[ Index ] |
PHP Cross Reference of MyBB 1.8.36 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'usercp.php'); 13 define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions"); 14 15 $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon"; 16 $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post"; 17 $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation"; 18 $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom"; 19 $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle"; 20 $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text"; 21 $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings"; 22 $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join"; 23 $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start"; 24 $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_profile_contact_fields_field,usercp_latest_subscribed_threads,usercp_profile_contact_fields,usercp_profile_day,usercp_nav_home"; 25 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox"; 26 $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options"; 27 $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user"; 28 $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms"; 29 $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format"; 30 $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply"; 31 $templatelist .= ",usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,"; 32 33 require_once "./global.php"; 34 require_once MYBB_ROOT."inc/functions_post.php"; 35 require_once MYBB_ROOT."inc/functions_search.php"; 36 require_once MYBB_ROOT."inc/functions_user.php"; 37 require_once MYBB_ROOT."inc/class_parser.php"; 38 $parser = new postParser; 39 40 // Load global language phrases 41 $lang->load("usercp"); 42 43 if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0) 44 { 45 error_no_permission(); 46 } 47 48 $errors = ''; 49 50 $mybb->input['action'] = $mybb->get_input('action'); 51 52 usercp_menu(); 53 54 $server_http_referer = ''; 55 if(isset($_SERVER['HTTP_REFERER'])) 56 { 57 $server_http_referer = htmlentities($_SERVER['HTTP_REFERER']); 58 59 if(my_strpos($server_http_referer, $mybb->settings['bburl'].'/') !== 0) 60 { 61 if(my_strpos($server_http_referer, '/') === 0) 62 { 63 $server_http_referer = my_substr($server_http_referer, 1); 64 } 65 $url_segments = explode('/', $server_http_referer); 66 $server_http_referer = $mybb->settings['bburl'].'/'.end($url_segments); 67 } 68 } 69 70 $plugins->run_hooks("usercp_start"); 71 if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post") 72 { 73 require_once MYBB_ROOT."inc/datahandlers/user.php"; 74 $userhandler = new UserDataHandler(); 75 76 $data = array( 77 'uid' => $mybb->user['uid'], 78 'signature' => $mybb->get_input('signature'), 79 ); 80 81 $userhandler->set_data($data); 82 83 if(!$userhandler->verify_signature()) 84 { 85 $error = inline_error($userhandler->get_friendly_errors()); 86 } 87 88 if(isset($error) || !empty($mybb->input['preview'])) 89 { 90 $mybb->input['action'] = "editsig"; 91 } 92 } 93 94 // Make navigation 95 add_breadcrumb($lang->nav_usercp, "usercp.php"); 96 97 switch($mybb->input['action']) 98 { 99 case "profile": 100 case "do_profile": 101 add_breadcrumb($lang->ucp_nav_profile); 102 break; 103 case "options": 104 case "do_options": 105 add_breadcrumb($lang->nav_options); 106 break; 107 case "email": 108 case "do_email": 109 add_breadcrumb($lang->nav_email); 110 break; 111 case "password": 112 case "do_password": 113 add_breadcrumb($lang->nav_password); 114 break; 115 case "changename": 116 case "do_changename": 117 add_breadcrumb($lang->nav_changename); 118 break; 119 case "subscriptions": 120 add_breadcrumb($lang->ucp_nav_subscribed_threads); 121 break; 122 case "forumsubscriptions": 123 add_breadcrumb($lang->ucp_nav_forum_subscriptions); 124 break; 125 case "editsig": 126 case "do_editsig": 127 add_breadcrumb($lang->nav_editsig); 128 break; 129 case "avatar": 130 case "do_avatar": 131 add_breadcrumb($lang->nav_avatar); 132 break; 133 case "notepad": 134 case "do_notepad": 135 add_breadcrumb($lang->ucp_nav_notepad); 136 break; 137 case "editlists": 138 case "do_editlists": 139 add_breadcrumb($lang->ucp_nav_editlists); 140 break; 141 case "drafts": 142 add_breadcrumb($lang->ucp_nav_drafts); 143 break; 144 case "usergroups": 145 add_breadcrumb($lang->ucp_nav_usergroups); 146 break; 147 case "attachments": 148 add_breadcrumb($lang->ucp_nav_attachments); 149 break; 150 } 151 152 if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post") 153 { 154 // Verify incoming POST request 155 verify_post_check($mybb->get_input('my_post_key')); 156 157 $user = array(); 158 159 $plugins->run_hooks("usercp_do_profile_start"); 160 161 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 162 { 163 $awaydate = TIME_NOW; 164 if(!empty($mybb->input['awayday'])) 165 { 166 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 167 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 168 { 169 $mybb->input['awaymonth'] = my_date('n', $awaydate); 170 } 171 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 172 { 173 $mybb->input['awayyear'] = my_date('Y', $awaydate); 174 } 175 176 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 177 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 178 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 179 180 // Check if return date is after the away date. 181 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 182 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 183 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 184 { 185 error($lang->error_usercp_return_date_past); 186 } 187 188 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 189 } 190 else 191 { 192 $returndate = ""; 193 } 194 $away = array( 195 "away" => 1, 196 "date" => $awaydate, 197 "returndate" => $returndate, 198 "awayreason" => $mybb->get_input('awayreason') 199 ); 200 } 201 else 202 { 203 $away = array( 204 "away" => 0, 205 "date" => '', 206 "returndate" => '', 207 "awayreason" => '' 208 ); 209 } 210 211 $bday = array( 212 "day" => $mybb->get_input('bday1', MyBB::INPUT_INT), 213 "month" => $mybb->get_input('bday2', MyBB::INPUT_INT), 214 "year" => $mybb->get_input('bday3', MyBB::INPUT_INT) 215 ); 216 217 // Set up user handler. 218 require_once MYBB_ROOT."inc/datahandlers/user.php"; 219 $userhandler = new UserDataHandler("update"); 220 221 $user = array_merge($user, array( 222 "uid" => $mybb->user['uid'], 223 "postnum" => $mybb->user['postnum'], 224 "usergroup" => $mybb->user['usergroup'], 225 "additionalgroups" => $mybb->user['additionalgroups'], 226 "birthday" => $bday, 227 "birthdayprivacy" => $mybb->get_input('birthdayprivacy'), 228 "away" => $away, 229 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY) 230 )); 231 foreach(array('icq', 'skype', 'google') as $cfield) 232 { 233 $csetting = 'allow'.$cfield.'field'; 234 if($mybb->settings[$csetting] == '') 235 { 236 continue; 237 } 238 239 if(!is_member($mybb->settings[$csetting])) 240 { 241 continue; 242 } 243 244 if($cfield == 'icq') 245 { 246 $user[$cfield] = $mybb->get_input($cfield, 1); 247 248 if(my_strlen($user[$cfield]) > 10) 249 { 250 error($lang->contact_field_icqerror); 251 } 252 } 253 else 254 { 255 $user[$cfield] = $mybb->get_input($cfield); 256 257 if(my_strlen($user[$cfield]) > 75) 258 { 259 error($lang->contact_field_error); 260 } 261 } 262 } 263 264 if($mybb->usergroup['canchangewebsite'] == 1) 265 { 266 $user['website'] = $mybb->get_input('website'); 267 } 268 269 if($mybb->usergroup['cancustomtitle'] == 1) 270 { 271 if($mybb->get_input('usertitle') != '') 272 { 273 $user['usertitle'] = $mybb->get_input('usertitle'); 274 } 275 elseif(!empty($mybb->input['reverttitle'])) 276 { 277 $user['usertitle'] = ''; 278 } 279 } 280 $userhandler->set_data($user); 281 282 if(!$userhandler->validate_user()) 283 { 284 $errors = $userhandler->get_friendly_errors(); 285 $raw_errors = $userhandler->get_errors(); 286 287 // Set to stored value if invalid 288 if(array_key_exists("invalid_birthday_privacy", $raw_errors) || array_key_exists("conflicted_birthday_privacy", $raw_errors)) 289 { 290 $mybb->input['birthdayprivacy'] = $mybb->user['birthdayprivacy']; 291 $bday = explode("-", $mybb->user['birthday']); 292 293 if(isset($bday[2])) 294 { 295 $mybb->input['bday3'] = $bday[2]; 296 } 297 } 298 299 $errors = inline_error($errors); 300 $mybb->input['action'] = "profile"; 301 } 302 else 303 { 304 $userhandler->update_user(); 305 306 $plugins->run_hooks("usercp_do_profile_end"); 307 redirect("usercp.php?action=profile", $lang->redirect_profileupdated); 308 } 309 } 310 311 if($mybb->input['action'] == "profile") 312 { 313 if($errors) 314 { 315 $user = $mybb->input; 316 $bday = array(); 317 $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT); 318 $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT); 319 $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT); 320 } 321 else 322 { 323 $user = $mybb->user; 324 $bday = explode("-", $user['birthday']); 325 if(!isset($bday[1])) 326 { 327 $bday[1] = 0; 328 } 329 } 330 if(!isset($bday[2]) || $bday[2] == 0) 331 { 332 $bday[2] = ''; 333 } 334 335 $plugins->run_hooks("usercp_profile_start"); 336 337 $bdaydaysel = ''; 338 for($day = 1; $day <= 31; ++$day) 339 { 340 if($bday[0] == $day) 341 { 342 $selected = "selected=\"selected\""; 343 } 344 else 345 { 346 $selected = ''; 347 } 348 349 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 350 } 351 352 $bdaymonthsel = array(); 353 foreach(range(1, 12) as $month) 354 { 355 $bdaymonthsel[$month] = ''; 356 } 357 $bdaymonthsel[$bday[1]] = 'selected="selected"'; 358 359 $allselected = $noneselected = $ageselected = ''; 360 if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy']) 361 { 362 $allselected = " selected=\"selected\""; 363 } 364 elseif($user['birthdayprivacy'] == 'none') 365 { 366 $noneselected = " selected=\"selected\""; 367 } 368 elseif($user['birthdayprivacy'] == 'age') 369 { 370 $ageselected = " selected=\"selected\""; 371 } 372 373 if(!my_validate_url($user['website'])) 374 { 375 $user['website'] = ''; 376 } 377 else 378 { 379 $user['website'] = htmlspecialchars_uni($user['website']); 380 } 381 382 if($user['icq'] != "0") 383 { 384 $user['icq'] = (int)$user['icq']; 385 } 386 387 if($user['icq'] == 0) 388 { 389 $user['icq'] = ''; 390 } 391 392 if($errors) 393 { 394 $user['skype'] = htmlspecialchars_uni($user['skype']); 395 $user['google'] = htmlspecialchars_uni($user['google']); 396 } 397 398 $contact_fields = array(); 399 $contactfields = ''; 400 $cfieldsshow = false; 401 402 foreach(array('icq', 'skype', 'google') as $cfield) 403 { 404 $contact_fields[$cfield] = ''; 405 $csetting = 'allow'.$cfield.'field'; 406 if($mybb->settings[$csetting] == '') 407 { 408 continue; 409 } 410 411 if(!is_member($mybb->settings[$csetting])) 412 { 413 continue; 414 } 415 416 $cfieldsshow = true; 417 418 $lang_string = 'contact_field_'.$cfield; 419 $lang_string = $lang->{$lang_string}; 420 $cfvalue = htmlspecialchars_uni($user[$cfield]); 421 422 eval('$contact_fields[$cfield] = "'.$templates->get('usercp_profile_contact_fields_field').'";'); 423 } 424 425 if($cfieldsshow) 426 { 427 eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";'); 428 } 429 430 if($mybb->settings['allowaway'] != 0) 431 { 432 $awaycheck = array('', ''); 433 if($errors) 434 { 435 if($user['away'] == 1) 436 { 437 $awaycheck[1] = "checked=\"checked\""; 438 } 439 else 440 { 441 $awaycheck[0] = "checked=\"checked\""; 442 } 443 $returndate = array(); 444 $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT); 445 $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT); 446 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 447 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 448 } 449 else 450 { 451 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 452 if($mybb->user['away'] == 1) 453 { 454 $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']); 455 $awaycheck[1] = "checked=\"checked\""; 456 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 457 } 458 else 459 { 460 $awaynotice = $lang->away_notice; 461 $awaycheck[0] = "checked=\"checked\""; 462 } 463 $returndate = explode("-", $mybb->user['returndate']); 464 if(!isset($returndate[1])) 465 { 466 $returndate[1] = 0; 467 } 468 if(!isset($returndate[2])) 469 { 470 $returndate[2] = ''; 471 } 472 } 473 474 $returndatesel = ''; 475 for($day = 1; $day <= 31; ++$day) 476 { 477 if($returndate[0] == $day) 478 { 479 $selected = "selected=\"selected\""; 480 } 481 else 482 { 483 $selected = ''; 484 } 485 486 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 487 } 488 489 $returndatemonthsel = array(); 490 foreach(range(1, 12) as $month) 491 { 492 $returndatemonthsel[$month] = ''; 493 } 494 $returndatemonthsel[$returndate[1]] = "selected"; 495 496 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 497 } 498 499 // Custom profile fields baby! 500 $altbg = "trow1"; 501 $requiredfields = $customfields = ''; 502 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 503 504 $pfcache = $cache->read('profilefields'); 505 506 if(is_array($pfcache)) 507 { 508 foreach($pfcache as $profilefield) 509 { 510 if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum'])) 511 { 512 continue; 513 } 514 515 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 516 $seloptions = array(); 517 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 518 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 519 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 520 $thing = explode("\n", $profilefield['type'], "2"); 521 $type = $thing[0]; 522 if(isset($thing[1])) 523 { 524 $options = $thing[1]; 525 } 526 else 527 { 528 $options = array(); 529 } 530 $field = "fid{$profilefield['fid']}"; 531 if($errors) 532 { 533 if(!isset($mybb->input['profile_fields'][$field])) 534 { 535 $mybb->input['profile_fields'][$field] = ''; 536 } 537 $userfield = $mybb->input['profile_fields'][$field]; 538 } 539 else 540 { 541 $userfield = $user[$field]; 542 } 543 if($type == "multiselect") 544 { 545 if($errors) 546 { 547 $useropts = $userfield; 548 } 549 else 550 { 551 $useropts = explode("\n", $userfield); 552 } 553 if(is_array($useropts)) 554 { 555 foreach($useropts as $key => $val) 556 { 557 $val = htmlspecialchars_uni($val); 558 $seloptions[$val] = $val; 559 } 560 } 561 $expoptions = explode("\n", $options); 562 if(is_array($expoptions)) 563 { 564 foreach($expoptions as $key => $val) 565 { 566 $val = trim($val); 567 $val = str_replace("\n", "\\n", $val); 568 569 $sel = ""; 570 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 571 { 572 $sel = " selected=\"selected\""; 573 } 574 575 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 576 } 577 if(!$profilefield['length']) 578 { 579 $profilefield['length'] = 3; 580 } 581 582 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 583 } 584 } 585 elseif($type == "select") 586 { 587 $expoptions = explode("\n", $options); 588 if(is_array($expoptions)) 589 { 590 foreach($expoptions as $key => $val) 591 { 592 $val = trim($val); 593 $val = str_replace("\n", "\\n", $val); 594 $sel = ""; 595 if($val == htmlspecialchars_uni($userfield)) 596 { 597 $sel = " selected=\"selected\""; 598 } 599 600 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 601 } 602 if(!$profilefield['length']) 603 { 604 $profilefield['length'] = 1; 605 } 606 607 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 608 } 609 } 610 elseif($type == "radio") 611 { 612 $userfield = htmlspecialchars_uni($userfield); 613 $expoptions = explode("\n", $options); 614 if(is_array($expoptions)) 615 { 616 foreach($expoptions as $key => $val) 617 { 618 $checked = ""; 619 if($val == $userfield) 620 { 621 $checked = " checked=\"checked\""; 622 } 623 624 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 625 } 626 } 627 } 628 elseif($type == "checkbox") 629 { 630 $userfield = htmlspecialchars_uni($userfield); 631 if($errors) 632 { 633 $useropts = $userfield; 634 } 635 else 636 { 637 $useropts = explode("\n", $userfield); 638 } 639 if(is_array($useropts)) 640 { 641 foreach($useropts as $key => $val) 642 { 643 $seloptions[$val] = $val; 644 } 645 } 646 $expoptions = explode("\n", $options); 647 if(is_array($expoptions)) 648 { 649 foreach($expoptions as $key => $val) 650 { 651 $checked = ""; 652 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 653 { 654 $checked = " checked=\"checked\""; 655 } 656 657 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 658 } 659 } 660 } 661 elseif($type == "textarea") 662 { 663 $value = htmlspecialchars_uni($userfield); 664 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 665 } 666 else 667 { 668 $value = htmlspecialchars_uni($userfield); 669 $maxlength = ""; 670 if($profilefield['maxlength'] > 0) 671 { 672 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 673 } 674 675 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 676 } 677 678 if($profilefield['required'] == 1) 679 { 680 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 681 } 682 else 683 { 684 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 685 } 686 $altbg = alt_trow(); 687 } 688 } 689 if($customfields) 690 { 691 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 692 } 693 694 if($mybb->usergroup['cancustomtitle'] == 1) 695 { 696 if($mybb->usergroup['usertitle'] == "") 697 { 698 $defaulttitle = ''; 699 $usertitles = $cache->read('usertitles'); 700 701 foreach($usertitles as $title) 702 { 703 if($title['posts'] <= $mybb->user['postnum']) 704 { 705 $defaulttitle = htmlspecialchars_uni($title['title']); 706 break; 707 } 708 } 709 } 710 else 711 { 712 $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']); 713 } 714 715 $newtitle = ''; 716 if(trim($user['usertitle']) == '') 717 { 718 $lang->current_custom_usertitle = ''; 719 } 720 else 721 { 722 if($errors) 723 { 724 $newtitle = htmlspecialchars_uni($user['usertitle']); 725 $user['usertitle'] = $mybb->user['usertitle']; 726 } 727 } 728 729 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 730 731 $currentcustom = $reverttitle = ''; 732 if(!empty($mybb->user['usertitle'])) 733 { 734 eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";"); 735 736 if($mybb->user['usertitle'] != $mybb->usergroup['usertitle']) 737 { 738 eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";"); 739 } 740 } 741 742 eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";"); 743 } 744 else 745 { 746 $customtitle = ""; 747 } 748 749 if($mybb->usergroup['canchangewebsite'] == 1) 750 { 751 eval("\$website = \"".$templates->get("usercp_profile_website")."\";"); 752 } 753 754 $plugins->run_hooks("usercp_profile_end"); 755 756 eval("\$editprofile = \"".$templates->get("usercp_profile")."\";"); 757 output_page($editprofile); 758 } 759 760 if($mybb->input['action'] == "do_options" && $mybb->request_method == "post") 761 { 762 // Verify incoming POST request 763 verify_post_check($mybb->get_input('my_post_key')); 764 765 $user = array(); 766 767 $plugins->run_hooks("usercp_do_options_start"); 768 769 // Set up user handler. 770 require_once MYBB_ROOT."inc/datahandlers/user.php"; 771 $userhandler = new UserDataHandler("update"); 772 773 $user = array_merge($user, array( 774 "uid" => $mybb->user['uid'], 775 "style" => $mybb->get_input('style', MyBB::INPUT_INT), 776 "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT), 777 "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT), 778 "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')), 779 "language" => $mybb->get_input('language'), 780 'usergroup' => $mybb->user['usergroup'], 781 'additionalgroups' => $mybb->user['additionalgroups'] 782 )); 783 784 $user['options'] = array( 785 "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT), 786 "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT), 787 "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT), 788 "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT), 789 "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT), 790 "threadmode" => $mybb->get_input('threadmode'), 791 "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT), 792 "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT), 793 "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT), 794 "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT), 795 "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT), 796 "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT), 797 "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT), 798 "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT), 799 "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT), 800 "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT), 801 "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT), 802 "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT), 803 "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT), 804 "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT), 805 "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT), 806 "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT) 807 ); 808 809 if($mybb->settings['usertppoptions']) 810 { 811 $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT); 812 } 813 814 if($mybb->settings['userpppoptions']) 815 { 816 $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT); 817 } 818 819 $userhandler->set_data($user); 820 821 if(!$userhandler->validate_user()) 822 { 823 $errors = $userhandler->get_friendly_errors(); 824 $errors = inline_error($errors); 825 $mybb->input['action'] = "options"; 826 } 827 else 828 { 829 $userhandler->update_user(); 830 831 $plugins->run_hooks("usercp_do_options_end"); 832 833 redirect("usercp.php?action=options", $lang->redirect_optionsupdated); 834 } 835 } 836 837 if($mybb->input['action'] == "options") 838 { 839 if($errors != '') 840 { 841 $user = $mybb->input; 842 } 843 else 844 { 845 $user = $mybb->user; 846 } 847 848 $plugins->run_hooks("usercp_options_start"); 849 850 $languages = $lang->get_languages(); 851 $board_language = $langoptions = ''; 852 if(count($languages) > 1) 853 { 854 foreach($languages as $name => $language) 855 { 856 $language = htmlspecialchars_uni($language); 857 858 $sel = ''; 859 if(isset($user['language']) && $user['language'] == $name) 860 { 861 $sel = " selected=\"selected\""; 862 } 863 864 eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";'); 865 } 866 867 eval('$board_language = "'.$templates->get('usercp_options_language').'";'); 868 } 869 870 // Lets work out which options the user has selected and check the boxes 871 if(isset($user['allownotices']) && $user['allownotices'] == 1) 872 { 873 $allownoticescheck = "checked=\"checked\""; 874 } 875 else 876 { 877 $allownoticescheck = ""; 878 } 879 880 $canbeinvisible = ''; 881 882 // Check usergroup permission before showing invisible check box 883 if($mybb->usergroup['canbeinvisible'] == 1) 884 { 885 if(isset($user['invisible']) && $user['invisible'] == 1) 886 { 887 $invisiblecheck = "checked=\"checked\""; 888 } 889 else 890 { 891 $invisiblecheck = ""; 892 } 893 eval('$canbeinvisible = "'.$templates->get("usercp_options_invisible")."\";"); 894 } 895 896 if(isset($user['hideemail']) && $user['hideemail'] == 1) 897 { 898 $hideemailcheck = "checked=\"checked\""; 899 } 900 else 901 { 902 $hideemailcheck = ""; 903 } 904 905 $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = ''; 906 if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1) 907 { 908 $no_subscribe_selected = "selected=\"selected\""; 909 } 910 elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2) 911 { 912 $instant_email_subscribe_selected = "selected=\"selected\""; 913 } 914 elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3) 915 { 916 $instant_pm_subscribe_selected = "selected=\"selected\""; 917 } 918 else 919 { 920 $no_auto_subscribe_selected = "selected=\"selected\""; 921 } 922 923 if(isset($user['showimages']) && $user['showimages'] == 1) 924 { 925 $showimagescheck = "checked=\"checked\""; 926 } 927 else 928 { 929 $showimagescheck = ""; 930 } 931 932 if(isset($user['showvideos']) && $user['showvideos'] == 1) 933 { 934 $showvideoscheck = "checked=\"checked\""; 935 } 936 else 937 { 938 $showvideoscheck = ""; 939 } 940 941 if(isset($user['showsigs']) && $user['showsigs'] == 1) 942 { 943 $showsigscheck = "checked=\"checked\""; 944 } 945 else 946 { 947 $showsigscheck = ""; 948 } 949 950 if(isset($user['showavatars']) && $user['showavatars'] == 1) 951 { 952 $showavatarscheck = "checked=\"checked\""; 953 } 954 else 955 { 956 $showavatarscheck = ""; 957 } 958 959 if(isset($user['showquickreply']) && $user['showquickreply'] == 1) 960 { 961 $showquickreplycheck = "checked=\"checked\""; 962 } 963 else 964 { 965 $showquickreplycheck = ""; 966 } 967 968 if(isset($user['receivepms']) && $user['receivepms'] == 1) 969 { 970 $receivepmscheck = "checked=\"checked\""; 971 } 972 else 973 { 974 $receivepmscheck = ""; 975 } 976 977 if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1) 978 { 979 $receivefrombuddycheck = "checked=\"checked\""; 980 } 981 else 982 { 983 $receivefrombuddycheck = ""; 984 } 985 986 if(isset($user['pmnotice']) && $user['pmnotice'] >= 1) 987 { 988 $pmnoticecheck = " checked=\"checked\""; 989 } 990 else 991 { 992 $pmnoticecheck = ""; 993 } 994 995 $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = ''; 996 if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2) 997 { 998 $dst_auto_selected = "selected=\"selected\""; 999 } 1000 elseif(isset($user['dstcorrection']) && $user['dstcorrection'] == 1) 1001 { 1002 $dst_enabled_selected = "selected=\"selected\""; 1003 } 1004 else 1005 { 1006 $dst_disabled_selected = "selected=\"selected\""; 1007 } 1008 1009 if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1) 1010 { 1011 $showcodebuttonscheck = "checked=\"checked\""; 1012 } 1013 else 1014 { 1015 $showcodebuttonscheck = ""; 1016 } 1017 1018 if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1) 1019 { 1020 $sourcemodecheck = "checked=\"checked\""; 1021 } 1022 else 1023 { 1024 $sourcemodecheck = ""; 1025 } 1026 1027 if(isset($user['showredirect']) && $user['showredirect'] != 0) 1028 { 1029 $showredirectcheck = "checked=\"checked\""; 1030 } 1031 else 1032 { 1033 $showredirectcheck = ""; 1034 } 1035 1036 if(isset($user['pmnotify']) && $user['pmnotify'] != 0) 1037 { 1038 $pmnotifycheck = "checked=\"checked\""; 1039 } 1040 else 1041 { 1042 $pmnotifycheck = ''; 1043 } 1044 1045 if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0) 1046 { 1047 $buddyrequestspmcheck = "checked=\"checked\""; 1048 } 1049 else 1050 { 1051 $buddyrequestspmcheck = ''; 1052 } 1053 1054 if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0) 1055 { 1056 $buddyrequestsautocheck = "checked=\"checked\""; 1057 } 1058 else 1059 { 1060 $buddyrequestsautocheck = ''; 1061 } 1062 1063 if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear")) 1064 { 1065 $user['threadmode'] = ''; // Leave blank to show default 1066 } 1067 1068 if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0) 1069 { 1070 $classicpostbitcheck = "checked=\"checked\""; 1071 } 1072 else 1073 { 1074 $classicpostbitcheck = ''; 1075 } 1076 1077 $date_format_options = $dateformat = ''; 1078 foreach($date_formats as $key => $format) 1079 { 1080 $selected = ''; 1081 if(isset($user['dateformat']) && $user['dateformat'] == $key) 1082 { 1083 $selected = " selected=\"selected\""; 1084 } 1085 1086 $dateformat = my_date($format, TIME_NOW, "", 0); 1087 eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";"); 1088 } 1089 1090 $time_format_options = $timeformat = ''; 1091 foreach($time_formats as $key => $format) 1092 { 1093 $selected = ''; 1094 if(isset($user['timeformat']) && $user['timeformat'] == $key) 1095 { 1096 $selected = " selected=\"selected\""; 1097 } 1098 1099 $timeformat = my_date($format, TIME_NOW, "", 0); 1100 eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";"); 1101 } 1102 1103 $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true); 1104 1105 $pms_from_buddys = ''; 1106 if($mybb->settings['allowbuddyonly'] == 1) 1107 { 1108 eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";"); 1109 } 1110 1111 $pms = ''; 1112 if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1) 1113 { 1114 eval("\$pms = \"".$templates->get("usercp_options_pms")."\";"); 1115 } 1116 1117 $quick_reply = ''; 1118 if($mybb->settings['quickreply'] == 1) 1119 { 1120 eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";"); 1121 } 1122 1123 $threadview = array('linear' => '', 'threaded' => ''); 1124 if(isset($user['threadmode']) && is_scalar($user['threadmode'])) 1125 { 1126 $threadview[$user['threadmode']] = 'selected="selected"'; 1127 } 1128 $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => ''); 1129 if(isset($user['daysprune']) && is_numeric($user['daysprune'])) 1130 { 1131 $daysprunesel[$user['daysprune']] = 'selected="selected"'; 1132 } 1133 if(!isset($user['style'])) 1134 { 1135 $user['style'] = ''; 1136 } 1137 1138 $board_style = $stylelist = ''; 1139 $stylelist = build_theme_select("style", $user['style']); 1140 1141 if(!empty($stylelist)) 1142 { 1143 eval('$board_style = "'.$templates->get('usercp_options_style').'";'); 1144 } 1145 1146 $tppselect = $pppselect = ''; 1147 if($mybb->settings['usertppoptions']) 1148 { 1149 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 1150 $tppoptions = $tpp_option = ''; 1151 if(is_array($explodedtpp)) 1152 { 1153 foreach($explodedtpp as $key => $val) 1154 { 1155 $val = trim($val); 1156 $selected = ""; 1157 if(isset($user['tpp']) && $user['tpp'] == $val) 1158 { 1159 $selected = " selected=\"selected\""; 1160 } 1161 1162 $tpp_option = $lang->sprintf($lang->tpp_option, $val); 1163 eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";"); 1164 } 1165 } 1166 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 1167 } 1168 1169 if($mybb->settings['userpppoptions']) 1170 { 1171 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 1172 $pppoptions = $ppp_option = ''; 1173 if(is_array($explodedppp)) 1174 { 1175 foreach($explodedppp as $key => $val) 1176 { 1177 $val = trim($val); 1178 $selected = ""; 1179 if(isset($user['ppp']) && $user['ppp'] == $val) 1180 { 1181 $selected = " selected=\"selected\""; 1182 } 1183 1184 $ppp_option = $lang->sprintf($lang->ppp_option, $val); 1185 eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";"); 1186 } 1187 } 1188 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 1189 } 1190 1191 $plugins->run_hooks("usercp_options_end"); 1192 1193 eval("\$editprofile = \"".$templates->get("usercp_options")."\";"); 1194 output_page($editprofile); 1195 } 1196 1197 if($mybb->input['action'] == "do_email" && $mybb->request_method == "post") 1198 { 1199 // Verify incoming POST request 1200 verify_post_check($mybb->get_input('my_post_key')); 1201 1202 $errors = array(); 1203 1204 $plugins->run_hooks("usercp_do_email_start"); 1205 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) 1206 { 1207 $errors[] = $lang->error_invalidpassword; 1208 } 1209 else 1210 { 1211 // Set up user handler. 1212 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1213 $userhandler = new UserDataHandler("update"); 1214 1215 $user = array( 1216 "uid" => $mybb->user['uid'], 1217 "email" => $mybb->get_input('email'), 1218 "email2" => $mybb->get_input('email2') 1219 ); 1220 1221 $userhandler->set_data($user); 1222 1223 if(!$userhandler->validate_user()) 1224 { 1225 $errors = $userhandler->get_friendly_errors(); 1226 } 1227 else 1228 { 1229 $activation = false; 1230 // Checking for pending activations for non-activated accounts 1231 if($mybb->user['usergroup'] == 5 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both")) 1232 { 1233 $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND (type='r' OR type='b')"); 1234 $activation = $db->fetch_array($query); 1235 } 1236 if($activation) 1237 { 1238 $userhandler->update_user(); 1239 1240 $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'"); 1241 1242 // Send new activation mail for non-activated accounts 1243 $activationcode = random_str(); 1244 $activationarray = array( 1245 "uid" => $mybb->user['uid'], 1246 "dateline" => TIME_NOW, 1247 "code" => $activationcode, 1248 "type" => $activation['type'] 1249 ); 1250 $db->insert_query("awaitingactivation", $activationarray); 1251 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 1252 switch($mybb->settings['username_method']) 1253 { 1254 case 0: 1255 $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1256 break; 1257 case 1: 1258 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1259 break; 1260 case 2: 1261 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1262 break; 1263 default: 1264 $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1265 break; 1266 } 1267 my_mail($mybb->user['email'], $emailsubject, $emailmessage); 1268 1269 $plugins->run_hooks("usercp_do_email_changed"); 1270 redirect("usercp.php?action=email", $lang->redirect_emailupdated); 1271 } 1272 elseif($mybb->usergroup['cancp'] != 1 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both")) 1273 { 1274 $uid = $mybb->user['uid']; 1275 $username = $mybb->user['username']; 1276 1277 // Emails require verification 1278 $activationcode = random_str(); 1279 $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'"); 1280 1281 $newactivation = array( 1282 "uid" => $mybb->user['uid'], 1283 "dateline" => TIME_NOW, 1284 "code" => $activationcode, 1285 "type" => "e", 1286 "misc" => $db->escape_string($mybb->get_input('email')) 1287 ); 1288 1289 $db->insert_query("awaitingactivation", $newactivation); 1290 1291 $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']); 1292 1293 $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']); 1294 my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message); 1295 1296 $plugins->run_hooks("usercp_do_email_verify"); 1297 error($lang->redirect_changeemail_activation); 1298 } 1299 else 1300 { 1301 $userhandler->update_user(); 1302 // Email requires no activation 1303 $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']); 1304 my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message); 1305 $plugins->run_hooks("usercp_do_email_changed"); 1306 redirect("usercp.php?action=email", $lang->redirect_emailupdated); 1307 } 1308 } 1309 } 1310 if(count($errors) > 0) 1311 { 1312 $mybb->input['action'] = "email"; 1313 $errors = inline_error($errors); 1314 } 1315 } 1316 1317 if($mybb->input['action'] == "email") 1318 { 1319 // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password) 1320 if($errors) 1321 { 1322 $email = htmlspecialchars_uni($mybb->get_input('email')); 1323 $email2 = htmlspecialchars_uni($mybb->get_input('email2')); 1324 } 1325 else 1326 { 1327 $email = $email2 = ''; 1328 } 1329 1330 $plugins->run_hooks("usercp_email"); 1331 1332 eval("\$changemail = \"".$templates->get("usercp_email")."\";"); 1333 output_page($changemail); 1334 } 1335 1336 if($mybb->input['action'] == "do_password" && $mybb->request_method == "post") 1337 { 1338 // Verify incoming POST request 1339 verify_post_check($mybb->get_input('my_post_key')); 1340 1341 $user = array(); 1342 $errors = array(); 1343 1344 $plugins->run_hooks("usercp_do_password_start"); 1345 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false) 1346 { 1347 $errors[] = $lang->error_invalidpassword; 1348 } 1349 else 1350 { 1351 // Set up user handler. 1352 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1353 $userhandler = new UserDataHandler("update"); 1354 1355 $user = array_merge($user, array( 1356 "uid" => $mybb->user['uid'], 1357 "password" => $mybb->get_input('password'), 1358 "password2" => $mybb->get_input('password2') 1359 )); 1360 1361 $userhandler->set_data($user); 1362 1363 if(!$userhandler->validate_user()) 1364 { 1365 $errors = $userhandler->get_friendly_errors(); 1366 } 1367 else 1368 { 1369 $userhandler->update_user(); 1370 my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true, "lax"); 1371 1372 // Notify the user by email that their password has been changed 1373 $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']); 1374 $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']); 1375 my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message); 1376 1377 $plugins->run_hooks("usercp_do_password_end"); 1378 redirect("usercp.php?action=password", $lang->redirect_passwordupdated); 1379 } 1380 } 1381 if(count($errors) > 0) 1382 { 1383 $mybb->input['action'] = "password"; 1384 $errors = inline_error($errors); 1385 } 1386 } 1387 1388 if($mybb->input['action'] == "password") 1389 { 1390 $plugins->run_hooks("usercp_password"); 1391 1392 eval("\$editpassword = \"".$templates->get("usercp_password")."\";"); 1393 output_page($editpassword); 1394 } 1395 1396 if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post") 1397 { 1398 // Verify incoming POST request 1399 verify_post_check($mybb->get_input('my_post_key')); 1400 1401 $errors = array(); 1402 1403 if($mybb->usergroup['canchangename'] != 1) 1404 { 1405 error_no_permission(); 1406 } 1407 1408 $user = array(); 1409 1410 $plugins->run_hooks("usercp_do_changename_start"); 1411 1412 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) 1413 { 1414 $errors[] = $lang->error_invalidpassword; 1415 } 1416 else 1417 { 1418 // Set up user handler. 1419 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1420 $userhandler = new UserDataHandler("update"); 1421 1422 $user = array_merge($user, array( 1423 "uid" => $mybb->user['uid'], 1424 "username" => $mybb->get_input('username') 1425 )); 1426 1427 $userhandler->set_data($user); 1428 1429 if(!$userhandler->validate_user()) 1430 { 1431 $errors = $userhandler->get_friendly_errors(); 1432 } 1433 else 1434 { 1435 $userhandler->update_user(); 1436 $plugins->run_hooks("usercp_do_changename_end"); 1437 redirect("usercp.php?action=changename", $lang->redirect_namechanged); 1438 } 1439 } 1440 if(count($errors) > 0) 1441 { 1442 $errors = inline_error($errors); 1443 $mybb->input['action'] = "changename"; 1444 } 1445 } 1446 1447 if($mybb->input['action'] == "changename") 1448 { 1449 $plugins->run_hooks("usercp_changename_start"); 1450 if($mybb->usergroup['canchangename'] != 1) 1451 { 1452 error_no_permission(); 1453 } 1454 1455 // Coming back to this page after one or more errors were experienced, show field the user previously entered (with the exception of the password) 1456 if($errors) 1457 { 1458 $username = htmlspecialchars_uni($mybb->get_input('username')); 1459 } 1460 else 1461 { 1462 $username = ''; 1463 } 1464 1465 $plugins->run_hooks("usercp_changename_end"); 1466 1467 eval("\$changename = \"".$templates->get("usercp_changename")."\";"); 1468 output_page($changename); 1469 } 1470 1471 if($mybb->input['action'] == "do_subscriptions") 1472 { 1473 // Verify incoming POST request 1474 verify_post_check($mybb->get_input('my_post_key')); 1475 1476 if(!isset($mybb->input['check']) || !is_array($mybb->input['check'])) 1477 { 1478 error($lang->no_subscriptions_selected); 1479 } 1480 1481 $plugins->run_hooks("usercp_do_subscriptions_start"); 1482 1483 // Clean input - only accept integers thanks! 1484 $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY)); 1485 $tids = implode(",", $mybb->input['check']); 1486 1487 // Deleting these subscriptions? 1488 if($mybb->get_input('do') == "delete") 1489 { 1490 $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'"); 1491 } 1492 // Changing subscription type 1493 else 1494 { 1495 if($mybb->get_input('do') == "no_notification") 1496 { 1497 $new_notification = 0; 1498 } 1499 elseif($mybb->get_input('do') == "email_notification") 1500 { 1501 $new_notification = 1; 1502 } 1503 elseif($mybb->get_input('do') == "pm_notification") 1504 { 1505 $new_notification = 2; 1506 } 1507 1508 // Update 1509 $update_array = array("notification" => $new_notification); 1510 $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'"); 1511 } 1512 1513 // Done, redirect 1514 redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated); 1515 } 1516 1517 if($mybb->input['action'] == "subscriptions") 1518 { 1519 $plugins->run_hooks("usercp_subscriptions_start"); 1520 1521 // Thread visiblity 1522 $where = array( 1523 "s.uid={$mybb->user['uid']}", 1524 get_visible_where('t') 1525 ); 1526 1527 if($unviewable_forums = get_unviewable_forums(true)) 1528 { 1529 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 1530 } 1531 1532 if($inactive_forums = get_inactive_forums()) 1533 { 1534 $where[] = "t.fid NOT IN ({$inactive_forums})"; 1535 } 1536 1537 $where = implode(' AND ', $where); 1538 1539 // Do Multi Pages 1540 $query = $db->query(" 1541 SELECT COUNT(s.tid) as threads 1542 FROM ".TABLE_PREFIX."threadsubscriptions s 1543 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = s.tid) 1544 WHERE {$where} 1545 "); 1546 $threadcount = $db->fetch_field($query, "threads"); 1547 1548 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 1549 { 1550 $mybb->settings['threadsperpage'] = 20; 1551 } 1552 1553 $perpage = $mybb->settings['threadsperpage']; 1554 $page = $mybb->get_input('page', MyBB::INPUT_INT); 1555 if($page > 0) 1556 { 1557 $start = ($page-1) * $perpage; 1558 $pages = $threadcount / $perpage; 1559 $pages = ceil($pages); 1560 if($page > $pages || $page <= 0) 1561 { 1562 $start = 0; 1563 $page = 1; 1564 } 1565 } 1566 else 1567 { 1568 $start = 0; 1569 $page = 1; 1570 } 1571 $end = $start + $perpage; 1572 $lower = $start+1; 1573 $upper = $end; 1574 if($upper > $threadcount) 1575 { 1576 $upper = $threadcount; 1577 } 1578 $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions"); 1579 $fpermissions = forum_permissions(); 1580 $del_subscriptions = $subscriptions = array(); 1581 1582 // Fetch subscriptions 1583 $query = $db->query(" 1584 SELECT s.*, t.*, t.username AS threadusername, u.username 1585 FROM ".TABLE_PREFIX."threadsubscriptions s 1586 LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid) 1587 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 1588 WHERE {$where} 1589 ORDER BY t.lastpost DESC 1590 LIMIT $start, $perpage 1591 "); 1592 while($subscription = $db->fetch_array($query)) 1593 { 1594 $forumpermissions = $fpermissions[$subscription['fid']]; 1595 1596 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']) 1597 { 1598 // Hmm, you don't have permission to view this thread - unsubscribe! 1599 $del_subscriptions[] = $subscription['sid']; 1600 } 1601 elseif($subscription['tid']) 1602 { 1603 $subscriptions[$subscription['tid']] = $subscription; 1604 } 1605 } 1606 1607 if(!empty($del_subscriptions)) 1608 { 1609 $sids = implode(',', $del_subscriptions); 1610 1611 if($sids) 1612 { 1613 $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'"); 1614 } 1615 1616 $threadcount = $threadcount - count($del_subscriptions); 1617 1618 if($threadcount < 0) 1619 { 1620 $threadcount = 0; 1621 } 1622 } 1623 1624 if(!empty($subscriptions)) 1625 { 1626 $tids = implode(",", array_keys($subscriptions)); 1627 $readforums = array(); 1628 1629 // Build a forum cache. 1630 $query = $db->query(" 1631 SELECT f.fid, fr.dateline AS lastread 1632 FROM ".TABLE_PREFIX."forums f 1633 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1634 WHERE f.active != 0 1635 ORDER BY pid, disporder 1636 "); 1637 1638 while($forum = $db->fetch_array($query)) 1639 { 1640 $readforums[$forum['fid']] = $forum['lastread']; 1641 } 1642 1643 // Check participation by the current user in any of these threads - for 'dot' folder icons 1644 if($mybb->settings['dotfolders'] != 0) 1645 { 1646 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 1647 while($post = $db->fetch_array($query)) 1648 { 1649 $subscriptions[$post['tid']]['doticon'] = 1; 1650 } 1651 } 1652 1653 // Read threads 1654 if($mybb->settings['threadreadcut'] > 0) 1655 { 1656 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 1657 while($readthread = $db->fetch_array($query)) 1658 { 1659 $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline']; 1660 } 1661 } 1662 1663 $icon_cache = $cache->read("posticons"); 1664 $threadprefixes = build_prefixes(); 1665 1666 $threads = ''; 1667 1668 // Now we can build our subscription list 1669 foreach($subscriptions as $thread) 1670 { 1671 $bgcolor = alt_trow(); 1672 1673 $folder = ''; 1674 $prefix = ''; 1675 $thread['threadprefix'] = ''; 1676 1677 // If this thread has a prefix, insert a space between prefix and subject 1678 if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']])) 1679 { 1680 $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 1681 } 1682 1683 // Sanitize 1684 $thread['subject'] = $parser->parse_badwords($thread['subject']); 1685 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 1686 1687 // Build our links 1688 $thread['threadlink'] = get_thread_link($thread['tid']); 1689 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 1690 1691 // Fetch the thread icon if we have one 1692 if($thread['icon'] > 0 && $icon_cache[$thread['icon']]) 1693 { 1694 $icon = $icon_cache[$thread['icon']]; 1695 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 1696 $icon['path'] = htmlspecialchars_uni($icon['path']); 1697 $icon['name'] = htmlspecialchars_uni($icon['name']); 1698 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 1699 } 1700 else 1701 { 1702 $icon = " "; 1703 } 1704 1705 // Determine the folder 1706 $folder = ''; 1707 $folder_label = ''; 1708 1709 if(isset($thread['doticon'])) 1710 { 1711 $folder = "dot_"; 1712 $folder_label .= $lang->icon_dot; 1713 } 1714 1715 $gotounread = ''; 1716 $isnew = 0; 1717 $donenew = 0; 1718 $lastread = 0; 1719 1720 if($mybb->settings['threadreadcut'] > 0) 1721 { 1722 $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 1723 if(empty($readforums[$thread['fid']]) || $readforums[$thread['fid']] < $read_cutoff) 1724 { 1725 $forum_read = $read_cutoff; 1726 } 1727 else 1728 { 1729 $forum_read = $readforums[$thread['fid']]; 1730 } 1731 } 1732 1733 $cutoff = 0; 1734 if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read) 1735 { 1736 $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 1737 } 1738 1739 if($thread['lastpost'] > $cutoff) 1740 { 1741 if(!empty($thread['lastread'])) 1742 { 1743 $lastread = $thread['lastread']; 1744 } 1745 else 1746 { 1747 $lastread = 1; 1748 } 1749 } 1750 1751 if(!$lastread) 1752 { 1753 $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']); 1754 if($readcookie > $forum_read) 1755 { 1756 $lastread = $readcookie; 1757 } 1758 else 1759 { 1760 $lastread = $forum_read; 1761 } 1762 } 1763 1764 if($lastread && $lastread < $thread['lastpost']) 1765 { 1766 $folder .= "new"; 1767 $folder_label .= $lang->icon_new; 1768 $new_class = "subject_new"; 1769 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 1770 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 1771 $unreadpost = 1; 1772 } 1773 else 1774 { 1775 $folder_label .= $lang->icon_no_new; 1776 $new_class = "subject_old"; 1777 } 1778 1779 if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews']) 1780 { 1781 $folder .= "hot"; 1782 $folder_label .= $lang->icon_hot; 1783 } 1784 1785 if($thread['closed'] == 1) 1786 { 1787 $folder .= "close"; 1788 $folder_label .= $lang->icon_close; 1789 } 1790 1791 $folder .= "folder"; 1792 1793 if($thread['visible'] == 0) 1794 { 1795 $bgcolor = "trow_shaded"; 1796 } 1797 1798 // Build last post info 1799 $lastpostdate = my_date('relative', $thread['lastpost']); 1800 $lastposteruid = $thread['lastposteruid']; 1801 if(!$lastposteruid && !$thread['lastposter']) 1802 { 1803 $lastposter = htmlspecialchars_uni($lang->guest); 1804 } 1805 else 1806 { 1807 $lastposter = htmlspecialchars_uni($thread['lastposter']); 1808 } 1809 1810 // Don't link to guest's profiles (they have no profile). 1811 if($lastposteruid == 0) 1812 { 1813 $lastposterlink = $lastposter; 1814 } 1815 else 1816 { 1817 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 1818 } 1819 1820 $thread['replies'] = my_number_format($thread['replies']); 1821 $thread['views'] = my_number_format($thread['views']); 1822 1823 // What kind of notification type do we have here? 1824 switch($thread['notification']) 1825 { 1826 case "2": // PM 1827 $notification_type = $lang->pm_notification; 1828 break; 1829 case "1": // Email 1830 $notification_type = $lang->email_notification; 1831 break; 1832 default: // No notification 1833 $notification_type = $lang->no_notification; 1834 } 1835 1836 eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";"); 1837 } 1838 1839 // Provide remove options 1840 eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";"); 1841 } 1842 else 1843 { 1844 $remove_options = ''; 1845 eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";"); 1846 } 1847 1848 $plugins->run_hooks("usercp_subscriptions_end"); 1849 1850 eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";"); 1851 output_page($subscriptions); 1852 } 1853 1854 if($mybb->input['action'] == "forumsubscriptions") 1855 { 1856 $plugins->run_hooks("usercp_forumsubscriptions_start"); 1857 1858 // Build a forum cache. 1859 $query = $db->query(" 1860 SELECT f.fid, fr.dateline AS lastread 1861 FROM ".TABLE_PREFIX."forums f 1862 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1863 WHERE f.active != 0 1864 ORDER BY pid, disporder 1865 "); 1866 $readforums = array(); 1867 while($forum = $db->fetch_array($query)) 1868 { 1869 $readforums[$forum['fid']] = $forum['lastread']; 1870 } 1871 1872 $fpermissions = forum_permissions(); 1873 require_once MYBB_ROOT."inc/functions_forumlist.php"; 1874 1875 $query = $db->query(" 1876 SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread 1877 FROM ".TABLE_PREFIX."forumsubscriptions fs 1878 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid) 1879 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid) 1880 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1881 WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."' 1882 ORDER BY f.name ASC 1883 "); 1884 1885 $forums = ''; 1886 while($forum = $db->fetch_array($query)) 1887 { 1888 $forum_url = get_forum_link($forum['fid']); 1889 $forumpermissions = $fpermissions[$forum['fid']]; 1890 1891 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 1892 { 1893 continue; 1894 } 1895 1896 $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost'])); 1897 $folder = $lightbulb['folder']; 1898 1899 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0) 1900 { 1901 $posts = '-'; 1902 $threads = '-'; 1903 } 1904 else 1905 { 1906 $posts = my_number_format($forum['posts']); 1907 $threads = my_number_format($forum['threads']); 1908 } 1909 1910 if($forum['lastpost'] == 0) 1911 { 1912 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";"); 1913 } 1914 // Hide last post 1915 elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid']) 1916 { 1917 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";"); 1918 } 1919 else 1920 { 1921 $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']); 1922 $lastpost_date = my_date('relative', $forum['lastpost']); 1923 $lastposttid = $forum['lastposttid']; 1924 if(!$forum['lastposteruid'] && !$forum['lastposter']) 1925 { 1926 $lastposter = htmlspecialchars_uni($lang->guest); 1927 } 1928 else 1929 { 1930 $lastposter = htmlspecialchars_uni($forum['lastposter']); 1931 } 1932 if($forum['lastposteruid'] == 0) 1933 { 1934 $lastpost_profilelink = $lastposter; 1935 } 1936 else 1937 { 1938 $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']); 1939 } 1940 $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']); 1941 if(my_strlen($lastpost_subject) > 25) 1942 { 1943 $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "..."; 1944 } 1945 $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost"); 1946 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";"); 1947 } 1948 1949 if($mybb->settings['showdescriptions'] == 0) 1950 { 1951 $forum['description'] = ""; 1952 } 1953 1954 eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";"); 1955 } 1956 1957 if(!$forums) 1958 { 1959 eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";"); 1960 } 1961 1962 $plugins->run_hooks("usercp_forumsubscriptions_end"); 1963 1964 eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";"); 1965 output_page($forumsubscriptions); 1966 } 1967 1968 if($mybb->input['action'] == "do_addsubscription" && $mybb->get_input('type') != "forum") 1969 { 1970 // Verify incoming POST request 1971 verify_post_check($mybb->get_input('my_post_key')); 1972 1973 $thread = get_thread($mybb->get_input('tid')); 1974 if(!$thread || $thread['visible'] == -1) 1975 { 1976 error($lang->error_invalidthread); 1977 } 1978 1979 // Is the currently logged in user a moderator of this forum? 1980 $ismod = is_moderator($thread['fid']); 1981 1982 // Make sure we are looking at a real thread here. 1983 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 1984 { 1985 error($lang->error_invalidthread); 1986 } 1987 1988 $forumpermissions = forum_permissions($thread['fid']); 1989 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 1990 { 1991 error_no_permission(); 1992 } 1993 1994 // check if the forum requires a password to view. If so, we need to show a form to the user 1995 check_forum_password($thread['fid']); 1996 1997 // Naming of the hook retained for backward compatibility while dropping usercp2.php 1998 $plugins->run_hooks("usercp2_do_addsubscription"); 1999 2000 add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT)); 2001 2002 if($mybb->get_input('referrer')) 2003 { 2004 $mybb->input['referrer'] = $mybb->get_input('referrer'); 2005 2006 if(my_strpos($mybb->input['referrer'], $mybb->settings['bburl'].'/') !== 0) 2007 { 2008 if(my_strpos($mybb->input['referrer'], '/') === 0) 2009 { 2010 $mybb->input['referrer'] = my_substr($mybb->input['url'], 1); 2011 } 2012 $url_segments = explode('/', $mybb->input['referrer']); 2013 $mybb->input['referrer'] = $mybb->settings['bburl'].'/'.end($url_segments); 2014 } 2015 2016 $url = htmlspecialchars_uni($mybb->input['referrer']); 2017 } 2018 else 2019 { 2020 $url = get_thread_link($thread['tid']); 2021 } 2022 redirect($url, $lang->redirect_subscriptionadded); 2023 } 2024 2025 if($mybb->input['action'] == "addsubscription") 2026 { 2027 // Verify incoming POST request 2028 verify_post_check($mybb->get_input('my_post_key')); 2029 2030 if($mybb->get_input('type') == "forum") 2031 { 2032 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2033 if(!$forum) 2034 { 2035 error($lang->error_invalidforum); 2036 } 2037 $forumpermissions = forum_permissions($forum['fid']); 2038 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 2039 { 2040 error_no_permission(); 2041 } 2042 2043 // check if the forum requires a password to view. If so, we need to show a form to the user 2044 check_forum_password($forum['fid']); 2045 2046 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2047 $plugins->run_hooks("usercp2_addsubscription_forum"); 2048 2049 add_subscribed_forum($forum['fid']); 2050 if($server_http_referer && $mybb->request_method != 'post') 2051 { 2052 $url = $server_http_referer; 2053 } 2054 else 2055 { 2056 $url = "index.php"; 2057 } 2058 redirect($url, $lang->redirect_forumsubscriptionadded); 2059 } 2060 else 2061 { 2062 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2063 if(!$thread || $thread['visible'] == -1) 2064 { 2065 error($lang->error_invalidthread); 2066 } 2067 2068 // Is the currently logged in user a moderator of this forum? 2069 $ismod = is_moderator($thread['fid']); 2070 2071 // Make sure we are looking at a real thread here. 2072 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2073 { 2074 error($lang->error_invalidthread); 2075 } 2076 2077 add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions"); 2078 add_breadcrumb($lang->nav_addsubscription); 2079 2080 $forumpermissions = forum_permissions($thread['fid']); 2081 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 2082 { 2083 error_no_permission(); 2084 } 2085 2086 // check if the forum requires a password to view. If so, we need to show a form to the user 2087 check_forum_password($thread['fid']); 2088 2089 $referrer = ''; 2090 if($server_http_referer) 2091 { 2092 $referrer = $server_http_referer; 2093 } 2094 2095 require_once MYBB_ROOT."inc/class_parser.php"; 2096 $parser = new postParser; 2097 $thread['subject'] = $parser->parse_badwords($thread['subject']); 2098 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 2099 $lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']); 2100 2101 $notification_none_checked = $notification_email_checked = $notification_pm_checked = ''; 2102 if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0) 2103 { 2104 $notification_none_checked = "checked=\"checked\""; 2105 } 2106 elseif($mybb->user['subscriptionmethod'] == 2) 2107 { 2108 $notification_email_checked = "checked=\"checked\""; 2109 } 2110 elseif($mybb->user['subscriptionmethod'] == 3) 2111 { 2112 $notification_pm_checked = "checked=\"checked\""; 2113 } 2114 2115 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2116 $plugins->run_hooks("usercp2_addsubscription_thread"); 2117 2118 eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";"); 2119 output_page($add_subscription); 2120 exit; 2121 } 2122 } 2123 2124 if($mybb->input['action'] == "removesubscription" && ($mybb->request_method == "post" || verify_post_check($mybb->get_input('my_post_key'), true))) 2125 { 2126 // Verify incoming POST request 2127 verify_post_check($mybb->get_input('my_post_key')); 2128 2129 if($mybb->get_input('type') == "forum") 2130 { 2131 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2132 if(!$forum) 2133 { 2134 error($lang->error_invalidforum); 2135 } 2136 2137 // check if the forum requires a password to view. If so, we need to show a form to the user 2138 check_forum_password($forum['fid']); 2139 2140 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2141 $plugins->run_hooks("usercp2_removesubscription_forum"); 2142 2143 remove_subscribed_forum($forum['fid']); 2144 if($server_http_referer && $mybb->request_method != 'post') 2145 { 2146 $url = $server_http_referer; 2147 } 2148 else 2149 { 2150 $url = "usercp.php?action=forumsubscriptions"; 2151 } 2152 redirect($url, $lang->redirect_forumsubscriptionremoved); 2153 } 2154 else 2155 { 2156 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2157 if(!$thread) 2158 { 2159 error($lang->error_invalidthread); 2160 } 2161 2162 // Is the currently logged in user a moderator of this forum? 2163 $ismod = is_moderator($thread['fid']); 2164 2165 // Make sure we are looking at a real thread here. 2166 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2167 { 2168 error($lang->error_invalidthread); 2169 } 2170 2171 // check if the forum requires a password to view. If so, we need to show a form to the user 2172 check_forum_password($thread['fid']); 2173 2174 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2175 $plugins->run_hooks("usercp2_removesubscription_thread"); 2176 2177 remove_subscribed_thread($thread['tid']); 2178 if($server_http_referer && $mybb->request_method != 'post') 2179 { 2180 $url = $server_http_referer; 2181 } 2182 else 2183 { 2184 $url = "usercp.php?action=subscriptions"; 2185 } 2186 redirect($url, $lang->redirect_subscriptionremoved); 2187 } 2188 } 2189 2190 // Show remove subscription form when GET method and without valid my_post_key 2191 if($mybb->input['action'] == "removesubscription") 2192 { 2193 $referrer = ''; 2194 if($mybb->get_input('type') == "forum") 2195 { 2196 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2197 if(!$forum) 2198 { 2199 error($lang->error_invalidforum); 2200 } 2201 2202 add_breadcrumb($lang->nav_forumsubscriptions, "usercp.php?action=forumsubscriptions"); 2203 add_breadcrumb($lang->nav_removesubscription); 2204 2205 $forumpermissions = forum_permissions($forum['fid']); 2206 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 2207 { 2208 error_no_permission(); 2209 } 2210 2211 // check if the forum requires a password to view. If so, we need to show a form to the user 2212 check_forum_password($forum['fid']); 2213 2214 $lang->unsubscribe_from_forum = $lang->sprintf($lang->unsubscribe_from_forum, $forum['name']); 2215 2216 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2217 $plugins->run_hooks("usercp2_removesubscription_display_forum"); 2218 2219 eval("\$remove_forum_subscription = \"".$templates->get("usercp_removesubscription_forum")."\";"); 2220 output_page($remove_forum_subscription); 2221 exit; 2222 } 2223 else 2224 { 2225 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2226 if(!$thread || $thread['visible'] == -1) 2227 { 2228 error($lang->error_invalidthread); 2229 } 2230 2231 // Is the currently logged in user a moderator of this forum? 2232 $ismod = is_moderator($thread['fid']); 2233 2234 // Make sure we are looking at a real thread here. 2235 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2236 { 2237 error($lang->error_invalidthread); 2238 } 2239 2240 add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions"); 2241 add_breadcrumb($lang->nav_removesubscription); 2242 2243 $forumpermissions = forum_permissions($thread['fid']); 2244 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 2245 { 2246 error_no_permission(); 2247 } 2248 2249 // check if the forum requires a password to view. If so, we need to show a form to the user 2250 check_forum_password($thread['fid']); 2251 2252 require_once MYBB_ROOT."inc/class_parser.php"; 2253 $parser = new postParser; 2254 $thread['subject'] = $parser->parse_badwords($thread['subject']); 2255 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 2256 $lang->unsubscribe_from_thread = $lang->sprintf($lang->unsubscribe_from_thread, $thread['subject']); 2257 2258 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2259 $plugins->run_hooks("usercp2_removesubscription_display_thread"); 2260 2261 eval("\$remove_thread_subscription = \"".$templates->get("usercp_removesubscription_thread")."\";"); 2262 output_page($remove_thread_subscription); 2263 exit; 2264 } 2265 } 2266 2267 if($mybb->input['action'] == "removesubscriptions") 2268 { 2269 // Verify incoming POST request 2270 verify_post_check($mybb->get_input('my_post_key')); 2271 2272 if($mybb->get_input('type') == "forum") 2273 { 2274 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2275 $plugins->run_hooks("usercp2_removesubscriptions_forum"); 2276 2277 $db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'"); 2278 if($server_http_referer) 2279 { 2280 $url = $server_http_referer; 2281 } 2282 else 2283 { 2284 $url = "usercp.php?action=forumsubscriptions"; 2285 } 2286 redirect($url, $lang->redirect_forumsubscriptionsremoved); 2287 } 2288 else 2289 { 2290 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2291 $plugins->run_hooks("usercp2_removesubscriptions_thread"); 2292 2293 $db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'"); 2294 if($server_http_referer) 2295 { 2296 $url = $server_http_referer; 2297 } 2298 else 2299 { 2300 $url = "usercp.php?action=subscriptions"; 2301 } 2302 redirect($url, $lang->redirect_subscriptionsremoved); 2303 } 2304 } 2305 2306 if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post") 2307 { 2308 // Verify incoming POST request 2309 verify_post_check($mybb->get_input('my_post_key')); 2310 2311 // User currently has a suspended signature 2312 if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW) 2313 { 2314 error_no_permission(); 2315 } 2316 2317 $plugins->run_hooks("usercp_do_editsig_start"); 2318 2319 if($mybb->get_input('updateposts') == "enable") 2320 { 2321 $update_signature = array( 2322 "includesig" => 1 2323 ); 2324 $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'"); 2325 } 2326 elseif($mybb->get_input('updateposts') == "disable") 2327 { 2328 $update_signature = array( 2329 "includesig" => 0 2330 ); 2331 $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'"); 2332 } 2333 $new_signature = array( 2334 "signature" => $db->escape_string($mybb->get_input('signature')) 2335 ); 2336 $plugins->run_hooks("usercp_do_editsig_process"); 2337 $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'"); 2338 $plugins->run_hooks("usercp_do_editsig_end"); 2339 redirect("usercp.php?action=editsig", $lang->redirect_sigupdated); 2340 } 2341 2342 if($mybb->input['action'] == "editsig") 2343 { 2344 $plugins->run_hooks("usercp_editsig_start"); 2345 if(!empty($mybb->input['preview']) && empty($error)) 2346 { 2347 $sig = $mybb->get_input('signature'); 2348 $template = "usercp_editsig_preview"; 2349 } 2350 elseif(empty($error)) 2351 { 2352 $sig = $mybb->user['signature']; 2353 $template = "usercp_editsig_current"; 2354 } 2355 else 2356 { 2357 $sig = $mybb->get_input('signature'); 2358 $template = false; 2359 } 2360 2361 if(!isset($error)) 2362 { 2363 $error = ''; 2364 } 2365 2366 if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW)) 2367 { 2368 // User currently has no signature and they're suspended 2369 error($lang->sig_suspended); 2370 } 2371 2372 if($mybb->usergroup['canusesig'] != 1) 2373 { 2374 // Usergroup has no permission to use this facility 2375 error_no_permission(); 2376 } 2377 elseif($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts']) 2378 { 2379 // Usergroup can use this facility, but only after x posts 2380 error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts'])); 2381 } 2382 2383 $signature = ''; 2384 if($sig && $template) 2385 { 2386 $sig_parser = array( 2387 "allow_html" => $mybb->settings['sightml'], 2388 "allow_mycode" => $mybb->settings['sigmycode'], 2389 "allow_smilies" => $mybb->settings['sigsmilies'], 2390 "allow_imgcode" => $mybb->settings['sigimgcode'], 2391 "me_username" => $mybb->user['username'], 2392 "filter_badwords" => 1 2393 ); 2394 2395 if($mybb->user['showimages'] != 1) 2396 { 2397 $sig_parser['allow_imgcode'] = 0; 2398 } 2399 2400 $sigpreview = $parser->parse_message($sig, $sig_parser); 2401 eval("\$signature = \"".$templates->get($template)."\";"); 2402 } 2403 2404 // User has a current signature, so let's display it (but show an error message) 2405 if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW) 2406 { 2407 $plugins->run_hooks("usercp_editsig_end"); 2408 2409 // User either doesn't have permission, or has their signature suspended 2410 eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";"); 2411 } 2412 else 2413 { 2414 // User is allowed to edit their signature 2415 $smilieinserter = ''; 2416 if($mybb->settings['sigsmilies'] == 1) 2417 { 2418 $sigsmilies = $lang->on; 2419 $smilieinserter = build_clickable_smilies(); 2420 } 2421 else 2422 { 2423 $sigsmilies = $lang->off; 2424 } 2425 if($mybb->settings['sigmycode'] == 1) 2426 { 2427 $sigmycode = $lang->on; 2428 } 2429 else 2430 { 2431 $sigmycode = $lang->off; 2432 } 2433 if($mybb->settings['sightml'] == 1) 2434 { 2435 $sightml = $lang->on; 2436 } 2437 else 2438 { 2439 $sightml = $lang->off; 2440 } 2441 if($mybb->settings['sigimgcode'] == 1) 2442 { 2443 $sigimgcode = $lang->on; 2444 } 2445 else 2446 { 2447 $sigimgcode = $lang->off; 2448 } 2449 2450 if($mybb->settings['siglength'] == 0) 2451 { 2452 $siglength = $lang->unlimited; 2453 } 2454 else 2455 { 2456 $siglength = $mybb->settings['siglength']; 2457 } 2458 2459 $sig = htmlspecialchars_uni($sig); 2460 $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $siglength); 2461 2462 if($mybb->settings['sigmycode'] != 0 && $mybb->settings['bbcodeinserter'] != 0 && $mybb->user['showcodebuttons'] != 0) 2463 { 2464 $codebuttons = build_mycode_inserter("signature"); 2465 } 2466 2467 $plugins->run_hooks("usercp_editsig_end"); 2468 2469 eval("\$editsig = \"".$templates->get("usercp_editsig")."\";"); 2470 } 2471 2472 output_page($editsig); 2473 } 2474 2475 if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post") 2476 { 2477 // Verify incoming POST request 2478 verify_post_check($mybb->get_input('my_post_key')); 2479 2480 $plugins->run_hooks("usercp_do_avatar_start"); 2481 require_once MYBB_ROOT."inc/functions_upload.php"; 2482 2483 $avatar_error = ""; 2484 2485 if(!empty($mybb->input['remove'])) // remove avatar 2486 { 2487 $updated_avatar = array( 2488 "avatar" => "", 2489 "avatardimensions" => "", 2490 "avatartype" => "" 2491 ); 2492 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2493 remove_avatars($mybb->user['uid']); 2494 } 2495 elseif($_FILES['avatarupload']['name']) // upload avatar 2496 { 2497 if($mybb->usergroup['canuploadavatars'] == 0) 2498 { 2499 error_no_permission(); 2500 } 2501 $avatar = upload_avatar(); 2502 if(!empty($avatar['error'])) 2503 { 2504 $avatar_error = $avatar['error']; 2505 } 2506 else 2507 { 2508 if($avatar['width'] > 0 && $avatar['height'] > 0) 2509 { 2510 $avatar_dimensions = $avatar['width']."|".$avatar['height']; 2511 } 2512 $updated_avatar = array( 2513 "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW, 2514 "avatardimensions" => $avatar_dimensions, 2515 "avatartype" => "upload" 2516 ); 2517 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2518 } 2519 } 2520 elseif(!$mybb->settings['allowremoteavatars'] && !$_FILES['avatarupload']['name']) // missing avatar image 2521 { 2522 $avatar_error = $lang->error_avatarimagemissing; 2523 } 2524 elseif($mybb->settings['allowremoteavatars']) // remote avatar 2525 { 2526 $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl')); 2527 if(validate_email_format($mybb->input['avatarurl']) != false) 2528 { 2529 // Gravatar 2530 $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']); 2531 2532 // If user image does not exist, or is a higher rating, use the mystery man 2533 $email = md5($mybb->input['avatarurl']); 2534 2535 $s = ''; 2536 if(!$mybb->settings['maxavatardims']) 2537 { 2538 $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits 2539 } 2540 2541 // Because Gravatars are square, hijack the width 2542 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2543 $maxheight = (int)$maxwidth; 2544 2545 // Rating? 2546 $types = array('g', 'pg', 'r', 'x'); 2547 $rating = $mybb->settings['useravatarrating']; 2548 2549 if(!in_array($rating, $types)) 2550 { 2551 $rating = 'g'; 2552 } 2553 2554 $s = "?s={$maxheight}&r={$rating}&d=mm"; 2555 2556 $updated_avatar = array( 2557 "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}", 2558 "avatardimensions" => "{$maxheight}|{$maxheight}", 2559 "avatartype" => "gravatar" 2560 ); 2561 2562 $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'"); 2563 } 2564 else 2565 { 2566 $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl')); 2567 $ext = get_extension($mybb->input['avatarurl']); 2568 2569 // Copy the avatar to the local server (work around remote URL access disabled for getimagesize) 2570 $file = fetch_remote_file($mybb->input['avatarurl']); 2571 if(!$file) 2572 { 2573 $avatar_error = $lang->error_invalidavatarurl; 2574 } 2575 else 2576 { 2577 $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str()); 2578 $fp = @fopen($tmp_name, "wb"); 2579 if(!$fp) 2580 { 2581 $avatar_error = $lang->error_invalidavatarurl; 2582 } 2583 else 2584 { 2585 fwrite($fp, $file); 2586 fclose($fp); 2587 list($width, $height, $type) = @getimagesize($tmp_name); 2588 @unlink($tmp_name); 2589 if(!$type) 2590 { 2591 $avatar_error = $lang->error_invalidavatarurl; 2592 } 2593 } 2594 } 2595 2596 if(empty($avatar_error)) 2597 { 2598 if($width && $height && $mybb->settings['maxavatardims'] != "") 2599 { 2600 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2601 if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight)) 2602 { 2603 $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); 2604 $avatar_error = $lang->error_avatartoobig; 2605 } 2606 } 2607 } 2608 2609 // Limiting URL string to stay within database limit 2610 if(strlen($mybb->input['avatarurl']) > 200) 2611 { 2612 $avatar_error = $lang->error_avatarurltoolong; 2613 } 2614 2615 if(empty($avatar_error)) 2616 { 2617 if($width > 0 && $height > 0) 2618 { 2619 $avatar_dimensions = (int)$width."|".(int)$height; 2620 } 2621 $updated_avatar = array( 2622 "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW), 2623 "avatardimensions" => $avatar_dimensions, 2624 "avatartype" => "remote" 2625 ); 2626 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2627 remove_avatars($mybb->user['uid']); 2628 } 2629 } 2630 } 2631 else // remote avatar, but remote avatars are not allowed 2632 { 2633 $avatar_error = $lang->error_remote_avatar_not_allowed; 2634 } 2635 2636 if(empty($avatar_error)) 2637 { 2638 $plugins->run_hooks("usercp_do_avatar_end"); 2639 redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated); 2640 } 2641 else 2642 { 2643 $mybb->input['action'] = "avatar"; 2644 $avatar_error = inline_error($avatar_error); 2645 } 2646 } 2647 2648 if($mybb->input['action'] == "avatar") 2649 { 2650 $plugins->run_hooks("usercp_avatar_start"); 2651 2652 $avatarmsg = $avatarurl = ''; 2653 2654 if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath'])) 2655 { 2656 $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>"; 2657 } 2658 elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar'])) 2659 { 2660 $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>"; 2661 $avatarurl = htmlspecialchars_uni($mybb->user['avatar']); 2662 } 2663 2664 $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100'); 2665 eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";"); 2666 2667 if($mybb->settings['maxavatardims'] != "") 2668 { 2669 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2670 $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight); 2671 } 2672 2673 if($mybb->settings['avatarsize']) 2674 { 2675 $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024); 2676 $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize); 2677 } 2678 2679 $plugins->run_hooks("usercp_avatar_intermediate"); 2680 2681 $auto_resize = ''; 2682 if($mybb->settings['avatarresizing'] == "auto") 2683 { 2684 eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";"); 2685 } 2686 elseif($mybb->settings['avatarresizing'] == "user") 2687 { 2688 eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";"); 2689 } 2690 2691 $avatarupload = ''; 2692 if($mybb->usergroup['canuploadavatars'] == 1) 2693 { 2694 eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";"); 2695 } 2696 2697 $avatar_remote = ''; 2698 if($mybb->settings['allowremoteavatars'] == 1) 2699 { 2700 eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";"); 2701 } 2702 2703 $removeavatar = ''; 2704 if(!empty($mybb->user['avatar'])) 2705 { 2706 eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";"); 2707 } 2708 2709 $plugins->run_hooks("usercp_avatar_end"); 2710 2711 if(!isset($avatar_error)) 2712 { 2713 $avatar_error = ''; 2714 } 2715 2716 eval("\$avatar = \"".$templates->get("usercp_avatar")."\";"); 2717 output_page($avatar); 2718 } 2719 2720 if($mybb->input['action'] == "acceptrequest") 2721 { 2722 // Verify incoming POST request 2723 verify_post_check($mybb->get_input('my_post_key')); 2724 2725 // Validate request 2726 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']); 2727 $request = $db->fetch_array($query); 2728 if(empty($request)) 2729 { 2730 error($lang->invalid_request); 2731 } 2732 2733 $plugins->run_hooks("usercp_acceptrequest_start"); 2734 2735 $user = get_user($request['uid']); 2736 if(!empty($user)) 2737 { 2738 // We want to add us to this user's buddy list 2739 if($user['buddylist'] != '') 2740 { 2741 $user['buddylist'] = explode(',', $user['buddylist']); 2742 } 2743 else 2744 { 2745 $user['buddylist'] = array(); 2746 } 2747 2748 $user['buddylist'][] = (int)$mybb->user['uid']; 2749 2750 // Now we have the new list, so throw it all back together 2751 $new_list = implode(",", $user['buddylist']); 2752 2753 // And clean it up a little to ensure there is no possibility of bad values 2754 $new_list = preg_replace("#,{2,}#", ",", $new_list); 2755 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 2756 2757 if(my_substr($new_list, 0, 1) == ",") 2758 { 2759 $new_list = my_substr($new_list, 1); 2760 } 2761 if(my_substr($new_list, -1) == ",") 2762 { 2763 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 2764 } 2765 2766 $user['buddylist'] = $db->escape_string($new_list); 2767 2768 $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'"); 2769 2770 2771 // We want to add the user to our buddy list 2772 if($mybb->user['buddylist'] != '') 2773 { 2774 $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']); 2775 } 2776 else 2777 { 2778 $mybb->user['buddylist'] = array(); 2779 } 2780 2781 $mybb->user['buddylist'][] = (int)$request['uid']; 2782 2783 // Now we have the new list, so throw it all back together 2784 $new_list = implode(",", $mybb->user['buddylist']); 2785 2786 // And clean it up a little to ensure there is no possibility of bad values 2787 $new_list = preg_replace("#,{2,}#", ",", $new_list); 2788 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 2789 2790 if(my_substr($new_list, 0, 1) == ",") 2791 { 2792 $new_list = my_substr($new_list, 1); 2793 } 2794 if(my_substr($new_list, -1) == ",") 2795 { 2796 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 2797 } 2798 2799 $mybb->user['buddylist'] = $db->escape_string($new_list); 2800 2801 $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'"); 2802 2803 $pm = array( 2804 'subject' => 'buddyrequest_accepted_request', 2805 'message' => 'buddyrequest_accepted_request_message', 2806 'touid' => $user['uid'], 2807 'language' => $user['language'], 2808 'language_file' => 'usercp' 2809 ); 2810 2811 send_pm($pm, $mybb->user['uid'], true); 2812 2813 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2814 } 2815 else 2816 { 2817 error($lang->user_doesnt_exist); 2818 } 2819 2820 $plugins->run_hooks("usercp_acceptrequest_end"); 2821 2822 redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted); 2823 } 2824 2825 elseif($mybb->input['action'] == "declinerequest") 2826 { 2827 // Verify incoming POST request 2828 verify_post_check($mybb->get_input('my_post_key')); 2829 2830 // Validate request 2831 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']); 2832 $request = $db->fetch_array($query); 2833 if(empty($request)) 2834 { 2835 error($lang->invalid_request); 2836 } 2837 2838 $plugins->run_hooks("usercp_declinerequest_start"); 2839 2840 $user = get_user($request['uid']); 2841 if(!empty($user)) 2842 { 2843 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2844 } 2845 else 2846 { 2847 error($lang->user_doesnt_exist); 2848 } 2849 2850 $plugins->run_hooks("usercp_declinerequest_end"); 2851 2852 redirect("usercp.php?action=editlists", $lang->buddyrequest_declined); 2853 } 2854 2855 elseif($mybb->input['action'] == "cancelrequest") 2856 { 2857 // Verify incoming POST request 2858 verify_post_check($mybb->get_input('my_post_key')); 2859 2860 // Validate request 2861 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']); 2862 $request = $db->fetch_array($query); 2863 if(empty($request)) 2864 { 2865 error($lang->invalid_request); 2866 } 2867 2868 $plugins->run_hooks("usercp_cancelrequest_start"); 2869 2870 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2871 2872 $plugins->run_hooks("usercp_cancelrequest_end"); 2873 2874 redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled); 2875 } 2876 2877 if($mybb->input['action'] == "do_editlists") 2878 { 2879 // Verify incoming POST request 2880 verify_post_check($mybb->get_input('my_post_key')); 2881 2882 $plugins->run_hooks("usercp_do_editlists_start"); 2883 2884 $existing_users = array(); 2885 $selected_list = array(); 2886 if($mybb->get_input('manage') == "ignored") 2887 { 2888 if($mybb->user['ignorelist']) 2889 { 2890 $existing_users = explode(",", $mybb->user['ignorelist']); 2891 } 2892 2893 if($mybb->user['buddylist']) 2894 { 2895 // Create a list of buddies... 2896 $selected_list = explode(",", $mybb->user['buddylist']); 2897 } 2898 } 2899 else 2900 { 2901 if($mybb->user['buddylist']) 2902 { 2903 $existing_users = explode(",", $mybb->user['buddylist']); 2904 } 2905 2906 if($mybb->user['ignorelist']) 2907 { 2908 // Create a list of ignored users 2909 $selected_list = explode(",", $mybb->user['ignorelist']); 2910 } 2911 } 2912 2913 $error_message = ""; 2914 $message = ""; 2915 2916 // Adding one or more users to this list 2917 if($mybb->get_input('add_username')) 2918 { 2919 // Split up any usernames we have 2920 $found_users = 0; 2921 $adding_self = false; 2922 $users = explode(",", $mybb->get_input('add_username')); 2923 $users = array_map("trim", $users); 2924 $users = array_unique($users); 2925 foreach($users as $key => $username) 2926 { 2927 if(empty($username)) 2928 { 2929 unset($users[$key]); 2930 continue; 2931 } 2932 2933 if(my_strtoupper($mybb->user['username']) == my_strtoupper($username)) 2934 { 2935 $adding_self = true; 2936 unset($users[$key]); 2937 continue; 2938 } 2939 $users[$key] = $db->escape_string($username); 2940 } 2941 2942 // Get the requests we have sent that are still pending 2943 $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']); 2944 $requests = array(); 2945 while($req = $db->fetch_array($query)) 2946 { 2947 $requests[$req['touid']] = true; 2948 } 2949 2950 // Get the requests we have received that are still pending 2951 $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']); 2952 $requests_rec = array(); 2953 while($req = $db->fetch_array($query)) 2954 { 2955 $requests_rec[$req['uid']] = true; 2956 } 2957 2958 $sent = false; 2959 2960 // Fetch out new users 2961 if(count($users) > 0) 2962 { 2963 switch($db->type) 2964 { 2965 case 'mysql': 2966 case 'mysqli': 2967 $field = 'username'; 2968 break; 2969 default: 2970 $field = 'LOWER(username)'; 2971 break; 2972 } 2973 $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')"); 2974 while($user = $db->fetch_array($query)) 2975 { 2976 ++$found_users; 2977 2978 // Make sure we're not adding a duplicate 2979 if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list)) 2980 { 2981 if($mybb->get_input('manage') == "ignored") 2982 { 2983 $error_message = "ignore"; 2984 } 2985 else 2986 { 2987 $error_message = "buddy"; 2988 } 2989 2990 // On another list? 2991 $string = "users_already_on_".$error_message."_list"; 2992 if(in_array($user['uid'], $selected_list)) 2993 { 2994 $string .= "_alt"; 2995 } 2996 2997 $error_message = $lang->$string; 2998 array_pop($users); // To maintain a proper count when we call count($users) 2999 continue; 3000 } 3001 3002 if(isset($requests[$user['uid']])) 3003 { 3004 if($mybb->get_input('manage') != "ignored") 3005 { 3006 $error_message = $lang->users_already_sent_request; 3007 } 3008 elseif($mybb->get_input('manage') == "ignored") 3009 { 3010 $error_message = $lang->users_already_sent_request_alt; 3011 } 3012 3013 array_pop($users); // To maintain a proper count when we call count($users) 3014 continue; 3015 } 3016 3017 if(isset($requests_rec[$user['uid']])) 3018 { 3019 if($mybb->get_input('manage') != "ignored") 3020 { 3021 $error_message = $lang->users_already_rec_request; 3022 } 3023 elseif($mybb->get_input('manage') == "ignored") 3024 { 3025 $error_message = $lang->users_already_rec_request_alt; 3026 } 3027 3028 array_pop($users); // To maintain a proper count when we call count($users) 3029 continue; 3030 } 3031 3032 // Do we have auto approval set to On? 3033 if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored") 3034 { 3035 $existing_users[] = $user['uid']; 3036 3037 $pm = array( 3038 'subject' => 'buddyrequest_new_buddy', 3039 'message' => 'buddyrequest_new_buddy_message', 3040 'touid' => $user['uid'], 3041 'receivepms' => (int)$user['buddyrequestspm'], 3042 'language' => $user['language'], 3043 'language_file' => 'usercp' 3044 ); 3045 3046 send_pm($pm); 3047 } 3048 elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored") 3049 { 3050 // Send request 3051 $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW)); 3052 3053 $pm = array( 3054 'subject' => 'buddyrequest_received', 3055 'message' => 'buddyrequest_received_message', 3056 'touid' => $user['uid'], 3057 'receivepms' => (int)$user['buddyrequestspm'], 3058 'language' => $user['language'], 3059 'language_file' => 'usercp' 3060 ); 3061 3062 send_pm($pm); 3063 3064 $sent = true; 3065 } 3066 elseif($mybb->get_input('manage') == "ignored") 3067 { 3068 $existing_users[] = $user['uid']; 3069 } 3070 } 3071 } 3072 3073 if($found_users < count($users)) 3074 { 3075 if($error_message) 3076 { 3077 $error_message .= "<br />"; 3078 } 3079 3080 $error_message .= $lang->invalid_user_selected; 3081 } 3082 3083 if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1)) 3084 { 3085 if($mybb->get_input('manage') == "ignored") 3086 { 3087 $message = $lang->users_added_to_ignore_list; 3088 } 3089 else 3090 { 3091 $message = $lang->users_added_to_buddy_list; 3092 } 3093 } 3094 3095 if($adding_self == true) 3096 { 3097 if($mybb->get_input('manage') == "ignored") 3098 { 3099 $error_message = $lang->cant_add_self_to_ignore_list; 3100 } 3101 else 3102 { 3103 $error_message = $lang->cant_add_self_to_buddy_list; 3104 } 3105 } 3106 3107 if(count($existing_users) == 0) 3108 { 3109 $message = ""; 3110 3111 if($sent === true) 3112 { 3113 $message = $lang->buddyrequests_sent_success; 3114 } 3115 } 3116 } 3117 3118 // Removing a user from this list 3119 elseif($mybb->get_input('delete', MyBB::INPUT_INT)) 3120 { 3121 // Check if user exists on the list 3122 $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users); 3123 if($key !== false) 3124 { 3125 unset($existing_users[$key]); 3126 $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT)); 3127 if(!empty($user)) 3128 { 3129 // We want to remove us from this user's buddy list 3130 if($user['buddylist'] != '') 3131 { 3132 $user['buddylist'] = explode(',', $user['buddylist']); 3133 } 3134 else 3135 { 3136 $user['buddylist'] = array(); 3137 } 3138 3139 $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $user['buddylist']); 3140 unset($user['buddylist'][$key]); 3141 3142 // Now we have the new list, so throw it all back together 3143 $new_list = implode(",", $user['buddylist']); 3144 3145 // And clean it up a little to ensure there is no possibility of bad values 3146 $new_list = preg_replace("#,{2,}#", ",", $new_list); 3147 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 3148 3149 if(my_substr($new_list, 0, 1) == ",") 3150 { 3151 $new_list = my_substr($new_list, 1); 3152 } 3153 if(my_substr($new_list, -1) == ",") 3154 { 3155 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 3156 } 3157 3158 $user['buddylist'] = $db->escape_string($new_list); 3159 3160 $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'"); 3161 } 3162 3163 if($mybb->get_input('manage') == "ignored") 3164 { 3165 $message = $lang->removed_from_ignore_list; 3166 } 3167 else 3168 { 3169 $message = $lang->removed_from_buddy_list; 3170 } 3171 $user['username'] = htmlspecialchars_uni($user['username']); 3172 $message = $lang->sprintf($message, $user['username']); 3173 } 3174 } 3175 3176 // Now we have the new list, so throw it all back together 3177 $new_list = implode(",", $existing_users); 3178 3179 // And clean it up a little to ensure there is no possibility of bad values 3180 $new_list = preg_replace("#,{2,}#", ",", $new_list); 3181 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 3182 3183 if(my_substr($new_list, 0, 1) == ",") 3184 { 3185 $new_list = my_substr($new_list, 1); 3186 } 3187 if(my_substr($new_list, -1) == ",") 3188 { 3189 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 3190 } 3191 3192 // And update 3193 $user = array(); 3194 if($mybb->get_input('manage') == "ignored") 3195 { 3196 $user['ignorelist'] = $db->escape_string($new_list); 3197 $mybb->user['ignorelist'] = $user['ignorelist']; 3198 } 3199 else 3200 { 3201 $user['buddylist'] = $db->escape_string($new_list); 3202 $mybb->user['buddylist'] = $user['buddylist']; 3203 } 3204 3205 $db->update_query("users", $user, "uid='".$mybb->user['uid']."'"); 3206 3207 $plugins->run_hooks("usercp_do_editlists_end"); 3208 3209 // Ajax based request, throw new list to browser 3210 if(!empty($mybb->input['ajax'])) 3211 { 3212 if($mybb->get_input('manage') == "ignored") 3213 { 3214 $list = "ignore"; 3215 } 3216 else 3217 { 3218 $list = "buddy"; 3219 } 3220 3221 $message_js = ''; 3222 if($message) 3223 { 3224 $message_js = "$.jGrowl('{$message}', {theme:'jgrowl_success'});"; 3225 } 3226 3227 if($error_message) 3228 { 3229 $message_js .= " $.jGrowl('{$error_message}', {theme:'jgrowl_error'});"; 3230 } 3231 3232 if($mybb->get_input('delete', MyBB::INPUT_INT)) 3233 { 3234 header("Content-type: text/javascript"); 3235 echo "$(\"#".$mybb->get_input('manage')."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n"; 3236 if($new_list == "") 3237 { 3238 echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"0\");\n"; 3239 echo "\$(\"#buddylink\").remove();\n"; 3240 3241 if($mybb->get_input('manage') == "ignored") 3242 { 3243 echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n"; 3244 } 3245 else 3246 { 3247 echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n"; 3248 } 3249 } 3250 else 3251 { 3252 echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"".count(explode(",", $new_list))."\");\n"; 3253 } 3254 echo $message_js; 3255 exit; 3256 } 3257 $mybb->input['action'] = "editlists"; 3258 } 3259 else 3260 { 3261 if($error_message) 3262 { 3263 $message .= "<br />".$error_message; 3264 } 3265 redirect("usercp.php?action=editlists#".$mybb->get_input('manage'), $message); 3266 } 3267 } 3268 3269 if($mybb->input['action'] == "editlists") 3270 { 3271 $plugins->run_hooks("usercp_editlists_start"); 3272 3273 $timecut = TIME_NOW - $mybb->settings['wolcutoff']; 3274 3275 // Fetch out buddies 3276 $buddy_count = 0; 3277 $buddy_list = ''; 3278 if($mybb->user['buddylist']) 3279 { 3280 $type = "buddy"; 3281 $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username")); 3282 while($user = $db->fetch_array($query)) 3283 { 3284 $user['username'] = htmlspecialchars_uni($user['username']); 3285 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3286 if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive']) 3287 { 3288 $status = "online"; 3289 } 3290 else 3291 { 3292 $status = "offline"; 3293 } 3294 eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";"); 3295 ++$buddy_count; 3296 } 3297 } 3298 3299 $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count); 3300 if(!$buddy_list) 3301 { 3302 eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";"); 3303 } 3304 3305 // Fetch out ignore list users 3306 $ignore_count = 0; 3307 $ignore_list = ''; 3308 if($mybb->user['ignorelist']) 3309 { 3310 $type = "ignored"; 3311 $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username")); 3312 while($user = $db->fetch_array($query)) 3313 { 3314 $user['username'] = htmlspecialchars_uni($user['username']); 3315 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3316 if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive']) 3317 { 3318 $status = "online"; 3319 } 3320 else 3321 { 3322 $status = "offline"; 3323 } 3324 eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";"); 3325 ++$ignore_count; 3326 } 3327 } 3328 3329 $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count); 3330 if(!$ignore_list) 3331 { 3332 eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";"); 3333 } 3334 3335 // If an AJAX request from buddy management, echo out whatever the new list is. 3336 if($mybb->request_method == "post" && $mybb->input['ajax'] == 1) 3337 { 3338 if($mybb->input['manage'] == "ignored") 3339 { 3340 echo $ignore_list; 3341 echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>"; 3342 } 3343 else 3344 { 3345 if(isset($sent) && $sent === true) 3346 { 3347 $sent_rows = ''; 3348 $query = $db->query(" 3349 SELECT r.*, u.username 3350 FROM ".TABLE_PREFIX."buddyrequests r 3351 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid) 3352 WHERE r.uid=".(int)$mybb->user['uid']); 3353 3354 while($request = $db->fetch_array($query)) 3355 { 3356 $bgcolor = alt_trow(); 3357 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']); 3358 $request['date'] = my_date('relative', $request['date']); 3359 eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";"); 3360 } 3361 3362 if($sent_rows == '') 3363 { 3364 eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";"); 3365 } 3366 3367 eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";"); 3368 3369 echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>"; 3370 } 3371 else 3372 { 3373 echo $buddy_list; 3374 echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>"; 3375 } 3376 } 3377 exit; 3378 } 3379 3380 $received_rows = $bgcolor = ''; 3381 $query = $db->query(" 3382 SELECT r.*, u.username 3383 FROM ".TABLE_PREFIX."buddyrequests r 3384 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid) 3385 WHERE r.touid=".(int)$mybb->user['uid']); 3386 3387 while($request = $db->fetch_array($query)) 3388 { 3389 $bgcolor = alt_trow(); 3390 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']); 3391 $request['date'] = my_date('relative', $request['date']); 3392 eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";"); 3393 } 3394 3395 if($received_rows == '') 3396 { 3397 eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";"); 3398 } 3399 3400 eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";"); 3401 3402 $sent_rows = $bgcolor = ''; 3403 $query = $db->query(" 3404 SELECT r.*, u.username 3405 FROM ".TABLE_PREFIX."buddyrequests r 3406 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid) 3407 WHERE r.uid=".(int)$mybb->user['uid']); 3408 3409 while($request = $db->fetch_array($query)) 3410 { 3411 $bgcolor = alt_trow(); 3412 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']); 3413 $request['date'] = my_date('relative', $request['date']); 3414 eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";"); 3415 } 3416 3417 if($sent_rows == '') 3418 { 3419 eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";"); 3420 } 3421 3422 eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";"); 3423 3424 $plugins->run_hooks("usercp_editlists_end"); 3425 3426 eval("\$listpage = \"".$templates->get("usercp_editlists")."\";"); 3427 output_page($listpage); 3428 } 3429 3430 if($mybb->input['action'] == "drafts") 3431 { 3432 $plugins->run_hooks("usercp_drafts_start"); 3433 3434 $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'"); 3435 $draftcount = $db->fetch_field($query, 'draftcount'); 3436 3437 $drafts = $disable_delete_drafts = ''; 3438 $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount)); 3439 3440 // Show a listing of all of the current 'draft' posts or threads the user has. 3441 if($draftcount) 3442 { 3443 $query = $db->query(" 3444 SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible 3445 FROM ".TABLE_PREFIX."posts p 3446 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3447 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid) 3448 WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2' 3449 ORDER BY p.dateline DESC, p.pid DESC 3450 "); 3451 3452 while($draft = $db->fetch_array($query)) 3453 { 3454 $detail = ''; 3455 $trow = alt_trow(); 3456 if($draft['threadvisible'] == 1) // We're looking at a draft post 3457 { 3458 $draft['threadlink'] = get_thread_link($draft['tid']); 3459 $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']); 3460 eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";"); 3461 $editurl = "newreply.php?action=editdraft&pid={$draft['pid']}"; 3462 $id = $draft['pid']; 3463 $type = "post"; 3464 } 3465 elseif($draft['threadvisible'] == -2) // We're looking at a draft thread 3466 { 3467 $draft['forumlink'] = get_forum_link($draft['fid']); 3468 $draft['forumname'] = htmlspecialchars_uni($draft['forumname']); 3469 eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";"); 3470 $editurl = "newthread.php?action=editdraft&tid={$draft['tid']}"; 3471 $id = $draft['tid']; 3472 $type = "thread"; 3473 } 3474 3475 $draft['subject'] = htmlspecialchars_uni($draft['subject']); 3476 $savedate = my_date('relative', $draft['dateline']); 3477 eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";"); 3478 } 3479 } 3480 else 3481 { 3482 $disable_delete_drafts = 'disabled="disabled"'; 3483 eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";"); 3484 } 3485 3486 $plugins->run_hooks("usercp_drafts_end"); 3487 3488 eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";"); 3489 output_page($draftlist); 3490 } 3491 3492 if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post") 3493 { 3494 // Verify incoming POST request 3495 verify_post_check($mybb->get_input('my_post_key')); 3496 3497 $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY); 3498 if(empty($mybb->input['deletedraft'])) 3499 { 3500 error($lang->no_drafts_selected); 3501 } 3502 3503 $plugins->run_hooks("usercp_do_drafts_start"); 3504 3505 $pidin = array(); 3506 $tidin = array(); 3507 3508 foreach($mybb->input['deletedraft'] as $id => $val) 3509 { 3510 if($val == "post") 3511 { 3512 $pidin[] = "'".(int)$id."'"; 3513 } 3514 elseif($val == "thread") 3515 { 3516 $tidin[] = "'".(int)$id."'"; 3517 } 3518 } 3519 if($tidin) 3520 { 3521 $tidin = implode(",", $tidin); 3522 $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'"); 3523 $tidinp = "OR tid IN ($tidin)"; 3524 } 3525 else 3526 { 3527 $tidinp = ''; 3528 } 3529 if($pidin || $tidinp) 3530 { 3531 $pidinq = $tidin = ''; 3532 if($pidin) 3533 { 3534 $pidin = implode(",", $pidin); 3535 $pidinq = "pid IN ($pidin)"; 3536 } 3537 else 3538 { 3539 $pidinq = "1=0"; 3540 } 3541 $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'"); 3542 } 3543 $plugins->run_hooks("usercp_do_drafts_end"); 3544 redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted); 3545 } 3546 3547 if($mybb->input['action'] == "usergroups") 3548 { 3549 $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].","; 3550 3551 $usergroups = $mybb->cache->read('usergroups'); 3552 3553 $plugins->run_hooks("usercp_usergroups_start"); 3554 3555 // Changing our display group 3556 if($mybb->get_input('displaygroup', MyBB::INPUT_INT)) 3557 { 3558 // Verify incoming POST request 3559 verify_post_check($mybb->get_input('my_post_key')); 3560 3561 if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false) 3562 { 3563 error($lang->not_member_of_group); 3564 } 3565 3566 $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)]; 3567 if($dispgroup['candisplaygroup'] != 1) 3568 { 3569 error($lang->cannot_set_displaygroup); 3570 } 3571 $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'"); 3572 $cache->update_moderators(); 3573 $plugins->run_hooks("usercp_usergroups_change_displaygroup"); 3574 redirect("usercp.php?action=usergroups", $lang->display_group_changed); 3575 exit; 3576 } 3577 3578 // Leaving a group 3579 if($mybb->get_input('leavegroup', MyBB::INPUT_INT)) 3580 { 3581 // Verify incoming POST request 3582 verify_post_check($mybb->get_input('my_post_key')); 3583 3584 if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false) 3585 { 3586 error($lang->not_member_of_group); 3587 } 3588 if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT)) 3589 { 3590 error($lang->cannot_leave_primary_group); 3591 } 3592 3593 $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)]; 3594 if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5) 3595 { 3596 error($lang->cannot_leave_group); 3597 } 3598 leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT)); 3599 $plugins->run_hooks("usercp_usergroups_leave_group"); 3600 redirect("usercp.php?action=usergroups", $lang->left_group); 3601 exit; 3602 } 3603 3604 $groupleaders = array(); 3605 3606 // List of usergroup leaders 3607 $query = $db->query(" 3608 SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language 3609 FROM ".TABLE_PREFIX."groupleaders g 3610 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid) 3611 ORDER BY u.username ASC 3612 "); 3613 while($leader = $db->fetch_array($query)) 3614 { 3615 $groupleaders[$leader['gid']][$leader['uid']] = $leader; 3616 } 3617 3618 // Joining a group 3619 if($mybb->get_input('joingroup', MyBB::INPUT_INT)) 3620 { 3621 // Verify incoming POST request 3622 verify_post_check($mybb->get_input('my_post_key')); 3623 3624 $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)]; 3625 3626 if($usergroup['type'] == 5) 3627 { 3628 error($lang->cannot_join_invite_group); 3629 } 3630 3631 if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid']) 3632 { 3633 error($lang->cannot_join_group); 3634 } 3635 3636 if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false) 3637 { 3638 error($lang->already_member_of_group); 3639 } 3640 3641 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'"); 3642 $joinrequest = $db->fetch_array($query); 3643 3644 if(!empty($joinrequest['rid'])) 3645 { 3646 error($lang->already_sent_join_request); 3647 } 3648 3649 if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4) 3650 { 3651 $reasonlength = my_strlen($mybb->get_input('reason')); 3652 3653 if($reasonlength > 250) // Reason field is varchar(250) in database 3654 { 3655 error($lang->sprintf($lang->joinreason_too_long, ($reasonlength - 250))); 3656 } 3657 3658 $now = TIME_NOW; 3659 $joinrequest = array( 3660 "uid" => $mybb->user['uid'], 3661 "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT), 3662 "reason" => $db->escape_string($mybb->get_input('reason')), 3663 "dateline" => TIME_NOW 3664 ); 3665 3666 $db->insert_query("joinrequests", $joinrequest); 3667 3668 if(array_key_exists($usergroup['gid'], $groupleaders)) 3669 { 3670 foreach($groupleaders[$usergroup['gid']] as $leader) 3671 { 3672 // Load language 3673 $lang->set_language($leader['language']); 3674 $lang->load("messages"); 3675 3676 $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']); 3677 $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']); 3678 my_mail($leader['email'], $subject, $message); 3679 } 3680 } 3681 3682 // Load language 3683 $lang->set_language($mybb->user['language']); 3684 $lang->load("messages"); 3685 3686 $plugins->run_hooks("usercp_usergroups_join_group_request"); 3687 redirect("usercp.php?action=usergroups", $lang->group_join_requestsent); 3688 exit; 3689 } 3690 elseif($usergroup['type'] == 4) 3691 { 3692 $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT); 3693 eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";"); 3694 output_page($joinpage); 3695 exit; 3696 } 3697 else 3698 { 3699 join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT)); 3700 $plugins->run_hooks("usercp_usergroups_join_group"); 3701 redirect("usercp.php?action=usergroups", $lang->joined_group); 3702 } 3703 } 3704 3705 // Accepting invitation 3706 if($mybb->get_input('acceptinvite', MyBB::INPUT_INT)) 3707 { 3708 // Verify incoming POST request 3709 verify_post_check($mybb->get_input('my_post_key')); 3710 3711 $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)]; 3712 3713 if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false) 3714 { 3715 error($lang->already_accepted_invite); 3716 } 3717 3718 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'"); 3719 $joinrequest = $db->fetch_array($query); 3720 if($joinrequest['rid']) 3721 { 3722 join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT)); 3723 $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'"); 3724 $plugins->run_hooks("usercp_usergroups_accept_invite"); 3725 redirect("usercp.php?action=usergroups", $lang->joined_group); 3726 } 3727 else 3728 { 3729 error($lang->no_pending_invitation); 3730 } 3731 } 3732 // Show listing of various group related things 3733 3734 // List of groups this user is a leader of 3735 $groupsledlist = ''; 3736 3737 switch($db->type) 3738 { 3739 case "pgsql": 3740 case "sqlite": 3741 $query = $db->query(" 3742 SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3743 FROM ".TABLE_PREFIX."groupleaders l 3744 LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid) 3745 LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid)) 3746 LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0) 3747 WHERE l.uid='".$mybb->user['uid']."' 3748 GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3749 "); 3750 break; 3751 default: 3752 $query = $db->query(" 3753 SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3754 FROM ".TABLE_PREFIX."groupleaders l 3755 LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid) 3756 LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid)) 3757 LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0) 3758 WHERE l.uid='".$mybb->user['uid']."' 3759 GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3760 "); 3761 } 3762 3763 while($usergroup = $db->fetch_array($query)) 3764 { 3765 $memberlistlink = $moderaterequestslink = ''; 3766 eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";"); 3767 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3768 if($usergroup['type'] != 4) 3769 { 3770 $usergroup['joinrequests'] = '--'; 3771 } 3772 if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1) 3773 { 3774 eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";"); 3775 } 3776 $groupleader[$usergroup['gid']] = 1; 3777 $trow = alt_trow(); 3778 eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";"); 3779 } 3780 $leadinggroups = ''; 3781 if($groupsledlist) 3782 { 3783 eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";"); 3784 } 3785 3786 // Fetch the list of groups the member is in 3787 // Do the primary group first 3788 $usergroup = $usergroups[$mybb->user['usergroup']]; 3789 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3790 $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']); 3791 if($usergroup['description']) 3792 { 3793 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3794 eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";"); 3795 } 3796 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";"); 3797 $trow = alt_trow(); 3798 if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup']) 3799 { 3800 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";"); 3801 } 3802 elseif($usergroup['candisplaygroup'] == 1) 3803 { 3804 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";"); 3805 } 3806 else 3807 { 3808 $displaycode = ''; 3809 } 3810 3811 eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";"); 3812 $showmemberof = false; 3813 if($mybb->user['additionalgroups']) 3814 { 3815 $additionalgroups = implode( 3816 ',', 3817 array_map( 3818 'intval', 3819 explode(',', $mybb->user['additionalgroups']) 3820 ) 3821 ); 3822 $query = $db->simple_select("usergroups", "*", "gid IN (".$additionalgroups.") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title')); 3823 while($usergroup = $db->fetch_array($query)) 3824 { 3825 $showmemberof = true; 3826 3827 if(isset($groupleader[$usergroup['gid']])) 3828 { 3829 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";"); 3830 } 3831 elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5) 3832 { 3833 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";"); 3834 } 3835 else 3836 { 3837 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";"); 3838 } 3839 3840 $description = ''; 3841 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3842 $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']); 3843 if($usergroup['description']) 3844 { 3845 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3846 eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";"); 3847 } 3848 $trow = alt_trow(); 3849 if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup']) 3850 { 3851 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";"); 3852 } 3853 elseif($usergroup['candisplaygroup'] == 1) 3854 { 3855 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";"); 3856 } 3857 else 3858 { 3859 $displaycode = ''; 3860 } 3861 eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";"); 3862 } 3863 } 3864 eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";"); 3865 3866 // List of groups this user has applied for but has not been accepted in to 3867 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'"); 3868 while($request = $db->fetch_array($query)) 3869 { 3870 $appliedjoin[$request['gid']] = $request['dateline']; 3871 } 3872 3873 // Fetch list of groups the member can join 3874 $existinggroups = $mybb->