[ Index ]

PHP Cross Reference of MyBB 1.8.17

title

Body

[close]

/ -> usercp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'usercp.php');
  13  define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions");
  14  
  15  $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon";
  16  $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation";
  18  $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom";
  19  $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle";
  20  $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text";
  21  $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings";
  22  $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join";
  23  $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  24  $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_profile_contact_fields_field,usercp_latest_subscribed_threads,usercp_profile_contact_fields,usercp_profile_day,usercp_nav_home";
  25  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox";
  26  $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options";
  27  $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user";
  28  $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms";
  29  $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format";
  30  $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply";
  31  $templatelist .= ",usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,";
  32  
  33  require_once  "./global.php";
  34  require_once  MYBB_ROOT."inc/functions_post.php";
  35  require_once  MYBB_ROOT."inc/functions_user.php";
  36  require_once  MYBB_ROOT."inc/class_parser.php";
  37  $parser = new postParser;
  38  
  39  // Load global language phrases
  40  $lang->load("usercp");
  41  
  42  if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0)
  43  {
  44      error_no_permission();
  45  }
  46  
  47  if(!$mybb->user['pmfolders'])
  48  {
  49      $mybb->user['pmfolders'] = '1**$%%$2**$%%$3**$%%$4**';
  50      $db->update_query('users', array('pmfolders' => $mybb->user['pmfolders']), "uid = {$mybb->user['uid']}");
  51  }
  52  
  53  $errors = '';
  54  
  55  $mybb->input['action'] = $mybb->get_input('action');
  56  
  57  usercp_menu();
  58  
  59  $server_http_referer = htmlentities($_SERVER['HTTP_REFERER']);
  60  
  61  $plugins->run_hooks("usercp_start");
  62  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
  63  {
  64      require_once  MYBB_ROOT."inc/datahandlers/user.php";
  65      $userhandler = new UserDataHandler();
  66  
  67      $data = array(
  68          'uid' => $mybb->user['uid'],
  69          'signature' => $mybb->get_input('signature'),
  70      );
  71  
  72      $userhandler->set_data($data);
  73  
  74      if(!$userhandler->verify_signature())
  75      {
  76          $error = inline_error($userhandler->get_friendly_errors());
  77      }
  78  
  79      if(isset($error) || !empty($mybb->input['preview']))
  80      {
  81          $mybb->input['action'] = "editsig";
  82      }
  83  }
  84  
  85  // Make navigation
  86  add_breadcrumb($lang->nav_usercp, "usercp.php");
  87  
  88  switch($mybb->input['action'])
  89  {
  90      case "profile":
  91      case "do_profile":
  92          add_breadcrumb($lang->ucp_nav_profile);
  93          break;
  94      case "options":
  95      case "do_options":
  96          add_breadcrumb($lang->nav_options);
  97          break;
  98      case "email":
  99      case "do_email":
 100          add_breadcrumb($lang->nav_email);
 101          break;
 102      case "password":
 103      case "do_password":
 104          add_breadcrumb($lang->nav_password);
 105          break;
 106      case "changename":
 107      case "do_changename":
 108          add_breadcrumb($lang->nav_changename);
 109          break;
 110      case "subscriptions":
 111          add_breadcrumb($lang->ucp_nav_subscribed_threads);
 112          break;
 113      case "forumsubscriptions":
 114          add_breadcrumb($lang->ucp_nav_forum_subscriptions);
 115          break;
 116      case "editsig":
 117      case "do_editsig":
 118          add_breadcrumb($lang->nav_editsig);
 119          break;
 120      case "avatar":
 121      case "do_avatar":
 122          add_breadcrumb($lang->nav_avatar);
 123          break;
 124      case "notepad":
 125      case "do_notepad":
 126          add_breadcrumb($lang->ucp_nav_notepad);
 127          break;
 128      case "editlists":
 129      case "do_editlists":
 130          add_breadcrumb($lang->ucp_nav_editlists);
 131          break;
 132      case "drafts":
 133          add_breadcrumb($lang->ucp_nav_drafts);
 134          break;
 135      case "usergroups":
 136          add_breadcrumb($lang->ucp_nav_usergroups);
 137          break;
 138      case "attachments":
 139          add_breadcrumb($lang->ucp_nav_attachments);
 140          break;
 141  }
 142  
 143  if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
 144  {
 145      // Verify incoming POST request
 146      verify_post_check($mybb->get_input('my_post_key'));
 147  
 148      $plugins->run_hooks("usercp_do_profile_start");
 149  
 150      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
 151      {
 152          $awaydate = TIME_NOW;
 153          if(!empty($mybb->input['awayday']))
 154          {
 155              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 156              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
 157              {
 158                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
 159              }
 160              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
 161              {
 162                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
 163              }
 164  
 165              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
 166              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
 167              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
 168  
 169              // Check if return date is after the away date.
 170              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 171              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 172              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 173              {
 174                  error($lang->error_usercp_return_date_past);
 175              }
 176  
 177              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 178          }
 179          else
 180          {
 181              $returndate = "";
 182          }
 183          $away = array(
 184              "away" => 1,
 185              "date" => $awaydate,
 186              "returndate" => $returndate,
 187              "awayreason" => $mybb->get_input('awayreason')
 188          );
 189      }
 190      else
 191      {
 192          $away = array(
 193              "away" => 0,
 194              "date" => '',
 195              "returndate" => '',
 196              "awayreason" => ''
 197          );
 198      }
 199  
 200      $bday = array(
 201          "day" => $mybb->get_input('bday1', MyBB::INPUT_INT),
 202          "month" => $mybb->get_input('bday2', MyBB::INPUT_INT),
 203          "year" => $mybb->get_input('bday3', MyBB::INPUT_INT)
 204      );
 205  
 206      // Set up user handler.
 207      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 208      $userhandler = new UserDataHandler("update");
 209  
 210      $user = array(
 211          "uid" => $mybb->user['uid'],
 212          "postnum" => $mybb->user['postnum'],
 213          "usergroup" => $mybb->user['usergroup'],
 214          "additionalgroups" => $mybb->user['additionalgroups'],
 215          "birthday" => $bday,
 216          "birthdayprivacy" => $mybb->get_input('birthdayprivacy'),
 217          "away" => $away,
 218          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY)
 219      );
 220      foreach(array('icq', 'yahoo', 'skype', 'google') as $cfield)
 221      {
 222          $csetting = 'allow'.$cfield.'field';
 223          if($mybb->settings[$csetting] == '')
 224          {
 225              continue;
 226          }
 227  
 228          if(!is_member($mybb->settings[$csetting]))
 229          {
 230              continue;
 231          }
 232  
 233          if($cfield == 'icq')
 234          {
 235              $user[$cfield] = $mybb->get_input($cfield, 1);
 236          }
 237          else
 238          {
 239              $user[$cfield] = $mybb->get_input($cfield);
 240          }
 241      }
 242  
 243      if($mybb->usergroup['canchangewebsite'] == 1)
 244      {
 245          $user['website'] = $mybb->get_input('website');
 246      }
 247  
 248      if($mybb->usergroup['cancustomtitle'] == 1)
 249      {
 250          if($mybb->get_input('usertitle') != '')
 251          {
 252              $user['usertitle'] = $mybb->get_input('usertitle');
 253          }
 254          elseif(!empty($mybb->input['reverttitle']))
 255          {
 256              $user['usertitle'] = '';
 257          }
 258      }
 259      $userhandler->set_data($user);
 260  
 261      if(!$userhandler->validate_user())
 262      {
 263          $errors = $userhandler->get_friendly_errors();
 264          $raw_errors = $userhandler->get_errors();
 265  
 266          // Set to stored value if invalid
 267          if(array_key_exists("invalid_birthday_privacy", $raw_errors))
 268          {
 269              $mybb->input['birthdayprivacy'] = $mybb->user['birthdayprivacy'];
 270          }
 271  
 272          $errors = inline_error($errors);
 273          $mybb->input['action'] = "profile";
 274      }
 275      else
 276      {
 277          $userhandler->update_user();
 278  
 279          $plugins->run_hooks("usercp_do_profile_end");
 280          redirect("usercp.php?action=profile", $lang->redirect_profileupdated);
 281      }
 282  }
 283  
 284  if($mybb->input['action'] == "profile")
 285  {
 286      if($errors)
 287      {
 288          $user = $mybb->input;
 289          $bday = array();
 290          $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 291          $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 292          $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 293      }
 294      else
 295      {
 296          $user = $mybb->user;
 297          $bday = explode("-", $user['birthday']);
 298          if(!isset($bday[1]))
 299          {
 300              $bday[1] = 0;
 301          }
 302          if(!isset($bday[2]))
 303          {
 304              $bday[2] = '';
 305          }
 306      }
 307  
 308      $plugins->run_hooks("usercp_profile_start");
 309  
 310      $bdaydaysel = '';
 311      for($day = 1; $day <= 31; ++$day)
 312      {
 313          if($bday[0] == $day)
 314          {
 315              $selected = "selected=\"selected\"";
 316          }
 317          else
 318          {
 319              $selected = '';
 320          }
 321  
 322          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
 323      }
 324  
 325      $bdaymonthsel = array();
 326      foreach(range(1, 12) as $month)
 327      {
 328          $bdaymonthsel[$month] = '';
 329      }
 330      $bdaymonthsel[$bday[1]] = 'selected="selected"';
 331  
 332      $allselected = $noneselected = $ageselected = '';
 333      if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy'])
 334      {
 335          $allselected = " selected=\"selected\"";
 336      }
 337      elseif($user['birthdayprivacy'] == 'none')
 338      {
 339          $noneselected = " selected=\"selected\"";
 340      }
 341      elseif($user['birthdayprivacy'] == 'age')
 342      {
 343          $ageselected = " selected=\"selected\"";
 344      }
 345  
 346      if(!my_validate_url($user['website']))
 347      {
 348          $user['website'] = '';
 349      }
 350      else
 351      {
 352          $user['website'] = htmlspecialchars_uni($user['website']);
 353      }
 354  
 355      if($user['icq'] != "0")
 356      {
 357          $user['icq'] = (int)$user['icq'];
 358      }
 359  
 360      if($user['icq'] == 0)
 361      {
 362          $user['icq'] = '';
 363      }
 364  
 365      if($errors)
 366      {
 367          $user['skype'] = htmlspecialchars_uni($user['skype']);
 368          $user['google'] = htmlspecialchars_uni($user['google']);
 369          $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
 370      }
 371  
 372      $contact_fields = array();
 373      $contactfields = '';
 374      $cfieldsshow = false;
 375  
 376      foreach(array('icq', 'yahoo', 'skype', 'google') as $cfield)
 377      {
 378          $contact_fields[$cfield] = '';
 379          $csetting = 'allow'.$cfield.'field';
 380          if($mybb->settings[$csetting] == '')
 381          {
 382              continue;
 383          }
 384  
 385          if(!is_member($mybb->settings[$csetting]))
 386          {
 387              continue;
 388          }
 389  
 390          $cfieldsshow = true;
 391  
 392          $lang_string = 'contact_field_'.$cfield;
 393          $lang_string = $lang->{$lang_string};
 394          $cfvalue = htmlspecialchars_uni($user[$cfield]);
 395  
 396          eval('$contact_fields[$cfield] = "'.$templates->get('usercp_profile_contact_fields_field').'";');
 397      }
 398  
 399      if($cfieldsshow)
 400      {
 401          eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";');
 402      }
 403  
 404      if($mybb->settings['allowaway'] != 0)
 405      {
 406          $awaycheck = array('', '');
 407          if($errors)
 408          {
 409              if($user['away'] == 1)
 410              {
 411                  $awaycheck[1] = "checked=\"checked\"";
 412              }
 413              else
 414              {
 415                  $awaycheck[0] = "checked=\"checked\"";
 416              }
 417              $returndate = array();
 418              $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT);
 419              $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT);
 420              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
 421              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
 422          }
 423          else
 424          {
 425              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
 426              if($mybb->user['away'] == 1)
 427              {
 428                  $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
 429                  $awaycheck[1] = "checked=\"checked\"";
 430                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
 431              }
 432              else
 433              {
 434                  $awaynotice = $lang->away_notice;
 435                  $awaycheck[0] = "checked=\"checked\"";
 436              }
 437              $returndate = explode("-", $mybb->user['returndate']);
 438              if(!isset($returndate[1]))
 439              {
 440                  $returndate[1] = 0;
 441              }
 442              if(!isset($returndate[2]))
 443              {
 444                  $returndate[2] = '';
 445              }
 446          }
 447  
 448          $returndatesel = '';
 449          for($day = 1; $day <= 31; ++$day)
 450          {
 451              if($returndate[0] == $day)
 452              {
 453                  $selected = "selected=\"selected\"";
 454              }
 455              else
 456              {
 457                  $selected = '';
 458              }
 459  
 460              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
 461          }
 462  
 463          $returndatemonthsel = array();
 464          foreach(range(1, 12) as $month)
 465          {
 466              $returndatemonthsel[$month] = '';
 467          }
 468          $returndatemonthsel[$returndate[1]] = "selected";
 469  
 470          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
 471      }
 472  
 473      // Custom profile fields baby!
 474      $altbg = "trow1";
 475      $requiredfields = $customfields = '';
 476      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 477  
 478      $pfcache = $cache->read('profilefields');
 479  
 480      if(is_array($pfcache))
 481      {
 482          foreach($pfcache as $profilefield)
 483          {
 484              if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum']))
 485              {
 486                  continue;
 487              }
 488  
 489              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 490              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 491              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 492              $thing = explode("\n", $profilefield['type'], "2");
 493              $type = $thing[0];
 494              if(isset($thing[1]))
 495              {
 496                  $options = $thing[1];
 497              }
 498              else
 499              {
 500                  $options = array();
 501              }
 502              $field = "fid{$profilefield['fid']}";
 503              $select = '';
 504              if($errors)
 505              {
 506                  if(!isset($mybb->input['profile_fields'][$field]))
 507                  {
 508                      $mybb->input['profile_fields'][$field] = '';
 509                  }
 510                  $userfield = $mybb->input['profile_fields'][$field];
 511              }
 512              else
 513              {
 514                  $userfield = $user[$field];
 515              }
 516              if($type == "multiselect")
 517              {
 518                  if($errors)
 519                  {
 520                      $useropts = $userfield;
 521                  }
 522                  else
 523                  {
 524                      $useropts = explode("\n", $userfield);
 525                  }
 526                  if(is_array($useropts))
 527                  {
 528                      foreach($useropts as $key => $val)
 529                      {
 530                          $val = htmlspecialchars_uni($val);
 531                          $seloptions[$val] = $val;
 532                      }
 533                  }
 534                  $expoptions = explode("\n", $options);
 535                  if(is_array($expoptions))
 536                  {
 537                      foreach($expoptions as $key => $val)
 538                      {
 539                          $val = trim($val);
 540                          $val = str_replace("\n", "\\n", $val);
 541  
 542                          $sel = "";
 543                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 544                          {
 545                              $sel = " selected=\"selected\"";
 546                          }
 547  
 548                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 549                      }
 550                      if(!$profilefield['length'])
 551                      {
 552                          $profilefield['length'] = 3;
 553                      }
 554  
 555                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 556                  }
 557              }
 558              elseif($type == "select")
 559              {
 560                  $expoptions = explode("\n", $options);
 561                  if(is_array($expoptions))
 562                  {
 563                      foreach($expoptions as $key => $val)
 564                      {
 565                          $val = trim($val);
 566                          $val = str_replace("\n", "\\n", $val);
 567                          $sel = "";
 568                          if($val == htmlspecialchars_uni($userfield))
 569                          {
 570                              $sel = " selected=\"selected\"";
 571                          }
 572  
 573                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 574                      }
 575                      if(!$profilefield['length'])
 576                      {
 577                          $profilefield['length'] = 1;
 578                      }
 579  
 580                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 581                  }
 582              }
 583              elseif($type == "radio")
 584              {
 585                  $expoptions = explode("\n", $options);
 586                  if(is_array($expoptions))
 587                  {
 588                      foreach($expoptions as $key => $val)
 589                      {
 590                          $checked = "";
 591                          if($val == $userfield)
 592                          {
 593                              $checked = " checked=\"checked\"";
 594                          }
 595  
 596                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 597                      }
 598                  }
 599              }
 600              elseif($type == "checkbox")
 601              {
 602                  if($errors)
 603                  {
 604                      $useropts = $userfield;
 605                  }
 606                  else
 607                  {
 608                      $useropts = explode("\n", $userfield);
 609                  }
 610                  if(is_array($useropts))
 611                  {
 612                      foreach($useropts as $key => $val)
 613                      {
 614                          $seloptions[$val] = $val;
 615                      }
 616                  }
 617                  $expoptions = explode("\n", $options);
 618                  if(is_array($expoptions))
 619                  {
 620                      foreach($expoptions as $key => $val)
 621                      {
 622                          $checked = "";
 623                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 624                          {
 625                              $checked = " checked=\"checked\"";
 626                          }
 627  
 628                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
 629                      }
 630                  }
 631              }
 632              elseif($type == "textarea")
 633              {
 634                  $value = htmlspecialchars_uni($userfield);
 635                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
 636              }
 637              else
 638              {
 639                  $value = htmlspecialchars_uni($userfield);
 640                  $maxlength = "";
 641                  if($profilefield['maxlength'] > 0)
 642                  {
 643                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
 644                  }
 645  
 646                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
 647              }
 648  
 649              if($profilefield['required'] == 1)
 650              {
 651                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 652              }
 653              else
 654              {
 655                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 656              }
 657              $altbg = alt_trow();
 658              $code = "";
 659              $select = "";
 660              $val = "";
 661              $options = "";
 662              $expoptions = "";
 663              $useropts = "";
 664              $seloptions = array();
 665          }
 666      }
 667      if($customfields)
 668      {
 669          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
 670      }
 671  
 672      if($mybb->usergroup['cancustomtitle'] == 1)
 673      {
 674          if($mybb->usergroup['usertitle'] == "")
 675          {
 676              $defaulttitle = '';
 677              $usertitles = $cache->read('usertitles');
 678  
 679              foreach($usertitles as $title)
 680              {
 681                  if($title['posts'] <= $mybb->user['postnum'])
 682                  {
 683                      $defaulttitle = htmlspecialchars_uni($title['title']);
 684                      break;
 685                  }
 686              }
 687          }
 688          else
 689          {
 690              $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']);
 691          }
 692  
 693          $newtitle = '';
 694          if(trim($user['usertitle']) == '')
 695          {
 696              $lang->current_custom_usertitle = '';
 697          }
 698          else
 699          {
 700              if($errors)
 701              {
 702                  $newtitle = htmlspecialchars_uni($user['usertitle']);
 703                  $user['usertitle'] = $mybb->user['usertitle'];
 704              }
 705          }
 706  
 707          $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
 708  
 709          $currentcustom = $reverttitle = '';
 710          if(!empty($mybb->user['usertitle']))
 711          {
 712              eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";");
 713  
 714              if($mybb->user['usertitle'] != $mybb->usergroup['usertitle'])
 715              {
 716                  eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";");
 717              }
 718          }
 719  
 720          eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";");
 721      }
 722      else
 723      {
 724          $customtitle = "";
 725      }
 726  
 727      if($mybb->usergroup['canchangewebsite'] == 1)
 728      {
 729          eval("\$website = \"".$templates->get("usercp_profile_website")."\";");
 730      }
 731  
 732      $plugins->run_hooks("usercp_profile_end");
 733  
 734      eval("\$editprofile = \"".$templates->get("usercp_profile")."\";");
 735      output_page($editprofile);
 736  }
 737  
 738  if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
 739  {
 740      // Verify incoming POST request
 741      verify_post_check($mybb->get_input('my_post_key'));
 742  
 743      $plugins->run_hooks("usercp_do_options_start");
 744  
 745      // Set up user handler.
 746      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 747      $userhandler = new UserDataHandler("update");
 748  
 749      $user = array(
 750          "uid" => $mybb->user['uid'],
 751          "style" => $mybb->get_input('style', MyBB::INPUT_INT),
 752          "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
 753          "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
 754          "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')),
 755          "language" => $mybb->get_input('language'),
 756          'usergroup'    => $mybb->user['usergroup'],
 757          'additionalgroups'    => $mybb->user['additionalgroups']
 758      );
 759  
 760      $user['options'] = array(
 761          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 762          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 763          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 764          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 765          "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT),
 766          "threadmode" => $mybb->get_input('threadmode'),
 767          "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT),
 768          "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT),
 769          "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT),
 770          "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT),
 771          "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT),
 772          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 773          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 774          "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT),
 775          "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT),
 776          "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT),
 777          "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT),
 778          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 779          "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT),
 780          "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT),
 781          "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT),
 782          "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT)
 783      );
 784  
 785      if($mybb->settings['usertppoptions'])
 786      {
 787          $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
 788      }
 789  
 790      if($mybb->settings['userpppoptions'])
 791      {
 792          $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
 793      }
 794  
 795      $userhandler->set_data($user);
 796  
 797      if(!$userhandler->validate_user())
 798      {
 799          $errors = $userhandler->get_friendly_errors();
 800          $errors = inline_error($errors);
 801          $mybb->input['action'] = "options";
 802      }
 803      else
 804      {
 805          $userhandler->update_user();
 806  
 807          $plugins->run_hooks("usercp_do_options_end");
 808  
 809          redirect("usercp.php?action=options", $lang->redirect_optionsupdated);
 810      }
 811  }
 812  
 813  if($mybb->input['action'] == "options")
 814  {
 815      $plugins->run_hooks("usercp_options_start");
 816  
 817      if($errors != '')
 818      {
 819          $user = $mybb->input;
 820      }
 821      else
 822      {
 823          $user = $mybb->user;
 824      }
 825  
 826      $languages = $lang->get_languages();
 827      $board_language = $langoptions = '';
 828      if(count($languages) > 1)
 829      {
 830          foreach($languages as $name => $language)
 831          {
 832              $language = htmlspecialchars_uni($language);
 833  
 834              $sel = '';
 835              if(isset($user['language']) && $user['language'] == $name)
 836              {
 837                  $sel = " selected=\"selected\"";
 838              }
 839  
 840              eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
 841          }
 842  
 843          eval('$board_language = "'.$templates->get('usercp_options_language').'";');
 844      }
 845  
 846      // Lets work out which options the user has selected and check the boxes
 847      if(isset($user['allownotices']) && $user['allownotices'] == 1)
 848      {
 849          $allownoticescheck = "checked=\"checked\"";
 850      }
 851      else
 852      {
 853          $allownoticescheck = "";
 854      }
 855  
 856      if(isset($user['invisible']) && $user['invisible'] == 1)
 857      {
 858          $invisiblecheck = "checked=\"checked\"";
 859      }
 860      else
 861      {
 862          $invisiblecheck = "";
 863      }
 864  
 865      if(isset($user['hideemail']) && $user['hideemail'] == 1)
 866      {
 867          $hideemailcheck = "checked=\"checked\"";
 868      }
 869      else
 870      {
 871          $hideemailcheck = "";
 872      }
 873  
 874      $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 875      if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1)
 876      {
 877          $no_subscribe_selected = "selected=\"selected\"";
 878      }
 879      elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2)
 880      {
 881          $instant_email_subscribe_selected = "selected=\"selected\"";
 882      }
 883      elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3)
 884      {
 885          $instant_pm_subscribe_selected = "selected=\"selected\"";
 886      }
 887      else
 888      {
 889          $no_auto_subscribe_selected = "selected=\"selected\"";
 890      }
 891  
 892      if(isset($user['showimages']) && $user['showimages'] == 1)
 893      {
 894          $showimagescheck = "checked=\"checked\"";
 895      }
 896      else
 897      {
 898          $showimagescheck = "";
 899      }
 900  
 901      if(isset($user['showvideos']) && $user['showvideos'] == 1)
 902      {
 903          $showvideoscheck = "checked=\"checked\"";
 904      }
 905      else
 906      {
 907          $showvideoscheck = "";
 908      }
 909  
 910      if(isset($user['showsigs']) && $user['showsigs'] == 1)
 911      {
 912          $showsigscheck = "checked=\"checked\"";
 913      }
 914      else
 915      {
 916          $showsigscheck = "";
 917      }
 918  
 919      if(isset($user['showavatars']) && $user['showavatars'] == 1)
 920      {
 921          $showavatarscheck = "checked=\"checked\"";
 922      }
 923      else
 924      {
 925          $showavatarscheck = "";
 926      }
 927  
 928      if(isset($user['showquickreply']) && $user['showquickreply'] == 1)
 929      {
 930          $showquickreplycheck = "checked=\"checked\"";
 931      }
 932      else
 933      {
 934          $showquickreplycheck = "";
 935      }
 936  
 937      if(isset($user['receivepms']) && $user['receivepms'] == 1)
 938      {
 939          $receivepmscheck = "checked=\"checked\"";
 940      }
 941      else
 942      {
 943          $receivepmscheck = "";
 944      }
 945  
 946      if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1)
 947      {
 948          $receivefrombuddycheck = "checked=\"checked\"";
 949      }
 950      else
 951      {
 952          $receivefrombuddycheck = "";
 953      }
 954  
 955      if(isset($user['pmnotice']) && $user['pmnotice'] >= 1)
 956      {
 957          $pmnoticecheck = " checked=\"checked\"";
 958      }
 959      else
 960      {
 961          $pmnoticecheck = "";
 962      }
 963  
 964      $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 965      if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2)
 966      {
 967          $dst_auto_selected = "selected=\"selected\"";
 968      }
 969      elseif(isset($user['dstcorrection']) && $user['dstcorrection'] == 1)
 970      {
 971          $dst_enabled_selected = "selected=\"selected\"";
 972      }
 973      else
 974      {
 975          $dst_disabled_selected = "selected=\"selected\"";
 976      }
 977  
 978      if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1)
 979      {
 980          $showcodebuttonscheck = "checked=\"checked\"";
 981      }
 982      else
 983      {
 984          $showcodebuttonscheck = "";
 985      }
 986  
 987      if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1)
 988      {
 989          $sourcemodecheck = "checked=\"checked\"";
 990      }
 991      else
 992      {
 993          $sourcemodecheck = "";
 994      }
 995  
 996      if(isset($user['showredirect']) && $user['showredirect'] != 0)
 997      {
 998          $showredirectcheck = "checked=\"checked\"";
 999      }
1000      else
1001      {
1002          $showredirectcheck = "";
1003      }
1004  
1005      if(isset($user['pmnotify']) && $user['pmnotify'] != 0)
1006      {
1007          $pmnotifycheck = "checked=\"checked\"";
1008      }
1009      else
1010      {
1011          $pmnotifycheck = '';
1012      }
1013  
1014      if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0)
1015      {
1016          $buddyrequestspmcheck = "checked=\"checked\"";
1017      }
1018      else
1019      {
1020          $buddyrequestspmcheck = '';
1021      }
1022  
1023      if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0)
1024      {
1025          $buddyrequestsautocheck = "checked=\"checked\"";
1026      }
1027      else
1028      {
1029          $buddyrequestsautocheck = '';
1030      }
1031  
1032      if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear"))
1033      {
1034          $user['threadmode'] = ''; // Leave blank to show default
1035      }
1036  
1037      if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0)
1038      {
1039          $classicpostbitcheck = "checked=\"checked\"";
1040      }
1041      else
1042      {
1043          $classicpostbitcheck = '';
1044      }
1045  
1046      $date_format_options = $dateformat = '';
1047      foreach($date_formats as $key => $format)
1048      {
1049          $selected = '';
1050          if(isset($user['dateformat']) && $user['dateformat'] == $key)
1051          {
1052              $selected = " selected=\"selected\"";
1053          }
1054  
1055          $dateformat = my_date($format, TIME_NOW, "", 0);
1056          eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";");
1057      }
1058  
1059      $time_format_options = $timeformat = '';
1060      foreach($time_formats as $key => $format)
1061      {
1062          $selected = '';
1063          if(isset($user['timeformat']) && $user['timeformat'] == $key)
1064          {
1065              $selected = " selected=\"selected\"";
1066          }
1067  
1068          $timeformat = my_date($format, TIME_NOW, "", 0);
1069          eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";");
1070      }
1071  
1072      $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true);
1073  
1074      $pms_from_buddys = '';
1075      if($mybb->settings['allowbuddyonly'] == 1)
1076      {
1077          eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";");
1078      }
1079  
1080      $pms = '';
1081      if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1)
1082      {
1083          eval("\$pms = \"".$templates->get("usercp_options_pms")."\";");
1084      }
1085  
1086      $quick_reply = '';
1087      if($mybb->settings['quickreply'] == 1)
1088      {
1089          eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";");
1090      }
1091  
1092      $threadview = array('linear' => '', 'threaded' => '');
1093      if(isset($user['threadmode']) && is_scalar($user['threadmode']))
1094      {
1095          $threadview[$user['threadmode']] = 'selected="selected"';
1096      }
1097      $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => '');
1098      if(isset($user['daysprune']) && is_numeric($user['daysprune']))
1099      {
1100          $daysprunesel[$user['daysprune']] = 'selected="selected"';
1101      }
1102      if(!isset($user['style']))
1103      {
1104          $user['style'] = '';
1105      }
1106  
1107      $board_style = $stylelist = '';
1108      $stylelist = build_theme_select("style", $user['style']);
1109  
1110      if(!empty($stylelist))
1111      {
1112          eval('$board_style = "'.$templates->get('usercp_options_style').'";');
1113      }
1114  
1115      $tppselect = $pppselect = '';
1116      if($mybb->settings['usertppoptions'])
1117      {
1118          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1119          $tppoptions = $tpp_option = '';
1120          if(is_array($explodedtpp))
1121          {
1122              foreach($explodedtpp as $key => $val)
1123              {
1124                  $val = trim($val);
1125                  $selected = "";
1126                  if(isset($user['tpp']) && $user['tpp'] == $val)
1127                  {
1128                      $selected = " selected=\"selected\"";
1129                  }
1130  
1131                  $tpp_option = $lang->sprintf($lang->tpp_option, $val);
1132                  eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
1133              }
1134          }
1135          eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
1136      }
1137  
1138      if($mybb->settings['userpppoptions'])
1139      {
1140          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1141          $pppoptions = $ppp_option = '';
1142          if(is_array($explodedppp))
1143          {
1144              foreach($explodedppp as $key => $val)
1145              {
1146                  $val = trim($val);
1147                  $selected = "";
1148                  if(isset($user['ppp']) && $user['ppp'] == $val)
1149                  {
1150                      $selected = " selected=\"selected\"";
1151                  }
1152  
1153                  $ppp_option = $lang->sprintf($lang->ppp_option, $val);
1154                  eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
1155              }
1156          }
1157          eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
1158      }
1159  
1160      $plugins->run_hooks("usercp_options_end");
1161  
1162      eval("\$editprofile = \"".$templates->get("usercp_options")."\";");
1163      output_page($editprofile);
1164  }
1165  
1166  if($mybb->input['action'] == "do_email" && $mybb->request_method == "post")
1167  {
1168      // Verify incoming POST request
1169      verify_post_check($mybb->get_input('my_post_key'));
1170  
1171      $errors = array();
1172  
1173      $plugins->run_hooks("usercp_do_email_start");
1174      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1175      {
1176          $errors[] = $lang->error_invalidpassword;
1177      }
1178      else
1179      {
1180          // Set up user handler.
1181          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1182          $userhandler = new UserDataHandler("update");
1183  
1184          $user = array(
1185              "uid" => $mybb->user['uid'],
1186              "email" => $mybb->get_input('email'),
1187              "email2" => $mybb->get_input('email2')
1188          );
1189  
1190          $userhandler->set_data($user);
1191  
1192          if(!$userhandler->validate_user())
1193          {
1194              $errors = $userhandler->get_friendly_errors();
1195          }
1196          else
1197          {
1198              if($mybb->user['usergroup'] != "5" && $mybb->usergroup['cancp'] != 1 && $mybb->settings['regtype'] != "verify")
1199              {
1200                  $uid = $mybb->user['uid'];
1201                  $username = $mybb->user['username'];
1202  
1203                  // Emails require verification
1204                  $activationcode = random_str();
1205                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1206  
1207                  $newactivation = array(
1208                      "uid" => $mybb->user['uid'],
1209                      "dateline" => TIME_NOW,
1210                      "code" => $activationcode,
1211                      "type" => "e",
1212                      "misc" => $db->escape_string($mybb->get_input('email'))
1213                  );
1214  
1215                  $db->insert_query("awaitingactivation", $newactivation);
1216  
1217                  $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
1218  
1219                  $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
1220                  my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message);
1221  
1222                  $plugins->run_hooks("usercp_do_email_verify");
1223                  error($lang->redirect_changeemail_activation);
1224              }
1225              else
1226              {
1227                  $userhandler->update_user();
1228                  // Email requires no activation
1229                  $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']);
1230                  my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message);
1231                  $plugins->run_hooks("usercp_do_email_changed");
1232                  redirect("usercp.php?action=email", $lang->redirect_emailupdated);
1233              }
1234          }
1235      }
1236      if(count($errors) > 0)
1237      {
1238          $mybb->input['action'] = "email";
1239          $errors = inline_error($errors);
1240      }
1241  }
1242  
1243  if($mybb->input['action'] == "email")
1244  {
1245      // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password)
1246      if($errors)
1247      {
1248          $email = htmlspecialchars_uni($mybb->get_input('email'));
1249          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
1250      }
1251      else
1252      {
1253          $email = $email2 = '';
1254      }
1255  
1256      $plugins->run_hooks("usercp_email");
1257  
1258      eval("\$changemail = \"".$templates->get("usercp_email")."\";");
1259      output_page($changemail);
1260  }
1261  
1262  if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
1263  {
1264      // Verify incoming POST request
1265      verify_post_check($mybb->get_input('my_post_key'));
1266  
1267      $errors = array();
1268  
1269      $plugins->run_hooks("usercp_do_password_start");
1270      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false)
1271      {
1272          $errors[] = $lang->error_invalidpassword;
1273      }
1274      else
1275      {
1276          // Set up user handler.
1277          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1278          $userhandler = new UserDataHandler("update");
1279  
1280          $user = array(
1281              "uid" => $mybb->user['uid'],
1282              "password" => $mybb->get_input('password'),
1283              "password2" => $mybb->get_input('password2')
1284          );
1285  
1286          $userhandler->set_data($user);
1287  
1288          if(!$userhandler->validate_user())
1289          {
1290              $errors = $userhandler->get_friendly_errors();
1291          }
1292          else
1293          {
1294              $userhandler->update_user();
1295              my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true, "lax");
1296  
1297              // Notify the user by email that their password has been changed
1298              $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']);
1299              $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']);
1300              my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message);
1301  
1302              $plugins->run_hooks("usercp_do_password_end");
1303              redirect("usercp.php?action=password", $lang->redirect_passwordupdated);
1304          }
1305      }
1306      if(count($errors) > 0)
1307      {
1308              $mybb->input['action'] = "password";
1309              $errors = inline_error($errors);
1310      }
1311  }
1312  
1313  if($mybb->input['action'] == "password")
1314  {
1315      $plugins->run_hooks("usercp_password");
1316  
1317      eval("\$editpassword = \"".$templates->get("usercp_password")."\";");
1318      output_page($editpassword);
1319  }
1320  
1321  if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post")
1322  {
1323      // Verify incoming POST request
1324      verify_post_check($mybb->get_input('my_post_key'));
1325  
1326      $plugins->run_hooks("usercp_do_changename_start");
1327      if($mybb->usergroup['canchangename'] != 1)
1328      {
1329          error_no_permission();
1330      }
1331  
1332      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1333      {
1334          $errors[] = $lang->error_invalidpassword;
1335      }
1336      else
1337      {
1338          // Set up user handler.
1339          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1340          $userhandler = new UserDataHandler("update");
1341  
1342          $user = array(
1343              "uid" => $mybb->user['uid'],
1344              "username" => $mybb->get_input('username')
1345          );
1346  
1347          $userhandler->set_data($user);
1348  
1349          if(!$userhandler->validate_user())
1350          {
1351              $errors = $userhandler->get_friendly_errors();
1352          }
1353          else
1354          {
1355              $userhandler->update_user();
1356              $plugins->run_hooks("usercp_do_changename_end");
1357              redirect("usercp.php?action=changename", $lang->redirect_namechanged);
1358  
1359          }
1360      }
1361      if(count($errors) > 0)
1362      {
1363          $errors = inline_error($errors);
1364          $mybb->input['action'] = "changename";
1365      }
1366  }
1367  
1368  if($mybb->input['action'] == "changename")
1369  {
1370      $plugins->run_hooks("usercp_changename_start");
1371      if($mybb->usergroup['canchangename'] != 1)
1372      {
1373          error_no_permission();
1374      }
1375  
1376      $plugins->run_hooks("usercp_changename_end");
1377  
1378      eval("\$changename = \"".$templates->get("usercp_changename")."\";");
1379      output_page($changename);
1380  }
1381  
1382  if($mybb->input['action'] == "do_subscriptions")
1383  {
1384      // Verify incoming POST request
1385      verify_post_check($mybb->get_input('my_post_key'));
1386  
1387      $plugins->run_hooks("usercp_do_subscriptions_start");
1388  
1389      if(!isset($mybb->input['check']) || !is_array($mybb->input['check']))
1390      {
1391          error($lang->no_subscriptions_selected);
1392      }
1393  
1394      // Clean input - only accept integers thanks!
1395      $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY));
1396      $tids = implode(",", $mybb->input['check']);
1397  
1398      // Deleting these subscriptions?
1399      if($mybb->get_input('do') == "delete")
1400      {
1401          $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1402      }
1403      // Changing subscription type
1404      else
1405      {
1406          if($mybb->get_input('do') == "no_notification")
1407          {
1408              $new_notification = 0;
1409          }
1410          elseif($mybb->get_input('do') == "email_notification")
1411          {
1412              $new_notification = 1;
1413          }
1414          elseif($mybb->get_input('do') == "pm_notification")
1415          {
1416              $new_notification = 2;
1417          }
1418  
1419          // Update
1420          $update_array = array("notification" => $new_notification);
1421          $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1422      }
1423  
1424      // Done, redirect
1425      redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated);
1426  }
1427  
1428  if($mybb->input['action'] == "subscriptions")
1429  {
1430      $plugins->run_hooks("usercp_subscriptions_start");
1431  
1432      // Thread visiblity
1433      $visible = "AND t.visible != 0";
1434      if(is_moderator() == true)
1435      {
1436          $visible = '';
1437      }
1438  
1439      // Do Multi Pages
1440      $query = $db->query("
1441          SELECT COUNT(ts.tid) as threads
1442          FROM ".TABLE_PREFIX."threadsubscriptions ts
1443          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = ts.tid)
1444          WHERE ts.uid = '".$mybb->user['uid']."' AND t.visible >= 0 {$visible}
1445      ");
1446      $threadcount = $db->fetch_field($query, "threads");
1447  
1448      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
1449      {
1450          $mybb->settings['threadsperpage'] = 20;
1451      }
1452  
1453      $perpage = $mybb->settings['threadsperpage'];
1454      $page = $mybb->get_input('page', MyBB::INPUT_INT);
1455      if($page > 0)
1456      {
1457          $start = ($page-1) * $perpage;
1458          $pages = $threadcount / $perpage;
1459          $pages = ceil($pages);
1460          if($page > $pages || $page <= 0)
1461          {
1462              $start = 0;
1463              $page = 1;
1464          }
1465      }
1466      else
1467      {
1468          $start = 0;
1469          $page = 1;
1470      }
1471      $end = $start + $perpage;
1472      $lower = $start+1;
1473      $upper = $end;
1474      if($upper > $threadcount)
1475      {
1476          $upper = $threadcount;
1477      }
1478      $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions");
1479      $fpermissions = forum_permissions();
1480      $del_subscriptions = $subscriptions = array();
1481  
1482      // Fetch subscriptions
1483      $query = $db->query("
1484          SELECT s.*, t.*, t.username AS threadusername, u.username
1485          FROM ".TABLE_PREFIX."threadsubscriptions s
1486          LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
1487          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
1488          WHERE s.uid='".$mybb->user['uid']."' and t.visible >= 0 {$visible}
1489          ORDER BY t.lastpost DESC
1490          LIMIT $start, $perpage
1491      ");
1492      while($subscription = $db->fetch_array($query))
1493      {
1494          $forumpermissions = $fpermissions[$subscription['fid']];
1495  
1496          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']))
1497          {
1498              // Hmm, you don't have permission to view this thread - unsubscribe!
1499              $del_subscriptions[] = $subscription['sid'];
1500          }
1501          elseif($subscription['tid'])
1502          {
1503              $subscriptions[$subscription['tid']] = $subscription;
1504          }
1505      }
1506  
1507      if(!empty($del_subscriptions))
1508      {
1509          $sids = implode(',', $del_subscriptions);
1510  
1511          if($sids)
1512          {
1513              $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'");
1514          }
1515  
1516          $threadcount = $threadcount - count($del_subscriptions);
1517  
1518          if($threadcount < 0)
1519          {
1520              $threadcount = 0;
1521          }
1522      }
1523  
1524      if(!empty($subscriptions))
1525      {
1526          $tids = implode(",", array_keys($subscriptions));
1527          $readforums = array();
1528  
1529          // Build a forum cache.
1530          $query = $db->query("
1531              SELECT f.fid, fr.dateline AS lastread
1532              FROM ".TABLE_PREFIX."forums f
1533              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1534              WHERE f.active != 0
1535              ORDER BY pid, disporder
1536          ");
1537  
1538          while($forum = $db->fetch_array($query))
1539          {
1540              $readforums[$forum['fid']] = $forum['lastread'];
1541          }
1542  
1543          // Check participation by the current user in any of these threads - for 'dot' folder icons
1544          if($mybb->settings['dotfolders'] != 0)
1545          {
1546              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1547              while($post = $db->fetch_array($query))
1548              {
1549                  $subscriptions[$post['tid']]['doticon'] = 1;
1550              }
1551          }
1552  
1553          // Read threads
1554          if($mybb->settings['threadreadcut'] > 0)
1555          {
1556              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1557              while($readthread = $db->fetch_array($query))
1558              {
1559                  $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
1560              }
1561          }
1562  
1563          $icon_cache = $cache->read("posticons");
1564          $threadprefixes = build_prefixes();
1565  
1566          $threads = '';
1567  
1568          // Now we can build our subscription list
1569          foreach($subscriptions as $thread)
1570          {
1571              $bgcolor = alt_trow();
1572  
1573              $folder = '';
1574              $prefix = '';
1575              $thread['threadprefix'] = '';
1576  
1577              // If this thread has a prefix, insert a space between prefix and subject
1578              if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']]))
1579              {
1580                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
1581              }
1582  
1583              // Sanitize
1584              $thread['subject'] = $parser->parse_badwords($thread['subject']);
1585              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1586  
1587              // Build our links
1588              $thread['threadlink'] = get_thread_link($thread['tid']);
1589              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
1590  
1591              // Fetch the thread icon if we have one
1592              if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
1593              {
1594                  $icon = $icon_cache[$thread['icon']];
1595                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
1596                  $icon['path'] = htmlspecialchars_uni($icon['path']);
1597                  $icon['name'] = htmlspecialchars_uni($icon['name']);
1598                  eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
1599              }
1600              else
1601              {
1602                  $icon = "&nbsp;";
1603              }
1604  
1605              // Determine the folder
1606              $folder = '';
1607              $folder_label = '';
1608  
1609              if(isset($thread['doticon']))
1610              {
1611                  $folder = "dot_";
1612                  $folder_label .= $lang->icon_dot;
1613              }
1614  
1615              $gotounread = '';
1616              $isnew = 0;
1617              $donenew = 0;
1618              $lastread = 0;
1619  
1620              if($mybb->settings['threadreadcut'] > 0)
1621              {
1622                  $forum_read = $readforums[$thread['fid']];
1623  
1624                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1625                  if($forum_read == 0 || $forum_read < $read_cutoff)
1626                  {
1627                      $forum_read = $read_cutoff;
1628                  }
1629              }
1630  
1631              $cutoff = 0;
1632              if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
1633              {
1634                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1635              }
1636  
1637              if($thread['lastpost'] > $cutoff)
1638              {
1639                  if($thread['lastread'])
1640                  {
1641                      $lastread = $thread['lastread'];
1642                  }
1643                  else
1644                  {
1645                      $lastread = 1;
1646                  }
1647              }
1648  
1649              if(!$lastread)
1650              {
1651                  $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
1652                  if($readcookie > $forum_read)
1653                  {
1654                      $lastread = $readcookie;
1655                  }
1656                  else
1657                  {
1658                      $lastread = $forum_read;
1659                  }
1660              }
1661  
1662              if($lastread && $lastread < $thread['lastpost'])
1663              {
1664                  $folder .= "new";
1665                  $folder_label .= $lang->icon_new;
1666                  $new_class = "subject_new";
1667                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
1668                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1669                  $unreadpost = 1;
1670              }
1671              else
1672              {
1673                  $folder_label .= $lang->icon_no_new;
1674                  $new_class = "subject_old";
1675              }
1676  
1677              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
1678              {
1679                  $folder .= "hot";
1680                  $folder_label .= $lang->icon_hot;
1681              }
1682  
1683              if($thread['closed'] == 1)
1684              {
1685                  $folder .= "close";
1686                  $folder_label .= $lang->icon_close;
1687              }
1688  
1689              $folder .= "folder";
1690  
1691              if($thread['visible'] == 0)
1692              {
1693                  $bgcolor = "trow_shaded";
1694              }
1695  
1696              // Build last post info
1697              $lastpostdate = my_date('relative', $thread['lastpost']);
1698              if(!$lastposteruid && !$thread['lastposter'])
1699              {
1700                  $lastposter = htmlspecialchars_uni($lang->guest);
1701              }
1702              else
1703              {
1704                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
1705              }
1706              $lastposteruid = $thread['lastposteruid'];
1707  
1708              // Don't link to guest's profiles (they have no profile).
1709              if($lastposteruid == 0)
1710              {
1711                  $lastposterlink = $lastposter;
1712              }
1713              else
1714              {
1715                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
1716              }
1717  
1718              $thread['replies'] = my_number_format($thread['replies']);
1719              $thread['views'] = my_number_format($thread['views']);
1720  
1721              // What kind of notification type do we have here?
1722              switch($thread['notification'])
1723              {
1724                  case "2": // PM
1725                      $notification_type = $lang->pm_notification;
1726                      break;
1727                  case "1": // Email
1728                      $notification_type = $lang->email_notification;
1729                      break;
1730                  default: // No notification
1731                      $notification_type = $lang->no_notification;
1732              }
1733  
1734              eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";");
1735          }
1736  
1737          // Provide remove options
1738          eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";");
1739      }
1740      else
1741      {
1742          $remove_options = '';
1743          eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";");
1744      }
1745  
1746      $plugins->run_hooks("usercp_subscriptions_end");
1747  
1748      eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";");
1749      output_page($subscriptions);
1750  }
1751  
1752  if($mybb->input['action'] == "forumsubscriptions")
1753  {
1754      $plugins->run_hooks("usercp_forumsubscriptions_start");
1755  
1756      // Build a forum cache.
1757      $query = $db->query("
1758          SELECT f.fid, fr.dateline AS lastread
1759          FROM ".TABLE_PREFIX."forums f
1760          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1761          WHERE f.active != 0
1762          ORDER BY pid, disporder
1763      ");
1764      $readforums = array();
1765      while($forum = $db->fetch_array($query))
1766      {
1767          $readforums[$forum['fid']] = $forum['lastread'];
1768      }
1769  
1770      $fpermissions = forum_permissions();
1771      require_once  MYBB_ROOT."inc/functions_forumlist.php";
1772  
1773      $query = $db->query("
1774          SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread
1775          FROM ".TABLE_PREFIX."forumsubscriptions fs
1776          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid)
1777          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid)
1778          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1779          WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."'
1780          ORDER BY f.name ASC
1781      ");
1782  
1783      $forums = '';
1784      while($forum = $db->fetch_array($query))
1785      {
1786          $forum_url = get_forum_link($forum['fid']);
1787          $forumpermissions = $fpermissions[$forum['fid']];
1788  
1789          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1790          {
1791              continue;
1792          }
1793  
1794          $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
1795          $folder = $lightbulb['folder'];
1796  
1797          if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0)
1798          {
1799              $posts = '-';
1800              $threads = '-';
1801          }
1802          else
1803          {
1804              $posts = my_number_format($forum['posts']);
1805              $threads = my_number_format($forum['threads']);
1806          }
1807  
1808          if($forum['lastpost'] == 0)
1809          {
1810              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";");
1811          }
1812          // Hide last post
1813          elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid'])
1814          {
1815              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";");
1816          }
1817          else
1818          {
1819              $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']);
1820              $lastpost_date = my_date('relative', $forum['lastpost']);
1821              $lastposttid = $forum['lastposttid'];
1822              if(!$forum['lastposteruid'] && !$forum['lastposter'])
1823              {
1824                  $lastposter = htmlspecialchars_uni($lang->guest);
1825              }
1826              else
1827              {
1828                  $lastposter = htmlspecialchars_uni($forum['lastposter']);
1829              }
1830              if($forum['lastposteruid'] == 0)
1831              {
1832                  $lastpost_profilelink = $lastposter;
1833              }
1834              else
1835              {
1836                  $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);
1837              }
1838              $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']);
1839              if(my_strlen($lastpost_subject) > 25)
1840              {
1841                  $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
1842              }
1843              $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost");
1844              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";");
1845          }
1846  
1847          if($mybb->settings['showdescriptions'] == 0)
1848          {
1849              $forum['description'] = "";
1850          }
1851  
1852          eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";");
1853      }
1854  
1855      if(!$forums)
1856      {
1857          eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";");
1858      }
1859  
1860      $plugins->run_hooks("usercp_forumsubscriptions_end");
1861  
1862      eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";");
1863      output_page($forumsubscriptions);
1864  }
1865  
1866  if($mybb->input['action'] == "do_addsubscription" && $mybb->get_input('type') != "forum")
1867  {
1868      // Verify incoming POST request
1869      verify_post_check($mybb->get_input('my_post_key'));
1870  
1871      $thread = get_thread($mybb->get_input('tid'));
1872      if(!$thread)
1873      {
1874          error($lang->error_invalidthread);
1875      }
1876  
1877      // Is the currently logged in user a moderator of this forum?
1878      $ismod = is_moderator($thread['fid']);
1879  
1880      // Make sure we are looking at a real thread here.
1881      if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
1882      {
1883          error($lang->error_invalidthread);
1884      }
1885  
1886      $forumpermissions = forum_permissions($thread['fid']);
1887      if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1888      {
1889          error_no_permission();
1890      }
1891  
1892      // check if the forum requires a password to view. If so, we need to show a form to the user
1893      check_forum_password($thread['fid']);
1894  
1895      // Naming of the hook retained for backward compatibility while dropping usercp2.php
1896      $plugins->run_hooks("usercp2_do_addsubscription");
1897  
1898      add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT));
1899  
1900      if($mybb->get_input('referrer'))
1901      {
1902          $url = htmlspecialchars_uni($mybb->get_input('referrer'));
1903      }
1904      else
1905      {
1906          $url = get_thread_link($thread['tid']);
1907      }
1908      redirect($url, $lang->redirect_subscriptionadded);
1909  }
1910  
1911  if($mybb->input['action'] == "addsubscription")
1912  {
1913      // Verify incoming POST request
1914      verify_post_check($mybb->get_input('my_post_key'));
1915  
1916      if($mybb->get_input('type') == "forum")
1917      {
1918          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
1919          if(!$forum)
1920          {
1921              error($lang->error_invalidforum);
1922          }
1923          $forumpermissions = forum_permissions($forum['fid']);
1924          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1925          {
1926              error_no_permission();
1927          }
1928  
1929          // check if the forum requires a password to view. If so, we need to show a form to the user
1930          check_forum_password($forum['fid']);
1931  
1932          // Naming of the hook retained for backward compatibility while dropping usercp2.php
1933          $plugins->run_hooks("usercp2_addsubscription_forum");
1934  
1935          add_subscribed_forum($forum['fid']);
1936          if($server_http_referer && $mybb->request_method != 'post')
1937          {
1938              $url = $server_http_referer;
1939          }
1940          else
1941          {
1942              $url = "index.php";
1943          }
1944          redirect($url, $lang->redirect_forumsubscriptionadded);
1945      }
1946      else
1947      {
1948          $thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1949          if(!$thread)
1950          {
1951              error($lang->error_invalidthread);
1952          }
1953  
1954          // Is the currently logged in user a moderator of this forum?
1955          $ismod = is_moderator($thread['fid']);
1956  
1957          // Make sure we are looking at a real thread here.
1958          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
1959          {
1960              error($lang->error_invalidthread);
1961          }
1962  
1963          add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
1964          add_breadcrumb($lang->nav_addsubscription);
1965  
1966          $forumpermissions = forum_permissions($thread['fid']);
1967          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1968          {
1969              error_no_permission();
1970          }
1971  
1972          // check if the forum requires a password to view. If so, we need to show a form to the user
1973          check_forum_password($thread['fid']);
1974  
1975          $referrer = '';
1976          if($server_http_referer)
1977          {
1978              $referrer = $server_http_referer;
1979          }
1980  
1981          require_once  MYBB_ROOT."inc/class_parser.php";
1982          $parser = new postParser;
1983          $thread['subject'] = $parser->parse_badwords($thread['subject']);
1984          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1985          $lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']);
1986  
1987          $notification_none_checked = $notification_email_checked = $notification_pm_checked = '';
1988          if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0)
1989          {
1990              $notification_none_checked = "checked=\"checked\"";
1991          }
1992          elseif($mybb->user['subscriptionmethod'] == 2)
1993          {
1994              $notification_email_checked = "checked=\"checked\"";
1995          }
1996          elseif($mybb->user['subscriptionmethod'] == 3)
1997          {
1998              $notification_pm_checked = "checked=\"checked\"";
1999          }
2000  
2001          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2002          $plugins->run_hooks("usercp2_addsubscription_thread");
2003  
2004          eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";");
2005          output_page($add_subscription);
2006          exit;
2007      }
2008  }
2009  
2010  if($mybb->input['action'] == "removesubscription")
2011  {
2012      // Verify incoming POST request
2013      verify_post_check($mybb->get_input('my_post_key'));
2014  
2015      if($mybb->get_input('type') == "forum")
2016      {
2017          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2018          if(!$forum)
2019          {
2020              error($lang->error_invalidforum);
2021          }
2022  
2023          // check if the forum requires a password to view. If so, we need to show a form to the user
2024          check_forum_password($forum['fid']);
2025  
2026          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2027          $plugins->run_hooks("usercp2_removesubscription_forum");
2028  
2029          remove_subscribed_forum($forum['fid']);
2030          if($server_http_referer && $mybb->request_method != 'post')
2031          {
2032              $url = $server_http_referer;
2033          }
2034          else
2035          {
2036              $url = "usercp.php?action=forumsubscriptions";
2037          }
2038          redirect($url, $lang->redirect_forumsubscriptionremoved);
2039      }
2040      else
2041      {
2042          $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2043          if(!$thread)
2044          {
2045              error($lang->error_invalidthread);
2046          }
2047  
2048          // Is the currently logged in user a moderator of this forum?
2049          $ismod = is_moderator($thread['fid']);
2050  
2051          // Make sure we are looking at a real thread here.
2052          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2053          {
2054              error($lang->error_invalidthread);
2055          }
2056  
2057          // check if the forum requires a password to view. If so, we need to show a form to the user
2058          check_forum_password($thread['fid']);
2059  
2060          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2061          $plugins->run_hooks("usercp2_removesubscription_thread");
2062  
2063          remove_subscribed_thread($thread['tid']);
2064          if($server_http_referer && $mybb->request_method != 'post')
2065          {
2066              $url = $server_http_referer;
2067          }
2068          else
2069          {
2070              $url = "usercp.php?action=subscriptions";
2071          }
2072          redirect($url, $lang->redirect_subscriptionremoved);
2073      }
2074  }
2075  
2076  if($mybb->input['action'] == "removesubscriptions")
2077  {
2078      // Verify incoming POST request
2079      verify_post_check($mybb->get_input('my_post_key'));
2080  
2081      if($mybb->get_input('type') == "forum")
2082      {
2083          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2084          $plugins->run_hooks("usercp2_removesubscriptions_forum");
2085  
2086          $db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'");
2087          if($server_http_referer)
2088          {
2089              $url = $server_http_referer;
2090          }
2091          else
2092          {
2093              $url = "usercp.php?action=forumsubscriptions";
2094          }
2095          redirect($url, $lang->redirect_forumsubscriptionsremoved);
2096      }
2097      else
2098      {
2099          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2100          $plugins->run_hooks("usercp2_removesubscriptions_thread");
2101  
2102          $db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'");
2103          if($server_http_referer)
2104          {
2105              $url = $server_http_referer;
2106          }
2107          else
2108          {
2109              $url = "usercp.php?action=subscriptions";
2110          }
2111          redirect($url, $lang->redirect_subscriptionsremoved);
2112      }
2113  }
2114  
2115  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
2116  {
2117      // Verify incoming POST request
2118      verify_post_check($mybb->get_input('my_post_key'));
2119  
2120      $plugins->run_hooks("usercp_do_editsig_start");
2121  
2122      // User currently has a suspended signature
2123      if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW)
2124      {
2125          error_no_permission();
2126      }
2127  
2128      if($mybb->get_input('updateposts') == "enable")
2129      {
2130          $update_signature = array(
2131              "includesig" => 1
2132          );
2133          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
2134      }
2135      elseif($mybb->get_input('updateposts') == "disable")
2136      {
2137          $update_signature = array(
2138              "includesig" => 0
2139          );
2140          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
2141      }
2142      $new_signature = array(
2143          "signature" => $db->escape_string($mybb->get_input('signature'))
2144      );
2145      $plugins->run_hooks("usercp_do_editsig_process");
2146      $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'");
2147      $plugins->run_hooks("usercp_do_editsig_end");
2148      redirect("usercp.php?action=editsig", $lang->redirect_sigupdated);
2149  }
2150  
2151  if($mybb->input['action'] == "editsig")
2152  {
2153      $plugins->run_hooks("usercp_editsig_start");
2154      if(!empty($mybb->input['preview']) && empty($error))
2155      {
2156          $sig = $mybb->get_input('signature');
2157          $template = "usercp_editsig_preview";
2158      }
2159      elseif(empty($error))
2160      {
2161          $sig = $mybb->user['signature'];
2162          $template = "usercp_editsig_current";
2163      }
2164      else
2165      {
2166          $sig = $mybb->get_input('signature');
2167          $template = false;
2168      }
2169  
2170      if(!isset($error))
2171      {
2172          $error = '';
2173      }
2174  
2175      if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
2176      {
2177          // User currently has no signature and they're suspended
2178          error($lang->sig_suspended);
2179      }
2180  
2181      if($mybb->usergroup['canusesig'] != 1)
2182      {
2183          // Usergroup has no permission to use this facility
2184          error_no_permission();
2185      }
2186      elseif($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts'])
2187      {
2188          // Usergroup can use this facility, but only after x posts
2189          error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts']));
2190      }
2191  
2192      $signature = '';
2193      if($sig && $template)
2194      {
2195          $sig_parser = array(
2196              "allow_html" => $mybb->settings['sightml'],
2197              "allow_mycode" => $mybb->settings['sigmycode'],
2198              "allow_smilies" => $mybb->settings['sigsmilies'],
2199              "allow_imgcode" => $mybb->settings['sigimgcode'],
2200              "me_username" => $mybb->user['username'],
2201              "filter_badwords" => 1
2202          );
2203  
2204          if($mybb->user['showimages'] != 1)
2205          {
2206              $sig_parser['allow_imgcode'] = 0;
2207          }
2208  
2209          $sigpreview = $parser->parse_message($sig, $sig_parser);
2210          eval("\$signature = \"".$templates->get($template)."\";");
2211      }
2212  
2213      // User has a current signature, so let's display it (but show an error message)
2214      if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW)
2215      {
2216          $plugins->run_hooks("usercp_editsig_end");
2217  
2218          // User either doesn't have permission, or has their signature suspended
2219          eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";");
2220      }
2221      else
2222      {
2223          // User is allowed to edit their signature
2224          if($mybb->settings['sigsmilies'] == 1)
2225          {
2226              $sigsmilies = $lang->on;
2227              $smilieinserter = build_clickable_smilies();
2228          }
2229          else
2230          {
2231              $sigsmilies = $lang->off;
2232          }
2233          if($mybb->settings['sigmycode'] == 1)
2234          {
2235              $sigmycode = $lang->on;
2236          }
2237          else
2238          {
2239              $sigmycode = $lang->off;
2240          }
2241          if($mybb->settings['sightml'] == 1)
2242          {
2243              $sightml = $lang->on;
2244          }
2245          else
2246          {
2247              $sightml = $lang->off;
2248          }
2249          if($mybb->settings['sigimgcode'] == 1)
2250          {
2251              $sigimgcode = $lang->on;
2252          }
2253          else
2254          {
2255              $sigimgcode = $lang->off;
2256          }
2257          $sig = htmlspecialchars_uni($sig);
2258          $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $mybb->settings['siglength']);
2259  
2260          if($mybb->settings['bbcodeinserter'] != 0 || $mybb->user['showcodebuttons'] != 0)
2261          {
2262              $codebuttons = build_mycode_inserter("signature");
2263          }
2264  
2265          $plugins->run_hooks("usercp_editsig_end");
2266  
2267          eval("\$editsig = \"".$templates->get("usercp_editsig")."\";");
2268      }
2269  
2270      output_page($editsig);
2271  }
2272  
2273  if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post")
2274  {
2275      // Verify incoming POST request
2276      verify_post_check($mybb->get_input('my_post_key'));
2277  
2278      $plugins->run_hooks("usercp_do_avatar_start");
2279      require_once  MYBB_ROOT."inc/functions_upload.php";
2280  
2281      $avatar_error = "";
2282  
2283      if(!empty($mybb->input['remove'])) // remove avatar
2284      {
2285          $updated_avatar = array(
2286              "avatar" => "",
2287              "avatardimensions" => "",
2288              "avatartype" => ""
2289          );
2290          $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2291          remove_avatars($mybb->user['uid']);
2292      }
2293      elseif($_FILES['avatarupload']['name']) // upload avatar
2294      {
2295          if($mybb->usergroup['canuploadavatars'] == 0)
2296          {
2297              error_no_permission();
2298          }
2299          $avatar = upload_avatar();
2300          if($avatar['error'])
2301          {
2302              $avatar_error = $avatar['error'];
2303          }
2304          else
2305          {
2306              if($avatar['width'] > 0 && $avatar['height'] > 0)
2307              {
2308                  $avatar_dimensions = $avatar['width']."|".$avatar['height'];
2309              }
2310              $updated_avatar = array(
2311                  "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
2312                  "avatardimensions" => $avatar_dimensions,
2313                  "avatartype" => "upload"
2314              );
2315              $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2316          }
2317      }
2318      elseif($mybb->settings['allowremoteavatars']) // remote avatar
2319      {
2320          $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl'));
2321          if(validate_email_format($mybb->input['avatarurl']) != false)
2322          {
2323              // Gravatar
2324              $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']);
2325  
2326              // If user image does not exist, or is a higher rating, use the mystery man
2327              $email = md5($mybb->input['avatarurl']);
2328  
2329              $s = '';
2330              if(!$mybb->settings['maxavatardims'])
2331              {
2332                  $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
2333              }
2334  
2335              // Because Gravatars are square, hijack the width
2336              list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2337              $maxheight = (int)$maxwidth;
2338  
2339              // Rating?
2340              $types = array('g', 'pg', 'r', 'x');
2341              $rating = $mybb->settings['useravatarrating'];
2342  
2343              if(!in_array($rating, $types))
2344              {
2345                  $rating = 'g';
2346              }
2347  
2348              $s = "?s={$maxheight}&r={$rating}&d=mm";
2349  
2350              $updated_avatar = array(
2351                  "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
2352                  "avatardimensions" => "{$maxheight}|{$maxheight}",
2353                  "avatartype" => "gravatar"
2354              );
2355  
2356              $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'");
2357          }
2358          else
2359          {
2360              $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl'));
2361              $ext = get_extension($mybb->input['avatarurl']);
2362  
2363              // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
2364              $file = fetch_remote_file($mybb->input['avatarurl']);
2365              if(!$file)
2366              {
2367                  $avatar_error = $lang->error_invalidavatarurl;
2368              }
2369              else
2370              {
2371                  $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str());
2372                  $fp = @fopen($tmp_name, "wb");
2373                  if(!$fp)
2374                  {
2375                      $avatar_error = $lang->error_invalidavatarurl;
2376                  }
2377                  else
2378                  {
2379                      fwrite($fp, $file);
2380                      fclose($fp);
2381                      list($width, $height, $type) = @getimagesize($tmp_name);
2382                      @unlink($tmp_name);
2383                      if(!$type)
2384                      {
2385                          $avatar_error = $lang->error_invalidavatarurl;
2386                      }
2387                  }
2388              }
2389  
2390              if(empty($avatar_error))
2391              {
2392                  if($width && $height && $mybb->settings['maxavatardims'] != "")
2393                  {
2394                      list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2395                      if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
2396                      {
2397                          $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
2398                          $avatar_error = $lang->error_avatartoobig;
2399                      }
2400                  }
2401              }
2402  
2403              if(empty($avatar_error))
2404              {
2405                  if($width > 0 && $height > 0)
2406                  {
2407                      $avatar_dimensions = (int)$width."|".(int)$height;
2408                  }
2409                  $updated_avatar = array(
2410                      "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW),
2411                      "avatardimensions" => $avatar_dimensions,
2412                      "avatartype" => "remote"
2413                  );
2414                  $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2415                  remove_avatars($mybb->user['uid']);
2416              }
2417          }
2418      }
2419      else // remote avatar, but remote avatars are not allowed
2420      {
2421          $avatar_error = $lang->error_remote_avatar_not_allowed;
2422      }
2423  
2424      if(empty($avatar_error))
2425      {
2426          $plugins->run_hooks("usercp_do_avatar_end");
2427          redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated);
2428      }
2429      else
2430      {
2431          $mybb->input['action'] = "avatar";
2432          $avatar_error = inline_error($avatar_error);
2433      }
2434  }
2435  
2436  if($mybb->input['action'] == "avatar")
2437  {
2438      $plugins->run_hooks("usercp_avatar_start");
2439  
2440      $avatarmsg = $avatarurl = '';
2441  
2442      if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath']))
2443      {
2444          $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>";
2445      }
2446      elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar']))
2447      {
2448          $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>";
2449          $avatarurl = htmlspecialchars_uni($mybb->user['avatar']);
2450      }
2451  
2452      $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100');
2453      eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";");
2454  
2455      if($mybb->settings['maxavatardims'] != "")
2456      {
2457          list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2458          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight);
2459      }
2460  
2461      if($mybb->settings['avatarsize'])
2462      {
2463          $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024);
2464          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize);
2465      }
2466  
2467      $plugins->run_hooks("usercp_avatar_intermediate");
2468  
2469      $auto_resize = '';
2470      if($mybb->settings['avatarresizing'] == "auto")
2471      {
2472          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";");
2473      }
2474      elseif($mybb->settings['avatarresizing'] == "user")
2475      {
2476          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";");
2477      }
2478  
2479      $avatarupload = '';
2480      if($mybb->usergroup['canuploadavatars'] == 1)
2481      {
2482          eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";");
2483      }
2484  
2485      $avatar_remote = '';
2486      if($mybb->settings['allowremoteavatars'] == 1)
2487      {
2488          eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";");
2489      }
2490  
2491      $removeavatar = '';
2492      if(!empty($mybb->user['avatar']))
2493      {
2494          eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";");
2495      }
2496  
2497      $plugins->run_hooks("usercp_avatar_end");
2498  
2499      if(!isset($avatar_error))
2500      {
2501          $avatar_error = '';
2502      }
2503  
2504      eval("\$avatar = \"".$templates->get("usercp_avatar")."\";");
2505      output_page($avatar);
2506  }
2507  
2508  if($mybb->input['action'] == "acceptrequest")
2509  {
2510      // Verify incoming POST request
2511      verify_post_check($mybb->get_input('my_post_key'));
2512  
2513      // Validate request
2514      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2515      $request = $db->fetch_array($query);
2516      if(empty($request))
2517      {
2518          error($lang->invalid_request);
2519      }
2520  
2521      $plugins->run_hooks("usercp_acceptrequest_start");
2522  
2523      $user = get_user($request['uid']);
2524      if(!empty($user))
2525      {
2526          // We want to add us to this user's buddy list
2527          if($user['buddylist'] != '')
2528          {
2529              $user['buddylist'] = explode(',', $user['buddylist']);
2530          }
2531          else
2532          {
2533              $user['buddylist'] = array();
2534          }
2535  
2536          $user['buddylist'][] = (int)$mybb->user['uid'];
2537  
2538          // Now we have the new list, so throw it all back together
2539          $new_list = implode(",", $user['buddylist']);
2540  
2541          // And clean it up a little to ensure there is no possibility of bad values
2542          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2543          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2544  
2545          if(my_substr($new_list, 0, 1) == ",")
2546          {
2547              $new_list = my_substr($new_list, 1);
2548          }
2549          if(my_substr($new_list, -1) == ",")
2550          {
2551              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2552          }
2553  
2554          $user['buddylist'] = $db->escape_string($new_list);
2555  
2556          $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
2557  
2558  
2559          // We want to add the user to our buddy list
2560          if($mybb->user['buddylist'] != '')
2561          {
2562              $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']);
2563          }
2564          else
2565          {
2566              $mybb->user['buddylist'] = array();
2567          }
2568  
2569          $mybb->user['buddylist'][] = (int)$request['uid'];
2570  
2571          // Now we have the new list, so throw it all back together
2572          $new_list = implode(",", $mybb->user['buddylist']);
2573  
2574          // And clean it up a little to ensure there is no possibility of bad values
2575          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2576          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2577  
2578          if(my_substr($new_list, 0, 1) == ",")
2579          {
2580              $new_list = my_substr($new_list, 1);
2581          }
2582          if(my_substr($new_list, -1) == ",")
2583          {
2584              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2585          }
2586  
2587          $mybb->user['buddylist'] = $db->escape_string($new_list);
2588  
2589          $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'");
2590  
2591          $pm = array(
2592              'subject' => 'buddyrequest_accepted_request',
2593              'message' => 'buddyrequest_accepted_request_message',
2594              'touid' => $user['uid'],
2595              'language' => $user['language'],
2596              'language_file' => 'usercp'
2597          );
2598  
2599          send_pm($pm, $mybb->user['uid'], true);
2600  
2601          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2602      }
2603      else
2604      {
2605          error($lang->user_doesnt_exist);
2606      }
2607  
2608      $plugins->run_hooks("usercp_acceptrequest_end");
2609  
2610      redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted);
2611  }
2612  
2613  elseif($mybb->input['action'] == "declinerequest")
2614  {
2615      // Verify incoming POST request
2616      verify_post_check($mybb->get_input('my_post_key'));
2617  
2618      // Validate request
2619      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2620      $request = $db->fetch_array($query);
2621      if(empty($request))
2622      {
2623          error($lang->invalid_request);
2624      }
2625  
2626      $plugins->run_hooks("usercp_declinerequest_start");
2627  
2628      $user = get_user($request['uid']);
2629      if(!empty($user))
2630      {
2631          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2632      }
2633      else
2634      {
2635          error($lang->user_doesnt_exist);
2636      }
2637  
2638      $plugins->run_hooks("usercp_declinerequest_end");
2639  
2640      redirect("usercp.php?action=editlists", $lang->buddyrequest_declined);
2641  }
2642  
2643  elseif($mybb->input['action'] == "cancelrequest")
2644  {
2645      // Verify incoming POST request
2646      verify_post_check($mybb->get_input('my_post_key'));
2647  
2648      // Validate request
2649      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']);
2650      $request = $db->fetch_array($query);
2651      if(empty($request))
2652      {
2653          error($lang->invalid_request);
2654      }
2655  
2656      $plugins->run_hooks("usercp_cancelrequest_start");
2657  
2658      $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2659  
2660      $plugins->run_hooks("usercp_cancelrequest_end");
2661  
2662      redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled);
2663  }
2664  
2665  if($mybb->input['action'] == "do_editlists")
2666  {
2667      // Verify incoming POST request
2668      verify_post_check($mybb->get_input('my_post_key'));
2669  
2670      $plugins->run_hooks("usercp_do_editlists_start");
2671  
2672      $existing_users = array();
2673      $selected_list = array();
2674      if($mybb->get_input('manage') == "ignored")
2675      {
2676          if($mybb->user['ignorelist'])
2677          {
2678              $existing_users = explode(",", $mybb->user['ignorelist']);
2679          }
2680  
2681          if($mybb->user['buddylist'])
2682          {
2683              // Create a list of buddies...
2684              $selected_list = explode(",", $mybb->user['buddylist']);
2685          }
2686      }
2687      else
2688      {
2689          if($mybb->user['buddylist'])
2690          {
2691              $existing_users = explode(",", $mybb->user['buddylist']);
2692          }
2693  
2694          if($mybb->user['ignorelist'])
2695          {
2696              // Create a list of ignored users
2697              $selected_list = explode(",", $mybb->user['ignorelist']);
2698          }
2699      }
2700  
2701      $error_message = "";
2702      $message = "";
2703  
2704      // Adding one or more users to this list
2705      if($mybb->get_input('add_username'))
2706      {
2707          // Split up any usernames we have
2708          $found_users = 0;
2709          $adding_self = false;
2710          $users = explode(",", $mybb->get_input('add_username'));
2711          $users = array_map("trim", $users);
2712          $users = array_unique($users);
2713          foreach($users as $key => $username)
2714          {
2715              if(empty($username))
2716              {
2717                  unset($users[$key]);
2718                  continue;
2719              }
2720  
2721              if(my_strtoupper($mybb->user['username']) == my_strtoupper($username))
2722              {
2723                  $adding_self = true;
2724                  unset($users[$key]);
2725                  continue;
2726              }
2727              $users[$key] = $db->escape_string($username);
2728          }
2729  
2730          // Get the requests we have sent that are still pending
2731          $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']);
2732          $requests = array();
2733          while($req = $db->fetch_array($query))
2734          {
2735              $requests[$req['touid']] = true;
2736          }
2737  
2738          // Get the requests we have received that are still pending
2739          $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']);
2740          $requests_rec = array();
2741          while($req = $db->fetch_array($query))
2742          {
2743              $requests_rec[$req['uid']] = true;
2744          }
2745  
2746          $sent = false;
2747  
2748          // Fetch out new users
2749          if(count($users) > 0)
2750          {
2751              switch($db->type)
2752              {
2753                  case 'mysql':
2754                  case 'mysqli':
2755                      $field = 'username';
2756                      break;
2757                  default:
2758                      $field = 'LOWER(username)';
2759                      break;
2760              }
2761              $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')");
2762              while($user = $db->fetch_array($query))
2763              {
2764                  ++$found_users;
2765  
2766                  // Make sure we're not adding a duplicate
2767                  if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list))
2768                  {
2769                      if($mybb->get_input('manage') == "ignored")
2770                      {
2771                          $error_message = "ignore";
2772                      }
2773                      else
2774                      {
2775                          $error_message = "buddy";
2776                      }
2777  
2778                      // On another list?
2779                      $string = "users_already_on_".$error_message."_list";
2780                      if(in_array($user['uid'], $selected_list))
2781                      {
2782                          $string .= "_alt";
2783                      }
2784  
2785                      $error_message = $lang->$string;
2786                      array_pop($users); // To maintain a proper count when we call count($users)
2787                      continue;
2788                  }
2789  
2790                  if(isset($requests[$user['uid']]))
2791                  {
2792                      if($mybb->get_input('manage') != "ignored")
2793                      {
2794                          $error_message = $lang->users_already_sent_request;
2795                      }
2796                      elseif($mybb->get_input('manage') == "ignored")
2797                      {
2798                          $error_message = $lang->users_already_sent_request_alt;
2799                      }
2800  
2801                      array_pop($users); // To maintain a proper count when we call count($users)
2802                      continue;
2803                  }
2804  
2805                  if(isset($requests_rec[$user['uid']]))
2806                  {
2807                      if($mybb->get_input('manage') != "ignored")
2808                      {
2809                          $error_message = $lang->users_already_rec_request;
2810                      }
2811                      elseif($mybb->get_input('manage') == "ignored")
2812                      {
2813                          $error_message = $lang->users_already_rec_request_alt;
2814                      }
2815  
2816                      array_pop($users); // To maintain a proper count when we call count($users)
2817                      continue;
2818                  }
2819  
2820                  // Do we have auto approval set to On?
2821                  if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored")
2822                  {
2823                      $existing_users[] = $user['uid'];
2824  
2825                      $pm = array(
2826                          'subject' => 'buddyrequest_new_buddy',
2827                          'message' => 'buddyrequest_new_buddy_message',
2828                          'touid' => $user['uid'],
2829                          'receivepms' => (int)$user['buddyrequestspm'],
2830                          'language' => $user['language'],
2831                          'language_file' => 'usercp'
2832                      );
2833  
2834                      send_pm($pm);
2835                  }
2836                  elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored")
2837                  {
2838                      // Send request
2839                      $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW));
2840  
2841                      $pm = array(
2842                          'subject' => 'buddyrequest_received',
2843                          'message' => 'buddyrequest_received_message',
2844                          'touid' => $user['uid'],
2845                          'receivepms' => (int)$user['buddyrequestspm'],
2846                          'language' => $user['language'],
2847                          'language_file' => 'usercp'
2848                      );
2849  
2850                      send_pm($pm);
2851  
2852                      $sent = true;
2853                  }
2854                  elseif($mybb->get_input('manage') == "ignored")
2855                  {
2856                      $existing_users[] = $user['uid'];
2857                  }
2858              }
2859          }
2860  
2861          if($found_users < count($users))
2862          {
2863              if($error_message)
2864              {
2865                  $error_message .= "<br />";
2866              }
2867  
2868              $error_message .= $lang->invalid_user_selected;
2869          }
2870  
2871          if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1))
2872          {
2873              if($mybb->get_input('manage') == "ignored")
2874              {
2875                  $message = $lang->users_added_to_ignore_list;
2876              }
2877              else
2878              {
2879                  $message = $lang->users_added_to_buddy_list;
2880              }
2881          }
2882  
2883          if($adding_self == true)
2884          {
2885              if($mybb->get_input('manage') == "ignored")
2886              {
2887                  $error_message = $lang->cant_add_self_to_ignore_list;
2888              }
2889              else
2890              {
2891                  $error_message = $lang->cant_add_self_to_buddy_list;
2892              }
2893          }
2894  
2895          if(count($existing_users) == 0)
2896          {
2897              $message = "";
2898  
2899              if($sent === true)
2900              {
2901                  $message = $lang->buddyrequests_sent_success;
2902              }
2903          }
2904      }
2905  
2906      // Removing a user from this list
2907      elseif($mybb->get_input('delete', MyBB::INPUT_INT))
2908      {
2909          // Check if user exists on the list
2910          $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users);
2911          if($key !== false)
2912          {
2913              unset($existing_users[$key]);
2914              $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT));
2915              if(!empty($user))
2916              {
2917                  // We want to remove us from this user's buddy list
2918                  if($user['buddylist'] != '')
2919                  {
2920                      $user['buddylist'] = explode(',', $user['buddylist']);
2921                  }
2922                  else
2923                  {
2924                      $user['buddylist'] = array();
2925                  }
2926  
2927                  $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $user['buddylist']);
2928                  unset($user['buddylist'][$key]);
2929  
2930                  // Now we have the new list, so throw it all back together
2931                  $new_list = implode(",", $user['buddylist']);
2932  
2933                  // And clean it up a little to ensure there is no possibility of bad values
2934                  $new_list = preg_replace("#,{2,}#", ",", $new_list);
2935                  $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2936  
2937                  if(my_substr($new_list, 0, 1) == ",")
2938                  {
2939                      $new_list = my_substr($new_list, 1);
2940                  }
2941                  if(my_substr($new_list, -1) == ",")
2942                  {
2943                      $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2944                  }
2945  
2946                  $user['buddylist'] = $db->escape_string($new_list);
2947  
2948                  $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
2949              }
2950  
2951              if($mybb->get_input('manage') == "ignored")
2952              {
2953                  $message = $lang->removed_from_ignore_list;
2954              }
2955              else
2956              {
2957                  $message = $lang->removed_from_buddy_list;
2958              }
2959              $user['username'] = htmlspecialchars_uni($user['username']);
2960              $message = $lang->sprintf($message, $user['username']);
2961          }
2962      }
2963  
2964      // Now we have the new list, so throw it all back together
2965      $new_list = implode(",", $existing_users);
2966  
2967      // And clean it up a little to ensure there is no possibility of bad values
2968      $new_list = preg_replace("#,{2,}#", ",", $new_list);
2969      $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2970  
2971      if(my_substr($new_list, 0, 1) == ",")
2972      {
2973          $new_list = my_substr($new_list, 1);
2974      }
2975      if(my_substr($new_list, -1) == ",")
2976      {
2977          $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2978      }
2979  
2980      // And update
2981      $user = array();
2982      if($mybb->get_input('manage') == "ignored")
2983      {
2984          $user['ignorelist'] = $db->escape_string($new_list);
2985          $mybb->user['ignorelist'] = $user['ignorelist'];
2986      }
2987      else
2988      {
2989          $user['buddylist'] = $db->escape_string($new_list);
2990          $mybb->user['buddylist'] = $user['buddylist'];
2991      }
2992  
2993      $db->update_query("users", $user, "uid='".$mybb->user['uid']."'");
2994  
2995      $plugins->run_hooks("usercp_do_editlists_end");
2996  
2997      // Ajax based request, throw new list to browser
2998      if(!empty($mybb->input['ajax']))
2999      {
3000          if($mybb->get_input('manage') == "ignored")
3001          {
3002              $list = "ignore";
3003          }
3004          else
3005          {
3006              $list = "buddy";
3007          }
3008  
3009          $message_js = '';
3010          if($message)
3011          {
3012              $message_js = "$.jGrowl('{$message}', {theme:'jgrowl_success'});";
3013          }
3014  
3015          if($error_message)
3016          {
3017              $message_js .= " $.jGrowl('{$error_message}', {theme:'jgrowl_error'});";
3018          }
3019  
3020          if($mybb->get_input('delete', MyBB::INPUT_INT))
3021          {
3022              header("Content-type: text/javascript");
3023              echo "$(\"#".$mybb->get_input('manage')."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n";
3024              if($new_list == "")
3025              {
3026                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"0\");\n";
3027                  if($mybb->get_input('manage') == "ignored")
3028                  {
3029                      echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n";
3030                  }
3031                  else
3032                  {
3033                      echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n";
3034                  }
3035              }
3036              else
3037              {
3038                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"".count(explode(",", $new_list))."\");\n";
3039              }
3040              echo $message_js;
3041              exit;
3042          }
3043          $mybb->input['action'] = "editlists";
3044      }
3045      else
3046      {
3047          if($error_message)
3048          {
3049              $message .= "<br />".$error_message;
3050          }
3051          redirect("usercp.php?action=editlists#".$mybb->get_input('manage'), $message);
3052      }
3053  }
3054  
3055  if($mybb->input['action'] == "editlists")
3056  {
3057      $plugins->run_hooks("usercp_editlists_start");
3058  
3059      $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
3060  
3061      // Fetch out buddies
3062      $buddy_count = 0;
3063      $buddy_list = '';
3064      if($mybb->user['buddylist'])
3065      {
3066          $type = "buddy";
3067          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username"));
3068          while($user = $db->fetch_array($query))
3069          {
3070              $user['username'] = htmlspecialchars_uni($user['username']);
3071              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3072              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
3073              {
3074                  $status = "online";
3075              }
3076              else
3077              {
3078                  $status = "offline";
3079              }
3080              eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";");
3081              ++$buddy_count;
3082          }
3083      }
3084  
3085      $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count);
3086      if(!$buddy_list)
3087      {
3088          eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";");
3089      }
3090  
3091      // Fetch out ignore list users
3092      $ignore_count = 0;
3093      $ignore_list = '';
3094      if($mybb->user['ignorelist'])
3095      {
3096          $type = "ignored";
3097          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username"));
3098          while($user = $db->fetch_array($query))
3099          {
3100              $user['username'] = htmlspecialchars_uni($user['username']);
3101              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3102              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
3103              {
3104                  $status = "online";
3105              }
3106              else
3107              {
3108                  $status = "offline";
3109              }
3110              eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";");
3111              ++$ignore_count;
3112          }
3113      }
3114  
3115      $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count);
3116      if(!$ignore_list)
3117      {
3118          eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";");
3119      }
3120  
3121      // If an AJAX request from buddy management, echo out whatever the new list is.
3122      if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
3123      {
3124          if($mybb->input['manage'] == "ignored")
3125          {
3126              echo $ignore_list;
3127              echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>";
3128          }
3129          else
3130          {
3131              if(isset($sent) && $sent === true)
3132              {
3133                  $sent_rows = '';
3134                  $query = $db->query("
3135                      SELECT r.*, u.username
3136                      FROM ".TABLE_PREFIX."buddyrequests r
3137                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
3138                      WHERE r.uid=".(int)$mybb->user['uid']);
3139  
3140                  while($request = $db->fetch_array($query))
3141                  {
3142                      $bgcolor = alt_trow();
3143                      $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
3144                      $request['date'] = my_date('relative', $request['date']);
3145                      eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";");
3146                  }
3147  
3148                  if($sent_rows == '')
3149                  {
3150                      eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";");
3151                  }
3152  
3153                  eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";");
3154  
3155                  echo $sentrequests;
3156                  echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>";
3157              }
3158              else
3159              {
3160                  echo $buddy_list;
3161                  echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>";
3162              }
3163          }
3164          exit;
3165      }
3166  
3167      $received_rows = '';
3168      $query = $db->query("
3169          SELECT r.*, u.username
3170          FROM ".TABLE_PREFIX."buddyrequests r
3171          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid)
3172          WHERE r.touid=".(int)$mybb->user['uid']);
3173  
3174      while($request = $db->fetch_array($query))
3175      {
3176          $bgcolor = alt_trow();
3177          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']);
3178          $request['date'] = my_date('relative', $request['date']);
3179          eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";");
3180      }
3181  
3182      if($received_rows == '')
3183      {
3184          eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
3185      }
3186  
3187      eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";");
3188  
3189      $sent_rows = '';
3190      $query = $db->query("
3191          SELECT r.*, u.username
3192          FROM ".TABLE_PREFIX."buddyrequests r
3193          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
3194          WHERE r.uid=".(int)$mybb->user['uid']);
3195  
3196      while($request = $db->fetch_array($query))
3197      {
3198          $bgcolor = alt_trow();
3199          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
3200          $request['date'] = my_date('relative', $request['date']);
3201          eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";");
3202      }
3203  
3204      if($sent_rows == '')
3205      {
3206          eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
3207      }
3208  
3209      eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";");
3210  
3211      $plugins->run_hooks("usercp_editlists_end");
3212  
3213      eval("\$listpage = \"".$templates->get("usercp_editlists")."\";");
3214      output_page($listpage);
3215  }
3216  
3217  if($mybb->input['action'] == "drafts")
3218  {
3219      $plugins->run_hooks("usercp_drafts_start");
3220  
3221      $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'");
3222      $draftcount = $db->fetch_field($query, 'draftcount');
3223  
3224      $drafts = $disable_delete_drafts = '';
3225      $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount));
3226  
3227      // Show a listing of all of the current 'draft' posts or threads the user has.
3228      if($draftcount)
3229      {
3230          $query = $db->query("
3231              SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible
3232              FROM ".TABLE_PREFIX."posts p
3233              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3234              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid)
3235              WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2'
3236              ORDER BY p.dateline DESC
3237          ");
3238  
3239          while($draft = $db->fetch_array($query))
3240          {
3241              $detail = '';
3242              $trow = alt_trow();
3243              if($draft['threadvisible'] == 1) // We're looking at a draft post
3244              {
3245                  $draft['threadlink'] = get_thread_link($draft['tid']);
3246                  $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']);
3247                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";");
3248                  $editurl = "newreply.php?action=editdraft&amp;pid={$draft['pid']}";
3249                  $id = $draft['pid'];
3250                  $type = "post";
3251              }
3252              elseif($draft['threadvisible'] == -2) // We're looking at a draft thread
3253              {
3254                  $draft['forumlink'] = get_forum_link($draft['fid']);
3255                  $draft['forumname'] = htmlspecialchars_uni($draft['forumname']);
3256                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";");
3257                  $editurl = "newthread.php?action=editdraft&amp;tid={$draft['tid']}";
3258                  $id = $draft['tid'];
3259                  $type = "thread";
3260              }
3261  
3262              $draft['subject'] = htmlspecialchars_uni($draft['subject']);
3263              $savedate = my_date('relative', $draft['dateline']);
3264              eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";");
3265          }
3266      }
3267      else
3268      {
3269          $disable_delete_drafts = 'disabled="disabled"';
3270          eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";");
3271      }
3272  
3273      $plugins->run_hooks("usercp_drafts_end");
3274  
3275      eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";");
3276      output_page($draftlist);
3277  }
3278  
3279  if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post")
3280  {
3281      // Verify incoming POST request
3282      verify_post_check($mybb->get_input('my_post_key'));
3283  
3284      $plugins->run_hooks("usercp_do_drafts_start");
3285      $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY);
3286      if(empty($mybb->input['deletedraft']))
3287      {
3288          error($lang->no_drafts_selected);
3289      }
3290      $pidin = array();
3291      $tidin = array();
3292      foreach($mybb->input['deletedraft'] as $id => $val)
3293      {
3294          if($val == "post")
3295          {
3296              $pidin[] = "'".(int)$id."'";
3297          }
3298          elseif($val == "thread")
3299          {
3300              $tidin[] = "'".(int)$id."'";
3301          }
3302      }
3303      if($tidin)
3304      {
3305          $tidin = implode(",", $tidin);
3306          $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3307          $tidinp = "OR tid IN ($tidin)";
3308      }
3309      if($pidin || $tidinp)
3310      {
3311          $pidinq = $tidin = '';
3312          if($pidin)
3313          {
3314              $pidin = implode(",", $pidin);
3315              $pidinq = "pid IN ($pidin)";
3316          }
3317          else
3318          {
3319              $pidinq = "1=0";
3320          }
3321          $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3322      }
3323      $plugins->run_hooks("usercp_do_drafts_end");
3324      redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted);
3325  }
3326  
3327  if($mybb->input['action'] == "usergroups")
3328  {
3329      $plugins->run_hooks("usercp_usergroups_start");
3330      $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].",";
3331  
3332      $usergroups = $mybb->cache->read('usergroups');
3333  
3334      // Changing our display group
3335      if($mybb->get_input('displaygroup', MyBB::INPUT_INT))
3336      {
3337          // Verify incoming POST request
3338          verify_post_check($mybb->get_input('my_post_key'));
3339  
3340          if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false)
3341          {
3342              error($lang->not_member_of_group);
3343          }
3344  
3345          $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)];
3346          if($dispgroup['candisplaygroup'] != 1)
3347          {
3348              error($lang->cannot_set_displaygroup);
3349          }
3350          $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'");
3351          $cache->update_moderators();
3352          $plugins->run_hooks("usercp_usergroups_change_displaygroup");
3353          redirect("usercp.php?action=usergroups", $lang->display_group_changed);
3354          exit;
3355      }
3356  
3357      // Leaving a group
3358      if($mybb->get_input('leavegroup', MyBB::INPUT_INT))
3359      {
3360          // Verify incoming POST request
3361          verify_post_check($mybb->input['my_post_key']);
3362  
3363          if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false)
3364          {
3365              error($lang->not_member_of_group);
3366          }
3367          if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT))
3368          {
3369              error($lang->cannot_leave_primary_group);
3370          }
3371  
3372          $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)];
3373          if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3374          {
3375              error($lang->cannot_leave_group);
3376          }
3377          leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT));
3378          $plugins->run_hooks("usercp_usergroups_leave_group");
3379          redirect("usercp.php?action=usergroups", $lang->left_group);
3380          exit;
3381      }
3382  
3383      $groupleaders = array();
3384  
3385      // List of usergroup leaders
3386      $query = $db->query("
3387          SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language
3388          FROM ".TABLE_PREFIX."groupleaders g
3389          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
3390          ORDER BY u.username ASC
3391      ");
3392      while($leader = $db->fetch_array($query))
3393      {
3394          $groupleaders[$leader['gid']][$leader['uid']] = $leader;
3395      }
3396  
3397      // Joining a group
3398      if($mybb->get_input('joingroup', MyBB::INPUT_INT))
3399      {
3400          // Verify incoming POST request
3401          verify_post_check($mybb->get_input('my_post_key'));
3402  
3403          $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)];
3404  
3405          if($usergroup['type'] == 5)
3406          {
3407              error($lang->cannot_join_invite_group);
3408          }
3409  
3410          if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
3411          {
3412              error($lang->cannot_join_group);
3413          }
3414  
3415          if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false)
3416          {
3417              error($lang->already_member_of_group);
3418          }
3419  
3420          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'");
3421          $joinrequest = $db->fetch_array($query);
3422  
3423          if($joinrequest['rid'])
3424          {
3425              error($lang->already_sent_join_request);
3426          }
3427  
3428          if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4)
3429          {
3430              $reasonlength = my_strlen($mybb->get_input('reason'));
3431              
3432              if($reasonlength > 250) // Reason field is varchar(250) in database
3433              {
3434                  error($lang->sprintf($lang->joinreason_too_long, ($reasonlength - 250)));
3435              }
3436  
3437              $now = TIME_NOW;
3438              $joinrequest = array(
3439                  "uid" => $mybb->user['uid'],
3440                  "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT),
3441                  "reason" => $db->escape_string($mybb->get_input('reason')),
3442                  "dateline" => TIME_NOW
3443              );
3444  
3445              $db->insert_query("joinrequests", $joinrequest);
3446  
3447              if(array_key_exists($usergroup['gid'], $groupleaders))
3448              {
3449                  foreach($groupleaders[$usergroup['gid']] as $leader)
3450                  {
3451                      // Load language
3452                      $lang->set_language($leader['language']);
3453                      $lang->load("messages");
3454  
3455                      $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']);
3456                      $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']);
3457                      my_mail($leader['email'], $subject, $message);
3458                  }
3459              }
3460  
3461              // Load language
3462              $lang->set_language($mybb->user['language']);
3463              $lang->load("messages");
3464  
3465              $plugins->run_hooks("usercp_usergroups_join_group_request");
3466              redirect("usercp.php?action=usergroups", $lang->group_join_requestsent);
3467              exit;
3468          }
3469          elseif($usergroup['type'] == 4)
3470          {
3471              $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT);
3472              eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
3473              output_page($joinpage);
3474              exit;
3475          }
3476          else
3477          {
3478              join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT));
3479              $plugins->run_hooks("usercp_usergroups_join_group");
3480              redirect("usercp.php?action=usergroups", $lang->joined_group);
3481          }
3482      }
3483  
3484      // Accepting invitation
3485      if($mybb->get_input('acceptinvite', MyBB::INPUT_INT))
3486      {
3487          // Verify incoming POST request
3488          verify_post_check($mybb->get_input('my_post_key'));
3489  
3490          $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)];
3491  
3492          if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false)
3493          {
3494              error($lang->already_accepted_invite);
3495          }
3496  
3497          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'");
3498          $joinrequest = $db->fetch_array($query);
3499          if($joinrequest['rid'])
3500          {
3501              join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT));
3502              $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'");
3503              $plugins->run_hooks("usercp_usergroups_accept_invite");
3504              redirect("usercp.php?action=usergroups", $lang->joined_group);
3505          }
3506          else
3507          {
3508              error($lang->no_pending_invitation);
3509          }
3510      }
3511      // Show listing of various group related things
3512  
3513      // List of groups this user is a leader of
3514      $groupsledlist = '';
3515  
3516      switch($db->type)
3517      {
3518          case "pgsql":
3519          case "sqlite":
3520              $query = $db->query("
3521                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3522                  FROM ".TABLE_PREFIX."groupleaders l
3523                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3524                  LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
3525                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3526                  WHERE l.uid='".$mybb->user['uid']."'
3527                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3528              ");
3529              break;
3530          default:
3531              $query = $db->query("
3532                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3533                  FROM ".TABLE_PREFIX."groupleaders l
3534                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3535                  LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
3536                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3537                  WHERE l.uid='".$mybb->user['uid']."'
3538                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3539              ");
3540      }
3541  
3542      while($usergroup = $db->fetch_array($query))
3543      {
3544          $memberlistlink = $moderaterequestslink = '';
3545          eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";");
3546          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3547          if($usergroup['type'] != 4)
3548          {
3549              $usergroup['joinrequests'] = '--';
3550          }
3551          if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1)
3552          {
3553              eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";");
3554          }
3555          $groupleader[$usergroup['gid']] = 1;
3556          $trow = alt_trow();
3557          eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";");
3558      }
3559      $leadinggroups = '';
3560      if($groupsledlist)
3561      {
3562          eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";");
3563      }
3564  
3565      // Fetch the list of groups the member is in
3566      // Do the primary group first
3567      $usergroup = $usergroups[$mybb->user['usergroup']];
3568      $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3569      $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3570      $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3571      eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";");
3572      $trow = alt_trow();
3573      if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3574      {
3575          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3576      }
3577      elseif($usergroup['candisplaygroup'] == 1)
3578      {
3579          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3580      }
3581      else
3582      {
3583          $displaycode = '';
3584      }
3585  
3586      eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3587      $showmemberof = false;
3588      if($mybb->user['additionalgroups'])
3589      {
3590          $query = $db->simple_select("usergroups", "*", "gid IN (".$mybb->user['additionalgroups'].") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title'));
3591          while($usergroup = $db->fetch_array($query))
3592          {
3593              $showmemberof = true;
3594  
3595              if(isset($groupleader[$usergroup['gid']]))
3596              {
3597                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";");
3598              }
3599              elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3600              {
3601                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";");
3602              }
3603              else
3604              {
3605                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";");
3606              }
3607  
3608              $description = '';
3609              $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3610              $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3611              if($usergroup['description'])
3612              {
3613                  $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3614                  eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";");
3615              }
3616              $trow = alt_trow();
3617              if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3618              {
3619                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3620              }
3621              elseif($usergroup['candisplaygroup'] == 1)
3622              {
3623                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3624              }
3625              else
3626              {
3627                  $displaycode = '';
3628              }
3629              eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3630          }
3631      }
3632      eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";");
3633  
3634      // List of groups this user has applied for but has not been accepted in to
3635      $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'");
3636      while($request = $db->fetch_array($query))
3637      {
3638          $appliedjoin[$request['gid']] = $request['dateline'];
3639      }
3640  
3641      // Fetch list of groups the member can join
3642      $existinggroups = $mybb->user['usergroup'];
3643      if($mybb->user['additionalgroups'])
3644      {
3645          $existinggroups .= ",".$mybb->user['additionalgroups'];
3646      }
3647  
3648      $joinablegroups = $joinablegrouplist = '';
3649      $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4' OR type='5') AND gid NOT IN ($existinggroups)", array('order_by' => 'title'));
3650      while($usergroup = $db->fetch_array($query))
3651      {
3652          $trow = alt_trow();
3653  
3654          $description = '';
3655          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3656          if($usergroup['description'])
3657          {
3658              $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3659              eval("\$description = \"".$templates->get("usercp_usergroups_joinable_usergroup_description")."\";");
3660          }
3661  
3662          // Moderating join requests?
3663          if($usergroup['type'] == 4)
3664          {
3665              $conditions = $lang->usergroup_joins_moderated;
3666          }
3667          elseif($usergroup['type'] == 5)
3668          {
3669              $conditions = $lang->usergroup_joins_invite;
3670          }
3671          else
3672          {
3673              $conditions = $lang->usergroup_joins_anyone;
3674          }
3675  
3676          if(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] != 5)
3677          {
3678              $applydate = my_date('relative', $appliedjoin[$usergroup['gid']]);
3679              $joinlink = $lang->sprintf($lang->join_group_applied, $applydate);
3680          }
3681          elseif(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] == 5)
3682          {
3683              $joinlink = $lang->sprintf($lang->pending_invitation, $usergroup['gid'], $mybb->post_code);
3684          }
3685          elseif($usergroup['type'] == 5)
3686          {
3687              $joinlink = "--";
3688          }
3689          else
3690          {
3691              eval("\$joinlink = \"".$templates->get("usercp_usergroups_joinable_usergroup_join")."\";");
3692          }
3693  
3694          $usergroupleaders = '';
3695          if(!empty($groupleaders[$usergroup['gid']]))
3696          {
3697              $comma = '';
3698              $usergroupleaders = '';
3699              foreach($groupleaders[$usergroup['gid']] as $leader)
3700              {
3701                  $leader['username'] = format_name(htmlspecialchars_uni($leader['username']), $leader['usergroup'], $leader['displaygroup']);
3702                  $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']);
3703                  $comma = $lang->comma;
3704              }
3705              $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders;
3706          }
3707  
3708          if(my_strpos($usergroupleaders, $mybb->user['username']) === false)
3709          {
3710              // User is already a leader of the group, so don't show as a "Join Group"
3711              eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";");
3712          }
3713      }
3714      if($joinablegrouplist)
3715      {
3716          eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";");
3717      }
3718  
3719      $plugins->run_hooks("usercp_usergroups_end");
3720  
3721      eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";");
3722      output_page($groupmemberships);
3723  }
3724  
3725  if($mybb->input['action'] == "attachments")
3726  {
3727      $plugins->run_hooks("usercp_attachments_start");
3728      require_once  MYBB_ROOT."inc/functions_upload.php";
3729  
3730      if($mybb->settings['enableattachments'] == 0)
3731      {
3732          error($lang->attachments_disabled);
3733      }
3734  
3735      $attachments = '';
3736  
3737      // Pagination
3738      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
3739      {
3740          $mybb->settings['threadsperpage'] = 20;
3741      }
3742  
3743      $perpage = $mybb->settings['threadsperpage'];
3744      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3745  
3746      if($page > 0)
3747      {
3748          $start = ($page-1) * $perpage;
3749      }
3750      else
3751      {
3752          $start = 0;
3753          $page = 1;
3754      }
3755  
3756      $end = $start + $perpage;
3757      $lower = $start+1;
3758  
3759      $query = $db->query("
3760          SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject
3761          FROM ".TABLE_PREFIX."attachments a
3762          LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
3763          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3764          WHERE a.uid='".$mybb->user['uid']."'
3765          ORDER BY p.dateline DESC LIMIT {$start}, {$perpage}
3766      ");
3767  
3768      $bandwidth = $totaldownloads = 0;
3769      while($attachment = $db->fetch_array($query))
3770      {
3771          if($attachment['dateline'] && $attachment['tid'])
3772          {
3773              $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject']));
3774              $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
3775              $attachment['threadlink'] = get_thread_link($attachment['tid']);
3776              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
3777  
3778              $size = get_friendly_size($attachment['filesize']);
3779              $icon = get_attachment_icon(get_extension($attachment['filename']));
3780              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
3781  
3782              $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
3783              $attachdate = my_date('relative', $attachment['dateline']);
3784              $altbg = alt_trow();
3785  
3786              eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");
3787  
3788              // Add to bandwidth total
3789              $bandwidth += ($attachment['filesize'] * $attachment['downloads']);
3790              $totaldownloads += $attachment['downloads'];
3791          }
3792          else
3793          {
3794              // This little thing delets attachments without a thread/post
3795              remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']);
3796          }
3797      }
3798  
3799      $query = $db->simple_select("attachments", "SUM(filesize) AS ausage, COUNT(aid) AS acount", "uid='".$mybb->user['uid']."'");
3800      $usage = $db->fetch_array($query);
3801      $totalusage = $usage['ausage'];
3802      $totalattachments = $usage['acount'];
3803      $friendlyusage = get_friendly_size((int)$totalusage);
3804      if($mybb->usergroup['attachquota'])
3805      {
3806          $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100);
3807          $friendlyusage .= $lang->sprintf($lang->attachments_usage_percent, $percent);
3808          $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
3809          $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $totalattachments);
3810      }
3811      else
3812      {
3813          $attachquota = $lang->unlimited;
3814          $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments);
3815      }
3816  
3817      $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments");
3818      $bandwidth = get_friendly_size($bandwidth);
3819  
3820      if(!$attachments)
3821      {
3822          eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";");
3823          $usagenote = '';
3824      }
3825  
3826      $plugins->run_hooks("usercp_attachments_end");
3827  
3828      eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";");
3829      output_page($manageattachments);
3830  }
3831  
3832  if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post")
3833  {
3834      // Verify incoming POST request
3835      verify_post_check($mybb->get_input('my_post_key'));
3836  
3837      $plugins->run_hooks("usercp_do_attachments_start");
3838      require_once  MYBB_ROOT."inc/functions_upload.php";
3839      if(!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments']))
3840      {
3841          error($lang->no_attachments_selected);
3842      }
3843      $aids = implode(',', array_map('intval', $mybb->input['attachments']));
3844      $query = $db->simple_select("attachments", "*", "aid IN ($aids) AND uid='".$mybb->user['uid']."'");
3845      while($attachment = $db->fetch_array($query))
3846      {
3847          remove_attachment($attachment['pid'], '', $attachment['aid']);
3848      }
3849      $plugins->run_hooks("usercp_do_attachments_end");
3850      redirect("usercp.php?action=attachments", $lang->attachments_deleted);
3851  }
3852  
3853  if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post")
3854  {
3855      // Verify incoming POST request
3856      verify_post_check($mybb->get_input('my_post_key'));
3857  
3858      // Cap at 60,000 chars; text will allow up to 65535?
3859      if(my_strlen($mybb->get_input('notepad')) > 60000)
3860      {
3861          $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000);
3862      }
3863  
3864      $plugins->run_hooks("usercp_do_notepad_start");
3865      $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='".$mybb->user['uid']."'");
3866      $plugins->run_hooks("usercp_do_notepad_end");
3867      redirect("usercp.php", $lang->redirect_notepadupdated);
3868  }
3869  
3870  if(!$mybb->input['action'])
3871  {
3872      // Get posts per day
3873      $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600);
3874  
3875      if($daysreg < 1)
3876      {
3877          $daysreg = 1;
3878      }
3879  
3880      $perday = $mybb->user['postnum'] / $daysreg;
3881