<?php
/**
* eXtreme Message Board
* XMB 1.9.11
*
* Developed And Maintained By The XMB Group
* Copyright (c) 2001-2010, The XMB Group
* http://www.xmbforum.com
*
* Sponsored By iEntry, Inc.
* http://www.ientry.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
**/
if (!defined('IN_CODE')) {
header('HTTP/1.0 403 Forbidden');
exit("Not allowed to run this file directly.");
}
define('U2U_FOLDER_COL_SIZE', 32);
function u2u_msg($msg, $redirect) {
global $u2uheader, $u2ufooter, $tablewidth, $bordercolor, $tablespace, $THEME, $altbg1;
if (!empty($redirect)) {
redirect($redirect);
}
eval('echo "'.template('u2u_msg').'";');
exit;
}
function db_u2u_insert($to, $from, $type, $owner, $folder, $subject, $message, $isRead, $isSent) {
global $db, $onlinetime;
$db->query("INSERT INTO ".X_PREFIX."u2u (msgto, msgfrom, type, owner, folder, subject, message, dateline, readstatus, sentstatus) VALUES ('$to', '$from', '$type', '$owner', '$folder', '$subject', '$message', '$onlinetime', '$isRead', '$isSent')");
}
function u2u_send_multi_recp($msgto, $subject, $message, $u2uid=0) {
$errors = '';
$recipients = array_unique(array_map('trim', explode(',', $msgto)));
foreach($recipients as $recp) {
$errors .= u2u_send_recp($recp, $subject, $message, $u2uid);
}
return $errors;
}
/**
* Sends a message from the current user to the specified username.
*
* Assumes the current user is already authenticated and not banned from U2U.
*
* @since 1.9.1
* @param string $msgto XMB username, must be SQL safe.
* @param string $subject Message subject line, must be double-slashed.
* @param string $message Message body, must be double-slashed.
* @param int $u2uid Optional.
* @return string Empty string on success, HTML formatted messages on failure.
*/
function u2u_send_recp($msgto, $subject, $message, $u2uid=0) {
global $db, $self, $SETTINGS, $lang, $onlinetime, $bbname, $adminemail, $cookiedomain, $del, $oToken, $xmbuser, $full_url;
$del = ('yes' === $del) ? 'yes' : 'no';
$errors = '';
$query = $db->query("SELECT username, email, lastvisit, ignoreu2u, emailonu2u, status, langfile FROM ".X_PREFIX."members WHERE username='$msgto'");
if ($rcpt = $db->fetch_array($query)) {
$ilist = array_map('trim', explode(',', $rcpt['ignoreu2u']));
if (!in_array($self['username'], $ilist) || X_ADMIN) {
$username = $db->escape_var($rcpt['username']);
db_u2u_insert($username, $xmbuser, 'incoming', $username, 'Inbox', $subject, $message, 'no', 'yes');
if ($self['saveogu2u'] == 'yes') {
db_u2u_insert($username, $xmbuser, 'outgoing', $xmbuser, 'Outbox', $subject, $message, 'no', 'yes');
}
$u2uid = (int) $u2uid;
if ($del == 'yes' && $u2uid > 0) {
$db->query("UPDATE ".X_PREFIX."u2u SET folder='Trash' WHERE u2uid='$u2uid' AND owner='$xmbuser'");
}
if ($rcpt['emailonu2u'] == 'yes' && $rcpt['status'] != 'Banned') {
$lang2 = loadPhrases(array('charset','textnewu2uemail','textnewu2ubody'));
$translate = $lang2[$rcpt['langfile']];
$u2uurl = $full_url.'u2u.php';
$rawusername = htmlspecialchars_decode($self['username'], ENT_QUOTES);
$rawaddress = htmlspecialchars_decode($rcpt['email'], ENT_QUOTES);
$rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES);
$headers = array();
$headers[] = smtpHeaderFrom($rawbbname, $adminemail);
$headers[] = 'X-Mailer: PHP';
$headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain;
$headers[] = 'X-AntiAbuse: Username - '.$rawusername;
$headers[] = 'Content-Type: text/plain; charset='.$translate['charset'];
$headers = implode("\r\n", $headers);
altMail($rawaddress, $translate['textnewu2uemail'], "$rawusername ".$translate['textnewu2ubody']." \n$u2uurl", $headers);
}
} else {
$errors = '<br />'.$lang['u2ublocked'];
}
} else {
$errors = '<br />'.$lang['badrcpt'];
}
$db->free_result($query);
return $errors;
}
function u2u_send($u2uid, $msgto, $subject, $message, $u2upreview) {
global $db, $self, $lang, $xmbuser, $SETTINGS, $del, $full_url;
global $u2uheader, $u2ufooter, $u2ucount, $u2uquota, $oToken;
global $altbg1, $altbg2, $bordercolor, $THEME, $tablespace, $cattext, $thewidth;
global $forward, $reply, $previewsubmit;
$dbsubject = $db->escape(addslashes($subject)); //message and subject were historically double-slashed
$dbmessage = $db->escape(addslashes($message));
$dbto = $db->escape_var($msgto);
$leftpane = '';
$del = ($del == 'yes') ? 'yes' : 'no';
$username = postedVar('username', 'javascript', TRUE, FALSE, TRUE, 'g'); //username is the param from u2u links on profiles.
if ($self['ban'] == 'u2u' || $self['ban'] == 'both') {
error($lang['textbanfromu2u'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
if (!X_STAFF && $u2ucount >= $u2uquota && $u2uquota > 0) {
error($lang['u2ureachedquota'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
if (onSubmit('savesubmit')) {
// fixed by John Briggs
$dbsubject = (empty($dbsubject) ? $db->escape_var($lang['textnosub']) : $dbsubject);
if (empty($message)) {
error($lang['u2uempty'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
db_u2u_insert('', '', 'draft', $xmbuser, 'Drafts', $dbsubject, $dbmessage, 'yes', 'no');
u2u_msg($lang['imsavedmsg'], $full_url.'u2u.php?folder=Drafts');
}
if (onSubmit('sendsubmit')) {
$errors = '';
// fixed by John Briggs
$dbsubject = (empty($dbsubject) ? $db->escape_var($lang['textnosub']) : $dbsubject);
// fixed lang variable use by John Briggs
if (empty($message)) {
error($lang['u2umsgempty'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
if ($db->result($db->query("SELECT count(u2uid) FROM ".X_PREFIX."u2u WHERE msgfrom='$xmbuser' AND dateline > ".(time()-$SETTINGS['floodctrl'])), 0) > 0) {
error($lang['floodprotect_u2u'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
$u2uid = (int) $_POST['u2uid'];
if (strstr($msgto, ',') && X_STAFF) {
$errors = u2u_send_multi_recp($dbto, $dbsubject, $dbmessage, $u2uid);
} else {
$errors = u2u_send_recp($dbto, $dbsubject, $dbmessage, $u2uid);
}
if (empty($errors)) {
u2u_msg($lang['imsentmsg'], $full_url.'u2u.php');
} else {
u2u_msg(substr($errors, 6) , $full_url.'u2u.php');
}
}
if ($u2uid > 0) {
$query = $db->query("SELECT subject, msgfrom, message FROM ".X_PREFIX."u2u WHERE u2uid='$u2uid' AND owner='$xmbuser'");
$quote = $db->fetch_array($query);
if ($quote) {
if (!isset($previewsubmit)) {
$prefixes = array($lang['textre'].' ', $lang['textfwd'].' ');
$subject = str_replace($prefixes, '', $quote['subject']);
$message = rawHTMLmessage(stripslashes($quote['message'])); //message and subject were historically double-slashed
if ($forward == 'yes') {
$subject = $lang['textfwd'].' '.$subject;
$message = '[quote][i]'.$lang['origpostedby'].' '.$quote['msgfrom']."[/i]\n".$message.'[/quote]';
} else if ($reply == 'yes') {
$subject = $lang['textre'].' '.$subject;
$message = '[quote]'.$message.'[/quote]';
$username = $quote['msgfrom'];
}
}
}
$db->free_result($query);
}
if (isset($previewsubmit)) {
$subject = rawHTMLsubject($subject);
$u2usubject = $subject;
$u2umessage = postify($message, "no", "", "yes", "no");
$message = rawHTMLmessage($message);
eval('$u2upreview = "'.template('u2u_send_preview').'";');
$username = $msgto;
}
eval('$leftpane = "'.template('u2u_send').'";');
return $leftpane;
}
function u2u_view($u2uid, $folders) {
global $db, $dateformat, $timecode, $timeoffset, $addtime, $lang, $self, $oToken, $xmbuser;
global $altbg1, $altbg2, $bordercolor, $THEME, $tablespace, $cattext, $thewidth, $full_url;
global $sendoptions, $u2uheader, $u2ufooter, $SETTINGS;
$delchecked = '';
$leftpane = '';
$u2uid = (int) $u2uid;
if (!($u2uid > 0)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php', true, false, false);
return;
}
$query = $db->query("SELECT u.*, m.avatar FROM ".X_PREFIX."u2u AS u LEFT JOIN ".X_PREFIX."members AS m ON u.msgfrom=m.username WHERE u2uid='$u2uid' AND owner='$xmbuser'");
$u2u = $db->fetch_array($query);
if ($u2u) {
$u2uavatar = '';
if ($u2u['type'] == 'incoming') {
$db->query("UPDATE ".X_PREFIX."u2u SET readstatus='yes' WHERE u2uid=$u2u[u2uid] OR (u2uid=$u2u[u2uid]+1 AND type='outgoing' AND msgto='$xmbuser')");
if ($SETTINGS['avastatus'] != 'off' And $u2u['avatar'] != '') {
$u2uavatar = '<br /><img src="'.$u2u['avatar'].'" />';
}
} else if ($u2u['type'] == 'draft') {
$db->query("UPDATE ".X_PREFIX."u2u SET readstatus='yes' WHERE u2uid=$u2u[u2uid]");
if ($SETTINGS['avastatus'] != 'off' And $self['avatar'] != '') {
$u2uavatar = '<br /><img src="'.$self['avatar'].'" />';
}
} else {
if ($SETTINGS['avastatus'] != 'off' And $self['avatar'] != '') {
$u2uavatar = '<br /><img src="'.$self['avatar'].'" />';
}
}
$adjTime = ($timeoffset * 3600) + ($addtime * 3600);
$u2udate = gmdate($dateformat, $u2u['dateline'] + $adjTime);
$u2utime = gmdate($timecode, $u2u['dateline'] + $adjTime);
$u2udateline = $u2udate.' '.$lang['textat'].' '.$u2utime;
$u2usubject = rawHTMLsubject(stripslashes($u2u['subject'])); //message and subject were historically double-slashed
$u2umessage = postify(stripslashes($u2u['message']), 'no', '', 'yes', 'no');
$u2ufolder = $u2u['folder'];
$u2ufrom = '<a href="member.php?action=viewpro&member='.recodeOut($u2u['msgfrom']).'" target="mainwindow">'.$u2u['msgfrom'].'</a>';
$u2uto = ($u2u['type'] == 'draft') ? $lang['textu2unotsent'] : '<a href="member.php?action=viewpro&member='.recodeOut($u2u['msgto']).'" target="mainwindow">'.$u2u['msgto'].'</a>';
if ($u2u['type'] == 'draft') {
$sendoptions = '<input type="radio" name="mod" value="send" /> '.$lang['textu2u'].'<br />';
$delchecked = ' checked="checked"';
} else if ($u2u['msgfrom'] != $self['username']) {
$sendoptions = '<input type="radio" name="mod" value="reply" checked="checked" /> '.$lang['textreply'].'<br /><input type="radio" name="mod" value="replydel" /> '.$lang['textreplytrash'].'<br /><input type="radio" name="mod" value="forward" /> '.$lang['textforward'].'<br />';
} else {
$delchecked = ' checked="checked"';
}
$mtofolder = array();
$mtofolder[] = '<select name="tofolder">';
$mtofolder[] = '<option value="">'.$lang['textpickfolder'].'</option>';
foreach($folders as $key => $value) {
if (is_numeric($key)) {
$key = $value;
}
$mtofolder[] = '<option value="'.$key.'">'.$value.'</option>';
}
$mtofolder[] = '</select>';
$mtofolder = implode("\n", $mtofolder);
} else {
error($lang['u2uadmin_noperm'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
$db->free_result($query);
eval('$leftpane = "'.template('u2u_view').'";');
return $leftpane;
}
function u2u_print($u2uid, $eMail = false) {
global $SETTINGS, $css, $db, $self, $timeoffset, $lang, $u2uheader, $full_url, $cookiedomain, $adminemail,
$u2ufooter, $dateformat, $timecode, $addtime, $charset, $bbname, $logo, $oToken, $xmbuser, $text;
$mailHeader = '';
$mailFooter = '';
$u2uid = (int) $u2uid;
if (!($u2uid > 0)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php', true, false, false);
return;
}
$query = $db->query("SELECT * FROM ".X_PREFIX."u2u WHERE u2uid='$u2uid' AND owner='$xmbuser'");
$u2u = $db->fetch_array($query);
$db->free_result($query);
if ($u2u) {
$adjTime = ($timeoffset * 3600) + ($addtime * 3600);
$u2udate = gmdate($dateformat, $u2u['dateline'] + $adjTime);
$u2utime = gmdate($timecode, $u2u['dateline'] + $adjTime);
$u2udateline = $u2udate.' '.$lang['textat'].' '.$u2utime;
$u2usubject = rawHTMLsubject(stripslashes($u2u['subject'])); //message and subject were historically double-slashed
$u2umessage = postify(stripslashes($u2u['message']), 'no', 'no', 'yes', 'no', 'yes', 'yes', false, "no", "yes");
$u2ufolder = $u2u['folder'];
$u2ufrom = $u2u['msgfrom'];
$u2uto = ($u2u['type'] == 'draft') ? $lang['textu2unotsent'] : $u2u['msgto'];
if ($eMail) {
eval('$mailHeader = "'.template('email_html_header').'";');
eval('$mailFooter = "'.template('email_html_footer').'";');
$email = $mailHeader.$lang['textsubject']." ".$u2usubject."<br />\n".$lang['textfrom']." ".$u2ufrom."<br />\n".$lang['textto']." ".$u2uto."<br />\n".$lang['textu2ufolder']." ".$u2ufolder."<br />\n".$lang['textsent']." ".$u2udateline."<br />\n<br />\n".$u2umessage."<br />\n<br />\n".$full_url.$mailFooter;
$rawemail = htmlspecialchars_decode($self['email'], ENT_QUOTES);
$rawuser = htmlspecialchars_decode($self['username'], ENT_QUOTES);
$rawbbname = htmlspecialchars_decode($bbname, ENT_NOQUOTES);
$headers = array();
$headers[] = smtpHeaderFrom($rawbbname, $adminemail);
$headers[] = 'X-Mailer: PHP';
$headers[] = 'X-AntiAbuse: Board servername - '.$cookiedomain;
$headers[] = 'X-AntiAbuse: Username - '.$rawuser;
$headers[] = 'Content-Type: text/html; charset='.$charset;
$headers = implode("\r\n", $headers);
$result = altMail($rawemail, $lang['textu2utoemail']." ".$u2usubject, $email, $headers);
u2u_msg($lang['textu2utoemailsent'], $full_url.'u2u.php?action=view&u2uid='.$u2uid);
} else {
eval('echo "'.template('u2u_printable').'";');
exit;
}
} else {
error($lang['u2uadmin_noperm'], false, $u2uheader, $u2ufooter, false, true, false, false);
}
}
function u2u_delete($u2uid, $folder) {
global $db, $self, $lang, $xmbuser, $u2uheader, $u2ufooter, $oToken, $full_url;
$u2uid = (int) $u2uid;
if (!($u2uid > 0)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php', true, false, false);
return;
}
if ($folder == "Trash") {
$db->query("DELETE FROM ".X_PREFIX."u2u WHERE u2uid='$u2uid' AND owner='$xmbuser'");
} else {
$db->query("UPDATE ".X_PREFIX."u2u SET folder='Trash' WHERE u2uid='$u2uid' AND owner='$xmbuser'");
}
u2u_msg($lang['imdeletedmsg'], $full_url.'u2u.php?folder='.recodeOut($folder));
}
function u2u_mod_delete($folder, $u2u_select) {
global $db, $self, $lang, $oToken, $xmbuser, $full_url;
$in = '';
foreach($u2u_select as $value) {
$value = (int) $value;
$in .= ($value > 0 ? (empty($in) ? "$value" : ", $value") : '');
}
if ($folder == "Trash") {
$db->query("DELETE FROM ".X_PREFIX."u2u WHERE u2uid IN($in) AND owner='$xmbuser'");
} else {
$db->query("UPDATE ".X_PREFIX."u2u SET folder='Trash' WHERE u2uid IN($in) AND owner='$xmbuser'");
}
u2u_msg($lang['imdeletedmsg'], $full_url.'u2u.php?folder='.recodeOut($folder));
}
function u2u_move($u2uid, $tofolder) {
global $db, $self, $lang, $u2uheader, $u2ufooter, $folders, $type, $folder, $oToken, $xmbuser, $full_url;
$u2uid = (int) $u2uid;
if (!($u2uid > 0)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php', true, false, false);
return;
}
if (empty($tofolder)) {
error($lang['textnofolder'], false, $u2uheader, $u2ufooter, $full_url."u2u.php?action=view&u2uid=$u2uid", true, false, false);
} else {
if (!(in_array($tofolder, $folders) || $tofolder == 'Inbox' || $tofolder == 'Outbox' || $tofolder == 'Drafts') || ($tofolder == 'Inbox' && ($type == 'draft' || $type == 'outgoing')) || ($tofolder == 'Outbox' && ($type == 'incoming' || $type == 'draft')) || ($tofolder == 'Drafts' && ($type == 'incoming' || $type == 'outgoing'))) {
error($lang['textcantmove'], false, $u2uheader, $u2ufooter, $full_url."u2u.php?action=view&u2uid=$u2uid", true, false, false);
}
$dbfolder = $db->escape_var($tofolder);
$db->query("UPDATE ".X_PREFIX."u2u SET folder='$dbfolder' WHERE u2uid='$u2uid' AND owner='$xmbuser'");
u2u_msg($lang['textmovesucc'], $full_url.'u2u.php?folder='.recodeOut($folder));
}
}
function u2u_mod_move($tofolder, $u2u_select) {
global $db, $self, $lang, $u2uheader, $u2ufooter, $folders, $oToken, $folder, $xmbuser, $full_url;
$in = '';
foreach($u2u_select as $value) {
$value = (int) $value;
if ($value > 0) {
$type = $GLOBALS['type'.$value];
if ((in_array($tofolder, $folders) || $tofolder == 'Inbox' || $tofolder == 'Outbox' || $tofolder == 'Drafts') && !($tofolder == 'Inbox' && ($type == 'draft' || $type == 'outgoing')) && !($tofolder == 'Outbox' && ($type == 'incoming' || $type == 'draft')) && !($tofolder == 'Drafts' && ($type == 'incoming' || $type == 'outgoing'))) {
$in .= (empty($in)) ? "$value" : ",$value";
}
}
}
if (empty($in)) {
error($lang['textcantmove'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php?folder='.recodeOut($folder), true, false, false);
return;
}
$dbfolder = $db->escape_var($tofolder);
$db->query("UPDATE ".X_PREFIX."u2u SET folder='$dbfolder' WHERE u2uid IN($in) AND owner='$xmbuser'");
u2u_msg($lang['textmovesucc'], $full_url.'u2u.php?folder='.recodeOut($folder));
}
function u2u_markUnread($u2uid, $folder, $type) {
global $db, $self, $lang, $u2uheader, $u2ufooter, $oToken, $xmbuser, $full_url;
$u2uid = (int) $u2uid;
if (!($u2uid > 0)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url."u2u.php", true, false, false);
return;
}
if (empty($folder)) {
error($lang['textnofolder'], false, $u2uheader, $u2ufooter, $full_url."u2u.php?action=view&u2uid=$u2uid", true, false, false);
return;
}
if ($type == 'outgoing') {
error($lang['textnomur'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php?folder='.recodeOut($folder), true, false, false);
}
$db->query("UPDATE ".X_PREFIX."u2u SET readstatus='no' WHERE u2uid=$u2uid AND owner='$xmbuser'");
u2u_msg($lang['textmarkedunread'], $full_url.'u2u.php?folder='.recodeOut($folder));
}
function u2u_mod_markUnread($folder, $u2u_select) {
global $db, $lang, $u2uheader, $u2ufooter, $self, $oToken, $xmbuser, $full_url;
if (empty($folder)) {
error($lang['textnofolder'], false, $u2uheader, $u2ufooter, $full_url."u2u.php?action=view&u2uid=$u2uid", true, false, false);
return;
}
if (empty($u2u_select)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php?folder='.recodeOut($folder), true, false, false);
return;
}
$in = '';
foreach($u2u_select as $value) {
$value = (int) $value;
if ($value > 0) {
if ($GLOBALS['type'.$value] != 'outgoing') {
$value = intval($value);
$in .= (empty($in)) ? "$value" : ",$value";
}
}
}
if (empty($in)) {
error($lang['textnonechosen'], false, $u2uheader, $u2ufooter, $full_url.'u2u.php?folder='.recodeOut($folder), true, false, false);
}
$db->query("UPDATE ".X_PREFIX."u2u SET readstatus='no' WHERE u2uid IN($in) AND owner='$xmbuser'");
u2u_msg($lang['textmarkedunread'], $full_url.'u2u.php?folder='.recodeOut($folder));
}
function u2u_folderSubmit($u2ufolders, $folders) {
global $db, $lang, $self, $farray, $oToken, $xmbuser, $full_url;
$error = '';
//Trim all folder names, remove all duplicates, CI due to absence of explicit column collation.
$newfolders = explode(',', $u2ufolders);
$testarray = array();
foreach($newfolders as $key => $value) {
$newfolders[$key] = trim($value);
if (empty($newfolders[$key]) Or in_array(strtolower($newfolders[$key]), $testarray) Or in_array(strtolower($newfolders[$key]), array('inbox', 'outbox', 'drafts', 'trash'))) {
unset($newfolders[$key]);
} else if (strlen($newfolders[$key]) > U2U_FOLDER_COL_SIZE) {
$newfolders[$key] = substr($newfolders[$key], 0, U2U_FOLDER_COL_SIZE);
$testarray[] = strtolower($newfolders[$key]);
} else {
$testarray[] = strtolower($newfolders[$key]);
}
}
//Prevent deleting non-empty custom folders
foreach($folders as $value) {
if (isset($farray[$value]) && $farray[$value] != 0 && !in_array($value, $newfolders) && !in_array($value, array('Inbox', 'Outbox', 'Drafts', 'Trash'))) {
$newfolders[] = $value;
$error .= (empty($error)) ? '<br />'.$lang['foldersupdateerror'].' '.$value : ', '.$value;
}
}
$u2ufolders = $db->escape(implode(', ', $newfolders));
$db->query("UPDATE ".X_PREFIX."members SET u2ufolders='$u2ufolders' WHERE username='$xmbuser'");
u2u_msg($lang['foldersupdate'].$error, $full_url.'u2u.php?folder=Inbox');
}
function u2u_ignore() {
global $self, $lang, $db, $oToken, $xmbuser, $full_url;
global $altbg1, $altbg2, $bordercolor, $THEME, $tablespace, $tablewidth, $cattext, $thewidth;
$leftpane = '';
if (onSubmit('ignoresubmit')) {
$ignorelist = postedVar('ignorelist');
$self['ignoreu2u'] = $ignorelist;
$db->query("UPDATE ".X_PREFIX."members SET ignoreu2u='" . $self['ignoreu2u'] . "' WHERE username='$xmbuser'");
u2u_msg($lang['ignoreupdate'], $full_url.'u2u.php?action=ignore');
} else {
eval('$leftpane = "'.template('u2u_ignore').'";');
}
return $leftpane;
}
function u2u_display($folder, $folders) {
global $db, $self, $lang, $xmbuser, $onlinetime;
global $altbg1, $altbg2, $bordercolor, $THEME, $tablespace, $tablewidth, $cattext, $thewidth;
global $addtime, $timeoffset, $dateformat, $timecode, $oToken;
$u2usin = '';
$u2usout = '';
$u2usdraft = '';
$leftpane = '';
$folderrecode = recodeOut($folder);
$folder = $db->escape_var($folder);
if (empty($folder)) {
$folder = "Inbox";
}
switch($folder) {
case 'Inbox':
$query = $db->query("SELECT u.u2uid, u.msgto, u.msgfrom, u.type, u.folder, u.subject, u.dateline, u.readstatus, m.username, m.invisible, m.lastvisit FROM ".X_PREFIX."u2u u LEFT JOIN ".X_PREFIX."members m ON u.msgfrom=m.username WHERE u.folder='$folder' AND u.owner='$xmbuser' ORDER BY dateline DESC");
break;
case 'Outbox':
case 'Drafts':
$query = $db->query("SELECT u.u2uid, u.msgto, u.msgfrom, u.type, u.folder, u.subject, u.dateline, u.readstatus, m.username, m.invisible, m.lastvisit FROM ".X_PREFIX."u2u u LEFT JOIN ".X_PREFIX."members m ON u.msgto=m.username WHERE u.folder='$folder' AND u.owner='$xmbuser' ORDER BY dateline DESC");
break;
default:
$query = $db->query(
"SELECT u.u2uid, u.msgto, u.msgfrom, u.type, u.folder, u.subject, u.dateline, u.readstatus, m.username, m.invisible, m.lastvisit FROM ".X_PREFIX."u2u u LEFT JOIN ".X_PREFIX."members m ON u.msgfrom=m.username WHERE u.folder='$folder' AND u.owner='$xmbuser' AND u.type='incoming' "
. "UNION ALL "
. "SELECT u.u2uid, u.msgto, u.msgfrom, u.type, u.folder, u.subject, u.dateline, u.readstatus, m.username, m.invisible, m.lastvisit FROM ".X_PREFIX."u2u u LEFT JOIN ".X_PREFIX."members m ON u.msgto=m.username WHERE u.folder='$folder' AND u.owner='$xmbuser' AND u.type IN ('outgoing','draft') "
. "ORDER BY dateline DESC"
);
break;
}
while($u2u = $db->fetch_array($query)) {
if ($u2u['readstatus'] == 'yes') {
$u2ureadstatus = $lang['textread'];
} else {
$u2ureadstatus = '<strong>'.$lang['textunread'].'</strong>';
}
if (empty($u2u['subject'])) {
$u2u['subject'] = '«'.$lang['textnosub'].'»';
}
$u2usubject = rawHTMLsubject(stripslashes($u2u['subject'])); //message and subject were historically double-slashed
if ($u2u['type'] == 'incoming' or $u2u['type'] == 'outgoing') {
if ($onlinetime - (int)$u2u['lastvisit'] <= X_ONLINE_TIMER) {
if ($u2u['invisible'] == 1) {
if (!X_ADMIN) {
$online = $lang['textoffline'];
} else {
$online = $lang['hidden'];
}
} else {
$online = $lang['textonline'];
}
} else {
$online = $lang['textoffline'];
}
if ($u2u['type'] == 'incoming') {
$u2uname = $u2u['msgfrom'];
} else {
$u2uname = $u2u['msgto'];
}
$u2usent = '<a href="member.php?action=viewpro&member='.recodeOut($u2uname).'"target="_blank">'.$u2uname.'</a> ('.$online.')';
} else if ($u2u['type'] == 'draft') {
$u2usent = $lang['textu2unotsent'];
}
$adjTime = ($timeoffset * 3600) + ($addtime * 3600);
$u2udate = gmdate($dateformat, $u2u['dateline'] + $adjTime);
$u2utime = gmdate($timecode, $u2u['dateline'] + $adjTime);
$u2udateline = "$u2udate $lang[textat] $u2utime";
switch($u2u['type']) {
case 'outgoing':
eval('$u2usout .= "'.template('u2u_row').'";');
break;
case 'draft':
eval('$u2usdraft .= "'.template('u2u_row').'";');
break;
case 'incoming':
default:
eval('$u2usin .= "'.template('u2u_row').'";');
break;
}
}
$db->free_result($query);
if (empty($u2usin)) {
eval('$u2usin = "'.template('u2u_row_none').'";');
}
if (empty($u2usout)) {
eval('$u2usout = "'.template('u2u_row_none').'";');
}
if (empty($u2usdraft)) {
eval('$u2usdraft = "'.template('u2u_row_none').'";');
}
switch($folder) {
case 'Outbox':
eval('$u2ulist = "'.template('u2u_outbox').'";');
break;
case 'Drafts':
eval('$u2ulist = "'.template('u2u_drafts').'";');
break;
case 'Inbox':
eval('$u2ulist = "'.template('u2u_inbox').'";');
break;
default:
eval('$u2ulist = "'.template('u2u_inbox').'<br />'.template('u2u_outbox').'<br />'.template('u2u_drafts').'";');
break;
}
$mtofolder = array();
$mtofolder[] = '<select name="tofolder">';
$mtofolder[] = '<option value="">'.$lang['textpickfolder'].'</option>';
foreach($folders as $key => $value) {
if (is_numeric($key)) {
$key = $value;
}
$mtofolder[] = '<option value="'.$key.'">'.$value.'</option>';
}
$mtofolder[] = '</select>';
$mtofolder = implode("\n", $mtofolder);
eval('$leftpane = "'.template('u2u_main').'";');
return $leftpane;
}
function u2u_folderList() {
global $db, $self, $lang, $altbg1, $oToken, $xmbuser;
global $folder, $folderlist, $folders, $farray; // <--- these are modified in here
$u2ucount = 0;
$folders = (empty($self['u2ufolders'])) ? array() : explode(",", $self['u2ufolders']);
foreach($folders as $key => $value) {
$folders[$key] = trim($value);
}
sort($folders);
$folders = array_merge(array('Inbox' => $lang['textu2uinbox'], 'Outbox' => $lang['textu2uoutbox']), $folders, array('Drafts' => $lang['textu2udrafts'], 'Trash' => $lang['textu2utrash']));
$query = $db->query("SELECT folder, count(u2uid) as count FROM ".X_PREFIX."u2u WHERE owner='$xmbuser' GROUP BY folder ORDER BY folder ASC");
$flist = array();
while($flist = $db->fetch_array($query)) {
$farray[$flist['folder']] = $flist['count'];
$u2ucount += $flist['count'];
}
$db->free_result($query);
$emptytrash = $folderlist = '';
foreach($folders as $link => $value) {
if (is_numeric($link)) {
$link = $value;
}
if ($link == $folder) {
$value = '<strong>'.$value.'</strong>';
}
$count = (empty($farray[$link])) ? 0 : $farray[$link];
if ($link == 'Trash') {
if ($count != 0) {
$emptytrash = ' (<a href="u2u.php?action=emptytrash">'.$lang['textemptytrash'].'</a>)';
}
}
$link = recodeOut($link);
eval('$folderlist .= "'.template('u2u_folderlink').'";');
}
return $u2ucount;
}
?>