| Zeile 6 | Zeile 6 |
|---|
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
|
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
|
* $Id: private.php 5665 2011-11-29 09:15:30Z Tomm $
| * $Id$
|
*/
define("IN_MYBB", 1);
| */
define("IN_MYBB", 1);
|
| Zeile 14 | Zeile 14 |
|---|
define('THIS_SCRIPT', 'private.php');
$templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";
|
define('THIS_SCRIPT', 'private.php');
$templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";
|
$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav_changename,usercp_nav,private_empty_folder,private_empty,posticons";
$templatelist .= "usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_nav_messenger,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button";
$templatelist .= ",private_messagebit,codebuttons,smilieinsert,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to, postbit_online,postbit_find,postbit_pm, postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm,postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages";
| $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_empty,private_archive_txt,private_archive_csv,private_archive_html";
$templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button";
$templatelist .= ",private_messagebit,codebuttons,smilieinsert,smilieinsert_getmore,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to,postbit_online,postbit_find,postbit_pm,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm";
$templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients";
$templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc";
$templatelist .= ",private_archive,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_gotopost,usercp_nav_messenger_tracking,multipage_prevpage";
|
require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";
|
require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";
|
| Zeile 248 | Zeile 251 |
|---|
$plugins->run_hooks("private_results_start");
// Decide on our sorting fields and sorting order.
|
$plugins->run_hooks("private_results_start");
// Decide on our sorting fields and sorting order.
|
$order = my_strtolower(htmlspecialchars($mybb->input['order']));
$sortby = my_strtolower(htmlspecialchars($mybb->input['sortby']));
| $order = my_strtolower(htmlspecialchars_uni($mybb->input['order']));
$sortby = my_strtolower(htmlspecialchars_uni($mybb->input['sortby']));
|
$sortby_accepted = array('subject', 'username', 'dateline');
|
$sortby_accepted = array('subject', 'username', 'dateline');
|
| Zeile 469 | Zeile 472 |
|---|
$senddate = $lang->not_sent;
}
|
$senddate = $lang->not_sent;
}
|
$foldername = htmlspecialchars_uni($foldernames[$message['folder']]);
| $foldername = $foldernames[$message['folder']];
|
// What we do here is parse the post using our post parser, then strip the tags from it
$parser_options = array(
|
// What we do here is parse the post using our post parser, then strip the tags from it
$parser_options = array(
|
| Zeile 484 | Zeile 487 |
|---|
{
$message['message'] = my_substr($message['message'], 0, 200)."...";
}
|
{
$message['message'] = my_substr($message['message'], 0, 200)."...";
}
|
// For my sanity...
$message['message'] = htmlspecialchars_uni($message['message']);
| |
eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
}
|
eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
}
|
| Zeile 530 | Zeile 530 |
|---|
if($mybb->input['ajax'])
{
echo 1;
|
if($mybb->input['ajax'])
{
echo 1;
|
exit;
| exit;
|
}
else
|
}
else
|
{
| {
|
header("Location: index.php");
exit;
|
header("Location: index.php");
exit;
|
}
| }
|
}
$send_errors = '';
| }
$send_errors = '';
|
| Zeile 547 | Zeile 547 |
|---|
{
error_no_permission();
}
|
{
error_no_permission();
}
|
|
|
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
$plugins->run_hooks("private_send_do_send");
|
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
$plugins->run_hooks("private_send_do_send");
|
|
|
// Attempt to see if this PM is a duplicate or not
$time_cutoff = TIME_NOW - (5 * 60 * 60);
$query = $db->query("
| // Attempt to see if this PM is a duplicate or not
$time_cutoff = TIME_NOW - (5 * 60 * 60);
$query = $db->query("
|
| Zeile 586 | Zeile 586 |
|---|
{
$pm['bcc'] = explode(",", $mybb->input['bcc']);
$pm['bcc'] = array_map("trim", $pm['bcc']);
|
{
$pm['bcc'] = explode(",", $mybb->input['bcc']);
$pm['bcc'] = array_map("trim", $pm['bcc']);
|
| | }
if(!$mybb->usergroup['cantrackpms'])
{
$mybb->input['options']['readreceipt'] = false;
|
}
$pm['options'] = array(
| }
$pm['options'] = array(
|
| Zeile 596 | Zeile 601 |
|---|
);
if($mybb->input['saveasdraft'])
|
);
if($mybb->input['saveasdraft'])
|
{
| {
|
$pm['saveasdraft'] = 1;
}
$pmhandler->set_data($pm);
| $pm['saveasdraft'] = 1;
}
$pmhandler->set_data($pm);
|
| Zeile 618 | Zeile 623 |
|---|
redirect("private.php", $lang->redirect_pmsaved);
}
else
|
redirect("private.php", $lang->redirect_pmsaved);
}
else
|
{
| {
|
redirect("private.php", $lang->redirect_pmsent);
}
}
| redirect("private.php", $lang->redirect_pmsent);
}
}
|
| Zeile 647 | Zeile 652 |
|---|
$lang->post_icon = $lang->message_icon;
$posticons = get_post_icons();
|
$lang->post_icon = $lang->message_icon;
$posticons = get_post_icons();
|
$previewmessage = $mybb->input['message'];
$message = htmlspecialchars_uni($mybb->input['message']);
$subject = $previewsubject = htmlspecialchars_uni($mybb->input['subject']);
| $message = htmlspecialchars_uni($parser->parse_badwords($mybb->input['message']));
$subject = htmlspecialchars_uni($parser->parse_badwords($mybb->input['subject']));
|
if($mybb->input['preview'] || $send_errors)
{
|
if($mybb->input['preview'] || $send_errors)
{
|
| Zeile 665 | Zeile 669 |
|---|
if($options['savecopy'] != 0)
{
$optionschecked['savecopy'] = 'checked="checked"';
|
if($options['savecopy'] != 0)
{
$optionschecked['savecopy'] = 'checked="checked"';
|
}
| }
|
if($options['readreceipt'] != 0)
{
$optionschecked['readreceipt'] = 'checked="checked"';
| if($options['readreceipt'] != 0)
{
$optionschecked['readreceipt'] = 'checked="checked"';
|
| Zeile 689 | Zeile 693 |
|---|
$post['userusername'] = $mybb->user['username'];
$post['postusername'] = $mybb->user['username'];
|
$post['userusername'] = $mybb->user['username'];
$post['postusername'] = $mybb->user['username'];
|
$post['message'] = $previewmessage;
$post['subject'] = $previewsubject;
| $post['message'] = $mybb->input['message'];
$post['subject'] = htmlspecialchars_uni($mybb->input['subject']);
|
$post['icon'] = $mybb->input['icon'];
$post['smilieoff'] = $options['disablesmilies'];
$post['dateline'] = TIME_NOW;
| $post['icon'] = $mybb->input['icon'];
$post['smilieoff'] = $options['disablesmilies'];
$post['dateline'] = TIME_NOW;
|
| Zeile 733 | Zeile 737 |
|---|
if($mybb->usergroup['cantrackpms'] == 1)
{
$optionschecked['readreceipt'] = 'checked="checked"';
|
if($mybb->usergroup['cantrackpms'] == 1)
{
$optionschecked['readreceipt'] = 'checked="checked"';
|
}
| }
|
$optionschecked['savecopy'] = 'checked="checked"';
}
| $optionschecked['savecopy'] = 'checked="checked"';
}
|
| Zeile 744 | Zeile 748 |
|---|
SELECT pm.*, u.username AS quotename
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
|
SELECT pm.*, u.username AS quotename
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
|
WHERE pm.pmid='".intval($mybb->input['pmid'])."' AND pm.uid='".$mybb->user['uid']."'
| WHERE pm.pmid='{$mybb->input['pmid']}' AND pm.uid='{$mybb->user['uid']}'
|
");
|
");
|
| |
|
$pm = $db->fetch_array($query);
|
$pm = $db->fetch_array($query);
|
$message = htmlspecialchars_uni($pm['message']);
$subject = htmlspecialchars_uni($pm['subject']);
| $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
$subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
|
if($pm['folder'] == "3")
|
if($pm['folder'] == "3")
|
{ // message saved in drafts
| {
// message saved in drafts
|
$mybb->input['uid'] = $pm['toid'];
if($pm['includesig'] == 1)
| $mybb->input['uid'] = $pm['toid'];
if($pm['includesig'] == 1)
|
| Zeile 808 | Zeile 813 |
|---|
}
}
else
|
}
}
else
|
{ // forward/reply
| {
// forward/reply
|
$subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
$postdate = my_date($mybb->settings['dateformat'], $pm['dateline']);
$posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);
| $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
$postdate = my_date($mybb->settings['dateformat'], $pm['dateline']);
$posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);
|
| Zeile 826 | Zeile 832 |
|---|
if($mybb->user['uid'] == $uid)
{
$to = $mybb->user['username'];
|
if($mybb->user['uid'] == $uid)
{
$to = $mybb->user['username'];
|
}
| }
|
else
{
$query = $db->simple_select('users', 'username', "uid='{$uid}'");
| else
{
$query = $db->simple_select('users', 'username', "uid='{$uid}'");
|
| Zeile 848 | Zeile 854 |
|---|
if($recipient == $mybb->user['uid'])
{
continue;
|
if($recipient == $mybb->user['uid'])
{
continue;
|
}
| }
|
$recipientids .= ','.$recipient;
}
}
| $recipientids .= ','.$recipient;
}
}
|
| Zeile 856 | Zeile 862 |
|---|
$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
while($user = $db->fetch_array($query))
{
|
$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
while($user = $db->fetch_array($query))
{
|
$to .= $comma.htmlspecialchars($user['username']);
| $to .= $comma.htmlspecialchars_uni($user['username']);
|
$comma = $lang->comma;
}
}
| $comma = $lang->comma;
}
}
|
| Zeile 900 | Zeile 906 |
|---|
$buddy_select = 'bcc';
eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
}
|
$buddy_select = 'bcc';
eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
}
|
| |
// Hide tracking option if no permission
$private_send = $templates->get("private_send");
$tracking = '';
if($mybb->usergroup['cantrackpms'])
{
$tracking = $templates->get("private_send_tracking");
}
eval("\$private_send_tracking = \"".$tracking."\";");
// Hide signature option if no permission
$option_signature = '';
if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature'])
{
$option_signature = $templates->get('private_send_signature');
}
eval("\$private_send_signature = \"".$option_signature."\";");
|
$plugins->run_hooks("private_send_end");
|
$plugins->run_hooks("private_send_end");
|
eval("\$send = \"".$templates->get("private_send")."\";");
| eval("\$send = \"".$private_send."\";");
|
output_page($send);
}
|
output_page($send);
}
|
| |
if($mybb->input['action'] == "read")
{
|
if($mybb->input['action'] == "read")
{
|
| Zeile 1001 | Zeile 1023 |
|---|
{
$reply_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
$actioned_on = $lang->sprintf($lang->you_replied_on, $reply_date);
|
{
$reply_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
$actioned_on = $lang->sprintf($lang->you_replied_on, $reply_date);
|
}
eval("\$action_time = \"".$templates->get("private_read_action")."\";");
}
| }
eval("\$action_time = \"".$templates->get("private_read_action")."\";");
}
|
else if($pm['status'] == 4 && $pm['statustime'])
{
$forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']);
if(strpos($forward_date, $lang->today) !== false || strpos($forward_date, $lang->yesterday) !== false)
|
else if($pm['status'] == 4 && $pm['statustime'])
{
$forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']);
if(strpos($forward_date, $lang->today) !== false || strpos($forward_date, $lang->yesterday) !== false)
|
{
| {
|
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
$actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);
|
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
$actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);
|
}
| }
|
else
{
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
| else
{
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
|
| Zeile 1025 | Zeile 1047 |
|---|
$pm['userusername'] = $pm['username'];
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
|
$pm['userusername'] = $pm['username'];
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
|
| |
|
if($pm['fromid'] == 0)
|
if($pm['fromid'] == 0)
|
{
| {
|
$pm['username'] = $lang->mybb_engine;
}
| $pm['username'] = $lang->mybb_engine;
}
|
| Zeile 1108 | Zeile 1131 |
|---|
if($mybb->input['action'] == "tracking")
{
|
if($mybb->input['action'] == "tracking")
{
|
| | if(!$mybb->usergroup['cantrackpms'])
{
error_no_permission();
}
|
$plugins->run_hooks("private_tracking_start");
$readmessages = '';
$unreadmessages = '';
// Figure out if we need to display multiple pages.
$perpage = $mybb->settings['postsperpage'];
|
$plugins->run_hooks("private_tracking_start");
$readmessages = '';
$unreadmessages = '';
// Figure out if we need to display multiple pages.
$perpage = $mybb->settings['postsperpage'];
|
|
|
$query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "readpms");
$page = intval($mybb->input['read_page']);
|
$query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3' AND status!='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "readpms");
$page = intval($mybb->input['read_page']);
|
$pages = $postcount / $perpage;
$pages = ceil($pages);
if($mybb->input['page'] == "last")
{
$page = $pages;
}
if($page > $pages || $page <= 0)
{
$page = 1;
}
if($page)
{
$start = ($page-1) * $perpage;
}
else
| $pages = $postcount / $perpage;
$pages = ceil($pages);
if($mybb->input['page'] == "last")
{
$page = $pages;
}
if($page > $pages || $page <= 0)
{
$page = 1;
}
if($page)
{
$start = ($page-1) * $perpage;
}
else
|
{
$start = 0;
$page = 1;
| {
$start = 0;
$page = 1;
|
| Zeile 1158 | Zeile 1186 |
|---|
$readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
$readdate = my_date($mybb->settings['dateformat'], $readmessage['readtime']);
$readtime = my_date($mybb->settings['timeformat'], $readmessage['readtime']);
|
$readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
$readdate = my_date($mybb->settings['dateformat'], $readmessage['readtime']);
$readtime = my_date($mybb->settings['timeformat'], $readmessage['readtime']);
|
eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
}
| eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
}
|
if(!$readmessages)
{
eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
|
if(!$readmessages)
{
eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
|
}
| }
|
$query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "unreadpms");
| $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
$postcount = $db->fetch_field($query, "unreadpms");
|
| Zeile 1179 | Zeile 1207 |
|---|
}
if($page > $pages || $page <= 0)
|
}
if($page > $pages || $page <= 0)
|
{
$page = 1;
| {
$page = 1;
|
}
if($page)
{
$start = ($page-1) * $perpage;
|
}
if($page)
{
$start = ($page-1) * $perpage;
|
}
| }
|
else
{
$start = 0;
| else
{
$start = 0;
|
| Zeile 1202 | Zeile 1230 |
|---|
WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
ORDER BY pm.dateline DESC
LIMIT {$start}, {$perpage}
|
WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
ORDER BY pm.dateline DESC
LIMIT {$start}, {$perpage}
|
");
| ");
|
while($unreadmessage = $db->fetch_array($query))
{
$unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
| while($unreadmessage = $db->fetch_array($query))
{
$unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
|
| Zeile 1554 | Zeile 1582 |
|---|
{
$key = intval($key);
if($deletepms[$key])
|
{
$key = intval($key);
if($deletepms[$key])
|
{
| {
|
$db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
}
else
| $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
}
else
|
| Zeile 1853 | Zeile 1881 |
|---|
eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
$ids .= ",'{$message['pmid']}'";
}
|
eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
$ids .= ",'{$message['pmid']}'";
}
|
$query = $db->simple_select("themestylesheets", "stylesheet", "sid=1", array('limit' => 1));
$css = $db->fetch_field($query, "stylesheet");
|
if($mybb->input['exporttype'] == "html")
{
// Gather global stylesheet for HTML
$query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
$css = $db->fetch_field($query, "stylesheet");
}
|
$plugins->run_hooks("private_do_export_end");
eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
| $plugins->run_hooks("private_do_export_end");
eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
|
| Zeile 1865 | Zeile 1897 |
|---|
$db->delete_query("privatemessages", "pmid IN ('0'$ids)");
// Update PM count
update_pm_count();
|
$db->delete_query("privatemessages", "pmid IN ('0'$ids)");
// Update PM count
update_pm_count();
|
}
if($mybb->input['exporttype'] == "html")
{
| }
if($mybb->input['exporttype'] == "html")
{
|
$filename = "pm-archive.html";
$contenttype = "text/html";
}
| $filename = "pm-archive.html";
$contenttype = "text/html";
}
|
| Zeile 1881 | Zeile 1913 |
|---|
{
$filename = "pm-archive.txt";
$contenttype = "text/plain";
|
{
$filename = "pm-archive.txt";
$contenttype = "text/plain";
|
}
| }
|
$archived = str_replace("\\\'","'",$archived);
header("Content-disposition: filename=$filename");
header("Content-type: ".$contenttype);
if($mybb->input['exporttype'] == "html")
|
$archived = str_replace("\\\'","'",$archived);
header("Content-disposition: filename=$filename");
header("Content-type: ".$contenttype);
if($mybb->input['exporttype'] == "html")
|
{
| {
|
output_page($archived);
}
else
{
echo $archived;
|
output_page($archived);
}
else
{
echo $archived;
|
}
| }
|
}
if(!$mybb->input['action'])
| }
if(!$mybb->input['action'])
|
| Zeile 1907 | Zeile 1939 |
|---|
}
$folder = $mybb->input['fid'];
|
}
$folder = $mybb->input['fid'];
|
$foldername = htmlspecialchars_uni($foldernames[$folder]);
| $foldername = $foldernames[$folder];
|
$lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername);
if($folder == 2 || $folder == 3)
|
$lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername);
if($folder == 2 || $folder == 3)
|