| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 define("IN_MYBB", 1); 13 define("IGNORE_CLEAN_VARS", "sid"); 14 define('THIS_SCRIPT', 'private.php'); 15 16 $templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage"; 17 $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_empty,private_archive_txt,private_archive_csv,private_archive_html"; 18 $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button"; 19 $templatelist .= ",private_messagebit,codebuttons,smilieinsert,smilieinsert_getmore,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to,postbit_online,postbit_find,postbit_pm,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm"; 20 $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients"; 21 $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc"; 22 $templatelist .= ",private_archive,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_gotopost,usercp_nav_messenger_tracking,multipage_prevpage"; 23 24 require_once "./global.php"; 25 require_once MYBB_ROOT."inc/functions_post.php"; 26 require_once MYBB_ROOT."inc/functions_user.php"; 27 require_once MYBB_ROOT."inc/class_parser.php"; 28 $parser = new postParser; 29 30 // Load global language phrases 31 $lang->load("private"); 32 33 if($mybb->settings['enablepms'] == 0) 34 { 35 error($lang->pms_disabled); 36 } 37 38 if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0) 39 { 40 error_no_permission(); 41 } 42 43 if(!$mybb->user['pmfolders']) 44 { 45 $mybb->user['pmfolders'] = "1**$%%$2**$%%$3**$%%$4**"; 46 47 $sql_array = array( 48 "pmfolders" => $mybb->user['pmfolders'] 49 ); 50 $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']); 51 } 52 53 // On a random occassion, recount the users pm's just to make sure everything is in sync. 54 $rand = my_rand(0, 9); 55 if($rand == 5) 56 { 57 update_pm_count(); 58 } 59 60 $foldersearch = "<select multiple=\"multiple\" name=\"folder[]\" id=\"folder\">\n"; 61 $foldersearch .= "<option selected=\"selected\">{$lang->all_folders}</option>\n"; 62 $folderjump = "<select name=\"jumpto\">\n"; 63 $folderoplist = "<input type=\"hidden\" value=\"".intval($mybb->input['fid'])."\" name=\"fromfid\" />\n<select name=\"fid\">\n"; 64 $folderjump2 = "<select name=\"jumpto2\">\n"; 65 66 $foldernames = array(); 67 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 68 foreach($foldersexploded as $key => $folders) 69 { 70 $folderinfo = explode("**", $folders, 2); 71 if($mybb->input['fid'] == $folderinfo[0]) 72 { 73 $sel = ' selected="selected"'; 74 } 75 else 76 { 77 $sel = ''; 78 } 79 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 80 $foldernames[$folderinfo[0]] = $folderinfo[1]; 81 $folderjump .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n"; 82 $folderjump2 .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n"; 83 $folderoplist .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n"; 84 $foldersearch .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n"; 85 $folderlinks .= "• <a href=\"private.php?fid=$folderinfo[0]\">$folderinfo[1]</a><br />\n"; 86 } 87 $folderjump .= "</select>\n"; 88 $folderjump2 .= "</select>\n"; 89 $folderoplist .= "</select>\n"; 90 $foldersearch .= "</select>\n"; 91 92 usercp_menu(); 93 94 95 // Make navigation 96 add_breadcrumb($lang->nav_pms, "private.php"); 97 98 switch($mybb->input['action']) 99 { 100 case "send": 101 add_breadcrumb($lang->nav_send); 102 break; 103 case "tracking": 104 add_breadcrumb($lang->nav_tracking); 105 break; 106 case "folders": 107 add_breadcrumb($lang->nav_folders); 108 break; 109 case "empty": 110 add_breadcrumb($lang->nav_empty); 111 break; 112 case "export": 113 add_breadcrumb($lang->nav_export); 114 break; 115 case "advanced_search": 116 add_breadcrumb($lang->nav_search); 117 break; 118 case "results": 119 add_breadcrumb($lang->nav_results); 120 break; 121 } 122 123 if($mybb->input['preview']) 124 { 125 $mybb->input['action'] = "send"; 126 } 127 128 if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->input['quick_search'] || !$mybb->input['hop'] && !$mybb->input['moveto'] && !$mybb->input['delete'])) && $mybb->request_method == "post") 129 { 130 $plugins->run_hooks("private_do_search_start"); 131 132 // Simulate coming from our advanced search form with some preset options 133 if($mybb->input['quick_search']) 134 { 135 $mybb->input['action'] = "do_search"; 136 $mybb->input['subject'] = 1; 137 $mybb->input['message'] = 1; 138 $mybb->input['folder'] = $mybb->input['fid']; 139 unset($mybb->input['jumpto']); 140 unset($mybb->input['fromfid']); 141 } 142 143 // Check if search flood checking is enabled and user is not admin 144 if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1) 145 { 146 // Fetch the time this user last searched 147 $timecut = TIME_NOW-$mybb->settings['searchfloodtime']; 148 $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC")); 149 $last_search = $db->fetch_array($query); 150 // Users last search was within the flood time, show the error 151 if($last_search['sid']) 152 { 153 $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']); 154 if($remaining_time == 1) 155 { 156 $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']); 157 } 158 else 159 { 160 $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time); 161 } 162 error($lang->error_searchflooding); 163 } 164 } 165 166 if($mybb->input['subject'] != 1 && $mybb->input['message'] != 1) 167 { 168 error($lang->error_nosearchresults); 169 } 170 171 if($mybb->input['message'] == 1) 172 { 173 $resulttype = "pmmessages"; 174 } 175 else 176 { 177 $resulttype = "pmsubjects"; 178 } 179 180 $search_data = array( 181 "keywords" => $mybb->input['keywords'], 182 "subject" => $mybb->input['subject'], 183 "message" => $mybb->input['message'], 184 "sender" => $mybb->input['sender'], 185 "status" => $mybb->input['status'], 186 "folder" => $mybb->input['folder'], 187 ); 188 189 if($db->can_search == true) 190 { 191 require_once MYBB_ROOT."inc/functions_search.php"; 192 193 $search_results = privatemessage_perform_search_mysql($search_data); 194 } 195 else 196 { 197 error($lang->error_no_search_support); 198 } 199 $sid = md5(uniqid(microtime(), 1)); 200 $searcharray = array( 201 "sid" => $db->escape_string($sid), 202 "uid" => $mybb->user['uid'], 203 "dateline" => TIME_NOW, 204 "ipaddress" => $db->escape_string($session->ipaddress), 205 "threads" => '', 206 "posts" => '', 207 "resulttype" => $resulttype, 208 "querycache" => $search_results['querycache'], 209 "keywords" => $db->escape_string($mybb->input['keywords']), 210 ); 211 $plugins->run_hooks("private_do_search_process"); 212 213 $db->insert_query("searchlog", $searcharray); 214 215 // Sender sort won't work yet 216 $sortby = array('subject', 'sender', 'dateline'); 217 218 if(in_array($mybb->input['sort'], $sortby)) 219 { 220 $sortby = $mybb->input['sort']; 221 } 222 else 223 { 224 $sortby = "dateline"; 225 } 226 227 if(my_strtolower($mybb->input['sortordr']) == "asc" || my_strtolower($mybb->input['sortordr']) == "desc") 228 { 229 $sortorder = $mybb->input['sortordr']; 230 } 231 else 232 { 233 $sortorder = "desc"; 234 } 235 236 $plugins->run_hooks("private_do_search_end"); 237 redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults); 238 } 239 240 if($mybb->input['action'] == "results") 241 { 242 $sid = $db->escape_string($mybb->input['sid']); 243 $query = $db->simple_select("searchlog", "*", "sid='{$sid}' AND uid='{$mybb->user['uid']}'"); 244 $search = $db->fetch_array($query); 245 246 if(!$search['sid']) 247 { 248 error($lang->error_invalidsearch); 249 } 250 251 $plugins->run_hooks("private_results_start"); 252 253 // Decide on our sorting fields and sorting order. 254 $order = my_strtolower(htmlspecialchars_uni($mybb->input['order'])); 255 $sortby = my_strtolower(htmlspecialchars_uni($mybb->input['sortby'])); 256 257 $sortby_accepted = array('subject', 'username', 'dateline'); 258 259 if(in_array($sortby, $sortby_accepted)) 260 { 261 $query_sortby = $sortby; 262 263 if($query_sortby == "username") 264 { 265 $query_sortby = "fromusername"; 266 } 267 } 268 else 269 { 270 $sortby = $query_sortby = "dateline"; 271 } 272 273 if($order != "asc") 274 { 275 $order = "desc"; 276 } 277 278 if(!$mybb->settings['threadsperpage']) 279 { 280 $mybb->settings['threadsperpage'] = 20; 281 } 282 283 // Work out pagination, which page we're at, as well as the limits. 284 $perpage = $mybb->settings['threadsperpage']; 285 $page = intval($mybb->input['page']); 286 if($page > 0) 287 { 288 $start = ($page-1) * $perpage; 289 } 290 else 291 { 292 $start = 0; 293 $page = 1; 294 } 295 $end = $start + $perpage; 296 $lower = $start+1; 297 $upper = $end; 298 299 // Work out if we have terms to highlight 300 $highlight = ""; 301 if($search['keywords']) 302 { 303 $highlight = "&highlight=".urlencode($search['keywords']); 304 } 305 306 // Do Multi Pages 307 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")"); 308 $pmscount = $db->fetch_array($query); 309 310 if($upper > $threadcount) 311 { 312 $upper = $threadcount; 313 } 314 $multipage = multipage($pmscount['total'], $perpage, $page, "private.php?action=results&sid=".htmlspecialchars_uni($mybb->input['sid'])."&sortby={$sortby}&order={$order}"); 315 $messagelist = ''; 316 317 $icon_cache = $cache->read("posticons"); 318 319 // Cache users in multiple recipients for sent & drafts folder 320 // Get all recipients into an array 321 $cached_users = $get_users = array(); 322 $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order)); 323 while($row = $db->fetch_array($users_query)) 324 { 325 $recipients = unserialize($row['recipients']); 326 if(is_array($recipients['to']) && count($recipients['to'])) 327 { 328 $get_users = array_merge($get_users, $recipients['to']); 329 } 330 331 if(is_array($recipients['bcc']) && count($recipients['bcc'])) 332 { 333 $get_users = array_merge($get_users, $recipients['bcc']); 334 } 335 } 336 337 $get_users = implode(',', array_unique($get_users)); 338 339 // Grab info 340 if($get_users) 341 { 342 $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})"); 343 while($user = $db->fetch_array($users_query)) 344 { 345 $cached_users[$user['uid']] = $user; 346 } 347 } 348 349 $query = $db->query(" 350 SELECT pm.*, fu.username AS fromusername, tu.username as tousername 351 FROM ".TABLE_PREFIX."privatemessages pm 352 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 353 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 354 WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}' 355 ORDER BY pm.{$query_sortby} {$order} 356 LIMIT {$start}, {$perpage} 357 "); 358 while($message = $db->fetch_array($query)) 359 { 360 $msgalt = $msgsuffix = $msgprefix = ''; 361 362 // Determine Folder Icon 363 if($message['status'] == 0) 364 { 365 $msgfolder = 'new_pm.gif'; 366 $msgalt = $lang->new_pm; 367 $msgprefix = "<strong>"; 368 $msgsuffix = "</strong>"; 369 } 370 elseif($message['status'] == 1) 371 { 372 $msgfolder = 'old_pm.gif'; 373 $msgalt = $lang->old_pm; 374 } 375 elseif($message['status'] == 3) 376 { 377 $msgfolder = 're_pm.gif'; 378 $msgalt = $lang->reply_pm; 379 } 380 else if($message['status'] == 4) 381 { 382 $msgfolder = 'fw_pm.gif'; 383 $msgalt = $lang->fwd_pm; 384 } 385 386 if($folder == 2 || $folder == 3) 387 { 388 // Sent Items or Drafts Folder Check 389 $recipients = unserialize($message['recipients']); 390 $to_users = $bcc_users = ''; 391 if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && count($recipients['bcc']) > 0)) 392 { 393 foreach($recipients['to'] as $uid) 394 { 395 $profilelink = get_profile_link($uid); 396 $user = $cached_users[$uid]; 397 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 398 eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 399 } 400 if(is_array($recipients['bcc']) && count($recipients['bcc'])) 401 { 402 eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";"); 403 foreach($recipients['bcc'] as $uid) 404 { 405 $profilelink = get_profile_link($uid); 406 $user = $cached_users[$uid]; 407 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 408 eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 409 } 410 } 411 412 eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";"); 413 } 414 else if($message['toid']) 415 { 416 $tofromusername = $message['tousername']; 417 $tofromuid = $message['toid']; 418 } 419 else 420 { 421 $tofromusername = $lang->not_sent; 422 } 423 } 424 else 425 { 426 $tofromusername = $message['fromusername']; 427 $tofromuid = $message['fromid']; 428 if($tofromuid == 0) 429 { 430 $tofromusername = $lang->mybb_engine; 431 } 432 } 433 434 $tofromusername = build_profile_link($tofromusername, $tofromuid); 435 436 $denyreceipt = ''; 437 438 if($message['icon'] > 0 && $icon_cache[$message['icon']]) 439 { 440 $icon = $icon_cache[$message['icon']]; 441 $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" align=\"center\" valign=\"middle\" />"; 442 } 443 else 444 { 445 $icon = '	'; 446 } 447 448 if(!trim($message['subject'])) 449 { 450 $message['subject'] = $lang->pm_no_subject; 451 } 452 453 $message['subject'] = $parser->parse_badwords($message['subject']); 454 455 if(my_strlen($message['subject']) > 50) 456 { 457 $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."..."); 458 } 459 else 460 { 461 $message['subject'] = htmlspecialchars_uni($message['subject']); 462 } 463 464 if($message['folder'] != "3") 465 { 466 $sendpmdate = my_date($mybb->settings['dateformat'], $message['dateline']); 467 $sendpmtime = my_date($mybb->settings['timeformat'], $message['dateline']); 468 $senddate = $sendpmdate.", ".$sendpmtime; 469 } 470 else 471 { 472 $senddate = $lang->not_sent; 473 } 474 475 $foldername = $foldernames[$message['folder']]; 476 477 // What we do here is parse the post using our post parser, then strip the tags from it 478 $parser_options = array( 479 'allow_html' => 0, 480 'allow_mycode' => 1, 481 'allow_smilies' => 0, 482 'allow_imgcode' => 0, 483 'filter_badwords' => 1 484 ); 485 $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options)); 486 if(my_strlen($message['message']) > 200) 487 { 488 $message['message'] = my_substr($message['message'], 0, 200)."..."; 489 } 490 491 eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";"); 492 } 493 494 if($db->num_rows($query) == 0) 495 { 496 eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";"); 497 } 498 499 $plugins->run_hooks("private_results_end"); 500 501 eval("\$results = \"".$templates->get("private_search_results")."\";"); 502 output_page($results); 503 } 504 505 if($mybb->input['action'] == "advanced_search") 506 { 507 $plugins->run_hooks("private_advanced_search"); 508 509 eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";"); 510 511 output_page($advanced_search); 512 } 513 514 // Dismissing a new/unread PM notice 515 if($mybb->input['action'] == "dismiss_notice") 516 { 517 if($mybb->user['pmnotice'] != 2) 518 { 519 exit; 520 } 521 522 // Verify incoming POST request 523 verify_post_check($mybb->input['my_post_key']); 524 525 $updated_user = array( 526 "pmnotice" => 1 527 ); 528 $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'"); 529 530 if($mybb->input['ajax']) 531 { 532 echo 1; 533 exit; 534 } 535 else 536 { 537 header("Location: index.php"); 538 exit; 539 } 540 } 541 542 $send_errors = ''; 543 544 if($mybb->input['action'] == "do_send" && $mybb->request_method == "post") 545 { 546 if($mybb->usergroup['cansendpms'] == 0) 547 { 548 error_no_permission(); 549 } 550 551 // Verify incoming POST request 552 verify_post_check($mybb->input['my_post_key']); 553 554 $plugins->run_hooks("private_send_do_send"); 555 556 // Attempt to see if this PM is a duplicate or not 557 $time_cutoff = TIME_NOW - (5 * 60 * 60); 558 $query = $db->query(" 559 SELECT pm.pmid 560 FROM ".TABLE_PREFIX."privatemessages pm 561 LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid) 562 WHERE u.username='".$db->escape_string($mybb->input['to'])."' AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->input['subject'])."' AND pm.message='".$db->escape_string($mybb->input['message'])."' AND pm.folder!='3' 563 "); 564 $duplicate_check = $db->fetch_field($query, "pmid"); 565 if($duplicate_check) 566 { 567 error($lang->error_pm_already_submitted); 568 } 569 570 require_once MYBB_ROOT."inc/datahandlers/pm.php"; 571 $pmhandler = new PMDataHandler(); 572 573 $pm = array( 574 "subject" => $mybb->input['subject'], 575 "message" => $mybb->input['message'], 576 "icon" => $mybb->input['icon'], 577 "fromid" => $mybb->user['uid'], 578 "do" => $mybb->input['do'], 579 "pmid" => $mybb->input['pmid'] 580 ); 581 582 // Split up any recipients we have 583 $pm['to'] = explode(",", $mybb->input['to']); 584 $pm['to'] = array_map("trim", $pm['to']); 585 if(!empty($mybb->input['bcc'])) 586 { 587 $pm['bcc'] = explode(",", $mybb->input['bcc']); 588 $pm['bcc'] = array_map("trim", $pm['bcc']); 589 } 590 591 if(!$mybb->usergroup['cantrackpms']) 592 { 593 $mybb->input['options']['readreceipt'] = false; 594 } 595 596 $pm['options'] = array( 597 "signature" => $mybb->input['options']['signature'], 598 "disablesmilies" => $mybb->input['options']['disablesmilies'], 599 "savecopy" => $mybb->input['options']['savecopy'], 600 "readreceipt" => $mybb->input['options']['readreceipt'] 601 ); 602 603 if($mybb->input['saveasdraft']) 604 { 605 $pm['saveasdraft'] = 1; 606 } 607 $pmhandler->set_data($pm); 608 609 // Now let the pm handler do all the hard work. 610 if(!$pmhandler->validate_pm()) 611 { 612 $pm_errors = $pmhandler->get_friendly_errors(); 613 $send_errors = inline_error($pm_errors); 614 $mybb->input['action'] = "send"; 615 } 616 else 617 { 618 $pminfo = $pmhandler->insert_pm(); 619 $plugins->run_hooks("private_do_send_end"); 620 621 if(isset($pminfo['draftsaved'])) 622 { 623 redirect("private.php", $lang->redirect_pmsaved); 624 } 625 else 626 { 627 redirect("private.php", $lang->redirect_pmsent); 628 } 629 } 630 } 631 632 if($mybb->input['action'] == "send") 633 { 634 if($mybb->usergroup['cansendpms'] == 0) 635 { 636 error_no_permission(); 637 } 638 639 $plugins->run_hooks("private_send_start"); 640 641 $smilieinserter = $codebuttons = ''; 642 643 if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 644 { 645 $codebuttons = build_mycode_inserter(); 646 if($mybb->settings['pmsallowsmilies'] != 0) 647 { 648 $smilieinserter = build_clickable_smilies(); 649 } 650 } 651 652 $lang->post_icon = $lang->message_icon; 653 654 $posticons = get_post_icons(); 655 $message = htmlspecialchars_uni($parser->parse_badwords($mybb->input['message'])); 656 $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->input['subject'])); 657 658 if($mybb->input['preview'] || $send_errors) 659 { 660 $options = $mybb->input['options']; 661 if($options['signature'] == 1) 662 { 663 $optionschecked['signature'] = 'checked="checked"'; 664 } 665 if($options['disablesmilies'] == 1) 666 { 667 $optionschecked['disablesmilies'] = 'checked="checked"'; 668 } 669 if($options['savecopy'] != 0) 670 { 671 $optionschecked['savecopy'] = 'checked="checked"'; 672 } 673 if($options['readreceipt'] != 0) 674 { 675 $optionschecked['readreceipt'] = 'checked="checked"'; 676 } 677 $to = htmlspecialchars_uni($mybb->input['to']); 678 $bcc = htmlspecialchars_uni($mybb->input['bcc']); 679 } 680 681 // Preview 682 if($mybb->input['preview']) 683 { 684 $options = $mybb->input['options']; 685 $query = $db->query(" 686 SELECT u.username AS userusername, u.*, f.* 687 FROM ".TABLE_PREFIX."users u 688 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 689 WHERE u.uid='".$mybb->user['uid']."' 690 "); 691 692 $post = $db->fetch_array($query); 693 694 $post['userusername'] = $mybb->user['username']; 695 $post['postusername'] = $mybb->user['username']; 696 $post['message'] = $mybb->input['message']; 697 $post['subject'] = htmlspecialchars_uni($mybb->input['subject']); 698 $post['icon'] = $mybb->input['icon']; 699 $post['smilieoff'] = $options['disablesmilies']; 700 $post['dateline'] = TIME_NOW; 701 702 if(!$options['signature']) 703 { 704 $post['includesig'] = 0; 705 } 706 else 707 { 708 $post['includesig'] = 1; 709 } 710 711 // Merge usergroup data from the cache 712 $data_key = array( 713 'title' => 'grouptitle', 714 'usertitle' => 'groupusertitle', 715 'stars' => 'groupstars', 716 'starimage' => 'groupstarimage', 717 'image' => 'groupimage', 718 'namestyle' => 'namestyle', 719 'usereputationsystem' => 'usereputationsystem' 720 ); 721 722 foreach($data_key as $field => $key) 723 { 724 $post[$key] = $groupscache[$post['usergroup']][$field]; 725 } 726 727 $postbit = build_postbit($post, 2); 728 eval("\$preview = \"".$templates->get("previewpost")."\";"); 729 } 730 else if(!$send_errors) 731 { 732 // New PM, so load default settings 733 if($mybb->user['signature'] != '') 734 { 735 $optionschecked['signature'] = 'checked="checked"'; 736 } 737 if($mybb->usergroup['cantrackpms'] == 1) 738 { 739 $optionschecked['readreceipt'] = 'checked="checked"'; 740 } 741 $optionschecked['savecopy'] = 'checked="checked"'; 742 } 743 744 // Draft, reply, forward 745 if($mybb->input['pmid'] && !$mybb->input['preview'] && !$send_errors) 746 { 747 $query = $db->query(" 748 SELECT pm.*, u.username AS quotename 749 FROM ".TABLE_PREFIX."privatemessages pm 750 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid) 751 WHERE pm.pmid='{$mybb->input['pmid']}' AND pm.uid='{$mybb->user['uid']}' 752 "); 753 754 $pm = $db->fetch_array($query); 755 $message = htmlspecialchars_uni($parser->parse_badwords($pm['message'])); 756 $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); 757 758 if($pm['folder'] == "3") 759 { 760 // message saved in drafts 761 $mybb->input['uid'] = $pm['toid']; 762 763 if($pm['includesig'] == 1) 764 { 765 $optionschecked['signature'] = 'checked="checked"'; 766 } 767 if($pm['smilieoff'] == 1) 768 { 769 $optionschecked['disablesmilies'] = 'checked="checked"'; 770 } 771 if($pm['receipt']) 772 { 773 $optionschecked['readreceipt'] = 'checked="checked"'; 774 } 775 776 // Get list of recipients 777 $recipients = unserialize($pm['recipients']); 778 $comma = ''; 779 if(isset($recipients['to']) && is_array($recipients['to'])) 780 { 781 foreach($recipients['to'] as $recipient) 782 { 783 $recipient_list['to'][] = $recipient; 784 $recipientids .= $comma.$recipient; 785 $comma = ','; 786 } 787 } 788 789 if(isset($recipients['bcc']) && is_array($recipients['bcc'])) 790 { 791 foreach($recipients['bcc'] as $recipient) 792 { 793 $recipient_list['bcc'][] = $recipient; 794 $recipientids .= $comma.$recipient; 795 $comma = ','; 796 } 797 } 798 799 if(!empty($recipientids)) 800 { 801 $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})"); 802 while($user = $db->fetch_array($query)) 803 { 804 if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc'])) 805 { 806 $bcc .= htmlspecialchars_uni($user['username']).', '; 807 } 808 else 809 { 810 $to .= htmlspecialchars_uni($user['username']).', '; 811 } 812 } 813 } 814 } 815 else 816 { 817 // forward/reply 818 $subject = preg_replace("#(FW|RE):( *)#is", '', $subject); 819 $postdate = my_date($mybb->settings['dateformat'], $pm['dateline']); 820 $posttime = my_date($mybb->settings['timeformat'], $pm['dateline']); 821 $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]"; 822 $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message); 823 824 if($mybb->input['do'] == 'forward') 825 { 826 $subject = "Fw: $subject"; 827 } 828 elseif($mybb->input['do'] == 'reply') 829 { 830 $subject = "Re: $subject"; 831 $uid = $pm['fromid']; 832 if($mybb->user['uid'] == $uid) 833 { 834 $to = $mybb->user['username']; 835 } 836 else 837 { 838 $query = $db->simple_select('users', 'username', "uid='{$uid}'"); 839 $to = $db->fetch_field($query, 'username'); 840 } 841 $to = htmlspecialchars_uni($to); 842 } 843 else if($mybb->input['do'] == 'replyall') 844 { 845 $subject = "Re: $subject"; 846 847 // Get list of recipients 848 $recipients = unserialize($pm['recipients']); 849 $recipientids = $pm['fromid']; 850 if(isset($recipients['to']) && is_array($recipients['to'])) 851 { 852 foreach($recipients['to'] as $recipient) 853 { 854 if($recipient == $mybb->user['uid']) 855 { 856 continue; 857 } 858 $recipientids .= ','.$recipient; 859 } 860 } 861 $comma = ''; 862 $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})"); 863 while($user = $db->fetch_array($query)) 864 { 865 $to .= $comma.htmlspecialchars_uni($user['username']); 866 $comma = $lang->comma; 867 } 868 } 869 } 870 } 871 872 // New PM with recipient preset 873 if($mybb->input['uid'] && !$mybb->input['preview']) 874 { 875 $query = $db->simple_select('users', 'username', "uid='".$db->escape_string($mybb->input['uid'])."'"); 876 $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', '; 877 } 878 879 $max_recipients = ''; 880 if($mybb->usergroup['maxpmrecipients'] > 0) 881 { 882 $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']); 883 } 884 885 if($send_errors) 886 { 887 $to = htmlspecialchars_uni($mybb->input['to']); 888 $bcc = htmlspecialchars_uni($mybb->input['bcc']); 889 } 890 891 // Load the auto complete javascript if it is enabled. 892 eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";"); 893 894 $pmid = $mybb->input['pmid']; 895 $do = $mybb->input['do']; 896 if($do != "forward" && $do != "reply" && $do != "replyall") 897 { 898 $do = ''; 899 } 900 901 // See if it's actually worth showing the buddylist icon. 902 if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1) 903 { 904 $buddy_select = 'to'; 905 eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";"); 906 $buddy_select = 'bcc'; 907 eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";"); 908 } 909 910 // Hide tracking option if no permission 911 $private_send = $templates->get("private_send"); 912 $tracking = ''; 913 if($mybb->usergroup['cantrackpms']) 914 { 915 $tracking = $templates->get("private_send_tracking"); 916 } 917 eval("\$private_send_tracking = \"".$tracking."\";"); 918 919 // Hide signature option if no permission 920 $option_signature = ''; 921 if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature']) 922 { 923 $option_signature = $templates->get('private_send_signature'); 924 } 925 eval("\$private_send_signature = \"".$option_signature."\";"); 926 927 $plugins->run_hooks("private_send_end"); 928 929 eval("\$send = \"".$private_send."\";"); 930 output_page($send); 931 } 932 933 if($mybb->input['action'] == "read") 934 { 935 $plugins->run_hooks("private_read"); 936 937 $pmid = intval($mybb->input['pmid']); 938 939 $query = $db->query(" 940 SELECT pm.*, u.*, f.* 941 FROM ".TABLE_PREFIX."privatemessages pm 942 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid) 943 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 944 WHERE pm.pmid='".intval($mybb->input['pmid'])."' AND pm.uid='".$mybb->user['uid']."' 945 "); 946 $pm = $db->fetch_array($query); 947 if($pm['folder'] == 3) 948 { 949 header("Location: private.php?action=send&pmid={$pm['pmid']}"); 950 exit; 951 } 952 953 if(!$pm['pmid']) 954 { 955 error($lang->error_invalidpm); 956 } 957 958 // If we've gotten a PM, attach the group info 959 $data_key = array( 960 'title' => 'grouptitle', 961 'usertitle' => 'groupusertitle', 962 'stars' => 'groupstars', 963 'starimage' => 'groupstarimage', 964 'image' => 'groupimage', 965 'namestyle' => 'namestyle' 966 ); 967 968 foreach($data_key as $field => $key) 969 { 970 $pm[$key] = $groupscache[$pm['usergroup']][$field]; 971 } 972 973 if($pm['receipt'] == 1) 974 { 975 if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->input['denyreceipt'] == 1) 976 { 977 $receiptadd = 0; 978 } 979 else 980 { 981 $receiptadd = 2; 982 } 983 } 984 985 if($pm['status'] == 0) 986 { 987 $time = TIME_NOW; 988 $updatearray = array( 989 'status' => 1, 990 'readtime' => $time 991 ); 992 993 if(isset($receiptadd)) 994 { 995 $updatearray['receipt'] = $receiptadd; 996 } 997 998 $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'"); 999 1000 // Update the unread count - it has now changed. 1001 update_pm_count($mybb->user['uid'], 6); 1002 1003 // Update PM notice value if this is our last unread PM 1004 if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2) 1005 { 1006 $updated_user = array( 1007 "pmnotice" => 1 1008 ); 1009 $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'"); 1010 } 1011 } 1012 // Replied PM? 1013 else if($pm['status'] == 3 && $pm['statustime']) 1014 { 1015 $reply_date = my_date($mybb->settings['dateformat'], $pm['statustime']); 1016 1017 if($reply_date == $lang->today || $reply_date == $lang->yesterday) 1018 { 1019 $reply_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']); 1020 $actioned_on = $lang->sprintf($lang->you_replied, $reply_date); 1021 } 1022 else 1023 { 1024 $reply_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']); 1025 $actioned_on = $lang->sprintf($lang->you_replied_on, $reply_date); 1026 } 1027 1028 eval("\$action_time = \"".$templates->get("private_read_action")."\";"); 1029 } 1030 else if($pm['status'] == 4 && $pm['statustime']) 1031 { 1032 $forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']); 1033 1034 if(strpos($forward_date, $lang->today) !== false || strpos($forward_date, $lang->yesterday) !== false) 1035 { 1036 $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']); 1037 $actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date); 1038 } 1039 else 1040 { 1041 $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']); 1042 $actioned_on = $lang->sprintf($lang->you_forwarded_on, $forward_date); 1043 } 1044 1045 eval("\$action_time = \"".$templates->get("private_read_action")."\";"); 1046 } 1047 1048 $pm['userusername'] = $pm['username']; 1049 $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); 1050 1051 if($pm['fromid'] == 0) 1052 { 1053 $pm['username'] = $lang->mybb_engine; 1054 } 1055 1056 if(!$pm['username']) 1057 { 1058 $pm['username'] = $lang->na; 1059 } 1060 1061 // Fetch the recipients for this message 1062 $pm['recipients'] = @unserialize($pm['recipients']); 1063 1064 if(is_array($pm['recipients']['to'])) 1065 { 1066 $uid_sql = implode(',', $pm['recipients']['to']); 1067 } 1068 else 1069 { 1070 $uid_sql = $pm['toid']; 1071 $pm['recipients']['to'] = array($pm['toid']); 1072 } 1073 1074 $show_bcc = 0; 1075 1076 // If we have any BCC recipients and this user is an Administrator, add them on to the query 1077 if(count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1) 1078 { 1079 $show_bcc = 1; 1080 $uid_sql .= ','.implode(',', $pm['recipients']['bcc']); 1081 } 1082 1083 // Fetch recipient names from the database 1084 $bcc_recipients = $to_recipients = array(); 1085 $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})"); 1086 while($recipient = $db->fetch_array($query)) 1087 { 1088 // User is a BCC recipient 1089 if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc'])) 1090 { 1091 $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']); 1092 } 1093 // User is a normal recipient 1094 else if(in_array($recipient['uid'], $pm['recipients']['to'])) 1095 { 1096 $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']); 1097 } 1098 } 1099 1100 if(count($bcc_recipients) > 0) 1101 { 1102 $bcc_recipients = implode(', ', $bcc_recipients); 1103 eval("\$bcc = \"".$templates->get("private_read_bcc")."\";"); 1104 } 1105 1106 $replyall = false; 1107 if(count($to_recipients) > 1) 1108 { 1109 $replyall = true; 1110 } 1111 1112 if(count($to_recipients) > 0) 1113 { 1114 $to_recipients = implode(", ", $to_recipients); 1115 } 1116 else 1117 { 1118 $to_recipients = $lang->nobody; 1119 } 1120 1121 eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";"); 1122 1123 add_breadcrumb($pm['subject']); 1124 $message = build_postbit($pm, 2); 1125 1126 $plugins->run_hooks("private_read_end"); 1127 1128 eval("\$read = \"".$templates->get("private_read")."\";"); 1129 output_page($read); 1130 } 1131 1132 if($mybb->input['action'] == "tracking") 1133 { 1134 if(!$mybb->usergroup['cantrackpms']) 1135 { 1136 error_no_permission(); 1137 } 1138 1139 $plugins->run_hooks("private_tracking_start"); 1140 $readmessages = ''; 1141 $unreadmessages = ''; 1142 1143 // Figure out if we need to display multiple pages. 1144 $perpage = $mybb->settings['postsperpage']; 1145 1146 $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'"); 1147 $postcount = $db->fetch_field($query, "readpms"); 1148 1149 $page = intval($mybb->input['read_page']); 1150 $pages = $postcount / $perpage; 1151 $pages = ceil($pages); 1152 1153 if($mybb->input['page'] == "last") 1154 { 1155 $page = $pages; 1156 } 1157 1158 if($page > $pages || $page <= 0) 1159 { 1160 $page = 1; 1161 } 1162 1163 if($page) 1164 { 1165 $start = ($page-1) * $perpage; 1166 } 1167 else 1168 { 1169 $start = 0; 1170 $page = 1; 1171 } 1172 1173 $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&read_page={page}"); 1174 1175 $query = $db->query(" 1176 SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername 1177 FROM ".TABLE_PREFIX."privatemessages pm 1178 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 1179 WHERE pm.receipt='2' AND pm.folder!='3' AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."' 1180 ORDER BY pm.readtime DESC 1181 LIMIT {$start}, {$perpage} 1182 "); 1183 while($readmessage = $db->fetch_array($query)) 1184 { 1185 $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject'])); 1186 $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']); 1187 $readdate = my_date($mybb->settings['dateformat'], $readmessage['readtime']); 1188 $readtime = my_date($mybb->settings['timeformat'], $readmessage['readtime']); 1189 eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";"); 1190 } 1191 1192 if(!$readmessages) 1193 { 1194 eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";"); 1195 } 1196 1197 $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'"); 1198 $postcount = $db->fetch_field($query, "unreadpms"); 1199 1200 $page = intval($mybb->input['unread_page']); 1201 $pages = $postcount / $perpage; 1202 $pages = ceil($pages); 1203 1204 if($mybb->input['page'] == "last") 1205 { 1206 $page = $pages; 1207 } 1208 1209 if($page > $pages || $page <= 0) 1210 { 1211 $page = 1; 1212 } 1213 1214 if($page) 1215 { 1216 $start = ($page-1) * $perpage; 1217 } 1218 else 1219 { 1220 $start = 0; 1221 $page = 1; 1222 } 1223 1224 $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&unread_page={page}"); 1225 1226 $query = $db->query(" 1227 SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername 1228 FROM ".TABLE_PREFIX."privatemessages pm 1229 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid) 1230 WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."' 1231 ORDER BY pm.dateline DESC 1232 LIMIT {$start}, {$perpage} 1233 "); 1234 while($unreadmessage = $db->fetch_array($query)) 1235 { 1236 $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject'])); 1237 $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']); 1238 $senddate = my_date($mybb->settings['dateformat'], $unreadmessage['dateline']); 1239 $sendtime = my_date($mybb->settings['timeformat'], $unreadmessage['dateline']); 1240 eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";"); 1241 } 1242 1243 if(!$unreadmessages) 1244 { 1245 $lang->no_readmessages = $lang->no_unreadmessages; 1246 eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";"); 1247 } 1248 1249 $plugins->run_hooks("private_tracking_end"); 1250 1251 eval("\$tracking = \"".$templates->get("private_tracking")."\";"); 1252 output_page($tracking); 1253 } 1254 if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post") 1255 { 1256 // Verify incoming POST request 1257 verify_post_check($mybb->input['my_post_key']); 1258 1259 $plugins->run_hooks("private_do_tracking_start"); 1260 1261 if($mybb->input['stoptracking']) 1262 { 1263 if(is_array($mybb->input['readcheck'])) 1264 { 1265 foreach($mybb->input['readcheck'] as $key => $val) 1266 { 1267 $sql_array = array( 1268 "receipt" => 0 1269 ); 1270 $db->update_query("privatemessages", $sql_array, "pmid=".intval($key)." AND fromid=".$mybb->user['uid']); 1271 } 1272 } 1273 $plugins->run_hooks("private_do_tracking_end"); 1274 redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped); 1275 } 1276 elseif($mybb->input['stoptrackingunread']) 1277 { 1278 if(is_array($mybb->input['unreadcheck'])) 1279 { 1280 foreach($mybb->input['unreadcheck'] as $key => $val) 1281 { 1282 $sql_array = array( 1283 "receipt" => 0 1284 ); 1285 $db->update_query("privatemessages", $sql_array, "pmid=".intval($key)." AND fromid=".$mybb->user['uid']); 1286 } 1287 } 1288 $plugins->run_hooks("private_do_tracking_end"); 1289 redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped); 1290 } 1291 elseif($mybb->input['cancel']) 1292 { 1293 if(is_array($mybb->input['unreadcheck'])) 1294 { 1295 foreach($mybb->input['unreadcheck'] as $pmid => $val) 1296 { 1297 $pmids[$pmid] = intval($pmid); 1298 } 1299 1300 $pmids = implode(",", $pmids); 1301 $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'"); 1302 while($pm = $db->fetch_array($query)) 1303 { 1304 $pmuids[$pm['uid']] = $pm['uid']; 1305 } 1306 1307 $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'"); 1308 foreach($pmuids as $uid) 1309 { 1310 // Message is canceled, update PM count for this user 1311 update_pm_count($uid); 1312 } 1313 } 1314 $plugins->run_hooks("private_do_tracking_end"); 1315 redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled); 1316 } 1317 } 1318 1319 if($mybb->input['action'] == "folders") 1320 { 1321 $plugins->run_hooks("private_folders_start"); 1322 1323 $folderlist = ''; 1324 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1325 foreach($foldersexploded as $key => $folders) 1326 { 1327 $folderinfo = explode("**", $folders, 2); 1328 $foldername = $folderinfo[1]; 1329 $fid = $folderinfo[0]; 1330 $foldername = get_pm_folder_name($fid, $foldername); 1331 1332 if($folderinfo[0] == "1" || $folderinfo[0] == "2" || $folderinfo[0] == "3" || $folderinfo[0] == "4") 1333 { 1334 $foldername2 = get_pm_folder_name($fid); 1335 eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";"); 1336 unset($name); 1337 } 1338 else 1339 { 1340 eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";"); 1341 } 1342 } 1343 1344 $newfolders = ''; 1345 for($i = 1; $i <= 5; ++$i) 1346 { 1347 $fid = "new$i"; 1348 $foldername = ''; 1349 eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";"); 1350 } 1351 1352 $plugins->run_hooks("private_folders_end"); 1353 1354 eval("\$folders = \"".$templates->get("private_folders")."\";"); 1355 output_page($folders); 1356 } 1357 1358 if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post") 1359 { 1360 // Verify incoming POST request 1361 verify_post_check($mybb->input['my_post_key']); 1362 1363 $plugins->run_hooks("private_do_folders_start"); 1364 1365 $highestid = 2; 1366 $folders = ''; 1367 @reset($mybb->input['folder']); 1368 foreach($mybb->input['folder'] as $key => $val) 1369 { 1370 if(!$donefolders[$val]) // Probably was a check for duplicate folder names, but doesn't seem to be used now 1371 { 1372 if(my_substr($key, 0, 3) == "new") // Create a new folder 1373 { 1374 ++$highestid; 1375 $fid = intval($highestid); 1376 } 1377 else // Editing an existing folder 1378 { 1379 if($key > $highestid) 1380 { 1381 $highestid = $key; 1382 } 1383 1384 $fid = intval($key); 1385 // Use default language strings if empty or value is language string 1386 switch($fid) 1387 { 1388 case 1: 1389 if($val == $lang->folder_inbox || trim($val) == '') 1390 { 1391 $val = ''; 1392 } 1393 break; 1394 case 2: 1395 if($val == $lang->folder_sent_items || trim($val) == '') 1396 { 1397 $val = ''; 1398 } 1399 break; 1400 case 3: 1401 if($val == $lang->folder_drafts || trim($val) == '') 1402 { 1403 $val = ''; 1404 } 1405 break; 1406 case 4: 1407 if($val == $lang->folder_trash || trim($val) == '') 1408 { 1409 $val = ''; 1410 } 1411 break; 1412 } 1413 } 1414 1415 if($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4)) 1416 { 1417 // If the name only contains whitespace and it's not a default folder, print an error 1418 error($lang->error_emptypmfoldername); 1419 } 1420 1421 1422 if($val != '' || ($key >= 1 && $key <= 4)) 1423 { 1424 // If there is a name or if this is a default folder, save it 1425 $foldername = utf8_handle_4byte_string($val); 1426 $foldername = $db->escape_string(htmlspecialchars_uni($foldername)); 1427 1428 if(my_strpos($foldername, "$%%$") === false) 1429 { 1430 if($folders != '') 1431 { 1432 $folders .= "$%%$"; 1433 } 1434 $folders .= "$fid**$foldername"; 1435 } 1436 else 1437 { 1438 error($lang->error_invalidpmfoldername); 1439 } 1440 } 1441 else 1442 { 1443 // Delete PMs from the folder 1444 $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'"); 1445 } 1446 } 1447 } 1448 1449 $sql_array = array( 1450 "pmfolders" => $folders 1451 ); 1452 $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'"); 1453 1454 // Update PM count 1455 update_pm_count(); 1456 1457 $plugins->run_hooks("private_do_folders_end"); 1458 1459 redirect("private.php", $lang->redirect_pmfoldersupdated); 1460 } 1461 1462 if($mybb->input['action'] == "empty") 1463 { 1464 $plugins->run_hooks("private_empty_start"); 1465 1466 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1467 $folderlist = ''; 1468 foreach($foldersexploded as $key => $folders) 1469 { 1470 $folderinfo = explode("**", $folders, 2); 1471 $fid = $folderinfo[0]; 1472 $foldername = get_pm_folder_name($fid, $folderinfo[1]); 1473 $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid' AND uid='".$mybb->user['uid']."'"); 1474 $thing = $db->fetch_array($query); 1475 $foldercount = my_number_format($thing['pmsinfolder']); 1476 eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";"); 1477 } 1478 1479 $plugins->run_hooks("private_empty_end"); 1480 1481 eval("\$folders = \"".$templates->get("private_empty")."\";"); 1482 output_page($folders); 1483 } 1484 1485 if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post") 1486 { 1487 // Verify incoming POST request 1488 verify_post_check($mybb->input['my_post_key']); 1489 1490 $plugins->run_hooks("private_do_empty_start"); 1491 1492 $emptyq = ''; 1493 if(is_array($mybb->input['empty'])) 1494 { 1495 foreach($mybb->input['empty'] as $key => $val) 1496 { 1497 if($val == 1) 1498 { 1499 $key = intval($key); 1500 if($emptyq) 1501 { 1502 $emptyq .= " OR "; 1503 } 1504 $emptyq .= "folder='$key'"; 1505 } 1506 } 1507 1508 if($emptyq != '') 1509 { 1510 if($mybb->input['keepunread'] == 1) 1511 { 1512 $keepunreadq = " AND status!='0'"; 1513 } 1514 $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."' $keepunreadq"); 1515 } 1516 } 1517 1518 // Update PM count 1519 update_pm_count(); 1520 1521 $plugins->run_hooks("private_do_empty_end"); 1522 redirect("private.php", $lang->redirect_pmfoldersemptied); 1523 } 1524 1525 if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post") 1526 { 1527 // Verify incoming POST request 1528 verify_post_check($mybb->input['my_post_key']); 1529 1530 $plugins->run_hooks("private_do_stuff"); 1531 1532 if($mybb->input['hop']) 1533 { 1534 header("Location: private.php?fid=".intval($mybb->input['jumpto'])); 1535 } 1536 elseif($mybb->input['moveto']) 1537 { 1538 if(is_array($mybb->input['check'])) 1539 { 1540 foreach($mybb->input['check'] as $key => $val) 1541 { 1542 $sql_array = array( 1543 "folder" => intval($mybb->input['fid']) 1544 ); 1545 $db->update_query("privatemessages", $sql_array, "pmid='".intval($key)."' AND uid='".$mybb->user['uid']."'"); 1546 } 1547 } 1548 // Update PM count 1549 update_pm_count(); 1550 1551 if(!empty($mybb->input['fromfid'])) 1552 { 1553 redirect("private.php?fid=".intval($mybb->input['fromfid']), $lang->redirect_pmsmoved); 1554 } 1555 else 1556 { 1557 redirect("private.php", $lang->redirect_pmsmoved); 1558 } 1559 } 1560 else if($mybb->input['delete']) 1561 { 1562 if(is_array($mybb->input['check'])) 1563 { 1564 $pmssql = ''; 1565 foreach($mybb->input['check'] as $key => $val) 1566 { 1567 if($pmssql) 1568 { 1569 $pmssql .= ","; 1570 } 1571 $pmssql .= "'".intval($key)."'"; 1572 } 1573 1574 $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid')); 1575 while($delpm = $db->fetch_array($query)) 1576 { 1577 $deletepms[$delpm['pmid']] = 1; 1578 } 1579 1580 reset($mybb->input['check']); 1581 foreach($mybb->input['check'] as $key => $val) 1582 { 1583 $key = intval($key); 1584 if($deletepms[$key]) 1585 { 1586 $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'"); 1587 } 1588 else 1589 { 1590 $sql_array = array( 1591 "folder" => 4, 1592 "deletetime" => TIME_NOW 1593 ); 1594 $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'"); 1595 } 1596 } 1597 } 1598 // Update PM count 1599 update_pm_count(); 1600 1601 if(!empty($mybb->input['fromfid'])) 1602 { 1603 redirect("private.php?fid=".intval($mybb->input['fromfid']), $lang->redirect_pmsdeleted); 1604 } 1605 else 1606 { 1607 redirect("private.php", $lang->redirect_pmsdeleted); 1608 } 1609 } 1610 } 1611 1612 if($mybb->input['action'] == "delete") 1613 { 1614 // Verify incoming POST request 1615 verify_post_check($mybb->input['my_post_key']); 1616 1617 $plugins->run_hooks("private_delete_start"); 1618 1619 $query = $db->simple_select("privatemessages", "*", "pmid='".intval($mybb->input['pmid'])."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid')); 1620 if($db->num_rows($query) == 1) 1621 { 1622 $db->delete_query("privatemessages", "pmid='".intval($mybb->input['pmid'])."'"); 1623 } 1624 else 1625 { 1626 $sql_array = array( 1627 "folder" => 4, 1628 "deletetime" => TIME_NOW 1629 ); 1630 $db->update_query("privatemessages", $sql_array, "pmid='".intval($mybb->input['pmid'])."' AND uid='".$mybb->user['uid']."'"); 1631 } 1632 1633 // Update PM count 1634 update_pm_count(); 1635 1636 $plugins->run_hooks("private_delete_end"); 1637 redirect("private.php", $lang->redirect_pmsdeleted); 1638 } 1639 1640 if($mybb->input['action'] == "export") 1641 { 1642 $plugins->run_hooks("private_export_start"); 1643 1644 $folderlist = "<select name=\"exportfolders[]\" multiple=\"multiple\">\n"; 1645 $folderlist .= "<option value=\"all\" selected=\"selected\">$lang->all_folders</option>"; 1646 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1647 foreach($foldersexploded as $key => $folders) 1648 { 1649 $folderinfo = explode("**", $folders, 2); 1650 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1651 $folderlist .= "<option value=\"$folderinfo[0]\">$folderinfo[1]</option>\n"; 1652 } 1653 $folderlist .= "</select>\n"; 1654 1655 $plugins->run_hooks("private_export_end"); 1656 1657 eval("\$archive = \"".$templates->get("private_archive")."\";"); 1658 1659 output_page($archive); 1660 } 1661 1662 if($mybb->input['action'] == "do_export" && $mybb->request_method == "post") 1663 { 1664 // Verify incoming POST request 1665 verify_post_check($mybb->input['my_post_key']); 1666 1667 $plugins->run_hooks("private_do_export_start"); 1668 1669 $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, $mybb->user['username']); 1670 $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0); 1671 $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0); 1672 $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime); 1673 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 1674 foreach($foldersexploded as $key => $folders) 1675 { 1676 $folderinfo = explode("**", $folders, 2); 1677 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 1678 $foldersexploded[$key] = implode("**", $folderinfo); 1679 } 1680 1681 if($mybb->input['pmid']) 1682 { 1683 $wsql = "pmid='".intval($mybb->input['pmid'])."' AND uid='".$mybb->user['uid']."'"; 1684 } 1685 else 1686 { 1687 if($mybb->input['daycut'] && ($mybb->input['dayway'] != "disregard")) 1688 { 1689 $datecut = TIME_NOW-($mybb->input['daycut'] * 86400); 1690 $wsql = "pm.dateline"; 1691 if($mybb->input['dayway'] == "older") 1692 { 1693 $wsql .= "<="; 1694 } 1695 else 1696 { 1697 $wsql .= ">="; 1698 } 1699 $wsql .= "'$datecut'"; 1700 } 1701 else 1702 { 1703 $wsql = "1=1"; 1704 } 1705 1706 if(is_array($mybb->input['exportfolders'])) 1707 { 1708 $folderlst = ''; 1709 reset($mybb->input['exportfolders']); 1710 foreach($mybb->input['exportfolders'] as $key => $val) 1711 { 1712 $val = $db->escape_string($val); 1713 if($val == "all") 1714 { 1715 $folderlst = ''; 1716 break; 1717 } 1718 else 1719 { 1720 if(!$folderlst) 1721 { 1722 $folderlst = " AND pm.folder IN ('$val'"; 1723 } 1724 else 1725 { 1726 $folderlst .= ",'$val'"; 1727 } 1728 } 1729 } 1730 if($folderlst) 1731 { 1732 $folderlst .= ")"; 1733 } 1734 $wsql .= "$folderlst"; 1735 } 1736 else 1737 { 1738 error($lang->error_pmnoarchivefolders); 1739 } 1740 1741 if($mybb->input['exportunread'] != 1) 1742 { 1743 $wsql .= " AND pm.status!='0'"; 1744 } 1745 } 1746 $query = $db->query(" 1747 SELECT pm.*, fu.username AS fromusername, tu.username AS tousername 1748 FROM ".TABLE_PREFIX."privatemessages pm 1749 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 1750 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 1751 WHERE $wsql AND pm.uid='".$mybb->user['uid']."' 1752 ORDER BY pm.folder ASC, pm.dateline DESC 1753 "); 1754 $numpms = $db->num_rows($query); 1755 if(!$numpms) 1756 { 1757 error($lang->error_nopmsarchive); 1758 } 1759 1760 $pmsdownload = ''; 1761 while($message = $db->fetch_array($query)) 1762 { 1763 if($message['folder'] == 2 || $message['folder'] == 3) 1764 { // Sent Items or Drafts Folder Check 1765 if($message['toid']) 1766 { 1767 $tofromuid = $message['toid']; 1768 if($mybb->input['exporttype'] == "txt") 1769 { 1770 $tofromusername = $message['tousername']; 1771 } 1772 else 1773 { 1774 $tofromusername = build_profile_link($message['tousername'], $tofromuid); 1775 } 1776 } 1777 else 1778 { 1779 $tofromusername = $lang->not_sent; 1780 } 1781 $tofrom = $lang->to; 1782 } 1783 else 1784 { 1785 $tofromuid = $message['fromid']; 1786 if($mybb->input['exporttype'] == "txt") 1787 { 1788 $tofromusername = $message['fromusername']; 1789 } 1790 else 1791 { 1792 $tofromusername = build_profile_link($message['fromusername'], $tofromuid); 1793 } 1794 1795 if($tofromuid == 0) 1796 { 1797 $tofromusername = $lang->mybb_engine; 1798 } 1799 $tofrom = $lang->from; 1800 } 1801 1802 if($tofromuid == 0) 1803 { 1804 $message['fromusername'] = $lang->mybb_engine; 1805 } 1806 1807 if(!$message['toid'] && $message['folder'] == 3) 1808 { 1809 $message['tousername'] = $lang->not_sent; 1810 } 1811 1812 $message['subject'] = $parser->parse_badwords($message['subject']); 1813 if($message['folder'] != "3") 1814 { 1815 $senddate = my_date($mybb->settings['dateformat'], $message['dateline']); 1816 $sendtime = my_date($mybb->settings['timeformat'], $message['dateline']); 1817 $senddate .= " $lang->at $sendtime"; 1818 } 1819 else 1820 { 1821 $senddate = $lang->not_sent; 1822 } 1823 1824 if($mybb->input['exporttype'] == "html") 1825 { 1826 $parser_options = array( 1827 "allow_html" => $mybb->settings['pmsallowhtml'], 1828 "allow_mycode" => $mybb->settings['pmsallowmycode'], 1829 "allow_smilies" => 0, 1830 "allow_imgcode" => $mybb->settings['pmsallowimgcode'], 1831 "allow_videocode" => $mybb->settings['pmsallowvideocode'], 1832 "me_username" => $mybb->user['username'], 1833 "filter_badwords" => 1 1834 ); 1835 1836 $message['message'] = $parser->parse_message($message['message'], $parser_options); 1837 $message['subject'] = htmlspecialchars_uni($message['subject']); 1838 } 1839 1840 if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv") 1841 { 1842 $message['message'] = str_replace("\r\n", "\n", $message['message']); 1843 $message['message'] = str_replace("\n", "\r\n", $message['message']); 1844 } 1845 1846 if($mybb->input['exporttype'] == "csv") 1847 { 1848 $message['message'] = addslashes($message['message']); 1849 $message['subject'] = addslashes($message['subject']); 1850 $message['tousername'] = addslashes($message['tousername']); 1851 $message['fromusername'] = addslashes($message['fromusername']); 1852 } 1853 1854 1855 if(!$donefolder[$message['folder']]) 1856 { 1857 reset($foldersexploded); 1858 foreach($foldersexploded as $key => $val) 1859 { 1860 $folderinfo = explode("**", $val, 2); 1861 if($folderinfo[0] == $message['folder']) 1862 { 1863 $foldername = $folderinfo[1]; 1864 if($mybb->input['exporttype'] != "csv") 1865 { 1866 if($mybb->input['exporttype'] != "html") 1867 { 1868 $mybb->input['exporttype'] == "txt"; 1869 } 1870 eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";"); 1871 } 1872 else 1873 { 1874 $foldername = addslashes($folderinfo[1]); 1875 } 1876 $donefolder[$message['folder']] = 1; 1877 } 1878 } 1879 } 1880 1881 eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";"); 1882 $ids .= ",'{$message['pmid']}'"; 1883 } 1884 1885 if($mybb->input['exporttype'] == "html") 1886 { 1887 // Gather global stylesheet for HTML 1888 $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1)); 1889 $css = $db->fetch_field($query, "stylesheet"); 1890 } 1891 1892 $plugins->run_hooks("private_do_export_end"); 1893 1894 eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";"); 1895 if($mybb->input['deletepms'] == 1) 1896 { // delete the archived pms 1897 $db->delete_query("privatemessages", "pmid IN ('0'$ids)"); 1898 // Update PM count 1899 update_pm_count(); 1900 } 1901 1902 if($mybb->input['exporttype'] == "html") 1903 { 1904 $filename = "pm-archive.html"; 1905 $contenttype = "text/html"; 1906 } 1907 elseif($mybb->input['exporttype'] == "csv") 1908 { 1909 $filename = "pm-archive.csv"; 1910 $contenttype = "application/octet-stream"; 1911 } 1912 else 1913 { 1914 $filename = "pm-archive.txt"; 1915 $contenttype = "text/plain"; 1916 } 1917 1918 $archived = str_replace("\\\'","'",$archived); 1919 header("Content-disposition: filename=$filename"); 1920 header("Content-type: ".$contenttype); 1921 1922 if($mybb->input['exporttype'] == "html") 1923 { 1924 output_page($archived); 1925 } 1926 else 1927 { 1928 echo $archived; 1929 } 1930 } 1931 1932 if(!$mybb->input['action']) 1933 { 1934 $plugins->run_hooks("private_start"); 1935 1936 if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames)) 1937 { 1938 $mybb->input['fid'] = 1; 1939 } 1940 1941 $folder = $mybb->input['fid']; 1942 $foldername = $foldernames[$folder]; 1943 1944 $lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername); 1945 if($folder == 2 || $folder == 3) 1946 { // Sent Items Folder 1947 $sender = $lang->sentto; 1948 } 1949 else 1950 { 1951 $sender = $lang->sender; 1952 } 1953 1954 // Do Multi Pages 1955 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'"); 1956 $pmscount = $db->fetch_array($query); 1957 1958 if(!$mybb->settings['threadsperpage']) 1959 { 1960 $mybb->settings['threadsperpage'] = 20; 1961 } 1962 1963 $perpage = $mybb->settings['threadsperpage']; 1964 $page = intval($mybb->input['page']); 1965 1966 if(intval($mybb->input['page']) > 0) 1967 { 1968 $start = ($page-1) *$perpage; 1969 } 1970 else 1971 { 1972 $start = 0; 1973 $page = 1; 1974 } 1975 1976 $end = $start + $perpage; 1977 $lower = $start+1; 1978 $upper = $end; 1979 1980 if($upper > $threadcount) 1981 { 1982 $upper = $threadcount; 1983 } 1984 $multipage = multipage($pmscount['total'], $perpage, $page, "private.php?fid=$folder"); 1985 $messagelist = ''; 1986 1987 $icon_cache = $cache->read("posticons"); 1988 1989 // Cache users in multiple recipients for sent & drafts folder 1990 if($folder == 2 || $folder == 3) 1991 { 1992 // Get all recipients into an array 1993 $cached_users = $get_users = array(); 1994 $users_query = $db->simple_select("privatemessages", "recipients", "folder='$folder' AND uid='{$mybb->user['uid']}'", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => 'dateline', 'order_dir' => 'DESC')); 1995 while($row = $db->fetch_array($users_query)) 1996 { 1997 $recipients = unserialize($row['recipients']); 1998 if(is_array($recipients['to']) && count($recipients['to'])) 1999 { 2000 $get_users = array_merge($get_users, $recipients['to']); 2001 } 2002 2003 if(is_array($recipients['bcc']) && count($recipients['bcc'])) 2004 { 2005 $get_users = array_merge($get_users, $recipients['bcc']); 2006 } 2007 } 2008 2009 $get_users = implode(',', array_unique($get_users)); 2010 2011 // Grab info 2012 if($get_users) 2013 { 2014 $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})"); 2015 while($user = $db->fetch_array($users_query)) 2016 { 2017 $cached_users[$user['uid']] = $user; 2018 } 2019 } 2020 } 2021 2022 $query = $db->query(" 2023 SELECT pm.*, fu.username AS fromusername, tu.username as tousername 2024 FROM ".TABLE_PREFIX."privatemessages pm 2025 LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid) 2026 LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid) 2027 WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."' 2028 ORDER BY pm.dateline DESC 2029 LIMIT $start, $perpage 2030 "); 2031 2032 if($db->num_rows($query) > 0) 2033 { 2034 while($message = $db->fetch_array($query)) 2035 { 2036 $msgalt = $msgsuffix = $msgprefix = ''; 2037 // Determine Folder Icon 2038 if($message['status'] == 0) 2039 { 2040 $msgfolder = 'new_pm.gif'; 2041 $msgalt = $lang->new_pm; 2042 $msgprefix = "<strong>"; 2043 $msgsuffix = "</strong>"; 2044 } 2045 elseif($message['status'] == 1) 2046 { 2047 $msgfolder = 'old_pm.gif'; 2048 $msgalt = $lang->old_pm; 2049 } 2050 elseif($message['status'] == 3) 2051 { 2052 $msgfolder = 're_pm.gif'; 2053 $msgalt = $lang->reply_pm; 2054 } 2055 elseif($message['status'] == 4) 2056 { 2057 $msgfolder = 'fw_pm.gif'; 2058 $msgalt = $lang->fwd_pm; 2059 } 2060 2061 if($folder == 2 || $folder == 3) 2062 { // Sent Items or Drafts Folder Check 2063 $recipients = unserialize($message['recipients']); 2064 $to_users = $bcc_users = ''; 2065 if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && count($recipients['bcc']) > 0)) 2066 { 2067 foreach($recipients['to'] as $uid) 2068 { 2069 $profilelink = get_profile_link($uid); 2070 $user = $cached_users[$uid]; 2071 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2072 if(!$user['username']) 2073 { 2074 $username = $lang->na; 2075 } 2076 eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 2077 } 2078 if(is_array($recipients['bcc']) && count($recipients['bcc'])) 2079 { 2080 eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";"); 2081 foreach($recipients['bcc'] as $uid) 2082 { 2083 $profilelink = get_profile_link($uid); 2084 $user = $cached_users[$uid]; 2085 $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 2086 if(!$user['username']) 2087 { 2088 $username = $lang->na; 2089 } 2090 eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";"); 2091 } 2092 } 2093 2094 eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";"); 2095 } 2096 else if($message['toid']) 2097 { 2098 $tofromusername = $message['tousername']; 2099 $tofromuid = $message['toid']; 2100 } 2101 else 2102 { 2103 $tofromusername = $lang->not_sent; 2104 } 2105 } 2106 else 2107 { 2108 $tofromusername = $message['fromusername']; 2109 $tofromuid = $message['fromid']; 2110 if($tofromuid == 0) 2111 { 2112 $tofromusername = $lang->mybb_engine; 2113 } 2114 2115 if(!$tofromusername) 2116 { 2117 $tofromuid = 0; 2118 $tofromusername = $lang->na; 2119 } 2120 } 2121 2122 $tofromusername = build_profile_link($tofromusername, $tofromuid); 2123 2124 if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2) 2125 { 2126 eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";"); 2127 } 2128 else 2129 { 2130 $denyreceipt = ''; 2131 } 2132 2133 if($message['icon'] > 0 && $icon_cache[$message['icon']]) 2134 { 2135 $icon = $icon_cache[$message['icon']]; 2136 $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" align=\"center\" valign=\"middle\" />"; 2137 } 2138 else 2139 { 2140 $icon = '	'; 2141 } 2142 2143 if(!trim($message['subject'])) 2144 { 2145 $message['subject'] = $lang->pm_no_subject; 2146 } 2147 2148 $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject'])); 2149 if($message['folder'] != "3") 2150 { 2151 $sendpmdate = my_date($mybb->settings['dateformat'], $message['dateline']); 2152 $sendpmtime = my_date($mybb->settings['timeformat'], $message['dateline']); 2153 $senddate = $sendpmdate.", ".$sendpmtime; 2154 } 2155 else 2156 { 2157 $senddate = $lang->not_sent; 2158 } 2159 eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";"); 2160 } 2161 } 2162 else 2163 { 2164 eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";"); 2165 } 2166 2167 if($mybb->usergroup['pmquota'] != '0' && $mybb->usergroup['cancp'] != 1) 2168 { 2169 $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'"); 2170 $pmscount = $db->fetch_array($query); 2171 if($pmscount['total'] == 0) 2172 { 2173 $spaceused = 0; 2174 } 2175 else 2176 { 2177 $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100; 2178 } 2179 $spaceused2 = 100 - $spaceused; 2180 if($spaceused <= "50") 2181 { 2182 $belowhalf = round($spaceused, 0)."%"; 2183 if(intval($belowhalf) > 100) 2184 { 2185 $belowhalf = "100%"; 2186 } 2187 } 2188 else 2189 { 2190 $overhalf = round($spaceused, 0)."%"; 2191 if(intval($overhalf) > 100) 2192 { 2193 $overhalf = "100%"; 2194 } 2195 } 2196 2197 eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";"); 2198 } 2199 2200 if($mybb->usergroup['pmquota'] != "0" && $pmscount['total'] >= $mybb->usergroup['pmquota'] && $mybb->usergroup['cancp'] != 1) 2201 { 2202 eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";"); 2203 } 2204 2205 $plugins->run_hooks("private_end"); 2206 2207 eval("\$folder = \"".$templates->get("private")."\";"); 2208 output_page($folder); 2209 } 2210 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |