; 1848 $folder_name = $folderinfo[1]; 1849 1850 eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";"); 1851 } 1852 1853 eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";"); 1854 1855 $plugins->run_hooks("private_export_end"); 1856 1857 eval("\$archive = \"".$templates->get("private_archive")."\";"); 1858 1859 output_page($archive); 1860 } 1861 1862 if($mybb->input['action'] == "do_export" && $mybb->request_method == "post") 1863 { 1864 // Verify incoming POST request 1865 verify_post_check($mybb->get_input('my_post_key')); 1866 1867 $plugins->run_hooks("private_do_export_start"); 1868 1869 $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username'])); 1870 $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0); 1871 $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0); 1872 $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime); 1873 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1874 foreach($foldersexploded as $key => $folders) 1875 { 1876 $folderinfo = explode("**", $folders, 2); 1877 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1878 $foldersexploded[$key] = implode("**", $folderinfo); 1879 } 1880 1881 if($mybb->get_input('pmid', MyBB::INPUT_INT)) 1882 { 1883 $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'"; 1884 } 1885 else 1886 { 1887 if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard")) 1888 { 1889 $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400); 1890 $wsql = "pm.dateline"; 1891 if($mybb->get_input('dayway') == "older") 1892 { 1893 $wsql .= "<="; 1894 } 1895 else 1896 { 1897 $wsql .= ">="; 1898 } 1899 $wsql .= "'$datecut'"; 1900 } 1901 else 1902 { 1903 $wsql = "1=1"; 1904 } 1905 1906 $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY); 1907 if(!empty($mybb->input['exportfolders'])) 1908 { 1909 $folderlst = ''; 1910 foreach($mybb->input['exportfolders'] as $key => $val) 1911 { 1912 $val = $db->escape_string($val); 1913 if($val == "all") 1914 { 1915 $folderlst = ''; 1916 break; 1917 } 1918 else 1919 { 1920 if(!$folderlst) 1921 { 1922 $folderlst = " AND pm.folder IN ('$val'"; 1923 } 1924 else 1925 { 1926 $folderlst .= ",'$val'"; 1927 } 1928 } 1929 } 1930 if($folderlst) 1931 { 1932 $folderlst .= ")"; 1933 } 1934 $wsql .= "$folderlst"; 1935 } 1936 else 1937 { 1938 error($lang->error_pmnoarchivefolders); 1939 } 1940 1941 if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1) 1942 { 1943 $wsql .= " AND pm.status!='0'"; 1944 } 1945 } 1946 $query = $db->query(" 1947 SELECT pm.*, fu.username AS fromusername, tu.username AS tousername 1948 FROM ".TABLE_PREFIX."privatemessages pm 1949 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 1950 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 1951 WHERE $wsql AND pm.uid='".$mybb->user['uid']."' 1952 ORDER BY pm.folder ASC, pm.dateline DESC 1953 "); 1954 $numpms = $db->num_rows($query); 1955 if(!$numpms) 1956 { 1957 error($lang->error_nopmsarchive); 1958 } 1959 1960 $mybb->input['exporttype'] = $mybb->get_input('exporttype'); 1961 1962 $pmsdownload = $ids = ''; 1963 while($message = $db->fetch_array($query)) 1964 { 1965 if($message['folder'] == 2 || $message['folder'] == 3) 1966 { // Sent Items or Drafts Folder Check 1967 if($message['toid']) 1968 { 1969 $tofromuid = $message['toid']; 1970 if($mybb->input['exporttype'] == "txt") 1971 { 1972 $tofromusername = $message['tousername']; 1973 } 1974 else 1975 { 1976 $tofromusername = build_profile_link($message['tousername'], $tofromuid); 1977 } 1978 } 1979 else 1980 { 1981 $tofromusername = $lang->not_sent; 1982 } 1983 $tofrom = $lang->to; 1984 } 1985 else 1986 { 1987 $tofromuid = $message['fromid']; 1988 if($mybb->input['exporttype'] == "txt") 1989 { 1990 $tofromusername = $message['fromusername']; 1991 } 1992 else 1993 { 1994 $tofromusername = build_profile_link($message['fromusername'], $tofromuid); 1995 } 1996 1997 if($tofromuid == 0) 1998 { 1999 $tofromusername = $lang->mybb_engine; 2000 } 2001 $tofrom = $lang->from; 2002 } 2003 2004 if($tofromuid == 0) 2005 { 2006 $message['fromusername'] = $lang->mybb_engine; 2007 } 2008 2009 if(!$message['toid'] && $message['folder'] == 3) 2010 { 2011 $message['tousername'] = $lang->not_sent; 2012 } 2013 2014 $message['subject'] = $parser->parse_badwords($message['subject']); 2015 if($message['folder'] != "3") 2016 { 2017 $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false); 2018 $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false); 2019 $senddate .= " $lang->at $sendtime"; 2020 } 2021 else 2022 { 2023 $senddate = $lang->not_sent; 2024 } 2025 2026 if($mybb->input['exporttype'] == "html") 2027 { 2028 $parser_options = array( 2029 "allow_html" => $mybb->settings['pmsallowhtml'], 2030 "allow_mycode" => $mybb->settings['pmsallowmycode'], 2031 "allow_smilies" => 0, 2032 "allow_imgcode" => $mybb->settings['pmsallowimgcode'], 2033 "allow_videocode" => $mybb->settings['pmsallowvideocode'], 2034 "me_username" => $mybb->user['username'], 2035 "filter_badwords" => 1 2036 ); 2037 2038 $message['message'] = $parser->parse_message($message['message'], $parser_options); 2039 $message['subject'] = htmlspecialchars_uni($message['subject']); 2040 } 2041 2042 if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv") 2043 { 2044 $message['message'] = str_replace("\r\n", "\n", $message['message']); 2045 $message['message'] = str_replace("\n", "\r\n", $message['message']); 2046 } 2047 2048 if($mybb->input['exporttype'] == "csv") 2049 { 2050 $message['message'] = my_escape_csv($message['message']); 2051 $message['subject'] = my_escape_csv($message['subject']); 2052 $message['tousername'] = my_escape_csv($message['tousername']); 2053 $message['fromusername'] = my_escape_csv($message['fromusername']); 2054 } 2055 2056 if(empty($donefolder[$message['folder']])) 2057 { 2058 reset($foldersexploded); 2059 foreach($foldersexploded as $key => $val) 2060 { 2061 $folderinfo = explode("**", $val, 2); 2062 if($folderinfo[0] == $message['folder']) 2063 { 2064 $foldername = $folderinfo[1]; 2065 if($mybb->input['exporttype'] != "csv") 2066 { 2067 if($mybb->input['exporttype'] != "html") 2068 { 2069 $mybb->input['exporttype'] == "txt"; 2070 } 2071 eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";"); 2072 } 2073 else 2074 { 2075 $foldername = my_escape_csv($folderinfo[1]); 2076 } 2077 $donefolder[$message['folder']] = 1; 2078 } 2079 } 2080 } 2081 2082 eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";"); 2083 $ids .= ",'{$message['pmid']}'"; 2084 } 2085 2086 if($mybb->input['exporttype'] == "html") 2087 { 2088 // Gather global stylesheet for HTML 2089 $css_tid = empty($theme['tid']) ? '' : "'". (int)$theme['tid'] ."',"; 2090 $query = $db->simple_select("themestylesheets", "stylesheet", "tid in ({$css_tid}'2','1') AND name = 'global.css'", array('order_by' => 'tid', 'order_dir' => 'DESC', 'limit' => 1)); 2091 $css = $db->fetch_field($query, "stylesheet"); 2092 } 2093 2094 $plugins->run_hooks("private_do_export_end"); 2095 2096 eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";"); 2097 if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1) 2098 { // delete the archived pms 2099 $db->delete_query("privatemessages", "pmid IN ('0'$ids)"); 2100 // Update PM count 2101 update_pm_count(); 2102 } 2103 2104 if($mybb->input['exporttype'] == "html") 2105 { 2106 $filename = "pm-archive.html"; 2107 $contenttype = "text/html"; 2108 } 2109 elseif($mybb->input['exporttype'] == "csv") 2110 { 2111 $filename = "pm-archive.csv"; 2112 $contenttype = "application/octet-stream"; 2113 } 2114 else 2115 { 2116 $filename = "pm-archive.txt"; 2117 $contenttype = "text/plain"; 2118 } 2119 2120 $archived = str_replace("\\\'","'",$archived); 2121 header("Content-disposition: filename=$filename"); 2122 header("Content-type: ".$contenttype); 2123 2124 if($mybb->input['exporttype'] == "html") 2125 { 2126 output_page($archived); 2127 } 2128 else 2129 { 2130 echo "\xEF\xBB\xBF"; // UTF-8 BOM 2131 echo $archived; 2132 } 2133 } 2134 2135 if(!$mybb->input['action']) 2136 { 2137 $plugins->run_hooks("private_inbox"); 2138 2139 if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames)) 2140 { 2141 $mybb->input['fid'] = 0; 2142 } 2143 2144 $fid = (int)$mybb->input['fid']; 2145 $folder = !$fid ? 1 : $fid; 2146 $foldername = $foldernames[$fid]; 2147 2148 if($folder == 2 || $folder == 3) 2149 { // Sent Items Folder 2150 $sender = $lang->sentto; 2151 } 2152 else 2153 { 2154 $sender = $lang->sender; 2155 } 2156 2157 $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order')); 2158 $ordersel = array('asc' => '', 'desc'); 2159 switch(my_strtolower($mybb->input['order'])) 2160 { 2161 case "asc": 2162 $sortordernow = "asc"; 2163 $ordersel['asc'] = "selected=\"selected\""; 2164 $oppsort = $lang->desc; 2165 $oppsortnext = "desc"; 2166 break; 2167 default: 2168 $sortordernow = "desc"; 2169 $ordersel['desc'] = "selected=\"selected\""; 2170 $oppsort = $lang->asc; 2171 $oppsortnext = "asc"; 2172 break; 2173 } 2174 2175 // Sort by which field? 2176 $sortby = htmlspecialchars_uni($mybb->get_input('sortby')); 2177 switch($mybb->get_input('sortby')) 2178 { 2179 case "subject": 2180 $sortfield = "subject"; 2181 break; 2182 case "username": 2183 $sortfield = "username"; 2184 break; 2185 default: 2186 $sortby = "dateline"; 2187 $sortfield = "dateline"; 2188 $mybb->input['sortby'] = "dateline"; 2189 break; 2190 } 2191 $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => ''); 2192 $sortsel[$sortby] = "selected=\"selected\""; 2193 2194 eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";"); 2195 2196 // Do Multi Pages 2197 $selective = ""; 2198 if($fid == 1) 2199 { 2200 $selective = " AND status='0'"; 2201 } 2202 2203 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'$selective"); 2204 $pmscount = $db->fetch_field($query, "total"); 2205 2206 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 2207 { 2208 $mybb->settings['threadsperpage'] = 20; 2209 } 2210 2211 $perpage = $mybb->settings['threadsperpage']; 2212 $page = $mybb->get_input('page', MyBB::INPUT_INT); 2213 2214 if($page > 0) 2215 { 2216 $start = ($page-1) *$perpage; 2217 $pages = ceil($pmscount / $perpage); 2218 if($page > $pages) 2219 { 2220 $start = 0; 2221 $page = 1; 2222 } 2223 } 2224 else 2225 { 2226 $start = 0; 2227 $page = 1; 2228 } 2229 2230 $end = $start + $perpage; 2231 $lower = $start+1; 2232 $upper = $end; 2233 2234 if($upper > $pmscount) 2235 { 2236 $upper = $pmscount; 2237 } 2238 2239 if($mybb->input['order'] || ($sortby && $sortby != "dateline")) 2240 { 2241 $page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}"; 2242 } 2243 else 2244 { 2245 $page_url = "private.php?fid={$fid}"; 2246 } 2247 2248 $multipage = multipage($pmscount, $perpage, $page, $page_url); 2249 $selective = $messagelist = ''; 2250 2251 $icon_cache = array(); 2252 2253 if($mybb->settings['allowposticons'] == 1) 2254 { 2255 $icon_cache = (array)$cache->read("posticons"); 2256 } 2257 2258 // Cache users in multiple recipients for sent & drafts folder 2259 if($folder == 2 || $folder == 3) 2260 { 2261 if($sortfield == "username") 2262 { 2263 $u = "u."; 2264 } 2265 else 2266 { 2267 $u = "pm."; 2268 } 2269 2270 // Get all recipients into an array 2271 $cached_users = $get_users = array(); 2272 $users_query = $db->query(" 2273 SELECT pm.recipients 2274 FROM ".TABLE_PREFIX."privatemessages pm 2275 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 2276 WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}' 2277 ORDER BY {$u}{$sortfield} {$sortordernow} 2278 LIMIT {$start}, {$perpage} 2279 "); 2280 while($row = $db->fetch_array($users_query)) 2281 { 2282 $recipients = my_unserialize($row['recipients']); 2283 if(isset($recipients['to']) && is_array($recipients['to']) && count($recipients['to'])) 2284 { 2285 $get_users = array_merge($get_users, $recipients['to']); 2286 } 2287 2288 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 2289 { 2290 $get_users = array_merge($get_users, $recipients['bcc']); 2291 } 2292 } 2293 2294 $get_users = implode(',', array_unique($get_users)); 2295 2296 // Grab info 2297 if($get_users) 2298 { 2299 $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})"); 2300 while($user = $db->fetch_array($users_query)) 2301 { 2302 $cached_users[$user['uid']] = $user; 2303 } 2304 } 2305 } 2306 2307 if($folder == 2 || $folder == 3) 2308 { 2309 if($sortfield == "username") 2310 { 2311 $pm = "tu."; 2312 } 2313 else 2314 { 2315 $pm = "pm."; 2316 } 2317 } 2318 else 2319 { 2320 if($fid == 1) 2321 { 2322 $selective = " AND pm.status='0'"; 2323 } 2324 2325 if($sortfield == "username") 2326 { 2327 $pm = "fu."; 2328 } 2329 else 2330 { 2331 $pm = "pm."; 2332 } 2333 } 2334 2335 $query = $db->query(" 2336 SELECT pm.*, fu.username AS fromusername, tu.username as tousername 2337 FROM ".TABLE_PREFIX."privatemessages pm 2338 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 2339 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 2340 WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective} 2341 ORDER BY {$pm}{$sortfield} {$sortordernow} 2342 LIMIT $start, $perpage 2343 "); 2344 2345 if($db->num_rows($query) > 0) 2346 { 2347 $bgcolor = alt_trow(true); 2348 while($message = $db->fetch_array($query)) 2349 { 2350 $msgalt = $msgstatus = ''; 2351 2352 // Determine Folder Icon 2353 if($message['status'] == 0) 2354 { 2355 $msgstatus = 'new_pm'; 2356 $msgalt = $lang->new_pm; 2357 } 2358 else if($message['status'] == 1) 2359 { 2360 $msgstatus = 'old_pm'; 2361 $msgalt = $lang->old_pm; 2362 } 2363 else if($message['status'] == 3) 2364 { 2365 $msgstatus = 're_pm'; 2366 $msgalt = $lang->reply_pm; 2367 } 2368 else if($message['status'] == 4) 2369 { 2370 $msgstatus = 'fw_pm'; 2371 $msgalt = $lang->fwd_pm; 2372 } 2373 2374 $tofromuid = 0; 2375 if($folder == 2 || $folder == 3) 2376 { // Sent Items or Drafts Folder Check 2377 $recipients = my_unserialize($message['recipients']); 2378 $to_users = $bcc_users = ''; 2379 if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0)) 2380 { 2381 foreach($recipients['to'] as $uid) 2382 { 2383 if(!isset($cached_users[$uid])) 2384 { 2385 continue; 2386 } 2387 $profilelink = get_profile_link($uid); 2388 $user = $cached_users[$uid]; 2389 $user['username'] = htmlspecialchars_uni($user['username']); 2390 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2391 if(!$user['username']) 2392 { 2393 $username = $lang->na; 2394 } 2395 eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 2396 } 2397 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc'])) 2398 { 2399 eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";"); 2400 foreach($recipients['bcc'] as $uid) 2401 { 2402 if(!isset($cached_users[$uid])) 2403 { 2404 continue; 2405 } 2406 $profilelink = get_profile_link($uid); 2407 $user = $cached_users[$uid]; 2408 $user['username'] = htmlspecialchars_uni($user['username']); 2409 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2410 if(!$user['username']) 2411 { 2412 $username = $lang->na; 2413 } 2414 eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 2415 } 2416 } 2417 2418 eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";"); 2419 } 2420 else if($message['toid']) 2421 { 2422 $tofromusername = htmlspecialchars_uni($message['tousername']); 2423 $tofromuid = $message['toid']; 2424 } 2425 else 2426 { 2427 $tofromusername = $lang->not_sent; 2428 } 2429 } 2430 else 2431 { 2432 $tofromusername = htmlspecialchars_uni($message['fromusername']); 2433 $tofromuid = $message['fromid']; 2434 if($tofromuid == 0) 2435 { 2436 $tofromusername = $lang->mybb_engine; 2437 } 2438 2439 if(!$tofromusername) 2440 { 2441 $tofromuid = 0; 2442 $tofromusername = $lang->na; 2443 } 2444 } 2445 2446 $tofromusername = build_profile_link($tofromusername, $tofromuid); 2447 2448 if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2) 2449 { 2450 eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";"); 2451 } 2452 else 2453 { 2454 $denyreceipt = ''; 2455 } 2456 2457 if($message['icon'] > 0 && !empty($icon_cache[$message['icon']])) 2458 { 2459 $icon = $icon_cache[$message['icon']]; 2460 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 2461 $icon['path'] = htmlspecialchars_uni($icon['path']); 2462 $icon['name'] = htmlspecialchars_uni($icon['name']); 2463 eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";"); 2464 } 2465 else 2466 { 2467 $icon = '	'; 2468 } 2469 2470 if(!trim($message['subject'])) 2471 { 2472 $message['subject'] = $lang->pm_no_subject; 2473 } 2474 2475 $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject'])); 2476 if($message['folder'] != "3") 2477 { 2478 $senddate = my_date('relative', $message['dateline']); 2479 } 2480 else 2481 { 2482 $senddate = $lang->not_sent; 2483 } 2484 2485 $plugins->run_hooks("private_message"); 2486 2487 eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";"); 2488 $bgcolor = alt_trow(); 2489 } 2490 } 2491 else 2492 { 2493 eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";"); 2494 } 2495 2496 $pmspacebar = ''; 2497 if($mybb->usergroup['pmquota'] != 0) 2498 { 2499 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'"); 2500 $pmscount = $db->fetch_array($query); 2501 if($pmscount['total'] == 0) 2502 { 2503 $spaceused = 0; 2504 } 2505 else 2506 { 2507 $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100; 2508 } 2509 $spaceused2 = 100 - $spaceused; 2510 $belowhalf = $overhalf = ''; 2511 if($spaceused <= "50") 2512 { 2513 $spaceused_severity = "low"; 2514 $belowhalf = round($spaceused, 0)."%"; 2515 if((int)$belowhalf > 100) 2516 { 2517 $belowhalf = "100%"; 2518 } 2519 } 2520 else 2521 { 2522 if($spaceused <= "75") 2523 { 2524 $spaceused_severity = "medium"; 2525 } 2526 2527 else 2528 { 2529 $spaceused_severity = "high"; 2530 } 2531 2532 $overhalf = round($spaceused, 0)."%"; 2533 if((int)$overhalf > 100) 2534 { 2535 $overhalf = "100%"; 2536 } 2537 } 2538 2539 if($spaceused > 100) 2540 { 2541 $spaceused = 100; 2542 $spaceused2 = 0; 2543 } 2544 2545 eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";"); 2546 } 2547 2548 $composelink = ''; 2549 if($mybb->usergroup['cansendpms'] == 1) 2550 { 2551 eval("\$composelink = \"".$templates->get("private_composelink")."\";"); 2552 } 2553 2554 $emptyexportlink = ''; 2555 if($mybb->user['totalpms'] > 0) 2556 { 2557 eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";"); 2558 } 2559 2560 $limitwarning = ''; 2561 if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota']) 2562 { 2563 eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";"); 2564 } 2565 2566 $plugins->run_hooks("private_end"); 2567 2568 eval("\$folder = \"".$templates->get("private")."\";"); 2569 output_page($folder); 2570 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |