Vergleich private.php - 1.8.12 - 1.8.26

	error_no_permission();
}

	error_no_permission();
}

$folder_id = $folder_name = '';

$foldernames = array();

$folder_id = $folder_name = '';

$foldernames = array();

	$folder_name = $folderinfo[1];

	eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");

	$folder_name = $folderinfo[1];

	eval("\$folderjump_folder .= \"".$templates->get("private_jump_folders_folder")."\";");

}

}

eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
eval("\$folderoplist = \"".$templates->get("private_move")."\";");

eval("\$folderjump = \"".$templates->get("private_jump_folders")."\";");
eval("\$folderoplist = \"".$templates->get("private_move")."\";");

	case "results":
		add_breadcrumb($lang->nav_results);
		break;

	case "results":
		add_breadcrumb($lang->nav_results);
		break;

if(!empty($mybb->input['preview']))
{

if(!empty($mybb->input['preview']))
{

		"sender" => $mybb->get_input('sender'),
		"status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
		"folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)

		"sender" => $mybb->get_input('sender'),
		"status" => $mybb->get_input('status', MyBB::INPUT_ARRAY),
		"folder" => $mybb->get_input('folder', MyBB::INPUT_ARRAY)

	if($db->can_search == true)
	{
		require_once MYBB_ROOT."inc/functions_search.php";

	if($db->can_search == true)
	{
		require_once MYBB_ROOT."inc/functions_search.php";

	$plugins->run_hooks("private_do_search_process");

	$db->insert_query("searchlog", $searcharray);

	$plugins->run_hooks("private_do_search_process");

	$db->insert_query("searchlog", $searcharray);

	// Sender sort won't work yet
	$sortby = array('subject', 'sender', 'dateline');

	if(in_array($mybb->get_input('sort'), $sortby))
	{
		$sortby = $mybb->get_input('sort');

	// Sender sort won't work yet
	$sortby = array('subject', 'sender', 'dateline');

	if(in_array($mybb->get_input('sort'), $sortby))
	{
		$sortby = $mybb->get_input('sort');

	{
		$sortby = "dateline";
	}

	{
		$sortby = "dateline";
	}

	{
		$mybb->settings['threadsperpage'] = 20;
	}

	{
		$mybb->settings['threadsperpage'] = 20;
	}

	// Work out pagination, which page we're at, as well as the limits.
	$perpage = $mybb->settings['threadsperpage'];

	// Work out pagination, which page we're at, as well as the limits.
	$perpage = $mybb->settings['threadsperpage'];

	if($page > 0)
	{
		$start = ($page-1) * $perpage;

	if($page > 0)
	{
		$start = ($page-1) * $perpage;

	else
	{
		$start = 0;
		$page = 1;

	else
	{
		$start = 0;
		$page = 1;

	$end = $start + $perpage;
	$lower = $start+1;
	$upper = $end;

	$end = $start + $perpage;
	$lower = $start+1;
	$upper = $end;

	// Work out if we have terms to highlight
	$highlight = "";
	if($search['keywords'])

	// Work out if we have terms to highlight
	$highlight = "";
	if($search['keywords'])

		$highlight = "&highlight=".urlencode($search['keywords']);

		$highlight = "&highlight=".urlencode($search['keywords']);

	if($upper > $pmscount)
	{
		$upper = $pmscount;
	}

	if($upper > $pmscount)
	{
		$upper = $pmscount;
	}

	$messagelist = '';

	$messagelist = '';

	$icon_cache = $cache->read("posticons");

	// Cache users in multiple recipients for sent & drafts folder

	$icon_cache = $cache->read("posticons");

	// Cache users in multiple recipients for sent & drafts folder

	$cached_users = $get_users = array();
	$users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
	while($row = $db->fetch_array($users_query))

	$cached_users = $get_users = array();
	$users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
	while($row = $db->fetch_array($users_query))

		$recipients = my_unserialize($row['recipients']);
		if(is_array($recipients['to']) && count($recipients['to']))

		$recipients = my_unserialize($row['recipients']);
		if(is_array($recipients['to']) && count($recipients['to']))

			$get_users = array_merge($get_users, $recipients['to']);

			$get_users = array_merge($get_users, $recipients['to']);

		if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
		{

		if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
		{

	{
		$users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
		while($user = $db->fetch_array($users_query))

	{
		$users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
		while($user = $db->fetch_array($users_query))

			$cached_users[$user['uid']] = $user;
		}
	}

			$cached_users[$user['uid']] = $user;
		}
	}

		{
			$msgstatus = 'fw_pm';
			$msgalt = $lang->fwd_pm;

		{
			$msgstatus = 'fw_pm';
			$msgalt = $lang->fwd_pm;

		$folder = $message['folder'];

		$folder = $message['folder'];

					$user['username'] = htmlspecialchars_uni($user['username']);
					$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
					eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");

					$user['username'] = htmlspecialchars_uni($user['username']);
					$username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
					eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");

				if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
				{
					eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");

				if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
				{
					eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");

			{
				$tofromusername = htmlspecialchars_uni($message['tousername']);
				$tofromuid = $message['toid'];

			{
				$tofromusername = htmlspecialchars_uni($message['tousername']);
				$tofromuid = $message['toid'];

			else
			{
				$tofromusername = $lang->not_sent;

			else
			{
				$tofromusername = $lang->not_sent;

		else
		{
			$tofromusername = htmlspecialchars_uni($message['fromusername']);

		else
		{
			$tofromusername = htmlspecialchars_uni($message['fromusername']);

				$tofromusername = $lang->mybb_engine;
			}
		}

				$tofromusername = $lang->mybb_engine;
			}
		}

		$tofromusername = build_profile_link($tofromusername, $tofromuid);

		$denyreceipt = '';

		$tofromusername = build_profile_link($tofromusername, $tofromuid);

		$denyreceipt = '';

		if($message['icon'] > 0 && $icon_cache[$message['icon']])
		{
			$icon = $icon_cache[$message['icon']];

		if($message['icon'] > 0 && $icon_cache[$message['icon']])
		{
			$icon = $icon_cache[$message['icon']];

			$senddate = $lang->not_sent;
		}

			$senddate = $lang->not_sent;
		}

		// What we do here is parse the post using our post parser, then strip the tags from it
		$parser_options = array(

		// What we do here is parse the post using our post parser, then strip the tags from it
		$parser_options = array(

	// Attempt to see if this PM is a duplicate or not
	$to = array_map("trim", explode(",", $mybb->get_input('to')));

	// Attempt to see if this PM is a duplicate or not
	$to = array_map("trim", explode(",", $mybb->get_input('to')));

	$to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
	$time_cutoff = TIME_NOW - (5 * 60 * 60);
	$query = $db->query("

	$to_escaped = implode("','", array_map(array($db, 'escape_string'), array_map('my_strtolower', $to)));
	$time_cutoff = TIME_NOW - (5 * 60 * 60);
	$query = $db->query("

		{
			$optionschecked['readreceipt'] = 'checked="checked"';
		}

		{
			$optionschecked['readreceipt'] = 'checked="checked"';
		}

	}

	$preview = '';

	}

	$preview = '';

	if($send_errors)
	{

	if($send_errors)
	{

	}

	// Load the auto complete javascript if it is enabled.

	}

	// Load the auto complete javascript if it is enabled.

		$bcc_recipients = implode(', ', $bcc_recipients);
		$bcc_form_val = implode(',', $bcc_form_val);
		eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");

		$bcc_recipients = implode(', ', $bcc_recipients);
		$bcc_form_val = implode(',', $bcc_form_val);
		eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");

	else

	else

		$bcc_form_val = '';
	}

		$bcc_form_val = '';
	}

	if(count($to_recipients) > 1)
	{
		$replyall = true;

	if(count($to_recipients) > 1)
	{
		$replyall = true;

	if(count($to_recipients) > 0)
	{

	if(count($to_recipients) > 0)
	{

			$optionschecked['signature'] = 'checked="checked"';
		}
		if($mybb->usergroup['cantrackpms'] == 1)

			$optionschecked['signature'] = 'checked="checked"';
		}
		if($mybb->usergroup['cantrackpms'] == 1)

			$optionschecked['readreceipt'] = 'checked="checked"';
		}

			$optionschecked['readreceipt'] = 'checked="checked"';
		}

		}

		$subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);

		}

		$subject = preg_replace("#(FW|RE):( *)#is", '', $pm['subject']);

		if($mybb->user['uid'] == $pm['fromid'])

		if($mybb->user['uid'] == $pm['fromid'])

			$to = htmlspecialchars_uni($mybb->user['username']);
		}
		else
		{
			$query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
			$to = htmlspecialchars_uni($db->fetch_field($query, 'username'));

			$to = htmlspecialchars_uni($mybb->user['username']);
		}
		else
		{
			$query = $db->simple_select('users', 'username', "uid='{$pm['fromid']}'");
			$to = htmlspecialchars_uni($db->fetch_field($query, 'username'));

		$private_send_tracking = '';
		if($mybb->usergroup['cantrackpms'])

		$private_send_tracking = '';
		if($mybb->usergroup['cantrackpms'])

			eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
		}

			eval("\$private_send_tracking = \"".$templates->get("private_send_tracking")."\";");
		}

		eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
	}

		eval("\$quickreply = \"".$templates->get("private_quickreply")."\";");
	}

		$fid = $folderinfo[0];
		$foldername = get_pm_folder_name($fid, $foldername);

		$fid = $folderinfo[0];
		$foldername = get_pm_folder_name($fid, $foldername);

		{
			$foldername2 = get_pm_folder_name($fid);
			eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");

		{
			$foldername2 = get_pm_folder_name($fid);
			eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");

				$fid = (int)$key;
				// Use default language strings if empty or value is language string

				$fid = (int)$key;
				// Use default language strings if empty or value is language string

				{

				{

				}
			}

				}
			}

			{
				// If the name only contains whitespace and it's not a default folder, print an error
				error($lang->error_emptypmfoldername);
			}

			{
				// If the name only contains whitespace and it's not a default folder, print an error
				error($lang->error_emptypmfoldername);
			}

			{
				// If there is a name or if this is a default folder, save it
				$foldername = $db->escape_string(htmlspecialchars_uni($val));

			{
				// If there is a name or if this is a default folder, save it
				$foldername = $db->escape_string(htmlspecialchars_uni($val));

	if($mybb->user['totalpms'] == 0)
	{
		error($lang->error_nopms);

	if($mybb->user['totalpms'] == 0)
	{
		error($lang->error_nopms);

	$plugins->run_hooks("private_empty_start");

	$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);

	$plugins->run_hooks("private_empty_start");

	$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);

	foreach($foldersexploded as $key => $folders)
	{
		$folderinfo = explode("**", $folders, 2);
		$fid = $folderinfo[0];

	foreach($foldersexploded as $key => $folders)
	{
		$folderinfo = explode("**", $folders, 2);
		$fid = $folderinfo[0];

		$thing = $db->fetch_array($query);
		$foldercount = my_number_format($thing['pmsinfolder']);
		eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");

		$thing = $db->fetch_array($query);
		$foldercount = my_number_format($thing['pmsinfolder']);
		eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");

	}
	elseif(!empty($mybb->input['moveto']))
	{

	}
	elseif(!empty($mybb->input['moveto']))
	{

		{

		{

			{

			{

			}
		}

			}
		}

		if(!empty($mybb->input['fromfid']))
		{

		if(!empty($mybb->input['fromfid']))
		{

		else
		{
			$senddate = $lang->not_sent;

		else
		{
			$senddate = $lang->not_sent;

		if($mybb->input['exporttype'] == "html")
		{

		if($mybb->input['exporttype'] == "html")
		{

		// Gather global stylesheet for HTML
		$query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
		$css = $db->fetch_field($query, "stylesheet");

		// Gather global stylesheet for HTML
		$query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
		$css = $db->fetch_field($query, "stylesheet");

	$plugins->run_hooks("private_do_export_end");

	$plugins->run_hooks("private_do_export_end");

	if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
	{

	if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
	{

	}

	}

	if($folder == 2 || $folder == 3)
	{ // Sent Items Folder

	if($folder == 2 || $folder == 3)
	{ // Sent Items Folder

	eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");

	// Do Multi Pages

	eval("\$orderarrow['$sortby'] = \"".$templates->get("private_orderarrow")."\";");

	// Do Multi Pages

	if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
	{
		$mybb->settings['threadsperpage'] = 20;

	if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
	{
		$mybb->settings['threadsperpage'] = 20;

	$perpage = $mybb->settings['threadsperpage'];
	$page = $mybb->get_input('page', MyBB::INPUT_INT);

	if($page > 0)
	{
		$start = ($page-1) *$perpage;

	$perpage = $mybb->settings['threadsperpage'];
	$page = $mybb->get_input('page', MyBB::INPUT_INT);

	if($page > 0)
	{
		$start = ($page-1) *$perpage;

	}
	else
	{
		$start = 0;
		$page = 1;

	}
	else
	{
		$start = 0;
		$page = 1;

	$end = $start + $perpage;
	$lower = $start+1;

	$end = $start + $perpage;
	$lower = $start+1;

	}

	if($mybb->input['order'] || ($sortby && $sortby != "dateline"))

	}

	if($mybb->input['order'] || ($sortby && $sortby != "dateline"))

	// Cache users in multiple recipients for sent & drafts folder
	if($folder == 2 || $folder == 3)

	// Cache users in multiple recipients for sent & drafts folder
	if($folder == 2 || $folder == 3)

			if(is_array($recipients['to']) && count($recipients['to']))
			{
				$get_users = array_merge($get_users, $recipients['to']);

			if(is_array($recipients['to']) && count($recipients['to']))
			{
				$get_users = array_merge($get_users, $recipients['to']);

			if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
			{
				$get_users = array_merge($get_users, $recipients['bcc']);

			if(isset($recipients['bcc']) && is_array($recipients['bcc']) && count($recipients['bcc']))
			{
				$get_users = array_merge($get_users, $recipients['bcc']);

		// Grab info
		if($get_users)
		{

		// Grab info
		if($get_users)
		{

	}
	else
	{

	}
	else
	{

		if($sortfield == "username")
		{
			$pm = "fu.";

		if($sortfield == "username")
		{
			$pm = "fu.";

		FROM ".TABLE_PREFIX."privatemessages pm
		LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
		LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)

		FROM ".TABLE_PREFIX."privatemessages pm
		LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
		LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)

		ORDER BY {$pm}{$sortfield} {$sortordernow}
		LIMIT $start, $perpage
	");

		ORDER BY {$pm}{$sortfield} {$sortordernow}
		LIMIT $start, $perpage
	");

			{ // Sent Items or Drafts Folder Check
				$recipients = my_unserialize($message['recipients']);
				$to_users = $bcc_users = '';

			{ // Sent Items or Drafts Folder Check
				$recipients = my_unserialize($message['recipients']);
				$to_users = $bcc_users = '';

				{
					foreach($recipients['to'] as $uid)
					{

				{
					foreach($recipients['to'] as $uid)
					{

	}

	$pmspacebar = '';

	}

	$pmspacebar = '';

	{
		$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
		$pmscount = $db->fetch_array($query);

	{
		$query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
		$pmscount = $db->fetch_array($query);

	}

	$limitwarning = '';

	}

	$limitwarning = '';

	{
		eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
	}

	{
		eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
	}