Vergleich inc/datahandlers/pm.php - 1.6.7 - 1.6.10

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * $Id: pm.php 5756 2012-03-09 15:05:12Z Tomm $

 * $Id$

 */

// Disallow direct access to this file for security reasons

 */

// Disallow direct access to this file for security reasons

Zeile 34Zeile 34
	* @var string
*/
public $language_prefix = 'pmdata';

	* @var string
*/
public $language_prefix = 'pmdata';

	



	/**
* Array of data inserted in to a private message.

	/**
* Array of data inserted in to a private message.

	 *
* @var array
*/

	 *
* @var array
*/

	public $pm_insert_data = array();

	public $pm_insert_data = array();





	/**
* Array of data used to update a private message.
*
* @var array
*/
public $pm_update_data = array();

	/**
* Array of data used to update a private message.
*
* @var array
*/
public $pm_update_data = array();

	



	/**
* PM ID currently being manipulated by the datahandlers.
*/

	/**
* PM ID currently being manipulated by the datahandlers.
*/

	public $pmid = 0;	

	public $pmid = 0;


/**
* Verifies a private message subject.


/**
* Verifies a private message subject.

Zeile 162Zeile 162
				if(!is_array($pm[$recipient_type]))
{
$pm[$recipient_type] = array($pm[$recipient_type]);

				if(!is_array($pm[$recipient_type]))
{
$pm[$recipient_type] = array($pm[$recipient_type]);

				}
foreach($pm[$recipient_type] as $username)
{
$username = trim($username);
if(empty($username))
{
continue;
}
// Check that this recipient actually exists
$query = $db->simple_select("users", "*", "username='".$db->escape_string($username)."'");
$user = $db->fetch_array($query);
if($recipient_type == "bcc")
{
$user['bcc'] = 1;
}
if($user['uid'])
{
$recipients[] = $user;

				}

$recipientUsernames = array_map('trim', $pm[$recipient_type]);
$recipientUsernames = array_filter($recipientUsernames);
$recipientUsernames = array_map(array($db, 'escape_string'), $recipientUsernames);
$recipientUsernames = "'".implode("','", $recipientUsernames)."'";

$query = $db->simple_select('users', '*', 'username IN('.$recipientUsernames.')');

$validUsernames = array();

while ($user = $db->fetch_array($query)) {
if ($recipient_type == "bcc") {
$user['bcc'] = 1;





					}

					}

					else
{







$recipients[] = $user;
$validUsernames[] = $user['username'];
}

foreach ($pm[$recipient_type] as $username) {
if (!in_array($username, $validUsernames) AND trim($username)) {

						$invalid_recipients[] = $username;
}
}

						$invalid_recipients[] = $username;
}
}

Zeile 200Zeile 201
				}
if(is_array($pm[$recipient_type]))
{

				}
if(is_array($pm[$recipient_type]))
{

					foreach($pm[$recipient_type] as $uid)
{
// Check that this recipient actually exists
$query = $db->simple_select("users", "*", "uid='".intval($uid)."'");
$user = $db->fetch_array($query);
if($recipient_type == "bccid")
{




					$recipientUids = array_map('intval', $pm[$recipient_type]);
$recipientUids = array_filter($recipientUids);
$recipientUids = "'".implode("','", $recipientUids)."'";

$query = $db->simple_select('users', '*', 'uid IN('.$recipientUids.')');

$validUids = array();

while ($user = $db->fetch_array($query)) {
if ($recipient_type == "bcc") {

							$user['bcc'] = 1;
}

							$user['bcc'] = 1;
}

						if($user['uid'])
{
$recipients[] = $user;
}
else
{



$recipients[] = $user;
$validUids[] = $user['uid'];
}

foreach ($pm[$recipient_type] as $uid) {
if (!in_array($uid, $validUids) AND trim($uid)) {

							$invalid_recipients[] = $uid;
}
}

							$invalid_recipients[] = $uid;
}
}

Zeile 228Zeile 233
			$invalid_recipients = implode(", ", array_map("htmlspecialchars_uni", $invalid_recipients));
$this->set_error("invalid_recipients", array($invalid_recipients));
return false;

			$invalid_recipients = implode(", ", array_map("htmlspecialchars_uni", $invalid_recipients));
$this->set_error("invalid_recipients", array($invalid_recipients));
return false;

		}

$sender_permissions = user_permissions($pm['fromid']);

		}

$sender_permissions = user_permissions($pm['fromid']);


// Are we trying to send this message to more users than the permissions allow?
if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true)
{
$this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));
}


// Are we trying to send this message to more users than the permissions allow?
if($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true)
{
$this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));
}





		// Now we're done with that we loop through each recipient
foreach($recipients as $user)
{
// Collect group permissions for this recipient.
$recipient_permissions = user_permissions($user['uid']);

		// Now we're done with that we loop through each recipient
foreach($recipients as $user)
{
// Collect group permissions for this recipient.
$recipient_permissions = user_permissions($user['uid']);

	



			// See if the sender is on the recipients ignore list and that either
// - admin_override is set or
// - sender is an administrator

			// See if the sender is on the recipients ignore list and that either
// - admin_override is set or
// - sender is an administrator

Zeile 254Zeile 259
				{
$this->set_error("recipient_is_ignoring", array($user['username']));
}

				{
$this->set_error("recipient_is_ignoring", array($user['username']));
}

				



				// Is the recipient only allowing private messages from their buddy list?
if($mybb->settings['allowbuddyonly'] == 1 && $user['receivefrombuddy'] == 1)
{

				// Is the recipient only allowing private messages from their buddy list?
if($mybb->settings['allowbuddyonly'] == 1 && $user['receivefrombuddy'] == 1)
{

Zeile 264Zeile 269
						$this->set_error("recipient_has_buddy_only", array(htmlspecialchars_uni($user['username'])));
}
}

						$this->set_error("recipient_has_buddy_only", array(htmlspecialchars_uni($user['username'])));
}
}

				



				// Can the recipient actually receive private messages based on their permissions or user setting?
if(($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && !$pm['saveasdraft'])
{
$this->set_error("recipient_pms_disabled", array($user['username']));
return false;

				// Can the recipient actually receive private messages based on their permissions or user setting?
if(($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && !$pm['saveasdraft'])
{
$this->set_error("recipient_pms_disabled", array($user['username']));
return false;

				}
}


				}
}


			// Check to see if the user has reached their private message quota - if they have, email them.
if($recipient_permissions['pmquota'] != "0" && $user['totalpms'] >= $recipient_permissions['pmquota'] && $recipient_permissions['cancp'] != 1 && $sender_permissions['cancp'] != 1 && !$pm['saveasdraft'] && !$this->admin_override)
{
if(trim($user['language']) != '' && $lang->language_exists($user['language']))
{
$uselang = trim($user['language']);

			// Check to see if the user has reached their private message quota - if they have, email them.
if($recipient_permissions['pmquota'] != "0" && $user['totalpms'] >= $recipient_permissions['pmquota'] && $recipient_permissions['cancp'] != 1 && $sender_permissions['cancp'] != 1 && !$pm['saveasdraft'] && !$this->admin_override)
{
if(trim($user['language']) != '' && $lang->language_exists($user['language']))
{
$uselang = trim($user['language']);

				}

				}

				elseif($mybb->settings['bblanguage'])
{
$uselang = $mybb->settings['bblanguage'];

				elseif($mybb->settings['bblanguage'])
{
$uselang = $mybb->settings['bblanguage'];

Zeile 292Zeile 297
				{
$emailsubject = $lang->emailsubject_reachedpmquota;
$emailmessage = $lang->email_reachedpmquota;

				{
$emailsubject = $lang->emailsubject_reachedpmquota;
$emailmessage = $lang->email_reachedpmquota;

				}

				}

				else
{
$userlang = new MyLanguage;

				else
{
$userlang = new MyLanguage;

Zeile 315Zeile 320

$db->insert_query("mailqueue", $new_email);
$cache->update_mailqueue();


$db->insert_query("mailqueue", $new_email);
$cache->update_mailqueue();

	



				if($this->admin_override != true)
{
$this->set_error("recipient_reached_quota", array($user['username']));
}
}

				if($this->admin_override != true)
{
$this->set_error("recipient_reached_quota", array($user['username']));
}
}

	



			// Everything looks good, assign some specifics about the recipient
$pm['recipients'][$user['uid']] = array(
"uid" => $user['uid'],

			// Everything looks good, assign some specifics about the recipient
$pm['recipients'][$user['uid']] = array(
"uid" => $user['uid'],

Zeile 332Zeile 337
				"pmnotify" => $user['pmnotify'],
"language" => $user['language']
);

				"pmnotify" => $user['pmnotify'],
"language" => $user['language']
);

			



			// If this recipient is defined as a BCC recipient, save it
if($user['bcc'] == 1)
{
$pm['recipients'][$user['uid']]['bcc'] = 1;

			// If this recipient is defined as a BCC recipient, save it
if($user['bcc'] == 1)
{
$pm['recipients'][$user['uid']]['bcc'] = 1;

			}
}
return true;
}

/**

			}
}
return true;
}

/**

	* Verify that the user is not flooding the system.
*
* @return boolean True

	* Verify that the user is not flooding the system.
*
* @return boolean True

Zeile 350Zeile 355
	function verify_pm_flooding()
{
global $mybb, $db;

	function verify_pm_flooding()
{
global $mybb, $db;





		$pm = &$this->data;

		$pm = &$this->data;

		



		// Check if post flooding is enabled within MyBB or if the admin override option is specified.
if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] != 0 && $this->admin_override == false)
{
// Fetch the senders profile data.
$sender = get_user($pm['fromid']);

		// Check if post flooding is enabled within MyBB or if the admin override option is specified.
if($mybb->settings['pmfloodsecs'] > 0 && $pm['fromid'] != 0 && $this->admin_override == false)
{
// Fetch the senders profile data.
$sender = get_user($pm['fromid']);

			



			// Calculate last post
$query = $db->simple_select("privatemessages", "dateline", "fromid='".$db->escape_string($pm['fromid'])."' AND toid != '0'", array('order_by' => 'dateline', 'order_dir' => 'desc', 'limit' => 1));
$sender['lastpm'] = $db->fetch_field($query, "dateline");

			// Calculate last post
$query = $db->simple_select("privatemessages", "dateline", "fromid='".$db->escape_string($pm['fromid'])."' AND toid != '0'", array('order_by' => 'dateline', 'order_dir' => 'desc', 'limit' => 1));
$sender['lastpm'] = $db->fetch_field($query, "dateline");

Zeile 400Zeile 405
		if(isset($options['readreceipt']) && $options['readreceipt'] == 1)
{
$options['readreceipt'] = 1;

		if(isset($options['readreceipt']) && $options['readreceipt'] == 1)
{
$options['readreceipt'] = 1;

		}
else

		}
else

		{
$options['readreceipt'] = 0;
}

		{
$options['readreceipt'] = 0;
}

Zeile 418Zeile 423
		global $plugins;

$pm = &$this->data;

		global $plugins;

$pm = &$this->data;

		



		if(!$pm['savedraft'])
{
$this->verify_pm_flooding();
}

		if(!$pm['savedraft'])
{
$this->verify_pm_flooding();
}





		// Verify all PM assets.
$this->verify_subject();

		// Verify all PM assets.
$this->verify_subject();





		$this->verify_sender();

		$this->verify_sender();





		$this->verify_recipient();

		$this->verify_recipient();

		



		$this->verify_message();

$this->verify_options();

		$this->verify_message();

$this->verify_options();

Zeile 510Zeile 515
				}
}
}

				}
}
}

		$recipient_list = serialize($recipient_list);

 

$this->pm_insert_data = array(
'fromid' => intval($pm['sender']['uid']),


$this->pm_insert_data = array(
'fromid' => intval($pm['sender']['uid']),

Zeile 524Zeile 528
			'smilieoff' => $pm['options']['disablesmilies'],
'receipt' => intval($pm['options']['readreceipt']),
'readtime' => 0,

			'smilieoff' => $pm['options']['disablesmilies'],
'receipt' => intval($pm['options']['readreceipt']),
'readtime' => 0,

			'recipients' => $db->escape_string($recipient_list)

			'recipients' => $db->escape_string(serialize($recipient_list))

		);

// Check if we're updating a draft or not.

		);

// Check if we're updating a draft or not.

Zeile 599Zeile 603
					$emailsubject = $userlang->emailsubject_newpm;
$emailmessage = $userlang->email_newpm;
}

					$emailsubject = $userlang->emailsubject_newpm;
$emailmessage = $userlang->email_newpm;
}

				



				if(!$pm['sender']['username'])
{
$pm['sender']['username'] = $lang->mybb_engine;
}

				if(!$pm['sender']['username'])
{
$pm['sender']['username'] = $lang->mybb_engine;
}

				



				$emailmessage = $lang->sprintf($emailmessage, $recipient['username'], $pm['sender']['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
$emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname']);

				$emailmessage = $lang->sprintf($emailmessage, $recipient['username'], $pm['sender']['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
$emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname']);

				



				$new_email = array(
"mailto" => $db->escape_string($recipient['email']),
"mailfrom" => '',

				$new_email = array(
"mailto" => $db->escape_string($recipient['email']),
"mailfrom" => '',