1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
|
<?php
$filename="pms.php";
require ("./global.php");
require("./acp/lib/class_parse.php");
if(!$wbbuserdata['userid'] || $wbbuserdata['canusepms']==0) access_error();
if(isset($_REQUEST['folderid'])) $folderid=$_REQUEST['folderid'];
else $folderid="0";
if(isset($_REQUEST['action'])) $action=$_REQUEST['action'];
else $action="";
/* view pms from folder x */
if(!$action) {
list($pmcount)=$db->query_first("SELECT COUNT(*) FROM bb".$n."_privatemessage WHERE recipientid='$wbbuserdata[userid]' AND deletepm<>1");
$result = $db->query("SELECT folderid, title FROM bb".$n."_folders WHERE userid='$wbbuserdata[userid]' ORDER BY title ASC");
$folder_bit="";
$moveto_options="";
$folder['title']="";
while($row=$db->fetch_array($result)) {
eval ("\$folder_bit .= \"".$tpl->get("pms_folderbit")."\";");
if($row['folderid']==$folderid) $folder['title']=$row['title'];
else {
eval ("\$moveto_options .= \"".$tpl->get("pms_moveto_options")."\";");
}
}
if($folderid!="outbox" && $folderid!=0 && !$folder['title']) access_error();
if(!$folder['title']) $folder['title']="Inbox";
if($folderid!="outbox" && $folderid!=0) eval ("\$folder_rename = \"".$tpl->get("pms_folder_rename")."\";");
else $folder_rename="";
$pms_bit="";
$d_select[1]="";
$d_select[2]="";
$d_select[5]="";
$d_select[10]="";
$d_select[20]="";
$d_select[30]="";
$d_select[45]="";
$d_select[60]="";
$d_select[75]="";
$d_select[100]="";
$d_select[365]="";
if($folderid=="outbox") {
$result=$db->query("SELECT
p.privatemessageid, p.subject, p.sendtime, p.iconid,
i.iconpath, i.icontitle,
u.userid, u.username
FROM bb".$n."_privatemessage p
LEFT JOIN bb".$n."_icons i USING(iconid)
LEFT JOIN bb".$n."_users u ON (p.recipientid=u.userid)
WHERE p.senderid='$wbbuserdata[userid]' AND p.deletepm<>2
ORDER BY sendtime DESC");
while($row=$db->fetch_array($result)) {
if($row['iconid']) $icon=makeimgtag($row['iconpath'],$row['icontitle']);
else $icon=" ";
$senddate=formatdate($dateformat,$row['sendtime']);
$sendtime=formatdate($timeformat,$row['sendtime']);
eval ("\$pms_bit .= \"".$tpl->get("pms_bit_outbox")."\";");
}
eval("\$tpl->output(\"".$tpl->get("pms_outbox")."\");");
}
else {
$result=$db->query("SELECT
p.privatemessageid, p.subject, p.sendtime, p.view, p.reply, p.forward, p.iconid,
i.iconpath, i.icontitle,
u.userid, u.username
FROM bb".$n."_privatemessage p
LEFT JOIN bb".$n."_icons i USING(iconid)
LEFT JOIN bb".$n."_users u ON (p.senderid=u.userid)
WHERE p.recipientid='$wbbuserdata[userid]' AND p.folderid='".addslashes($folderid)."' AND p.deletepm<>1
ORDER BY sendtime DESC");
while($row=$db->fetch_array($result)) {
if($row['iconid']) $icon=makeimgtag($row['iconpath'],$row['icontitle']);
else $icon=" ";
$senddate=formatdate($dateformat,$row['sendtime']);
$sendtime=formatdate($timeformat,$row['sendtime']);
if($row['sendtime'] >= $wbbuserdata['lastvisit'] && $row['view']==0) $pm_image = makeimgtag("{imagefolder}/pm_new.gif");
elseif($row['view']==0) $pm_image = makeimgtag("{imagefolder}/pm_unread.gif");
else {
if($row['reply']==1 && $row['forward']==1) $pm_image = makeimgtag("{imagefolder}/pm_reward.gif");
elseif($row['reply']==1) $pm_image = makeimgtag("{imagefolder}/pm_reply.gif");
elseif($row['forward']==1) $pm_image = makeimgtag("{imagefolder}/pm_forward.gif");
else $pm_image = makeimgtag("{imagefolder}/pm_normal.gif");
}
eval ("\$pms_bit .= \"".$tpl->get("pms_bit")."\";");
}
eval("\$tpl->output(\"".$tpl->get("pms_folder")."\");");
}
exit();
}
/** create a folder **/
if(isset($_POST['action']) && $_POST['action']=="createfolder") {
$foldertitle=trim($_POST['foldertitle']);
if(!$foldertitle) eval("redirect(\"".$tpl->get("redirect_falsefolder")."\",\"pms.php?sid=$session[hash]\",5);");
list($foldercount)=$db->query_first("SELECT COUNT(*) FROM bb".$n."_folders WHERE userid='$wbbuserdata[userid]'");
if($foldercount>=$maxfolders) eval("redirect(\"".$tpl->get("redirect_toomanyfolders")."\",\"pms.php?sid=$session[hash]\",5);");
$db->query("INSERT INTO bb".$n."_folders (folderid,userid,title) VALUES (NULL,'$wbbuserdata[userid]','".addslashes(htmlspecialchars($foldertitle))."')");
$folderid=$db->insert_id();
header("Location: pms.php?folderid=$folderid&sid=$session[hash]");
exit();
}
/** rename a folder **/
if(isset($_POST['action']) && $_POST['action']=="renamefolder") {
$foldertitle=trim($_POST['foldertitle']);
$folderid=intval($_POST['folderid']);
list($controluser)=$db->query_first("SELECT userid FROM bb".$n."_folders WHERE folderid='$folderid'");
if($controluser!=$wbbuserdata['userid']) access_error();
$db->unbuffered_query("UPDATE bb".$n."_folders SET title = '".addslashes(htmlspecialchars($foldertitle))."' WHERE folderid='$folderid'",1);
header("Location: pms.php?folderid=$folderid&sid=$session[hash]");
exit();
}
/** remove a folder **/
if(isset($_GET['action']) && $_GET['action']=="removefolder") {
$folderid=intval($_GET['folderid']);
list($controluser)=$db->query_first("SELECT userid FROM bb".$n."_folders WHERE folderid='$folderid'");
if($controluser!=$wbbuserdata['userid']) access_error();
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET folderid = '0' WHERE folderid='$folderid'",1);
$db->unbuffered_query("DELETE FROM bb".$n."_folders WHERE folderid='$folderid'",1);
header("Location: pms.php?sid=$session[hash]");
exit();
}
/** delete marked msgs **/
if(isset($_POST['action']) && $_POST['action']=="delmark") {
if($_POST['pmid'] && count($_POST['pmid'])) $pmids=implode(',',$_POST['pmid']);
else $pmids="";
if($pmids) {
if($_POST['folderid']=="outbox") {
$db->query("DELETE FROM bb".$n."_privatemessage WHERE senderid='$wbbuserdata[userid]' AND deletepm=1 AND privatemessageid IN (".addslashes($pmids).")");
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET deletepm=2 WHERE senderid='$wbbuserdata[userid]' AND privatemessageid IN (".addslashes($pmids).")",1);
}
else {
$db->query("DELETE FROM bb".$n."_privatemessage WHERE recipientid='$wbbuserdata[userid]' AND deletepm=2 AND privatemessageid IN (".addslashes($pmids).")");
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET deletepm=1 WHERE recipientid='$wbbuserdata[userid]' AND privatemessageid IN (".addslashes($pmids).")",1);
}
}
header("Location: pms.php?folderid=$folderid&sid=$session[hash]");
exit();
}
/** delete all msgs **/
if(isset($_POST['action']) && $_POST['action']=="delall") {
if($_POST['folderid']=="outbox") {
$db->query("DELETE FROM bb".$n."_privatemessage WHERE senderid='$wbbuserdata[userid]' AND deletepm=1");
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET deletepm=2 WHERE senderid='$wbbuserdata[userid]'",1);
}
else {
$db->query("DELETE FROM bb".$n."_privatemessage WHERE recipientid='$wbbuserdata[userid]' AND folderid='".intval($_POST['folderid'])."' AND deletepm=2");
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET deletepm=1 WHERE recipientid='$wbbuserdata[userid]' AND folderid='".intval($_POST['folderid'])."'",1);
}
header("Location: pms.php?folderid=$folderid&sid=$session[hash]");
exit();
}
/** view a pm **/
if(isset($_GET['action']) && $_GET['action']=="viewpm") {
if(isset($_GET['outbox'])) {
$pmid=intval($_GET['pmid']);
$pm=$db->query_first("SELECT
p.*,
i.iconpath, i.icontitle,
u.userid, u.username, u.signature
FROM bb".$n."_privatemessage p
LEFT JOIN bb".$n."_icons i USING(iconid)
LEFT JOIN bb".$n."_users u ON (p.recipientid=u.userid)
WHERE p.privatemessageid='$pmid' AND p.deletepm<>2");
if($pm['senderid']!=$wbbuserdata['userid']) eval("error(\"".$tpl->get("error_falselink")."\");");
$senddate=formatdate($dateformat,$pm['sendtime']);
$sendtime=formatdate($timeformat,$pm['sendtime']);
if($pm['iconid']) $icon=makeimgtag($pm['iconpath'],$pm['icontitle']);
else $icon="";
$parse = new parse($docensor,90,$pm['showsmilies']*$pm_allowsmilies,$pm_allowbbcode,$wbbuserdata['showimages'],$usecode);
$pm['message']=$parse->doparse($pm['message'],$pm['showsmilies']*$pm_allowsmilies,$pm_allowhtml,$pm_allowbbcode,$pm_allowimages);
$pm['subject']=$parse->textwrap($pm['subject'],30);
if($pm['showsignature']==1 && $wbbuserdata['showsignatures']==1 && $wbbuserdata['signature']) {
$posts['signature']=$parse->doparse($wbbuserdata['signature'],$pm['showsmilies']*$allowsigsmilies,$allowsightml,$allowsigbbcode,$maxsigimage);
eval ("\$signature = \"".$tpl->get("thread_signature")."\";");
}
eval("\$tpl->output(\"".$tpl->get("pms_viewpm_outbox")."\");");
}
else {
$pmid=intval($_GET['pmid']);
$pm=$db->query_first("SELECT
p.*, f.*,
i.iconpath, i.icontitle,
u.userid, u.username, u.signature
FROM bb".$n."_privatemessage p
LEFT JOIN bb".$n."_icons i USING(iconid)
LEFT JOIN bb".$n."_users u ON (p.senderid=u.userid)
LEFT JOIN bb".$n."_folders f ON (p.folderid=f.folderid)
WHERE p.privatemessageid='$pmid' AND p.deletepm<>1");
if($pm['recipientid']!=$wbbuserdata['userid']) eval("error(\"".$tpl->get("error_falselink")."\");");
if($pm['view']==0) $db->query("UPDATE bb".$n."_privatemessage SET view='".time()."' WHERE privatemessageid='$pmid'");
$senddate=formatdate($dateformat,$pm['sendtime']);
$sendtime=formatdate($timeformat,$pm['sendtime']);
if($pm['iconid']) $icon=makeimgtag($pm['iconpath'],$pm['icontitle']);
else $icon="";
if($pm['folderid']==0) $pm['title']="Inbox";
$parse = new parse($docensor,90,$pm['showsmilies']*$pm_allowsmilies,$pm_allowbbcode,$wbbuserdata['showimages'],$usecode);
$pm['message']=$parse->doparse($pm['message'],$pm['showsmilies']*$pm_allowsmilies,$pm_allowhtml,$pm_allowbbcode,$pm_allowimages);
$pm['subject']=$parse->textwrap($pm['subject'],30);
if($pm['showsignature']==1 && $wbbuserdata['showsignatures']==1 && $pm['signature']) {
$posts['signature']=$parse->doparse($pm['signature'],$pm['showsmilies']*$allowsigsmilies,$allowsightml,$allowsigbbcode,$maxsigimage);
eval ("\$signature = \"".$tpl->get("thread_signature")."\";");
}
eval("\$tpl->output(\"".$tpl->get("pms_viewpm")."\");");
}
}
/** create a new pm **/
if($_REQUEST['action']=="newpm" || $_REQUEST['action']=="replypm" || $_REQUEST['action']=="forwardpm") {
if($newpm_default_checked_0==1) $checked[0]="checked";
if($newpm_default_checked_1==1) $checked[1]="checked";
if($newpm_default_checked_2==1) $checked[2]="checked";
if($newpm_default_checked_3==1) $checked[3]="checked";
if($newpm_default_checked_4==1) $checked[4]="checked";
if(isset($_REQUEST['pmid'])) $pmid=intval($_REQUEST['pmid']);
if(isset($_POST['send'])) {
$subject=trim($_POST['subject']);
$recipient=trim($_POST['recipient']);
$message=stripcrap(trim($_POST['message']));
if(isset($_POST['iconid'])) $iconid=intval($_POST['iconid']);
else $iconid=0;
if(!isset($_POST['preview'])) {
$error="";
if(!$subject || !$recipient || !$message) eval ("\$error .= \"".$tpl->get("newthread_error1")."\";");
if($recipient) {
$result=$db->query_first("SELECT userid, username, email, ignorelist, receivepm, emailonpm, pmpopup FROM bb".$n."_users WHERE username='".addslashes(htmlspecialchars($recipient))."'");
$recipient = htmlspecialchars($recipient);
if(!$result['userid']) eval ("\$error .= \"".$tpl->get("pms_newpm_error1")."\";");
else {
if($result['receivepm']==0) eval ("\$error .= \"".$tpl->get("pms_newpm_error2")."\";");
elseif(add2list($result['ignorelist'],$wbbuserdata['userid'])==-1) eval ("\$error .= \"".$tpl->get("pms_newpm_error3")."\";");
else {
list($countpms)=$db->query_first("SELECT COUNT(*) FROM bb".$n."_privatemessage WHERE recipientid='$result[userid]' AND deletepm<>1");
if($countpms>=$maxpms) eval ("\$error .= \"".$tpl->get("pms_newpm_error4")."\";");
}
}
}
if($error) eval ("\$pm_error = \"".$tpl->get("newthread_error")."\";");
else {
if($_POST['parseurl']==1) $message=parseURL($message);
$db->unbuffered_query("INSERT INTO bb".$n."_privatemessage (privatemessageid,senderid,recipientid,subject,message,sendtime,showsmilies,showsignature,iconid,deletepm) VALUES (NULL,'$wbbuserdata[userid]','$result[userid]','".addslashes(htmlspecialchars($subject))."','".addslashes($message)."','".time()."','".(1-intval($_POST['disablesmilies']))."','".intval($_POST['showsignature'])."','$iconid','".ifelse($_POST['savecopy']==1,0,2)."')",1);
//Guthaben-Hack BEGIN
$guthaben_hack=$db->query_first("SELECT pn_onoff, pn_wert FROM bb".$n."_guthaben_config");
If ($guthaben_hack['pn_onoff']==1){
$db->unbuffered_query("UPDATE bb".$n."_users SET guthaben=guthaben-".$guthaben_hack[pn_wert]." WHERE userid='$wbbuserdata[userid]'",1);
$db->query("INSERT INTO bb".$n."_guthaben_konto (userid,begruendung,wieviel,date) VALUES ($wbbuserdata[userid], 'Erstellung einer Privaten Nachricht', '$guthaben_hack[ pn_wert]','".time()."')");
}
//Guthaben Hack END
if($result['pmpopup']==1) $db->unbuffered_query("UPDATE bb".$n."_users SET pmpopup=2 WHERE userid='$result[userid]'",1);
if($result['emailonpm']==1) {
eval ("\$mail_text = \"".$tpl->get("mt_newpm")."\";");
eval ("\$mail_subject = \"".$tpl->get("ms_newpm")."\";");
mailer($result['email'],$mail_subject,$mail_text);
}
if($_REQUEST['action']=="replypm") $db->unbuffered_query("UPDATE bb".$n."_privatemessage SET reply=1 WHERE privatemessageid='$pmid' AND recipientid='$wbbuserdata[userid]'",1);
if($_REQUEST['action']=="forwardpm") $db->unbuffered_query("UPDATE bb".$n."_privatemessage SET forward=1 WHERE privatemessageid='$pmid' AND recipientid='$wbbuserdata[userid]'",1);
header("Location: pms.php?sid=$session[hash]");
exit();
}
}
else {
$allowsmilies=1-intval($_POST['disablesmilies']);
$parse = new parse($docensor,75,$allowsmilies*$pm_allowsmilies,$pm_allowbbcode,$wbbuserdata['showimages'],$usecode);
$preview_subject=$parse->textwrap(htmlspecialchars($subject),30);
$preview_message=$parse->doparse(ifelse($_POST['parseurl']==1,parseURL($message),$message),$allowsmilies*$pm_allowsmilies,$pm_allowhtml,$pm_allowbbcode,$pm_allowimages);
if($iconid) {
$result = $db->query_first("SELECT * FROM bb".$n."_icons WHERE iconid = '$iconid'");
$preview_posticon=makeimgtag($result['iconpath'],$result['icontitle']);
}
eval ("\$preview_window = \"".$tpl->get("pms_newpm_preview")."\";");
}
if($_POST['parseurl']==1) $checked[0]="checked";
else $checked[0]="";
if($_POST['disablesmilies']==1) $checked[1]="checked";
else $checked[1]="";
if($_POST['showsignature']==1) $checked[2]="checked";
else $checked[2]="";
if($_POST['savecopy']==1) $checked[3]="checked";
else $checked[3]="";
}
else {
if(isset($_GET['userid'])) list($recipient)=$db->query_first("SELECT username FROM bb".$n."_users WHERE userid='".intval($_GET['userid'])."'");
if($_REQUEST['action']=="replypm" || $_REQUEST['action']=="forwardpm") {
$pm = $db->query_first("SELECT p.senderid, p.subject, p.message, p.sendtime, u.username FROM bb".$n."_privatemessage p LEFT JOIN bb".$n."_users u ON (u.userid=p.senderid) WHERE p.privatemessageid='$pmid' AND p.recipientid='$wbbuserdata[userid]'");
$sendtime=formatdate($dateformat." ".$timeformat,$pm['sendtime']);
if($docensor==1) {
if($parse) $pm['message']=$parse->censor($pm['message']);
else {
$parse = new parse(1);
$pm['message']=$parse->censor($pm['message']);
}
}
$pm['username']=rehtmlspecialchars($pm['username']);
if($_REQUEST['action']=="replypm") {
$pm['subject']=preg_replace("/^RE: /i","",$pm['subject']);
eval ("\$subject = \"".$tpl->get("pms_reply_subject")."\";");
eval ("\$message = \"".$tpl->get("pms_reply_message")."\";");
$recipient=$pm['username'];
}
if($_REQUEST['action']=="forwardpm") {
$pm['subject']=preg_replace("/^FW: /i","",$pm['subject']);
eval ("\$subject = \"".$tpl->get("pms_forward_subject")."\";");
eval ("\$message = \"".$tpl->get("pms_forward_message")."\";");
}
}
}
if(!isset($iconid)) $iconid=0;
$ICONselected[$iconid]="checked";
$result = $db->query("SELECT * FROM bb".$n."_icons ORDER BY iconorder ASC");
$iconcount=0;
while($row=$db->fetch_array($result)) {
$row_iconid=$row['iconid'];
eval ("\$choice_posticons .= \"".$tpl->get("newthread_iconbit")."\";");
if($iconcount==6) {
$choice_posticons.="<br>";
$iconcount=0;
}
else $iconcount++;
}
eval ("\$pm_icons .= \"".$tpl->get("newthread_icons")."\";");
if($pm_allowbbcode==1) $bbcode_buttons = getcodebuttons();
if($pm_allowsmilies==1) $bbcode_smilies = getclickysmilies($smilie_table_cols,$smilie_table_rows);
eval ("\$note = \"".$tpl->get("note_html_".ifelse($pm_allowhtml==0,"not_")."allow")."\";");
eval ("\$note .= \"".$tpl->get("note_bbcode_".ifelse($pm_allowbbcode==0,"not_")."allow")."\";");
eval ("\$note .= \"".$tpl->get("note_smilies_".ifelse($pm_allowsmilies==0,"not_")."allow")."\";");
eval ("\$note .= \"".$tpl->get("note_images_".ifelse($pm_allowimages==0,"not_")."allow")."\";");
if(isset($message)) $message=parse::convertHTML($message);
if(isset($subject)) $subject=str_replace("\"",""",$subject);
if(isset($recipient)) $recipient=str_replace("\"",""",$recipient);
eval("\$tpl->output(\"".$tpl->get("pms_newpm")."\");");
}
/** download a message -> txt file **/
if(isset($_GET['action']) && $_GET['action']=="downloadpm") {
$pm=$db->query_first("SELECT p.privatemessageid, p.subject, p.message, p.sendtime, u.username FROM bb".$n."_privatemessage p LEFT JOIN bb".$n."_users u ON (u.userid=p.senderid) WHERE privatemessageid='".intval($_GET['pmid'])."' AND recipientid='$wbbuserdata[userid]'");
if(!$pm['privatemessageid']) eval("error(\"".$tpl->get("error_falselink")."\");");
$sendtime=formatdate($dateformat." ".$timeformat,$pm['sendtime']);
$mime_type = (USR_BROWSER_AGENT == 'IE' || USR_BROWSER_AGENT == 'OPERA') ? 'application/octetstream' : 'application/octet-stream';
$content_disp = (USR_BROWSER_AGENT == 'IE') ? 'inline; ' : 'attachment; ';
header('Content-Type: '.$mime_type);
header('Content-disposition: '.$content_disp.'filename="pm-'.$pm['privatemessageid'].'.txt"');
header('Pragma: no-cache');
header('Expires: 0');
eval("print(\"".$tpl->get("pms_download")."\");");
}
/** delete one message **/
if($_REQUEST['action']=="deletepm") {
$pmid=intval($_REQUEST['pmid']);
if(isset($_REQUEST['outbox'])) $outbox=intval($_REQUEST['outbox']);
else $outbox=0;
if(isset($_POST['send']) && $_POST['send']=="send") {
if($outbox==1) {
$db->query("DELETE FROM bb".$n."_privatemessage WHERE senderid='$wbbuserdata[userid]' AND deletepm=1 AND privatemessageid='$pmid'");
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET deletepm=2 WHERE senderid='$wbbuserdata[userid]' AND privatemessageid='$pmid'",1);
header("Location: pms.php?folderid=outbox&sid=$session[hash]");
}
else {
$db->query("DELETE FROM bb".$n."_privatemessage WHERE recipientid='$wbbuserdata[userid]' AND deletepm=2 AND privatemessageid='$pmid'");
$db->unbuffered_query("UPDATE bb".$n."_privatemessage SET deletepm=1 WHERE recipientid='$wbbuserdata[userid]' AND privatemessageid='$pmid'",1);
header("Location: pms.php?sid=$session[hash]");
}
exit();
}
eval("\$tpl->output(\"".$tpl->get("pms_deletepm")."\");");
}
/** print message **/
if($_REQUEST['action']=="printpm") {
$pmid=intval($_REQUEST['pmid']);
$pm=$db->query_first("SELECT
p.*, i.iconpath, i.icontitle,
u.userid, u.username, u.signature
FROM bb".$n."_privatemessage p
LEFT JOIN bb".$n."_icons i USING(iconid)
LEFT JOIN bb".$n."_users u ON (p.senderid=u.userid)
WHERE p.privatemessageid='$pmid' AND p.deletepm<>1");
if($pm['recipientid']!=$wbbuserdata['userid']) eval("error(\"".$tpl->get("error_falselink")."\");");
$senddate=formatdate($dateformat,$pm['sendtime']);
$sendtime=formatdate($timeformat,$pm['sendtime']);
if($pm['iconid']) $icon=makeimgtag($pm['iconpath'],$pm['icontitle']);
else $icon="";
$parse = new parse($docensor,90,$pm['showsmilies']*$pm_allowsmilies,$pm_allowbbcode,$wbbuserdata['showimages'],$usecode);
$pm['message']=$parse->doparse($pm['message'],$pm['showsmilies']*$pm_allowsmilies,$pm_allowhtml,$pm_allowbbcode,$pm_allowimages);
$pm['subject']=$parse->textwrap($pm['subject'],30);
if($pm['showsignature']==1 && $wbbuserdata['showsignatures']==1 && $pm['signature']) {
$posts['signature']=$parse->doparse($pm['signature'],$pm['showsmilies']*$allowsigsmilies,$allowsightml,$allowsigbbcode,$maxsigimage);
eval ("\$signature = \"".$tpl->get("thread_signature")."\";");
}
eval("\$tpl->output(\"".$tpl->get("pms_printpm")."\");");
}
if($_REQUEST['action']=="popup") {
$result=$db->query("SELECT
p.privatemessageid, p.subject, p.sendtime, p.iconid,
i.iconpath, i.icontitle,
u.userid, u.username
FROM bb".$n."_privatemessage p
LEFT JOIN bb".$n."_icons i USING(iconid)
LEFT JOIN bb".$n."_users u ON (p.senderid=u.userid)
WHERE p.recipientid='$wbbuserdata[userid]' AND p.sendtime>'$wbbuserdata[lastvisit]' AND p.view=0 AND p.deletepm<>1
ORDER BY p.sendtime DESC");
$pmscount=$db->num_rows($result);
$pmbit="";
while($row=$db->fetch_array($result)) {
if($row['iconid']) $icon=makeimgtag($row['iconpath'],$row['icontitle']);
else $icon=" ";
$senddate=formatdate($dateformat,$row['sendtime']);
$sendtime=formatdate($timeformat,$row['sendtime']);
eval ("\$pmbit .= \"".$tpl->get("pmpopup_pmbit")."\";");
}
eval ("\$tpl->output(\"".$tpl->get("pmpopup")."\");");
exit();
}
/** move marked msgs to x **/
if(isset($_POST['action']) && substr($_POST['action'],0,6)=="moveto") {
$tofolderid=substr($_POST['action'],7);
if($_POST['pmid'] && count($_POST['pmid'])) $pmids=implode(',',$_POST['pmid']);
else $pmids="";
if($pmids) {
list($controluser)=$db->query_first("SELECT userid FROM bb".$n."_folders WHERE folderid='$tofolderid'");
if($controluser!=$wbbuserdata['userid']) access_error();
$db->query("UPDATE bb".$n."_privatemessage SET folderid='$tofolderid' WHERE recipientid='$wbbuserdata[userid]' AND privatemessageid IN (".addslashes($pmids).")");
}
header("Location: pms.php?folderid=$folderid&sid=$session[hash]");
exit();
}
?>
|
