[ Index ] |
PHP Cross Reference of MyBB 1.8.39 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'usercp.php'); 13 define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions"); 14 15 $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon"; 16 $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post"; 17 $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation"; 18 $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom"; 19 $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle"; 20 $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text"; 21 $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings"; 22 $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join"; 23 $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start"; 24 $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_profile_contact_fields_field,usercp_latest_subscribed_threads,usercp_profile_contact_fields,usercp_profile_day,usercp_nav_home"; 25 $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox"; 26 $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options"; 27 $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user"; 28 $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms"; 29 $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format"; 30 $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply"; 31 $templatelist .= ",usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,"; 32 33 require_once "./global.php"; 34 require_once MYBB_ROOT."inc/functions_post.php"; 35 require_once MYBB_ROOT."inc/functions_search.php"; 36 require_once MYBB_ROOT."inc/functions_user.php"; 37 require_once MYBB_ROOT."inc/class_parser.php"; 38 $parser = new postParser; 39 40 // Load global language phrases 41 $lang->load("usercp"); 42 43 if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0) 44 { 45 error_no_permission(); 46 } 47 48 $errors = ''; 49 50 $mybb->input['action'] = $mybb->get_input('action'); 51 52 usercp_menu(); 53 54 $server_http_referer = ''; 55 if(isset($_SERVER['HTTP_REFERER'])) 56 { 57 $server_http_referer = htmlentities($_SERVER['HTTP_REFERER']); 58 59 if(my_strpos($server_http_referer, $mybb->settings['bburl'].'/') !== 0) 60 { 61 if(my_strpos($server_http_referer, '/') === 0) 62 { 63 $server_http_referer = my_substr($server_http_referer, 1); 64 } 65 $url_segments = explode('/', $server_http_referer); 66 $server_http_referer = $mybb->settings['bburl'].'/'.end($url_segments); 67 } 68 } 69 70 $plugins->run_hooks("usercp_start"); 71 if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post") 72 { 73 require_once MYBB_ROOT."inc/datahandlers/user.php"; 74 $userhandler = new UserDataHandler(); 75 76 $data = array( 77 'uid' => $mybb->user['uid'], 78 'signature' => $mybb->get_input('signature'), 79 ); 80 81 $userhandler->set_data($data); 82 83 if(!$userhandler->verify_signature()) 84 { 85 $error = inline_error($userhandler->get_friendly_errors()); 86 } 87 88 if(isset($error) || !empty($mybb->input['preview'])) 89 { 90 $mybb->input['action'] = "editsig"; 91 } 92 } 93 94 // Make navigation 95 add_breadcrumb($lang->nav_usercp, "usercp.php"); 96 97 switch($mybb->input['action']) 98 { 99 case "profile": 100 case "do_profile": 101 add_breadcrumb($lang->ucp_nav_profile); 102 break; 103 case "options": 104 case "do_options": 105 add_breadcrumb($lang->nav_options); 106 break; 107 case "email": 108 case "do_email": 109 add_breadcrumb($lang->nav_email); 110 break; 111 case "password": 112 case "do_password": 113 add_breadcrumb($lang->nav_password); 114 break; 115 case "changename": 116 case "do_changename": 117 add_breadcrumb($lang->nav_changename); 118 break; 119 case "subscriptions": 120 add_breadcrumb($lang->ucp_nav_subscribed_threads); 121 break; 122 case "forumsubscriptions": 123 add_breadcrumb($lang->ucp_nav_forum_subscriptions); 124 break; 125 case "editsig": 126 case "do_editsig": 127 add_breadcrumb($lang->nav_editsig); 128 break; 129 case "avatar": 130 case "do_avatar": 131 add_breadcrumb($lang->nav_avatar); 132 break; 133 case "notepad": 134 case "do_notepad": 135 add_breadcrumb($lang->ucp_nav_notepad); 136 break; 137 case "editlists": 138 case "do_editlists": 139 add_breadcrumb($lang->ucp_nav_editlists); 140 break; 141 case "drafts": 142 add_breadcrumb($lang->ucp_nav_drafts); 143 break; 144 case "usergroups": 145 add_breadcrumb($lang->ucp_nav_usergroups); 146 break; 147 case "attachments": 148 add_breadcrumb($lang->ucp_nav_attachments); 149 break; 150 } 151 152 if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post") 153 { 154 // Verify incoming POST request 155 verify_post_check($mybb->get_input('my_post_key')); 156 157 $user = array(); 158 159 $plugins->run_hooks("usercp_do_profile_start"); 160 161 if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0) 162 { 163 $awaydate = TIME_NOW; 164 if(!empty($mybb->input['awayday'])) 165 { 166 // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year 167 if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT)) 168 { 169 $mybb->input['awaymonth'] = my_date('n', $awaydate); 170 } 171 if(!$mybb->get_input('awayyear', MyBB::INPUT_INT)) 172 { 173 $mybb->input['awayyear'] = my_date('Y', $awaydate); 174 } 175 176 $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2); 177 $return_day = (int)substr($mybb->get_input('awayday'), 0, 2); 178 $return_year = min((int)$mybb->get_input('awayyear'), 9999); 179 180 // Check if return date is after the away date. 181 $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year); 182 $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate)); 183 if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate))) 184 { 185 error($lang->error_usercp_return_date_past); 186 } 187 188 $returndate = "{$return_day}-{$return_month}-{$return_year}"; 189 } 190 else 191 { 192 $returndate = ""; 193 } 194 $away = array( 195 "away" => 1, 196 "date" => $awaydate, 197 "returndate" => $returndate, 198 "awayreason" => $mybb->get_input('awayreason') 199 ); 200 } 201 else 202 { 203 $away = array( 204 "away" => 0, 205 "date" => '', 206 "returndate" => '', 207 "awayreason" => '' 208 ); 209 } 210 211 $bday = array( 212 "day" => $mybb->get_input('bday1', MyBB::INPUT_INT), 213 "month" => $mybb->get_input('bday2', MyBB::INPUT_INT), 214 "year" => $mybb->get_input('bday3', MyBB::INPUT_INT) 215 ); 216 217 // Set up user handler. 218 require_once MYBB_ROOT."inc/datahandlers/user.php"; 219 $userhandler = new UserDataHandler("update"); 220 221 $user = array_merge($user, array( 222 "uid" => $mybb->user['uid'], 223 "postnum" => $mybb->user['postnum'], 224 "usergroup" => $mybb->user['usergroup'], 225 "additionalgroups" => $mybb->user['additionalgroups'], 226 "birthday" => $bday, 227 "birthdayprivacy" => $mybb->get_input('birthdayprivacy'), 228 "away" => $away, 229 "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY) 230 )); 231 foreach(array('skype', 'google') as $cfield) 232 { 233 $csetting = 'allow'.$cfield.'field'; 234 if($mybb->settings[$csetting] == '') 235 { 236 continue; 237 } 238 239 if(!is_member($mybb->settings[$csetting])) 240 { 241 continue; 242 } 243 244 $user[$cfield] = $mybb->get_input($cfield); 245 246 if(my_strlen($user[$cfield]) > 75) 247 { 248 error($lang->contact_field_error); 249 } 250 } 251 252 if($mybb->usergroup['canchangewebsite'] == 1) 253 { 254 $user['website'] = $mybb->get_input('website'); 255 } 256 257 if($mybb->usergroup['cancustomtitle'] == 1) 258 { 259 if($mybb->get_input('usertitle') != '') 260 { 261 $user['usertitle'] = $mybb->get_input('usertitle'); 262 } 263 elseif(!empty($mybb->input['reverttitle'])) 264 { 265 $user['usertitle'] = ''; 266 } 267 } 268 $userhandler->set_data($user); 269 270 if(!$userhandler->validate_user()) 271 { 272 $errors = $userhandler->get_friendly_errors(); 273 $raw_errors = $userhandler->get_errors(); 274 275 // Set to stored value if invalid 276 if(array_key_exists("invalid_birthday_privacy", $raw_errors) || array_key_exists("conflicted_birthday_privacy", $raw_errors)) 277 { 278 $mybb->input['birthdayprivacy'] = $mybb->user['birthdayprivacy']; 279 $bday = explode("-", $mybb->user['birthday']); 280 281 if(isset($bday[2])) 282 { 283 $mybb->input['bday3'] = $bday[2]; 284 } 285 } 286 287 $errors = inline_error($errors); 288 $mybb->input['action'] = "profile"; 289 } 290 else 291 { 292 $userhandler->update_user(); 293 294 $plugins->run_hooks("usercp_do_profile_end"); 295 redirect("usercp.php?action=profile", $lang->redirect_profileupdated); 296 } 297 } 298 299 if($mybb->input['action'] == "profile") 300 { 301 if($errors) 302 { 303 $user = $mybb->input; 304 $bday = array(); 305 $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT); 306 $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT); 307 $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT); 308 } 309 else 310 { 311 $user = $mybb->user; 312 $bday = explode("-", $user['birthday']); 313 if(!isset($bday[1])) 314 { 315 $bday[1] = 0; 316 } 317 } 318 if(!isset($bday[2]) || $bday[2] == 0) 319 { 320 $bday[2] = ''; 321 } 322 323 $plugins->run_hooks("usercp_profile_start"); 324 325 $bdaydaysel = ''; 326 for($day = 1; $day <= 31; ++$day) 327 { 328 if($bday[0] == $day) 329 { 330 $selected = "selected=\"selected\""; 331 } 332 else 333 { 334 $selected = ''; 335 } 336 337 eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";"); 338 } 339 340 $bdaymonthsel = array(); 341 foreach(range(1, 12) as $month) 342 { 343 $bdaymonthsel[$month] = ''; 344 } 345 $bdaymonthsel[$bday[1]] = 'selected="selected"'; 346 347 $allselected = $noneselected = $ageselected = ''; 348 if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy']) 349 { 350 $allselected = " selected=\"selected\""; 351 } 352 elseif($user['birthdayprivacy'] == 'none') 353 { 354 $noneselected = " selected=\"selected\""; 355 } 356 elseif($user['birthdayprivacy'] == 'age') 357 { 358 $ageselected = " selected=\"selected\""; 359 } 360 361 if(!my_validate_url($user['website'])) 362 { 363 $user['website'] = ''; 364 } 365 else 366 { 367 $user['website'] = htmlspecialchars_uni($user['website']); 368 } 369 370 if($errors) 371 { 372 $user['skype'] = htmlspecialchars_uni($user['skype']); 373 $user['google'] = htmlspecialchars_uni($user['google']); 374 } 375 376 $contact_fields = array(); 377 $contactfields = ''; 378 $cfieldsshow = false; 379 380 foreach(array('skype', 'google') as $cfield) 381 { 382 $contact_fields[$cfield] = ''; 383 $csetting = 'allow'.$cfield.'field'; 384 if($mybb->settings[$csetting] == '') 385 { 386 continue; 387 } 388 389 if(!is_member($mybb->settings[$csetting])) 390 { 391 continue; 392 } 393 394 $cfieldsshow = true; 395 396 $lang_string = 'contact_field_'.$cfield; 397 $lang_string = $lang->{$lang_string}; 398 $cfvalue = htmlspecialchars_uni($user[$cfield]); 399 400 eval('$contact_fields[$cfield] = "'.$templates->get('usercp_profile_contact_fields_field').'";'); 401 } 402 403 if($cfieldsshow) 404 { 405 eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";'); 406 } 407 408 $awaysection = ''; 409 if($mybb->settings['allowaway'] != 0) 410 { 411 $awaycheck = array('', ''); 412 if($errors) 413 { 414 if($user['away'] == 1) 415 { 416 $awaycheck[1] = "checked=\"checked\""; 417 } 418 else 419 { 420 $awaycheck[0] = "checked=\"checked\""; 421 } 422 $returndate = array(); 423 $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT); 424 $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT); 425 $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT); 426 $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason')); 427 } 428 else 429 { 430 $user['awayreason'] = htmlspecialchars_uni($user['awayreason']); 431 if($mybb->user['away'] == 1) 432 { 433 $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']); 434 $awaycheck[1] = "checked=\"checked\""; 435 $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate); 436 } 437 else 438 { 439 $awaynotice = $lang->away_notice; 440 $awaycheck[0] = "checked=\"checked\""; 441 } 442 $returndate = explode("-", $mybb->user['returndate']); 443 if(!isset($returndate[1])) 444 { 445 $returndate[1] = 0; 446 } 447 if(!isset($returndate[2])) 448 { 449 $returndate[2] = ''; 450 } 451 } 452 453 $returndatesel = ''; 454 for($day = 1; $day <= 31; ++$day) 455 { 456 if($returndate[0] == $day) 457 { 458 $selected = "selected=\"selected\""; 459 } 460 else 461 { 462 $selected = ''; 463 } 464 465 eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";"); 466 } 467 468 $returndatemonthsel = array(); 469 foreach(range(1, 12) as $month) 470 { 471 $returndatemonthsel[$month] = ''; 472 } 473 $returndatemonthsel[$returndate[1]] = "selected"; 474 475 eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";"); 476 } 477 478 // Custom profile fields baby! 479 $altbg = "trow1"; 480 $requiredfields = $customfields = ''; 481 $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY); 482 483 $pfcache = $cache->read('profilefields'); 484 485 if(is_array($pfcache)) 486 { 487 foreach($pfcache as $profilefield) 488 { 489 if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum'])) 490 { 491 continue; 492 } 493 494 $userfield = $code = $select = $val = $options = $expoptions = $useropts = ''; 495 $seloptions = array(); 496 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 497 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 498 $profilefield['description'] = htmlspecialchars_uni($profilefield['description']); 499 $thing = explode("\n", $profilefield['type'], "2"); 500 $type = $thing[0]; 501 if(isset($thing[1])) 502 { 503 $options = $thing[1]; 504 } 505 else 506 { 507 $options = array(); 508 } 509 $field = "fid{$profilefield['fid']}"; 510 if($errors) 511 { 512 if(!isset($mybb->input['profile_fields'][$field])) 513 { 514 $mybb->input['profile_fields'][$field] = ''; 515 } 516 $userfield = $mybb->input['profile_fields'][$field]; 517 } 518 else 519 { 520 $userfield = $user[$field]; 521 } 522 if($type == "multiselect") 523 { 524 if($errors) 525 { 526 $useropts = $userfield; 527 } 528 else 529 { 530 $useropts = explode("\n", $userfield); 531 } 532 if(is_array($useropts)) 533 { 534 foreach($useropts as $key => $val) 535 { 536 $val = htmlspecialchars_uni($val); 537 $seloptions[$val] = $val; 538 } 539 } 540 $expoptions = explode("\n", $options); 541 if(is_array($expoptions)) 542 { 543 foreach($expoptions as $key => $val) 544 { 545 $val = trim($val); 546 $val = str_replace("\n", "\\n", $val); 547 548 $sel = ""; 549 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 550 { 551 $sel = " selected=\"selected\""; 552 } 553 554 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 555 } 556 if(!$profilefield['length']) 557 { 558 $profilefield['length'] = 3; 559 } 560 561 eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";"); 562 } 563 } 564 elseif($type == "select") 565 { 566 $expoptions = explode("\n", $options); 567 if(is_array($expoptions)) 568 { 569 foreach($expoptions as $key => $val) 570 { 571 $val = trim($val); 572 $val = str_replace("\n", "\\n", $val); 573 $sel = ""; 574 if($val == htmlspecialchars_uni($userfield)) 575 { 576 $sel = " selected=\"selected\""; 577 } 578 579 eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";"); 580 } 581 if(!$profilefield['length']) 582 { 583 $profilefield['length'] = 1; 584 } 585 586 eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";"); 587 } 588 } 589 elseif($type == "radio") 590 { 591 $userfield = htmlspecialchars_uni($userfield); 592 $expoptions = explode("\n", $options); 593 if(is_array($expoptions)) 594 { 595 foreach($expoptions as $key => $val) 596 { 597 $checked = ""; 598 if($val == $userfield) 599 { 600 $checked = " checked=\"checked\""; 601 } 602 603 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";"); 604 } 605 } 606 } 607 elseif($type == "checkbox") 608 { 609 $userfield = htmlspecialchars_uni($userfield); 610 if($errors) 611 { 612 $useropts = $userfield; 613 } 614 else 615 { 616 $useropts = explode("\n", $userfield); 617 } 618 if(is_array($useropts)) 619 { 620 foreach($useropts as $key => $val) 621 { 622 $seloptions[$val] = $val; 623 } 624 } 625 $expoptions = explode("\n", $options); 626 if(is_array($expoptions)) 627 { 628 foreach($expoptions as $key => $val) 629 { 630 $checked = ""; 631 if(isset($seloptions[$val]) && $val == $seloptions[$val]) 632 { 633 $checked = " checked=\"checked\""; 634 } 635 636 eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";"); 637 } 638 } 639 } 640 elseif($type == "textarea") 641 { 642 $value = htmlspecialchars_uni($userfield); 643 eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";"); 644 } 645 else 646 { 647 $value = htmlspecialchars_uni($userfield); 648 $maxlength = ""; 649 if($profilefield['maxlength'] > 0) 650 { 651 $maxlength = " maxlength=\"{$profilefield['maxlength']}\""; 652 } 653 654 eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";"); 655 } 656 657 if($profilefield['required'] == 1) 658 { 659 eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 660 } 661 else 662 { 663 eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";"); 664 } 665 $altbg = alt_trow(); 666 } 667 } 668 if($customfields) 669 { 670 eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";"); 671 } 672 673 if($mybb->usergroup['cancustomtitle'] == 1) 674 { 675 if($mybb->usergroup['usertitle'] == "") 676 { 677 $defaulttitle = ''; 678 $usertitles = $cache->read('usertitles'); 679 680 foreach($usertitles as $title) 681 { 682 if($title['posts'] <= $mybb->user['postnum']) 683 { 684 $defaulttitle = htmlspecialchars_uni($title['title']); 685 break; 686 } 687 } 688 } 689 else 690 { 691 $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']); 692 } 693 694 $newtitle = ''; 695 if(trim($user['usertitle']) == '') 696 { 697 $lang->current_custom_usertitle = ''; 698 } 699 else 700 { 701 if($errors) 702 { 703 $newtitle = htmlspecialchars_uni($user['usertitle']); 704 $user['usertitle'] = $mybb->user['usertitle']; 705 } 706 } 707 708 $user['usertitle'] = htmlspecialchars_uni($user['usertitle']); 709 710 $currentcustom = $reverttitle = ''; 711 if(!empty($mybb->user['usertitle'])) 712 { 713 eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";"); 714 715 if($mybb->user['usertitle'] != $mybb->usergroup['usertitle']) 716 { 717 eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";"); 718 } 719 } 720 721 eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";"); 722 } 723 else 724 { 725 $customtitle = ""; 726 } 727 728 $website = ''; 729 if($mybb->usergroup['canchangewebsite'] == 1) 730 { 731 eval("\$website = \"".$templates->get("usercp_profile_website")."\";"); 732 } 733 734 $plugins->run_hooks("usercp_profile_end"); 735 736 eval("\$editprofile = \"".$templates->get("usercp_profile")."\";"); 737 output_page($editprofile); 738 } 739 740 if($mybb->input['action'] == "do_options" && $mybb->request_method == "post") 741 { 742 // Verify incoming POST request 743 verify_post_check($mybb->get_input('my_post_key')); 744 745 $user = array(); 746 747 $plugins->run_hooks("usercp_do_options_start"); 748 749 // Set up user handler. 750 require_once MYBB_ROOT."inc/datahandlers/user.php"; 751 $userhandler = new UserDataHandler("update"); 752 753 $user = array_merge($user, array( 754 "uid" => $mybb->user['uid'], 755 "style" => $mybb->get_input('style', MyBB::INPUT_INT), 756 "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT), 757 "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT), 758 "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')), 759 "language" => $mybb->get_input('language'), 760 'usergroup' => $mybb->user['usergroup'], 761 'additionalgroups' => $mybb->user['additionalgroups'] 762 )); 763 764 $user['options'] = array( 765 "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT), 766 "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT), 767 "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT), 768 "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT), 769 "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT), 770 "threadmode" => $mybb->get_input('threadmode'), 771 "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT), 772 "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT), 773 "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT), 774 "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT), 775 "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT), 776 "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT), 777 "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT), 778 "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT), 779 "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT), 780 "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT), 781 "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT), 782 "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT), 783 "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT), 784 "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT), 785 "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT), 786 "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT) 787 ); 788 789 if($mybb->settings['usertppoptions']) 790 { 791 $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT); 792 } 793 794 if($mybb->settings['userpppoptions']) 795 { 796 $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT); 797 } 798 799 $userhandler->set_data($user); 800 801 if(!$userhandler->validate_user()) 802 { 803 $errors = $userhandler->get_friendly_errors(); 804 $errors = inline_error($errors); 805 $mybb->input['action'] = "options"; 806 } 807 else 808 { 809 $userhandler->update_user(); 810 811 $plugins->run_hooks("usercp_do_options_end"); 812 813 redirect("usercp.php?action=options", $lang->redirect_optionsupdated); 814 } 815 } 816 817 if($mybb->input['action'] == "options") 818 { 819 if($errors != '') 820 { 821 $user = $mybb->input; 822 } 823 else 824 { 825 $user = $mybb->user; 826 } 827 828 $plugins->run_hooks("usercp_options_start"); 829 830 $languages = $lang->get_languages(); 831 $board_language = $langoptions = ''; 832 if(count($languages) > 1) 833 { 834 foreach($languages as $name => $language) 835 { 836 $language = htmlspecialchars_uni($language); 837 838 $sel = ''; 839 if(isset($user['language']) && $user['language'] == $name) 840 { 841 $sel = " selected=\"selected\""; 842 } 843 844 eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";'); 845 } 846 847 eval('$board_language = "'.$templates->get('usercp_options_language').'";'); 848 } 849 850 // Lets work out which options the user has selected and check the boxes 851 if(isset($user['allownotices']) && $user['allownotices'] == 1) 852 { 853 $allownoticescheck = "checked=\"checked\""; 854 } 855 else 856 { 857 $allownoticescheck = ""; 858 } 859 860 $canbeinvisible = ''; 861 862 // Check usergroup permission before showing invisible check box 863 if($mybb->usergroup['canbeinvisible'] == 1) 864 { 865 if(isset($user['invisible']) && $user['invisible'] == 1) 866 { 867 $invisiblecheck = "checked=\"checked\""; 868 } 869 else 870 { 871 $invisiblecheck = ""; 872 } 873 eval('$canbeinvisible = "'.$templates->get("usercp_options_invisible")."\";"); 874 } 875 876 if(isset($user['hideemail']) && $user['hideemail'] == 1) 877 { 878 $hideemailcheck = "checked=\"checked\""; 879 } 880 else 881 { 882 $hideemailcheck = ""; 883 } 884 885 $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = ''; 886 if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1) 887 { 888 $no_subscribe_selected = "selected=\"selected\""; 889 } 890 elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2) 891 { 892 $instant_email_subscribe_selected = "selected=\"selected\""; 893 } 894 elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3) 895 { 896 $instant_pm_subscribe_selected = "selected=\"selected\""; 897 } 898 else 899 { 900 $no_auto_subscribe_selected = "selected=\"selected\""; 901 } 902 903 if(isset($user['showimages']) && $user['showimages'] == 1) 904 { 905 $showimagescheck = "checked=\"checked\""; 906 } 907 else 908 { 909 $showimagescheck = ""; 910 } 911 912 if(isset($user['showvideos']) && $user['showvideos'] == 1) 913 { 914 $showvideoscheck = "checked=\"checked\""; 915 } 916 else 917 { 918 $showvideoscheck = ""; 919 } 920 921 if(isset($user['showsigs']) && $user['showsigs'] == 1) 922 { 923 $showsigscheck = "checked=\"checked\""; 924 } 925 else 926 { 927 $showsigscheck = ""; 928 } 929 930 if(isset($user['showavatars']) && $user['showavatars'] == 1) 931 { 932 $showavatarscheck = "checked=\"checked\""; 933 } 934 else 935 { 936 $showavatarscheck = ""; 937 } 938 939 if(isset($user['showquickreply']) && $user['showquickreply'] == 1) 940 { 941 $showquickreplycheck = "checked=\"checked\""; 942 } 943 else 944 { 945 $showquickreplycheck = ""; 946 } 947 948 if(isset($user['receivepms']) && $user['receivepms'] == 1) 949 { 950 $receivepmscheck = "checked=\"checked\""; 951 } 952 else 953 { 954 $receivepmscheck = ""; 955 } 956 957 if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1) 958 { 959 $receivefrombuddycheck = "checked=\"checked\""; 960 } 961 else 962 { 963 $receivefrombuddycheck = ""; 964 } 965 966 if(isset($user['pmnotice']) && $user['pmnotice'] >= 1) 967 { 968 $pmnoticecheck = " checked=\"checked\""; 969 } 970 else 971 { 972 $pmnoticecheck = ""; 973 } 974 975 $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = ''; 976 if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2) 977 { 978 $dst_auto_selected = "selected=\"selected\""; 979 } 980 elseif(isset($user['dstcorrection']) && $user['dstcorrection'] == 1) 981 { 982 $dst_enabled_selected = "selected=\"selected\""; 983 } 984 else 985 { 986 $dst_disabled_selected = "selected=\"selected\""; 987 } 988 989 if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1) 990 { 991 $showcodebuttonscheck = "checked=\"checked\""; 992 } 993 else 994 { 995 $showcodebuttonscheck = ""; 996 } 997 998 if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1) 999 { 1000 $sourcemodecheck = "checked=\"checked\""; 1001 } 1002 else 1003 { 1004 $sourcemodecheck = ""; 1005 } 1006 1007 if(isset($user['showredirect']) && $user['showredirect'] != 0) 1008 { 1009 $showredirectcheck = "checked=\"checked\""; 1010 } 1011 else 1012 { 1013 $showredirectcheck = ""; 1014 } 1015 1016 if(isset($user['pmnotify']) && $user['pmnotify'] != 0) 1017 { 1018 $pmnotifycheck = "checked=\"checked\""; 1019 } 1020 else 1021 { 1022 $pmnotifycheck = ''; 1023 } 1024 1025 if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0) 1026 { 1027 $buddyrequestspmcheck = "checked=\"checked\""; 1028 } 1029 else 1030 { 1031 $buddyrequestspmcheck = ''; 1032 } 1033 1034 if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0) 1035 { 1036 $buddyrequestsautocheck = "checked=\"checked\""; 1037 } 1038 else 1039 { 1040 $buddyrequestsautocheck = ''; 1041 } 1042 1043 if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear")) 1044 { 1045 $user['threadmode'] = ''; // Leave blank to show default 1046 } 1047 1048 if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0) 1049 { 1050 $classicpostbitcheck = "checked=\"checked\""; 1051 } 1052 else 1053 { 1054 $classicpostbitcheck = ''; 1055 } 1056 1057 $date_format_options = $dateformat = ''; 1058 foreach($date_formats as $key => $format) 1059 { 1060 $selected = ''; 1061 if(isset($user['dateformat']) && $user['dateformat'] == $key) 1062 { 1063 $selected = " selected=\"selected\""; 1064 } 1065 1066 $dateformat = my_date($format, TIME_NOW, "", 0); 1067 eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";"); 1068 } 1069 1070 $time_format_options = $timeformat = ''; 1071 foreach($time_formats as $key => $format) 1072 { 1073 $selected = ''; 1074 if(isset($user['timeformat']) && $user['timeformat'] == $key) 1075 { 1076 $selected = " selected=\"selected\""; 1077 } 1078 1079 $timeformat = my_date($format, TIME_NOW, "", 0); 1080 eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";"); 1081 } 1082 1083 $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true); 1084 1085 $pms_from_buddys = ''; 1086 if($mybb->settings['allowbuddyonly'] == 1) 1087 { 1088 eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";"); 1089 } 1090 1091 $pms = ''; 1092 if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1) 1093 { 1094 eval("\$pms = \"".$templates->get("usercp_options_pms")."\";"); 1095 } 1096 1097 $quick_reply = ''; 1098 if($mybb->settings['quickreply'] == 1) 1099 { 1100 eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";"); 1101 } 1102 1103 $threadview = array('linear' => '', 'threaded' => ''); 1104 if(isset($user['threadmode']) && is_scalar($user['threadmode'])) 1105 { 1106 $threadview[$user['threadmode']] = 'selected="selected"'; 1107 } 1108 $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => ''); 1109 if(isset($user['daysprune']) && is_numeric($user['daysprune'])) 1110 { 1111 $daysprunesel[$user['daysprune']] = 'selected="selected"'; 1112 } 1113 if(!isset($user['style'])) 1114 { 1115 $user['style'] = ''; 1116 } 1117 1118 $board_style = $stylelist = ''; 1119 $stylelist = build_theme_select("style", $user['style']); 1120 1121 if(!empty($stylelist)) 1122 { 1123 eval('$board_style = "'.$templates->get('usercp_options_style').'";'); 1124 } 1125 1126 $tppselect = $pppselect = ''; 1127 if($mybb->settings['usertppoptions']) 1128 { 1129 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 1130 $tppoptions = $tpp_option = ''; 1131 if(is_array($explodedtpp)) 1132 { 1133 foreach($explodedtpp as $key => $val) 1134 { 1135 $val = trim($val); 1136 $selected = ""; 1137 if(isset($user['tpp']) && $user['tpp'] == $val) 1138 { 1139 $selected = " selected=\"selected\""; 1140 } 1141 1142 $tpp_option = $lang->sprintf($lang->tpp_option, $val); 1143 eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";"); 1144 } 1145 } 1146 eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";"); 1147 } 1148 1149 if($mybb->settings['userpppoptions']) 1150 { 1151 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 1152 $pppoptions = $ppp_option = ''; 1153 if(is_array($explodedppp)) 1154 { 1155 foreach($explodedppp as $key => $val) 1156 { 1157 $val = trim($val); 1158 $selected = ""; 1159 if(isset($user['ppp']) && $user['ppp'] == $val) 1160 { 1161 $selected = " selected=\"selected\""; 1162 } 1163 1164 $ppp_option = $lang->sprintf($lang->ppp_option, $val); 1165 eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";"); 1166 } 1167 } 1168 eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";"); 1169 } 1170 1171 $plugins->run_hooks("usercp_options_end"); 1172 1173 eval("\$editprofile = \"".$templates->get("usercp_options")."\";"); 1174 output_page($editprofile); 1175 } 1176 1177 if($mybb->input['action'] == "do_email" && $mybb->request_method == "post") 1178 { 1179 // Verify incoming POST request 1180 verify_post_check($mybb->get_input('my_post_key')); 1181 1182 $errors = array(); 1183 1184 $plugins->run_hooks("usercp_do_email_start"); 1185 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) 1186 { 1187 $errors[] = $lang->error_invalidpassword; 1188 } 1189 else 1190 { 1191 // Set up user handler. 1192 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1193 $userhandler = new UserDataHandler("update"); 1194 1195 $user = array( 1196 "uid" => $mybb->user['uid'], 1197 "email" => $mybb->get_input('email'), 1198 "email2" => $mybb->get_input('email2') 1199 ); 1200 1201 $userhandler->set_data($user); 1202 1203 if(!$userhandler->validate_user()) 1204 { 1205 $errors = $userhandler->get_friendly_errors(); 1206 } 1207 else 1208 { 1209 $activation = false; 1210 // Checking for pending activations for non-activated accounts 1211 if($mybb->user['usergroup'] == 5 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both")) 1212 { 1213 $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND (type='r' OR type='b')"); 1214 $activation = $db->fetch_array($query); 1215 } 1216 if($activation) 1217 { 1218 $userhandler->update_user(); 1219 1220 $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'"); 1221 1222 // Send new activation mail for non-activated accounts 1223 $activationcode = random_str(); 1224 $activationarray = array( 1225 "uid" => $mybb->user['uid'], 1226 "dateline" => TIME_NOW, 1227 "code" => $activationcode, 1228 "type" => $activation['type'] 1229 ); 1230 $db->insert_query("awaitingactivation", $activationarray); 1231 $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']); 1232 switch($mybb->settings['username_method']) 1233 { 1234 case 0: 1235 $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1236 break; 1237 case 1: 1238 $emailmessage = $lang->sprintf($lang->email_activateaccount1, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1239 break; 1240 case 2: 1241 $emailmessage = $lang->sprintf($lang->email_activateaccount2, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1242 break; 1243 default: 1244 $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode); 1245 break; 1246 } 1247 my_mail($mybb->user['email'], $emailsubject, $emailmessage); 1248 1249 $plugins->run_hooks("usercp_do_email_changed"); 1250 redirect("usercp.php?action=email", $lang->redirect_emailupdated); 1251 } 1252 elseif($mybb->usergroup['cancp'] != 1 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both")) 1253 { 1254 $uid = $mybb->user['uid']; 1255 $username = $mybb->user['username']; 1256 1257 // Emails require verification 1258 $activationcode = random_str(); 1259 $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'"); 1260 1261 $newactivation = array( 1262 "uid" => $mybb->user['uid'], 1263 "dateline" => TIME_NOW, 1264 "code" => $activationcode, 1265 "type" => "e", 1266 "misc" => $db->escape_string($mybb->get_input('email')) 1267 ); 1268 1269 $db->insert_query("awaitingactivation", $newactivation); 1270 1271 $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']); 1272 1273 $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']); 1274 my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message); 1275 1276 $plugins->run_hooks("usercp_do_email_verify"); 1277 error($lang->redirect_changeemail_activation); 1278 } 1279 else 1280 { 1281 $userhandler->update_user(); 1282 // Email requires no activation 1283 $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']); 1284 my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message); 1285 $plugins->run_hooks("usercp_do_email_changed"); 1286 redirect("usercp.php?action=email", $lang->redirect_emailupdated); 1287 } 1288 } 1289 } 1290 if(count($errors) > 0) 1291 { 1292 $mybb->input['action'] = "email"; 1293 $errors = inline_error($errors); 1294 } 1295 } 1296 1297 if($mybb->input['action'] == "email") 1298 { 1299 // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password) 1300 if($errors) 1301 { 1302 $email = htmlspecialchars_uni($mybb->get_input('email')); 1303 $email2 = htmlspecialchars_uni($mybb->get_input('email2')); 1304 } 1305 else 1306 { 1307 $email = $email2 = ''; 1308 } 1309 1310 $plugins->run_hooks("usercp_email"); 1311 1312 eval("\$changemail = \"".$templates->get("usercp_email")."\";"); 1313 output_page($changemail); 1314 } 1315 1316 if($mybb->input['action'] == "do_password" && $mybb->request_method == "post") 1317 { 1318 // Verify incoming POST request 1319 verify_post_check($mybb->get_input('my_post_key')); 1320 1321 $user = array(); 1322 $errors = array(); 1323 1324 $plugins->run_hooks("usercp_do_password_start"); 1325 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false) 1326 { 1327 $errors[] = $lang->error_invalidpassword; 1328 } 1329 else 1330 { 1331 // Set up user handler. 1332 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1333 $userhandler = new UserDataHandler("update"); 1334 1335 $user = array_merge($user, array( 1336 "uid" => $mybb->user['uid'], 1337 "password" => $mybb->get_input('password'), 1338 "password2" => $mybb->get_input('password2') 1339 )); 1340 1341 $userhandler->set_data($user); 1342 1343 if(!$userhandler->validate_user()) 1344 { 1345 $errors = $userhandler->get_friendly_errors(); 1346 } 1347 else 1348 { 1349 $userhandler->update_user(); 1350 my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true, "lax"); 1351 1352 // Notify the user by email that their password has been changed 1353 $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']); 1354 $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']); 1355 my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message); 1356 1357 $plugins->run_hooks("usercp_do_password_end"); 1358 redirect("usercp.php?action=password", $lang->redirect_passwordupdated); 1359 } 1360 } 1361 if(count($errors) > 0) 1362 { 1363 $mybb->input['action'] = "password"; 1364 $errors = inline_error($errors); 1365 } 1366 } 1367 1368 if($mybb->input['action'] == "password") 1369 { 1370 $plugins->run_hooks("usercp_password"); 1371 1372 eval("\$editpassword = \"".$templates->get("usercp_password")."\";"); 1373 output_page($editpassword); 1374 } 1375 1376 if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post") 1377 { 1378 // Verify incoming POST request 1379 verify_post_check($mybb->get_input('my_post_key')); 1380 1381 $errors = array(); 1382 1383 if($mybb->usergroup['canchangename'] != 1) 1384 { 1385 error_no_permission(); 1386 } 1387 1388 $user = array(); 1389 1390 $plugins->run_hooks("usercp_do_changename_start"); 1391 1392 if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) 1393 { 1394 $errors[] = $lang->error_invalidpassword; 1395 } 1396 else 1397 { 1398 // Set up user handler. 1399 require_once MYBB_ROOT."inc/datahandlers/user.php"; 1400 $userhandler = new UserDataHandler("update"); 1401 1402 $user = array_merge($user, array( 1403 "uid" => $mybb->user['uid'], 1404 "username" => $mybb->get_input('username') 1405 )); 1406 1407 $userhandler->set_data($user); 1408 1409 if(!$userhandler->validate_user()) 1410 { 1411 $errors = $userhandler->get_friendly_errors(); 1412 } 1413 else 1414 { 1415 $userhandler->update_user(); 1416 $plugins->run_hooks("usercp_do_changename_end"); 1417 redirect("usercp.php?action=changename", $lang->redirect_namechanged); 1418 } 1419 } 1420 if(count($errors) > 0) 1421 { 1422 $errors = inline_error($errors); 1423 $mybb->input['action'] = "changename"; 1424 } 1425 } 1426 1427 if($mybb->input['action'] == "changename") 1428 { 1429 $plugins->run_hooks("usercp_changename_start"); 1430 if($mybb->usergroup['canchangename'] != 1) 1431 { 1432 error_no_permission(); 1433 } 1434 1435 // Coming back to this page after one or more errors were experienced, show field the user previously entered (with the exception of the password) 1436 if($errors) 1437 { 1438 $username = htmlspecialchars_uni($mybb->get_input('username')); 1439 } 1440 else 1441 { 1442 $username = ''; 1443 } 1444 1445 $plugins->run_hooks("usercp_changename_end"); 1446 1447 eval("\$changename = \"".$templates->get("usercp_changename")."\";"); 1448 output_page($changename); 1449 } 1450 1451 if($mybb->input['action'] == "do_subscriptions") 1452 { 1453 // Verify incoming POST request 1454 verify_post_check($mybb->get_input('my_post_key')); 1455 1456 if(!isset($mybb->input['check']) || !is_array($mybb->input['check'])) 1457 { 1458 error($lang->no_subscriptions_selected); 1459 } 1460 1461 $plugins->run_hooks("usercp_do_subscriptions_start"); 1462 1463 // Clean input - only accept integers thanks! 1464 $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY)); 1465 $tids = implode(",", $mybb->input['check']); 1466 1467 // Deleting these subscriptions? 1468 if($mybb->get_input('do') == "delete") 1469 { 1470 $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'"); 1471 } 1472 // Changing subscription type 1473 else 1474 { 1475 if($mybb->get_input('do') == "no_notification") 1476 { 1477 $new_notification = 0; 1478 } 1479 elseif($mybb->get_input('do') == "email_notification") 1480 { 1481 $new_notification = 1; 1482 } 1483 elseif($mybb->get_input('do') == "pm_notification") 1484 { 1485 $new_notification = 2; 1486 } 1487 1488 // Update 1489 $update_array = array("notification" => $new_notification); 1490 $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'"); 1491 } 1492 1493 // Done, redirect 1494 redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated); 1495 } 1496 1497 if($mybb->input['action'] == "subscriptions") 1498 { 1499 $plugins->run_hooks("usercp_subscriptions_start"); 1500 1501 // Thread visiblity 1502 $where = array( 1503 "s.uid={$mybb->user['uid']}", 1504 get_visible_where('t') 1505 ); 1506 1507 if($unviewable_forums = get_unviewable_forums(true)) 1508 { 1509 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 1510 } 1511 1512 if($inactive_forums = get_inactive_forums()) 1513 { 1514 $where[] = "t.fid NOT IN ({$inactive_forums})"; 1515 } 1516 1517 $where = implode(' AND ', $where); 1518 1519 // Do Multi Pages 1520 $query = $db->query(" 1521 SELECT COUNT(s.tid) as threads 1522 FROM ".TABLE_PREFIX."threadsubscriptions s 1523 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = s.tid) 1524 WHERE {$where} 1525 "); 1526 $threadcount = $db->fetch_field($query, "threads"); 1527 1528 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 1529 { 1530 $mybb->settings['threadsperpage'] = 20; 1531 } 1532 1533 $perpage = $mybb->settings['threadsperpage']; 1534 $page = $mybb->get_input('page', MyBB::INPUT_INT); 1535 if($page > 0) 1536 { 1537 $start = ($page-1) * $perpage; 1538 $pages = $threadcount / $perpage; 1539 $pages = ceil($pages); 1540 if($page > $pages || $page <= 0) 1541 { 1542 $start = 0; 1543 $page = 1; 1544 } 1545 } 1546 else 1547 { 1548 $start = 0; 1549 $page = 1; 1550 } 1551 $end = $start + $perpage; 1552 $lower = $start+1; 1553 $upper = $end; 1554 if($upper > $threadcount) 1555 { 1556 $upper = $threadcount; 1557 } 1558 $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions"); 1559 $fpermissions = forum_permissions(); 1560 $del_subscriptions = $subscriptions = array(); 1561 1562 // Fetch subscriptions 1563 $query = $db->query(" 1564 SELECT s.*, t.*, t.username AS threadusername, u.username 1565 FROM ".TABLE_PREFIX."threadsubscriptions s 1566 LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid) 1567 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 1568 WHERE {$where} 1569 ORDER BY t.lastpost DESC 1570 LIMIT $start, $perpage 1571 "); 1572 while($subscription = $db->fetch_array($query)) 1573 { 1574 $forumpermissions = $fpermissions[$subscription['fid']]; 1575 1576 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']) 1577 { 1578 // Hmm, you don't have permission to view this thread - unsubscribe! 1579 $del_subscriptions[] = $subscription['sid']; 1580 } 1581 elseif($subscription['tid']) 1582 { 1583 $subscriptions[$subscription['tid']] = $subscription; 1584 } 1585 } 1586 1587 if(!empty($del_subscriptions)) 1588 { 1589 $sids = implode(',', $del_subscriptions); 1590 1591 if($sids) 1592 { 1593 $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'"); 1594 } 1595 1596 $threadcount = $threadcount - count($del_subscriptions); 1597 1598 if($threadcount < 0) 1599 { 1600 $threadcount = 0; 1601 } 1602 } 1603 1604 if(!empty($subscriptions)) 1605 { 1606 $tids = implode(",", array_keys($subscriptions)); 1607 $readforums = array(); 1608 1609 // Build a forum cache. 1610 $query = $db->query(" 1611 SELECT f.fid, fr.dateline AS lastread 1612 FROM ".TABLE_PREFIX."forums f 1613 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1614 WHERE f.active != 0 1615 ORDER BY pid, disporder 1616 "); 1617 1618 while($forum = $db->fetch_array($query)) 1619 { 1620 $readforums[$forum['fid']] = $forum['lastread']; 1621 } 1622 1623 // Check participation by the current user in any of these threads - for 'dot' folder icons 1624 if($mybb->settings['dotfolders'] != 0) 1625 { 1626 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 1627 while($post = $db->fetch_array($query)) 1628 { 1629 $subscriptions[$post['tid']]['doticon'] = 1; 1630 } 1631 } 1632 1633 // Read threads 1634 if($mybb->settings['threadreadcut'] > 0) 1635 { 1636 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 1637 while($readthread = $db->fetch_array($query)) 1638 { 1639 $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline']; 1640 } 1641 } 1642 1643 $icon_cache = $cache->read("posticons"); 1644 $threadprefixes = build_prefixes(); 1645 1646 $threads = ''; 1647 1648 // Now we can build our subscription list 1649 foreach($subscriptions as $thread) 1650 { 1651 $bgcolor = alt_trow(); 1652 1653 $folder = ''; 1654 $prefix = ''; 1655 $thread['threadprefix'] = ''; 1656 1657 // If this thread has a prefix, insert a space between prefix and subject 1658 if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']])) 1659 { 1660 $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 1661 } 1662 1663 // Sanitize 1664 $thread['subject'] = $parser->parse_badwords($thread['subject']); 1665 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 1666 1667 // Build our links 1668 $thread['threadlink'] = get_thread_link($thread['tid']); 1669 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 1670 1671 // Fetch the thread icon if we have one 1672 if($thread['icon'] > 0 && $icon_cache[$thread['icon']]) 1673 { 1674 $icon = $icon_cache[$thread['icon']]; 1675 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 1676 $icon['path'] = htmlspecialchars_uni($icon['path']); 1677 $icon['name'] = htmlspecialchars_uni($icon['name']); 1678 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 1679 } 1680 else 1681 { 1682 $icon = " "; 1683 } 1684 1685 // Determine the folder 1686 $folder = ''; 1687 $folder_label = ''; 1688 1689 if(isset($thread['doticon'])) 1690 { 1691 $folder = "dot_"; 1692 $folder_label .= $lang->icon_dot; 1693 } 1694 1695 $gotounread = ''; 1696 $isnew = 0; 1697 $donenew = 0; 1698 $lastread = 0; 1699 1700 if($mybb->settings['threadreadcut'] > 0) 1701 { 1702 $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 1703 if(empty($readforums[$thread['fid']]) || $readforums[$thread['fid']] < $read_cutoff) 1704 { 1705 $forum_read = $read_cutoff; 1706 } 1707 else 1708 { 1709 $forum_read = $readforums[$thread['fid']]; 1710 } 1711 } 1712 1713 $cutoff = 0; 1714 if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read) 1715 { 1716 $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 1717 } 1718 1719 if($thread['lastpost'] > $cutoff) 1720 { 1721 if(!empty($thread['lastread'])) 1722 { 1723 $lastread = $thread['lastread']; 1724 } 1725 else 1726 { 1727 $lastread = 1; 1728 } 1729 } 1730 1731 if(!$lastread) 1732 { 1733 $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']); 1734 if($readcookie > $forum_read) 1735 { 1736 $lastread = $readcookie; 1737 } 1738 else 1739 { 1740 $lastread = $forum_read; 1741 } 1742 } 1743 1744 if($lastread && $lastread < $thread['lastpost']) 1745 { 1746 $folder .= "new"; 1747 $folder_label .= $lang->icon_new; 1748 $new_class = "subject_new"; 1749 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 1750 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 1751 $unreadpost = 1; 1752 } 1753 else 1754 { 1755 $folder_label .= $lang->icon_no_new; 1756 $new_class = "subject_old"; 1757 } 1758 1759 if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews']) 1760 { 1761 $folder .= "hot"; 1762 $folder_label .= $lang->icon_hot; 1763 } 1764 1765 if($thread['closed'] == 1) 1766 { 1767 $folder .= "close"; 1768 $folder_label .= $lang->icon_close; 1769 } 1770 1771 $folder .= "folder"; 1772 1773 if($thread['visible'] == 0) 1774 { 1775 $bgcolor = "trow_shaded"; 1776 } 1777 1778 // Build last post info 1779 $lastpostdate = my_date('relative', $thread['lastpost']); 1780 $lastposteruid = $thread['lastposteruid']; 1781 if(!$lastposteruid && !$thread['lastposter']) 1782 { 1783 $lastposter = htmlspecialchars_uni($lang->guest); 1784 } 1785 else 1786 { 1787 $lastposter = htmlspecialchars_uni($thread['lastposter']); 1788 } 1789 1790 // Don't link to guest's profiles (they have no profile). 1791 if($lastposteruid == 0) 1792 { 1793 $lastposterlink = $lastposter; 1794 } 1795 else 1796 { 1797 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 1798 } 1799 1800 $thread['replies'] = my_number_format($thread['replies']); 1801 $thread['views'] = my_number_format($thread['views']); 1802 1803 // What kind of notification type do we have here? 1804 switch($thread['notification']) 1805 { 1806 case "2": // PM 1807 $notification_type = $lang->pm_notification; 1808 break; 1809 case "1": // Email 1810 $notification_type = $lang->email_notification; 1811 break; 1812 default: // No notification 1813 $notification_type = $lang->no_notification; 1814 } 1815 1816 eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";"); 1817 } 1818 1819 // Provide remove options 1820 eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";"); 1821 } 1822 else 1823 { 1824 $remove_options = ''; 1825 eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";"); 1826 } 1827 1828 $plugins->run_hooks("usercp_subscriptions_end"); 1829 1830 eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";"); 1831 output_page($subscriptions); 1832 } 1833 1834 if($mybb->input['action'] == "forumsubscriptions") 1835 { 1836 $plugins->run_hooks("usercp_forumsubscriptions_start"); 1837 1838 // Build a forum cache. 1839 $query = $db->query(" 1840 SELECT f.fid, fr.dateline AS lastread 1841 FROM ".TABLE_PREFIX."forums f 1842 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1843 WHERE f.active != 0 1844 ORDER BY pid, disporder 1845 "); 1846 $readforums = array(); 1847 while($forum = $db->fetch_array($query)) 1848 { 1849 $readforums[$forum['fid']] = $forum['lastread']; 1850 } 1851 1852 $fpermissions = forum_permissions(); 1853 require_once MYBB_ROOT."inc/functions_forumlist.php"; 1854 1855 $query = $db->query(" 1856 SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread 1857 FROM ".TABLE_PREFIX."forumsubscriptions fs 1858 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid) 1859 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid) 1860 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 1861 WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."' 1862 ORDER BY f.name ASC 1863 "); 1864 1865 $forums = ''; 1866 while($forum = $db->fetch_array($query)) 1867 { 1868 $forum_url = get_forum_link($forum['fid']); 1869 $forumpermissions = $fpermissions[$forum['fid']]; 1870 1871 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 1872 { 1873 continue; 1874 } 1875 1876 $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost'])); 1877 $folder = $lightbulb['folder']; 1878 1879 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0) 1880 { 1881 $posts = '-'; 1882 $threads = '-'; 1883 } 1884 else 1885 { 1886 $posts = my_number_format($forum['posts']); 1887 $threads = my_number_format($forum['threads']); 1888 } 1889 1890 if($forum['lastpost'] == 0) 1891 { 1892 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";"); 1893 } 1894 // Hide last post 1895 elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid']) 1896 { 1897 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";"); 1898 } 1899 else 1900 { 1901 $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']); 1902 $lastpost_date = my_date('relative', $forum['lastpost']); 1903 $lastposttid = $forum['lastposttid']; 1904 if(!$forum['lastposteruid'] && !$forum['lastposter']) 1905 { 1906 $lastposter = htmlspecialchars_uni($lang->guest); 1907 } 1908 else 1909 { 1910 $lastposter = htmlspecialchars_uni($forum['lastposter']); 1911 } 1912 if($forum['lastposteruid'] == 0) 1913 { 1914 $lastpost_profilelink = $lastposter; 1915 } 1916 else 1917 { 1918 $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']); 1919 } 1920 $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']); 1921 if(my_strlen($lastpost_subject) > 25) 1922 { 1923 $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "..."; 1924 } 1925 $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost"); 1926 eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";"); 1927 } 1928 1929 if($mybb->settings['showdescriptions'] == 0) 1930 { 1931 $forum['description'] = ""; 1932 } 1933 1934 eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";"); 1935 } 1936 1937 if(!$forums) 1938 { 1939 eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";"); 1940 } 1941 1942 $plugins->run_hooks("usercp_forumsubscriptions_end"); 1943 1944 eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";"); 1945 output_page($forumsubscriptions); 1946 } 1947 1948 if($mybb->input['action'] == "do_addsubscription" && $mybb->get_input('type') != "forum") 1949 { 1950 // Verify incoming POST request 1951 verify_post_check($mybb->get_input('my_post_key')); 1952 1953 $thread = get_thread($mybb->get_input('tid')); 1954 if(!$thread || $thread['visible'] == -1) 1955 { 1956 error($lang->error_invalidthread); 1957 } 1958 1959 // Is the currently logged in user a moderator of this forum? 1960 $ismod = is_moderator($thread['fid']); 1961 1962 // Make sure we are looking at a real thread here. 1963 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 1964 { 1965 error($lang->error_invalidthread); 1966 } 1967 1968 $forumpermissions = forum_permissions($thread['fid']); 1969 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 1970 { 1971 error_no_permission(); 1972 } 1973 1974 // check if the forum requires a password to view. If so, we need to show a form to the user 1975 check_forum_password($thread['fid']); 1976 1977 // Naming of the hook retained for backward compatibility while dropping usercp2.php 1978 $plugins->run_hooks("usercp2_do_addsubscription"); 1979 1980 add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT)); 1981 1982 if($mybb->get_input('referrer')) 1983 { 1984 $mybb->input['referrer'] = $mybb->get_input('referrer'); 1985 1986 if(my_strpos($mybb->input['referrer'], $mybb->settings['bburl'].'/') !== 0) 1987 { 1988 if(my_strpos($mybb->input['referrer'], '/') === 0) 1989 { 1990 $mybb->input['referrer'] = my_substr($mybb->input['url'], 1); 1991 } 1992 $url_segments = explode('/', $mybb->input['referrer']); 1993 $mybb->input['referrer'] = $mybb->settings['bburl'].'/'.end($url_segments); 1994 } 1995 1996 $url = htmlspecialchars_uni($mybb->input['referrer']); 1997 } 1998 else 1999 { 2000 $url = get_thread_link($thread['tid']); 2001 } 2002 redirect($url, $lang->redirect_subscriptionadded); 2003 } 2004 2005 if($mybb->input['action'] == "addsubscription") 2006 { 2007 // Verify incoming POST request 2008 verify_post_check($mybb->get_input('my_post_key')); 2009 2010 if($mybb->get_input('type') == "forum") 2011 { 2012 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2013 if(!$forum) 2014 { 2015 error($lang->error_invalidforum); 2016 } 2017 $forumpermissions = forum_permissions($forum['fid']); 2018 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 2019 { 2020 error_no_permission(); 2021 } 2022 2023 // check if the forum requires a password to view. If so, we need to show a form to the user 2024 check_forum_password($forum['fid']); 2025 2026 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2027 $plugins->run_hooks("usercp2_addsubscription_forum"); 2028 2029 add_subscribed_forum($forum['fid']); 2030 if($server_http_referer && $mybb->request_method != 'post') 2031 { 2032 $url = $server_http_referer; 2033 } 2034 else 2035 { 2036 $url = "index.php"; 2037 } 2038 redirect($url, $lang->redirect_forumsubscriptionadded); 2039 } 2040 else 2041 { 2042 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2043 if(!$thread || $thread['visible'] == -1) 2044 { 2045 error($lang->error_invalidthread); 2046 } 2047 2048 // Is the currently logged in user a moderator of this forum? 2049 $ismod = is_moderator($thread['fid']); 2050 2051 // Make sure we are looking at a real thread here. 2052 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2053 { 2054 error($lang->error_invalidthread); 2055 } 2056 2057 add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions"); 2058 add_breadcrumb($lang->nav_addsubscription); 2059 2060 $forumpermissions = forum_permissions($thread['fid']); 2061 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 2062 { 2063 error_no_permission(); 2064 } 2065 2066 // check if the forum requires a password to view. If so, we need to show a form to the user 2067 check_forum_password($thread['fid']); 2068 2069 $referrer = ''; 2070 if($server_http_referer) 2071 { 2072 $referrer = $server_http_referer; 2073 } 2074 2075 require_once MYBB_ROOT."inc/class_parser.php"; 2076 $parser = new postParser; 2077 $thread['subject'] = $parser->parse_badwords($thread['subject']); 2078 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 2079 $lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']); 2080 2081 $notification_none_checked = $notification_email_checked = $notification_pm_checked = ''; 2082 if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0) 2083 { 2084 $notification_none_checked = "checked=\"checked\""; 2085 } 2086 elseif($mybb->user['subscriptionmethod'] == 2) 2087 { 2088 $notification_email_checked = "checked=\"checked\""; 2089 } 2090 elseif($mybb->user['subscriptionmethod'] == 3) 2091 { 2092 $notification_pm_checked = "checked=\"checked\""; 2093 } 2094 2095 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2096 $plugins->run_hooks("usercp2_addsubscription_thread"); 2097 2098 eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";"); 2099 output_page($add_subscription); 2100 exit; 2101 } 2102 } 2103 2104 if($mybb->input['action'] == "removesubscription" && ($mybb->request_method == "post" || verify_post_check($mybb->get_input('my_post_key'), true))) 2105 { 2106 // Verify incoming POST request 2107 verify_post_check($mybb->get_input('my_post_key')); 2108 2109 if($mybb->get_input('type') == "forum") 2110 { 2111 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2112 if(!$forum) 2113 { 2114 error($lang->error_invalidforum); 2115 } 2116 2117 // check if the forum requires a password to view. If so, we need to show a form to the user 2118 check_forum_password($forum['fid']); 2119 2120 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2121 $plugins->run_hooks("usercp2_removesubscription_forum"); 2122 2123 remove_subscribed_forum($forum['fid']); 2124 if($server_http_referer && $mybb->request_method != 'post') 2125 { 2126 $url = $server_http_referer; 2127 } 2128 else 2129 { 2130 $url = "usercp.php?action=forumsubscriptions"; 2131 } 2132 redirect($url, $lang->redirect_forumsubscriptionremoved); 2133 } 2134 else 2135 { 2136 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2137 if(!$thread) 2138 { 2139 error($lang->error_invalidthread); 2140 } 2141 2142 // Is the currently logged in user a moderator of this forum? 2143 $ismod = is_moderator($thread['fid']); 2144 2145 // Make sure we are looking at a real thread here. 2146 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2147 { 2148 error($lang->error_invalidthread); 2149 } 2150 2151 // check if the forum requires a password to view. If so, we need to show a form to the user 2152 check_forum_password($thread['fid']); 2153 2154 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2155 $plugins->run_hooks("usercp2_removesubscription_thread"); 2156 2157 remove_subscribed_thread($thread['tid']); 2158 if($server_http_referer && $mybb->request_method != 'post') 2159 { 2160 $url = $server_http_referer; 2161 } 2162 else 2163 { 2164 $url = "usercp.php?action=subscriptions"; 2165 } 2166 redirect($url, $lang->redirect_subscriptionremoved); 2167 } 2168 } 2169 2170 // Show remove subscription form when GET method and without valid my_post_key 2171 if($mybb->input['action'] == "removesubscription") 2172 { 2173 $referrer = ''; 2174 if($mybb->get_input('type') == "forum") 2175 { 2176 $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT)); 2177 if(!$forum) 2178 { 2179 error($lang->error_invalidforum); 2180 } 2181 2182 add_breadcrumb($lang->nav_forumsubscriptions, "usercp.php?action=forumsubscriptions"); 2183 add_breadcrumb($lang->nav_removesubscription); 2184 2185 $forumpermissions = forum_permissions($forum['fid']); 2186 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) 2187 { 2188 error_no_permission(); 2189 } 2190 2191 // check if the forum requires a password to view. If so, we need to show a form to the user 2192 check_forum_password($forum['fid']); 2193 2194 $lang->unsubscribe_from_forum = $lang->sprintf($lang->unsubscribe_from_forum, $forum['name']); 2195 2196 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2197 $plugins->run_hooks("usercp2_removesubscription_display_forum"); 2198 2199 eval("\$remove_forum_subscription = \"".$templates->get("usercp_removesubscription_forum")."\";"); 2200 output_page($remove_forum_subscription); 2201 exit; 2202 } 2203 else 2204 { 2205 $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT)); 2206 if(!$thread || $thread['visible'] == -1) 2207 { 2208 error($lang->error_invalidthread); 2209 } 2210 2211 // Is the currently logged in user a moderator of this forum? 2212 $ismod = is_moderator($thread['fid']); 2213 2214 // Make sure we are looking at a real thread here. 2215 if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true)) 2216 { 2217 error($lang->error_invalidthread); 2218 } 2219 2220 add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions"); 2221 add_breadcrumb($lang->nav_removesubscription); 2222 2223 $forumpermissions = forum_permissions($thread['fid']); 2224 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'])) 2225 { 2226 error_no_permission(); 2227 } 2228 2229 // check if the forum requires a password to view. If so, we need to show a form to the user 2230 check_forum_password($thread['fid']); 2231 2232 require_once MYBB_ROOT."inc/class_parser.php"; 2233 $parser = new postParser; 2234 $thread['subject'] = $parser->parse_badwords($thread['subject']); 2235 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 2236 $lang->unsubscribe_from_thread = $lang->sprintf($lang->unsubscribe_from_thread, $thread['subject']); 2237 2238 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2239 $plugins->run_hooks("usercp2_removesubscription_display_thread"); 2240 2241 eval("\$remove_thread_subscription = \"".$templates->get("usercp_removesubscription_thread")."\";"); 2242 output_page($remove_thread_subscription); 2243 exit; 2244 } 2245 } 2246 2247 if($mybb->input['action'] == "removesubscriptions") 2248 { 2249 // Verify incoming POST request 2250 verify_post_check($mybb->get_input('my_post_key')); 2251 2252 if($mybb->get_input('type') == "forum") 2253 { 2254 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2255 $plugins->run_hooks("usercp2_removesubscriptions_forum"); 2256 2257 $db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'"); 2258 if($server_http_referer) 2259 { 2260 $url = $server_http_referer; 2261 } 2262 else 2263 { 2264 $url = "usercp.php?action=forumsubscriptions"; 2265 } 2266 redirect($url, $lang->redirect_forumsubscriptionsremoved); 2267 } 2268 else 2269 { 2270 // Naming of the hook retained for backward compatibility while dropping usercp2.php 2271 $plugins->run_hooks("usercp2_removesubscriptions_thread"); 2272 2273 $db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'"); 2274 if($server_http_referer) 2275 { 2276 $url = $server_http_referer; 2277 } 2278 else 2279 { 2280 $url = "usercp.php?action=subscriptions"; 2281 } 2282 redirect($url, $lang->redirect_subscriptionsremoved); 2283 } 2284 } 2285 2286 if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post") 2287 { 2288 // Verify incoming POST request 2289 verify_post_check($mybb->get_input('my_post_key')); 2290 2291 // User currently has a suspended signature 2292 if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW) 2293 { 2294 error_no_permission(); 2295 } 2296 2297 $plugins->run_hooks("usercp_do_editsig_start"); 2298 2299 if($mybb->get_input('updateposts') == "enable") 2300 { 2301 $update_signature = array( 2302 "includesig" => 1 2303 ); 2304 $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'"); 2305 } 2306 elseif($mybb->get_input('updateposts') == "disable") 2307 { 2308 $update_signature = array( 2309 "includesig" => 0 2310 ); 2311 $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'"); 2312 } 2313 $new_signature = array( 2314 "signature" => $db->escape_string($mybb->get_input('signature')) 2315 ); 2316 $plugins->run_hooks("usercp_do_editsig_process"); 2317 $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'"); 2318 $plugins->run_hooks("usercp_do_editsig_end"); 2319 redirect("usercp.php?action=editsig", $lang->redirect_sigupdated); 2320 } 2321 2322 if($mybb->input['action'] == "editsig") 2323 { 2324 $plugins->run_hooks("usercp_editsig_start"); 2325 if(!empty($mybb->input['preview']) && empty($error)) 2326 { 2327 $sig = $mybb->get_input('signature'); 2328 $template = "usercp_editsig_preview"; 2329 } 2330 elseif(empty($error)) 2331 { 2332 $sig = $mybb->user['signature']; 2333 $template = "usercp_editsig_current"; 2334 } 2335 else 2336 { 2337 $sig = $mybb->get_input('signature'); 2338 $template = false; 2339 } 2340 2341 if(!isset($error)) 2342 { 2343 $error = ''; 2344 } 2345 2346 if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW)) 2347 { 2348 // User currently has no signature and they're suspended 2349 error($lang->sig_suspended); 2350 } 2351 2352 if($mybb->usergroup['canusesig'] != 1) 2353 { 2354 // Usergroup has no permission to use this facility 2355 error_no_permission(); 2356 } 2357 elseif($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts']) 2358 { 2359 // Usergroup can use this facility, but only after x posts 2360 error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts'])); 2361 } 2362 2363 $signature = ''; 2364 if($sig && $template) 2365 { 2366 $sig_parser = array( 2367 "allow_html" => $mybb->settings['sightml'], 2368 "allow_mycode" => $mybb->settings['sigmycode'], 2369 "allow_smilies" => $mybb->settings['sigsmilies'], 2370 "allow_imgcode" => $mybb->settings['sigimgcode'], 2371 "me_username" => $mybb->user['username'], 2372 "filter_badwords" => 1 2373 ); 2374 2375 if($mybb->user['showimages'] != 1) 2376 { 2377 $sig_parser['allow_imgcode'] = 0; 2378 } 2379 2380 $sigpreview = $parser->parse_message($sig, $sig_parser); 2381 eval("\$signature = \"".$templates->get($template)."\";"); 2382 } 2383 2384 // User has a current signature, so let's display it (but show an error message) 2385 if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW) 2386 { 2387 $plugins->run_hooks("usercp_editsig_end"); 2388 2389 // User either doesn't have permission, or has their signature suspended 2390 eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";"); 2391 } 2392 else 2393 { 2394 // User is allowed to edit their signature 2395 $smilieinserter = ''; 2396 if($mybb->settings['sigsmilies'] == 1) 2397 { 2398 $sigsmilies = $lang->on; 2399 $smilieinserter = build_clickable_smilies(); 2400 } 2401 else 2402 { 2403 $sigsmilies = $lang->off; 2404 } 2405 if($mybb->settings['sigmycode'] == 1) 2406 { 2407 $sigmycode = $lang->on; 2408 } 2409 else 2410 { 2411 $sigmycode = $lang->off; 2412 } 2413 if($mybb->settings['sightml'] == 1) 2414 { 2415 $sightml = $lang->on; 2416 } 2417 else 2418 { 2419 $sightml = $lang->off; 2420 } 2421 if($mybb->settings['sigimgcode'] == 1) 2422 { 2423 $sigimgcode = $lang->on; 2424 } 2425 else 2426 { 2427 $sigimgcode = $lang->off; 2428 } 2429 2430 if($mybb->settings['siglength'] == 0) 2431 { 2432 $siglength = $lang->unlimited; 2433 } 2434 else 2435 { 2436 $siglength = $mybb->settings['siglength']; 2437 } 2438 2439 $sig = htmlspecialchars_uni($sig); 2440 $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $siglength); 2441 2442 if($mybb->settings['sigmycode'] != 0 && $mybb->settings['bbcodeinserter'] != 0 && $mybb->user['showcodebuttons'] != 0) 2443 { 2444 $codebuttons = build_mycode_inserter("signature"); 2445 } 2446 2447 $plugins->run_hooks("usercp_editsig_end"); 2448 2449 eval("\$editsig = \"".$templates->get("usercp_editsig")."\";"); 2450 } 2451 2452 output_page($editsig); 2453 } 2454 2455 if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post") 2456 { 2457 // Verify incoming POST request 2458 verify_post_check($mybb->get_input('my_post_key')); 2459 2460 $plugins->run_hooks("usercp_do_avatar_start"); 2461 require_once MYBB_ROOT."inc/functions_upload.php"; 2462 2463 $avatar_error = ""; 2464 2465 if(!empty($mybb->input['remove'])) // remove avatar 2466 { 2467 $updated_avatar = array( 2468 "avatar" => "", 2469 "avatardimensions" => "", 2470 "avatartype" => "" 2471 ); 2472 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2473 remove_avatars($mybb->user['uid']); 2474 } 2475 elseif($_FILES['avatarupload']['name']) // upload avatar 2476 { 2477 if($mybb->usergroup['canuploadavatars'] == 0) 2478 { 2479 error_no_permission(); 2480 } 2481 $avatar = upload_avatar(); 2482 if(!empty($avatar['error'])) 2483 { 2484 $avatar_error = $avatar['error']; 2485 } 2486 else 2487 { 2488 if($avatar['width'] > 0 && $avatar['height'] > 0) 2489 { 2490 $avatar_dimensions = $avatar['width']."|".$avatar['height']; 2491 } 2492 $updated_avatar = array( 2493 "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW, 2494 "avatardimensions" => $avatar_dimensions, 2495 "avatartype" => "upload" 2496 ); 2497 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2498 } 2499 } 2500 elseif(!$mybb->settings['allowremoteavatars'] && !$_FILES['avatarupload']['name']) // missing avatar image 2501 { 2502 $avatar_error = $lang->error_avatarimagemissing; 2503 } 2504 elseif($mybb->settings['allowremoteavatars']) // remote avatar 2505 { 2506 $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl')); 2507 if(validate_email_format($mybb->input['avatarurl']) != false) 2508 { 2509 // Gravatar 2510 $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']); 2511 2512 // If user image does not exist, or is a higher rating, use the mystery man 2513 $email = md5($mybb->input['avatarurl']); 2514 2515 $s = ''; 2516 if(!$mybb->settings['maxavatardims']) 2517 { 2518 $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits 2519 } 2520 2521 // Because Gravatars are square, hijack the width 2522 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2523 $maxheight = (int)$maxwidth; 2524 2525 // Rating? 2526 $types = array('g', 'pg', 'r', 'x'); 2527 $rating = $mybb->settings['useravatarrating']; 2528 2529 if(!in_array($rating, $types)) 2530 { 2531 $rating = 'g'; 2532 } 2533 2534 $s = "?s={$maxheight}&r={$rating}&d=mm"; 2535 2536 $updated_avatar = array( 2537 "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}", 2538 "avatardimensions" => "{$maxheight}|{$maxheight}", 2539 "avatartype" => "gravatar" 2540 ); 2541 2542 $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'"); 2543 } 2544 else 2545 { 2546 $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl')); 2547 $ext = get_extension($mybb->input['avatarurl']); 2548 2549 // Copy the avatar to the local server (work around remote URL access disabled for getimagesize) 2550 $file = fetch_remote_file($mybb->input['avatarurl']); 2551 if(!$file) 2552 { 2553 $avatar_error = $lang->error_invalidavatarurl; 2554 } 2555 else 2556 { 2557 $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str()); 2558 $fp = @fopen($tmp_name, "wb"); 2559 if(!$fp) 2560 { 2561 $avatar_error = $lang->error_invalidavatarurl; 2562 } 2563 else 2564 { 2565 fwrite($fp, $file); 2566 fclose($fp); 2567 list($width, $height, $type) = @getimagesize($tmp_name); 2568 @unlink($tmp_name); 2569 if(!$type) 2570 { 2571 $avatar_error = $lang->error_invalidavatarurl; 2572 } 2573 } 2574 } 2575 2576 if(empty($avatar_error)) 2577 { 2578 if($width && $height && $mybb->settings['maxavatardims'] != "") 2579 { 2580 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2581 if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight)) 2582 { 2583 $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); 2584 $avatar_error = $lang->error_avatartoobig; 2585 } 2586 } 2587 } 2588 2589 // Limiting URL string to stay within database limit 2590 if(strlen($mybb->input['avatarurl']) > 200) 2591 { 2592 $avatar_error = $lang->error_avatarurltoolong; 2593 } 2594 2595 if(empty($avatar_error)) 2596 { 2597 if($width > 0 && $height > 0) 2598 { 2599 $avatar_dimensions = (int)$width."|".(int)$height; 2600 } 2601 $updated_avatar = array( 2602 "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW), 2603 "avatardimensions" => $avatar_dimensions, 2604 "avatartype" => "remote" 2605 ); 2606 $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'"); 2607 remove_avatars($mybb->user['uid']); 2608 } 2609 } 2610 } 2611 else // remote avatar, but remote avatars are not allowed 2612 { 2613 $avatar_error = $lang->error_remote_avatar_not_allowed; 2614 } 2615 2616 if(empty($avatar_error)) 2617 { 2618 $plugins->run_hooks("usercp_do_avatar_end"); 2619 redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated); 2620 } 2621 else 2622 { 2623 $mybb->input['action'] = "avatar"; 2624 $avatar_error = inline_error($avatar_error); 2625 } 2626 } 2627 2628 if($mybb->input['action'] == "avatar") 2629 { 2630 $plugins->run_hooks("usercp_avatar_start"); 2631 2632 $avatarmsg = $avatarurl = ''; 2633 2634 if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath'])) 2635 { 2636 $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>"; 2637 } 2638 elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar'])) 2639 { 2640 $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>"; 2641 $avatarurl = htmlspecialchars_uni($mybb->user['avatar']); 2642 } 2643 2644 $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100'); 2645 eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";"); 2646 2647 if($mybb->settings['maxavatardims'] != "") 2648 { 2649 list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims'])); 2650 $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight); 2651 } 2652 2653 if($mybb->settings['avatarsize']) 2654 { 2655 $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024); 2656 $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize); 2657 } 2658 2659 $plugins->run_hooks("usercp_avatar_intermediate"); 2660 2661 $auto_resize = ''; 2662 if($mybb->settings['avatarresizing'] == "auto") 2663 { 2664 eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";"); 2665 } 2666 elseif($mybb->settings['avatarresizing'] == "user") 2667 { 2668 eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";"); 2669 } 2670 2671 $avatarupload = ''; 2672 if($mybb->usergroup['canuploadavatars'] == 1) 2673 { 2674 eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";"); 2675 } 2676 2677 $avatar_remote = ''; 2678 if($mybb->settings['allowremoteavatars'] == 1) 2679 { 2680 eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";"); 2681 } 2682 2683 $removeavatar = ''; 2684 if(!empty($mybb->user['avatar'])) 2685 { 2686 eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";"); 2687 } 2688 2689 $plugins->run_hooks("usercp_avatar_end"); 2690 2691 if(!isset($avatar_error)) 2692 { 2693 $avatar_error = ''; 2694 } 2695 2696 eval("\$avatar = \"".$templates->get("usercp_avatar")."\";"); 2697 output_page($avatar); 2698 } 2699 2700 if($mybb->input['action'] == "acceptrequest") 2701 { 2702 // Verify incoming POST request 2703 verify_post_check($mybb->get_input('my_post_key')); 2704 2705 // Validate request 2706 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']); 2707 $request = $db->fetch_array($query); 2708 if(empty($request)) 2709 { 2710 error($lang->invalid_request); 2711 } 2712 2713 $plugins->run_hooks("usercp_acceptrequest_start"); 2714 2715 $user = get_user($request['uid']); 2716 if(!empty($user)) 2717 { 2718 // We want to add us to this user's buddy list 2719 if($user['buddylist'] != '') 2720 { 2721 $user['buddylist'] = explode(',', $user['buddylist']); 2722 } 2723 else 2724 { 2725 $user['buddylist'] = array(); 2726 } 2727 2728 $user['buddylist'][] = (int)$mybb->user['uid']; 2729 2730 // Now we have the new list, so throw it all back together 2731 $new_list = implode(",", $user['buddylist']); 2732 2733 // And clean it up a little to ensure there is no possibility of bad values 2734 $new_list = preg_replace("#,{2,}#", ",", $new_list); 2735 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 2736 2737 if(my_substr($new_list, 0, 1) == ",") 2738 { 2739 $new_list = my_substr($new_list, 1); 2740 } 2741 if(my_substr($new_list, -1) == ",") 2742 { 2743 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 2744 } 2745 2746 $user['buddylist'] = $db->escape_string($new_list); 2747 2748 $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'"); 2749 2750 2751 // We want to add the user to our buddy list 2752 if($mybb->user['buddylist'] != '') 2753 { 2754 $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']); 2755 } 2756 else 2757 { 2758 $mybb->user['buddylist'] = array(); 2759 } 2760 2761 $mybb->user['buddylist'][] = (int)$request['uid']; 2762 2763 // Now we have the new list, so throw it all back together 2764 $new_list = implode(",", $mybb->user['buddylist']); 2765 2766 // And clean it up a little to ensure there is no possibility of bad values 2767 $new_list = preg_replace("#,{2,}#", ",", $new_list); 2768 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 2769 2770 if(my_substr($new_list, 0, 1) == ",") 2771 { 2772 $new_list = my_substr($new_list, 1); 2773 } 2774 if(my_substr($new_list, -1) == ",") 2775 { 2776 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 2777 } 2778 2779 $mybb->user['buddylist'] = $db->escape_string($new_list); 2780 2781 $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'"); 2782 2783 $pm = array( 2784 'subject' => 'buddyrequest_accepted_request', 2785 'message' => 'buddyrequest_accepted_request_message', 2786 'touid' => $user['uid'], 2787 'language' => $user['language'], 2788 'language_file' => 'usercp' 2789 ); 2790 2791 send_pm($pm, $mybb->user['uid'], true); 2792 2793 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2794 } 2795 else 2796 { 2797 error($lang->user_doesnt_exist); 2798 } 2799 2800 $plugins->run_hooks("usercp_acceptrequest_end"); 2801 2802 redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted); 2803 } 2804 2805 elseif($mybb->input['action'] == "declinerequest") 2806 { 2807 // Verify incoming POST request 2808 verify_post_check($mybb->get_input('my_post_key')); 2809 2810 // Validate request 2811 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']); 2812 $request = $db->fetch_array($query); 2813 if(empty($request)) 2814 { 2815 error($lang->invalid_request); 2816 } 2817 2818 $plugins->run_hooks("usercp_declinerequest_start"); 2819 2820 $user = get_user($request['uid']); 2821 if(!empty($user)) 2822 { 2823 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2824 } 2825 else 2826 { 2827 error($lang->user_doesnt_exist); 2828 } 2829 2830 $plugins->run_hooks("usercp_declinerequest_end"); 2831 2832 redirect("usercp.php?action=editlists", $lang->buddyrequest_declined); 2833 } 2834 2835 elseif($mybb->input['action'] == "cancelrequest") 2836 { 2837 // Verify incoming POST request 2838 verify_post_check($mybb->get_input('my_post_key')); 2839 2840 // Validate request 2841 $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']); 2842 $request = $db->fetch_array($query); 2843 if(empty($request)) 2844 { 2845 error($lang->invalid_request); 2846 } 2847 2848 $plugins->run_hooks("usercp_cancelrequest_start"); 2849 2850 $db->delete_query('buddyrequests', 'id='.(int)$request['id']); 2851 2852 $plugins->run_hooks("usercp_cancelrequest_end"); 2853 2854 redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled); 2855 } 2856 2857 if($mybb->input['action'] == "do_editlists") 2858 { 2859 // Verify incoming POST request 2860 verify_post_check($mybb->get_input('my_post_key')); 2861 2862 $plugins->run_hooks("usercp_do_editlists_start"); 2863 2864 $existing_users = array(); 2865 $selected_list = array(); 2866 if($mybb->get_input('manage') == "ignored") 2867 { 2868 if($mybb->user['ignorelist']) 2869 { 2870 $existing_users = explode(",", $mybb->user['ignorelist']); 2871 } 2872 2873 if($mybb->user['buddylist']) 2874 { 2875 // Create a list of buddies... 2876 $selected_list = explode(",", $mybb->user['buddylist']); 2877 } 2878 } 2879 else 2880 { 2881 if($mybb->user['buddylist']) 2882 { 2883 $existing_users = explode(",", $mybb->user['buddylist']); 2884 } 2885 2886 if($mybb->user['ignorelist']) 2887 { 2888 // Create a list of ignored users 2889 $selected_list = explode(",", $mybb->user['ignorelist']); 2890 } 2891 } 2892 2893 $error_message = ""; 2894 $message = ""; 2895 2896 // Adding one or more users to this list 2897 if($mybb->get_input('add_username')) 2898 { 2899 // Split up any usernames we have 2900 $found_users = 0; 2901 $adding_self = false; 2902 $users = explode(",", $mybb->get_input('add_username')); 2903 $users = array_map("trim", $users); 2904 $users = array_unique($users); 2905 foreach($users as $key => $username) 2906 { 2907 if(empty($username)) 2908 { 2909 unset($users[$key]); 2910 continue; 2911 } 2912 2913 if(my_strtoupper($mybb->user['username']) == my_strtoupper($username)) 2914 { 2915 $adding_self = true; 2916 unset($users[$key]); 2917 continue; 2918 } 2919 $users[$key] = $db->escape_string($username); 2920 } 2921 2922 // Get the requests we have sent that are still pending 2923 $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']); 2924 $requests = array(); 2925 while($req = $db->fetch_array($query)) 2926 { 2927 $requests[$req['touid']] = true; 2928 } 2929 2930 // Get the requests we have received that are still pending 2931 $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']); 2932 $requests_rec = array(); 2933 while($req = $db->fetch_array($query)) 2934 { 2935 $requests_rec[$req['uid']] = true; 2936 } 2937 2938 $sent = false; 2939 2940 // Fetch out new users 2941 if(count($users) > 0) 2942 { 2943 switch($db->type) 2944 { 2945 case 'mysql': 2946 case 'mysqli': 2947 $field = 'username'; 2948 break; 2949 default: 2950 $field = 'LOWER(username)'; 2951 break; 2952 } 2953 $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')"); 2954 while($user = $db->fetch_array($query)) 2955 { 2956 ++$found_users; 2957 2958 // Make sure we're not adding a duplicate 2959 if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list)) 2960 { 2961 if($mybb->get_input('manage') == "ignored") 2962 { 2963 $error_message = "ignore"; 2964 } 2965 else 2966 { 2967 $error_message = "buddy"; 2968 } 2969 2970 // On another list? 2971 $string = "users_already_on_".$error_message."_list"; 2972 if(in_array($user['uid'], $selected_list)) 2973 { 2974 $string .= "_alt"; 2975 } 2976 2977 $error_message = $lang->$string; 2978 array_pop($users); // To maintain a proper count when we call count($users) 2979 continue; 2980 } 2981 2982 if(isset($requests[$user['uid']])) 2983 { 2984 if($mybb->get_input('manage') != "ignored") 2985 { 2986 $error_message = $lang->users_already_sent_request; 2987 } 2988 elseif($mybb->get_input('manage') == "ignored") 2989 { 2990 $error_message = $lang->users_already_sent_request_alt; 2991 } 2992 2993 array_pop($users); // To maintain a proper count when we call count($users) 2994 continue; 2995 } 2996 2997 if(isset($requests_rec[$user['uid']])) 2998 { 2999 if($mybb->get_input('manage') != "ignored") 3000 { 3001 $error_message = $lang->users_already_rec_request; 3002 } 3003 elseif($mybb->get_input('manage') == "ignored") 3004 { 3005 $error_message = $lang->users_already_rec_request_alt; 3006 } 3007 3008 array_pop($users); // To maintain a proper count when we call count($users) 3009 continue; 3010 } 3011 3012 // Do we have auto approval set to On? 3013 if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored") 3014 { 3015 $existing_users[] = $user['uid']; 3016 3017 $pm = array( 3018 'subject' => 'buddyrequest_new_buddy', 3019 'message' => 'buddyrequest_new_buddy_message', 3020 'touid' => $user['uid'], 3021 'receivepms' => (int)$user['buddyrequestspm'], 3022 'language' => $user['language'], 3023 'language_file' => 'usercp' 3024 ); 3025 3026 send_pm($pm); 3027 } 3028 elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored") 3029 { 3030 // Send request 3031 $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW)); 3032 3033 $pm = array( 3034 'subject' => 'buddyrequest_received', 3035 'message' => 'buddyrequest_received_message', 3036 'touid' => $user['uid'], 3037 'receivepms' => (int)$user['buddyrequestspm'], 3038 'language' => $user['language'], 3039 'language_file' => 'usercp' 3040 ); 3041 3042 send_pm($pm); 3043 3044 $sent = true; 3045 } 3046 elseif($mybb->get_input('manage') == "ignored") 3047 { 3048 $existing_users[] = $user['uid']; 3049 } 3050 } 3051 } 3052 3053 if($found_users < count($users)) 3054 { 3055 if($error_message) 3056 { 3057 $error_message .= "<br />"; 3058 } 3059 3060 $error_message .= $lang->invalid_user_selected; 3061 } 3062 3063 if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1)) 3064 { 3065 if($mybb->get_input('manage') == "ignored") 3066 { 3067 $message = $lang->users_added_to_ignore_list; 3068 } 3069 else 3070 { 3071 $message = $lang->users_added_to_buddy_list; 3072 } 3073 } 3074 3075 if($adding_self == true) 3076 { 3077 if($mybb->get_input('manage') == "ignored") 3078 { 3079 $error_message = $lang->cant_add_self_to_ignore_list; 3080 } 3081 else 3082 { 3083 $error_message = $lang->cant_add_self_to_buddy_list; 3084 } 3085 } 3086 3087 if(count($existing_users) == 0) 3088 { 3089 $message = ""; 3090 3091 if($sent === true) 3092 { 3093 $message = $lang->buddyrequests_sent_success; 3094 } 3095 } 3096 } 3097 3098 // Removing a user from this list 3099 elseif($mybb->get_input('delete', MyBB::INPUT_INT)) 3100 { 3101 // Check if user exists on the list 3102 $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users); 3103 if($key !== false) 3104 { 3105 unset($existing_users[$key]); 3106 $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT)); 3107 if(!empty($user)) 3108 { 3109 // We want to remove us from this user's buddy list 3110 if($user['buddylist'] != '') 3111 { 3112 $user['buddylist'] = explode(',', $user['buddylist']); 3113 } 3114 else 3115 { 3116 $user['buddylist'] = array(); 3117 } 3118 3119 $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $user['buddylist']); 3120 unset($user['buddylist'][$key]); 3121 3122 // Now we have the new list, so throw it all back together 3123 $new_list = implode(",", $user['buddylist']); 3124 3125 // And clean it up a little to ensure there is no possibility of bad values 3126 $new_list = preg_replace("#,{2,}#", ",", $new_list); 3127 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 3128 3129 if(my_substr($new_list, 0, 1) == ",") 3130 { 3131 $new_list = my_substr($new_list, 1); 3132 } 3133 if(my_substr($new_list, -1) == ",") 3134 { 3135 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 3136 } 3137 3138 $user['buddylist'] = $db->escape_string($new_list); 3139 3140 $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'"); 3141 } 3142 3143 if($mybb->get_input('manage') == "ignored") 3144 { 3145 $message = $lang->removed_from_ignore_list; 3146 } 3147 else 3148 { 3149 $message = $lang->removed_from_buddy_list; 3150 } 3151 $user['username'] = htmlspecialchars_uni($user['username']); 3152 $message = $lang->sprintf($message, $user['username']); 3153 } 3154 } 3155 3156 // Now we have the new list, so throw it all back together 3157 $new_list = implode(",", $existing_users); 3158 3159 // And clean it up a little to ensure there is no possibility of bad values 3160 $new_list = preg_replace("#,{2,}#", ",", $new_list); 3161 $new_list = preg_replace("#[^0-9,]#", "", $new_list); 3162 3163 if(my_substr($new_list, 0, 1) == ",") 3164 { 3165 $new_list = my_substr($new_list, 1); 3166 } 3167 if(my_substr($new_list, -1) == ",") 3168 { 3169 $new_list = my_substr($new_list, 0, my_strlen($new_list)-2); 3170 } 3171 3172 // And update 3173 $user = array(); 3174 if($mybb->get_input('manage') == "ignored") 3175 { 3176 $user['ignorelist'] = $db->escape_string($new_list); 3177 $mybb->user['ignorelist'] = $user['ignorelist']; 3178 } 3179 else 3180 { 3181 $user['buddylist'] = $db->escape_string($new_list); 3182 $mybb->user['buddylist'] = $user['buddylist']; 3183 } 3184 3185 $db->update_query("users", $user, "uid='".$mybb->user['uid']."'"); 3186 3187 $plugins->run_hooks("usercp_do_editlists_end"); 3188 3189 // Ajax based request, throw new list to browser 3190 if(!empty($mybb->input['ajax'])) 3191 { 3192 if($mybb->get_input('manage') == "ignored") 3193 { 3194 $list = "ignore"; 3195 } 3196 else 3197 { 3198 $list = "buddy"; 3199 } 3200 3201 $message_js = ''; 3202 if($message) 3203 { 3204 $message_js = "$.jGrowl('{$message}', {theme:'jgrowl_success'});"; 3205 } 3206 3207 if($error_message) 3208 { 3209 $message_js .= " $.jGrowl('{$error_message}', {theme:'jgrowl_error'});"; 3210 } 3211 3212 if($mybb->get_input('delete', MyBB::INPUT_INT)) 3213 { 3214 header("Content-type: text/javascript"); 3215 echo "$(\"#".$mybb->get_input('manage')."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n"; 3216 if($new_list == "") 3217 { 3218 echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"0\");\n"; 3219 echo "\$(\"#buddylink\").remove();\n"; 3220 3221 if($mybb->get_input('manage') == "ignored") 3222 { 3223 echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n"; 3224 } 3225 else 3226 { 3227 echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n"; 3228 } 3229 } 3230 else 3231 { 3232 echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"".count(explode(",", $new_list))."\");\n"; 3233 } 3234 echo $message_js; 3235 exit; 3236 } 3237 $mybb->input['action'] = "editlists"; 3238 } 3239 else 3240 { 3241 if($error_message) 3242 { 3243 $message .= "<br />".$error_message; 3244 } 3245 redirect("usercp.php?action=editlists#".$mybb->get_input('manage'), $message); 3246 } 3247 } 3248 3249 if($mybb->input['action'] == "editlists") 3250 { 3251 $plugins->run_hooks("usercp_editlists_start"); 3252 3253 $timecut = TIME_NOW - $mybb->settings['wolcutoff']; 3254 3255 // Fetch out buddies 3256 $buddy_count = 0; 3257 $buddy_list = ''; 3258 if($mybb->user['buddylist']) 3259 { 3260 $type = "buddy"; 3261 $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username")); 3262 while($user = $db->fetch_array($query)) 3263 { 3264 $user['username'] = htmlspecialchars_uni($user['username']); 3265 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3266 if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive']) 3267 { 3268 $status = "online"; 3269 } 3270 else 3271 { 3272 $status = "offline"; 3273 } 3274 eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";"); 3275 ++$buddy_count; 3276 } 3277 } 3278 3279 $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count); 3280 if(!$buddy_list) 3281 { 3282 eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";"); 3283 } 3284 3285 // Fetch out ignore list users 3286 $ignore_count = 0; 3287 $ignore_list = ''; 3288 if($mybb->user['ignorelist']) 3289 { 3290 $type = "ignored"; 3291 $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username")); 3292 while($user = $db->fetch_array($query)) 3293 { 3294 $user['username'] = htmlspecialchars_uni($user['username']); 3295 $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']); 3296 if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive']) 3297 { 3298 $status = "online"; 3299 } 3300 else 3301 { 3302 $status = "offline"; 3303 } 3304 eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";"); 3305 ++$ignore_count; 3306 } 3307 } 3308 3309 $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count); 3310 if(!$ignore_list) 3311 { 3312 eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";"); 3313 } 3314 3315 // If an AJAX request from buddy management, echo out whatever the new list is. 3316 if($mybb->request_method == "post" && $mybb->input['ajax'] == 1) 3317 { 3318 if($mybb->input['manage'] == "ignored") 3319 { 3320 echo $ignore_list; 3321 echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>"; 3322 } 3323 else 3324 { 3325 if(isset($sent) && $sent === true) 3326 { 3327 $sent_rows = ''; 3328 $query = $db->query(" 3329 SELECT r.*, u.username 3330 FROM ".TABLE_PREFIX."buddyrequests r 3331 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid) 3332 WHERE r.uid=".(int)$mybb->user['uid']); 3333 3334 while($request = $db->fetch_array($query)) 3335 { 3336 $bgcolor = alt_trow(); 3337 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']); 3338 $request['date'] = my_date('relative', $request['date']); 3339 eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";"); 3340 } 3341 3342 if($sent_rows == '') 3343 { 3344 eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";"); 3345 } 3346 3347 eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";"); 3348 3349 echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>"; 3350 } 3351 else 3352 { 3353 echo $buddy_list; 3354 echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>"; 3355 } 3356 } 3357 exit; 3358 } 3359 3360 $received_rows = $bgcolor = ''; 3361 $query = $db->query(" 3362 SELECT r.*, u.username 3363 FROM ".TABLE_PREFIX."buddyrequests r 3364 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid) 3365 WHERE r.touid=".(int)$mybb->user['uid']); 3366 3367 while($request = $db->fetch_array($query)) 3368 { 3369 $bgcolor = alt_trow(); 3370 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']); 3371 $request['date'] = my_date('relative', $request['date']); 3372 eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";"); 3373 } 3374 3375 if($received_rows == '') 3376 { 3377 eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";"); 3378 } 3379 3380 eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";"); 3381 3382 $sent_rows = $bgcolor = ''; 3383 $query = $db->query(" 3384 SELECT r.*, u.username 3385 FROM ".TABLE_PREFIX."buddyrequests r 3386 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid) 3387 WHERE r.uid=".(int)$mybb->user['uid']); 3388 3389 while($request = $db->fetch_array($query)) 3390 { 3391 $bgcolor = alt_trow(); 3392 $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']); 3393 $request['date'] = my_date('relative', $request['date']); 3394 eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";"); 3395 } 3396 3397 if($sent_rows == '') 3398 { 3399 eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";"); 3400 } 3401 3402 eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";"); 3403 3404 $plugins->run_hooks("usercp_editlists_end"); 3405 3406 eval("\$listpage = \"".$templates->get("usercp_editlists")."\";"); 3407 output_page($listpage); 3408 } 3409 3410 if($mybb->input['action'] == "drafts") 3411 { 3412 $plugins->run_hooks("usercp_drafts_start"); 3413 3414 $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'"); 3415 $draftcount = $db->fetch_field($query, 'draftcount'); 3416 3417 $drafts = $disable_delete_drafts = ''; 3418 $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount)); 3419 3420 // Show a listing of all of the current 'draft' posts or threads the user has. 3421 if($draftcount) 3422 { 3423 $query = $db->query(" 3424 SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible 3425 FROM ".TABLE_PREFIX."posts p 3426 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3427 LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid) 3428 WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2' 3429 ORDER BY p.dateline DESC, p.pid DESC 3430 "); 3431 3432 while($draft = $db->fetch_array($query)) 3433 { 3434 $detail = ''; 3435 $trow = alt_trow(); 3436 if($draft['threadvisible'] == 1) // We're looking at a draft post 3437 { 3438 $draft['threadlink'] = get_thread_link($draft['tid']); 3439 $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']); 3440 eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";"); 3441 $editurl = "newreply.php?action=editdraft&pid={$draft['pid']}"; 3442 $id = $draft['pid']; 3443 $type = "post"; 3444 } 3445 elseif($draft['threadvisible'] == -2) // We're looking at a draft thread 3446 { 3447 $draft['forumlink'] = get_forum_link($draft['fid']); 3448 $draft['forumname'] = htmlspecialchars_uni($draft['forumname']); 3449 eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";"); 3450 $editurl = "newthread.php?action=editdraft&tid={$draft['tid']}"; 3451 $id = $draft['tid']; 3452 $type = "thread"; 3453 } 3454 3455 $draft['subject'] = htmlspecialchars_uni($draft['subject']); 3456 $savedate = my_date('relative', $draft['dateline']); 3457 eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";"); 3458 } 3459 } 3460 else 3461 { 3462 $disable_delete_drafts = 'disabled="disabled"'; 3463 eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";"); 3464 } 3465 3466 $plugins->run_hooks("usercp_drafts_end"); 3467 3468 eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";"); 3469 output_page($draftlist); 3470 } 3471 3472 if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post") 3473 { 3474 // Verify incoming POST request 3475 verify_post_check($mybb->get_input('my_post_key')); 3476 3477 $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY); 3478 if(empty($mybb->input['deletedraft'])) 3479 { 3480 error($lang->no_drafts_selected); 3481 } 3482 3483 $plugins->run_hooks("usercp_do_drafts_start"); 3484 3485 $pidin = array(); 3486 $tidin = array(); 3487 3488 foreach($mybb->input['deletedraft'] as $id => $val) 3489 { 3490 if($val == "post") 3491 { 3492 $pidin[] = "'".(int)$id."'"; 3493 } 3494 elseif($val == "thread") 3495 { 3496 $tidin[] = "'".(int)$id."'"; 3497 } 3498 } 3499 if($tidin) 3500 { 3501 $tidin = implode(",", $tidin); 3502 $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'"); 3503 $tidinp = "OR tid IN ($tidin)"; 3504 } 3505 else 3506 { 3507 $tidinp = ''; 3508 } 3509 if($pidin || $tidinp) 3510 { 3511 $pidinq = $tidin = ''; 3512 if($pidin) 3513 { 3514 $pidin = implode(",", $pidin); 3515 $pidinq = "pid IN ($pidin)"; 3516 } 3517 else 3518 { 3519 $pidinq = "1=0"; 3520 } 3521 $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'"); 3522 } 3523 $plugins->run_hooks("usercp_do_drafts_end"); 3524 redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted); 3525 } 3526 3527 if($mybb->input['action'] == "usergroups") 3528 { 3529 $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].","; 3530 3531 $usergroups = $mybb->cache->read('usergroups'); 3532 3533 $plugins->run_hooks("usercp_usergroups_start"); 3534 3535 // Changing our display group 3536 if($mybb->get_input('displaygroup', MyBB::INPUT_INT)) 3537 { 3538 // Verify incoming POST request 3539 verify_post_check($mybb->get_input('my_post_key')); 3540 3541 if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false) 3542 { 3543 error($lang->not_member_of_group); 3544 } 3545 3546 $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)]; 3547 if($dispgroup['candisplaygroup'] != 1) 3548 { 3549 error($lang->cannot_set_displaygroup); 3550 } 3551 $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'"); 3552 $cache->update_moderators(); 3553 $plugins->run_hooks("usercp_usergroups_change_displaygroup"); 3554 redirect("usercp.php?action=usergroups", $lang->display_group_changed); 3555 exit; 3556 } 3557 3558 // Leaving a group 3559 if($mybb->get_input('leavegroup', MyBB::INPUT_INT)) 3560 { 3561 // Verify incoming POST request 3562 verify_post_check($mybb->get_input('my_post_key')); 3563 3564 if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false) 3565 { 3566 error($lang->not_member_of_group); 3567 } 3568 if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT)) 3569 { 3570 error($lang->cannot_leave_primary_group); 3571 } 3572 3573 $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)]; 3574 if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5) 3575 { 3576 error($lang->cannot_leave_group); 3577 } 3578 leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT)); 3579 $plugins->run_hooks("usercp_usergroups_leave_group"); 3580 redirect("usercp.php?action=usergroups", $lang->left_group); 3581 exit; 3582 } 3583 3584 $groupleaders = array(); 3585 3586 // List of usergroup leaders 3587 $query = $db->query(" 3588 SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language 3589 FROM ".TABLE_PREFIX."groupleaders g 3590 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid) 3591 ORDER BY u.username ASC 3592 "); 3593 while($leader = $db->fetch_array($query)) 3594 { 3595 $groupleaders[$leader['gid']][$leader['uid']] = $leader; 3596 } 3597 3598 // Joining a group 3599 if($mybb->get_input('joingroup', MyBB::INPUT_INT)) 3600 { 3601 // Verify incoming POST request 3602 verify_post_check($mybb->get_input('my_post_key')); 3603 3604 $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)]; 3605 3606 if($usergroup['type'] == 5) 3607 { 3608 error($lang->cannot_join_invite_group); 3609 } 3610 3611 if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid']) 3612 { 3613 error($lang->cannot_join_group); 3614 } 3615 3616 if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false) 3617 { 3618 error($lang->already_member_of_group); 3619 } 3620 3621 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'"); 3622 $joinrequest = $db->fetch_array($query); 3623 3624 if($joinrequest) 3625 { 3626 error($lang->already_sent_join_request); 3627 } 3628 3629 if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4) 3630 { 3631 $reasonlength = my_strlen($mybb->get_input('reason')); 3632 3633 if($reasonlength > 250) // Reason field is varchar(250) in database 3634 { 3635 error($lang->sprintf($lang->joinreason_too_long, ($reasonlength - 250))); 3636 } 3637 3638 $now = TIME_NOW; 3639 $joinrequest = array( 3640 "uid" => $mybb->user['uid'], 3641 "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT), 3642 "reason" => $db->escape_string($mybb->get_input('reason')), 3643 "dateline" => TIME_NOW 3644 ); 3645 3646 $db->insert_query("joinrequests", $joinrequest); 3647 3648 if(array_key_exists($usergroup['gid'], $groupleaders)) 3649 { 3650 foreach($groupleaders[$usergroup['gid']] as $leader) 3651 { 3652 // Load language 3653 $lang->set_language($leader['language']); 3654 $lang->load("messages"); 3655 3656 $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']); 3657 $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']); 3658 my_mail($leader['email'], $subject, $message); 3659 } 3660 } 3661 3662 // Load language 3663 $lang->set_language($mybb->user['language']); 3664 $lang->load("messages"); 3665 3666 $plugins->run_hooks("usercp_usergroups_join_group_request"); 3667 redirect("usercp.php?action=usergroups", $lang->group_join_requestsent); 3668 exit; 3669 } 3670 elseif($usergroup['type'] == 4) 3671 { 3672 $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT); 3673 eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";"); 3674 output_page($joinpage); 3675 exit; 3676 } 3677 else 3678 { 3679 join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT)); 3680 $plugins->run_hooks("usercp_usergroups_join_group"); 3681 redirect("usercp.php?action=usergroups", $lang->joined_group); 3682 } 3683 } 3684 3685 // Accepting invitation 3686 if($mybb->get_input('acceptinvite', MyBB::INPUT_INT)) 3687 { 3688 // Verify incoming POST request 3689 verify_post_check($mybb->get_input('my_post_key')); 3690 3691 $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)]; 3692 3693 if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false) 3694 { 3695 error($lang->already_accepted_invite); 3696 } 3697 3698 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'"); 3699 $joinrequest = $db->fetch_array($query); 3700 if($joinrequest) 3701 { 3702 join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT)); 3703 $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'"); 3704 $plugins->run_hooks("usercp_usergroups_accept_invite"); 3705 redirect("usercp.php?action=usergroups", $lang->joined_group); 3706 } 3707 else 3708 { 3709 error($lang->no_pending_invitation); 3710 } 3711 } 3712 // Show listing of various group related things 3713 3714 // List of groups this user is a leader of 3715 $groupsledlist = ''; 3716 3717 switch($db->type) 3718 { 3719 case "pgsql": 3720 case "sqlite": 3721 $query = $db->query(" 3722 SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3723 FROM ".TABLE_PREFIX."groupleaders l 3724 LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid) 3725 LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid)) 3726 LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0) 3727 WHERE l.uid='".$mybb->user['uid']."' 3728 GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3729 "); 3730 break; 3731 default: 3732 $query = $db->query(" 3733 SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3734 FROM ".TABLE_PREFIX."groupleaders l 3735 LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid) 3736 LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid)) 3737 LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0) 3738 WHERE l.uid='".$mybb->user['uid']."' 3739 GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers 3740 "); 3741 } 3742 3743 while($usergroup = $db->fetch_array($query)) 3744 { 3745 $memberlistlink = $moderaterequestslink = ''; 3746 eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";"); 3747 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3748 if($usergroup['type'] != 4) 3749 { 3750 $usergroup['joinrequests'] = '--'; 3751 } 3752 if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1) 3753 { 3754 eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";"); 3755 } 3756 $groupleader[$usergroup['gid']] = 1; 3757 $trow = alt_trow(); 3758 eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";"); 3759 } 3760 $leadinggroups = ''; 3761 if($groupsledlist) 3762 { 3763 eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";"); 3764 } 3765 3766 // Fetch the list of groups the member is in 3767 // Do the primary group first 3768 $usergroup = $usergroups[$mybb->user['usergroup']]; 3769 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3770 $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']); 3771 if($usergroup['description']) 3772 { 3773 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3774 eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";"); 3775 } 3776 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";"); 3777 $trow = alt_trow(); 3778 if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup']) 3779 { 3780 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";"); 3781 } 3782 elseif($usergroup['candisplaygroup'] == 1) 3783 { 3784 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";"); 3785 } 3786 else 3787 { 3788 $displaycode = ''; 3789 } 3790 3791 eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";"); 3792 $showmemberof = false; 3793 if($mybb->user['additionalgroups']) 3794 { 3795 $additionalgroups = implode( 3796 ',', 3797 array_map( 3798 'intval', 3799 explode(',', $mybb->user['additionalgroups']) 3800 ) 3801 ); 3802 $query = $db->simple_select("usergroups", "*", "gid IN (".$additionalgroups.") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title')); 3803 while($usergroup = $db->fetch_array($query)) 3804 { 3805 $showmemberof = true; 3806 3807 if(isset($groupleader[$usergroup['gid']])) 3808 { 3809 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";"); 3810 } 3811 elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5) 3812 { 3813 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";"); 3814 } 3815 else 3816 { 3817 eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";"); 3818 } 3819 3820 $description = ''; 3821 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3822 $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']); 3823 if($usergroup['description']) 3824 { 3825 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3826 eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";"); 3827 } 3828 $trow = alt_trow(); 3829 if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup']) 3830 { 3831 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";"); 3832 } 3833 elseif($usergroup['candisplaygroup'] == 1) 3834 { 3835 eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";"); 3836 } 3837 else 3838 { 3839 $displaycode = ''; 3840 } 3841 eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";"); 3842 } 3843 } 3844 eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";"); 3845 3846 // List of groups this user has applied for but has not been accepted in to 3847 $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'"); 3848 while($request = $db->fetch_array($query)) 3849 { 3850 $appliedjoin[$request['gid']] = $request['dateline']; 3851 } 3852 3853 // Fetch list of groups the member can join 3854 $existinggroups = $mybb->user['usergroup']; 3855 if($mybb->user['additionalgroups']) 3856 { 3857 $additionalgroups = implode( 3858 ',', 3859 array_map( 3860 'intval', 3861 explode(',', $mybb->user['additionalgroups']) 3862 ) 3863 ); 3864 $existinggroups .= ",".$additionalgroups; 3865 } 3866 3867 $joinablegroups = $joinablegrouplist = ''; 3868 $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4' OR type='5') AND gid NOT IN ($existinggroups)", array('order_by' => 'title')); 3869 while($usergroup = $db->fetch_array($query)) 3870 { 3871 $trow = alt_trow(); 3872 3873 $description = ''; 3874 $usergroup['title'] = htmlspecialchars_uni($usergroup['title']); 3875 if($usergroup['description']) 3876 { 3877 $usergroup['description'] = htmlspecialchars_uni($usergroup['description']); 3878 eval("\$description = \"".$templates->get("usercp_usergroups_joinable_usergroup_description")."\";"); 3879 } 3880 3881 // Moderating join requests? 3882 if($usergroup['type'] == 4) 3883 { 3884 $conditions = $lang->usergroup_joins_moderated; 3885 } 3886 elseif($usergroup['type'] == 5) 3887 { 3888 $conditions = $lang->usergroup_joins_invite; 3889 } 3890 else 3891 { 3892 $conditions = $lang->usergroup_joins_anyone; 3893 } 3894 3895 if(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] != 5) 3896 { 3897 $applydate = my_date('relative', $appliedjoin[$usergroup['gid']]); 3898 $joinlink = $lang->sprintf($lang->join_group_applied, $applydate); 3899 } 3900 elseif(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] == 5) 3901 { 3902 $joinlink = $lang->sprintf($lang->pending_invitation, $usergroup['gid'], $mybb->post_code); 3903 } 3904 elseif($usergroup['type'] == 5) 3905 { 3906 $joinlink = "--"; 3907 } 3908 else 3909 { 3910 eval("\$joinlink = \"".$templates->get("usercp_usergroups_joinable_usergroup_join")."\";"); 3911 } 3912 3913 $usergroupleaders = ''; 3914 if(!empty($groupleaders[$usergroup['gid']])) 3915 { 3916 $comma = ''; 3917 $usergroupleaders = ''; 3918 foreach($groupleaders[$usergroup['gid']] as $leader) 3919 { 3920 $leader['username'] = format_name(htmlspecialchars_uni($leader['username']), $leader['usergroup'], $leader['displaygroup']); 3921 $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']); 3922 $comma = $lang->comma; 3923 } 3924 $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders; 3925 } 3926 3927 if(my_strpos($usergroupleaders, $mybb->user['username']) === false) 3928 { 3929 // User is already a leader of the group, so don't show as a "Join Group" 3930 eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";"); 3931 } 3932 } 3933 if($joinablegrouplist) 3934 { 3935 eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";"); 3936 } 3937 3938 $plugins->run_hooks("usercp_usergroups_end"); 3939 3940 eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";"); 3941 output_page($groupmemberships); 3942 } 3943 3944 if($mybb->input['action'] == "attachments") 3945 { 3946 require_once MYBB_ROOT."inc/functions_upload.php"; 3947 3948 if($mybb->settings['enableattachments'] == 0) 3949 { 3950 error($lang->attachments_disabled); 3951 } 3952 3953 $plugins->run_hooks("usercp_attachments_start"); 3954 3955 // Get unviewable forums 3956 $f_perm_sql = ''; 3957 $unviewable_forums = get_unviewable_forums(true); 3958 $inactiveforums = get_inactive_forums(); 3959 if($unviewable_forums) 3960 { 3961 $f_perm_sql = " AND t.fid NOT IN ($unviewable_forums)"; 3962 } 3963 if($inactiveforums) 3964 { 3965 $f_perm_sql .= " AND t.fid NOT IN ($inactiveforums)"; 3966 } 3967 3968 $attachments = ''; 3969 3970 // Pagination 3971 if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1) 3972 { 3973 $mybb->settings['threadsperpage'] = 20; 3974 } 3975 3976 $perpage = $mybb->settings['threadsperpage']; 3977 $page = $mybb->get_input('page', MyBB::INPUT_INT); 3978 3979 if($page > 0) 3980 { 3981 $start = ($page-1) * $perpage; 3982 } 3983 else 3984 { 3985 $start = 0; 3986 $page = 1; 3987 } 3988 3989 $end = $start + $perpage; 3990 $lower = $start+1; 3991 3992 $query = $db->query(" 3993 SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject 3994 FROM ".TABLE_PREFIX."attachments a 3995 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 3996 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 3997 WHERE a.uid='".$mybb->user['uid']."' {$f_perm_sql} 3998 ORDER BY p.dateline DESC, p.pid DESC LIMIT {$start}, {$perpage} 3999 "); 4000 4001 $bandwidth = $totaldownloads = $totalusage = $totalattachments = $processedattachments = 0; 4002 while($attachment = $db->fetch_array($query)) 4003 { 4004 if($attachment['dateline'] && $attachment['tid']) 4005 { 4006 $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject'])); 4007 $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']); 4008 $attachment['threadlink'] = get_thread_link($attachment['tid']); 4009 $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject'])); 4010 4011 $size = get_friendly_size($attachment['filesize']); 4012 $icon = get_attachment_icon(get_extension($attachment['filename'])); 4013 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 4014 4015 $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']); 4016 $attachdate = my_date('relative', $attachment['dateline']); 4017 $altbg = alt_trow(); 4018 4019 eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";"); 4020 4021 // Add to bandwidth total 4022 $bandwidth += ($attachment['filesize'] * $attachment['downloads']); 4023 $totaldownloads += $attachment['downloads']; 4024 $totalusage += $attachment['filesize']; 4025 ++$totalattachments; 4026 } 4027 else 4028 { 4029 // This little thing delets attachments without a thread/post 4030 remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']); 4031 } 4032 ++$processedattachments; 4033 } 4034 4035 $multipage = ''; 4036 if($processedattachments >= $perpage || $page > 1) 4037 { 4038 $query = $db->query(" 4039 SELECT SUM(a.filesize) AS ausage, COUNT(a.aid) AS acount 4040 FROM ".TABLE_PREFIX."attachments a 4041 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 4042 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 4043 WHERE a.uid='".$mybb->user['uid']."' {$f_perm_sql} 4044 "); 4045 $usage = $db->fetch_array($query); 4046 $totalusage = $usage['ausage']; 4047 $totalattachments = $usage['acount']; 4048 4049 $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments"); 4050 } 4051 4052 $friendlyusage = get_friendly_size((int)$totalusage); 4053 if($mybb->usergroup['attachquota']) 4054 { 4055 $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100); 4056 $friendlyusage .= $lang->sprintf($lang->attachments_usage_percent, $percent); 4057 $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 4058 $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $totalattachments); 4059 } 4060 else 4061 { 4062 $attachquota = $lang->unlimited; 4063 $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments); 4064 } 4065 4066 $bandwidth = get_friendly_size($bandwidth); 4067 4068 eval("\$delete_button = \"".$templates->get("delete_attachments_button")."\";"); 4069 4070 if(!$attachments) 4071 { 4072 eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";"); 4073 $usagenote = ''; 4074 $delete_button = ''; 4075 } 4076 4077 $plugins->run_hooks("usercp_attachments_end"); 4078 4079 eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";"); 4080 output_page($manageattachments); 4081 } 4082 4083 if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post") 4084 { 4085 // Verify incoming POST request 4086 verify_post_check($mybb->get_input('my_post_key')); 4087 4088 require_once MYBB_ROOT."inc/functions_upload.php"; 4089 if(!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments'])) 4090 { 4091 error($lang->no_attachments_selected); 4092 } 4093 4094 $plugins->run_hooks("usercp_do_attachments_start"); 4095 4096 // Get unviewable forums 4097 $f_perm_sql = ''; 4098 $unviewable_forums = get_unviewable_forums(true); 4099 $inactiveforums = get_inactive_forums(); 4100 if($unviewable_forums) 4101 { 4102 $f_perm_sql = " AND p.fid NOT IN ($unviewable_forums)"; 4103 } 4104 if($inactiveforums) 4105 { 4106 $f_perm_sql .= " AND p.fid NOT IN ($inactiveforums)"; 4107 } 4108 4109 $aids = implode(',', array_map('intval', $mybb->input['attachments'])); 4110 4111 $query = $db->query(" 4112 SELECT a.*, p.fid 4113 FROM ".TABLE_PREFIX."attachments a 4114 LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid) 4115 WHERE aid IN ({$aids}) AND a.uid={$mybb->user['uid']} {$f_perm_sql} 4116 "); 4117 4118 while($attachment = $db->fetch_array($query)) 4119 { 4120 remove_attachment($attachment['pid'], '', $attachment['aid']); 4121 } 4122 $plugins->run_hooks("usercp_do_attachments_end"); 4123 redirect("usercp.php?action=attachments", $lang->attachments_deleted); 4124 } 4125 4126 if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post") 4127 { 4128 // Verify incoming POST request 4129 verify_post_check($mybb->get_input('my_post_key')); 4130 4131 // Cap at 60,000 chars; text will allow up to 65535? 4132 if(my_strlen($mybb->get_input('notepad')) > 60000) 4133 { 4134 $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000); 4135 } 4136 4137 $plugins->run_hooks("usercp_do_notepad_start"); 4138 $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='".$mybb->user['uid']."'"); 4139 $plugins->run_hooks("usercp_do_notepad_end"); 4140 redirect("usercp.php", $lang->redirect_notepadupdated); 4141 } 4142 4143 if(!$mybb->input['action']) 4144 { 4145 // Get posts per day 4146 $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600); 4147 4148 if($daysreg < 1) 4149 { 4150 $daysreg = 1; 4151 } 4152 4153 $perday = $mybb->user['postnum'] / $daysreg; 4154 $perday = round($perday, 2); 4155 if($perday > $mybb->user['postnum']) 4156 { 4157 $perday = $mybb->user['postnum']; 4158 } 4159 4160 $stats = $cache->read("stats"); 4161 $posts = $stats['numposts']; 4162 if($posts == 0) 4163 { 4164 $percent = "0"; 4165 } 4166 else 4167 { 4168 $percent = $mybb->user['postnum']*100/$posts; 4169 $percent = round($percent, 2); 4170 } 4171 4172 $colspan = 2; 4173 $lang->posts_day = $lang->sprintf($lang->posts_day, my_number_format($perday), $percent); 4174 $regdate = my_date('relative', $mybb->user['regdate']); 4175 4176 $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100'); 4177 $avatar_username = htmlspecialchars_uni($mybb->user['username']); 4178 eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";"); 4179 4180 $mybb->user['email'] = htmlspecialchars_uni($mybb->user['email']); 4181 4182 $usergroup = htmlspecialchars_uni($groupscache[$mybb->user['usergroup']]['title']); 4183 if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin") 4184 { 4185 eval("\$usergroup .= \"".$templates->get("usercp_resendactivation")."\";"); 4186 } 4187 // Make reputations row 4188 $reputation = ''; 4189 if($mybb->usergroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) 4190 { 4191 $reputation_link = get_reputation($mybb->user['reputation']); 4192 eval("\$reputation = \"".$templates->get("usercp_reputation")."\";"); 4193 } 4194 4195 $latest_warnings = ''; 4196 if($mybb->settings['enablewarningsystem'] != 0 && $mybb->settings['canviewownwarning'] != 0) 4197 { 4198 if($mybb->settings['maxwarningpoints'] < 1) 4199 { 4200 $mybb->settings['maxwarningpoints'] = 10; 4201 } 4202 $warning_level = round($mybb->user['warningpoints']/$mybb->settings['maxwarningpoints']*100); 4203 if($warning_level > 100) 4204 { 4205 $warning_level = 100; 4206 } 4207 4208 if($mybb->user['warningpoints'] > $mybb->settings['maxwarningpoints']) 4209 { 4210 $mybb->user['warningpoints'] = $mybb->settings['maxwarningpoints']; 4211 } 4212 4213 if($warning_level > 0) 4214 { 4215 require_once MYBB_ROOT.'inc/datahandlers/warnings.php'; 4216 $warningshandler = new WarningsHandler('update'); 4217 4218 $warningshandler->expire_warnings(); 4219 4220 $lang->current_warning_level = $lang->sprintf($lang->current_warning_level, $warning_level, $mybb->user['warningpoints'], $mybb->settings['maxwarningpoints']); 4221 $warnings = ''; 4222 // Fetch latest warnings 4223 $query = $db->query(" 4224 SELECT w.*, t.title AS type_title, u.username, p.subject AS post_subject 4225 FROM ".TABLE_PREFIX."warnings w 4226 LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (t.tid=w.tid) 4227 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=w.issuedby) 4228 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=w.pid) 4229 WHERE w.uid='{$mybb->user['uid']}' 4230 ORDER BY w.expired ASC, w.dateline DESC 4231 LIMIT 5 4232 "); 4233 while($warning = $db->fetch_array($query)) 4234 { 4235 $post_link = ""; 4236 if($warning['post_subject']) 4237 { 4238 $warning['post_subject'] = $parser->parse_badwords($warning['post_subject']); 4239 $warning['post_subject'] = htmlspecialchars_uni($warning['post_subject']); 4240 $warning['postlink'] = get_post_link($warning['pid']); 4241 eval("\$post_link .= \"".$templates->get("usercp_warnings_warning_post")."\";"); 4242 } 4243 $warning['username'] = htmlspecialchars_uni($warning['username']); 4244 $issuedby = build_profile_link($warning['username'], $warning['issuedby']); 4245 $date_issued = my_date('relative', $warning['dateline']); 4246 if($warning['type_title']) 4247 { 4248 $warning_type = $warning['type_title']; 4249 } 4250 else 4251 { 4252 $warning_type = $warning['title']; 4253 } 4254 $warning_type = htmlspecialchars_uni($warning_type); 4255 if($warning['points'] > 0) 4256 { 4257 $warning['points'] = "+{$warning['points']}"; 4258 } 4259 $points = $lang->sprintf($lang->warning_points, $warning['points']); 4260 4261 // Figure out expiration time 4262 if($warning['daterevoked']) 4263 { 4264 $expires = $lang->warning_revoked; 4265 } 4266 elseif($warning['expired']) 4267 { 4268 $expires = $lang->already_expired; 4269 } 4270 elseif($warning['expires'] == 0) 4271 { 4272 $expires = $lang->never; 4273 } 4274 else 4275 { 4276 $expires = nice_time($warning['expires']-TIME_NOW); 4277 } 4278 4279 $alt_bg = alt_trow(); 4280 eval("\$warnings .= \"".$templates->get("usercp_warnings_warning")."\";"); 4281 } 4282 if($warnings) 4283 { 4284 eval("\$latest_warnings = \"".$templates->get("usercp_warnings")."\";"); 4285 } 4286 } 4287 } 4288 4289 // Format username 4290 $username = format_name(htmlspecialchars_uni($mybb->user['username']), $mybb->user['usergroup'], $mybb->user['displaygroup']); 4291 $username = build_profile_link($username, $mybb->user['uid']); 4292 4293 // Format post numbers 4294 $mybb->user['posts'] = my_number_format($mybb->user['postnum']); 4295 4296 // Build referral link 4297 $referral_info = ''; 4298 if($mybb->settings['usereferrals'] == 1) 4299 { 4300 $referral_link = $lang->sprintf($lang->referral_link, $settings['bburl'], $mybb->user['uid']); 4301 4302 $referral_count = (int) $mybb->user['referrals']; 4303 if($referral_count > 0) 4304 { 4305 $uid = (int) $mybb->user['uid']; 4306 eval("\$mybb->user['referrals'] = \"".$templates->get('member_referrals_link')."\";"); 4307 } 4308 4309 eval("\$referral_info = \"".$templates->get("usercp_referrals")."\";"); 4310 } 4311 4312 // User Notepad 4313 $plugins->run_hooks("usercp_notepad_start"); 4314 $mybb->user['notepad'] = htmlspecialchars_uni($mybb->user['notepad']); 4315 eval("\$user_notepad = \"".$templates->get("usercp_notepad")."\";"); 4316 $plugins->run_hooks("usercp_notepad_end"); 4317 4318 // Thread Subscriptions with New Posts 4319 $latest_subscribed = ''; 4320 $query = $db->simple_select("threadsubscriptions", "sid", "uid = '".$mybb->user['uid']."'", array("limit" => 1)); 4321 if($db->num_rows($query)) 4322 { 4323 $where = array( 4324 "s.uid={$mybb->user['uid']}", 4325 "t.lastposteruid!={$mybb->user['uid']}", 4326 get_visible_where('t') 4327 ); 4328 4329 if($unviewable_forums = get_unviewable_forums(true)) 4330 { 4331 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 4332 } 4333 4334 if($inactive_forums = get_inactive_forums()) 4335 { 4336 $where[] = "t.fid NOT IN ({$inactive_forums})"; 4337 } 4338 4339 $where = implode(' AND ', $where); 4340 4341 $query = $db->query(" 4342 SELECT s.*, t.*, t.username AS threadusername, u.username 4343 FROM ".TABLE_PREFIX."threadsubscriptions s 4344 LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid) 4345 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 4346 WHERE {$where} 4347 ORDER BY t.lastpost DESC 4348 LIMIT 0, 10 4349 "); 4350 4351 $subscriptions = array(); 4352 $fpermissions = forum_permissions(); 4353 4354 while($subscription = $db->fetch_array($query)) 4355 { 4356 $forumpermissions = $fpermissions[$subscription['fid']]; 4357 4358 if(!isset($forumpermissions['canonlyviewownthreads']) || $forumpermissions['canonlyviewownthreads'] == 0 || $subscription['uid'] == $mybb->user['uid']) 4359 { 4360 $subscriptions[$subscription['tid']] = $subscription; 4361 } 4362 } 4363 4364 if($subscriptions) 4365 { 4366 $tids = implode(",", array_keys($subscriptions)); 4367 4368 // Checking read 4369 if($mybb->settings['threadreadcut'] > 0) 4370 { 4371 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4372 while($readthread = $db->fetch_array($query)) 4373 { 4374 if($readthread['dateline'] >= $subscriptions[$readthread['tid']]['lastpost']) 4375 { 4376 unset($subscriptions[$readthread['tid']]); // If it's already been read, then don't display the thread 4377 } 4378 else 4379 { 4380 $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline']; 4381 } 4382 } 4383 } 4384 4385 if($subscriptions) 4386 { 4387 if($mybb->settings['dotfolders'] != 0) 4388 { 4389 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4390 while($post = $db->fetch_array($query)) 4391 { 4392 $subscriptions[$post['tid']]['doticon'] = 1; 4393 } 4394 } 4395 4396 $icon_cache = $cache->read("posticons"); 4397 $threadprefixes = build_prefixes(); 4398 $latest_subscribed_threads = ''; 4399 4400 foreach($subscriptions as $thread) 4401 { 4402 $plugins->run_hooks("usercp_thread_subscriptions_thread"); 4403 $folder = ''; 4404 $folder_label = ''; 4405 $gotounread = ''; 4406 4407 if(!empty($thread['tid'])) 4408 { 4409 $bgcolor = alt_trow(); 4410 $thread['subject'] = $parser->parse_badwords($thread['subject']); 4411 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 4412 $thread['threadlink'] = get_thread_link($thread['tid']); 4413 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 4414 4415 // If this thread has a prefix... 4416 if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']])) 4417 { 4418 $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 4419 } 4420 else 4421 { 4422 $thread['displayprefix'] = ''; 4423 } 4424 4425 // Icons 4426 if($thread['icon'] > 0 && isset($icon_cache[$thread['icon']])) 4427 { 4428 $icon = $icon_cache[$thread['icon']]; 4429 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 4430 $icon['path'] = htmlspecialchars_uni($icon['path']); 4431 $icon['name'] = htmlspecialchars_uni($icon['name']); 4432 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 4433 } 4434 else 4435 { 4436 $icon = " "; 4437 } 4438 4439 if(!isset($thread['doticon'])) 4440 { 4441 $folder = "dot_"; 4442 $folder_label .= $lang->icon_dot; 4443 } 4444 4445 // Check to see which icon we display 4446 if(!empty($thread['lastread']) && $thread['lastread'] < $thread['lastpost']) 4447 { 4448 $folder .= "new"; 4449 $folder_label .= $lang->icon_new; 4450 $new_class = "subject_new"; 4451 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 4452 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 4453 } 4454 else 4455 { 4456 $folder_label .= $lang->icon_no_new; 4457 $new_class = "subject_old"; 4458 } 4459 4460 $folder .= "folder"; 4461 4462 if($thread['visible'] == 0) 4463 { 4464 $bgcolor = "trow_shaded"; 4465 } 4466 4467 $lastpostdate = my_date('relative', $thread['lastpost']); 4468 $lastposteruid = $thread['lastposteruid']; 4469 if(!$lastposteruid && !$thread['lastposter']) 4470 { 4471 $lastposter = htmlspecialchars_uni($lang->guest); 4472 } 4473 else 4474 { 4475 $lastposter = htmlspecialchars_uni($thread['lastposter']); 4476 } 4477 4478 if($lastposteruid == 0) 4479 { 4480 $lastposterlink = $lastposter; 4481 } 4482 else 4483 { 4484 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 4485 } 4486 4487 $thread['replies'] = my_number_format($thread['replies']); 4488 $thread['views'] = my_number_format($thread['views']); 4489 $thread['username'] = htmlspecialchars_uni($thread['username']); 4490 $thread['author'] = build_profile_link($thread['username'], $thread['uid']); 4491 4492 eval("\$latest_subscribed_threads .= \"".$templates->get("usercp_latest_subscribed_threads")."\";"); 4493 } 4494 } 4495 eval("\$latest_subscribed = \"".$templates->get("usercp_latest_subscribed")."\";"); 4496 } 4497 } 4498 } 4499 4500 // User's Latest Threads 4501 $where = array( 4502 "t.uid={$mybb->user['uid']}", 4503 get_visible_where('t') 4504 ); 4505 4506 if($unviewable_forums = get_unviewable_forums(true)) 4507 { 4508 $where[] = "t.fid NOT IN ({$unviewable_forums})"; 4509 } 4510 4511 if($inactive_forums = get_inactive_forums()) 4512 { 4513 $where[] = "t.fid NOT IN ({$inactive_forums})"; 4514 } 4515 4516 $where = implode(' AND ', $where); 4517 4518 $query = $db->query(" 4519 SELECT t.*, t.username AS threadusername, u.username 4520 FROM ".TABLE_PREFIX."threads t 4521 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid) 4522 WHERE {$where} 4523 ORDER BY t.lastpost DESC 4524 LIMIT 0, 5 4525 "); 4526 4527 // Figure out whether we can view these threads... 4528 $threadcache = array(); 4529 $fpermissions = forum_permissions(); 4530 while($thread = $db->fetch_array($query)) 4531 { 4532 $threadcache[$thread['tid']] = $thread; 4533 } 4534 4535 $latest_threads = ''; 4536 if(!empty($threadcache)) 4537 { 4538 $tids = implode(",", array_keys($threadcache)); 4539 $readforums = array(); 4540 4541 // Read Forums 4542 $query = $db->query(" 4543 SELECT f.fid, fr.dateline AS lastread 4544 FROM ".TABLE_PREFIX."forums f 4545 LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}') 4546 WHERE f.active != 0 4547 ORDER BY pid, disporder 4548 "); 4549 4550 while($forum = $db->fetch_array($query)) 4551 { 4552 $readforums[$forum['fid']] = $forum['lastread']; 4553 } 4554 4555 // Threads being read? 4556 if($mybb->settings['threadreadcut'] > 0) 4557 { 4558 $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4559 while($readthread = $db->fetch_array($query)) 4560 { 4561 $threadcache[$readthread['tid']]['lastread'] = $readthread['dateline']; 4562 } 4563 } 4564 4565 // Icon Stuff 4566 if($mybb->settings['dotfolders'] != 0) 4567 { 4568 $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})"); 4569 while($post = $db->fetch_array($query)) 4570 { 4571 $threadcache[$post['tid']]['doticon'] = 1; 4572 } 4573 } 4574 4575 $icon_cache = $cache->read("posticons"); 4576 $threadprefixes = build_prefixes(); 4577 4578 // Run the threads... 4579 $latest_threads_threads = ''; 4580 foreach($threadcache as $thread) 4581 { 4582 $plugins->run_hooks("usercp_latest_threads_thread"); 4583 if(!empty($thread['tid'])) 4584 { 4585 $bgcolor = alt_trow(); 4586 $folder = ''; 4587 $folder_label = ''; 4588 $prefix = ''; 4589 $gotounread = ''; 4590 $isnew = 0; 4591 $donenew = 0; 4592 $lastread = 0; 4593 4594 // If this thread has a prefix... 4595 if($thread['prefix'] != 0) 4596 { 4597 if(!empty($threadprefixes[$thread['prefix']])) 4598 { 4599 $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 4600 } 4601 } 4602 else 4603 { 4604 $thread['displayprefix'] = ''; 4605 } 4606 4607 $thread['subject'] = $parser->parse_badwords($thread['subject']); 4608 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 4609 $thread['threadlink'] = get_thread_link($thread['tid']); 4610 $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost"); 4611 4612 if($thread['icon'] > 0 && $icon_cache[$thread['icon']]) 4613 { 4614 $icon = $icon_cache[$thread['icon']]; 4615 $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']); 4616 $icon['path'] = htmlspecialchars_uni($icon['path']); 4617 $icon['name'] = htmlspecialchars_uni($icon['name']); 4618 eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";"); 4619 } 4620 else 4621 { 4622 $icon = " "; 4623 } 4624 4625 if($mybb->settings['threadreadcut'] > 0) 4626 { 4627 $forum_read = $readforums[$thread['fid']]; 4628 4629 $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 4630 if($forum_read == 0 || $forum_read < $read_cutoff) 4631 { 4632 $forum_read = $read_cutoff; 4633 } 4634 } 4635 4636 if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read) 4637 { 4638 $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24; 4639 } 4640 4641 $cutoff = 0; 4642 if($thread['lastpost'] > $cutoff) 4643 { 4644 if(!empty($thread['lastread'])) 4645 { 4646 $lastread = $thread['lastread']; 4647 } 4648 } 4649 4650 if(!$lastread) 4651 { 4652 $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']); 4653 if($readcookie > $forum_read) 4654 { 4655 $lastread = $readcookie; 4656 } 4657 else 4658 { 4659 $lastread = $forum_read; 4660 } 4661 } 4662 4663 // Folder Icons 4664 if(!empty($thread['doticon'])) 4665 { 4666 $folder = "dot_"; 4667 $folder_label .= $lang->icon_dot; 4668 } 4669 4670 if($thread['lastpost'] > $lastread && $lastread) 4671 { 4672 $folder .= "new"; 4673 $folder_label .= $lang->icon_new; 4674 $new_class = "subject_new"; 4675 $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost"); 4676 eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";"); 4677 $unreadpost = 1; 4678 } 4679 else 4680 { 4681 $folder_label .= $lang->icon_no_new; 4682 $new_class = "subject_old"; 4683 } 4684 4685 if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews']) 4686 { 4687 $folder .= "hot"; 4688 $folder_label .= $lang->icon_hot; 4689 } 4690 4691 // Is our thread visible? 4692 if($thread['visible'] == 0) 4693 { 4694 $bgcolor = 'trow_shaded'; 4695 } 4696 4697 if($thread['closed'] == 1) 4698 { 4699 $folder .= "close"; 4700 $folder_label .= $lang->icon_close; 4701 } 4702 4703 $folder .= "folder"; 4704 4705 $lastpostdate = my_date('relative', $thread['lastpost']); 4706 $lastposter = htmlspecialchars_uni($thread['lastposter']); 4707 $lastposteruid = $thread['lastposteruid']; 4708 4709 if($lastposteruid == 0) 4710 { 4711 $lastposterlink = $lastposter; 4712 } 4713 else 4714 { 4715 $lastposterlink = build_profile_link($lastposter, $lastposteruid); 4716 } 4717 4718 $thread['replies'] = my_number_format($thread['replies']); 4719 $thread['views'] = my_number_format($thread['views']); 4720 $thread['username'] = htmlspecialchars_uni($thread['username']); 4721 $thread['author'] = build_profile_link($thread['username'], $thread['uid']); 4722 4723 eval("\$latest_threads_threads .= \"".$templates->get("usercp_latest_threads_threads")."\";"); 4724 } 4725 } 4726 4727 eval("\$latest_threads = \"".$templates->get("usercp_latest_threads")."\";"); 4728 } 4729 4730 $plugins->run_hooks("usercp_end"); 4731 4732 eval("\$usercp = \"".$templates->get("usercp")."\";"); 4733 output_page($usercp); 4734 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |