[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> usercp.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'usercp.php');
  13  
  14  $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum,postbit_reputation_formatted,usercp_subscriptions_thread_icon";
  15  $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups,usercp_nav_attachments,usercp_options_style,usercp_warnings_warning_post";
  16  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation,usercp_avatar_remove,usercp_resendactivation";
  17  $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none,usercp_profile_customtitle_currentcustom";
  18  $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_themeselector,usercp_profile_customtitle_reverttitle";
  19  $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove,usercp_nav_messenger_folder,usercp_profile_profilefields_text";
  20  $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_current,usercp_options_timezone_option,usercp_drafts,usercp_options_language,usercp_options_date_format,usercp_profile_website,usercp_latest_subscribed,usercp_warnings";
  21  $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_usergroups_joingroup,usercp_attachments_none,usercp_avatar_upload,usercp_options_timezone,usercp_usergroups_joinable_usergroup_join";
  22  $templatelist .= ",usercp_warnings_warning,usercp_nav_messenger_tracking,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  23  $templatelist .= ",codebuttons,usercp_nav_messenger_compose,usercp_options_language_option,usercp_editlists,usercp_profile_contact_fields_field,usercp_latest_subscribed_threads,usercp_profile_contact_fields,usercp_profile_day,usercp_nav_home";
  24  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,usercp_profile_profilefields_checkbox";
  25  $templatelist .= ",usercp_options_tppselect_option,usercp_options_pppselect_option,forumbit_depth2_forum_lastpost_never,forumbit_depth2_forum_lastpost_hidden,usercp_avatar_auto_resize_auto,usercp_avatar_auto_resize_user,usercp_options";
  26  $templatelist .= ",usercp_editlists_no_buddies,usercp_editlists_no_ignored,usercp_editlists_no_requests,usercp_editlists_received_requests,usercp_editlists_sent_requests,usercp_drafts_draft_thread,usercp_drafts_draft_forum,usercp_editlists_user";
  27  $templatelist .= ",usercp_usergroups_leader_usergroup_memberlist,usercp_usergroups_leader_usergroup_moderaterequests,usercp_usergroups_memberof_usergroup_leaveprimary,usercp_usergroups_memberof_usergroup_display,usercp_email,usercp_options_pms";
  28  $templatelist .= ",usercp_usergroups_memberof_usergroup_leaveleader,usercp_usergroups_memberof_usergroup_leaveother,usercp_usergroups_memberof_usergroup_leave,usercp_usergroups_joinable_usergroup_description,usercp_options_time_format";
  29  $templatelist .= ",usercp_editlists_sent_request,usercp_editlists_received_request,usercp_drafts_none,usercp_usergroups_memberof_usergroup_setdisplay,usercp_usergroups_memberof_usergroup_description,usercp_options_quick_reply";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_post.php";
  33  require_once  MYBB_ROOT."inc/functions_user.php";
  34  require_once  MYBB_ROOT."inc/class_parser.php";
  35  $parser = new postParser;
  36  
  37  // Load global language phrases
  38  $lang->load("usercp");
  39  
  40  if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0)
  41  {
  42      error_no_permission();
  43  }
  44  
  45  if(!$mybb->user['pmfolders'])
  46  {
  47      $mybb->user['pmfolders'] = '1**$%%$2**$%%$3**$%%$4**';
  48      $db->update_query('users', array('pmfolders' => $mybb->user['pmfolders']), "uid = {$mybb->user['uid']}");
  49  }
  50  
  51  $errors = '';
  52  
  53  $mybb->input['action'] = $mybb->get_input('action');
  54  
  55  usercp_menu();
  56  
  57  $plugins->run_hooks("usercp_start");
  58  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
  59  {
  60      require_once  MYBB_ROOT."inc/datahandlers/user.php";
  61      $userhandler = new UserDataHandler();
  62  
  63      $data = array(
  64          'uid' => $mybb->user['uid'],
  65          'signature' => $mybb->get_input('signature'),
  66      );
  67  
  68      $userhandler->set_data($data);
  69  
  70      if(!$userhandler->verify_signature())
  71      {
  72          $error = inline_error($userhandler->get_friendly_errors());
  73      }
  74  
  75      if(isset($error) || !empty($mybb->input['preview']))
  76      {
  77          $mybb->input['action'] = "editsig";
  78      }
  79  }
  80  
  81  // Make navigation
  82  add_breadcrumb($lang->nav_usercp, "usercp.php");
  83  
  84  switch($mybb->input['action'])
  85  {
  86      case "profile":
  87      case "do_profile":
  88          add_breadcrumb($lang->ucp_nav_profile);
  89          break;
  90      case "options":
  91      case "do_options":
  92          add_breadcrumb($lang->nav_options);
  93          break;
  94      case "email":
  95      case "do_email":
  96          add_breadcrumb($lang->nav_email);
  97          break;
  98      case "password":
  99      case "do_password":
 100          add_breadcrumb($lang->nav_password);
 101          break;
 102      case "changename":
 103      case "do_changename":
 104          add_breadcrumb($lang->nav_changename);
 105          break;
 106      case "subscriptions":
 107          add_breadcrumb($lang->ucp_nav_subscribed_threads);
 108          break;
 109      case "forumsubscriptions":
 110          add_breadcrumb($lang->ucp_nav_forum_subscriptions);
 111          break;
 112      case "editsig":
 113      case "do_editsig":
 114          add_breadcrumb($lang->nav_editsig);
 115          break;
 116      case "avatar":
 117      case "do_avatar":
 118          add_breadcrumb($lang->nav_avatar);
 119          break;
 120      case "notepad":
 121      case "do_notepad":
 122          add_breadcrumb($lang->ucp_nav_notepad);
 123          break;
 124      case "editlists":
 125      case "do_editlists":
 126          add_breadcrumb($lang->ucp_nav_editlists);
 127          break;
 128      case "drafts":
 129          add_breadcrumb($lang->ucp_nav_drafts);
 130          break;
 131      case "usergroups":
 132          add_breadcrumb($lang->ucp_nav_usergroups);
 133          break;
 134      case "attachments":
 135          add_breadcrumb($lang->ucp_nav_attachments);
 136          break;
 137  }
 138  
 139  if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
 140  {
 141      // Verify incoming POST request
 142      verify_post_check($mybb->get_input('my_post_key'));
 143  
 144      $plugins->run_hooks("usercp_do_profile_start");
 145  
 146      if($mybb->get_input('away', MyBB::INPUT_INT) == 1 && $mybb->settings['allowaway'] != 0)
 147      {
 148          $awaydate = TIME_NOW;
 149          if(!empty($mybb->input['awayday']))
 150          {
 151              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 152              if(!$mybb->get_input('awaymonth', MyBB::INPUT_INT))
 153              {
 154                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
 155              }
 156              if(!$mybb->get_input('awayyear', MyBB::INPUT_INT))
 157              {
 158                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
 159              }
 160  
 161              $return_month = (int)substr($mybb->get_input('awaymonth'), 0, 2);
 162              $return_day = (int)substr($mybb->get_input('awayday'), 0, 2);
 163              $return_year = min((int)$mybb->get_input('awayyear'), 9999);
 164  
 165              // Check if return date is after the away date.
 166              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 167              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 168              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 169              {
 170                  error($lang->error_usercp_return_date_past);
 171              }
 172  
 173              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 174          }
 175          else
 176          {
 177              $returndate = "";
 178          }
 179          $away = array(
 180              "away" => 1,
 181              "date" => $awaydate,
 182              "returndate" => $returndate,
 183              "awayreason" => $mybb->get_input('awayreason')
 184          );
 185      }
 186      else
 187      {
 188          $away = array(
 189              "away" => 0,
 190              "date" => '',
 191              "returndate" => '',
 192              "awayreason" => ''
 193          );
 194      }
 195  
 196      $bday = array(
 197          "day" => $mybb->get_input('bday1', MyBB::INPUT_INT),
 198          "month" => $mybb->get_input('bday2', MyBB::INPUT_INT),
 199          "year" => $mybb->get_input('bday3', MyBB::INPUT_INT)
 200      );
 201  
 202      // Set up user handler.
 203      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 204      $userhandler = new UserDataHandler("update");
 205  
 206      $user = array(
 207          "uid" => $mybb->user['uid'],
 208          "postnum" => $mybb->user['postnum'],
 209          "usergroup" => $mybb->user['usergroup'],
 210          "additionalgroups" => $mybb->user['additionalgroups'],
 211          "birthday" => $bday,
 212          "birthdayprivacy" => $mybb->get_input('birthdayprivacy'),
 213          "away" => $away,
 214          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY)
 215      );
 216      foreach(array('icq', 'aim', 'yahoo', 'skype', 'google') as $cfield)
 217      {
 218          $csetting = 'allow'.$cfield.'field';
 219          if($mybb->settings[$csetting] == '')
 220          {
 221              continue;
 222          }
 223  
 224          if(!is_member($mybb->settings[$csetting]))
 225          {
 226              continue;
 227          }
 228  
 229          if($cfield == 'icq')
 230          {
 231              $user[$cfield] = $mybb->get_input($cfield, 1);
 232          }
 233          else
 234          {
 235              $user[$cfield] = $mybb->get_input($cfield);
 236          }
 237      }
 238  
 239      if($mybb->usergroup['canchangewebsite'] == 1)
 240      {
 241          $user['website'] = $mybb->get_input('website');
 242      }
 243  
 244      if($mybb->usergroup['cancustomtitle'] == 1)
 245      {
 246          if($mybb->get_input('usertitle') != '')
 247          {
 248              $user['usertitle'] = $mybb->get_input('usertitle');
 249          }
 250          else if(!empty($mybb->input['reverttitle']))
 251          {
 252              $user['usertitle'] = '';
 253          }
 254      }
 255      $userhandler->set_data($user);
 256  
 257      if(!$userhandler->validate_user())
 258      {
 259          $errors = $userhandler->get_friendly_errors();
 260  
 261          // Set allowed value otherwise select options disappear
 262          if(in_array($lang->userdata_invalid_birthday_privacy, $errors))
 263          {
 264              $mybb->input['birthdayprivacy'] = 'none';
 265          }
 266  
 267          $errors = inline_error($errors);
 268          $mybb->input['action'] = "profile";
 269      }
 270      else
 271      {
 272          $userhandler->update_user();
 273  
 274          $plugins->run_hooks("usercp_do_profile_end");
 275          redirect("usercp.php?action=profile", $lang->redirect_profileupdated);
 276      }
 277  }
 278  
 279  if($mybb->input['action'] == "profile")
 280  {
 281      if($errors)
 282      {
 283          $user = $mybb->input;
 284          $bday = array();
 285          $bday[0] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 286          $bday[1] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 287          $bday[2] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 288      }
 289      else
 290      {
 291          $user = $mybb->user;
 292          $bday = explode("-", $user['birthday']);
 293          if(!isset($bday[1]))
 294          {
 295              $bday[1] = 0;
 296          }
 297          if(!isset($bday[2]))
 298          {
 299              $bday[2] = '';
 300          }
 301      }
 302  
 303      $plugins->run_hooks("usercp_profile_start");
 304  
 305      $bdaydaysel = '';
 306      for($day = 1; $day <= 31; ++$day)
 307      {
 308          if($bday[0] == $day)
 309          {
 310              $selected = "selected=\"selected\"";
 311          }
 312          else
 313          {
 314              $selected = '';
 315          }
 316  
 317          eval("\$bdaydaysel .= \"".$templates->get("usercp_profile_day")."\";");
 318      }
 319  
 320      $bdaymonthsel = array();
 321      foreach(range(1, 12) as $month)
 322      {
 323          $bdaymonthsel[$month] = '';
 324      }
 325      $bdaymonthsel[$bday[1]] = 'selected="selected"';
 326  
 327      $allselected = $noneselected = $ageselected = '';
 328      if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy'])
 329      {
 330          $allselected = " selected=\"selected\"";
 331      }
 332      else if($user['birthdayprivacy'] == 'none')
 333      {
 334          $noneselected = " selected=\"selected\"";
 335      }
 336      else if($user['birthdayprivacy'] == 'age')
 337      {
 338          $ageselected = " selected=\"selected\"";
 339      }
 340  
 341      if(!my_validate_url($user['website']))
 342      {
 343          $user['website'] = '';
 344      }
 345      else
 346      {
 347          $user['website'] = htmlspecialchars_uni($user['website']);
 348      }
 349  
 350      if($user['icq'] != "0")
 351      {
 352          $user['icq'] = (int)$user['icq'];
 353      }
 354  
 355      if($user['icq'] == 0)
 356      {
 357          $user['icq'] = '';
 358      }
 359  
 360      if($errors)
 361      {
 362          $user['skype'] = htmlspecialchars_uni($user['skype']);
 363          $user['google'] = htmlspecialchars_uni($user['google']);
 364          $user['aim'] = htmlspecialchars_uni($user['aim']);
 365          $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
 366      }
 367  
 368      $contact_fields = array();
 369      $contactfields = '';
 370      $cfieldsshow = false;
 371  
 372      foreach(array('icq', 'aim', 'yahoo', 'skype', 'google') as $cfield)
 373      {
 374          $contact_fields[$cfield] = '';
 375          $csetting = 'allow'.$cfield.'field';
 376          if($mybb->settings[$csetting] == '')
 377          {
 378              continue;
 379          }
 380  
 381          if(!is_member($mybb->settings[$csetting]))
 382          {
 383              continue;
 384          }
 385  
 386          $cfieldsshow = true;
 387  
 388          $lang_string = 'contact_field_'.$cfield;
 389          $lang_string = $lang->{$lang_string};
 390          $cfvalue = htmlspecialchars_uni($user[$cfield]);
 391  
 392          eval('$contact_fields[$cfield] = "'.$templates->get('usercp_profile_contact_fields_field').'";');
 393      }
 394  
 395      if($cfieldsshow)
 396      {
 397          eval('$contactfields = "'.$templates->get('usercp_profile_contact_fields').'";');
 398      }
 399  
 400      if($mybb->settings['allowaway'] != 0)
 401      {
 402          $awaycheck = array('', '');
 403          if($errors)
 404          {
 405              if($user['away'] == 1)
 406              {
 407                  $awaycheck[1] = "checked=\"checked\"";
 408              }
 409              else
 410              {
 411                  $awaycheck[0] = "checked=\"checked\"";
 412              }
 413              $returndate = array();
 414              $returndate[0] = $mybb->get_input('awayday', MyBB::INPUT_INT);
 415              $returndate[1] = $mybb->get_input('awaymonth', MyBB::INPUT_INT);
 416              $returndate[2] = $mybb->get_input('awayyear', MyBB::INPUT_INT);
 417              $user['awayreason'] = htmlspecialchars_uni($mybb->get_input('awayreason'));
 418          }
 419          else
 420          {
 421              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
 422              if($mybb->user['away'] == 1)
 423              {
 424                  $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
 425                  $awaycheck[1] = "checked=\"checked\"";
 426                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
 427              }
 428              else
 429              {
 430                  $awaynotice = $lang->away_notice;
 431                  $awaycheck[0] = "checked=\"checked\"";
 432              }
 433              $returndate = explode("-", $mybb->user['returndate']);
 434              if(!isset($returndate[1]))
 435              {
 436                  $returndate[1] = 0;
 437              }
 438              if(!isset($returndate[2]))
 439              {
 440                  $returndate[2] = '';
 441              }
 442          }
 443  
 444          $returndatesel = '';
 445          for($day = 1; $day <= 31; ++$day)
 446          {
 447              if($returndate[0] == $day)
 448              {
 449                  $selected = "selected=\"selected\"";
 450              }
 451              else
 452              {
 453                  $selected = '';
 454              }
 455  
 456              eval("\$returndatesel .= \"".$templates->get("usercp_profile_day")."\";");
 457          }
 458  
 459          $returndatemonthsel = array();
 460          foreach(range(1, 12) as $month)
 461          {
 462              $returndatemonthsel[$month] = '';
 463          }
 464          $returndatemonthsel[$returndate[1]] = "selected";
 465  
 466          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
 467      }
 468  
 469      // Custom profile fields baby!
 470      $altbg = "trow1";
 471      $requiredfields = $customfields = '';
 472      $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 473  
 474      $pfcache = $cache->read('profilefields');
 475  
 476      if(is_array($pfcache))
 477      {
 478          foreach($pfcache as $profilefield)
 479          {
 480              if(!is_member($profilefield['editableby']) || ($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum']))
 481              {
 482                  continue;
 483              }
 484  
 485              $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 486              $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 487              $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 488              $thing = explode("\n", $profilefield['type'], "2");
 489              $type = $thing[0];
 490              if(isset($thing[1]))
 491              {
 492                  $options = $thing[1];
 493              }
 494              else
 495              {
 496                  $options = array();
 497              }
 498              $field = "fid{$profilefield['fid']}";
 499              $select = '';
 500              if($errors)
 501              {
 502                  if(!isset($mybb->input['profile_fields'][$field]))
 503                  {
 504                      $mybb->input['profile_fields'][$field] = '';
 505                  }
 506                  $userfield = $mybb->input['profile_fields'][$field];
 507              }
 508              else
 509              {
 510                  $userfield = $user[$field];
 511              }
 512              if($type == "multiselect")
 513              {
 514                  if($errors)
 515                  {
 516                      $useropts = $userfield;
 517                  }
 518                  else
 519                  {
 520                      $useropts = explode("\n", $userfield);
 521                  }
 522                  if(is_array($useropts))
 523                  {
 524                      foreach($useropts as $key => $val)
 525                      {
 526                          $val = htmlspecialchars_uni($val);
 527                          $seloptions[$val] = $val;
 528                      }
 529                  }
 530                  $expoptions = explode("\n", $options);
 531                  if(is_array($expoptions))
 532                  {
 533                      foreach($expoptions as $key => $val)
 534                      {
 535                          $val = trim($val);
 536                          $val = str_replace("\n", "\\n", $val);
 537  
 538                          $sel = "";
 539                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 540                          {
 541                              $sel = " selected=\"selected\"";
 542                          }
 543  
 544                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 545                      }
 546                      if(!$profilefield['length'])
 547                      {
 548                          $profilefield['length'] = 3;
 549                      }
 550  
 551                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 552                  }
 553              }
 554              elseif($type == "select")
 555              {
 556                  $expoptions = explode("\n", $options);
 557                  if(is_array($expoptions))
 558                  {
 559                      foreach($expoptions as $key => $val)
 560                      {
 561                          $val = trim($val);
 562                          $val = str_replace("\n", "\\n", $val);
 563                          $sel = "";
 564                          if($val == htmlspecialchars_uni($userfield))
 565                          {
 566                              $sel = " selected=\"selected\"";
 567                          }
 568  
 569                          eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 570                      }
 571                      if(!$profilefield['length'])
 572                      {
 573                          $profilefield['length'] = 1;
 574                      }
 575  
 576                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 577                  }
 578              }
 579              elseif($type == "radio")
 580              {
 581                  $expoptions = explode("\n", $options);
 582                  if(is_array($expoptions))
 583                  {
 584                      foreach($expoptions as $key => $val)
 585                      {
 586                          $checked = "";
 587                          if($val == $userfield)
 588                          {
 589                              $checked = " checked=\"checked\"";
 590                          }
 591  
 592                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 593                      }
 594                  }
 595              }
 596              elseif($type == "checkbox")
 597              {
 598                  if($errors)
 599                  {
 600                      $useropts = $userfield;
 601                  }
 602                  else
 603                  {
 604                      $useropts = explode("\n", $userfield);
 605                  }
 606                  if(is_array($useropts))
 607                  {
 608                      foreach($useropts as $key => $val)
 609                      {
 610                          $seloptions[$val] = $val;
 611                      }
 612                  }
 613                  $expoptions = explode("\n", $options);
 614                  if(is_array($expoptions))
 615                  {
 616                      foreach($expoptions as $key => $val)
 617                      {
 618                          $checked = "";
 619                          if(isset($seloptions[$val]) && $val == $seloptions[$val])
 620                          {
 621                              $checked = " checked=\"checked\"";
 622                          }
 623  
 624                          eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
 625                      }
 626                  }
 627              }
 628              elseif($type == "textarea")
 629              {
 630                  $value = htmlspecialchars_uni($userfield);
 631                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
 632              }
 633              else
 634              {
 635                  $value = htmlspecialchars_uni($userfield);
 636                  $maxlength = "";
 637                  if($profilefield['maxlength'] > 0)
 638                  {
 639                      $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
 640                  }
 641  
 642                  eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
 643              }
 644  
 645              if($profilefield['required'] == 1)
 646              {
 647                  eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 648              }
 649              else
 650              {
 651                  eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 652              }
 653              $altbg = alt_trow();
 654              $code = "";
 655              $select = "";
 656              $val = "";
 657              $options = "";
 658              $expoptions = "";
 659              $useropts = "";
 660              $seloptions = array();
 661          }
 662      }
 663      if($customfields)
 664      {
 665          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
 666      }
 667  
 668      if($mybb->usergroup['cancustomtitle'] == 1)
 669      {
 670          if($mybb->usergroup['usertitle'] == "")
 671          {
 672              $defaulttitle = '';
 673              $usertitles = $cache->read('usertitles');
 674  
 675              foreach($usertitles as $title)
 676              {
 677                  if($title['posts'] <= $mybb->user['postnum'])
 678                  {
 679                      $defaulttitle = htmlspecialchars_uni($title['title']);
 680                      break;
 681                  }
 682              }
 683          }
 684          else
 685          {
 686              $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']);
 687          }
 688  
 689          $newtitle = '';
 690          if(trim($user['usertitle']) == '')
 691          {
 692              $lang->current_custom_usertitle = '';
 693          }
 694          else
 695          {
 696              if($errors)
 697              {
 698                  $newtitle = htmlspecialchars_uni($user['usertitle']);
 699                  $user['usertitle'] = $mybb->user['usertitle'];
 700              }
 701          }
 702  
 703          $user['usertitle'] = htmlspecialchars_uni($user['usertitle']);
 704  
 705          $currentcustom = $reverttitle = '';
 706          if(!empty($mybb->user['usertitle']))
 707          {
 708              eval("\$currentcustom = \"".$templates->get("usercp_profile_customtitle_currentcustom")."\";");
 709  
 710              if($mybb->user['usertitle'] != $mybb->usergroup['usertitle'])
 711              {
 712                  eval("\$reverttitle = \"".$templates->get("usercp_profile_customtitle_reverttitle")."\";");
 713              }
 714          }
 715  
 716          eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";");
 717      }
 718      else
 719      {
 720          $customtitle = "";
 721      }
 722  
 723      if($mybb->usergroup['canchangewebsite'] == 1)
 724      {
 725          eval("\$website = \"".$templates->get("usercp_profile_website")."\";");
 726      }
 727  
 728      $plugins->run_hooks("usercp_profile_end");
 729  
 730      eval("\$editprofile = \"".$templates->get("usercp_profile")."\";");
 731      output_page($editprofile);
 732  }
 733  
 734  if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
 735  {
 736      // Verify incoming POST request
 737      verify_post_check($mybb->get_input('my_post_key'));
 738  
 739      $plugins->run_hooks("usercp_do_options_start");
 740  
 741      // Set up user handler.
 742      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 743      $userhandler = new UserDataHandler("update");
 744  
 745      $user = array(
 746          "uid" => $mybb->user['uid'],
 747          "style" => $mybb->get_input('style', MyBB::INPUT_INT),
 748          "dateformat" => $mybb->get_input('dateformat', MyBB::INPUT_INT),
 749          "timeformat" => $mybb->get_input('timeformat', MyBB::INPUT_INT),
 750          "timezone" => $db->escape_string($mybb->get_input('timezoneoffset')),
 751          "language" => $mybb->get_input('language'),
 752          'usergroup'    => $mybb->user['usergroup'],
 753          'additionalgroups'    => $mybb->user['additionalgroups']
 754      );
 755  
 756      $user['options'] = array(
 757          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 758          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 759          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 760          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 761          "dstcorrection" => $mybb->get_input('dstcorrection', MyBB::INPUT_INT),
 762          "threadmode" => $mybb->get_input('threadmode'),
 763          "showimages" => $mybb->get_input('showimages', MyBB::INPUT_INT),
 764          "showvideos" => $mybb->get_input('showvideos', MyBB::INPUT_INT),
 765          "showsigs" => $mybb->get_input('showsigs', MyBB::INPUT_INT),
 766          "showavatars" => $mybb->get_input('showavatars', MyBB::INPUT_INT),
 767          "showquickreply" => $mybb->get_input('showquickreply', MyBB::INPUT_INT),
 768          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 769          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 770          "receivefrombuddy" => $mybb->get_input('receivefrombuddy', MyBB::INPUT_INT),
 771          "daysprune" => $mybb->get_input('daysprune', MyBB::INPUT_INT),
 772          "showcodebuttons" => $mybb->get_input('showcodebuttons', MyBB::INPUT_INT),
 773          "sourceeditor" => $mybb->get_input('sourceeditor', MyBB::INPUT_INT),
 774          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 775          "buddyrequestspm" => $mybb->get_input('buddyrequestspm', MyBB::INPUT_INT),
 776          "buddyrequestsauto" => $mybb->get_input('buddyrequestsauto', MyBB::INPUT_INT),
 777          "showredirect" => $mybb->get_input('showredirect', MyBB::INPUT_INT),
 778          "classicpostbit" => $mybb->get_input('classicpostbit', MyBB::INPUT_INT)
 779      );
 780  
 781      if($mybb->settings['usertppoptions'])
 782      {
 783          $user['options']['tpp'] = $mybb->get_input('tpp', MyBB::INPUT_INT);
 784      }
 785  
 786      if($mybb->settings['userpppoptions'])
 787      {
 788          $user['options']['ppp'] = $mybb->get_input('ppp', MyBB::INPUT_INT);
 789      }
 790  
 791      $userhandler->set_data($user);
 792  
 793      if(!$userhandler->validate_user())
 794      {
 795          $errors = $userhandler->get_friendly_errors();
 796          $errors = inline_error($errors);
 797          $mybb->input['action'] = "options";
 798      }
 799      else
 800      {
 801          $userhandler->update_user();
 802  
 803          $plugins->run_hooks("usercp_do_options_end");
 804  
 805          redirect("usercp.php?action=options", $lang->redirect_optionsupdated);
 806      }
 807  }
 808  
 809  if($mybb->input['action'] == "options")
 810  {
 811      $plugins->run_hooks("usercp_options_start");
 812  
 813      if($errors != '')
 814      {
 815          $user = $mybb->input;
 816      }
 817      else
 818      {
 819          $user = $mybb->user;
 820      }
 821  
 822      $languages = $lang->get_languages();
 823      $board_language = $langoptions = '';
 824      if(count($languages) > 1)
 825      {
 826          foreach($languages as $name => $language)
 827          {
 828              $language = htmlspecialchars_uni($language);
 829  
 830              $sel = '';
 831              if(isset($user['language']) && $user['language'] == $name)
 832              {
 833                  $sel = " selected=\"selected\"";
 834              }
 835  
 836              eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
 837          }
 838  
 839          eval('$board_language = "'.$templates->get('usercp_options_language').'";');
 840      }
 841  
 842      // Lets work out which options the user has selected and check the boxes
 843      if(isset($user['allownotices']) && $user['allownotices'] == 1)
 844      {
 845          $allownoticescheck = "checked=\"checked\"";
 846      }
 847      else
 848      {
 849          $allownoticescheck = "";
 850      }
 851  
 852      if(isset($user['invisible']) && $user['invisible'] == 1)
 853      {
 854          $invisiblecheck = "checked=\"checked\"";
 855      }
 856      else
 857      {
 858          $invisiblecheck = "";
 859      }
 860  
 861      if(isset($user['hideemail']) && $user['hideemail'] == 1)
 862      {
 863          $hideemailcheck = "checked=\"checked\"";
 864      }
 865      else
 866      {
 867          $hideemailcheck = "";
 868      }
 869  
 870      $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 871      if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 1)
 872      {
 873          $no_subscribe_selected = "selected=\"selected\"";
 874      }
 875      else if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 2)
 876      {
 877          $instant_email_subscribe_selected = "selected=\"selected\"";
 878      }
 879      else if(isset($user['subscriptionmethod']) && $user['subscriptionmethod'] == 3)
 880      {
 881          $instant_pm_subscribe_selected = "selected=\"selected\"";
 882      }
 883      else
 884      {
 885          $no_auto_subscribe_selected = "selected=\"selected\"";
 886      }
 887  
 888      if(isset($user['showimages']) && $user['showimages'] == 1)
 889      {
 890          $showimagescheck = "checked=\"checked\"";
 891      }
 892      else
 893      {
 894          $showimagescheck = "";
 895      }
 896  
 897      if(isset($user['showvideos']) && $user['showvideos'] == 1)
 898      {
 899          $showvideoscheck = "checked=\"checked\"";
 900      }
 901      else
 902      {
 903          $showvideoscheck = "";
 904      }
 905  
 906      if(isset($user['showsigs']) && $user['showsigs'] == 1)
 907      {
 908          $showsigscheck = "checked=\"checked\"";
 909      }
 910      else
 911      {
 912          $showsigscheck = "";
 913      }
 914  
 915      if(isset($user['showavatars']) && $user['showavatars'] == 1)
 916      {
 917          $showavatarscheck = "checked=\"checked\"";
 918      }
 919      else
 920      {
 921          $showavatarscheck = "";
 922      }
 923  
 924      if(isset($user['showquickreply']) && $user['showquickreply'] == 1)
 925      {
 926          $showquickreplycheck = "checked=\"checked\"";
 927      }
 928      else
 929      {
 930          $showquickreplycheck = "";
 931      }
 932  
 933      if(isset($user['receivepms']) && $user['receivepms'] == 1)
 934      {
 935          $receivepmscheck = "checked=\"checked\"";
 936      }
 937      else
 938      {
 939          $receivepmscheck = "";
 940      }
 941  
 942      if(isset($user['receivefrombuddy']) && $user['receivefrombuddy'] == 1)
 943      {
 944          $receivefrombuddycheck = "checked=\"checked\"";
 945      }
 946      else
 947      {
 948          $receivefrombuddycheck = "";
 949      }
 950  
 951      if(isset($user['pmnotice']) && $user['pmnotice'] >= 1)
 952      {
 953          $pmnoticecheck = " checked=\"checked\"";
 954      }
 955      else
 956      {
 957          $pmnoticecheck = "";
 958      }
 959  
 960      $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 961      if(isset($user['dstcorrection']) && $user['dstcorrection'] == 2)
 962      {
 963          $dst_auto_selected = "selected=\"selected\"";
 964      }
 965      else if(isset($user['dstcorrection']) && $user['dstcorrection'] == 1)
 966      {
 967          $dst_enabled_selected = "selected=\"selected\"";
 968      }
 969      else
 970      {
 971          $dst_disabled_selected = "selected=\"selected\"";
 972      }
 973  
 974      if(isset($user['showcodebuttons']) && $user['showcodebuttons'] == 1)
 975      {
 976          $showcodebuttonscheck = "checked=\"checked\"";
 977      }
 978      else
 979      {
 980          $showcodebuttonscheck = "";
 981      }
 982  
 983      if(isset($user['sourceeditor']) && $user['sourceeditor'] == 1)
 984      {
 985          $sourcemodecheck = "checked=\"checked\"";
 986      }
 987      else
 988      {
 989          $sourcemodecheck = "";
 990      }
 991  
 992      if(isset($user['showredirect']) && $user['showredirect'] != 0)
 993      {
 994          $showredirectcheck = "checked=\"checked\"";
 995      }
 996      else
 997      {
 998          $showredirectcheck = "";
 999      }
1000  
1001      if(isset($user['pmnotify']) && $user['pmnotify'] != 0)
1002      {
1003          $pmnotifycheck = "checked=\"checked\"";
1004      }
1005      else
1006      {
1007          $pmnotifycheck = '';
1008      }
1009  
1010      if(isset($user['buddyrequestspm']) && $user['buddyrequestspm'] != 0)
1011      {
1012          $buddyrequestspmcheck = "checked=\"checked\"";
1013      }
1014      else
1015      {
1016          $buddyrequestspmcheck = '';
1017      }
1018  
1019      if(isset($user['buddyrequestsauto']) && $user['buddyrequestsauto'] != 0)
1020      {
1021          $buddyrequestsautocheck = "checked=\"checked\"";
1022      }
1023      else
1024      {
1025          $buddyrequestsautocheck = '';
1026      }
1027  
1028      if(!isset($user['threadmode']) || ($user['threadmode'] != "threaded" && $user['threadmode'] != "linear"))
1029      {
1030          $user['threadmode'] = ''; // Leave blank to show default
1031      }
1032  
1033      if(isset($user['classicpostbit']) && $user['classicpostbit'] != 0)
1034      {
1035          $classicpostbitcheck = "checked=\"checked\"";
1036      }
1037      else
1038      {
1039          $classicpostbitcheck = '';
1040      }
1041  
1042      $date_format_options = $dateformat = '';
1043      foreach($date_formats as $key => $format)
1044      {
1045          $selected = '';
1046          if(isset($user['dateformat']) && $user['dateformat'] == $key)
1047          {
1048              $selected = " selected=\"selected\"";
1049          }
1050  
1051          $dateformat = my_date($format, TIME_NOW, "", 0);
1052          eval("\$date_format_options .= \"".$templates->get("usercp_options_date_format")."\";");
1053      }
1054  
1055      $time_format_options = $timeformat = '';
1056      foreach($time_formats as $key => $format)
1057      {
1058          $selected = '';
1059          if(isset($user['timeformat']) && $user['timeformat'] == $key)
1060          {
1061              $selected = " selected=\"selected\"";
1062          }
1063  
1064          $timeformat = my_date($format, TIME_NOW, "", 0);
1065          eval("\$time_format_options .= \"".$templates->get("usercp_options_time_format")."\";");
1066      }
1067  
1068      $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true);
1069  
1070      $pms_from_buddys = '';
1071      if($mybb->settings['allowbuddyonly'] == 1)
1072      {
1073          eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";");
1074      }
1075  
1076      $pms = '';
1077      if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1)
1078      {
1079          eval("\$pms = \"".$templates->get("usercp_options_pms")."\";");
1080      }
1081  
1082      $quick_reply = '';
1083      if($mybb->settings['quickreply'] == 1)
1084      {
1085          eval("\$quick_reply = \"".$templates->get("usercp_options_quick_reply")."\";");
1086      }
1087  
1088      $threadview = array('linear' => '', 'threaded' => '');
1089      if(isset($user['threadmode']) && is_scalar($user['threadmode']))
1090      {
1091          $threadview[$user['threadmode']] = 'selected="selected"';
1092      }
1093      $daysprunesel = array(1 => '', 5 => '', 10 => '', 20 => '', 50 => '', 75 => '', 100 => '', 365 => '', 9999 => '');
1094      if(isset($user['daysprune']) && is_numeric($user['daysprune']))
1095      {
1096          $daysprunesel[$user['daysprune']] = 'selected="selected"';
1097      }
1098      if(!isset($user['style']))
1099      {
1100          $user['style'] = '';
1101      }
1102  
1103      $board_style = $stylelist = '';
1104      $stylelist = build_theme_select("style", $user['style']);
1105  
1106      if(!empty($stylelist))
1107      {
1108          eval('$board_style = "'.$templates->get('usercp_options_style').'";');
1109      }
1110  
1111      $tppselect = $pppselect = '';
1112      if($mybb->settings['usertppoptions'])
1113      {
1114          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
1115          $tppoptions = $tpp_option = '';
1116          if(is_array($explodedtpp))
1117          {
1118              foreach($explodedtpp as $key => $val)
1119              {
1120                  $val = trim($val);
1121                  $selected = "";
1122                  if(isset($user['tpp']) && $user['tpp'] == $val)
1123                  {
1124                      $selected = " selected=\"selected\"";
1125                  }
1126  
1127                  $tpp_option = $lang->sprintf($lang->tpp_option, $val);
1128                  eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
1129              }
1130          }
1131          eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
1132      }
1133  
1134      if($mybb->settings['userpppoptions'])
1135      {
1136          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
1137          $pppoptions = $ppp_option = '';
1138          if(is_array($explodedppp))
1139          {
1140              foreach($explodedppp as $key => $val)
1141              {
1142                  $val = trim($val);
1143                  $selected = "";
1144                  if(isset($user['ppp']) && $user['ppp'] == $val)
1145                  {
1146                      $selected = " selected=\"selected\"";
1147                  }
1148  
1149                  $ppp_option = $lang->sprintf($lang->ppp_option, $val);
1150                  eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
1151              }
1152          }
1153          eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
1154      }
1155  
1156      $plugins->run_hooks("usercp_options_end");
1157  
1158      eval("\$editprofile = \"".$templates->get("usercp_options")."\";");
1159      output_page($editprofile);
1160  }
1161  
1162  if($mybb->input['action'] == "do_email" && $mybb->request_method == "post")
1163  {
1164      // Verify incoming POST request
1165      verify_post_check($mybb->get_input('my_post_key'));
1166  
1167      $errors = array();
1168  
1169      $plugins->run_hooks("usercp_do_email_start");
1170      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1171      {
1172          $errors[] = $lang->error_invalidpassword;
1173      }
1174      else
1175      {
1176          // Set up user handler.
1177          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1178          $userhandler = new UserDataHandler("update");
1179  
1180          $user = array(
1181              "uid" => $mybb->user['uid'],
1182              "email" => $mybb->get_input('email'),
1183              "email2" => $mybb->get_input('email2')
1184          );
1185  
1186          $userhandler->set_data($user);
1187  
1188          if(!$userhandler->validate_user())
1189          {
1190              $errors = $userhandler->get_friendly_errors();
1191          }
1192          else
1193          {
1194              if($mybb->user['usergroup'] != "5" && $mybb->usergroup['cancp'] != 1 && $mybb->settings['regtype'] != "verify")
1195              {
1196                  $uid = $mybb->user['uid'];
1197                  $username = $mybb->user['username'];
1198  
1199                  // Emails require verification
1200                  $activationcode = random_str();
1201                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1202  
1203                  $newactivation = array(
1204                      "uid" => $mybb->user['uid'],
1205                      "dateline" => TIME_NOW,
1206                      "code" => $activationcode,
1207                      "type" => "e",
1208                      "misc" => $db->escape_string($mybb->get_input('email'))
1209                  );
1210  
1211                  $db->insert_query("awaitingactivation", $newactivation);
1212  
1213                  $mail_message = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
1214  
1215                  $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
1216                  my_mail($mybb->get_input('email'), $lang->emailsubject_changeemail, $mail_message);
1217  
1218                  $plugins->run_hooks("usercp_do_email_verify");
1219                  error($lang->redirect_changeemail_activation);
1220              }
1221              else
1222              {
1223                  $userhandler->update_user();
1224                  // Email requires no activation
1225                  $mail_message = $lang->sprintf($lang->email_changeemail_noactivation, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->get_input('email'), $mybb->settings['bburl']);
1226                  my_mail($mybb->get_input('email'), $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']), $mail_message);
1227                  $plugins->run_hooks("usercp_do_email_changed");
1228                  redirect("usercp.php?action=email", $lang->redirect_emailupdated);
1229              }
1230          }
1231      }
1232      if(count($errors) > 0)
1233      {
1234          $mybb->input['action'] = "email";
1235          $errors = inline_error($errors);
1236      }
1237  }
1238  
1239  if($mybb->input['action'] == "email")
1240  {
1241      // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password)
1242      if($errors)
1243      {
1244          $email = htmlspecialchars_uni($mybb->get_input('email'));
1245          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
1246      }
1247      else
1248      {
1249          $email = $email2 = '';
1250      }
1251  
1252      $plugins->run_hooks("usercp_email");
1253  
1254      eval("\$changemail = \"".$templates->get("usercp_email")."\";");
1255      output_page($changemail);
1256  }
1257  
1258  if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
1259  {
1260      // Verify incoming POST request
1261      verify_post_check($mybb->get_input('my_post_key'));
1262  
1263      $errors = array();
1264  
1265      $plugins->run_hooks("usercp_do_password_start");
1266      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('oldpassword')) == false)
1267      {
1268          $errors[] = $lang->error_invalidpassword;
1269      }
1270      else
1271      {
1272          // Set up user handler.
1273          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1274          $userhandler = new UserDataHandler("update");
1275  
1276          $user = array(
1277              "uid" => $mybb->user['uid'],
1278              "password" => $mybb->get_input('password'),
1279              "password2" => $mybb->get_input('password2')
1280          );
1281  
1282          $userhandler->set_data($user);
1283  
1284          if(!$userhandler->validate_user())
1285          {
1286              $errors = $userhandler->get_friendly_errors();
1287          }
1288          else
1289          {
1290              $userhandler->update_user();
1291              my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true);
1292  
1293              // Notify the user by email that their password has been changed
1294              $mail_message = $lang->sprintf($lang->email_changepassword, $mybb->user['username'], $mybb->user['email'], $mybb->settings['bbname'], $mybb->settings['bburl']);
1295              $lang->emailsubject_changepassword = $lang->sprintf($lang->emailsubject_changepassword, $mybb->settings['bbname']);
1296              my_mail($mybb->user['email'], $lang->emailsubject_changepassword, $mail_message);
1297  
1298              $plugins->run_hooks("usercp_do_password_end");
1299              redirect("usercp.php?action=password", $lang->redirect_passwordupdated);
1300          }
1301      }
1302      if(count($errors) > 0)
1303      {
1304              $mybb->input['action'] = "password";
1305              $errors = inline_error($errors);
1306      }
1307  }
1308  
1309  if($mybb->input['action'] == "password")
1310  {
1311      $plugins->run_hooks("usercp_password");
1312  
1313      eval("\$editpassword = \"".$templates->get("usercp_password")."\";");
1314      output_page($editpassword);
1315  }
1316  
1317  if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post")
1318  {
1319      // Verify incoming POST request
1320      verify_post_check($mybb->get_input('my_post_key'));
1321  
1322      $plugins->run_hooks("usercp_do_changename_start");
1323      if($mybb->usergroup['canchangename'] != 1)
1324      {
1325          error_no_permission();
1326      }
1327  
1328      if(validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false)
1329      {
1330          $errors[] = $lang->error_invalidpassword;
1331      }
1332      else
1333      {
1334          // Set up user handler.
1335          require_once  MYBB_ROOT."inc/datahandlers/user.php";
1336          $userhandler = new UserDataHandler("update");
1337  
1338          $user = array(
1339              "uid" => $mybb->user['uid'],
1340              "username" => $mybb->get_input('username')
1341          );
1342  
1343          $userhandler->set_data($user);
1344  
1345          if(!$userhandler->validate_user())
1346          {
1347              $errors = $userhandler->get_friendly_errors();
1348          }
1349          else
1350          {
1351              $userhandler->update_user();
1352              $plugins->run_hooks("usercp_do_changename_end");
1353              redirect("usercp.php?action=changename", $lang->redirect_namechanged);
1354  
1355          }
1356      }
1357      if(count($errors) > 0)
1358      {
1359          $errors = inline_error($errors);
1360          $mybb->input['action'] = "changename";
1361      }
1362  }
1363  
1364  if($mybb->input['action'] == "changename")
1365  {
1366      $plugins->run_hooks("usercp_changename_start");
1367      if($mybb->usergroup['canchangename'] != 1)
1368      {
1369          error_no_permission();
1370      }
1371  
1372      $plugins->run_hooks("usercp_changename_end");
1373  
1374      eval("\$changename = \"".$templates->get("usercp_changename")."\";");
1375      output_page($changename);
1376  }
1377  
1378  if($mybb->input['action'] == "do_subscriptions")
1379  {
1380      // Verify incoming POST request
1381      verify_post_check($mybb->get_input('my_post_key'));
1382  
1383      $plugins->run_hooks("usercp_do_subscriptions_start");
1384  
1385      if(!isset($mybb->input['check']) || !is_array($mybb->input['check']))
1386      {
1387          error($lang->no_subscriptions_selected);
1388      }
1389  
1390      // Clean input - only accept integers thanks!
1391      $mybb->input['check'] = array_map('intval', $mybb->get_input('check', MyBB::INPUT_ARRAY));
1392      $tids = implode(",", $mybb->input['check']);
1393  
1394      // Deleting these subscriptions?
1395      if($mybb->get_input('do') == "delete")
1396      {
1397          $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1398      }
1399      // Changing subscription type
1400      else
1401      {
1402          if($mybb->get_input('do') == "no_notification")
1403          {
1404              $new_notification = 0;
1405          }
1406          else if($mybb->get_input('do') == "email_notification")
1407          {
1408              $new_notification = 1;
1409          }
1410          else if($mybb->get_input('do') == "pm_notification")
1411          {
1412              $new_notification = 2;
1413          }
1414  
1415          // Update
1416          $update_array = array("notification" => $new_notification);
1417          $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1418      }
1419  
1420      // Done, redirect
1421      redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated);
1422  }
1423  
1424  if($mybb->input['action'] == "subscriptions")
1425  {
1426      $plugins->run_hooks("usercp_subscriptions_start");
1427  
1428      // Thread visiblity
1429      $visible = "AND t.visible != 0";
1430      if(is_moderator() == true)
1431      {
1432          $visible = '';
1433      }
1434  
1435      // Do Multi Pages
1436      $query = $db->query("
1437          SELECT COUNT(ts.tid) as threads
1438          FROM ".TABLE_PREFIX."threadsubscriptions ts
1439          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = ts.tid)
1440          WHERE ts.uid = '".$mybb->user['uid']."' AND t.visible >= 0 {$visible}
1441      ");
1442      $threadcount = $db->fetch_field($query, "threads");
1443  
1444      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
1445      {
1446          $mybb->settings['threadsperpage'] = 20;
1447      }
1448  
1449      $perpage = $mybb->settings['threadsperpage'];
1450      $page = $mybb->get_input('page', MyBB::INPUT_INT);
1451      if($page > 0)
1452      {
1453          $start = ($page-1) * $perpage;
1454          $pages = $threadcount / $perpage;
1455          $pages = ceil($pages);
1456          if($page > $pages || $page <= 0)
1457          {
1458              $start = 0;
1459              $page = 1;
1460          }
1461      }
1462      else
1463      {
1464          $start = 0;
1465          $page = 1;
1466      }
1467      $end = $start + $perpage;
1468      $lower = $start+1;
1469      $upper = $end;
1470      if($upper > $threadcount)
1471      {
1472          $upper = $threadcount;
1473      }
1474      $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions");
1475      $fpermissions = forum_permissions();
1476      $del_subscriptions = $subscriptions = array();
1477  
1478      // Fetch subscriptions
1479      $query = $db->query("
1480          SELECT s.*, t.*, t.username AS threadusername, u.username
1481          FROM ".TABLE_PREFIX."threadsubscriptions s
1482          LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
1483          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
1484          WHERE s.uid='".$mybb->user['uid']."' and t.visible >= 0 {$visible}
1485          ORDER BY t.lastpost DESC
1486          LIMIT $start, $perpage
1487      ");
1488      while($subscription = $db->fetch_array($query))
1489      {
1490          $forumpermissions = $fpermissions[$subscription['fid']];
1491  
1492          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']))
1493          {
1494              // Hmm, you don't have permission to view this thread - unsubscribe!
1495              $del_subscriptions[] = $subscription['sid'];
1496          }
1497          else if($subscription['tid'])
1498          {
1499              $subscriptions[$subscription['tid']] = $subscription;
1500          }
1501      }
1502  
1503      if(!empty($del_subscriptions))
1504      {
1505          $sids = implode(',', $del_subscriptions);
1506  
1507          if($sids)
1508          {
1509              $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'");
1510          }
1511  
1512          $threadcount = $threadcount - count($del_subscriptions);
1513  
1514          if($threadcount < 0)
1515          {
1516              $threadcount = 0;
1517          }
1518      }
1519  
1520      if(!empty($subscriptions))
1521      {
1522          $tids = implode(",", array_keys($subscriptions));
1523          $readforums = array();
1524          
1525          // Build a forum cache.
1526          $query = $db->query("
1527              SELECT f.fid, fr.dateline AS lastread
1528              FROM ".TABLE_PREFIX."forums f
1529              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1530              WHERE f.active != 0
1531              ORDER BY pid, disporder
1532          ");
1533          
1534          while($forum = $db->fetch_array($query))
1535          {
1536              $readforums[$forum['fid']] = $forum['lastread'];
1537          }
1538  
1539          // Check participation by the current user in any of these threads - for 'dot' folder icons
1540          if($mybb->settings['dotfolders'] != 0)
1541          {
1542              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1543              while($post = $db->fetch_array($query))
1544              {
1545                  $subscriptions[$post['tid']]['doticon'] = 1;
1546              }
1547          }
1548  
1549          // Read threads
1550          if($mybb->settings['threadreadcut'] > 0)
1551          {
1552              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1553              while($readthread = $db->fetch_array($query))
1554              {
1555                  $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
1556              }
1557          }
1558  
1559          $icon_cache = $cache->read("posticons");
1560          $threadprefixes = build_prefixes();
1561  
1562          $threads = '';
1563  
1564          // Now we can build our subscription list
1565          foreach($subscriptions as $thread)
1566          {
1567              $bgcolor = alt_trow();
1568  
1569              $folder = '';
1570              $prefix = '';
1571              $thread['threadprefix'] = '';
1572  
1573              // If this thread has a prefix, insert a space between prefix and subject
1574              if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']]))
1575              {
1576                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
1577              }
1578  
1579              // Sanitize
1580              $thread['subject'] = $parser->parse_badwords($thread['subject']);
1581              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1582  
1583              // Build our links
1584              $thread['threadlink'] = get_thread_link($thread['tid']);
1585              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
1586  
1587              // Fetch the thread icon if we have one
1588              if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
1589              {
1590                  $icon = $icon_cache[$thread['icon']];
1591                  $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
1592                  $icon['path'] = htmlspecialchars_uni($icon['path']);
1593                  $icon['name'] = htmlspecialchars_uni($icon['name']);
1594                  eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
1595              }
1596              else
1597              {
1598                  $icon = "&nbsp;";
1599              }
1600  
1601              // Determine the folder
1602              $folder = '';
1603              $folder_label = '';
1604  
1605              if(isset($thread['doticon']))
1606              {
1607                  $folder = "dot_";
1608                  $folder_label .= $lang->icon_dot;
1609              }
1610  
1611              $gotounread = '';
1612              $isnew = 0;
1613              $donenew = 0;
1614              $lastread = 0;
1615  
1616              if($mybb->settings['threadreadcut'] > 0)
1617              {
1618                  $forum_read = $readforums[$thread['fid']];
1619  
1620                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1621                  if($forum_read == 0 || $forum_read < $read_cutoff)
1622                  {
1623                      $forum_read = $read_cutoff;
1624                  }
1625              }
1626  
1627              $cutoff = 0;
1628              if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
1629              {
1630                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1631              }
1632  
1633              if($thread['lastpost'] > $cutoff)
1634              {
1635                  if($thread['lastread'])
1636                  {
1637                      $lastread = $thread['lastread'];
1638                  }
1639                  else
1640                  {
1641                      $lastread = 1;
1642                  }
1643              }
1644  
1645              if(!$lastread)
1646              {
1647                  $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
1648                  if($readcookie > $forum_read)
1649                  {
1650                      $lastread = $readcookie;
1651                  }
1652                  else
1653                  {
1654                      $lastread = $forum_read;
1655                  }
1656              }
1657  
1658              if($lastread && $lastread < $thread['lastpost'])
1659              {
1660                  $folder .= "new";
1661                  $folder_label .= $lang->icon_new;
1662                  $new_class = "subject_new";
1663                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
1664                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1665                  $unreadpost = 1;
1666              }
1667              else
1668              {
1669                  $folder_label .= $lang->icon_no_new;
1670                  $new_class = "subject_old";
1671              }
1672  
1673              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
1674              {
1675                  $folder .= "hot";
1676                  $folder_label .= $lang->icon_hot;
1677              }
1678  
1679              if($thread['closed'] == 1)
1680              {
1681                  $folder .= "lock";
1682                  $folder_label .= $lang->icon_lock;
1683              }
1684  
1685              $folder .= "folder";
1686  
1687              if($thread['visible'] == 0)
1688              {
1689                  $bgcolor = "trow_shaded";
1690              }
1691  
1692              // Build last post info
1693              $lastpostdate = my_date('relative', $thread['lastpost']);
1694              $lastposter = htmlspecialchars_uni($thread['lastposter']);
1695              $lastposteruid = $thread['lastposteruid'];
1696  
1697              // Don't link to guest's profiles (they have no profile).
1698              if($lastposteruid == 0)
1699              {
1700                  $lastposterlink = $lastposter;
1701              }
1702              else
1703              {
1704                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
1705              }
1706  
1707              $thread['replies'] = my_number_format($thread['replies']);
1708              $thread['views'] = my_number_format($thread['views']);
1709  
1710              // What kind of notification type do we have here?
1711              switch($thread['notification'])
1712              {
1713                  case "2": // PM
1714                      $notification_type = $lang->pm_notification;
1715                      break;
1716                  case "1": // Email
1717                      $notification_type = $lang->email_notification;
1718                      break;
1719                  default: // No notification
1720                      $notification_type = $lang->no_notification;
1721              }
1722  
1723              eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";");
1724          }
1725  
1726          // Provide remove options
1727          eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";");
1728      }
1729      else
1730      {
1731          $remove_options = '';
1732          eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";");
1733      }
1734  
1735      $plugins->run_hooks("usercp_subscriptions_end");
1736  
1737      eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";");
1738      output_page($subscriptions);
1739  }
1740  
1741  if($mybb->input['action'] == "forumsubscriptions")
1742  {
1743      $plugins->run_hooks("usercp_forumsubscriptions_start");
1744  
1745      // Build a forum cache.
1746      $query = $db->query("
1747          SELECT f.fid, fr.dateline AS lastread
1748          FROM ".TABLE_PREFIX."forums f
1749          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1750          WHERE f.active != 0
1751          ORDER BY pid, disporder
1752      ");
1753      $readforums = array();
1754      while($forum = $db->fetch_array($query))
1755      {
1756          $readforums[$forum['fid']] = $forum['lastread'];
1757      }
1758  
1759      $fpermissions = forum_permissions();
1760      require_once  MYBB_ROOT."inc/functions_forumlist.php";
1761  
1762      $query = $db->query("
1763          SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread
1764          FROM ".TABLE_PREFIX."forumsubscriptions fs
1765          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid)
1766          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid)
1767          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1768          WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."'
1769          ORDER BY f.name ASC
1770      ");
1771  
1772      $forums = '';
1773      while($forum = $db->fetch_array($query))
1774      {
1775          $forum_url = get_forum_link($forum['fid']);
1776          $forumpermissions = $fpermissions[$forum['fid']];
1777  
1778          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1779          {
1780              continue;
1781          }
1782  
1783          $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
1784          $folder = $lightbulb['folder'];
1785  
1786          if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0)
1787          {
1788              $posts = '-';
1789              $threads = '-';
1790          }
1791          else
1792          {
1793              $posts = my_number_format($forum['posts']);
1794              $threads = my_number_format($forum['threads']);
1795          }
1796  
1797          if($forum['lastpost'] == 0 || $forum['lastposter'] == "")
1798          {
1799              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_never")."\";");
1800          }
1801          // Hide last post
1802          elseif(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid'])
1803          {
1804              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost_hidden")."\";");
1805          }
1806          else
1807          {
1808              $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']);
1809              $lastpost_date = my_date('relative', $forum['lastpost']);
1810              $lastposttid = $forum['lastposttid'];
1811              $lastposter = htmlspecialchars_uni($forum['lastposter']);
1812              $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);
1813              $full_lastpost_subject = $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']);
1814              if(my_strlen($lastpost_subject) > 25)
1815              {
1816                  $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
1817              }
1818              $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost");
1819              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";");
1820          }
1821  
1822          if($mybb->settings['showdescriptions'] == 0)
1823          {
1824              $forum['description'] = "";
1825          }
1826  
1827          eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";");
1828      }
1829  
1830      if(!$forums)
1831      {
1832          eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";");
1833      }
1834  
1835      $plugins->run_hooks("usercp_forumsubscriptions_end");
1836  
1837      eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";");
1838      output_page($forumsubscriptions);
1839  }
1840  
1841  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
1842  {
1843      // Verify incoming POST request
1844      verify_post_check($mybb->get_input('my_post_key'));
1845  
1846      $plugins->run_hooks("usercp_do_editsig_start");
1847  
1848      // User currently has a suspended signature
1849      if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW)
1850      {
1851          error_no_permission();
1852      }
1853  
1854      if($mybb->get_input('updateposts') == "enable")
1855      {
1856          $update_signature = array(
1857              "includesig" => 1
1858          );
1859          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
1860      }
1861      elseif($mybb->get_input('updateposts') == "disable")
1862      {
1863          $update_signature = array(
1864              "includesig" => 0
1865          );
1866          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
1867      }
1868      $new_signature = array(
1869          "signature" => $db->escape_string($mybb->get_input('signature'))
1870      );
1871      $plugins->run_hooks("usercp_do_editsig_process");
1872      $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'");
1873      $plugins->run_hooks("usercp_do_editsig_end");
1874      redirect("usercp.php?action=editsig", $lang->redirect_sigupdated);
1875  }
1876  
1877  if($mybb->input['action'] == "editsig")
1878  {
1879      $plugins->run_hooks("usercp_editsig_start");
1880      if(!empty($mybb->input['preview']) && empty($error))
1881      {
1882          $sig = $mybb->get_input('signature');
1883          $template = "usercp_editsig_preview";
1884      }
1885      elseif(empty($error))
1886      {
1887          $sig = $mybb->user['signature'];
1888          $template = "usercp_editsig_current";
1889      }
1890      else
1891      {
1892          $sig = $mybb->get_input('signature');
1893          $template = false;
1894      }
1895  
1896      if(!isset($error))
1897      {
1898          $error = '';
1899      }
1900  
1901      if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
1902      {
1903          // User currently has no signature and they're suspended
1904          error($lang->sig_suspended);
1905      }
1906  
1907      if($mybb->usergroup['canusesig'] != 1)
1908      {
1909          // Usergroup has no permission to use this facility
1910          error_no_permission();
1911      }
1912      else if($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts'])
1913      {
1914          // Usergroup can use this facility, but only after x posts
1915          error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts']));
1916      }
1917  
1918      $signature = '';
1919      if($sig && $template)
1920      {
1921          $sig_parser = array(
1922              "allow_html" => $mybb->settings['sightml'],
1923              "allow_mycode" => $mybb->settings['sigmycode'],
1924              "allow_smilies" => $mybb->settings['sigsmilies'],
1925              "allow_imgcode" => $mybb->settings['sigimgcode'],
1926              "me_username" => $mybb->user['username'],
1927              "filter_badwords" => 1
1928          );
1929  
1930          if($mybb->user['showimages'] != 1)
1931          {
1932              $sig_parser['allow_imgcode'] = 0;
1933          }
1934  
1935          $sigpreview = $parser->parse_message($sig, $sig_parser);
1936          eval("\$signature = \"".$templates->get($template)."\";");
1937      }
1938  
1939      // User has a current signature, so let's display it (but show an error message)
1940      if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW)
1941      {
1942          $plugins->run_hooks("usercp_editsig_end");
1943  
1944          // User either doesn't have permission, or has their signature suspended
1945          eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";");
1946      }
1947      else
1948      {
1949          // User is allowed to edit their signature
1950          if($mybb->settings['sigsmilies'] == 1)
1951          {
1952              $sigsmilies = $lang->on;
1953              $smilieinserter = build_clickable_smilies();
1954          }
1955          else
1956          {
1957              $sigsmilies = $lang->off;
1958          }
1959          if($mybb->settings['sigmycode'] == 1)
1960          {
1961              $sigmycode = $lang->on;
1962          }
1963          else
1964          {
1965              $sigmycode = $lang->off;
1966          }
1967          if($mybb->settings['sightml'] == 1)
1968          {
1969              $sightml = $lang->on;
1970          }
1971          else
1972          {
1973              $sightml = $lang->off;
1974          }
1975          if($mybb->settings['sigimgcode'] == 1)
1976          {
1977              $sigimgcode = $lang->on;
1978          }
1979          else
1980          {
1981              $sigimgcode = $lang->off;
1982          }
1983          $sig = htmlspecialchars_uni($sig);
1984          $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $mybb->settings['siglength']);
1985  
1986          if($mybb->settings['bbcodeinserter'] != 0 || $mybb->user['showcodebuttons'] != 0)
1987          {
1988              $codebuttons = build_mycode_inserter("signature");
1989          }
1990  
1991          $plugins->run_hooks("usercp_editsig_end");
1992  
1993          eval("\$editsig = \"".$templates->get("usercp_editsig")."\";");
1994      }
1995  
1996      output_page($editsig);
1997  }
1998  
1999  if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post")
2000  {
2001      // Verify incoming POST request
2002      verify_post_check($mybb->get_input('my_post_key'));
2003  
2004      $plugins->run_hooks("usercp_do_avatar_start");
2005      require_once  MYBB_ROOT."inc/functions_upload.php";
2006  
2007      $avatar_error = "";
2008  
2009      if(!empty($mybb->input['remove'])) // remove avatar
2010      {
2011          $updated_avatar = array(
2012              "avatar" => "",
2013              "avatardimensions" => "",
2014              "avatartype" => ""
2015          );
2016          $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2017          remove_avatars($mybb->user['uid']);
2018      }
2019      elseif($_FILES['avatarupload']['name']) // upload avatar
2020      {
2021          if($mybb->usergroup['canuploadavatars'] == 0)
2022          {
2023              error_no_permission();
2024          }
2025          $avatar = upload_avatar();
2026          if($avatar['error'])
2027          {
2028              $avatar_error = $avatar['error'];
2029          }
2030          else
2031          {
2032              if($avatar['width'] > 0 && $avatar['height'] > 0)
2033              {
2034                  $avatar_dimensions = $avatar['width']."|".$avatar['height'];
2035              }
2036              $updated_avatar = array(
2037                  "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
2038                  "avatardimensions" => $avatar_dimensions,
2039                  "avatartype" => "upload"
2040              );
2041              $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2042          }
2043      }
2044      elseif($mybb->settings['allowremoteavatars']) // remote avatar
2045      {
2046          $mybb->input['avatarurl'] = trim($mybb->get_input('avatarurl'));
2047          if(validate_email_format($mybb->input['avatarurl']) != false)
2048          {
2049              // Gravatar
2050              $mybb->input['avatarurl'] = my_strtolower($mybb->input['avatarurl']);
2051  
2052              // If user image does not exist, or is a higher rating, use the mystery man
2053              $email = md5($mybb->input['avatarurl']);
2054  
2055              $s = '';
2056              if(!$mybb->settings['maxavatardims'])
2057              {
2058                  $mybb->settings['maxavatardims'] = '100x100'; // Hard limit of 100 if there are no limits
2059              }
2060  
2061              // Because Gravatars are square, hijack the width
2062              list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2063              $maxheight = (int)$maxwidth;
2064  
2065              // Rating?
2066              $types = array('g', 'pg', 'r', 'x');
2067              $rating = $mybb->settings['useravatarrating'];
2068  
2069              if(!in_array($rating, $types))
2070              {
2071                  $rating = 'g';
2072              }
2073  
2074              $s = "?s={$maxheight}&r={$rating}&d=mm";
2075  
2076              $updated_avatar = array(
2077                  "avatar" => "https://www.gravatar.com/avatar/{$email}{$s}",
2078                  "avatardimensions" => "{$maxheight}|{$maxheight}",
2079                  "avatartype" => "gravatar"
2080              );
2081  
2082              $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'");
2083          }
2084          else
2085          {
2086              $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl'));
2087              $ext = get_extension($mybb->input['avatarurl']);
2088  
2089              // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
2090              $file = fetch_remote_file($mybb->input['avatarurl']);
2091              if(!$file)
2092              {
2093                  $avatar_error = $lang->error_invalidavatarurl;
2094              }
2095              else
2096              {
2097                  $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str());
2098                  $fp = @fopen($tmp_name, "wb");
2099                  if(!$fp)
2100                  {
2101                      $avatar_error = $lang->error_invalidavatarurl;
2102                  }
2103                  else
2104                  {
2105                      fwrite($fp, $file);
2106                      fclose($fp);
2107                      list($width, $height, $type) = @getimagesize($tmp_name);
2108                      @unlink($tmp_name);
2109                      if(!$type)
2110                      {
2111                          $avatar_error = $lang->error_invalidavatarurl;
2112                      }
2113                  }
2114              }
2115  
2116              if(empty($avatar_error))
2117              {
2118                  if($width && $height && $mybb->settings['maxavatardims'] != "")
2119                  {
2120                      list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2121                      if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
2122                      {
2123                          $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
2124                          $avatar_error = $lang->error_avatartoobig;
2125                      }
2126                  }
2127              }
2128  
2129              if(empty($avatar_error))
2130              {
2131                  if($width > 0 && $height > 0)
2132                  {
2133                      $avatar_dimensions = (int)$width."|".(int)$height;
2134                  }
2135                  $updated_avatar = array(
2136                      "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW),
2137                      "avatardimensions" => $avatar_dimensions,
2138                      "avatartype" => "remote"
2139                  );
2140                  $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
2141                  remove_avatars($mybb->user['uid']);
2142              }
2143          }
2144      }
2145      else // remote avatar, but remote avatars are not allowed
2146      {
2147          $avatar_error = $lang->error_remote_avatar_not_allowed;
2148      }
2149  
2150      if(empty($avatar_error))
2151      {
2152          $plugins->run_hooks("usercp_do_avatar_end");
2153          redirect("usercp.php?action=avatar", $lang->redirect_avatarupdated);
2154      }
2155      else
2156      {
2157          $mybb->input['action'] = "avatar";
2158          $avatar_error = inline_error($avatar_error);
2159      }
2160  }
2161  
2162  if($mybb->input['action'] == "avatar")
2163  {
2164      $plugins->run_hooks("usercp_avatar_start");
2165  
2166      $avatarmsg = $avatarurl = '';
2167  
2168      if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath']))
2169      {
2170          $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>";
2171      }
2172      elseif($mybb->user['avatartype'] == "remote" || my_validate_url($mybb->user['avatar']))
2173      {
2174          $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>";
2175          $avatarurl = htmlspecialchars_uni($mybb->user['avatar']);
2176      }
2177  
2178      $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100');
2179      eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";");
2180  
2181      if($mybb->settings['maxavatardims'] != "")
2182      {
2183          list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2184          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight);
2185      }
2186  
2187      if($mybb->settings['avatarsize'])
2188      {
2189          $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024);
2190          $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize);
2191      }
2192  
2193      $plugins->run_hooks("usercp_avatar_intermediate");
2194  
2195      $auto_resize = '';
2196      if($mybb->settings['avatarresizing'] == "auto")
2197      {
2198          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_auto")."\";");
2199      }
2200      else if($mybb->settings['avatarresizing'] == "user")
2201      {
2202          eval("\$auto_resize = \"".$templates->get("usercp_avatar_auto_resize_user")."\";");
2203      }
2204  
2205      $avatarupload = '';
2206      if($mybb->usergroup['canuploadavatars'] == 1)
2207      {
2208          eval("\$avatarupload = \"".$templates->get("usercp_avatar_upload")."\";");
2209      }
2210  
2211      $avatar_remote = '';
2212      if($mybb->settings['allowremoteavatars'] == 1)
2213      {
2214          eval("\$avatar_remote = \"".$templates->get("usercp_avatar_remote")."\";");
2215      }
2216  
2217      $removeavatar = '';
2218      if(!empty($mybb->user['avatar']))
2219      {
2220          eval("\$removeavatar = \"".$templates->get("usercp_avatar_remove")."\";");
2221      }
2222  
2223      $plugins->run_hooks("usercp_avatar_end");
2224  
2225      if(!isset($avatar_error))
2226      {
2227          $avatar_error = '';
2228      }
2229  
2230      eval("\$avatar = \"".$templates->get("usercp_avatar")."\";");
2231      output_page($avatar);
2232  }
2233  
2234  if($mybb->input['action'] == "acceptrequest")
2235  {
2236      // Verify incoming POST request
2237      verify_post_check($mybb->get_input('my_post_key'));
2238  
2239      // Validate request
2240      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2241      $request = $db->fetch_array($query);
2242      if(empty($request))
2243      {
2244          error($lang->invalid_request);
2245      }
2246  
2247      $plugins->run_hooks("usercp_acceptrequest_start");
2248  
2249      $user = get_user($request['uid']);
2250      if(!empty($user))
2251      {
2252          // We want to add us to this user's buddy list
2253          if($user['buddylist'] != '')
2254          {
2255              $user['buddylist'] = explode(',', $user['buddylist']);
2256          }
2257          else
2258          {
2259              $user['buddylist'] = array();
2260          }
2261  
2262          $user['buddylist'][] = (int)$mybb->user['uid'];
2263  
2264          // Now we have the new list, so throw it all back together
2265          $new_list = implode(",", $user['buddylist']);
2266  
2267          // And clean it up a little to ensure there is no possibility of bad values
2268          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2269          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2270  
2271          if(my_substr($new_list, 0, 1) == ",")
2272          {
2273              $new_list = my_substr($new_list, 1);
2274          }
2275          if(my_substr($new_list, -1) == ",")
2276          {
2277              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2278          }
2279  
2280          $user['buddylist'] = $db->escape_string($new_list);
2281  
2282          $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
2283  
2284  
2285          // We want to add the user to our buddy list
2286          if($mybb->user['buddylist'] != '')
2287          {
2288              $mybb->user['buddylist'] = explode(',', $mybb->user['buddylist']);
2289          }
2290          else
2291          {
2292              $mybb->user['buddylist'] = array();
2293          }
2294  
2295          $mybb->user['buddylist'][] = (int)$request['uid'];
2296  
2297          // Now we have the new list, so throw it all back together
2298          $new_list = implode(",", $mybb->user['buddylist']);
2299  
2300          // And clean it up a little to ensure there is no possibility of bad values
2301          $new_list = preg_replace("#,{2,}#", ",", $new_list);
2302          $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2303  
2304          if(my_substr($new_list, 0, 1) == ",")
2305          {
2306              $new_list = my_substr($new_list, 1);
2307          }
2308          if(my_substr($new_list, -1) == ",")
2309          {
2310              $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2311          }
2312  
2313          $mybb->user['buddylist'] = $db->escape_string($new_list);
2314  
2315          $db->update_query("users", array('buddylist' => $mybb->user['buddylist']), "uid='".(int)$mybb->user['uid']."'");
2316  
2317          $pm = array(
2318              'subject' => 'buddyrequest_accepted_request',
2319              'message' => 'buddyrequest_accepted_request_message',
2320              'touid' => $user['uid'],
2321              'language' => $user['language'],
2322              'language_file' => 'usercp'
2323          );
2324  
2325          send_pm($pm, $mybb->user['uid'], true);
2326  
2327          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2328      }
2329      else
2330      {
2331          error($lang->user_doesnt_exist);
2332      }
2333  
2334      $plugins->run_hooks("usercp_acceptrequest_end");
2335  
2336      redirect("usercp.php?action=editlists", $lang->buddyrequest_accepted);
2337  }
2338  
2339  elseif($mybb->input['action'] == "declinerequest")
2340  {
2341      // Verify incoming POST request
2342      verify_post_check($mybb->get_input('my_post_key'));
2343  
2344      // Validate request
2345      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND touid='.(int)$mybb->user['uid']);
2346      $request = $db->fetch_array($query);
2347      if(empty($request))
2348      {
2349          error($lang->invalid_request);
2350      }
2351  
2352      $plugins->run_hooks("usercp_declinerequest_start");
2353  
2354      $user = get_user($request['uid']);
2355      if(!empty($user))
2356      {
2357          $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2358      }
2359      else
2360      {
2361          error($lang->user_doesnt_exist);
2362      }
2363  
2364      $plugins->run_hooks("usercp_declinerequest_end");
2365  
2366      redirect("usercp.php?action=editlists", $lang->buddyrequest_declined);
2367  }
2368  
2369  elseif($mybb->input['action'] == "cancelrequest")
2370  {
2371      // Verify incoming POST request
2372      verify_post_check($mybb->get_input('my_post_key'));
2373  
2374      // Validate request
2375      $query = $db->simple_select('buddyrequests', '*', 'id='.$mybb->get_input('id', MyBB::INPUT_INT).' AND uid='.(int)$mybb->user['uid']);
2376      $request = $db->fetch_array($query);
2377      if(empty($request))
2378      {
2379          error($lang->invalid_request);
2380      }
2381  
2382      $plugins->run_hooks("usercp_cancelrequest_start");
2383  
2384      $db->delete_query('buddyrequests', 'id='.(int)$request['id']);
2385  
2386      $plugins->run_hooks("usercp_cancelrequest_end");
2387  
2388      redirect("usercp.php?action=editlists", $lang->buddyrequest_cancelled);
2389  }
2390  
2391  if($mybb->input['action'] == "do_editlists")
2392  {
2393      // Verify incoming POST request
2394      verify_post_check($mybb->get_input('my_post_key'));
2395  
2396      $plugins->run_hooks("usercp_do_editlists_start");
2397  
2398      $existing_users = array();
2399      $selected_list = array();
2400      if($mybb->get_input('manage') == "ignored")
2401      {
2402          if($mybb->user['ignorelist'])
2403          {
2404              $existing_users = explode(",", $mybb->user['ignorelist']);
2405          }
2406  
2407          if($mybb->user['buddylist'])
2408          {
2409              // Create a list of buddies...
2410              $selected_list = explode(",", $mybb->user['buddylist']);
2411          }
2412      }
2413      else
2414      {
2415          if($mybb->user['buddylist'])
2416          {
2417              $existing_users = explode(",", $mybb->user['buddylist']);
2418          }
2419  
2420          if($mybb->user['ignorelist'])
2421          {
2422              // Create a list of ignored users
2423              $selected_list = explode(",", $mybb->user['ignorelist']);
2424          }
2425      }
2426  
2427      $error_message = "";
2428      $message = "";
2429  
2430      // Adding one or more users to this list
2431      if($mybb->get_input('add_username'))
2432      {
2433          // Split up any usernames we have
2434          $found_users = 0;
2435          $adding_self = false;
2436          $users = explode(",", $mybb->get_input('add_username'));
2437          $users = array_map("trim", $users);
2438          $users = array_unique($users);
2439          foreach($users as $key => $username)
2440          {
2441              if(empty($username))
2442              {
2443                  unset($users[$key]);
2444                  continue;
2445              }
2446  
2447              if(my_strtoupper($mybb->user['username']) == my_strtoupper($username))
2448              {
2449                  $adding_self = true;
2450                  unset($users[$key]);
2451                  continue;
2452              }
2453              $users[$key] = $db->escape_string($username);
2454          }
2455  
2456          // Get the requests we have sent that are still pending
2457          $query = $db->simple_select('buddyrequests', 'touid', 'uid='.(int)$mybb->user['uid']);
2458          $requests = array();
2459          while($req = $db->fetch_array($query))
2460          {
2461              $requests[$req['touid']] = true;
2462          }
2463  
2464          // Get the requests we have received that are still pending
2465          $query = $db->simple_select('buddyrequests', 'uid', 'touid='.(int)$mybb->user['uid']);
2466          $requests_rec = array();
2467          while($req = $db->fetch_array($query))
2468          {
2469              $requests_rec[$req['uid']] = true;
2470          }
2471  
2472          $sent = false;
2473  
2474          // Fetch out new users
2475          if(count($users) > 0)
2476          {
2477              switch($db->type)
2478              {
2479                  case 'mysql':
2480                  case 'mysqli':
2481                      $field = 'username';
2482                      break;
2483                  default:
2484                      $field = 'LOWER(username)';
2485                      break;
2486              }
2487              $query = $db->simple_select("users", "uid,buddyrequestsauto,buddyrequestspm,language", "{$field} IN ('".my_strtolower(implode("','", $users))."')");
2488              while($user = $db->fetch_array($query))
2489              {
2490                  ++$found_users;
2491  
2492                  // Make sure we're not adding a duplicate
2493                  if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list))
2494                  {
2495                      if($mybb->get_input('manage') == "ignored")
2496                      {
2497                          $error_message = "ignore";
2498                      }
2499                      else
2500                      {
2501                          $error_message = "buddy";
2502                      }
2503  
2504                      // On another list?
2505                      $string = "users_already_on_".$error_message."_list";
2506                      if(in_array($user['uid'], $selected_list))
2507                      {
2508                          $string .= "_alt";
2509                      }
2510  
2511                      $error_message = $lang->$string;
2512                      array_pop($users); // To maintain a proper count when we call count($users)
2513                      continue;
2514                  }
2515  
2516                  if(isset($requests[$user['uid']]))
2517                  {
2518                      if($mybb->get_input('manage') != "ignored")
2519                      {
2520                          $error_message = $lang->users_already_sent_request;
2521                      }
2522                      elseif($mybb->get_input('manage') == "ignored")
2523                      {
2524                          $error_message = $lang->users_already_sent_request_alt;
2525                      }
2526  
2527                      array_pop($users); // To maintain a proper count when we call count($users)
2528                      continue;
2529                  }
2530  
2531                  if(isset($requests_rec[$user['uid']]))
2532                  {
2533                      if($mybb->get_input('manage') != "ignored")
2534                      {
2535                          $error_message = $lang->users_already_rec_request;
2536                      }
2537                      elseif($mybb->get_input('manage') == "ignored")
2538                      {
2539                          $error_message = $lang->users_already_rec_request_alt;
2540                      }
2541  
2542                      array_pop($users); // To maintain a proper count when we call count($users)
2543                      continue;
2544                  }
2545  
2546                  // Do we have auto approval set to On?
2547                  if($user['buddyrequestsauto'] == 1 && $mybb->get_input('manage') != "ignored")
2548                  {
2549                      $existing_users[] = $user['uid'];
2550  
2551                      $pm = array(
2552                          'subject' => 'buddyrequest_new_buddy',
2553                          'message' => 'buddyrequest_new_buddy_message',
2554                          'touid' => $user['uid'],
2555                          'receivepms' => (int)$user['buddyrequestspm'],
2556                          'language' => $user['language'],
2557                          'language_file' => 'usercp'
2558                      );
2559  
2560                      send_pm($pm);
2561                  }
2562                  elseif($user['buddyrequestsauto'] != 1 && $mybb->get_input('manage') != "ignored")
2563                  {
2564                      // Send request
2565                      $id = $db->insert_query('buddyrequests', array('uid' => (int)$mybb->user['uid'], 'touid' => (int)$user['uid'], 'date' => TIME_NOW));
2566  
2567                      $pm = array(
2568                          'subject' => 'buddyrequest_received',
2569                          'message' => 'buddyrequest_received_message',
2570                          'touid' => $user['uid'],
2571                          'receivepms' => (int)$user['buddyrequestspm'],
2572                          'language' => $user['language'],
2573                          'language_file' => 'usercp'
2574                      );
2575  
2576                      send_pm($pm);
2577  
2578                      $sent = true;
2579                  }
2580                  elseif($mybb->get_input('manage') == "ignored")
2581                  {
2582                      $existing_users[] = $user['uid'];
2583                  }
2584              }
2585          }
2586  
2587          if($found_users < count($users))
2588          {
2589              if($error_message)
2590              {
2591                  $error_message .= "<br />";
2592              }
2593  
2594              $error_message .= $lang->invalid_user_selected;
2595          }
2596  
2597          if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1))
2598          {
2599              if($mybb->get_input('manage') == "ignored")
2600              {
2601                  $message = $lang->users_added_to_ignore_list;
2602              }
2603              else
2604              {
2605                  $message = $lang->users_added_to_buddy_list;
2606              }
2607          }
2608  
2609          if($adding_self == true)
2610          {
2611              if($mybb->get_input('manage') == "ignored")
2612              {
2613                  $error_message = $lang->cant_add_self_to_ignore_list;
2614              }
2615              else
2616              {
2617                  $error_message = $lang->cant_add_self_to_buddy_list;
2618              }
2619          }
2620  
2621          if(count($existing_users) == 0)
2622          {
2623              $message = "";
2624  
2625              if($sent === true)
2626              {
2627                  $message = $lang->buddyrequests_sent_success;
2628              }
2629          }
2630      }
2631  
2632      // Removing a user from this list
2633      else if($mybb->get_input('delete', MyBB::INPUT_INT))
2634      {
2635          // Check if user exists on the list
2636          $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $existing_users);
2637          if($key !== false)
2638          {
2639              unset($existing_users[$key]);
2640              $user = get_user($mybb->get_input('delete', MyBB::INPUT_INT));
2641              if(!empty($user))
2642              {
2643                  // We want to remove us from this user's buddy list
2644                  if($user['buddylist'] != '')
2645                  {
2646                      $user['buddylist'] = explode(',', $user['buddylist']);
2647                  }
2648                  else
2649                  {
2650                      $user['buddylist'] = array();
2651                  }
2652  
2653                  $key = array_search($mybb->get_input('delete', MyBB::INPUT_INT), $user['buddylist']);
2654                  unset($user['buddylist'][$key]);
2655  
2656                  // Now we have the new list, so throw it all back together
2657                  $new_list = implode(",", $user['buddylist']);
2658  
2659                  // And clean it up a little to ensure there is no possibility of bad values
2660                  $new_list = preg_replace("#,{2,}#", ",", $new_list);
2661                  $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2662  
2663                  if(my_substr($new_list, 0, 1) == ",")
2664                  {
2665                      $new_list = my_substr($new_list, 1);
2666                  }
2667                  if(my_substr($new_list, -1) == ",")
2668                  {
2669                      $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2670                  }
2671  
2672                  $user['buddylist'] = $db->escape_string($new_list);
2673  
2674                  $db->update_query("users", array('buddylist' => $user['buddylist']), "uid='".(int)$user['uid']."'");
2675              }
2676  
2677              if($mybb->get_input('manage') == "ignored")
2678              {
2679                  $message = $lang->removed_from_ignore_list;
2680              }
2681              else
2682              {
2683                  $message = $lang->removed_from_buddy_list;
2684              }
2685              $user['username'] = htmlspecialchars_uni($user['username']);
2686              $message = $lang->sprintf($message, $user['username']);
2687          }
2688      }
2689  
2690      // Now we have the new list, so throw it all back together
2691      $new_list = implode(",", $existing_users);
2692  
2693      // And clean it up a little to ensure there is no possibility of bad values
2694      $new_list = preg_replace("#,{2,}#", ",", $new_list);
2695      $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2696  
2697      if(my_substr($new_list, 0, 1) == ",")
2698      {
2699          $new_list = my_substr($new_list, 1);
2700      }
2701      if(my_substr($new_list, -1) == ",")
2702      {
2703          $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2704      }
2705  
2706      // And update
2707      $user = array();
2708      if($mybb->get_input('manage') == "ignored")
2709      {
2710          $user['ignorelist'] = $db->escape_string($new_list);
2711          $mybb->user['ignorelist'] = $user['ignorelist'];
2712      }
2713      else
2714      {
2715          $user['buddylist'] = $db->escape_string($new_list);
2716          $mybb->user['buddylist'] = $user['buddylist'];
2717      }
2718  
2719      $db->update_query("users", $user, "uid='".$mybb->user['uid']."'");
2720  
2721      $plugins->run_hooks("usercp_do_editlists_end");
2722  
2723      // Ajax based request, throw new list to browser
2724      if(!empty($mybb->input['ajax']))
2725      {
2726          if($mybb->get_input('manage') == "ignored")
2727          {
2728              $list = "ignore";
2729          }
2730          else
2731          {
2732              $list = "buddy";
2733          }
2734  
2735          $message_js = '';
2736          if($message)
2737          {
2738              $message_js = "$.jGrowl('{$message}', {theme:'jgrowl_success'});";
2739          }
2740  
2741          if($error_message)
2742          {
2743              $message_js .= " $.jGrowl('{$error_message}', {theme:'jgrowl_error'});";
2744          }
2745  
2746          if($mybb->get_input('delete', MyBB::INPUT_INT))
2747          {
2748              header("Content-type: text/javascript");
2749              echo "$(\"#".$mybb->get_input('manage')."_".$mybb->get_input('delete', MyBB::INPUT_INT)."\").remove();\n";
2750              if($new_list == "")
2751              {
2752                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"0\");\n";
2753                  if($mybb->get_input('manage') == "ignored")
2754                  {
2755                      echo "\$(\"#ignore_list\").html(\"<li>{$lang->ignore_list_empty}</li>\");\n";
2756                  }
2757                  else
2758                  {
2759                      echo "\$(\"#buddy_list\").html(\"<li>{$lang->buddy_list_empty}</li>\");\n";
2760                  }
2761              }
2762              else
2763              {
2764                  echo "\$(\"#".$mybb->get_input('manage')."_count\").html(\"".count(explode(",", $new_list))."\");\n";
2765              }
2766              echo $message_js;
2767              exit;
2768          }
2769          $mybb->input['action'] = "editlists";
2770      }
2771      else
2772      {
2773          if($error_message)
2774          {
2775              $message .= "<br />".$error_message;
2776          }
2777          redirect("usercp.php?action=editlists#".$mybb->get_input('manage'), $message);
2778      }
2779  }
2780  
2781  if($mybb->input['action'] == "editlists")
2782  {
2783      $plugins->run_hooks("usercp_editlists_start");
2784  
2785      $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
2786  
2787      // Fetch out buddies
2788      $buddy_count = 0;
2789      $buddy_list = '';
2790      if($mybb->user['buddylist'])
2791      {
2792          $type = "buddy";
2793          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username"));
2794          while($user = $db->fetch_array($query))
2795          {
2796              $user['username'] = htmlspecialchars_uni($user['username']);
2797              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2798              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
2799              {
2800                  $status = "online";
2801              }
2802              else
2803              {
2804                  $status = "offline";
2805              }
2806              eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";");
2807              ++$buddy_count;
2808          }
2809      }
2810  
2811      $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count);
2812      if(!$buddy_list)
2813      {
2814          eval("\$buddy_list = \"".$templates->get("usercp_editlists_no_buddies")."\";");
2815      }
2816  
2817      // Fetch out ignore list users
2818      $ignore_count = 0;
2819      $ignore_list = '';
2820      if($mybb->user['ignorelist'])
2821      {
2822          $type = "ignored";
2823          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username"));
2824          while($user = $db->fetch_array($query))
2825          {
2826              $user['username'] = htmlspecialchars_uni($user['username']);
2827              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2828              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
2829              {
2830                  $status = "online";
2831              }
2832              else
2833              {
2834                  $status = "offline";
2835              }
2836              eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";");
2837              ++$ignore_count;
2838          }
2839      }
2840  
2841      $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count);
2842      if(!$ignore_list)
2843      {
2844          eval("\$ignore_list = \"".$templates->get("usercp_editlists_no_ignored")."\";");
2845      }
2846  
2847      // If an AJAX request from buddy management, echo out whatever the new list is.
2848      if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
2849      {
2850          if($mybb->input['manage'] == "ignored")
2851          {
2852              echo $ignore_list;
2853              echo "<script type=\"text/javascript\"> $(\"#ignored_count\").html(\"{$ignore_count}\"); {$message_js}</script>";
2854          }
2855          else
2856          {
2857              if(isset($sent) && $sent === true)
2858              {
2859                  $sent_rows = '';
2860                  $query = $db->query("
2861                      SELECT r.*, u.username
2862                      FROM ".TABLE_PREFIX."buddyrequests r
2863                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
2864                      WHERE r.uid=".(int)$mybb->user['uid']);
2865  
2866                  while($request = $db->fetch_array($query))
2867                  {
2868                      $bgcolor = alt_trow();
2869                      $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
2870                      $request['date'] = my_date($mybb->settings['dateformat'], $request['date'])." ".my_date($mybb->settings['timeformat'], $request['date']);
2871                      eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request", 1, 0)."\";");
2872                  }
2873  
2874                  if($sent_rows == '')
2875                  {
2876                      eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests", 1, 0)."\";");
2877                  }
2878  
2879                  eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests", 1, 0)."\";");
2880  
2881                  echo $sentrequests;
2882                  echo $sent_requests."<script type=\"text/javascript\">{$message_js}</script>";
2883              }
2884              else
2885              {
2886                  echo $buddy_list;
2887                  echo "<script type=\"text/javascript\"> $(\"#buddy_count\").html(\"{$buddy_count}\"); {$message_js}</script>";
2888              }
2889          }
2890          exit;
2891      }
2892  
2893      $received_rows = '';
2894      $query = $db->query("
2895          SELECT r.*, u.username
2896          FROM ".TABLE_PREFIX."buddyrequests r
2897          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.uid)
2898          WHERE r.touid=".(int)$mybb->user['uid']);
2899  
2900      while($request = $db->fetch_array($query))
2901      {
2902          $bgcolor = alt_trow();
2903          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['uid']);
2904          $request['date'] = my_date($mybb->settings['dateformat'], $request['date'])." ".my_date($mybb->settings['timeformat'], $request['date']);
2905          eval("\$received_rows .= \"".$templates->get("usercp_editlists_received_request")."\";");
2906      }
2907  
2908      if($received_rows == '')
2909      {
2910          eval("\$received_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
2911      }
2912  
2913      eval("\$received_requests = \"".$templates->get("usercp_editlists_received_requests")."\";");
2914  
2915      $sent_rows = '';
2916      $query = $db->query("
2917          SELECT r.*, u.username
2918          FROM ".TABLE_PREFIX."buddyrequests r
2919          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=r.touid)
2920          WHERE r.uid=".(int)$mybb->user['uid']);
2921  
2922      while($request = $db->fetch_array($query))
2923      {
2924          $bgcolor = alt_trow();
2925          $request['username'] = build_profile_link(htmlspecialchars_uni($request['username']), (int)$request['touid']);
2926          $request['date'] = my_date($mybb->settings['dateformat'], $request['date'])." ".my_date($mybb->settings['timeformat'], $request['date']);
2927          eval("\$sent_rows .= \"".$templates->get("usercp_editlists_sent_request")."\";");
2928      }
2929  
2930      if($sent_rows == '')
2931      {
2932          eval("\$sent_rows = \"".$templates->get("usercp_editlists_no_requests")."\";");
2933      }
2934  
2935      eval("\$sent_requests = \"".$templates->get("usercp_editlists_sent_requests")."\";");
2936  
2937      $plugins->run_hooks("usercp_editlists_end");
2938  
2939      eval("\$listpage = \"".$templates->get("usercp_editlists")."\";");
2940      output_page($listpage);
2941  }
2942  
2943  if($mybb->input['action'] == "drafts")
2944  {
2945      $plugins->run_hooks("usercp_drafts_start");
2946  
2947      $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible='-2' AND uid='{$mybb->user['uid']}'");
2948      $draftcount = $db->fetch_field($query, 'draftcount');
2949  
2950      $drafts = $disable_delete_drafts = '';
2951      $lang->drafts_count = $lang->sprintf($lang->drafts_count, my_number_format($draftcount));
2952  
2953      // Show a listing of all of the current 'draft' posts or threads the user has.
2954      if($draftcount)
2955      {
2956          $query = $db->query("
2957              SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible
2958              FROM ".TABLE_PREFIX."posts p
2959              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2960              LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid)
2961              WHERE p.uid = '{$mybb->user['uid']}' AND p.visible = '-2'
2962              ORDER BY p.dateline DESC
2963          ");
2964  
2965          while($draft = $db->fetch_array($query))
2966          {
2967              $detail = '';
2968              $trow = alt_trow();
2969              if($draft['threadvisible'] == 1) // We're looking at a draft post
2970              {
2971                  $draft['threadlink'] = get_thread_link($draft['tid']);
2972                  $draft['threadsubject'] = htmlspecialchars_uni($draft['threadsubject']);
2973                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_thread")."\";");
2974                  $editurl = "newreply.php?action=editdraft&amp;pid={$draft['pid']}";
2975                  $id = $draft['pid'];
2976                  $type = "post";
2977              }
2978              elseif($draft['threadvisible'] == -2) // We're looking at a draft thread
2979              {
2980                  $draft['forumlink'] = get_forum_link($draft['fid']);
2981                  $draft['forumname'] = htmlspecialchars_uni($draft['forumname']);
2982                  eval("\$detail = \"".$templates->get("usercp_drafts_draft_forum")."\";");
2983                  $editurl = "newthread.php?action=editdraft&amp;tid={$draft['tid']}";
2984                  $id = $draft['tid'];
2985                  $type = "thread";
2986              }
2987  
2988              $draft['subject'] = htmlspecialchars_uni($draft['subject']);
2989              $savedate = my_date('relative', $draft['dateline']);
2990              eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";");
2991          }
2992      }
2993      else
2994      {
2995          $disable_delete_drafts = 'disabled="disabled"';
2996          eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";");
2997      }
2998  
2999      $plugins->run_hooks("usercp_drafts_end");
3000  
3001      eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";");
3002      output_page($draftlist);
3003  }
3004  
3005  if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post")
3006  {
3007      // Verify incoming POST request
3008      verify_post_check($mybb->get_input('my_post_key'));
3009  
3010      $plugins->run_hooks("usercp_do_drafts_start");
3011      $mybb->input['deletedraft'] = $mybb->get_input('deletedraft', MyBB::INPUT_ARRAY);
3012      if(empty($mybb->input['deletedraft']))
3013      {
3014          error($lang->no_drafts_selected);
3015      }
3016      $pidin = array();
3017      $tidin = array();
3018      foreach($mybb->input['deletedraft'] as $id => $val)
3019      {
3020          if($val == "post")
3021          {
3022              $pidin[] = "'".(int)$id."'";
3023          }
3024          elseif($val == "thread")
3025          {
3026              $tidin[] = "'".(int)$id."'";
3027          }
3028      }
3029      if($tidin)
3030      {
3031          $tidin = implode(",", $tidin);
3032          $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3033          $tidinp = "OR tid IN ($tidin)";
3034      }
3035      if($pidin || $tidinp)
3036      {
3037          $pidinq = $tidin = '';
3038          if($pidin)
3039          {
3040              $pidin = implode(",", $pidin);
3041              $pidinq = "pid IN ($pidin)";
3042          }
3043          else
3044          {
3045              $pidinq = "1=0";
3046          }
3047          $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'");
3048      }
3049      $plugins->run_hooks("usercp_do_drafts_end");
3050      redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted);
3051  }
3052  
3053  if($mybb->input['action'] == "usergroups")
3054  {
3055      $plugins->run_hooks("usercp_usergroups_start");
3056      $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].",";
3057  
3058      $usergroups = $mybb->cache->read('usergroups');
3059  
3060      // Changing our display group
3061      if($mybb->get_input('displaygroup', MyBB::INPUT_INT))
3062      {
3063          // Verify incoming POST request
3064          verify_post_check($mybb->get_input('my_post_key'));
3065  
3066          if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false)
3067          {
3068              error($lang->not_member_of_group);
3069          }
3070  
3071          $dispgroup = $usergroups[$mybb->get_input('displaygroup', MyBB::INPUT_INT)];
3072          if($dispgroup['candisplaygroup'] != 1)
3073          {
3074              error($lang->cannot_set_displaygroup);
3075          }
3076          $db->update_query("users", array('displaygroup' => $mybb->get_input('displaygroup', MyBB::INPUT_INT)), "uid='".$mybb->user['uid']."'");
3077          $cache->update_moderators();
3078          $plugins->run_hooks("usercp_usergroups_change_displaygroup");
3079          redirect("usercp.php?action=usergroups", $lang->display_group_changed);
3080          exit;
3081      }
3082  
3083      // Leaving a group
3084      if($mybb->get_input('leavegroup', MyBB::INPUT_INT))
3085      {
3086          // Verify incoming POST request
3087          verify_post_check($mybb->input['my_post_key']);
3088  
3089          if(my_strpos($ingroups, ",".$mybb->get_input('leavegroup', MyBB::INPUT_INT).",") === false)
3090          {
3091              error($lang->not_member_of_group);
3092          }
3093          if($mybb->user['usergroup'] == $mybb->get_input('leavegroup', MyBB::INPUT_INT))
3094          {
3095              error($lang->cannot_leave_primary_group);
3096          }
3097  
3098          $usergroup = $usergroups[$mybb->get_input('leavegroup', MyBB::INPUT_INT)];
3099          if($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3100          {
3101              error($lang->cannot_leave_group);
3102          }
3103          leave_usergroup($mybb->user['uid'], $mybb->get_input('leavegroup', MyBB::INPUT_INT));
3104          $plugins->run_hooks("usercp_usergroups_leave_group");
3105          redirect("usercp.php?action=usergroups", $lang->left_group);
3106          exit;
3107      }
3108  
3109      $groupleaders = array();
3110  
3111      // List of usergroup leaders
3112      $query = $db->query("
3113          SELECT g.*, u.username, u.displaygroup, u.usergroup, u.email, u.language
3114          FROM ".TABLE_PREFIX."groupleaders g
3115          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
3116          ORDER BY u.username ASC
3117      ");
3118      while($leader = $db->fetch_array($query))
3119      {
3120          $groupleaders[$leader['gid']][$leader['uid']] = $leader;
3121      }
3122  
3123      // Joining a group
3124      if($mybb->get_input('joingroup', MyBB::INPUT_INT))
3125      {
3126          // Verify incoming POST request
3127          verify_post_check($mybb->get_input('my_post_key'));
3128  
3129          $usergroup = $usergroups[$mybb->get_input('joingroup', MyBB::INPUT_INT)];
3130  
3131          if($usergroup['type'] == 5)
3132          {
3133              error($lang->cannot_join_invite_group);
3134          }
3135  
3136          if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
3137          {
3138              error($lang->cannot_join_group);
3139          }
3140  
3141          if(my_strpos($ingroups, ",".$mybb->get_input('joingroup', MyBB::INPUT_INT).",") !== false)
3142          {
3143              error($lang->already_member_of_group);
3144          }
3145  
3146          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('joingroup', MyBB::INPUT_INT)."'");
3147          $joinrequest = $db->fetch_array($query);
3148          if($joinrequest['rid'])
3149          {
3150              error($lang->already_sent_join_request);
3151          }
3152          if($mybb->get_input('do') == "joingroup" && $usergroup['type'] == 4)
3153          {
3154              $now = TIME_NOW;
3155              $joinrequest = array(
3156                  "uid" => $mybb->user['uid'],
3157                  "gid" => $mybb->get_input('joingroup', MyBB::INPUT_INT),
3158                  "reason" => $db->escape_string($mybb->get_input('reason')),
3159                  "dateline" => TIME_NOW
3160              );
3161  
3162              $db->insert_query("joinrequests", $joinrequest);
3163  
3164              if(array_key_exists($usergroup['gid'], $groupleaders))
3165              {
3166                  foreach($groupleaders[$usergroup['gid']] as $leader)
3167                  {
3168                      // Load language
3169                      $lang->set_language($leader['language']);
3170                      $lang->load("messages");
3171  
3172                      $subject = $lang->sprintf($lang->emailsubject_newjoinrequest, $mybb->settings['bbname']);
3173                      $message = $lang->sprintf($lang->email_groupleader_joinrequest, $leader['username'], $mybb->user['username'], $usergroup['title'], $mybb->settings['bbname'], $mybb->get_input('reason'), $mybb->settings['bburl'], $leader['gid']);
3174                      my_mail($leader['email'], $subject, $message);
3175                  }
3176              }
3177  
3178              // Load language
3179              $lang->set_language($mybb->user['language']);
3180              $lang->load("messages");
3181  
3182              $plugins->run_hooks("usercp_usergroups_join_group_request");
3183              redirect("usercp.php?action=usergroups", $lang->group_join_requestsent);
3184              exit;
3185          }
3186          elseif($usergroup['type'] == 4)
3187          {
3188              $joingroup = $mybb->get_input('joingroup', MyBB::INPUT_INT);
3189              eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
3190              output_page($joinpage);
3191              exit;
3192          }
3193          else
3194          {
3195              join_usergroup($mybb->user['uid'], $mybb->get_input('joingroup', MyBB::INPUT_INT));
3196              $plugins->run_hooks("usercp_usergroups_join_group");
3197              redirect("usercp.php?action=usergroups", $lang->joined_group);
3198          }
3199      }
3200  
3201      // Accepting invitation
3202      if($mybb->get_input('acceptinvite', MyBB::INPUT_INT))
3203      {
3204          // Verify incoming POST request
3205          verify_post_check($mybb->get_input('my_post_key'));
3206  
3207          $usergroup = $usergroups[$mybb->get_input('acceptinvite', MyBB::INPUT_INT)];
3208  
3209          if(my_strpos($ingroups, ",".$mybb->get_input('acceptinvite', MyBB::INPUT_INT).",") !== false)
3210          {
3211              error($lang->already_accepted_invite);
3212          }
3213  
3214          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."' AND invite='1'");
3215          $joinrequest = $db->fetch_array($query);
3216          if($joinrequest['rid'])
3217          {
3218              join_usergroup($mybb->user['uid'], $mybb->get_input('acceptinvite', MyBB::INPUT_INT));
3219              $db->delete_query("joinrequests", "uid='{$mybb->user['uid']}' AND gid='".$mybb->get_input('acceptinvite', MyBB::INPUT_INT)."'");
3220              $plugins->run_hooks("usercp_usergroups_accept_invite");
3221              redirect("usercp.php?action=usergroups", $lang->joined_group);
3222          }
3223          else
3224          {
3225              error($lang->no_pending_invitation);
3226          }
3227      }
3228      // Show listing of various group related things
3229  
3230      // List of groups this user is a leader of
3231      $groupsledlist = '';
3232  
3233      switch($db->type)
3234      {
3235          case "pgsql":
3236          case "sqlite":
3237              $query = $db->query("
3238                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3239                  FROM ".TABLE_PREFIX."groupleaders l
3240                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3241                  LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
3242                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3243                  WHERE l.uid='".$mybb->user['uid']."'
3244                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3245              ");
3246              break;
3247          default:
3248              $query = $db->query("
3249                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3250                  FROM ".TABLE_PREFIX."groupleaders l
3251                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
3252                  LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
3253                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
3254                  WHERE l.uid='".$mybb->user['uid']."'
3255                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers, l.caninvitemembers
3256              ");
3257      }
3258  
3259      while($usergroup = $db->fetch_array($query))
3260      {
3261          $memberlistlink = $moderaterequestslink = '';
3262          eval("\$memberlistlink = \"".$templates->get("usercp_usergroups_leader_usergroup_memberlist")."\";");
3263          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3264          if($usergroup['type'] != 4)
3265          {
3266              $usergroup['joinrequests'] = '--';
3267          }
3268          if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1)
3269          {
3270              eval("\$moderaterequestslink = \"".$templates->get("usercp_usergroups_leader_usergroup_moderaterequests")."\";");
3271          }
3272          $groupleader[$usergroup['gid']] = 1;
3273          $trow = alt_trow();
3274          eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";");
3275      }
3276      $leadinggroups = '';
3277      if($groupsledlist)
3278      {
3279          eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";");
3280      }
3281  
3282      // Fetch the list of groups the member is in
3283      // Do the primary group first
3284      $usergroup = $usergroups[$mybb->user['usergroup']];
3285      $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3286      $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3287      $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3288      eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveprimary")."\";");
3289      $trow = alt_trow();
3290      if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3291      {
3292          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3293      }
3294      elseif($usergroup['candisplaygroup'] == 1)
3295      {
3296          eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3297      }
3298      else
3299      {
3300          $displaycode = '';
3301      }
3302  
3303      eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3304      $showmemberof = false;
3305      if($mybb->user['additionalgroups'])
3306      {
3307          $query = $db->simple_select("usergroups", "*", "gid IN (".$mybb->user['additionalgroups'].") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title'));
3308          while($usergroup = $db->fetch_array($query))
3309          {
3310              $showmemberof = true;
3311  
3312              if(isset($groupleader[$usergroup['gid']]))
3313              {
3314                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveleader")."\";");
3315              }
3316              elseif($usergroup['type'] != 4 && $usergroup['type'] != 3 && $usergroup['type'] != 5)
3317              {
3318                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leaveother")."\";");
3319              }
3320              else
3321              {
3322                  eval("\$leavelink = \"".$templates->get("usercp_usergroups_memberof_usergroup_leave")."\";");
3323              }
3324  
3325              $description = '';
3326              $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3327              $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
3328              if($usergroup['description'])
3329              {
3330                  $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3331                  eval("\$description = \"".$templates->get("usercp_usergroups_memberof_usergroup_description")."\";");
3332              }
3333              $trow = alt_trow();
3334              if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
3335              {
3336                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_display")."\";");
3337              }
3338              elseif($usergroup['candisplaygroup'] == 1)
3339              {
3340                  eval("\$displaycode = \"".$templates->get("usercp_usergroups_memberof_usergroup_setdisplay")."\";");
3341              }
3342              else
3343              {
3344                  $displaycode = '';
3345              }
3346              eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
3347          }
3348      }
3349      eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";");
3350  
3351      // List of groups this user has applied for but has not been accepted in to
3352      $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'");
3353      while($request = $db->fetch_array($query))
3354      {
3355          $appliedjoin[$request['gid']] = $request['dateline'];
3356      }
3357  
3358      // Fetch list of groups the member can join
3359      $existinggroups = $mybb->user['usergroup'];
3360      if($mybb->user['additionalgroups'])
3361      {
3362          $existinggroups .= ",".$mybb->user['additionalgroups'];
3363      }
3364  
3365      $joinablegroups = $joinablegrouplist = '';
3366      $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4' OR type='5') AND gid NOT IN ($existinggroups)", array('order_by' => 'title'));
3367      while($usergroup = $db->fetch_array($query))
3368      {
3369          $trow = alt_trow();
3370  
3371          $description = '';
3372          $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
3373          if($usergroup['description'])
3374          {
3375              $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
3376              eval("\$description = \"".$templates->get("usercp_usergroups_joinable_usergroup_description")."\";");
3377          }
3378  
3379          // Moderating join requests?
3380          if($usergroup['type'] == 4)
3381          {
3382              $conditions = $lang->usergroup_joins_moderated;
3383          }
3384          elseif($usergroup['type'] == 5)
3385          {
3386              $conditions = $lang->usergroup_joins_invite;
3387          }
3388          else
3389          {
3390              $conditions = $lang->usergroup_joins_anyone;
3391          }
3392  
3393          if(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] != 5)
3394          {
3395              $applydate = my_date('relative', $appliedjoin[$usergroup['gid']]);
3396              $joinlink = $lang->sprintf($lang->join_group_applied, $applydate);
3397          }
3398          elseif(isset($appliedjoin[$usergroup['gid']]) && $usergroup['type'] == 5)
3399          {
3400              $joinlink = $lang->sprintf($lang->pending_invitation, $usergroup['gid'], $mybb->post_code);
3401          }
3402          elseif($usergroup['type'] == 5)
3403          {
3404              $joinlink = "--";
3405          }
3406          else
3407          {
3408              eval("\$joinlink = \"".$templates->get("usercp_usergroups_joinable_usergroup_join")."\";");
3409          }
3410  
3411          $usergroupleaders = '';
3412          if(!empty($groupleaders[$usergroup['gid']]))
3413          {
3414              $comma = '';
3415              $usergroupleaders = '';
3416              foreach($groupleaders[$usergroup['gid']] as $leader)
3417              {
3418                  $leader['username'] = format_name(htmlspecialchars_uni($leader['username']), $leader['usergroup'], $leader['displaygroup']);
3419                  $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']);
3420                  $comma = $lang->comma;
3421              }
3422              $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders;
3423          }
3424  
3425          if(my_strpos($usergroupleaders, $mybb->user['username']) === false)
3426          {
3427              // User is already a leader of the group, so don't show as a "Join Group"
3428              eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";");
3429          }
3430      }
3431      if($joinablegrouplist)
3432      {
3433          eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";");
3434      }
3435  
3436      $plugins->run_hooks("usercp_usergroups_end");
3437  
3438      eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";");
3439      output_page($groupmemberships);
3440  }
3441  
3442  if($mybb->input['action'] == "attachments")
3443  {
3444      $plugins->run_hooks("usercp_attachments_start");
3445      require_once  MYBB_ROOT."inc/functions_upload.php";
3446  
3447      if($mybb->settings['enableattachments'] == 0)
3448      {
3449          error($lang->attachments_disabled);
3450      }
3451  
3452      $attachments = '';
3453  
3454      // Pagination
3455      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
3456      {
3457          $mybb->settings['threadsperpage'] = 20;
3458      }
3459  
3460      $perpage = $mybb->settings['threadsperpage'];
3461      $page = $mybb->get_input('page', MyBB::INPUT_INT);
3462  
3463      if($page > 0)
3464      {
3465          $start = ($page-1) * $perpage;
3466      }
3467      else
3468      {
3469          $start = 0;
3470          $page = 1;
3471      }
3472  
3473      $end = $start + $perpage;
3474      $lower = $start+1;
3475  
3476      $query = $db->query("
3477          SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject
3478          FROM ".TABLE_PREFIX."attachments a
3479          LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
3480          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
3481          WHERE a.uid='".$mybb->user['uid']."'
3482          ORDER BY p.dateline DESC LIMIT {$start}, {$perpage}
3483      ");
3484  
3485      $bandwidth = $totaldownloads = 0;
3486      while($attachment = $db->fetch_array($query))
3487      {
3488          if($attachment['dateline'] && $attachment['tid'])
3489          {
3490              $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject']));
3491              $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
3492              $attachment['threadlink'] = get_thread_link($attachment['tid']);
3493              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
3494  
3495              $size = get_friendly_size($attachment['filesize']);
3496              $icon = get_attachment_icon(get_extension($attachment['filename']));
3497              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
3498  
3499              $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
3500              $attachdate = my_date('relative', $attachment['dateline']);
3501              $altbg = alt_trow();
3502  
3503              eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");
3504  
3505              // Add to bandwidth total
3506              $bandwidth += ($attachment['filesize'] * $attachment['downloads']);
3507              $totaldownloads += $attachment['downloads'];
3508          }
3509          else
3510          {
3511              // This little thing delets attachments without a thread/post
3512              remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']);
3513          }
3514      }
3515  
3516      $query = $db->simple_select("attachments", "SUM(filesize) AS ausage, COUNT(aid) AS acount", "uid='".$mybb->user['uid']."'");
3517      $usage = $db->fetch_array($query);
3518      $totalusage = $usage['ausage'];
3519      $totalattachments = $usage['acount'];
3520      $friendlyusage = get_friendly_size($totalusage);
3521      if($mybb->usergroup['attachquota'])
3522      {
3523          $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100)."%";
3524          $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
3525          $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $percent, $totalattachments);
3526      }
3527      else
3528      {
3529          $percent = $lang->unlimited;
3530          $attachquota = $lang->unlimited;
3531          $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments);
3532      }
3533  
3534      $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments");
3535      $bandwidth = get_friendly_size($bandwidth);
3536  
3537      if(!$attachments)
3538      {
3539          eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";");
3540          $usagenote = '';
3541      }
3542  
3543      $plugins->run_hooks("usercp_attachments_end");
3544  
3545      eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";");
3546      output_page($manageattachments);
3547  }
3548  
3549  if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post")
3550  {
3551      // Verify incoming POST request
3552      verify_post_check($mybb->get_input('my_post_key'));
3553  
3554      $plugins->run_hooks("usercp_do_attachments_start");
3555      require_once  MYBB_ROOT."inc/functions_upload.php";
3556      if(!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments']))
3557      {
3558          error($lang->no_attachments_selected);
3559      }
3560      $aids = implode(',', array_map('intval', $mybb->input['attachments']));
3561      $query = $db->simple_select("attachments", "*", "aid IN ($aids) AND uid='".$mybb->user['uid']."'");
3562      while($attachment = $db->fetch_array($query))
3563      {
3564          remove_attachment($attachment['pid'], '', $attachment['aid']);
3565      }
3566      $plugins->run_hooks("usercp_do_attachments_end");
3567      redirect("usercp.php?action=attachments", $lang->attachments_deleted);
3568  }
3569  
3570  if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post")
3571  {
3572      // Verify incoming POST request
3573      verify_post_check($mybb->get_input('my_post_key'));
3574  
3575      // Cap at 60,000 chars; text will allow up to 65535?
3576      if(my_strlen($mybb->get_input('notepad')) > 60000)
3577      {
3578          $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000);
3579      }
3580  
3581      $plugins->run_hooks("usercp_do_notepad_start");
3582      $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='".$mybb->user['uid']."'");
3583      $plugins->run_hooks("usercp_do_notepad_end");
3584      redirect("usercp.php", $lang->redirect_notepadupdated);
3585  }
3586  
3587  if(!$mybb->input['action'])
3588  {
3589      // Get posts per day
3590      $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600);
3591  
3592      if($daysreg < 1)
3593      {
3594          $daysreg = 1;
3595      }
3596  
3597      $perday = $mybb->user['postnum'] / $daysreg;
3598      $perday = round($perday, 2);
3599      if($perday > $mybb->user['postnum'])
3600      {
3601          $perday = $mybb->user['postnum'];
3602      }
3603  
3604      $stats = $cache->read("stats");
3605      $posts = $stats['numposts'];
3606      if($posts == 0)
3607      {
3608          $percent = "0";
3609      }
3610      else
3611      {
3612          $percent = $mybb->user['postnum']*100/$posts;
3613          $percent = round($percent, 2);
3614      }
3615  
3616      $colspan = 2;
3617      $lang->posts_day = $lang->sprintf($lang->posts_day, my_number_format($perday), $percent);
3618      $regdate = my_date('relative', $mybb->user['regdate']);
3619  
3620      $useravatar = format_avatar($mybb->user['avatar'], $mybb->user['avatardimensions'], '100x100');
3621      $avatar_username = htmlspecialchars_uni($mybb->user['username']);
3622      eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";");
3623  
3624      $usergroup = htmlspecialchars_uni($groupscache[$mybb->user['usergroup']]['title']);
3625      if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin")
3626      {
3627          eval("\$usergroup .= \"".$templates->get("usercp_resendactivation")."\";");
3628      }
3629      // Make reputations row
3630      $reputations = '';
3631      if($mybb->usergroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
3632      {
3633          $reputation_link = get_reputation($mybb->user['reputation']);
3634          eval("\$reputation = \"".$templates->get("usercp_reputation")."\";");
3635      }
3636  
3637      $latest_warnings = '';
3638      if($mybb->settings['enablewarningsystem'] != 0 && $mybb->settings['canviewownwarning'] != 0)
3639      {
3640          if($mybb->settings['maxwarningpoints'] < 1)
3641          {
3642              $mybb->settings['maxwarningpoints'] = 10;
3643          }
3644          $warning_level = round($mybb->user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
3645          if($warning_level > 100)
3646          {
3647              $warning_level = 100;
3648          }
3649  
3650          if($mybb->user['warningpoints'] > $mybb->settings['maxwarningpoints'])
3651          {
3652              $mybb->user['warningpoints'] = $mybb->settings['maxwarningpoints'];
3653          }
3654  
3655          if($warning_level > 0)
3656          {
3657              require_once  MYBB_ROOT.'inc/datahandlers/warnings.php';
3658              $warningshandler = new WarningsHandler('update');
3659  
3660              $warningshandler->expire_warnings();
3661  
3662              $lang->current_warning_level = $lang->sprintf($lang->current_warning_level, $warning_level, $mybb->user['warningpoints'], $mybb->settings['maxwarningpoints']);
3663              $warnings = '';
3664              // Fetch latest warnings
3665              $query = $db->query("
3666                  SELECT w.*, t.title AS type_title, u.username, p.subject AS post_subject
3667                  FROM ".TABLE_PREFIX."warnings w
3668                  LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (t.tid=w.tid)
3669                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=w.issuedby)
3670                  LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=w.pid)
3671                  WHERE w.uid='{$mybb->user['uid']}'
3672                  ORDER BY w.expired ASC, w.dateline DESC
3673                  LIMIT 5
3674              ");
3675              while($warning = $db->fetch_array($query))
3676              {
3677                  $post_link = "";
3678                  if($warning['post_subject'])
3679                  {
3680                      $warning['post_subject'] = $parser->parse_badwords($warning['post_subject']);
3681                      $warning['post_subject'] = htmlspecialchars_uni($warning['post_subject']);
3682                      $warning['postlink'] = get_post_link($warning['pid']);
3683                      eval("\$post_link .= \"".$templates->get("usercp_warnings_warning_post")."\";");
3684                  }
3685                  $warning['username'] = htmlspecialchars_uni($warning['username']);
3686                  $issuedby = build_profile_link($warning['username'], $warning['issuedby']);
3687                  $date_issued = my_date('relative', $warning['dateline']);
3688                  if($warning['type_title'])
3689                  {
3690                      $warning_type = $warning['type_title'];
3691                  }
3692                  else
3693                  {
3694                      $warning_type = $warning['title'];
3695                  }
3696                  $warning_type = htmlspecialchars_uni($warning_type);
3697                  if($warning['points'] > 0)
3698                  {
3699                      $warning['points'] = "+{$warning['points']}";
3700                  }
3701                  $points = $lang->sprintf($lang->warning_points, $warning['points']);
3702  
3703                  // Figure out expiration time
3704                  if($warning['daterevoked'])
3705                  {
3706                      $expires = $lang->warning_revoked;
3707                  }
3708                  elseif($warning['expired'])
3709                  {
3710                      $expires = $lang->already_expired;
3711                  }
3712                  elseif($warning['expires'] == 0)
3713                  {
3714                      $expires = $lang->never;
3715                  }
3716                  else
3717                  {
3718                      $expires = my_date('relative', $warning['expires']);
3719                  }
3720  
3721                  $alt_bg = alt_trow();
3722                  eval("\$warnings .= \"".$templates->get("usercp_warnings_warning")."\";");
3723              }
3724              if($warnings)
3725              {
3726                  eval("\$latest_warnings = \"".$templates->get("usercp_warnings")."\";");
3727              }
3728          }
3729      }
3730  
3731      // Format username
3732      $username = format_name(htmlspecialchars_uni($mybb->user['username']), $mybb->user['usergroup'], $mybb->user['displaygroup']);
3733      $username = build_profile_link($username, $mybb->user['uid']);
3734  
3735      // Format post numbers
3736      $mybb->user['posts'] = my_number_format($mybb->user['postnum']);
3737  
3738      // Build referral link
3739      if($mybb->settings['usereferrals'] == 1)
3740      {
3741          $referral_link = $lang->sprintf($lang->referral_link, $settings['bburl'], $mybb->user['uid']);
3742          eval("\$referral_info = \"".$templates->get("usercp_referrals")."\";");
3743      }
3744  
3745      // User Notepad
3746      $plugins->run_hooks("usercp_notepad_start");
3747      $mybb->user['notepad'] = htmlspecialchars_uni($mybb->user['notepad']);
3748      eval("\$user_notepad = \"".$templates->get("usercp_notepad")."\";");
3749      $plugins->run_hooks("usercp_notepad_end");
3750  
3751      // Thread Subscriptions with New Posts
3752      $latest_subscribed = '';
3753      $query = $db->simple_select("threadsubscriptions", "sid", "uid = '".$mybb->user['uid']."'", array("limit" => 1));
3754      if($db->num_rows($query))
3755      {
3756          $visible = "AND t.visible != 0";
3757          if(is_moderator() == true)
3758          {
3759              $visible = '';
3760          }
3761  
3762          $query = $db->query("
3763              SELECT s.*, t.*, t.username AS threadusername, u.username
3764              FROM ".TABLE_PREFIX."threadsubscriptions s
3765              LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
3766              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
3767              WHERE s.uid='".$mybb->user['uid']."' {$visible}
3768              ORDER BY t.lastpost DESC
3769              LIMIT 0, 10
3770          ");
3771  
3772          $fpermissions = forum_permissions();
3773          while($subscription = $db->fetch_array($query))
3774          {
3775              $forumpermissions = $fpermissions[$subscription['fid']];
3776              if($forumpermissions['canview'] != 0 && $forumpermissions['canviewthreads'] != 0 && ($forumpermissions['canonlyviewownthreads'] == 0 || $subscription['uid'] == $mybb->user['uid']))
3777              {
3778                  $subscriptions[$subscription['tid']] = $subscription;
3779              }
3780          }
3781  
3782          if(is_array($subscriptions))
3783          {
3784              $tids = implode(",", array_keys($subscriptions));
3785  
3786              // Checking read
3787              if($mybb->settings['threadreadcut'] > 0)
3788              {
3789                  $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3790                  while($readthread = $db->fetch_array($query))
3791                  {
3792                      if($readthread['dateline'] >= $subscriptions[$readthread['tid']]['lastpost'])
3793                      {
3794                          unset($subscriptions[$readthread['tid']]); // If it's already been read, then don't display the thread
3795                      }
3796                      else
3797                      {
3798                          $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
3799                      }
3800                  }
3801              }
3802  
3803              if($subscriptions)
3804              {
3805                  if($mybb->settings['dotfolders'] != 0)
3806                  {
3807                      $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3808                      while($post = $db->fetch_array($query))
3809                      {
3810                          $subscriptions[$post['tid']]['doticon'] = 1;
3811                      }
3812                  }
3813  
3814                  $icon_cache = $cache->read("posticons");
3815                  $threadprefixes = build_prefixes();
3816  
3817                  foreach($subscriptions as $thread)
3818                  {
3819                      $folder = '';
3820                      $folder_label = '';
3821                      $gotounread = '';
3822  
3823                      if($thread['tid'])
3824                      {
3825                          $bgcolor = alt_trow();
3826                          $thread['subject'] = $parser->parse_badwords($thread['subject']);
3827                          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
3828                          $thread['threadlink'] = get_thread_link($thread['tid']);
3829                          $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
3830  
3831                          // If this thread has a prefix...
3832                          if($thread['prefix'] != 0 && !empty($threadprefixes[$thread['prefix']]))
3833                          {
3834                              $thread['displayprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'].'&nbsp;';
3835                          }
3836                          else
3837                          {
3838                              $thread['displayprefix'] = '';
3839                          }
3840  
3841                          // Icons
3842                          if($thread['icon'] > 0 && isset($icon_cache[$thread['icon']]))
3843                          {
3844                              $icon = $icon_cache[$thread['icon']];
3845                              $icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);
3846                              $icon['path'] = htmlspecialchars_uni($icon['path']);
3847                              $icon['name'] = htmlspecialchars_uni($icon['name']);
3848                              eval("\$icon = \"".$templates->get("usercp_subscriptions_thread_icon")."\";");
3849                          }
3850                          else
3851                          {
3852                              $icon = "&nbsp;";
3853                          }
3854  
3855                          if($thread['doticon'])
3856                          {
3857                              $folder = "dot_";
3858                              $folder_label .= $lang->icon_dot;
3859                          }
3860  
3861                          // Check to see which icon we display
3862                          if($thread['lastread'] && $thread['lastread'] < $thread['lastpost'])
3863                          {
3864                              $folder .= "new";
3865                              $folder_label .= $lang->icon_new;
3866                              $new_class = "subject_new";
3867                              $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
3868                              eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
3869                          }
3870                          else
3871                          {
3872                              $folder_label .= $lang->icon_no_new;
3873                              $new_class = "subject_old";
3874                          }
3875  
3876                          $folder .= "folder";
3877  
3878                          if($thread['visible'] == 0)
3879                          {
3880                              $bgcolor = "trow_shaded";
3881                          }
3882  
3883                          $lastpostdate = my_date('relative', $thread['lastpost']);
3884                          $lastposter = htmlspecialchars_uni($thread['lastposter']);
3885                          $lastposteruid = $thread['lastposteruid'];
3886  
3887                          if($lastposteruid == 0)
3888                          {
3889                              $lastposterlink = $lastposter;
3890                          }
3891                          else
3892                          {
3893                              $lastposterlink = build_profile_link($lastposter, $lastposteruid);
3894                          }
3895  
3896                          $thread['replies'] = my_number_format($thread['replies']);
3897                          $thread['views'] = my_number_format($thread['views']);
3898                          $thread['username'] = htmlspecialchars_uni($thread['username']);
3899                          $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
3900  
3901                          eval("\$latest_subscribed_threads .= \"".$templates->get("usercp_latest_subscribed_threads")."\";");
3902                      }
3903                  }
3904                  eval("\$latest_subscribed = \"".$templates->get("usercp_latest_subscribed")."\";");
3905              }
3906          }
3907      }
3908  
3909      // User's Latest Threads
3910  
3911      // Get unviewable forums
3912      $f_perm_sql = '';
3913      $unviewable_forums = get_unviewable_forums();
3914      $inactiveforums = get_inactive_forums();
3915      if($unviewable_forums)
3916      {
3917          $f_perm_sql = " AND t.fid NOT IN ($unviewable_forums)";
3918      }
3919      if($inactiveforums)
3920      {
3921          $f_perm_sql .= " AND t.fid NOT IN ($inactiveforums)";
3922      }
3923  
3924      $visible = " AND t.visible != 0";
3925      if(is_moderator() == true)
3926      {
3927          $visible = '';
3928      }
3929  
3930      $query = $db->query("
3931          SELECT t.*, t.username AS threadusername, u.username
3932          FROM ".TABLE_PREFIX."threads t
3933          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
3934          WHERE t.uid='".$mybb->user['uid']."' AND t.firstpost != 0 AND t.visible >= 0 {$visible}{$f_perm_sql}
3935          ORDER BY t.lastpost DESC
3936          LIMIT 0, 5
3937      ");
3938  
3939      // Figure out whether we can view these threads...
3940      $threadcache = array();
3941      $fpermissions = forum_permissions();
3942      while($thread = $db->fetch_array($query))
3943      {
3944          // Moderated, and not moderator?
3945          if($thread['visible'] == 0 && is_moderator($thread['fid'], "canviewunapprove") === false)
3946          {
3947              continue;
3948          }
3949  
3950          $forumpermissions = $fpermissions[$thread['fid']];
3951          if($for