PageRenderTime 98ms CodeModel.GetById 13ms app.highlight 72ms RepoModel.GetById 1ms app.codeStats 1ms

/upload/privmsg.php

http://torrentpier2.googlecode.com/
PHP | 1732 lines | 1338 code | 242 blank | 152 comment | 281 complexity | 9f98dd7960c350c215c2293ba4627d24 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1<?php
   2
   3define('IN_FORUM',   true);
   4define('BB_SCRIPT', 'pm');
   5define('IN_PM',     true);
   6define('BB_ROOT', './');
   7require(BB_ROOT .'common.php');
   8require(INC_DIR .'bbcode.php');
   9require(INC_DIR .'functions_post.php');
  10
  11$privmsg_sent_id = $l_box_name = $to_username = $privmsg_subject = $privmsg_message = $error_msg = '';
  12
  13$page_cfg['use_tablesorter'] = true;
  14$page_cfg['load_tpl_vars'] = array(
  15	'pm_icons',
  16);
  17
  18//
  19// Is PM disabled?
  20//
  21if ($bb_cfg['privmsg_disable']) bb_die('PM_DISABLED');
  22
  23//
  24// Parameters
  25//
  26//$submit = ( isset($_POST['post']) ) ? TRUE : 0;
  27$submit = (bool) request_var('post', false); //test it!
  28$submit_search = ( isset($_POST['usersubmit']) ) ? TRUE : 0;
  29$submit_msgdays = ( isset($_POST['submit_msgdays']) ) ? TRUE : 0;
  30$cancel = ( isset($_POST['cancel']) ) ? TRUE : 0;
  31$preview = ( isset($_POST['preview']) ) ? TRUE : 0;
  32$confirmed = ( isset($_POST['confirm']) ) ? TRUE : 0;
  33$delete = ( isset($_POST['delete']) ) ? TRUE : 0;
  34$delete_all = ( isset($_POST['deleteall']) ) ? TRUE : 0;
  35$save = ( isset($_POST['save']) ) ? TRUE : 0;
  36$mode = isset($_REQUEST['mode']) ? (string) $_REQUEST['mode'] : '';
  37
  38$refresh = $preview || $submit_search;
  39
  40$mark_list = ( !empty($_POST['mark']) ) ? $_POST['mark'] : 0;
  41
  42if ($folder =& $_REQUEST['folder'])
  43{
  44	if ($folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox')
  45	{
  46		$folder = 'inbox';
  47	}
  48}
  49else
  50{
  51	$folder = 'inbox';
  52}
  53
  54// Start session management
  55$user->session_start(array('req_login' => true));
  56
  57if (IS_AM)
  58{
  59	$bb_cfg['max_inbox_privmsgs']   += 1000;
  60	$bb_cfg['max_sentbox_privmsgs'] += 1000;
  61	$bb_cfg['max_savebox_privmsgs'] += 1000;
  62}
  63else if (IS_GROUP_MEMBER)
  64{
  65	$bb_cfg['max_inbox_privmsgs']   += 200;
  66	$bb_cfg['max_sentbox_privmsgs'] += 200;
  67	$bb_cfg['max_savebox_privmsgs'] += 200;
  68}
  69
  70$template->assign_vars(array(
  71	'IN_PM'              => true,
  72	'QUICK_REPLY'        => ($bb_cfg['show_quick_reply'] && $folder == 'inbox' && $mode == 'read'),
  73));
  74
  75//
  76// Cancel
  77//
  78if ( $cancel )
  79{
  80	redirect(PM_URL . "?folder=$folder");
  81}
  82
  83//
  84// Var definitions
  85//
  86$start = isset($_REQUEST['start']) ? abs(intval($_REQUEST['start'])) : 0;
  87
  88if ( isset($_POST[POST_POST_URL]) || isset($_GET[POST_POST_URL]) )
  89{
  90	$privmsg_id = ( isset($_POST[POST_POST_URL]) ) ? intval($_POST[POST_POST_URL]) : intval($_GET[POST_POST_URL]);
  91}
  92else
  93{
  94	$privmsg_id = '';
  95}
  96
  97$error = FALSE;
  98
  99//
 100// Define the box image links
 101//
 102$inbox_url = ( $folder != 'inbox' || $mode != '' ) ? '<a href="' . PM_URL . "?folder=inbox".'">'. $lang['INBOX'] .'</a>' : $lang['INBOX'];
 103$outbox_url = ( $folder != 'outbox' || $mode != '' ) ? '<a href="' . PM_URL . "?folder=outbox".'">'. $lang['OUTBOX'] .'</a>' : $lang['OUTBOX'];
 104$sentbox_url = ( $folder != 'sentbox' || $mode != '' ) ? '<a href="' . PM_URL . "?folder=sentbox".'">'. $lang['SENTBOX'] .'</a>' : $lang['SENTBOX'];
 105$savebox_url = ( $folder != 'savebox' || $mode != '' ) ? '<a href="' . PM_URL . "?folder=savebox".'">'. $lang['SAVEBOX'] .'</a>' : $lang['SAVEBOX'];
 106
 107// ----------
 108// Start main
 109//
 110
 111$template->assign_var('POSTING_SUBJECT');
 112
 113if ( $mode == 'read' )
 114{
 115	if ( !empty($_GET[POST_POST_URL]) )
 116	{
 117		$privmsgs_id = intval($_GET[POST_POST_URL]);
 118	}
 119	else
 120	{
 121		message_die(GENERAL_ERROR, $lang['NO_PM_ID']);
 122	}
 123
 124	//
 125	// SQL to pull appropriate message, prevents nosey people
 126	// reading other peoples messages ... hopefully!
 127	//
 128	switch( $folder )
 129	{
 130		case 'inbox':
 131			$l_box_name = $lang['INBOX'];
 132			$pm_sql_user = "AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
 133				AND ( pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . "
 134					OR pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
 135					OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 136			break;
 137		case 'outbox':
 138			$l_box_name = $lang['OUTBOX'];
 139			$pm_sql_user = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'] . "
 140				AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
 141					OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
 142			break;
 143		case 'sentbox':
 144			$l_box_name = $lang['SENTBOX'];
 145			$pm_sql_user = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'] . "
 146				AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 147			break;
 148		case 'savebox':
 149			$l_box_name = $lang['SAVEBOX'];
 150			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
 151					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
 152				OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
 153					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
 154				)";
 155			break;
 156		default:
 157			message_die(GENERAL_ERROR, $lang['NO_SUCH_FOLDER']);
 158			break;
 159	}
 160
 161	//
 162	// Major query obtains the message ...
 163	//
 164	$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_email, u.user_regdate, u.user_rank,
 165			u2.username AS to_username, u2.user_id AS to_user_id, u2.user_rank as to_user_rank,
 166			pm.*, pmt.privmsgs_text
 167		FROM " . BB_PRIVMSGS . " pm, " . BB_PRIVMSGS_TEXT . " pmt, " . BB_USERS . " u, " . BB_USERS . " u2
 168		WHERE pm.privmsgs_id = $privmsgs_id
 169			AND pmt.privmsgs_text_id = pm.privmsgs_id
 170			$pm_sql_user
 171			AND u.user_id = pm.privmsgs_from_userid
 172			AND u2.user_id = pm.privmsgs_to_userid";
 173	if ( !($result = DB()->sql_query($sql)) )
 174	{
 175		message_die(GENERAL_ERROR, 'Could not query private message post information', '', __LINE__, __FILE__, $sql);
 176	}
 177
 178	//
 179	// Did the query return any data?
 180	//
 181	if ( !($privmsg = DB()->sql_fetchrow($result)) )
 182	{
 183		redirect(PM_URL . "?folder=$folder");
 184	}
 185
 186	$privmsg_id = $privmsg['privmsgs_id'];
 187
 188	//
 189	// Is this a new message in the inbox? If it is then save
 190	// a copy in the posters sent box
 191	//
 192	if (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL || $privmsg['privmsgs_type'] == PRIVMSGS_UNREAD_MAIL) && $folder == 'inbox')
 193	{
 194		// Update appropriate counter
 195		switch ($privmsg['privmsgs_type'])
 196		{
 197			case PRIVMSGS_NEW_MAIL:
 198				$sql = "user_new_privmsg = IF(user_new_privmsg, user_new_privmsg - 1, 0)";
 199				break;
 200			case PRIVMSGS_UNREAD_MAIL:
 201				$sql = "user_unread_privmsg = IF(user_unread_privmsg, user_unread_privmsg - 1, 0)";
 202				break;
 203		}
 204
 205		$sql = "UPDATE " . BB_USERS . "
 206			SET $sql
 207			WHERE user_id = " . $userdata['user_id'];
 208		if ( !DB()->sql_query($sql) )
 209		{
 210			message_die(GENERAL_ERROR, 'Could not update private message read status for user', '', __LINE__, __FILE__, $sql);
 211		}
 212		if (DB()->affected_rows())
 213		{
 214			cache_rm_userdata($userdata);
 215		}
 216
 217		$sql = "UPDATE " . BB_PRIVMSGS . "
 218			SET privmsgs_type = " . PRIVMSGS_READ_MAIL . "
 219			WHERE privmsgs_id = " . $privmsg['privmsgs_id'];
 220		if ( !DB()->sql_query($sql) )
 221		{
 222			message_die(GENERAL_ERROR, 'Could not update private message read status', '', __LINE__, __FILE__, $sql);
 223		}
 224
 225		// Check to see if the poster has a 'full' sent box
 226		$sql = "SELECT COUNT(privmsgs_id) AS sent_items, MIN(privmsgs_date) AS oldest_post_time
 227			FROM " . BB_PRIVMSGS . "
 228			WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
 229				AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
 230		if ( !($result = DB()->sql_query($sql)) )
 231		{
 232			message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
 233		}
 234
 235		if ( $sent_info = DB()->sql_fetchrow($result) )
 236		{
 237			if ($bb_cfg['max_sentbox_privmsgs'] && $sent_info['sent_items'] >= $bb_cfg['max_sentbox_privmsgs'])
 238			{
 239				$sql = "SELECT privmsgs_id FROM " . BB_PRIVMSGS . "
 240					WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . "
 241						AND privmsgs_date = " . $sent_info['oldest_post_time'] . "
 242						AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
 243				if ( !$result = DB()->sql_query($sql) )
 244				{
 245					message_die(GENERAL_ERROR, 'Could not find oldest privmsgs', '', __LINE__, __FILE__, $sql);
 246				}
 247				$old_privmsgs_id = DB()->sql_fetchrow($result);
 248				$old_privmsgs_id = (int) $old_privmsgs_id['privmsgs_id'];
 249
 250				$sql = "DELETE FROM " . BB_PRIVMSGS . "
 251					WHERE privmsgs_id = $old_privmsgs_id";
 252				if ( !DB()->sql_query($sql) )
 253				{
 254					message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (sent)', '', __LINE__, __FILE__, $sql);
 255				}
 256
 257				$sql = "DELETE FROM " . BB_PRIVMSGS_TEXT . "
 258					WHERE privmsgs_text_id = $old_privmsgs_id";
 259				if ( !DB()->sql_query($sql) )
 260				{
 261					message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (sent)', '', __LINE__, __FILE__, $sql);
 262				}
 263			}
 264		}
 265
 266		//
 267		// This makes a copy of the post and stores it as a SENT message from the sendee. Perhaps
 268		// not the most DB friendly way but a lot easier to manage, besides the admin will be able to
 269		// set limits on numbers of storable posts for users ... hopefully!
 270		//
 271		$sql = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
 272			VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . DB()->escape($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
 273		if ( !DB()->sql_query($sql) )
 274		{
 275			message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
 276		}
 277
 278		$privmsg_sent_id = DB()->sql_nextid();
 279
 280		$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
 281			VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg['privmsgs_text']) . "')";
 282		if ( !DB()->sql_query($sql) )
 283		{
 284			message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
 285		}
 286	}
 287
 288	//
 289	// Pick a folder, any folder, so long as it's one below ...
 290	//
 291	$post_urls = array(
 292		'post' => PM_URL . "?mode=post",
 293		'reply' => PM_URL . "?mode=reply&amp;" . POST_POST_URL . "=$privmsg_id",
 294		'quote' => PM_URL . "?mode=quote&amp;" . POST_POST_URL . "=$privmsg_id",
 295		'edit' => PM_URL . "?mode=edit&amp;" . POST_POST_URL . "=$privmsg_id"
 296	);
 297	$post_icons = array(
 298		'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['POST_NEW_PM'] . '" border="0" /></a>',
 299		'post' => '<a href="' . $post_urls['post'] . '">' . $lang['POST_NEW_PM'] . '</a>',
 300		'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['POST_REPLY_PM'] . '" border="0" /></a>',
 301		'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['POST_REPLY_PM'] . '</a>',
 302		'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['POST_QUOTE_PM'] . '" border="0" /></a>',
 303		'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['POST_QUOTE_PM'] . '</a>',
 304		'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['EDIT_PM'] . '" border="0" /></a>',
 305		'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['EDIT_PM'] . '</a>'
 306	);
 307
 308	if ( $folder == 'inbox' )
 309	{
 310		$post_img = $post_icons['post_img'];
 311		$reply_img = $post_icons['reply_img'];
 312		$quote_img = $post_icons['quote_img'];
 313		$edit_img = '';
 314		$post = $post_icons['post'];
 315		$reply = $post_icons['reply'];
 316		$quote = $post_icons['quote'];
 317		$edit = '';
 318		$l_box_name = $lang['INBOX'];
 319	}
 320	else if ( $folder == 'outbox' )
 321	{
 322		$post_img = $post_icons['post_img'];
 323		$reply_img = '';
 324		$quote_img = '';
 325		$edit_img = $post_icons['edit_img'];
 326		$post = $post_icons['post'];
 327		$reply = '';
 328		$quote = '';
 329		$edit = $post_icons['edit'];
 330		$l_box_name = $lang['OUTBOX'];
 331	}
 332	else if ( $folder == 'savebox' )
 333	{
 334		if ( $privmsg['privmsgs_type'] == PRIVMSGS_SAVED_IN_MAIL )
 335		{
 336			$post_img = $post_icons['post_img'];
 337			$reply_img = $post_icons['reply_img'];
 338			$quote_img = $post_icons['quote_img'];
 339			$edit_img = '';
 340			$post = $post_icons['post'];
 341			$reply = $post_icons['reply'];
 342			$quote = $post_icons['quote'];
 343			$edit = '';
 344		}
 345		else
 346		{
 347			$post_img = $post_icons['post_img'];
 348			$reply_img = '';
 349			$quote_img = '';
 350			$edit_img = '';
 351			$post = $post_icons['post'];
 352			$reply = '';
 353			$quote = '';
 354			$edit = '';
 355		}
 356		$l_box_name = $lang['SAVED'];
 357	}
 358	else if ( $folder == 'sentbox' )
 359	{
 360		$post_img = $post_icons['post_img'];
 361		$reply_img = '';
 362		$quote_img = '';
 363		$edit_img = '';
 364		$post = $post_icons['post'];
 365		$reply = '';
 366		$quote = '';
 367		$edit = '';
 368		$l_box_name = $lang['SENT'];
 369	}
 370
 371	// Report
 372	//
 373	// Get report privmsg module and create report links
 374	//
 375	if ($folder == 'inbox')
 376	{
 377		include(INC_DIR ."functions_report.php");
 378		$report_privmsg = report_modules('name', 'report_privmsg');
 379
 380		if ($report_privmsg && $report_privmsg->auth_check('auth_write'))
 381		{
 382			if ($privmsg['privmsgs_reported'])
 383			{
 384				$report_img = '<img src="' . $images['icon_reported'] . '" alt="' . $report_privmsg->lang['DUPLICATE_REPORT'] . '" title="' . $report_privmsg->lang['DUPLICATE_REPORT'] . '" border="0" />';
 385				$report = $report_privmsg->lang['DUPLICATE_REPORT'];
 386			}
 387			else
 388			{
 389				$temp_url = "report.php?mode=" . $report_privmsg->mode . "&amp;id=$privmsg_id";
 390				$report_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_report'] . '" alt="' . $report_privmsg->lang['WRITE_REPORT'] . '" title="' . $report_privmsg->lang['WRITE_REPORT'] . '" border="0" /></a>';
 391				$report = '<a href="' . $temp_url . '">' . $report_privmsg->lang['WRITE_REPORT'] . '</a>';
 392			}
 393
 394			$template->assign_vars(array(
 395				'REPORT_PM_IMG' => $report_img,
 396				'REPORT_PM' => $report)
 397			);
 398		}
 399	}
 400	// Report [END]
 401
 402	$s_hidden_fields = '<input type="hidden" name="mark[]" value="' . $privmsgs_id . '" />';
 403
 404	$page_title = $lang['READ_PM'];
 405
 406	//
 407	// Load templates
 408	//
 409	$template->set_filenames(array(
 410		'body' => 'privmsgs_read.tpl')
 411	);
 412
 413	$template->assign_vars(array(
 414		'INBOX' => $inbox_url,
 415
 416		'POST_PM_IMG' => $post_img,
 417		'REPLY_PM_IMG' => $reply_img,
 418		'EDIT_PM_IMG' => $edit_img,
 419		'QUOTE_PM_IMG' => $quote_img,
 420		'POST_PM' => $post,
 421		'REPLY_PM' => $reply,
 422		'EDIT_PM' => $edit,
 423		'QUOTE_PM' => $quote,
 424
 425		'SENTBOX' => $sentbox_url,
 426		'OUTBOX' => $outbox_url,
 427		'SAVEBOX' => $savebox_url,
 428		'BOX_NAME' => $l_box_name,
 429
 430		'S_PRIVMSGS_ACTION' => PM_URL . "?folder=$folder",
 431		'S_HIDDEN_FIELDS' => $s_hidden_fields)
 432	);
 433
 434	$username_from = $privmsg['username'];
 435	$user_id_from = $privmsg['user_id'];
 436	$username_to = $privmsg['to_username'];
 437	$user_id_to = $privmsg['to_user_id'];
 438
 439	$post_date = bb_date($privmsg['privmsgs_date']);
 440
 441	$temp_url = "profile.php?mode=viewprofile&amp;" . POST_USERS_URL . '=' . $user_id_from;
 442	$profile_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_profile'] . '" alt="' . $lang['READ_PROFILE'] . '" title="' . $lang['READ_PROFILE'] . '" border="0" /></a>';
 443	$profile = '<a href="' . $temp_url . '">' . $lang['READ_PROFILE'] . '</a>';
 444
 445	$temp_url = PM_URL . "?mode=post&amp;" . POST_USERS_URL . "=$user_id_from";
 446	$pm_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['SEND_PRIVATE_MESSAGE'] . '" title="' . $lang['SEND_PRIVATE_MESSAGE'] . '" border="0" /></a>';
 447	$pm = '<a href="' . $temp_url . '">' . $lang['SEND_PRIVATE_MESSAGE'] . '</a>';
 448
 449	$temp_url = "search.php?search_author=1&amp;uid=$user_id_from";
 450	$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['SEARCH_USER_POSTS'], $username_from) . '" title="' . sprintf($lang['SEARCH_USER_POSTS'], $username_from) . '" border="0" /></a>';
 451	$search = '<a href="' . $temp_url . '">' . sprintf($lang['SEARCH_USER_POSTS'], $username_from) . '</a>';
 452
 453	//
 454	// Processing of post
 455	//
 456	$post_subject = htmlCHR($privmsg['privmsgs_subject']);
 457
 458	$private_message = $privmsg['privmsgs_text'];
 459
 460	$orig_word = array();
 461	$replacement_word = array();
 462	obtain_word_list($orig_word, $replacement_word);
 463
 464	if ( count($orig_word) )
 465	{
 466		$post_subject = preg_replace($orig_word, $replacement_word, $post_subject);
 467		$private_message = preg_replace($orig_word, $replacement_word, $private_message);
 468	}
 469
 470	$private_message = bbcode2html($private_message);
 471
 472	//
 473	// Dump it to the templating engine
 474	//
 475	$template->assign_vars(array(
 476		'TO_USER'        => profile_url(array('username' => $username_to, 'user_id' => $user_id_to, 'user_rank' => $privmsg['to_user_rank'])),
 477		'FROM_USER'      => profile_url($privmsg),
 478
 479		'QR_SUBJECT'     => (!preg_match('/^Re:/', $post_subject) ? 'Re: ' : '') . $post_subject,
 480		'MESSAGE_TO'     => $username_to,
 481		'MESSAGE_FROM'   => $username_from,
 482		'RANK_IMAGE'     => (@$rank_image) ? $rank_image : '',
 483		'POSTER_JOINED'  => (@$poster_joined) ? $poster_joined : '',
 484		'POSTER_POSTS'   => (@$poster_posts) ? $poster_posts : '',
 485		'POSTER_FROM'    => (@$poster_from) ? $poster_from : '',
 486		'POST_SUBJECT'   => $post_subject,
 487		'POST_DATE'      => $post_date,
 488		'PM_MESSAGE'     => $private_message,
 489
 490		'PROFILE_IMG'    => $profile_img,
 491		'PROFILE'        => $profile,
 492		'SEARCH_IMG'     => $search_img,
 493		'SEARCH'         => $search,
 494	));
 495}
 496else if ( ( $delete && $mark_list ) || $delete_all )
 497{
 498	if ( isset($mark_list) && !is_array($mark_list) )
 499	{
 500		// Set to empty array instead of '0' if nothing is selected.
 501		$mark_list = array();
 502	}
 503
 504	if (!$confirmed)
 505	{
 506		$delete = isset($_POST['delete']) ? 'delete' : 'deleteall';
 507
 508		$hidden_fields = array(
 509			'mode'  => $mode,
 510			$delete => 1,
 511		);
 512		foreach ($mark_list as $pm_id)
 513		{
 514			$hidden_fields['mark'][] = (int) $pm_id;
 515		}
 516
 517		print_confirmation(array(
 518			'QUESTION'      => (count($mark_list) == 1) ? $lang['CONFIRM_DELETE_PM'] : $lang['CONFIRM_DELETE_PMS'],
 519			'FORM_ACTION'   => PM_URL . "?folder=$folder",
 520			'HIDDEN_FIELDS' => build_hidden_fields($hidden_fields),
 521		));
 522	}
 523	else if ( $confirmed )
 524	{
 525		$delete_sql_id = '';
 526
 527		if (!$delete_all)
 528		{
 529			for ($i = 0; $i < count($mark_list); $i++)
 530			{
 531				$delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
 532			}
 533			$delete_sql_id = "AND privmsgs_id IN ($delete_sql_id)";
 534		}
 535
 536		switch($folder)
 537		{
 538			case 'inbox':
 539				$delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
 540				privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 541				break;
 542
 543			case 'outbox':
 544				$delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 545				break;
 546
 547			case 'sentbox':
 548				$delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 549				break;
 550
 551			case 'savebox':
 552				$delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . "
 553					AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
 554				OR ( privmsgs_to_userid = " . $userdata['user_id'] . "
 555					AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
 556				break;
 557		}
 558
 559		$sql = "SELECT privmsgs_id
 560			FROM " . BB_PRIVMSGS . "
 561		WHERE $delete_type $delete_sql_id";
 562		if ( !($result = DB()->sql_query($sql)) )
 563		{
 564			message_die(GENERAL_ERROR, 'Could not obtain id list to delete messages', '', __LINE__, __FILE__, $sql);
 565		}
 566
 567		$mark_list = array();
 568		while ( $row = DB()->sql_fetchrow($result) )
 569		{
 570			$mark_list[] = $row['privmsgs_id'];
 571		}
 572
 573		unset($delete_type);
 574
 575		if ( count($mark_list) )
 576		{
 577			$delete_sql_id = '';
 578			for ($i = 0; $i < sizeof($mark_list); $i++)
 579			{
 580				$delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
 581			}
 582
 583			if ($folder == 'inbox' || $folder == 'outbox')
 584			{
 585				switch ($folder)
 586				{
 587					case 'inbox':
 588						$sql = "privmsgs_to_userid = " . $userdata['user_id'];
 589						break;
 590					case 'outbox':
 591						$sql = "privmsgs_from_userid = " . $userdata['user_id'];
 592						break;
 593				}
 594
 595				// Get information relevant to new or unread mail
 596				// so we can adjust users counters appropriately
 597				$sql = "SELECT privmsgs_to_userid, privmsgs_type
 598					FROM " . BB_PRIVMSGS . "
 599					WHERE privmsgs_id IN ($delete_sql_id)
 600						AND $sql
 601						AND privmsgs_type IN (" . PRIVMSGS_NEW_MAIL . ", " . PRIVMSGS_UNREAD_MAIL . ")";
 602				if ( !($result = DB()->sql_query($sql)) )
 603				{
 604					message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
 605				}
 606
 607				if ( $row = DB()->sql_fetchrow($result))
 608				{
 609					$update_users = $update_list = array();
 610
 611					do
 612					{
 613						switch ($row['privmsgs_type'])
 614						{
 615							case PRIVMSGS_NEW_MAIL:
 616								@$update_users['new'][$row['privmsgs_to_userid']]++;
 617								break;
 618
 619							case PRIVMSGS_UNREAD_MAIL:
 620								@$update_users['unread'][$row['privmsgs_to_userid']]++;
 621								break;
 622						}
 623					}
 624					while ($row = DB()->sql_fetchrow($result));
 625
 626					if (sizeof($update_users))
 627					{
 628						while (list($type, $users) = each($update_users))
 629						{
 630							while (list($user_id, $dec) = each($users))
 631							{
 632								$update_list[$type][$dec][] = $user_id;
 633							}
 634						}
 635						unset($update_users);
 636
 637						while (list($type, $dec_ary) = each($update_list))
 638						{
 639							switch ($type)
 640							{
 641								case 'new':
 642									$type = "user_new_privmsg";
 643									break;
 644
 645								case 'unread':
 646									$type = "user_unread_privmsg";
 647									break;
 648							}
 649
 650							while (list($dec, $user_ary) = each($dec_ary))
 651							{
 652								$user_ids = join(', ', $user_ary);
 653
 654								$sql = "UPDATE " . BB_USERS . "
 655									SET $type = $type - $dec
 656									WHERE user_id IN ($user_ids)";
 657								if ( !DB()->sql_query($sql) )
 658								{
 659									message_die(GENERAL_ERROR, 'Could not update user pm counters', '', __LINE__, __FILE__, $sql);
 660								}
 661							}
 662						}
 663						unset($update_list);
 664					}
 665				}
 666				DB()->sql_freeresult($result);
 667			}
 668
 669			// Delete the messages
 670			$delete_text_sql = "DELETE FROM " . BB_PRIVMSGS_TEXT . "
 671				WHERE privmsgs_text_id IN ($delete_sql_id)";
 672			$delete_sql = "DELETE FROM " . BB_PRIVMSGS . "
 673				WHERE privmsgs_id IN ($delete_sql_id)
 674					AND ";
 675
 676			switch( $folder )
 677			{
 678				case 'inbox':
 679					$delete_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
 680						privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 681					break;
 682
 683				case 'outbox':
 684					$delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND (
 685						privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 686					break;
 687
 688				case 'sentbox':
 689					$delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 690					break;
 691
 692				case 'savebox':
 693					$delete_sql .= "( ( privmsgs_from_userid = " . $userdata['user_id'] . "
 694						AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
 695					OR ( privmsgs_to_userid = " . $userdata['user_id'] . "
 696						AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
 697					break;
 698			}
 699
 700			if ( !DB()->sql_query($delete_sql) )
 701			{
 702				message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
 703			}
 704
 705			if ( !DB()->sql_query($delete_text_sql) )
 706			{
 707				message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
 708			}
 709
 710			pm_message_die($lang['DELETE_POSTS_SUCCESFULLY']);
 711		}
 712		else
 713		{
 714			pm_message_die($lang['NONE_SELECTED']);
 715		}
 716	}
 717}
 718else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
 719{
 720	if (sizeof($mark_list))
 721	{
 722		// See if recipient is at their savebox limit
 723		$sql = "SELECT COUNT(privmsgs_id) AS savebox_items, MIN(privmsgs_date) AS oldest_post_time
 724			FROM " . BB_PRIVMSGS . "
 725			WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . "
 726					AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
 727				OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
 728					AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )";
 729		if ( !($result = DB()->sql_query($sql)) )
 730		{
 731			message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
 732		}
 733
 734		if ( $saved_info = DB()->sql_fetchrow($result) )
 735		{
 736			if ($bb_cfg['max_savebox_privmsgs'] && $saved_info['savebox_items'] >= $bb_cfg['max_savebox_privmsgs'] )
 737			{
 738				$sql = "SELECT privmsgs_id FROM " . BB_PRIVMSGS . "
 739					WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . "
 740								AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
 741							OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
 742								AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )
 743						AND privmsgs_date = " . $saved_info['oldest_post_time'];
 744				if ( !$result = DB()->sql_query($sql) )
 745				{
 746					message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (save)', '', __LINE__, __FILE__, $sql);
 747				}
 748				$old_privmsgs_id = DB()->sql_fetchrow($result);
 749				$old_privmsgs_id = (int) $old_privmsgs_id['privmsgs_id'];
 750
 751				$sql = "DELETE FROM " . BB_PRIVMSGS . "
 752					WHERE privmsgs_id = $old_privmsgs_id";
 753				if ( !DB()->sql_query($sql) )
 754				{
 755					message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (save)', '', __LINE__, __FILE__, $sql);
 756				}
 757
 758				$sql = "DELETE FROM " . BB_PRIVMSGS_TEXT . "
 759					WHERE privmsgs_text_id = $old_privmsgs_id";
 760				if ( !DB()->sql_query($sql) )
 761				{
 762					message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (save)', '', __LINE__, __FILE__, $sql);
 763				}
 764			}
 765		}
 766
 767		$saved_sql_id = '';
 768		for ($i = 0; $i < sizeof($mark_list); $i++)
 769		{
 770			$saved_sql_id .= (($saved_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
 771		}
 772
 773		// Process request
 774		$saved_sql = "UPDATE " . BB_PRIVMSGS;
 775
 776		// Decrement read/new counters if appropriate
 777		if ($folder == 'inbox' || $folder == 'outbox')
 778		{
 779			switch ($folder)
 780			{
 781				case 'inbox':
 782					$sql = "privmsgs_to_userid = " . $userdata['user_id'];
 783					break;
 784				case 'outbox':
 785					$sql = "privmsgs_from_userid = " . $userdata['user_id'];
 786					break;
 787			}
 788
 789			// Get information relevant to new or unread mail
 790			// so we can adjust users counters appropriately
 791			$sql = "SELECT privmsgs_to_userid, privmsgs_type
 792				FROM " . BB_PRIVMSGS . "
 793				WHERE privmsgs_id IN ($saved_sql_id)
 794					AND $sql
 795					AND privmsgs_type IN (" . PRIVMSGS_NEW_MAIL . ", " . PRIVMSGS_UNREAD_MAIL . ")";
 796			if ( !($result = DB()->sql_query($sql)) )
 797			{
 798				message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
 799			}
 800
 801			if ( $row = DB()->sql_fetchrow($result))
 802			{
 803				$update_users = $update_list = array();
 804
 805				do
 806				{
 807					switch ($row['privmsgs_type'])
 808					{
 809						case PRIVMSGS_NEW_MAIL:
 810							@$update_users['new'][$row['privmsgs_to_userid']]++;
 811							break;
 812
 813						case PRIVMSGS_UNREAD_MAIL:
 814							@$update_users['unread'][$row['privmsgs_to_userid']]++;
 815							break;
 816					}
 817				}
 818				while ($row = DB()->sql_fetchrow($result));
 819
 820				if (sizeof($update_users))
 821				{
 822					while (list($type, $users) = each($update_users))
 823					{
 824						while (list($user_id, $dec) = each($users))
 825						{
 826							$update_list[$type][$dec][] = $user_id;
 827						}
 828					}
 829					unset($update_users);
 830
 831					while (list($type, $dec_ary) = each($update_list))
 832					{
 833						switch ($type)
 834						{
 835							case 'new':
 836								$type = "user_new_privmsg";
 837								break;
 838
 839							case 'unread':
 840								$type = "user_unread_privmsg";
 841								break;
 842						}
 843
 844						while (list($dec, $user_ary) = each($dec_ary))
 845						{
 846							$user_ids = join(', ', $user_ary);
 847
 848							$sql = "UPDATE " . BB_USERS . "
 849								SET $type = $type - $dec
 850								WHERE user_id IN ($user_ids)";
 851							if ( !DB()->sql_query($sql) )
 852							{
 853								message_die(GENERAL_ERROR, 'Could not update user pm counters', '', __LINE__, __FILE__, $sql);
 854							}
 855						}
 856					}
 857					unset($update_list);
 858				}
 859			}
 860			DB()->sql_freeresult($result);
 861		}
 862
 863		switch ($folder)
 864		{
 865			case 'inbox':
 866				$saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . "
 867					WHERE privmsgs_to_userid = " . $userdata['user_id'] . "
 868						AND ( privmsgs_type = " . PRIVMSGS_READ_MAIL . "
 869							OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
 870							OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . ")";
 871				break;
 872
 873			case 'outbox':
 874				$saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . "
 875					WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
 876						AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
 877							OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
 878				break;
 879
 880			case 'sentbox':
 881				$saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . "
 882					WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
 883						AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 884				break;
 885		}
 886
 887		$saved_sql .= " AND privmsgs_id IN ($saved_sql_id)";
 888
 889		if ( !DB()->sql_query($saved_sql) )
 890		{
 891			message_die(GENERAL_ERROR, 'Could not save private messages', '', __LINE__, __FILE__, $saved_sql);
 892		}
 893
 894		redirect(PM_URL . "?folder=savebox");
 895	}
 896}
 897else if ( $submit || $refresh || $mode != '' )
 898{
 899	if (IS_USER && $submit && $mode != 'edit')
 900	{
 901		//
 902		// Flood control
 903		//
 904		$sql = "SELECT MAX(privmsgs_date) AS last_post_time
 905			FROM " . BB_PRIVMSGS . "
 906			WHERE privmsgs_from_userid = " . $userdata['user_id'];
 907		if ( $result = DB()->sql_query($sql) )
 908		{
 909			$db_row = DB()->sql_fetchrow($result);
 910
 911			$last_post_time = $db_row['last_post_time'];
 912			$current_time = TIMENOW;
 913
 914			if ( ( $current_time - $last_post_time ) < $bb_cfg['flood_interval'])
 915			{
 916				message_die(GENERAL_MESSAGE, $lang['FLOOD_ERROR']);
 917			}
 918		}
 919		//
 920		// End Flood control
 921		//
 922	}
 923
 924	if ($submit && $mode == 'edit')
 925	{
 926		$sql = 'SELECT privmsgs_from_userid
 927			FROM ' . BB_PRIVMSGS . '
 928			WHERE privmsgs_id = ' . (int) $privmsg_id . '
 929				AND privmsgs_from_userid = ' . $userdata['user_id'];
 930
 931		if (!($result = DB()->sql_query($sql)))
 932		{
 933			message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql);
 934		}
 935
 936		if (!($row = DB()->sql_fetchrow($result)))
 937		{
 938			message_die(GENERAL_MESSAGE, $lang['NO_SUCH_POST']);
 939		}
 940		DB()->sql_freeresult($result);
 941
 942		unset($row);
 943	}
 944
 945	if ( $submit )
 946	{
 947		if ( !empty($_POST['username']) )
 948		{
 949			$to_username = clean_username($_POST['username']);
 950			// DelUsrKeepPM
 951			$to_username_sql = DB()->escape($to_username);
 952
 953			$to_userdata = get_userdata ($to_username_sql);
 954
 955			if (!$to_userdata || $to_userdata['user_id'] == GUEST_UID)
 956			{
 957				$error = TRUE;
 958				$error_msg = $lang['NO_SUCH_USER'];
 959			}
 960			// DelUsrKeepPM end
 961		}
 962		else
 963		{
 964			$error = TRUE;
 965			$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['NO_TO_USER'];
 966		}
 967
 968		$privmsg_subject = htmlCHR($_POST['subject']);
 969		if ( empty($privmsg_subject) )
 970		{
 971			$error = TRUE;
 972			$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['EMPTY_SUBJECT'];
 973		}
 974
 975		if ( !empty($_POST['message']) )
 976		{
 977			if ( !$error )
 978			{
 979				$privmsg_message = prepare_message($_POST['message']);
 980			}
 981		}
 982		else
 983		{
 984			$error = TRUE;
 985			$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['EMPTY_MESSAGE'];
 986		}
 987	}
 988
 989	if ( $submit && !$error )
 990	{
 991		//
 992		// Has admin prevented user from sending PM's?
 993		//
 994		if ( bf($userdata['user_opt'], 'user_opt', 'allow_pm') )
 995		{
 996			bb_die($lang['CANNOT_SEND_PRIVMSG']);
 997		}
 998
 999		$msg_time = TIMENOW;
1000
1001		if ( $mode != 'edit' )
1002		{
1003			//
1004			// See if recipient is at their inbox limit
1005			//
1006			$sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time
1007				FROM " . BB_PRIVMSGS . "
1008				WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
1009						OR privmsgs_type = " . PRIVMSGS_READ_MAIL . "
1010						OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )
1011					AND privmsgs_to_userid = " . $to_userdata['user_id'];
1012			if ( !($result = DB()->sql_query($sql)) )
1013			{
1014				message_die(GENERAL_MESSAGE, $lang['NO_SUCH_USER']);
1015			}
1016
1017			if ( $inbox_info = DB()->sql_fetchrow($result) )
1018			{
1019				if ($bb_cfg['max_inbox_privmsgs'] && $inbox_info['inbox_items'] >= $bb_cfg['max_inbox_privmsgs'])
1020				{
1021					$sql = "SELECT privmsgs_id FROM " . BB_PRIVMSGS . "
1022						WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
1023								OR privmsgs_type = " . PRIVMSGS_READ_MAIL . "
1024								OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . "  )
1025							AND privmsgs_date = " . $inbox_info['oldest_post_time'] . "
1026							AND privmsgs_to_userid = " . $to_userdata['user_id'];
1027					if ( !$result = DB()->sql_query($sql) )
1028					{
1029						message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (inbox)', '', __LINE__, __FILE__, $sql);
1030					}
1031					$old_privmsgs_id = DB()->sql_fetchrow($result);
1032					$old_privmsgs_id = (int) $old_privmsgs_id['privmsgs_id'];
1033
1034					$sql = "DELETE FROM " . BB_PRIVMSGS . "
1035						WHERE privmsgs_id = $old_privmsgs_id";
1036					if ( !DB()->sql_query($sql) )
1037					{
1038						message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (inbox)'.$sql, '', __LINE__, __FILE__, $sql);
1039					}
1040
1041					$sql = "DELETE FROM " . BB_PRIVMSGS_TEXT . "
1042						WHERE privmsgs_text_id = $old_privmsgs_id";
1043					if ( !DB()->sql_query($sql) )
1044					{
1045						message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (inbox)', '', __LINE__, __FILE__, $sql);
1046					}
1047				}
1048			}
1049
1050			$sql_info = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
1051				VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . DB()->escape($privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
1052		}
1053		else
1054		{
1055			$sql_info = "UPDATE " . BB_PRIVMSGS . "
1056				SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . DB()->escape($privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
1057				WHERE privmsgs_id = $privmsg_id";
1058		}
1059
1060		if ( !($result = DB()->sql_query($sql_info)) )
1061		{
1062			message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql_info);
1063		}
1064
1065		if ( $mode != 'edit' )
1066		{
1067			$privmsg_sent_id = DB()->sql_nextid();
1068
1069			$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
1070				VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg_message) . "')";
1071		}
1072		else
1073		{
1074			$sql = "UPDATE " . BB_PRIVMSGS_TEXT . "
1075				SET privmsgs_text = '" . DB()->escape($privmsg_message) . "'
1076				WHERE privmsgs_text_id = $privmsg_id";
1077		}
1078
1079		if ( !DB()->sql_query($sql) )
1080		{
1081			message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
1082		}
1083
1084		if ( $mode != 'edit' )
1085		{
1086			$timenow = TIMENOW;
1087			//
1088			// Add to the users new pm counter
1089			//
1090			$sql = "UPDATE ". BB_USERS ." SET
1091					user_new_privmsg = user_new_privmsg + 1,
1092					user_last_privmsg = $timenow,
1093					user_newest_pm_id = $privmsg_sent_id
1094				WHERE user_id = {$to_userdata['user_id']}
1095				LIMIT 1";
1096
1097			if ( !$status = DB()->sql_query($sql) )
1098			{
1099				message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql);
1100			}
1101
1102			cache_rm_user_sessions ($to_userdata['user_id']);
1103
1104			if ( bf($to_userdata['user_opt'], 'user_opt', 'notify_pm') && !empty($to_userdata['user_email']) && $to_userdata['user_active'] && $bb_cfg['pm_notify_enabled'] )
1105			{
1106				require(INC_DIR .'emailer.class.php');
1107				$emailer = new emailer($bb_cfg['smtp_delivery']);
1108
1109				$emailer->from($bb_cfg['sitename'] ." <{$bb_cfg['board_email']}>");
1110				$emailer->email_address($to_userdata['username'] ." <{$to_userdata['user_email']}>");
1111
1112				$emailer->use_template('privmsg_notify', $to_userdata['user_lang']);
1113
1114				$emailer->assign_vars(array(
1115					'USERNAME'    => html_entity_decode($to_username),
1116					'NAME_FROM'   => $userdata['username'],
1117					'MSG_SUBJECT' => html_entity_decode($privmsg_subject),
1118					'SITENAME'    => $bb_cfg['sitename'],
1119					'U_INBOX'     => make_url(PM_URL . "?folder=inbox&mode=read&p=". $privmsg_sent_id),
1120				));
1121
1122				$emailer->send();
1123				$emailer->reset();
1124			}
1125		}
1126
1127		pm_message_die($lang['MESSAGE_SENT']);
1128	}
1129	else if ( $preview || $refresh || $error )
1130	{
1131		//
1132		// If we're previewing or refreshing then obtain the data
1133		// passed to the script, process it a little, do some checks
1134		// where neccessary, etc.
1135		//
1136		$to_username = (isset($_POST['username']) ) ? clean_username($_POST['username']) : '';
1137
1138		$privmsg_subject = ( isset($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
1139		$privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : '';
1140
1141		//
1142		// Do mode specific things
1143		//
1144		if ( $mode == 'post' )
1145		{
1146			$page_title = $lang['POST_NEW_PM'];
1147		}
1148		else if ( $mode == 'reply' )
1149		{
1150			$page_title = $lang['POST_REPLY_PM'];
1151		}
1152		else if ( $mode == 'edit' )
1153		{
1154			$page_title = $lang['EDIT_PM'];
1155
1156			$sql = "SELECT u.user_id
1157				FROM " . BB_PRIVMSGS . " pm, " . BB_USERS . " u
1158				WHERE pm.privmsgs_id = $privmsg_id
1159					AND u.user_id = pm.privmsgs_from_userid";
1160			if ( !($result = DB()->sql_query($sql)) )
1161			{
1162				message_die(GENERAL_ERROR, "Could not obtain post and post text", "", __LINE__, __FILE__, $sql);
1163			}
1164
1165			if ( $postrow = DB()->sql_fetchrow($result) )
1166			{
1167				if ( $userdata['user_id'] != $postrow['user_id'] )
1168				{
1169					message_die(GENERAL_MESSAGE, $lang['EDIT_OWN_POSTS']);
1170				}
1171			}
1172		}
1173	}
1174	else
1175	{
1176		if ( !$privmsg_id && ( $mode == 'reply' || $mode == 'edit' || $mode == 'quote' ) )
1177		{
1178			message_die(GENERAL_ERROR, $lang['NO_POST_ID']);
1179		}
1180
1181		if ( !empty($_GET[POST_USERS_URL]) )
1182		{
1183			$user_id = intval($_GET[POST_USERS_URL]);
1184
1185			$sql = "SELECT username
1186				FROM " . BB_USERS . "
1187				WHERE user_id = $user_id
1188					AND user_id <> " . GUEST_UID;
1189			if ( !($result = DB()->sql_query($sql)) )
1190			{
1191				$error = TRUE;
1192				$error_msg = $lang['NO_SUCH_USER'];
1193			}
1194
1195			if ( $row = DB()->sql_fetchrow($result) )
1196			{
1197				$to_username = $row['username'];
1198			}
1199		}
1200
1201		else if ( $mode == 'edit' )
1202		{
1203			$sql = "SELECT pm.*, pmt.privmsgs_text, u.username, u.user_id
1204				FROM " . BB_PRIVMSGS . " pm, " . BB_PRIVMSGS_TEXT . " pmt, " . BB_USERS . " u
1205				WHERE pm.privmsgs_id = $privmsg_id
1206					AND pmt.privmsgs_text_id = pm.privmsgs_id
1207					AND pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1208					AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
1209						OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )
1210					AND u.user_id = pm.privmsgs_to_userid";
1211			if ( !($result = DB()->sql_query($sql)) )
1212			{
1213				message_die(GENERAL_ERROR, 'Could not obtain private message for editing', '', __LINE__, __FILE__, $sql);
1214			}
1215
1216			if ( !($privmsg = DB()->sql_fetchrow($result)) )
1217			{
1218				redirect(PM_URL . "?folder=$folder");
1219			}
1220
1221			$privmsg_subject = $privmsg['privmsgs_subject'];
1222			$privmsg_message = $privmsg['privmsgs_text'];
1223
1224			$to_username = $privmsg['username'];
1225			$to_userid = $privmsg['user_id'];
1226
1227		}
1228		else if ( $mode == 'reply' || $mode == 'quote' )
1229		{
1230
1231			$sql = "SELECT pm.privmsgs_subject, pm.privmsgs_date, pmt.privmsgs_text, u.username, u.user_id
1232				FROM " . BB_PRIVMSGS . " pm, " . BB_PRIVMSGS_TEXT . " pmt, " . BB_USERS . " u
1233				WHERE pm.privmsgs_id = $privmsg_id
1234					AND pmt.privmsgs_text_id = pm.privmsgs_id
1235					AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
1236					AND u.user_id = pm.privmsgs_from_userid";
1237			if ( !($result = DB()->sql_query($sql)) )
1238			{
1239				message_die(GENERAL_ERROR, 'Could not obtain private message for editing', '', __LINE__, __FILE__, $sql);
1240			}
1241
1242			if ( !($privmsg = DB()->sql_fetchrow($result)) )
1243			{
1244				redirect(PM_URL . "?folder=$folder");
1245			}
1246
1247			$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
1248
1249			$to_username = $privmsg['username'];
1250			$to_userid = $privmsg['user_id'];
1251
1252			if ( $mode == 'quote' )
1253			{
1254				$privmsg_message = $privmsg['privmsgs_text'];
1255
1256				$msg_date =  bb_date($privmsg['privmsgs_date']);
1257
1258				$privmsg_message = '[quote="' . $to_username . '"]' . $privmsg_message . '[/quote]';
1259
1260				$mode = 'reply';
1261			}
1262		}
1263		else
1264		{
1265			$privmsg_subject = $privmsg_message = $to_username = '';
1266		}
1267	}
1268
1269	//
1270	// Has admin prevented user from sending PM's?
1271	//
1272	if ( bf($userdata['user_opt'], 'user_opt', 'allow_pm') && $mode != 'edit' )
1273	{
1274		$message = ($lang['CANNOT_SEND_PRIVMSG']);
1275	}
1276
1277	//
1278	// Start output, first preview, then errors then post form
1279	//
1280	$page_title = $lang['SEND_PRIVATE_MESSAGE'];
1281
1282	if ( $preview && !$error )
1283	{
1284		$orig_word = array();
1285		$replacement_word = array();
1286		obtain_word_list($orig_word, $replacement_word);
1287
1288        $preview_message = htmlCHR($privmsg_message, false, ENT_NOQUOTES);
1289		$preview_message = bbcode2html($privmsg_message);
1290
1291		if ( count($orig_word) )
1292		{
1293			$preview_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
1294			$preview_message = preg_replace($orig_word, $replacement_word, $preview_message);
1295		}
1296		else
1297		{
1298			$preview_subject = $privmsg_subject;
1299		}
1300
1301		$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
1302		$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
1303
1304		if ( isset($privmsg_id) )
1305		{
1306			$s_hidden_fields .= '<input type="hidden" name="' . POST_POST_URL . '" value="' . $privmsg_id . '" />';
1307		}
1308
1309		$template->assign_vars(array(
1310			'TPL_PREVIEW_POST' => true,
1311			'TOPIC_TITLE' => wbr($preview_subject),
1312			'POST_SUBJECT' => $preview_subject,
1313			'MESSAGE_TO' => $to_username,
1314			'MESSAGE_FROM' => $userdata['username'],
1315			'POST_DATE' => bb_date(TIMENOW),
1316			'PREVIEW_MSG' => $preview_message,
1317
1318			'S_HIDDEN_FIELDS' => $s_hidden_fields,
1319		));
1320	}
1321
1322	//
1323	// Start error handling
1324	//
1325	if ($error)
1326	{
1327		$template->assign_vars(array('ERROR_MESSAGE' => $error_msg));
1328	}
1329
1330	//
1331	// Load templates
1332	//
1333	$template->set_filenames(array(
1334		'body' => 'posting.tpl')
1335	);
1336
1337	//
1338	// Enable extensions in posting_body
1339	//
1340	$template->assign_block_vars('switch_privmsg', array());
1341	$template->assign_var('POSTING_USERNAME');
1342
1343	$post_a = '&nbsp;';
1344	if ( $mode == 'post' )
1345	{
1346		$post_a = $lang['SEND_A_NEW_MESSAGE'];
1347	}
1348	else if ( $mode == 'reply' )
1349	{
1350		$post_a = $lang['SEND_A_REPLY'];
1351		$mode = 'post';
1352	}
1353	else if ( $mode == 'edit' )
1354	{
1355		$post_a = $lang['EDIT_MESSAGE'];
1356	}
1357
1358	$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
1359	$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
1360	if ( $mode == 'edit' )
1361	{
1362		$s_hidden_fields .= '<input type="hidden" name="' . POST_POST_URL . '" value="' . $privmsg_id . '" />';
1363	}
1364
1365	//
1366	// Send smilies to template
1367	//
1368	generate_smilies('inline');
1369
1370	$privmsg_subject = clean_title($privmsg_subject);
1371
1372	$template->assign_vars(array(
1373		'SUBJECT' => htmlCHR($privmsg_subject),
1374		'USERNAME' => $to_username,
1375		'MESSAGE' => $privmsg_message,
1376		'FORUM_NAME' => $lang['PRIVATE_MESSAGE'],
1377
1378		'BOX_NAME' => $l_box_name,
1379		'INBOX' => $inbox_url,
1380		'SENTBOX' => $sentbox_url,
1381		'OUTBOX' => $outbox_url,
1382		'SAVEBOX' => $savebox_url,
1383
1384		'POSTING_TYPE_TITLE' => $post_a,
1385
1386		'S_HIDDEN_FORM_FIELDS' => $s_hidden_fields,
1387		'S_POST_ACTION' => PM_URL,
1388
1389		'U_SEARCH_USER' => "search.php?mode=searchuser",
1390		'U_VIEW_FORUM' => PM_URL,
1391	));
1392}
1393else
1394{
1395	//
1396	// Reset PM counters
1397	//
1398	$userdata['user_new_privmsg'] = 0;
1399	$userdata['user_unread_privmsg'] = $userdata['user_new_privmsg'] + $userdata['user_unread_privmsg'];
1400	$userdata['user_last_privmsg'] = $userdata['session_start'];
1401
1402	//
1403	// Update unread status
1404	//
1405	db_update_userdata($userdata, array(
1406		'user_unread_privmsg' => 'user_unread_privmsg + user_new_privmsg',
1407		'user_new_privmsg'    => 0,
1408		'user_last_privmsg'   => $userdata['session_start'],
1409	));
1410
1411	$sql = "UPDATE " . BB_PRIVMSGS . "
1412		SET privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . "
1413		WHERE privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
1414			AND privmsgs_to_userid = " . $userdata['user_id'];
1415	if ( !DB()->sql_query($sql) )
1416	{
1417		message_die(GENERAL_ERROR, 'Could not update private message new/read status (2) for user', '', __LINE__, __FILE__, $sql);
1418	}
1419
1420	//
1421	// Generate page
1422	//
1423	$page_title = $lang['PRIVATE_MESSAGING'];
1424
1425	//
1426	// Load templates
1427	//
1428	$template->set_filenames(array(
1429		'body' => 'privmsgs.tpl')
1430	);
1431
1432	$orig_word = array();
1433	$replacement_word = array();
1434	obtain_word_list($orig_word, $replacement_word);
1435
1436	//
1437	// New message
1438	//
1439	$post_new_mesg_url = '<a href="' . PM_URL .'?mode=post"><img src="' . $images['post_new'] . '" alt="' . $lang['SEND_A_NEW_MESSAGE'] . '" border="0" /></a>';
1440
1441	//
1442	// General SQL to obtain messages
1443	//
1444	$sql_tot = "SELECT COUNT(privmsgs_id) AS total
1445		FROM " . BB_PRIVMSGS . " ";
1446	$sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, u.user_id, u.username, u.user_rank
1447		FROM " . BB_PRIVMSGS . " pm, " . BB_USERS . " u ";
1448	switch( $folder )
1449	{
1450		case 'inbox':
1451			$sql_tot .= "WHERE privmsgs_to_userid = " . $userdata['user_id'] . "
1452				AND ( privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1453					OR privmsgs_type = " . PRIVMSGS_READ_MAIL . "
1454					OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1455
1456			$sql .= "WHERE pm.privmsgs_to_userid = " . $userdata['user_id'] . "
1457				AND u.user_id = pm.privmsgs_from_userid
1458				AND ( pm.privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1459					OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . "
1460					OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1461			break;
1462
1463		case 'outbox':
1464			$sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
1465				AND ( privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1466					OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1467
1468			$sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1469				AND u.user_id = pm.privmsgs_to_userid
1470				AND ( pm.privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1471					OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1472			break;
1473
1474		case 'sentbox':
1475			$sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
1476				AND privmsgs_type =  " . PRIVMSGS_SENT_MAIL;
1477
1478			$sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1479				AND u.user_id = pm.privmsgs_to_userid
1480				AND pm.privmsgs_type =  " . PRIVMSGS_SENT_MAIL;
1481			break;
1482
1483		case 'savebox':
1484			$sql_tot .= "WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . "
1485					AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
1486				OR ( privmsgs_from_userid = " . $userdata['user_id'] . "
1487					AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )";
1488
1489			$sql .= "WHERE u.user_id = pm.privmsgs_from_userid
1490				AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
1491					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
1492				OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1493					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
1494			break;
1495
1496		default:
1497			message_die(GENERAL_MESSAGE, $lang['NO_SUCH_FOLDER']);
1498			break;
1499	}
1500
1501	//
1502	// Show messages over previous x days/months
1503	//
1504	if ( $submit_msgdays && ( !empty($_POST['msgdays']) || !empty($_GET['msgdays']) ) )
1505	{
1506		$msg_days = ( !empty($_POST['msgdays']) ) ? intval($_POST['msgdays']) : intval($_GET['msgdays']);
1507		$min_msg_time = TIMENOW - ($msg_days * 86400);
1508
1509		$limit_msg_time_total = " AND privmsgs_date > $min_msg_time";
1510		$limit_msg_time = " AND pm.privmsgs_date > $min_msg_time ";
1511
1512		if ( !empty($_POST['msgdays']) )
1513		{
1514			$start = 0;
1515		}
1516	}
1517	else
1518	{
1519		$limit_msg_time = $limit_msg_time_total = '';
1520		$msg_days = 0;
1521	}
1522
1523	$sql .= $limit_msg_time . " ORDER BY pm.privmsgs_date DESC LIMIT $start, " . $bb_cfg['topics_per_page'];
1524	$sql_all_tot = $sql_tot;
1525	$sql_tot .= $limit_msg_time_total;
1526
1527	//
1528	// Get messages
1529	//
1530	if ( !($result = DB()->sql_query($sql_tot)) )
1531	{
1532		message_die(GENERAL_ERROR, 'Could not query private message information', '', __LINE__, __FILE__, $sql_tot);
1533	}
1534
1535	$pm_total = ( $row = DB()->sql_fetchrow($result) ) ? $row['total'] : 0;
1536
1537	if ( !($result = DB()->sql_query($sql_all_tot)) )
1538	{
1539		message_die(GENERAL_ERROR, 'Could not query private message information', '', __LINE__, __FILE__, $sql_tot);
1540	}
1541
1542	$pm_all_total = ( $row = DB()->sql_fetchrow($result) ) ? $row['total'] : 0;
1543
1544	//
1545	// Build select box
1546	//
1547	$previous_days = array(0, 1, 7, 14, 30, 90, 180, 364);
1548	$previous_days_text = array($lang['ALL_POSTS'], $lang['1_DAY'], $lang['7_DAYS'], $lang['2_WEEKS'], $lang['1_MONTH'], $lang['3_MONTHS'], $lang['6_MONTHS'], $lang['1_YEAR']);
1549
1550	$select_msg_days = '';
1551	for($i = 0; $i < count($previous_days); $i++)
1552	{
1553		$selected = ( $msg_days == $previous_days[$i] ) ? ' selected="selected"' : '';
1554		$select_msg_days .= '<option value="' . $previous_days[$i] . '"' . $selected . '>' . $previous_days_text[$i] . '</option>';
1555	}
1556
1557	//
1558	// Define correct icons
1559	//
1560	switch ( $folder )
1561	{
1562		case 'inbox':
1563			$l_box_name = $lang['INBOX'];
1564			break;
1565		case 'outbox':
1566			$l_box_name = $lang['OUTBOX'];
1567			break;
1568		case 'savebox':
1569			$l_box_name = $lang['SAVEBOX'];
1570			break;
1571		case 'sentbox':
1572			$l_box_name = $lang['SENTBOX'];
1573			break;
1574	}
1575	$post_pm = PM_URL . "?mode=post";
1576	$post_pm_img = '<a href="' . $post_pm . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['POST_NEW_PM'] . '" border="0" /></a>';
1577	$post_pm = '<a href="' . $post_pm . '">' . $lang['POST_NEW_PM'] . '</a>';
1578
1579	//
1580	// Output data for inbox status
1581	//
1582	$box_limit_img_length = $box_limit_percent = $l_box_size_status = '';
1583	$max_pm = ($folder != 'outbox') ? $bb_cfg["max_{$folder}_privmsgs"] : null;
1584
1585	if ($max_pm)
1586	{
1587		$box_limit_percent    = min(round(($pm_all_total / $max_pm) * 100), 100);
1588		$box_limit_img_length = min(round(($pm_all_total / $max_pm) * $bb_cfg['privmsg_graphic_length']), $bb_cfg['privmsg_graphic_length']);
1589		$box_limit_remain     = max(($max_pm - $pm_all_total), 0);
1590
1591		$template->assign_var('PM_BOX_SIZE_INFO');
1592
1593		switch( $folder )
1594		{
1595			case 'inbox':
1596				$l_box_size_status = sprintf($lang['INBOX_SIZE'], $box_limit_percent);
1597				break;
1598			case 'sentbox':
1599				$l_box_size_status = sprintf($lang['SENTBOX_SIZE'], $box_limit_percent);
1600				break;
1601			case 'savebox':
1602				$l_box_size_status = sprintf($lang['SAVEBOX_SIZE'], $box_limit_percent);
1603				break;
1604			default:
1605				$l_box_size_status = '';
1606				break;
1607		}
1608	}
1609
1610	//
1611	// Dump vars to template
1612	//
1613	$template->assign_vars(array(
1614		'BOX_NAME' => $l_box_name,
1615		'BOX_EXPL' => ($folder == 'outbox') ? $lang['OUTBOX_EXPL'] : '',
1616		'INBOX' => $inbox_url,
1617		'SENTBOX' => $sentbox_url,
1618		'OUTBOX' => $outbox_url,
1619		'SAVEBOX' => $savebox_url,
1620
1621		'POST_PM_IMG' => $post_pm_img,
1622		'POST_PM' => $post_pm,
1623
1624		'INBOX_LIMIT_IMG_WIDTH' => max(4, $box_limit_img_length),
1625		'INBOX_LI…

Large files files are truncated, but you can click here to view the full file