[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> private.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'private.php');
  14  
  15  $templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
  16  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  18  $templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";
  19  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";
  20  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
  21  $templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
  22  $templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
  23  $templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
  24  $templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("private");
  34  
  35  if($mybb->settings['enablepms'] == 0)
  36  {
  37      error($lang->pms_disabled);
  38  }
  39  
  40  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  if(!$mybb->user['pmfolders'])
  46  {
  47      $mybb->user['pmfolders'] = "1**$%%$2**$%%$3**$%%$4**";
  48  
  49      $sql_array = array(
  50           "pmfolders" => $mybb->user['pmfolders']
  51      );
  52      $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
  53  }
  54  
  55  $mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);
  56  
  57  $folder_id = $folder_name = '';
  58  
  59  $foldernames = array();
  60  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  61  foreach($foldersexploded as $key => $folders)
  62  {
  63      $folderinfo = explode("**", $folders, 2);
  64      if($mybb->input['fid'] == $folderinfo[0])
  65      {
  66          $sel = ' selected="selected"';
  67      }
  68      else
  69      {
  70          $sel = '';
  71      }
  72      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  73      $foldernames[$folderinfo[0]] = $folderinfo[1];
  74  
  75      $folder_id = $folderinfo[0];
  76      $folder_name = $folderinfo[1];
  77  
  78      eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  79      eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  80      eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
  81  }
  82  
  83  eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
  84  eval("\$folderoplist = \"".$templates->get("private_move")."\";");
  85  eval("\$foldersearch = \"".$templates->get("private_advanced_search_folders")."\";");
  86  
  87  usercp_menu();
  88  
  89  $plugins->run_hooks("private_start");
  90  
  91  // Make navigation
  92  add_breadcrumb($lang->nav_pms, "private.php");
  93  
  94  $mybb->input['action'] = $mybb->get_input('action');
  95  switch($mybb->input['action'])
  96  {
  97      case "send":
  98          add_breadcrumb($lang->nav_send);
  99          break;
 100      case "tracking":
 101          add_breadcrumb($lang->nav_tracking);
 102          break;
 103      case "folders":
 104          add_breadcrumb($lang->nav_folders);
 105          break;
 106      case "empty":
 107          add_breadcrumb($lang->nav_empty);
 108          break;
 109      case "export":
 110          add_breadcrumb($lang->nav_export);
 111          break;
 112      case "advanced_search":
 113          add_breadcrumb($lang->nav_search);
 114          break;
 115      case "results":
 116          add_breadcrumb($lang->nav_results);
 117          break;
 118  }
 119  
 120  if(!empty($mybb->input['preview']))
 121  {
 122      $mybb->input['action'] = "send";
 123  }
 124  
 125  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->get_input('quick_search') || !$mybb->get_input('hop') && !$mybb->get_input('moveto') && !$mybb->get_input('delete'))) && $mybb->request_method == "post")
 126  {
 127      $plugins->run_hooks("private_do_search_start");
 128  
 129      // Simulate coming from our advanced search form with some preset options
 130      if($mybb->get_input('quick_search'))
 131      {
 132          $mybb->input['action'] = "do_search";
 133          $mybb->input['subject'] = 1;
 134          $mybb->input['message'] = 1;
 135          $mybb->input['folder'] = $mybb->input['fid'];
 136          unset($mybb->input['jumpto']);
 137          unset($mybb->input['fromfid']);
 138      }
 139  
 140      // Check if search flood checking is enabled and user is not admin
 141      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 142      {
 143          // Fetch the time this user last searched
 144          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 145          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 146          $last_search = $db->fetch_array($query);
 147          // Users last search was within the flood time, show the error
 148          if($last_search['sid'])
 149          {
 150              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 151              if($remaining_time == 1)
 152              {
 153                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 154              }
 155              else
 156              {
 157                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 158              }
 159              error($lang->error_searchflooding);
 160          }
 161      }
 162  
 163      if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)
 164      {
 165          error($lang->error_nosearchresults);
 166      }
 167  
 168      if($mybb->get_input('message', MyBB::INPUT_INT) == 1)
 169      {
 170          $resulttype = "pmmessages";
 171      }
 172      else
 173      {
 174          $resulttype = "pmsubjects";
 175      }
 176  
 177      $search_data = array(
 178          "keywords" => $mybb->get_input('keywords'),
 179          "subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
 180          "message" => $mybb->get_input('message', MyBB::INPUT_INT),
 181          "sender" => $mybb->get_input('sender'),
 182          "status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
 183          "folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)
 184      );
 185  
 186      if($db->can_search == true)
 187      {
 188          require_once  MYBB_ROOT."inc/functions_search.php";
 189  
 190          $search_results = privatemessage_perform_search_mysql($search_data);
 191      }
 192      else
 193      {
 194          error($lang->error_no_search_support);
 195      }
 196      $sid = md5(uniqid(microtime(), true));
 197      $searcharray = array(
 198          "sid" => $db->escape_string($sid),
 199          "uid" => $mybb->user['uid'],
 200          "dateline" => TIME_NOW,
 201          "ipaddress" => $db->escape_binary($session->packedip),
 202          "threads" => '',
 203          "posts" => '',
 204          "resulttype" => $resulttype,
 205          "querycache" => $search_results['querycache'],
 206          "keywords" => $db->escape_string($mybb->get_input('keywords')),
 207      );
 208      $plugins->run_hooks("private_do_search_process");
 209  
 210      $db->insert_query("searchlog", $searcharray);
 211  
 212      // Sender sort won't work yet
 213      $sortby = array('subject', 'sender', 'dateline');
 214  
 215      if(in_array($mybb->get_input('sort'), $sortby))
 216      {
 217          $sortby = $mybb->get_input('sort');
 218      }
 219      else
 220      {
 221          $sortby = "dateline";
 222      }
 223  
 224      if(my_strtolower($mybb->get_input('sortordr')) == "asc")
 225      {
 226          $sortorder = "asc";
 227      }
 228      else
 229      {
 230          $sortorder = "desc";
 231      }
 232  
 233      $plugins->run_hooks("private_do_search_end");
 234      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 235  }
 236  
 237  if($mybb->input['action'] == "results")
 238  {
 239      $sid = $mybb->get_input('sid');
 240      $query = $db->simple_select("searchlog", "*", "sid='".$db->escape_string($sid)."' AND uid='{$mybb->user['uid']}'");
 241      $search = $db->fetch_array($query);
 242  
 243      if(!$search)
 244      {
 245          error($lang->error_invalidsearch);
 246      }
 247  
 248      $plugins->run_hooks("private_results_start");
 249  
 250      // Decide on our sorting fields and sorting order.
 251      $order = my_strtolower($mybb->get_input('order'));
 252      $sortby = my_strtolower($mybb->get_input('sortby'));
 253  
 254      $sortby_accepted = array('subject', 'username', 'dateline');
 255  
 256      if(in_array($sortby, $sortby_accepted))
 257      {
 258          $query_sortby = $sortby;
 259  
 260          if($query_sortby == "username")
 261          {
 262              $query_sortby = "fromusername";
 263          }
 264      }
 265      else
 266      {
 267          $sortby = $query_sortby = "dateline";
 268      }
 269  
 270      if($order != "asc")
 271      {
 272          $order = "desc";
 273      }
 274  
 275      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 276      {
 277          $mybb->settings['threadsperpage'] = 20;
 278      }
 279  
 280      // Work out pagination, which page we're at, as well as the limits.
 281      $perpage = $mybb->settings['threadsperpage'];
 282      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 283      if($page > 0)
 284      {
 285          $start = ($page-1) * $perpage;
 286      }
 287      else
 288      {
 289          $start = 0;
 290          $page = 1;
 291      }
 292      $end = $start + $perpage;
 293      $lower = $start+1;
 294      $upper = $end;
 295  
 296      // Work out if we have terms to highlight
 297      $highlight = "";
 298      if($search['keywords'])
 299      {
 300          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 301      }
 302  
 303      // Do Multi Pages
 304      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 305      $pmscount = $db->fetch_array($query);
 306  
 307      if($upper > $pmscount)
 308      {
 309          $upper = $pmscount;
 310      }
 311      $multipage = multipage($pmscount['total'], $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby={$sortby}&amp;order={$order}");
 312      $messagelist = '';
 313  
 314      $icon_cache = $cache->read("posticons");
 315  
 316      // Cache users in multiple recipients for sent & drafts folder
 317      // Get all recipients into an array
 318      $cached_users = $get_users = array();
 319      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 320      while($row = $db->fetch_array($users_query))
 321      {
 322          $recipients = my_unserialize($row['recipients']);
 323          if(is_array($recipients['to']) && count($recipients['to']))
 324          {
 325              $get_users = array_merge($get_users, $recipients['to']);
 326          }
 327  
 328          if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 329          {
 330              $get_users = array_merge($get_users, $recipients['bcc']);
 331          }
 332      }
 333  
 334      $get_users = implode(',', array_unique($get_users));
 335  
 336      // Grab info
 337      if($get_users)
 338      {
 339          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 340          while($user = $db->fetch_array($users_query))
 341          {
 342              $cached_users[$user['uid']] = $user;
 343          }
 344      }
 345  
 346      $query = $db->query("
 347          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 348          FROM ".TABLE_PREFIX."privatemessages pm
 349          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 350          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 351          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 352          ORDER BY pm.{$query_sortby} {$order}
 353          LIMIT {$start}, {$perpage}
 354      ");
 355      while($message = $db->fetch_array($query))
 356      {
 357          $msgalt = $msgstatus = '';
 358  
 359          // Determine Folder Icon
 360          if($message['status'] == 0)
 361          {
 362              $msgstatus = 'new_pm';
 363              $msgalt = $lang->new_pm;
 364          }
 365          else if($message['status'] == 1)
 366          {
 367              $msgstatus = 'old_pm';
 368              $msgalt = $lang->old_pm;
 369          }
 370          else if($message['status'] == 3)
 371          {
 372              $msgstatus = 're_pm';
 373              $msgalt = $lang->reply_pm;
 374          }
 375          else if($message['status'] == 4)
 376          {
 377              $msgstatus = 'fw_pm';
 378              $msgalt = $lang->fwd_pm;
 379          }
 380  
 381          $folder = $message['folder'];
 382  
 383          $tofromuid = 0;
 384          if($folder == 2 || $folder == 3)
 385          {
 386              // Sent Items or Drafts Folder Check
 387              $recipients = my_unserialize($message['recipients']);
 388              $to_users = $bcc_users = '';
 389              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
 390              {
 391                  foreach($recipients['to'] as $uid)
 392                  {
 393                      $profilelink = get_profile_link($uid);
 394                      $user = $cached_users[$uid];
 395                      $user['username'] = htmlspecialchars_uni($user['username']);
 396                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 397                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 398                  }
 399                  if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
 400                  {
 401                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 402                      foreach($recipients['bcc'] as $uid)
 403                      {
 404                          $profilelink = get_profile_link($uid);
 405                          $user = $cached_users[$uid];
 406                          $user['username'] = htmlspecialchars_uni($user['username']);
 407                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 408                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 409                      }
 410                  }
 411  
 412                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 413              }
 414              else if($message['toid'])
 415              {
 416                  $tofromusername = htmlspecialchars_uni($message['tousername']);
 417                  $tofromuid = $message['toid'];
 418              }
 419              else
 420              {
 421                  $tofromusername = $lang->not_sent;
 422              }
 423          }
 424          else
 425          {
 426              $tofromusername = htmlspecialchars_uni($message['fromusername']);
 427              $tofromuid = $message['fromid'];
 428              if($tofromuid == 0)
 429              {
 430                  $tofromusername = $lang->mybb_engine;
 431              }
 432          }
 433  
 434          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 435  
 436          $denyreceipt = '';
 437  
 438          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 439          {
 440              $icon = $icon_cache[$message['icon']];
 441              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
 442              $icon['path'] = htmlspecialchars_uni($icon['path']);
 443              $icon['name'] = htmlspecialchars_uni($icon['name']);
 444              eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
 445          }
 446          else
 447          {
 448              $icon = '&#009;';
 449          }
 450  
 451          if(!trim($message['subject']))
 452          {
 453              $message['subject'] = $lang->pm_no_subject;
 454          }
 455  
 456          $message['subject'] = $parser->parse_badwords($message['subject']);
 457  
 458          if(my_strlen($message['subject']) > 50)
 459          {
 460              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 461          }
 462          else
 463          {
 464              $message['subject'] = htmlspecialchars_uni($message['subject']);
 465          }
 466  
 467          if($message['folder'] != "3")
 468          {
 469              $senddate = my_date('relative', $message['dateline']);
 470          }
 471          else
 472          {
 473              $senddate = $lang->not_sent;
 474          }
 475  
 476          $foldername = $foldernames[$message['folder']];
 477  
 478          // What we do here is parse the post using our post parser, then strip the tags from it
 479          $parser_options = array(
 480              'allow_html' => 0,
 481              'allow_mycode' => 1,
 482              'allow_smilies' => 0,
 483              'allow_imgcode' => 0,
 484              'filter_badwords' => 1
 485          );
 486          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 487          if(my_strlen($message['message']) > 200)
 488          {
 489              $message['message'] = my_substr($message['message'], 0, 200)."...";
 490          }
 491  
 492          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 493      }
 494  
 495      if($db->num_rows($query) == 0)
 496      {
 497          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 498      }
 499  
 500      $plugins->run_hooks("private_results_end");
 501  
 502      eval("\$results = \"".$templates->get("private_search_results")."\";");
 503      output_page($results);
 504  }
 505  
 506  if($mybb->input['action'] == "advanced_search")
 507  {
 508      $plugins->run_hooks("private_advanced_search");
 509  
 510      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 511  
 512      output_page($advanced_search);
 513  }
 514  
 515  // Dismissing a new/unread PM notice
 516  if($mybb->input['action'] == "dismiss_notice")
 517  {
 518      if($mybb->user['pmnotice'] != 2)
 519      {
 520          exit;
 521      }
 522  
 523      // Verify incoming POST request
 524      verify_post_check($mybb->get_input('my_post_key'));
 525  
 526      $updated_user = array(
 527          "pmnotice" => 1
 528      );
 529      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 530  
 531      if(!empty($mybb->input['ajax']))
 532      {
 533          echo 1;
 534          exit;
 535      }
 536      else
 537      {
 538          header("Location: index.php");
 539          exit;
 540      }
 541  }
 542  
 543  $send_errors = '';
 544  
 545  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 546  {
 547      if($mybb->usergroup['cansendpms'] == 0)
 548      {
 549          error_no_permission();
 550      }
 551  
 552      // Verify incoming POST request
 553      verify_post_check($mybb->get_input('my_post_key'));
 554  
 555      $plugins->run_hooks("private_send_do_send");
 556  
 557      // Attempt to see if this PM is a duplicate or not
 558      $to = array_map("trim", explode(",", $mybb->get_input('to')));
 559      $to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
 560      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 561      $query = $db->query("
 562          SELECT pm.pmid
 563          FROM ".TABLE_PREFIX."privatemessages pm
 564          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 565          WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
 566          LIMIT 0, 1
 567      ");
 568      $duplicate_check = $db->fetch_field($query, "pmid");
 569      if($duplicate_check)
 570      {
 571          error($lang->error_pm_already_submitted);
 572      }
 573  
 574      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 575      $pmhandler = new PMDataHandler();
 576  
 577      $pm = array(
 578          "subject" => $mybb->get_input('subject'),
 579          "message" => $mybb->get_input('message'),
 580          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 581          "fromid" => $mybb->user['uid'],
 582          "do" => $mybb->get_input('do'),
 583          "pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),
 584          "ipaddress" => $session->packedip
 585      );
 586  
 587      // Split up any recipients we have
 588      $pm['to'] = $to;
 589      if(!empty($mybb->input['bcc']))
 590      {
 591          $pm['bcc'] = explode(",", $mybb->get_input('bcc'));
 592          $pm['bcc'] = array_map("trim", $pm['bcc']);
 593      }
 594  
 595      $mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 596  
 597      if(!$mybb->usergroup['cantrackpms'])
 598      {
 599          $mybb->input['options']['readreceipt'] = false;
 600      }
 601  
 602      $pm['options'] = array();
 603      if(isset($mybb->input['options']['signature']) && $mybb->input['options']['signature'] == 1)
 604      {
 605          $pm['options']['signature'] = 1;
 606      }
 607      else
 608      {
 609          $pm['options']['signature'] = 0;
 610      }
 611      if(isset($mybb->input['options']['disablesmilies']))
 612      {
 613          $pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
 614      }
 615      if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)
 616      {
 617          $pm['options']['savecopy'] = 1;
 618      }
 619      else
 620      {
 621          $pm['options']['savecopy'] = 0;
 622      }
 623      if(isset($mybb->input['options']['readreceipt']))
 624      {
 625          $pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
 626      }
 627  
 628      if(!empty($mybb->input['saveasdraft']))
 629      {
 630          $pm['saveasdraft'] = 1;
 631      }
 632      $pmhandler->set_data($pm);
 633  
 634      // Now let the pm handler do all the hard work.
 635      if(!$pmhandler->validate_pm())
 636      {
 637          $pm_errors = $pmhandler->get_friendly_errors();
 638          $send_errors = inline_error($pm_errors);
 639          $mybb->input['action'] = "send";
 640      }
 641      else
 642      {
 643          $pminfo = $pmhandler->insert_pm();
 644          $plugins->run_hooks("private_do_send_end");
 645  
 646          if(isset($pminfo['draftsaved']))
 647          {
 648              redirect("private.php", $lang->redirect_pmsaved);
 649          }
 650          else
 651          {
 652              redirect("private.php", $lang->redirect_pmsent);
 653          }
 654      }
 655  }
 656  
 657  if($mybb->input['action'] == "send")
 658  {
 659      if($mybb->usergroup['cansendpms'] == 0)
 660      {
 661          error_no_permission();
 662      }
 663  
 664      $plugins->run_hooks("private_send_start");
 665  
 666      $smilieinserter = $codebuttons = '';
 667  
 668      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 669      {
 670          $codebuttons = build_mycode_inserter("message", $mybb->settings['pmsallowsmilies']);
 671          if($mybb->settings['pmsallowsmilies'] != 0)
 672          {
 673              $smilieinserter = build_clickable_smilies();
 674          }
 675      }
 676  
 677      $lang->post_icon = $lang->message_icon;
 678  
 679      $posticons = get_post_icons();
 680      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('message')));
 681      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->get_input('subject')));
 682  
 683      $optionschecked = array('signature' => '', 'disablesmilies' => '', 'savecopy' => '', 'readreceipt' => '');
 684      $to = $bcc = '';
 685  
 686      if(!empty($mybb->input['preview']) || $send_errors)
 687      {
 688          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 689          if(isset($options['signature']) && $options['signature'] == 1)
 690          {
 691              $optionschecked['signature'] = 'checked="checked"';
 692          }
 693          if(isset($options['disablesmilies']) && $options['disablesmilies'] == 1)
 694          {
 695              $optionschecked['disablesmilies'] = 'checked="checked"';
 696          }
 697          if(isset($options['savecopy']) && $options['savecopy'] != 0)
 698          {
 699              $optionschecked['savecopy'] = 'checked="checked"';
 700          }
 701          if(isset($options['readreceipt']) && $options['readreceipt'] != 0)
 702          {
 703              $optionschecked['readreceipt'] = 'checked="checked"';
 704          }
 705          $to = htmlspecialchars_uni($mybb->get_input('to'));
 706          $bcc = htmlspecialchars_uni($mybb->get_input('bcc'));
 707      }
 708  
 709      $preview = '';
 710      // Preview
 711      if(!empty($mybb->input['preview']))
 712      {
 713          $options = $mybb->get_input('options', MyBB::INPUT_ARRAY);
 714          $query = $db->query("
 715              SELECT u.username AS userusername, u.*, f.*
 716              FROM ".TABLE_PREFIX."users u
 717              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 718              WHERE u.uid='".$mybb->user['uid']."'
 719          ");
 720  
 721          $post = $db->fetch_array($query);
 722  
 723          $post['userusername'] = $mybb->user['username'];
 724          $post['postusername'] = $mybb->user['username'];
 725          $post['message'] = $mybb->get_input('message');
 726          $post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));
 727          $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 728          if(!isset($options['disablesmilies']))
 729          {
 730              $options['disablesmilies'] = 0;
 731          }
 732          $post['smilieoff'] = $options['disablesmilies'];
 733          $post['dateline'] = TIME_NOW;
 734  
 735          if(!isset($options['signature']))
 736          {
 737              $post['includesig'] = 0;
 738          }
 739          else
 740          {
 741              $post['includesig'] = 1;
 742          }
 743  
 744          // Merge usergroup data from the cache
 745          $data_key = array(
 746              'title' => 'grouptitle',
 747              'usertitle' => 'groupusertitle',
 748              'stars' => 'groupstars',
 749              'starimage' => 'groupstarimage',
 750              'image' => 'groupimage',
 751              'namestyle' => 'namestyle',
 752              'usereputationsystem' => 'usereputationsystem'
 753          );
 754  
 755          foreach($data_key as $field => $key)
 756          {
 757              $post[$key] = $groupscache[$post['usergroup']][$field];
 758          }
 759  
 760          $postbit = build_postbit($post, 2);
 761          eval("\$preview = \"".$templates->get("previewpost")."\";");
 762      }
 763      else if(!$send_errors)
 764      {
 765          // New PM, so load default settings
 766          if($mybb->user['signature'] != '')
 767          {
 768              $optionschecked['signature'] = 'checked="checked"';
 769          }
 770          if($mybb->usergroup['cantrackpms'] == 1)
 771          {
 772              $optionschecked['readreceipt'] = 'checked="checked"';
 773          }
 774          $optionschecked['savecopy'] = 'checked="checked"';
 775      }
 776  
 777      // Draft, reply, forward
 778      if($mybb->get_input('pmid') && empty($mybb->input['preview']) && !$send_errors)
 779      {
 780          $query = $db->query("
 781              SELECT pm.*, u.username AS quotename
 782              FROM ".TABLE_PREFIX."privatemessages pm
 783              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 784              WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'
 785          ");
 786  
 787          $pm = $db->fetch_array($query);
 788          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 789          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 790  
 791          if($pm['folder'] == "3")
 792          {
 793              // message saved in drafts
 794              $mybb->input['uid'] = $pm['toid'];
 795  
 796              if($pm['includesig'] == 1)
 797              {
 798                  $optionschecked['signature'] = 'checked="checked"';
 799              }
 800              if($pm['smilieoff'] == 1)
 801              {
 802                  $optionschecked['disablesmilies'] = 'checked="checked"';
 803              }
 804              if($pm['receipt'])
 805              {
 806                  $optionschecked['readreceipt'] = 'checked="checked"';
 807              }
 808  
 809              // Get list of recipients
 810              $recipients = my_unserialize($pm['recipients']);
 811              $comma = $recipientids = '';
 812              if(isset($recipients['to']) && is_array($recipients['to']))
 813              {
 814                  foreach($recipients['to'] as $recipient)
 815                  {
 816                      $recipient_list['to'][] = $recipient;
 817                      $recipientids .= $comma.$recipient;
 818                      $comma = ',';
 819                  }
 820              }
 821  
 822              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 823              {
 824                  foreach($recipients['bcc'] as $recipient)
 825                  {
 826                      $recipient_list['bcc'][] = $recipient;
 827                      $recipientids .= $comma.$recipient;
 828                      $comma = ',';
 829                  }
 830              }
 831  
 832              if(!empty($recipientids))
 833              {
 834                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 835                  while($user = $db->fetch_array($query))
 836                  {
 837                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 838                      {
 839                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 840                      }
 841                      else
 842                      {
 843                          $to .= htmlspecialchars_uni($user['username']).', ';
 844                      }
 845                  }
 846              }
 847          }
 848          else
 849          {
 850              // forward/reply
 851              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 852              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 853              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 854  
 855              require_once  MYBB_ROOT."inc/functions_posting.php";
 856  
 857              if($mybb->settings['maxpmquotedepth'] != '0')
 858              {
 859                  $message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);
 860              }
 861  
 862              if($mybb->input['do'] == 'forward')
 863              {
 864                  $subject = "Fw: $subject";
 865              }
 866              elseif($mybb->input['do'] == 'reply')
 867              {
 868                  $subject = "Re: $subject";
 869                  $uid = $pm['fromid'];
 870                  if($mybb->user['uid'] == $uid)
 871                  {
 872                      $to = $mybb->user['username'];
 873                  }
 874                  else
 875                  {
 876                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 877                      $to = $db->fetch_field($query, 'username');
 878                  }
 879                  $to = htmlspecialchars_uni($to);
 880              }
 881              else if($mybb->input['do'] == 'replyall')
 882              {
 883                  $subject = "Re: $subject";
 884  
 885                  // Get list of recipients
 886                  $recipients = my_unserialize($pm['recipients']);
 887                  $recipientids = $pm['fromid'];
 888                  if(isset($recipients['to']) && is_array($recipients['to']))
 889                  {
 890                      foreach($recipients['to'] as $recipient)
 891                      {
 892                          if($recipient == $mybb->user['uid'])
 893                          {
 894                              continue;
 895                          }
 896                          $recipientids .= ','.$recipient;
 897                      }
 898                  }
 899                  $comma = '';
 900                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 901                  while($user = $db->fetch_array($query))
 902                  {
 903                      $to .= $comma.htmlspecialchars_uni($user['username']);
 904                      $comma = $lang->comma;
 905                  }
 906              }
 907          }
 908      }
 909  
 910      // New PM with recipient preset
 911      if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))
 912      {
 913          $query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 914          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 915      }
 916  
 917      $max_recipients = '';
 918      if($mybb->usergroup['maxpmrecipients'] > 0)
 919      {
 920          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 921      }
 922  
 923      if($send_errors)
 924      {
 925          $to = htmlspecialchars_uni($mybb->get_input('to'));
 926          $bcc = htmlspecialchars_uni($mybb->get_input('bcc'));
 927      }
 928  
 929      // Load the auto complete javascript if it is enabled.
 930      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 931  
 932      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 933      $do = $mybb->get_input('do');
 934      if($do != "forward" && $do != "reply" && $do != "replyall")
 935      {
 936          $do = '';
 937      }
 938  
 939      $buddy_select_to = $buddy_select_bcc = '';
 940      // See if it's actually worth showing the buddylist icon.
 941      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 942      {
 943          $buddy_select = 'to';
 944          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 945          $buddy_select = 'bcc';
 946          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 947      }
 948  
 949      // Hide tracking option if no permission
 950      $private_send_tracking = '';
 951      if($mybb->usergroup['cantrackpms'])
 952      {
 953          eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
 954      }
 955  
 956      $plugins->run_hooks("private_send_end");
 957  
 958      eval("\$send = \"".$templates->get("private_send")."\";");
 959      output_page($send);
 960  }
 961  
 962  if($mybb->input['action'] == "read")
 963  {
 964      $plugins->run_hooks("private_read");
 965  
 966      $pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);
 967  
 968      $query = $db->query("
 969          SELECT pm.*, u.*, f.*
 970          FROM ".TABLE_PREFIX."privatemessages pm
 971          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 972          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 973          WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
 974      ");
 975      $pm = $db->fetch_array($query);
 976  
 977      if(!$pm)
 978      {
 979          error($lang->error_invalidpm);
 980      }
 981  
 982      if($pm['folder'] == 3)
 983      {
 984          header("Location: private.php?action=send&pmid={$pm['pmid']}");
 985          exit;
 986      }
 987  
 988      // If we've gotten a PM, attach the group info
 989      $data_key = array(
 990          'title' => 'grouptitle',
 991          'usertitle' => 'groupusertitle',
 992          'stars' => 'groupstars',
 993          'starimage' => 'groupstarimage',
 994          'image' => 'groupimage',
 995          'namestyle' => 'namestyle'
 996      );
 997  
 998      foreach($data_key as $field => $key)
 999      {
1000          $pm[$key] = $groupscache[$pm['usergroup']][$field];
1001      }
1002  
1003      if($pm['receipt'] == 1)
1004      {
1005          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)
1006          {
1007              $receiptadd = 0;
1008          }
1009          else
1010          {
1011              $receiptadd = 2;
1012          }
1013      }
1014  
1015      $action_time = '';
1016      if($pm['status'] == 0)
1017      {
1018          $time = TIME_NOW;
1019          $updatearray = array(
1020              'status' => 1,
1021              'readtime' => $time
1022          );
1023  
1024          if(isset($receiptadd))
1025          {
1026              $updatearray['receipt'] = $receiptadd;
1027          }
1028  
1029          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
1030  
1031          // Update the unread count - it has now changed.
1032          update_pm_count($mybb->user['uid'], 6);
1033  
1034          // Update PM notice value if this is our last unread PM
1035          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1036          {
1037              $updated_user = array(
1038                  "pmnotice" => 1
1039              );
1040              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1041          }
1042      }
1043      // Replied PM?
1044      else if($pm['status'] == 3 && $pm['statustime'])
1045      {
1046          $reply_string = $lang->you_replied_on;
1047          $reply_date = my_date('relative', $pm['statustime']);
1048  
1049          if((TIME_NOW - $pm['statustime']) < 3600)
1050          {
1051              // Relative string for the first hour
1052              $reply_string = $lang->you_replied;
1053          }
1054  
1055          $actioned_on = $lang->sprintf($reply_string, $reply_date);
1056          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1057      }
1058      else if($pm['status'] == 4 && $pm['statustime'])
1059      {
1060          $forward_string = $lang->you_forwarded_on;
1061          $forward_date = my_date('relative', $pm['statustime']);
1062  
1063          if((TIME_NOW - $pm['statustime']) < 3600)
1064          {
1065              $forward_string = $lang->you_forwarded;
1066          }
1067  
1068          $actioned_on = $lang->sprintf($forward_string, $forward_date);
1069          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1070      }
1071  
1072      $pm['userusername'] = $pm['username'];
1073      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1074  
1075      if($pm['fromid'] == 0)
1076      {
1077          $pm['username'] = $lang->mybb_engine;
1078      }
1079  
1080      if(!$pm['username'])
1081      {
1082          $pm['username'] = $lang->na;
1083      }
1084  
1085      // Fetch the recipients for this message
1086      $pm['recipients'] = my_unserialize($pm['recipients']);
1087  
1088      if(is_array($pm['recipients']['to']))
1089      {
1090          $uid_sql = implode(',', $pm['recipients']['to']);
1091      }
1092      else
1093      {
1094          $uid_sql = $pm['toid'];
1095          $pm['recipients']['to'] = array($pm['toid']);
1096      }
1097  
1098      $show_bcc = 0;
1099  
1100      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1101      if(isset($pm['recipients']['bcc']) && count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1102      {
1103          $show_bcc = 1;
1104          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1105      }
1106  
1107      // Fetch recipient names from the database
1108      $bcc_recipients = $to_recipients = $bcc_form_val = array();
1109      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1110      while($recipient = $db->fetch_array($query))
1111      {
1112          // User is a BCC recipient
1113          $recipient['username'] = htmlspecialchars_uni($recipient['username']);
1114          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1115          {
1116              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1117              $bcc_form_val[] = $recipient['username'];
1118          }
1119          // User is a normal recipient
1120          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1121          {
1122              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1123          }
1124      }
1125  
1126      $bcc = '';
1127      if(count($bcc_recipients) > 0)
1128      {
1129          $bcc_recipients = implode(', ', $bcc_recipients);
1130          $bcc_form_val = implode(',', $bcc_form_val);
1131          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1132      }
1133      else
1134      {
1135          $bcc_form_val = '';
1136      }
1137  
1138      $replyall = false;
1139      if(count($to_recipients) > 1)
1140      {
1141          $replyall = true;
1142      }
1143  
1144      if(count($to_recipients) > 0)
1145      {
1146          $to_recipients = implode($lang->comma, $to_recipients);
1147      }
1148      else
1149      {
1150          $to_recipients = $lang->nobody;
1151      }
1152  
1153      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1154  
1155      add_breadcrumb($pm['subject']);
1156      $message = build_postbit($pm, 2);
1157  
1158      // Decide whether or not to show quick reply.
1159      $quickreply = '';
1160      if($mybb->settings['pmquickreply'] != 0 && $mybb->user['showquickreply'] != 0 && $mybb->usergroup['cansendpms'] != 0 && $pm['fromid'] != 0 && $pm['folder'] != 3)
1161      {
1162          $trow = alt_trow();
1163  
1164          $optionschecked = array('savecopy' => 'checked="checked"');
1165          if(!empty($mybb->user['signature']))
1166          {
1167              $optionschecked['signature'] = 'checked="checked"';
1168          }
1169          if($mybb->usergroup['cantrackpms'] == 1)
1170          {
1171              $optionschecked['readreceipt'] = 'checked="checked"';
1172          }
1173  
1174          require_once  MYBB_ROOT.'inc/functions_posting.php';
1175  
1176          $quoted_message = array(
1177              'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
1178              'username' => $pm['username'],
1179              'quote_is_pm' => true
1180          );
1181          $quoted_message = parse_quoted_message($quoted_message);
1182  
1183          if($mybb->settings['maxpmquotedepth'] != '0')
1184          {
1185              $quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);
1186          }
1187  
1188          $subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);
1189  
1190          if($mybb->user['uid'] == $pm['fromid'])
1191          {
1192              $to = htmlspecialchars_uni($mybb->user['username']);
1193          }
1194          else
1195          {
1196              $query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
1197              $to = htmlspecialchars_uni($db->fetch_field($query, 'username'));
1198          }
1199  
1200          $private_send_tracking = '';
1201          if($mybb->usergroup['cantrackpms'])
1202          {
1203              $lang->options_read_receipt = $lang->quickreply_read_receipt;
1204  
1205              eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
1206          }
1207  
1208          eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
1209      }
1210  
1211      $plugins->run_hooks("private_read_end");
1212  
1213      eval("\$read = \"".$templates->get("private_read")."\";");
1214      output_page($read);
1215  }
1216  
1217  if($mybb->input['action'] == "tracking")
1218  {
1219      if(!$mybb->usergroup['cantrackpms'])
1220      {
1221          error_no_permission();
1222      }
1223  
1224      $plugins->run_hooks("private_tracking_start");
1225      $readmessages = '';
1226      $unreadmessages = '';
1227  
1228      if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1229      {
1230          $mybb->settings['postsperpage'] = 20;
1231      }
1232  
1233      // Figure out if we need to display multiple pages.
1234      $perpage = $mybb->settings['postsperpage'];
1235  
1236      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
1237      $postcount = $db->fetch_field($query, "readpms");
1238  
1239      $page = $mybb->get_input('read_page', MyBB::INPUT_INT);
1240      $pages = $postcount / $perpage;
1241      $pages = ceil($pages);
1242  
1243      if($mybb->get_input('read_page') == "last")
1244      {
1245          $page = $pages;
1246      }
1247  
1248      if($page > $pages || $page <= 0)
1249      {
1250          $page = 1;
1251      }
1252  
1253      if($page)
1254      {
1255          $start = ($page-1) * $perpage;
1256      }
1257      else
1258      {
1259          $start = 0;
1260          $page = 1;
1261      }
1262  
1263      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1264  
1265      $query = $db->query("
1266          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1267          FROM ".TABLE_PREFIX."privatemessages pm
1268          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1269          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1270          ORDER BY pm.readtime DESC
1271          LIMIT {$start}, {$perpage}
1272      ");
1273      while($readmessage = $db->fetch_array($query))
1274      {
1275          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1276          $readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);
1277          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1278          $readdate = my_date('relative', $readmessage['readtime']);
1279          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1280      }
1281  
1282      $stoptrackingread = '';
1283      if(!empty($readmessages))
1284      {
1285          eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
1286      }
1287  
1288      if(!$readmessages)
1289      {
1290          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1291      }
1292  
1293      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1294      $postcount = $db->fetch_field($query, "unreadpms");
1295  
1296      $page = $mybb->get_input('unread_page', MyBB::INPUT_INT);
1297      $pages = $postcount / $perpage;
1298      $pages = ceil($pages);
1299  
1300      if($mybb->get_input('unread_page') == "last")
1301      {
1302          $page = $pages;
1303      }
1304  
1305      if($page > $pages || $page <= 0)
1306      {
1307          $page = 1;
1308      }
1309  
1310      if($page)
1311      {
1312          $start = ($page-1) * $perpage;
1313      }
1314      else
1315      {
1316          $start = 0;
1317          $page = 1;
1318      }
1319  
1320      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1321  
1322      $query = $db->query("
1323          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1324          FROM ".TABLE_PREFIX."privatemessages pm
1325          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1326          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1327          ORDER BY pm.dateline DESC
1328          LIMIT {$start}, {$perpage}
1329      ");
1330      while($unreadmessage = $db->fetch_array($query))
1331      {
1332          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1333          $unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);
1334          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1335          $senddate = my_date('relative', $unreadmessage['dateline']);
1336          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1337      }
1338  
1339      $stoptrackingunread = '';
1340      if(!empty($unreadmessages))
1341      {
1342          eval("\$stoptrackingunread = \"".$templates->get("private_tracking_unreadmessage_stop")."\";");
1343      }
1344  
1345      if(!$unreadmessages)
1346      {
1347          $lang->no_readmessages = $lang->no_unreadmessages;
1348          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1349      }
1350  
1351      $plugins->run_hooks("private_tracking_end");
1352  
1353      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1354      output_page($tracking);
1355  }
1356  
1357  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1358  {
1359      // Verify incoming POST request
1360      verify_post_check($mybb->get_input('my_post_key'));
1361  
1362      $plugins->run_hooks("private_do_tracking_start");
1363  
1364      if(!empty($mybb->input['stoptracking']))
1365      {
1366          $mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);
1367          if(!empty($mybb->input['readcheck']))
1368          {
1369              foreach($mybb->input['readcheck'] as $key => $val)
1370              {
1371                  $sql_array = array(
1372                      "receipt" => 0
1373                  );
1374                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1375              }
1376          }
1377          $plugins->run_hooks("private_do_tracking_end");
1378          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1379      }
1380      elseif(!empty($mybb->input['stoptrackingunread']))
1381      {
1382          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1383          if(!empty($mybb->input['unreadcheck']))
1384          {
1385              foreach($mybb->input['unreadcheck'] as $key => $val)
1386              {
1387                  $sql_array = array(
1388                      "receipt" => 0
1389                  );
1390                  $db->update_query("privatemessages", $sql_array, "pmid=".(int)$key." AND fromid=".$mybb->user['uid']);
1391              }
1392          }
1393          $plugins->run_hooks("private_do_tracking_end");
1394          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1395      }
1396      elseif(!empty($mybb->input['cancel']))
1397      {
1398          $mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);
1399          if(!empty($mybb->input['unreadcheck']))
1400          {
1401              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1402              {
1403                  $pmids[$pmid] = (int)$pmid;
1404              }
1405  
1406              $pmids = implode(",", $pmids);
1407              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1408              while($pm = $db->fetch_array($query))
1409              {
1410                  $pmuids[$pm['uid']] = $pm['uid'];
1411              }
1412  
1413              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1414              foreach($pmuids as $uid)
1415              {
1416                  // Message is canceled, update PM count for this user
1417                  update_pm_count($uid);
1418              }
1419          }
1420          $plugins->run_hooks("private_do_tracking_end");
1421          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1422      }
1423  }
1424  
1425  if($mybb->input['action'] == "stopalltracking")
1426  {
1427      // Verify incoming POST request
1428      verify_post_check($mybb->get_input('my_post_key'));
1429  
1430      $plugins->run_hooks("private_stopalltracking_start");
1431  
1432      $sql_array = array(
1433          "receipt" => 0
1434      );
1435      $db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);
1436  
1437      $plugins->run_hooks("private_stopalltracking_end");
1438      redirect("private.php?action=tracking", $lang->redirect_allpmstrackingstopped);
1439  }
1440  
1441  if($mybb->input['action'] == "folders")
1442  {
1443      $plugins->run_hooks("private_folders_start");
1444  
1445      $folderlist = '';
1446      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1447      foreach($foldersexploded as $key => $folders)
1448      {
1449          $folderinfo = explode("**", $folders, 2);
1450          $foldername = $folderinfo[1];
1451          $fid = $folderinfo[0];
1452          $foldername = get_pm_folder_name($fid, $foldername);
1453  
1454          if($folderinfo[0] == "1" || $folderinfo[0] == "2" || $folderinfo[0] == "3" || $folderinfo[0] == "4")
1455          {
1456              $foldername2 = get_pm_folder_name($fid);
1457              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1458              unset($name);
1459          }
1460          else
1461          {
1462              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1463          }
1464      }
1465  
1466      $newfolders = '';
1467      for($i = 1; $i <= 5; ++$i)
1468      {
1469          $fid = "new$i";
1470          $foldername = '';
1471          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1472      }
1473  
1474      $plugins->run_hooks("private_folders_end");
1475  
1476      eval("\$folders = \"".$templates->get("private_folders")."\";");
1477      output_page($folders);
1478  }
1479  
1480  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1481  {
1482      // Verify incoming POST request
1483      verify_post_check($mybb->get_input('my_post_key'));
1484  
1485      $plugins->run_hooks("private_do_folders_start");
1486  
1487      $highestid = 2;
1488      $folders = '';
1489      $donefolders = array();
1490      $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);
1491      foreach($mybb->input['folder'] as $key => $val)
1492      {
1493          if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
1494          {
1495              if(my_substr($key, 0, 3) == "new") // Create a new folder
1496              {
1497                  ++$highestid;
1498                  $fid = (int)$highestid;
1499              }
1500              else // Editing an existing folder
1501              {
1502                  if($key > $highestid)
1503                  {
1504                      $highestid = $key;
1505                  }
1506  
1507                  $fid = (int)$key;
1508                  // Use default language strings if empty or value is language string
1509                  switch($fid)
1510                  {
1511                      case 1:
1512                          if($val == $lang->folder_inbox || trim($val) == '')
1513                          {
1514                              $val = '';
1515                          }
1516                          break;
1517                      case 2:
1518                          if($val == $lang->folder_sent_items || trim($val) == '')
1519                          {
1520                              $val = '';
1521                          }
1522                          break;
1523                      case 3:
1524                          if($val == $lang->folder_drafts || trim($val) == '')
1525                          {
1526                              $val = '';
1527                          }
1528                          break;
1529                      case 4:
1530                          if($val == $lang->folder_trash || trim($val) == '')
1531                          {
1532                              $val = '';
1533                          }
1534                          break;
1535                  }
1536              }
1537  
1538              if($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4))
1539              {
1540                  // If the name only contains whitespace and it's not a default folder, print an error
1541                  error($lang->error_emptypmfoldername);
1542              }
1543  
1544              if($val != '' || ($key >= 1 && $key <= 4))
1545              {
1546                  // If there is a name or if this is a default folder, save it
1547                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1548  
1549                  if(my_strpos($foldername, "$%%$") === false)
1550                  {
1551                      if($folders != '')
1552                      {
1553                          $folders .= "$%%$";
1554                      }
1555                      $folders .= "$fid**$foldername";
1556                  }
1557                  else
1558                  {
1559                      error($lang->error_invalidpmfoldername);
1560                  }
1561              }
1562              else
1563              {
1564                  // Delete PMs from the folder
1565                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1566              }
1567          }
1568      }
1569  
1570      $sql_array = array(
1571          "pmfolders" => $folders
1572      );
1573      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1574  
1575      // Update PM count
1576      update_pm_count();
1577  
1578      $plugins->run_hooks("private_do_folders_end");
1579  
1580      redirect("private.php", $lang->redirect_pmfoldersupdated);
1581  }
1582  
1583  if($mybb->input['action'] == "empty")
1584  {
1585      if($mybb->user['totalpms'] == 0)
1586      {
1587          error($lang->error_nopms);
1588      }
1589  
1590      $plugins->run_hooks("private_empty_start");
1591  
1592      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1593      $folderlist = '';
1594      foreach($foldersexploded as $key => $folders)
1595      {
1596          $folderinfo = explode("**", $folders, 2);
1597          $fid = $folderinfo[0];
1598          $foldername = get_pm_folder_name($fid, $folderinfo[1]);
1599          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid' AND uid='".$mybb->user['uid']."'");
1600          $thing = $db->fetch_array($query);
1601          $foldercount = my_number_format($thing['pmsinfolder']);
1602          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1603      }
1604  
1605      $plugins->run_hooks("private_empty_end");
1606  
1607      eval("\$folders = \"".$templates->get("private_empty")."\";");
1608      output_page($folders);
1609  }
1610  
1611  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1612  {
1613      // Verify incoming POST request
1614      verify_post_check($mybb->get_input('my_post_key'));
1615  
1616      $plugins->run_hooks("private_do_empty_start");
1617  
1618      $emptyq = '';
1619      $mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
1620      $keepunreadq = '';
1621      if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)
1622      {
1623          $keepunreadq = " AND status!='0'";
1624      }
1625      if(!empty($mybb->input['empty']))
1626      {
1627          foreach($mybb->input['empty'] as $key => $val)
1628          {
1629              if($val == 1)
1630              {
1631                  $key = (int)$key;
1632                  if($emptyq)
1633                  {
1634                      $emptyq .= " OR ";
1635                  }
1636                  $emptyq .= "folder='$key'";
1637              }
1638          }
1639  
1640          if($emptyq != '')
1641          {
1642              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."'{$keepunreadq}");
1643          }
1644      }
1645  
1646      // Update PM count
1647      update_pm_count();
1648  
1649      $plugins->run_hooks("private_do_empty_end");
1650      redirect("private.php", $lang->redirect_pmfoldersemptied);
1651  }
1652  
1653  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1654  {
1655      // Verify incoming POST request
1656      verify_post_check($mybb->get_input('my_post_key'));
1657  
1658      $plugins->run_hooks("private_do_stuff");
1659  
1660      if(!empty($mybb->input['hop']))
1661      {
1662          header("Location: private.php?fid=".$mybb->get_input('jumpto'));
1663      }
1664      elseif(!empty($mybb->input['moveto']))
1665      {
1666          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1667          if(!empty($mybb->input['check']))
1668          {
1669              foreach($mybb->input['check'] as $key => $val)
1670              {
1671                  $sql_array = array(
1672                      "folder" => $mybb->input['fid']
1673                  );
1674                  $db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
1675              }
1676          }
1677          // Update PM count
1678          update_pm_count();
1679  
1680          if(!empty($mybb->input['fromfid']))
1681          {
1682              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);
1683          }
1684          else
1685          {
1686              redirect("private.php", $lang->redirect_pmsmoved);
1687          }
1688      }
1689      elseif(!empty($mybb->input['delete']))
1690      {
1691          $mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
1692          if(!empty($mybb->input['check']))
1693          {
1694              $pmssql = '';
1695              foreach($mybb->input['check'] as $key => $val)
1696              {
1697                  if($pmssql)
1698                  {
1699                      $pmssql .= ",";
1700                  }
1701                  $pmssql .= "'".(int)$key."'";
1702              }
1703  
1704              $deletepms = array();
1705              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1706              while($delpm = $db->fetch_array($query))
1707              {
1708                  $deletepms[$delpm['pmid']] = 1;
1709              }
1710  
1711              foreach($mybb->input['check'] as $key => $val)
1712              {
1713                  $key = (int)$key;
1714                  if(!empty($deletepms[$key]))
1715                  {
1716                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1717                  }
1718                  else
1719                  {
1720                      $sql_array = array(
1721                          "folder" => 4,
1722                          "deletetime" => TIME_NOW
1723                      );
1724                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1725                  }
1726              }
1727          }
1728          // Update PM count
1729          update_pm_count();
1730  
1731          if(!empty($mybb->input['fromfid']))
1732          {
1733              redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);
1734          }
1735          else
1736          {
1737              redirect("private.php", $lang->redirect_pmsdeleted);
1738          }
1739      }
1740  }
1741  
1742  if($mybb->input['action'] == "delete")
1743  {
1744      // Verify incoming POST request
1745      verify_post_check($mybb->get_input('my_post_key'));
1746  
1747      $plugins->run_hooks("private_delete_start");
1748  
1749      $query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1750      if($db->num_rows($query) == 1)
1751      {
1752          $db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");
1753      }
1754      else
1755      {
1756          $sql_array = array(
1757              "folder" => 4,
1758              "deletetime" => TIME_NOW
1759          );
1760          $db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");
1761      }
1762  
1763      // Update PM count
1764      update_pm_count();
1765  
1766      $plugins->run_hooks("private_delete_end");
1767      redirect("private.php", $lang->redirect_pmsdeleted);
1768  }
1769  
1770  if($mybb->input['action'] == "export")
1771  {
1772      if($mybb->user['totalpms'] == 0)
1773      {
1774          error($lang->error_nopms);
1775      }
1776  
1777      $plugins->run_hooks("private_export_start");
1778  
1779      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1780      $folder_name = $folder_id = '';
1781      foreach($foldersexploded as $key => $folders)
1782      {
1783          $folderinfo = explode("**", $folders, 2);
1784          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1785  
1786          $folder_id = $folderinfo[0];
1787          $folder_name = $folderinfo[1];
1788  
1789          eval("\$folderlist_folder .= \"".$templates->get("private_archive_folders_folder")."\";");
1790      }
1791  
1792      eval("\$folderlist = \"".$templates->get("private_archive_folders")."\";");
1793  
1794      $plugins->run_hooks("private_export_end");
1795  
1796      eval("\$archive = \"".$templates->get("private_archive")."\";");
1797  
1798      output_page($archive);
1799  }
1800  
1801  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1802  {
1803      // Verify incoming POST request
1804      verify_post_check($mybb->get_input('my_post_key'));
1805  
1806      $plugins->run_hooks("private_do_export_start");
1807  
1808      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));
1809      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1810      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1811      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1812      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1813      foreach($foldersexploded as $key => $folders)
1814      {
1815          $folderinfo = explode("**", $folders, 2);
1816          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1817          $foldersexploded[$key] = implode("**", $folderinfo);
1818      }
1819  
1820      if($mybb->get_input('pmid', MyBB::INPUT_INT))
1821      {
1822          $wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";
1823      }
1824      else
1825      {
1826          if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))
1827          {
1828              $datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);
1829              $wsql = "pm.dateline";
1830              if($mybb->get_input('dayway') == "older")
1831              {
1832                  $wsql .= "<=";
1833              }
1834              else
1835              {
1836                  $wsql .= ">=";
1837              }
1838              $wsql .= "'$datecut'";
1839          }
1840          else
1841          {
1842              $wsql = "1=1";
1843          }
1844  
1845          $mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);
1846          if(!empty($mybb->input['exportfolders']))
1847          {
1848              $folderlst = '';
1849              foreach($mybb->input['exportfolders'] as $key => $val)
1850              {
1851                  $val = $db->escape_string($val);
1852                  if($val == "all")
1853                  {
1854                      $folderlst = '';
1855                      break;
1856                  }
1857                  else
1858                  {
1859                      if(!$folderlst)
1860                      {
1861                          $folderlst = " AND pm.folder IN ('$val'";
1862                      }
1863                      else
1864                      {
1865                          $folderlst .= ",'$val'";
1866                      }
1867                  }
1868              }
1869              if($folderlst)
1870              {
1871                  $folderlst .= ")";
1872              }
1873              $wsql .= "$folderlst";
1874          }
1875          else
1876          {
1877              error($lang->error_pmnoarchivefolders);
1878          }
1879  
1880          if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)
1881          {
1882              $wsql .= " AND pm.status!='0'";
1883          }
1884      }
1885      $query = $db->query("
1886          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1887          FROM ".TABLE_PREFIX."privatemessages pm
1888          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1889          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1890          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1891          ORDER BY pm.folder ASC, pm.dateline DESC
1892      ");
1893      $numpms = $db->num_rows($query);
1894      if(!$numpms)
1895      {
1896          error($lang->error_nopmsarchive);
1897      }
1898  
1899      $mybb->input['exporttype'] = $mybb->get_input('exporttype');
1900  
1901      $pmsdownload = $ids = '';
1902      while($message = $db->fetch_array($query))
1903      {
1904          if($message['folder'] == 2 || $message['folder'] == 3)
1905          { // Sent Items or Drafts Folder Check
1906              if($message['toid'])
1907              {
1908                  $tofromuid = $message['toid'];
1909                  if($mybb->input['exporttype'] == "txt")
1910                  {
1911                      $tofromusername = $message['tousername'];
1912                  }
1913                  else
1914                  {
1915                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1916                  }
1917              }
1918              else
1919              {
1920                  $tofromusername = $lang->not_sent;
1921              }
1922              $tofrom = $lang->to;
1923          }
1924          else
1925          {
1926              $tofromuid = $message['fromid'];
1927              if($mybb->input['exporttype'] == "txt")
1928              {
1929                  $tofromusername = $message['fromusername'];
1930              }
1931              else
1932              {
1933                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1934              }
1935  
1936              if($tofromuid == 0)
1937              {
1938                  $tofromusername = $lang->mybb_engine;
1939              }
1940              $tofrom = $lang->from;
1941          }
1942  
1943          if($tofromuid == 0)
1944          {
1945              $message['fromusername'] = $lang->mybb_engine;
1946          }
1947  
1948          if(!$message['toid'] && $message['folder'] == 3)
1949          {
1950              $message['tousername'] = $lang->not_sent;
1951          }
1952  
1953          $message['subject'] = $parser->parse_badwords($message['subject']);
1954          if($message['folder'] != "3")
1955          {
1956              $senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
1957              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);
1958              $senddate .= " $lang->at $sendtime";
1959          }
1960          else
1961          {
1962              $senddate = $lang->not_sent;
1963          }
1964  
1965          if($mybb->input['exporttype'] == "html")
1966          {
1967              $parser_options = array(
1968                  "allow_html" => $mybb->settings['pmsallowhtml'],
1969                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1970                  "allow_smilies" => 0,
1971                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1972                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1973                  "me_username" => $mybb->user['username'],
1974                  "filter_badwords" => 1
1975              );
1976  
1977              $message['message'] = $parser->parse_message($message['message'], $parser_options);
1978              $message['subject'] = htmlspecialchars_uni($message['subject']);
1979          }
1980  
1981          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
1982          {
1983              $message['message'] = str_replace("\r\n", "\n", $message['message']);
1984              $message['message'] = str_replace("\n", "\r\n", $message['message']);
1985          }
1986  
1987          if($mybb->input['exporttype'] == "csv")
1988          {
1989              $message['message'] = my_escape_csv($message['message']);
1990              $message['subject'] = my_escape_csv($message['subject']);
1991              $message['tousername'] = my_escape_csv($message['tousername']);
1992              $message['fromusername'] = my_escape_csv($message['fromusername']);
1993          }
1994  
1995          if(empty($donefolder[$message['folder']]))
1996          {
1997              reset($foldersexploded);
1998              foreach($foldersexploded as $key => $val)
1999              {
2000                  $folderinfo = explode("**", $val, 2);
2001                  if($folderinfo[0] == $message['folder'])
2002                  {
2003                      $foldername = $folderinfo[1];
2004                      if($mybb->input['exporttype'] != "csv")
2005                      {
2006                          if($mybb->input['exporttype'] != "html")
2007                          {
2008                              $mybb->input['exporttype'] == "txt";
2009                          }
2010                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
2011                      }
2012                      else
2013                      {
2014                          $foldername = my_escape_csv($folderinfo[1]);
2015                      }
2016                      $donefolder[$message['folder']] = 1;
2017                  }
2018              }
2019          }
2020  
2021          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
2022          $ids .= ",'{$message['pmid']}'";
2023      }
2024  
2025      if($mybb->input['exporttype'] == "html")
2026      {
2027          // Gather global stylesheet for HTML
2028          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
2029          $css = $db->fetch_field($query, "stylesheet");
2030      }
2031  
2032      $plugins->run_hooks("private_do_export_end");
2033  
2034      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
2035      if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)
2036      { // delete the archived pms
2037          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
2038          // Update PM count
2039          update_pm_count();
2040      }
2041  
2042      if($mybb->input['exporttype'] == "html")
2043      {
2044          $filename = "pm-archive.html";
2045          $contenttype = "text/html";
2046      }
2047      elseif($mybb->input['exporttype'] == "csv")
2048      {
2049          $filename = "pm-archive.csv";
2050          $contenttype = "application/octet-stream";
2051      }
2052      else
2053      {
2054          $filename = "pm-archive.txt";
2055          $contenttype = "text/plain";
2056      }
2057  
2058      $archived = str_replace("\\\'","'",$archived);
2059      header("Content-disposition: filename=$filename");
2060      header("Content-type: ".$contenttype);
2061  
2062      if($mybb->input['exporttype'] == "html")
2063      {
2064          output_page($archived);
2065      }
2066      else
2067      {
2068          echo "\xEF\xBB\xBF"; // UTF-8 BOM
2069          echo $archived;
2070      }
2071  }
2072  
2073  if(!$mybb->input['action'])
2074  {
2075      $plugins->run_hooks("private_inbox");
2076  
2077      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
2078      {
2079          $mybb->input['fid'] = 1;
2080      }
2081  
2082      $folder = $mybb->input['fid'];
2083      $foldername = $foldernames[$folder];
2084  
2085      if($folder == 2 || $folder == 3)
2086      { // Sent Items Folder
2087          $sender = $lang->sentto;
2088      }
2089      else
2090      {
2091          $sender = $lang->sender;
2092      }
2093  
2094      $mybb->input['order'] = htmlspecialchars_uni($mybb->get_input('order'));
2095      $ordersel = array('asc' => '', 'desc');
2096      switch(my_strtolower($mybb->input['order']))
2097      {
2098          case "asc":
2099              $sortordernow = "asc";
2100              $ordersel['asc'] = "selected=\"selected\"";
2101              $oppsort = $lang->desc;
2102              $oppsortnext = "desc";
2103              break;
2104          default:
2105              $sortordernow = "desc";
2106              $ordersel['desc'] = "selected=\"selected\"";
2107              $oppsort = $lang->asc;
2108              $oppsortnext = "asc";
2109              break;
2110      }
2111  
2112      // Sort by which field?
2113      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
2114      switch($mybb->get_input('sortby'))
2115      {
2116          case "subject":
2117              $sortfield = "subject";
2118              break;
2119          case "username":
2120              $sortfield = "username";
2121              break;
2122          default:
2123              $sortby = "dateline";
2124              $sortfield = "dateline";
2125              $mybb->input['sortby'] = "dateline";
2126              break;
2127      }
2128      $orderarrow = $sortsel = array('subject' => '', 'username' => '', 'dateline' => '');
2129      $sortsel[$sortby] = "selected=\"selected\"";
2130  
2131      eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");
2132  
2133      // Do Multi Pages
2134      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");
2135      $pmscount = $db->fetch_array($query);
2136  
2137      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2138      {
2139          $mybb->settings['threadsperpage'] = 20;
2140      }
2141  
2142      $perpage = $mybb->settings['threadsperpage'];
2143      $page = $mybb->get_input('page', MyBB::INPUT_INT);
2144  
2145      if($page > 0)
2146      {
2147          $start = ($page-1) *$perpage;
2148      }
2149      else
2150      {
2151          $start = 0;
2152          $page = 1;
2153      }
2154  
2155      $end = $start + $perpage;
2156      $lower = $start+1;
2157      $upper = $end;
2158  
2159      if($upper > $pmscount)
2160      {
2161          $upper = $pmscount;
2162      }
2163  
2164      if($mybb->input['order'] || ($sortby && $sortby != "dateline"))
2165      {
2166          $page_url = "private.php?fid={$folder}&sortby={$sortby}&order={$sortordernow}";
2167      }
2168      else
2169      {
2170          $page_url = "private.php?fid={$folder}";
2171      }
2172  
2173      $multipage = multipage($pmscount['total'], $perpage, $page, $page_url);
2174      $messagelist = '';
2175  
2176      $icon_cache = $cache->read("posticons");
2177  
2178      // Cache users in multiple recipients for sent & drafts folder
2179      if($folder == 2 || $folder == 3)
2180      {
2181          if($sortfield == "username")
2182          {
2183              $u = "u.";
2184          }
2185          else
2186          {
2187              $u = "pm.";
2188          }
2189  
2190          // Get all recipients into an array
2191          $cached_users = $get_users = array();
2192          $users_query = $db->query("
2193              SELECT pm.recipients
2194              FROM ".TABLE_PREFIX."privatemessages pm
2195              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
2196              WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'
2197              ORDER BY {$u}{$sortfield} {$sortordernow}
2198              LIMIT {$start}, {$perpage}
2199          ");
2200          while($row = $db->fetch_array($users_query))
2201          {
2202              $recipients = my_unserialize($row['recipients']);
2203              if(is_array($recipients['to']) && count($recipients['to']))
2204              {
2205                  $get_users = array_merge($get_users, $recipients['to']);
2206              }
2207  
2208              if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2209              {
2210                  $get_users = array_merge($get_users, $recipients['bcc']);
2211              }
2212          }
2213  
2214          $get_users = implode(',', array_unique($get_users));
2215  
2216          // Grab info
2217          if($get_users)
2218          {
2219              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2220              while($user = $db->fetch_array($users_query))
2221              {
2222                  $cached_users[$user['uid']] = $user;
2223              }
2224          }
2225      }
2226  
2227      if($folder == 2 || $folder == 3)
2228      {
2229          if($sortfield == "username")
2230          {
2231              $pm = "tu.";
2232          }
2233          else
2234          {
2235              $pm = "pm.";
2236          }
2237      }
2238      else
2239      {
2240          if($sortfield == "username")
2241          {
2242              $pm = "fu.";
2243          }
2244          else
2245          {
2246              $pm = "pm.";
2247          }
2248      }
2249  
2250      $query = $db->query("
2251          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2252          FROM ".TABLE_PREFIX."privatemessages pm
2253          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2254          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2255          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'
2256          ORDER BY {$pm}{$sortfield} {$sortordernow}
2257          LIMIT $start, $perpage
2258      ");
2259  
2260      if($db->num_rows($query) > 0)
2261      {
2262          while($message = $db->fetch_array($query))
2263          {
2264              $msgalt = $msgstatus = '';
2265  
2266              // Determine Folder Icon
2267              if($message['status'] == 0)
2268              {
2269                  $msgstatus = 'new_pm';
2270                  $msgalt = $lang->new_pm;
2271              }
2272              else if($message['status'] == 1)
2273              {
2274                  $msgstatus = 'old_pm';
2275                  $msgalt = $lang->old_pm;
2276              }
2277              else if($message['status'] == 3)
2278              {
2279                  $msgstatus = 're_pm';
2280                  $msgalt = $lang->reply_pm;
2281              }
2282              else if($message['status'] == 4)
2283              {
2284                  $msgstatus = 'fw_pm';
2285                  $msgalt = $lang->fwd_pm;
2286              }
2287  
2288              $tofromuid = 0;
2289              if($folder == 2 || $folder == 3)
2290              { // Sent Items or Drafts Folder Check
2291                  $recipients = my_unserialize($message['recipients']);
2292                  $to_users = $bcc_users = '';
2293                  if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))
2294                  {
2295                      foreach($recipients['to'] as $uid)
2296                      {
2297                          $profilelink = get_profile_link($uid);
2298                          $user = $cached_users[$uid];
2299                          $user['username'] = htmlspecialchars_uni($user['username']);
2300                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2301                          if(!$user['username'])
2302                          {
2303                              $username = $lang->na;
2304                          }
2305                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2306                      }
2307                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
2308                      {
2309                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2310                          foreach($recipients['bcc'] as $uid)
2311                          {
2312                              $profilelink = get_profile_link($uid);
2313                              $user = $cached_users[$uid];
2314                              $user['username'] = htmlspecialchars_uni($user['username']);
2315                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2316                              if(!$user['username'])
2317                              {
2318                                  $username = $lang->na;
2319                              }
2320                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2321                          }
2322                      }
2323  
2324                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2325                  }
2326                  else if($message['toid'])
2327                  {
2328                      $tofromusername = htmlspecialchars_uni($message['tousername']);
2329                      $tofromuid = $message['toid'];
2330                  }
2331                  else
2332                  {
2333                      $tofromusername = $lang->not_sent;
2334                  }
2335              }
2336              else
2337              {
2338                  $tofromusername = htmlspecialchars_uni($message['fromusername']);
2339                  $tofromuid = $message['fromid'];
2340                  if($tofromuid == 0)
2341                  {
2342                      $tofromusername = $lang->mybb_engine;
2343                  }
2344  
2345                  if(!$tofromusername)
2346                  {
2347                      $tofromuid = 0;
2348                      $tofromusername = $lang->na;
2349                  }
2350              }
2351  
2352              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2353  
2354              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2355              {
2356                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2357              }
2358              else
2359              {
2360                  $denyreceipt = '';
2361              }
2362  
2363              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2364              {
2365                  $icon = $icon_cache[$message['icon']];
2366                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
2367                  $icon['path'] = htmlspecialchars_uni($icon['path']);
2368                  $icon['name'] = htmlspecialchars_uni($icon['name']);
2369                  eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
2370              }
2371              else
2372              {
2373                  $icon = '&#009;';
2374              }
2375  
2376              if(!trim($message['subject']))
2377              {
2378                  $message['subject'] = $lang->pm_no_subject;
2379              }
2380  
2381              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2382              if($message['folder'] != "3")
2383              {
2384                  $senddate = my_date('relative', $message['dateline']);
2385              }
2386              else
2387              {
2388                  $senddate = $lang->not_sent;
2389              }
2390  
2391              $plugins->run_hooks("private_message");
2392  
2393              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2394          }
2395      }
2396      else
2397      {
2398          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2399      }
2400  
2401      $pmspacebar = '';
2402      if($mybb->usergroup['pmquota'] != '0' && $mybb->usergroup['cancp'] != 1)
2403      {
2404          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2405          $pmscount = $db->fetch_array($query);
2406          if($pmscount['total'] == 0)
2407          {
2408              $spaceused = 0;
2409          }
2410          else
2411          {
2412              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2413          }
2414          $spaceused2 = 100 - $spaceused;
2415          $belowhalf = $overhalf = '';
2416          if($spaceused <= "50")
2417          {
2418              $spaceused_severity = "low";
2419              $belowhalf = round($spaceused, 0)."%";
2420              if((int)$belowhalf > 100)
2421              {
2422                  $belowhalf = "100%";
2423              }
2424          }
2425          else
2426          {
2427              if($spaceused <= "75")
2428              {
2429                  $spaceused_severity = "medium";
2430              }
2431  
2432              else
2433              {
2434                  $spaceused_severity = "high";
2435              }
2436              
2437              $overhalf = round($spaceused, 0)."%";
2438              if((int)$overhalf > 100)
2439              {
2440                  $overhalf = "100%";
2441              }
2442          }
2443  
2444          if($spaceused > 100)
2445          {
2446              $spaceused = 100;
2447              $spaceused2 = 0;
2448          }
2449  
2450          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2451      }
2452  
2453      $composelink = '';
2454      if($mybb->usergroup['cansendpms'] == 1)
2455      {
2456          eval("\$composelink = \"".$templates->get("private_composelink")."\";");
2457      }
2458  
2459      $emptyexportlink = '';
2460      if($mybb->user['totalpms'] > 0)
2461      {
2462          eval("\$emptyexportlink = \"".$templates->get("private_emptyexportlink")."\";");
2463      }
2464  
2465      $limitwarning = '';
2466      if($mybb->usergroup['pmquota'] != "0" && $pmscount['total'] >= $mybb->usergroup['pmquota'] && $mybb->usergroup['cancp'] != 1)
2467      {
2468          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2469      }
2470  
2471      $plugins->run_hooks("private_end");
2472  
2473      eval("\$folder = \"".$templates->get("private")."\";");
2474      output_page($folder);
2475  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1