[ Index ]

PHP Cross Reference of MyBB 1.8.39

title

Body

[close]

/ -> usercp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'usercp.php');
  13  define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions");
  14  
  15  $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon";
  16  $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation";
  18  $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom";
  19  $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle";
  20  $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text";
  21  $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings";
  22  $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join";
  23  $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  24  $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_profile_contact_fields_field,usercp_latest_subscribed_threads,usercp_profile_contact_fields,usercp_profile_day,usercp_nav_home";
  25  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox";
  26  $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options";
  27  $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user";
  28  $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms";
  29  $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format";
  30  $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply";
  31  $templatelist .= ",usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,";
  32  
  33  require_once  "./global.php";
  34  require_once  MYBB_ROOT."inc/functions_post.php";
  35  require_once  MYBB_ROOT."inc/functions_search.php";
  36  require_once  MYBB_ROOT."inc/functions_user.php";
  37  require_once  MYBB_ROOT."inc/class_parser.php";
  38  $parser = new postParser;
  39  
  40  // Load global language phrases
  41  $lang->load("usercp");
  42  
  43  if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $errors = '';
  49  
  50  $mybb->input['action'] = $mybb->get_input('action');
  51  
  52  usercp_menu();
  53  
  54  $server_http_referer = '';
  55  if(isset($_SERVER['HTTP_REFERER']))
  56  {
  57      $server_http_referer = htmlentities($_SERVER['HTTP_REFERER']);
  58  
  59      if(my_strpos($server_http_referer, $mybb->settings['bburl'].'/') !== 0)
  60      {
  61          if(my_strpos($server_http_referer, '/') === 0)
  62          {
  63              $server_http_referer = my_substr($server_http_referer, 1);
  64          }
  65          $url_segments = explode('/', $server_http_referer);
  66          $server_http_referer = $mybb->settings['bburl'].'/'.end($url_segments);
  67      }
  68  }
  69  
  70  $plugins->run_hooks("usercp_start");
  71  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
  72  {
  73      require_once  MYBB_ROOT."inc/datahandlers/user.php";
  74      $userhandler = new UserDataHandler();
  75  
  76      $data = array(
  77          'uid' => $mybb->user['uid'],
  78          'signature' => $mybb->get_input('signature'),
  79      );
  80  
  81      $userhandler->set_data($data);
  82  
  83      if(!$userhandler->verify_signature())
  84      {
  85          $error = inline_error($userhandler->get_friendly_errors());
  86      }
  87  
  88      if(isset($error) || !empty($mybb->input['preview']))
  89      {
  90          $mybb->input['action'] = "editsig";
  91      }
  92  }
  93  
  94  // Make navigation
  95  add_breadcrumb($lang->nav_usercp, "usercp.php");
  96  
  97  switch($mybb->input['action'])
  98  {
  99      case "profile":
 100      case "do_profile":
 101          add_breadcrumb($lang->ucp_nav_profile);
 102          break;
 103      case "options":
 104      case "do_options":
 105          add_breadcrumb($lang->nav_options);
 106          break;
 107      case "email":
 108      case "do_email":
 109          add_breadcrumb($lang->nav_email);
 110          break;
 111      case "password":
 112      case "do_password":
 113          add_breadcrumb($lang->nav_password);
 114          break;
 115      case "changename":
 116      case "do_changename":
 117          add_breadcrumb($lang->nav_changename);
 118          break;
 119      case "subscriptions":
 120          add_breadcrumb($lang->ucp_nav_subscribed_threads);
 121          break;
 122      case "forumsubscriptions":
 123          add_breadcrumb($lang->ucp_nav_forum_subscriptions);
 124          break;
 125      case "editsig":
 126      case "do_editsig":
 127          add_breadcrumb($lang->nav_editsig);
 128          break;
 129      case "avatar":
 130      case "do_avatar":
 131          add_breadcrumb($lang->nav_avatar);
 132          break;
 133      case "notepad":
 134      case "do_notepad":
 135          add_breadcrumb($lang->ucp_nav_notepad);
 136          break;
 137      case "editlists":
 138      case "do_editlists":
 139          add_breadcrumb($lang->ucp_nav_editlists);
 140          break;
 141      case "drafts":
 142          add_breadcrumb($lang->ucp_nav_drafts);
 143          break;
 144      case "usergroups":
 145          add_breadcrumb($lang->ucp_nav_usergroups);
 146          break;
 147      case "attachments":
 148          add_breadcrumb($lang->ucp_nav_attachments);
 149          break;
 150  }
 151  
 152  if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
 153  {
 154      // Verify incoming POST request
 155      verify_post_check($mybb->get_input('my_post_key'));
 156  
 157      $user = array();
 158  
 159      $plugins->run_hooks("usercp_do_profile_start");
 160  
 161      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
 162      {
 163          $awaydate = TIME_NOW;
 164          if(!empty($mybb->input['awayday']))
 165          {
 166              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 167              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
 168              {
 169                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
 170              }
 171              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
 172              {
 173                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
 174              }
 175  
 176              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
 177              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
 178              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
 179  
 180              // Check if return date is after the away date.
 181              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 182              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 183              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 184              {
 185                  error($lang->error_usercp_return_date_past);
 186              }
 187  
 188              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 189          }
 190          else
 191          {
 192              $returndate = "";
 193          }
 194          $away = array(
 195              "away" => 1,
 196              "date" => $awaydate,
 197              "returndate" => $returndate,
 198              "awayreason" => $mybb->get_input('awayreason')
 199          );
 200      }
 201      else
 202      {
 203          $away = array(
 204              "away" => 0,
 205              "date" => '',
 206              "returndate" => '',
 207              "awayreason" => ''
 208          );
 209      }
 210  
 211      $bday = array(
 212          "day" => $mybb->get_input('bday1', MyBB::INPUT_INT),
 213          "month" => $mybb->get_input('bday2', MyBB::INPUT_INT),
 214          "year" => $mybb->get_input('bday3', MyBB::INPUT_INT)
 215      );
 216  
 217      // Set up user handler.
 218      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 219      $userhandler = new UserDataHandler("update");
 220  
 221      $user = array_merge($user, array(
 222          "uid" => $mybb->user['uid'],
 223          "postnum" => $mybb->user['postnum'],
 224          "usergroup" => $mybb->user['usergroup'],
 225          "additionalgroups" => $mybb->user['additionalgroups'],
 226          "birthday" => $bday,
 227          "birthdayprivacy" => $mybb->get_input('birthdayprivacy'),
 228          "away" => $away,
 229          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY)
 230      ));
 231      foreach(array('skype', 'google') as $cfield)
 232      {
 233          $csetting = 'allow'.$cfield.'field';
 234          if($mybb->settings[$csetting] == '')
 235          {
 236              continue;
 237          }
 238  
 239          if(!is_member($mybb->settings[$csetting]))
 240          {
 241              continue;
 242          }
 243  
 244          $user[$cfield] = $mybb->get_input($cfield);
 245  
 246          if(my_strlen($user[$cfield]) > 75)
 247          {
 248              error($lang->contact_field_error);
 249          }
 250      }
 251  
 252      if($mybb->usergroup['canchangewebsite'] == 1)
 253      {
 254          $user['website'] = $mybb->get_input('website');
 255      }
 256  
 257      if($mybb->usergroup['cancustomtitle'] == 1)
 258      {
 259          if($mybb->get_input('usertitle') != '')
 260          {
 261              $user['usertitle'] = $mybb->get_input('usertitle');
 262          }
 263          elseif(!empty($mybb->input['reverttitle']))
 264          {
 265              $user['usertitle'] = '';
 266          }
 267      }
 268      $userhandler->set_data($user);
 269  
 270      if(!$userhandler->validate_user())
 271      {
 272          $errors = $userhandler->get_friendly_errors();
 273          $raw_errors = $userhandler->get_errors();
 274  
 275          // Set to stored value if invalid
 276          if(array_key_exists("invalid_birthday_privacy", $raw_errors) || array_key_exists("conflicted_birthday_privacy", $raw_errors))
 277          {
 278              $mybb->input['birthdayprivacy'] = $mybb->user['birthdayprivacy'];
 279              $bday = explode("-", $mybb->user['birthday']);
 280  
 281              if(isset($bday[2]))
 282              {
 283                  $mybb->input['bday3'] = $bday[2];
 284              }
 285          }
 286  
 287          $errors = inline_error($errors);
 288          $mybb->input['action'] = "profile";
 289      }
 290      else
 291      {
 292          $userhandler->update_user();
 293  
 294          $plugins->run_hooks("usercp_do_profile_end");
 295          redirect("usercp.php?action=profile", $lang->redirect_profileupdated);
 296      }
 297  }
 298  
 299  if($mybb->input['action'] == "profile")
 300  {
 301      if($errors)
 302      {
 303          $user = $mybb->input;
 304          $bday = array();
 305          $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 306          $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 307          $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 308      }
 309      else
 310      {
 311          $user = $mybb->user;
 312          $bday = explode("-", $user['birthday']);
 313          if(!isset($bday[1]))
 314          {
 315              $bday[1] = 0;
 316          }
 317      }
 318      if(!isset($bday[2]) || $bday[2] == 0)
 319      {
 320          $bday[2] = '';
 321      }
 322  
 323      $plugins->run_hooks("usercp_profile_start");
 324  
 325      $bdaydaysel = '';
 326      for($day = 1; $day <= 31; ++$day)
 327      {
 328          if($bday[0] == $day)
 329          {
 330              $selected = "selected=\"selected\"";
 331          }
 332          else
 333          {
 334              $selected = '';
 335          }
 336  
 337          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
 338      }
 339  
 340      $bdaymonthsel = array();
 341      foreach(range(1, 12) as $month)
 342      {
 343          $bdaymonthsel[$month] = '';
 344      }
 345      $bdaymonthsel[$bday[1]] = 'selected="selected"';
 346  
 347      $allselected = $noneselected = $ageselected = '';
 348      if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy'])
 349      {
 350          $allselected = " selected=\"selected\"";
 351      }
 352      elseif($user['birthdayprivacy'] == 'none')
 353      {
 354          $noneselected = " selected=\"selected\"";
 355      }
 356      elseif($user['birthdayprivacy'] == 'age')
 357      {
 358          $ageselected = " selected=\"selected\"";
 359      }
 360  
 361      if(!my_validate_url($user['website']))
 362      {
 363          $user['website'] = '';
 364      }
 365      else
 366      {
 367          $user['website'] = htmlspecialchars_uni($user['website']);
 368      }
 369  
 370      if($errors)
 371      {
 372          $user['skype'] = htmlspecialchars_uni($user['skype']);
 373          $user['google'] = htmlspecialchars_uni($user['google']);
 374      }
 375  
 376      $contact_fields = array();
 377      $contactfields = '';
 378      $cfieldsshow = false;
 379  
 380      foreach(array('skype', 'google') as $cfield)
 381      {
 382          $contact_fields[$cfield] = '';
 383          $csetting = 'allow'.$cfield.'field';
 384          if($mybb->settings[$csetting] == '')
 385          {
 386              continue;
 387          }
 388  
 389          if(!is_member($mybb->settings[$csetting]))
 390          {
 391              continue;
 392          }
 393  
 394          $cfieldsshow = true;
 395  
 396          $lang_string = 'contact_field_'.$cfield;
 397          $lang_string = $lang->{$lang_string};
 398          $cfvalue = htmlspecialchars_uni($user[$cfield]);
 399  
 400          eval('$contact_fields[$cfield] = "'.$templates->get('usercp_profile_contact_fields_field').'";');
 401      }
 402  
 403      if($cfieldsshow)
 404      {
 405          eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";');
 406      }
 407  
 408      $awaysection = '';
 409      if($mybb->settings['allowaway'] != 0)
 410      {
 411          $awaycheck = array('', '');
 412          if($errors)
 413          {
 414              if($user['away'] == 1)
 415              {
 416                  $awaycheck[1] = "checked=\"checked\"";
 417              }
 418              else
 419              {
 420                  $awaycheck[0] = "checked=\"checked\"";
 421              }
 422              $returndate = array();
 423              $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT);
 424              $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT);
 425              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
 426              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
 427          }
 428          else
 429          {
 430              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
 431              if($mybb->user['away'] == 1)
 432              {
 433                  $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
 434                  $awaycheck[1] = "checked=\"checked\"";
 435                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
 436              }
 437              else
 438              {
 439                  $awaynotice = $lang->away_notice;
 440                  $awaycheck[0] = "checked=\"checked\"";
 441              }
 442              $returndate = explode("-", $mybb->user['returndate']);
 443              if(!isset($returndate[1]))
 444              {
 445                  $returndate[1] = 0;
 446              }
 447              if(!isset($returndate[2]))
 448              {
 449                  $returndate[2] = '';
 450              }
 451          }
 452  
 453          $returndatesel = '';
 454          for($day = 1; $day <= 31; ++$day)
 455          {
 456              if($returndate[0] == $day)
 457              {
 458                  $selected = "selected=\"selected\"";
 459              }
 460              else
 461              {
 462                  $selected = '';
 463              }
 464  
 465              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
 466          }
 467  
 468          $returndatemonthsel = array();
 469          foreach(range(1, 12) as $month)
 470          {
 471              $returndatemonthsel[$month] = '';
 472          }
 473          $returndatemonthsel[$returndate[1]] = "selected";
 474  
 475          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
 476      }
 477  
 478      // Custom profile fields baby!
 479      $altbg = "trow1";
 480      $requiredfields = $customfields = '';
 481      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 482  
 483      $pfcache = $cache->read('profilefields');
 484  
 485      if(is_array($pfcache))
 486      {
 487          foreach($pfcache as $profilefield)
 488          {
 489              if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum']))
 490              {
 491                  continue;
 492              }
 493  
 494              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
 495              $seloptions = array();
 496              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 497              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 498              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 499              $thing = explode("\n", $profilefield['type'], "2");
 500              $type = $thing[0];
 501              if(isset($thing[1]))
 502              {
 503                  $options = $thing[1];
 504              }
 505              else
 506              {
 507                  $options = array();
 508              }
 509              $field = "fid{$profilefield['fid']}";
 510              if($errors)
 511              {
 512                  if(!isset($mybb->input['profile_fields'][$field]))
 513                  {
 514                      $mybb->input['profile_fields'][$field] = '';
 515                  }
 516                  $userfield = $mybb->input['profile_fields'][$field];
 517              }
 518              else
 519              {
 520                  $userfield = $user[$field];
 521              }
 522              if($type == "multiselect")
 523              {
 524                  if($errors)
 525                  {
 526                      $useropts = $userfield;
 527                  }
 528                  else
 529                  {
 530                      $useropts = explode("\n", $userfield);
 531                  }
 532                  if(is_array($useropts))
 533                  {
 534                      foreach($useropts as $key => $val)
 535                      {
 536                          $val = htmlspecialchars_uni($val);
 537                          $seloptions[$val] = $val;
 538                      }
 539                  }
 540                  $expoptions = explode("\n", $options);
 541                  if(is_array($expoptions))
 542                  {
 543                      foreach($expoptions as $key => $val)
 544                      {
 545                          $val = trim($val);
 546                          $val = str_replace("\n", "\\n", $val);
 547  
 548                          $sel = "";
 549                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 550                          {
 551                              $sel = " selected=\"selected\"";
 552                          }
 553  
 554                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 555                      }
 556                      if(!$profilefield['length'])
 557                      {
 558                          $profilefield['length'] = 3;
 559                      }
 560  
 561                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 562                  }
 563              }
 564              elseif($type == "select")
 565              {
 566                  $expoptions = explode("\n", $options);
 567                  if(is_array($expoptions))
 568                  {
 569                      foreach($expoptions as $key => $val)
 570                      {
 571                          $val = trim($val);
 572                          $val = str_replace("\n", "\\n", $val);
 573                          $sel = "";
 574                          if($val == htmlspecialchars_uni($userfield))
 575                          {
 576                              $sel = " selected=\"selected\"";
 577                          }
 578  
 579                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 580                      }
 581                      if(!$profilefield['length'])
 582                      {
 583                          $profilefield['length'] = 1;
 584                      }
 585  
 586                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 587                  }
 588              }
 589              elseif($type == "radio")
 590              {
 591                  $userfield = htmlspecialchars_uni($userfield);
 592                  $expoptions = explode("\n", $options);
 593                  if(is_array($expoptions))
 594                  {
 595                      foreach($expoptions as $key => $val)
 596                      {
 597                          $checked = "";
 598                          if($val == $userfield)
 599                          {
 600                              $checked = " checked=\"checked\"";
 601                          }
 602  
 603                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 604                      }
 605                  }
 606              }
 607              elseif($type == "checkbox")
 608              {
 609                  $userfield = htmlspecialchars_uni($userfield);
 610                  if($errors)
 611                  {
 612                      $useropts = $userfield;
 613                  }
 614                  else
 615                  {
 616                      $useropts = explode("\n", $userfield);
 617                  }
 618                  if(is_array($useropts))
 619                  {
 620                      foreach($useropts as $key => $val)
 621                      {
 622                          $seloptions[$val] = $val;
 623                      }
 624                  }
 625                  $expoptions = explode("\n", $options);
 626                  if(is_array($expoptions))
 627                  {
 628                      foreach($expoptions as $key => $val)
 629                      {
 630                          $checked = "";
 631                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 632                          {
 633                              $checked = " checked=\"checked\"";
 634                          }
 635  
 636                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
 637                      }
 638                  }
 639              }
 640              elseif($type == "textarea")
 641              {
 642                  $value = htmlspecialchars_uni($userfield);
 643                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
 644              }
 645              else
 646              {
 647                  $value = htmlspecialchars_uni($userfield);
 648                  $maxlength = "";
 649                  if($profilefield['maxlength'] > 0)
 650                  {
 651                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
 652                  }
 653  
 654                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
 655              }
 656  
 657              if($profilefield['required'] == 1)
 658              {
 659                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 660              }
 661              else
 662              {
 663                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 664              }
 665              $altbg = alt_trow();
 666          }
 667      }
 668      if($customfields)
 669      {
 670          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
 671      }
 672  
 673      if($mybb->usergroup['cancustomtitle'] == 1)
 674      {
 675          if($mybb->usergroup['usertitle'] == "")
 676          {
 677              $defaulttitle = '';
 678              $usertitles = $cache->read('usertitles');
 679  
 680              foreach($usertitles as $title)
 681              {
 682                  if($title['posts'] <= $mybb->user['postnum'])
 683                  {
 684                      $defaulttitle = htmlspecialchars_uni($title['title']);
 685                      break;
 686                  }
 687              }
 688          }
 689          else
 690          {
 691              $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']);
 692          }
 693  
 694          $newtitle = '';
 695          if(trim($user['usertitle']) == '')
 696          {
 697              $lang->current_custom_usertitle = '';
 698          }
 699          else
 700          {
 701              if($errors)
 702              {
 703                  $newtitle = htmlspecialchars_uni($user['usertitle']);
 704                  $user['usertitle'] = $mybb->user['usertitle'];
 705              }
 706          }
 707  
 708          $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
 709  
 710          $currentcustom = $reverttitle = '';
 711          if(!empty($mybb->user['usertitle']))
 712          {
 713              eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";");
 714  
 715              if($mybb->user['usertitle'] != $mybb->usergroup['usertitle'])
 716              {
 717                  eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";");
 718              }
 719          }
 720  
 721          eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";");
 722      }
 723      else
 724      {
 725          $customtitle = "";
 726      }
 727  
 728      $website = '';
 729      if($mybb->usergroup['canchangewebsite'] == 1)
 730      {
 731          eval("\$website = \"".$templates->get("usercp_profile_website")."\";");
 732      }
 733  
 734      $plugins->run_hooks("usercp_profile_end");
 735  
 736      eval("\$editprofile = \"".$templates->get("usercp_profile")."\";");
 737      output_page($editprofile);
 738  }
 739  
 740  if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
 741  {
 742      // Verify incoming POST request
 743      verify_post_check($mybb->get_input('my_post_key'));
 744  
 745      $user = array();
 746  
 747      $plugins->run_hooks("usercp_do_options_start");
 748  
 749      // Set up user handler.
 750      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 751      $userhandler = new UserDataHandler("update");
 752  
 753      $user = array_merge($user, array(
 754          "uid" => $mybb->user['uid'],
 755          "style" => $mybb->get_input('style', MyBB::INPUT_INT),
 756          "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
 757          "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
 758          "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')),
 759          "language" => $mybb->get_input('language'),
 760          'usergroup'    => $mybb->user['usergroup'],
 761          'additionalgroups'    => $mybb->user['additionalgroups']
 762      ));
 763  
 764      $user['options'] = array(
 765          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 766          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 767          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 768          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 769          "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT),
 770          "threadmode" => $mybb->get_input('threadmode'),
 771          "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT),
 772          "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT),
 773          "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT),
 774          "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT),
 775          "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT),
 776          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 777          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 778          "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT),
 779          "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT),
 780          "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT),
 781          "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT),
 782          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 783          "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT),
 784          "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT),
 785          "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT),
 786          "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT)
 787      );
 788  
 789      if($mybb->settings['usertppoptions'])
 790      {
 791          $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
 792      }
 793  
 794      if($mybb->settings['userpppoptions'])
 795      {
 796          $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
 797      }
 798  
 799      $userhandler->set_data($user);
 800  
 801      if(!$userhandler->validate_user())
 802      {
 803          $errors = $userhandler->get_friendly_errors();
 804          $errors = inline_error($errors);
 805          $mybb->input['action'] = "options";
 806      }
 807      else
 808      {
 809          $userhandler->update_user();
 810  
 811          $plugins->run_hooks("usercp_do_options_end");
 812  
 813          redirect("usercp.php?action=options", $lang->redirect_optionsupdated);
 814      }
 815  }
 816  
 817  if($mybb->input['action'] == "options")
 818  {
 819      if($errors != '')
 820      {
 821          $user = $mybb->input;
 822      }
 823      else
 824      {
 825          $user = $mybb->user;
 826      }
 827  
 828      $plugins->run_hooks("usercp_options_start");
 829  
 830      $languages = $lang->get_languages();
 831      $board_language = $langoptions = '';
 832      if(count($languages) > 1)
 833      {
 834          foreach($languages as $name => $language)
 835          {
 836              $language = htmlspecialchars_uni($language);
 837  
 838              $sel = '';
 839              if(isset($user['language']) && $user['language'] == $name)
 840              {
 841                  $sel = " selected=\"selected\"";
 842              }
 843  
 844              eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
 845          }
 846  
 847          eval('$board_language = "'.$templates->get('usercp_options_language').'";');
 848      }
 849  
 850      // Lets work out which options the user has selected and check the boxes
 851      if(isset($user['allownotices']) && $user['allownotices'] == 1)
 852      {
 853          $allownoticescheck = "checked=\"checked\"";
 854      }
 855      else
 856      {
 857          $allownoticescheck = "";
 858      }
 859  
 860      $canbeinvisible = '';
 861  
 862      // Check usergroup permission before showing invisible check box
 863      if($mybb->usergroup['canbeinvisible'] == 1)
 864      {
 865          if(isset($user['invisible']) && $user['invisible'] == 1)
 866          {
 867              $invisiblecheck = "checked=\"checked\"";
 868          }
 869          else
 870          {
 871              $invisiblecheck = "";
 872          }
 873          eval('$canbeinvisible = "'.$templates->get("usercp_options_invisible")."\";");
 874      }
 875  
 876      if(isset($user['hideemail']) && $user['hideemail'] == 1)
 877      {
 878          $hideemailcheck = "checked=\"checked\"";
 879      }
 880      else
 881      {
 882          $hideemailcheck = "";
 883      }
 884  
 885      $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 886      if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1)
 887      {
 888          $no_subscribe_selected = "selected=\"selected\"";
 889      }
 890      elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2)
 891      {
 892          $instant_email_subscribe_selected = "selected=\"selected\"";
 893      }
 894      elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3)
 895      {
 896          $instant_pm_subscribe_selected = "selected=\"selected\"";
 897      }
 898      else
 899      {
 900          $no_auto_subscribe_selected = "selected=\"selected\"";
 901      }
 902  
 903      if(isset($user['showimages']) && $user['showimages'] == 1)
 904      {
 905          $showimagescheck = "checked=\"checked\"";
 906      }
 907      else
 908      {
 909          $showimagescheck = "";
 910      }
 911  
 912      if(isset($user['showvideos']) && $user['showvideos'] == 1)
 913      {
 914          $showvideoscheck = "checked=\"checked\"";
 915      }
 916      else
 917      {
 918          $showvideoscheck = "";
 919      }
 920  
 921      if(isset($user['showsigs']) && $user['showsigs'] == 1)
 922      {
 923          $showsigscheck = "checked=\"checked\"";
 924      }
 925      else
 926      {
 927          $showsigscheck = "";
 928      }
 929  
 930      if(isset($user['showavatars']) && $user['showavatars'] == 1)
 931      {
 932          $showavatarscheck = "checked=\"checked\"";
 933      }
 934      else
 935      {
 936          $showavatarscheck = "";
 937      }
 938  
 939      if(isset($user['showquickreply']) && $user['showquickreply'] == 1)
 940      {
 941          $showquickreplycheck = "checked=\"checked\"";
 942      }
 943      else
 944      {
 945          $showquickreplycheck = "";
 946      }
 947  
 948      if(isset($user['receivepms']) && $user['receivepms'] == 1)
 949      {
 950          $receivepmscheck = "checked=\"checked\"";
 951      }
 952      else
 953      {
 954          $receivepmscheck = "";
 955      }
 956  
 957      if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1)
 958      {
 959          $receivefrombuddycheck = "checked=\"checked\"";
 960      }
 961      else
 962      {
 963          $receivefrombuddycheck = "";
 964      }
 965  
 966      if(isset($user['pmnotice']) && $user['pmnotice'] >= 1)
 967      {
 968          $pmnoticecheck = " checked=\"checked\"";
 969      }
 970      else
 971      {
 972          $pmnoticecheck = "";
 973      }
 974  
 975      $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 976      if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2)
 977      {
 978          $dst_auto_selected = "selected=\"selected\"";
 979      }
 980      elseif(isset($user['dstcorrection']) && $user['dstcorrection'] == 1)
 981      {
 982          $dst_enabled_selected = "selected=\"selected\"";
 983      }
 984      else
 985      {
 986          $dst_disabled_selected = "selected=\"selected\"";
 987      }
 988  
 989      if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1)
 990      {
 991          $showcodebuttonscheck = "checked=\"checked\"";
 992      }
 993      else
 994      {
 995          $showcodebuttonscheck = "";
 996      }
 997  
 998      if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1)
 999      {
1000          $sourcemodecheck = "checked=\"checked\"";
1001      }
1002      else
1003      {
1004          $sourcemodecheck = "";
1005      }
1006  
1007      if(isset($user['showredirect']) && $user['showredirect'] != 0)
1008      {
1009          $showredirectcheck = "checked=\"checked\"";
1010      }
1011      else
1012      {
1013          $showredirectcheck = "";
1014      }
1015  
1016      if(isset($user['pmnotify']) && $user['pmnotify'] != 0)
1017      {
1018          $pmnotifycheck = "checked=\"checked\"";
1019      }
1020      else
1021      {
1022          $pmnotifycheck = '';
1023      }
1024  
1025      if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0)
1026      {
1027          $buddyrequestspmcheck = "checked=\"checked\"";
1028      }
1029      else
1030      {
1031          $buddyrequestspmcheck = '';
1032      }
1033  
1034      if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0)
1035      {
1036          $buddyrequestsautocheck = "checked=\"checked\"";
1037      }
1038      else
1039      {
1040          $buddyrequestsautocheck = '';
1041      }
1042  
1043      if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear"))
1044      {
1045          $user['threadmode'] = ''; // Leave blank to show default
1046      }
1047  
1048      if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0)
1049      {
1050          $classicpostbitcheck = "checked=\"checked\"";
1051      }
1052      else
1053      {
1054          $classicpostbitcheck = '';
1055      }
1056  
1057      $date_format_options = $dateformat = '';
1058      foreach($date_formats as $key => $format)
1059      {
1060          $selected = '';
1061          if(isset($user['dateformat']) && $user['dateformat'] == $key)
1062          {
1063              $selected = " selected=\"selected\"";
1064          }
1065  
1066          $dateformat = my_date($format, TIME_NOW, "", 0);
1067          eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";");
1068      }
1069  
1070      $time_format_options = $timeformat = '';
1071      foreach($time_formats as $key => $format)
1072      {
1073          $selected = '';
1074          if(isset($user['timeformat']) && $user['timeformat'] == $key)
1075          {
1076              $selected = " selected=\"selected\"";
1077          }
1078  
1079          $timeformat = my_date($format, TIME_NOW, "", 0);
1080          eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";");
1081      }
1082  
1083      $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true);
1084  
1085      $pms_from_buddys = '';
1086      if($mybb->settings['allowbuddyonly'] == 1)
1087      {
1088          eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";");
1089      }
1090  
1091      $pms = '';
1092      if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1)
1093      {
1094          eval("\$pms = \"".$templates->get("usercp_options_pms")."\";");
1095      }
1096  
1097      $quick_reply = '';
1098      if($mybb->settings['quickreply'] == 1)
1099      {
1100          eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";");
1101      }
1102  
1103      $threadview = array('linear' => '', 'threaded' => '');
1104      if(isset($user['threadmode']) && is_scalar($user['threadmode']))
1105      {
1106          $threadview[$user['threadmode']] = 'selected="selected"';
1107      }
1108      $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => '');
1109      if(isset($user['daysprune']) && is_numeric($user['daysprune']))
1110      {
1111          $daysprunesel[$user['daysprune']] = 'selected="selected"';
1112      }
1113      if(!isset($user['style']))
1114      {
1115          $user['style'] = '';
1116      }
1117  
1118      $board_style = $stylelist = '';
1119      $stylelist = build_theme_select("style", $user['style']);
1120  
1121      if(!empty($stylelist))
1122      {
1123          eval('$board_style = "'.$templates->get('usercp_options_style').'";');
1124      }
1125  
1126      $tppselect = $pppselect = '';
1127      if($mybb->settings['usertppoptions'])
1128      {
1129          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1130          $tppoptions = $tpp_option = '';
1131          if(is_array($explodedtpp))
1132          {
1133              foreach($explodedtpp as $key => $val)
1134              {
1135                  $val = trim($val);
1136                  $selected = "";
1137                  if(isset($user['tpp']) && $user['tpp'] == $val)
1138                  {
1139                      $selected = " selected=\"selected\"";
1140                  }
1141  
1142                  $tpp_option = $lang->sprintf($lang->tpp_option, $val);
1143                  eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
1144              }
1145          }
1146          eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
1147      }
1148  
1149      if($mybb->settings['userpppoptions'])
1150      {
1151          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1152          $pppoptions = $ppp_option = '';
1153          if(is_array($explodedppp))
1154          {
1155              foreach($explodedppp as $key => $val)
1156              {
1157                  $val = trim($val);
1158                  $selected = "";
1159                  if(isset($user['ppp']) && $user['ppp'] == $val)
1160                  {
1161                      $selected = " selected=\"selected\"";
1162                  }
1163  
1164                  $ppp_option = $lang->sprintf($lang->ppp_option, $val);
1165                  eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
1166              }
1167          }
1168          eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
1169      }
1170  
1171      $plugins->run_hooks("usercp_options_end");
1172  
1173      eval("\$editprofile = \"".$templates->get("usercp_options")."\";");
1174      output_page($editprofile);
1175  }
1176  
1177  if($mybb->input['action'] == "do_email" && $mybb->request_method == "post")
1178  {
1179      // Verify incoming POST request
1180      verify_post_check($mybb->get_input('my_post_key'));
1181  
1182      $errors = array();
1183  
1184      $plugins->run_hooks("usercp_do_email_start");
1185      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1186      {
1187          $errors[] = $lang->error_invalidpassword;
1188      }
1189      else
1190      {
1191          // Set up user handler.
1192          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1193          $userhandler = new UserDataHandler("update");
1194  
1195          $user = array(
1196              "uid" => $mybb->user['uid'],
1197              "email" => $mybb->get_input('email'),
1198              "email2" => $mybb->get_input('email2')
1199          );
1200  
1201          $userhandler->set_data($user);
1202  
1203          if(!$userhandler->validate_user())
1204          {
1205              $errors = $userhandler->get_friendly_errors();
1206          }
1207          else
1208          {
1209              $activation = false;
1210              // Checking for pending activations for non-activated accounts
1211              if($mybb->user['usergroup'] == 5 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both"))
1212              {
1213                  $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND (type='r' OR type='b')");
1214                  $activation = $db->fetch_array($query);
1215              }
1216              if($activation)
1217              {
1218                  $userhandler->update_user();
1219  
1220                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1221  
1222                  // Send new activation mail for non-activated accounts
1223                  $activationcode = random_str();
1224                  $activationarray = array(
1225                      "uid" => $mybb->user['uid'],
1226                      "dateline" => TIME_NOW,
1227                      "code" => $activationcode,
1228                      "type" => $activation['type']
1229                  );
1230                  $db->insert_query("awaitingactivation", $activationarray);
1231                  $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1232                  switch($mybb->settings['username_method'])
1233                  {
1234                      case 0:
1235                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1236                          break;
1237                      case 1:
1238                          $emailmessage = $lang->sprintf($lang->email_activateaccount1, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1239                          break;
1240                      case 2:
1241                          $emailmessage = $lang->sprintf($lang->email_activateaccount2, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1242                          break;
1243                      default:
1244                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1245                          break;
1246                  }
1247                  my_mail($mybb->user['email'], $emailsubject, $emailmessage);
1248  
1249                  $plugins->run_hooks("usercp_do_email_changed");
1250                  redirect("usercp.php?action=email", $lang->redirect_emailupdated);
1251              }
1252              elseif($mybb->usergroup['cancp'] != 1 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both"))
1253              {
1254                  $uid = $mybb->user['uid'];
1255                  $username = $mybb->user['username'];
1256  
1257                  // Emails require verification
1258                  $activationcode = random_str();
1259                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1260  
1261                  $newactivation = array(
1262                      "uid" => $mybb->user['uid'],
1263                      "dateline" => TIME_NOW,
1264                      "code" => $activationcode,
1265                      "type" => "e",
1266                      "misc" => $db->escape_string($mybb->get_input('email'))
1267                  );
1268  
1269                  $db->insert_query("awaitingactivation", $newactivation);
1270  
1271                  $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
1272  
1273                  $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
1274                  my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message);
1275  
1276                  $plugins->run_hooks("usercp_do_email_verify");
1277                  error($lang->redirect_changeemail_activation);
1278              }
1279              else
1280              {
1281                  $userhandler->update_user();
1282                  // Email requires no activation
1283                  $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']);
1284                  my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message);
1285                  $plugins->run_hooks("usercp_do_email_changed");
1286                  redirect("usercp.php?action=email", $lang->redirect_emailupdated);
1287              }
1288          }
1289      }
1290      if(count($errors) > 0)
1291      {
1292          $mybb->input['action'] = "email";
1293          $errors = inline_error($errors);
1294      }
1295  }
1296  
1297  if($mybb->input['action'] == "email")
1298  {
1299      // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password)
1300      if($errors)
1301      {
1302          $email = htmlspecialchars_uni($mybb->get_input('email'));
1303          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
1304      }
1305      else
1306      {
1307          $email = $email2 = '';
1308      }
1309  
1310      $plugins->run_hooks("usercp_email");
1311  
1312      eval("\$changemail = \"".$templates->get("usercp_email")."\";");
1313      output_page($changemail);
1314  }
1315  
1316  if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
1317  {
1318      // Verify incoming POST request
1319      verify_post_check($mybb->get_input('my_post_key'));
1320  
1321      $user = array();
1322      $errors = array();
1323  
1324      $plugins->run_hooks("usercp_do_password_start");
1325      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false)
1326      {
1327          $errors[] = $lang->error_invalidpassword;
1328      }
1329      else
1330      {
1331          // Set up user handler.
1332          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1333          $userhandler = new UserDataHandler("update");
1334  
1335          $user = array_merge($user, array(
1336              "uid" => $mybb->user['uid'],
1337              "password" => $mybb->get_input('password'),
1338              "password2" => $mybb->get_input('password2')
1339          ));
1340  
1341          $userhandler->set_data($user);
1342  
1343          if(!$userhandler->validate_user())
1344          {
1345              $errors = $userhandler->get_friendly_errors();
1346          }
1347          else
1348          {
1349              $userhandler->update_user();
1350              my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true, "lax");
1351  
1352              // Notify the user by email that their password has been changed
1353              $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']);
1354              $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']);
1355              my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message);
1356  
1357              $plugins->run_hooks("usercp_do_password_end");
1358              redirect("usercp.php?action=password", $lang->redirect_passwordupdated);
1359          }
1360      }
1361      if(count($errors) > 0)
1362      {
1363              $mybb->input['action'] = "password";
1364              $errors = inline_error($errors);
1365      }
1366  }
1367  
1368  if($mybb->input['action'] == "password")
1369  {
1370      $plugins->run_hooks("usercp_password");
1371  
1372      eval("\$editpassword = \"".$templates->get("usercp_password")."\";");
1373      output_page($editpassword);
1374  }
1375  
1376  if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post")
1377  {
1378      // Verify incoming POST request
1379      verify_post_check($mybb->get_input('my_post_key'));
1380  
1381      $errors = array();
1382  
1383      if($mybb->usergroup['canchangename'] != 1)
1384      {
1385          error_no_permission();
1386      }
1387  
1388      $user = array();
1389  
1390      $plugins->run_hooks("usercp_do_changename_start");
1391  
1392      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1393      {
1394          $errors[] = $lang->error_invalidpassword;
1395      }
1396      else
1397      {
1398          // Set up user handler.
1399          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1400          $userhandler = new UserDataHandler("update");
1401  
1402          $user = array_merge($user, array(
1403              "uid" => $mybb->user['uid'],
1404              "username" => $mybb->get_input('username')
1405          ));
1406  
1407          $userhandler->set_data($user);
1408  
1409          if(!$userhandler->validate_user())
1410          {
1411              $errors = $userhandler->get_friendly_errors();
1412          }
1413          else
1414          {
1415              $userhandler->update_user();
1416              $plugins->run_hooks("usercp_do_changename_end");
1417              redirect("usercp.php?action=changename", $lang->redirect_namechanged);
1418          }
1419      }
1420      if(count($errors) > 0)
1421      {
1422          $errors = inline_error($errors);
1423          $mybb->input['action'] = "changename";
1424      }
1425  }
1426  
1427  if($mybb->input['action'] == "changename")
1428  {
1429      $plugins->run_hooks("usercp_changename_start");
1430      if($mybb->usergroup['canchangename'] != 1)
1431      {
1432          error_no_permission();
1433      }
1434  
1435      // Coming back to this page after one or more errors were experienced, show field the user previously entered (with the exception of the password)
1436      if($errors)
1437      {
1438          $username = htmlspecialchars_uni($mybb->get_input('username'));
1439      }
1440      else
1441      {
1442          $username = '';
1443      }
1444  
1445      $plugins->run_hooks("usercp_changename_end");
1446  
1447      eval("\$changename = \"".$templates->get("usercp_changename")."\";");
1448      output_page($changename);
1449  }
1450  
1451  if($mybb->input['action'] == "do_subscriptions")
1452  {
1453      // Verify incoming POST request
1454      verify_post_check($mybb->get_input('my_post_key'));
1455  
1456      if(!isset($mybb->input['check']) || !is_array($mybb->input['check']))
1457      {
1458          error($lang->no_subscriptions_selected);
1459      }
1460  
1461      $plugins->run_hooks("usercp_do_subscriptions_start");
1462  
1463      // Clean input - only accept integers thanks!
1464      $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY));
1465      $tids = implode(",", $mybb->input['check']);
1466  
1467      // Deleting these subscriptions?
1468      if($mybb->get_input('do') == "delete")
1469      {
1470          $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1471      }
1472      // Changing subscription type
1473      else
1474      {
1475          if($mybb->get_input('do') == "no_notification")
1476          {
1477              $new_notification = 0;
1478          }
1479          elseif($mybb->get_input('do') == "email_notification")
1480          {
1481              $new_notification = 1;
1482          }
1483          elseif($mybb->get_input('do') == "pm_notification")
1484          {
1485              $new_notification = 2;
1486          }
1487  
1488          // Update
1489          $update_array = array("notification" => $new_notification);
1490          $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1491      }
1492  
1493      // Done, redirect
1494      redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated);
1495  }
1496  
1497  if($mybb->input['action'] == "subscriptions")
1498  {
1499      $plugins->run_hooks("usercp_subscriptions_start");
1500  
1501      // Thread visiblity
1502      $where = array(
1503          "s.uid={$mybb->user['uid']}",
1504          get_visible_where('t')
1505      );
1506  
1507      if($unviewable_forums = get_unviewable_forums(true))
1508      {
1509          $where[] = "t.fid NOT IN ({$unviewable_forums})";
1510      }
1511  
1512      if($inactive_forums = get_inactive_forums())
1513      {
1514          $where[] = "t.fid NOT IN ({$inactive_forums})";
1515      }
1516  
1517      $where = implode(' AND ', $where);
1518  
1519      // Do Multi Pages
1520      $query = $db->query("
1521          SELECT COUNT(s.tid) as threads
1522          FROM ".TABLE_PREFIX."threadsubscriptions s
1523          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = s.tid)
1524          WHERE {$where}
1525      ");
1526      $threadcount = $db->fetch_field($query, "threads");
1527  
1528      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
1529      {
1530          $mybb->settings['threadsperpage'] = 20;
1531      }
1532  
1533      $perpage = $mybb->settings['threadsperpage'];
1534      $page = $mybb->get_input('page', MyBB::INPUT_INT);
1535      if($page > 0)
1536      {
1537          $start = ($page-1) * $perpage;
1538          $pages = $threadcount / $perpage;
1539          $pages = ceil($pages);
1540          if($page > $pages || $page <= 0)
1541          {
1542              $start = 0;
1543              $page = 1;
1544          }
1545      }
1546      else
1547      {
1548          $start = 0;
1549          $page = 1;
1550      }
1551      $end = $start + $perpage;
1552      $lower = $start+1;
1553      $upper = $end;
1554      if($upper > $threadcount)
1555      {
1556          $upper = $threadcount;
1557      }
1558      $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions");
1559      $fpermissions = forum_permissions();
1560      $del_subscriptions = $subscriptions = array();
1561  
1562      // Fetch subscriptions
1563      $query = $db->query("
1564          SELECT s.*, t.*, t.username AS threadusername, u.username
1565          FROM ".TABLE_PREFIX."threadsubscriptions s
1566          LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
1567          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
1568          WHERE {$where}
1569          ORDER BY t.lastpost DESC
1570          LIMIT $start, $perpage
1571      ");
1572      while($subscription = $db->fetch_array($query))
1573      {
1574          $forumpermissions = $fpermissions[$subscription['fid']];
1575  
1576          if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid'])
1577          {
1578              // Hmm, you don't have permission to view this thread - unsubscribe!
1579              $del_subscriptions[] = $subscription['sid'];
1580          }
1581          elseif($subscription['tid'])
1582          {
1583              $subscriptions[$subscription['tid']] = $subscription;
1584          }
1585      }
1586  
1587      if(!empty($del_subscriptions))
1588      {
1589          $sids = implode(',', $del_subscriptions);
1590  
1591          if($sids)
1592          {
1593              $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'");
1594          }
1595  
1596          $threadcount = $threadcount - count($del_subscriptions);
1597  
1598          if($threadcount < 0)
1599          {
1600              $threadcount = 0;
1601          }
1602      }
1603  
1604      if(!empty($subscriptions))
1605      {
1606          $tids = implode(",", array_keys($subscriptions));
1607          $readforums = array();
1608  
1609          // Build a forum cache.
1610          $query = $db->query("
1611              SELECT f.fid, fr.dateline AS lastread
1612              FROM ".TABLE_PREFIX."forums f
1613              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1614              WHERE f.active != 0
1615              ORDER BY pid, disporder
1616          ");
1617  
1618          while($forum = $db->fetch_array($query))
1619          {
1620              $readforums[$forum['fid']] = $forum['lastread'];
1621          }
1622  
1623          // Check participation by the current user in any of these threads - for 'dot' folder icons
1624          if($mybb->settings['dotfolders'] != 0)
1625          {
1626              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1627              while($post = $db->fetch_array($query))
1628              {
1629                  $subscriptions[$post['tid']]['doticon'] = 1;
1630              }
1631          }
1632  
1633          // Read threads
1634          if($mybb->settings['threadreadcut'] > 0)
1635          {
1636              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1637              while($readthread = $db->fetch_array($query))
1638              {
1639                  $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
1640              }
1641          }
1642  
1643          $icon_cache = $cache->read("posticons");
1644          $threadprefixes = build_prefixes();
1645  
1646          $threads = '';
1647  
1648          // Now we can build our subscription list
1649          foreach($subscriptions as $thread)
1650          {
1651              $bgcolor = alt_trow();
1652  
1653              $folder = '';
1654              $prefix = '';
1655              $thread['threadprefix'] = '';
1656  
1657              // If this thread has a prefix, insert a space between prefix and subject
1658              if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']]))
1659              {
1660                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
1661              }
1662  
1663              // Sanitize
1664              $thread['subject'] = $parser->parse_badwords($thread['subject']);
1665              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1666  
1667              // Build our links
1668              $thread['threadlink'] = get_thread_link($thread['tid']);
1669              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
1670  
1671              // Fetch the thread icon if we have one
1672              if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
1673              {
1674                  $icon = $icon_cache[$thread['icon']];
1675                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
1676                  $icon['path'] = htmlspecialchars_uni($icon['path']);
1677                  $icon['name'] = htmlspecialchars_uni($icon['name']);
1678                  eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
1679              }
1680              else
1681              {
1682                  $icon = "&nbsp;";
1683              }
1684  
1685              // Determine the folder
1686              $folder = '';
1687              $folder_label = '';
1688  
1689              if(isset($thread['doticon']))
1690              {
1691                  $folder = "dot_";
1692                  $folder_label .= $lang->icon_dot;
1693              }
1694  
1695              $gotounread = '';
1696              $isnew = 0;
1697              $donenew = 0;
1698              $lastread = 0;
1699  
1700              if($mybb->settings['threadreadcut'] > 0)
1701              {
1702                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1703                  if(empty($readforums[$thread['fid']]) || $readforums[$thread['fid']] < $read_cutoff)
1704                  {
1705                      $forum_read = $read_cutoff;
1706                  }
1707                  else
1708                  {
1709                      $forum_read = $readforums[$thread['fid']];
1710                  }
1711              }
1712  
1713              $cutoff = 0;
1714              if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
1715              {
1716                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1717              }
1718  
1719              if($thread['lastpost'] > $cutoff)
1720              {
1721                  if(!empty($thread['lastread']))
1722                  {
1723                      $lastread = $thread['lastread'];
1724                  }
1725                  else
1726                  {
1727                      $lastread = 1;
1728                  }
1729              }
1730  
1731              if(!$lastread)
1732              {
1733                  $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
1734                  if($readcookie > $forum_read)
1735                  {
1736                      $lastread = $readcookie;
1737                  }
1738                  else
1739                  {
1740                      $lastread = $forum_read;
1741                  }
1742              }
1743  
1744              if($lastread && $lastread < $thread['lastpost'])
1745              {
1746                  $folder .= "new";
1747                  $folder_label .= $lang->icon_new;
1748                  $new_class = "subject_new";
1749                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
1750                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1751                  $unreadpost = 1;
1752              }
1753              else
1754              {
1755                  $folder_label .= $lang->icon_no_new;
1756                  $new_class = "subject_old";
1757              }
1758  
1759              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
1760              {
1761                  $folder .= "hot";
1762                  $folder_label .= $lang->icon_hot;
1763              }
1764  
1765              if($thread['closed'] == 1)
1766              {
1767                  $folder .= "close";
1768                  $folder_label .= $lang->icon_close;
1769              }
1770  
1771              $folder .= "folder";
1772  
1773              if($thread['visible'] == 0)
1774              {
1775                  $bgcolor = "trow_shaded";
1776              }
1777  
1778              // Build last post info
1779              $lastpostdate = my_date('relative', $thread['lastpost']);
1780              $lastposteruid = $thread['lastposteruid'];
1781              if(!$lastposteruid && !$thread['lastposter'])
1782              {
1783                  $lastposter = htmlspecialchars_uni($lang->guest);
1784              }
1785              else
1786              {
1787                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
1788              }
1789  
1790              // Don't link to guest's profiles (they have no profile).
1791              if($lastposteruid == 0)
1792              {
1793                  $lastposterlink = $lastposter;
1794              }
1795              else
1796              {
1797                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
1798              }
1799  
1800              $thread['replies'] = my_number_format($thread['replies']);
1801              $thread['views'] = my_number_format($thread['views']);
1802  
1803              // What kind of notification type do we have here?
1804              switch($thread['notification'])
1805              {
1806                  case "2": // PM
1807                      $notification_type = $lang->pm_notification;
1808                      break;
1809                  case "1": // Email
1810                      $notification_type = $lang->email_notification;
1811                      break;
1812                  default: // No notification
1813                      $notification_type = $lang->no_notification;
1814              }
1815  
1816              eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";");
1817          }
1818  
1819          // Provide remove options
1820          eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";");
1821      }
1822      else
1823      {
1824          $remove_options = '';
1825          eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";");
1826      }
1827  
1828      $plugins->run_hooks("usercp_subscriptions_end");
1829  
1830      eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";");
1831      output_page($subscriptions);
1832  }
1833  
1834  if($mybb->input['action'] == "forumsubscriptions")
1835  {
1836      $plugins->run_hooks("usercp_forumsubscriptions_start");
1837  
1838      // Build a forum cache.
1839      $query = $db->query("
1840          SELECT f.fid, fr.dateline AS lastread
1841          FROM ".TABLE_PREFIX."forums f
1842          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1843          WHERE f.active != 0
1844          ORDER BY pid, disporder
1845      ");
1846      $readforums = array();
1847      while($forum = $db->fetch_array($query))
1848      {
1849          $readforums[$forum['fid']] = $forum['lastread'];
1850      }
1851  
1852      $fpermissions = forum_permissions();
1853      require_once  MYBB_ROOT."inc/functions_forumlist.php";
1854  
1855      $query = $db->query("
1856          SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread
1857          FROM ".TABLE_PREFIX."forumsubscriptions fs
1858          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid)
1859          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid)
1860          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1861          WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."'
1862          ORDER BY f.name ASC
1863      ");
1864  
1865      $forums = '';
1866      while($forum = $db->fetch_array($query))
1867      {
1868          $forum_url = get_forum_link($forum['fid']);
1869          $forumpermissions = $fpermissions[$forum['fid']];
1870  
1871          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1872          {
1873              continue;
1874          }
1875  
1876          $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
1877          $folder = $lightbulb['folder'];
1878  
1879          if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0)
1880          {
1881              $posts = '-';
1882              $threads = '-';
1883          }
1884          else
1885          {
1886              $posts = my_number_format($forum['posts']);
1887              $threads = my_number_format($forum['threads']);
1888          }
1889  
1890          if($forum['lastpost'] == 0)
1891          {
1892              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";");
1893          }
1894          // Hide last post
1895          elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid'])
1896          {
1897              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";");
1898          }
1899          else
1900          {
1901              $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']);
1902              $lastpost_date = my_date('relative', $forum['lastpost']);
1903              $lastposttid = $forum['lastposttid'];
1904              if(!$forum['lastposteruid'] && !$forum['lastposter'])
1905              {
1906                  $lastposter = htmlspecialchars_uni($lang->guest);
1907              }
1908              else
1909              {
1910                  $lastposter = htmlspecialchars_uni($forum['lastposter']);
1911              }
1912              if($forum['lastposteruid'] == 0)
1913              {
1914                  $lastpost_profilelink = $lastposter;
1915              }
1916              else
1917              {
1918                  $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);
1919              }
1920              $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']);
1921              if(my_strlen($lastpost_subject) > 25)
1922              {
1923                  $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
1924              }
1925              $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost");
1926              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";");
1927          }
1928  
1929          if($mybb->settings['showdescriptions'] == 0)
1930          {
1931              $forum['description'] = "";
1932          }
1933  
1934          eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";");
1935      }
1936  
1937      if(!$forums)
1938      {
1939          eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";");
1940      }
1941  
1942      $plugins->run_hooks("usercp_forumsubscriptions_end");
1943  
1944      eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";");
1945      output_page($forumsubscriptions);
1946  }
1947  
1948  if($mybb->input['action'] == "do_addsubscription" && $mybb->get_input('type') != "forum")
1949  {
1950      // Verify incoming POST request
1951      verify_post_check($mybb->get_input('my_post_key'));
1952  
1953      $thread = get_thread($mybb->get_input('tid'));
1954      if(!$thread || $thread['visible'] == -1)
1955      {
1956          error($lang->error_invalidthread);
1957      }
1958  
1959      // Is the currently logged in user a moderator of this forum?
1960      $ismod = is_moderator($thread['fid']);
1961  
1962      // Make sure we are looking at a real thread here.
1963      if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
1964      {
1965          error($lang->error_invalidthread);
1966      }
1967  
1968      $forumpermissions = forum_permissions($thread['fid']);
1969      if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1970      {
1971          error_no_permission();
1972      }
1973  
1974      // check if the forum requires a password to view. If so, we need to show a form to the user
1975      check_forum_password($thread['fid']);
1976  
1977      // Naming of the hook retained for backward compatibility while dropping usercp2.php
1978      $plugins->run_hooks("usercp2_do_addsubscription");
1979  
1980      add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT));
1981  
1982      if($mybb->get_input('referrer'))
1983      {
1984          $mybb->input['referrer'] = $mybb->get_input('referrer');
1985  
1986          if(my_strpos($mybb->input['referrer'], $mybb->settings['bburl'].'/') !== 0)
1987          {
1988              if(my_strpos($mybb->input['referrer'], '/') === 0)
1989              {
1990                  $mybb->input['referrer'] = my_substr($mybb->input['url'], 1);
1991              }
1992              $url_segments = explode('/', $mybb->input['referrer']);
1993              $mybb->input['referrer'] = $mybb->settings['bburl'].'/'.end($url_segments);
1994          }
1995  
1996          $url = htmlspecialchars_uni($mybb->input['referrer']);
1997      }
1998      else
1999      {
2000          $url = get_thread_link($thread['tid']);
2001      }
2002      redirect($url, $lang->redirect_subscriptionadded);
2003  }
2004  
2005  if($mybb->input['action'] == "addsubscription")
2006  {
2007      // Verify incoming POST request
2008      verify_post_check($mybb->get_input('my_post_key'));
2009  
2010      if($mybb->get_input('type') == "forum")
2011      {
2012          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2013          if(!$forum)
2014          {
2015              error($lang->error_invalidforum);
2016          }
2017          $forumpermissions = forum_permissions($forum['fid']);
2018          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
2019          {
2020              error_no_permission();
2021          }
2022  
2023          // check if the forum requires a password to view. If so, we need to show a form to the user
2024          check_forum_password($forum['fid']);
2025  
2026          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2027          $plugins->run_hooks("usercp2_addsubscription_forum");
2028  
2029          add_subscribed_forum($forum['fid']);
2030          if($server_http_referer && $mybb->request_method != 'post')
2031          {
2032              $url = $server_http_referer;
2033          }
2034          else
2035          {
2036              $url = "index.php";
2037          }
2038          redirect($url, $lang->redirect_forumsubscriptionadded);
2039      }
2040      else
2041      {
2042          $thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2043          if(!$thread || $thread['visible'] == -1)
2044          {
2045              error($lang->error_invalidthread);
2046          }
2047  
2048          // Is the currently logged in user a moderator of this forum?
2049          $ismod = is_moderator($thread['fid']);
2050  
2051          // Make sure we are looking at a real thread here.
2052          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2053          {
2054              error($lang->error_invalidthread);
2055          }
2056  
2057          add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
2058          add_breadcrumb($lang->nav_addsubscription);
2059  
2060          $forumpermissions = forum_permissions($thread['fid']);
2061          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
2062          {
2063              error_no_permission();
2064          }
2065  
2066          // check if the forum requires a password to view. If so, we need to show a form to the user
2067          check_forum_password($thread['fid']);
2068  
2069          $referrer = '';
2070          if($server_http_referer)
2071          {
2072              $referrer = $server_http_referer;
2073          }
2074  
2075          require_once  MYBB_ROOT."inc/class_parser.php";
2076          $parser = new postParser;
2077          $thread['subject'] = $parser->parse_badwords($thread['subject']);
2078          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
2079          $lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']);
2080  
2081          $notification_none_checked = $notification_email_checked = $notification_pm_checked = '';
2082          if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0)
2083          {
2084              $notification_none_checked = "checked=\"checked\"";
2085          }
2086          elseif($mybb->user['subscriptionmethod'] == 2)
2087          {
2088              $notification_email_checked = "checked=\"checked\"";
2089          }
2090          elseif($mybb->user['subscriptionmethod'] == 3)
2091          {
2092              $notification_pm_checked = "checked=\"checked\"";
2093          }
2094  
2095          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2096          $plugins->run_hooks("usercp2_addsubscription_thread");
2097  
2098          eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";");
2099          output_page($add_subscription);
2100          exit;
2101      }
2102  }
2103  
2104  if($mybb->input['action'] == "removesubscription" && ($mybb->request_method == "post" || verify_post_check($mybb->get_input('my_post_key'), true)))
2105  {
2106      // Verify incoming POST request
2107      verify_post_check($mybb->get_input('my_post_key'));
2108  
2109      if($mybb->get_input('type') == "forum")
2110      {
2111          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2112          if(!$forum)
2113          {
2114              error($lang->error_invalidforum);
2115          }
2116  
2117          // check if the forum requires a password to view. If so, we need to show a form to the user
2118          check_forum_password($forum['fid']);
2119  
2120          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2121          $plugins->run_hooks("usercp2_removesubscription_forum");
2122  
2123          remove_subscribed_forum($forum['fid']);
2124          if($server_http_referer && $mybb->request_method != 'post')
2125          {
2126              $url = $server_http_referer;
2127          }
2128          else
2129          {
2130              $url = "usercp.php?action=forumsubscriptions";
2131          }
2132          redirect($url, $lang->redirect_forumsubscriptionremoved);
2133      }
2134      else
2135      {
2136          $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2137          if(!$thread)
2138          {
2139              error($lang->error_invalidthread);
2140          }
2141  
2142          // Is the currently logged in user a moderator of this forum?
2143          $ismod = is_moderator($thread['fid']);
2144  
2145          // Make sure we are looking at a real thread here.
2146          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2147          {
2148              error($lang->error_invalidthread);
2149          }
2150  
2151          // check if the forum requires a password to view. If so, we need to show a form to the user
2152          check_forum_password($thread['fid']);
2153  
2154          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2155          $plugins->run_hooks("usercp2_removesubscription_thread");
2156  
2157          remove_subscribed_thread($thread['tid']);
2158          if($server_http_referer && $mybb->request_method != 'post')
2159          {
2160              $url = $server_http_referer;
2161          }
2162          else
2163          {
2164              $url = "usercp.php?action=subscriptions";
2165          }
2166          redirect($url, $lang->redirect_subscriptionremoved);
2167      }
2168  }
2169  
2170  // Show remove subscription form when GET method and without valid my_post_key
2171  if($mybb->input['action'] == "removesubscription")
2172  {
2173      $referrer = '';
2174      if($mybb->get_input('type') == "forum")
2175      {
2176          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2177          if(!$forum)
2178          {
2179              error($lang->error_invalidforum);
2180          }
2181  
2182          add_breadcrumb($lang->nav_forumsubscriptions, "usercp.php?action=forumsubscriptions");
2183          add_breadcrumb($lang->nav_removesubscription);
2184  
2185          $forumpermissions = forum_permissions($forum['fid']);
2186          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
2187          {
2188              error_no_permission();
2189          }
2190  
2191          // check if the forum requires a password to view. If so, we need to show a form to the user
2192          check_forum_password($forum['fid']);
2193  
2194          $lang->unsubscribe_from_forum = $lang->sprintf($lang->unsubscribe_from_forum, $forum['name']);
2195  
2196          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2197          $plugins->run_hooks("usercp2_removesubscription_display_forum");
2198  
2199          eval("\$remove_forum_subscription = \"".$templates->get("usercp_removesubscription_forum")."\";");
2200          output_page($remove_forum_subscription);
2201          exit;
2202      }
2203      else
2204      {
2205          $thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2206          if(!$thread || $thread['visible'] == -1)
2207          {
2208              error($lang->error_invalidthread);
2209          }
2210  
2211          // Is the currently logged in user a moderator of this forum?
2212          $ismod = is_moderator($thread['fid']);
2213  
2214          // Make sure we are looking at a real thread here.
2215          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2216          {
2217              error($lang->error_invalidthread);
2218          }
2219  
2220          add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
2221          add_breadcrumb($lang->nav_removesubscription);
2222  
2223          $forumpermissions = forum_permissions($thread['fid']);
2224          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
2225          {
2226              error_no_permission();
2227          }
2228  
2229          // check if the forum requires a password to view. If so, we need to show a form to the user
2230          check_forum_password($thread['fid']);
2231  
2232          require_once  MYBB_ROOT."inc/class_parser.php";
2233          $parser = new postParser;
2234          $thread['subject'] = $parser->parse_badwords($thread['subject']);
2235          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
2236          $lang->unsubscribe_from_thread = $lang->sprintf($lang->unsubscribe_from_thread, $thread['subject']);
2237  
2238          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2239          $plugins->run_hooks("usercp2_removesubscription_display_thread");
2240  
2241          eval("\$remove_thread_subscription = \"".$templates->get("usercp_removesubscription_thread")."\";");
2242          output_page($remove_thread_subscription);
2243          exit;
2244      }
2245  }
2246  
2247  if($mybb->input['action'] == "removesubscriptions")
2248  {
2249      // Verify incoming POST request
2250      verify_post_check($mybb->get_input('my_post_key'));
2251  
2252      if($mybb->get_input('type') == "forum")
2253      {
2254          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2255          $plugins->run_hooks("usercp2_removesubscriptions_forum");
2256  
2257          $db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'");
2258          if($server_http_referer)
2259          {
2260              $url = $server_http_referer;
2261          }
2262          else
2263          {
2264              $url = "usercp.php?action=forumsubscriptions";
2265          }
2266          redirect($url, $lang->redirect_forumsubscriptionsremoved);
2267      }
2268      else
2269      {
2270          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2271          $plugins->run_hooks("usercp2_removesubscriptions_thread");
2272  
2273          $db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'");
2274          if($server_http_referer)
2275          {
2276              $url = $server_http_referer;
2277          }
2278          else
2279          {
2280              $url = "usercp.php?action=subscriptions";
2281          }
2282          redirect($url, $lang->redirect_subscriptionsremoved);
2283      }
2284  }
2285  
2286  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
2287  {
2288      // Verify incoming POST request
2289      verify_post_check($mybb->get_input('my_post_key'));
2290  
2291      // User currently has a suspended signature
2292      if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW)
2293      {
2294          error_no_permission();
2295      }
2296  
2297      $plugins->run_hooks("usercp_do_editsig_start");
2298  
2299      if($mybb->get_input('updateposts') == "enable")
2300      {
2301          $update_signature = array(
2302              "includesig" => 1
2303          );
2304          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
2305      }
2306      elseif($mybb->get_input('updateposts') == "disable")
2307      {
2308          $update_signature = array(
2309              "includesig" => 0
2310          );
2311          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
2312      }
2313      $new_signature = array(
2314          "signature" => $db->escape_string($mybb->get_input('signature'))
2315      );
2316      $plugins->run_hooks("usercp_do_editsig_process");
2317      $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'");
2318      $plugins->run_hooks("usercp_do_editsig_end");
2319      redirect("usercp.php?action=editsig", $lang->redirect_sigupdated);
2320  }
2321  
2322  if($mybb->input['action'] == "editsig")
2323  {
2324      $plugins->run_hooks("usercp_editsig_start");
2325      if(!empty($mybb->input['preview']) && empty($error))
2326      {
2327          $sig = $mybb->get_input('signature');
2328          $template = "usercp_editsig_preview";
2329      }
2330      elseif(empty($error))
2331      {
2332          $sig = $mybb->user['signature'];
2333          $template = "usercp_editsig_current";
2334      }
2335      else
2336      {
2337          $sig = $mybb->get_input('signature');
2338          $template = false;
2339      }
2340  
2341      if(!isset($error))
2342      {
2343          $error = '';
2344      }
2345  
2346      if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
2347      {
2348          // User currently has no signature and they're suspended
2349          error($lang->sig_suspended);
2350      }
2351  
2352      if($mybb->usergroup['canusesig'] != 1)
2353      {
2354          // Usergroup has no permission to use this facility
2355          error_no_permission();
2356      }
2357      elseif($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts'])
2358      {
2359          // Usergroup can use this facility, but only after x posts
2360          error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts']));
2361      }
2362  
2363      $signature = '';
2364      if($sig && $template)
2365      {
2366          $sig_parser = array(
2367              "allow_html" => $mybb->settings['sightml'],
2368              "allow_mycode" => $mybb->settings['sigmycode'],
2369              "allow_smilies" => $mybb->settings['sigsmilies'],
2370              "allow_imgcode" => $mybb->settings['sigimgcode'],
2371              "me_username" => $mybb->user['username'],
2372              "filter_badwords" => 1
2373          );
2374  
2375          if($mybb->user['showimages'] != 1)
2376          {
2377              $sig_parser['allow_imgcode'] = 0;
2378          }
2379  
2380          $sigpreview = $parser->parse_message($sig, $sig_parser);
2381          eval("\$signature = \"".$templates->get($template)."\";");
2382      }
2383  
2384      // User has a current signature, so let's display it (but show an error message)
2385      if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW)
2386      {
2387          $plugins->run_hooks("usercp_editsig_end");
2388  
2389          // User either doesn't have permission, or has their signature suspended
2390          eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";");
2391      }
2392      else
2393      {
2394          // User is allowed to edit their signature
2395          $smilieinserter = '';
2396          if($mybb->settings['sigsmilies'] == 1)
2397          {
2398              $sigsmilies = $lang->on;
2399              $smilieinserter = build_clickable_smilies();
2400          }
2401          else
2402          {
2403              $sigsmilies = $lang->off;
2404          }
2405          if($mybb->settings['sigmycode'] == 1)
2406          {
2407              $sigmycode = $lang->on;
2408          }
2409          else
2410          {
2411              $sigmycode = $lang->off;
2412          }
2413          if($mybb->settings['sightml'] == 1)
2414          {
2415              $sightml = $lang->on;
2416          }
2417          else
2418          {
2419              $sightml = $lang->off;
2420          }
2421          if($mybb->settings['sigimgcode'] == 1)
2422          {
2423              $sigimgcode = $lang->on;
2424          }
2425          else
2426          {
2427              $sigimgcode = $lang->off;
2428          }
2429  
2430          if($mybb->settings['siglength'] == 0)
2431          {
2432              $siglength = $lang->unlimited;
2433          }
2434          else
2435          {
2436              $siglength = $mybb->settings['siglength'];
2437          }
2438  
2439          $sig = htmlspecialchars_uni($sig);
2440          $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $siglength);
2441  
2442          if($mybb->settings['sigmycode'] != 0 && $mybb->settings['bbcodeinserter'] != 0 && $mybb->user['showcodebuttons'] != 0)
2443          {
2444              $codebuttons = build_mycode_inserter("signature");
2445          }
2446  
2447          $plugins->run_hooks("usercp_editsig_end");
2448  
2449          eval("\$editsig = \"".$templates->get("usercp_editsig")."\";");
2450      }
2451  
2452      output_page($editsig);
2453  }
2454  
2455  if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post")
2456  {
2457      // Verify incoming POST request
2458      verify_post_check($mybb->get_input('my_post_key'));
2459  
2460      $plugins->run_hooks("usercp_do_avatar_start");
2461      require_once  MYBB_ROOT."inc/functions_upload.php";
2462  
2463      $avatar_error = "";
2464  
2465      if(!empty($mybb->input['remove'])) // remove avatar
2466      {
2467          $updated_avatar = array(
2468              "avatar" => "",
2469              "avatardimensions" => "",
2470              "avatartype" => ""
2471          );
2472          $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2473          remove_avatars($mybb->user['uid']);
2474      }
2475      elseif($_FILES['avatarupload']['name']) // upload avatar
2476      {
2477          if($mybb->usergroup['canuploadavatars'] == 0)
2478          {
2479              error_no_permission();
2480          }
2481          $avatar = upload_avatar();
2482          if(!empty($avatar['error']))
2483          {
2484              $avatar_error = $avatar['error'];
2485          }
2486          else
2487          {
2488              if($avatar['width'] > 0 && $avatar['height'] > 0)
2489              {
2490                  $avatar_dimensions = $avatar['width']."|".$avatar['height'];
2491              }
2492              $updated_avatar = array(
2493                  "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
2494                  "avatardimensions" => $avatar_dimensions,
2495                  "avatartype" => "upload"
2496              );
2497              $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2498          }
2499      }
2500      elseif(!$mybb->settings['allowremoteavatars'] && !$_FILES['avatarupload']['name']) // missing avatar image
2501      {
2502          $avatar_error = $lang->error_avatarimagemissing;
2503      }
2504      elseif($mybb->settings['allowremoteavatars']) // remote avatar
2505      {
2506          $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl'));
2507          if(validate_email_format($mybb->input['avatarurl']) != false)
2508          {
2509              // Gravatar
2510              $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']);
2511  
2512              // If user image does not exist, or is a higher rating, use the mystery man
2513              $email = md5($mybb->input['avatarurl']);
2514  
2515              $s = '';
2516              if(!$mybb->settings['maxavatardims'])
2517              {
2518                  $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
2519              }
2520  
2521              // Because Gravatars are square, hijack the width
2522              list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
2523              $maxheight = (int)$maxwidth;
2524  
2525              // Rating?
2526              $types = array('g', 'pg', 'r', 'x');
2527              $rating = $mybb->settings['useravatarrating'];
2528  
2529              if(!in_array($rating, $types))
2530              {
2531                  $rating = 'g';
2532              }
2533  
2534              $s = "?s={$maxheight}&r={$rating}&d=mm";
2535  
2536              $updated_avatar = array(
2537                  "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
2538                  "avatardimensions" => "{$maxheight}|{$maxheight}",
2539                  "avatartype" => "gravatar"
2540              );
2541  
2542              $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'");
2543          }
2544          else
2545          {
2546              $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl'));
2547              $ext = get_extension($mybb->input['avatarurl']);
2548  
2549              // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
2550              $file = fetch_remote_file($mybb->input['avatarurl']);
2551              if(!$file)
2552              {
2553                  $avatar_error = $lang->error_invalidavatarurl;
2554              }
2555              else
2556              {
2557                  $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str());
2558                  $fp = @fopen($tmp_name, "wb");
2559                  if(!$fp)
2560                  {
2561                      $avatar_error = $lang->error_invalidavatarurl;
2562                  }
2563                  else
2564                  {
2565                      fwrite($fp, $file);
2566                      fclose($fp);
2567                      list($width, $height, $type) = @getimagesize($tmp_name);
2568                      @unlink($tmp_name);
2569                      if(!$type)
2570                      {
2571                          $avatar_error = $lang->error_invalidavatarurl;
2572                      }
2573                  }
2574              }
2575  
2576              if(empty($avatar_error))
2577              {
2578                  if($width && $height && $mybb->settings['maxavatardims'] != "")
2579                  {
2580                      list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
2581                      if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
2582                      {
2583                          $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
2584                          $avatar_error = $lang->error_avatartoobig;
2585                      }
2586                  }
2587              }
2588  
2589              // Limiting URL string to stay within database limit
2590              if(strlen($mybb->input['avatarurl']) > 200)
2591              {
2592                  $avatar_error = $lang->error_avatarurltoolong;
2593              }
2594  
2595              if(empty($avatar_error))
2596              {
2597                  if($width > 0 && $height > 0)
2598                  {
2599                      $avatar_dimensions = (int)$width."|".(int)$height;
2600                  }
2601                  $updated_avatar = array(
2602                      "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW),
2603                      "avatardimensions" => $avatar_dimensions,
2604                      "avatartype" => "remote"
2605                  );
2606                  $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2607                  remove_avatars($mybb->user['uid']);
2608              }
2609          }
2610      }
2611      else // remote avatar, but remote avatars are not allowed
2612      {
2613          $avatar_error = $lang->error_remote_avatar_not_allowed;
2614      }
2615  
2616      if(empty($avatar_error))
2617      {
2618          $plugins->run_hooks("usercp_do_avatar_end");
2619          redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated);
2620      }
2621      else
2622      {
2623          $mybb->input['action'] = "avatar";
2624          $avatar_error = inline_error($avatar_error);
2625      }
2626  }
2627  
2628  if($mybb->input['action'] == "avatar")
2629  {
2630      $plugins->run_hooks("usercp_avatar_start");
2631  
2632      $avatarmsg = $avatarurl = '';
2633  
2634      if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath']))
2635      {
2636          $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>";
2637      }
2638      elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar']))
2639      {
2640          $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>";
2641          $avatarurl = htmlspecialchars_uni($mybb->user['avatar']);
2642      }
2643  
2644      $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100');
2645      eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";");
2646  
2647      if($mybb->settings['maxavatardims'] != "")
2648      {
2649          list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
2650          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight);
2651      }
2652  
2653      if($mybb->settings['avatarsize'])
2654      {
2655          $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024);
2656          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize);
2657      }
2658  
2659      $plugins->run_hooks("usercp_avatar_intermediate");
2660  
2661      $auto_resize = '';
2662      if($mybb->settings['avatarresizing'] == "auto")
2663      {
2664          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";");
2665      }
2666      elseif($mybb->settings['avatarresizing'] == "user")
2667      {
2668          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";");
2669      }
2670  
2671      $avatarupload = '';
2672      if($mybb->usergroup['canuploadavatars'] == 1)
2673      {
2674          eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";");
2675      }
2676  
2677      $avatar_remote = '';
2678      if($mybb->settings['allowremoteavatars'] == 1)
2679      {
2680          eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";");
2681      }
2682  
2683      $removeavatar = '';
2684      if(!empty($mybb->user['avatar']))
2685      {
2686          eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";");
2687      }
2688  
2689      $plugins->run_hooks("usercp_avatar_end");
2690  
2691      if(!isset($avatar_error))
2692      {
2693          $avatar_error = '';
2694      }
2695  
2696      eval("\$avatar = \"".$templates->get("usercp_avatar")."\";");
2697      output_page($avatar);
2698  }
2699  
2700  if($mybb->input['action'] == "acceptrequest")
2701  {
2702      // Verify incoming POST request
2703      verify_post_check($mybb->get_input('my_post_key'));
2704  
2705      // Validate request
2706      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2707      $request = $db->fetch_array($query);
2708      if(empty($request))
2709      {
2710          error($lang->invalid_request);
2711      }
2712  
2713      $plugins->run_hooks("usercp_acceptrequest_start");
2714  
2715      $user = get_user($request['uid']);
2716      if(!empty($user))
2717      {
2718          // We want to add us to this user's buddy list
2719          if($user['buddylist'] != '')
2720          {
2721              $user['buddylist'] = explode(',', $user['buddylist']);
2722          }
2723          else
2724          {
2725              $user['buddylist'] = array();
2726          }
2727  
2728          $user['buddylist'][] = (int)$mybb->user['uid'];
2729  
2730          // Now we have the new list, so throw it all back together
2731          $new_list = implode(",", $user['buddylist']);
2732  
2733          // And clean it up a little to ensure there is no possibility of bad values
2734          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2735          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2736  
2737          if(my_substr($new_list, 0, 1) == ",")
2738          {
2739              $new_list = my_substr($new_list, 1);
2740          }
2741          if(my_substr($new_list, -1) == ",")
2742          {
2743              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2744          }
2745  
2746          $user['buddylist'] = $db->escape_string($new_list);
2747  
2748          $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
2749  
2750  
2751          // We want to add the user to our buddy list
2752          if($mybb->user['buddylist'] != '')
2753          {
2754              $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']);
2755          }
2756          else
2757          {
2758              $mybb->user['buddylist'] = array();
2759          }
2760  
2761          $mybb->user['buddylist'][] = (int)$request['uid'];
2762  
2763          // Now we have the new list, so throw it all back together
2764          $new_list = implode(",", $mybb->user['buddylist']);
2765  
2766          // And clean it up a little to ensure there is no possibility of bad values
2767          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2768          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2769  
2770          if(my_substr($new_list, 0, 1) == ",")
2771          {
2772              $new_list = my_substr($new_list, 1);
2773          }
2774          if(my_substr($new_list, -1) == ",")
2775          {
2776              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2777          }
2778  
2779          $mybb->user['buddylist'] = $db->escape_string($new_list);
2780  
2781          $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'");
2782  
2783          $pm = array(
2784              'subject' => 'buddyrequest_accepted_request',
2785              'message' => 'buddyrequest_accepted_request_message',
2786              'touid' => $user['uid'],
2787              'language' => $user['language'],
2788              'language_file' => 'usercp'
2789          );
2790  
2791          send_pm($pm, $mybb->user['uid'], true);
2792  
2793          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2794      }
2795      else
2796      {
2797          error($lang->user_doesnt_exist);
2798      }
2799  
2800      $plugins->run_hooks("usercp_acceptrequest_end");
2801  
2802      redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted);
2803  }
2804  
2805  elseif($mybb->input['action'] == "declinerequest")
2806  {
2807      // Verify incoming POST request
2808      verify_post_check($mybb->get_input('my_post_key'));
2809  
2810      // Validate request
2811      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2812      $request = $db->fetch_array($query);
2813      if(empty($request))
2814      {
2815          error($lang->invalid_request);
2816      }
2817  
2818      $plugins->run_hooks("usercp_declinerequest_start");
2819  
2820      $user = get_user($request['uid']);
2821      if(!empty($user))
2822      {
2823          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2824      }
2825      else
2826      {
2827          error($lang->user_doesnt_exist);
2828      }
2829  
2830      $plugins->run_hooks("usercp_declinerequest_end");
2831  
2832      redirect("usercp.php?action=editlists", $lang->buddyrequest_declined);
2833  }
2834  
2835  elseif($mybb->input['action'] == "cancelrequest")
2836  {
2837      // Verify incoming POST request
2838      verify_post_check($mybb->get_input('my_post_key'));
2839  
2840      // Validate request
2841      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']);
2842      $request = $db->fetch_array($query);
2843      if(empty($request))
2844      {
2845          error($lang->invalid_request);
2846      }
2847  
2848      $plugins->run_hooks("usercp_cancelrequest_start");
2849  
2850      $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2851  
2852      $plugins->run_hooks("usercp_cancelrequest_end");
2853  
2854      redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled);
2855  }
2856  
2857  if($mybb->input['action'] == "do_editlists")
2858  {
2859      // Verify incoming POST request
2860      verify_post_check($mybb->get_input('my_post_key'));
2861  
2862      $plugins->run_hooks("usercp_do_editlists_start");
2863  
2864      $existing_users = array();
2865      $selected_list = array();
2866      if($mybb->get_input('manage') == "ignored")
2867      {
2868          if($mybb->user['ignorelist'])
2869          {
2870              $existing_users = explode(",", $mybb->user['ignorelist']);
2871          }
2872  
2873          if($mybb->user['buddylist'])
2874          {
2875              // Create a list of buddies...
2876              $selected_list = explode(",", $mybb->user['buddylist']);
2877          }
2878      }
2879      else
2880      {
2881          if($mybb->user['buddylist'])
2882          {
2883              $existing_users = explode(",", $mybb->user['buddylist']);
2884          }
2885  
2886          if($mybb->user['ignorelist'])
2887          {
2888              // Create a list of ignored users
2889              $selected_list = explode(",", $mybb->user['ignorelist']);
2890          }
2891      }
2892  
2893      $error_message = "";
2894      $message = "";
2895  
2896      // Adding one or more users to this list
2897      if($mybb->get_input('add_username'))
2898      {
2899          // Split up any usernames we have
2900          $found_users = 0;
2901          $adding_self = false;
2902          $users = explode(",", $mybb->get_input('add_username'));
2903          $users = array_map("trim", $users);
2904          $users = array_unique($users);
2905          foreach($users as $key => $username)
2906          {
2907              if(empty($username))
2908              {
2909                  unset($users[$key]);
2910                  continue;
2911              }
2912  
2913              if(my_strtoupper($mybb->user['username']) == my_strtoupper($username))
2914              {
2915                  $adding_self = true;
2916                  unset($users[$key]);
2917                  continue;
2918              }
2919              $users[$key] = $db->escape_string($username);
2920          }
2921  
2922          // Get the requests we have sent that are still pending
2923          $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']);
2924          $requests = array();
2925          while($req = $db->fetch_array($query))
2926          {
2927              $requests[$req['touid']] = true;
2928          }
2929  
2930          // Get the requests we have received that are still pending
2931          $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']);
2932          $requests_rec = array();
2933          while($req = $db->fetch_array($query))
2934          {
2935              $requests_rec[$req['uid']] = true;
2936          }
2937  
2938          $sent = false;
2939  
2940          // Fetch out new users
2941          if(count($users) > 0)
2942          {
2943              switch($db->type)
2944              {
2945                  case 'mysql':
2946                  case 'mysqli':
2947                      $field = 'username';
2948                      break;
2949                  default:
2950                      $field = 'LOWER(username)';
2951                      break;
2952              }
2953              $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')");
2954              while($user = $db->fetch_array($query))
2955              {
2956                  ++$found_users;
2957  
2958                  // Make sure we're not adding a duplicate
2959                  if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list))
2960                  {
2961                      if($mybb->get_input('manage') == "ignored")
2962                      {
2963                          $error_message = "ignore";
2964                      }
2965                      else
2966                      {
2967                          $error_message = "buddy";
2968                      }
2969  
2970                      // On another list?
2971                      $string = "users_already_on_".$error_message."_list";
2972                      if(in_array($user['uid'], $selected_list))
2973                      {
2974                          $string .= "_alt";
2975                      }
2976  
2977                      $error_message = $lang->$string;
2978                      array_pop($users); // To maintain a proper count when we call count($users)
2979                      continue;
2980                  }
2981  
2982                  if(isset($requests[$user['uid']]))
2983                  {
2984                      if($mybb->get_input('manage') != "ignored")
2985                      {
2986                          $error_message = $lang->users_already_sent_request;
2987                      }
2988                      elseif($mybb->get_input('manage') == "ignored")
2989                      {
2990                          $error_message = $lang->users_already_sent_request_alt;
2991                      }
2992  
2993                      array_pop($users); // To maintain a proper count when we call count($users)
2994                      continue;
2995                  }
2996  
2997                  if(isset($requests_rec[$user['uid']]))
2998                  {
2999                      if($mybb->get_input('manage') != "ignored")
3000                      {
3001                          $error_message = $lang->users_already_rec_request;
3002                      }
3003                      elseif($mybb->get_input('manage') == "ignored")
3004                      {
3005                          $error_message = $lang->users_already_rec_request_alt;
3006                      }
3007  
3008                      array_pop($users); // To maintain a proper count when we call count($users)
3009                      continue;
3010                  }
3011  
3012                  // Do we have auto approval set to On?
3013                  if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored")
3014                  {
3015                      $existing_users[] = $user['uid'];
3016  
3017                      $pm = array(
3018                          'subject' => 'buddyrequest_new_buddy',
3019                          'message' => 'buddyrequest_new_buddy_message',
3020                          'touid' => $user['uid'],
3021                          'receivepms' => (int)$user['buddyrequestspm'],
3022                          'language' => $user['language'],
3023                          'language_file' => 'usercp'
3024                      );
3025  
3026                      send_pm($pm);
3027                  }
3028                  elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored")
3029                  {
3030                      // Send request
3031                      $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW));
3032  
3033                      $pm = array(
3034                          'subject' => 'buddyrequest_received',
3035                          'message' => 'buddyrequest_received_message',
3036                          'touid' => $user['uid'],
3037                          'receivepms' => (int)$user['buddyrequestspm'],
3038                          'language' => $user['language'],
3039                          'language_file' => 'usercp'
3040                      );
3041  
3042                      send_pm($pm);
3043  
3044                      $sent = true;
3045                  }
3046                  elseif($mybb->get_input('manage') == "ignored")
3047                  {
3048                      $existing_users[] = $user['uid'];
3049                  }
3050              }
3051          }
3052  
3053          if($found_users < count($users))
3054          {
3055              if($error_message)
3056              {
3057                  $error_message .= "<br />";
3058              }
3059  
3060              $error_message .= $lang->invalid_user_selected;
3061          }
3062  
3063          if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1))
3064          {
3065              if($mybb->get_input('manage') == "ignored")
3066              {
3067                  $message = $lang->users_added_to_ignore_list;
3068              }
3069              else
3070              {
3071                  $message = $lang->users_added_to_buddy_list;
3072              }
3073          }
3074  
3075          if($adding_self == true)
3076          {
3077              if($mybb->get_input('manage') == "ignored")
3078              {
3079                  $error_message = $lang->cant_add_self_to_ignore_list;
3080              }
3081              else
3082              {
3083                  $error_message = $lang->cant_add_self_to_buddy_list;
3084              }
3085          }
3086  
3087          if(count($existing_users) == 0)
3088          {
3089              $message = "";
3090  
3091              if($sent === true)
3092              {
3093                  $message = $lang->buddyrequests_sent_success;
3094              }
3095          }
3096      }
3097  
3098      // Removing a user from this list
3099      elseif($mybb->get_input('delete', MyBB::INPUT_INT))
3100      {
3101          // Check if user exists on the list
3102          $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users);
3103          if($key !== false)
3104          {
3105              unset($existing_users[$key]);
3106              $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT));
3107              if(!empty($user))
3108              {
3109                  // We want to remove us from this user's buddy list
3110                  if($user['buddylist'] != '')
3111                  {
3112                      $user['buddylist'] = explode(',', $user['buddylist']);
3113                  }
3114                  else
3115                  {
3116                      $user['buddylist'] = array();
3117                  }
3118  
3119                  $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $user['buddylist']);
3120                  unset($user['buddylist'][$key]);
3121  
3122                  // Now we have the new list, so throw it all back together
3123                  $new_list = implode(",", $user['buddylist']);
3124  
3125                  // And clean it up a little to ensure there is no possibility of bad values
3126                  $new_list = preg_replace("#,{2,}#", ",", $new_list);
3127                  $new_list = preg_replace("#[^0-9,]#", "", $new_list);
3128  
3129                  if(my_substr($new_list, 0, 1) == ",")
3130                  {
3131                      $new_list = my_substr($new_list, 1);
3132                  }
3133                  if(my_substr($new_list, -1) == ",")
3134                  {
3135                      $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
3136                  }
3137  
3138                  $user['buddylist'] = $db->escape_string($new_list);
3139  
3140                  $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
3141              }
3142  
3143              if($mybb->get_input('manage') == "ignored")
3144              {
3145                  $message = $lang->removed_from_ignore_list;
3146              }
3147              else
3148              {
3149                  $message = $lang->removed_from_buddy_list;
3150              }
3151              $user['username'] = htmlspecialchars_uni($user['username']);
3152              $message = $lang->sprintf($message, $user['username']);
3153          }
3154      }
3155  
3156      // Now we have the new list, so throw it all back together
3157      $new_list = implode(",", $existing_users);
3158  
3159      // And clean it up a little to ensure there is no possibility of bad values
3160      $new_list = preg_replace("#,{2,}#", ",", $new_list);
3161      $new_list = preg_replace("#[^0-9,]#", "", $new_list);
3162  
3163      if(my_substr($new_list, 0, 1) == ",")
3164      {
3165          $new_list = my_substr($new_list, 1);
3166      }
3167      if(my_substr($new_list, -1) == ",")
3168      {
3169          $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
3170      }
3171  
3172      // And update
3173      $user = array();
3174      if($mybb->get_input('manage') == "ignored")
3175      {
3176          $user['ignorelist'] = $db->escape_string($new_list);
3177          $mybb->user['ignorelist'] = $user['ignorelist'];
3178      }
3179      else
3180      {
3181          $user['buddylist'] = $db->escape_string($new_list);
3182          $mybb->user['buddylist'] = $user['buddylist'];
3183      }
3184  
3185      $db->update_query("users", $user, "uid='".$mybb->user['uid']."'");
3186  
3187      $plugins->run_hooks("usercp_do_editlists_end");
3188  
3189      // Ajax based request, throw new list to browser
3190      if(!empty($mybb->input['ajax']))
3191      {
3192          if($mybb->get_input('manage') == "ignored")
3193          {
3194              $list = "ignore";
3195          }
3196          else
3197          {
3198              $list = "buddy";
3199          }
3200  
3201          $message_js = '';
3202          if($message)
3203          {
3204              $message_js = "$.jGrowl('{$message}', {theme:'jgrowl_success'});";
3205          }
3206  
3207          if($error_message)
3208          {
3209              $message_js .= " $.jGrowl('{$error_message}', {theme:'jgrowl_error'});";
3210          }
3211  
3212          if($mybb->get_input('delete', MyBB::INPUT_INT))
3213          {
3214              header("Content-type: text/javascript");
3215              echo "$(\"#".$mybb->get_input('manage')."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n";
3216              if($new_list == "")
3217              {
3218                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"0\");\n";
3219                  echo "\$(\"#buddylink\").remove();\n";
3220  
3221                  if($mybb->get_input('manage') == "ignored")
3222                  {
3223                      echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n";
3224                  }
3225                  else
3226                  {
3227                      echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n";
3228                  }
3229              }
3230              else
3231              {
3232                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"".count(explode(",", $new_list))."\");\n";
3233              }
3234              echo $message_js;
3235              exit;
3236          }
3237          $mybb->input['action'] = "editlists";
3238      }
3239      else
3240      {
3241          if($error_message)
3242          {
3243              $message .= "<br />".$error_message;
3244          }
3245          redirect("usercp.php?action=editlists#".$mybb->get_input('manage'), $message);
3246      }
3247  }
3248  
3249  if($mybb->input['action'] == "editlists")
3250  {
3251      $plugins->run_hooks("usercp_editlists_start");
3252  
3253      $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
3254  
3255      // Fetch out buddies
3256      $buddy_count = 0;
3257      $buddy_list = '';
3258      if($mybb->user['buddylist'])
3259      {
3260          $type = "buddy";
3261          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username"));
3262          while($user = $db->fetch_array($query))
3263          {
3264              $user['username'] = htmlspecialchars_uni($user['username']);
3265              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3266              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
3267              {
3268                  $status = "online";
3269              }
3270              else
3271              {
3272                  $status = "offline";
3273              }
3274              eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";");
3275              ++$buddy_count;
3276          }
3277      }
3278  
3279      $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count);
3280      if(!$buddy_list)
3281      {
3282          eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";");
3283      }
3284  
3285      // Fetch out ignore list users
3286      $ignore_count = 0;
3287      $ignore_list = '';
3288      if($mybb->user['ignorelist'])
3289      {
3290          $type = "ignored";
3291          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username"));
3292          while($user = $db->fetch_array($query))
3293          {
3294              $user['username'] = htmlspecialchars_uni($user['username']);
3295              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3296              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
3297              {
3298                  $status = "online";
3299              }
3300              else
3301              {
3302                  $status = "offline";
3303              }
3304              eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";");
3305              ++$ignore_count;
3306          }
3307      }
3308  
3309      $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count);
3310      if(!$ignore_list)
3311      {
3312          eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";");
3313      }
3314  
3315      // If an AJAX request from buddy management, echo out whatever the new list is.
3316      if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
3317      {
3318          if($mybb->input['manage'] == "ignored")
3319          {
3320              echo $ignore_list;
3321              echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>";
3322          }
3323          else
3324          {
3325              if(isset($sent) && $sent === true)
3326              {
3327                  $sent_rows = '';
3328                  $query = $db->query("
3329                      SELECT r.*, u.username
3330                      FROM ".TABLE_PREFIX."buddyrequests r
3331                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
3332                      WHERE r.uid=".(int)$mybb->user['uid']);
3333  
3334                  while($request = $db->fetch_array($query))
3335                  {
3336                      $bgcolor = alt_trow();
3337                      $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
3338                      $request['date'] = my_date('relative', $request['date']);
3339                      eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";");
3340                  }
3341  
3342                  if($sent_rows == '')
3343                  {
3344                      eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";");
3345                  }
3346  
3347                  eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";");
3348  
3349                  echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>";
3350              }
3351              else
3352              {
3353                  echo $buddy_list;
3354                  echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>";
3355              }
3356          }
3357          exit;
3358      }
3359  
3360      $received_rows = $bgcolor = '';
3361      $query = $db->query("
3362          SELECT r.*, u.username
3363          FROM ".TABLE_PREFIX."buddyrequests r
3364          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid)
3365          WHERE r.touid=".(int)$mybb->user['uid']);
3366  
3367      while($request = $db->fetch_array($query))
3368      {
3369          $bgcolor = alt_trow();
3370          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']);
3371          $request['date'] = my_date('relative', $request['date']);
3372          eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";");
3373      }
3374  
3375      if($received_rows == '')
3376      {
3377          eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
3378      }
3379  
3380      eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";");
3381  
3382      $sent_rows = $bgcolor = '';
3383      $query = $db->query("
3384          SELECT r.*, u.username
3385          FROM ".TABLE_PREFIX."buddyrequests r
3386          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
3387          WHERE r.uid=".(int)$mybb->user['uid']);
3388  
3389      while($request = $db->fetch_array($query))
3390      {
3391          $bgcolor = alt_trow();
3392          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
3393          $request['date'] = my_date('relative', $request['date']);
3394          eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";");
3395      }
3396  
3397      if($sent_rows == '')
3398      {
3399          eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
3400      }
3401  
3402      eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";");
3403  
3404      $plugins->run_hooks("usercp_editlists_end");
3405  
3406      eval("\$listpage = \"".$templates->get("usercp_editlists")."\";");
3407      output_page($listpage);
3408  }
3409  
3410  if($mybb->input['action'] == "drafts")
3411  {
3412      $plugins->run_hooks("usercp_drafts_start");
3413  
3414      $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'");
3415      $draftcount = $db->fetch_field($query, 'draftcount');
3416  
3417      $drafts = $disable_delete_drafts = '';
3418      $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount));
3419  
3420      // Show a listing of all of the current 'draft' posts or threads the user has.
3421      if($draftcount)
3422      {
3423          $query = $db->query("
3424              SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible
3425              FROM ".TABLE_PREFIX."posts p
3426              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3427              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid)
3428              WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2'
3429              ORDER BY p.dateline DESC, p.pid DESC
3430          ");
3431  
3432          while($draft = $db->fetch_array($query))
3433          {
3434              $detail = '';
3435              $trow = alt_trow();
3436              if($draft['threadvisible'] == 1) // We're looking at a draft post
3437              {
3438                  $draft['threadlink'] = get_thread_link($draft['tid']);
3439                  $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']);
3440                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";");
3441                  $editurl = "newreply.php?action=editdraft&amp;pid={$draft['pid']}";
3442                  $id = $draft['pid'];
3443                  $type = "post";
3444              }
3445              elseif($draft['threadvisible'] == -2) // We're looking at a draft thread
3446              {
3447                  $draft['forumlink'] = get_forum_link($draft['fid']);
3448                  $draft['forumname'] = htmlspecialchars_uni($draft['forumname']);
3449                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";");
3450                  $editurl = "newthread.php?action=editdraft&amp;tid={$draft['tid']}";
3451                  $id = $draft['tid'];
3452                  $type = "thread";
3453              }
3454  
3455              $draft['subject'] = htmlspecialchars_uni($draft['subject']);
3456              $savedate = my_date('relative', $draft['dateline']);
3457              eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";");
3458          }
3459      }
3460      else
3461      {
3462          $disable_delete_drafts = 'disabled="disabled"';
3463          eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";");
3464      }
3465  
3466      $plugins->run_hooks("usercp_drafts_end");
3467  
3468      eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";");
3469      output_page($draftlist);
3470  }
3471  
3472  if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post")
3473  {
3474      // Verify incoming POST request
3475      verify_post_check($mybb->get_input('my_post_key'));
3476  
3477      $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY);
3478      if(empty($mybb->input['deletedraft']))
3479      {
3480          error($lang->no_drafts_selected);
3481      }
3482  
3483      $plugins->run_hooks("usercp_do_drafts_start");
3484  
3485      $pidin = array();
3486      $tidin = array();
3487  
3488      foreach($mybb->input['deletedraft'] as $id => $val)
3489      {
3490          if($val == "post")
3491          {
3492              $pidin[] = "'".(int)$id."'";
3493          }
3494          elseif($val == "thread")
3495          {
3496              $tidin[] = "'".(int)$id."'";
3497          }
3498      }
3499      if($tidin)
3500      {
3501          $tidin = implode(",", $tidin);
3502          $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3503          $tidinp = "OR tid IN ($tidin)";
3504      }
3505      else
3506      {
3507          $tidinp = '';
3508      }
3509      if($pidin || $tidinp)
3510      {
3511          $pidinq = $tidin = '';
3512          if($pidin)
3513          {
3514              $pidin = implode(",", $pidin);
3515              $pidinq = "pid IN ($pidin)";
3516          }
3517          else
3518          {
3519              $pidinq = "1=0";
3520          }
3521          $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3522      }
3523      $plugins->run_hooks("usercp_do_drafts_end");
3524      redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted);
3525  }
3526  
3527  if($mybb->input['action'] == "usergroups")
3528  {
3529      $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].",";
3530  
3531      $usergroups = $mybb->cache->read('usergroups');
3532  
3533      $plugins->run_hooks("usercp_usergroups_start");
3534  
3535      // Changing our display group
3536      if($mybb->get_input('displaygroup', MyBB::INPUT_INT))
3537      {
3538          // Verify incoming POST request
3539          verify_post_check($mybb->get_input('my_post_key'));
3540  
3541          if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false)
3542          {
3543              error($lang->not_member_of_group);
3544          }
3545  
3546          $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)];
3547          if($dispgroup['candisplaygroup'] != 1)
3548          {
3549              error($lang->cannot_set_displaygroup);
3550          }
3551          $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'");
3552          $cache->update_moderators();
3553          $plugins->run_hooks("usercp_usergroups_change_displaygroup");
3554          redirect("usercp.php?action=usergroups", $lang->display_group_changed);
3555          exit;
3556      }
3557  
3558      // Leaving a group
3559      if($mybb->get_input('leavegroup', MyBB::INPUT_INT))
3560      {
3561          // Verify incoming POST request
3562          verify_post_check($mybb->get_input('my_post_key'));
3563  
3564          if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false)
3565          {
3566              error($lang->not_member_of_group);
3567          }
3568          if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT))
3569          {
3570              error($lang->cannot_leave_primary_group);
3571          }
3572  
3573          $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)];
3574          if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3575          {
3576              error($lang->cannot_leave_group);
3577          }
3578          leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT));
3579          $plugins->run_hooks("usercp_usergroups_leave_group");
3580          redirect("usercp.php?action=usergroups", $lang->left_group);
3581          exit;
3582      }
3583  
3584      $groupleaders = array();
3585  
3586      // List of usergroup leaders
3587      $query = $db->query("
3588          SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language
3589          FROM ".TABLE_PREFIX."groupleaders g
3590          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
3591          ORDER BY u.username ASC
3592      ");
3593      while($leader = $db->fetch_array($query))
3594      {
3595          $groupleaders[$leader['gid']][$leader['uid']] = $leader;
3596      }
3597  
3598      // Joining a group
3599      if($mybb->get_input('joingroup', MyBB::INPUT_INT))
3600      {
3601          // Verify incoming POST request
3602          verify_post_check($mybb->get_input('my_post_key'));
3603  
3604          $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)];
3605  
3606          if($usergroup['type'] == 5)
3607          {
3608              error($lang->cannot_join_invite_group);
3609          }
3610  
3611          if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
3612          {
3613              error($lang->cannot_join_group);
3614          }
3615  
3616          if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false)
3617          {
3618              error($lang->already_member_of_group);
3619          }
3620  
3621          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'");
3622          $joinrequest = $db->fetch_array($query);
3623  
3624          if($joinrequest)
3625          {
3626              error($lang->already_sent_join_request);
3627          }
3628  
3629          if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4)
3630          {
3631              $reasonlength = my_strlen($mybb->get_input('reason'));
3632  
3633              if($reasonlength > 250) // Reason field is varchar(250) in database
3634              {
3635                  error($lang->sprintf($lang->joinreason_too_long, ($reasonlength - 250)));
3636              }
3637  
3638              $now = TIME_NOW;
3639              $joinrequest = array(
3640                  "uid" => $mybb->user['uid'],
3641                  "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT),
3642                  "reason" => $db->escape_string($mybb->get_input('reason')),
3643                  "dateline" => TIME_NOW
3644              );
3645  
3646              $db->insert_query("joinrequests", $joinrequest);
3647  
3648              if(array_key_exists($usergroup['gid'], $groupleaders))
3649              {
3650                  foreach($groupleaders[$usergroup['gid']] as $leader)
3651                  {
3652                      // Load language
3653                      $lang->set_language($leader['language']);
3654                      $lang->load("messages");
3655  
3656                      $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']);
3657                      $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']);
3658                      my_mail($leader['email'], $subject, $message);
3659                  }
3660              }
3661  
3662              // Load language
3663              $lang->set_language($mybb->user['language']);
3664              $lang->load("messages");
3665  
3666              $plugins->run_hooks("usercp_usergroups_join_group_request");
3667              redirect("usercp.php?action=usergroups", $lang->group_join_requestsent);
3668              exit;
3669          }
3670          elseif($usergroup['type'] == 4)
3671          {
3672              $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT);
3673              eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
3674              output_page($joinpage);
3675              exit;
3676          }
3677          else
3678          {
3679              join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT));
3680              $plugins->run_hooks("usercp_usergroups_join_group");
3681              redirect("usercp.php?action=usergroups", $lang->joined_group);
3682          }
3683      }
3684  
3685      // Accepting invitation
3686      if($mybb->get_input('acceptinvite', MyBB::INPUT_INT))
3687      {
3688          // Verify incoming POST request
3689          verify_post_check($mybb->get_input('my_post_key'));
3690  
3691          $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)];
3692  
3693          if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false)
3694          {
3695              error($lang->already_accepted_invite);
3696          }
3697  
3698          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'");
3699          $joinrequest = $db->fetch_array($query);
3700          if($joinrequest)
3701          {
3702              join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT));
3703              $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'");
3704              $plugins->run_hooks("usercp_usergroups_accept_invite");
3705              redirect("usercp.php?action=usergroups", $lang->joined_group);
3706          }
3707          else
3708          {
3709              error($lang->no_pending_invitation);
3710          }
3711      }
3712      // Show listing of various group related things
3713  
3714      // List of groups this user is a leader of
3715      $groupsledlist = '';
3716  
3717      switch($db->type)
3718      {
3719          case "pgsql":
3720          case "sqlite":
3721              $query = $db->query("
3722                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3723                  FROM ".TABLE_PREFIX."groupleaders l
3724                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3725                  LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
3726                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3727                  WHERE l.uid='".$mybb->user['uid']."'
3728                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3729              ");
3730              break;
3731          default:
3732              $query = $db->query("
3733                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3734                  FROM ".TABLE_PREFIX."groupleaders l
3735                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3736                  LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
3737                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3738                  WHERE l.uid='".$mybb->user['uid']."'
3739                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3740              ");
3741      }
3742  
3743      while($usergroup = $db->fetch_array($query))
3744      {
3745          $memberlistlink = $moderaterequestslink = '';
3746          eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";");
3747          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3748          if($usergroup['type'] != 4)
3749          {
3750              $usergroup['joinrequests'] = '--';
3751          }
3752          if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1)
3753          {
3754              eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";");
3755          }
3756          $groupleader[$usergroup['gid']] = 1;
3757          $trow = alt_trow();
3758          eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";");
3759      }
3760      $leadinggroups = '';
3761      if($groupsledlist)
3762      {
3763          eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";");
3764      }
3765  
3766      // Fetch the list of groups the member is in
3767      // Do the primary group first
3768      $usergroup = $usergroups[$mybb->user['usergroup']];
3769      $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3770      $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3771      if($usergroup['description'])
3772      {
3773          $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3774          eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";");
3775      }
3776      eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";");
3777      $trow = alt_trow();
3778      if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3779      {
3780          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3781      }
3782      elseif($usergroup['candisplaygroup'] == 1)
3783      {
3784          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3785      }
3786      else
3787      {
3788          $displaycode = '';
3789      }
3790  
3791      eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3792      $showmemberof = false;
3793      if($mybb->user['additionalgroups'])
3794      {
3795          $additionalgroups = implode(
3796              ',',
3797              array_map(
3798                  'intval',
3799                  explode(',', $mybb->user['additionalgroups'])
3800              )
3801          );
3802          $query = $db->simple_select("usergroups", "*", "gid IN (".$additionalgroups.") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title'));
3803          while($usergroup = $db->fetch_array($query))
3804          {
3805              $showmemberof = true;
3806  
3807              if(isset($groupleader[$usergroup['gid']]))
3808              {
3809                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";");
3810              }
3811              elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3812              {
3813                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";");
3814              }
3815              else
3816              {
3817                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";");
3818              }
3819  
3820              $description = '';
3821              $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3822              $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3823              if($usergroup['description'])
3824              {
3825                  $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3826                  eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";");
3827              }
3828              $trow = alt_trow();
3829              if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3830              {
3831                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3832              }
3833              elseif($usergroup['candisplaygroup'] == 1)
3834              {
3835                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3836              }
3837              else
3838              {
3839                  $displaycode = '';
3840              }
3841              eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3842          }
3843      }
3844      eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";");
3845  
3846      // List of groups this user has applied for but has not been accepted in to
3847      $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'");
3848      while($request = $db->fetch_array($query))
3849      {
3850          $appliedjoin[$request['gid']] = $request['dateline'];
3851      }
3852  
3853      // Fetch list of groups the member can join
3854      $existinggroups = $mybb->user['usergroup'];
3855      if($mybb->user['additionalgroups'])
3856      {
3857          $additionalgroups = implode(
3858              ',',
3859              array_map(
3860                  'intval',
3861                  explode(',', $mybb->user['additionalgroups'])
3862              )
3863          );
3864          $existinggroups .= ",".$additionalgroups;
3865      }
3866  
3867      $joinablegroups = $joinablegrouplist = '';
3868      $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4' OR type='5') AND gid NOT IN ($existinggroups)", array('order_by' => 'title'));
3869      while($usergroup = $db->fetch_array($query))
3870      {
3871          $trow = alt_trow();
3872  
3873          $description = '';
3874          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3875          if($usergroup['description'])
3876          {
3877              $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3878              eval("\$description = \"".$templates->get("usercp_usergroups_joinable_usergroup_description")."\";");
3879          }
3880  
3881          // Moderating join requests?
3882          if($usergroup['type'] == 4)
3883          {
3884              $conditions = $lang->usergroup_joins_moderated;
3885          }
3886          elseif($usergroup['type'] == 5)
3887          {
3888              $conditions = $lang->usergroup_joins_invite;
3889          }
3890          else
3891          {
3892              $conditions = $lang->usergroup_joins_anyone;
3893          }
3894  
3895          if(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] != 5)
3896          {
3897              $applydate = my_date('relative', $appliedjoin[$usergroup['gid']]);
3898              $joinlink = $lang->sprintf($lang->join_group_applied, $applydate);
3899          }
3900          elseif(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] == 5)
3901          {
3902              $joinlink = $lang->sprintf($lang->pending_invitation, $usergroup['gid'], $mybb->post_code);
3903          }
3904          elseif($usergroup['type'] == 5)
3905          {
3906              $joinlink = "--";
3907          }
3908          else
3909          {
3910              eval("\$joinlink = \"".$templates->get("usercp_usergroups_joinable_usergroup_join")."\";");
3911          }
3912  
3913          $usergroupleaders = '';
3914          if(!empty($groupleaders[$usergroup['gid']]))
3915          {
3916              $comma = '';
3917              $usergroupleaders = '';
3918              foreach($groupleaders[$usergroup['gid']] as $leader)
3919              {
3920                  $leader['username'] = format_name(htmlspecialchars_uni($leader['username']), $leader['usergroup'], $leader['displaygroup']);
3921                  $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']);
3922                  $comma = $lang->comma;
3923              }
3924              $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders;
3925          }
3926  
3927          if(my_strpos($usergroupleaders, $mybb->user['username']) === false)
3928          {
3929              // User is already a leader of the group, so don't show as a "Join Group"
3930              eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";");
3931          }
3932      }
3933      if($joinablegrouplist)
3934      {
3935          eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";");
3936      }
3937  
3938      $plugins->run_hooks("usercp_usergroups_end");
3939  
3940      eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";");
3941      output_page($groupmemberships);
3942  }
3943  
3944  if($mybb->input['action'] == "attachments")
3945  {
3946      require_once  MYBB_ROOT."inc/functions_upload.php";
3947  
3948      if($mybb->settings['enableattachments'] == 0)
3949      {
3950          error($lang->attachments_disabled);
3951      }
3952  
3953      $plugins->run_hooks("usercp_attachments_start");
3954  
3955      // Get unviewable forums
3956      $f_perm_sql = '';
3957      $unviewable_forums = get_unviewable_forums(true);
3958      $inactiveforums = get_inactive_forums();
3959      if($unviewable_forums)
3960      {
3961          $f_perm_sql = " AND t.fid NOT IN ($unviewable_forums)";
3962      }
3963      if($inactiveforums)
3964      {
3965          $f_perm_sql .= " AND t.fid NOT IN ($inactiveforums)";
3966      }
3967  
3968      $attachments = '';
3969  
3970      // Pagination
3971      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
3972      {
3973          $mybb->settings['threadsperpage'] = 20;
3974      }
3975  
3976      $perpage = $mybb->settings['threadsperpage'];
3977      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3978  
3979      if($page > 0)
3980      {
3981          $start = ($page-1) * $perpage;
3982      }
3983      else
3984      {
3985          $start = 0;
3986          $page = 1;
3987      }
3988  
3989      $end = $start + $perpage;
3990      $lower = $start+1;
3991  
3992      $query = $db->query("
3993          SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject
3994          FROM ".TABLE_PREFIX."attachments a
3995          LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
3996          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3997          WHERE a.uid='".$mybb->user['uid']."' {$f_perm_sql}
3998          ORDER BY p.dateline DESC, p.pid DESC LIMIT {$start}, {$perpage}
3999      ");
4000  
4001      $bandwidth = $totaldownloads = $totalusage = $totalattachments = $processedattachments = 0;
4002      while($attachment = $db->fetch_array($query))
4003      {
4004          if($attachment['dateline'] && $attachment['tid'])
4005          {
4006              $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject']));
4007              $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
4008              $attachment['threadlink'] = get_thread_link($attachment['tid']);
4009              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
4010  
4011              $size = get_friendly_size($attachment['filesize']);
4012              $icon = get_attachment_icon(get_extension($attachment['filename']));
4013              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
4014  
4015              $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
4016              $attachdate = my_date('relative', $attachment['dateline']);
4017              $altbg = alt_trow();
4018  
4019              eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");
4020  
4021              // Add to bandwidth total
4022              $bandwidth += ($attachment['filesize'] * $attachment['downloads']);
4023              $totaldownloads += $attachment['downloads'];
4024              $totalusage += $attachment['filesize'];
4025              ++$totalattachments;
4026          }
4027          else
4028          {
4029              // This little thing delets attachments without a thread/post
4030              remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']);
4031          }
4032          ++$processedattachments;
4033      }
4034  
4035      $multipage = '';
4036      if($processedattachments >= $perpage || $page > 1)
4037      {
4038          $query = $db->query("
4039              SELECT SUM(a.filesize) AS ausage, COUNT(a.aid) AS acount
4040              FROM ".TABLE_PREFIX."attachments a
4041              LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
4042              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
4043              WHERE a.uid='".$mybb->user['uid']."' {$f_perm_sql}
4044          ");
4045          $usage = $db->fetch_array($query);
4046          $totalusage = $usage['ausage'];
4047          $totalattachments = $usage['acount'];
4048  
4049          $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments");
4050      }
4051  
4052      $friendlyusage = get_friendly_size((int)$totalusage);
4053      if($mybb->usergroup['attachquota'])
4054      {
4055          $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100);
4056          $friendlyusage .= $lang->sprintf($lang->attachments_usage_percent, $percent);
4057          $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
4058          $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $totalattachments);
4059      }
4060      else
4061      {
4062          $attachquota = $lang->unlimited;
4063          $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments);
4064      }
4065  
4066      $bandwidth = get_friendly_size($bandwidth);
4067  
4068      eval("\$delete_button = \"".$templates->get("delete_attachments_button")."\";");
4069  
4070      if(!$attachments)
4071      {
4072          eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";");
4073          $usagenote = '';
4074          $delete_button = '';
4075      }
4076  
4077      $plugins->run_hooks("usercp_attachments_end");
4078  
4079      eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";");
4080      output_page($manageattachments);
4081  }
4082  
4083  if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post")
4084  {
4085      // Verify incoming POST request
4086      verify_post_check($mybb->get_input('my_post_key'));
4087  
4088      require_once  MYBB_ROOT."inc/functions_upload.php";
4089      if(!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments']))
4090      {
4091          error($lang->no_attachments_selected);
4092      }
4093  
4094      $plugins->run_hooks("usercp_do_attachments_start");
4095  
4096      // Get unviewable forums
4097      $f_perm_sql = '';
4098      $unviewable_forums = get_unviewable_forums(true);
4099      $inactiveforums = get_inactive_forums();
4100      if($unviewable_forums)
4101      {
4102          $f_perm_sql = " AND p.fid NOT IN ($unviewable_forums)";
4103      }
4104      if($inactiveforums)
4105      {
4106          $f_perm_sql .= " AND p.fid NOT IN ($inactiveforums)";
4107      }
4108  
4109      $aids = implode(',', array_map('intval', $mybb->input['attachments']));
4110  
4111      $query = $db->query("
4112          SELECT a.*, p.fid
4113          FROM ".TABLE_PREFIX."attachments a
4114          LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
4115          WHERE aid IN ({$aids}) AND a.uid={$mybb->user['uid']} {$f_perm_sql}
4116      ");
4117  
4118      while($attachment = $db->fetch_array($query))
4119      {
4120          remove_attachment($attachment['pid'], '', $attachment['aid']);
4121      }
4122      $plugins->run_hooks("usercp_do_attachments_end");
4123      redirect("usercp.php?action=attachments", $lang->attachments_deleted);
4124  }
4125  
4126  if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post")
4127  {
4128      // Verify incoming POST request
4129      verify_post_check($mybb->get_input('my_post_key'));
4130  
4131      // Cap at 60,000 chars; text will allow up to 65535?
4132      if(my_strlen($mybb->get_input('notepad')) > 60000)
4133      {
4134          $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000);
4135      }
4136  
4137      $plugins->run_hooks("usercp_do_notepad_start");
4138      $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='".$mybb->user['uid']."'");
4139      $plugins->run_hooks("usercp_do_notepad_end");
4140      redirect("usercp.php", $lang->redirect_notepadupdated);
4141  }
4142  
4143  if(!$mybb->input['action'])
4144  {
4145      // Get posts per day
4146      $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600);
4147  
4148      if($daysreg < 1)
4149      {
4150          $daysreg = 1;
4151      }
4152  
4153      $perday = $mybb->user['postnum'] / $daysreg;
4154      $perday = round($perday, 2);
4155      if($perday > $mybb->user['postnum'])
4156      {
4157          $perday = $mybb->user['postnum'];
4158      }
4159  
4160      $stats = $cache->read("stats");
4161      $posts = $stats['numposts'];
4162      if($posts == 0)
4163      {
4164          $percent = "0";
4165      }
4166      else
4167      {
4168          $percent = $mybb->user['postnum']*100/$posts;
4169          $percent = round($percent, 2);
4170      }
4171  
4172      $colspan = 2;
4173      $lang->posts_day = $lang->sprintf($lang->posts_day, my_number_format($perday), $percent);
4174      $regdate = my_date('relative', $mybb->user['regdate']);
4175  
4176      $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100');
4177      $avatar_username = htmlspecialchars_uni($mybb->user['username']);
4178      eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";");
4179  
4180      $mybb->user['email'] = htmlspecialchars_uni($mybb->user['email']);
4181  
4182      $usergroup = htmlspecialchars_uni($groupscache[$mybb->user['usergroup']]['title']);
4183      if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin")
4184      {
4185          eval("\$usergroup .= \"".$templates->get("usercp_resendactivation")."\";");
4186      }
4187      // Make reputations row
4188      $reputation = '';
4189      if($mybb->usergroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
4190      {
4191          $reputation_link = get_reputation($mybb->user['reputation']);
4192          eval("\$reputation = \"".$templates->get("usercp_reputation")."\";");
4193      }
4194  
4195      $latest_warnings = '';
4196      if($mybb->settings['enablewarningsystem'] != 0 && $mybb->settings['canviewownwarning'] != 0)
4197      {
4198          if($mybb->settings['maxwarningpoints'] < 1)
4199          {
4200              $mybb->settings['maxwarningpoints'] = 10;
4201          }
4202          $warning_level = round($mybb->user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
4203          if($warning_level > 100)
4204          {
4205              $warning_level = 100;
4206          }
4207  
4208          if($mybb->user['warningpoints'] > $mybb->settings['maxwarningpoints'])
4209          {
4210              $mybb->user['warningpoints'] = $mybb->settings['maxwarningpoints'];
4211          }
4212  
4213          if($warning_level > 0)
4214          {
4215              require_once  MYBB_ROOT.'inc/datahandlers/warnings.php';
4216              $warningshandler = new WarningsHandler('update');
4217  
4218              $warningshandler->expire_warnings();
4219  
4220              $lang->current_warning_level = $lang->sprintf($lang->current_warning_level, $warning_level, $mybb->user['warningpoints'], $mybb->settings['maxwarningpoints']);
4221              $warnings = '';
4222              // Fetch latest warnings
4223              $query = $db->query("
4224                  SELECT w.*, t.title AS type_title, u.username, p.subject AS post_subject
4225                  FROM ".TABLE_PREFIX."warnings w
4226                  LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (t.tid=w.tid)
4227                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=w.issuedby)
4228                  LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=w.pid)
4229                  WHERE w.uid='{$mybb->user['uid']}'
4230                  ORDER BY w.expired ASC, w.dateline DESC
4231                  LIMIT 5
4232              ");
4233              while($warning = $db->fetch_array($query))
4234              {
4235                  $post_link = "";
4236                  if($warning['post_subject'])
4237                  {
4238                      $warning['post_subject'] = $parser->parse_badwords($warning['post_subject']);
4239                      $warning['post_subject'] = htmlspecialchars_uni($warning['post_subject']);
4240                      $warning['postlink'] = get_post_link($warning['pid']);
4241                      eval("\$post_link .= \"".$templates->get("usercp_warnings_warning_post")."\";");
4242                  }
4243                  $warning['username'] = htmlspecialchars_uni($warning['username']);
4244                  $issuedby = build_profile_link($warning['username'], $warning['issuedby']);
4245                  $date_issued = my_date('relative', $warning['dateline']);
4246                  if($warning['type_title'])
4247                  {
4248                      $warning_type = $warning['type_title'];
4249                  }
4250                  else
4251                  {
4252                      $warning_type = $warning['title'];
4253                  }
4254                  $warning_type = htmlspecialchars_uni($warning_type);
4255                  if($warning['points'] > 0)
4256                  {
4257                      $warning['points'] = "+{$warning['points']}";
4258                  }
4259                  $points = $lang->sprintf($lang->warning_points, $warning['points']);
4260  
4261                  // Figure out expiration time
4262                  if($warning['daterevoked'])
4263                  {
4264                      $expires = $lang->warning_revoked;
4265                  }
4266                  elseif($warning['expired'])
4267                  {
4268                      $expires = $lang->already_expired;
4269                  }
4270                  elseif($warning['expires'] == 0)
4271                  {
4272                      $expires = $lang->never;
4273                  }
4274                  else
4275                  {
4276                      $expires = nice_time($warning['expires']-TIME_NOW);
4277                  }
4278  
4279                  $alt_bg = alt_trow();
4280                  eval("\$warnings .= \"".$templates->get("usercp_warnings_warning")."\";");
4281              }
4282              if($warnings)
4283              {
4284                  eval("\$latest_warnings = \"".$templates->get("usercp_warnings")."\";");
4285              }
4286          }
4287      }
4288  
4289      // Format username
4290      $username = format_name(htmlspecialchars_uni($mybb->user['username']), $mybb->user['usergroup'], $mybb->user['displaygroup']);
4291      $username = build_profile_link($username, $mybb->user['uid']);
4292  
4293      // Format post numbers
4294      $mybb->user['posts'] = my_number_format($mybb->user['postnum']);
4295  
4296      // Build referral link
4297      $referral_info = '';
4298      if($mybb->settings['usereferrals'] == 1)
4299      {
4300          $referral_link = $lang->sprintf($lang->referral_link, $settings['bburl'], $mybb->user['uid']);
4301  
4302          $referral_count = (int) $mybb->user['referrals'];
4303          if($referral_count > 0)
4304          {
4305              $uid = (int) $mybb->user['uid'];
4306              eval("\$mybb->user['referrals'] = \"".$templates->get('member_referrals_link')."\";");
4307          }
4308  
4309          eval("\$referral_info = \"".$templates->get("usercp_referrals")."\";");
4310      }
4311  
4312      // User Notepad
4313      $plugins->run_hooks("usercp_notepad_start");
4314      $mybb->user['notepad'] = htmlspecialchars_uni($mybb->user['notepad']);
4315      eval("\$user_notepad = \"".$templates->get("usercp_notepad")."\";");
4316      $plugins->run_hooks("usercp_notepad_end");
4317  
4318      // Thread Subscriptions with New Posts
4319      $latest_subscribed = '';
4320      $query = $db->simple_select("threadsubscriptions", "sid", "uid = '".$mybb->user['uid']."'", array("limit" => 1));
4321      if($db->num_rows($query))
4322      {
4323          $where = array(
4324              "s.uid={$mybb->user['uid']}",
4325              "t.lastposteruid!={$mybb->user['uid']}",
4326              get_visible_where('t')
4327          );
4328  
4329          if($unviewable_forums = get_unviewable_forums(true))
4330          {
4331              $where[] = "t.fid NOT IN ({$unviewable_forums})";
4332          }
4333      
4334          if($inactive_forums = get_inactive_forums())
4335          {
4336              $where[] = "t.fid NOT IN ({$inactive_forums})";
4337          }
4338  
4339          $where = implode(' AND ', $where);
4340  
4341          $query = $db->query("
4342              SELECT s.*, t.*, t.username AS threadusername, u.username
4343              FROM ".TABLE_PREFIX."threadsubscriptions s
4344              LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
4345              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
4346              WHERE {$where}
4347              ORDER BY t.lastpost DESC
4348              LIMIT 0, 10
4349          ");
4350  
4351          $subscriptions = array();
4352          $fpermissions = forum_permissions();
4353  
4354          while($subscription = $db->fetch_array($query))
4355          {
4356              $forumpermissions = $fpermissions[$subscription['fid']];
4357  
4358              if(!isset($forumpermissions['canonlyviewownthreads']) || $forumpermissions['canonlyviewownthreads'] == 0 || $subscription['uid'] == $mybb->user['uid'])
4359              {
4360                  $subscriptions[$subscription['tid']] = $subscription;
4361              }
4362          }
4363  
4364          if($subscriptions)
4365          {
4366              $tids = implode(",", array_keys($subscriptions));
4367  
4368              // Checking read
4369              if($mybb->settings['threadreadcut'] > 0)
4370              {
4371                  $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
4372                  while($readthread = $db->fetch_array($query))
4373                  {
4374                      if($readthread['dateline'] >= $subscriptions[$readthread['tid']]['lastpost'])
4375                      {
4376                          unset($subscriptions[$readthread['tid']]); // If it's already been read, then don't display the thread
4377                      }
4378                      else
4379                      {
4380                          $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
4381                      }
4382                  }
4383              }
4384  
4385              if($subscriptions)
4386              {
4387                  if($mybb->settings['dotfolders'] != 0)
4388                  {
4389                      $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
4390                      while($post = $db->fetch_array($query))
4391                      {
4392                          $subscriptions[$post['tid']]['doticon'] = 1;
4393                      }
4394                  }
4395  
4396                  $icon_cache = $cache->read("posticons");
4397                  $threadprefixes = build_prefixes();
4398                  $latest_subscribed_threads = '';
4399  
4400                  foreach($subscriptions as $thread)
4401                  {
4402                      $plugins->run_hooks("usercp_thread_subscriptions_thread");
4403                      $folder = '';
4404                      $folder_label = '';
4405                      $gotounread = '';
4406  
4407                      if(!empty($thread['tid']))
4408                      {
4409                          $bgcolor = alt_trow();
4410                          $thread['subject'] = $parser->parse_badwords($thread['subject']);
4411                          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
4412                          $thread['threadlink'] = get_thread_link($thread['tid']);
4413                          $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
4414  
4415                          // If this thread has a prefix...
4416                          if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']]))
4417                          {
4418                              $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
4419                          }
4420                          else
4421                          {
4422                              $thread['displayprefix'] = '';
4423                          }
4424  
4425                          // Icons
4426                          if($thread['icon'] > 0 && isset($icon_cache[$thread['icon']]))
4427                          {
4428                              $icon = $icon_cache[$thread['icon']];
4429                              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
4430                              $icon['path'] = htmlspecialchars_uni($icon['path']);
4431                              $icon['name'] = htmlspecialchars_uni($icon['name']);
4432                              eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
4433                          }
4434                          else
4435                          {
4436                              $icon = "&nbsp;";
4437                          }
4438  
4439                          if(!isset($thread['doticon']))
4440                          {
4441                              $folder = "dot_";
4442                              $folder_label .= $lang->icon_dot;
4443                          }
4444  
4445                          // Check to see which icon we display
4446                          if(!empty($thread['lastread']) && $thread['lastread'] < $thread['lastpost'])
4447                          {
4448                              $folder .= "new";
4449                              $folder_label .= $lang->icon_new;
4450                              $new_class = "subject_new";
4451                              $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
4452                              eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
4453                          }
4454                          else
4455                          {
4456                              $folder_label .= $lang->icon_no_new;
4457                              $new_class = "subject_old";
4458                          }
4459  
4460                          $folder .= "folder";
4461  
4462                          if($thread['visible'] == 0)
4463                          {
4464                              $bgcolor = "trow_shaded";
4465                          }
4466  
4467                          $lastpostdate = my_date('relative', $thread['lastpost']);
4468                          $lastposteruid = $thread['lastposteruid'];
4469                          if(!$lastposteruid && !$thread['lastposter'])
4470                          {
4471                              $lastposter = htmlspecialchars_uni($lang->guest);
4472                          }
4473                          else
4474                          {
4475                              $lastposter = htmlspecialchars_uni($thread['lastposter']);
4476                          }
4477  
4478                          if($lastposteruid == 0)
4479                          {
4480                              $lastposterlink = $lastposter;
4481                          }
4482                          else
4483                          {
4484                              $lastposterlink = build_profile_link($lastposter, $lastposteruid);
4485                          }
4486  
4487                          $thread['replies'] = my_number_format($thread['replies']);
4488                          $thread['views'] = my_number_format($thread['views']);
4489                          $thread['username'] = htmlspecialchars_uni($thread['username']);
4490                          $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
4491  
4492                          eval("\$latest_subscribed_threads .= \"".$templates->get("usercp_latest_subscribed_threads")."\";");
4493                      }
4494                  }
4495                  eval("\$latest_subscribed = \"".$templates->get("usercp_latest_subscribed")."\";");
4496              }
4497          }
4498      }
4499  
4500      // User's Latest Threads
4501      $where = array(
4502          "t.uid={$mybb->user['uid']}",
4503          get_visible_where('t')
4504      );
4505  
4506      if($unviewable_forums = get_unviewable_forums(true))
4507      {
4508          $where[] = "t.fid NOT IN ({$unviewable_forums})";
4509      }
4510  
4511      if($inactive_forums = get_inactive_forums())
4512      {
4513          $where[] = "t.fid NOT IN ({$inactive_forums})";
4514      }
4515  
4516      $where = implode(' AND ', $where);
4517  
4518      $query = $db->query("
4519          SELECT t.*, t.username AS threadusername, u.username
4520          FROM ".TABLE_PREFIX."threads t
4521          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
4522          WHERE {$where}
4523          ORDER BY t.lastpost DESC
4524          LIMIT 0, 5
4525      ");
4526  
4527      // Figure out whether we can view these threads...
4528      $threadcache = array();
4529      $fpermissions = forum_permissions();
4530      while($thread = $db->fetch_array($query))
4531      {
4532          $threadcache[$thread['tid']] = $thread;
4533      }
4534  
4535      $latest_threads = '';
4536      if(!empty($threadcache))
4537      {
4538          $tids = implode(",", array_keys($threadcache));
4539          $readforums = array();
4540  
4541          // Read Forums
4542          $query = $db->query("
4543              SELECT f.fid, fr.dateline AS lastread
4544              FROM ".TABLE_PREFIX."forums f
4545              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
4546              WHERE f.active != 0
4547              ORDER BY pid, disporder
4548          ");
4549  
4550          while($forum = $db->fetch_array($query))
4551          {
4552              $readforums[$forum['fid']] = $forum['lastread'];
4553          }
4554  
4555          // Threads being read?
4556          if($mybb->settings['threadreadcut'] > 0)
4557          {
4558              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
4559              while($readthread = $db->fetch_array($query))
4560              {
4561                  $threadcache[$readthread['tid']]['lastread'] = $readthread['dateline'];
4562              }
4563          }
4564  
4565          // Icon Stuff
4566          if($mybb->settings['dotfolders'] != 0)
4567          {
4568              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
4569              while($post = $db->fetch_array($query))
4570              {
4571                  $threadcache[$post['tid']]['doticon'] = 1;
4572              }
4573          }
4574  
4575          $icon_cache = $cache->read("posticons");
4576          $threadprefixes = build_prefixes();
4577  
4578          // Run the threads...
4579          $latest_threads_threads = '';
4580          foreach($threadcache as $thread)
4581          {
4582              $plugins->run_hooks("usercp_latest_threads_thread");
4583              if(!empty($thread['tid']))
4584              {
4585                  $bgcolor = alt_trow();
4586                  $folder = '';
4587                  $folder_label = '';
4588                  $prefix = '';
4589                  $gotounread = '';
4590                  $isnew = 0;
4591                  $donenew = 0;
4592                  $lastread = 0;
4593  
4594                  // If this thread has a prefix...
4595                  if($thread['prefix'] != 0)
4596                  {
4597                      if(!empty($threadprefixes[$thread['prefix']]))
4598                      {
4599                          $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
4600                      }
4601                  }
4602                  else
4603                  {
4604                      $thread['displayprefix'] = '';
4605                  }
4606  
4607                  $thread['subject'] = $parser->parse_badwords($thread['subject']);
4608                  $thread['subject'] = htmlspecialchars_uni($thread['subject']);
4609                  $thread['threadlink'] = get_thread_link($thread['tid']);
4610                  $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
4611  
4612                  if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
4613                  {
4614                      $icon = $icon_cache[$thread['icon']];
4615                      $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
4616                      $icon['path'] = htmlspecialchars_uni($icon['path']);
4617                      $icon['name'] = htmlspecialchars_uni($icon['name']);
4618                      eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
4619                  }
4620                  else
4621                  {
4622                      $icon = "&nbsp;";
4623                  }
4624  
4625                  if($mybb->settings['threadreadcut'] > 0)
4626                  {
4627                      $forum_read = $readforums[$thread['fid']];
4628  
4629                      $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
4630                      if($forum_read == 0 || $forum_read < $read_cutoff)
4631                      {
4632                          $forum_read = $read_cutoff;
4633                      }
4634                  }
4635  
4636                  if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
4637                  {
4638                      $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
4639                  }
4640  
4641                  $cutoff = 0;
4642                  if($thread['lastpost'] > $cutoff)
4643                  {
4644                      if(!empty($thread['lastread']))
4645                      {
4646                          $lastread = $thread['lastread'];
4647                      }
4648                  }
4649  
4650                  if(!$lastread)
4651                  {
4652                      $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
4653                      if($readcookie > $forum_read)
4654                      {
4655                          $lastread = $readcookie;
4656                      }
4657                      else
4658                      {
4659                          $lastread = $forum_read;
4660                      }
4661                  }
4662  
4663                  // Folder Icons
4664                  if(!empty($thread['doticon']))
4665                  {
4666                      $folder = "dot_";
4667                      $folder_label .= $lang->icon_dot;
4668                  }
4669  
4670                  if($thread['lastpost'] > $lastread && $lastread)
4671                  {
4672                      $folder .= "new";
4673                      $folder_label .= $lang->icon_new;
4674                      $new_class = "subject_new";
4675                      $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
4676                      eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
4677                      $unreadpost = 1;
4678                  }
4679                  else
4680                  {
4681                      $folder_label .= $lang->icon_no_new;
4682                      $new_class = "subject_old";
4683                  }
4684  
4685                  if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
4686                  {
4687                      $folder .= "hot";
4688                      $folder_label .= $lang->icon_hot;
4689                  }
4690  
4691                  // Is our thread visible?
4692                  if($thread['visible'] == 0)
4693                  {
4694                      $bgcolor = 'trow_shaded';
4695                  }
4696  
4697                  if($thread['closed'] == 1)
4698                  {
4699                      $folder .= "close";
4700                      $folder_label .= $lang->icon_close;
4701                  }
4702  
4703                  $folder .= "folder";
4704  
4705                  $lastpostdate = my_date('relative', $thread['lastpost']);
4706                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
4707                  $lastposteruid = $thread['lastposteruid'];
4708  
4709                  if($lastposteruid == 0)
4710                  {
4711                      $lastposterlink = $lastposter;
4712                  }
4713                  else
4714                  {
4715                      $lastposterlink = build_profile_link($lastposter, $lastposteruid);
4716                  }
4717  
4718                  $thread['replies'] = my_number_format($thread['replies']);
4719                  $thread['views'] = my_number_format($thread['views']);
4720                  $thread['username'] = htmlspecialchars_uni($thread['username']);
4721                  $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
4722  
4723                  eval("\$latest_threads_threads .= \"".$templates->get("usercp_latest_threads_threads")."\";");
4724              }
4725          }
4726  
4727          eval("\$latest_threads = \"".$templates->get("usercp_latest_threads")."\";");
4728      }
4729  
4730      $plugins->run_hooks("usercp_end");
4731  
4732      eval("\$usercp = \"".$templates->get("usercp")."\";");
4733      output_page($usercp);
4734  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref