Vergleich private.php - 1.8.13 - 1.8.22

	error_no_permission();
}

	error_no_permission();
}

if(!$mybb->user['pmfolders'])
{

if(!$mybb->user['pmfolders'])
{

	$sql_array = array(

	$sql_array = array(

	);
	$db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);

	);
	$db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);

$folder_id = $folder_name = '';

$foldernames = array();

$folder_id = $folder_name = '';

$foldernames = array();

	eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
	eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");

	eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");
	eval("\$folderoplist_folder .= \"".$templates->get("private_jump_folders_folder")."\";");

}

}

eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
eval("\$folderoplist = \"".$templates->get("private_move")."\";");

eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
eval("\$folderoplist = \"".$templates->get("private_move")."\";");

		"sender" => $mybb->get_input('sender'),
		"status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
		"folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)

		"sender" => $mybb->get_input('sender'),
		"status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
		"folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)

	if($db->can_search == true)
	{
		require_once MYBB_ROOT."inc/functions_search.php";

	if($db->can_search == true)
	{
		require_once MYBB_ROOT."inc/functions_search.php";

		$search_results = privatemessage_perform_search_mysql($search_data);
	}
	else

		$search_results = privatemessage_perform_search_mysql($search_data);
	}
	else

		error($lang->error_no_search_support);
	}
	$sid = md5(uniqid(microtime(), true));

		error($lang->error_no_search_support);
	}
	$sid = md5(uniqid(microtime(), true));

	if(in_array($mybb->get_input('sort'), $sortby))
	{
		$sortby = $mybb->get_input('sort');

	if(in_array($mybb->get_input('sort'), $sortby))
	{
		$sortby = $mybb->get_input('sort');

	else
	{
		$sortby = "dateline";

	else
	{
		$sortby = "dateline";

	{
		$mybb->settings['threadsperpage'] = 20;
	}

	{
		$mybb->settings['threadsperpage'] = 20;
	}

	// Work out pagination, which page we're at, as well as the limits.
	$perpage = $mybb->settings['threadsperpage'];

	// Work out pagination, which page we're at, as well as the limits.
	$perpage = $mybb->settings['threadsperpage'];

	if($page > 0)
	{
		$start = ($page-1) * $perpage;

	if($page > 0)
	{
		$start = ($page-1) * $perpage;

	else
	{
		$start = 0;
		$page = 1;

	else
	{
		$start = 0;
		$page = 1;

	$end = $start + $perpage;
	$lower = $start+1;
	$upper = $end;

	$end = $start + $perpage;
	$lower = $start+1;
	$upper = $end;

	// Work out if we have terms to highlight
	$highlight = "";
	if($search['keywords'])

	// Work out if we have terms to highlight
	$highlight = "";
	if($search['keywords'])

		$highlight = "&highlight=".urlencode($search['keywords']);

		$highlight = "&highlight=".urlencode($search['keywords']);

	if($upper > $pmscount)
	{
		$upper = $pmscount;
	}

	if($upper > $pmscount)
	{
		$upper = $pmscount;
	}

	$messagelist = '';

	$messagelist = '';

	$icon_cache = $cache->read("posticons");

	// Cache users in multiple recipients for sent & drafts folder

	$icon_cache = $cache->read("posticons");

	// Cache users in multiple recipients for sent & drafts folder

	$cached_users = $get_users = array();
	$users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
	while($row = $db->fetch_array($users_query))

	$cached_users = $get_users = array();
	$users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
	while($row = $db->fetch_array($users_query))

		$recipients = my_unserialize($row['recipients']);
		if(is_array($recipients['to']) && count($recipients['to']))

		$recipients = my_unserialize($row['recipients']);
		if(is_array($recipients['to']) && count($recipients['to']))

			$get_users = array_merge($get_users, $recipients['to']);

			$get_users = array_merge($get_users, $recipients['to']);

		if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
		{

		if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
		{

	{
		$users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
		while($user = $db->fetch_array($users_query))

	{
		$users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
		while($user = $db->fetch_array($users_query))

			$cached_users[$user['uid']] = $user;
		}
	}

			$cached_users[$user['uid']] = $user;
		}
	}

		{
			$msgstatus = 'fw_pm';
			$msgalt = $lang->fwd_pm;

		{
			$msgstatus = 'fw_pm';
			$msgalt = $lang->fwd_pm;

		$folder = $message['folder'];

		$folder = $message['folder'];

					$user['username'] = htmlspecialchars_uni($user['username']);
					$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
					eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");

					$user['username'] = htmlspecialchars_uni($user['username']);
					$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
					eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");

				if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
				{
					eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");

				if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
				{
					eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");

			{
				$tofromusername = htmlspecialchars_uni($message['tousername']);
				$tofromuid = $message['toid'];

			{
				$tofromusername = htmlspecialchars_uni($message['tousername']);
				$tofromuid = $message['toid'];

			else
			{
				$tofromusername = $lang->not_sent;

			else
			{
				$tofromusername = $lang->not_sent;

		else
		{
			$tofromusername = htmlspecialchars_uni($message['fromusername']);

		else
		{
			$tofromusername = htmlspecialchars_uni($message['fromusername']);

				$tofromusername = $lang->mybb_engine;
			}
		}

				$tofromusername = $lang->mybb_engine;
			}
		}

		$tofromusername = build_profile_link($tofromusername, $tofromuid);

		$denyreceipt = '';

		$tofromusername = build_profile_link($tofromusername, $tofromuid);

		$denyreceipt = '';

		if($message['icon'] > 0 && $icon_cache[$message['icon']])
		{
			$icon = $icon_cache[$message['icon']];

		if($message['icon'] > 0 && $icon_cache[$message['icon']])
		{
			$icon = $icon_cache[$message['icon']];

			$senddate = $lang->not_sent;
		}

			$senddate = $lang->not_sent;
		}

		// What we do here is parse the post using our post parser, then strip the tags from it
		$parser_options = array(

		// What we do here is parse the post using our post parser, then strip the tags from it
		$parser_options = array(

	// Attempt to see if this PM is a duplicate or not
	$to = array_map("trim", explode(",", $mybb->get_input('to')));

	// Attempt to see if this PM is a duplicate or not
	$to = array_map("trim", explode(",", $mybb->get_input('to')));

	$to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
	$time_cutoff = TIME_NOW - (5 * 60 * 60);
	$query = $db->query("

	$to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
	$time_cutoff = TIME_NOW - (5 * 60 * 60);
	$query = $db->query("

		{
			$optionschecked['readreceipt'] = 'checked="checked"';
		}

		{
			$optionschecked['readreceipt'] = 'checked="checked"';
		}

	}

	$preview = '';

	}

	$preview = '';

	if($send_errors)
	{

	if($send_errors)
	{

	}

	// Load the auto complete javascript if it is enabled.

	}

	// Load the auto complete javascript if it is enabled.

		$bcc_recipients = implode(', ', $bcc_recipients);
		$bcc_form_val = implode(',', $bcc_form_val);
		eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");

		$bcc_recipients = implode(', ', $bcc_recipients);
		$bcc_form_val = implode(',', $bcc_form_val);
		eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");

	{
		$bcc_form_val = '';
	}

	{
		$bcc_form_val = '';
	}

			eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
		}

			eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
		}

		eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
	}

		eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
	}

	$query = $db->query("
		SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername

	$query = $db->query("
		SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername

		WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
		ORDER BY pm.readtime DESC
		LIMIT {$start}, {$perpage}

		WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
		ORDER BY pm.readtime DESC
		LIMIT {$start}, {$perpage}

		if(!empty($mybb->input['unreadcheck']))
		{
			foreach($mybb->input['unreadcheck'] as $pmid => $val)

		if(!empty($mybb->input['unreadcheck']))
		{
			foreach($mybb->input['unreadcheck'] as $pmid => $val)

				$pmids[$pmid] = (int)$pmid;
			}

				$pmids[$pmid] = (int)$pmid;
			}

	$sql_array = array(
		"receipt" => 0

	$sql_array = array(
		"receipt" => 0

	$db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);

	$plugins->run_hooks("private_stopalltracking_end");

	$db->update_query("privatemessages", $sql_array, "receipt='2' AND folder!='3' AND status!='0' AND fromid=".$mybb->user['uid']);

	$plugins->run_hooks("private_stopalltracking_end");

		$foldername = $folderinfo[1];
		$fid = $folderinfo[0];
		$foldername = get_pm_folder_name($fid, $foldername);

		$foldername = $folderinfo[1];
		$fid = $folderinfo[0];
		$foldername = get_pm_folder_name($fid, $foldername);

			$foldername2 = get_pm_folder_name($fid);
			eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
			unset($name);

			$foldername2 = get_pm_folder_name($fid);
			eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
			unset($name);

		else
		{
			eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");

		else
		{
			eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");

	$newfolders = '';
	for($i = 1; $i <= 5; ++$i)

	$newfolders = '';
	for($i = 1; $i <= 5; ++$i)

		$fid = "new$i";
		$foldername = '';
		eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");

		$fid = "new$i";
		$foldername = '';
		eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");

{
	// Verify incoming POST request
	verify_post_check($mybb->get_input('my_post_key'));

{
	// Verify incoming POST request
	verify_post_check($mybb->get_input('my_post_key'));

	$plugins->run_hooks("private_do_folders_start");

	$highestid = 2;

	$plugins->run_hooks("private_do_folders_start");

	$highestid = 2;

		if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
		{
			if(my_substr($key, 0, 3) == "new") // Create a new folder

		if(empty($donefolders[$val]) )// Probably was a check for duplicate folder names, but doesn't seem to be used now
		{
			if(my_substr($key, 0, 3) == "new") // Create a new folder

				++$highestid;
				$fid = (int)$highestid;
			}
			else // Editing an existing folder

				++$highestid;
				$fid = (int)$highestid;
			}
			else // Editing an existing folder

				if($key > $highestid)
				{
					$highestid = $key;

				if($key > $highestid)
				{
					$highestid = $key;

				$fid = (int)$key;
				// Use default language strings if empty or value is language string

				$fid = (int)$key;
				// Use default language strings if empty or value is language string

			}

			}

			{
				// If the name only contains whitespace and it's not a default folder, print an error
				error($lang->error_emptypmfoldername);
			}

			{
				// If the name only contains whitespace and it's not a default folder, print an error
				error($lang->error_emptypmfoldername);
			}

			{
				// If there is a name or if this is a default folder, save it
				$foldername = $db->escape_string(htmlspecialchars_uni($val));

			{
				// If there is a name or if this is a default folder, save it
				$foldername = $db->escape_string(htmlspecialchars_uni($val));

				else
				{
					error($lang->error_invalidpmfoldername);

				else
				{
					error($lang->error_invalidpmfoldername);

			else
			{
				// Delete PMs from the folder

			else
			{
				// Delete PMs from the folder

		"pmfolders" => $folders
	);
	$db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");

		"pmfolders" => $folders
	);
	$db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");

	// Update PM count
	update_pm_count();

	// Update PM count
	update_pm_count();

	redirect("private.php", $lang->redirect_pmfoldersupdated);
}

	redirect("private.php", $lang->redirect_pmfoldersupdated);
}

if($mybb->input['action'] == "empty")
{
	if($mybb->user['totalpms'] == 0)

if($mybb->input['action'] == "empty")
{
	if($mybb->user['totalpms'] == 0)

	$plugins->run_hooks("private_empty_start");

	$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);

	$plugins->run_hooks("private_empty_start");

	$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);

	foreach($foldersexploded as $key => $folders)

	foreach($foldersexploded as $key => $folders)

		$folderinfo = explode("**", $folders, 2);
		$fid = $folderinfo[0];

		$folderinfo = explode("**", $folders, 2);
		$fid = $folderinfo[0];

		$thing = $db->fetch_array($query);
		$foldercount = my_number_format($thing['pmsinfolder']);
		eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");

		$thing = $db->fetch_array($query);
		$foldercount = my_number_format($thing['pmsinfolder']);
		eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");

	$plugins->run_hooks("private_empty_end");

	eval("\$folders = \"".$templates->get("private_empty")."\";");

	$plugins->run_hooks("private_empty_end");

	eval("\$folders = \"".$templates->get("private_empty")."\";");

{
	// Verify incoming POST request
	verify_post_check($mybb->get_input('my_post_key'));

{
	// Verify incoming POST request
	verify_post_check($mybb->get_input('my_post_key'));

	$plugins->run_hooks("private_do_empty_start");

	$emptyq = '';
	$mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
	$keepunreadq = '';
	if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)

	$plugins->run_hooks("private_do_empty_start");

	$emptyq = '';
	$mybb->input['empty'] = $mybb->get_input('empty', MyBB::INPUT_ARRAY);
	$keepunreadq = '';
	if($mybb->get_input('keepunread', MyBB::INPUT_INT) == 1)

		$keepunreadq = " AND status!='0'";
	}
	if(!empty($mybb->input['empty']))

		$keepunreadq = " AND status!='0'";
	}
	if(!empty($mybb->input['empty']))

		foreach($mybb->input['empty'] as $key => $val)
		{
			if($val == 1)

		foreach($mybb->input['empty'] as $key => $val)
		{
			if($val == 1)

				}
				$emptyq .= "folder='$key'";
			}

				}
				$emptyq .= "folder='$key'";
			}

		if($emptyq != '')
		{

		if($emptyq != '')
		{

	verify_post_check($mybb->get_input('my_post_key'));

	$plugins->run_hooks("private_do_stuff");

	verify_post_check($mybb->get_input('my_post_key'));

	$plugins->run_hooks("private_do_stuff");

	if(!empty($mybb->input['hop']))
	{
		header("Location: private.php?fid=".$mybb->get_input('jumpto'));
	}
	elseif(!empty($mybb->input['moveto']))

	if(!empty($mybb->input['hop']))
	{
		header("Location: private.php?fid=".$mybb->get_input('jumpto'));
	}
	elseif(!empty($mybb->input['moveto']))

			foreach($mybb->input['check'] as $key => $val)
			{
				$sql_array = array(

			foreach($mybb->input['check'] as $key => $val)
			{
				$sql_array = array(

				);
				$db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
			}

				);
				$db->update_query("privatemessages", $sql_array, "pmid='".(int)$key."' AND uid='".$mybb->user['uid']."'");
			}

		// Update PM count
		update_pm_count();

		// Update PM count
		update_pm_count();

	{
		$mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
		if(!empty($mybb->input['check']))

	{
		$mybb->input['check'] = $mybb->get_input('check', MyBB::INPUT_ARRAY);
		if(!empty($mybb->input['check']))

			$pmssql = '';
			foreach($mybb->input['check'] as $key => $val)
			{

			$pmssql = '';
			foreach($mybb->input['check'] as $key => $val)
			{

	if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
	{

	if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
	{

	}

	}

	if($folder == 2 || $folder == 3)
	{ // Sent Items Folder

	if($folder == 2 || $folder == 3)
	{ // Sent Items Folder

	eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");

	// Do Multi Pages

	eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");

	// Do Multi Pages

	if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
	{

	if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
	{

	if($page > 0)
	{
		$start = ($page-1) *$perpage;

	if($page > 0)
	{
		$start = ($page-1) *$perpage;

	else
	{
		$start = 0;

	else
	{
		$start = 0;

	}

	if($mybb->input['order'] || ($sortby && $sortby != "dateline"))

	}

	if($mybb->input['order'] || ($sortby && $sortby != "dateline"))

	// Cache users in multiple recipients for sent & drafts folder
	if($folder == 2 || $folder == 3)

	// Cache users in multiple recipients for sent & drafts folder
	if($folder == 2 || $folder == 3)

		else
		{
			$u = "pm.";

		else
		{
			$u = "pm.";

		// Get all recipients into an array
		$cached_users = $get_users = array();
		$users_query = $db->query("

		// Get all recipients into an array
		$cached_users = $get_users = array();
		$users_query = $db->query("

			if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
			{
				$get_users = array_merge($get_users, $recipients['bcc']);

			if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
			{
				$get_users = array_merge($get_users, $recipients['bcc']);

		// Grab info
		if($get_users)

		// Grab info
		if($get_users)

	}
	else
	{

	}
	else
	{

		if($sortfield == "username")
		{
			$pm = "fu.";

		if($sortfield == "username")
		{
			$pm = "fu.";

		FROM ".TABLE_PREFIX."privatemessages pm
		LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
		LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)

		FROM ".TABLE_PREFIX."privatemessages pm
		LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
		LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)

		ORDER BY {$pm}{$sortfield} {$sortordernow}
		LIMIT $start, $perpage
	");

		ORDER BY {$pm}{$sortfield} {$sortordernow}
		LIMIT $start, $perpage
	");

			{ // Sent Items or Drafts Folder Check
				$recipients = my_unserialize($message['recipients']);
				$to_users = $bcc_users = '';

			{ // Sent Items or Drafts Folder Check
				$recipients = my_unserialize($message['recipients']);
				$to_users = $bcc_users = '';

				{
					foreach($recipients['to'] as $uid)
					{

				{
					foreach($recipients['to'] as $uid)
					{