Vergleich admin/modules/tools/maillogs.php - 1.6.1 - 1.6.7

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 
 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *

 * $Id: maillogs.php 5016 2010-06-12 00:24:02Z RyanGordon $

 * $Id: maillogs.php 5764 2012-03-27 08:54:58Z Tomm $

 */

// Disallow direct access to this file for security reasons

 */

// Disallow direct access to this file for security reasons

Zeile 168Zeile 168
			$mybb->input['toemail'] = $mybb->input['to_value'];
		}
	}

 
			$mybb->input['toemail'] = $mybb->input['to_value'];
		}
	}

 

	$touid = intval($mybb->input['touid']);
	$toname = $db->escape_string($mybb->input['toname']);
	$toemail = $db->escape_string($mybb->input['toemail']);

	$fromuid = intval($mybb->input['fromuid']);
	$fromname = $db->escape_string($mybb->input['fromname']);
	$fromemail = $db->escape_string($mybb->input['fromemail']);

	$subject = $db->escape_string($mybb->input['subject']);


	// Begin criteria filtering
	if($mybb->input['subject'])
	{

 

	// Begin criteria filtering
	if($mybb->input['subject'])
	{

		$additional_sql_criteria .= " AND l.subject LIKE '%".$db->escape_string($mybb->input['subject'])."%'";

		$additional_sql_criteria .= " AND l.subject LIKE '%{$subject}%'";

		$additional_criteria[] = "subject='".htmlspecialchars_uni($mybb->input['subject'])."'";

 
		$additional_criteria[] = "subject='".htmlspecialchars_uni($mybb->input['subject'])."'";

	}


	}


	if($mybb->input['fromuid'])
	{

 
	if($mybb->input['fromuid'])
	{

		$query = $db->simple_select("users", "uid, username", "uid='".intval($mybb->input['fromuid'])."'");

		$query = $db->simple_select("users", "uid, username", "uid = '{$fromuid}'");

		$user = $db->fetch_array($query);
		$from_filter = $user['username'];

 
		$user = $db->fetch_array($query);
		$from_filter = $user['username'];

		$additional_sql_criteria .= " AND l.fromuid='".intval($mybb->input['fromuid'])."'";
		$additional_criteria[] = "fromuid='".intval($mybb->input['fromuid'])."'";



		$additional_sql_criteria .= " AND l.fromuid = '{$fromuid}'";
		$additional_criteria[] = "fromuid='{$fromuid}'";

	}
	else if($mybb->input['fromname'])
	{

 
	}
	else if($mybb->input['fromname'])
	{

		$query = $db->simple_select("users", "uid, username", "LOWER(username)='".my_strtolower($mybb->input['fromname'])."'");

		$query = $db->simple_select("users", "uid, username", "LOWER(username) = '{$fromname}'");

		$user = $db->fetch_array($query);
		$from_filter = $user['username'];

 
		$user = $db->fetch_array($query);
		$from_filter = $user['username'];


		if(!$user['uid'])


		if(!$user['uid'])

		{
			flash_message($lang->error_invalid_user, 'error');
			admin_redirect("index.php?module=tools-maillogs");
		}

 
		{
			flash_message($lang->error_invalid_user, 'error');
			admin_redirect("index.php?module=tools-maillogs");
		}

		$additional_sql_criteria .= "AND l.fromuid='{$user['uid']}'";



		$additional_sql_criteria .= "AND l.fromuid = '{$user['uid']}'";

		$additional_criteria = "fromuid={$user['uid']}";

 
		$additional_criteria = "fromuid={$user['uid']}";

	}

	}


	if($mybb->input['fromemail'])
	{

 

	if($mybb->input['fromemail'])
	{

		$additional_sql_criteria .= " AND l.fromemail LIKE '%".$db->escape_string($mybb->input['fromemail'])."%'";

		$additional_sql_criteria .= " AND l.fromemail LIKE '%{$fromemail}%'";

		$additional_criteria[] = "fromemail=".urlencode($mybb->input['fromemail']);
		$from_filter = $mybb->input['fromemail'];

 
		$additional_criteria[] = "fromemail=".urlencode($mybb->input['fromemail']);
		$from_filter = $mybb->input['fromemail'];

	}

	}


	if($mybb->input['touid'])

 

	if($mybb->input['touid'])

	{
		$query = $db->simple_select("users", "uid, username", "uid='".intval($mybb->input['touid'])."'");
		$user = $db->fetch_array($query);
		$to_filter = $user['username'];
		$additional_sql_criteria .= " AND l.touid='".intval($mybb->input['touid'])."'";
		$additional_criteria[] = "touid='".intval($mybb->input['touid'])."'";


	{
		$query = $db->simple_select("users", "uid, username", "uid = '{$touid}'");
		$user = $db->fetch_array($query);
		$to_filter = $user['username'];

		$additional_sql_criteria .= " AND l.touid = '{$touid}'";
		$additional_criteria[] = "touid='{$touid}'";

	}
	else if($mybb->input['toname'])
	{

 
	}
	else if($mybb->input['toname'])
	{

		$query = $db->simple_select("users", "uid, username", "LOWER(username)='".my_strtolower($mybb->input['toname'])."'");

		$query = $db->simple_select("users", "uid, username", "LOWER(username)='".my_strtolower($toname)."'");

		$user = $db->fetch_array($query);
		$to_filter = $user['username'];

 
		$user = $db->fetch_array($query);
		$to_filter = $user['username'];





		if(!$user['uid'])
		{
			flash_message($lang->error_invalid_user, 'error');
			admin_redirect("index.php?module=tools-maillogs");
		}

 
		if(!$user['uid'])
		{
			flash_message($lang->error_invalid_user, 'error');
			admin_redirect("index.php?module=tools-maillogs");
		}

 


		$additional_sql_criteria .= "AND l.touid='{$user['uid']}'";
		$additional_criteria = "touid='{$user['uid']}'";
	}

	if($mybb->input['toemail'])
	{

 
		$additional_sql_criteria .= "AND l.touid='{$user['uid']}'";
		$additional_criteria = "touid='{$user['uid']}'";
	}

	if($mybb->input['toemail'])
	{

		$additional_sql_criteria .= " AND l.toemail LIKE '%".$db->escape_string($mybb->input['toemail'])."%'";

		$additional_sql_criteria .= " AND l.toemail LIKE '%{$toemail}%'";

		$additional_criteria[] = "toemail='".urlencode($mybb->input['toemail'])."'";
		$to_filter = $mybb->input['toemail'];
	}

		$additional_criteria[] = "toemail='".urlencode($mybb->input['toemail'])."'";
		$to_filter = $mybb->input['toemail'];
	}