Hackforums.net UserCP Source code - Old and useless

1. <?php
2. /**
3. * MyBB 1.6
4. * Copyright 2010 MyBB Group, All Rights Reserved
5. *
6. * Website: http://mybb.com
7. * License: http://mybb.com/about/license
8. *
9. * $Id$
10. */
11.  
12. define("IN_MYBB", 1);
13. define('THIS_SCRIPT', 'usercp.php');
14.  
15. $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_email,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum";
16. $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups";
17. $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation";
18. $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none";
19. $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_options";
20. $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove";
21. $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_gallery_avatar,usercp_avatar_gallery_blankblock,usercp_avatar_gallery_noavatars,usercp_avatar_gallery,usercp_avatar_current";
22. $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_drafts_none,usercp_drafts_submit,usercp_drafts,usercp_usergroups_joingroup,usercp_attachments_none";
23. $templatelist .= ",usercp_warnings_warning,usercp_warnings,usercp_latest_subscribed_threads,usercp_latest_subscribed,usercp_nav_messenger_tracking,multipage_prevpage,multipage_start,multipage_end";
24. $templatelist .= ",multipage_nextpage,multipage,multipage_page_current,codebuttons,smilieinsert_getmore,smilieinsert";
25.  
26. require_once "./global.php";
27. require_once MYBB_ROOT."inc/functions_post.php";
28. require_once MYBB_ROOT."inc/functions_user.php";
29. require_once MYBB_ROOT."inc/class_parser.php";
30. $parser = new postParser;
31.  
32. // Load global language phrases
33. $lang->load("usercp");
34.  
35. if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0)
36. {
37. error_no_permission();
38. }
39.  
40. if(!$mybb->user['pmfolders'])
41. {
42. $mybb->user['pmfolders'] = "1**".$lang->folder_inbox."$%%$2**".$lang->folder_sent_items."$%%$3**".$lang->folder_drafts."$%%$4**".$lang->folder_trash;
43. $db->update_query("users", array('pmfolders' => $mybb->user['pmfolders']), "uid='".$mybb->user['uid']."'");
44. }
45.  
46. $errors = '';
47.  
48. if(!isset($mybb->input['action']))
49. {
50. $mybb->input['action'] = '';
51. }
52.  
53. $collapse_options = array('usercppms', 'usercpprofile', 'usercpmisc');
54. foreach($collapse_options as $option)
55. {
56. if(!isset($collapsedimg[$option]))
57. {
58. $collapsedimg[$option] = '';
59. }
60. if(!isset($collapsed[$option.'_e']))
61. {
62. $collapsed[$option.'_e'] = '';
63. }
64. }
65.  
66. usercp_menu();
67.  
68. $plugins->run_hooks("usercp_start");
69. if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
70. {
71. $parser_options = array(
72. 'allow_html' => $mybb->settings['sightml'],
73. 'filter_badwords' => 1,
74. 'allow_mycode' => $mybb->settings['sigmycode'],
75. 'allow_smilies' => $mybb->settings['sigsmilies'],
76. 'allow_imgcode' => $mybb->settings['sigimgcode'],
77. "filter_badwords" => 1
78. );
79. $parsed_sig = $parser->parse_message($mybb->input['signature'], $parser_options);
80. if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&
81. substr_count($parsed_sig, "<img") > 0) ||
82. (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) &&
83. substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages'])
84. )
85. {
86. if($mybb->settings['sigimgcode'] == 1)
87. {
88. $imgsallowed = $mybb->settings['maxsigimages'];
89. }
90. else
91. {
92. $imgsallowed = 0;
93. }
94. $lang->too_many_sig_images2 = $lang->sprintf($lang->too_many_sig_images2, $imgsallowed);
95. $error = inline_error($lang->too_many_sig_images." ".$lang->too_many_sig_images2);
96. $mybb->input['preview'] = 1;
97. }
98. else if($mybb->settings['siglength'] > 0)
99. {
100. if($mybb->settings['sigcountmycode'] == 0)
101. {
102. $parsed_sig = $parser->text_parse_message($mybb->input['signature']);
103. }
104. else
105. {
106. $parsed_sig = $mybb->input['signature'];
107. }
108. $parsed_sig = preg_replace("#\s#", "", $parsed_sig);
109. $sig_length = my_strlen($parsed_sig);
110. if($sig_length > $mybb->settings['siglength'])
111. {
112. $lang->sig_too_long = $lang->sprintf($lang->sig_too_long, $mybb->settings['siglength']);
113. if($sig_length - $mybb->settings['siglength'] > 1)
114. {
115. $lang->sig_too_long .= $lang->sprintf($lang->sig_remove_chars_plural, $sig_length-$mybb->settings['siglength']);
116. }
117. else
118. {
119. $lang->sig_too_long .= $lang->sig_remove_chars_singular;
120. }
121. $error = inline_error($lang->sig_too_long);
122. }
123. }
124. if($error || $mybb->input['preview'])
125. {
126. $mybb->input['action'] = "editsig";
127. }
128. }
129.  
130. // Make navigation
131. add_breadcrumb($lang->nav_usercp, "usercp.php");
132.  
133. switch($mybb->input['action'])
134. {
135. case "profile":
136. case "do_profile":
137. add_breadcrumb($lang->ucp_nav_profile);
138. break;
139. case "options":
140. case "do_options":
141. add_breadcrumb($lang->nav_options);
142. break;
143. case "email":
144. case "do_email":
145. add_breadcrumb($lang->nav_email);
146. break;
147. case "password":
148. case "do_password":
149. add_breadcrumb($lang->nav_password);
150. break;
151. case "changename":
152. case "do_changename":
153. add_breadcrumb($lang->nav_changename);
154. break;
155. case "subscriptions":
156. add_breadcrumb($lang->ucp_nav_subscribed_threads);
157. break;
158. case "forumsubscriptions":
159. add_breadcrumb($lang->ucp_nav_forum_subscriptions);
160. break;
161. case "editsig":
162. case "do_editsig":
163. add_breadcrumb($lang->nav_editsig);
164. break;
165. case "avatar":
166. case "do_avatar":
167. add_breadcrumb($lang->nav_avatar);
168. break;
169. case "notepad":
170. case "do_notepad":
171. add_breadcrumb($lang->ucp_nav_notepad);
172. break;
173. case "editlists":
174. case "do_editlists":
175. add_breadcrumb($lang->ucp_nav_editlists);
176. break;
177. case "drafts":
178. add_breadcrumb($lang->ucp_nav_drafts);
179. break;
180. case "usergroups":
181. add_breadcrumb($lang->ucp_nav_usergroups);
182. break;
183. case "attachments":
184. add_breadcrumb($lang->ucp_nav_attachments);
185. break;
186. }
187.  
188. if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
189. {
190. // Verify incoming POST request
191. verify_post_check($mybb->input['my_post_key']);
192.  
193. $plugins->run_hooks("usercp_do_profile_start");
194.  
195. if($mybb->input['away'] == 1 && $mybb->settings['allowaway'] != 0)
196. {
197. $awaydate = TIME_NOW;
198. if($mybb->input['awayday'])
199. {
200. // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
201. if(!$mybb->input['awaymonth'])
202. {
203. $mybb->input['awaymonth'] = my_date('n', $awaydate);
204. }
205. if(!$mybb->input['awayyear'])
206. {
207. $mybb->input['awayyear'] = my_date('Y', $awaydate);
208. }
209.  
210. $return_month = intval(substr($mybb->input['awaymonth'], 0, 2));
211. $return_day = intval(substr($mybb->input['awayday'], 0, 2));
212. $return_year = min(intval($mybb->input['awayyear']), 9999);
213.  
214. // Check if return date is after the away date.
215. $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
216. $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
217. if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
218. {
219. error($lang->error_usercp_return_date_past);
220. }
221.  
222. $returndate = "{$return_day}-{$return_month}-{$return_year}";
223. }
224. else
225. {
226. $returndate = "";
227. }
228. $away = array(
229. "away" => 1,
230. "date" => $awaydate,
231. "returndate" => $returndate,
232. "awayreason" => $mybb->input['awayreason']
233. );
234. }
235. else
236. {
237. $away = array(
238. "away" => 0,
239. "date" => '',
240. "returndate" => '',
241. "awayreason" => ''
242. );
243. }
244.  
245. $bday = array(
246. "day" => $mybb->input['bday1'],
247. "month" => $mybb->input['bday2'],
248. "year" => $mybb->input['bday3']
249. );
250.  
251. // Set up user handler.
252. require_once "inc/datahandlers/user.php";
253. $userhandler = new UserDataHandler("update");
254.  
255. $user = array(
256. "uid" => $mybb->user['uid'],
257. "postnum" => $mybb->user['postnum'],
258. "website" => $mybb->input['website'],
259. "icq" => intval($mybb->input['icq']),
260. "aim" => $mybb->input['aim'],
261. "yahoo" => $mybb->input['yahoo'],
262. "msn" => $mybb->input['msn'],
263. "birthday" => $bday,
264. "birthdayprivacy" => $mybb->input['birthdayprivacy'],
265. "away" => $away,
266. "profile_fields" => $mybb->input['profile_fields']
267. );
268.  
269. if($mybb->usergroup['cancustomtitle'] == 1)
270. {
271. if($mybb->input['usertitle'] != '')
272. {
273. $user['usertitle'] = $mybb->input['usertitle'];
274. }
275. else if($mybb->input['reverttitle'])
276. {
277. $user['usertitle'] = '';
278. }
279. }
280. $userhandler->set_data($user);
281.  
282. if(!$userhandler->validate_user())
283. {
284. $errors = $userhandler->get_friendly_errors();
285.  
286. // Set allowed value otherwise select options disappear
287. if(in_array($lang->userdata_invalid_birthday_privacy, $errors))
288. {
289. $mybb->input['birthdayprivacy'] = 'none';
290. }
291.  
292. $errors = inline_error($errors);
293. $mybb->input['action'] = "profile";
294. }
295. else
296. {
297. $userhandler->update_user();
298.  
299. $plugins->run_hooks("usercp_do_profile_end");
300. redirect("usercp.php", $lang->redirect_profileupdated);
301. }
302. }
303.  
304. if($mybb->input['action'] == "profile")
305. {
306. if($errors)
307. {
308. $user = $mybb->input;
309. $bday = array();
310. $bday[0] = $mybb->input['bday1'];
311. $bday[1] = $mybb->input['bday2'];
312. $bday[2] = intval($mybb->input['bday3']);
313. }
314. else
315. {
316. $user = $mybb->user;
317. $bday = explode("-", $user['birthday']);
318. }
319.  
320. $plugins->run_hooks("usercp_profile_start");
321.  
322. $bdaysel = '';
323. for($i = 1; $i <= 31; ++$i)
324. {
325. if($bday[0] == $i)
326. {
327. $bdaydaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
328. }
329. else
330. {
331. $bdaydaysel .= "<option value=\"$i\">$i</option>\n";
332. }
333. }
334. $bdaymonthsel[$bday[1]] = 'selected="selected"';
335.  
336. $bdayprivacysel = '';
337. if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy'])
338. {
339. $bdayprivacysel .= "<option value=\"all\" selected=\"selected\">{$lang->birthdayprivacyall}</option>\n";
340. $bdayprivacysel .= "<option value=\"none\">{$lang->birthdayprivacynone}</option>\n";
341. $bdayprivacysel .= "<option value=\"age\">{$lang->birthdayprivacyage}</option>";
342. }
343. else if($user['birthdayprivacy'] == 'none')
344. {
345. $bdayprivacysel .= "<option value=\"all\">{$lang->birthdayprivacyall}</option>\n";
346. $bdayprivacysel .= "<option value=\"none\" selected=\"selected\">{$lang->birthdayprivacynone}</option>\n";
347. $bdayprivacysel .= "<option value=\"age\">{$lang->birthdayprivacyage}</option>";
348. }
349. else if($user['birthdayprivacy'] == 'age')
350. {
351. $bdayprivacysel .= "<option value=\"all\">{$lang->birthdayprivacyall}</option>\n";
352. $bdayprivacysel .= "<option value=\"none\">{$lang->birthdayprivacynone}</option>\n";
353. $bdayprivacysel .= "<option value=\"age\" selected=\"selected\">{$lang->birthdayprivacyage}</option>";
354. }
355.  
356. if($user['website'] == "" || $user['website'] == "http://")
357. {
358. $user['website'] = "http://";
359. }
360. else
361. {
362. $user['website'] = htmlspecialchars_uni($user['website']);
363. }
364.  
365. if($user['icq'] != "0")
366. {
367. $user['icq'] = intval($user['icq']);
368. }
369. if($user['icq'] == 0)
370. {
371. $user['icq'] = "";
372. }
373. if($errors)
374. {
375. $user['msn'] = htmlspecialchars_uni($user['msn']);
376. $user['aim'] = htmlspecialchars_uni($user['aim']);
377. $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
378. }
379. if($mybb->settings['allowaway'] != 0)
380. {
381. if($errors)
382. {
383. if($user['away'] == 1)
384. {
385. $awaycheck[1] = "checked=\"checked\"";
386. }
387. else
388. {
389. $awaycheck[0] = "checked=\"checked\"";
390. }
391. $returndate = array();
392. $returndate[0] = $mybb->input['awayday'];
393. $returndate[1] = $mybb->input['awaymonth'];
394. $returndate[2] = intval($mybb->input['awayyear']);
395. $user['awayreason'] = htmlspecialchars_uni($mybb->input['awayreason']);
396. }
397. else
398. {
399. $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
400. if($mybb->user['away'] == 1)
401. {
402. $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
403. $awaycheck[1] = "checked=\"checked\"";
404. $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
405. }
406. else
407. {
408. $awaynotice = $lang->away_notice;
409. $awaycheck[0] = "checked=\"checked\"";
410. }
411. $returndate = explode("-", $mybb->user['returndate']);
412. }
413. $returndatesel = '';
414. for($i = 1; $i <= 31; ++$i)
415. {
416. if($returndate[0] == $i)
417. {
418. $returndatesel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
419. }
420. else
421. {
422. $returndatesel .= "<option value=\"$i\">$i</option>\n";
423. }
424. }
425. $returndatemonthsel[$returndate[1]] = "selected";
426.  
427. eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
428. }
429. // Custom profile fields baby!
430. $altbg = "trow1";
431. $requiredfields = '';
432. $customfields = '';
433. $query = $db->simple_select("profilefields", "*", "editable=1", array('order_by' => 'disporder'));
434. while($profilefield = $db->fetch_array($query))
435. {
436. // Does this field have a minimum post count?
437. if($profilefield['postnum'] && $profilefield['postnum'] > $mybb->user['postnum'])
438. {
439. continue;
440. }
441.  
442. $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
443. $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
444. $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
445. $thing = explode("\n", $profilefield['type'], "2");
446. $type = $thing[0];
447. $options = $thing[1];
448. $field = "fid{$profilefield['fid']}";
449. $select = '';
450. if($errors)
451. {
452. $userfield = $mybb->input['profile_fields'][$field];
453. }
454. else
455. {
456. $userfield = $user[$field];
457. }
458. if($type == "multiselect")
459. {
460. if($errors)
461. {
462. $useropts = $userfield;
463. }
464. else
465. {
466. $useropts = explode("\n", $userfield);
467. }
468. if(is_array($useropts))
469. {
470. foreach($useropts as $key => $val)
471. {
472. $val = htmlspecialchars_uni($val);
473. $seloptions[$val] = $val;
474. }
475. }
476. $expoptions = explode("\n", $options);
477. if(is_array($expoptions))
478. {
479. foreach($expoptions as $key => $val)
480. {
481. $val = trim($val);
482. $val = str_replace("\n", "\\n", $val);
483.  
484. $sel = "";
485. if($val == $seloptions[$val])
486. {
487. $sel = " selected=\"selected\"";
488. }
489. $select .= "<option value=\"$val\"$sel>$val</option>\n";
490. }
491. if(!$profilefield['length'])
492. {
493. $profilefield['length'] = 3;
494. }
495. $code = "<select name=\"profile_fields[$field][]\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>";
496. }
497. }
498. elseif($type == "select")
499. {
500. $expoptions = explode("\n", $options);
501. if(is_array($expoptions))
502. {
503. foreach($expoptions as $key => $val)
504. {
505. $val = trim($val);
506. $val = str_replace("\n", "\\n", $val);
507. $sel = "";
508. if($val == htmlspecialchars_uni($userfield))
509. {
510. $sel = " selected=\"selected\"";
511. }
512. $select .= "<option value=\"$val\"$sel>$val</option>";
513. }
514. if(!$profilefield['length'])
515. {
516. $profilefield['length'] = 1;
517. }
518. $code = "<select name=\"profile_fields[$field]\" size=\"{$profilefield['length']}\">$select</select>";
519. }
520. }
521. elseif($type == "radio")
522. {
523. $expoptions = explode("\n", $options);
524. if(is_array($expoptions))
525. {
526. foreach($expoptions as $key => $val)
527. {
528. $checked = "";
529. if($val == $userfield)
530. {
531. $checked = " checked=\"checked\"";
532. }
533. $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />";
534. }
535. }
536. }
537. elseif($type == "checkbox")
538. {
539. if($errors)
540. {
541. $useropts = $userfield;
542. }
543. else
544. {
545. $useropts = explode("\n", $userfield);
546. }
547. if(is_array($useropts))
548. {
549. foreach($useropts as $key => $val)
550. {
551. $seloptions[$val] = $val;
552. }
553. }
554. $expoptions = explode("\n", $options);
555. if(is_array($expoptions))
556. {
557. foreach($expoptions as $key => $val)
558. {
559. $checked = "";
560. if($val == $seloptions[$val])
561. {
562. $checked = " checked=\"checked\"";
563. }
564. $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />";
565. }
566. }
567. }
568. elseif($type == "textarea")
569. {
570. $value = htmlspecialchars_uni($userfield);
571. $code = "<textarea name=\"profile_fields[$field]\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>";
572. }
573. else
574. {
575. $value = htmlspecialchars_uni($userfield);
576. $maxlength = "";
577. if($profilefield['maxlength'] > 0)
578. {
579. $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
580. }
581. $code = "<input type=\"text\" name=\"profile_fields[$field]\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />";
582. }
583. if($profilefield['required'] == 1)
584. {
585. eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
586. }
587. else
588. {
589. eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
590. }
591. $altbg = alt_trow();
592. $code = "";
593. $select = "";
594. $val = "";
595. $options = "";
596. $expoptions = "";
597. $useropts = "";
598. $seloptions = "";
599. }
600. if($customfields)
601. {
602. eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
603. }
604.  
605. if($mybb->usergroup['cancustomtitle'] == 1)
606. {
607. if($mybb->usergroup['usertitle'] == "")
608. {
609. $defaulttitle = '';
610. $usertitles = $cache->read('usertitles');
611.  
612. foreach($usertitles as $title)
613. {
614. if($title['posts'] <= $mybb->user['postnum'])
615. {
616. $defaulttitle = htmlspecialchars_uni($title['title']);
617. break;
618. }
619. }
620. }
621. else
622. {
623. $defaulttitle = htmlspecialchars_uni($mybb->usergroup['usertitle']);
624. }
625.  
626. if(trim($user['usertitle']) == '')
627. {
628. $lang->current_custom_usertitle = '';
629. }
630. else
631. {
632. if($errors)
633. {
634. $newtitle = htmlspecialchars_uni($user['usertitle']);
635. $user['usertitle'] = $mybb->user['usertitle'];
636. }
637. }
638. eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";");
639. }
640. else
641. {
642. $customtitle = "";
643. }
644.  
645. $plugins->run_hooks("usercp_profile_end");
646.  
647. eval("\$editprofile = \"".$templates->get("usercp_profile")."\";");
648. output_page($editprofile);
649. }
650.  
651. if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
652. {
653. // Verify incoming POST request
654. verify_post_check($mybb->input['my_post_key']);
655.  
656. $plugins->run_hooks("usercp_do_options_start");
657.  
658. // Set up user handler.
659. require_once MYBB_ROOT."inc/datahandlers/user.php";
660. $userhandler = new UserDataHandler("update");
661.  
662. $user = array(
663. "uid" => $mybb->user['uid'],
664. "style" => intval($mybb->input['style']),
665. "dateformat" => intval($mybb->input['dateformat']),
666. "timeformat" => intval($mybb->input['timeformat']),
667. "timezone" => $db->escape_string($mybb->input['timezoneoffset']),
668. "language" => $mybb->input['language']
669. );
670.  
671. $user['options'] = array(
672. "allownotices" => $mybb->input['allownotices'],
673. "hideemail" => $mybb->input['hideemail'],
674. "subscriptionmethod" => $mybb->input['subscriptionmethod'],
675. "invisible" => $mybb->input['invisible'],
676. "dstcorrection" => $mybb->input['dstcorrection'],
677. "threadmode" => $mybb->input['threadmode'],
678. "showsigs" => $mybb->input['showsigs'],
679. "showavatars" => $mybb->input['showavatars'],
680. "showquickreply" => $mybb->input['showquickreply'],
681. "receivepms" => $mybb->input['receivepms'],
682. "pmnotice" => $mybb->input['pmnotice'],
683. "receivefrombuddy" => $mybb->input['receivefrombuddy'],
684. "daysprune" => $mybb->input['daysprune'],
685. "showcodebuttons" => intval($mybb->input['showcodebuttons']),
686. "pmnotify" => $mybb->input['pmnotify'],
687. "showredirect" => $mybb->input['showredirect'],
688. "classicpostbit" => $mybb->input['classicpostbit']
689. );
690.  
691. if($mybb->settings['usertppoptions'])
692. {
693. $user['options']['tpp'] = intval($mybb->input['tpp']);
694. }
695.  
696. if($mybb->settings['userpppoptions'])
697. {
698. $user['options']['ppp'] = intval($mybb->input['ppp']);
699. }
700.  
701. $userhandler->set_data($user);
702.  
703.  
704. if(!$userhandler->validate_user())
705. {
706. $errors = $userhandler->get_friendly_errors();
707. $errors = inline_error($errors);
708. $mybb->input['action'] = "options";
709. }
710. else
711. {
712. $userhandler->update_user();
713.  
714. $plugins->run_hooks("usercp_do_options_end");
715.  
716. redirect("usercp.php", $lang->redirect_optionsupdated);
717. }
718. }
719.  
720. if($mybb->input['action'] == "options")
721. {
722. $plugins->run_hooks("usercp_options_start");
723.  
724. if($errors != '')
725. {
726. $user = $mybb->input;
727. }
728. else
729. {
730. $user = $mybb->user;
731. }
732. $languages = $lang->get_languages();
733. $langoptions = '';
734. foreach($languages as $lname => $language)
735. {
736. $sel = "";
737. if($user['language'] == $lname)
738. {
739. $sel = " selected=\"selected\"";
740. }
741. $langoptions .= "<option value=\"$lname\"$sel>".htmlspecialchars_uni($language)."</option>\n";
742. }
743.  
744. // Lets work out which options the user has selected and check the boxes
745. if($user['allownotices'] == 1)
746. {
747. $allownoticescheck = "checked=\"checked\"";
748. }
749. else
750. {
751. $allownoticescheck = "";
752. }
753.  
754. if($user['invisible'] == 1)
755. {
756. $invisiblecheck = "checked=\"checked\"";
757. }
758. else
759. {
760. $invisiblecheck = "";
761. }
762.  
763. if($user['hideemail'] == 1)
764. {
765. $hideemailcheck = "checked=\"checked\"";
766. }
767. else
768. {
769. $hideemailcheck = "";
770. }
771.  
772. if($user['subscriptionmethod'] == 1)
773. {
774. $no_email_subscribe_selected = "selected=\"selected\"";
775. }
776. else if($user['subscriptionmethod'] == 2)
777. {
778. $instant_email_subscribe_selected = "selected=\"selected\"";
779. }
780. else
781.  
782. {
783. $no_subscribe_selected = "selected=\"selected\"";
784. }
785.  
786. if($user['showsigs'] == 1)
787. {
788. $showsigscheck = "checked=\"checked\"";
789. }
790. else
791. {
792. $showsigscheck = "";
793. }
794.  
795. if($user['showavatars'] == 1)
796. {
797. $showavatarscheck = "checked=\"checked\"";
798. }
799. else
800. {
801. $showavatarscheck = "";
802. }
803.  
804. if($user['showquickreply'] == 1)
805. {
806. $showquickreplycheck = "checked=\"checked\"";
807. }
808. else
809. {
810. $showquickreplycheck = "";
811. }
812.  
813. if($user['receivepms'] == 1)
814. {
815. $receivepmscheck = "checked=\"checked\"";
816. }
817. else
818. {
819. $receivepmscheck = "";
820. }
821.  
822. if($user['receivefrombuddy'] == 1)
823. {
824. $receivefrombuddycheck = "checked=\"checked\"";
825. }
826. else
827. {
828. $receivefrombuddycheck = "";
829. }
830.  
831. if($user['pmnotice'] == 1 || $user['pmnotice'] == 2)
832. {
833. $pmnoticecheck = " checked=\"checked\"";
834. }
835. else
836. {
837. $pmnoticecheck = "";
838. }
839.  
840. if($user['dstcorrection'] == 2)
841. {
842. $dst_auto_selected = "selected=\"selected\"";
843. }
844. else if($user['dstcorrection'] == 1)
845. {
846. $dst_enabled_selected = "selected=\"selected\"";
847. }
848. else
849. {
850. $dst_disabled_selected = "selected=\"selected\"";
851. }
852.  
853. if($user['showcodebuttons'] == 1)
854. {
855. $showcodebuttonscheck = "checked=\"checked\"";
856. }
857. else
858. {
859. $showcodebuttonscheck = "";
860. }
861.  
862. if($user['showredirect'] != 0)
863. {
864. $showredirectcheck = "checked=\"checked\"";
865. }
866. else
867. {
868. $showredirectcheck = "";
869. }
870.  
871. if($user['pmnotify'] != 0)
872. {
873. $pmnotifycheck = "checked=\"checked\"";
874. }
875. else
876. {
877. $pmnotifycheck = '';
878. }
879.  
880.  
881. if($user['threadmode'] != "threaded" && $user['threadmode'] != "linear")
882. {
883. $user['threadmode'] = ''; // Leave blank to show default
884. }
885.  
886. if($user['classicpostbit'] != 0)
887. {
888. $classicpostbitcheck = "checked=\"checked\"";
889. }
890. else
891. {
892. $classicpostbitcheck = '';
893. }
894.  
895.  
896. $date_format_options = "<option value=\"0\">{$lang->use_default}</option>";
897. foreach($date_formats as $key => $format)
898. {
899. if($user['dateformat'] == $key)
900. {
901. $date_format_options .= "<option value=\"$key\" selected=\"selected\">".my_date($format, TIME_NOW, "", 0)."</option>";
902. }
903. else
904. {
905. $date_format_options .= "<option value=\"$key\">".my_date($format, TIME_NOW, "", 0)."</option>";
906. }
907. }
908.  
909. $time_format_options = "<option value=\"0\">{$lang->use_default}</option>";
910. foreach($time_formats as $key => $format)
911. {
912. if($user['timeformat'] == $key)
913. {
914. $time_format_options .= "<option value=\"$key\" selected=\"selected\">".my_date($format, TIME_NOW, "", 0)."</option>";
915. }
916. else
917. {
918. $time_format_options .= "<option value=\"$key\">".my_date($format, TIME_NOW, "", 0)."</option>";
919. }
920. }
921.  
922. $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true);
923.  
924. if($mybb->settings['allowbuddyonly'] == 1)
925. {
926. eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";");
927. }
928.  
929. $threadview[$user['threadmode']] = 'selected="selected"';
930. $daysprunesel[$user['daysprune']] = 'selected="selected"';
931. $stylelist = build_theme_select("style", $user['style']);
932. if($mybb->settings['usertppoptions'])
933. {
934. $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
935. $tppoptions = '';
936. if(is_array($explodedtpp))
937. {
938. foreach($explodedtpp as $key => $val)
939. {
940. $val = trim($val);
941. $selected = "";
942. if($user['tpp'] == $val)
943. {
944. $selected = "selected=\"selected\"";
945. }
946. $tppoptions .= "<option value=\"$val\" $selected>".$lang->sprintf($lang->tpp_option, $val)."</option>\n";
947. }
948. }
949. eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
950. }
951. if($mybb->settings['userpppoptions'])
952. {
953. $explodedppp = explode(",", $mybb->settings['userpppoptions']);
954. $pppoptions = '';
955. if(is_array($explodedppp))
956. {
957. foreach($explodedppp as $key => $val)
958. {
959. $val = trim($val);
960. $selected = "";
961. if($user['ppp'] == $val)
962. {
963. $selected = "selected=\"selected\"";
964. }
965. $pppoptions .= "<option value=\"$val\" $selected>".$lang->sprintf($lang->ppp_option, $val)."</option>\n";
966. }
967. }
968. eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
969. }
970.  
971. $plugins->run_hooks("usercp_options_end");
972.  
973. eval("\$editprofile = \"".$templates->get("usercp_options")."\";");
974. output_page($editprofile);
975. }
976.  
977. if($mybb->input['action'] == "do_email" && $mybb->request_method == "post")
978. {
979. // Verify incoming POST request
980. verify_post_check($mybb->input['my_post_key']);
981.  
982. $errors = array();
983.  
984. $plugins->run_hooks("usercp_do_email_start");
985. if(validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false)
986. {
987. $errors[] = $lang->error_invalidpassword;
988. }
989. else
990. {
991. // Set up user handler.
992. require_once "inc/datahandlers/user.php";
993. $userhandler = new UserDataHandler("update");
994.  
995. $user = array(
996. "uid" => $mybb->user['uid'],
997. "email" => $mybb->input['email'],
998. "email2" => $mybb->input['email2']
999. );
1000.  
1001. $userhandler->set_data($user);
1002.  
1003. if(!$userhandler->validate_user())
1004. {
1005. $errors = $userhandler->get_friendly_errors();
1006. }
1007. else
1008. {
1009. if($mybb->user['usergroup'] != "5" && $mybb->usergroup['cancp'] != 1)
1010. {
1011. $activationcode = random_str();
1012. $now = TIME_NOW;
1013. $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1014. $newactivation = array(
1015. "uid" => $mybb->user['uid'],
1016. "dateline" => TIME_NOW,
1017. "code" => $activationcode,
1018. "type" => "e",
1019. "oldgroup" => $mybb->user['usergroup'],
1020. "misc" => $db->escape_string($mybb->input['email'])
1021. );
1022. $db->insert_query("awaitingactivation", $newactivation);
1023.  
1024. $username = $mybb->user['username'];
1025. $uid = $mybb->user['uid'];
1026. $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
1027. $lang->email_changeemail = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->input['email'], $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
1028. my_mail($mybb->input['email'], $lang->emailsubject_changeemail, $lang->email_changeemail);
1029.  
1030. $plugins->run_hooks("usercp_do_email_verify");
1031. error($lang->redirect_changeemail_activation);
1032. }
1033. else
1034. {
1035. $userhandler->update_user();
1036. $plugins->run_hooks("usercp_do_email_changed");
1037. redirect("usercp.php", $lang->redirect_emailupdated);
1038. }
1039. }
1040. }
1041. if(count($errors) > 0)
1042. {
1043. $mybb->input['action'] = "email";
1044. $errors = inline_error($errors);
1045. }
1046. }
1047.  
1048. if($mybb->input['action'] == "email")
1049. {
1050. // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password)
1051. if($errors)
1052. {
1053. $email = htmlspecialchars_uni($mybb->input['email']);
1054. $email2 = htmlspecialchars_uni($mybb->input['email2']);
1055. }
1056. else
1057. {
1058. $email = $email2 = '';
1059. }
1060.  
1061. $plugins->run_hooks("usercp_email");
1062.  
1063. eval("\$changemail = \"".$templates->get("usercp_email")."\";");
1064. output_page($changemail);
1065. }
1066.  
1067. if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
1068. {
1069. // Verify incoming POST request
1070. verify_post_check($mybb->input['my_post_key']);
1071.  
1072. $errors = array();
1073.  
1074. $plugins->run_hooks("usercp_do_password_start");
1075. if(validate_password_from_uid($mybb->user['uid'], $mybb->input['oldpassword']) == false)
1076. {
1077. $errors[] = $lang->error_invalidpassword;
1078. }
1079. else
1080. {
1081. // Set up user handler.
1082. require_once "inc/datahandlers/user.php";
1083. $userhandler = new UserDataHandler("update");
1084.  
1085. $user = array(
1086. "uid" => $mybb->user['uid'],
1087. "password" => $mybb->input['password'],
1088. "password2" => $mybb->input['password2']
1089. );
1090.  
1091. $userhandler->set_data($user);
1092.  
1093. if(!$userhandler->validate_user())
1094. {
1095. $errors = $userhandler->get_friendly_errors();
1096. }
1097. else
1098. {
1099. $userhandler->update_user();
1100. my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey']);
1101. $plugins->run_hooks("usercp_do_password_end");
1102. redirect("usercp.php", $lang->redirect_passwordupdated);
1103. }
1104. }
1105. if(count($errors) > 0)
1106. {
1107. $mybb->input['action'] = "password";
1108. $errors = inline_error($errors);
1109. }
1110. }
1111.  
1112. if($mybb->input['action'] == "password")
1113. {
1114. $plugins->run_hooks("usercp_password");
1115.  
1116. eval("\$editpassword = \"".$templates->get("usercp_password")."\";");
1117. output_page($editpassword);
1118. }
1119.  
1120. if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post")
1121. {
1122. // Verify incoming POST request
1123. verify_post_check($mybb->input['my_post_key']);
1124.  
1125. $plugins->run_hooks("usercp_do_changename_start");
1126. if($mybb->usergroup['canchangename'] != 1)
1127. {
1128. error_no_permission();
1129. }
1130.  
1131. if(validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false)
1132. {
1133. $errors[] = $lang->error_invalidpassword;
1134. }
1135. else
1136. {
1137. // Set up user handler.
1138. require_once "inc/datahandlers/user.php";
1139. $userhandler = new UserDataHandler("update");
1140.  
1141. $user = array(
1142. "uid" => $mybb->user['uid'],
1143. "username" => $mybb->input['username']
1144. );
1145.  
1146. $userhandler->set_data($user);
1147.  
1148. if(!$userhandler->validate_user())
1149. {
1150. $errors = $userhandler->get_friendly_errors();
1151. }
1152. else
1153. {
1154. $userhandler->update_user();
1155. $plugins->run_hooks("usercp_do_changename_end");
1156. redirect("usercp.php", $lang->redirect_namechanged);
1157.  
1158. }
1159. }
1160. if(count($errors) > 0)
1161. {
1162. $errors = inline_error($errors);
1163. $mybb->input['action'] = "changename";
1164. }
1165. }
1166.  
1167. if($mybb->input['action'] == "changename")
1168. {
1169. $plugins->run_hooks("usercp_changename_start");
1170. if($mybb->usergroup['canchangename'] != 1)
1171. {
1172. error_no_permission();
1173. }
1174.  
1175. $plugins->run_hooks("usercp_changename_end");
1176.  
1177. eval("\$changename = \"".$templates->get("usercp_changename")."\";");
1178. output_page($changename);
1179. }
1180.  
1181. if($mybb->input['action'] == "do_subscriptions")
1182. {
1183. // Verify incoming POST request
1184. verify_post_check($mybb->input['my_post_key']);
1185.  
1186. $plugins->run_hooks("usercp_do_subscriptions_start");
1187.  
1188. if(!is_array($mybb->input['check']))
1189. {
1190. error($lang->no_subscriptions_selected);
1191. }
1192.  
1193. // Clean input - only accept integers thanks!
1194. $mybb->input['check'] = array_map('intval', $mybb->input['check']);
1195. $tids = implode(",", $mybb->input['check']);
1196.  
1197. // Deleting these subscriptions?
1198. if($mybb->input['do'] == "delete")
1199. {
1200. $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1201. }
1202. // Changing subscription type
1203. else
1204. {
1205. if($mybb->input['do'] == "no_notification")
1206. {
1207. $new_notification = 0;
1208. }
1209. else if($mybb->input['do'] == "instant_notification")
1210. {
1211. $new_notification = 1;
1212. }
1213.  
1214. // Update
1215. $update_array = array("notification" => $new_notification);
1216. $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1217. }
1218.  
1219. // Done, redirect
1220. redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated);
1221. }
1222.  
1223. if($mybb->input['action'] == "subscriptions")
1224. {
1225. $plugins->run_hooks("usercp_subscriptions_start");
1226.  
1227. // Thread visiblity
1228. $visible = "AND t.visible != 0";
1229. if(is_moderator() == true)
1230. {
1231. $visible = '';
1232. }
1233.  
1234. // Do Multi Pages
1235. $query = $db->query("
1236. SELECT COUNT(ts.tid) as threads
1237. FROM ".TABLE_PREFIX."threadsubscriptions ts
1238. LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = ts.tid)
1239. WHERE ts.uid = '".$mybb->user['uid']."' {$visible}
1240. ");
1241. $threadcount = $db->fetch_field($query, "threads");
1242.  
1243. if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
1244. {
1245. $mybb->settings['threadsperpage'] = 20;
1246. }
1247.  
1248. $perpage = $mybb->settings['threadsperpage'];
1249. $page = intval($mybb->input['page']);
1250. if($page > 0)
1251. {
1252. $start = ($page-1) * $perpage;
1253. $pages = $threadcount / $perpage;
1254. $pages = ceil($pages);
1255. if($page > $pages || $page <= 0)
1256. {
1257. $start = 0;
1258. $page = 1;
1259. }
1260. }
1261. else
1262. {
1263. $start = 0;
1264. $page = 1;
1265. }
1266. $end = $start + $perpage;
1267. $lower = $start+1;
1268. $upper = $end;
1269. if($upper > $threadcount)
1270. {
1271. $upper = $threadcount;
1272. }
1273. $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions");
1274. $fpermissions = forum_permissions();
1275.  
1276. // Fetch subscriptions
1277. $query = $db->query("
1278. SELECT s.*, t.*, t.username AS threadusername, u.username, p.displaystyle AS threadprefix
1279. FROM ".TABLE_PREFIX."threadsubscriptions s
1280. LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
1281. LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
1282. LEFT JOIN ".TABLE_PREFIX."threadprefixes p ON (p.pid=t.prefix)
1283. WHERE s.uid='".$mybb->user['uid']."' {$visible}
1284. ORDER BY t.lastpost DESC
1285. LIMIT $start, $perpage
1286. ");
1287. while($subscription = $db->fetch_array($query))
1288. {
1289. $forumpermissions = $fpermissions[$subscription['fid']];
1290.  
1291. if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || ($forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']))
1292. {
1293. // Hmm, you don't have permission to view this thread - unsubscribe!
1294. $del_subscriptions[] = $subscription['sid'];
1295. }
1296. else if($subscription['tid'])
1297. {
1298. $subscriptions[$subscription['tid']] = $subscription;
1299. }
1300. }
1301.  
1302. if(is_array($del_subscriptions))
1303. {
1304. $sids = implode(',', $del_subscriptions);
1305.  
1306. if($sids)
1307. {
1308. $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'");
1309. }
1310.  
1311. $threadcount = $threadcount - count($del_subscriptions);
1312.  
1313. if($threadcount < 0)
1314. {
1315. $threadcount = 0;
1316. }
1317. }
1318.  
1319. if(is_array($subscriptions))
1320. {
1321. $tids = implode(",", array_keys($subscriptions));
1322.  
1323. if($mybb->user['uid'] == 0)
1324. {
1325. // Build a forum cache.
1326. $query = $db->query("
1327. SELECT fid
1328. FROM ".TABLE_PREFIX."forums
1329. WHERE active != 0
1330. ORDER BY pid, disporder
1331. ");
1332.  
1333. $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
1334. }
1335. else
1336. {
1337. // Build a forum cache.
1338. $query = $db->query("
1339. SELECT f.fid, fr.dateline AS lastread
1340. FROM ".TABLE_PREFIX."forums f
1341. LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1342. WHERE f.active != 0
1343. ORDER BY pid, disporder
1344. ");
1345. }
1346.  
1347. while($forum = $db->fetch_array($query))
1348. {
1349. if($mybb->user['uid'] == 0)
1350. {
1351. if($forumsread[$forum['fid']])
1352. {
1353. $forum['lastread'] = $forumsread[$forum['fid']];
1354. }
1355. }
1356. $readforums[$forum['fid']] = $forum['lastread'];
1357. }
1358.  
1359. // Check participation by the current user in any of these threads - for 'dot' folder icons
1360. if($mybb->settings['dotfolders'] != 0)
1361. {
1362. $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1363. while($post = $db->fetch_array($query))
1364. {
1365. $subscriptions[$post['tid']]['doticon'] = 1;
1366. }
1367. }
1368.  
1369. // Read threads
1370. if($mybb->settings['threadreadcut'] > 0)
1371. {
1372. $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1373. while($readthread = $db->fetch_array($query))
1374. {
1375. $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
1376. }
1377. }
1378.  
1379. $icon_cache = $cache->read("posticons");
1380.  
1381. // Now we can build our subscription list
1382. foreach($subscriptions as $thread)
1383. {
1384. $bgcolor = alt_trow();
1385.  
1386. $folder = '';
1387. $prefix = '';
1388.  
1389. // If this thread has a prefix, insert a space between prefix and subject
1390. if($thread['prefix'] != 0)
1391. {
1392. $thread['threadprefix'] .= '&nbsp;';
1393. }
1394.  
1395. // Sanitize
1396. $thread['subject'] = $parser->parse_badwords($thread['subject']);
1397. $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1398.  
1399. // Build our links
1400. $thread['threadlink'] = get_thread_link($thread['tid']);
1401. $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
1402.  
1403. // Fetch the thread icon if we have one
1404. if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
1405. {
1406. $icon = $icon_cache[$thread['icon']];
1407. $icon['path'] = htmlspecialchars_uni($icon['path']);
1408. $icon['name'] = htmlspecialchars_uni($icon['name']);
1409. $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";
1410. }
1411. else
1412. {
1413. $icon = "&nbsp;";
1414. }
1415.  
1416. // Determine the folder
1417. $folder = '';
1418. $folder_label = '';
1419.  
1420. if($thread['doticon'])
1421. {
1422. $folder = "dot_";
1423. $folder_label .= $lang->icon_dot;
1424. }
1425.  
1426. $gotounread = '';
1427. $isnew = 0;
1428. $donenew = 0;
1429. $lastread = 0;
1430.  
1431. if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
1432. {
1433. $forum_read = $readforums[$thread['fid']];
1434.  
1435. $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1436. if($forum_read == 0 || $forum_read < $read_cutoff)
1437. {
1438. $forum_read = $read_cutoff;
1439. }
1440. }
1441. else
1442. {
1443. $forum_read = $forumsread[$thread['fid']];
1444. }
1445.  
1446. if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
1447. {
1448. $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1449. }
1450.  
1451. if($thread['lastpost'] > $cutoff)
1452. {
1453. if($thread['lastread'])
1454. {
1455. $lastread = $thread['lastread'];
1456. }
1457. else
1458. {
1459. $lastread = 1;
1460. }
1461. }
1462.  
1463. if(!$lastread)
1464. {
1465. $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
1466. if($readcookie > $forum_read)
1467. {
1468. $lastread = $readcookie;
1469. }
1470. else
1471. {
1472. $lastread = $forum_read;
1473. }
1474. }
1475.  
1476. if($lastread && $lastread < $thread['lastpost'])
1477. {
1478. $folder .= "new";
1479. $folder_label .= $lang->icon_new;
1480. $new_class = "subject_new";
1481. $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
1482. eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1483. $unreadpost = 1;
1484. }
1485. else
1486. {
1487. $folder_label .= $lang->icon_no_new;
1488. $new_class = "subject_old";
1489. }
1490.  
1491. if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
1492. {
1493. $folder .= "hot";
1494. $folder_label .= $lang->icon_hot;
1495. }
1496.  
1497. if($thread['closed'] == 1)
1498. {
1499. $folder .= "lock";
1500. $folder_label .= $lang->icon_lock;
1501. }
1502.  
1503. $folder .= "folder";
1504.  
1505. if($thread['visible'] == 0)
1506. {
1507. $bgcolor = "trow_shaded";
1508. }
1509.  
1510. // Build last post info
1511. $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
1512. $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
1513. $lastposter = $thread['lastposter'];
1514. $lastposteruid = $thread['lastposteruid'];
1515.  
1516. // Don't link to guest's profiles (they have no profile).
1517. if($lastposteruid == 0)
1518. {
1519. $lastposterlink = $lastposter;
1520. }
1521. else
1522. {
1523. $lastposterlink = build_profile_link($lastposter, $lastposteruid);
1524. }
1525.  
1526. $thread['replies'] = my_number_format($thread['replies']);
1527. $thread['views'] = my_number_format($thread['views']);
1528.  
1529. // What kind of notification type do we have here?
1530. switch($thread['notification'])
1531. {
1532. case "1": // Instant
1533. $notification_type = $lang->instant_notification;
1534. break;
1535. default: // No notification
1536. $notification_type = $lang->no_notification;
1537. }
1538.  
1539. eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";");
1540. }
1541.  
1542. // Provide remove options
1543. eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";");
1544. }
1545. else
1546. {
1547. eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";");
1548. }
1549.  
1550. $plugins->run_hooks("usercp_subscriptions_end");
1551.  
1552. eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";");
1553. output_page($subscriptions);
1554. }
1555.  
1556. if($mybb->input['action'] == "forumsubscriptions")
1557. {
1558. $plugins->run_hooks("usercp_forumsubscriptions_start");
1559.  
1560. if($mybb->user['uid'] == 0)
1561. {
1562. // Build a forum cache.
1563. $query = $db->query("
1564. SELECT fid
1565. FROM ".TABLE_PREFIX."forums
1566. WHERE active != 0
1567. ORDER BY pid, disporder
1568. ");
1569.  
1570. $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
1571. }
1572. else
1573. {
1574. // Build a forum cache.
1575. $query = $db->query("
1576. SELECT f.fid, fr.dateline AS lastread
1577. FROM ".TABLE_PREFIX."forums f
1578. LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1579. WHERE f.active != 0
1580. ORDER BY pid, disporder
1581. ");
1582. }
1583.  
1584. while($forum = $db->fetch_array($query))
1585. {
1586. if($mybb->user['uid'] == 0)
1587. {
1588. if($forumsread[$forum['fid']])
1589. {
1590. $forum['lastread'] = $forumsread[$forum['fid']];
1591. }
1592. }
1593. $readforums[$forum['fid']] = $forum['lastread'];
1594. }
1595.  
1596. $fpermissions = forum_permissions();
1597. require_once MYBB_ROOT."inc/functions_forumlist.php";
1598.  
1599. $query = $db->query("
1600. SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread
1601. FROM ".TABLE_PREFIX."forumsubscriptions fs
1602. LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid)
1603. LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid)
1604. LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1605. WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."'
1606. ORDER BY f.name ASC
1607. ");
1608.  
1609. $forums = '';
1610. while($forum = $db->fetch_array($query))
1611. {
1612. $forum_url = get_forum_link($forum['fid']);
1613. $forumpermissions = $fpermissions[$forum['fid']];
1614.  
1615. if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1616. {
1617. continue;
1618. }
1619.  
1620. $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
1621. $folder = $lightbulb['folder'];
1622.  
1623. if($forumpermissions['canonlyviewownthreads'] != 0)
1624. {
1625. $posts = '-';
1626. $threads = '-';
1627. }
1628. else
1629. {
1630. $posts = my_number_format($forum['posts']);
1631. $threads = my_number_format($forum['threads']);
1632. }
1633.  
1634. if($forum['lastpost'] == 0 || $forum['lastposter'] == "")
1635. {
1636. $lastpost = "<div align=\"center\">{$lang->never}</div>";
1637. }
1638. // Hide last post
1639. elseif($forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid'])
1640. {
1641. $lastpost = "<div align=\"center\">{$lang->na}</div>";
1642. }
1643. else
1644. {
1645. $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']);
1646. $lastpost_date = my_date($mybb->settings['dateformat'], $forum['lastpost']);
1647. $lastpost_time = my_date($mybb->settings['timeformat'], $forum['lastpost']);
1648. $lastposttid = $forum['lastposttid'];
1649. $lastposter = $forum['lastposter'];
1650. $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);
1651. $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']);
1652. if(my_strlen($lastpost_subject) > 25)
1653. {
1654. $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
1655. }
1656. $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost");
1657. eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";");
1658. }
1659.  
1660. if($mybb->settings['showdescriptions'] == 0)
1661. {
1662. $forum['description'] = "";
1663. }
1664.  
1665. eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";");
1666. }
1667.  
1668. if(!$forums)
1669. {
1670. eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";");
1671. }
1672.  
1673. $plugins->run_hooks("usercp_forumsubscriptions_end");
1674.  
1675. eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";");
1676. output_page($forumsubscriptions);
1677. }
1678.  
1679. if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
1680. {
1681. // Verify incoming POST request
1682. verify_post_check($mybb->input['my_post_key']);
1683.  
1684. $plugins->run_hooks("usercp_do_editsig_start");
1685.  
1686. // User currently has a suspended signature
1687. if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW)
1688. {
1689. error_no_permission();
1690. }
1691.  
1692. if($mybb->input['updateposts'] == "enable")
1693. {
1694. $update_signature = array(
1695. "includesig" => 1
1696. );
1697. $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
1698. }
1699. elseif($mybb->input['updateposts'] == "disable")
1700. {
1701. $update_signature = array(
1702. "includesig" => 0
1703. );
1704. $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
1705. }
1706. $new_signature = array(
1707. "signature" => $db->escape_string($mybb->input['signature'])
1708. );
1709. $plugins->run_hooks("usercp_do_editsig_process");
1710. $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'");
1711. $plugins->run_hooks("usercp_do_editsig_end");
1712. redirect("usercp.php?action=editsig", $lang->redirect_sigupdated);
1713.  
1714. }
1715.  
1716. if($mybb->input['action'] == "editsig")
1717. {
1718. $plugins->run_hooks("usercp_editsig_start");
1719. if($mybb->input['preview'] && !$error)
1720. {
1721. $sig = $mybb->input['signature'];
1722. $template = "usercp_editsig_preview";
1723. }
1724. elseif(!$error)
1725. {
1726. $sig = $mybb->user['signature'];
1727. $template = "usercp_editsig_current";
1728. }
1729. else if($error)
1730. {
1731. $sig = $mybb->input['signature'];
1732. $template = false;
1733. }
1734.  
1735. if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
1736. {
1737. // User currently has no signature and they're suspended
1738. error($lang->sig_suspended);
1739. }
1740.  
1741. if($mybb->usergroup['canusesig'] != 1)
1742. {
1743. // Usergroup has no permission to use this facility
1744. error_no_permission();
1745. }
1746. else if($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts'])
1747. {
1748. // Usergroup can use this facility, but only after x posts
1749. error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts']));
1750. }
1751.  
1752. if($sig && $template)
1753. {
1754. $sig_parser = array(
1755. "allow_html" => $mybb->settings['sightml'],
1756. "allow_mycode" => $mybb->settings['sigmycode'],
1757. "allow_smilies" => $mybb->settings['sigsmilies'],
1758. "allow_imgcode" => $mybb->settings['sigimgcode'],
1759. "me_username" => $mybb->user['username'],
1760. "filter_badwords" => 1
1761. );
1762.  
1763. $sigpreview = $parser->parse_message($sig, $sig_parser);
1764. eval("\$signature = \"".$templates->get($template)."\";");
1765. }
1766.  
1767. // User has a current signature, so let's display it (but show an error message)
1768. if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW)
1769. {
1770. $plugins->run_hooks("usercp_editsig_end");
1771.  
1772. // User either doesn't have permission, or has their signature suspended
1773. eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";");
1774. }
1775. else
1776. {
1777. // User is allowed to edit their signature
1778. if($mybb->settings['sigsmilies'] == 1)
1779. {
1780. $sigsmilies = $lang->on;
1781. $smilieinserter = build_clickable_smilies();
1782. }
1783. else
1784. {
1785. $sigsmilies = $lang->off;
1786. }
1787. if($mybb->settings['sigmycode'] == 1)
1788. {
1789. $sigmycode = $lang->on;
1790. }
1791. else
1792. {
1793. $sigmycode = $lang->off;
1794. }
1795. if($mybb->settings['sightml'] == 1)
1796. {
1797. $sightml = $lang->on;
1798. }
1799. else
1800. {
1801. $sightml = $lang->off;
1802. }
1803. if($mybb->settings['sigimgcode'] == 1)
1804. {
1805. $sigimgcode = $lang->on;
1806. }
1807. else
1808. {
1809. $sigimgcode = $lang->off;
1810. }
1811. $sig = htmlspecialchars_uni($sig);
1812. $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $mybb->settings['siglength']);
1813.  
1814. if($mybb->settings['bbcodeinserter'] != 0 || $mybb->user['showcodebuttons'] != 0)
1815. {
1816. $codebuttons = build_mycode_inserter("signature");
1817. }
1818.  
1819. $plugins->run_hooks("usercp_editsig_end");
1820.  
1821. eval("\$editsig = \"".$templates->get("usercp_editsig")."\";");
1822. }
1823.  
1824. output_page($editsig);
1825. }
1826.  
1827. if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post")
1828. {
1829. // Verify incoming POST request
1830. verify_post_check($mybb->input['my_post_key']);
1831.  
1832. $plugins->run_hooks("usercp_do_avatar_start");
1833. require_once MYBB_ROOT."inc/functions_upload.php";
1834.  
1835. $avatar_error = "";
1836.  
1837. if($mybb->input['remove']) // remove avatar
1838. {
1839. $updated_avatar = array(
1840. "avatar" => "",
1841. "avatardimensions" => "",
1842. "avatartype" => ""
1843. );
1844. $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1845. remove_avatars($mybb->user['uid']);
1846. }
1847. elseif($mybb->input['gallery']) // Gallery avatar
1848. {
1849. if(empty($mybb->input['avatar']))
1850. {
1851. $avatar_error = $lang->error_noavatar;
1852. }
1853.  
1854. $mybb->input['gallery'] = str_replace(array("./", ".."), "", $mybb->input['gallery']);
1855. $mybb->input['avatar'] = str_replace(array("./", ".."), "", $mybb->input['avatar']);
1856.  
1857. if(empty($avatar_error))
1858. {
1859. if($mybb->input['gallery'] == "default")
1860. {
1861. $avatarpath = $db->escape_string($mybb->settings['avatardir']."/".$mybb->input['avatar']);
1862. }
1863. else
1864. {
1865. $avatarpath = $db->escape_string($mybb->settings['avatardir']."/".$mybb->input['gallery']."/".$mybb->input['avatar']);
1866. }
1867.  
1868. if(file_exists($avatarpath))
1869. {
1870. $dimensions = @getimagesize($avatarpath);
1871.  
1872. $updated_avatar = array(
1873. "avatar" => $avatarpath.'?dateline='.TIME_NOW,
1874. "avatardimensions" => "{$dimensions[0]}|{$dimensions[1]}",
1875. "avatartype" => "gallery"
1876. );
1877. $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1878. }
1879. remove_avatars($mybb->user['uid']);
1880. }
1881. }
1882. elseif($_FILES['avatarupload']['name']) // upload avatar
1883. {
1884. if($mybb->usergroup['canuploadavatars'] == 0)
1885. {
1886. error_no_permission();
1887. }
1888. $avatar = upload_avatar();
1889. if($avatar['error'])
1890. {
1891. $avatar_error = $avatar['error'];
1892. }
1893. else
1894. {
1895. if($avatar['width'] > 0 && $avatar['height'] > 0)
1896. {
1897. $avatar_dimensions = $avatar['width']."|".$avatar['height'];
1898. }
1899. $updated_avatar = array(
1900. "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
1901. "avatardimensions" => $avatar_dimensions,
1902. "avatartype" => "upload"
1903. );
1904. $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1905. }
1906. }
1907. else // remote avatar
1908. {
1909. $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->input['avatarurl']);
1910. $ext = get_extension($mybb->input['avatarurl']);
1911.  
1912. // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
1913. $file = fetch_remote_file($mybb->input['avatarurl']);
1914. if(!$file)
1915. {
1916. $avatar_error = $lang->error_invalidavatarurl;
1917. }
1918. else
1919. {
1920. $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str());
1921. $fp = @fopen($tmp_name, "wb");
1922. if(!$fp)
1923. {
1924. $avatar_error = $lang->error_invalidavatarurl;
1925. }
1926. else
1927. {
1928. fwrite($fp, $file);
1929. fclose($fp);
1930. list($width, $height, $type) = @getimagesize($tmp_name);
1931. @unlink($tmp_name);
1932. if(!$type)
1933. {
1934. $avatar_error = $lang->error_invalidavatarurl;
1935. }
1936. }
1937. }
1938.  
1939. if(empty($avatar_error))
1940. {
1941. if($width && $height && $mybb->settings['maxavatardims'] != "")
1942. {
1943. list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
1944. if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
1945. {
1946. $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
1947. $avatar_error = $lang->error_avatartoobig;
1948. }
1949. }
1950. }
1951.  
1952. if(empty($avatar_error))
1953. {
1954. if($width > 0 && $height > 0)
1955. {
1956. $avatar_dimensions = intval($width)."|".intval($height);
1957. }
1958. $updated_avatar = array(
1959. "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW),
1960. "avatardimensions" => $avatar_dimensions,
1961. "avatartype" => "remote"
1962. );
1963. $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1964. remove_avatars($mybb->user['uid']);
1965. }
1966. }
1967.  
1968. if(empty($avatar_error))
1969. {
1970. $plugins->run_hooks("usercp_do_avatar_end");
1971. redirect("usercp.php", $lang->redirect_avatarupdated);
1972. }
1973. else
1974. {
1975. $mybb->input['action'] = "avatar";
1976. $avatar_error = inline_error($avatar_error);
1977. }
1978. }
1979.  
1980. if($mybb->input['action'] == "avatar")
1981. {
1982. $plugins->run_hooks("usercp_avatar_start");
1983. // Get a listing of available galleries
1984. $gallerylist['default'] = $lang->default_gallery;
1985. $avatardir = @opendir($mybb->settings['avatardir']);
1986. while($dir = @readdir($avatardir))
1987. {
1988. if(is_dir($mybb->settings['avatardir']."/$dir") && substr($dir, 0, 1) != ".")
1989. {
1990. $gallerylist[$dir] = str_replace("_", " ", $dir);
1991. }
1992. }
1993. @closedir($avatardir);
1994. natcasesort($gallerylist);
1995. reset($gallerylist);
1996. $galleries = '';
1997. foreach($gallerylist as $dir => $friendlyname)
1998. {
1999. if($dir == $mybb->input['gallery'])
2000. {
2001. $activegallery = $friendlyname;
2002. $selected = "selected=\"selected\"";
2003. }
2004. $galleries .= "<option value=\"$dir\" $selected>$friendlyname</option>\n";
2005. $selected = "";
2006. }
2007.  
2008. // Check to see if we're in a gallery or not
2009. if($activegallery)
2010. {
2011. $gallery = str_replace("..", "", $mybb->input['gallery']);
2012. $lang->avatars_in_gallery = $lang->sprintf($lang->avatars_in_gallery, $activegallery);
2013. // Get a listing of avatars in this gallery
2014. $avatardir = $mybb->settings['avatardir'];
2015. if($gallery != "default")
2016. {
2017. $avatardir .= "/$gallery";
2018. }
2019. $opendir = opendir($avatardir);
2020. while($avatar = @readdir($opendir))
2021. {
2022. $avatarpath = $avatardir."/".$avatar;
2023. if(is_file($avatarpath) && preg_match("#\.(jpg|jpeg|gif|bmp|png)$#i", $avatar))
2024. {
2025. $avatars[] = $avatar;
2026. }
2027. }
2028. @closedir($opendir);
2029.  
2030. if(is_array($avatars))
2031. {
2032. natcasesort($avatars);
2033. reset($avatars);
2034. $count = 0;
2035. $avatarlist = "<tr>\n";
2036. foreach($avatars as $avatar)
2037. {
2038. $avatarpath = $avatardir."/".$avatar;
2039. $avatarname = preg_replace("#\.(jpg|jpeg|gif|bmp|png)$#i", "", $avatar);
2040. $avatarname = ucwords(str_replace("_", " ", $avatarname));
2041. if($mybb->user['avatar'] == $avatarpath)
2042. {
2043. $checked = "checked=\"checked\"";
2044. }
2045. if($count == 5)
2046. {
2047. $avatarlist .= "</tr>\n<tr>\n";
2048. $count = 0;
2049. }
2050. ++$count;
2051. eval("\$avatarlist .= \"".$templates->get("usercp_avatar_gallery_avatar")."\";");
2052. }
2053. if($count != 0)
2054. {
2055. for($i = $count; $i <= 5; ++$i)
2056. {
2057. eval("\$avatarlist .= \"".$templates->get("usercp_avatar_gallery_blankblock")."\";");
2058. }
2059. }
2060. }
2061. else
2062. {
2063. eval("\$avatarlist = \"".$templates->get("usercp_avatar_gallery_noavatars")."\";");
2064. }
2065.  
2066. $plugins->run_hooks("usercp_avatar_end");
2067.  
2068. eval("\$gallery = \"".$templates->get("usercp_avatar_gallery")."\";");
2069. output_page($gallery);
2070. }
2071. // Show main avatar page
2072. else
2073. {
2074. if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath']))
2075. {
2076. $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>";
2077. }
2078. elseif($mybb->user['avatartype'] == "gallery" || stristr($mybb->user['avatar'], $mybb->settings['avatardir']))
2079. {
2080. $avatarmsg = "<br /><strong>".$lang->using_gallery_avatar."</strong>";
2081. }
2082. elseif($mybb->user['avatartype'] == "remote" || my_strpos(my_strtolower($mybb->user['avatar']), "http://") !== false)
2083. {
2084. $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>";
2085. $avatarurl = htmlspecialchars_uni($mybb->user['avatar']);
2086. }
2087. $urltoavatar = htmlspecialchars_uni($mybb->user['avatar']);
2088. if($mybb->user['avatar'])
2089. {
2090. $avatar_dimensions = explode("|", $mybb->user['avatardimensions']);
2091. if($avatar_dimensions[0] && $avatar_dimensions[1])
2092. {
2093. $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\"";
2094. }
2095. eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";");
2096. $colspan = 1;
2097. }
2098. else
2099. {
2100. $colspan = 2;
2101. }
2102. if($mybb->settings['maxavatardims'] != "")
2103. {
2104. list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2105. $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight);
2106. }
2107. if($mybb->settings['avatarsize'])
2108. {
2109. $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024);
2110. $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize);
2111. }
2112. if($mybb->settings['avatarresizing'] == "auto")
2113. {
2114. $auto_resize = "<br /><span class=\"smalltext\">{$lang->avatar_auto_resize_note}</span>\n";
2115. }
2116. else if($mybb->settings['avatarresizing'] == "user")
2117. {
2118. $auto_resize = "<br /><span class=\"smalltext\"><input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->avatar_auto_resize_option}</label></span>";
2119. }
2120.  
2121. $plugins->run_hooks("usercp_avatar_end");
2122.  
2123. eval("\$avatar = \"".$templates->get("usercp_avatar")."\";");
2124. output_page($avatar);
2125. }
2126. }
2127.  
2128. if($mybb->input['action'] == "do_editlists")
2129. {
2130. // Verify incoming POST request
2131. verify_post_check($mybb->input['my_post_key']);
2132.  
2133. $plugins->run_hooks("usercp_do_editlists_start");
2134.  
2135. $existing_users = array();
2136. $selected_list = array();
2137. if($mybb->input['manage'] == "ignored")
2138. {
2139. if($mybb->user['ignorelist'])
2140. {
2141. $existing_users = explode(",", $mybb->user['ignorelist']);
2142. }
2143.  
2144. if($mybb->user['buddylist'])
2145. {
2146. // Create a list of buddies...
2147. $selected_list = explode(",", $mybb->user['buddylist']);
2148. }
2149. }
2150. else
2151. {
2152. if($mybb->user['buddylist'])
2153. {
2154. $existing_users = explode(",", $mybb->user['buddylist']);
2155. }
2156.  
2157. if($mybb->user['ignorelist'])
2158. {
2159. // Create a list of ignored users
2160. $selected_list = explode(",", $mybb->user['ignorelist']);
2161. }
2162. }
2163.  
2164. $error_message = "";
2165. $message = "";
2166.  
2167. // Adding one or more users to this list
2168. if($mybb->input['add_username'])
2169. {
2170. // Split up any usernames we have
2171. $found_users = 0;
2172. $adding_self = false;
2173. $users = explode(",", $mybb->input['add_username']);
2174. $users = array_map("trim", $users);
2175. $users = array_unique($users);
2176. foreach($users as $key => $username)
2177. {
2178. if(empty($username))
2179. {
2180. unset($users[$key]);
2181. continue;
2182. }
2183.  
2184. if(my_strtoupper($mybb->user['username']) == my_strtoupper($username))
2185. {
2186. $adding_self = true;
2187. unset($users[$key]);
2188. continue;
2189. }
2190. $users[$key] = $db->escape_string($username);
2191. }
2192.  
2193. // Fetch out new users
2194. if(count($users) > 0)
2195. {
2196. $query = $db->simple_select("users", "uid", "LOWER(username) IN ('".my_strtolower(implode("','", $users))."')");
2197.  
2198.  
2199.  
2200. while($user = $db->fetch_array($query))
2201. {
2202. ++$found_users;
2203.  
2204. // Make sure we're not adding a duplicate
2205. if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list))
2206. {
2207. if($mybb->input['manage'] == "ignored")
2208. {
2209. $error_message = "ignore";
2210. }
2211. else
2212. {
2213. $error_message = "buddy";
2214. }
2215.  
2216. // On another list?
2217. $string = "users_already_on_".$error_message."_list";
2218. if(in_array($user['uid'], $selected_list))
2219. {
2220. $string .= "_alt";
2221. }
2222.  
2223. $error_message = $lang->$string;
2224. array_pop($users); // To maintain a proper count when we call count($users)
2225. continue;
2226. }
2227.  
2228. $existing_users[] = $user['uid'];
2229. }
2230. }
2231.  
2232. if($found_users < count($users))
2233. {
2234. if($error_message)
2235. {
2236. $error_message .= "<br />";
2237. }
2238.  
2239. $error_message .= $lang->invalid_user_selected;
2240. }
2241.  
2242. if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1))
2243. {
2244. if($mybb->input['manage'] == "ignored")
2245. {
2246. $message = $lang->users_added_to_ignore_list;
2247. }
2248. else
2249. {
2250. $message = $lang->users_added_to_buddy_list;
2251. }
2252. }
2253.  
2254. if($adding_self == true)
2255. {
2256. if($mybb->input['manage'] == "ignored")
2257. {
2258. $error_message = $lang->cant_add_self_to_ignore_list;
2259. }
2260. else
2261. {
2262. $error_message = $lang->cant_add_self_to_buddy_list;
2263. }
2264. }
2265.  
2266. if(count($existing_users) == 0)
2267. {
2268. $message = "";
2269. }
2270. }
2271.  
2272. // Removing a user from this list
2273. else if($mybb->input['delete'])
2274. {
2275. // Check if user exists on the list
2276. $key = array_search($mybb->input['delete'], $existing_users);
2277. if($key !== false)
2278. {
2279. unset($existing_users[$key]);
2280. $user = get_user($mybb->input['delete']);
2281. if($mybb->input['manage'] == "ignored")
2282. {
2283. $message = $lang->removed_from_ignore_list;
2284. }
2285. else
2286. {
2287. $message = $lang->removed_from_buddy_list;
2288. }
2289. $message = $lang->sprintf($message, $user['username']);
2290. }
2291. }
2292.  
2293. // Now we have the new list, so throw it all back together
2294. $new_list = implode(",", $existing_users);
2295.  
2296. // And clean it up a little to ensure there is no possibility of bad values
2297. $new_list = preg_replace("#,{2,}#", ",", $new_list);
2298. $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2299.  
2300. if(my_substr($new_list, 0, 1) == ",")
2301. {
2302. $new_list = my_substr($new_list, 1);
2303. }
2304. if(my_substr($new_list, -1) == ",")
2305. {
2306. $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2307. }
2308.  
2309. // And update
2310. $user = array();
2311. if($mybb->input['manage'] == "ignored")
2312. {
2313. $user['ignorelist'] = $db->escape_string($new_list);
2314. $mybb->user['ignorelist'] = $user['ignorelist'];
2315. }
2316. else
2317. {
2318. $user['buddylist'] = $db->escape_string($new_list);
2319. $mybb->user['buddylist'] = $user['buddylist'];
2320. }
2321.  
2322. $db->update_query("users", $user, "uid='".$mybb->user['uid']."'");
2323.  
2324. $plugins->run_hooks("usercp_do_editlists_end");
2325.  
2326. // Ajax based request, throw new list to browser
2327. if($mybb->input['ajax'])
2328. {
2329. if($mybb->input['manage'] == "ignored")
2330. {
2331. $list = "ignore";
2332. }
2333. else
2334. {
2335. $list = "buddy";
2336. }
2337.  
2338. if($message)
2339. {
2340. $message_js = "var success = document.createElement('div'); var element = \$('{$list}_list'); element.parentNode.insertBefore(success, element); success.innerHTML = '{$message}'; success.className = 'success_message'; window.setTimeout(function() { Element.remove(success) }, 5000);";
2341. }
2342.  
2343. if($error_message)
2344. {
2345. $message_js .= " var error = document.createElement('div'); var element = \$('{$list}_list'); element.parentNode.insertBefore(error, element); error.innerHTML = '{$error_message}'; error.className = 'error_message'; window.setTimeout(function() { Element.remove(error) }, 5000);";
2346. }
2347.  
2348. if($mybb->input['delete'])
2349. {
2350. header("Content-type: text/javascript");
2351. echo "Element.remove('{$mybb->input['manage']}_{$mybb->input['delete']}');\n";
2352. if($new_list == "")
2353. {
2354. echo "\$('{$mybb->input['manage']}_count').innerHTML = '0';\n";
2355. if($mybb->input['manage'] == "ignored")
2356. {
2357. echo "\$('ignore_list').innerHTML = '<li>{$lang->ignore_list_empty}</li>';\n";
2358. }
2359. else
2360. {
2361. echo "\$('buddy_list').innerHTML = '<li>{$lang->buddy_list_empty}</li>';\n";
2362. }
2363. }
2364. else
2365. {
2366. echo "\$('{$mybb->input['manage']}_count').innerHTML = '".count(explode(",", $new_list))."';\n";
2367. }
2368. echo $message_js;
2369. exit;
2370. }
2371. $mybb->input['action'] = "editlists";
2372. }
2373. else
2374. {
2375. if($error_message)
2376. {
2377. $message .= "<br />".$error_message;
2378. }
2379. redirect("usercp.php?action=editlists#{$mybb->input['manage']}", $message);
2380. }
2381. }
2382.  
2383. if($mybb->input['action'] == "editlists")
2384. {
2385. $plugins->run_hooks("usercp_editlists_start");
2386.  
2387. $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
2388.  
2389. // Fetch out buddies
2390. $buddy_count = 0;
2391. if($mybb->user['buddylist'])
2392. {
2393. $type = "buddy";
2394. $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username"));
2395. while($user = $db->fetch_array($query))
2396. {
2397.  
2398.  
2399.  
2400.  
2401.  
2402. $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2403. if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
2404. {
2405. $status = "online";
2406. }
2407. else
2408. {
2409. $status = "offline";
2410. }
2411. eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";");
2412. ++$buddy_count;
2413. }
2414. }
2415.  
2416. $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count);
2417. if(!$buddy_list)
2418. {
2419. $buddy_list = "<li>{$lang->buddy_list_empty}</li>";
2420. }
2421.  
2422. // Fetch out ignore list users
2423. $ignore_count = 0;
2424. if($mybb->user['ignorelist'])
2425. {
2426. $type = "ignored";
2427. $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username"));
2428. while($user = $db->fetch_array($query))
2429. {
2430.  
2431.  
2432.  
2433.  
2434.  
2435. $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2436. if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
2437. {
2438. $status = "online";
2439. }
2440. else
2441. {
2442. $status = "offline";
2443. }
2444. eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";");
2445. ++$ignore_count;
2446. }
2447. }
2448.  
2449. $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count);
2450. if(!$ignore_list)
2451. {
2452. $ignore_list = "<li>{$lang->ignore_list_empty}</li>";
2453. }
2454.  
2455. // If an AJAX request from buddy management, echo out whatever the new list is.
2456. if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
2457. {
2458. if($mybb->input['manage'] == "ignored")
2459. {
2460. echo $ignore_list;
2461. echo "<script type=\"text/javascript\"> $('ignored_count').innerHTML = '{$ignore_count}'; {$message_js}</script>";
2462. }
2463. else
2464. {
2465. echo $buddy_list;
2466. echo "<script type=\"text/javascript\"> $('buddy_count').innerHTML = '{$buddy_count}'; {$message_js}</script>";
2467. }
2468. exit;
2469. }
2470.  
2471. $plugins->run_hooks("usercp_editlists_end");
2472.  
2473. eval("\$listpage = \"".$templates->get("usercp_editlists")."\";");
2474. output_page($listpage);
2475. }
2476.  
2477. if($mybb->input['action'] == "drafts")
2478. {
2479. $plugins->run_hooks("usercp_drafts_start");
2480. // Show a listing of all of the current 'draft' posts or threads the user has.
2481. $drafts = '';
2482. $query = $db->query("
2483. SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible
2484. FROM ".TABLE_PREFIX."posts p
2485. LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2486. LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid)
2487. WHERE p.uid='".$mybb->user['uid']."' AND p.visible='-2'
2488. ORDER BY p.dateline DESC
2489. ");
2490. while($draft = $db->fetch_array($query))
2491. {
2492. $trow = alt_trow();
2493. if($draft['threadvisible'] == 1) // We're looking at a draft post
2494. {
2495. $detail = $lang->thread." <a href=\"".get_thread_link($draft['tid'])."\">".htmlspecialchars_uni($draft['threadsubject'])."</a>";
2496. $editurl = "newreply.php?action=editdraft&amp;pid={$draft['pid']}";
2497. $id = $draft['pid'];
2498. $type = "post";
2499. }
2500. elseif($draft['threadvisible'] == -2) // We're looking at a draft thread
2501. {
2502. $detail = $lang->forum." <a href=\"".get_forum_link($draft['fid'])."\">{$draft['forumname']}</a>";
2503. $editurl = "newthread.php?action=editdraft&amp;tid={$draft['tid']}";
2504. $id = $draft['tid'];
2505. $type = "thread";
2506. }
2507. $draft['subject'] = htmlspecialchars_uni($draft['subject']);
2508. $savedate = my_date($mybb->settings['dateformat'], $draft['dateline']);
2509. $savetime = my_date($mybb->settings['timeformat'], $draft['dateline']);
2510. eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";");
2511. }
2512. if(!$drafts)
2513. {
2514. eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";");
2515. $disable_delete_drafts = 'disabled="disabled"';
2516. }
2517. else
2518. {
2519. eval("\$draftsubmit = \"".$templates->get("usercp_drafts_submit")."\";");
2520. $disable_delete_drafts = '';
2521. }
2522.  
2523. $query = $db->simple_select("posts", "COUNT(*) AS draftcount", "visible='-2' AND uid='".$mybb->user['uid']."'");
2524. $count = $db->fetch_array($query);
2525. $draftcount = "(".my_number_format($count['draftcount']).")";
2526.  
2527. $plugins->run_hooks("usercp_drafts_end");
2528.  
2529. eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";");
2530. output_page($draftlist);
2531.  
2532. }
2533. if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post")
2534. {
2535. // Verify incoming POST request
2536. verify_post_check($mybb->input['my_post_key']);
2537.  
2538. $plugins->run_hooks("usercp_do_drafts_start");
2539. if(!$mybb->input['deletedraft'])
2540. {
2541. error($lang->no_drafts_selected);
2542. }
2543. $pidin = array();
2544. $tidin = array();
2545. foreach($mybb->input['deletedraft'] as $id => $val)
2546. {
2547. if($val == "post")
2548. {
2549. $pidin[] = "'".intval($id)."'";
2550. }
2551. elseif($val == "thread")
2552. {
2553. $tidin[] = "'".intval($id)."'";
2554. }
2555. }
2556. if($tidin)
2557. {
2558. $tidin = implode(",", $tidin);
2559. $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'");
2560. $tidinp = "OR tid IN ($tidin)";
2561. }
2562. if($pidin || $tidinp)
2563. {
2564. if($pidin)
2565. {
2566. $pidin = implode(",", $pidin);
2567. $pidinq = "pid IN ($pidin)";
2568. }
2569. else
2570. {
2571. $pidinq = "1=0";
2572. }
2573. $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'");
2574. }
2575. $plugins->run_hooks("usercp_do_drafts_end");
2576. redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted);
2577. }
2578. if($mybb->input['action'] == "usergroups")
2579. {
2580. $plugins->run_hooks("usercp_usergroups_start");
2581. $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].",";
2582.  
2583. // Changing our display group
2584. if($mybb->input['displaygroup'])
2585. {
2586. // Verify incoming POST request
2587. verify_post_check($mybb->input['my_post_key']);
2588.  
2589. if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false)
2590. {
2591. error($lang->not_member_of_group);
2592. }
2593. $query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['displaygroup'])."'");
2594. $dispgroup = $db->fetch_array($query);
2595. if($dispgroup['candisplaygroup'] != 1)
2596. {
2597. error($lang->cannot_set_displaygroup);
2598. }
2599. $db->update_query("users", array('displaygroup' => intval($mybb->input['displaygroup'])), "uid='".$mybb->user['uid']."'");
2600. $cache->update_moderators();
2601. $plugins->run_hooks("usercp_usergroups_change_displaygroup");
2602. redirect("usercp.php?action=usergroups", $lang->display_group_changed);
2603. exit;
2604. }
2605.  
2606. // Leaving a group
2607. if($mybb->input['leavegroup'])
2608. {
2609. // Verify incoming POST request
2610. verify_post_check($mybb->input['my_post_key']);
2611.  
2612. if(my_strpos($ingroups, ",".$mybb->input['leavegroup'].",") === false)
2613. {
2614. error($lang->not_member_of_group);
2615. }
2616. if($mybb->user['usergroup'] == $mybb->input['leavegroup'])
2617. {
2618. error($lang->cannot_leave_primary_group);
2619. }
2620. $query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['leavegroup'])."'");
2621. $usergroup = $db->fetch_array($query);
2622. if($usergroup['type'] != 4 && $usergroup['type'] != 3)
2623. {
2624. error($lang->cannot_leave_group);
2625. }
2626. leave_usergroup($mybb->user['uid'], $mybb->input['leavegroup']);
2627. $plugins->run_hooks("usercp_usergroups_leave_group");
2628. redirect("usercp.php?action=usergroups", $lang->left_group);
2629. exit;
2630. }
2631.  
2632. // Joining a group
2633. if($mybb->input['joingroup'])
2634. {
2635. // Verify incoming POST request
2636. verify_post_check($mybb->input['my_post_key']);
2637.  
2638. $mybb->input['joingroup'] = intval($mybb->input['joingroup']);
2639. $query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['joingroup'])."'");
2640. $usergroup = $db->fetch_array($query);
2641.  
2642. if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
2643. {
2644. error($lang->cannot_join_group);
2645. }
2646.  
2647. if(my_strpos($ingroups, ",".intval($mybb->input['joingroup']).",") !== false)
2648. {
2649. error($lang->already_member_of_group);
2650. }
2651.  
2652. $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".intval($mybb->input['joingroup'])."'");
2653. $joinrequest = $db->fetch_array($query);
2654. if($joinrequest['rid'])
2655. {
2656. error($lang->already_sent_join_request);
2657. }
2658. if($mybb->input['do'] == "joingroup" && $usergroup['type'] == 4)
2659. {
2660. $reason = $db->escape_string($mybb->input['reason']);
2661. $now = TIME_NOW;
2662. $joinrequest = array(
2663. "uid" => $mybb->user['uid'],
2664. "gid" => intval($mybb->input['joingroup']),
2665. "reason" => $reason,
2666. "dateline" => TIME_NOW
2667. );
2668.  
2669. $db->insert_query("joinrequests", $joinrequest);
2670. $plugins->run_hooks("usercp_usergroups_join_group_request");
2671. redirect("usercp.php?action=usergroups", $lang->group_join_requestsent);
2672. exit;
2673. }
2674. elseif($usergroup['type'] == 4)
2675. {
2676. $joingroup = $mybb->input['joingroup'];
2677. eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
2678. output_page($joinpage);
2679. exit();
2680. }
2681. else
2682. {
2683. join_usergroup($mybb->user['uid'], $mybb->input['joingroup']);
2684. $plugins->run_hooks("usercp_usergroups_join_group");
2685. redirect("usercp.php?action=usergroups", $lang->joined_group);
2686. }
2687. }
2688. // Show listing of various group related things
2689.  
2690. // List of usergroup leaders
2691. $query = $db->query("
2692. SELECT g.*, u.username, u.displaygroup, u.usergroup
2693. FROM ".TABLE_PREFIX."groupleaders g
2694. LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
2695. ORDER BY u.username ASC
2696. ");
2697. while($leader = $db->fetch_array($query))
2698. {
2699. $groupleaders[$leader['gid']][$leader['uid']] = $leader;
2700. }
2701.  
2702. // List of groups this user is a leader of
2703. $groupsledlist = '';
2704.  
2705.  
2706. switch($db->type)
2707. {
2708. case "pgsql":
2709. case "sqlite":
2710. $query = $db->query("
2711. SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers
2712. FROM ".TABLE_PREFIX."groupleaders l
2713. LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
2714. LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
2715. LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
2716. WHERE l.uid='".$mybb->user['uid']."'
2717. GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers
2718. ");
2719. break;
2720. default:
2721. $query = $db->query("
2722. SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers
2723. FROM ".TABLE_PREFIX."groupleaders l
2724. LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
2725. LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
2726. LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
2727. WHERE l.uid='".$mybb->user['uid']."'
2728. GROUP BY l.gid
2729. ");
2730. }
2731.  
2732. while($usergroup = $db->fetch_array($query))
2733. {
2734. $memberlistlink = $moderaterequestslink = '';
2735. $memberlistlink = " [<a href=\"managegroup.php?gid=".$usergroup['gid']."\">".$lang->view_members."</a>]";
2736. $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
2737. if($usergroup['type'] != 4)
2738. {
2739. $usergroup['joinrequests'] = '--';
2740. }
2741. if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1)
2742. {
2743. $moderaterequestslink = " [<a href=\"managegroup.php?action=joinrequests&amp;gid={$usergroup['gid']}\">{$lang->view_requests}</a>]";
2744. }
2745. $groupleader[$usergroup['gid']] = 1;
2746. $trow = alt_trow();
2747. eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";");
2748. }
2749. if($groupsledlist)
2750. {
2751. eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";");
2752. }
2753.  
2754. // Fetch the list of groups the member is in
2755. // Do the primary group first
2756. $query = $db->simple_select("usergroups", "*", "gid='".$mybb->user['usergroup']."'");
2757. $usergroup = $db->fetch_array($query);
2758. $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
2759. $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
2760. $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
2761. $leavelink = "<div style=\"text-align:center;\"><span class=\"smalltext\">{$lang->usergroup_leave_primary}</span></div>";
2762. $trow = alt_trow();
2763. if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
2764. {
2765. $displaycode = " ({$lang->display_group})";
2766. }
2767. elseif($usergroup['candisplaygroup'] == 1)
2768. {
2769. $displaycode = " (<a href=\"usercp.php?action=usergroups&amp;displaygroup={$usergroup['gid']}&amp;my_post_key={$mybb->post_code}\">{$lang->set_as_display_group}</a>)";
2770. }
2771. else
2772. {
2773. $displaycode = '';
2774. }
2775.  
2776. eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
2777. $showmemberof = false;
2778. if($mybb->user['additionalgroups'])
2779. {
2780. $query = $db->simple_select("usergroups", "*", "gid IN (".$mybb->user['additionalgroups'].") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title'));
2781. while($usergroup = $db->fetch_array($query))
2782. {
2783. $showmemberof = true;
2784.  
2785. if($groupleader[$usergroup['gid']])
2786. {
2787. $leavelink = "<div style=\"text-align: center;\"><span class=\"smalltext\">$lang->usergroup_leave_leader</span></div>";
2788. }
2789. elseif($usergroup['type'] != 4 && $usergroup['type'] != 3)
2790. {
2791. $leavelink = "<div style=\"text-align: center;\"><span class=\"smalltext\">{$lang->usergroup_cannot_leave}</span></div>";
2792. }
2793. else
2794. {
2795. $leavelink = "<div style=\"text-align: center;\"><a href=\"usercp.php?action=usergroups&amp;leavegroup=".$usergroup['gid']."&amp;my_post_key={$mybb->post_code}\">".$lang->usergroup_leave."</a></div>";
2796. }
2797. $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
2798. $usergroup['usertitle'] = htmlspecialchars_uni($usergroup['usertitle']);
2799. if($usergroup['description'])
2800. {
2801. $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
2802. $description = "<br /><span class=\"smalltext\">".$usergroup['description']."</span>";
2803. }
2804. else
2805. {
2806. $description = '';
2807. }
2808.  
2809.  
2810.  
2811.  
2812. $trow = alt_trow();
2813. if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
2814. {
2815. $displaycode = " ({$lang->display_group})";
2816. }
2817. elseif($usergroup['candisplaygroup'] == 1)
2818. {
2819. $displaycode = "(<a href=\"usercp.php?action=usergroups&amp;displaygroup={$usergroup['gid']}&amp;my_post_key={$mybb->post_code}\">{$lang->set_as_display_group}</a>)";
2820. }
2821. else
2822. {
2823. $displaycode = '';
2824. }
2825. eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
2826. }
2827. }
2828. eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";");
2829.  
2830. // List of groups this user has applied for but has not been accepted in to
2831. $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'");
2832. while($request = $db->fetch_array($query))
2833. {
2834. $appliedjoin[$request['gid']] = $request['dateline'];
2835. }
2836.  
2837. // Fetch list of groups the member can join
2838. $existinggroups = $mybb->user['usergroup'];
2839. if($mybb->user['additionalgroups'])
2840. {
2841. $existinggroups .= ",".$mybb->user['additionalgroups'];
2842. }
2843.  
2844. $joinablegroups = '';
2845. $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4') AND gid NOT IN ($existinggroups)", array('order_by' => 'title'));
2846. while($usergroup = $db->fetch_array($query))
2847. {
2848. $trow = alt_trow();
2849. $usergroup['title'] = htmlspecialchars_uni($usergroup['title']);
2850. if($usergroup['description'])
2851. {
2852. $usergroup['description'] = htmlspecialchars_uni($usergroup['description']);
2853. $description = "<br /><span class=\"smallfont\">".$usergroup['description']."</span>";
2854. }
2855. else
2856. {
2857. $description = '';
2858. }
2859.  
2860. // Moderating join requests?
2861. if($usergroup['type'] == 4)
2862. {
2863. $conditions = $lang->usergroup_joins_moderated;
2864. }
2865. else
2866. {
2867. $conditions = $lang->usergroup_joins_anyone;
2868. }
2869.  
2870. if($appliedjoin[$usergroup['gid']])
2871. {
2872. $applydate = my_date($mybb->settings['dateformat'], $appliedjoin[$usergroup['gid']]);
2873. $applytime = my_date($mybb->settings['timeformat'], $appliedjoin[$usergroup['gid']]);
2874. $joinlink = $lang->sprintf($lang->join_group_applied, $applydate, $applytime);
2875. }
2876. else
2877. {
2878. $joinlink = "<a href=\"usercp.php?action=usergroups&amp;joingroup={$usergroup['gid']}&amp;my_post_key={$mybb->post_code}\">{$lang->join_group}</a>";
2879. }
2880.  
2881. $usergroupleaders = '';
2882. if($groupleaders[$usergroup['gid']])
2883. {
2884. $comma = '';
2885. $usergroupleaders = '';
2886. foreach($groupleaders[$usergroup['gid']] as $leader)
2887. {
2888. $leader['username'] = format_name($leader['username'], $leader['usergroup'], $leader['displaygroup']);
2889. $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']);
2890. $comma = $lang->comma;
2891. }
2892. $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders;
2893. }
2894.  
2895. if(my_strpos($usergroupleaders, $mybb->user['username']) === false)
2896. {
2897. // User is already a leader of the group, so don't show as a "Join Group"
2898. eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";");
2899. }
2900. }
2901. if($joinablegrouplist)
2902. {
2903. eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";");
2904. }
2905.  
2906. $plugins->run_hooks("usercp_usergroups_end");
2907.  
2908. eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";");
2909. output_page($groupmemberships);
2910. }
2911. if($mybb->input['action'] == "attachments")
2912. {
2913. $plugins->run_hooks("usercp_attachments_start");
2914. require_once MYBB_ROOT."inc/functions_upload.php";
2915.  
2916. $attachments = '';
2917.  
2918. // Pagination
2919. if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
2920. {
2921. $mybb->settings['threadsperpage'] = 20;
2922. }
2923.  
2924. $perpage = $mybb->settings['threadsperpage'];
2925. $page = intval($mybb->input['page']);
2926.  
2927. if(intval($mybb->input['page']) > 0)
2928. {
2929. $start = ($page-1) *$perpage;
2930. }
2931. else
2932. {
2933. $start = 0;
2934. $page = 1;
2935. }
2936.  
2937. $end = $start + $perpage;
2938. $lower = $start+1;
2939.  
2940. $query = $db->query("
2941. SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject
2942. FROM ".TABLE_PREFIX."attachments a
2943. LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2944. LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2945. WHERE a.uid='".$mybb->user['uid']."'
2946. ORDER BY p.dateline DESC LIMIT {$start}, {$perpage}
2947. ");
2948.  
2949. $bandwidth = $totaldownloads = 0;
2950. while($attachment = $db->fetch_array($query))
2951. {
2952. if($attachment['dateline'] && $attachment['tid'])
2953. {
2954. $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject']));
2955. $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
2956. $attachment['threadlink'] = get_thread_link($attachment['tid']);
2957. $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2958.  
2959. $size = get_friendly_size($attachment['filesize']);
2960. $icon = get_attachment_icon(get_extension($attachment['filename']));
2961. $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2962.  
2963. $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
2964. $attachdate = my_date($mybb->settings['dateformat'], $attachment['dateline']);
2965. $attachtime = my_date($mybb->settings['timeformat'], $attachment['dateline']);
2966. $altbg = alt_trow();
2967.  
2968. eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");
2969.  
2970. // Add to bandwidth total
2971. $bandwidth += ($attachment['filesize'] * $attachment['downloads']);
2972. $totaldownloads += $attachment['downloads'];
2973. }
2974. else
2975. {
2976. // This little thing delets attachments without a thread/post
2977. remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']);
2978. }
2979. }
2980.  
2981. $query = $db->simple_select("attachments", "SUM(filesize) AS ausage, COUNT(aid) AS acount", "uid='".$mybb->user['uid']."'");
2982. $usage = $db->fetch_array($query);
2983. $totalusage = $usage['ausage'];
2984. $totalattachments = $usage['acount'];
2985. $friendlyusage = get_friendly_size($totalusage);
2986. if($mybb->usergroup['attachquota'])
2987. {
2988. $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100)."%";
2989. $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
2990. $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $percent, $totalattachments);
2991. }
2992. else
2993. {
2994. $percent = $lang->unlimited;
2995. $attachquota = $lang->unlimited;
2996. $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments);
2997. }
2998.  
2999. $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments");
3000. $bandwidth = get_friendly_size($bandwidth);
3001.  
3002. if(!$attachments)
3003. {
3004. eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";");
3005. $usagenote = '';
3006. }
3007.  
3008. $plugins->run_hooks("usercp_attachments_end");
3009.  
3010. eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";");
3011. output_page($manageattachments);
3012. }
3013.  
3014. if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post")
3015. {
3016. // Verify incoming POST request
3017. verify_post_check($mybb->input['my_post_key']);
3018.  
3019. $plugins->run_hooks("usercp_do_attachments_start");
3020. require_once MYBB_ROOT."inc/functions_upload.php";
3021. if(!is_array($mybb->input['attachments']))
3022. {
3023. error($lang->no_attachments_selected);
3024. }
3025. $aids = implode(',', array_map('intval', $mybb->input['attachments']));
3026. $query = $db->simple_select("attachments", "*", "aid IN ($aids) AND uid='".$mybb->user['uid']."'");
3027. while($attachment = $db->fetch_array($query))
3028. {
3029. remove_attachment($attachment['pid'], '', $attachment['aid']);
3030. }
3031. $plugins->run_hooks("usercp_do_attachments_end");
3032. redirect("usercp.php?action=attachments", $lang->attachments_deleted);
3033. }
3034.  
3035. if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post")
3036. {
3037. // Verify incoming POST request
3038. verify_post_check($mybb->input['my_post_key']);
3039.  
3040. // Cap at 60,000 chars; text will allow up to 65535?
3041. if(my_strlen($mybb->input['notepad']) > 60000)
3042. {
3043. $mybb->input['notepad'] = my_substr($mybb->input['notepad'], 0, 60000);
3044. }
3045.  
3046. $plugins->run_hooks("usercp_do_notepad_start");
3047. $db->update_query("users", array('notepad' => $db->escape_string($mybb->input['notepad'])), "uid='".$mybb->user['uid']."'");
3048. $plugins->run_hooks("usercp_do_notepad_end");
3049. redirect("usercp.php", $lang->redirect_notepadupdated);
3050. }
3051.  
3052. if(!$mybb->input['action'])
3053. {
3054. // Get posts per day
3055. $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600);
3056.  
3057. if($daysreg < 1)
3058. {
3059. $daysreg = 1;
3060. }
3061.  
3062. $perday = $mybb->user['postnum'] / $daysreg;
3063. $perday = round($perday, 2);
3064. if($perday > $mybb->user['postnum'])
3065. {
3066. $perday = $mybb->user['postnum'];
3067. }
3068.  
3069. $stats = $cache->read("stats");
3070. $posts = $stats['numposts'];
3071. if($posts == 0)
3072. {
3073. $percent = "0";
3074. }
3075. else
3076. {
3077. $percent = $mybb->user['postnum']*100/$posts;
3078. $percent = round($percent, 2);
3079. }
3080.  
3081. $lang->posts_day = $lang->sprintf($lang->posts_day, my_number_format($perday), $percent);
3082. $usergroup = htmlspecialchars_uni($groupscache[$mybb->user['usergroup']]['title']);
3083.  
3084. $colspan = 1;
3085. if($mybb->user['avatar'])
3086. {
3087. $avatar_dimensions = explode("|", $mybb->user['avatardimensions']);
3088. if($avatar_dimensions[0] && $avatar_dimensions[1])
3089. {
3090. $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\"";
3091. }
3092. $mybb->user['avatar'] = htmlspecialchars_uni($mybb->user['avatar']);
3093. eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";");
3094. $colspan = 2;
3095. }
3096. else
3097. {
3098. $avatar = '';
3099. }
3100. $regdate = my_date($mybb->settings['dateformat'].", ".$mybb->settings['timeformat'], $mybb->user['regdate']);
3101.  
3102. if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin")
3103. {
3104. $usergroup .= "<br />(<a href=\"member.php?action=resendactivation\">$lang->resend_activation</a>)";
3105. }
3106. // Make reputations row
3107. $reputations = '';
3108. if($mybb->usergroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
3109. {
3110. $reputation_link = get_reputation($mybb->user['reputation']);
3111. eval("\$reputation = \"".$templates->get("usercp_reputation")."\";");
3112. }
3113.  
3114. $latest_warnings = '';
3115. if($mybb->settings['enablewarningsystem'] != 0 && $mybb->settings['canviewownwarning'] != 0)
3116. {
3117. $warning_level = round($mybb->user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
3118. if($warning_level > 100)
3119. {
3120. $warning_level = 100;
3121. }
3122.  
3123. if($mybb->user['warningpoints'] > $mybb->settings['maxwarningpoints'])
3124. {
3125. $mybb->user['warningpoints'] = $mybb->settings['maxwarningpoints'];
3126. }
3127.  
3128. if($warning_level > 0)
3129. {
3130. expire_warnings();
3131.  
3132. $lang->current_warning_level = $lang->sprintf($lang->current_warning_level, $warning_level, $mybb->user['warningpoints'], $mybb->settings['maxwarningpoints']);
3133. // Fetch latest warnings
3134. $query = $db->query("
3135. SELECT w.*, t.title AS type_title, u.username, p.subject AS post_subject
3136. FROM ".TABLE_PREFIX."warnings w
3137. LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (t.tid=w.tid)
3138. LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=w.issuedby)
3139. LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=w.pid)
3140. WHERE w.uid='{$mybb->user['uid']}'
3141. ORDER BY w.expired ASC, w.dateline DESC
3142. LIMIT 5
3143. ");
3144. while($warning = $db->fetch_array($query))
3145. {
3146. $post_link = "";
3147. if($warning['post_subject'])
3148. {
3149. $warning['post_subject'] = $parser->parse_badwords($warning['post_subject']);
3150. $warning['post_subject'] = htmlspecialchars_uni($warning['post_subject']);
3151. $post_link = "<br /><small>{$lang->warning_for_post} <a href=\"".get_post_link($warning['pid'])."\">{$warning['post_subject']}</a></small>";
3152. }
3153. $issuedby = build_profile_link($warning['username'], $warning['issuedby']);
3154. $date_issued = my_date($mybb->settings['dateformat'], $warning['dateline']).", ".my_date($mybb->settings['timeformat'], $warning['dateline']);
3155. if($warning['type_title'])
3156. {
3157. $warning_type = $warning['type_title'];
3158. }
3159. else
3160. {
3161. $warning_type = $warning['title'];
3162. }
3163. $warning_type = htmlspecialchars_uni($warning_type);
3164. if($warning['points'] > 0)
3165. {
3166. $warning['points'] = "+{$warning['points']}";
3167. }
3168. $points = $lang->sprintf($lang->warning_points, $warning['points']);
3169.  
3170. // Figure out expiration time
3171. if($warning['daterevoked'])
3172. {
3173. $expires = $lang->warning_revoked;
3174. }
3175. elseif($warning['expired'])
3176. {
3177. $expires = $lang->already_expired;
3178. }
3179. elseif($warning['expires'] == 0)
3180. {
3181. $expires = $lang->never;
3182. }
3183. else
3184. {
3185. $expires = my_date($mybb->settings['dateformat'], $warning['expires']).", ".my_date($mybb->settings['timeformat'], $warning['expires']);
3186. }
3187.  
3188. $alt_bg = alt_trow();
3189. eval("\$warnings .= \"".$templates->get("usercp_warnings_warning")."\";");
3190. }
3191. if($warnings)
3192. {
3193. eval("\$latest_warnings = \"".$templates->get("usercp_warnings")."\";");
3194. }
3195. }
3196. }
3197.  
3198. // Format username
3199. $username = format_name($mybb->user['username'], $mybb->user['usergroup'], $mybb->user['displaygroup']);
3200. $username = build_profile_link($username, $mybb->user['uid']);
3201.  
3202. // Format post numbers
3203. $mybb->user['posts'] = my_number_format($mybb->user['postnum']);
3204.  
3205. // Build referral link
3206. if($mybb->settings['usereferrals'] == 1)
3207. {
3208. $referral_link = $lang->sprintf($lang->referral_link, $settings['bburl'], $mybb->user['uid']);
3209. eval("\$referral_info = \"".$templates->get("usercp_referrals")."\";");
3210. }
3211.  
3212. // User Notepad
3213. $plugins->run_hooks("usercp_notepad_start");
3214. $mybb->user['notepad'] = htmlspecialchars_uni($mybb->user['notepad']);
3215. eval("\$user_notepad = \"".$templates->get("usercp_notepad")."\";");
3216. $plugins->run_hooks("usercp_notepad_end");
3217.  
3218. // Thread Subscriptions with New Posts
3219. $latest_subscribed = '';
3220. $query = $db->simple_select("threadsubscriptions", "sid", "uid = '".$mybb->user['uid']."'", array("limit" => 1));
3221. if($db->num_rows($query))
3222. {
3223. $visible = "AND t.visible != 0";
3224. if(is_moderator() == true)
3225. {
3226. $visible = '';
3227. }
3228.  
3229. $query = $db->query("
3230. SELECT s.*, t.*, t.username AS threadusername, u.username
3231. FROM ".TABLE_PREFIX."threadsubscriptions s
3232. LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
3233. LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
3234. WHERE s.uid='".$mybb->user['uid']."' {$visible}
3235. ORDER BY t.lastpost DESC
3236. LIMIT 0, 10
3237. ");
3238.  
3239. $fpermissions = forum_permissions();
3240. while($subscription = $db->fetch_array($query))
3241. {
3242. $forumpermissions = $fpermissions[$subscription['fid']];
3243. if($forumpermissions['canview'] != 0 && $forumpermissions['canviewthreads'] != 0 && ($forumpermissions['canonlyviewownthreads'] == 0 || $subscription['uid'] == $mybb->user['uid']))
3244. {
3245. $subscriptions[$subscription['tid']] = $subscription;
3246. }
3247. }
3248.  
3249. if(is_array($subscriptions))
3250. {
3251. $tids = implode(",", array_keys($subscriptions));
3252.  
3253. // Checking read
3254. if($mybb->settings['threadreadcut'] > 0)
3255. {
3256. $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3257. while($readthread = $db->fetch_array($query))
3258. {
3259. if($readthread['dateline'] >= $subscriptions[$readthread['tid']]['lastpost'])
3260. {
3261. unset($subscriptions[$readthread['tid']]); // If it's already been read, then don't display the thread
3262. }
3263. else
3264. {
3265. $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
3266. }
3267. }
3268. }
3269.  
3270. if($subscriptions)
3271. {
3272. if($mybb->settings['dotfolders'] != 0)
3273. {
3274. $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3275. while($post = $db->fetch_array($query))
3276. {
3277. $subscriptions[$post['tid']]['doticon'] = 1;
3278. }
3279. }
3280.  
3281. $icon_cache = $cache->read("posticons");
3282.  
3283. foreach($subscriptions as $thread)
3284. {
3285. $folder = '';
3286. $folder_label = '';
3287. $gotounread = '';
3288.  
3289. if($thread['tid'])
3290. {
3291. $bgcolor = alt_trow();
3292. $thread['subject'] = $parser->parse_badwords($thread['subject']);
3293. $thread['subject'] = htmlspecialchars_uni($thread['subject']);
3294. $thread['threadlink'] = get_thread_link($thread['tid']);
3295. $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
3296.  
3297. // If this thread has a prefix...
3298. if($thread['prefix'] != 0)
3299. {
3300. $query = $db->simple_select('threadprefixes', 'prefix, displaystyle', "pid='{$thread['prefix']}'");
3301. $threadprefix = $db->fetch_array($query);
3302.  
3303. $thread['displayprefix'] = $threadprefix['displaystyle'].'&nbsp;';
3304. }
3305. else
3306. {
3307. $thread['displayprefix'] = '';
3308. }
3309.  
3310. // Icons
3311. if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
3312. {
3313. $icon = $icon_cache[$thread['icon']];
3314. $icon['path'] = htmlspecialchars_uni($icon['path']);
3315. $icon['name'] = htmlspecialchars_uni($icon['name']);
3316. $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";
3317. }
3318. else
3319. {
3320. $icon = "&nbsp;";
3321. }
3322.  
3323. if($thread['doticon'])
3324. {
3325. $folder = "dot_";
3326. $folder_label .= $lang->icon_dot;
3327. }
3328.  
3329. // Check to see which icon we display
3330. if($thread['lastread'] && $thread['lastread'] < $thread['lastpost'])
3331. {
3332. $folder .= "new";
3333. $folder_label .= $lang->icon_new;
3334. $new_class = "subject_new";
3335. $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
3336. eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
3337. }
3338. else
3339. {
3340. $folder_label .= $lang->icon_no_new;
3341. $new_class = "subject_old";
3342. }
3343.  
3344. $folder .= "folder";
3345.  
3346. if($thread['visible'] == 0)
3347. {
3348. $bgcolor = "trow_shaded";
3349. }
3350.  
3351. $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
3352. $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
3353. $lastposter = $thread['lastposter'];
3354. $lastposteruid = $thread['lastposteruid'];
3355.  
3356. if($lastposteruid == 0)
3357. {
3358. $lastposterlink = $lastposter;
3359. }
3360. else
3361. {
3362. $lastposterlink = build_profile_link($lastposter, $lastposteruid);
3363. }
3364.  
3365. $thread['replies'] = my_number_format($thread['replies']);
3366. $thread['views'] = my_number_format($thread['views']);
3367. $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
3368.  
3369. eval("\$latest_subscribed_threads .= \"".$templates->get("usercp_latest_subscribed_threads")."\";");
3370. }
3371. }
3372. eval("\$latest_subscribed = \"".$templates->get("usercp_latest_subscribed")."\";");
3373. }
3374. }
3375. }
3376.  
3377. // User's Latest Threads
3378.  
3379. // Get unviewable forums
3380. $f_perm_sql = '';
3381. $unviewable_forums = get_unviewable_forums();
3382. if($unviewable_forums)
3383. {
3384. $f_perm_sql = "AND t.fid NOT IN (".$unviewable_forums.")";
3385. }
3386.  
3387. $visible = " AND t.visible != 0";
3388. if(is_moderator() == true)
3389. {
3390. $visible = '';
3391. }
3392.  
3393. $query = $db->query("
3394. SELECT t.*, t.username AS threadusername, u.username
3395. FROM ".TABLE_PREFIX."threads t
3396. LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
3397. WHERE t.uid='".$mybb->user['uid']."' AND t.firstpost != 0 AND t.visible != '-2' {$visible} {$f_perm_sql}
3398. ORDER BY t.lastpost DESC
3399. LIMIT 0, 5
3400. ");
3401.  
3402. // Figure out whether we can view these threads...
3403. $threadcache = array();
3404. $fpermissions = forum_permissions();
3405. while($thread = $db->fetch_array($query))
3406. {
3407. // Moderated, and not moderator?
3408. if($thread['visible'] == 0 && is_moderator($thread['fid']) === false)
3409. {
3410. continue;
3411. }
3412.  
3413. $forumpermissions = $fpermissions[$thread['fid']];
3414. if($forumpermissions['canview'] != 0 || $forumpermissions['canviewthreads'] != 0)
3415. {
3416. $threadcache[$thread['tid']] = $thread;
3417. }
3418. }
3419.  
3420. if(!empty($threadcache))
3421. {
3422. $tids = implode(",", array_keys($threadcache));
3423.  
3424. // Read Forums
3425. $query = $db->query("
3426. SELECT f.fid, fr.dateline AS lastread
3427. FROM ".TABLE_PREFIX."forums f
3428. LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
3429. WHERE f.active != 0
3430. ORDER BY pid, disporder
3431. ");
3432. while($forum = $db->fetch_array($query))
3433. {
3434. $readforums[$forum['fid']] = $forum['lastread'];
3435. }
3436.  
3437. // Threads being read?
3438. if($mybb->settings['threadreadcut'] > 0)
3439. {
3440. $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3441. while($readthread = $db->fetch_array($query))
3442. {
3443. $threadcache[$readthread['tid']]['lastread'] = $readthread['dateline'];
3444. }
3445. }
3446.  
3447. // Icon Stuff
3448. if($mybb->settings['dotfolders'] != 0)
3449. {
3450. $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3451. while($post = $db->fetch_array($query))
3452. {
3453. $threadcache[$post['tid']]['doticon'] = 1;
3454. }
3455. }
3456.  
3457. $icon_cache = $cache->read("posticons");
3458.  
3459. // Run the threads...
3460. $latest_threads_threads = '';
3461. foreach($threadcache as $thread)
3462. {
3463. if($thread['tid'])
3464. {
3465. $bgcolor = alt_trow();
3466. $folder = '';
3467. $folder_label = '';
3468. $prefix = '';
3469. $gotounread = '';
3470. $isnew = 0;
3471. $donenew = 0;
3472. $lastread = 0;
3473.  
3474. // If this thread has a prefix...
3475. if($thread['prefix'] != 0)
3476. {
3477. $query = $db->simple_select('threadprefixes', 'prefix, displaystyle', "pid='{$thread['prefix']}'");
3478. $threadprefix = $db->fetch_array($query);
3479.  
3480. $thread['displayprefix'] = $threadprefix['displaystyle'].'&nbsp;';
3481. }
3482. else
3483. {
3484. $thread['displayprefix'] = '';
3485. }
3486.  
3487. $thread['subject'] = $parser->parse_badwords($thread['subject']);
3488. $thread['subject'] = htmlspecialchars_uni($thread['subject']);
3489. $thread['threadlink'] = get_thread_link($thread['tid']);
3490. $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
3491.  
3492. if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
3493. {
3494. $icon = $icon_cache[$thread['icon']];
3495. $icon['path'] = htmlspecialchars_uni($icon['path']);
3496. $icon['name'] = htmlspecialchars_uni($icon['name']);
3497. $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";
3498. }
3499. else
3500. {
3501. $icon = "&nbsp;";
3502. }
3503.  
3504. if($mybb->settings['threadreadcut'] > 0)
3505. {
3506. $forum_read = $readforums[$thread['fid']];
3507.  
3508. $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
3509. if($forum_read == 0 || $forum_read < $read_cutoff)
3510. {
3511. $forum_read = $read_cutoff;
3512. }
3513. }
3514.  
3515. if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
3516. {
3517. $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
3518. }
3519.  
3520. $cutoff = 0;
3521. if($thread['lastpost'] > $cutoff)
3522. {
3523. if($thread['lastread'])
3524. {
3525. $lastread = $thread['lastread'];
3526. }
3527. }
3528.  
3529. if(!$lastread)
3530. {
3531. $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
3532. if($readcookie > $forum_read)
3533. {
3534. $lastread = $readcookie;
3535. }
3536. else
3537. {
3538. $lastread = $forum_read;
3539. }
3540. }
3541.  
3542. // Folder Icons
3543. if($thread['doticon'])
3544. {
3545. $folder = "dot_";
3546. $folder_label .= $lang->icon_dot;
3547. }
3548.  
3549. if($thread['lastpost'] > $lastread && $lastread)
3550. {
3551. $folder .= "new";
3552. $folder_label .= $lang->icon_new;
3553. $new_class = "subject_new";
3554. $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
3555. eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
3556. $unreadpost = 1;
3557. }
3558. else
3559. {
3560. $folder_label .= $lang->icon_no_new;
3561. $new_class = "subject_old";
3562. }
3563.  
3564. if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
3565. {
3566. $folder .= "hot";
3567. $folder_label .= $lang->icon_hot;
3568. }
3569.  
3570. // Is our thread visible?
3571. if($thread['visible'] == 0)
3572. {
3573. $bgcolor = 'trow_shaded';
3574. }
3575.  
3576. if($thread['closed'] == 1)
3577. {
3578. $folder .= "lock";
3579. $folder_label .= $lang->icon_lock;
3580. }
3581.  
3582. $folder .= "folder";
3583.  
3584. $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
3585. $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
3586. $lastposter = $thread['lastposter'];
3587. $lastposteruid = $thread['lastposteruid'];
3588.  
3589. if($lastposteruid == 0)
3590. {
3591. $lastposterlink = $lastposter;
3592. }
3593. else
3594. {
3595. $lastposterlink = build_profile_link($lastposter, $lastposteruid);
3596. }
3597.  
3598. $thread['replies'] = my_number_format($thread['replies']);
3599. $thread['views'] = my_number_format($thread['views']);
3600. $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
3601.  
3602. eval("\$latest_threads_threads .= \"".$templates->get("usercp_latest_threads_threads")."\";");
3603. }
3604. }
3605.  
3606. eval("\$latest_threads = \"".$templates->get("usercp_latest_threads")."\";");
3607. }
3608.  
3609. $plugins->run_hooks("usercp_end");
3610.  
3611. eval("\$usercp = \"".$templates->get("usercp")."\";");
3612. output_page($usercp);
3613. }
3614. ?>