[ Index ]

PHP Cross Reference of MyBB 1.8.36

title

Body

[close]

/ -> usercp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'usercp.php');
  13  define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions");
  14  
  15  $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon";
  16  $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation";
  18  $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom";
  19  $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle";
  20  $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text";
  21  $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings";
  22  $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join";
  23  $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  24  $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_profile_contact_fields_field,usercp_latest_subscribed_threads,usercp_profile_contact_fields,usercp_profile_day,usercp_nav_home";
  25  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox";
  26  $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options";
  27  $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user";
  28  $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms";
  29  $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format";
  30  $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply";
  31  $templatelist .= ",usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,";
  32  
  33  require_once  "./global.php";
  34  require_once  MYBB_ROOT."inc/functions_post.php";
  35  require_once  MYBB_ROOT."inc/functions_search.php";
  36  require_once  MYBB_ROOT."inc/functions_user.php";
  37  require_once  MYBB_ROOT."inc/class_parser.php";
  38  $parser = new postParser;
  39  
  40  // Load global language phrases
  41  $lang->load("usercp");
  42  
  43  if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $errors = '';
  49  
  50  $mybb->input['action'] = $mybb->get_input('action');
  51  
  52  usercp_menu();
  53  
  54  $server_http_referer = '';
  55  if(isset($_SERVER['HTTP_REFERER']))
  56  {
  57      $server_http_referer = htmlentities($_SERVER['HTTP_REFERER']);
  58  
  59      if(my_strpos($server_http_referer, $mybb->settings['bburl'].'/') !== 0)
  60      {
  61          if(my_strpos($server_http_referer, '/') === 0)
  62          {
  63              $server_http_referer = my_substr($server_http_referer, 1);
  64          }
  65          $url_segments = explode('/', $server_http_referer);
  66          $server_http_referer = $mybb->settings['bburl'].'/'.end($url_segments);
  67      }
  68  }
  69  
  70  $plugins->run_hooks("usercp_start");
  71  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
  72  {
  73      require_once  MYBB_ROOT."inc/datahandlers/user.php";
  74      $userhandler = new UserDataHandler();
  75  
  76      $data = array(
  77          'uid' => $mybb->user['uid'],
  78          'signature' => $mybb->get_input('signature'),
  79      );
  80  
  81      $userhandler->set_data($data);
  82  
  83      if(!$userhandler->verify_signature())
  84      {
  85          $error = inline_error($userhandler->get_friendly_errors());
  86      }
  87  
  88      if(isset($error) || !empty($mybb->input['preview']))
  89      {
  90          $mybb->input['action'] = "editsig";
  91      }
  92  }
  93  
  94  // Make navigation
  95  add_breadcrumb($lang->nav_usercp, "usercp.php");
  96  
  97  switch($mybb->input['action'])
  98  {
  99      case "profile":
 100      case "do_profile":
 101          add_breadcrumb($lang->ucp_nav_profile);
 102          break;
 103      case "options":
 104      case "do_options":
 105          add_breadcrumb($lang->nav_options);
 106          break;
 107      case "email":
 108      case "do_email":
 109          add_breadcrumb($lang->nav_email);
 110          break;
 111      case "password":
 112      case "do_password":
 113          add_breadcrumb($lang->nav_password);
 114          break;
 115      case "changename":
 116      case "do_changename":
 117          add_breadcrumb($lang->nav_changename);
 118          break;
 119      case "subscriptions":
 120          add_breadcrumb($lang->ucp_nav_subscribed_threads);
 121          break;
 122      case "forumsubscriptions":
 123          add_breadcrumb($lang->ucp_nav_forum_subscriptions);
 124          break;
 125      case "editsig":
 126      case "do_editsig":
 127          add_breadcrumb($lang->nav_editsig);
 128          break;
 129      case "avatar":
 130      case "do_avatar":
 131          add_breadcrumb($lang->nav_avatar);
 132          break;
 133      case "notepad":
 134      case "do_notepad":
 135          add_breadcrumb($lang->ucp_nav_notepad);
 136          break;
 137      case "editlists":
 138      case "do_editlists":
 139          add_breadcrumb($lang->ucp_nav_editlists);
 140          break;
 141      case "drafts":
 142          add_breadcrumb($lang->ucp_nav_drafts);
 143          break;
 144      case "usergroups":
 145          add_breadcrumb($lang->ucp_nav_usergroups);
 146          break;
 147      case "attachments":
 148          add_breadcrumb($lang->ucp_nav_attachments);
 149          break;
 150  }
 151  
 152  if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
 153  {
 154      // Verify incoming POST request
 155      verify_post_check($mybb->get_input('my_post_key'));
 156  
 157      $user = array();
 158  
 159      $plugins->run_hooks("usercp_do_profile_start");
 160  
 161      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
 162      {
 163          $awaydate = TIME_NOW;
 164          if(!empty($mybb->input['awayday']))
 165          {
 166              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 167              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
 168              {
 169                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
 170              }
 171              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
 172              {
 173                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
 174              }
 175  
 176              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
 177              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
 178              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
 179  
 180              // Check if return date is after the away date.
 181              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 182              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 183              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 184              {
 185                  error($lang->error_usercp_return_date_past);
 186              }
 187  
 188              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 189          }
 190          else
 191          {
 192              $returndate = "";
 193          }
 194          $away = array(
 195              "away" => 1,
 196              "date" => $awaydate,
 197              "returndate" => $returndate,
 198              "awayreason" => $mybb->get_input('awayreason')
 199          );
 200      }
 201      else
 202      {
 203          $away = array(
 204              "away" => 0,
 205              "date" => '',
 206              "returndate" => '',
 207              "awayreason" => ''
 208          );
 209      }
 210  
 211      $bday = array(
 212          "day" => $mybb->get_input('bday1', MyBB::INPUT_INT),
 213          "month" => $mybb->get_input('bday2', MyBB::INPUT_INT),
 214          "year" => $mybb->get_input('bday3', MyBB::INPUT_INT)
 215      );
 216  
 217      // Set up user handler.
 218      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 219      $userhandler = new UserDataHandler("update");
 220  
 221      $user = array_merge($user, array(
 222          "uid" => $mybb->user['uid'],
 223          "postnum" => $mybb->user['postnum'],
 224          "usergroup" => $mybb->user['usergroup'],
 225          "additionalgroups" => $mybb->user['additionalgroups'],
 226          "birthday" => $bday,
 227          "birthdayprivacy" => $mybb->get_input('birthdayprivacy'),
 228          "away" => $away,
 229          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY)
 230      ));
 231      foreach(array('icq', 'skype', 'google') as $cfield)
 232      {
 233          $csetting = 'allow'.$cfield.'field';
 234          if($mybb->settings[$csetting] == '')
 235          {
 236              continue;
 237          }
 238  
 239          if(!is_member($mybb->settings[$csetting]))
 240          {
 241              continue;
 242          }
 243  
 244          if($cfield == 'icq')
 245          {
 246              $user[$cfield] = $mybb->get_input($cfield, 1);
 247  
 248              if(my_strlen($user[$cfield]) > 10)
 249              {
 250                  error($lang->contact_field_icqerror);
 251              }
 252          }
 253          else
 254          {
 255              $user[$cfield] = $mybb->get_input($cfield);
 256  
 257              if(my_strlen($user[$cfield]) > 75)
 258              {
 259                  error($lang->contact_field_error);
 260              }
 261          }
 262      }
 263  
 264      if($mybb->usergroup['canchangewebsite'] == 1)
 265      {
 266          $user['website'] = $mybb->get_input('website');
 267      }
 268  
 269      if($mybb->usergroup['cancustomtitle'] == 1)
 270      {
 271          if($mybb->get_input('usertitle') != '')
 272          {
 273              $user['usertitle'] = $mybb->get_input('usertitle');
 274          }
 275          elseif(!empty($mybb->input['reverttitle']))
 276          {
 277              $user['usertitle'] = '';
 278          }
 279      }
 280      $userhandler->set_data($user);
 281  
 282      if(!$userhandler->validate_user())
 283      {
 284          $errors = $userhandler->get_friendly_errors();
 285          $raw_errors = $userhandler->get_errors();
 286  
 287          // Set to stored value if invalid
 288          if(array_key_exists("invalid_birthday_privacy", $raw_errors) || array_key_exists("conflicted_birthday_privacy", $raw_errors))
 289          {
 290              $mybb->input['birthdayprivacy'] = $mybb->user['birthdayprivacy'];
 291              $bday = explode("-", $mybb->user['birthday']);
 292  
 293              if(isset($bday[2]))
 294              {
 295                  $mybb->input['bday3'] = $bday[2];
 296              }
 297          }
 298  
 299          $errors = inline_error($errors);
 300          $mybb->input['action'] = "profile";
 301      }
 302      else
 303      {
 304          $userhandler->update_user();
 305  
 306          $plugins->run_hooks("usercp_do_profile_end");
 307          redirect("usercp.php?action=profile", $lang->redirect_profileupdated);
 308      }
 309  }
 310  
 311  if($mybb->input['action'] == "profile")
 312  {
 313      if($errors)
 314      {
 315          $user = $mybb->input;
 316          $bday = array();
 317          $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 318          $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 319          $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 320      }
 321      else
 322      {
 323          $user = $mybb->user;
 324          $bday = explode("-", $user['birthday']);
 325          if(!isset($bday[1]))
 326          {
 327              $bday[1] = 0;
 328          }
 329      }
 330      if(!isset($bday[2]) || $bday[2] == 0)
 331      {
 332          $bday[2] = '';
 333      }
 334  
 335      $plugins->run_hooks("usercp_profile_start");
 336  
 337      $bdaydaysel = '';
 338      for($day = 1; $day <= 31; ++$day)
 339      {
 340          if($bday[0] == $day)
 341          {
 342              $selected = "selected=\"selected\"";
 343          }
 344          else
 345          {
 346              $selected = '';
 347          }
 348  
 349          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
 350      }
 351  
 352      $bdaymonthsel = array();
 353      foreach(range(1, 12) as $month)
 354      {
 355          $bdaymonthsel[$month] = '';
 356      }
 357      $bdaymonthsel[$bday[1]] = 'selected="selected"';
 358  
 359      $allselected = $noneselected = $ageselected = '';
 360      if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy'])
 361      {
 362          $allselected = " selected=\"selected\"";
 363      }
 364      elseif($user['birthdayprivacy'] == 'none')
 365      {
 366          $noneselected = " selected=\"selected\"";
 367      }
 368      elseif($user['birthdayprivacy'] == 'age')
 369      {
 370          $ageselected = " selected=\"selected\"";
 371      }
 372  
 373      if(!my_validate_url($user['website']))
 374      {
 375          $user['website'] = '';
 376      }
 377      else
 378      {
 379          $user['website'] = htmlspecialchars_uni($user['website']);
 380      }
 381  
 382      if($user['icq'] != "0")
 383      {
 384          $user['icq'] = (int)$user['icq'];
 385      }
 386  
 387      if($user['icq'] == 0)
 388      {
 389          $user['icq'] = '';
 390      }
 391  
 392      if($errors)
 393      {
 394          $user['skype'] = htmlspecialchars_uni($user['skype']);
 395          $user['google'] = htmlspecialchars_uni($user['google']);
 396      }
 397  
 398      $contact_fields = array();
 399      $contactfields = '';
 400      $cfieldsshow = false;
 401  
 402      foreach(array('icq', 'skype', 'google') as $cfield)
 403      {
 404          $contact_fields[$cfield] = '';
 405          $csetting = 'allow'.$cfield.'field';
 406          if($mybb->settings[$csetting] == '')
 407          {
 408              continue;
 409          }
 410  
 411          if(!is_member($mybb->settings[$csetting]))
 412          {
 413              continue;
 414          }
 415  
 416          $cfieldsshow = true;
 417  
 418          $lang_string = 'contact_field_'.$cfield;
 419          $lang_string = $lang->{$lang_string};
 420          $cfvalue = htmlspecialchars_uni($user[$cfield]);
 421  
 422          eval('$contact_fields[$cfield] = "'.$templates->get('usercp_profile_contact_fields_field').'";');
 423      }
 424  
 425      if($cfieldsshow)
 426      {
 427          eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";');
 428      }
 429  
 430      if($mybb->settings['allowaway'] != 0)
 431      {
 432          $awaycheck = array('', '');
 433          if($errors)
 434          {
 435              if($user['away'] == 1)
 436              {
 437                  $awaycheck[1] = "checked=\"checked\"";
 438              }
 439              else
 440              {
 441                  $awaycheck[0] = "checked=\"checked\"";
 442              }
 443              $returndate = array();
 444              $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT);
 445              $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT);
 446              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
 447              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
 448          }
 449          else
 450          {
 451              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
 452              if($mybb->user['away'] == 1)
 453              {
 454                  $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
 455                  $awaycheck[1] = "checked=\"checked\"";
 456                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
 457              }
 458              else
 459              {
 460                  $awaynotice = $lang->away_notice;
 461                  $awaycheck[0] = "checked=\"checked\"";
 462              }
 463              $returndate = explode("-", $mybb->user['returndate']);
 464              if(!isset($returndate[1]))
 465              {
 466                  $returndate[1] = 0;
 467              }
 468              if(!isset($returndate[2]))
 469              {
 470                  $returndate[2] = '';
 471              }
 472          }
 473  
 474          $returndatesel = '';
 475          for($day = 1; $day <= 31; ++$day)
 476          {
 477              if($returndate[0] == $day)
 478              {
 479                  $selected = "selected=\"selected\"";
 480              }
 481              else
 482              {
 483                  $selected = '';
 484              }
 485  
 486              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
 487          }
 488  
 489          $returndatemonthsel = array();
 490          foreach(range(1, 12) as $month)
 491          {
 492              $returndatemonthsel[$month] = '';
 493          }
 494          $returndatemonthsel[$returndate[1]] = "selected";
 495  
 496          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
 497      }
 498  
 499      // Custom profile fields baby!
 500      $altbg = "trow1";
 501      $requiredfields = $customfields = '';
 502      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 503  
 504      $pfcache = $cache->read('profilefields');
 505  
 506      if(is_array($pfcache))
 507      {
 508          foreach($pfcache as $profilefield)
 509          {
 510              if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum']))
 511              {
 512                  continue;
 513              }
 514  
 515              $userfield = $code = $select = $val = $options = $expoptions = $useropts = '';
 516              $seloptions = array();
 517              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 518              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 519              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 520              $thing = explode("\n", $profilefield['type'], "2");
 521              $type = $thing[0];
 522              if(isset($thing[1]))
 523              {
 524                  $options = $thing[1];
 525              }
 526              else
 527              {
 528                  $options = array();
 529              }
 530              $field = "fid{$profilefield['fid']}";
 531              if($errors)
 532              {
 533                  if(!isset($mybb->input['profile_fields'][$field]))
 534                  {
 535                      $mybb->input['profile_fields'][$field] = '';
 536                  }
 537                  $userfield = $mybb->input['profile_fields'][$field];
 538              }
 539              else
 540              {
 541                  $userfield = $user[$field];
 542              }
 543              if($type == "multiselect")
 544              {
 545                  if($errors)
 546                  {
 547                      $useropts = $userfield;
 548                  }
 549                  else
 550                  {
 551                      $useropts = explode("\n", $userfield);
 552                  }
 553                  if(is_array($useropts))
 554                  {
 555                      foreach($useropts as $key => $val)
 556                      {
 557                          $val = htmlspecialchars_uni($val);
 558                          $seloptions[$val] = $val;
 559                      }
 560                  }
 561                  $expoptions = explode("\n", $options);
 562                  if(is_array($expoptions))
 563                  {
 564                      foreach($expoptions as $key => $val)
 565                      {
 566                          $val = trim($val);
 567                          $val = str_replace("\n", "\\n", $val);
 568  
 569                          $sel = "";
 570                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 571                          {
 572                              $sel = " selected=\"selected\"";
 573                          }
 574  
 575                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 576                      }
 577                      if(!$profilefield['length'])
 578                      {
 579                          $profilefield['length'] = 3;
 580                      }
 581  
 582                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 583                  }
 584              }
 585              elseif($type == "select")
 586              {
 587                  $expoptions = explode("\n", $options);
 588                  if(is_array($expoptions))
 589                  {
 590                      foreach($expoptions as $key => $val)
 591                      {
 592                          $val = trim($val);
 593                          $val = str_replace("\n", "\\n", $val);
 594                          $sel = "";
 595                          if($val == htmlspecialchars_uni($userfield))
 596                          {
 597                              $sel = " selected=\"selected\"";
 598                          }
 599  
 600                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 601                      }
 602                      if(!$profilefield['length'])
 603                      {
 604                          $profilefield['length'] = 1;
 605                      }
 606  
 607                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 608                  }
 609              }
 610              elseif($type == "radio")
 611              {
 612                  $userfield = htmlspecialchars_uni($userfield);
 613                  $expoptions = explode("\n", $options);
 614                  if(is_array($expoptions))
 615                  {
 616                      foreach($expoptions as $key => $val)
 617                      {
 618                          $checked = "";
 619                          if($val == $userfield)
 620                          {
 621                              $checked = " checked=\"checked\"";
 622                          }
 623  
 624                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 625                      }
 626                  }
 627              }
 628              elseif($type == "checkbox")
 629              {
 630                  $userfield = htmlspecialchars_uni($userfield);
 631                  if($errors)
 632                  {
 633                      $useropts = $userfield;
 634                  }
 635                  else
 636                  {
 637                      $useropts = explode("\n", $userfield);
 638                  }
 639                  if(is_array($useropts))
 640                  {
 641                      foreach($useropts as $key => $val)
 642                      {
 643                          $seloptions[$val] = $val;
 644                      }
 645                  }
 646                  $expoptions = explode("\n", $options);
 647                  if(is_array($expoptions))
 648                  {
 649                      foreach($expoptions as $key => $val)
 650                      {
 651                          $checked = "";
 652                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 653                          {
 654                              $checked = " checked=\"checked\"";
 655                          }
 656  
 657                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
 658                      }
 659                  }
 660              }
 661              elseif($type == "textarea")
 662              {
 663                  $value = htmlspecialchars_uni($userfield);
 664                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
 665              }
 666              else
 667              {
 668                  $value = htmlspecialchars_uni($userfield);
 669                  $maxlength = "";
 670                  if($profilefield['maxlength'] > 0)
 671                  {
 672                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
 673                  }
 674  
 675                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
 676              }
 677  
 678              if($profilefield['required'] == 1)
 679              {
 680                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 681              }
 682              else
 683              {
 684                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 685              }
 686              $altbg = alt_trow();
 687          }
 688      }
 689      if($customfields)
 690      {
 691          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
 692      }
 693  
 694      if($mybb->usergroup['cancustomtitle'] == 1)
 695      {
 696          if($mybb->usergroup['usertitle'] == "")
 697          {
 698              $defaulttitle = '';
 699              $usertitles = $cache->read('usertitles');
 700  
 701              foreach($usertitles as $title)
 702              {
 703                  if($title['posts'] <= $mybb->user['postnum'])
 704                  {
 705                      $defaulttitle = htmlspecialchars_uni($title['title']);
 706                      break;
 707                  }
 708              }
 709          }
 710          else
 711          {
 712              $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']);
 713          }
 714  
 715          $newtitle = '';
 716          if(trim($user['usertitle']) == '')
 717          {
 718              $lang->current_custom_usertitle = '';
 719          }
 720          else
 721          {
 722              if($errors)
 723              {
 724                  $newtitle = htmlspecialchars_uni($user['usertitle']);
 725                  $user['usertitle'] = $mybb->user['usertitle'];
 726              }
 727          }
 728  
 729          $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
 730  
 731          $currentcustom = $reverttitle = '';
 732          if(!empty($mybb->user['usertitle']))
 733          {
 734              eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";");
 735  
 736              if($mybb->user['usertitle'] != $mybb->usergroup['usertitle'])
 737              {
 738                  eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";");
 739              }
 740          }
 741  
 742          eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";");
 743      }
 744      else
 745      {
 746          $customtitle = "";
 747      }
 748  
 749      if($mybb->usergroup['canchangewebsite'] == 1)
 750      {
 751          eval("\$website = \"".$templates->get("usercp_profile_website")."\";");
 752      }
 753  
 754      $plugins->run_hooks("usercp_profile_end");
 755  
 756      eval("\$editprofile = \"".$templates->get("usercp_profile")."\";");
 757      output_page($editprofile);
 758  }
 759  
 760  if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
 761  {
 762      // Verify incoming POST request
 763      verify_post_check($mybb->get_input('my_post_key'));
 764  
 765      $user = array();
 766  
 767      $plugins->run_hooks("usercp_do_options_start");
 768  
 769      // Set up user handler.
 770      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 771      $userhandler = new UserDataHandler("update");
 772  
 773      $user = array_merge($user, array(
 774          "uid" => $mybb->user['uid'],
 775          "style" => $mybb->get_input('style', MyBB::INPUT_INT),
 776          "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
 777          "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
 778          "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')),
 779          "language" => $mybb->get_input('language'),
 780          'usergroup'    => $mybb->user['usergroup'],
 781          'additionalgroups'    => $mybb->user['additionalgroups']
 782      ));
 783  
 784      $user['options'] = array(
 785          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 786          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 787          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 788          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 789          "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT),
 790          "threadmode" => $mybb->get_input('threadmode'),
 791          "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT),
 792          "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT),
 793          "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT),
 794          "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT),
 795          "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT),
 796          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 797          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 798          "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT),
 799          "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT),
 800          "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT),
 801          "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT),
 802          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 803          "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT),
 804          "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT),
 805          "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT),
 806          "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT)
 807      );
 808  
 809      if($mybb->settings['usertppoptions'])
 810      {
 811          $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
 812      }
 813  
 814      if($mybb->settings['userpppoptions'])
 815      {
 816          $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
 817      }
 818  
 819      $userhandler->set_data($user);
 820  
 821      if(!$userhandler->validate_user())
 822      {
 823          $errors = $userhandler->get_friendly_errors();
 824          $errors = inline_error($errors);
 825          $mybb->input['action'] = "options";
 826      }
 827      else
 828      {
 829          $userhandler->update_user();
 830  
 831          $plugins->run_hooks("usercp_do_options_end");
 832  
 833          redirect("usercp.php?action=options", $lang->redirect_optionsupdated);
 834      }
 835  }
 836  
 837  if($mybb->input['action'] == "options")
 838  {
 839      if($errors != '')
 840      {
 841          $user = $mybb->input;
 842      }
 843      else
 844      {
 845          $user = $mybb->user;
 846      }
 847  
 848      $plugins->run_hooks("usercp_options_start");
 849  
 850      $languages = $lang->get_languages();
 851      $board_language = $langoptions = '';
 852      if(count($languages) > 1)
 853      {
 854          foreach($languages as $name => $language)
 855          {
 856              $language = htmlspecialchars_uni($language);
 857  
 858              $sel = '';
 859              if(isset($user['language']) && $user['language'] == $name)
 860              {
 861                  $sel = " selected=\"selected\"";
 862              }
 863  
 864              eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
 865          }
 866  
 867          eval('$board_language = "'.$templates->get('usercp_options_language').'";');
 868      }
 869  
 870      // Lets work out which options the user has selected and check the boxes
 871      if(isset($user['allownotices']) && $user['allownotices'] == 1)
 872      {
 873          $allownoticescheck = "checked=\"checked\"";
 874      }
 875      else
 876      {
 877          $allownoticescheck = "";
 878      }
 879  
 880      $canbeinvisible = '';
 881  
 882      // Check usergroup permission before showing invisible check box
 883      if($mybb->usergroup['canbeinvisible'] == 1)
 884      {
 885          if(isset($user['invisible']) && $user['invisible'] == 1)
 886          {
 887              $invisiblecheck = "checked=\"checked\"";
 888          }
 889          else
 890          {
 891              $invisiblecheck = "";
 892          }
 893          eval('$canbeinvisible = "'.$templates->get("usercp_options_invisible")."\";");
 894      }
 895  
 896      if(isset($user['hideemail']) && $user['hideemail'] == 1)
 897      {
 898          $hideemailcheck = "checked=\"checked\"";
 899      }
 900      else
 901      {
 902          $hideemailcheck = "";
 903      }
 904  
 905      $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 906      if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1)
 907      {
 908          $no_subscribe_selected = "selected=\"selected\"";
 909      }
 910      elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2)
 911      {
 912          $instant_email_subscribe_selected = "selected=\"selected\"";
 913      }
 914      elseif(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3)
 915      {
 916          $instant_pm_subscribe_selected = "selected=\"selected\"";
 917      }
 918      else
 919      {
 920          $no_auto_subscribe_selected = "selected=\"selected\"";
 921      }
 922  
 923      if(isset($user['showimages']) && $user['showimages'] == 1)
 924      {
 925          $showimagescheck = "checked=\"checked\"";
 926      }
 927      else
 928      {
 929          $showimagescheck = "";
 930      }
 931  
 932      if(isset($user['showvideos']) && $user['showvideos'] == 1)
 933      {
 934          $showvideoscheck = "checked=\"checked\"";
 935      }
 936      else
 937      {
 938          $showvideoscheck = "";
 939      }
 940  
 941      if(isset($user['showsigs']) && $user['showsigs'] == 1)
 942      {
 943          $showsigscheck = "checked=\"checked\"";
 944      }
 945      else
 946      {
 947          $showsigscheck = "";
 948      }
 949  
 950      if(isset($user['showavatars']) && $user['showavatars'] == 1)
 951      {
 952          $showavatarscheck = "checked=\"checked\"";
 953      }
 954      else
 955      {
 956          $showavatarscheck = "";
 957      }
 958  
 959      if(isset($user['showquickreply']) && $user['showquickreply'] == 1)
 960      {
 961          $showquickreplycheck = "checked=\"checked\"";
 962      }
 963      else
 964      {
 965          $showquickreplycheck = "";
 966      }
 967  
 968      if(isset($user['receivepms']) && $user['receivepms'] == 1)
 969      {
 970          $receivepmscheck = "checked=\"checked\"";
 971      }
 972      else
 973      {
 974          $receivepmscheck = "";
 975      }
 976  
 977      if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1)
 978      {
 979          $receivefrombuddycheck = "checked=\"checked\"";
 980      }
 981      else
 982      {
 983          $receivefrombuddycheck = "";
 984      }
 985  
 986      if(isset($user['pmnotice']) && $user['pmnotice'] >= 1)
 987      {
 988          $pmnoticecheck = " checked=\"checked\"";
 989      }
 990      else
 991      {
 992          $pmnoticecheck = "";
 993      }
 994  
 995      $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 996      if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2)
 997      {
 998          $dst_auto_selected = "selected=\"selected\"";
 999      }
1000      elseif(isset($user['dstcorrection']) && $user['dstcorrection'] == 1)
1001      {
1002          $dst_enabled_selected = "selected=\"selected\"";
1003      }
1004      else
1005      {
1006          $dst_disabled_selected = "selected=\"selected\"";
1007      }
1008  
1009      if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1)
1010      {
1011          $showcodebuttonscheck = "checked=\"checked\"";
1012      }
1013      else
1014      {
1015          $showcodebuttonscheck = "";
1016      }
1017  
1018      if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1)
1019      {
1020          $sourcemodecheck = "checked=\"checked\"";
1021      }
1022      else
1023      {
1024          $sourcemodecheck = "";
1025      }
1026  
1027      if(isset($user['showredirect']) && $user['showredirect'] != 0)
1028      {
1029          $showredirectcheck = "checked=\"checked\"";
1030      }
1031      else
1032      {
1033          $showredirectcheck = "";
1034      }
1035  
1036      if(isset($user['pmnotify']) && $user['pmnotify'] != 0)
1037      {
1038          $pmnotifycheck = "checked=\"checked\"";
1039      }
1040      else
1041      {
1042          $pmnotifycheck = '';
1043      }
1044  
1045      if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0)
1046      {
1047          $buddyrequestspmcheck = "checked=\"checked\"";
1048      }
1049      else
1050      {
1051          $buddyrequestspmcheck = '';
1052      }
1053  
1054      if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0)
1055      {
1056          $buddyrequestsautocheck = "checked=\"checked\"";
1057      }
1058      else
1059      {
1060          $buddyrequestsautocheck = '';
1061      }
1062  
1063      if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear"))
1064      {
1065          $user['threadmode'] = ''; // Leave blank to show default
1066      }
1067  
1068      if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0)
1069      {
1070          $classicpostbitcheck = "checked=\"checked\"";
1071      }
1072      else
1073      {
1074          $classicpostbitcheck = '';
1075      }
1076  
1077      $date_format_options = $dateformat = '';
1078      foreach($date_formats as $key => $format)
1079      {
1080          $selected = '';
1081          if(isset($user['dateformat']) && $user['dateformat'] == $key)
1082          {
1083              $selected = " selected=\"selected\"";
1084          }
1085  
1086          $dateformat = my_date($format, TIME_NOW, "", 0);
1087          eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";");
1088      }
1089  
1090      $time_format_options = $timeformat = '';
1091      foreach($time_formats as $key => $format)
1092      {
1093          $selected = '';
1094          if(isset($user['timeformat']) && $user['timeformat'] == $key)
1095          {
1096              $selected = " selected=\"selected\"";
1097          }
1098  
1099          $timeformat = my_date($format, TIME_NOW, "", 0);
1100          eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";");
1101      }
1102  
1103      $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true);
1104  
1105      $pms_from_buddys = '';
1106      if($mybb->settings['allowbuddyonly'] == 1)
1107      {
1108          eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";");
1109      }
1110  
1111      $pms = '';
1112      if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1)
1113      {
1114          eval("\$pms = \"".$templates->get("usercp_options_pms")."\";");
1115      }
1116  
1117      $quick_reply = '';
1118      if($mybb->settings['quickreply'] == 1)
1119      {
1120          eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";");
1121      }
1122  
1123      $threadview = array('linear' => '', 'threaded' => '');
1124      if(isset($user['threadmode']) && is_scalar($user['threadmode']))
1125      {
1126          $threadview[$user['threadmode']] = 'selected="selected"';
1127      }
1128      $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => '');
1129      if(isset($user['daysprune']) && is_numeric($user['daysprune']))
1130      {
1131          $daysprunesel[$user['daysprune']] = 'selected="selected"';
1132      }
1133      if(!isset($user['style']))
1134      {
1135          $user['style'] = '';
1136      }
1137  
1138      $board_style = $stylelist = '';
1139      $stylelist = build_theme_select("style", $user['style']);
1140  
1141      if(!empty($stylelist))
1142      {
1143          eval('$board_style = "'.$templates->get('usercp_options_style').'";');
1144      }
1145  
1146      $tppselect = $pppselect = '';
1147      if($mybb->settings['usertppoptions'])
1148      {
1149          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1150          $tppoptions = $tpp_option = '';
1151          if(is_array($explodedtpp))
1152          {
1153              foreach($explodedtpp as $key => $val)
1154              {
1155                  $val = trim($val);
1156                  $selected = "";
1157                  if(isset($user['tpp']) && $user['tpp'] == $val)
1158                  {
1159                      $selected = " selected=\"selected\"";
1160                  }
1161  
1162                  $tpp_option = $lang->sprintf($lang->tpp_option, $val);
1163                  eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
1164              }
1165          }
1166          eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
1167      }
1168  
1169      if($mybb->settings['userpppoptions'])
1170      {
1171          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1172          $pppoptions = $ppp_option = '';
1173          if(is_array($explodedppp))
1174          {
1175              foreach($explodedppp as $key => $val)
1176              {
1177                  $val = trim($val);
1178                  $selected = "";
1179                  if(isset($user['ppp']) && $user['ppp'] == $val)
1180                  {
1181                      $selected = " selected=\"selected\"";
1182                  }
1183  
1184                  $ppp_option = $lang->sprintf($lang->ppp_option, $val);
1185                  eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
1186              }
1187          }
1188          eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
1189      }
1190  
1191      $plugins->run_hooks("usercp_options_end");
1192  
1193      eval("\$editprofile = \"".$templates->get("usercp_options")."\";");
1194      output_page($editprofile);
1195  }
1196  
1197  if($mybb->input['action'] == "do_email" && $mybb->request_method == "post")
1198  {
1199      // Verify incoming POST request
1200      verify_post_check($mybb->get_input('my_post_key'));
1201  
1202      $errors = array();
1203  
1204      $plugins->run_hooks("usercp_do_email_start");
1205      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1206      {
1207          $errors[] = $lang->error_invalidpassword;
1208      }
1209      else
1210      {
1211          // Set up user handler.
1212          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1213          $userhandler = new UserDataHandler("update");
1214  
1215          $user = array(
1216              "uid" => $mybb->user['uid'],
1217              "email" => $mybb->get_input('email'),
1218              "email2" => $mybb->get_input('email2')
1219          );
1220  
1221          $userhandler->set_data($user);
1222  
1223          if(!$userhandler->validate_user())
1224          {
1225              $errors = $userhandler->get_friendly_errors();
1226          }
1227          else
1228          {
1229              $activation = false;
1230              // Checking for pending activations for non-activated accounts
1231              if($mybb->user['usergroup'] == 5 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both"))
1232              {
1233                  $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND (type='r' OR type='b')");
1234                  $activation = $db->fetch_array($query);
1235              }
1236              if($activation)
1237              {
1238                  $userhandler->update_user();
1239  
1240                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1241  
1242                  // Send new activation mail for non-activated accounts
1243                  $activationcode = random_str();
1244                  $activationarray = array(
1245                      "uid" => $mybb->user['uid'],
1246                      "dateline" => TIME_NOW,
1247                      "code" => $activationcode,
1248                      "type" => $activation['type']
1249                  );
1250                  $db->insert_query("awaitingactivation", $activationarray);
1251                  $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1252                  switch($mybb->settings['username_method'])
1253                  {
1254                      case 0:
1255                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1256                          break;
1257                      case 1:
1258                          $emailmessage = $lang->sprintf($lang->email_activateaccount1, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1259                          break;
1260                      case 2:
1261                          $emailmessage = $lang->sprintf($lang->email_activateaccount2, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1262                          break;
1263                      default:
1264                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $mybb->user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->user['uid'], $activationcode);
1265                          break;
1266                  }
1267                  my_mail($mybb->user['email'], $emailsubject, $emailmessage);
1268  
1269                  $plugins->run_hooks("usercp_do_email_changed");
1270                  redirect("usercp.php?action=email", $lang->redirect_emailupdated);
1271              }
1272              elseif($mybb->usergroup['cancp'] != 1 && ($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "both"))
1273              {
1274                  $uid = $mybb->user['uid'];
1275                  $username = $mybb->user['username'];
1276  
1277                  // Emails require verification
1278                  $activationcode = random_str();
1279                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1280  
1281                  $newactivation = array(
1282                      "uid" => $mybb->user['uid'],
1283                      "dateline" => TIME_NOW,
1284                      "code" => $activationcode,
1285                      "type" => "e",
1286                      "misc" => $db->escape_string($mybb->get_input('email'))
1287                  );
1288  
1289                  $db->insert_query("awaitingactivation", $newactivation);
1290  
1291                  $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
1292  
1293                  $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
1294                  my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message);
1295  
1296                  $plugins->run_hooks("usercp_do_email_verify");
1297                  error($lang->redirect_changeemail_activation);
1298              }
1299              else
1300              {
1301                  $userhandler->update_user();
1302                  // Email requires no activation
1303                  $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']);
1304                  my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message);
1305                  $plugins->run_hooks("usercp_do_email_changed");
1306                  redirect("usercp.php?action=email", $lang->redirect_emailupdated);
1307              }
1308          }
1309      }
1310      if(count($errors) > 0)
1311      {
1312          $mybb->input['action'] = "email";
1313          $errors = inline_error($errors);
1314      }
1315  }
1316  
1317  if($mybb->input['action'] == "email")
1318  {
1319      // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password)
1320      if($errors)
1321      {
1322          $email = htmlspecialchars_uni($mybb->get_input('email'));
1323          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
1324      }
1325      else
1326      {
1327          $email = $email2 = '';
1328      }
1329  
1330      $plugins->run_hooks("usercp_email");
1331  
1332      eval("\$changemail = \"".$templates->get("usercp_email")."\";");
1333      output_page($changemail);
1334  }
1335  
1336  if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
1337  {
1338      // Verify incoming POST request
1339      verify_post_check($mybb->get_input('my_post_key'));
1340  
1341      $user = array();
1342      $errors = array();
1343  
1344      $plugins->run_hooks("usercp_do_password_start");
1345      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false)
1346      {
1347          $errors[] = $lang->error_invalidpassword;
1348      }
1349      else
1350      {
1351          // Set up user handler.
1352          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1353          $userhandler = new UserDataHandler("update");
1354  
1355          $user = array_merge($user, array(
1356              "uid" => $mybb->user['uid'],
1357              "password" => $mybb->get_input('password'),
1358              "password2" => $mybb->get_input('password2')
1359          ));
1360  
1361          $userhandler->set_data($user);
1362  
1363          if(!$userhandler->validate_user())
1364          {
1365              $errors = $userhandler->get_friendly_errors();
1366          }
1367          else
1368          {
1369              $userhandler->update_user();
1370              my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true, "lax");
1371  
1372              // Notify the user by email that their password has been changed
1373              $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']);
1374              $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']);
1375              my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message);
1376  
1377              $plugins->run_hooks("usercp_do_password_end");
1378              redirect("usercp.php?action=password", $lang->redirect_passwordupdated);
1379          }
1380      }
1381      if(count($errors) > 0)
1382      {
1383              $mybb->input['action'] = "password";
1384              $errors = inline_error($errors);
1385      }
1386  }
1387  
1388  if($mybb->input['action'] == "password")
1389  {
1390      $plugins->run_hooks("usercp_password");
1391  
1392      eval("\$editpassword = \"".$templates->get("usercp_password")."\";");
1393      output_page($editpassword);
1394  }
1395  
1396  if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post")
1397  {
1398      // Verify incoming POST request
1399      verify_post_check($mybb->get_input('my_post_key'));
1400  
1401      $errors = array();
1402  
1403      if($mybb->usergroup['canchangename'] != 1)
1404      {
1405          error_no_permission();
1406      }
1407  
1408      $user = array();
1409  
1410      $plugins->run_hooks("usercp_do_changename_start");
1411  
1412      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1413      {
1414          $errors[] = $lang->error_invalidpassword;
1415      }
1416      else
1417      {
1418          // Set up user handler.
1419          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1420          $userhandler = new UserDataHandler("update");
1421  
1422          $user = array_merge($user, array(
1423              "uid" => $mybb->user['uid'],
1424              "username" => $mybb->get_input('username')
1425          ));
1426  
1427          $userhandler->set_data($user);
1428  
1429          if(!$userhandler->validate_user())
1430          {
1431              $errors = $userhandler->get_friendly_errors();
1432          }
1433          else
1434          {
1435              $userhandler->update_user();
1436              $plugins->run_hooks("usercp_do_changename_end");
1437              redirect("usercp.php?action=changename", $lang->redirect_namechanged);
1438          }
1439      }
1440      if(count($errors) > 0)
1441      {
1442          $errors = inline_error($errors);
1443          $mybb->input['action'] = "changename";
1444      }
1445  }
1446  
1447  if($mybb->input['action'] == "changename")
1448  {
1449      $plugins->run_hooks("usercp_changename_start");
1450      if($mybb->usergroup['canchangename'] != 1)
1451      {
1452          error_no_permission();
1453      }
1454  
1455      // Coming back to this page after one or more errors were experienced, show field the user previously entered (with the exception of the password)
1456      if($errors)
1457      {
1458          $username = htmlspecialchars_uni($mybb->get_input('username'));
1459      }
1460      else
1461      {
1462          $username = '';
1463      }
1464  
1465      $plugins->run_hooks("usercp_changename_end");
1466  
1467      eval("\$changename = \"".$templates->get("usercp_changename")."\";");
1468      output_page($changename);
1469  }
1470  
1471  if($mybb->input['action'] == "do_subscriptions")
1472  {
1473      // Verify incoming POST request
1474      verify_post_check($mybb->get_input('my_post_key'));
1475  
1476      if(!isset($mybb->input['check']) || !is_array($mybb->input['check']))
1477      {
1478          error($lang->no_subscriptions_selected);
1479      }
1480  
1481      $plugins->run_hooks("usercp_do_subscriptions_start");
1482  
1483      // Clean input - only accept integers thanks!
1484      $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY));
1485      $tids = implode(",", $mybb->input['check']);
1486  
1487      // Deleting these subscriptions?
1488      if($mybb->get_input('do') == "delete")
1489      {
1490          $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1491      }
1492      // Changing subscription type
1493      else
1494      {
1495          if($mybb->get_input('do') == "no_notification")
1496          {
1497              $new_notification = 0;
1498          }
1499          elseif($mybb->get_input('do') == "email_notification")
1500          {
1501              $new_notification = 1;
1502          }
1503          elseif($mybb->get_input('do') == "pm_notification")
1504          {
1505              $new_notification = 2;
1506          }
1507  
1508          // Update
1509          $update_array = array("notification" => $new_notification);
1510          $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1511      }
1512  
1513      // Done, redirect
1514      redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated);
1515  }
1516  
1517  if($mybb->input['action'] == "subscriptions")
1518  {
1519      $plugins->run_hooks("usercp_subscriptions_start");
1520  
1521      // Thread visiblity
1522      $where = array(
1523          "s.uid={$mybb->user['uid']}",
1524          get_visible_where('t')
1525      );
1526  
1527      if($unviewable_forums = get_unviewable_forums(true))
1528      {
1529          $where[] = "t.fid NOT IN ({$unviewable_forums})";
1530      }
1531  
1532      if($inactive_forums = get_inactive_forums())
1533      {
1534          $where[] = "t.fid NOT IN ({$inactive_forums})";
1535      }
1536  
1537      $where = implode(' AND ', $where);
1538  
1539      // Do Multi Pages
1540      $query = $db->query("
1541          SELECT COUNT(s.tid) as threads
1542          FROM ".TABLE_PREFIX."threadsubscriptions s
1543          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = s.tid)
1544          WHERE {$where}
1545      ");
1546      $threadcount = $db->fetch_field($query, "threads");
1547  
1548      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
1549      {
1550          $mybb->settings['threadsperpage'] = 20;
1551      }
1552  
1553      $perpage = $mybb->settings['threadsperpage'];
1554      $page = $mybb->get_input('page', MyBB::INPUT_INT);
1555      if($page > 0)
1556      {
1557          $start = ($page-1) * $perpage;
1558          $pages = $threadcount / $perpage;
1559          $pages = ceil($pages);
1560          if($page > $pages || $page <= 0)
1561          {
1562              $start = 0;
1563              $page = 1;
1564          }
1565      }
1566      else
1567      {
1568          $start = 0;
1569          $page = 1;
1570      }
1571      $end = $start + $perpage;
1572      $lower = $start+1;
1573      $upper = $end;
1574      if($upper > $threadcount)
1575      {
1576          $upper = $threadcount;
1577      }
1578      $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions");
1579      $fpermissions = forum_permissions();
1580      $del_subscriptions = $subscriptions = array();
1581  
1582      // Fetch subscriptions
1583      $query = $db->query("
1584          SELECT s.*, t.*, t.username AS threadusername, u.username
1585          FROM ".TABLE_PREFIX."threadsubscriptions s
1586          LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
1587          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
1588          WHERE {$where}
1589          ORDER BY t.lastpost DESC
1590          LIMIT $start, $perpage
1591      ");
1592      while($subscription = $db->fetch_array($query))
1593      {
1594          $forumpermissions = $fpermissions[$subscription['fid']];
1595  
1596          if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid'])
1597          {
1598              // Hmm, you don't have permission to view this thread - unsubscribe!
1599              $del_subscriptions[] = $subscription['sid'];
1600          }
1601          elseif($subscription['tid'])
1602          {
1603              $subscriptions[$subscription['tid']] = $subscription;
1604          }
1605      }
1606  
1607      if(!empty($del_subscriptions))
1608      {
1609          $sids = implode(',', $del_subscriptions);
1610  
1611          if($sids)
1612          {
1613              $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'");
1614          }
1615  
1616          $threadcount = $threadcount - count($del_subscriptions);
1617  
1618          if($threadcount < 0)
1619          {
1620              $threadcount = 0;
1621          }
1622      }
1623  
1624      if(!empty($subscriptions))
1625      {
1626          $tids = implode(",", array_keys($subscriptions));
1627          $readforums = array();
1628  
1629          // Build a forum cache.
1630          $query = $db->query("
1631              SELECT f.fid, fr.dateline AS lastread
1632              FROM ".TABLE_PREFIX."forums f
1633              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1634              WHERE f.active != 0
1635              ORDER BY pid, disporder
1636          ");
1637  
1638          while($forum = $db->fetch_array($query))
1639          {
1640              $readforums[$forum['fid']] = $forum['lastread'];
1641          }
1642  
1643          // Check participation by the current user in any of these threads - for 'dot' folder icons
1644          if($mybb->settings['dotfolders'] != 0)
1645          {
1646              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1647              while($post = $db->fetch_array($query))
1648              {
1649                  $subscriptions[$post['tid']]['doticon'] = 1;
1650              }
1651          }
1652  
1653          // Read threads
1654          if($mybb->settings['threadreadcut'] > 0)
1655          {
1656              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1657              while($readthread = $db->fetch_array($query))
1658              {
1659                  $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
1660              }
1661          }
1662  
1663          $icon_cache = $cache->read("posticons");
1664          $threadprefixes = build_prefixes();
1665  
1666          $threads = '';
1667  
1668          // Now we can build our subscription list
1669          foreach($subscriptions as $thread)
1670          {
1671              $bgcolor = alt_trow();
1672  
1673              $folder = '';
1674              $prefix = '';
1675              $thread['threadprefix'] = '';
1676  
1677              // If this thread has a prefix, insert a space between prefix and subject
1678              if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']]))
1679              {
1680                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
1681              }
1682  
1683              // Sanitize
1684              $thread['subject'] = $parser->parse_badwords($thread['subject']);
1685              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1686  
1687              // Build our links
1688              $thread['threadlink'] = get_thread_link($thread['tid']);
1689              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
1690  
1691              // Fetch the thread icon if we have one
1692              if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
1693              {
1694                  $icon = $icon_cache[$thread['icon']];
1695                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
1696                  $icon['path'] = htmlspecialchars_uni($icon['path']);
1697                  $icon['name'] = htmlspecialchars_uni($icon['name']);
1698                  eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
1699              }
1700              else
1701              {
1702                  $icon = "&nbsp;";
1703              }
1704  
1705              // Determine the folder
1706              $folder = '';
1707              $folder_label = '';
1708  
1709              if(isset($thread['doticon']))
1710              {
1711                  $folder = "dot_";
1712                  $folder_label .= $lang->icon_dot;
1713              }
1714  
1715              $gotounread = '';
1716              $isnew = 0;
1717              $donenew = 0;
1718              $lastread = 0;
1719  
1720              if($mybb->settings['threadreadcut'] > 0)
1721              {
1722                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1723                  if(empty($readforums[$thread['fid']]) || $readforums[$thread['fid']] < $read_cutoff)
1724                  {
1725                      $forum_read = $read_cutoff;
1726                  }
1727                  else
1728                  {
1729                      $forum_read = $readforums[$thread['fid']];
1730                  }
1731              }
1732  
1733              $cutoff = 0;
1734              if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
1735              {
1736                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1737              }
1738  
1739              if($thread['lastpost'] > $cutoff)
1740              {
1741                  if(!empty($thread['lastread']))
1742                  {
1743                      $lastread = $thread['lastread'];
1744                  }
1745                  else
1746                  {
1747                      $lastread = 1;
1748                  }
1749              }
1750  
1751              if(!$lastread)
1752              {
1753                  $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
1754                  if($readcookie > $forum_read)
1755                  {
1756                      $lastread = $readcookie;
1757                  }
1758                  else
1759                  {
1760                      $lastread = $forum_read;
1761                  }
1762              }
1763  
1764              if($lastread && $lastread < $thread['lastpost'])
1765              {
1766                  $folder .= "new";
1767                  $folder_label .= $lang->icon_new;
1768                  $new_class = "subject_new";
1769                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
1770                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1771                  $unreadpost = 1;
1772              }
1773              else
1774              {
1775                  $folder_label .= $lang->icon_no_new;
1776                  $new_class = "subject_old";
1777              }
1778  
1779              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
1780              {
1781                  $folder .= "hot";
1782                  $folder_label .= $lang->icon_hot;
1783              }
1784  
1785              if($thread['closed'] == 1)
1786              {
1787                  $folder .= "close";
1788                  $folder_label .= $lang->icon_close;
1789              }
1790  
1791              $folder .= "folder";
1792  
1793              if($thread['visible'] == 0)
1794              {
1795                  $bgcolor = "trow_shaded";
1796              }
1797  
1798              // Build last post info
1799              $lastpostdate = my_date('relative', $thread['lastpost']);
1800              $lastposteruid = $thread['lastposteruid'];
1801              if(!$lastposteruid && !$thread['lastposter'])
1802              {
1803                  $lastposter = htmlspecialchars_uni($lang->guest);
1804              }
1805              else
1806              {
1807                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
1808              }
1809  
1810              // Don't link to guest's profiles (they have no profile).
1811              if($lastposteruid == 0)
1812              {
1813                  $lastposterlink = $lastposter;
1814              }
1815              else
1816              {
1817                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
1818              }
1819  
1820              $thread['replies'] = my_number_format($thread['replies']);
1821              $thread['views'] = my_number_format($thread['views']);
1822  
1823              // What kind of notification type do we have here?
1824              switch($thread['notification'])
1825              {
1826                  case "2": // PM
1827                      $notification_type = $lang->pm_notification;
1828                      break;
1829                  case "1": // Email
1830                      $notification_type = $lang->email_notification;
1831                      break;
1832                  default: // No notification
1833                      $notification_type = $lang->no_notification;
1834              }
1835  
1836              eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";");
1837          }
1838  
1839          // Provide remove options
1840          eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";");
1841      }
1842      else
1843      {
1844          $remove_options = '';
1845          eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";");
1846      }
1847  
1848      $plugins->run_hooks("usercp_subscriptions_end");
1849  
1850      eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";");
1851      output_page($subscriptions);
1852  }
1853  
1854  if($mybb->input['action'] == "forumsubscriptions")
1855  {
1856      $plugins->run_hooks("usercp_forumsubscriptions_start");
1857  
1858      // Build a forum cache.
1859      $query = $db->query("
1860          SELECT f.fid, fr.dateline AS lastread
1861          FROM ".TABLE_PREFIX."forums f
1862          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1863          WHERE f.active != 0
1864          ORDER BY pid, disporder
1865      ");
1866      $readforums = array();
1867      while($forum = $db->fetch_array($query))
1868      {
1869          $readforums[$forum['fid']] = $forum['lastread'];
1870      }
1871  
1872      $fpermissions = forum_permissions();
1873      require_once  MYBB_ROOT."inc/functions_forumlist.php";
1874  
1875      $query = $db->query("
1876          SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread
1877          FROM ".TABLE_PREFIX."forumsubscriptions fs
1878          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid)
1879          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid)
1880          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1881          WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."'
1882          ORDER BY f.name ASC
1883      ");
1884  
1885      $forums = '';
1886      while($forum = $db->fetch_array($query))
1887      {
1888          $forum_url = get_forum_link($forum['fid']);
1889          $forumpermissions = $fpermissions[$forum['fid']];
1890  
1891          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1892          {
1893              continue;
1894          }
1895  
1896          $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
1897          $folder = $lightbulb['folder'];
1898  
1899          if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0)
1900          {
1901              $posts = '-';
1902              $threads = '-';
1903          }
1904          else
1905          {
1906              $posts = my_number_format($forum['posts']);
1907              $threads = my_number_format($forum['threads']);
1908          }
1909  
1910          if($forum['lastpost'] == 0)
1911          {
1912              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";");
1913          }
1914          // Hide last post
1915          elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid'])
1916          {
1917              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";");
1918          }
1919          else
1920          {
1921              $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']);
1922              $lastpost_date = my_date('relative', $forum['lastpost']);
1923              $lastposttid = $forum['lastposttid'];
1924              if(!$forum['lastposteruid'] && !$forum['lastposter'])
1925              {
1926                  $lastposter = htmlspecialchars_uni($lang->guest);
1927              }
1928              else
1929              {
1930                  $lastposter = htmlspecialchars_uni($forum['lastposter']);
1931              }
1932              if($forum['lastposteruid'] == 0)
1933              {
1934                  $lastpost_profilelink = $lastposter;
1935              }
1936              else
1937              {
1938                  $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);
1939              }
1940              $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']);
1941              if(my_strlen($lastpost_subject) > 25)
1942              {
1943                  $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
1944              }
1945              $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost");
1946              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";");
1947          }
1948  
1949          if($mybb->settings['showdescriptions'] == 0)
1950          {
1951              $forum['description'] = "";
1952          }
1953  
1954          eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";");
1955      }
1956  
1957      if(!$forums)
1958      {
1959          eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";");
1960      }
1961  
1962      $plugins->run_hooks("usercp_forumsubscriptions_end");
1963  
1964      eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";");
1965      output_page($forumsubscriptions);
1966  }
1967  
1968  if($mybb->input['action'] == "do_addsubscription" && $mybb->get_input('type') != "forum")
1969  {
1970      // Verify incoming POST request
1971      verify_post_check($mybb->get_input('my_post_key'));
1972  
1973      $thread = get_thread($mybb->get_input('tid'));
1974      if(!$thread || $thread['visible'] == -1)
1975      {
1976          error($lang->error_invalidthread);
1977      }
1978  
1979      // Is the currently logged in user a moderator of this forum?
1980      $ismod = is_moderator($thread['fid']);
1981  
1982      // Make sure we are looking at a real thread here.
1983      if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
1984      {
1985          error($lang->error_invalidthread);
1986      }
1987  
1988      $forumpermissions = forum_permissions($thread['fid']);
1989      if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1990      {
1991          error_no_permission();
1992      }
1993  
1994      // check if the forum requires a password to view. If so, we need to show a form to the user
1995      check_forum_password($thread['fid']);
1996  
1997      // Naming of the hook retained for backward compatibility while dropping usercp2.php
1998      $plugins->run_hooks("usercp2_do_addsubscription");
1999  
2000      add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT));
2001  
2002      if($mybb->get_input('referrer'))
2003      {
2004          $mybb->input['referrer'] = $mybb->get_input('referrer');
2005  
2006          if(my_strpos($mybb->input['referrer'], $mybb->settings['bburl'].'/') !== 0)
2007          {
2008              if(my_strpos($mybb->input['referrer'], '/') === 0)
2009              {
2010                  $mybb->input['referrer'] = my_substr($mybb->input['url'], 1);
2011              }
2012              $url_segments = explode('/', $mybb->input['referrer']);
2013              $mybb->input['referrer'] = $mybb->settings['bburl'].'/'.end($url_segments);
2014          }
2015  
2016          $url = htmlspecialchars_uni($mybb->input['referrer']);
2017      }
2018      else
2019      {
2020          $url = get_thread_link($thread['tid']);
2021      }
2022      redirect($url, $lang->redirect_subscriptionadded);
2023  }
2024  
2025  if($mybb->input['action'] == "addsubscription")
2026  {
2027      // Verify incoming POST request
2028      verify_post_check($mybb->get_input('my_post_key'));
2029  
2030      if($mybb->get_input('type') == "forum")
2031      {
2032          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2033          if(!$forum)
2034          {
2035              error($lang->error_invalidforum);
2036          }
2037          $forumpermissions = forum_permissions($forum['fid']);
2038          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
2039          {
2040              error_no_permission();
2041          }
2042  
2043          // check if the forum requires a password to view. If so, we need to show a form to the user
2044          check_forum_password($forum['fid']);
2045  
2046          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2047          $plugins->run_hooks("usercp2_addsubscription_forum");
2048  
2049          add_subscribed_forum($forum['fid']);
2050          if($server_http_referer && $mybb->request_method != 'post')
2051          {
2052              $url = $server_http_referer;
2053          }
2054          else
2055          {
2056              $url = "index.php";
2057          }
2058          redirect($url, $lang->redirect_forumsubscriptionadded);
2059      }
2060      else
2061      {
2062          $thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2063          if(!$thread || $thread['visible'] == -1)
2064          {
2065              error($lang->error_invalidthread);
2066          }
2067  
2068          // Is the currently logged in user a moderator of this forum?
2069          $ismod = is_moderator($thread['fid']);
2070  
2071          // Make sure we are looking at a real thread here.
2072          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2073          {
2074              error($lang->error_invalidthread);
2075          }
2076  
2077          add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
2078          add_breadcrumb($lang->nav_addsubscription);
2079  
2080          $forumpermissions = forum_permissions($thread['fid']);
2081          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
2082          {
2083              error_no_permission();
2084          }
2085  
2086          // check if the forum requires a password to view. If so, we need to show a form to the user
2087          check_forum_password($thread['fid']);
2088  
2089          $referrer = '';
2090          if($server_http_referer)
2091          {
2092              $referrer = $server_http_referer;
2093          }
2094  
2095          require_once  MYBB_ROOT."inc/class_parser.php";
2096          $parser = new postParser;
2097          $thread['subject'] = $parser->parse_badwords($thread['subject']);
2098          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
2099          $lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']);
2100  
2101          $notification_none_checked = $notification_email_checked = $notification_pm_checked = '';
2102          if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0)
2103          {
2104              $notification_none_checked = "checked=\"checked\"";
2105          }
2106          elseif($mybb->user['subscriptionmethod'] == 2)
2107          {
2108              $notification_email_checked = "checked=\"checked\"";
2109          }
2110          elseif($mybb->user['subscriptionmethod'] == 3)
2111          {
2112              $notification_pm_checked = "checked=\"checked\"";
2113          }
2114  
2115          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2116          $plugins->run_hooks("usercp2_addsubscription_thread");
2117  
2118          eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";");
2119          output_page($add_subscription);
2120          exit;
2121      }
2122  }
2123  
2124  if($mybb->input['action'] == "removesubscription" && ($mybb->request_method == "post" || verify_post_check($mybb->get_input('my_post_key'), true)))
2125  {
2126      // Verify incoming POST request
2127      verify_post_check($mybb->get_input('my_post_key'));
2128  
2129      if($mybb->get_input('type') == "forum")
2130      {
2131          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2132          if(!$forum)
2133          {
2134              error($lang->error_invalidforum);
2135          }
2136  
2137          // check if the forum requires a password to view. If so, we need to show a form to the user
2138          check_forum_password($forum['fid']);
2139  
2140          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2141          $plugins->run_hooks("usercp2_removesubscription_forum");
2142  
2143          remove_subscribed_forum($forum['fid']);
2144          if($server_http_referer && $mybb->request_method != 'post')
2145          {
2146              $url = $server_http_referer;
2147          }
2148          else
2149          {
2150              $url = "usercp.php?action=forumsubscriptions";
2151          }
2152          redirect($url, $lang->redirect_forumsubscriptionremoved);
2153      }
2154      else
2155      {
2156          $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2157          if(!$thread)
2158          {
2159              error($lang->error_invalidthread);
2160          }
2161  
2162          // Is the currently logged in user a moderator of this forum?
2163          $ismod = is_moderator($thread['fid']);
2164  
2165          // Make sure we are looking at a real thread here.
2166          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2167          {
2168              error($lang->error_invalidthread);
2169          }
2170  
2171          // check if the forum requires a password to view. If so, we need to show a form to the user
2172          check_forum_password($thread['fid']);
2173  
2174          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2175          $plugins->run_hooks("usercp2_removesubscription_thread");
2176  
2177          remove_subscribed_thread($thread['tid']);
2178          if($server_http_referer && $mybb->request_method != 'post')
2179          {
2180              $url = $server_http_referer;
2181          }
2182          else
2183          {
2184              $url = "usercp.php?action=subscriptions";
2185          }
2186          redirect($url, $lang->redirect_subscriptionremoved);
2187      }
2188  }
2189  
2190  // Show remove subscription form when GET method and without valid my_post_key
2191  if($mybb->input['action'] == "removesubscription")
2192  {
2193      $referrer = '';
2194      if($mybb->get_input('type') == "forum")
2195      {
2196          $forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
2197          if(!$forum)
2198          {
2199              error($lang->error_invalidforum);
2200          }
2201  
2202          add_breadcrumb($lang->nav_forumsubscriptions, "usercp.php?action=forumsubscriptions");
2203          add_breadcrumb($lang->nav_removesubscription);
2204  
2205          $forumpermissions = forum_permissions($forum['fid']);
2206          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
2207          {
2208              error_no_permission();
2209          }
2210  
2211          // check if the forum requires a password to view. If so, we need to show a form to the user
2212          check_forum_password($forum['fid']);
2213  
2214          $lang->unsubscribe_from_forum = $lang->sprintf($lang->unsubscribe_from_forum, $forum['name']);
2215  
2216          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2217          $plugins->run_hooks("usercp2_removesubscription_display_forum");
2218  
2219          eval("\$remove_forum_subscription = \"".$templates->get("usercp_removesubscription_forum")."\";");
2220          output_page($remove_forum_subscription);
2221          exit;
2222      }
2223      else
2224      {
2225          $thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
2226          if(!$thread || $thread['visible'] == -1)
2227          {
2228              error($lang->error_invalidthread);
2229          }
2230  
2231          // Is the currently logged in user a moderator of this forum?
2232          $ismod = is_moderator($thread['fid']);
2233  
2234          // Make sure we are looking at a real thread here.
2235          if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
2236          {
2237              error($lang->error_invalidthread);
2238          }
2239  
2240          add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
2241          add_breadcrumb($lang->nav_removesubscription);
2242  
2243          $forumpermissions = forum_permissions($thread['fid']);
2244          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
2245          {
2246              error_no_permission();
2247          }
2248  
2249          // check if the forum requires a password to view. If so, we need to show a form to the user
2250          check_forum_password($thread['fid']);
2251  
2252          require_once  MYBB_ROOT."inc/class_parser.php";
2253          $parser = new postParser;
2254          $thread['subject'] = $parser->parse_badwords($thread['subject']);
2255          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
2256          $lang->unsubscribe_from_thread = $lang->sprintf($lang->unsubscribe_from_thread, $thread['subject']);
2257  
2258          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2259          $plugins->run_hooks("usercp2_removesubscription_display_thread");
2260  
2261          eval("\$remove_thread_subscription = \"".$templates->get("usercp_removesubscription_thread")."\";");
2262          output_page($remove_thread_subscription);
2263          exit;
2264      }
2265  }
2266  
2267  if($mybb->input['action'] == "removesubscriptions")
2268  {
2269      // Verify incoming POST request
2270      verify_post_check($mybb->get_input('my_post_key'));
2271  
2272      if($mybb->get_input('type') == "forum")
2273      {
2274          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2275          $plugins->run_hooks("usercp2_removesubscriptions_forum");
2276  
2277          $db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'");
2278          if($server_http_referer)
2279          {
2280              $url = $server_http_referer;
2281          }
2282          else
2283          {
2284              $url = "usercp.php?action=forumsubscriptions";
2285          }
2286          redirect($url, $lang->redirect_forumsubscriptionsremoved);
2287      }
2288      else
2289      {
2290          // Naming of the hook retained for backward compatibility while dropping usercp2.php
2291          $plugins->run_hooks("usercp2_removesubscriptions_thread");
2292  
2293          $db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'");
2294          if($server_http_referer)
2295          {
2296              $url = $server_http_referer;
2297          }
2298          else
2299          {
2300              $url = "usercp.php?action=subscriptions";
2301          }
2302          redirect($url, $lang->redirect_subscriptionsremoved);
2303      }
2304  }
2305  
2306  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
2307  {
2308      // Verify incoming POST request
2309      verify_post_check($mybb->get_input('my_post_key'));
2310  
2311      // User currently has a suspended signature
2312      if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW)
2313      {
2314          error_no_permission();
2315      }
2316  
2317      $plugins->run_hooks("usercp_do_editsig_start");
2318  
2319      if($mybb->get_input('updateposts') == "enable")
2320      {
2321          $update_signature = array(
2322              "includesig" => 1
2323          );
2324          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
2325      }
2326      elseif($mybb->get_input('updateposts') == "disable")
2327      {
2328          $update_signature = array(
2329              "includesig" => 0
2330          );
2331          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
2332      }
2333      $new_signature = array(
2334          "signature" => $db->escape_string($mybb->get_input('signature'))
2335      );
2336      $plugins->run_hooks("usercp_do_editsig_process");
2337      $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'");
2338      $plugins->run_hooks("usercp_do_editsig_end");
2339      redirect("usercp.php?action=editsig", $lang->redirect_sigupdated);
2340  }
2341  
2342  if($mybb->input['action'] == "editsig")
2343  {
2344      $plugins->run_hooks("usercp_editsig_start");
2345      if(!empty($mybb->input['preview']) && empty($error))
2346      {
2347          $sig = $mybb->get_input('signature');
2348          $template = "usercp_editsig_preview";
2349      }
2350      elseif(empty($error))
2351      {
2352          $sig = $mybb->user['signature'];
2353          $template = "usercp_editsig_current";
2354      }
2355      else
2356      {
2357          $sig = $mybb->get_input('signature');
2358          $template = false;
2359      }
2360  
2361      if(!isset($error))
2362      {
2363          $error = '';
2364      }
2365  
2366      if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
2367      {
2368          // User currently has no signature and they're suspended
2369          error($lang->sig_suspended);
2370      }
2371  
2372      if($mybb->usergroup['canusesig'] != 1)
2373      {
2374          // Usergroup has no permission to use this facility
2375          error_no_permission();
2376      }
2377      elseif($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts'])
2378      {
2379          // Usergroup can use this facility, but only after x posts
2380          error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts']));
2381      }
2382  
2383      $signature = '';
2384      if($sig && $template)
2385      {
2386          $sig_parser = array(
2387              "allow_html" => $mybb->settings['sightml'],
2388              "allow_mycode" => $mybb->settings['sigmycode'],
2389              "allow_smilies" => $mybb->settings['sigsmilies'],
2390              "allow_imgcode" => $mybb->settings['sigimgcode'],
2391              "me_username" => $mybb->user['username'],
2392              "filter_badwords" => 1
2393          );
2394  
2395          if($mybb->user['showimages'] != 1)
2396          {
2397              $sig_parser['allow_imgcode'] = 0;
2398          }
2399  
2400          $sigpreview = $parser->parse_message($sig, $sig_parser);
2401          eval("\$signature = \"".$templates->get($template)."\";");
2402      }
2403  
2404      // User has a current signature, so let's display it (but show an error message)
2405      if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW)
2406      {
2407          $plugins->run_hooks("usercp_editsig_end");
2408  
2409          // User either doesn't have permission, or has their signature suspended
2410          eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";");
2411      }
2412      else
2413      {
2414          // User is allowed to edit their signature
2415          $smilieinserter = '';
2416          if($mybb->settings['sigsmilies'] == 1)
2417          {
2418              $sigsmilies = $lang->on;
2419              $smilieinserter = build_clickable_smilies();
2420          }
2421          else
2422          {
2423              $sigsmilies = $lang->off;
2424          }
2425          if($mybb->settings['sigmycode'] == 1)
2426          {
2427              $sigmycode = $lang->on;
2428          }
2429          else
2430          {
2431              $sigmycode = $lang->off;
2432          }
2433          if($mybb->settings['sightml'] == 1)
2434          {
2435              $sightml = $lang->on;
2436          }
2437          else
2438          {
2439              $sightml = $lang->off;
2440          }
2441          if($mybb->settings['sigimgcode'] == 1)
2442          {
2443              $sigimgcode = $lang->on;
2444          }
2445          else
2446          {
2447              $sigimgcode = $lang->off;
2448          }
2449  
2450          if($mybb->settings['siglength'] == 0)
2451          {
2452              $siglength = $lang->unlimited;
2453          }
2454          else
2455          {
2456              $siglength = $mybb->settings['siglength'];
2457          }
2458  
2459          $sig = htmlspecialchars_uni($sig);
2460          $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $siglength);
2461  
2462          if($mybb->settings['sigmycode'] != 0 && $mybb->settings['bbcodeinserter'] != 0 && $mybb->user['showcodebuttons'] != 0)
2463          {
2464              $codebuttons = build_mycode_inserter("signature");
2465          }
2466  
2467          $plugins->run_hooks("usercp_editsig_end");
2468  
2469          eval("\$editsig = \"".$templates->get("usercp_editsig")."\";");
2470      }
2471  
2472      output_page($editsig);
2473  }
2474  
2475  if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post")
2476  {
2477      // Verify incoming POST request
2478      verify_post_check($mybb->get_input('my_post_key'));
2479  
2480      $plugins->run_hooks("usercp_do_avatar_start");
2481      require_once  MYBB_ROOT."inc/functions_upload.php";
2482  
2483      $avatar_error = "";
2484  
2485      if(!empty($mybb->input['remove'])) // remove avatar
2486      {
2487          $updated_avatar = array(
2488              "avatar" => "",
2489              "avatardimensions" => "",
2490              "avatartype" => ""
2491          );
2492          $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2493          remove_avatars($mybb->user['uid']);
2494      }
2495      elseif($_FILES['avatarupload']['name']) // upload avatar
2496      {
2497          if($mybb->usergroup['canuploadavatars'] == 0)
2498          {
2499              error_no_permission();
2500          }
2501          $avatar = upload_avatar();
2502          if(!empty($avatar['error']))
2503          {
2504              $avatar_error = $avatar['error'];
2505          }
2506          else
2507          {
2508              if($avatar['width'] > 0 && $avatar['height'] > 0)
2509              {
2510                  $avatar_dimensions = $avatar['width']."|".$avatar['height'];
2511              }
2512              $updated_avatar = array(
2513                  "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
2514                  "avatardimensions" => $avatar_dimensions,
2515                  "avatartype" => "upload"
2516              );
2517              $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2518          }
2519      }
2520      elseif(!$mybb->settings['allowremoteavatars'] && !$_FILES['avatarupload']['name']) // missing avatar image
2521      {
2522          $avatar_error = $lang->error_avatarimagemissing;
2523      }
2524      elseif($mybb->settings['allowremoteavatars']) // remote avatar
2525      {
2526          $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl'));
2527          if(validate_email_format($mybb->input['avatarurl']) != false)
2528          {
2529              // Gravatar
2530              $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']);
2531  
2532              // If user image does not exist, or is a higher rating, use the mystery man
2533              $email = md5($mybb->input['avatarurl']);
2534  
2535              $s = '';
2536              if(!$mybb->settings['maxavatardims'])
2537              {
2538                  $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
2539              }
2540  
2541              // Because Gravatars are square, hijack the width
2542              list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
2543              $maxheight = (int)$maxwidth;
2544  
2545              // Rating?
2546              $types = array('g', 'pg', 'r', 'x');
2547              $rating = $mybb->settings['useravatarrating'];
2548  
2549              if(!in_array($rating, $types))
2550              {
2551                  $rating = 'g';
2552              }
2553  
2554              $s = "?s={$maxheight}&r={$rating}&d=mm";
2555  
2556              $updated_avatar = array(
2557                  "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
2558                  "avatardimensions" => "{$maxheight}|{$maxheight}",
2559                  "avatartype" => "gravatar"
2560              );
2561  
2562              $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'");
2563          }
2564          else
2565          {
2566              $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl'));
2567              $ext = get_extension($mybb->input['avatarurl']);
2568  
2569              // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
2570              $file = fetch_remote_file($mybb->input['avatarurl']);
2571              if(!$file)
2572              {
2573                  $avatar_error = $lang->error_invalidavatarurl;
2574              }
2575              else
2576              {
2577                  $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str());
2578                  $fp = @fopen($tmp_name, "wb");
2579                  if(!$fp)
2580                  {
2581                      $avatar_error = $lang->error_invalidavatarurl;
2582                  }
2583                  else
2584                  {
2585                      fwrite($fp, $file);
2586                      fclose($fp);
2587                      list($width, $height, $type) = @getimagesize($tmp_name);
2588                      @unlink($tmp_name);
2589                      if(!$type)
2590                      {
2591                          $avatar_error = $lang->error_invalidavatarurl;
2592                      }
2593                  }
2594              }
2595  
2596              if(empty($avatar_error))
2597              {
2598                  if($width && $height && $mybb->settings['maxavatardims'] != "")
2599                  {
2600                      list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
2601                      if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
2602                      {
2603                          $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
2604                          $avatar_error = $lang->error_avatartoobig;
2605                      }
2606                  }
2607              }
2608  
2609              // Limiting URL string to stay within database limit
2610              if(strlen($mybb->input['avatarurl']) > 200)
2611              {
2612                  $avatar_error = $lang->error_avatarurltoolong;
2613              }
2614  
2615              if(empty($avatar_error))
2616              {
2617                  if($width > 0 && $height > 0)
2618                  {
2619                      $avatar_dimensions = (int)$width."|".(int)$height;
2620                  }
2621                  $updated_avatar = array(
2622                      "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW),
2623                      "avatardimensions" => $avatar_dimensions,
2624                      "avatartype" => "remote"
2625                  );
2626                  $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2627                  remove_avatars($mybb->user['uid']);
2628              }
2629          }
2630      }
2631      else // remote avatar, but remote avatars are not allowed
2632      {
2633          $avatar_error = $lang->error_remote_avatar_not_allowed;
2634      }
2635  
2636      if(empty($avatar_error))
2637      {
2638          $plugins->run_hooks("usercp_do_avatar_end");
2639          redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated);
2640      }
2641      else
2642      {
2643          $mybb->input['action'] = "avatar";
2644          $avatar_error = inline_error($avatar_error);
2645      }
2646  }
2647  
2648  if($mybb->input['action'] == "avatar")
2649  {
2650      $plugins->run_hooks("usercp_avatar_start");
2651  
2652      $avatarmsg = $avatarurl = '';
2653  
2654      if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath']))
2655      {
2656          $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>";
2657      }
2658      elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar']))
2659      {
2660          $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>";
2661          $avatarurl = htmlspecialchars_uni($mybb->user['avatar']);
2662      }
2663  
2664      $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100');
2665      eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";");
2666  
2667      if($mybb->settings['maxavatardims'] != "")
2668      {
2669          list($maxwidth, $maxheight) = preg_split('/[|x]/', my_strtolower($mybb->settings['maxavatardims']));
2670          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight);
2671      }
2672  
2673      if($mybb->settings['avatarsize'])
2674      {
2675          $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024);
2676          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize);
2677      }
2678  
2679      $plugins->run_hooks("usercp_avatar_intermediate");
2680  
2681      $auto_resize = '';
2682      if($mybb->settings['avatarresizing'] == "auto")
2683      {
2684          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";");
2685      }
2686      elseif($mybb->settings['avatarresizing'] == "user")
2687      {
2688          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";");
2689      }
2690  
2691      $avatarupload = '';
2692      if($mybb->usergroup['canuploadavatars'] == 1)
2693      {
2694          eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";");
2695      }
2696  
2697      $avatar_remote = '';
2698      if($mybb->settings['allowremoteavatars'] == 1)
2699      {
2700          eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";");
2701      }
2702  
2703      $removeavatar = '';
2704      if(!empty($mybb->user['avatar']))
2705      {
2706          eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";");
2707      }
2708  
2709      $plugins->run_hooks("usercp_avatar_end");
2710  
2711      if(!isset($avatar_error))
2712      {
2713          $avatar_error = '';
2714      }
2715  
2716      eval("\$avatar = \"".$templates->get("usercp_avatar")."\";");
2717      output_page($avatar);
2718  }
2719  
2720  if($mybb->input['action'] == "acceptrequest")
2721  {
2722      // Verify incoming POST request
2723      verify_post_check($mybb->get_input('my_post_key'));
2724  
2725      // Validate request
2726      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2727      $request = $db->fetch_array($query);
2728      if(empty($request))
2729      {
2730          error($lang->invalid_request);
2731      }
2732  
2733      $plugins->run_hooks("usercp_acceptrequest_start");
2734  
2735      $user = get_user($request['uid']);
2736      if(!empty($user))
2737      {
2738          // We want to add us to this user's buddy list
2739          if($user['buddylist'] != '')
2740          {
2741              $user['buddylist'] = explode(',', $user['buddylist']);
2742          }
2743          else
2744          {
2745              $user['buddylist'] = array();
2746          }
2747  
2748          $user['buddylist'][] = (int)$mybb->user['uid'];
2749  
2750          // Now we have the new list, so throw it all back together
2751          $new_list = implode(",", $user['buddylist']);
2752  
2753          // And clean it up a little to ensure there is no possibility of bad values
2754          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2755          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2756  
2757          if(my_substr($new_list, 0, 1) == ",")
2758          {
2759              $new_list = my_substr($new_list, 1);
2760          }
2761          if(my_substr($new_list, -1) == ",")
2762          {
2763              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2764          }
2765  
2766          $user['buddylist'] = $db->escape_string($new_list);
2767  
2768          $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
2769  
2770  
2771          // We want to add the user to our buddy list
2772          if($mybb->user['buddylist'] != '')
2773          {
2774              $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']);
2775          }
2776          else
2777          {
2778              $mybb->user['buddylist'] = array();
2779          }
2780  
2781          $mybb->user['buddylist'][] = (int)$request['uid'];
2782  
2783          // Now we have the new list, so throw it all back together
2784          $new_list = implode(",", $mybb->user['buddylist']);
2785  
2786          // And clean it up a little to ensure there is no possibility of bad values
2787          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2788          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2789  
2790          if(my_substr($new_list, 0, 1) == ",")
2791          {
2792              $new_list = my_substr($new_list, 1);
2793          }
2794          if(my_substr($new_list, -1) == ",")
2795          {
2796              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2797          }
2798  
2799          $mybb->user['buddylist'] = $db->escape_string($new_list);
2800  
2801          $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'");
2802  
2803          $pm = array(
2804              'subject' => 'buddyrequest_accepted_request',
2805              'message' => 'buddyrequest_accepted_request_message',
2806              'touid' => $user['uid'],
2807              'language' => $user['language'],
2808              'language_file' => 'usercp'
2809          );
2810  
2811          send_pm($pm, $mybb->user['uid'], true);
2812  
2813          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2814      }
2815      else
2816      {
2817          error($lang->user_doesnt_exist);
2818      }
2819  
2820      $plugins->run_hooks("usercp_acceptrequest_end");
2821  
2822      redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted);
2823  }
2824  
2825  elseif($mybb->input['action'] == "declinerequest")
2826  {
2827      // Verify incoming POST request
2828      verify_post_check($mybb->get_input('my_post_key'));
2829  
2830      // Validate request
2831      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2832      $request = $db->fetch_array($query);
2833      if(empty($request))
2834      {
2835          error($lang->invalid_request);
2836      }
2837  
2838      $plugins->run_hooks("usercp_declinerequest_start");
2839  
2840      $user = get_user($request['uid']);
2841      if(!empty($user))
2842      {
2843          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2844      }
2845      else
2846      {
2847          error($lang->user_doesnt_exist);
2848      }
2849  
2850      $plugins->run_hooks("usercp_declinerequest_end");
2851  
2852      redirect("usercp.php?action=editlists", $lang->buddyrequest_declined);
2853  }
2854  
2855  elseif($mybb->input['action'] == "cancelrequest")
2856  {
2857      // Verify incoming POST request
2858      verify_post_check($mybb->get_input('my_post_key'));
2859  
2860      // Validate request
2861      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']);
2862      $request = $db->fetch_array($query);
2863      if(empty($request))
2864      {
2865          error($lang->invalid_request);
2866      }
2867  
2868      $plugins->run_hooks("usercp_cancelrequest_start");
2869  
2870      $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2871  
2872      $plugins->run_hooks("usercp_cancelrequest_end");
2873  
2874      redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled);
2875  }
2876  
2877  if($mybb->input['action'] == "do_editlists")
2878  {
2879      // Verify incoming POST request
2880      verify_post_check($mybb->get_input('my_post_key'));
2881  
2882      $plugins->run_hooks("usercp_do_editlists_start");
2883  
2884      $existing_users = array();
2885      $selected_list = array();
2886      if($mybb->get_input('manage') == "ignored")
2887      {
2888          if($mybb->user['ignorelist'])
2889          {
2890              $existing_users = explode(",", $mybb->user['ignorelist']);
2891          }
2892  
2893          if($mybb->user['buddylist'])
2894          {
2895              // Create a list of buddies...
2896              $selected_list = explode(",", $mybb->user['buddylist']);
2897          }
2898      }
2899      else
2900      {
2901          if($mybb->user['buddylist'])
2902          {
2903              $existing_users = explode(",", $mybb->user['buddylist']);
2904          }
2905  
2906          if($mybb->user['ignorelist'])
2907          {
2908              // Create a list of ignored users
2909              $selected_list = explode(",", $mybb->user['ignorelist']);
2910          }
2911      }
2912  
2913      $error_message = "";
2914      $message = "";
2915  
2916      // Adding one or more users to this list
2917      if($mybb->get_input('add_username'))
2918      {
2919          // Split up any usernames we have
2920          $found_users = 0;
2921          $adding_self = false;
2922          $users = explode(",", $mybb->get_input('add_username'));
2923          $users = array_map("trim", $users);
2924          $users = array_unique($users);
2925          foreach($users as $key => $username)
2926          {
2927              if(empty($username))
2928              {
2929                  unset($users[$key]);
2930                  continue;
2931              }
2932  
2933              if(my_strtoupper($mybb->user['username']) == my_strtoupper($username))
2934              {
2935                  $adding_self = true;
2936                  unset($users[$key]);
2937                  continue;
2938              }
2939              $users[$key] = $db->escape_string($username);
2940          }
2941  
2942          // Get the requests we have sent that are still pending
2943          $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']);
2944          $requests = array();
2945          while($req = $db->fetch_array($query))
2946          {
2947              $requests[$req['touid']] = true;
2948          }
2949  
2950          // Get the requests we have received that are still pending
2951          $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']);
2952          $requests_rec = array();
2953          while($req = $db->fetch_array($query))
2954          {
2955              $requests_rec[$req['uid']] = true;
2956          }
2957  
2958          $sent = false;
2959  
2960          // Fetch out new users
2961          if(count($users) > 0)
2962          {
2963              switch($db->type)
2964              {
2965                  case 'mysql':
2966                  case 'mysqli':
2967                      $field = 'username';
2968                      break;
2969                  default:
2970                      $field = 'LOWER(username)';
2971                      break;
2972              }
2973              $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')");
2974              while($user = $db->fetch_array($query))
2975              {
2976                  ++$found_users;
2977  
2978                  // Make sure we're not adding a duplicate
2979                  if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list))
2980                  {
2981                      if($mybb->get_input('manage') == "ignored")
2982                      {
2983                          $error_message = "ignore";
2984                      }
2985                      else
2986                      {
2987                          $error_message = "buddy";
2988                      }
2989  
2990                      // On another list?
2991                      $string = "users_already_on_".$error_message."_list";
2992                      if(in_array($user['uid'], $selected_list))
2993                      {
2994                          $string .= "_alt";
2995                      }
2996  
2997                      $error_message = $lang->$string;
2998                      array_pop($users); // To maintain a proper count when we call count($users)
2999                      continue;
3000                  }
3001  
3002                  if(isset($requests[$user['uid']]))
3003                  {
3004                      if($mybb->get_input('manage') != "ignored")
3005                      {
3006                          $error_message = $lang->users_already_sent_request;
3007                      }
3008                      elseif($mybb->get_input('manage') == "ignored")
3009                      {
3010                          $error_message = $lang->users_already_sent_request_alt;
3011                      }
3012  
3013                      array_pop($users); // To maintain a proper count when we call count($users)
3014                      continue;
3015                  }
3016  
3017                  if(isset($requests_rec[$user['uid']]))
3018                  {
3019                      if($mybb->get_input('manage') != "ignored")
3020                      {
3021                          $error_message = $lang->users_already_rec_request;
3022                      }
3023                      elseif($mybb->get_input('manage') == "ignored")
3024                      {
3025                          $error_message = $lang->users_already_rec_request_alt;
3026                      }
3027  
3028                      array_pop($users); // To maintain a proper count when we call count($users)
3029                      continue;
3030                  }
3031  
3032                  // Do we have auto approval set to On?
3033                  if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored")
3034                  {
3035                      $existing_users[] = $user['uid'];
3036  
3037                      $pm = array(
3038                          'subject' => 'buddyrequest_new_buddy',
3039                          'message' => 'buddyrequest_new_buddy_message',
3040                          'touid' => $user['uid'],
3041                          'receivepms' => (int)$user['buddyrequestspm'],
3042                          'language' => $user['language'],
3043                          'language_file' => 'usercp'
3044                      );
3045  
3046                      send_pm($pm);
3047                  }
3048                  elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored")
3049                  {
3050                      // Send request
3051                      $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW));
3052  
3053                      $pm = array(
3054                          'subject' => 'buddyrequest_received',
3055                          'message' => 'buddyrequest_received_message',
3056                          'touid' => $user['uid'],
3057                          'receivepms' => (int)$user['buddyrequestspm'],
3058                          'language' => $user['language'],
3059                          'language_file' => 'usercp'
3060                      );
3061  
3062                      send_pm($pm);
3063  
3064                      $sent = true;
3065                  }
3066                  elseif($mybb->get_input('manage') == "ignored")
3067                  {
3068                      $existing_users[] = $user['uid'];
3069                  }
3070              }
3071          }
3072  
3073          if($found_users < count($users))
3074          {
3075              if($error_message)
3076              {
3077                  $error_message .= "<br />";
3078              }
3079  
3080              $error_message .= $lang->invalid_user_selected;
3081          }
3082  
3083          if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1))
3084          {
3085              if($mybb->get_input('manage') == "ignored")
3086              {
3087                  $message = $lang->users_added_to_ignore_list;
3088              }
3089              else
3090              {
3091                  $message = $lang->users_added_to_buddy_list;
3092              }
3093          }
3094  
3095          if($adding_self == true)
3096          {
3097              if($mybb->get_input('manage') == "ignored")
3098              {
3099                  $error_message = $lang->cant_add_self_to_ignore_list;
3100              }
3101              else
3102              {
3103                  $error_message = $lang->cant_add_self_to_buddy_list;
3104              }
3105          }
3106  
3107          if(count($existing_users) == 0)
3108          {
3109              $message = "";
3110  
3111              if($sent === true)
3112              {
3113                  $message = $lang->buddyrequests_sent_success;
3114              }
3115          }
3116      }
3117  
3118      // Removing a user from this list
3119      elseif($mybb->get_input('delete', MyBB::INPUT_INT))
3120      {
3121          // Check if user exists on the list
3122          $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users);
3123          if($key !== false)
3124          {
3125              unset($existing_users[$key]);
3126              $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT));
3127              if(!empty($user))
3128              {
3129                  // We want to remove us from this user's buddy list
3130                  if($user['buddylist'] != '')
3131                  {
3132                      $user['buddylist'] = explode(',', $user['buddylist']);
3133                  }
3134                  else
3135                  {
3136                      $user['buddylist'] = array();
3137                  }
3138  
3139                  $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $user['buddylist']);
3140                  unset($user['buddylist'][$key]);
3141  
3142                  // Now we have the new list, so throw it all back together
3143                  $new_list = implode(",", $user['buddylist']);
3144  
3145                  // And clean it up a little to ensure there is no possibility of bad values
3146                  $new_list = preg_replace("#,{2,}#", ",", $new_list);
3147                  $new_list = preg_replace("#[^0-9,]#", "", $new_list);
3148  
3149                  if(my_substr($new_list, 0, 1) == ",")
3150                  {
3151                      $new_list = my_substr($new_list, 1);
3152                  }
3153                  if(my_substr($new_list, -1) == ",")
3154                  {
3155                      $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
3156                  }
3157  
3158                  $user['buddylist'] = $db->escape_string($new_list);
3159  
3160                  $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
3161              }
3162  
3163              if($mybb->get_input('manage') == "ignored")
3164              {
3165                  $message = $lang->removed_from_ignore_list;
3166              }
3167              else
3168              {
3169                  $message = $lang->removed_from_buddy_list;
3170              }
3171              $user['username'] = htmlspecialchars_uni($user['username']);
3172              $message = $lang->sprintf($message, $user['username']);
3173          }
3174      }
3175  
3176      // Now we have the new list, so throw it all back together
3177      $new_list = implode(",", $existing_users);
3178  
3179      // And clean it up a little to ensure there is no possibility of bad values
3180      $new_list = preg_replace("#,{2,}#", ",", $new_list);
3181      $new_list = preg_replace("#[^0-9,]#", "", $new_list);
3182  
3183      if(my_substr($new_list, 0, 1) == ",")
3184      {
3185          $new_list = my_substr($new_list, 1);
3186      }
3187      if(my_substr($new_list, -1) == ",")
3188      {
3189          $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
3190      }
3191  
3192      // And update
3193      $user = array();
3194      if($mybb->get_input('manage') == "ignored")
3195      {
3196          $user['ignorelist'] = $db->escape_string($new_list);
3197          $mybb->user['ignorelist'] = $user['ignorelist'];
3198      }
3199      else
3200      {
3201          $user['buddylist'] = $db->escape_string($new_list);
3202          $mybb->user['buddylist'] = $user['buddylist'];
3203      }
3204  
3205      $db->update_query("users", $user, "uid='".$mybb->user['uid']."'");
3206  
3207      $plugins->run_hooks("usercp_do_editlists_end");
3208  
3209      // Ajax based request, throw new list to browser
3210      if(!empty($mybb->input['ajax']))
3211      {
3212          if($mybb->get_input('manage') == "ignored")
3213          {
3214              $list = "ignore";
3215          }
3216          else
3217          {
3218              $list = "buddy";
3219          }
3220  
3221          $message_js = '';
3222          if($message)
3223          {
3224              $message_js = "$.jGrowl('{$message}', {theme:'jgrowl_success'});";
3225          }
3226  
3227          if($error_message)
3228          {
3229              $message_js .= " $.jGrowl('{$error_message}', {theme:'jgrowl_error'});";
3230          }
3231  
3232          if($mybb->get_input('delete', MyBB::INPUT_INT))
3233          {
3234              header("Content-type: text/javascript");
3235              echo "$(\"#".$mybb->get_input('manage')."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n";
3236              if($new_list == "")
3237              {
3238                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"0\");\n";
3239                  echo "\$(\"#buddylink\").remove();\n";
3240  
3241                  if($mybb->get_input('manage') == "ignored")
3242                  {
3243                      echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n";
3244                  }
3245                  else
3246                  {
3247                      echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n";
3248                  }
3249              }
3250              else
3251              {
3252                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"".count(explode(",", $new_list))."\");\n";
3253              }
3254              echo $message_js;
3255              exit;
3256          }
3257          $mybb->input['action'] = "editlists";
3258      }
3259      else
3260      {
3261          if($error_message)
3262          {
3263              $message .= "<br />".$error_message;
3264          }
3265          redirect("usercp.php?action=editlists#".$mybb->get_input('manage'), $message);
3266      }
3267  }
3268  
3269  if($mybb->input['action'] == "editlists")
3270  {
3271      $plugins->run_hooks("usercp_editlists_start");
3272  
3273      $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
3274  
3275      // Fetch out buddies
3276      $buddy_count = 0;
3277      $buddy_list = '';
3278      if($mybb->user['buddylist'])
3279      {
3280          $type = "buddy";
3281          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username"));
3282          while($user = $db->fetch_array($query))
3283          {
3284              $user['username'] = htmlspecialchars_uni($user['username']);
3285              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3286              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
3287              {
3288                  $status = "online";
3289              }
3290              else
3291              {
3292                  $status = "offline";
3293              }
3294              eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";");
3295              ++$buddy_count;
3296          }
3297      }
3298  
3299      $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count);
3300      if(!$buddy_list)
3301      {
3302          eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";");
3303      }
3304  
3305      // Fetch out ignore list users
3306      $ignore_count = 0;
3307      $ignore_list = '';
3308      if($mybb->user['ignorelist'])
3309      {
3310          $type = "ignored";
3311          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username"));
3312          while($user = $db->fetch_array($query))
3313          {
3314              $user['username'] = htmlspecialchars_uni($user['username']);
3315              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
3316              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
3317              {
3318                  $status = "online";
3319              }
3320              else
3321              {
3322                  $status = "offline";
3323              }
3324              eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";");
3325              ++$ignore_count;
3326          }
3327      }
3328  
3329      $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count);
3330      if(!$ignore_list)
3331      {
3332          eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";");
3333      }
3334  
3335      // If an AJAX request from buddy management, echo out whatever the new list is.
3336      if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
3337      {
3338          if($mybb->input['manage'] == "ignored")
3339          {
3340              echo $ignore_list;
3341              echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>";
3342          }
3343          else
3344          {
3345              if(isset($sent) && $sent === true)
3346              {
3347                  $sent_rows = '';
3348                  $query = $db->query("
3349                      SELECT r.*, u.username
3350                      FROM ".TABLE_PREFIX."buddyrequests r
3351                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
3352                      WHERE r.uid=".(int)$mybb->user['uid']);
3353  
3354                  while($request = $db->fetch_array($query))
3355                  {
3356                      $bgcolor = alt_trow();
3357                      $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
3358                      $request['date'] = my_date('relative', $request['date']);
3359                      eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";");
3360                  }
3361  
3362                  if($sent_rows == '')
3363                  {
3364                      eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";");
3365                  }
3366  
3367                  eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";");
3368  
3369                  echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>";
3370              }
3371              else
3372              {
3373                  echo $buddy_list;
3374                  echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>";
3375              }
3376          }
3377          exit;
3378      }
3379  
3380      $received_rows = $bgcolor = '';
3381      $query = $db->query("
3382          SELECT r.*, u.username
3383          FROM ".TABLE_PREFIX."buddyrequests r
3384          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid)
3385          WHERE r.touid=".(int)$mybb->user['uid']);
3386  
3387      while($request = $db->fetch_array($query))
3388      {
3389          $bgcolor = alt_trow();
3390          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']);
3391          $request['date'] = my_date('relative', $request['date']);
3392          eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";");
3393      }
3394  
3395      if($received_rows == '')
3396      {
3397          eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
3398      }
3399  
3400      eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";");
3401  
3402      $sent_rows = $bgcolor = '';
3403      $query = $db->query("
3404          SELECT r.*, u.username
3405          FROM ".TABLE_PREFIX."buddyrequests r
3406          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
3407          WHERE r.uid=".(int)$mybb->user['uid']);
3408  
3409      while($request = $db->fetch_array($query))
3410      {
3411          $bgcolor = alt_trow();
3412          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
3413          $request['date'] = my_date('relative', $request['date']);
3414          eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";");
3415      }
3416  
3417      if($sent_rows == '')
3418      {
3419          eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
3420      }
3421  
3422      eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";");
3423  
3424      $plugins->run_hooks("usercp_editlists_end");
3425  
3426      eval("\$listpage = \"".$templates->get("usercp_editlists")."\";");
3427      output_page($listpage);
3428  }
3429  
3430  if($mybb->input['action'] == "drafts")
3431  {
3432      $plugins->run_hooks("usercp_drafts_start");
3433  
3434      $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'");
3435      $draftcount = $db->fetch_field($query, 'draftcount');
3436  
3437      $drafts = $disable_delete_drafts = '';
3438      $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount));
3439  
3440      // Show a listing of all of the current 'draft' posts or threads the user has.
3441      if($draftcount)
3442      {
3443          $query = $db->query("
3444              SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible
3445              FROM ".TABLE_PREFIX."posts p
3446              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3447              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid)
3448              WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2'
3449              ORDER BY p.dateline DESC, p.pid DESC
3450          ");
3451  
3452          while($draft = $db->fetch_array($query))
3453          {
3454              $detail = '';
3455              $trow = alt_trow();
3456              if($draft['threadvisible'] == 1) // We're looking at a draft post
3457              {
3458                  $draft['threadlink'] = get_thread_link($draft['tid']);
3459                  $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']);
3460                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";");
3461                  $editurl = "newreply.php?action=editdraft&amp;pid={$draft['pid']}";
3462                  $id = $draft['pid'];
3463                  $type = "post";
3464              }
3465              elseif($draft['threadvisible'] == -2) // We're looking at a draft thread
3466              {
3467                  $draft['forumlink'] = get_forum_link($draft['fid']);
3468                  $draft['forumname'] = htmlspecialchars_uni($draft['forumname']);
3469                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";");
3470                  $editurl = "newthread.php?action=editdraft&amp;tid={$draft['tid']}";
3471                  $id = $draft['tid'];
3472                  $type = "thread";
3473              }
3474  
3475              $draft['subject'] = htmlspecialchars_uni($draft['subject']);
3476              $savedate = my_date('relative', $draft['dateline']);
3477              eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";");
3478          }
3479      }
3480      else
3481      {
3482          $disable_delete_drafts = 'disabled="disabled"';
3483          eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";");
3484      }
3485  
3486      $plugins->run_hooks("usercp_drafts_end");
3487  
3488      eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";");
3489      output_page($draftlist);
3490  }
3491  
3492  if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post")
3493  {
3494      // Verify incoming POST request
3495      verify_post_check($mybb->get_input('my_post_key'));
3496  
3497      $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY);
3498      if(empty($mybb->input['deletedraft']))
3499      {
3500          error($lang->no_drafts_selected);
3501      }
3502  
3503      $plugins->run_hooks("usercp_do_drafts_start");
3504  
3505      $pidin = array();
3506      $tidin = array();
3507  
3508      foreach($mybb->input['deletedraft'] as $id => $val)
3509      {
3510          if($val == "post")
3511          {
3512              $pidin[] = "'".(int)$id."'";
3513          }
3514          elseif($val == "thread")
3515          {
3516              $tidin[] = "'".(int)$id."'";
3517          }
3518      }
3519      if($tidin)
3520      {
3521          $tidin = implode(",", $tidin);
3522          $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3523          $tidinp = "OR tid IN ($tidin)";
3524      }
3525      else
3526      {
3527          $tidinp = '';
3528      }
3529      if($pidin || $tidinp)
3530      {
3531          $pidinq = $tidin = '';
3532          if($pidin)
3533          {
3534              $pidin = implode(",", $pidin);
3535              $pidinq = "pid IN ($pidin)";
3536          }
3537          else
3538          {
3539              $pidinq = "1=0";
3540          }
3541          $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3542      }
3543      $plugins->run_hooks("usercp_do_drafts_end");
3544      redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted);
3545  }
3546  
3547  if($mybb->input['action'] == "usergroups")
3548  {
3549      $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].",";
3550  
3551      $usergroups = $mybb->cache->read('usergroups');
3552  
3553      $plugins->run_hooks("usercp_usergroups_start");
3554  
3555      // Changing our display group
3556      if($mybb->get_input('displaygroup', MyBB::INPUT_INT))
3557      {
3558          // Verify incoming POST request
3559          verify_post_check($mybb->get_input('my_post_key'));
3560  
3561          if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false)
3562          {
3563              error($lang->not_member_of_group);
3564          }
3565  
3566          $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)];
3567          if($dispgroup['candisplaygroup'] != 1)
3568          {
3569              error($lang->cannot_set_displaygroup);
3570          }
3571          $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'");
3572          $cache->update_moderators();
3573          $plugins->run_hooks("usercp_usergroups_change_displaygroup");
3574          redirect("usercp.php?action=usergroups", $lang->display_group_changed);
3575          exit;
3576      }
3577  
3578      // Leaving a group
3579      if($mybb->get_input('leavegroup', MyBB::INPUT_INT))
3580      {
3581          // Verify incoming POST request
3582          verify_post_check($mybb->get_input('my_post_key'));
3583  
3584          if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false)
3585          {
3586              error($lang->not_member_of_group);
3587          }
3588          if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT))
3589          {
3590              error($lang->cannot_leave_primary_group);
3591          }
3592  
3593          $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)];
3594          if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3595          {
3596              error($lang->cannot_leave_group);
3597          }
3598          leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT));
3599          $plugins->run_hooks("usercp_usergroups_leave_group");
3600          redirect("usercp.php?action=usergroups", $lang->left_group);
3601          exit;
3602      }
3603  
3604      $groupleaders = array();
3605  
3606      // List of usergroup leaders
3607      $query = $db->query("
3608          SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language
3609          FROM ".TABLE_PREFIX."groupleaders g
3610          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
3611          ORDER BY u.username ASC
3612      ");
3613      while($leader = $db->fetch_array($query))
3614      {
3615          $groupleaders[$leader['gid']][$leader['uid']] = $leader;
3616      }
3617  
3618      // Joining a group
3619      if($mybb->get_input('joingroup', MyBB::INPUT_INT))
3620      {
3621          // Verify incoming POST request
3622          verify_post_check($mybb->get_input('my_post_key'));
3623  
3624          $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)];
3625  
3626          if($usergroup['type'] == 5)
3627          {
3628              error($lang->cannot_join_invite_group);
3629          }
3630  
3631          if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
3632          {
3633              error($lang->cannot_join_group);
3634          }
3635  
3636          if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false)
3637          {
3638              error($lang->already_member_of_group);
3639          }
3640  
3641          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'");
3642          $joinrequest = $db->fetch_array($query);
3643  
3644          if(!empty($joinrequest['rid']))
3645          {
3646              error($lang->already_sent_join_request);
3647          }
3648  
3649          if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4)
3650          {
3651              $reasonlength = my_strlen($mybb->get_input('reason'));
3652  
3653              if($reasonlength > 250) // Reason field is varchar(250) in database
3654              {
3655                  error($lang->sprintf($lang->joinreason_too_long, ($reasonlength - 250)));
3656              }
3657  
3658              $now = TIME_NOW;
3659              $joinrequest = array(
3660                  "uid" => $mybb->user['uid'],
3661                  "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT),
3662                  "reason" => $db->escape_string($mybb->get_input('reason')),
3663                  "dateline" => TIME_NOW
3664              );
3665  
3666              $db->insert_query("joinrequests", $joinrequest);
3667  
3668              if(array_key_exists($usergroup['gid'], $groupleaders))
3669              {
3670                  foreach($groupleaders[$usergroup['gid']] as $leader)
3671                  {
3672                      // Load language
3673                      $lang->set_language($leader['language']);
3674                      $lang->load("messages");
3675  
3676                      $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']);
3677                      $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']);
3678                      my_mail($leader['email'], $subject, $message);
3679                  }
3680              }
3681  
3682              // Load language
3683              $lang->set_language($mybb->user['language']);
3684              $lang->load("messages");
3685  
3686              $plugins->run_hooks("usercp_usergroups_join_group_request");
3687              redirect("usercp.php?action=usergroups", $lang->group_join_requestsent);
3688              exit;
3689          }
3690          elseif($usergroup['type'] == 4)
3691          {
3692              $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT);
3693              eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
3694              output_page($joinpage);
3695              exit;
3696          }
3697          else
3698          {
3699              join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT));
3700              $plugins->run_hooks("usercp_usergroups_join_group");
3701              redirect("usercp.php?action=usergroups", $lang->joined_group);
3702          }
3703      }
3704  
3705      // Accepting invitation
3706      if($mybb->get_input('acceptinvite', MyBB::INPUT_INT))
3707      {
3708          // Verify incoming POST request
3709          verify_post_check($mybb->get_input('my_post_key'));
3710  
3711          $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)];
3712  
3713          if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false)
3714          {
3715              error($lang->already_accepted_invite);
3716          }
3717  
3718          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'");
3719          $joinrequest = $db->fetch_array($query);
3720          if($joinrequest['rid'])
3721          {
3722              join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT));
3723              $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'");
3724              $plugins->run_hooks("usercp_usergroups_accept_invite");
3725              redirect("usercp.php?action=usergroups", $lang->joined_group);
3726          }
3727          else
3728          {
3729              error($lang->no_pending_invitation);
3730          }
3731      }
3732      // Show listing of various group related things
3733  
3734      // List of groups this user is a leader of
3735      $groupsledlist = '';
3736  
3737      switch($db->type)
3738      {
3739          case "pgsql":
3740          case "sqlite":
3741              $query = $db->query("
3742                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3743                  FROM ".TABLE_PREFIX."groupleaders l
3744                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3745                  LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
3746                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3747                  WHERE l.uid='".$mybb->user['uid']."'
3748                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3749              ");
3750              break;
3751          default:
3752              $query = $db->query("
3753                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3754                  FROM ".TABLE_PREFIX."groupleaders l
3755                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3756                  LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
3757                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3758                  WHERE l.uid='".$mybb->user['uid']."'
3759                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3760              ");
3761      }
3762  
3763      while($usergroup = $db->fetch_array($query))
3764      {
3765          $memberlistlink = $moderaterequestslink = '';
3766          eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";");
3767          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3768          if($usergroup['type'] != 4)
3769          {
3770              $usergroup['joinrequests'] = '--';
3771          }
3772          if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1)
3773          {
3774              eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";");
3775          }
3776          $groupleader[$usergroup['gid']] = 1;
3777          $trow = alt_trow();
3778          eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";");
3779      }
3780      $leadinggroups = '';
3781      if($groupsledlist)
3782      {
3783          eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";");
3784      }
3785  
3786      // Fetch the list of groups the member is in
3787      // Do the primary group first
3788      $usergroup = $usergroups[$mybb->user['usergroup']];
3789      $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3790      $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3791      if($usergroup['description'])
3792      {
3793          $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3794          eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";");
3795      }
3796      eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";");
3797      $trow = alt_trow();
3798      if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3799      {
3800          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3801      }
3802      elseif($usergroup['candisplaygroup'] == 1)
3803      {
3804          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3805      }
3806      else
3807      {
3808          $displaycode = '';
3809      }
3810  
3811      eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3812      $showmemberof = false;
3813      if($mybb->user['additionalgroups'])
3814      {
3815          $additionalgroups = implode(
3816              ',',
3817              array_map(
3818                  'intval',
3819                  explode(',', $mybb->user['additionalgroups'])
3820              )
3821          );
3822          $query = $db->simple_select("usergroups", "*", "gid IN (".$additionalgroups.") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title'));
3823          while($usergroup = $db->fetch_array($query))
3824          {
3825              $showmemberof = true;
3826  
3827              if(isset($groupleader[$usergroup['gid']]))
3828              {
3829                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";");
3830              }
3831              elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3832              {
3833                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";");
3834              }
3835              else
3836              {
3837                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";");
3838              }
3839  
3840              $description = '';
3841              $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3842              $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3843              if($usergroup['description'])
3844              {
3845                  $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3846                  eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";");
3847              }
3848              $trow = alt_trow();
3849              if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3850              {
3851                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3852              }
3853              elseif($usergroup['candisplaygroup'] == 1)
3854              {
3855                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3856              }
3857              else
3858              {
3859                  $displaycode = '';
3860              }
3861              eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3862          }
3863      }
3864      eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";");
3865  
3866      // List of groups this user has applied for but has not been accepted in to
3867      $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'");
3868      while($request = $db->fetch_array($query))
3869      {
3870          $appliedjoin[$request['gid']] = $request['dateline'];
3871      }
3872  
3873      // Fetch list of groups the member can join
3874      $existinggroups = $mybb->