Vergleich usercp.php - 1.6.4 - 1.6.6

 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 */

define("IN_MYBB", 1);

 */

define("IN_MYBB", 1);

	$query = $db->simple_select("profilefields", "*", "editable=1", array('order_by' => 'disporder'));
	while($profilefield = $db->fetch_array($query))
	{

	$query = $db->simple_select("profilefields", "*", "editable=1", array('order_by' => 'disporder'));
	while($profilefield = $db->fetch_array($query))
	{

		$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
		$profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
		$profilefield['description'] = htmlspecialchars_uni($profilefield['description']);

		$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
		$profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
		$profilefield['description'] = htmlspecialchars_uni($profilefield['description']);

	else
	{
		$email = $email2 = '';

	else
	{
		$email = $email2 = '';

	$plugins->run_hooks("usercp_email");
	
	eval("\$changemail = \"".$templates->get("usercp_email")."\";");
	output_page($changemail);
}

	$plugins->run_hooks("usercp_email");
	
	eval("\$changemail = \"".$templates->get("usercp_email")."\";");
	output_page($changemail);
}

if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
{
	// Verify incoming POST request
	verify_post_check($mybb->input['my_post_key']);

	$errors = array();

if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
{
	// Verify incoming POST request
	verify_post_check($mybb->input['my_post_key']);

	$errors = array();

	$plugins->run_hooks("usercp_do_password_start");
	if(validate_password_from_uid($mybb->user['uid'], $mybb->input['oldpassword']) == false)
	{

	$plugins->run_hooks("usercp_do_password_start");
	if(validate_password_from_uid($mybb->user['uid'], $mybb->input['oldpassword']) == false)
	{

			"uid" => $mybb->user['uid'],
			"password" => $mybb->input['password'],
			"password2" => $mybb->input['password2']

			"uid" => $mybb->user['uid'],
			"password" => $mybb->input['password'],
			"password2" => $mybb->input['password2']

			$userhandler->update_user();
			my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey']);
			$plugins->run_hooks("usercp_do_password_end");

			$userhandler->update_user();
			my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey']);
			$plugins->run_hooks("usercp_do_password_end");

}

if($mybb->input['action'] == "password")

}

if($mybb->input['action'] == "password")

	$plugins->run_hooks("usercp_password");
	
	eval("\$editpassword = \"".$templates->get("usercp_password")."\";");

	$plugins->run_hooks("usercp_password");
	
	eval("\$editpassword = \"".$templates->get("usercp_password")."\";");

	}

	if(validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false)

	}

	if(validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false)

		// Set up user handler.
		require_once "inc/datahandlers/user.php";
		$userhandler = new UserDataHandler("update");

		// Set up user handler.
		require_once "inc/datahandlers/user.php";
		$userhandler = new UserDataHandler("update");

		if(!$userhandler->validate_user())
		{
			$errors = $userhandler->get_friendly_errors();

		if(!$userhandler->validate_user())
		{
			$errors = $userhandler->get_friendly_errors();

		else
		{
			$userhandler->update_user();

		else
		{
			$userhandler->update_user();

	if($mybb->usergroup['canchangename'] != 1)
	{
		error_no_permission();

	if($mybb->usergroup['canchangename'] != 1)
	{
		error_no_permission();

	$plugins->run_hooks("usercp_changename_end");
	
	eval("\$changename = \"".$templates->get("usercp_changename")."\";");

	$plugins->run_hooks("usercp_changename_end");
	
	eval("\$changename = \"".$templates->get("usercp_changename")."\";");

	$plugins->run_hooks("usercp_do_subscriptions_start");

	if(!is_array($mybb->input['check']))

	$plugins->run_hooks("usercp_do_subscriptions_start");

	if(!is_array($mybb->input['check']))

		error($lang->no_subscriptions_selected);
	}

		error($lang->no_subscriptions_selected);
	}

		else if($mybb->input['do'] == "instant_notification")
		{
			$new_notification = 1;

		else if($mybb->input['do'] == "instant_notification")
		{
			$new_notification = 1;

		// Update
		$update_array = array("notification" => $new_notification);

		// Update
		$update_array = array("notification" => $new_notification);

		{
			// Hmm, you don't have permission to view this thread - unsubscribe!
			$del_subscriptions[] = $subscription['tid'];

		{
			// Hmm, you don't have permission to view this thread - unsubscribe!
			$del_subscriptions[] = $subscription['tid'];

		else if($subscription['tid'])
		{
			$subscriptions[$subscription['tid']] = $subscription;

		else if($subscription['tid'])
		{
			$subscriptions[$subscription['tid']] = $subscription;

		}
		
		$icon_cache = $cache->read("posticons");

		}
		
		$icon_cache = $cache->read("posticons");

		// Now we can build our subscription list
		foreach($subscriptions as $thread)
		{

		// Now we can build our subscription list
		foreach($subscriptions as $thread)
		{

			// Sanitize
			$thread['subject'] = $parser->parse_badwords($thread['subject']);
			$thread['subject'] = htmlspecialchars_uni($thread['subject']);

			// Sanitize
			$thread['subject'] = $parser->parse_badwords($thread['subject']);
			$thread['subject'] = htmlspecialchars_uni($thread['subject']);

			// Build our links
			$thread['threadlink'] = get_thread_link($thread['tid']);
			$thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");

			// Build our links
			$thread['threadlink'] = get_thread_link($thread['tid']);
			$thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");

			{
				$icon = $icon_cache[$thread['icon']];
				$icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";

			{
				$icon = $icon_cache[$thread['icon']];
				$icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";

			else
			{
				$icon = " ";
			}

			else
			{
				$icon = " ";
			}

			// Determine the folder
			$folder = '';
			$folder_label = '';

			// Determine the folder
			$folder = '';
			$folder_label = '';

			if($thread['doticon'])
			{
				$folder = "dot_";

			if($thread['doticon'])
			{
				$folder = "dot_";

			}

			if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)

			}

			if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)

				$cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
			}

			if($thread['lastpost'] > $cutoff)
			{

				$cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
			}

			if($thread['lastpost'] > $cutoff)
			{

				{

				{

				}
			}

				}
			}

				}
			}

				}
			}

			{
				$folder .= "new";
				$folder_label .= $lang->icon_new;

			{
				$folder .= "new";
				$folder_label .= $lang->icon_new;

				$lastposttid = $forum['lastposttid'];
				$lastposter = $forum['lastposter'];
				$lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);

				$lastposttid = $forum['lastposttid'];
				$lastposter = $forum['lastposter'];
				$lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);

				if(my_strlen($lastpost_subject) > 25)
				{
					$lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";

				if(my_strlen($lastpost_subject) > 25)
				{
					$lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";

	if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
	{
		// User currently has no signature and they're suspended

	if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
	{
		// User currently has no signature and they're suspended

		error_no_permission();

		error_no_permission();

	}

	if($sig && $template)

	}

	if($sig && $template)

		else
		{
			$list = "buddy";

		else
		{
			$list = "buddy";

		if($message)
		{
			$message_js = "var success = document.createElement('div'); var element = \$('{$list}_list'); element.parentNode.insertBefore(success, element); success.innerHTML = '{$message}'; success.className = 'success_message'; window.setTimeout(function() { Element.remove(success) }, 5000);";

		if($message)
		{
			$message_js = "var success = document.createElement('div'); var element = \$('{$list}_list'); element.parentNode.insertBefore(success, element); success.innerHTML = '{$message}'; success.className = 'success_message'; window.setTimeout(function() { Element.remove(success) }, 5000);";

		if($error_message)
		{

		if($error_message)
		{

				if($mybb->input['manage'] == "ignored")
				{
					echo "\$('ignore_list').innerHTML = '<li>{$lang->ignore_list_empty}</li>';\n";

				if($mybb->input['manage'] == "ignored")
				{
					echo "\$('ignore_list').innerHTML = '<li>{$lang->ignore_list_empty}</li>';\n";

				else
				{
					echo "\$('buddy_list').innerHTML = '<li>{$lang->buddy_list_empty}</li>';\n";
				}

				else
				{
					echo "\$('buddy_list').innerHTML = '<li>{$lang->buddy_list_empty}</li>';\n";
				}

			else
			{
				echo "\$('{$mybb->input['manage']}_count').innerHTML = '".count(explode(",", $new_list))."';\n";

			else
			{
				echo "\$('{$mybb->input['manage']}_count').innerHTML = '".count(explode(",", $new_list))."';\n";

			exit;
		}
		$mybb->input['action'] = "editlists";

			exit;
		}
		$mybb->input['action'] = "editlists";

	{
		if($error_message)
		{

	{
		if($error_message)
		{

	if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
	{
		if($mybb->input['manage'] == "ignored")

	if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
	{
		if($mybb->input['manage'] == "ignored")

			echo $ignore_list;
			echo "<script type=\"text/javascript\"> $('ignored_count').innerHTML = '{$ignore_count}'; {$message_js}</script>";
		}

			echo $ignore_list;
			echo "<script type=\"text/javascript\"> $('ignored_count').innerHTML = '{$ignore_count}'; {$message_js}</script>";
		}

	// Leaving a group
	if($mybb->input['leavegroup'])

	// Leaving a group
	if($mybb->input['leavegroup'])

		if(my_strpos($ingroups, ",".$mybb->input['leavegroup'].",") === false)
		{
			error($lang->not_member_of_group);

		if(my_strpos($ingroups, ",".$mybb->input['leavegroup'].",") === false)
		{
			error($lang->not_member_of_group);

			error($lang->cannot_leave_primary_group);
		}
		$query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['leavegroup'])."'");

			error($lang->cannot_leave_primary_group);
		}
		$query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['leavegroup'])."'");

		if($usergroup['type'] != 4 && $usergroup['type'] != 3)
		{
			error($lang->cannot_leave_group);

		if($usergroup['type'] != 4 && $usergroup['type'] != 3)
		{
			error($lang->cannot_leave_group);

		if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
		{
			error($lang->cannot_join_group);

		if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
		{
			error($lang->cannot_join_group);

		if(my_strpos($ingroups, ",".intval($mybb->input['joingroup']).",") !== false)
		{
			error($lang->already_member_of_group);

		if(my_strpos($ingroups, ",".intval($mybb->input['joingroup']).",") !== false)
		{
			error($lang->already_member_of_group);

		$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".intval($mybb->input['joingroup'])."'");
		$joinrequest = $db->fetch_array($query);
		if($joinrequest['rid'])

		$query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".intval($mybb->input['joingroup'])."'");
		$joinrequest = $db->fetch_array($query);
		if($joinrequest['rid'])

			exit;
		}
		elseif($usergroup['type'] == 4)

			exit;
		}
		elseif($usergroup['type'] == 4)

			$joingroup = $mybb->input['joingroup'];
			eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
			output_page($joinpage);
			exit();

			$joingroup = $mybb->input['joingroup'];
			eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
			output_page($joinpage);
			exit();

		else
		{
			join_usergroup($mybb->user['uid'], $mybb->input['joingroup']);

		else
		{
			join_usergroup($mybb->user['uid'], $mybb->input['joingroup']);

		}
	}
	// Show listing of various group related things

		}
	}
	// Show listing of various group related things

	// List of usergroup leaders
	$query = $db->query("
		SELECT g.*, u.username, u.displaygroup, u.usergroup

	// List of usergroup leaders
	$query = $db->query("
		SELECT g.*, u.username, u.displaygroup, u.usergroup

	$perpage = $mybb->settings['threadsperpage'];
	$page = intval($mybb->input['page']);

	$perpage = $mybb->settings['threadsperpage'];
	$page = intval($mybb->input['page']);

	if(intval($mybb->input['page']) > 0)
	{
		$start = ($page-1) *$perpage;

	if(intval($mybb->input['page']) > 0)
	{
		$start = ($page-1) *$perpage;

		$start = 0;
		$page = 1;
	}

		$start = 0;
		$page = 1;
	}

	$end = $start + $perpage;
	$lower = $start+1;

	$end = $start + $perpage;
	$lower = $start+1;

			$attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
			$attachment['threadlink'] = get_thread_link($attachment['tid']);
			$attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));

			$attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
			$attachment['threadlink'] = get_thread_link($attachment['tid']);
			$attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));

			$size = get_friendly_size($attachment['filesize']);
			$icon = get_attachment_icon(get_extension($attachment['filename']));

			$size = get_friendly_size($attachment['filesize']);
			$icon = get_attachment_icon(get_extension($attachment['filename']));

			$sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
			$attachdate = my_date($mybb->settings['dateformat'], $attachment['dateline']);
			$attachtime = my_date($mybb->settings['timeformat'], $attachment['dateline']);
			$altbg = alt_trow();

			$sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
			$attachdate = my_date($mybb->settings['dateformat'], $attachment['dateline']);
			$attachtime = my_date($mybb->settings['timeformat'], $attachment['dateline']);
			$altbg = alt_trow();

			eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");

			eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");

			// Add to bandwidth total
			$bandwidth += ($attachment['filesize'] * $attachment['downloads']);
			$totaldownloads += $attachment['downloads'];

			// Add to bandwidth total
			$bandwidth += ($attachment['filesize'] * $attachment['downloads']);
			$totaldownloads += $attachment['downloads'];

				{
					$folder = '';
					$folder_label = '';

				{
					$folder = '';
					$folder_label = '';

					if($thread['tid'])
					{

					if($thread['tid'])
					{