| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'usercp.php'); 13 define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions"); 14 15 $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon"; 16 $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post"; 17 $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation"; 18 $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom"; 19 $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle"; 20 $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text"; 21 $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings"; 22 $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join"; 23 $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start"; 24 $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_latest_subscribed_threads,usercp_profile_day,usercp_nav_home"; 25 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox"; 26 $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options"; 27 $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user"; 28 $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms"; 29 $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format"; 30 $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply"; 31 $templatelist .= ",usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,"; 32 33 require_once "./global.php"; 34 require_once MYBB_ROOT."inc/functions_post.php"; 35 require_once MYBB_ROOT."inc/functions_search.php"; 36 require_once MYBB_ROOT."inc/functions_user.php"; 37 require_once MYBB_ROOT."inc/class_parser.php"; 38 $parser = new postParser; 39 40 // Load global language phrases 41 $lang->load("usercp"); 42 43 if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0) 44 { 45 error_no_permission(); 46 } 47 48 $errors = ''; 49 50 $mybb->input['action'] = $mybb->get_input('action'); 51 52 usercp_menu(); 53 54 $server_http_referer = ''; 55 if(isset($_SERVER['HTTP_REFERER'])) 56 { 57 $server_http_referer = htmlentities($_SERVER['HTTP_REFERER']); 58 59 if(my_strpos($server_http_referer, $mybb->settings['bburl'].'/') !== 0) 60 { 61 if(my_strpos($server_http_referer, '/') === 0) 62 { 63 $server_http_referer = my_substr($server_http_referer, 1); 64 } 65 $url_segments = explode('/', $server_http_referer); 66 $server_http_referer = $mybb->settings['bburl'].'/'.end($url_segments); 67 } 68 } 69 70 $plugins->run_hooks("usercp_start"); 71 if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post") 72 { 73 require_once MYBB_ROOT."inc/datahandlers/user.php"; 74 $userhandler = new UserDataHandler(); 75 76 $data = array( 77 'uid' => $mybb->user['uid'], 78 'signature' => $mybb->get_input('signature'), 79 ); 80 81 $userhandler->set_data($data); 82 83 if(!$userhandler->verify_signature()) 84 { 85 $error = inline_error($userhandler->get_friendly_errors()); 86 } 87 88 if(isset($error) || !empty($mybb->input['preview'])) 89 { 90 $mybb->input['action'] = "editsig"; 91 } 92 } 93 94 // Make navigation 95 add_breadcrumb($lang->nav_usercp, "usercp.php"); 96 97 switch($mybb->input['action']) 98 { 99 case "profile": 100 case "do_profile": 101 add_breadcrumb($lang->ucp_nav_profile); 102 break; 103 case "options": 104 case "do_options": 105 add_breadcrumb($lang->nav_options); 106 break; 107 case "email": 108 case "do_email": 109 add_breadcrumb($lang->nav_email); 110 break; 111 case "password": 112 case "do_password": 113 add_breadcrumb($lang->nav_password); 114 break; 115 case "changename": 116 case "do_changename": 117 add_breadcrumb($lang->nav_changename); 118 break; 119 case "subscriptions": 120 add_breadcrumb($lang->ucp_nav_subscribed_threads); 121 break; 122 case "forumsubscriptions": 123 add_breadcrumb($lang->ucp_nav_forum_subscriptions); 124 break; 125 case "editsig": 126 case "do_editsig": 127 add_breadcrumb($lang->nav_editsig); 128 break; 129 case "avatar": 130 case "do_avatar": 131 add_breadcrumb($lang->nav_avatar); 132 break; 133 case "notepad": 134 case "do_notepad": 135 add_breadcrumb($lang->ucp_nav_notepad); 136 break; 137 case "editlists": 138 case "do_editlists": 139 add_breadcrumb($lang->ucp_nav_editlists); 140 break; 141 case "drafts": 142 add_breadcrumb($lang->ucp_nav_drafts); 143 break; 144 case "usergroups": 145 add_breadcrumb($lang->ucp_nav_usergroups); 146 break; 147 case "attachments": 148 add_breadcrumb($lang->ucp_nav_attachments); 149 break; 150 } 151 152 if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post") 153 { 154 // Verify incoming POST request 155 verify_post_check($mybb->get_input('my_post_key')); 156 157 $user = array(); 158 159 $plugins->run_hooks("usercp_do_profile_start"); 160 161 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 162 { 163 $awaydate = TIME_NOW; 164 if(!empty($mybb->input['awayday'])) 165 { 166 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 167 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 168 { 169 $mybb->input['awaymonth'] = my_date('n', $awaydate); 170 } 171 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 172 { 173 $mybb->input['awayyear'] = my_date('Y', $awaydate); 174 } 175 176 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 177 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 178 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 179 180 // Check if return date is after the away date. 181 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 182 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 183 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 184 { 185 error($lang->error_usercp_return_date_past); 186 } 187 188 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 189 } 190 else 191 { 192 $returndate = ""; 193 } 194 $away = array( 195 "away" => 1, 196 "date" => $awaydate, 197 "returndate" => $returndate, 198 "awayreason" => $mybb->get_input('awayreason') 199 ); 200 } 201 else 202 { 203 $away = array( 204 "away" => 0, 205 "date" => '', 206 "returndate" => '', 207 "awayreason" => '' 208 ); 209 } 210 211 $bday = array( 212 "day" => $mybb->get_input('bday1', MyBB::INPUT_INT), 213 "month" => $mybb->get_input('bday2', MyBB::INPUT_INT), 214 "year" => $mybb->get_input('bday3', MyBB::INPUT_INT) 215 ); 216 217 // Set up user handler. 218 require_once MYBB_ROOT."inc/datahandlers/user.php"; 219 $userhandler = new UserDataHandler("update"); 220 221 $user = array_merge($user, array( 222 "uid" => $mybb->user['uid'], 223 "postnum" => $mybb->user['postnum'], 224 "usergroup" => $mybb->user['usergroup'], 225 "additionalgroups" => $mybb->user['additionalgroups'], 226 "birthday" => $bday, 227 "birthdayprivacy" => $mybb->get_input('birthdayprivacy'), 228 "away" => $away, 229 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY) 230 )); 231 232 if($mybb->usergroup['canchangewebsite'] == 1) 233 { 234 $user['website'] = $mybb->get_input('website'); 235 } 236 237 if($mybb->usergroup['cancustomtitle'] == 1) 238 { 239 if($mybb->get_input('usertitle') != '') 240 { 241 $user['usertitle'] = $mybb->get_input('usertitle'); 242 } 243 elseif(!empty($mybb->input['reverttitle'])) 244 { 245 $user['usertitle'] = ''; 246 } 247 } 248 $userhandler->set_data($user); 249 250 if(!$userhandler->validate_user()) 251 { 252 $errors = $userhandler->get_friendly_errors(); 253 $raw_errors = $userhandler->get_errors(); 254 255 // Set to stored value if invalid 256 if(array_key_exists("invalid_birthday_privacy", $raw_errors) || array_key_exists("conflicted_birthday_privacy", $raw_errors)) 257 { 258 $mybb->input['birthdayprivacy'] = $mybb->user['birthdayprivacy']; 259 $bday = explode("-", $mybb->user['birthday']); 260 261 if(isset($bday[2])) 262 { 263 $mybb->input['bday3'] = $bday[2]; 264 } 265 } 266 267 $errors = inline_error($errors); 268 $mybb->input['action'] = "profile"; 269 } 270 else 271 { 272 $userhandler->update_user(); 273 274 $plugins->run_hooks("usercp_do_profile_end"); 275 redirect("usercp.php?action=profile", $lang->redirect_profileupdated); 276 } 277 } 278 279 if($mybb->input['action'] == "profile") 280 { 281 if($errors) 282 { 283 $user = $mybb->input; 284 $bday = array(); 285 $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT); 286 $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT); 287 $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT); 288 } 289 else 290 { 291 $user = $mybb->user; 292 $bday = explode("-", $user['birthday']); 293 if(!isset($bday[1])) 294 { 295 $bday[1] = 0; 296 } 297 } 298 if(!isset($bday[2]) || $bday[2] == 0) 299 { 300 $bday[2] = ''; 301 } 302 303 $plugins->run_hooks("usercp_profile_start"); 304 305 $bdaydaysel = ''; 306 for($day = 1; $day <= 31; ++$day) 307 { 308 if($bday[0] == $day) 309 { 310 $selected = "selected=\"selected\""; 311 } 312 else 313 { 314 $selected = ''; 315 } 316 317 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 318 } 319 320 $bdaymonthsel = array(); 321 foreach(range(1, 12) as $month) 322 { 323 $bdaymonthsel[$month] = ''; 324 } 325 $bdaymonthsel[$bday[1]] = 'selected="selected"'; 326 327 $allselected = $noneselected = $ageselected = ''; 328 if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy']) 329 { 330 $allselected = " selected=\"selected\""; 331 } 332 elseif($user['birthdayprivacy'] == 'none') 333 { 334 $noneselected = " selected=\"selected\""; 335 } 336 elseif($user['birthdayprivacy'] == 'age') 337 { 338 $ageselected = " selected=\"selected\""; 339 } 340 341 if(!my_validate_url($user['website'])) 342 { 343 $user['website'] = ''; 344 } 345 else 346 { 347 $user['website'] = htmlspecialchars_uni($user['website']); 348 } 349 350 $awaysection = ''; 351 if($mybb->settings['allowaway'] != 0) 352 { 353 $awaycheck = array('', ''); 354 if($errors) 355 { 356 if($user['away'] == 1) 357 { 358 $awaycheck[1] = "checked=\"checked\""; 359 } 360 else 361 { 362 $awaycheck[0] = "checked=\"checked\""; 363 } 364 $returndate = array(); 365 $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT); 366 $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT); 367 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 368 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 369 } 370 else 371 { 372 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 373 if($mybb->user['away'] == 1) 374 { 375 $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']); 376 $awaycheck[1] = "checked=\"checked\""; 377 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 378 } 379 else 380 { 381 $awaynotice = $lang->away_notice; 382 $awaycheck[0] = "checked=\"checked\""; 383 } 384 $returndate = explode("-", $mybb->user['returndate']); 385 if(!isset($returndate[1])) 386 { 387 $returndate[1] = 0; 388 } 389 if(!isset($returndate[2])) 390 { 391 $returndate[2] = ''; 392 } 393 } 394 395 $returndatesel = ''; 396 for($day = 1; $day <= 31; ++$day) 397 { 398 if($returndate[0] == $day) 399 { 400 $selected = "selected=\"selected\""; 401 } 402 else 403 { 404 $selected = ''; 405 } 406 407 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 408 } 409 410 $returndatemonthsel = array(); 411 foreach(range(1, 12) as $month) 412 { 413 $returndatemonthsel[$month] = ''; 414 } 415 $returndatemonthsel[$returndate[1]] = "selected"; 416 417 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 418 } 419 420 // Custom profile fields baby! 421 $altbg = "trow1"; 422 $requiredfields = $customfields = ''; 423 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 424 425 $pfcache = $cache->read('profilefields'); 426 427 if(is_array($pfcache)) 428 { 429 foreach($pfcache as $profilefield) 430 { 431 if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum'])) 432 { 433 continue; 434 } 435 436 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 437 $seloptions = array(); 438 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 439 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 440 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 441 $thing = explode("\n", $profilefield['type'], "2"); 442 $type = $thing[0]; 443 if(isset($thing[1])) 444 { 445 $options = $thing[1]; 446 } 447 else 448 { 449 $options = array(); 450 } 451 $field = "fid{$profilefield['fid']}"; 452 if($errors) 453 { 454 if(!isset($mybb->input['profile_fields'][$field])) 455 { 456 $mybb->input['profile_fields'][$field] = ''; 457 } 458 $userfield = $mybb->input['profile_fields'][$field]; 459 } 460 else 461 { 462 $userfield = $user[$field]; 463 } 464 if($type == "multiselect") 465 { 466 if($errors) 467 { 468 $useropts = $userfield; 469 } 470 else 471 { 472 $useropts = explode("\n", $userfield); 473 } 474 if(is_array($useropts)) 475 { 476 foreach($useropts as $key => $val) 477 { 478 $val = htmlspecialchars_uni($val); 479 $seloptions[$val] = $val; 480 } 481 } 482 $expoptions = explode("\n", $options); 483 if(is_array($expoptions)) 484 { 485 foreach($expoptions as $key => $val) 486 { 487 $val = trim($val); 488 $val = str_replace("\n", "\\n", $val); 489 490 $sel = ""; 491 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 492 { 493 $sel = " selected=\"selected\""; 494 } 495 496 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 497 } 498 if(!$profilefield['length']) 499 { 500 $profilefield['length'] = 3; 501 } 502 503 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 504 } 505 } 506 elseif($type == "select") 507 { 508 $expoptions = explode("\n", $options); 509 if(is_array($expoptions)) 510 { 511 foreach($expoptions as $key => $val) 512 { 513 $val = trim($val); 514 $val = str_replace("\n", "\\n", $val); 515 $sel = ""; 516 if($val == htmlspecialchars_uni($userfield)) 517 { 518 $sel = " selected=\"selected\""; 519 } 520 521 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 522 } 523 if(!$profilefield['length']) 524 { 525 $profilefield['length'] = 1; 526 } 527 528 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 529 } 530 } 531 elseif($type == "radio") 532 { 533 $userfield = htmlspecialchars_uni($userfield); 534 $expoptions = explode("\n", $options); 535 if(is_array($expoptions)) 536 { 537 foreach($expoptions as $key => $val) 538 { 539 $checked = ""; 540 if($val == $userfield) 541 { 542 $checked = " checked=\"checked\""; 543 } 544 545 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 546 } 547 } 548 } 549 elseif($type == "checkbox") 550 { 551 $userfield = htmlspecialchars_uni($userfield); 552 if($errors) 553 { 554 $useropts = $userfield; 555 } 556 else 557 { 558 $useropts = explode("\n", $userfield); 559 } 560 if(is_array($useropts)) 561 { 562 foreach($useropts as $key => $val) 563 { 564 $seloptions[$val] = $val; 565 } 566 } 567 $expoptions = explode("\n", $options); 568 if(is_array($expoptions)) 569 { 570 foreach($expoptions as $key => $val) 571 { 572 $checked = ""; 573 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 574 { 575 $checked = " checked=\"checked\""; 576 } 577 578 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 579 } 580 } 581 } 582 elseif($type == "textarea") 583 { 584 $value = htmlspecialchars_uni($userfield); 585 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 586 } 587 else 588 { 589 $value = htmlspecialchars_uni($userfield); 590 $maxlength = ""; 591 if($profilefield['maxlength'] > 0) 592 { 593 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 594 } 595 596 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 597 } 598 599 if($profilefield['required'] == 1) 600 { 601 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 602 } 603 else 604 { 605 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 606 } 607 $altbg = alt_trow(); 608 } 609 } 610 if($customfields) 611 { 612 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 613 } 614 615 if($mybb->usergroup['cancustomtitle'] == 1) 616 { 617 if($mybb->usergroup['usertitle'] == "") 618 { 619 $defaulttitle = ''; 620 $usertitles = $cache->read('usertitles'); 621 622 foreach($usertitles as $title) 623 { 624 if($title['posts'] <= $mybb->user['postnum']) 625 { 626 $defaulttitle = htmlspecialchars_uni($title['title']); 627 break; 628 } 629 } 630 } 631 else 632 { 633 $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']); 634 } 635 636 $newtitle = ''; 637 if(trim($user['usertitle']) == '') 638 { 639 $lang->current_custom_usertitle = ''; 640 } 641 else 642 { 643 if($errors) 644 { 645 $newtitle = htmlspecialchars_uni($user['usertitle']); 646 $user['usertitle'] = $mybb->user['usertitle']; 647 } 648 } 649 650 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 651 652 $currentcustom = $reverttitle = ''; 653 if(!empty($mybb->user['usertitle'])) 654 { 655 eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";"); 656 657 if($mybb->user['usertitle'] != $mybb->usergroup['usertitle']) 658 { 659 eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";"); 660 } 661 } 662 663 eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";"); 664 } 665 else 666 { 667 $customtitle = ""; 668 } 669 670 $website = ''; 671 if($mybb->usergroup['canchangewebsite'] == 1) 672 { 673 eval("\$website = \"".$templates->get("usercp_profile_website")."\";"); 674 } 675 676 $plugins->run_hooks("usercp_profile_end"); 677 678 eval("\$editprofile = \"".$templates->get("usercp_profile")."\";"); 679 output_page($editprofile); 680 } 681 682 if($mybb->input['action'] == "do_options" && $mybb->request_method == "post") 683 { 684 // Verify incoming POST request 685 verify_post_check($mybb->get_input('my_post_key')); 686 687 $user = array(); 688 689 $plugins->run_hooks("usercp_do_options_start"); 690 691 // Set up user handler. 692 require_once MYBB_ROOT."inc/datahandlers/user.php"; 693 $userhandler = new UserDataHandler("update"); 694 695 $user = array_merge($user, array( 696 "uid" => $mybb->user['uid'], 697 "style" => $mybb->get_input('style', MyBB::INPUT_INT), 698 "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT), 699 "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT), 700 "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')), 701 "language" => $mybb->get_input('language'), 702 'usergroup' => $mybb->user['usergroup'], 703 'additionalgroups' => $mybb->user['additionalgroups'] 704 )); 705 706 $user['options'] = array( 707 "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT), 708 "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT), 709 "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT), 710 "invisible" => 0, 711 "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT), 712 "threadmode" => $mybb->get_input('threadmode'), 713 "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT), 714 "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT), 715 "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT), 716 "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT), 717 "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT), 718 "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT), 719 "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT), 720 "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT), 721 "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT), 722 "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT), 723 "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT), 724 "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT), 725 "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT), 726 "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT), 727 "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT), 728 "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT) 729 ); 730 731 if($mybb->usergroup['canbeinvisible'] == 1) 732 { 733 $user['options']['invisible'] = $mybb->get_input('invisible', MyBB::INPUT_INT); 734 } 735 736 if($mybb->settings['usertppoptions']) 737 { 738 $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT); 739 } 740 741 if($mybb->settings['userpppoptions']) 742 { 743 $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT); 744 } 745 746 $userhandler->set_data($user); 747 748 if(!$userhandler->validate_user()) 749 { 750 $errors = $userhandler->get_friendly_errors(); 751 $errors = inline_error($errors); 752 $mybb->input['action'] = "options"; 753 } 754 else 755 { 756 $userhandler->update_user(); 757 758 $plugins->run_hooks("usercp_do_options_end"); 759 760 redirect("usercp.php?action=options", $lang->redirect_optionsupdated); 761 } 762 } 763 764 if($mybb->input['action'] == "options") 765 { 766 if($errors != '') 767 { 768 $user = $mybb->input; 769 } 770 else 771 { 772 $user = $mybb->user; 773 } 774 775 $plugins->run_hooks("usercp_options_start"); 776 777 $languages = $lang->get_languages(); 778 $board_language = $langoptions = ''; 779 if(count($languages) > 1) 780 { 781 foreach($languages as $name => $language) 782 { 783 $language = htmlspecialchars_uni($language); 784 785 $sel = ''; 786 if(isset($user['language']) && $user['language'] == $name) 787 { 788 $sel = " selected=\"selected\""; 789 } 790 791 eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";'); 792 } 793 794 eval('$board_language = "'.$templates->get('usercp_options_language').'";'); 795 } 796 797 // Lets work out which options the user has selected and check the boxes 798 if(isset($user['allownotices']) && $user['allownotices'] == 1) 799 { 800 $allownoticescheck = "checked=\"checked\""; 801 } 802 else 803 { 804 $allownoticescheck = ""; 805 } 806 807 $canbeinvisible = ''; 808 809 // Check usergroup permission before showing invisible check box 810 if($mybb->usergroup['canbeinvisible'] == 1) 811 { 812 if(isset($user['invisible']) && $user['invisible'] == 1) 813 { 814 $invisiblecheck = "checked=\"checked\""; 815 } 816 else 817 { 818 $invisiblecheck = ""; 819 } 820 eval('$canbeinvisible = "'.$templates->get("usercp_options_invisible")."\";"); 821 } 822 823 if(isset($user['hideemail']) && $user['hideemail'] == 1) 824 { 825 $hideemailcheck = "checked=\"checked\""; 826 } 827 else 828 { 829 $hideemailcheck = ""; 830 } 831 832 $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = ''; 833 if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1) 834 { 835 $no_subscribe_selected = "selected=\"selected\""; 836 } 837 elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2) 838 { 839 $instant_email_subscribe_selected = "selected=\"selected\""; 840 } 841 elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3) 842 { 843 $instant_pm_subscribe_selected = "selected=\"selected\""; 844 } 845 else 846 { 847 $no_auto_subscribe_selected = "selected=\"selected\""; 848 } 849 850 if(isset($user['showimages']) && $user['showimages'] == 1) 851 { 852 $showimagescheck = "checked=\"checked\""; 853 } 854 else 855 { 856 $showimagescheck = ""; 857 } 858 859 if(isset($user['showvideos']) && $user['showvideos'] == 1) 860 { 861 $showvideoscheck = "checked=\"checked\""; 862 } 863 else 864 { 865 $showvideoscheck = ""; 866 } 867 868 if(isset($user['showsigs']) && $user['showsigs'] == 1) 869 { 870 $showsigscheck = "checked=\"checked\""; 871 } 872 else 873 { 874 $showsigscheck = ""; 875 } 876 877 if(isset($user['showavatars']) && $user['showavatars'] == 1) 878 { 879 $showavatarscheck = "checked=\"checked\""; 880 } 881 else 882 { 883 $showavatarscheck = ""; 884 } 885 886 if(isset($user['showquickreply']) && $user['showquickreply'] == 1) 887 { 888 $showquickreplycheck = "checked=\"checked\""; 889 } 890 else 891 { 892 $showquickreplycheck = ""; 893 } 894 895 if(isset($user['receivepms']) && $user['receivepms'] == 1) 896 { 897 $receivepmscheck = "checked=\"checked\""; 898 } 899 else 900 { 901 $receivepmscheck = ""; 902 } 903 904 if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1) 905 { 906 $receivefrombuddycheck = "checked=\"checked\""; 907 } 908 else 909 { 910 $receivefrombuddycheck = ""; 911 } 912 913 if(isset($user['pmnotice']) && $user['pmnotice'] >= 1) 914 { 915 $pmnoticecheck = " checked=\"checked\""; 916 } 917 else 918 { 919 $pmnoticecheck = ""; 920 } 921 922 $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = ''; 923 if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2) 924 { 925 $dst_auto_selected = "selected=\"selected\""; 926 } 927 elseif(isset($user['dstcorrection']) && $user['dstcorrection'] == 1) 928 { 929 $dst_enabled_selected = "selected=\"selected\""; 930 } 931 else 932 { 933 $dst_disabled_selected = "selected=\"selected\""; 934 } 935 936 if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1) 937 { 938 $showcodebuttonscheck = "checked=\"checked\""; 939 } 940 else 941 { 942 $showcodebuttonscheck = ""; 943 } 944 945 if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1) 946 { 947 $sourcemodecheck = "checked=\"checked\""; 948 } 949 else 950 { 951 $sourcemodecheck = ""; 952 } 953 954 if(isset($user['showredirect']) && $user['showredirect'] != 0) 955 { 956 $showredirectcheck = "checked=\"checked\""; 957 } 958 else 959 { 960 $showredirectcheck = ""; 961 } 962 963 if(isset($user['pmnotify']) && $user['pmnotify'] != 0) 964 { 965 $pmnotifycheck = "checked=\"checked\""; 966 } 967 else 968 { 969 $pmnotifycheck = ''; 970 } 971 972 if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0) 973 { 974 $buddyrequestspmcheck = "checked=\"checked\""; 975 } 976 else 977 { 978 $buddyrequestspmcheck = ''; 979 } 980 981 if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0) 982 { 983 $buddyrequestsautocheck = "checked=\"checked\""; 984 } 985 else 986 { 987 $buddyrequestsautocheck = ''; 988 } 989 990 if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear")) 991 { 992 $user['threadmode'] = ''; // Leave blank to show default 993 } 994 995 if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0) 996 { 997 $classicpostbitcheck = "checked=\"checked\""; 998 } 999 else 1000 { 1001 $classicpostbitcheck = ''; 1002 } 1003 1004 $date_format_options = $dateformat = ''; 1005 foreach($date_formats as $key => $format) 1006 { 1007 $selected = ''; 1008 if(isset($user['dateformat']) && $user['dateformat'] == $key) 1009 { 1010 $selected = " selected=\"selected\""; 1011 } 1012 1013 $dateformat = my_date($format, TIME_NOW, "", 0); 1014 eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";"); 1015 } 1016 1017 $time_format_options = $timeformat = ''; 1018 foreach($time_formats as $key => $format) 1019 { 1020 $selected = ''; 1021 if(isset($user['timeformat']) && $user['timeformat'] == $key) 1022 { 1023 $selected = " selected=\"selected\""; 1024 } 1025 1026 $timeformat = my_date($format, TIME_NOW, "", 0); 1027 eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";"); 1028 } 1029 1030 $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true); 1031 1032 $pms_from_buddys = ''; 1033 if($mybb->settings['allowbuddyonly'] == 1) 1034 { 1035 eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";"); 1036 } 1037 1038 $pms = ''; 1039 if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1) 1040 { 1041 eval("\$pms = \"".$templates->get("usercp_options_pms")."\";"); 1042 } 1043 1044 $quick_reply = ''; 1045 if($mybb->settings['quickreply'] == 1) 1046 { 1047 eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";"); 1048 } 1049 1050 $threadview = array('linear' => '', 'threaded' => ''); 1051 if(isset($user['threadmode']) && is_scalar($user['threadmode'])) 1052 { 1053 $threadview[$user['threadmode']] = 'selected="selected"'; 1054 } 1055 $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => ''); 1056 if(isset($user['daysprune']) && is_numeric($user['daysprune'])) 1057 { 1058 $daysprunesel[$user['daysprune']] = 'selected="selected"'; 1059 } 1060 if(!isset($user['style'])) 1061 { 1062 $user['style'] = ''; 1063 } 1064 1065 $board_style = $stylelist = ''; 1066 $stylelist = build_theme_select("style", $user['style']); 1067 1068 if(!empty($stylelist)) 1069 { 1070 eval('$board_style = "'.$templates->get('usercp_options_style').'";'); 1071 } 1072 1073 $tppselect = $pppselect = ''; 1074 if($mybb->settings['usertppoptions']) 1075 { 1076 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 1077 $tppoptions = $tpp_option = ''; 1078 if(is_array($explodedtpp)) 1079 { 1080 foreach($explodedtpp as $key => $val) 1081 { 1082 $val = trim($val); 1083 $selected = ""; 1084 if(isset($user['tpp']) && $user['tpp'] == $val) 1085 { 1086 $selected = " selected=\"selected\""; 1087 } 1088 1089 $tpp_option = $lang->sprintf($lang->tpp_option, $val); 1090 eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";"); 1091 } 1092 } 1093 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 1094 } 1095 1096 if($mybb->settings['userpppoptions']) 1097 { 1098 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 1099 $pppoptions = $ppp_option = ''; 1100 if(is_array($explodedppp)) 1101 { 1102 foreach($explodedppp as $key => $val) 1103 { 1104 $val = trim($val); 1105 $selected = ""; 1106 if(isset($user['ppp']) && $user['ppp'] == $val) 1107 { 1108 $selected = " selected=\"selected\""; 1109 } 1110 1111 $ppp_option = $lang->sprintf($lang->ppp_option, $val); 1112 eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";"); 1113 } 1114 } 1115 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 1116 } 1117 1118 $plugins->run_hooks("usercp_options_end"); 1119 1120 eval("\$editprofile = \"".$templates->get("usercp_options")."\";"); 1121 output_page($editprofile); 1122 } 1123 1124 if($mybb->input['action'] == "do_email" && $mybb->request_method == "post") 1125 { 1126 // Verify incoming POST request 1127 verify_post_check($mybb->get_input('my_post_key')); 1128 1129 $errors = array(); 1130 1131 $plugins->run_hooks("usercp_do_email_start"); 1132 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) 1133 { 1134 $errors[] = $lang->error_invalidpassword; 1135 } 1136 else 1137 { 1138 // Set up user handler. 1139 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1140 $userhandler = new UserDataHandler("update"); 1141 1142 $user = array( 1143 "uid" => $mybb->user['uid'], 1144 "email" => $mybb->get_input('email'), 1145 "email2" => $mybb->get_input('email2') 1146 ); 1147 1148 $userhandler->set_data($user); 1149 1150 if(!$userhandler->validate_user()) 1151 { 1152 $errors = $userhandler->get_friendly_errors(); 1153 } 1154 else 1155 { 1156 $activation = false; 1157 // Checking for pending activations for non-activated accounts 1158 if($mybb->user['usergroup'] == 5 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both")) 1159 { 1160 $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND (type='r' OR type='b')"); 1161 $activation = $db->fetch_array($query); 1162 } 1163 if($activation) 1164 { 1165 $userhandler->update_user(); 1166 1167 $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'"); 1168 1169 // Send new activation mail for non-activated accounts 1170 $activationcode = random_str(); 1171 $activationarray = array( 1172 "uid" => $mybb->user['uid'], 1173 "dateline" => TIME_NOW, 1174 "code" => $activationcode, 1175 "type" => $activation['type'] 1176 ); 1177 $db->insert_query("awaitingactivation", $activationarray); 1178 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 1179 switch($mybb->settings['username_method']) 1180 { 1181 case 0: 1182 $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1183 break; 1184 case 1: 1185 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1186 break; 1187 case 2: 1188 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1189 break; 1190 default: 1191 $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1192 break; 1193 } 1194 my_mail($mybb->user['email'], $emailsubject, $emailmessage); 1195 1196 $plugins->run_hooks("usercp_do_email_changed"); 1197 redirect("usercp.php?action=email", $lang->redirect_emailupdated); 1198 } 1199 elseif($mybb->usergroup['cancp'] != 1 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both")) 1200 { 1201 $uid = $mybb->user['uid']; 1202 $username = $mybb->user['username']; 1203 1204 // Emails require verification 1205 $activationcode = random_str(); 1206 $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'"); 1207 1208 $newactivation = array( 1209 "uid" => $mybb->user['uid'], 1210 "dateline" => TIME_NOW, 1211 "code" => $activationcode, 1212 "type" => "e", 1213 "misc" => $db->escape_string($mybb->get_input('email')) 1214 ); 1215 1216 $db->insert_query("awaitingactivation", $newactivation); 1217 1218 $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']); 1219 1220 $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']); 1221 my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message); 1222 1223 $plugins->run_hooks("usercp_do_email_verify"); 1224 error($lang->redirect_changeemail_activation); 1225 } 1226 else 1227 { 1228 $userhandler->update_user(); 1229 // Email requires no activation 1230 $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']); 1231 my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message); 1232 $plugins->run_hooks("usercp_do_email_changed"); 1233 redirect("usercp.php?action=email", $lang->redirect_emailupdated); 1234 } 1235 } 1236 } 1237 if(count($errors) > 0) 1238 { 1239 $mybb->input['action'] = "email"; 1240 $errors = inline_error($errors); 1241 } 1242 } 1243 1244 if($mybb->input['action'] == "email") 1245 { 1246 // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password) 1247 if($errors) 1248 { 1249 $email = htmlspecialchars_uni($mybb->get_input('email')); 1250 $email2 = htmlspecialchars_uni($mybb->get_input('email2')); 1251 } 1252 else 1253 { 1254 $email = $email2 = ''; 1255 } 1256 1257 $plugins->run_hooks("usercp_email"); 1258 1259 eval("\$changemail = \"".$templates->get("usercp_email")."\";"); 1260 output_page($changemail); 1261 } 1262 1263 if($mybb->input['action'] == "do_password" && $mybb->request_method == "post") 1264 { 1265 // Verify incoming POST request 1266 verify_post_check($mybb->get_input('my_post_key')); 1267 1268 $user = array(); 1269 $errors = array(); 1270 1271 $plugins->run_hooks("usercp_do_password_start"); 1272 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false) 1273 { 1274 $errors[] = $lang->error_invalidpassword; 1275 } 1276 else 1277 { 1278 // Set up user handler. 1279 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1280 $userhandler = new UserDataHandler("update"); 1281 1282 $user = array_merge($user, array( 1283 "uid" => $mybb->user['uid'], 1284 "password" => $mybb->get_input('password'), 1285 "password2" => $mybb->get_input('password2') 1286 )); 1287 1288 $userhandler->set_data($user); 1289 1290 if(!$userhandler->validate_user()) 1291 { 1292 $errors = $userhandler->get_friendly_errors(); 1293 } 1294 else 1295 { 1296 $userhandler->update_user(); 1297 my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true, "lax"); 1298 1299 // Notify the user by email that their password has been changed 1300 $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']); 1301 $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']); 1302 my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message); 1303 1304 $plugins->run_hooks("usercp_do_password_end"); 1305 redirect("usercp.php?action=password", $lang->redirect_passwordupdated); 1306 } 1307 } 1308 if(count($errors) > 0) 1309 { 1310 $mybb->input['action'] = "password"; 1311 $errors = inline_error($errors); 1312 } 1313 } 1314 1315 if($mybb->input['action'] == "password") 1316 { 1317 $plugins->run_hooks("usercp_password"); 1318 1319 eval("\$editpassword = \"".$templates->get("usercp_password")."\";"); 1320 output_page($editpassword); 1321 } 1322 1323 if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post") 1324 { 1325 // Verify incoming POST request 1326 verify_post_check($mybb->get_input('my_post_key')); 1327 1328 $errors = array(); 1329 1330 if($mybb->usergroup['canchangename'] != 1) 1331 { 1332 error_no_permission(); 1333 } 1334 1335 $user = array(); 1336 1337 $plugins->run_hooks("usercp_do_changename_start"); 1338 1339 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) 1340 { 1341 $errors[] = $lang->error_invalidpassword; 1342 } 1343 else 1344 { 1345 // Set up user handler. 1346 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1347 $userhandler = new UserDataHandler("update"); 1348 1349 $user = array_merge($user, array( 1350 "uid" => $mybb->user['uid'], 1351 "username" => $mybb->get_input('username') 1352 )); 1353 1354 $userhandler->set_data($user); 1355 1356 if(!$userhandler->validate_user()) 1357 { 1358 $errors = $userhandler->get_friendly_errors(); 1359 } 1360 else 1361 { 1362 $userhandler->update_user(); 1363 $plugins->run_hooks("usercp_do_changename_end"); 1364 redirect("usercp.php?action=changename", $lang->redirect_namechanged); 1365 } 1366 } 1367 if(count($errors) > 0) 1368 { 1369 $errors = inline_error($errors); 1370 $mybb->input['action'] = "changename"; 1371 } 1372 } 1373 1374 if($mybb->input['action'] == "changename") 1375 { 1376 $plugins->run_hooks("usercp_changename_start"); 1377 if($mybb->usergroup['canchangename'] != 1) 1378 { 1379 error_no_permission(); 1380 } 1381 1382 // Coming back to this page after one or more errors were experienced, show field the user previously entered (with the exception of the password) 1383 if($errors) 1384 { 1385 $username = htmlspecialchars_uni($mybb->get_input('username')); 1386 } 1387 else 1388 { 1389 $username = ''; 1390 } 1391 1392 $plugins->run_hooks("usercp_changename_end"); 1393 1394 eval("\$changename = \"".$templates->get("usercp_changename")."\";"); 1395 output_page($changename); 1396 } 1397 1398 if($mybb->input['action'] == "do_subscriptions") 1399 { 1400 // Verify incoming POST request 1401 verify_post_check($mybb->get_input('my_post_key')); 1402 1403 if(!isset($mybb->input['check']) || !is_array($mybb->input['check'])) 1404 { 1405 error($lang->no_subscriptions_selected); 1406 } 1407 1408 $plugins->run_hooks("usercp_do_subscriptions_start"); 1409 1410 // Clean input - only accept integers thanks! 1411 $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY)); 1412 $tids = implode(",", $mybb->input['check']); 1413 1414 // Deleting these subscriptions? 1415 if($mybb->get_input('do') == "delete") 1416 { 1417 $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'"); 1418 } 1419 // Changing subscription type 1420 else 1421 { 1422 if($mybb->get_input('do') == "no_notification") 1423 { 1424 $new_notification = 0; 1425 } 1426 elseif($mybb->get_input('do') == "email_notification") 1427 { 1428 $new_notification = 1; 1429 } 1430 elseif($mybb->get_input('do') == "pm_notification") 1431 { 1432 $new_notification = 2; 1433 } 1434 1435 // Update 1436 $update_array = array("notification" => $new_notification); 1437 $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'"); 1438 } 1439 1440 // Done, redirect 1441 redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated); 1442 } 1443 1444 if($mybb->input['action'] == "subscriptions") 1445 { 1446 $plugins->run_hooks("usercp_subscriptions_start"); 1447 1448 // Thread visiblity 1449 $where = array( 1450 "s.uid={$mybb->user['uid']}", 1451 get_visible_where('t') 1452 ); 1453 1454 if($unviewable_forums = get_unviewable_forums(true)) 1455 { 1456 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 1457 } 1458 1459 if($inactive_forums = get_inactive_forums()) 1460 { 1461 $where[] = "t.fid NOT IN ({$inactive_forums})"; 1462 } 1463 1464 $where = implode(' AND ', $where); 1465 1466 // Do Multi Pages 1467 $query = $db->query(" 1468 SELECT COUNT(s.tid) as threads 1469 FROM ".TABLE_PREFIX."threadsubscriptions s 1470 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = s.tid) 1471 WHERE {$where} 1472 "); 1473 $threadcount = $db->fetch_field($query, "threads"); 1474 1475 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 1476 { 1477 $mybb->settings['threadsperpage'] = 20; 1478 } 1479 1480 $perpage = $mybb->settings['threadsperpage']; 1481 $page = $mybb->get_input('page', MyBB::INPUT_INT); 1482 if($page > 0) 1483 { 1484 $start = ($page-1) * $perpage; 1485 $pages = $threadcount / $perpage; 1486 $pages = ceil($pages); 1487 if($page > $pages || $page <= 0) 1488 { 1489 $start = 0; 1490 $page = 1; 1491 } 1492 } 1493 else 1494 { 1495 $start = 0; 1496 $page = 1; 1497 } 1498 $end = $start + $perpage; 1499 $lower = $start+1; 1500 $upper = $end; 1501 if($upper > $threadcount) 1502 { 1503 $upper = $threadcount; 1504 } 1505 $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions"); 1506 $fpermissions = forum_permissions(); 1507 $del_subscriptions = $subscriptions = array(); 1508 1509 // Fetch subscriptions 1510 $query = $db->query(" 1511 SELECT s.*, t.*, t.username AS threadusername, u.username 1512 FROM ".TABLE_PREFIX."threadsubscriptions s 1513 LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid) 1514 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 1515 WHERE {$where} 1516 ORDER BY t.lastpost DESC 1517 LIMIT $start, $perpage 1518 "); 1519 while($subscription = $db->fetch_array($query)) 1520 { 1521 $forumpermissions = $fpermissions[$subscription['fid']]; 1522 1523 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']) 1524 { 1525 // Hmm, you don't have permission to view this thread - unsubscribe! 1526 $del_subscriptions[] = $subscription['sid']; 1527 } 1528 elseif($subscription['tid']) 1529 { 1530 $subscriptions[$subscription['tid']] = $subscription; 1531 } 1532 } 1533 1534 if(!empty($del_subscriptions)) 1535 { 1536 $sids = implode(',', $del_subscriptions); 1537 1538 if($sids) 1539 { 1540 $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'"); 1541 } 1542 1543 $threadcount = $threadcount - count($del_subscriptions); 1544 1545 if($threadcount < 0) 1546 { 1547 $threadcount = 0; 1548 } 1549 } 1550 1551 if(!empty($subscriptions)) 1552 { 1553 $tids = implode(",", array_keys($subscriptions)); 1554 $readforums = array(); 1555 1556 // Build a forum cache. 1557 $query = $db->query(" 1558 SELECT f.fid, fr.dateline AS lastread 1559 FROM ".TABLE_PREFIX."forums f 1560 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1561 WHERE f.active != 0 1562 ORDER BY pid, disporder 1563 "); 1564 1565 while($forum = $db->fetch_array($query)) 1566 { 1567 $readforums[$forum['fid']] = $forum['lastread']; 1568 } 1569 1570 // Check participation by the current user in any of these threads - for 'dot' folder icons 1571 if($mybb->settings['dotfolders'] != 0) 1572 { 1573 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 1574 while($post = $db->fetch_array($query)) 1575 { 1576 $subscriptions[$post['tid']]['doticon'] = 1; 1577 } 1578 } 1579 1580 // Read threads 1581 if($mybb->settings['threadreadcut'] > 0) 1582 { 1583 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 1584 while($readthread = $db->fetch_array($query)) 1585 { 1586 $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline']; 1587 } 1588 } 1589 1590 $icon_cache = array(); 1591 1592 if($mybb->settings['allowposticons'] == 1) 1593 { 1594 $icon_cache = (array)$cache->read("posticons"); 1595 } 1596 1597 $threadprefixes = build_prefixes(); 1598 1599 $threads = ''; 1600 1601 $forums_cache = cache_forums(); 1602 1603 // Now we can build our subscription list 1604 foreach($subscriptions as $thread) 1605 { 1606 $bgcolor = alt_trow(); 1607 1608 $folder = ''; 1609 $prefix = ''; 1610 $thread['threadprefix'] = ''; 1611 1612 // If this thread has a prefix, insert a space between prefix and subject 1613 if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']])) 1614 { 1615 $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 1616 } 1617 1618 // Sanitize 1619 $thread['subject'] = $parser->parse_badwords($thread['subject']); 1620 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 1621 1622 // Build our links 1623 $thread['threadlink'] = get_thread_link($thread['tid']); 1624 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 1625 1626 // Fetch the thread icon if we have one 1627 if($thread['icon'] > 0 && !empty($icon_cache[$thread['icon']]) && $forums_cache[$thread['fid']]['allowpicons'] != 0) 1628 { 1629 $icon = $icon_cache[$thread['icon']]; 1630 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 1631 $icon['path'] = htmlspecialchars_uni($icon['path']); 1632 $icon['name'] = htmlspecialchars_uni($icon['name']); 1633 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 1634 } 1635 else 1636 { 1637 $icon = " "; 1638 } 1639 1640 // Determine the folder 1641 $folder = ''; 1642 $folder_label = ''; 1643 1644 if(isset($thread['doticon'])) 1645 { 1646 $folder = "dot_"; 1647 $folder_label .= $lang->icon_dot; 1648 } 1649 1650 $gotounread = ''; 1651 $isnew = 0; 1652 $donenew = 0; 1653 $lastread = 0; 1654 1655 if($mybb->settings['threadreadcut'] > 0) 1656 { 1657 $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 1658 if(empty($readforums[$thread['fid']]) || $readforums[$thread['fid']] < $read_cutoff) 1659 { 1660 $forum_read = $read_cutoff; 1661 } 1662 else 1663 { 1664 $forum_read = $readforums[$thread['fid']]; 1665 } 1666 } 1667 1668 $cutoff = 0; 1669 if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read) 1670 { 1671 $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 1672 } 1673 1674 if($thread['lastpost'] > $cutoff) 1675 { 1676 if(!empty($thread['lastread'])) 1677 { 1678 $lastread = $thread['lastread']; 1679 } 1680 else 1681 { 1682 $lastread = 1; 1683 } 1684 } 1685 1686 if(!$lastread) 1687 { 1688 $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']); 1689 if($readcookie > $forum_read) 1690 { 1691 $lastread = $readcookie; 1692 } 1693 else 1694 { 1695 $lastread = $forum_read; 1696 } 1697 } 1698 1699 if($lastread && $lastread < $thread['lastpost']) 1700 { 1701 $folder .= "new"; 1702 $folder_label .= $lang->icon_new; 1703 $new_class = "subject_new"; 1704 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 1705 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 1706 $unreadpost = 1; 1707 } 1708 else 1709 { 1710 $folder_label .= $lang->icon_no_new; 1711 $new_class = "subject_old"; 1712 } 1713 1714 if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews']) 1715 { 1716 $folder .= "hot"; 1717 $folder_label .= $lang->icon_hot; 1718 } 1719 1720 if($thread['closed'] == 1) 1721 { 1722 $folder .= "close"; 1723 $folder_label .= $lang->icon_close; 1724 } 1725 1726 $folder .= "folder"; 1727 1728 if($thread['visible'] == 0) 1729 { 1730 $bgcolor = "trow_shaded"; 1731 } 1732 1733 // Build last post info 1734 $lastpostdate = my_date('relative', $thread['lastpost']); 1735 $lastposteruid = $thread['lastposteruid']; 1736 if(!$lastposteruid && !$thread['lastposter']) 1737 { 1738 $lastposter = htmlspecialchars_uni($lang->guest); 1739 } 1740 else 1741 { 1742 $lastposter = htmlspecialchars_uni($thread['lastposter']); 1743 } 1744 1745 // Don't link to guest's profiles (they have no profile). 1746 if($lastposteruid == 0) 1747 { 1748 $lastposterlink = $lastposter; 1749 } 1750 else 1751 { 1752 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 1753 } 1754 1755 $thread['replies'] = my_number_format($thread['replies']); 1756 $thread['views'] = my_number_format($thread['views']); 1757 1758 // What kind of notification type do we have here? 1759 switch($thread['notification']) 1760 { 1761 case "2": // PM 1762 $notification_type = $lang->pm_notification; 1763 break; 1764 case "1": // Email 1765 $notification_type = $lang->email_notification; 1766 break; 1767 default: // No notification 1768 $notification_type = $lang->no_notification; 1769 } 1770 1771 eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";"); 1772 } 1773 1774 // Provide remove options 1775 eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";"); 1776 } 1777 else 1778 { 1779 $remove_options = ''; 1780 eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";"); 1781 } 1782 1783 $plugins->run_hooks("usercp_subscriptions_end"); 1784 1785 eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";"); 1786 output_page($subscriptions); 1787 } 1788 1789 if($mybb->input['action'] == "forumsubscriptions") 1790 { 1791 $plugins->run_hooks("usercp_forumsubscriptions_start"); 1792 1793 // Build a forum cache. 1794 $query = $db->query(" 1795 SELECT f.fid, fr.dateline AS lastread 1796 FROM ".TABLE_PREFIX."forums f 1797 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1798 WHERE f.active != 0 1799 ORDER BY pid, disporder 1800 "); 1801 $readforums = array(); 1802 while($forum = $db->fetch_array($query)) 1803 { 1804 $readforums[$forum['fid']] = $forum['lastread']; 1805 } 1806 1807 $fpermissions = forum_permissions(); 1808 require_once MYBB_ROOT."inc/functions_forumlist.php"; 1809 1810 $query = $db->query(" 1811 SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread 1812 FROM ".TABLE_PREFIX."forumsubscriptions fs 1813 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid) 1814 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid) 1815 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1816 WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."' 1817 ORDER BY f.name ASC 1818 "); 1819 1820 $forums = ''; 1821 while($forum = $db->fetch_array($query)) 1822 { 1823 $forum_url = get_forum_link($forum['fid']); 1824 $forumpermissions = $fpermissions[$forum['fid']]; 1825 1826 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 1827 { 1828 continue; 1829 } 1830 1831 $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost'])); 1832 $folder = $lightbulb['folder']; 1833 1834 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0) 1835 { 1836 $posts = '-'; 1837 $threads = '-'; 1838 } 1839 else 1840 { 1841 $posts = my_number_format($forum['posts']); 1842 $threads = my_number_format($forum['threads']); 1843 } 1844 1845 if($forum['lastpost'] == 0) 1846 { 1847 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";"); 1848 } 1849 // Hide last post 1850 elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid']) 1851 { 1852 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";"); 1853 } 1854 else 1855 { 1856 $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']); 1857 $lastpost_date = my_date('relative', $forum['lastpost']); 1858 $lastposttid = $forum['lastposttid']; 1859 if(!$forum['lastposteruid'] && !$forum['lastposter']) 1860 { 1861 $lastposter = htmlspecialchars_uni($lang->guest); 1862 } 1863 else 1864 { 1865 $lastposter = htmlspecialchars_uni($forum['lastposter']); 1866 } 1867 if($forum['lastposteruid'] == 0) 1868 { 1869 $lastpost_profilelink = $lastposter; 1870 } 1871 else 1872 { 1873 $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']); 1874 } 1875 $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']); 1876 if(my_strlen($lastpost_subject) > 25) 1877 { 1878 $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "..."; 1879 } 1880 $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost"); 1881 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";"); 1882 } 1883 1884 if($mybb->settings['showdescriptions'] == 0) 1885 { 1886 $forum['description'] = ""; 1887 } 1888 1889 eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";"); 1890 } 1891 1892 if(!$forums) 1893 { 1894 eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";"); 1895 } 1896 1897 $plugins->run_hooks("usercp_forumsubscriptions_end"); 1898 1899 eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";"); 1900 output_page($forumsubscriptions); 1901 } 1902 1903 if($mybb->input['action'] == "do_addsubscription" && $mybb->get_input('type') != "forum") 1904 { 1905 // Verify incoming POST request 1906 verify_post_check($mybb->get_input('my_post_key')); 1907 1908 $thread = get_thread($mybb->get_input('tid')); 1909 if(!$thread || $thread['visible'] == -1) 1910 { 1911 error($lang->error_invalidthread); 1912 } 1913 1914 // Is the currently logged in user a moderator of this forum? 1915 $ismod = is_moderator($thread['fid']); 1916 1917 // Make sure we are looking at a real thread here. 1918 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 1919 { 1920 error($lang->error_invalidthread); 1921 } 1922 1923 $forumpermissions = forum_permissions($thread['fid']); 1924 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 1925 { 1926 error_no_permission(); 1927 } 1928 1929 // check if the forum requires a password to view. If so, we need to show a form to the user 1930 check_forum_password($thread['fid']); 1931 1932 // Naming of the hook retained for backward compatibility while dropping usercp2.php 1933 $plugins->run_hooks("usercp2_do_addsubscription"); 1934 1935 add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT)); 1936 1937 if($mybb->get_input('referrer')) 1938 { 1939 $mybb->input['referrer'] = $mybb->get_input('referrer'); 1940 1941 if(my_strpos($mybb->input['referrer'], $mybb->settings['bburl'].'/') !== 0) 1942 { 1943 if(my_strpos($mybb->input['referrer'], '/') === 0) 1944 { 1945 $mybb->input['referrer'] = my_substr($mybb->input['url'], 1); 1946 } 1947 $url_segments = explode('/', $mybb->input['referrer']); 1948 $mybb->input['referrer'] = $mybb->settings['bburl'].'/'.end($url_segments); 1949 } 1950 1951 $url = htmlspecialchars_uni($mybb->input['referrer']); 1952 } 1953 else 1954 { 1955 $url = get_thread_link($thread['tid']); 1956 } 1957 redirect($url, $lang->redirect_subscriptionadded); 1958 } 1959 1960 if($mybb->input['action'] == "addsubscription") 1961 { 1962 // Verify incoming POST request 1963 verify_post_check($mybb->get_input('my_post_key')); 1964 1965 if($mybb->get_input('type') == "forum") 1966 { 1967 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 1968 if(!$forum) 1969 { 1970 error($lang->error_invalidforum); 1971 } 1972 $forumpermissions = forum_permissions($forum['fid']); 1973 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 1974 { 1975 error_no_permission(); 1976 } 1977 1978 // check if the forum requires a password to view. If so, we need to show a form to the user 1979 check_forum_password($forum['fid']); 1980 1981 // Naming of the hook retained for backward compatibility while dropping usercp2.php 1982 $plugins->run_hooks("usercp2_addsubscription_forum"); 1983 1984 add_subscribed_forum($forum['fid']); 1985 if($server_http_referer && $mybb->request_method != 'post') 1986 { 1987 $url = $server_http_referer; 1988 } 1989 else 1990 { 1991 $url = "index.php"; 1992 } 1993 redirect($url, $lang->redirect_forumsubscriptionadded); 1994 } 1995 else 1996 { 1997 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 1998 if(!$thread || $thread['visible'] == -1) 1999 { 2000 error($lang->error_invalidthread); 2001 } 2002 2003 // Is the currently logged in user a moderator of this forum? 2004 $ismod = is_moderator($thread['fid']); 2005 2006 // Make sure we are looking at a real thread here. 2007 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2008 { 2009 error($lang->error_invalidthread); 2010 } 2011 2012 add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions"); 2013 add_breadcrumb($lang->nav_addsubscription); 2014 2015 $forumpermissions = forum_permissions($thread['fid']); 2016 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 2017 { 2018 error_no_permission(); 2019 } 2020 2021 // check if the forum requires a password to view. If so, we need to show a form to the user 2022 check_forum_password($thread['fid']); 2023 2024 $referrer = ''; 2025 if($server_http_referer) 2026 { 2027 $referrer = $server_http_referer; 2028 } 2029 2030 require_once MYBB_ROOT."inc/class_parser.php"; 2031 $parser = new postParser; 2032 $thread['subject'] = $parser->parse_badwords($thread['subject']); 2033 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 2034 $lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']); 2035 2036 $notification_none_checked = $notification_email_checked = $notification_pm_checked = ''; 2037 if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0) 2038 { 2039 $notification_none_checked = "checked=\"checked\""; 2040 } 2041 elseif($mybb->user['subscriptionmethod'] == 2) 2042 { 2043 $notification_email_checked = "checked=\"checked\""; 2044 } 2045 elseif($mybb->user['subscriptionmethod'] == 3) 2046 { 2047 $notification_pm_checked = "checked=\"checked\""; 2048 } 2049 2050 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2051 $plugins->run_hooks("usercp2_addsubscription_thread"); 2052 2053 eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";"); 2054 output_page($add_subscription); 2055 exit; 2056 } 2057 } 2058 2059 if($mybb->input['action'] == "removesubscription" && ($mybb->request_method == "post" || verify_post_check($mybb->get_input('my_post_key'), true))) 2060 { 2061 // Verify incoming POST request 2062 verify_post_check($mybb->get_input('my_post_key')); 2063 2064 if($mybb->get_input('type') == "forum") 2065 { 2066 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2067 if(!$forum) 2068 { 2069 error($lang->error_invalidforum); 2070 } 2071 2072 // check if the forum requires a password to view. If so, we need to show a form to the user 2073 check_forum_password($forum['fid']); 2074 2075 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2076 $plugins->run_hooks("usercp2_removesubscription_forum"); 2077 2078 remove_subscribed_forum($forum['fid']); 2079 if($server_http_referer && $mybb->request_method != 'post') 2080 { 2081 $url = $server_http_referer; 2082 } 2083 else 2084 { 2085 $url = "usercp.php?action=forumsubscriptions"; 2086 } 2087 redirect($url, $lang->redirect_forumsubscriptionremoved); 2088 } 2089 else 2090 { 2091 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2092 if(!$thread) 2093 { 2094 error($lang->error_invalidthread); 2095 } 2096 2097 // Is the currently logged in user a moderator of this forum? 2098 $ismod = is_moderator($thread['fid']); 2099 2100 // Make sure we are looking at a real thread here. 2101 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2102 { 2103 error($lang->error_invalidthread); 2104 } 2105 2106 // check if the forum requires a password to view. If so, we need to show a form to the user 2107 check_forum_password($thread['fid']); 2108 2109 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2110 $plugins->run_hooks("usercp2_removesubscription_thread"); 2111 2112 remove_subscribed_thread($thread['tid']); 2113 if($server_http_referer && $mybb->request_method != 'post') 2114 { 2115 $url = $server_http_referer; 2116 } 2117 else 2118 { 2119 $url = "usercp.php?action=subscriptions"; 2120 } 2121 redirect($url, $lang->redirect_subscriptionremoved); 2122 } 2123 } 2124 2125 // Show remove subscription form when GET method and without valid my_post_key 2126 if($mybb->input['action'] == "removesubscription") 2127 { 2128 $referrer = ''; 2129 if($mybb->get_input('type') == "forum") 2130 { 2131 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2132 if(!$forum) 2133 { 2134 error($lang->error_invalidforum); 2135 } 2136 2137 add_breadcrumb($lang->nav_forumsubscriptions, "usercp.php?action=forumsubscriptions"); 2138 add_breadcrumb($lang->nav_removesubscription); 2139 2140 $forumpermissions = forum_permissions($forum['fid']); 2141 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 2142 { 2143 error_no_permission(); 2144 } 2145 2146 // check if the forum requires a password to view. If so, we need to show a form to the user 2147 check_forum_password($forum['fid']); 2148 2149 $lang->unsubscribe_from_forum = $lang->sprintf($lang->unsubscribe_from_forum, $forum['name']); 2150 2151 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2152 $plugins->run_hooks("usercp2_removesubscription_display_forum"); 2153 2154 eval("\$remove_forum_subscription = \"".$templates->get("usercp_removesubscription_forum")."\";"); 2155 output_page($remove_forum_subscription); 2156 exit; 2157 } 2158 else 2159 { 2160 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2161 if(!$thread || $thread['visible'] == -1) 2162 { 2163 error($lang->error_invalidthread); 2164 } 2165 2166 // Is the currently logged in user a moderator of this forum? 2167 $ismod = is_moderator($thread['fid']); 2168 2169 // Make sure we are looking at a real thread here. 2170 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2171 { 2172 error($lang->error_invalidthread); 2173 } 2174 2175 add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions"); 2176 add_breadcrumb($lang->nav_removesubscription); 2177 2178 $forumpermissions = forum_permissions($thread['fid']); 2179 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 2180 { 2181 error_no_permission(); 2182 } 2183 2184 // check if the forum requires a password to view. If so, we need to show a form to the user 2185 check_forum_password($thread['fid']); 2186 2187 require_once MYBB_ROOT."inc/class_parser.php"; 2188 $parser = new postParser; 2189 $thread['subject'] = $parser->parse_badwords($thread['subject']); 2190 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 2191 $lang->unsubscribe_from_thread = $lang->sprintf($lang->unsubscribe_from_thread, $thread['subject']); 2192 2193 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2194 $plugins->run_hooks("usercp2_removesubscription_display_thread"); 2195 2196 eval("\$remove_thread_subscription = \"".$templates->get("usercp_removesubscription_thread")."\";"); 2197 output_page($remove_thread_subscription); 2198 exit; 2199 } 2200 } 2201 2202 if($mybb->input['action'] == "removesubscriptions") 2203 { 2204 // Verify incoming POST request 2205 verify_post_check($mybb->get_input('my_post_key')); 2206 2207 if($mybb->get_input('type') == "forum") 2208 { 2209 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2210 $plugins->run_hooks("usercp2_removesubscriptions_forum"); 2211 2212 $db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'"); 2213 if($server_http_referer) 2214 { 2215 $url = $server_http_referer; 2216 } 2217 else 2218 { 2219 $url = "usercp.php?action=forumsubscriptions"; 2220 } 2221 redirect($url, $lang->redirect_forumsubscriptionsremoved); 2222 } 2223 else 2224 { 2225 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2226 $plugins->run_hooks("usercp2_removesubscriptions_thread"); 2227 2228 $db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'"); 2229 if($server_http_referer) 2230 { 2231 $url = $server_http_referer; 2232 } 2233 else 2234 { 2235 $url = "usercp.php?action=subscriptions"; 2236 } 2237 redirect($url, $lang->redirect_subscriptionsremoved); 2238 } 2239 } 2240 2241 if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post") 2242 { 2243 // Verify incoming POST request 2244 verify_post_check($mybb->get_input('my_post_key')); 2245 2246 // User currently has a suspended signature 2247 if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW) 2248 { 2249 error_no_permission(); 2250 } 2251 2252 $plugins->run_hooks("usercp_do_editsig_start"); 2253 2254 if($mybb->get_input('updateposts') == "enable") 2255 { 2256 $update_signature = array( 2257 "includesig" => 1 2258 ); 2259 $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'"); 2260 } 2261 elseif($mybb->get_input('updateposts') == "disable") 2262 { 2263 $update_signature = array( 2264 "includesig" => 0 2265 ); 2266 $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'"); 2267 } 2268 $new_signature = array( 2269 "signature" => $db->escape_string($mybb->get_input('signature')) 2270 ); 2271 $plugins->run_hooks("usercp_do_editsig_process"); 2272 $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'"); 2273 $plugins->run_hooks("usercp_do_editsig_end"); 2274 redirect("usercp.php?action=editsig", $lang->redirect_sigupdated); 2275 } 2276 2277 if($mybb->input['action'] == "editsig") 2278 { 2279 $plugins->run_hooks("usercp_editsig_start"); 2280 if(!empty($mybb->input['preview']) && empty($error)) 2281 { 2282 $sig = $mybb->get_input('signature'); 2283 $template = "usercp_editsig_preview"; 2284 } 2285 elseif(empty($error)) 2286 { 2287 $sig = $mybb->user['signature']; 2288 $template = "usercp_editsig_current"; 2289 } 2290 else 2291 { 2292 $sig = $mybb->get_input('signature'); 2293 $template = false; 2294 } 2295 2296 if(!isset($error)) 2297 { 2298 $error = ''; 2299 } 2300 2301 if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW)) 2302 { 2303 // User currently has no signature and they're suspended 2304 error($lang->sig_suspended); 2305 } 2306 2307 if($mybb->usergroup['canusesig'] != 1) 2308 { 2309 // Usergroup has no permission to use this facility 2310 error_no_permission(); 2311 } 2312 elseif($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts']) 2313 { 2314 // Usergroup can use this facility, but only after x posts 2315 error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts'])); 2316 } 2317 2318 $signature = ''; 2319 if($sig && $template) 2320 { 2321 $sig_parser = array( 2322 "allow_html" => $mybb->settings['sightml'], 2323 "allow_mycode" => $mybb->settings['sigmycode'], 2324 "allow_smilies" => $mybb->settings['sigsmilies'], 2325 "allow_imgcode" => $mybb->settings['sigimgcode'], 2326 "me_username" => $mybb->user['username'], 2327 "filter_badwords" => 1 2328 ); 2329 2330 if($mybb->user['showimages'] != 1) 2331 { 2332 $sig_parser['allow_imgcode'] = 0; 2333 } 2334 2335 $sigpreview = $parser->parse_message($sig, $sig_parser); 2336 eval("\$signature = \"".$templates->get($template)."\";"); 2337 } 2338 2339 // User has a current signature, so let's display it (but show an error message) 2340 if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW) 2341 { 2342 $plugins->run_hooks("usercp_editsig_end"); 2343 2344 // User either doesn't have permission, or has their signature suspended 2345 eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";"); 2346 } 2347 else 2348 { 2349 // User is allowed to edit their signature 2350 $smilieinserter = ''; 2351 if($mybb->settings['sigsmilies'] == 1) 2352 { 2353 $sigsmilies = $lang->on; 2354 $smilieinserter = build_clickable_smilies(); 2355 } 2356 else 2357 { 2358 $sigsmilies = $lang->off; 2359 } 2360 if($mybb->settings['sigmycode'] == 1) 2361 { 2362 $sigmycode = $lang->on; 2363 } 2364 else 2365 { 2366 $sigmycode = $lang->off; 2367 } 2368 if($mybb->settings['sightml'] == 1) 2369 { 2370 $sightml = $lang->on; 2371 } 2372 else 2373 { 2374 $sightml = $lang->off; 2375 } 2376 if($mybb->settings['sigimgcode'] == 1) 2377 { 2378 $sigimgcode = $lang->on; 2379 } 2380 else 2381 { 2382 $sigimgcode = $lang->off; 2383 } 2384 2385 if($mybb->settings['siglength'] == 0) 2386 { 2387 $siglength = $lang->unlimited; 2388 } 2389 else 2390 { 2391 $siglength = $mybb->settings['siglength']; 2392 } 2393 2394 $sig = htmlspecialchars_uni($sig); 2395 $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $siglength); 2396 2397 if($mybb->settings['sigmycode'] != 0 && $mybb->settings['bbcodeinserter'] != 0 && $mybb->user['showcodebuttons'] != 0) 2398 { 2399 $codebuttons = build_mycode_inserter("signature"); 2400 } 2401 2402 $plugins->run_hooks("usercp_editsig_end"); 2403 2404 eval("\$editsig = \"".$templates->get("usercp_editsig")."\";"); 2405 } 2406 2407 output_page($editsig); 2408 } 2409 2410 if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post") 2411 { 2412 // Verify incoming POST request 2413 verify_post_check($mybb->get_input('my_post_key')); 2414 2415 $plugins->run_hooks("usercp_do_avatar_start"); 2416 require_once MYBB_ROOT."inc/functions_upload.php"; 2417 2418 $avatar_error = ""; 2419 2420 if(!empty($mybb->input['remove'])) // remove avatar 2421 { 2422 $updated_avatar = array( 2423 "avatar" => "", 2424 "avatardimensions" => "", 2425 "avatartype" => "" 2426 ); 2427 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2428 remove_avatars($mybb->user['uid']); 2429 } 2430 elseif($_FILES['avatarupload']['name']) // upload avatar 2431 { 2432 if($mybb->usergroup['canuploadavatars'] == 0) 2433 { 2434 error_no_permission(); 2435 } 2436 $avatar = upload_avatar(); 2437 if(!empty($avatar['error'])) 2438 { 2439 $avatar_error = $avatar['error']; 2440 } 2441 else 2442 { 2443 if($avatar['width'] > 0 && $avatar['height'] > 0) 2444 { 2445 $avatar_dimensions = $avatar['width']."|".$avatar['height']; 2446 } 2447 $updated_avatar = array( 2448 "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW, 2449 "avatardimensions" => $avatar_dimensions, 2450 "avatartype" => "upload" 2451 ); 2452 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2453 } 2454 } 2455 elseif(!$mybb->settings['allowremoteavatars'] && !$_FILES['avatarupload']['name']) // missing avatar image 2456 { 2457 $avatar_error = $lang->error_avatarimagemissing; 2458 } 2459 elseif($mybb->settings['allowremoteavatars']) // remote avatar 2460 { 2461 $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl')); 2462 if(validate_email_format($mybb->input['avatarurl']) != false) 2463 { 2464 // Gravatar 2465 $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']); 2466 2467 // If user image does not exist, or is a higher rating, use the mystery man 2468 $email = md5($mybb->input['avatarurl']); 2469 2470 $s = ''; 2471 if(!$mybb->settings['maxavatardims']) 2472 { 2473 $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits 2474 } 2475 2476 // Because Gravatars are square, hijack the width 2477 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2478 $maxheight = (int)$maxwidth; 2479 2480 // Rating? 2481 $types = array('g', 'pg', 'r', 'x'); 2482 $rating = $mybb->settings['useravatarrating']; 2483 2484 if(!in_array($rating, $types)) 2485 { 2486 $rating = 'g'; 2487 } 2488 2489 $s = "?s={$maxheight}&r={$rating}&d=mm"; 2490 2491 $updated_avatar = array( 2492 "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}", 2493 "avatardimensions" => "{$maxheight}|{$maxheight}", 2494 "avatartype" => "gravatar" 2495 ); 2496 2497 $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'"); 2498 } 2499 else 2500 { 2501 $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl')); 2502 $ext = get_extension($mybb->input['avatarurl']); 2503 2504 // Copy the avatar to the local server (work around remote URL access disabled for getimagesize) 2505 $file = fetch_remote_file($mybb->input['avatarurl']); 2506 if(!$file) 2507 { 2508 $avatar_error = $lang->error_invalidavatarurl; 2509 } 2510 else 2511 { 2512 $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str()); 2513 $fp = @fopen($tmp_name, "wb"); 2514 if(!$fp) 2515 { 2516 $avatar_error = $lang->error_invalidavatarurl; 2517 } 2518 else 2519 { 2520 fwrite($fp, $file); 2521 fclose($fp); 2522 list($width, $height, $type) = @getimagesize($tmp_name); 2523 @unlink($tmp_name); 2524 if(!$type) 2525 { 2526 $avatar_error = $lang->error_invalidavatarurl; 2527 } 2528 } 2529 } 2530 2531 if(empty($avatar_error)) 2532 { 2533 if($width && $height && $mybb->settings['maxavatardims'] != "") 2534 { 2535 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2536 if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight)) 2537 { 2538 $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); 2539 $avatar_error = $lang->error_avatartoobig; 2540 } 2541 } 2542 } 2543 2544 // Limiting URL string to stay within database limit 2545 if(strlen($mybb->input['avatarurl']) > 200) 2546 { 2547 $avatar_error = $lang->error_avatarurltoolong; 2548 } 2549 2550 if(empty($avatar_error)) 2551 { 2552 if($width > 0 && $height > 0) 2553 { 2554 $avatar_dimensions = (int)$width."|".(int)$height; 2555 } 2556 $updated_avatar = array( 2557 "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW), 2558 "avatardimensions" => $avatar_dimensions, 2559 "avatartype" => "remote" 2560 ); 2561 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2562 remove_avatars($mybb->user['uid']); 2563 } 2564 } 2565 } 2566 else // remote avatar, but remote avatars are not allowed 2567 { 2568 $avatar_error = $lang->error_remote_avatar_not_allowed; 2569 } 2570 2571 if(empty($avatar_error)) 2572 { 2573 $plugins->run_hooks("usercp_do_avatar_end"); 2574 redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated); 2575 } 2576 else 2577 { 2578 $mybb->input['action'] = "avatar"; 2579 $avatar_error = inline_error($avatar_error); 2580 } 2581 } 2582 2583 if($mybb->input['action'] == "avatar") 2584 { 2585 $plugins->run_hooks("usercp_avatar_start"); 2586 2587 $avatarmsg = $avatarurl = ''; 2588 2589 if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath'])) 2590 { 2591 $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>"; 2592 } 2593 elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar'])) 2594 { 2595 $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>"; 2596 $avatarurl = htmlspecialchars_uni($mybb->user['avatar']); 2597 } 2598 2599 $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100'); 2600 eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";"); 2601 2602 if($mybb->settings['maxavatardims'] != "") 2603 { 2604 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2605 $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight); 2606 } 2607 2608 if($mybb->settings['avatarsize']) 2609 { 2610 $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024); 2611 $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize); 2612 } 2613 2614 $plugins->run_hooks("usercp_avatar_intermediate"); 2615 2616 $auto_resize = ''; 2617 if($mybb->settings['avatarresizing'] == "auto") 2618 { 2619 eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";"); 2620 } 2621 elseif($mybb->settings['avatarresizing'] == "user") 2622 { 2623 eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";"); 2624 } 2625 2626 $avatarupload = ''; 2627 if($mybb->usergroup['canuploadavatars'] == 1) 2628 { 2629 eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";"); 2630 } 2631 2632 $avatar_remote = ''; 2633 if($mybb->settings['allowremoteavatars'] == 1) 2634 { 2635 eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";"); 2636 } 2637 2638 $removeavatar = ''; 2639 if(!empty($mybb->user['avatar'])) 2640 { 2641 eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";"); 2642 } 2643 2644 $plugins->run_hooks("usercp_avatar_end"); 2645 2646 if(!isset($avatar_error)) 2647 { 2648 $avatar_error = ''; 2649 } 2650 2651 eval("\$avatar = \"".$templates->get("usercp_avatar")."\";"); 2652 output_page($avatar); 2653 } 2654 2655 if($mybb->input['action'] == "acceptrequest") 2656 { 2657 // Verify incoming POST request 2658 verify_post_check($mybb->get_input('my_post_key')); 2659 2660 // Validate request 2661 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']); 2662 $request = $db->fetch_array($query); 2663 if(empty($request)) 2664 { 2665 error($lang->invalid_request); 2666 } 2667 2668 $plugins->run_hooks("usercp_acceptrequest_start"); 2669 2670 $user = get_user($request['uid']); 2671 if(!empty($user)) 2672 { 2673 // We want to add us to this user's buddy list 2674 if($user['buddylist'] != '') 2675 { 2676 $user['buddylist'] = explode(',', $user['buddylist']); 2677 } 2678 else 2679 { 2680 $user['buddylist'] = array(); 2681 } 2682 2683 $user['buddylist'][] = (int)$mybb->user['uid']; 2684 2685 // Now we have the new list, so throw it all back together 2686 $new_list = implode(",", $user['buddylist']); 2687 2688 // And clean it up a little to ensure there is no possibility of bad values 2689 $new_list = preg_replace("#,{2,}#", ",", $new_list); 2690 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 2691 2692 if(my_substr($new_list, 0, 1) == ",") 2693 { 2694 $new_list = my_substr($new_list, 1); 2695 } 2696 if(my_substr($new_list, -1) == ",") 2697 { 2698 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 2699 } 2700 2701 $user['buddylist'] = $db->escape_string($new_list); 2702 2703 $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'"); 2704 2705 2706 // We want to add the user to our buddy list 2707 if($mybb->user['buddylist'] != '') 2708 { 2709 $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']); 2710 } 2711 else 2712 { 2713 $mybb->user['buddylist'] = array(); 2714 } 2715 2716 $mybb->user['buddylist'][] = (int)$request['uid']; 2717 2718 // Now we have the new list, so throw it all back together 2719 $new_list = implode(",", $mybb->user['buddylist']); 2720 2721 // And clean it up a little to ensure there is no possibility of bad values 2722 $new_list = preg_replace("#,{2,}#", ",", $new_list); 2723 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 2724 2725 if(my_substr($new_list, 0, 1) == ",") 2726 { 2727 $new_list = my_substr($new_list, 1); 2728 } 2729 if(my_substr($new_list, -1) == ",") 2730 { 2731 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 2732 } 2733 2734 $mybb->user['buddylist'] = $db->escape_string($new_list); 2735 2736 $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'"); 2737 2738 $pm = array( 2739 'subject' => 'buddyrequest_accepted_request', 2740 'message' => 'buddyrequest_accepted_request_message', 2741 'touid' => $user['uid'], 2742 'language' => $user['language'], 2743 'language_file' => 'usercp' 2744 ); 2745 2746 send_pm($pm, $mybb->user['uid'], true); 2747 2748 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2749 } 2750 else 2751 { 2752 error($lang->user_doesnt_exist); 2753 } 2754 2755 $plugins->run_hooks("usercp_acceptrequest_end"); 2756 2757 redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted); 2758 } 2759 2760 elseif($mybb->input['action'] == "declinerequest") 2761 { 2762 // Verify incoming POST request 2763 verify_post_check($mybb->get_input('my_post_key')); 2764 2765 // Validate request 2766 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']); 2767 $request = $db->fetch_array($query); 2768 if(empty($request)) 2769 { 2770 error($lang->invalid_request); 2771 } 2772 2773 $plugins->run_hooks("usercp_declinerequest_start"); 2774 2775 $user = get_user($request['uid']); 2776 if(!empty($user)) 2777 { 2778 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2779 } 2780 else 2781 { 2782 error($lang->user_doesnt_exist); 2783 } 2784 2785 $plugins->run_hooks("usercp_declinerequest_end"); 2786 2787 redirect("usercp.php?action=editlists", $lang->buddyrequest_declined); 2788 } 2789 2790 elseif($mybb->input['action'] == "cancelrequest") 2791 { 2792 // Verify incoming POST request 2793 verify_post_check($mybb->get_input('my_post_key')); 2794 2795 // Validate request 2796 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']); 2797 $request = $db->fetch_array($query); 2798 if(empty($request)) 2799 { 2800 error($lang->invalid_request); 2801 } 2802 2803 $plugins->run_hooks("usercp_cancelrequest_start"); 2804 2805 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2806 2807 $plugins->run_hooks("usercp_cancelrequest_end"); 2808 2809 redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled); 2810 } 2811 2812 if($mybb->input['action'] == "do_editlists") 2813 { 2814 // Verify incoming POST request 2815 verify_post_check($mybb->get_input('my_post_key')); 2816 2817 $plugins->run_hooks("usercp_do_editlists_start"); 2818 2819 $existing_users = array(); 2820 $selected_list = array(); 2821 if($mybb->get_input('manage') == "ignored") 2822 { 2823 if($mybb->user['ignorelist']) 2824 { 2825 $existing_users = explode(",", $mybb->user['ignorelist']); 2826 } 2827 2828 if($mybb->user['buddylist']) 2829 { 2830 // Create a list of buddies... 2831 $selected_list = explode(",", $mybb->user['buddylist']); 2832 } 2833 } 2834 else 2835 { 2836 if($mybb->user['buddylist']) 2837 { 2838 $existing_users = explode(",", $mybb->user['buddylist']); 2839 } 2840 2841 if($mybb->user['ignorelist']) 2842 { 2843 // Create a list of ignored users 2844 $selected_list = explode(",", $mybb->user['ignorelist']); 2845 } 2846 } 2847 2848 $error_message = ""; 2849 $message = ""; 2850 2851 // Adding one or more users to this list 2852 if($mybb->get_input('add_username')) 2853 { 2854 // Split up any usernames we have 2855 $found_users = 0; 2856 $adding_self = false; 2857 $users = explode(",", $mybb->get_input('add_username')); 2858 $users = array_map("trim", $users); 2859 $users = array_unique($users); 2860 foreach($users as $key => $username) 2861 { 2862 if(empty($username)) 2863 { 2864 unset($users[$key]); 2865 continue; 2866 } 2867 2868 if(my_strtoupper($mybb->user['username']) == my_strtoupper($username)) 2869 { 2870 $adding_self = true; 2871 unset($users[$key]); 2872 continue; 2873 } 2874 $users[$key] = $db->escape_string($username); 2875 } 2876 2877 // Get the requests we have sent that are still pending 2878 $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']); 2879 $requests = array(); 2880 while($req = $db->fetch_array($query)) 2881 { 2882 $requests[$req['touid']] = true; 2883 } 2884 2885 // Get the requests we have received that are still pending 2886 $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']); 2887 $requests_rec = array(); 2888 while($req = $db->fetch_array($query)) 2889 { 2890 $requests_rec[$req['uid']] = true; 2891 } 2892 2893 $sent = false; 2894 2895 // Fetch out new users 2896 if(count($users) > 0) 2897 { 2898 switch($db->type) 2899 { 2900 case 'mysql': 2901 case 'mysqli': 2902 $field = 'username'; 2903 break; 2904 default: 2905 $field = 'LOWER(username)'; 2906 break; 2907 } 2908 $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')"); 2909 while($user = $db->fetch_array($query)) 2910 { 2911 ++$found_users; 2912 2913 // Make sure we're not adding a duplicate 2914 if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list)) 2915 { 2916 if($mybb->get_input('manage') == "ignored") 2917 { 2918 $error_message = "ignore"; 2919 } 2920 else 2921 { 2922 $error_message = "buddy"; 2923 } 2924 2925 // On another list? 2926 $string = "users_already_on_".$error_message."_list"; 2927 if(in_array($user['uid'], $selected_list)) 2928 { 2929 $string .= "_alt"; 2930 } 2931 2932 $error_message = $lang->$string; 2933 array_pop($users); // To maintain a proper count when we call count($users) 2934 continue; 2935 } 2936 2937 if(isset($requests[$user['uid']])) 2938 { 2939 if($mybb->get_input('manage') != "ignored") 2940 { 2941 $error_message = $lang->users_already_sent_request; 2942 } 2943 elseif($mybb->get_input('manage') == "ignored") 2944 { 2945 $error_message = $lang->users_already_sent_request_alt; 2946 } 2947 2948 array_pop($users); // To maintain a proper count when we call count($users) 2949 continue; 2950 } 2951 2952 if(isset($requests_rec[$user['uid']])) 2953 { 2954 if($mybb->get_input('manage') != "ignored") 2955 { 2956 $error_message = $lang->users_already_rec_request; 2957 } 2958 elseif($mybb->get_input('manage') == "ignored") 2959 { 2960 $error_message = $lang->users_already_rec_request_alt; 2961 } 2962 2963 array_pop($users); // To maintain a proper count when we call count($users) 2964 continue; 2965 } 2966 2967 // Do we have auto approval set to On? 2968 if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored") 2969 { 2970 $existing_users[] = $user['uid']; 2971 2972 $pm = array( 2973 'subject' => 'buddyrequest_new_buddy', 2974 'message' => 'buddyrequest_new_buddy_message', 2975 'touid' => $user['uid'], 2976 'receivepms' => (int)$user['buddyrequestspm'], 2977 'language' => $user['language'], 2978 'language_file' => 'usercp' 2979 ); 2980 2981 send_pm($pm); 2982 } 2983 elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored") 2984 { 2985 // Send request 2986 $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW)); 2987 2988 $pm = array( 2989 'subject' => 'buddyrequest_received', 2990 'message' => 'buddyrequest_received_message', 2991 'touid' => $user['uid'], 2992 'receivepms' => (int)$user['buddyrequestspm'], 2993 'language' => $user['language'], 2994 'language_file' => 'usercp' 2995 ); 2996 2997 send_pm($pm); 2998 2999 $sent = true; 3000 } 3001 elseif($mybb->get_input('manage') == "ignored") 3002 { 3003 $existing_users[] = $user['uid']; 3004 } 3005 } 3006 } 3007 3008 if($found_users < count($users)) 3009 { 3010 if($error_message) 3011 { 3012 $error_message .= "<br />"; 3013 } 3014 3015 $error_message .= $lang->invalid_user_selected; 3016 } 3017 3018 if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1)) 3019 { 3020 if($mybb->get_input('manage') == "ignored") 3021 { 3022 $message = $lang->users_added_to_ignore_list; 3023 } 3024 else 3025 { 3026 $message = $lang->users_added_to_buddy_list; 3027 } 3028 } 3029 3030 if($adding_self == true) 3031 { 3032 if($mybb->get_input('manage') == "ignored") 3033 { 3034 $error_message = $lang->cant_add_self_to_ignore_list; 3035 } 3036 else 3037 { 3038 $error_message = $lang->cant_add_self_to_buddy_list; 3039 } 3040 } 3041 3042 if(count($existing_users) == 0) 3043 { 3044 $message = ""; 3045 3046 if($sent === true) 3047 { 3048 $message = $lang->buddyrequests_sent_success; 3049 } 3050 } 3051 } 3052 3053 // Removing a user from this list 3054 elseif($mybb->get_input('delete', MyBB::INPUT_INT)) 3055 { 3056 // Check if user exists on the list 3057 $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users); 3058 if($key !== false) 3059 { 3060 unset($existing_users[$key]); 3061 $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT)); 3062 if(!empty($user) && $mybb->get_input('manage') == "buddy") 3063 { 3064 // We want to remove us from this user's buddy list 3065 if($user['buddylist'] != '') 3066 { 3067 $user['buddylist'] = explode(',', $user['buddylist']); 3068 } 3069 else 3070 { 3071 $user['buddylist'] = array(); 3072 } 3073 3074 $key = array_search((int)$mybb->user['uid'], $user['buddylist']); 3075 if($key !== false) 3076 { 3077 unset($user['buddylist'][$key]); 3078 3079 // Now we have the new list, so throw it all back together 3080 $new_list = implode(",", $user['buddylist']); 3081 3082 // And clean it up a little to ensure there is no possibility of bad values 3083 $new_list = preg_replace("#,{2,}#", ",", $new_list); 3084 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 3085 3086 if(my_substr($new_list, 0, 1) == ",") 3087 { 3088 $new_list = my_substr($new_list, 1); 3089 } 3090 if(my_substr($new_list, -1) == ",") 3091 { 3092 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 3093 } 3094 3095 $user['buddylist'] = $db->escape_string($new_list); 3096 3097 $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'"); 3098 } 3099 } 3100 3101 if($mybb->get_input('manage') == "ignored") 3102 { 3103 $message = $lang->removed_from_ignore_list; 3104 } 3105 else 3106 { 3107 $message = $lang->removed_from_buddy_list; 3108 } 3109 $user['username'] = htmlspecialchars_uni($user['username']); 3110 $message = $lang->sprintf($message, $user['username']); 3111 } 3112 } 3113 3114 // Now we have the new list, so throw it all back together 3115 $new_list = implode(",", $existing_users); 3116 3117 // And clean it up a little to ensure there is no possibility of bad values 3118 $new_list = preg_replace("#,{2,}#", ",", $new_list); 3119 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 3120 3121 if(my_substr($new_list, 0, 1) == ",") 3122 { 3123 $new_list = my_substr($new_list, 1); 3124 } 3125 if(my_substr($new_list, -1) == ",") 3126 { 3127 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 3128 } 3129 3130 // And update 3131 $user = array(); 3132 if($mybb->get_input('manage') == "ignored") 3133 { 3134 $user['ignorelist'] = $db->escape_string($new_list); 3135 $mybb->user['ignorelist'] = $user['ignorelist']; 3136 } 3137 else 3138 { 3139 $user['buddylist'] = $db->escape_string($new_list); 3140 $mybb->user['buddylist'] = $user['buddylist']; 3141 } 3142 3143 $db->update_query("users", $user, "uid='".$mybb->user['uid']."'"); 3144 3145 $plugins->run_hooks("usercp_do_editlists_end"); 3146 3147 if($mybb->get_input('manage') == "ignored") 3148 { 3149 $manage_type = "ignored"; 3150 } 3151 else 3152 { 3153 $manage_type = "buddy"; 3154 } 3155 3156 // Ajax based request, throw new list to browser 3157 if(!empty($mybb->input['ajax'])) 3158 { 3159 if($mybb->get_input('manage') == "ignored") 3160 { 3161 $list = "ignore"; 3162 } 3163 else 3164 { 3165 $list = "buddy"; 3166 } 3167 3168 $message_js = ''; 3169 if($message) 3170 { 3171 $message_js = "$.jGrowl(".json_encode($message).", {theme:'jgrowl_success'});"; 3172 } 3173 3174 if($error_message) 3175 { 3176 $message_js .= " $.jGrowl(".json_encode($error_message).", {theme:'jgrowl_error'});"; 3177 } 3178 3179 if($mybb->get_input('delete', MyBB::INPUT_INT)) 3180 { 3181 header("Content-type: text/javascript"); 3182 echo "$(\"#".$manage_type."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n"; 3183 if($new_list == "") 3184 { 3185 echo "$(\"#".$manage_type."_count\").html(\"0\");\n"; 3186 echo "\$(\"#buddylink\").remove();\n"; 3187 3188 if($manage_type == "ignored") 3189 { 3190 echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n"; 3191 } 3192 else 3193 { 3194 echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n"; 3195 } 3196 } 3197 else 3198 { 3199 echo "$(\"#".$manage_type."_count\").html(\"".count(explode(",", $new_list))."\");\n"; 3200 } 3201 echo $message_js; 3202 exit; 3203 } 3204 $mybb->input['action'] = "editlists"; 3205 } 3206 else 3207 { 3208 if($error_message) 3209 { 3210 $message .= "<br />".$error_message; 3211 } 3212 redirect("usercp.php?action=editlists#".$manage_type, $message); 3213 } 3214 } 3215 3216 if($mybb->input['action'] == "editlists") 3217 { 3218 $plugins->run_hooks("usercp_editlists_start"); 3219 3220 $timecut = TIME_NOW - $mybb->settings['wolcutoff']; 3221 3222 // Fetch out buddies 3223 $buddy_count = 0; 3224 $buddy_list = ''; 3225 if($mybb->user['buddylist']) 3226 { 3227 $type = "buddy"; 3228 $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username")); 3229 while($user = $db->fetch_array($query)) 3230 { 3231 $user['username'] = htmlspecialchars_uni($user['username']); 3232 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3233 if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive']) 3234 { 3235 $status = "online"; 3236 } 3237 else 3238 { 3239 $status = "offline"; 3240 } 3241 eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";"); 3242 ++$buddy_count; 3243 } 3244 } 3245 3246 $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count); 3247 if(!$buddy_list) 3248 { 3249 eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";"); 3250 } 3251 3252 // Fetch out ignore list users 3253 $ignore_count = 0; 3254 $ignore_list = ''; 3255 if($mybb->user['ignorelist']) 3256 { 3257 $type = "ignored"; 3258 $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username")); 3259 while($user = $db->fetch_array($query)) 3260 { 3261 $user['username'] = htmlspecialchars_uni($user['username']); 3262 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3263 if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive']) 3264 { 3265 $status = "online"; 3266 } 3267 else 3268 { 3269 $status = "offline"; 3270 } 3271 eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";"); 3272 ++$ignore_count; 3273 } 3274 } 3275 3276 $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count); 3277 if(!$ignore_list) 3278 { 3279 eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";"); 3280 } 3281 3282 // If an AJAX request from buddy management, echo out whatever the new list is. 3283 if($mybb->request_method == "post" && $mybb->input['ajax'] == 1) 3284 { 3285 if($mybb->input['manage'] == "ignored") 3286 { 3287 echo $ignore_list; 3288 echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>"; 3289 } 3290 else 3291 { 3292 if(isset($sent) && $sent === true) 3293 { 3294 $sent_rows = ''; 3295 $query = $db->query(" 3296 SELECT r.*, u.username 3297 FROM ".TABLE_PREFIX."buddyrequests r 3298 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid) 3299 WHERE r.uid=".(int)$mybb->user['uid']); 3300 3301 while($request = $db->fetch_array($query)) 3302 { 3303 $bgcolor = alt_trow(); 3304 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']); 3305 $request['date'] = my_date('relative', $request['date']); 3306 eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";"); 3307 } 3308 3309 if($sent_rows == '') 3310 { 3311 eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";"); 3312 } 3313 3314 eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";"); 3315 3316 echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>"; 3317 } 3318 else 3319 { 3320 echo $buddy_list; 3321 echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>"; 3322 } 3323 } 3324 exit; 3325 } 3326 3327 $received_rows = $bgcolor = ''; 3328 $query = $db->query(" 3329 SELECT r.*, u.username 3330 FROM ".TABLE_PREFIX."buddyrequests r 3331 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid) 3332 WHERE r.touid=".(int)$mybb->user['uid']); 3333 3334 while($request = $db->fetch_array($query)) 3335 { 3336 $bgcolor = alt_trow(); 3337 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']); 3338 $request['date'] = my_date('relative', $request['date']); 3339 eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";"); 3340 } 3341 3342 if($received_rows == '') 3343 { 3344 eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";"); 3345 } 3346 3347 eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";"); 3348 3349 $sent_rows = $bgcolor = ''; 3350 $query = $db->query(" 3351 SELECT r.*, u.username 3352 FROM ".TABLE_PREFIX."buddyrequests r 3353 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid) 3354 WHERE r.uid=".(int)$mybb->user['uid']); 3355 3356 while($request = $db->fetch_array($query)) 3357 { 3358 $bgcolor = alt_trow(); 3359 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']); 3360 $request['date'] = my_date('relative', $request['date']); 3361 eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";"); 3362 } 3363 3364 if($sent_rows == '') 3365 { 3366 eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";"); 3367 } 3368 3369 eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";"); 3370 3371 $plugins->run_hooks("usercp_editlists_end"); 3372 3373 eval("\$listpage = \"".$templates->get("usercp_editlists")."\";"); 3374 output_page($listpage); 3375 } 3376 3377 if($mybb->input['action'] == "drafts") 3378 { 3379 $plugins->run_hooks("usercp_drafts_start"); 3380 3381 $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'"); 3382 $draftcount = $db->fetch_field($query, 'draftcount'); 3383 3384 $drafts = $disable_delete_drafts = ''; 3385 $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount)); 3386 3387 // Show a listing of all of the current 'draft' posts or threads the user has. 3388 if($draftcount) 3389 { 3390 $query = $db->query(" 3391 SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible 3392 FROM ".TABLE_PREFIX."posts p 3393 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3394 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid) 3395 WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2' 3396 ORDER BY p.dateline DESC, p.pid DESC 3397 "); 3398 3399 while($draft = $db->fetch_array($query)) 3400 { 3401 $detail = ''; 3402 $trow = alt_trow(); 3403 if($draft['threadvisible'] == 1) // We're looking at a draft post 3404 { 3405 $draft['threadlink'] = get_thread_link($draft['tid']); 3406 $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']); 3407 eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";"); 3408 $editurl = "newreply.php?action=editdraft&pid={$draft['pid']}"; 3409 $id = $draft['pid']; 3410 $type = "post"; 3411 } 3412 elseif($draft['threadvisible'] == -2) // We're looking at a draft thread 3413 { 3414 $draft['forumlink'] = get_forum_link($draft['fid']); 3415 $draft['forumname'] = htmlspecialchars_uni($draft['forumname']); 3416 eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";"); 3417 $editurl = "newthread.php?action=editdraft&tid={$draft['tid']}"; 3418 $id = $draft['tid']; 3419 $type = "thread"; 3420 } 3421 3422 $draft['subject'] = htmlspecialchars_uni($draft['subject']); 3423 $savedate = my_date('relative', $draft['dateline']); 3424 eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";"); 3425 } 3426 } 3427 else 3428 { 3429 $disable_delete_drafts = 'disabled="disabled"'; 3430 eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";"); 3431 } 3432 3433 $plugins->run_hooks("usercp_drafts_end"); 3434 3435 eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";"); 3436 output_page($draftlist); 3437 } 3438 3439 if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post") 3440 { 3441 // Verify incoming POST request 3442 verify_post_check($mybb->get_input('my_post_key')); 3443 3444 $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY); 3445 if(empty($mybb->input['deletedraft'])) 3446 { 3447 error($lang->no_drafts_selected); 3448 } 3449 3450 $plugins->run_hooks("usercp_do_drafts_start"); 3451 3452 $pidin = array(); 3453 $tidin = array(); 3454 3455 foreach($mybb->input['deletedraft'] as $id => $val) 3456 { 3457 if($val == "post") 3458 { 3459 $pidin[] = "'".(int)$id."'"; 3460 } 3461 elseif($val == "thread") 3462 { 3463 $tidin[] = "'".(int)$id."'"; 3464 } 3465 } 3466 if($tidin) 3467 { 3468 $tidin = implode(",", $tidin); 3469 $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'"); 3470 $tidinp = "OR tid IN ($tidin)"; 3471 } 3472 else 3473 { 3474 $tidinp = ''; 3475 } 3476 if($pidin || $tidinp) 3477 { 3478 $pidinq = $tidin = ''; 3479 if($pidin) 3480 { 3481 $pidin = implode(",", $pidin); 3482 $pidinq = "pid IN ($pidin)"; 3483 } 3484 else 3485 { 3486 $pidinq = "1=0"; 3487 } 3488 $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'"); 3489 } 3490 $plugins->run_hooks("usercp_do_drafts_end"); 3491 redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted); 3492 } 3493 3494 if($mybb->input['action'] == "usergroups") 3495 { 3496 $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].","; 3497 3498 $usergroups = $mybb->cache->read('usergroups'); 3499 3500 $plugins->run_hooks("usercp_usergroups_start"); 3501 3502 // Changing our display group 3503 if($mybb->get_input('displaygroup', MyBB::INPUT_INT)) 3504 { 3505 // Verify incoming POST request 3506 verify_post_check($mybb->get_input('my_post_key')); 3507 3508 if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false) 3509 { 3510 error($lang->not_member_of_group); 3511 } 3512 3513 $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)]; 3514 if($dispgroup['candisplaygroup'] != 1) 3515 { 3516 error($lang->cannot_set_displaygroup); 3517 } 3518 $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'"); 3519 $cache->update_moderators(); 3520 $plugins->run_hooks("usercp_usergroups_change_displaygroup"); 3521 redirect("usercp.php?action=usergroups", $lang->display_group_changed); 3522 exit; 3523 } 3524 3525 // Leaving a group 3526 if($mybb->get_input('leavegroup', MyBB::INPUT_INT)) 3527 { 3528 // Verify incoming POST request 3529 verify_post_check($mybb->get_input('my_post_key')); 3530 3531 if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false) 3532 { 3533 error($lang->not_member_of_group); 3534 } 3535 if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT)) 3536 { 3537 error($lang->cannot_leave_primary_group); 3538 } 3539 3540 $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)]; 3541 if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5) 3542 { 3543 error($lang->cannot_leave_group); 3544 } 3545 leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT)); 3546 $plugins->run_hooks("usercp_usergroups_leave_group"); 3547 redirect("usercp.php?action=usergroups", $lang->left_group); 3548 exit; 3549 } 3550 3551 $groupleaders = array(); 3552 3553 // List of usergroup leaders 3554 $query = $db->query(" 3555 SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language 3556 FROM ".TABLE_PREFIX."groupleaders g 3557 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid) 3558 ORDER BY u.username ASC 3559 "); 3560 while($leader = $db->fetch_array($query)) 3561 { 3562 $groupleaders[$leader['gid']][$leader['uid']] = $leader; 3563 } 3564 3565 // Joining a group 3566 if($mybb->get_input('joingroup', MyBB::INPUT_INT)) 3567 { 3568 // Verify incoming POST request 3569 verify_post_check($mybb->get_input('my_post_key')); 3570 3571 $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)]; 3572 3573 if($usergroup['type'] == 5) 3574 { 3575 error($lang->cannot_join_invite_group); 3576 } 3577 3578 if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid']) 3579 { 3580 error($lang->cannot_join_group); 3581 } 3582 3583 if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false) 3584 { 3585 error($lang->already_member_of_group); 3586 } 3587 3588 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'"); 3589 $joinrequest = $db->fetch_array($query); 3590 3591 if($joinrequest) 3592 { 3593 error($lang->already_sent_join_request); 3594 } 3595 3596 if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4) 3597 { 3598 $reasonlength = my_strlen($mybb->get_input('reason')); 3599 3600 if($reasonlength > 250) // Reason field is varchar(250) in database 3601 { 3602 error($lang->sprintf($lang->joinreason_too_long, ($reasonlength - 250))); 3603 } 3604 3605 $now = TIME_NOW; 3606 $joinrequest = array( 3607 "uid" => $mybb->user['uid'], 3608 "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT), 3609 "reason" => $db->escape_string($mybb->get_input('reason')), 3610 "dateline" => TIME_NOW 3611 ); 3612 3613 $db->insert_query("joinrequests", $joinrequest); 3614 3615 if(array_key_exists($usergroup['gid'], $groupleaders)) 3616 { 3617 foreach($groupleaders[$usergroup['gid']] as $leader) 3618 { 3619 // Load language 3620 $lang->set_language($leader['language']); 3621 $lang->load("messages"); 3622 3623 $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']); 3624 $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']); 3625 my_mail($leader['email'], $subject, $message); 3626 } 3627 } 3628 3629 // Load language 3630 $lang->set_language($mybb->user['language']); 3631 $lang->load("messages"); 3632 3633 $plugins->run_hooks("usercp_usergroups_join_group_request"); 3634 redirect("usercp.php?action=usergroups", $lang->group_join_requestsent); 3635 exit; 3636 } 3637 elseif($usergroup['type'] == 4) 3638 { 3639 $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT); 3640 eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";"); 3641 output_page($joinpage); 3642 exit; 3643 } 3644 else 3645 { 3646 join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT)); 3647 $plugins->run_hooks("usercp_usergroups_join_group"); 3648 redirect("usercp.php?action=usergroups", $lang->joined_group); 3649 } 3650 } 3651 3652 // Accepting invitation 3653 if($mybb->get_input('acceptinvite', MyBB::INPUT_INT)) 3654 { 3655 // Verify incoming POST request 3656 verify_post_check($mybb->get_input('my_post_key')); 3657 3658 $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)]; 3659 3660 if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false) 3661 { 3662 error($lang->already_accepted_invite); 3663 } 3664 3665 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'"); 3666 $joinrequest = $db->fetch_array($query); 3667 if($joinrequest) 3668 { 3669 join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT)); 3670 $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'"); 3671 $plugins->run_hooks("usercp_usergroups_accept_invite"); 3672 redirect("usercp.php?action=usergroups", $lang->joined_group); 3673 } 3674 else 3675 { 3676 error($lang->no_pending_invitation); 3677 } 3678 } 3679 // Show listing of various group related things 3680 3681 // List of groups this user is a leader of 3682 $groupsledlist = ''; 3683 3684 switch($db->type) 3685 { 3686 case "pgsql": 3687 case "sqlite": 3688 $query = $db->query(" 3689 SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3690 FROM ".TABLE_PREFIX."groupleaders l 3691 LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid) 3692 LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid)) 3693 LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0) 3694 WHERE l.uid='".$mybb->user['uid']."' 3695 GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3696 "); 3697 break; 3698 default: 3699 $query = $db->query(" 3700 SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3701 FROM ".TABLE_PREFIX."groupleaders l 3702 LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid) 3703 LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid)) 3704 LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0) 3705 WHERE l.uid='".$mybb->user['uid']."' 3706 GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3707 "); 3708 } 3709 3710 while($usergroup = $db->fetch_array($query)) 3711 { 3712 $memberlistlink = $moderaterequestslink = ''; 3713 eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";"); 3714 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3715 if($usergroup['type'] != 4) 3716 { 3717 $usergroup['joinrequests'] = '--'; 3718 } 3719 if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1) 3720 { 3721 eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";"); 3722 } 3723 $groupleader[$usergroup['gid']] = 1; 3724 $trow = alt_trow(); 3725 eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";"); 3726 } 3727 $leadinggroups = ''; 3728 if($groupsledlist) 3729 { 3730 eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";"); 3731 } 3732 3733 // Fetch the list of groups the member is in 3734 // Do the primary group first 3735 $usergroup = $usergroups[$mybb->user['usergroup']]; 3736 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3737 $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']); 3738 if($usergroup['description']) 3739 { 3740 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3741 eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";"); 3742 } 3743 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";"); 3744 $trow = alt_trow(); 3745 if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup']) 3746 { 3747 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";"); 3748 } 3749 elseif($usergroup['candisplaygroup'] == 1) 3750 { 3751 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";"); 3752 } 3753 else 3754 { 3755 $displaycode = ''; 3756 } 3757 3758 eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";"); 3759 $showmemberof = false; 3760 if($mybb->user['additionalgroups']) 3761 { 3762 $additionalgroups = implode( 3763 ',', 3764 array_map( 3765 'intval', 3766 explode(',', $mybb->user['additionalgroups']) 3767 ) 3768 ); 3769 $query = $db->simple_select("usergroups", "*", "gid IN (".$additionalgroups.") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title')); 3770 while($usergroup = $db->fetch_array($query)) 3771 { 3772 $showmemberof = true; 3773 3774 if(isset($groupleader[$usergroup['gid']])) 3775 { 3776 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";"); 3777 } 3778 elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5) 3779 { 3780 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";"); 3781 } 3782 else 3783 { 3784 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";"); 3785 } 3786 3787 $description = ''; 3788 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3789 $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']); 3790 if($usergroup['description']) 3791 { 3792 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3793 eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";"); 3794 } 3795 $trow = alt_trow(); 3796 if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup']) 3797 { 3798 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";"); 3799 } 3800 elseif($usergroup['candisplaygroup'] == 1) 3801 { 3802 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";"); 3803 } 3804 else 3805 { 3806 $displaycode = ''; 3807 } 3808 eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";"); 3809 } 3810 } 3811 eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";"); 3812 3813 // List of groups this user has applied for but has not been accepted in to 3814 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'"); 3815 while($request = $db->fetch_array($query)) 3816 { 3817 $appliedjoin[$request['gid']] = $request['dateline']; 3818 } 3819 3820 // Fetch list of groups the member can join 3821 $existinggroups = $mybb->user['usergroup']; 3822 if($mybb->user['additionalgroups']) 3823 { 3824 $additionalgroups = implode( 3825 ',', 3826 array_map( 3827 'intval', 3828 explode(',', $mybb->user['additionalgroups']) 3829 ) 3830 ); 3831 $existinggroups .= ",".$additionalgroups; 3832 } 3833 3834 $joinablegroups = $joinablegrouplist = ''; 3835 $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4' OR type='5') AND gid NOT IN ($existinggroups)", array('order_by' => 'title')); 3836 while($usergroup = $db->fetch_array($query)) 3837 { 3838 $trow = alt_trow(); 3839 3840 $description = ''; 3841 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3842 if($usergroup['description']) 3843 { 3844 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3845 eval("\$description = \"".$templates->get("usercp_usergroups_joinable_usergroup_description")."\";"); 3846 } 3847 3848 // Moderating join requests? 3849 if($usergroup['type'] == 4) 3850 { 3851 $conditions = $lang->usergroup_joins_moderated; 3852 } 3853 elseif($usergroup['type'] == 5) 3854 { 3855 $conditions = $lang->usergroup_joins_invite; 3856 } 3857 else 3858 { 3859 $conditions = $lang->usergroup_joins_anyone; 3860 } 3861 3862 if(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] != 5) 3863 { 3864 $applydate = my_date('relative', $appliedjoin[$usergroup['gid']]); 3865 $joinlink = $lang->sprintf($lang->join_group_applied, $applydate); 3866 } 3867 elseif(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] == 5) 3868 { 3869 $joinlink = $lang->sprintf($lang->pending_invitation, $usergroup['gid'], $mybb->post_code); 3870 } 3871 elseif($usergroup['type'] == 5) 3872 { 3873 $joinlink = "--"; 3874 } 3875 else 3876 { 3877 eval("\$joinlink = \"".$templates->get("usercp_usergroups_joinable_usergroup_join")."\";"); 3878 } 3879 3880 $usergroupleaders = ''; 3881 if(!empty($groupleaders[$usergroup['gid']])) 3882 { 3883 $comma = ''; 3884 $usergroupleaders = ''; 3885 foreach($groupleaders[$usergroup['gid']] as $leader) 3886 { 3887 $leader['username'] = format_name(htmlspecialchars_uni($leader['username']), $leader['usergroup'], $leader['displaygroup']); 3888 $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']); 3889 $comma = $lang->comma; 3890 } 3891 $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders; 3892 } 3893 3894 if(my_strpos($usergroupleaders, $mybb->user['username']) === false) 3895 { 3896 // User is already a leader of the group, so don't show as a "Join Group" 3897 eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";"); 3898 } 3899 } 3900 if($joinablegrouplist) 3901 { 3902 eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";"); 3903 } 3904 3905 $plugins->run_hooks("usercp_usergroups_end"); 3906 3907 eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";"); 3908 output_page($groupmemberships); 3909 } 3910 3911 if($mybb->input['action'] == "attachments") 3912 { 3913 require_once MYBB_ROOT."inc/functions_upload.php"; 3914 3915 if($mybb->settings['enableattachments'] == 0) 3916 { 3917 error($lang->attachments_disabled); 3918 } 3919 3920 $plugins->run_hooks("usercp_attachments_start"); 3921 3922 // Get unviewable forums 3923 $f_perm_sql = ''; 3924 $unviewable_forums = get_unviewable_forums(true); 3925 $inactiveforums = get_inactive_forums(); 3926 if($unviewable_forums) 3927 { 3928 $f_perm_sql = " AND t.fid NOT IN ($unviewable_forums)"; 3929 } 3930 if($inactiveforums) 3931 { 3932 $f_perm_sql .= " AND t.fid NOT IN ($inactiveforums)"; 3933 } 3934 3935 $attachments = ''; 3936 3937 // Pagination 3938 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 3939 { 3940 $mybb->settings['threadsperpage'] = 20; 3941 } 3942 3943 $perpage = $mybb->settings['threadsperpage']; 3944 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3945 3946 if($page > 0) 3947 { 3948 $start = ($page-1) * $perpage; 3949 } 3950 else 3951 { 3952 $start = 0; 3953 $page = 1; 3954 } 3955 3956 $end = $start + $perpage; 3957 $lower = $start+1; 3958 3959 $query = $db->query(" 3960 SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject 3961 FROM ".TABLE_PREFIX."attachments a 3962 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 3963 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3964 WHERE a.uid='".$mybb->user['uid']."' {$f_perm_sql} 3965 ORDER BY p.dateline DESC, p.pid DESC LIMIT {$start}, {$perpage} 3966 "); 3967 3968 $bandwidth = $totaldownloads = $totalusage = $totalattachments = $processedattachments = 0; 3969 while($attachment = $db->fetch_array($query)) 3970 { 3971 if($attachment['dateline'] && $attachment['tid']) 3972 { 3973 $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject'])); 3974 $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']); 3975 $attachment['threadlink'] = get_thread_link($attachment['tid']); 3976 $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject'])); 3977 3978 $size = get_friendly_size($attachment['filesize']); 3979 $icon = get_attachment_icon(get_extension($attachment['filename'])); 3980 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 3981 3982 $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']); 3983 $attachdate = my_date('relative', $attachment['dateline']); 3984 $altbg = alt_trow(); 3985 3986 eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";"); 3987 3988 // Add to bandwidth total 3989 $bandwidth += ($attachment['filesize'] * $attachment['downloads']); 3990 $totaldownloads += $attachment['downloads']; 3991 $totalusage += $attachment['filesize']; 3992 ++$totalattachments; 3993 } 3994 else 3995 { 3996 // This little thing delets attachments without a thread/post 3997 remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']); 3998 } 3999 ++$processedattachments; 4000 } 4001 4002 $multipage = ''; 4003 if($processedattachments >= $perpage || $page > 1) 4004 { 4005 $query = $db->query(" 4006 SELECT SUM(a.filesize) AS ausage, COUNT(a.aid) AS acount 4007 FROM ".TABLE_PREFIX."attachments a 4008 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 4009 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4010 WHERE a.uid='".$mybb->user['uid']."' {$f_perm_sql} 4011 "); 4012 $usage = $db->fetch_array($query); 4013 $totalusage = $usage['ausage']; 4014 $totalattachments = $usage['acount']; 4015 4016 $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments"); 4017 } 4018 4019 $friendlyusage = get_friendly_size((int)$totalusage); 4020 if($mybb->usergroup['attachquota']) 4021 { 4022 $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100); 4023 $friendlyusage .= $lang->sprintf($lang->attachments_usage_percent, $percent); 4024 $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 4025 $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $totalattachments); 4026 } 4027 else 4028 { 4029 $attachquota = $lang->unlimited; 4030 $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments); 4031 } 4032 4033 $bandwidth = get_friendly_size($bandwidth); 4034 4035 eval("\$delete_button = \"".$templates->get("delete_attachments_button")."\";"); 4036 4037 if(!$attachments) 4038 { 4039 eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";"); 4040 $usagenote = ''; 4041 $delete_button = ''; 4042 } 4043 4044 $plugins->run_hooks("usercp_attachments_end"); 4045 4046 eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";"); 4047 output_page($manageattachments); 4048 } 4049 4050 if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post") 4051 { 4052 // Verify incoming POST request 4053 verify_post_check($mybb->get_input('my_post_key')); 4054 4055 require_once MYBB_ROOT."inc/functions_upload.php"; 4056 if(!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments'])) 4057 { 4058 error($lang->no_attachments_selected); 4059 } 4060 4061 $plugins->run_hooks("usercp_do_attachments_start"); 4062 4063 // Get unviewable forums 4064 $f_perm_sql = ''; 4065 $unviewable_forums = get_unviewable_forums(true); 4066 $inactiveforums = get_inactive_forums(); 4067 if($unviewable_forums) 4068 { 4069 $f_perm_sql = " AND p.fid NOT IN ($unviewable_forums)"; 4070 } 4071 if($inactiveforums) 4072 { 4073 $f_perm_sql .= " AND p.fid NOT IN ($inactiveforums)"; 4074 } 4075 4076 $aids = implode(',', array_map('intval', $mybb->input['attachments'])); 4077 4078 $query = $db->query(" 4079 SELECT a.*, p.fid 4080 FROM ".TABLE_PREFIX."attachments a 4081 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 4082 WHERE aid IN ({$aids}) AND a.uid={$mybb->user['uid']} {$f_perm_sql} 4083 "); 4084 4085 while($attachment = $db->fetch_array($query)) 4086 { 4087 remove_attachment($attachment['pid'], '', $attachment['aid']); 4088 } 4089 $plugins->run_hooks("usercp_do_attachments_end"); 4090 redirect("usercp.php?action=attachments", $lang->attachments_deleted); 4091 } 4092 4093 if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post") 4094 { 4095 // Verify incoming POST request 4096 verify_post_check($mybb->get_input('my_post_key')); 4097 4098 // Cap at 60,000 chars; text will allow up to 65535? 4099 if(my_strlen($mybb->get_input('notepad')) > 60000) 4100 { 4101 $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000); 4102 } 4103 4104 $plugins->run_hooks("usercp_do_notepad_start"); 4105 $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='".$mybb->user['uid']."'"); 4106 $plugins->run_hooks("usercp_do_notepad_end"); 4107 redirect("usercp.php", $lang->redirect_notepadupdated); 4108 } 4109 4110 if(!$mybb->input['action']) 4111 { 4112 // Get posts per day 4113 $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600); 4114 4115 if($daysreg < 1) 4116 { 4117 $daysreg = 1; 4118 } 4119 4120 $perday = $mybb->user['postnum'] / $daysreg; 4121 $perday = round($perday, 2); 4122 if($perday > $mybb->user['postnum']) 4123 { 4124 $perday = $mybb->user['postnum']; 4125 } 4126 4127 $stats = $cache->read("stats"); 4128 $posts = $stats['numposts']; 4129 if($posts == 0) 4130 { 4131 $percent = "0"; 4132 } 4133 else 4134 { 4135 $percent = $mybb->user['postnum']*100/$posts; 4136 $percent = round($percent, 2); 4137 } 4138 4139 $colspan = 2; 4140 $lang->posts_day = $lang->sprintf($lang->posts_day, my_number_format($perday), $percent); 4141 $regdate = my_date('relative', $mybb->user['regdate']); 4142 4143 $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100'); 4144 $avatar_username = htmlspecialchars_uni($mybb->user['username']); 4145 eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";"); 4146 4147 $mybb->user['email'] = htmlspecialchars_uni($mybb->user['email']); 4148 4149 $usergroup = htmlspecialchars_uni($groupscache[$mybb->user['usergroup']]['title']); 4150 if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin") 4151 { 4152 eval("\$usergroup .= \"".$templates->get("usercp_resendactivation")."\";"); 4153 } 4154 // Make reputations row 4155 $reputation = ''; 4156 if($mybb->usergroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) 4157 { 4158 $reputation_link = get_reputation($mybb->user['reputation']); 4159 eval("\$reputation = \"".$templates->get("usercp_reputation")."\";"); 4160 } 4161 4162 $latest_warnings = ''; 4163 if($mybb->settings['enablewarningsystem'] != 0 && $mybb->settings['canviewownwarning'] != 0) 4164 { 4165 if($mybb->settings['maxwarningpoints'] < 1) 4166 { 4167 $mybb->settings['maxwarningpoints'] = 10; 4168 } 4169 $warning_level = round($mybb->user['warningpoints']/$mybb->settings['maxwarningpoints']*100); 4170 if($warning_level > 100) 4171 { 4172 $warning_level = 100; 4173 } 4174 4175 if($mybb->user['warningpoints'] > $mybb->settings['maxwarningpoints']) 4176 { 4177 $mybb->user['warningpoints'] = $mybb->settings['maxwarningpoints']; 4178 } 4179 4180 if($warning_level > 0) 4181 { 4182 require_once MYBB_ROOT.'inc/datahandlers/warnings.php'; 4183 $warningshandler = new WarningsHandler('update'); 4184 4185 $warningshandler->expire_warnings(); 4186 4187 $lang->current_warning_level = $lang->sprintf($lang->current_warning_level, $warning_level, $mybb->user['warningpoints'], $mybb->settings['maxwarningpoints']); 4188 $warnings = ''; 4189 // Fetch latest warnings 4190 $query = $db->query(" 4191 SELECT w.*, t.title AS type_title, u.username, p.subject AS post_subject 4192 FROM ".TABLE_PREFIX."warnings w 4193 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (t.tid=w.tid) 4194 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=w.issuedby) 4195 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=w.pid) 4196 WHERE w.uid='{$mybb->user['uid']}' 4197 ORDER BY w.expired ASC, w.dateline DESC 4198 LIMIT 5 4199 "); 4200 while($warning = $db->fetch_array($query)) 4201 { 4202 $post_link = ""; 4203 if($warning['post_subject']) 4204 { 4205 $warning['post_subject'] = $parser->parse_badwords($warning['post_subject']); 4206 $warning['post_subject'] = htmlspecialchars_uni($warning['post_subject']); 4207 $warning['postlink'] = get_post_link($warning['pid']); 4208 eval("\$post_link .= \"".$templates->get("usercp_warnings_warning_post")."\";"); 4209 } 4210 $warning['username'] = htmlspecialchars_uni($warning['username']); 4211 $issuedby = build_profile_link($warning['username'], $warning['issuedby']); 4212 $date_issued = my_date('relative', $warning['dateline']); 4213 if($warning['type_title']) 4214 { 4215 $warning_type = $warning['type_title']; 4216 } 4217 else 4218 { 4219 $warning_type = $warning['title']; 4220 } 4221 $warning_type = htmlspecialchars_uni($warning_type); 4222 if($warning['points'] > 0) 4223 { 4224 $warning['points'] = "+{$warning['points']}"; 4225 } 4226 $points = $lang->sprintf($lang->warning_points, $warning['points']); 4227 4228 // Figure out expiration time 4229 if($warning['daterevoked']) 4230 { 4231 $expires = $lang->warning_revoked; 4232 } 4233 elseif($warning['expired']) 4234 { 4235 $expires = $lang->already_expired; 4236 } 4237 elseif($warning['expires'] == 0) 4238 { 4239 $expires = $lang->never; 4240 } 4241 else 4242 { 4243 $expires = nice_time($warning['expires']-TIME_NOW); 4244 } 4245 4246 $alt_bg = alt_trow(); 4247 eval("\$warnings .= \"".$templates->get("usercp_warnings_warning")."\";"); 4248 } 4249 if($warnings) 4250 { 4251 eval("\$latest_warnings = \"".$templates->get("usercp_warnings")."\";"); 4252 } 4253 } 4254 } 4255 4256 // Format username 4257 $username = format_name(htmlspecialchars_uni($mybb->user['username']), $mybb->user['usergroup'], $mybb->user['displaygroup']); 4258 $username = build_profile_link($username, $mybb->user['uid']); 4259 4260 // Format post numbers 4261 $mybb->user['posts'] = my_number_format($mybb->user['postnum']); 4262 4263 // Build referral link 4264 $referral_info = ''; 4265 if($mybb->settings['usereferrals'] == 1) 4266 { 4267 $referral_link = $lang->sprintf($lang->referral_link, $settings['bburl'], $mybb->user['uid']); 4268 4269 $referral_count = (int) $mybb->user['referrals']; 4270 if($referral_count > 0) 4271 { 4272 $uid = (int) $mybb->user['uid']; 4273 eval("\$mybb->user['referrals'] = \"".$templates->get('member_referrals_link')."\";"); 4274 } 4275 4276 eval("\$referral_info = \"".$templates->get("usercp_referrals")."\";"); 4277 } 4278 4279 // User Notepad 4280 $plugins->run_hooks("usercp_notepad_start"); 4281 $mybb->user['notepad'] = htmlspecialchars_uni($mybb->user['notepad']); 4282 eval("\$user_notepad = \"".$templates->get("usercp_notepad")."\";"); 4283 $plugins->run_hooks("usercp_notepad_end"); 4284 4285 // Thread Subscriptions with New Posts 4286 $latest_subscribed = ''; 4287 $query = $db->simple_select("threadsubscriptions", "sid", "uid = '".$mybb->user['uid']."'", array("limit" => 1)); 4288 if($db->num_rows($query)) 4289 { 4290 $where = array( 4291 "s.uid={$mybb->user['uid']}", 4292 "t.lastposteruid!={$mybb->user['uid']}", 4293 get_visible_where('t') 4294 ); 4295 4296 if($unviewable_forums = get_unviewable_forums(true)) 4297 { 4298 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 4299 } 4300 4301 if($inactive_forums = get_inactive_forums()) 4302 { 4303 $where[] = "t.fid NOT IN ({$inactive_forums})"; 4304 } 4305 4306 $where = implode(' AND ', $where); 4307 4308 $query = $db->query(" 4309 SELECT s.*, t.*, t.username AS threadusername, u.username 4310 FROM ".TABLE_PREFIX."threadsubscriptions s 4311 LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid) 4312 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 4313 WHERE {$where} 4314 ORDER BY t.lastpost DESC 4315 LIMIT 0, 10 4316 "); 4317 4318 $subscriptions = array(); 4319 $fpermissions = forum_permissions(); 4320 4321 while($subscription = $db->fetch_array($query)) 4322 { 4323 $forumpermissions = $fpermissions[$subscription['fid']]; 4324 4325 if(!isset($forumpermissions['canonlyviewownthreads']) || $forumpermissions['canonlyviewownthreads'] == 0 || $subscription['uid'] == $mybb->user['uid']) 4326 { 4327 $subscriptions[$subscription['tid']] = $subscription; 4328 } 4329 } 4330 4331 if($subscriptions) 4332 { 4333 $tids = implode(",", array_keys($subscriptions)); 4334 4335 // Checking read 4336 if($mybb->settings['threadreadcut'] > 0) 4337 { 4338 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4339 while($readthread = $db->fetch_array($query)) 4340 { 4341 if($readthread['dateline'] >= $subscriptions[$readthread['tid']]['lastpost']) 4342 { 4343 unset($subscriptions[$readthread['tid']]); // If it's already been read, then don't display the thread 4344 } 4345 else 4346 { 4347 $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline']; 4348 } 4349 } 4350 } 4351 4352 if($subscriptions) 4353 { 4354 if($mybb->settings['dotfolders'] != 0) 4355 { 4356 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4357 while($post = $db->fetch_array($query)) 4358 { 4359 $subscriptions[$post['tid']]['doticon'] = 1; 4360 } 4361 } 4362 4363 $icon_cache = array(); 4364 4365 if($mybb->settings['allowposticons'] == 1) 4366 { 4367 $icon_cache = (array)$cache->read("posticons"); 4368 } 4369 4370 $threadprefixes = build_prefixes(); 4371 $latest_subscribed_threads = ''; 4372 4373 $forums_cache = cache_forums(); 4374 4375 foreach($subscriptions as $thread) 4376 { 4377 $plugins->run_hooks("usercp_thread_subscriptions_thread"); 4378 $folder = ''; 4379 $folder_label = ''; 4380 $gotounread = ''; 4381 4382 if(!empty($thread['tid'])) 4383 { 4384 $bgcolor = alt_trow(); 4385 $thread['subject'] = $parser->parse_badwords($thread['subject']); 4386 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 4387 $thread['threadlink'] = get_thread_link($thread['tid']); 4388 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 4389 4390 // If this thread has a prefix... 4391 if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']])) 4392 { 4393 $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 4394 } 4395 else 4396 { 4397 $thread['displayprefix'] = ''; 4398 } 4399 4400 // Icons 4401 if($thread['icon'] > 0 && isset($icon_cache[$thread['icon']]) && $forums_cache[$thread['fid']]['allowpicons'] != 0) 4402 { 4403 $icon = $icon_cache[$thread['icon']]; 4404 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 4405 $icon['path'] = htmlspecialchars_uni($icon['path']); 4406 $icon['name'] = htmlspecialchars_uni($icon['name']); 4407 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 4408 } 4409 else 4410 { 4411 $icon = " "; 4412 } 4413 4414 if(!isset($thread['doticon'])) 4415 { 4416 $folder = "dot_"; 4417 $folder_label .= $lang->icon_dot; 4418 } 4419 4420 // Check to see which icon we display 4421 if(!empty($thread['lastread']) && $thread['lastread'] < $thread['lastpost']) 4422 { 4423 $folder .= "new"; 4424 $folder_label .= $lang->icon_new; 4425 $new_class = "subject_new"; 4426 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 4427 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 4428 } 4429 else 4430 { 4431 $folder_label .= $lang->icon_no_new; 4432 $new_class = "subject_old"; 4433 } 4434 4435 $folder .= "folder"; 4436 4437 if($thread['visible'] == 0) 4438 { 4439 $bgcolor = "trow_shaded"; 4440 } 4441 4442 $lastpostdate = my_date('relative', $thread['lastpost']); 4443 $lastposteruid = $thread['lastposteruid']; 4444 if(!$lastposteruid && !$thread['lastposter']) 4445 { 4446 $lastposter = htmlspecialchars_uni($lang->guest); 4447 } 4448 else 4449 { 4450 $lastposter = htmlspecialchars_uni($thread['lastposter']); 4451 } 4452 4453 if($lastposteruid == 0) 4454 { 4455 $lastposterlink = $lastposter; 4456 } 4457 else 4458 { 4459 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 4460 } 4461 4462 $thread['replies'] = my_number_format($thread['replies']); 4463 $thread['views'] = my_number_format($thread['views']); 4464 $thread['username'] = htmlspecialchars_uni($thread['username']); 4465 $thread['author'] = build_profile_link($thread['username'], $thread['uid']); 4466 4467 eval("\$latest_subscribed_threads .= \"".$templates->get("usercp_latest_subscribed_threads")."\";"); 4468 } 4469 } 4470 eval("\$latest_subscribed = \"".$templates->get("usercp_latest_subscribed")."\";"); 4471 } 4472 } 4473 } 4474 4475 // User's Latest Threads 4476 $where = array( 4477 "t.uid={$mybb->user['uid']}", 4478 get_visible_where('t') 4479 ); 4480 4481 if($unviewable_forums = get_unviewable_forums(true)) 4482 { 4483 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 4484 } 4485 4486 if($inactive_forums = get_inactive_forums()) 4487 { 4488 $where[] = "t.fid NOT IN ({$inactive_forums})"; 4489 } 4490 4491 $where = implode(' AND ', $where); 4492 4493 $query = $db->query(" 4494 SELECT t.*, t.username AS threadusername, u.username 4495 FROM ".TABLE_PREFIX."threads t 4496 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 4497 WHERE {$where} 4498 ORDER BY t.lastpost DESC 4499 LIMIT 0, 5 4500 "); 4501 4502 // Figure out whether we can view these threads... 4503 $threadcache = array(); 4504 $fpermissions = forum_permissions(); 4505 while($thread = $db->fetch_array($query)) 4506 { 4507 $threadcache[$thread['tid']] = $thread; 4508 } 4509 4510 $latest_threads = ''; 4511 if(!empty($threadcache)) 4512 { 4513 $tids = implode(",", array_keys($threadcache)); 4514 $readforums = array(); 4515 4516 // Read Forums 4517 $query = $db->query(" 4518 SELECT f.fid, fr.dateline AS lastread 4519 FROM ".TABLE_PREFIX."forums f 4520 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 4521 WHERE f.active != 0 4522 ORDER BY pid, disporder 4523 "); 4524 4525 while($forum = $db->fetch_array($query)) 4526 { 4527 $readforums[$forum['fid']] = $forum['lastread']; 4528 } 4529 4530 // Threads being read? 4531 if($mybb->settings['threadreadcut'] > 0) 4532 { 4533 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4534 while($readthread = $db->fetch_array($query)) 4535 { 4536 $threadcache[$readthread['tid']]['lastread'] = $readthread['dateline']; 4537 } 4538 } 4539 4540 // Icon Stuff 4541 if($mybb->settings['dotfolders'] != 0) 4542 { 4543 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4544 while($post = $db->fetch_array($query)) 4545 { 4546 $threadcache[$post['tid']]['doticon'] = 1; 4547 } 4548 } 4549 4550 $icon_cache = array(); 4551 4552 if($mybb->settings['allowposticons'] == 1) 4553 { 4554 $icon_cache = (array)$cache->read("posticons"); 4555 } 4556 4557 $threadprefixes = build_prefixes(); 4558 4559 $forums_cache = cache_forums(); 4560 4561 // Run the threads... 4562 $latest_threads_threads = ''; 4563 foreach($threadcache as $thread) 4564 { 4565 $plugins->run_hooks("usercp_latest_threads_thread"); 4566 if(!empty($thread['tid'])) 4567 { 4568 $bgcolor = alt_trow(); 4569 $folder = ''; 4570 $folder_label = ''; 4571 $prefix = ''; 4572 $gotounread = ''; 4573 $isnew = 0; 4574 $donenew = 0; 4575 $lastread = 0; 4576 4577 // If this thread has a prefix... 4578 if($thread['prefix'] != 0) 4579 { 4580 if(!empty($threadprefixes[$thread['prefix']])) 4581 { 4582 $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 4583 } 4584 } 4585 else 4586 { 4587 $thread['displayprefix'] = ''; 4588 } 4589 4590 $thread['subject'] = $parser->parse_badwords($thread['subject']); 4591 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 4592 $thread['threadlink'] = get_thread_link($thread['tid']); 4593 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 4594 4595 if($thread['icon'] > 0 && !empty($icon_cache[$thread['icon']]) && $forums_cache[$thread['fid']]['allowpicons'] != 0) 4596 { 4597 $icon = $icon_cache[$thread['icon']]; 4598 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 4599 $icon['path'] = htmlspecialchars_uni($icon['path']); 4600 $icon['name'] = htmlspecialchars_uni($icon['name']); 4601 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 4602 } 4603 else 4604 { 4605 $icon = " "; 4606 } 4607 4608 if($mybb->settings['threadreadcut'] > 0) 4609 { 4610 $forum_read = $readforums[$thread['fid']]; 4611 4612 $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 4613 if($forum_read == 0 || $forum_read < $read_cutoff) 4614 { 4615 $forum_read = $read_cutoff; 4616 } 4617 } 4618 4619 if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read) 4620 { 4621 $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 4622 } 4623 4624 $cutoff = 0; 4625 if($thread['lastpost'] > $cutoff) 4626 { 4627 if(!empty($thread['lastread'])) 4628 { 4629 $lastread = $thread['lastread']; 4630 } 4631 } 4632 4633 if(!$lastread) 4634 { 4635 $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']); 4636 if($readcookie > $forum_read) 4637 { 4638 $lastread = $readcookie; 4639 } 4640 else 4641 { 4642 $lastread = $forum_read; 4643 } 4644 } 4645 4646 // Folder Icons 4647 if(!empty($thread['doticon'])) 4648 { 4649 $folder = "dot_"; 4650 $folder_label .= $lang->icon_dot; 4651 } 4652 4653 if($thread['lastpost'] > $lastread && $lastread) 4654 { 4655 $folder .= "new"; 4656 $folder_label .= $lang->icon_new; 4657 $new_class = "subject_new"; 4658 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 4659 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 4660 $unreadpost = 1; 4661 } 4662 else 4663 { 4664 $folder_label .= $lang->icon_no_new; 4665 $new_class = "subject_old"; 4666 } 4667 4668 if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews']) 4669 { 4670 $folder .= "hot"; 4671 $folder_label .= $lang->icon_hot; 4672 } 4673 4674 // Is our thread visible? 4675 if($thread['visible'] == 0) 4676 { 4677 $bgcolor = 'trow_shaded'; 4678 } 4679 4680 if($thread['closed'] == 1) 4681 { 4682 $folder .= "close"; 4683 $folder_label .= $lang->icon_close; 4684 } 4685 4686 $folder .= "folder"; 4687 4688 $lastpostdate = my_date('relative', $thread['lastpost']); 4689 $lastposter = htmlspecialchars_uni($thread['lastposter']); 4690 $lastposteruid = $thread['lastposteruid']; 4691 4692 if($lastposteruid == 0) 4693 { 4694 $lastposterlink = $lastposter; 4695 } 4696 else 4697 { 4698 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 4699 } 4700 4701 $thread['replies'] = my_number_format($thread['replies']); 4702 $thread['views'] = my_number_format($thread['views']); 4703 $thread['username'] = htmlspecialchars_uni($thread['username']); 4704 $thread['author'] = build_profile_link($thread['username'], $thread['uid']); 4705 4706 eval("\$latest_threads_threads .= \"".$templates->get("usercp_latest_threads_threads")."\";"); 4707 } 4708 } 4709 4710 eval("\$latest_threads = \"".$templates->get("usercp_latest_threads")."\";"); 4711 } 4712 4713 $plugins->run_hooks("usercp_end"); 4714 4715 eval("\$usercp = \"".$templates->get("usercp")."\";"); 4716 output_page($usercp); 4717 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |