Vergleich private.php - 1.8.1 - 1.8.20

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 12Zeile 12
define("IGNORE_CLEAN_VARS", "sid");
define('THIS_SCRIPT', 'private.php');


define("IGNORE_CLEAN_VARS", "sid");
define('THIS_SCRIPT', 'private.php');


$templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,private_orderarrow,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_empty,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
$templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start,usercp_nav_editsignature,posticons_icon";
$templatelist .= ",private_messagebit,codebuttons,smilieinsert,smilieinsert_getmore,smilieinsert_smilie,smilieinsert_smilie_empty,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to,postbit_online";

$templatelist = "private_send,private_send_buddyselect,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage,usercp_nav_attachments,usercp_nav_messenger_compose,private_tracking_readmessage_stop";
$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_archive_txt,private_archive_csv,private_archive_html,private_tracking_unreadmessage_stop";
$templatelist .= ",usercp_nav_messenger,usercp_nav_changename,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
$templatelist .= ",private_messagebit,codebuttons,posticons,private_send_autocomplete,private_messagebit_denyreceipt,postbit_warninglevel_formatted,private_emptyexportlink,postbit_purgespammer,postbit_gotopost,private_read";

$templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";

$templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients,usercp_nav_messenger_folder";

$templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink,postbit_purgespammer";
$templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_gotopost";
$templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders";
$templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find,private_emptyexportlink";


$templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc,private_composelink";
$templatelist .= ",private_archive,private_quickreply,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_reputation_formatted_link";
$templatelist .= ",private_archive_folders_folder,private_archive_folders,postbit_warninglevel,postbit_author_user,postbit_forward_pm,private_messagebit_icon,private_jump_folders_folder,private_advanced_search_folders,usercp_nav_home";
$templatelist .= ",private_jump_folders,postbit_avatar,postbit_warn,postbit_rep_button,postbit_email,postbit_reputation,private_move,private_read_action,postbit_away,postbit_pm,usercp_nav_messenger_tracking,postbit_find";
$templatelist .= ",usercp_nav_editsignature,posticons_icon,postbit_icon,postbit_iplogged_hiden,usercp_nav_profile,usercp_nav_misc,postbit_userstar,private_read_to,postbit_online,private_empty,private_orderarrow,postbit_reply_pm";


require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";


require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";

Zeile 41Zeile 42
	error_no_permission();
}


	error_no_permission();
}


 
$update = false;

if(!$mybb->user['pmfolders'])
{

if(!$mybb->user['pmfolders'])
{

	$mybb->user['pmfolders'] = "1**$%%$2**$%%$3**$%%$4**";










	$update = true;
$mybb->user['pmfolders'] = "0**$%%$1**$%%$2**$%%$3**$%%$4**";
}
elseif ((int)my_substr($mybb->user['pmfolders'], 0, 1) != 0)
{
// Old folder structure. Need to update
// Since MyBB 1.8.20 fid[0] represents 'Inbox' and fid[1] represents 'Unread'
$update = true;
$mybb->user['pmfolders'] = '0'. ltrim(str_replace("$%%$2**", "$%%$1**$%%$2**", $mybb->user['pmfolders']), '1');
}





 
// Folder structure update required?
if($update)
{

	$sql_array = array(
"pmfolders" => $mybb->user['pmfolders']
);
$db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
}


	$sql_array = array(
"pmfolders" => $mybb->user['pmfolders']
);
$db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
}


// On a random occassion, recount the user's pms just to make sure everything is in sync.
$rand = my_rand(0, 9);
if($rand == 5)
{
update_pm_count();
}

$mybb->input['fid'] = $mybb->get_input('fid', 1);

$mybb->input['fid'] = $mybb->get_input('fid', MyBB::INPUT_INT);









$folder_id = $folder_name = '';



$folder_id = $folder_name = '';


Zeile 85Zeile 92
	eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
}

	eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
eval("\$foldersearch_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
}

 

$from_fid = $mybb->input['fid'];


eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
eval("\$folderoplist = \"".$templates->get("private_move")."\";");


eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
eval("\$folderoplist = \"".$templates->get("private_move")."\";");

Zeile 166Zeile 175
		}
}


		}
}


	if($mybb->get_input('subject', 1) != 1 && $mybb->get_input('message', 1) != 1)

	if($mybb->get_input('subject', MyBB::INPUT_INT) != 1 && $mybb->get_input('message', MyBB::INPUT_INT) != 1)

	{
error($lang->error_nosearchresults);
}


	{
error($lang->error_nosearchresults);
}


	if($mybb->get_input('message', 1) == 1)

	if($mybb->get_input('message', MyBB::INPUT_INT) == 1)

	{
$resulttype = "pmmessages";
}

	{
$resulttype = "pmmessages";
}

Zeile 182Zeile 191

$search_data = array(
"keywords" => $mybb->get_input('keywords'),


$search_data = array(
"keywords" => $mybb->get_input('keywords'),

		"subject" => $mybb->get_input('subject', 1),
"message" => $mybb->get_input('message', 1),

		"subject" => $mybb->get_input('subject', MyBB::INPUT_INT),
"message" => $mybb->get_input('message', MyBB::INPUT_INT),

		"sender" => $mybb->get_input('sender'),

		"sender" => $mybb->get_input('sender'),

		"status" => $mybb->get_input('status', 2),
"folder" => $mybb->get_input('folder', 2)

		"status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
"folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)

	);

if($db->can_search == true)

	);

if($db->can_search == true)

Zeile 221Zeile 230
	if(in_array($mybb->get_input('sort'), $sortby))
{
$sortby = $mybb->get_input('sort');

	if(in_array($mybb->get_input('sort'), $sortby))
{
$sortby = $mybb->get_input('sort');

	}
else
{

	}
else
{

		$sortby = "dateline";
}


		$sortby = "dateline";
}


Zeile 282Zeile 291
	{
$mybb->settings['threadsperpage'] = 20;
}

	{
$mybb->settings['threadsperpage'] = 20;
}

 

$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
$pmscount = $db->fetch_field($query, "total");


// Work out pagination, which page we're at, as well as the limits.
$perpage = $mybb->settings['threadsperpage'];


// Work out pagination, which page we're at, as well as the limits.
$perpage = $mybb->settings['threadsperpage'];

	$page = $mybb->get_input('page', 1);

	$page = $mybb->get_input('page', MyBB::INPUT_INT);

	if($page > 0)
{
$start = ($page-1) * $perpage;

	if($page > 0)
{
$start = ($page-1) * $perpage;

 
		$pages = ceil($pmscount / $perpage);
if($page > $pages)
{
$start = 0;
$page = 1;
}

	}
else
{

	}
else
{

Zeile 307Zeile 325
	}

// Do Multi Pages

	}

// Do Multi Pages

	$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
$pmscount = $db->fetch_array($query);


 
	if($upper > $pmscount)

	if($upper > $pmscount)

	{

	{

		$upper = $pmscount;
}

		$upper = $pmscount;
}

	$multipage = multipage($pmscount['total'], $perpage, $page, "private.php?action=results&sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&sortby={$sortby}&order={$order}");

	$multipage = multipage($pmscount, $perpage, $page, "private.php?action=results&sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&sortby={$sortby}&order={$order}");

	$messagelist = '';

	$messagelist = '';





	$icon_cache = $cache->read("posticons");

// Cache users in multiple recipients for sent & drafts folder

	$icon_cache = $cache->read("posticons");

// Cache users in multiple recipients for sent & drafts folder

Zeile 327Zeile 342
	{
$recipients = my_unserialize($row['recipients']);
if(is_array($recipients['to']) && count($recipients['to']))

	{
$recipients = my_unserialize($row['recipients']);
if(is_array($recipients['to']) && count($recipients['to']))

		{

		{

			$get_users = array_merge($get_users, $recipients['to']);
}


			$get_users = array_merge($get_users, $recipients['to']);
}


Zeile 360Zeile 375
	");
while($message = $db->fetch_array($query))
{

	");
while($message = $db->fetch_array($query))
{

		$msgalt = $msgsuffix = $msgprefix = '';

		$msgalt = $msgstatus = '';


// Determine Folder Icon
if($message['status'] == 0)
{


// Determine Folder Icon
if($message['status'] == 0)
{

			$msgfolder = 'new_pm.png';

			$msgstatus = 'new_pm';

			$msgalt = $lang->new_pm;

			$msgalt = $lang->new_pm;

			$msgprefix = "<strong>";
$msgsuffix = "</strong>";

 
		}

		}

		elseif($message['status'] == 1)

		else if($message['status'] == 1)

		{

		{

			$msgfolder = 'old_pm.png';

			$msgstatus = 'old_pm';

			$msgalt = $lang->old_pm;
}

			$msgalt = $lang->old_pm;
}

		elseif($message['status'] == 3)

		else if($message['status'] == 3)

		{

		{

			$msgfolder = 're_pm.png';

			$msgstatus = 're_pm';

			$msgalt = $lang->reply_pm;
}
else if($message['status'] == 4)
{

			$msgalt = $lang->reply_pm;
}
else if($message['status'] == 4)
{

			$msgfolder = 'fw_pm.png';

			$msgstatus = 'fw_pm';

			$msgalt = $lang->fwd_pm;
}


			$msgalt = $lang->fwd_pm;
}


Zeile 400Zeile 413
				{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

				{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

 
					$user['username'] = htmlspecialchars_uni($user['username']);

					$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
}

					$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
}

Zeile 410Zeile 424
					{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

					{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

 
						$user['username'] = htmlspecialchars_uni($user['username']);

						$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
}

						$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
}

Zeile 419Zeile 434
			}
else if($message['toid'])
{

			}
else if($message['toid'])
{

				$tofromusername = $message['tousername'];

				$tofromusername = htmlspecialchars_uni($message['tousername']);

				$tofromuid = $message['toid'];
}
else

				$tofromuid = $message['toid'];
}
else

Zeile 429Zeile 444
		}
else
{

		}
else
{

			$tofromusername = $message['fromusername'];

			$tofromusername = htmlspecialchars_uni($message['fromusername']);

			$tofromuid = $message['fromid'];
if($tofromuid == 0)
{

			$tofromuid = $message['fromid'];
if($tofromuid == 0)
{

Zeile 440Zeile 455
		$tofromusername = build_profile_link($tofromusername, $tofromuid);

$denyreceipt = '';

		$tofromusername = build_profile_link($tofromusername, $tofromuid);

$denyreceipt = '';





		if($message['icon'] > 0 && $icon_cache[$message['icon']])
{
$icon = $icon_cache[$message['icon']];
$icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);

		if($message['icon'] > 0 && $icon_cache[$message['icon']])
{
$icon = $icon_cache[$message['icon']];
$icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);

 
			$icon['path'] = htmlspecialchars_uni($icon['path']);
$icon['name'] = htmlspecialchars_uni($icon['name']);

			eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
}
else

			eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
}
else

Zeile 508Zeile 525
}

if($mybb->input['action'] == "advanced_search")

}

if($mybb->input['action'] == "advanced_search")

{

{

	$plugins->run_hooks("private_advanced_search");

eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");

	$plugins->run_hooks("private_advanced_search");

eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");

Zeile 559Zeile 576
	$plugins->run_hooks("private_send_do_send");

// Attempt to see if this PM is a duplicate or not

	$plugins->run_hooks("private_send_do_send");

// Attempt to see if this PM is a duplicate or not

 
	$to = array_map("trim", explode(",", $mybb->get_input('to')));
$to = array_unique($to); // Filter out any duplicates
$to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));

	$time_cutoff = TIME_NOW - (5 * 60 * 60);
$query = $db->query("
SELECT pm.pmid
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)

	$time_cutoff = TIME_NOW - (5 * 60 * 60);
$query = $db->query("
SELECT pm.pmid
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)

		WHERE LOWER(u.username)='".$db->escape_string(my_strtolower($mybb->get_input('to')))."' AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'


		WHERE LOWER(u.username) IN ('{$to_escaped}') AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->get_input('subject'))."' AND pm.message='".$db->escape_string($mybb->get_input('message'))."' AND pm.folder!='3'
LIMIT 0, 1

	");
$duplicate_check = $db->fetch_field($query, "pmid");
if($duplicate_check)

	");
$duplicate_check = $db->fetch_field($query, "pmid");
if($duplicate_check)

Zeile 578Zeile 599
	$pm = array(
"subject" => $mybb->get_input('subject'),
"message" => $mybb->get_input('message'),

	$pm = array(
"subject" => $mybb->get_input('subject'),
"message" => $mybb->get_input('message'),

		"icon" => $mybb->get_input('icon', 1),

		"icon" => $mybb->get_input('icon', MyBB::INPUT_INT),

		"fromid" => $mybb->user['uid'],
"do" => $mybb->get_input('do'),

		"fromid" => $mybb->user['uid'],
"do" => $mybb->get_input('do'),

		"pmid" => $mybb->get_input('pmid', 1),

		"pmid" => $mybb->get_input('pmid', MyBB::INPUT_INT),

		"ipaddress" => $session->packedip
);

// Split up any recipients we have

		"ipaddress" => $session->packedip
);

// Split up any recipients we have

	$pm['to'] = explode(",", $mybb->get_input('to'));
$pm['to'] = array_map("trim", $pm['to']);

	$pm['to'] = $to;


	if(!empty($mybb->input['bcc']))
{
$pm['bcc'] = explode(",", $mybb->get_input('bcc'));
$pm['bcc'] = array_map("trim", $pm['bcc']);
}


	if(!empty($mybb->input['bcc']))
{
$pm['bcc'] = explode(",", $mybb->get_input('bcc'));
$pm['bcc'] = array_map("trim", $pm['bcc']);
}


	$mybb->input['options'] = $mybb->get_input('options', 2);

	$mybb->input['options'] = $mybb->get_input('options', MyBB::INPUT_ARRAY);


if(!$mybb->usergroup['cantrackpms'])
{


if(!$mybb->usergroup['cantrackpms'])
{

Zeile 615Zeile 635
		$pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
}
if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)

		$pm['options']['disablesmilies'] = $mybb->input['options']['disablesmilies'];
}
if(isset($mybb->input['options']['savecopy']) && $mybb->input['options']['savecopy'] == 1)

	{

	{

		$pm['options']['savecopy'] = 1;
}

		$pm['options']['savecopy'] = 1;
}

	else
{
$pm['options']['savecopy'] = 0;
}
if(isset($mybb->input['options']['readreceipt']))

	else
{
$pm['options']['savecopy'] = 0;
}
if(isset($mybb->input['options']['readreceipt']))

	{
$pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
}

	{
$pm['options']['readreceipt'] = $mybb->input['options']['readreceipt'];
}

Zeile 635Zeile 655

// Now let the pm handler do all the hard work.
if(!$pmhandler->validate_pm())


// Now let the pm handler do all the hard work.
if(!$pmhandler->validate_pm())

	{

	{

		$pm_errors = $pmhandler->get_friendly_errors();
$send_errors = inline_error($pm_errors);
$mybb->input['action'] = "send";

		$pm_errors = $pmhandler->get_friendly_errors();
$send_errors = inline_error($pm_errors);
$mybb->input['action'] = "send";

Zeile 648Zeile 668
		if(isset($pminfo['draftsaved']))
{
redirect("private.php", $lang->redirect_pmsaved);

		if(isset($pminfo['draftsaved']))
{
redirect("private.php", $lang->redirect_pmsaved);

		}
else

		}
else

		{
redirect("private.php", $lang->redirect_pmsent);
}

		{
redirect("private.php", $lang->redirect_pmsent);
}

Zeile 687Zeile 707

if(!empty($mybb->input['preview']) || $send_errors)
{


if(!empty($mybb->input['preview']) || $send_errors)
{

		$options = $mybb->get_input('options', 2);

		$options = $mybb->get_input('options', MyBB::INPUT_ARRAY);

		if(isset($options['signature']) && $options['signature'] == 1)
{
$optionschecked['signature'] = 'checked="checked"';

		if(isset($options['signature']) && $options['signature'] == 1)
{
$optionschecked['signature'] = 'checked="checked"';

Zeile 704Zeile 724
		{
$optionschecked['readreceipt'] = 'checked="checked"';
}

		{
$optionschecked['readreceipt'] = 'checked="checked"';
}

		$to = htmlspecialchars_uni($mybb->get_input('to'));
$bcc = htmlspecialchars_uni($mybb->get_input('bcc'));

		$to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
$bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));

	}

$preview = '';
// Preview
if(!empty($mybb->input['preview']))
{

	}

$preview = '';
// Preview
if(!empty($mybb->input['preview']))
{

		$options = $mybb->get_input('options', 2);

		$options = $mybb->get_input('options', MyBB::INPUT_ARRAY);

		$query = $db->query("
SELECT u.username AS userusername, u.*, f.*
FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
WHERE u.uid='".$mybb->user['uid']."'

		$query = $db->query("
SELECT u.username AS userusername, u.*, f.*
FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
WHERE u.uid='".$mybb->user['uid']."'

		");

$post = $db->fetch_array($query);


		");

$post = $db->fetch_array($query);


		$post['userusername'] = $mybb->user['username'];
$post['postusername'] = $mybb->user['username'];
$post['message'] = $mybb->get_input('message');
$post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));

		$post['userusername'] = $mybb->user['username'];
$post['postusername'] = $mybb->user['username'];
$post['message'] = $mybb->get_input('message');
$post['subject'] = htmlspecialchars_uni($mybb->get_input('subject'));

		$post['icon'] = $mybb->get_input('icon', 1);

		$post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);

		if(!isset($options['disablesmilies']))
{
$options['disablesmilies'] = 0;

		if(!isset($options['disablesmilies']))
{
$options['disablesmilies'] = 0;

Zeile 783Zeile 803
			SELECT pm.*, u.username AS quotename
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)

			SELECT pm.*, u.username AS quotename
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)

			WHERE pm.pmid='".$mybb->get_input('pmid', 1)."' AND pm.uid='{$mybb->user['uid']}'

			WHERE pm.pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND pm.uid='{$mybb->user['uid']}'

		");

$pm = $db->fetch_array($query);

		");

$pm = $db->fetch_array($query);

Zeile 791Zeile 811
		$subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));

if($pm['folder'] == "3")

		$subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));

if($pm['folder'] == "3")

		{

		{

			// message saved in drafts
$mybb->input['uid'] = $pm['toid'];


			// message saved in drafts
$mybb->input['uid'] = $pm['toid'];


Zeile 859Zeile 879
			if($mybb->settings['maxpmquotedepth'] != '0')
{
$message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);

			if($mybb->settings['maxpmquotedepth'] != '0')
{
$message = remove_message_quotes($message, $mybb->settings['maxpmquotedepth']);

			}

			}


if($mybb->input['do'] == 'forward')
{
$subject = "Fw: $subject";


if($mybb->input['do'] == 'forward')
{
$subject = "Fw: $subject";

			}

			}

			elseif($mybb->input['do'] == 'reply')
{
$subject = "Re: $subject";

			elseif($mybb->input['do'] == 'reply')
{
$subject = "Re: $subject";

Zeile 872Zeile 892
				if($mybb->user['uid'] == $uid)
{
$to = $mybb->user['username'];

				if($mybb->user['uid'] == $uid)
{
$to = $mybb->user['username'];

				}

				}

				else
{
$query = $db->simple_select('users', 'username', "uid='{$uid}'");

				else
{
$query = $db->simple_select('users', 'username', "uid='{$uid}'");

Zeile 892Zeile 912
					foreach($recipients['to'] as $recipient)
{
if($recipient == $mybb->user['uid'])

					foreach($recipients['to'] as $recipient)
{
if($recipient == $mybb->user['uid'])

						{

						{

							continue;
}
$recipientids .= ','.$recipient;
}

							continue;
}
$recipientids .= ','.$recipient;
}

				}

				}

				$comma = '';
$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
while($user = $db->fetch_array($query))

				$comma = '';
$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
while($user = $db->fetch_array($query))

Zeile 910Zeile 930
	}

// New PM with recipient preset

	}

// New PM with recipient preset

	if($mybb->get_input('uid', 1) && empty($mybb->input['preview']))

	if($mybb->get_input('uid', MyBB::INPUT_INT) && empty($mybb->input['preview']))

	{

	{

		$query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', 1)."'");

		$query = $db->simple_select('users', 'username', "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");

		$to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
}


		$to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
}


Zeile 920Zeile 940
	if($mybb->usergroup['maxpmrecipients'] > 0)
{
$max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);

	if($mybb->usergroup['maxpmrecipients'] > 0)
{
$max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);

	}

	}


if($send_errors)
{


if($send_errors)
{

		$to = htmlspecialchars_uni($mybb->get_input('to'));
$bcc = htmlspecialchars_uni($mybb->get_input('bcc'));

		$to = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('to'))))));
$bcc = htmlspecialchars_uni(implode(', ', array_unique(array_map('trim', explode(',', $mybb->get_input('bcc'))))));

	}

// Load the auto complete javascript if it is enabled.
eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");

	}

// Load the auto complete javascript if it is enabled.
eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");


$pmid = $mybb->get_input('pmid', 1);


$pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);

	$do = $mybb->get_input('do');
if($do != "forward" && $do != "reply" && $do != "replyall")
{

	$do = $mybb->get_input('do');
if($do != "forward" && $do != "reply" && $do != "replyall")
{

Zeile 946Zeile 966
		eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
$buddy_select = 'bcc';
eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");

		eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
$buddy_select = 'bcc';
eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");

	}


	}


	// Hide tracking option if no permission
$private_send_tracking = '';
if($mybb->usergroup['cantrackpms'])

	// Hide tracking option if no permission
$private_send_tracking = '';
if($mybb->usergroup['cantrackpms'])

Zeile 964Zeile 984
if($mybb->input['action'] == "read")
{
$plugins->run_hooks("private_read");

if($mybb->input['action'] == "read")
{
$plugins->run_hooks("private_read");


$pmid = $mybb->get_input('pmid', 1);



$pmid = $mybb->get_input('pmid', MyBB::INPUT_INT);


	$query = $db->query("
SELECT pm.*, u.*, f.*
FROM ".TABLE_PREFIX."privatemessages pm

	$query = $db->query("
SELECT pm.*, u.*, f.*
FROM ".TABLE_PREFIX."privatemessages pm

Zeile 975Zeile 995
		WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
");
$pm = $db->fetch_array($query);

		WHERE pm.pmid='{$pmid}' AND pm.uid='".$mybb->user['uid']."'
");
$pm = $db->fetch_array($query);





	if(!$pm)
{
error($lang->error_invalidpm);

	if(!$pm)
{
error($lang->error_invalidpm);

	}

	}


if($pm['folder'] == 3)
{


if($pm['folder'] == 3)
{

Zeile 1000Zeile 1020
	foreach($data_key as $field => $key)
{
$pm[$key] = $groupscache[$pm['usergroup']][$field];

	foreach($data_key as $field => $key)
{
$pm[$key] = $groupscache[$pm['usergroup']][$field];

	}

	}


if($pm['receipt'] == 1)
{


if($pm['receipt'] == 1)
{

		if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', 1) == 1)

		if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->get_input('denyreceipt', MyBB::INPUT_INT) == 1)

		{
$receiptadd = 0;
}

		{
$receiptadd = 0;
}

Zeile 1027Zeile 1047
		{
$updatearray['receipt'] = $receiptadd;
}

		{
$updatearray['receipt'] = $receiptadd;
}





		$db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");

// Update the unread count - it has now changed.

		$db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");

// Update the unread count - it has now changed.

Zeile 1035Zeile 1055

// Update PM notice value if this is our last unread PM
if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)


// Update PM notice value if this is our last unread PM
if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)

		{

		{

			$updated_user = array(
"pmnotice" => 1
);
$db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");

			$updated_user = array(
"pmnotice" => 1
);
$db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");

		}

		}

	}
// Replied PM?
else if($pm['status'] == 3 && $pm['statustime'])

	}
// Replied PM?
else if($pm['status'] == 3 && $pm['statustime'])

	{

	{

		$reply_string = $lang->you_replied_on;
$reply_date = my_date('relative', $pm['statustime']);

		$reply_string = $lang->you_replied_on;
$reply_date = my_date('relative', $pm['statustime']);


if((TIME_NOW - $pm['statustime']) < 3600)


if((TIME_NOW - $pm['statustime']) < 3600)

		{
// Relative string for the first hour
$reply_string = $lang->you_replied;

		{
// Relative string for the first hour
$reply_string = $lang->you_replied;

		}

		}


$actioned_on = $lang->sprintf($reply_string, $reply_date);
eval("\$action_time = \"".$templates->get("private_read_action")."\";");


$actioned_on = $lang->sprintf($reply_string, $reply_date);
eval("\$action_time = \"".$templates->get("private_read_action")."\";");

Zeile 1061Zeile 1081
	{
$forward_string = $lang->you_forwarded_on;
$forward_date = my_date('relative', $pm['statustime']);

	{
$forward_string = $lang->you_forwarded_on;
$forward_date = my_date('relative', $pm['statustime']);





		if((TIME_NOW - $pm['statustime']) < 3600)
{
$forward_string = $lang->you_forwarded;

		if((TIME_NOW - $pm['statustime']) < 3600)
{
$forward_string = $lang->you_forwarded;

Zeile 1069Zeile 1089

$actioned_on = $lang->sprintf($forward_string, $forward_date);
eval("\$action_time = \"".$templates->get("private_read_action")."\";");


$actioned_on = $lang->sprintf($forward_string, $forward_date);
eval("\$action_time = \"".$templates->get("private_read_action")."\";");

	}

	}


$pm['userusername'] = $pm['username'];
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));


$pm['userusername'] = $pm['username'];
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));

Zeile 1107Zeile 1127
	}

// Fetch recipient names from the database

	}

// Fetch recipient names from the database

	$bcc_recipients = $to_recipients = array();

	$bcc_recipients = $to_recipients = $bcc_form_val = array();

	$query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
while($recipient = $db->fetch_array($query))
{
// User is a BCC recipient

	$query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
while($recipient = $db->fetch_array($query))
{
// User is a BCC recipient

 
		$recipient['username'] = htmlspecialchars_uni($recipient['username']);

		if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
{
$bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);

		if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
{
$bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);

 
			$bcc_form_val[] = $recipient['username'];

		}
// User is a normal recipient
else if(in_array($recipient['uid'], $pm['recipients']['to']))

		}
// User is a normal recipient
else if(in_array($recipient['uid'], $pm['recipients']['to']))

Zeile 1127Zeile 1149
	if(count($bcc_recipients) > 0)
{
$bcc_recipients = implode(', ', $bcc_recipients);

	if(count($bcc_recipients) > 0)
{
$bcc_recipients = implode(', ', $bcc_recipients);

 
		$bcc_form_val = implode(',', $bcc_form_val);

		eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");

		eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");

 
	}
else
{
$bcc_form_val = '';

	}

$replyall = false;

	}

$replyall = false;

Zeile 1137Zeile 1164
	}

if(count($to_recipients) > 0)

	}

if(count($to_recipients) > 0)

	{
$to_recipients = implode(", ", $to_recipients);
}

	{
$to_recipients = implode($lang->comma, $to_recipients);
}

	else
{
$to_recipients = $lang->nobody;
}

	else
{
$to_recipients = $lang->nobody;
}





	eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");

add_breadcrumb($pm['subject']);

	eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");

add_breadcrumb($pm['subject']);

Zeile 1160Zeile 1187
		if(!empty($mybb->user['signature']))
{
$optionschecked['signature'] = 'checked="checked"';

		if(!empty($mybb->user['signature']))
{
$optionschecked['signature'] = 'checked="checked"';

		}

		}

		if($mybb->usergroup['cantrackpms'] == 1)
{
$optionschecked['readreceipt'] = 'checked="checked"';

		if($mybb->usergroup['cantrackpms'] == 1)
{
$optionschecked['readreceipt'] = 'checked="checked"';

Zeile 1172Zeile 1199
			'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
'username' => $pm['username'],
'quote_is_pm' => true

			'message' => htmlspecialchars_uni($parser->parse_badwords($pm['message'])),
'username' => $pm['username'],
'quote_is_pm' => true

		);

		);

		$quoted_message = parse_quoted_message($quoted_message);

if($mybb->settings['maxpmquotedepth'] != '0')

		$quoted_message = parse_quoted_message($quoted_message);

if($mybb->settings['maxpmquotedepth'] != '0')

		{

		{

			$quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);

			$quoted_message = remove_message_quotes($quoted_message, $mybb->settings['maxpmquotedepth']);

		}


		}


		$subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);

if($mybb->user['uid'] == $pm['fromid'])

		$subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);

if($mybb->user['uid'] == $pm['fromid'])

		{

		{

			$to = htmlspecialchars_uni($mybb->user['username']);
}
else

			$to = htmlspecialchars_uni($mybb->user['username']);
}
else

Zeile 1199Zeile 1226

eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
}


eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
}




		
$expaltext = (in_array("quickreply", $collapse)) ? "[+]" : "[-]";

		eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
}


		eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
}


Zeile 1231Zeile 1259
	$query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "readpms");


	$query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "readpms");


	$page = $mybb->get_input('read_page', 1);

	$page = $mybb->get_input('read_page', MyBB::INPUT_INT);

	$pages = $postcount / $perpage;
$pages = ceil($pages);

if($mybb->get_input('read_page') == "last")

	$pages = $postcount / $perpage;
$pages = ceil($pages);

if($mybb->get_input('read_page') == "last")

	{
$page = $pages;
}

if($page > $pages || $page <= 0)
{

	{
$page = $pages;
}

if($page > $pages || $page <= 0)
{

		$page = 1;
}

if($page)

		$page = 1;
}

if($page)

	{

	{

		$start = ($page-1) * $perpage;
}
else

		$start = ($page-1) * $perpage;
}
else

	{

	{

		$start = 0;
$page = 1;

		$start = 0;
$page = 1;

	}


	}


	$read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");

$query = $db->query("

	$read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");

$query = $db->query("

Zeile 1268Zeile 1296
	while($readmessage = $db->fetch_array($query))
{
$readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));

	while($readmessage = $db->fetch_array($query))
{
$readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));

 
		$readmessage['tousername'] = htmlspecialchars_uni($readmessage['tousername']);

		$readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
$readdate = my_date('relative', $readmessage['readtime']);
eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");

		$readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
$readdate = my_date('relative', $readmessage['readtime']);
eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");

Zeile 1275Zeile 1304

$stoptrackingread = '';
if(!empty($readmessages))


$stoptrackingread = '';
if(!empty($readmessages))

	{

	{

		eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
}

if(!$readmessages)
{
eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");

		eval("\$stoptrackingread = \"".$templates->get("private_tracking_readmessage_stop")."\";");
}

if(!$readmessages)
{
eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");

	}


	}


	$query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "unreadpms");


	$query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "unreadpms");


	$page = $mybb->get_input('unread_page', 1);

	$page = $mybb->get_input('unread_page', MyBB::INPUT_INT);

	$pages = $postcount / $perpage;
$pages = ceil($pages);

if($mybb->get_input('unread_page') == "last")

	$pages = $postcount / $perpage;
$pages = ceil($pages);

if($mybb->get_input('unread_page') == "last")

	{

	{

		$page = $pages;
}


		$page = $pages;
}


Zeile 1304Zeile 1333
	if($page)
{
$start = ($page-1) * $perpage;

	if($page)
{
$start = ($page-1) * $perpage;

	}

	}

	else
{
$start = 0;
$page = 1;

	else
{
$start = 0;
$page = 1;

	}

	}


$unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");



$unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");


Zeile 1324Zeile 1353
	while($unreadmessage = $db->fetch_array($query))
{
$unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));

	while($unreadmessage = $db->fetch_array($query))
{
$unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));

 
		$unreadmessage['tousername'] = htmlspecialchars_uni($unreadmessage['tousername']);

		$unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
$senddate = my_date('relative', $unreadmessage['dateline']);
eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");

		$unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
$senddate = my_date('relative', $unreadmessage['dateline']);
eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");

Zeile 1356Zeile 1386

if(!empty($mybb->input['stoptracking']))
{


if(!empty($mybb->input['stoptracking']))
{

		$mybb->input['readcheck'] = $mybb->get_input('readcheck', 2);

		$mybb->input['readcheck'] = $mybb->get_input('readcheck', MyBB::INPUT_ARRAY);

		if(!empty($mybb->input['readcheck']))
{
foreach($mybb->input['readcheck'] as $key => $val)

		if(!empty($mybb->input['readcheck']))
{
foreach($mybb->input['readcheck'] as $key => $val)

Zeile 1372Zeile 1402
	}
elseif(!empty($mybb->input['stoptrackingunread']))
{

	}
elseif(!empty($mybb->input['stoptrackingunread']))
{

		$mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', 2);

		$mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);

		if(!empty($mybb->input['unreadcheck']))
{
foreach($mybb->input['unreadcheck'] as $key => $val)

		if(!empty($mybb->input['unreadcheck']))
{
foreach($mybb->input['unreadcheck'] as $key => $val)

Zeile 1388Zeile 1418
	}
elseif(!empty($mybb->input['cancel']))
{

	}
elseif(!empty($mybb->input['cancel']))
{

		$mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', 2);

		$mybb->input['unreadcheck'] = $mybb->get_input('unreadcheck', MyBB::INPUT_ARRAY);

		if(!empty($mybb->input['unreadcheck']))
{
foreach($mybb->input['unreadcheck'] as $pmid => $val)

		if(!empty($mybb->input['unreadcheck']))
{
foreach($mybb->input['unreadcheck'] as $pmid => $val)

Zeile 1413Zeile 1443
		$plugins->run_hooks("private_do_tracking_end");
redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
}

		$plugins->run_hooks("private_do_tracking_end");
redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
}

}


}


if($mybb->input['action'] == "stopalltracking")
{
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));

if($mybb->input['action'] == "stopalltracking")
{
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));





	$plugins->run_hooks("private_stopalltracking_start");

$sql_array = array(

	$plugins->run_hooks("private_stopalltracking_start");

$sql_array = array(

Zeile 1444Zeile 1474
		$fid = $folderinfo[0];
$foldername = get_pm_folder_name($fid, $foldername);


		$fid = $folderinfo[0];
$foldername = get_pm_folder_name($fid, $foldername);


		if($folderinfo[0] == "1" || $folderinfo[0] == "2" || $folderinfo[0] == "3" || $folderinfo[0] == "4")

		if((int)$folderinfo[0] < 5)

		{
$foldername2 = get_pm_folder_name($fid);
eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
unset($name);

		{
$foldername2 = get_pm_folder_name($fid);
eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
unset($name);

		}

		}

		else
{
eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
}

		else
{
eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
}

	}


	}


	$newfolders = '';
for($i = 1; $i <= 5; ++$i)
{

	$newfolders = '';
for($i = 1; $i <= 5; ++$i)
{

Zeile 1480Zeile 1510
	$highestid = 2;
$folders = '';
$donefolders = array();

	$highestid = 2;
$folders = '';
$donefolders = array();

	$mybb->input['folder'] = $mybb->get_input('folder', 2);

	$mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY);

	foreach($mybb->input['folder'] as $key => $val)
{
if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now

	foreach($mybb->input['folder'] as $key => $val)
{
if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now

Zeile 1493Zeile 1523
			else // Editing an existing folder
{
if($key > $highestid)

			else // Editing an existing folder
{
if($key > $highestid)

				{

				{

					$highestid = $key;
}

$fid = (int)$key;
// Use default language strings if empty or value is language string

					$highestid = $key;
}

$fid = (int)$key;
// Use default language strings if empty or value is language string

				switch($fid)

				if($val == get_pm_folder_name($fid) || trim($val) == '')

				{

				{

					case 1:
if($val == $lang->folder_inbox || trim($val) == '')
{
$val = '';
}
break;
case 2:
if($val == $lang->folder_sent_items || trim($val) == '')
{
$val = '';
}
break;
case 3:
if($val == $lang->folder_drafts || trim($val) == '')
{
$val = '';
}
break;
case 4:
if($val == $lang->folder_trash || trim($val) == '')
{
$val = '';
}
break;

					$val = '';
























				}
}


				}
}


			if($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4))

			if($val != '' && trim($val) == '' && !(is_numeric($key) && $key <= 4))

			{
// If the name only contains whitespace and it's not a default folder, print an error
error($lang->error_emptypmfoldername);
}


			{
// If the name only contains whitespace and it's not a default folder, print an error
error($lang->error_emptypmfoldername);
}


			if($val != '' || ($key >= 1 && $key <= 4))

			if($val != '' || (is_numeric($key) && $key <= 4))

			{
// If there is a name or if this is a default folder, save it
$foldername = $db->escape_string(htmlspecialchars_uni($val));

			{
// If there is a name or if this is a default folder, save it
$foldername = $db->escape_string(htmlspecialchars_uni($val));

Zeile 1609Zeile 1616
	$plugins->run_hooks("private_do_empty_start");

$emptyq = '';

	$plugins->run_hooks("private_do_empty_start");

$emptyq = '';

	$mybb->input['empty'] = $mybb->get_input('empty', 2);

	$mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);

	$keepunreadq = '';

	$keepunreadq = '';

	if($mybb->get_input('keepunread', 1) == 1)

	if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)

	{
$keepunreadq = " AND status!='0'";
}

	{
$keepunreadq = " AND status!='0'";
}

Zeile 1656Zeile 1663
	}
elseif(!empty($mybb->input['moveto']))
{

	}
elseif(!empty($mybb->input['moveto']))
{

		$mybb->input['check'] = $mybb->get_input('check', 2);

		$mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);

		if(!empty($mybb->input['check']))
{
foreach($mybb->input['check'] as $key => $val)

		if(!empty($mybb->input['check']))
{
foreach($mybb->input['check'] as $key => $val)

Zeile 1672Zeile 1679

if(!empty($mybb->input['fromfid']))
{


if(!empty($mybb->input['fromfid']))
{

			redirect("private.php?fid=".$mybb->get_input('fromfid', 1), $lang->redirect_pmsmoved);

			redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsmoved);

		}
else
{

		}
else
{

Zeile 1681Zeile 1688
	}
elseif(!empty($mybb->input['delete']))
{

	}
elseif(!empty($mybb->input['delete']))
{

		$mybb->input['check'] = $mybb->get_input('check', 2);

		$mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);

		if(!empty($mybb->input['check']))
{
$pmssql = '';

		if(!empty($mybb->input['check']))
{
$pmssql = '';

Zeile 1723Zeile 1730

if(!empty($mybb->input['fromfid']))
{


if(!empty($mybb->input['fromfid']))
{

			redirect("private.php?fid=".$mybb->get_input('fromfid', 1), $lang->redirect_pmsdeleted);

			redirect("private.php?fid=".$mybb->get_input('fromfid', MyBB::INPUT_INT), $lang->redirect_pmsdeleted);

		}
else
{

		}
else
{

Zeile 1739Zeile 1746

$plugins->run_hooks("private_delete_start");



$plugins->run_hooks("private_delete_start");


	$query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', 1)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));

	$query = $db->simple_select("privatemessages", "*", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));

	if($db->num_rows($query) == 1)
{

	if($db->num_rows($query) == 1)
{

		$db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', 1)."'");

		$db->delete_query("privatemessages", "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."'");

	}
else
{

	}
else
{

Zeile 1750Zeile 1757
			"folder" => 4,
"deletetime" => TIME_NOW
);

			"folder" => 4,
"deletetime" => TIME_NOW
);

		$db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', 1)."' AND uid='".$mybb->user['uid']."'");

		$db->update_query("privatemessages", $sql_array, "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'");

	}

// Update PM count

	}

// Update PM count

Zeile 1798Zeile 1805

$plugins->run_hooks("private_do_export_start");



$plugins->run_hooks("private_do_export_start");


	$lang->private_messages_for = $lang->sprintf($lang->private_messages_for, $mybb->user['username']);

	$lang->private_messages_for = $lang->sprintf($lang->private_messages_for, htmlspecialchars_uni($mybb->user['username']));

	$exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
$extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
$lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);

	$exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
$extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
$lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);

Zeile 1810Zeile 1817
		$foldersexploded[$key] = implode("**", $folderinfo);
}


		$foldersexploded[$key] = implode("**", $folderinfo);
}


	if($mybb->get_input('pmid', 1))

	if($mybb->get_input('pmid', MyBB::INPUT_INT))

	{

	{

		$wsql = "pmid='".$mybb->get_input('pmid', 1)."' AND uid='".$mybb->user['uid']."'";

		$wsql = "pmid='".$mybb->get_input('pmid', MyBB::INPUT_INT)."' AND uid='".$mybb->user['uid']."'";

	}
else
{

	}
else
{

		if($mybb->get_input('daycut', 1) && ($mybb->get_input('dayway') != "disregard"))

		if($mybb->get_input('daycut', MyBB::INPUT_INT) && ($mybb->get_input('dayway') != "disregard"))

		{

		{

			$datecut = TIME_NOW-($mybb->get_input('daycut', 1) * 86400);

			$datecut = TIME_NOW-($mybb->get_input('daycut', MyBB::INPUT_INT) * 86400);

			$wsql = "pm.dateline";
if($mybb->get_input('dayway') == "older")
{

			$wsql = "pm.dateline";
if($mybb->get_input('dayway') == "older")
{

Zeile 1835Zeile 1842
			$wsql = "1=1";
}


			$wsql = "1=1";
}


		$mybb->input['exportfolders'] = $mybb->get_input('exportfolders', 2);

		$mybb->input['exportfolders'] = $mybb->get_input('exportfolders', MyBB::INPUT_ARRAY);

		if(!empty($mybb->input['exportfolders']))
{
$folderlst = '';

		if(!empty($mybb->input['exportfolders']))
{
$folderlst = '';

Zeile 1870Zeile 1877
			error($lang->error_pmnoarchivefolders);
}


			error($lang->error_pmnoarchivefolders);
}


		if($mybb->get_input('exportunread', 1) != 1)

		if($mybb->get_input('exportunread', MyBB::INPUT_INT) != 1)

		{
$wsql .= " AND pm.status!='0'";
}

		{
$wsql .= " AND pm.status!='0'";
}

Zeile 1946Zeile 1953
		$message['subject'] = $parser->parse_badwords($message['subject']);
if($message['folder'] != "3")
{

		$message['subject'] = $parser->parse_badwords($message['subject']);
if($message['folder'] != "3")
{

			$senddate = my_date($mybb->settings['dateformat'], $message['dateline']);
$sendtime = my_date($mybb->settings['timeformat'], $message['dateline']);

			$senddate = my_date($mybb->settings['dateformat'], $message['dateline'], "", false);
$sendtime = my_date($mybb->settings['timeformat'], $message['dateline'], "", false);

			$senddate .= " $lang->at $sendtime";
}
else

			$senddate .= " $lang->at $sendtime";
}
else

Zeile 1979Zeile 1986

if($mybb->input['exporttype'] == "csv")
{


if($mybb->input['exporttype'] == "csv")
{

			$message['message'] = addslashes($message['message']);
$message['subject'] = addslashes($message['subject']);
$message['tousername'] = addslashes($message['tousername']);
$message['fromusername'] = addslashes($message['fromusername']);

			$message['message'] = my_escape_csv($message['message']);
$message['subject'] = my_escape_csv($message['subject']);
$message['tousername'] = my_escape_csv($message['tousername']);
$message['fromusername'] = my_escape_csv($message['fromusername']);

		}

if(empty($donefolder[$message['folder']]))

		}

if(empty($donefolder[$message['folder']]))

Zeile 2004Zeile 2011
					}
else
{

					}
else
{

						$foldername = addslashes($folderinfo[1]);

						$foldername = my_escape_csv($folderinfo[1]);

					}
$donefolder[$message['folder']] = 1;
}

					}
$donefolder[$message['folder']] = 1;
}

Zeile 2025Zeile 2032
	$plugins->run_hooks("private_do_export_end");

eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");

	$plugins->run_hooks("private_do_export_end");

eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");

	if($mybb->get_input('deletepms', 1) == 1)

	if($mybb->get_input('deletepms', MyBB::INPUT_INT) == 1)

	{ // delete the archived pms
$db->delete_query("privatemessages", "pmid IN ('0'$ids)");
// Update PM count

	{ // delete the archived pms
$db->delete_query("privatemessages", "pmid IN ('0'$ids)");
// Update PM count

Zeile 2058Zeile 2065
	}
else
{

	}
else
{

 
		echo "\xEF\xBB\xBF"; // UTF-8 BOM

		echo $archived;
}
}

		echo $archived;
}
}

Zeile 2068Zeile 2076

if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
{


if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
{

		$mybb->input['fid'] = 1;

		$mybb->input['fid'] = 0;

	}


	}


	$folder = $mybb->input['fid'];
$foldername = $foldernames[$folder];


	$fid = (int)$mybb->input['fid'];
$folder = !$fid ? 1 : $fid;
$foldername = $foldernames[$fid];


if($folder == 2 || $folder == 3)
{ // Sent Items Folder


if($folder == 2 || $folder == 3)
{ // Sent Items Folder

Zeile 2124Zeile 2133

// Do Multi Pages
$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");


// Do Multi Pages
$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");

	$pmscount = $db->fetch_array($query);

	$pmscount = $db->fetch_field($query, "total");


if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
{


if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
{

Zeile 2132Zeile 2141
	}

$perpage = $mybb->settings['threadsperpage'];

	}

$perpage = $mybb->settings['threadsperpage'];

	$page = $mybb->get_input('page', 1);

	$page = $mybb->get_input('page', MyBB::INPUT_INT);


if($page > 0)
{
$start = ($page-1) *$perpage;


if($page > 0)
{
$start = ($page-1) *$perpage;

	}
else
{







		$pages = ceil($pmscount / $perpage);
if($page > $pages)
{
$start = 0;
$page = 1;
}
}
else
{

		$start = 0;
$page = 1;

		$start = 0;
$page = 1;

	}

	}


$end = $start + $perpage;
$lower = $start+1;
$upper = $end;

if($upper > $pmscount)


$end = $start + $perpage;
$lower = $start+1;
$upper = $end;

if($upper > $pmscount)

	{

	{

		$upper = $pmscount;

		$upper = $pmscount;

	}

	}


if($mybb->input['order'] || ($sortby && $sortby != "dateline"))


if($mybb->input['order'] || ($sortby && $sortby != "dateline"))

	{
$page_url = "private.php?fid={$folder}&sortby={$sortby}&order={$mybb->input['order']}";
}
else
{
$page_url = "private.php?fid={$folder}";
}

	{
$page_url = "private.php?fid={$fid}&sortby={$sortby}&order={$sortordernow}";
}
else
{
$page_url = "private.php?fid={$fid}";
}





	$multipage = multipage($pmscount['total'], $perpage, $page, $page_url);
$messagelist = '';

	$multipage = multipage($pmscount, $perpage, $page, $page_url);
$selective = $messagelist = '';


$icon_cache = $cache->read("posticons");



$icon_cache = $cache->read("posticons");


Zeile 2186Zeile 2201
			FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'

			FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
WHERE pm.folder='{$folder}' AND pm.uid='{$mybb->user['uid']}'

			ORDER BY {$u}{$sortfield} {$mybb->input['order']}

			ORDER BY {$u}{$sortfield} {$sortordernow}

			LIMIT {$start}, {$perpage}
");
while($row = $db->fetch_array($users_query))

			LIMIT {$start}, {$perpage}
");
while($row = $db->fetch_array($users_query))

Zeile 2229Zeile 2244
	}
else
{

	}
else
{

 
		if($fid == 1)
{
$selective = ' AND pm.status="0"';
}


		if($sortfield == "username")
{
$pm = "fu.";

		if($sortfield == "username")
{
$pm = "fu.";

Zeile 2244Zeile 2264
		FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)

		FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)

		WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'

		WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'{$selective}

		ORDER BY {$pm}{$sortfield} {$sortordernow}
LIMIT $start, $perpage
");

		ORDER BY {$pm}{$sortfield} {$sortordernow}
LIMIT $start, $perpage
");

Zeile 2253Zeile 2273
	{
while($message = $db->fetch_array($query))
{

	{
while($message = $db->fetch_array($query))
{

			$msgalt = $msgsuffix = $msgprefix = '';


			$msgalt = $msgstatus = '';


			// Determine Folder Icon
if($message['status'] == 0)
{

			// Determine Folder Icon
if($message['status'] == 0)
{

				$msgfolder = 'new_pm.png';

				$msgstatus = 'new_pm';

				$msgalt = $lang->new_pm;

				$msgalt = $lang->new_pm;

				$msgprefix = "<strong>";
$msgsuffix = "</strong>";

 
			}

			}

			elseif($message['status'] == 1)

			else if($message['status'] == 1)

			{

			{

				$msgfolder = 'old_pm.png';

				$msgstatus = 'old_pm';

				$msgalt = $lang->old_pm;
}

				$msgalt = $lang->old_pm;
}

			elseif($message['status'] == 3)

			else if($message['status'] == 3)

			{

			{

				$msgfolder = 're_pm.png';

				$msgstatus = 're_pm';

				$msgalt = $lang->reply_pm;
}

				$msgalt = $lang->reply_pm;
}

			elseif($message['status'] == 4)

			else if($message['status'] == 4)

			{

			{

				$msgfolder = 'fw_pm.png';

				$msgstatus = 'fw_pm';

				$msgalt = $lang->fwd_pm;
}


				$msgalt = $lang->fwd_pm;
}


Zeile 2283Zeile 2302
			{ // Sent Items or Drafts Folder Check
$recipients = my_unserialize($message['recipients']);
$to_users = $bcc_users = '';

			{ // Sent Items or Drafts Folder Check
$recipients = my_unserialize($message['recipients']);
$to_users = $bcc_users = '';

				if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))

				if(isset($recipients['to']) && count($recipients['to']) > 1 || (isset($recipients['to']) && count($recipients['to']) == 1 && isset($recipients['bcc']) && count($recipients['bcc']) > 0))

				{
foreach($recipients['to'] as $uid)
{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

				{
foreach($recipients['to'] as $uid)
{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

 
						$user['username'] = htmlspecialchars_uni($user['username']);

						$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
if(!$user['username'])
{

						$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
if(!$user['username'])
{

Zeile 2303Zeile 2323
						{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

						{
$profilelink = get_profile_link($uid);
$user = $cached_users[$uid];

 
							$user['username'] = htmlspecialchars_uni($user['username']);

							$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
if(!$user['username'])
{

							$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
if(!$user['username'])
{

Zeile 2316Zeile 2337
				}
else if($message['toid'])
{

				}
else if($message['toid'])
{

					$tofromusername = $message['tousername'];

					$tofromusername = htmlspecialchars_uni($message['tousername']);

					$tofromuid = $message['toid'];

					$tofromuid = $message['toid'];

				}

				}

				else
{
$tofromusername = $lang->not_sent;

				else
{
$tofromusername = $lang->not_sent;

Zeile 2326Zeile 2347
			}
else
{

			}
else
{

				$tofromusername = $message['fromusername'];

				$tofromusername = htmlspecialchars_uni($message['fromusername']);

				$tofromuid = $message['fromid'];
if($tofromuid == 0)
{

				$tofromuid = $message['fromid'];
if($tofromuid == 0)
{

Zeile 2355Zeile 2376
			{
$icon = $icon_cache[$message['icon']];
$icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);

			{
$icon = $icon_cache[$message['icon']];
$icon['path'] = str_replace("{theme}", $theme['imgdir'], $icon['path']);

 
				$icon['path'] = htmlspecialchars_uni($icon['path']);
$icon['name'] = htmlspecialchars_uni($icon['name']);

				eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
}
else

				eval("\$icon = \"".$templates->get("private_messagebit_icon")."\";");
}
else

Zeile 2388Zeile 2411
	}

$pmspacebar = '';

	}

$pmspacebar = '';

	if($mybb->usergroup['pmquota'] != '0' && $mybb->usergroup['cancp'] != 1)

	if($mybb->usergroup['pmquota'] != 0)

	{
$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
$pmscount = $db->fetch_array($query);

	{
$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
$pmscount = $db->fetch_array($query);

Zeile 2452Zeile 2475
	}

$limitwarning = '';

	}

$limitwarning = '';

	if($mybb->usergroup['pmquota'] != "0" && $pmscount['total'] >= $mybb->usergroup['pmquota'] && $mybb->usergroup['cancp'] != 1)

	if($mybb->usergroup['pmquota'] != 0 && $pmscount['total'] >= $mybb->usergroup['pmquota'])

	{
eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
}

	{
eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
}