MyBB PHP Cross Reference Discussion Forums

Source: /usercp.php - 3585 lines - 101088 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'usercp.php');
  14  
  15  $templatelist = "usercp,usercp_nav,usercp_profile,usercp_changename,usercp_email,usercp_password,usercp_subscriptions_thread,forumbit_depth2_forum_lastpost,usercp_forumsubscriptions_forum";
  16  $templatelist .= ",usercp_usergroups_memberof_usergroup,usercp_usergroups_memberof,usercp_usergroups_joinable_usergroup,usercp_usergroups_joinable,usercp_usergroups";
  17  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_usergroups_leader_usergroup,usercp_usergroups_leader,usercp_currentavatar,usercp_reputation";
  18  $templatelist .= ",usercp_attachments_attachment,usercp_attachments,usercp_profile_away,usercp_profile_customfield,usercp_profile_profilefields,usercp_profile_customtitle,usercp_forumsubscriptions_none";
  19  $templatelist .= ",usercp_forumsubscriptions,usercp_subscriptions_none,usercp_subscriptions,usercp_options_pms_from_buddys,usercp_options_tppselect,usercp_options_pppselect,usercp_options";
  20  $templatelist .= ",usercp_nav_editsignature,usercp_referrals,usercp_notepad,usercp_latest_threads_threads,forumdisplay_thread_gotounread,usercp_latest_threads,usercp_subscriptions_remove";
  21  $templatelist .= ",usercp_editsig_suspended,usercp_editsig,usercp_avatar_gallery_avatar,usercp_avatar_gallery_blankblock,usercp_avatar_gallery_noavatars,usercp_avatar_gallery,usercp_avatar_current";
  22  $templatelist .= ",usercp_avatar,usercp_editlists_userusercp_editlists,usercp_drafts_draft,usercp_drafts_none,usercp_drafts_submit,usercp_drafts,usercp_usergroups_joingroup,usercp_attachments_none";
  23  $templatelist .= ",usercp_warnings_warning,usercp_warnings,usercp_latest_subscribed_threads,usercp_latest_subscribed,usercp_nav_messenger_tracking,multipage_prevpage,multipage_start,multipage_end";
  24  $templatelist .= ",multipage_nextpage,multipage,multipage_page_current,codebuttons,smilieinsert_getmore,smilieinsert";
  25  
  26  require_once  "./global.php";
  27  require_once  MYBB_ROOT."inc/functions_post.php";
  28  require_once  MYBB_ROOT."inc/functions_user.php";
  29  require_once  MYBB_ROOT."inc/class_parser.php";
  30  $parser = new postParser;
  31  
  32  // Load global language phrases
  33  $lang->load("usercp");
  34  
  35  if($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0)
  36  {
  37      error_no_permission();
  38  }
  39  
  40  if(!$mybb->user['pmfolders'])
  41  {
  42      $mybb->user['pmfolders'] = "1**".$lang->folder_inbox."$%%$2**".$lang->folder_sent_items."$%%$3**".$lang->folder_drafts."$%%$4**".$lang->folder_trash;
  43      $db->update_query("users", array('pmfolders' => $mybb->user['pmfolders']), "uid='".$mybb->user['uid']."'");
  44  }
  45  
  46  $errors = '';
  47  
  48  if(!isset($mybb->input['action']))
  49  {
  50      $mybb->input['action'] = '';
  51  }
  52  
  53  $collapse_options = array('usercppms', 'usercpprofile', 'usercpmisc');
  54  foreach($collapse_options as $option)
  55  {
  56      if(!isset($collapsedimg[$option]))
  57      {
  58          $collapsedimg[$option] = '';
  59      }
  60      if(!isset($collapsed[$option.'_e']))
  61      {
  62          $collapsed[$option.'_e'] = '';
  63      }
  64  }
  65  
  66  usercp_menu();
  67  
  68  $plugins->run_hooks("usercp_start");
  69  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
  70  {
  71      $parser_options = array(
  72          'allow_html' => $mybb->settings['sightml'],
  73          'filter_badwords' => 1,
  74          'allow_mycode' => $mybb->settings['sigmycode'],
  75          'allow_smilies' => $mybb->settings['sigsmilies'],
  76          'allow_imgcode' => $mybb->settings['sigimgcode'],
  77          "filter_badwords" => 1
  78      );
  79      $parsed_sig = $parser->parse_message($mybb->input['signature'], $parser_options);
  80      if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&
  81          substr_count($parsed_sig, "<img") > 0) ||
  82          (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) &&
  83          substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages'])
  84      )
  85      {
  86          if($mybb->settings['sigimgcode'] == 1)
  87          {
  88              $imgsallowed = $mybb->settings['maxsigimages'];
  89          }
  90          else
  91          {
  92              $imgsallowed = 0;
  93          }
  94          $lang->too_many_sig_images2 = $lang->sprintf($lang->too_many_sig_images2, $imgsallowed);
  95          $error = inline_error($lang->too_many_sig_images." ".$lang->too_many_sig_images2);
  96          $mybb->input['preview'] = 1;
  97      }
  98      else if($mybb->settings['siglength'] > 0)
  99      {
 100          if($mybb->settings['sigcountmycode'] == 0)
 101          {
 102              $parsed_sig = $parser->text_parse_message($mybb->input['signature']);
 103          }
 104          else
 105          {
 106              $parsed_sig = $mybb->input['signature'];
 107          }
 108          $parsed_sig = preg_replace("#\s#", "", $parsed_sig);
 109          $sig_length = my_strlen($parsed_sig);
 110          if($sig_length > $mybb->settings['siglength'])
 111          {
 112              $lang->sig_too_long = $lang->sprintf($lang->sig_too_long, $mybb->settings['siglength']);
 113              if($sig_length - $mybb->settings['siglength'] > 1)
 114              {
 115                  $lang->sig_too_long .= $lang->sprintf($lang->sig_remove_chars_plural, $sig_length-$mybb->settings['siglength']);
 116              }
 117              else
 118              {
 119                  $lang->sig_too_long .= $lang->sig_remove_chars_singular;
 120              }
 121              $error = inline_error($lang->sig_too_long);
 122          }
 123      }
 124      if($error || $mybb->input['preview'])
 125      {
 126          $mybb->input['action'] = "editsig";
 127      }
 128  }
 129  
 130  // Make navigation
 131  add_breadcrumb($lang->nav_usercp, "usercp.php");
 132  
 133  switch($mybb->input['action'])
 134  {
 135      case "profile":
 136      case "do_profile":
 137          add_breadcrumb($lang->ucp_nav_profile);
 138          break;
 139      case "options":
 140      case "do_options":
 141          add_breadcrumb($lang->nav_options);
 142          break;
 143      case "email":
 144      case "do_email":
 145          add_breadcrumb($lang->nav_email);
 146          break;
 147      case "password":
 148      case "do_password":
 149          add_breadcrumb($lang->nav_password);
 150          break;
 151      case "changename":
 152      case "do_changename":
 153          add_breadcrumb($lang->nav_changename);
 154          break;
 155      case "subscriptions":
 156          add_breadcrumb($lang->ucp_nav_subscribed_threads);
 157          break;
 158      case "forumsubscriptions":
 159          add_breadcrumb($lang->ucp_nav_forum_subscriptions);
 160          break;
 161      case "editsig":
 162      case "do_editsig":
 163          add_breadcrumb($lang->nav_editsig);
 164          break;
 165      case "avatar":
 166      case "do_avatar":
 167          add_breadcrumb($lang->nav_avatar);
 168          break;
 169      case "notepad":
 170      case "do_notepad":
 171          add_breadcrumb($lang->ucp_nav_notepad);
 172          break;
 173      case "editlists":
 174      case "do_editlists":
 175          add_breadcrumb($lang->ucp_nav_editlists);
 176          break;
 177      case "drafts":
 178          add_breadcrumb($lang->ucp_nav_drafts);
 179          break;
 180      case "usergroups":
 181          add_breadcrumb($lang->ucp_nav_usergroups);
 182          break;
 183      case "attachments":
 184          add_breadcrumb($lang->ucp_nav_attachments);
 185          break;
 186  }
 187  
 188  if($mybb->input['action'] == "do_profile" && $mybb->request_method == "post")
 189  {
 190      // Verify incoming POST request
 191      verify_post_check($mybb->input['my_post_key']);
 192  
 193      $plugins->run_hooks("usercp_do_profile_start");
 194  
 195      if($mybb->input['away'] == 1 && $mybb->settings['allowaway'] != 0)
 196      {
 197          $awaydate = TIME_NOW;
 198          if($mybb->input['awayday'])
 199          {
 200              // If the user has indicated that they will return on a specific day, but not month or year, assume it is current month and year
 201              if(!$mybb->input['awaymonth'])
 202              {
 203                  $mybb->input['awaymonth'] = my_date('n', $awaydate);
 204              }
 205              if(!$mybb->input['awayyear'])
 206              {
 207                  $mybb->input['awayyear'] = my_date('Y', $awaydate);
 208              }
 209  
 210              $return_month = intval(substr($mybb->input['awaymonth'], 0, 2));
 211              $return_day = intval(substr($mybb->input['awayday'], 0, 2));
 212              $return_year = min(intval($mybb->input['awayyear']), 9999);
 213  
 214              // Check if return date is after the away date.
 215              $returntimestamp = gmmktime(0, 0, 0, $return_month, $return_day, $return_year);
 216              $awaytimestamp = gmmktime(0, 0, 0, my_date('n', $awaydate), my_date('j', $awaydate), my_date('Y', $awaydate));
 217              if($return_year < my_date('Y', $awaydate) || ($returntimestamp < $awaytimestamp && $return_year == my_date('Y', $awaydate)))
 218              {
 219                  error($lang->error_usercp_return_date_past);
 220              }
 221  
 222              $returndate = "{$return_day}-{$return_month}-{$return_year}";
 223          }
 224          else
 225          {
 226              $returndate = "";
 227          }
 228          $away = array(
 229              "away" => 1,
 230              "date" => $awaydate,
 231              "returndate" => $returndate,
 232              "awayreason" => $mybb->input['awayreason']
 233          );
 234      }
 235      else
 236      {
 237          $away = array(
 238              "away" => 0,
 239              "date" => '',
 240              "returndate" => '',
 241              "awayreason" => ''
 242          );
 243      }
 244  
 245      $bday = array(
 246          "day" => $mybb->input['bday1'],
 247          "month" => $mybb->input['bday2'],
 248          "year" => $mybb->input['bday3']
 249      );
 250  
 251      // Set up user handler.
 252      require_once  "inc/datahandlers/user.php";
 253      $userhandler = new UserDataHandler("update");
 254  
 255      $user = array(
 256          "uid" => $mybb->user['uid'],
 257          "website" => $mybb->input['website'],
 258          "icq" => intval($mybb->input['icq']),
 259          "aim" => $mybb->input['aim'],
 260          "yahoo" => $mybb->input['yahoo'],
 261          "msn" => $mybb->input['msn'],
 262          "birthday" => $bday,
 263          "birthdayprivacy" => $mybb->input['birthdayprivacy'],
 264          "away" => $away,
 265          "profile_fields" => $mybb->input['profile_fields']
 266      );
 267  
 268      if($mybb->usergroup['cancustomtitle'] == 1)
 269      {
 270          if($mybb->input['usertitle'] != '')
 271          {
 272              $user['usertitle'] = $mybb->input['usertitle'];
 273          }
 274          else if($mybb->input['reverttitle'])
 275          {
 276              $user['usertitle'] = '';
 277          }
 278      }
 279      $userhandler->set_data($user);
 280  
 281      if(!$userhandler->validate_user())
 282      {
 283          $errors = $userhandler->get_friendly_errors();
 284  
 285          // Set allowed value otherwise select options disappear
 286          if(in_array($lang->userdata_invalid_birthday_privacy, $errors))
 287          {
 288              $mybb->input['birthdayprivacy'] = 'none';
 289          }
 290  
 291          $errors = inline_error($errors);
 292          $mybb->input['action'] = "profile";
 293      }
 294      else
 295      {
 296          $userhandler->update_user();
 297  
 298          $plugins->run_hooks("usercp_do_profile_end");
 299          redirect("usercp.php", $lang->redirect_profileupdated);
 300      }
 301  }
 302  
 303  if($mybb->input['action'] == "profile")
 304  {
 305      if($errors)
 306      {
 307          $user = $mybb->input;
 308          $bday = array();
 309          $bday[0] = $mybb->input['bday1'];
 310          $bday[1] = $mybb->input['bday2'];
 311          $bday[2] = intval($mybb->input['bday3']);
 312      }
 313      else
 314      {
 315          $user = $mybb->user;
 316          $bday = explode("-", $user['birthday']);
 317      }
 318  
 319      $plugins->run_hooks("usercp_profile_start");
 320  
 321      $bdaysel = '';
 322      for($i = 1; $i <= 31; ++$i)
 323      {
 324          if($bday[0] == $i)
 325          {
 326              $bdaydaysel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
 327          }
 328          else
 329          {
 330              $bdaydaysel .= "<option value=\"$i\">$i</option>\n";
 331          }
 332      }
 333      $bdaymonthsel[$bday[1]] = 'selected="selected"';
 334  
 335      $bdayprivacysel = '';
 336      if($user['birthdayprivacy'] == 'all' || !$user['birthdayprivacy'])
 337      {
 338          $bdayprivacysel .= "<option value=\"all\" selected=\"selected\">{$lang->birthdayprivacyall}</option>\n";
 339          $bdayprivacysel .= "<option value=\"none\">{$lang->birthdayprivacynone}</option>\n";
 340          $bdayprivacysel .= "<option value=\"age\">{$lang->birthdayprivacyage}</option>";
 341      }
 342      else if($user['birthdayprivacy'] == 'none')
 343      {
 344          $bdayprivacysel .= "<option value=\"all\">{$lang->birthdayprivacyall}</option>\n";
 345          $bdayprivacysel .= "<option value=\"none\" selected=\"selected\">{$lang->birthdayprivacynone}</option>\n";
 346          $bdayprivacysel .= "<option value=\"age\">{$lang->birthdayprivacyage}</option>";
 347      }
 348      else if($user['birthdayprivacy'] == 'age')
 349      {
 350          $bdayprivacysel .= "<option value=\"all\">{$lang->birthdayprivacyall}</option>\n";
 351          $bdayprivacysel .= "<option value=\"none\">{$lang->birthdayprivacynone}</option>\n";
 352          $bdayprivacysel .= "<option value=\"age\" selected=\"selected\">{$lang->birthdayprivacyage}</option>";
 353      }
 354  
 355      if($user['website'] == "" || $user['website'] == "http://")
 356      {
 357          $user['website'] = "http://";
 358      }
 359      else
 360      {
 361          $user['website'] = htmlspecialchars_uni($user['website']);
 362      }
 363  
 364      if($user['icq'] != "0")
 365      {
 366          $user['icq'] = intval($user['icq']);
 367      }
 368      if($user['icq'] == 0)
 369      {
 370          $user['icq'] = "";
 371      }
 372      if($errors)
 373      {
 374          $user['msn'] = htmlspecialchars_uni($user['msn']);
 375          $user['aim'] = htmlspecialchars_uni($user['aim']);
 376          $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
 377      }
 378      if($mybb->settings['allowaway'] != 0)
 379      {
 380          if($errors)
 381          {
 382              if($user['away'] == 1)
 383              {
 384                  $awaycheck[1] = "checked=\"checked\"";
 385              }
 386              else
 387              {
 388                  $awaycheck[0] = "checked=\"checked\"";
 389              }
 390              $returndate = array();
 391              $returndate[0] = $mybb->input['awayday'];
 392              $returndate[1] = $mybb->input['awaymonth'];
 393              $returndate[2] = intval($mybb->input['awayyear']);
 394              $user['awayreason'] = htmlspecialchars_uni($mybb->input['awayreason']);
 395          }
 396          else
 397          {
 398              $user['awayreason'] = htmlspecialchars_uni($user['awayreason']);
 399              if($mybb->user['away'] == 1)
 400              {
 401                  $awaydate = my_date($mybb->settings['dateformat'], $mybb->user['awaydate']);
 402                  $awaycheck[1] = "checked=\"checked\"";
 403                  $awaynotice = $lang->sprintf($lang->away_notice_away, $awaydate);
 404              }
 405              else
 406              {
 407                  $awaynotice = $lang->away_notice;
 408                  $awaycheck[0] = "checked=\"checked\"";
 409              }
 410              $returndate = explode("-", $mybb->user['returndate']);
 411          }
 412          $returndatesel = '';
 413          for($i = 1; $i <= 31; ++$i)
 414          {
 415              if($returndate[0] == $i)
 416              {
 417                  $returndatesel .= "<option value=\"$i\" selected=\"selected\">$i</option>\n";
 418              }
 419              else
 420              {
 421                  $returndatesel .= "<option value=\"$i\">$i</option>\n";
 422              }
 423          }
 424          $returndatemonthsel[$returndate[1]] = "selected";
 425  
 426          eval("\$awaysection = \"".$templates->get("usercp_profile_away")."\";");
 427      }
 428      // Custom profile fields baby!
 429      $altbg = "trow1";
 430      $requiredfields = '';
 431      $customfields = '';
 432      $query = $db->simple_select("profilefields", "*", "editable=1", array('order_by' => 'disporder'));
 433      while($profilefield = $db->fetch_array($query))
 434      {
 435          // Does this field have a minimum post count?
 436          if($profilefield['postnum'] && $profilefield['postnum'] > $user['postnum'])
 437          {
 438              continue;
 439          }
 440  
 441          $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 442          $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 443          $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 444          $thing = explode("\n", $profilefield['type'], "2");
 445          $type = $thing[0];
 446          $options = $thing[1];
 447          $field = "fid{$profilefield['fid']}";
 448          $select = '';
 449          if($errors)
 450          {
 451              $userfield = $mybb->input['profile_fields'][$field];
 452          }
 453          else
 454          {
 455              $userfield = $user[$field];
 456          }
 457          if($type == "multiselect")
 458          {
 459              if($errors)
 460              {
 461                  $useropts = $userfield;
 462              }
 463              else
 464              {
 465                  $useropts = explode("\n", $userfield);
 466              }
 467              if(is_array($useropts))
 468              {
 469                  foreach($useropts as $key => $val)
 470                  {
 471                      $val = htmlspecialchars_uni($val);
 472                      $seloptions[$val] = $val;
 473                  }
 474              }
 475              $expoptions = explode("\n", $options);
 476              if(is_array($expoptions))
 477              {
 478                  foreach($expoptions as $key => $val)
 479                  {
 480                      $val = trim($val);
 481                      $val = str_replace("\n", "\\n", $val);
 482  
 483                      $sel = "";
 484                      if($val == $seloptions[$val])
 485                      {
 486                          $sel = " selected=\"selected\"";
 487                      }
 488                      $select .= "<option value=\"$val\"$sel>$val</option>\n";
 489                  }
 490                  if(!$profilefield['length'])
 491                  {
 492                      $profilefield['length'] = 3;
 493                  }
 494                  $code = "<select name=\"profile_fields[$field][]\" size=\"{$profilefield['length']}\" multiple=\"multiple\">$select</select>";
 495              }
 496          }
 497          elseif($type == "select")
 498          {
 499              $expoptions = explode("\n", $options);
 500              if(is_array($expoptions))
 501              {
 502                  foreach($expoptions as $key => $val)
 503                  {
 504                      $val = trim($val);
 505                      $val = str_replace("\n", "\\n", $val);
 506                      $sel = "";
 507                      if($val == htmlspecialchars_uni($userfield))
 508                      {
 509                          $sel = " selected=\"selected\"";
 510                      }
 511                      $select .= "<option value=\"$val\"$sel>$val</option>";
 512                  }
 513                  if(!$profilefield['length'])
 514                  {
 515                      $profilefield['length'] = 1;
 516                  }
 517                  $code = "<select name=\"profile_fields[$field]\" size=\"{$profilefield['length']}\">$select</select>";
 518              }
 519          }
 520          elseif($type == "radio")
 521          {
 522              $expoptions = explode("\n", $options);
 523              if(is_array($expoptions))
 524              {
 525                  foreach($expoptions as $key => $val)
 526                  {
 527                      $checked = "";
 528                      if($val == $userfield)
 529                      {
 530                          $checked = " checked=\"checked\"";
 531                      }
 532                      $code .= "<input type=\"radio\" class=\"radio\" name=\"profile_fields[$field]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />";
 533                  }
 534              }
 535          }
 536          elseif($type == "checkbox")
 537          {
 538              if($errors)
 539              {
 540                  $useropts = $userfield;
 541              }
 542              else
 543              {
 544                  $useropts = explode("\n", $userfield);
 545              }
 546              if(is_array($useropts))
 547              {
 548                  foreach($useropts as $key => $val)
 549                  {
 550                      $seloptions[$val] = $val;
 551                  }
 552              }
 553              $expoptions = explode("\n", $options);
 554              if(is_array($expoptions))
 555              {
 556                  foreach($expoptions as $key => $val)
 557                  {
 558                      $checked = "";
 559                      if($val == $seloptions[$val])
 560                      {
 561                          $checked = " checked=\"checked\"";
 562                      }
 563                      $code .= "<input type=\"checkbox\" class=\"checkbox\" name=\"profile_fields[$field][]\" value=\"$val\"$checked /> <span class=\"smalltext\">$val</span><br />";
 564                  }
 565              }
 566          }
 567          elseif($type == "textarea")
 568          {
 569              $value = htmlspecialchars_uni($userfield);
 570              $code = "<textarea name=\"profile_fields[$field]\" rows=\"6\" cols=\"30\" style=\"width: 95%\">$value</textarea>";
 571          }
 572          else
 573          {
 574              $value = htmlspecialchars_uni($userfield);
 575              $maxlength = "";
 576              if($profilefield['maxlength'] > 0)
 577              {
 578                  $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
 579              }
 580              $code = "<input type=\"text\" name=\"profile_fields[$field]\" class=\"textbox\" size=\"{$profilefield['length']}\"{$maxlength} value=\"$value\" />";
 581          }
 582          if($profilefield['required'] == 1)
 583          {
 584              eval("\$requiredfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 585          }
 586          else
 587          {
 588              eval("\$customfields .= \"".$templates->get("usercp_profile_customfield")."\";");
 589          }
 590          $altbg = alt_trow();
 591          $code = "";
 592          $select = "";
 593          $val = "";
 594          $options = "";
 595          $expoptions = "";
 596          $useropts = "";
 597          $seloptions = "";
 598      }
 599      if($customfields)
 600      {
 601          eval("\$customfields = \"".$templates->get("usercp_profile_profilefields")."\";");
 602      }
 603  
 604      if($mybb->usergroup['cancustomtitle'] == 1)
 605      {
 606          if($mybb->usergroup['usertitle'] == "")
 607          {
 608              $defaulttitle = '';
 609              $usertitles = $cache->read('usertitles');
 610  
 611              foreach($usertitles as $title)
 612              {
 613                  if($title['posts'] <= $mybb->user['postnum'])
 614                  {
 615                      $defaulttitle = $title['title'];
 616                      break;
 617                  }
 618              }
 619          }
 620          else
 621          {
 622              $defaulttitle = $mybb->usergroup['usertitle'];
 623          }
 624  
 625          if(trim($user['usertitle']) == '')
 626          {
 627              $lang->current_custom_usertitle = '';
 628          }
 629          else
 630          {
 631              if($errors)
 632              {
 633                  $newtitle = htmlspecialchars_uni($user['usertitle']);
 634                  $user['usertitle'] = $mybb->user['usertitle'];
 635              }
 636          }
 637          eval("\$customtitle = \"".$templates->get("usercp_profile_customtitle")."\";");
 638      }
 639      else
 640      {
 641          $customtitle = "";
 642      }
 643  
 644      $plugins->run_hooks("usercp_profile_end");
 645  
 646      eval("\$editprofile = \"".$templates->get("usercp_profile")."\";");
 647      output_page($editprofile);
 648  }
 649  
 650  if($mybb->input['action'] == "do_options" && $mybb->request_method == "post")
 651  {
 652      // Verify incoming POST request
 653      verify_post_check($mybb->input['my_post_key']);
 654  
 655      $plugins->run_hooks("usercp_do_options_start");
 656  
 657      // Set up user handler.
 658      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 659      $userhandler = new UserDataHandler("update");
 660  
 661      $user = array(
 662          "uid" => $mybb->user['uid'],
 663          "style" => intval($mybb->input['style']),
 664          "dateformat" => intval($mybb->input['dateformat']),
 665          "timeformat" => intval($mybb->input['timeformat']),
 666          "timezone" => $db->escape_string($mybb->input['timezoneoffset']),
 667          "language" => $mybb->input['language']
 668      );
 669  
 670      $user['options'] = array(
 671          "allownotices" => $mybb->input['allownotices'],
 672          "hideemail" => $mybb->input['hideemail'],
 673          "subscriptionmethod" => $mybb->input['subscriptionmethod'],
 674          "invisible" => $mybb->input['invisible'],
 675          "dstcorrection" => $mybb->input['dstcorrection'],
 676          "threadmode" => $mybb->input['threadmode'],
 677          "showsigs" => $mybb->input['showsigs'],
 678          "showavatars" => $mybb->input['showavatars'],
 679          "showquickreply" => $mybb->input['showquickreply'],
 680          "receivepms" => $mybb->input['receivepms'],
 681          "pmnotice" => $mybb->input['pmnotice'],
 682          "receivefrombuddy" => $mybb->input['receivefrombuddy'],
 683          "daysprune" => $mybb->input['daysprune'],
 684          "showcodebuttons" => intval($mybb->input['showcodebuttons']),
 685          "pmnotify" => $mybb->input['pmnotify'],
 686          "showredirect" => $mybb->input['showredirect'],
 687          "classicpostbit" => $mybb->input['classicpostbit']
 688      );
 689  
 690      if($mybb->settings['usertppoptions'])
 691      {
 692          $user['options']['tpp'] = intval($mybb->input['tpp']);
 693      }
 694  
 695      if($mybb->settings['userpppoptions'])
 696      {
 697          $user['options']['ppp'] = intval($mybb->input['ppp']);
 698      }
 699  
 700      $userhandler->set_data($user);
 701  
 702  
 703      if(!$userhandler->validate_user())
 704      {
 705          $errors = $userhandler->get_friendly_errors();
 706          $errors = inline_error($errors);
 707          $mybb->input['action'] = "options";
 708      }
 709      else
 710      {
 711          $userhandler->update_user();
 712  
 713          $plugins->run_hooks("usercp_do_options_end");
 714  
 715          redirect("usercp.php", $lang->redirect_optionsupdated);
 716      }
 717  }
 718  
 719  if($mybb->input['action'] == "options")
 720  {
 721      $plugins->run_hooks("usercp_options_start");
 722  
 723      if($errors != '')
 724      {
 725          $user = $mybb->input;
 726      }
 727      else
 728      {
 729          $user = $mybb->user;
 730      }
 731      $languages = $lang->get_languages();
 732      $langoptions = '';
 733      foreach($languages as $lname => $language)
 734      {
 735          $sel = "";
 736          if($user['language'] == $lname)
 737          {
 738              $sel = " selected=\"selected\"";
 739          }
 740          $langoptions .= "<option value=\"$lname\"$sel>".htmlspecialchars_uni($language)."</option>\n";
 741      }
 742  
 743      // Lets work out which options the user has selected and check the boxes
 744      if($user['allownotices'] == 1)
 745      {
 746          $allownoticescheck = "checked=\"checked\"";
 747      }
 748      else
 749      {
 750          $allownoticescheck = "";
 751      }
 752  
 753      if($user['invisible'] == 1)
 754      {
 755          $invisiblecheck = "checked=\"checked\"";
 756      }
 757      else
 758      {
 759          $invisiblecheck = "";
 760      }
 761  
 762      if($user['hideemail'] == 1)
 763      {
 764          $hideemailcheck = "checked=\"checked\"";
 765      }
 766      else
 767      {
 768          $hideemailcheck = "";
 769      }
 770  
 771      if($user['subscriptionmethod'] == 1)
 772      {
 773          $no_email_subscribe_selected = "selected=\"selected\"";
 774      }
 775      else if($user['subscriptionmethod'] == 2)
 776      {
 777          $instant_email_subscribe_selected = "selected=\"selected\"";
 778      }
 779      else
 780  
 781      {
 782          $no_subscribe_selected = "selected=\"selected\"";
 783      }
 784  
 785      if($user['showsigs'] == 1)
 786      {
 787          $showsigscheck = "checked=\"checked\"";
 788      }
 789      else
 790      {
 791          $showsigscheck = "";
 792      }
 793  
 794      if($user['showavatars'] == 1)
 795      {
 796          $showavatarscheck = "checked=\"checked\"";
 797      }
 798      else
 799      {
 800          $showavatarscheck = "";
 801      }
 802  
 803      if($user['showquickreply'] == 1)
 804      {
 805          $showquickreplycheck = "checked=\"checked\"";
 806      }
 807      else
 808      {
 809          $showquickreplycheck = "";
 810      }
 811  
 812      if($user['receivepms'] == 1)
 813      {
 814          $receivepmscheck = "checked=\"checked\"";
 815      }
 816      else
 817      {
 818          $receivepmscheck = "";
 819      }
 820  
 821      if($user['receivefrombuddy'] == 1)
 822      {
 823          $receivefrombuddycheck = "checked=\"checked\"";
 824      }
 825      else
 826      {
 827          $receivefrombuddycheck = "";
 828      }
 829  
 830      if($user['pmnotice'] == 1 || $user['pmnotice'] == 2)
 831      {
 832          $pmnoticecheck = " checked=\"checked\"";
 833      }
 834      else
 835      {
 836          $pmnoticecheck = "";
 837      }
 838  
 839      if($user['dstcorrection'] == 2)
 840      {
 841          $dst_auto_selected = "selected=\"selected\"";
 842      }
 843      else if($user['dstcorrection'] == 1)
 844      {
 845          $dst_enabled_selected = "selected=\"selected\"";
 846      }
 847      else
 848      {
 849          $dst_disabled_selected = "selected=\"selected\"";
 850      }
 851  
 852      if($user['showcodebuttons'] == 1)
 853      {
 854          $showcodebuttonscheck = "checked=\"checked\"";
 855      }
 856      else
 857      {
 858          $showcodebuttonscheck = "";
 859      }
 860  
 861      if($user['showredirect'] != 0)
 862      {
 863          $showredirectcheck = "checked=\"checked\"";
 864      }
 865      else
 866      {
 867          $showredirectcheck = "";
 868      }
 869  
 870      if($user['pmnotify'] != 0)
 871      {
 872          $pmnotifycheck = "checked=\"checked\"";
 873      }
 874      else
 875      {
 876          $pmnotifycheck = '';
 877      }
 878  
 879  
 880      if($user['threadmode'] != "threaded" && $user['threadmode'] != "linear")
 881      {
 882          $user['threadmode'] = ''; // Leave blank to show default
 883      }
 884  
 885      if($user['classicpostbit'] != 0)
 886      {
 887          $classicpostbitcheck = "checked=\"checked\"";
 888      }
 889      else
 890      {
 891          $classicpostbitcheck = '';
 892      }
 893  
 894  
 895      $date_format_options = "<option value=\"0\">{$lang->use_default}</option>";
 896      foreach($date_formats as $key => $format)
 897      {
 898          if($user['dateformat'] == $key)
 899          {
 900              $date_format_options .= "<option value=\"$key\" selected=\"selected\">".my_date($format, TIME_NOW, "", 0)."</option>";
 901          }
 902          else
 903          {
 904              $date_format_options .= "<option value=\"$key\">".my_date($format, TIME_NOW, "", 0)."</option>";
 905          }
 906      }
 907  
 908      $time_format_options = "<option value=\"0\">{$lang->use_default}</option>";
 909      foreach($time_formats as $key => $format)
 910      {
 911          if($user['timeformat'] == $key)
 912          {
 913              $time_format_options .= "<option value=\"$key\" selected=\"selected\">".my_date($format, TIME_NOW, "", 0)."</option>";
 914          }
 915          else
 916          {
 917              $time_format_options .= "<option value=\"$key\">".my_date($format, TIME_NOW, "", 0)."</option>";
 918          }
 919      }
 920  
 921      $tzselect = build_timezone_select("timezoneoffset", $mybb->user['timezone'], true);
 922  
 923      if($mybb->settings['allowbuddyonly'] == 1)
 924      {
 925          eval("\$pms_from_buddys = \"".$templates->get("usercp_options_pms_from_buddys")."\";");
 926      }
 927  
 928      $threadview[$user['threadmode']] = 'selected="selected"';
 929      $daysprunesel[$user['daysprune']] = 'selected="selected"';
 930      $stylelist = build_theme_select("style", $user['style']);
 931      if($mybb->settings['usertppoptions'])
 932      {
 933          $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 934          $tppoptions = '';
 935          if(is_array($explodedtpp))
 936          {
 937              foreach($explodedtpp as $key => $val)
 938              {
 939                  $val = trim($val);
 940                  $selected = "";
 941                  if($user['tpp'] == $val)
 942                  {
 943                      $selected = "selected=\"selected\"";
 944                  }
 945                  $tppoptions .= "<option value=\"$val\" $selected>".$lang->sprintf($lang->tpp_option, $val)."</option>\n";
 946              }
 947          }
 948          eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 949      }
 950      if($mybb->settings['userpppoptions'])
 951      {
 952          $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 953          $pppoptions = '';
 954          if(is_array($explodedppp))
 955          {
 956              foreach($explodedppp as $key => $val)
 957              {
 958                  $val = trim($val);
 959                  $selected = "";
 960                  if($user['ppp'] == $val)
 961                  {
 962                      $selected = "selected=\"selected\"";
 963                  }
 964                  $pppoptions .= "<option value=\"$val\" $selected>".$lang->sprintf($lang->ppp_option, $val)."</option>\n";
 965              }
 966          }
 967          eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 968      }
 969  
 970      $plugins->run_hooks("usercp_options_end");
 971  
 972      eval("\$editprofile = \"".$templates->get("usercp_options")."\";");
 973      output_page($editprofile);
 974  }
 975  
 976  if($mybb->input['action'] == "do_email" && $mybb->request_method == "post")
 977  {
 978      // Verify incoming POST request
 979      verify_post_check($mybb->input['my_post_key']);
 980  
 981      $errors = array();
 982  
 983      $plugins->run_hooks("usercp_do_email_start");
 984      if(validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false)
 985      {
 986          $errors[] = $lang->error_invalidpassword;
 987      }
 988      else
 989      {
 990          // Set up user handler.
 991          require_once  "inc/datahandlers/user.php";
 992          $userhandler = new UserDataHandler("update");
 993  
 994          $user = array(
 995              "uid" => $mybb->user['uid'],
 996              "email" => $mybb->input['email'],
 997              "email2" => $mybb->input['email2']
 998          );
 999  
1000          $userhandler->set_data($user);
1001  
1002          if(!$userhandler->validate_user())
1003          {
1004              $errors = $userhandler->get_friendly_errors();
1005          }
1006          else
1007          {
1008              if($mybb->user['usergroup'] != "5" && $mybb->usergroup['cancp'] != 1)
1009              {
1010                  $activationcode = random_str();
1011                  $now = TIME_NOW;
1012                  $db->delete_query("awaitingactivation", "uid='".$mybb->user['uid']."'");
1013                  $newactivation = array(
1014                      "uid" => $mybb->user['uid'],
1015                      "dateline" => TIME_NOW,
1016                      "code" => $activationcode,
1017                      "type" => "e",
1018                      "oldgroup" => $mybb->user['usergroup'],
1019                      "misc" => $db->escape_string($mybb->input['email'])
1020                  );
1021                  $db->insert_query("awaitingactivation", $newactivation);
1022  
1023                  $username = $mybb->user['username'];
1024                  $uid = $mybb->user['uid'];
1025                  $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
1026                  $lang->email_changeemail = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->input['email'], $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
1027                  my_mail($mybb->input['email'], $lang->emailsubject_changeemail, $lang->email_changeemail);
1028  
1029                  $plugins->run_hooks("usercp_do_email_verify");
1030                  error($lang->redirect_changeemail_activation);
1031              }
1032              else
1033              {
1034                  $userhandler->update_user();
1035                  $plugins->run_hooks("usercp_do_email_changed");
1036                  redirect("usercp.php", $lang->redirect_emailupdated);
1037              }
1038          }
1039      }
1040      if(count($errors) > 0)
1041      {
1042              $mybb->input['action'] = "email";
1043              $errors = inline_error($errors);
1044      }
1045  }
1046  
1047  if($mybb->input['action'] == "email")
1048  {
1049      // Coming back to this page after one or more errors were experienced, show fields the user previously entered (with the exception of the password)
1050      if($errors)
1051      {
1052          $email = htmlspecialchars_uni($mybb->input['email']);
1053          $email2 = htmlspecialchars_uni($mybb->input['email2']);
1054      }
1055      else
1056      {
1057          $email = $email2 = '';
1058      }
1059  
1060      $plugins->run_hooks("usercp_email");
1061  
1062      eval("\$changemail = \"".$templates->get("usercp_email")."\";");
1063      output_page($changemail);
1064  }
1065  
1066  if($mybb->input['action'] == "do_password" && $mybb->request_method == "post")
1067  {
1068      // Verify incoming POST request
1069      verify_post_check($mybb->input['my_post_key']);
1070  
1071      $errors = array();
1072  
1073      $plugins->run_hooks("usercp_do_password_start");
1074      if(validate_password_from_uid($mybb->user['uid'], $mybb->input['oldpassword']) == false)
1075      {
1076          $errors[] = $lang->error_invalidpassword;
1077      }
1078      else
1079      {
1080          // Set up user handler.
1081          require_once  "inc/datahandlers/user.php";
1082          $userhandler = new UserDataHandler("update");
1083  
1084          $user = array(
1085              "uid" => $mybb->user['uid'],
1086              "password" => $mybb->input['password'],
1087              "password2" => $mybb->input['password2']
1088          );
1089  
1090          $userhandler->set_data($user);
1091  
1092          if(!$userhandler->validate_user())
1093          {
1094              $errors = $userhandler->get_friendly_errors();
1095          }
1096          else
1097          {
1098              $userhandler->update_user();
1099              my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey']);
1100              $plugins->run_hooks("usercp_do_password_end");
1101              redirect("usercp.php", $lang->redirect_passwordupdated);
1102          }
1103      }
1104      if(count($errors) > 0)
1105      {
1106              $mybb->input['action'] = "password";
1107              $errors = inline_error($errors);
1108      }
1109  }
1110  
1111  if($mybb->input['action'] == "password")
1112  {
1113      $plugins->run_hooks("usercp_password");
1114  
1115      eval("\$editpassword = \"".$templates->get("usercp_password")."\";");
1116      output_page($editpassword);
1117  }
1118  
1119  if($mybb->input['action'] == "do_changename" && $mybb->request_method == "post")
1120  {
1121      // Verify incoming POST request
1122      verify_post_check($mybb->input['my_post_key']);
1123  
1124      $plugins->run_hooks("usercp_do_changename_start");
1125      if($mybb->usergroup['canchangename'] != 1)
1126      {
1127          error_no_permission();
1128      }
1129  
1130      if(validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false)
1131      {
1132          $errors[] = $lang->error_invalidpassword;
1133      }
1134      else
1135      {
1136          // Set up user handler.
1137          require_once  "inc/datahandlers/user.php";
1138          $userhandler = new UserDataHandler("update");
1139  
1140          $user = array(
1141              "uid" => $mybb->user['uid'],
1142              "username" => $mybb->input['username']
1143          );
1144  
1145          $userhandler->set_data($user);
1146  
1147          if(!$userhandler->validate_user())
1148          {
1149              $errors = $userhandler->get_friendly_errors();
1150          }
1151          else
1152          {
1153              $userhandler->update_user();
1154              $plugins->run_hooks("usercp_do_changename_end");
1155              redirect("usercp.php", $lang->redirect_namechanged);
1156  
1157          }
1158      }
1159      if(count($errors) > 0)
1160      {
1161          $errors = inline_error($errors);
1162          $mybb->input['action'] = "changename";
1163      }
1164  }
1165  
1166  if($mybb->input['action'] == "changename")
1167  {
1168      $plugins->run_hooks("usercp_changename_start");
1169      if($mybb->usergroup['canchangename'] != 1)
1170      {
1171          error_no_permission();
1172      }
1173  
1174      $plugins->run_hooks("usercp_changename_end");
1175  
1176      eval("\$changename = \"".$templates->get("usercp_changename")."\";");
1177      output_page($changename);
1178  }
1179  
1180  if($mybb->input['action'] == "do_subscriptions")
1181  {
1182      // Verify incoming POST request
1183      verify_post_check($mybb->input['my_post_key']);
1184  
1185      $plugins->run_hooks("usercp_do_subscriptions_start");
1186  
1187      if(!is_array($mybb->input['check']))
1188      {
1189          error($lang->no_subscriptions_selected);
1190      }
1191  
1192      // Clean input - only accept integers thanks!
1193      $mybb->input['check'] = array_map('intval', $mybb->input['check']);
1194      $tids = implode(",", $mybb->input['check']);
1195  
1196      // Deleting these subscriptions?
1197      if($mybb->input['do'] == "delete")
1198      {
1199          $db->delete_query("threadsubscriptions", "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1200      }
1201      // Changing subscription type
1202      else
1203      {
1204          if($mybb->input['do'] == "no_notification")
1205          {
1206              $new_notification = 0;
1207          }
1208          else if($mybb->input['do'] == "instant_notification")
1209          {
1210              $new_notification = 1;
1211          }
1212  
1213          // Update
1214          $update_array = array("notification" => $new_notification);
1215          $db->update_query("threadsubscriptions", $update_array, "tid IN ($tids) AND uid='{$mybb->user['uid']}'");
1216      }
1217  
1218      // Done, redirect
1219      redirect("usercp.php?action=subscriptions", $lang->redirect_subscriptions_updated);
1220  }
1221  
1222  if($mybb->input['action'] == "subscriptions")
1223  {
1224      $plugins->run_hooks("usercp_subscriptions_start");
1225  
1226      // Thread visiblity
1227      $visible = "AND t.visible != 0";
1228      if(is_moderator() == true)
1229      {
1230          $visible = '';
1231      }
1232  
1233      // Do Multi Pages
1234      $query = $db->query("
1235          SELECT COUNT(ts.tid) as threads
1236          FROM ".TABLE_PREFIX."threadsubscriptions ts
1237          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = ts.tid)
1238          WHERE ts.uid = '".$mybb->user['uid']."' {$visible}
1239      ");
1240      $threadcount = $db->fetch_field($query, "threads");
1241  
1242      if(!$mybb->settings['threadsperpage'])
1243      {
1244          $mybb->settings['threadsperpage'] = 20;
1245      }
1246  
1247      $perpage = $mybb->settings['threadsperpage'];
1248      $page = intval($mybb->input['page']);
1249      if($page > 0)
1250      {
1251          $start = ($page-1) * $perpage;
1252          $pages = $threadcount / $perpage;
1253          $pages = ceil($pages);
1254          if($page > $pages || $page <= 0)
1255          {
1256              $start = 0;
1257              $page = 1;
1258          }
1259      }
1260      else
1261      {
1262          $start = 0;
1263          $page = 1;
1264      }
1265      $end = $start + $perpage;
1266      $lower = $start+1;
1267      $upper = $end;
1268      if($upper > $threadcount)
1269      {
1270          $upper = $threadcount;
1271      }
1272      $multipage = multipage($threadcount, $perpage, $page, "usercp.php?action=subscriptions");
1273      $fpermissions = forum_permissions();
1274  
1275      // Fetch subscriptions
1276      $query = $db->query("
1277          SELECT s.*, t.*, t.username AS threadusername, u.username, p.displaystyle AS threadprefix
1278          FROM ".TABLE_PREFIX."threadsubscriptions s
1279          LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
1280          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
1281          LEFT JOIN ".TABLE_PREFIX."threadprefixes p ON (p.pid=t.prefix)
1282          WHERE s.uid='".$mybb->user['uid']."' {$visible}
1283          ORDER BY t.lastpost DESC
1284          LIMIT $start, $perpage
1285      ");
1286      while($subscription = $db->fetch_array($query))
1287      {
1288          $forumpermissions = $fpermissions[$subscription['fid']];
1289  
1290          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || ($forumpermissions['canonlyviewownthreads'] != 0 && $subscription['uid'] != $mybb->user['uid']))
1291          {
1292              // Hmm, you don't have permission to view this thread - unsubscribe!
1293              $del_subscriptions[] = $subscription['sid'];
1294          }
1295          else if($subscription['tid'])
1296          {
1297              $subscriptions[$subscription['tid']] = $subscription;
1298          }
1299      }
1300  
1301      if(is_array($del_subscriptions))
1302      {
1303          $sids = implode(',', $del_subscriptions);
1304  
1305          if($sids)
1306          {
1307              $db->delete_query("threadsubscriptions", "sid IN ({$sids}) AND uid='{$mybb->user['uid']}'");
1308          }
1309  
1310          $threadcount = $threadcount - count($del_subscriptions);
1311  
1312          if($threadcount < 0)
1313          {
1314              $threadcount = 0;
1315          }
1316      }
1317  
1318      if(is_array($subscriptions))
1319      {
1320          $tids = implode(",", array_keys($subscriptions));
1321  
1322          if($mybb->user['uid'] == 0)
1323          {
1324              // Build a forum cache.
1325              $query = $db->query("
1326                  SELECT fid
1327                  FROM ".TABLE_PREFIX."forums
1328                  WHERE active != 0
1329                  ORDER BY pid, disporder
1330              ");
1331  
1332              $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
1333          }
1334          else
1335          {
1336              // Build a forum cache.
1337              $query = $db->query("
1338                  SELECT f.fid, fr.dateline AS lastread
1339                  FROM ".TABLE_PREFIX."forums f
1340                  LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1341                  WHERE f.active != 0
1342                  ORDER BY pid, disporder
1343              ");
1344          }
1345  
1346          while($forum = $db->fetch_array($query))
1347          {
1348              if($mybb->user['uid'] == 0)
1349              {
1350                  if($forumsread[$forum['fid']])
1351                  {
1352                      $forum['lastread'] = $forumsread[$forum['fid']];
1353                  }
1354              }
1355              $readforums[$forum['fid']] = $forum['lastread'];
1356          }
1357  
1358          // Check participation by the current user in any of these threads - for 'dot' folder icons
1359          if($mybb->settings['dotfolders'] != 0)
1360          {
1361              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1362              while($post = $db->fetch_array($query))
1363              {
1364                  $subscriptions[$post['tid']]['doticon'] = 1;
1365              }
1366          }
1367  
1368          // Read threads
1369          if($mybb->settings['threadreadcut'] > 0)
1370          {
1371              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
1372              while($readthread = $db->fetch_array($query))
1373              {
1374                  $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
1375              }
1376          }
1377  
1378          $icon_cache = $cache->read("posticons");
1379  
1380          // Now we can build our subscription list
1381          foreach($subscriptions as $thread)
1382          {
1383              $bgcolor = alt_trow();
1384  
1385              $folder = '';
1386              $prefix = '';
1387  
1388              // If this thread has a prefix, insert a space between prefix and subject
1389              if($thread['prefix'] != 0)
1390              {
1391                  $thread['threadprefix'] .= '&nbsp;';
1392              }
1393  
1394              // Sanitize
1395              $thread['subject'] = $parser->parse_badwords($thread['subject']);
1396              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
1397  
1398              // Build our links
1399              $thread['threadlink'] = get_thread_link($thread['tid']);
1400              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
1401  
1402              // Fetch the thread icon if we have one
1403              if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
1404              {
1405                  $icon = $icon_cache[$thread['icon']];
1406                  $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";
1407              }
1408              else
1409              {
1410                  $icon = "&nbsp;";
1411              }
1412  
1413              // Determine the folder
1414              $folder = '';
1415              $folder_label = '';
1416  
1417              if($thread['doticon'])
1418              {
1419                  $folder = "dot_";
1420                  $folder_label .= $lang->icon_dot;
1421              }
1422  
1423              $gotounread = '';
1424              $isnew = 0;
1425              $donenew = 0;
1426              $lastread = 0;
1427  
1428              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
1429              {
1430                  $forum_read = $readforums[$thread['fid']];
1431  
1432                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1433                  if($forum_read == 0 || $forum_read < $read_cutoff)
1434                  {
1435                      $forum_read = $read_cutoff;
1436                  }
1437              }
1438              else
1439              {
1440                  $forum_read = $forumsread[$thread['fid']];
1441              }
1442  
1443              if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
1444              {
1445                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
1446              }
1447  
1448              if($thread['lastpost'] > $cutoff)
1449              {
1450                  if($thread['lastread'])
1451                  {
1452                      $lastread = $thread['lastread'];
1453                  }
1454                  else
1455                  {
1456                      $lastread = 1;
1457                  }
1458              }
1459  
1460              if(!$lastread)
1461              {
1462                  $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
1463                  if($readcookie > $forum_read)
1464                  {
1465                      $lastread = $readcookie;
1466                  }
1467                  else
1468                  {
1469                      $lastread = $forum_read;
1470                  }
1471              }
1472  
1473              if($lastread && $lastread < $thread['lastpost'])
1474              {
1475                  $folder .= "new";
1476                  $folder_label .= $lang->icon_new;
1477                  $new_class = "subject_new";
1478                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
1479                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1480                  $unreadpost = 1;
1481              }
1482              else
1483              {
1484                  $folder_label .= $lang->icon_no_new;
1485                  $new_class = "subject_old";
1486              }
1487  
1488              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
1489              {
1490                  $folder .= "hot";
1491                  $folder_label .= $lang->icon_hot;
1492              }
1493  
1494              if($thread['closed'] == 1)
1495              {
1496                  $folder .= "lock";
1497                  $folder_label .= $lang->icon_lock;
1498              }
1499  
1500              $folder .= "folder";
1501  
1502              if($thread['visible'] == 0)
1503              {
1504                  $bgcolor = "trow_shaded";
1505              }
1506  
1507              // Build last post info
1508              $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
1509              $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
1510              $lastposter = $thread['lastposter'];
1511              $lastposteruid = $thread['lastposteruid'];
1512  
1513              // Don't link to guest's profiles (they have no profile).
1514              if($lastposteruid == 0)
1515              {
1516                  $lastposterlink = $lastposter;
1517              }
1518              else
1519              {
1520                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
1521              }
1522  
1523              $thread['replies'] = my_number_format($thread['replies']);
1524              $thread['views'] = my_number_format($thread['views']);
1525  
1526              // What kind of notification type do we have here?
1527              switch($thread['notification'])
1528              {
1529                  case "1": // Instant
1530                      $notification_type = $lang->instant_notification;
1531                      break;
1532                  default: // No notification
1533                      $notification_type = $lang->no_notification;
1534              }
1535  
1536              eval("\$threads .= \"".$templates->get("usercp_subscriptions_thread")."\";");
1537          }
1538  
1539          // Provide remove options
1540          eval("\$remove_options = \"".$templates->get("usercp_subscriptions_remove")."\";");
1541      }
1542      else
1543      {
1544          eval("\$threads = \"".$templates->get("usercp_subscriptions_none")."\";");
1545      }
1546  
1547      $plugins->run_hooks("usercp_subscriptions_end");
1548  
1549      eval("\$subscriptions = \"".$templates->get("usercp_subscriptions")."\";");
1550      output_page($subscriptions);
1551  }
1552  
1553  if($mybb->input['action'] == "forumsubscriptions")
1554  {
1555      $plugins->run_hooks("usercp_forumsubscriptions_start");
1556  
1557      if($mybb->user['uid'] == 0)
1558      {
1559          // Build a forum cache.
1560          $query = $db->query("
1561              SELECT fid
1562              FROM ".TABLE_PREFIX."forums
1563              WHERE active != 0
1564              ORDER BY pid, disporder
1565          ");
1566  
1567          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
1568      }
1569      else
1570      {
1571          // Build a forum cache.
1572          $query = $db->query("
1573              SELECT f.fid, fr.dateline AS lastread
1574              FROM ".TABLE_PREFIX."forums f
1575              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1576              WHERE f.active != 0
1577              ORDER BY pid, disporder
1578          ");
1579      }
1580  
1581      while($forum = $db->fetch_array($query))
1582      {
1583          if($mybb->user['uid'] == 0)
1584          {
1585              if($forumsread[$forum['fid']])
1586              {
1587                  $forum['lastread'] = $forumsread[$forum['fid']];
1588              }
1589          }
1590          $readforums[$forum['fid']] = $forum['lastread'];
1591      }
1592  
1593      $fpermissions = forum_permissions();
1594      require_once  MYBB_ROOT."inc/functions_forumlist.php";
1595  
1596      $query = $db->query("
1597          SELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread
1598          FROM ".TABLE_PREFIX."forumsubscriptions fs
1599          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid = fs.fid)
1600          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid = f.lastposttid)
1601          LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
1602          WHERE f.type='f' AND fs.uid='".$mybb->user['uid']."'
1603          ORDER BY f.name ASC
1604      ");
1605  
1606      $forums = '';
1607      while($forum = $db->fetch_array($query))
1608      {
1609          $forum_url = get_forum_link($forum['fid']);
1610          $forumpermissions = $fpermissions[$forum['fid']];
1611  
1612          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
1613          {
1614              continue;
1615          }
1616  
1617          $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
1618          $folder = $lightbulb['folder'];
1619  
1620          if($forumpermissions['canonlyviewownthreads'] != 0)
1621          {
1622              $posts = '-';
1623              $threads = '-';
1624          }
1625          else
1626          {
1627              $posts = my_number_format($forum['posts']);
1628              $threads = my_number_format($forum['threads']);
1629          }
1630  
1631          if($forum['lastpost'] == 0 || $forum['lastposter'] == "")
1632          {
1633              $lastpost = "<div align=\"center\">{$lang->never}</div>";
1634          }
1635          // Hide last post
1636          elseif($forumpermissions['canonlyviewownthreads'] != 0 && $forum['lastposteruid'] != $mybb->user['uid'])
1637          {
1638              $lastpost = "<div align=\"center\">{$lang->na}</div>";
1639          }
1640          else
1641          {
1642              $forum['lastpostsubject'] = $parser->parse_badwords($forum['lastpostsubject']);
1643              $lastpost_date = my_date($mybb->settings['dateformat'], $forum['lastpost']);
1644              $lastpost_time = my_date($mybb->settings['timeformat'], $forum['lastpost']);
1645              $lastposttid = $forum['lastposttid'];
1646              $lastposter = $forum['lastposter'];
1647              $lastpost_profilelink = build_profile_link($lastposter, $forum['lastposteruid']);
1648              $lastpost_subject = htmlspecialchars_uni($forum['lastpostsubject']);
1649              if(my_strlen($lastpost_subject) > 25)
1650              {
1651                  $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "...";
1652              }
1653              $lastpost_link = get_thread_link($forum['lastposttid'], 0, "lastpost");
1654              eval("\$lastpost = \"".$templates->get("forumbit_depth2_forum_lastpost")."\";");
1655          }
1656  
1657          if($mybb->settings['showdescriptions'] == 0)
1658          {
1659              $forum['description'] = "";
1660          }
1661  
1662          eval("\$forums .= \"".$templates->get("usercp_forumsubscriptions_forum")."\";");
1663      }
1664  
1665      if(!$forums)
1666      {
1667          eval("\$forums = \"".$templates->get("usercp_forumsubscriptions_none")."\";");
1668      }
1669  
1670      $plugins->run_hooks("usercp_forumsubscriptions_end");
1671  
1672      eval("\$forumsubscriptions = \"".$templates->get("usercp_forumsubscriptions")."\";");
1673      output_page($forumsubscriptions);
1674  }
1675  
1676  if($mybb->input['action'] == "do_editsig" && $mybb->request_method == "post")
1677  {
1678      // Verify incoming POST request
1679      verify_post_check($mybb->input['my_post_key']);
1680  
1681      $plugins->run_hooks("usercp_do_editsig_start");
1682  
1683      // User currently has a suspended signature
1684      if($mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > TIME_NOW)
1685      {
1686          error_no_permission();
1687      }
1688  
1689      if($mybb->input['updateposts'] == "enable")
1690      {
1691          $update_signature = array(
1692              "includesig" => 1
1693          );
1694          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
1695      }
1696      elseif($mybb->input['updateposts'] == "disable")
1697      {
1698          $update_signature = array(
1699              "includesig" => 0
1700          );
1701          $db->update_query("posts", $update_signature, "uid='".$mybb->user['uid']."'");
1702      }
1703      $new_signature = array(
1704          "signature" => $db->escape_string($mybb->input['signature'])
1705      );
1706      $plugins->run_hooks("usercp_do_editsig_process");
1707      $db->update_query("users", $new_signature, "uid='".$mybb->user['uid']."'");
1708      $plugins->run_hooks("usercp_do_editsig_end");
1709      redirect("usercp.php?action=editsig", $lang->redirect_sigupdated);
1710  
1711  }
1712  
1713  if($mybb->input['action'] == "editsig")
1714  {
1715      $plugins->run_hooks("usercp_editsig_start");
1716      if($mybb->input['preview'] && !$error)
1717      {
1718          $sig = $mybb->input['signature'];
1719          $template = "usercp_editsig_preview";
1720      }
1721      elseif(!$error)
1722      {
1723          $sig = $mybb->user['signature'];
1724          $template = "usercp_editsig_current";
1725      }
1726      else if($error)
1727      {
1728          $sig = $mybb->input['signature'];
1729          $template = false;
1730      }
1731  
1732      if($mybb->user['suspendsignature'] && ($mybb->user['suspendsigtime'] == 0 || $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] > TIME_NOW))
1733      {
1734          // User currently has no signature and they're suspended
1735          error($lang->sig_suspended);
1736      }
1737  
1738      if($mybb->usergroup['canusesig'] != 1)
1739      {
1740          // Usergroup has no permission to use this facility
1741          error_no_permission();
1742      }
1743      else if($mybb->usergroup['canusesig'] == 1 && $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] < $mybb->usergroup['canusesigxposts'])
1744      {
1745          // Usergroup can use this facility, but only after x posts
1746          error($lang->sprintf($lang->sig_suspended_posts, $mybb->usergroup['canusesigxposts']));
1747      }
1748  
1749      if($sig && $template)
1750      {
1751          $sig_parser = array(
1752              "allow_html" => $mybb->settings['sightml'],
1753              "allow_mycode" => $mybb->settings['sigmycode'],
1754              "allow_smilies" => $mybb->settings['sigsmilies'],
1755              "allow_imgcode" => $mybb->settings['sigimgcode'],
1756              "me_username" => $mybb->user['username'],
1757              "filter_badwords" => 1
1758          );
1759  
1760          $sigpreview = $parser->parse_message($sig, $sig_parser);
1761          eval("\$signature = \"".$templates->get($template)."\";");
1762      }
1763  
1764      // User has a current signature, so let's display it (but show an error message)
1765      if($mybb->user['suspendsignature'] && $mybb->user['suspendsigtime'] > TIME_NOW)
1766      {
1767          $plugins->run_hooks("usercp_editsig_end");
1768  
1769          // User either doesn't have permission, or has their signature suspended
1770          eval("\$editsig = \"".$templates->get("usercp_editsig_suspended")."\";");
1771      }
1772      else
1773      {
1774          // User is allowed to edit their signature
1775          if($mybb->settings['sigsmilies'] == 1)
1776          {
1777              $sigsmilies = $lang->on;
1778              $smilieinserter = build_clickable_smilies();
1779          }
1780          else
1781          {
1782              $sigsmilies = $lang->off;
1783          }
1784          if($mybb->settings['sigmycode'] == 1)
1785          {
1786              $sigmycode = $lang->on;
1787          }
1788          else
1789          {
1790              $sigmycode = $lang->off;
1791          }
1792          if($mybb->settings['sightml'] == 1)
1793          {
1794              $sightml = $lang->on;
1795          }
1796          else
1797          {
1798              $sightml = $lang->off;
1799          }
1800          if($mybb->settings['sigimgcode'] == 1)
1801          {
1802              $sigimgcode = $lang->on;
1803          }
1804          else
1805          {
1806              $sigimgcode = $lang->off;
1807          }
1808          $sig = htmlspecialchars_uni($sig);
1809          $lang->edit_sig_note2 = $lang->sprintf($lang->edit_sig_note2, $sigsmilies, $sigmycode, $sigimgcode, $sightml, $mybb->settings['siglength']);
1810  
1811          if($mybb->settings['bbcodeinserter'] != 0 || $mybb->user['showcodebuttons'] != 0)
1812          {
1813              $codebuttons = build_mycode_inserter("signature");
1814          }
1815  
1816          $plugins->run_hooks("usercp_editsig_end");
1817  
1818          eval("\$editsig = \"".$templates->get("usercp_editsig")."\";");
1819      }
1820  
1821      output_page($editsig);
1822  }
1823  
1824  if($mybb->input['action'] == "do_avatar" && $mybb->request_method == "post")
1825  {
1826      // Verify incoming POST request
1827      verify_post_check($mybb->input['my_post_key']);
1828  
1829      $plugins->run_hooks("usercp_do_avatar_start");
1830      require_once  MYBB_ROOT."inc/functions_upload.php";
1831  
1832      $avatar_error = "";
1833  
1834      if($mybb->input['remove']) // remove avatar
1835      {
1836          $updated_avatar = array(
1837              "avatar" => "",
1838              "avatardimensions" => "",
1839              "avatartype" => ""
1840          );
1841          $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1842          remove_avatars($mybb->user['uid']);
1843      }
1844      elseif($mybb->input['gallery']) // Gallery avatar
1845      {
1846          if(empty($mybb->input['avatar']))
1847          {
1848              $avatar_error = $lang->error_noavatar;
1849          }
1850  
1851          $mybb->input['gallery'] = str_replace(array("./", ".."), "", $mybb->input['gallery']);
1852          $mybb->input['avatar'] = str_replace(array("./", ".."), "", $mybb->input['avatar']);
1853  
1854          if(empty($avatar_error))
1855          {
1856              if($mybb->input['gallery'] == "default")
1857              {
1858                  $avatarpath = $db->escape_string($mybb->settings['avatardir']."/".$mybb->input['avatar']);
1859              }
1860              else
1861              {
1862                  $avatarpath = $db->escape_string($mybb->settings['avatardir']."/".$mybb->input['gallery']."/".$mybb->input['avatar']);
1863              }
1864  
1865              if(file_exists($avatarpath))
1866              {
1867                  $dimensions = @getimagesize($avatarpath);
1868  
1869                  $updated_avatar = array(
1870                      "avatar" => $avatarpath.'?dateline='.TIME_NOW,
1871                      "avatardimensions" => "{$dimensions[0]}|{$dimensions[1]}",
1872                      "avatartype" => "gallery"
1873                  );
1874                  $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1875              }
1876              remove_avatars($mybb->user['uid']);
1877          }
1878      }
1879      elseif($_FILES['avatarupload']['name']) // upload avatar
1880      {
1881          if($mybb->usergroup['canuploadavatars'] == 0)
1882          {
1883              error_no_permission();
1884          }
1885          $avatar = upload_avatar();
1886          if($avatar['error'])
1887          {
1888              $avatar_error = $avatar['error'];
1889          }
1890          else
1891          {
1892              if($avatar['width'] > 0 && $avatar['height'] > 0)
1893              {
1894                  $avatar_dimensions = $avatar['width']."|".$avatar['height'];
1895              }
1896              $updated_avatar = array(
1897                  "avatar" => $avatar['avatar'].'?dateline='.TIME_NOW,
1898                  "avatardimensions" => $avatar_dimensions,
1899                  "avatartype" => "upload"
1900              );
1901              $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1902          }
1903      }
1904      else // remote avatar
1905      {
1906          $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->input['avatarurl']);
1907          $ext = get_extension($mybb->input['avatarurl']);
1908  
1909          // Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
1910          $file = fetch_remote_file($mybb->input['avatarurl']);
1911          if(!$file)
1912          {
1913              $avatar_error = $lang->error_invalidavatarurl;
1914          }
1915          else
1916          {
1917              $tmp_name = $mybb->settings['avataruploadpath']."/remote_".md5(random_str());
1918              $fp = @fopen($tmp_name, "wb");
1919              if(!$fp)
1920              {
1921                  $avatar_error = $lang->error_invalidavatarurl;
1922              }
1923              else
1924              {
1925                  fwrite($fp, $file);
1926                  fclose($fp);
1927                  list($width, $height, $type) = @getimagesize($tmp_name);
1928                  @unlink($tmp_name);
1929                  if(!$type)
1930                  {
1931                      $avatar_error = $lang->error_invalidavatarurl;
1932                  }
1933              }
1934          }
1935  
1936          if(empty($avatar_error))
1937          {
1938              if($width && $height && $mybb->settings['maxavatardims'] != "")
1939              {
1940                  list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
1941                  if(($maxwidth && $width > $maxwidth) || ($maxheight && $height > $maxheight))
1942                  {
1943                      $lang->error_avatartoobig = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight);
1944                      $avatar_error = $lang->error_avatartoobig;
1945                  }
1946              }
1947          }
1948  
1949          if(empty($avatar_error))
1950          {
1951              if($width > 0 && $height > 0)
1952              {
1953                  $avatar_dimensions = intval($width)."|".intval($height);
1954              }
1955              $updated_avatar = array(
1956                  "avatar" => $db->escape_string($mybb->input['avatarurl'].'?dateline='.TIME_NOW),
1957                  "avatardimensions" => $avatar_dimensions,
1958                  "avatartype" => "remote"
1959              );
1960              $db->update_query("users", $updated_avatar, "uid='".$mybb->user['uid']."'");
1961              remove_avatars($mybb->user['uid']);
1962          }
1963      }
1964  
1965      if(empty($avatar_error))
1966      {
1967          $plugins->run_hooks("usercp_do_avatar_end");
1968          redirect("usercp.php", $lang->redirect_avatarupdated);
1969      }
1970      else
1971      {
1972          $mybb->input['action'] = "avatar";
1973          $avatar_error = inline_error($avatar_error);
1974      }
1975  }
1976  
1977  if($mybb->input['action'] == "avatar")
1978  {
1979      $plugins->run_hooks("usercp_avatar_start");
1980      // Get a listing of available galleries
1981      $gallerylist['default'] = $lang->default_gallery;
1982      $avatardir = @opendir($mybb->settings['avatardir']);
1983      while($dir = @readdir($avatardir))
1984      {
1985          if(is_dir($mybb->settings['avatardir']."/$dir") && substr($dir, 0, 1) != ".")
1986          {
1987              $gallerylist[$dir] = str_replace("_", " ", $dir);
1988          }
1989      }
1990      @closedir($avatardir);
1991      natcasesort($gallerylist);
1992      reset($gallerylist);
1993      $galleries = '';
1994      foreach($gallerylist as $dir => $friendlyname)
1995      {
1996          if($dir == $mybb->input['gallery'])
1997          {
1998              $activegallery = $friendlyname;
1999              $selected = "selected=\"selected\"";
2000          }
2001          $galleries .= "<option value=\"$dir\" $selected>$friendlyname</option>\n";
2002          $selected = "";
2003      }
2004  
2005      // Check to see if we're in a gallery or not
2006      if($activegallery)
2007      {
2008          $gallery = str_replace("..", "", $mybb->input['gallery']);
2009          $lang->avatars_in_gallery = $lang->sprintf($lang->avatars_in_gallery, $activegallery);
2010          // Get a listing of avatars in this gallery
2011          $avatardir = $mybb->settings['avatardir'];
2012          if($gallery != "default")
2013          {
2014              $avatardir .= "/$gallery";
2015          }
2016          $opendir = opendir($avatardir);
2017          while($avatar = @readdir($opendir))
2018          {
2019              $avatarpath = $avatardir."/".$avatar;
2020              if(is_file($avatarpath) && preg_match("#\.(jpg|jpeg|gif|bmp|png)$#i", $avatar))
2021              {
2022                  $avatars[] = $avatar;
2023              }
2024          }
2025          @closedir($opendir);
2026  
2027          if(is_array($avatars))
2028          {
2029              natcasesort($avatars);
2030              reset($avatars);
2031              $count = 0;
2032              $avatarlist = "<tr>\n";
2033              foreach($avatars as $avatar)
2034              {
2035                  $avatarpath = $avatardir."/".$avatar;
2036                  $avatarname = preg_replace("#\.(jpg|jpeg|gif|bmp|png)$#i", "", $avatar);
2037                  $avatarname = ucwords(str_replace("_", " ", $avatarname));
2038                  if($mybb->user['avatar'] == $avatarpath)
2039                  {
2040                      $checked = "checked=\"checked\"";
2041                  }
2042                  if($count == 5)
2043                  {
2044                      $avatarlist .= "</tr>\n<tr>\n";
2045                      $count = 0;
2046                  }
2047                  ++$count;
2048                  eval("\$avatarlist .= \"".$templates->get("usercp_avatar_gallery_avatar")."\";");
2049              }
2050              if($count != 0)
2051              {
2052                  for($i = $count; $i <= 5; ++$i)
2053                  {
2054                      eval("\$avatarlist .= \"".$templates->get("usercp_avatar_gallery_blankblock")."\";");
2055                  }
2056              }
2057          }
2058          else
2059          {
2060              eval("\$avatarlist = \"".$templates->get("usercp_avatar_gallery_noavatars")."\";");
2061          }
2062  
2063          $plugins->run_hooks("usercp_avatar_end");
2064  
2065          eval("\$gallery = \"".$templates->get("usercp_avatar_gallery")."\";");
2066          output_page($gallery);
2067      }
2068      // Show main avatar page
2069      else
2070      {
2071          if($mybb->user['avatartype'] == "upload" || stristr($mybb->user['avatar'], $mybb->settings['avataruploadpath']))
2072          {
2073              $avatarmsg = "<br /><strong>".$lang->already_uploaded_avatar."</strong>";
2074          }
2075          elseif($mybb->user['avatartype'] == "gallery" || stristr($mybb->user['avatar'], $mybb->settings['avatardir']))
2076          {
2077              $avatarmsg = "<br /><strong>".$lang->using_gallery_avatar."</strong>";
2078          }
2079          elseif($mybb->user['avatartype'] == "remote" || my_strpos(my_strtolower($mybb->user['avatar']), "http://") !== false)
2080          {
2081              $avatarmsg = "<br /><strong>".$lang->using_remote_avatar."</strong>";
2082              $avatarurl = htmlspecialchars_uni($mybb->user['avatar']);
2083          }
2084          $urltoavatar = htmlspecialchars_uni($mybb->user['avatar']);
2085          if($mybb->user['avatar'])
2086          {
2087              $avatar_dimensions = explode("|", $mybb->user['avatardimensions']);
2088              if($avatar_dimensions[0] && $avatar_dimensions[1])
2089              {
2090                  $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\"";
2091              }
2092              eval("\$currentavatar = \"".$templates->get("usercp_avatar_current")."\";");
2093              $colspan = 1;
2094          }
2095          else
2096          {
2097              $colspan = 2;
2098          }
2099          if($mybb->settings['maxavatardims'] != "")
2100          {
2101              list($maxwidth, $maxheight) = explode("x", my_strtolower($mybb->settings['maxavatardims']));
2102              $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_dimensions, $maxwidth, $maxheight);
2103          }
2104          if($mybb->settings['avatarsize'])
2105          {
2106              $maxsize = get_friendly_size($mybb->settings['avatarsize']*1024);
2107              $lang->avatar_note .= "<br />".$lang->sprintf($lang->avatar_note_size, $maxsize);
2108          }
2109          if($mybb->settings['avatarresizing'] == "auto")
2110          {
2111              $auto_resize = "<br /><span class=\"smalltext\">{$lang->avatar_auto_resize_note}</span>\n";
2112          }
2113          else if($mybb->settings['avatarresizing'] == "user")
2114          {
2115              $auto_resize = "<br /><span class=\"smalltext\"><input type=\"checkbox\" name=\"auto_resize\" value=\"1\" checked=\"checked\" id=\"auto_resize\" /> <label for=\"auto_resize\">{$lang->avatar_auto_resize_option}</label></span>";
2116          }
2117  
2118          $plugins->run_hooks("usercp_avatar_end");
2119  
2120          eval("\$avatar = \"".$templates->get("usercp_avatar")."\";");
2121          output_page($avatar);
2122      }
2123  }
2124  
2125  if($mybb->input['action'] == "do_editlists")
2126  {
2127      // Verify incoming POST request
2128      verify_post_check($mybb->input['my_post_key']);
2129  
2130      $plugins->run_hooks("usercp_do_editlists_start");
2131  
2132      $existing_users = array();
2133      $selected_list = array();
2134      if($mybb->input['manage'] == "ignored")
2135      {
2136          if($mybb->user['ignorelist'])
2137          {
2138              $existing_users = explode(",", $mybb->user['ignorelist']);
2139          }
2140  
2141          if($mybb->user['buddylist'])
2142          {
2143              // Create a list of buddies...
2144              $selected_list = explode(",", $mybb->user['buddylist']);
2145          }
2146      }
2147      else
2148      {
2149          if($mybb->user['buddylist'])
2150          {
2151              $existing_users = explode(",", $mybb->user['buddylist']);
2152          }
2153  
2154          if($mybb->user['ignorelist'])
2155          {
2156              // Create a list of ignored users
2157              $selected_list = explode(",", $mybb->user['ignorelist']);
2158          }
2159      }
2160  
2161      $error_message = "";
2162      $message = "";
2163  
2164      // Adding one or more users to this list
2165      if($mybb->input['add_username'])
2166      {
2167          // Split up any usernames we have
2168          $found_users = 0;
2169          $adding_self = false;
2170          $users = explode(",", $mybb->input['add_username']);
2171          $users = array_map("trim", $users);
2172          $users = array_unique($users);
2173          foreach($users as $key => $username)
2174          {
2175              if(empty($username))
2176              {
2177                  unset($users[$key]);
2178                  continue;
2179              }
2180  
2181              if(my_strtoupper($mybb->user['username']) == my_strtoupper($username))
2182              {
2183                  $adding_self = true;
2184                  unset($users[$key]);
2185                  continue;
2186              }
2187              $users[$key] = $db->escape_string($username);
2188          }
2189  
2190          // Fetch out new users
2191          if(count($users) > 0)
2192          {
2193              $query = $db->simple_select("users", "uid", "LOWER(username) IN ('".my_strtolower(implode("','", $users))."')");
2194              while($user = $db->fetch_array($query))
2195              {
2196                  ++$found_users;
2197  
2198                  // Make sure we're not adding a duplicate
2199                  if(in_array($user['uid'], $existing_users) || in_array($user['uid'], $selected_list))
2200                  {
2201                      if($mybb->input['manage'] == "ignored")
2202                      {
2203                          $error_message = "ignore";
2204                      }
2205                      else
2206                      {
2207                          $error_message = "buddy";
2208                      }
2209  
2210                      // On another list?
2211                      $string = "users_already_on_".$error_message."_list";
2212                      if(in_array($user['uid'], $selected_list))
2213                      {
2214                          $string .= "_alt";
2215                      }
2216  
2217                      $error_message = $lang->$string;
2218                      array_pop($users); // To maintain a proper count when we call count($users)
2219                      continue;
2220                  }
2221  
2222                  $existing_users[] = $user['uid'];
2223              }
2224          }
2225  
2226          if($found_users < count($users))
2227          {
2228              if($error_message)
2229              {
2230                  $error_message .= "<br />";
2231              }
2232  
2233              $error_message .= $lang->invalid_user_selected;
2234          }
2235  
2236          if(($adding_self != true || ($adding_self == true && count($users) > 0)) && ($error_message == "" || count($users) > 1))
2237          {
2238              if($mybb->input['manage'] == "ignored")
2239              {
2240                  $message = $lang->users_added_to_ignore_list;
2241              }
2242              else
2243              {
2244                  $message = $lang->users_added_to_buddy_list;
2245              }
2246          }
2247  
2248          if($adding_self == true)
2249          {
2250              if($mybb->input['manage'] == "ignored")
2251              {
2252                  $error_message = $lang->cant_add_self_to_ignore_list;
2253              }
2254              else
2255              {
2256                  $error_message = $lang->cant_add_self_to_buddy_list;
2257              }
2258          }
2259  
2260          if(count($existing_users) == 0)
2261          {
2262              $message = "";
2263          }
2264      }
2265  
2266      // Removing a user from this list
2267      else if($mybb->input['delete'])
2268      {
2269          // Check if user exists on the list
2270          $key = array_search($mybb->input['delete'], $existing_users);
2271          if($key !== false)
2272          {
2273              unset($existing_users[$key]);
2274              $user = get_user($mybb->input['delete']);
2275              if($mybb->input['manage'] == "ignored")
2276              {
2277                  $message = $lang->removed_from_ignore_list;
2278              }
2279              else
2280              {
2281                  $message = $lang->removed_from_buddy_list;
2282              }
2283              $message = $lang->sprintf($message, $user['username']);
2284          }
2285      }
2286  
2287      // Now we have the new list, so throw it all back together
2288      $new_list = implode(",", $existing_users);
2289  
2290      // And clean it up a little to ensure there is no possibility of bad values
2291      $new_list = preg_replace("#,{2,}#", ",", $new_list);
2292      $new_list = preg_replace("#[^0-9,]#", "", $new_list);
2293  
2294      if(my_substr($new_list, 0, 1) == ",")
2295      {
2296          $new_list = my_substr($new_list, 1);
2297      }
2298      if(my_substr($new_list, -1) == ",")
2299      {
2300          $new_list = my_substr($new_list, 0, my_strlen($new_list)-2);
2301      }
2302  
2303      // And update
2304      $user = array();
2305      if($mybb->input['manage'] == "ignored")
2306      {
2307          $user['ignorelist'] = $db->escape_string($new_list);
2308          $mybb->user['ignorelist'] = $user['ignorelist'];
2309      }
2310      else
2311      {
2312          $user['buddylist'] = $db->escape_string($new_list);
2313          $mybb->user['buddylist'] = $user['buddylist'];
2314      }
2315  
2316      $db->update_query("users", $user, "uid='".$mybb->user['uid']."'");
2317  
2318      $plugins->run_hooks("usercp_do_editlists_end");
2319  
2320      // Ajax based request, throw new list to browser
2321      if($mybb->input['ajax'])
2322      {
2323          if($mybb->input['manage'] == "ignored")
2324          {
2325              $list = "ignore";
2326          }
2327          else
2328          {
2329              $list = "buddy";
2330          }
2331  
2332          if($message)
2333          {
2334              $message_js = "var success = document.createElement('div'); var element = \$('{$list}_list'); element.parentNode.insertBefore(success, element); success.innerHTML = '{$message}'; success.className = 'success_message'; window.setTimeout(function() { Element.remove(success) }, 5000);";
2335          }
2336  
2337          if($error_message)
2338          {
2339              $message_js .= " var error = document.createElement('div'); var element = \$('{$list}_list'); element.parentNode.insertBefore(error, element);     error.innerHTML = '{$error_message}'; error.className = 'error_message'; window.setTimeout(function() { Element.remove(error) }, 5000);";
2340          }
2341  
2342          if($mybb->input['delete'])
2343          {
2344              header("Content-type: text/javascript");
2345              echo "Element.remove('{$mybb->input['manage']}_{$mybb->input['delete']}');\n";
2346              if($new_list == "")
2347              {
2348                  echo "\$('{$mybb->input['manage']}_count').innerHTML = '0';\n";
2349                  if($mybb->input['manage'] == "ignored")
2350                  {
2351                      echo "\$('ignore_list').innerHTML = '<li>{$lang->ignore_list_empty}</li>';\n";
2352                  }
2353                  else
2354                  {
2355                      echo "\$('buddy_list').innerHTML = '<li>{$lang->buddy_list_empty}</li>';\n";
2356                  }
2357              }
2358              else
2359              {
2360                  echo "\$('{$mybb->input['manage']}_count').innerHTML = '".count(explode(",", $new_list))."';\n";
2361              }
2362              echo $message_js;
2363              exit;
2364          }
2365          $mybb->input['action'] = "editlists";
2366      }
2367      else
2368      {
2369          if($error_message)
2370          {
2371              $message .= "<br />".$error_message;
2372          }
2373          redirect("usercp.php?action=editlists#{$mybb->input['manage']}", $message);
2374      }
2375  }
2376  
2377  if($mybb->input['action'] == "editlists")
2378  {
2379      $plugins->run_hooks("usercp_editlists_start");
2380  
2381      $timecut = TIME_NOW - $mybb->settings['wolcutoff'];
2382  
2383      // Fetch out buddies
2384      $buddy_count = 0;
2385      if($mybb->user['buddylist'])
2386      {
2387          $type = "buddy";
2388          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['buddylist']})", array("order_by" => "username"));
2389          while($user = $db->fetch_array($query))
2390          {
2391              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2392              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
2393              {
2394                  $status = "online";
2395              }
2396              else
2397              {
2398                  $status = "offline";
2399              }
2400              eval("\$buddy_list .= \"".$templates->get("usercp_editlists_user")."\";");
2401              ++$buddy_count;
2402          }
2403      }
2404  
2405      $lang->current_buddies = $lang->sprintf($lang->current_buddies, $buddy_count);
2406      if(!$buddy_list)
2407      {
2408          $buddy_list = "<li>{$lang->buddy_list_empty}</li>";
2409      }
2410  
2411      // Fetch out ignore list users
2412      $ignore_count = 0;
2413      if($mybb->user['ignorelist'])
2414      {
2415          $type = "ignored";
2416          $query = $db->simple_select("users", "*", "uid IN ({$mybb->user['ignorelist']})", array("order_by" => "username"));
2417          while($user = $db->fetch_array($query))
2418          {
2419              $profile_link = build_profile_link(format_name($user['username'], $user['usergroup'], $user['displaygroup']), $user['uid']);
2420              if($user['lastactive'] > $timecut && ($user['invisible'] == 0 || $mybb->usergroup['canviewwolinvis'] == 1) && $user['lastvisit'] != $user['lastactive'])
2421              {
2422                  $status = "online";
2423              }
2424              else
2425              {
2426                  $status = "offline";
2427              }
2428              eval("\$ignore_list .= \"".$templates->get("usercp_editlists_user")."\";");
2429              ++$ignore_count;
2430          }
2431      }
2432  
2433      $lang->current_ignored_users = $lang->sprintf($lang->current_ignored_users, $ignore_count);
2434      if(!$ignore_list)
2435      {
2436          $ignore_list = "<li>{$lang->ignore_list_empty}</li>";
2437      }
2438  
2439      // If an AJAX request from buddy management, echo out whatever the new list is.
2440      if($mybb->request_method == "post" && $mybb->input['ajax'] == 1)
2441      {
2442          if($mybb->input['manage'] == "ignored")
2443          {
2444              echo $ignore_list;
2445              echo "<script type=\"text/javascript\"> $('ignored_count').innerHTML = '{$ignore_count}'; {$message_js}</script>";
2446          }
2447          else
2448          {
2449              echo $buddy_list;
2450              echo "<script type=\"text/javascript\"> $('buddy_count').innerHTML = '{$buddy_count}'; {$message_js}</script>";
2451          }
2452          exit;
2453      }
2454  
2455      $plugins->run_hooks("usercp_editlists_end");
2456  
2457      eval("\$listpage = \"".$templates->get("usercp_editlists")."\";");
2458      output_page($listpage);
2459  }
2460  
2461  if($mybb->input['action'] == "drafts")
2462  {
2463      $plugins->run_hooks("usercp_drafts_start");
2464      // Show a listing of all of the current 'draft' posts or threads the user has.
2465      $drafts = '';
2466      $query = $db->query("
2467          SELECT p.subject, p.pid, t.tid, t.subject AS threadsubject, t.fid, f.name AS forumname, p.dateline, t.visible AS threadvisible, p.visible AS postvisible
2468          FROM ".TABLE_PREFIX."posts p
2469          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2470          LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=t.fid)
2471          WHERE p.uid='".$mybb->user['uid']."' AND p.visible='-2'
2472          ORDER BY p.dateline DESC
2473      ");
2474      while($draft = $db->fetch_array($query))
2475      {
2476          $trow = alt_trow();
2477          if($draft['threadvisible'] == 1) // We're looking at a draft post
2478          {
2479              $detail = $lang->thread." <a href=\"".get_thread_link($draft['tid'])."\">".htmlspecialchars_uni($draft['threadsubject'])."</a>";
2480              $editurl = "newreply.php?action=editdraft&amp;pid={$draft['pid']}";
2481              $id = $draft['pid'];
2482              $type = "post";
2483          }
2484          elseif($draft['threadvisible'] == -2) // We're looking at a draft thread
2485          {
2486              $detail = $lang->forum." <a href=\"".get_forum_link($draft['fid'])."\">{$draft['forumname']}</a>";
2487              $editurl = "newthread.php?action=editdraft&amp;tid={$draft['tid']}";
2488              $id = $draft['tid'];
2489              $type = "thread";
2490          }
2491          $draft['subject'] = htmlspecialchars_uni($draft['subject']);
2492          $savedate = my_date($mybb->settings['dateformat'], $draft['dateline']);
2493          $savetime = my_date($mybb->settings['timeformat'], $draft['dateline']);
2494          eval("\$drafts .= \"".$templates->get("usercp_drafts_draft")."\";");
2495      }
2496      if(!$drafts)
2497      {
2498          eval("\$drafts = \"".$templates->get("usercp_drafts_none")."\";");
2499          $disable_delete_drafts = 'disabled="disabled"';
2500      }
2501      else
2502      {
2503          eval("\$draftsubmit = \"".$templates->get("usercp_drafts_submit")."\";");
2504          $disable_delete_drafts = '';
2505      }
2506  
2507      $query = $db->simple_select("posts", "COUNT(*) AS draftcount", "visible='-2' AND uid='".$mybb->user['uid']."'");
2508      $count = $db->fetch_array($query);
2509      $draftcount = "(".my_number_format($count['draftcount']).")";
2510  
2511      $plugins->run_hooks("usercp_drafts_end");
2512  
2513      eval("\$draftlist = \"".$templates->get("usercp_drafts")."\";");
2514      output_page($draftlist);
2515  
2516  }
2517  if($mybb->input['action'] == "do_drafts" && $mybb->request_method == "post")
2518  {
2519      // Verify incoming POST request
2520      verify_post_check($mybb->input['my_post_key']);
2521  
2522      $plugins->run_hooks("usercp_do_drafts_start");
2523      if(!$mybb->input['deletedraft'])
2524      {
2525          error($lang->no_drafts_selected);
2526      }
2527      $pidin = array();
2528      $tidin = array();
2529      foreach($mybb->input['deletedraft'] as $id => $val)
2530      {
2531          if($val == "post")
2532          {
2533              $pidin[] = "'".intval($id)."'";
2534          }
2535          elseif($val == "thread")
2536          {
2537              $tidin[] = "'".intval($id)."'";
2538          }
2539      }
2540      if($tidin)
2541      {
2542          $tidin = implode(",", $tidin);
2543          $db->delete_query("threads", "tid IN ($tidin) AND visible='-2' AND uid='".$mybb->user['uid']."'");
2544          $tidinp = "OR tid IN ($tidin)";
2545      }
2546      if($pidin || $tidinp)
2547      {
2548          if($pidin)
2549          {
2550              $pidin = implode(",", $pidin);
2551              $pidinq = "pid IN ($pidin)";
2552          }
2553          else
2554          {
2555              $pidinq = "1=0";
2556          }
2557          $db->delete_query("posts", "($pidinq $tidinp) AND visible='-2' AND uid='".$mybb->user['uid']."'");
2558      }
2559      $plugins->run_hooks("usercp_do_drafts_end");
2560      redirect("usercp.php?action=drafts", $lang->selected_drafts_deleted);
2561  }
2562  if($mybb->input['action'] == "usergroups")
2563  {
2564      $plugins->run_hooks("usercp_usergroups_start");
2565      $ingroups = ",".$mybb->user['usergroup'].",".$mybb->user['additionalgroups'].",".$mybb->user['displaygroup'].",";
2566  
2567      // Changing our display group
2568      if($mybb->input['displaygroup'])
2569      {
2570          // Verify incoming POST request
2571          verify_post_check($mybb->input['my_post_key']);
2572  
2573          if(my_strpos($ingroups, ",".$mybb->input['displaygroup'].",") === false)
2574          {
2575              error($lang->not_member_of_group);
2576          }
2577          $query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['displaygroup'])."'");
2578          $dispgroup = $db->fetch_array($query);
2579          if($dispgroup['candisplaygroup'] != 1)
2580          {
2581              error($lang->cannot_set_displaygroup);
2582          }
2583          $db->update_query("users", array('displaygroup' => intval($mybb->input['displaygroup'])), "uid='".$mybb->user['uid']."'");
2584          $cache->update_moderators();
2585          $plugins->run_hooks("usercp_usergroups_change_displaygroup");
2586          redirect("usercp.php?action=usergroups", $lang->display_group_changed);
2587          exit;
2588      }
2589  
2590      // Leaving a group
2591      if($mybb->input['leavegroup'])
2592      {
2593          // Verify incoming POST request
2594          verify_post_check($mybb->input['my_post_key']);
2595  
2596          if(my_strpos($ingroups, ",".$mybb->input['leavegroup'].",") === false)
2597          {
2598              error($lang->not_member_of_group);
2599          }
2600          if($mybb->user['usergroup'] == $mybb->input['leavegroup'])
2601          {
2602              error($lang->cannot_leave_primary_group);
2603          }
2604          $query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['leavegroup'])."'");
2605          $usergroup = $db->fetch_array($query);
2606          if($usergroup['type'] != 4 && $usergroup['type'] != 3)
2607          {
2608              error($lang->cannot_leave_group);
2609          }
2610          leave_usergroup($mybb->user['uid'], $mybb->input['leavegroup']);
2611          $plugins->run_hooks("usercp_usergroups_leave_group");
2612          redirect("usercp.php?action=usergroups", $lang->left_group);
2613          exit;
2614      }
2615  
2616      // Joining a group
2617      if($mybb->input['joingroup'])
2618      {
2619          // Verify incoming POST request
2620          verify_post_check($mybb->input['my_post_key']);
2621  
2622          $mybb->input['joingroup'] = intval($mybb->input['joingroup']);
2623          $query = $db->simple_select("usergroups", "*", "gid='".intval($mybb->input['joingroup'])."'");
2624          $usergroup = $db->fetch_array($query);
2625  
2626          if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid'])
2627          {
2628              error($lang->cannot_join_group);
2629          }
2630  
2631          if(my_strpos($ingroups, ",".intval($mybb->input['joingroup']).",") !== false)
2632          {
2633              error($lang->already_member_of_group);
2634          }
2635  
2636          $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."' AND gid='".intval($mybb->input['joingroup'])."'");
2637          $joinrequest = $db->fetch_array($query);
2638          if($joinrequest['rid'])
2639          {
2640              error($lang->already_sent_join_request);
2641          }
2642          if($mybb->input['do'] == "joingroup" && $usergroup['type'] == 4)
2643          {
2644              $reason = $db->escape_string($mybb->input['reason']);
2645              $now = TIME_NOW;
2646              $joinrequest = array(
2647                  "uid" => $mybb->user['uid'],
2648                  "gid" => intval($mybb->input['joingroup']),
2649                  "reason" => $reason,
2650                  "dateline" => TIME_NOW
2651              );
2652  
2653              $db->insert_query("joinrequests", $joinrequest);
2654              $plugins->run_hooks("usercp_usergroups_join_group_request");
2655              redirect("usercp.php?action=usergroups", $lang->group_join_requestsent);
2656              exit;
2657          }
2658          elseif($usergroup['type'] == 4)
2659          {
2660              $joingroup = $mybb->input['joingroup'];
2661              eval("\$joinpage = \"".$templates->get("usercp_usergroups_joingroup")."\";");
2662              output_page($joinpage);
2663              exit();
2664          }
2665          else
2666          {
2667              join_usergroup($mybb->user['uid'], $mybb->input['joingroup']);
2668              $plugins->run_hooks("usercp_usergroups_join_group");
2669              redirect("usercp.php?action=usergroups", $lang->joined_group);
2670          }
2671      }
2672      // Show listing of various group related things
2673  
2674      // List of usergroup leaders
2675      $query = $db->query("
2676          SELECT g.*, u.username, u.displaygroup, u.usergroup
2677          FROM ".TABLE_PREFIX."groupleaders g
2678          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
2679          ORDER BY u.username ASC
2680      ");
2681      while($leader = $db->fetch_array($query))
2682      {
2683          $groupleaders[$leader['gid']][$leader['uid']] = $leader;
2684      }
2685  
2686      // List of groups this user is a leader of
2687      $groupsledlist = '';
2688  
2689  
2690      switch($db->type)
2691      {
2692          case "pgsql":
2693          case "sqlite":
2694              $query = $db->query("
2695                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers
2696                  FROM ".TABLE_PREFIX."groupleaders l
2697                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
2698                  LEFT JOIN ".TABLE_PREFIX."users u ON(((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
2699                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
2700                  WHERE l.uid='".$mybb->user['uid']."'
2701                  GROUP BY g.gid, g.title, g.type, l.canmanagerequests, l.canmanagemembers
2702              ");
2703              break;
2704          default:
2705              $query = $db->query("
2706                  SELECT g.title, g.gid, g.type, COUNT(DISTINCT u.uid) AS users, COUNT(DISTINCT j.rid) AS joinrequests, l.canmanagerequests, l.canmanagemembers
2707                  FROM ".TABLE_PREFIX."groupleaders l
2708                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON(g.gid=l.gid)
2709                  LEFT JOIN ".TABLE_PREFIX."users u ON(((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
2710                  LEFT JOIN ".TABLE_PREFIX."joinrequests j ON(j.gid=g.gid AND j.uid != 0)
2711                  WHERE l.uid='".$mybb->user['uid']."'
2712                  GROUP BY l.gid
2713              ");
2714      }
2715  
2716      while($usergroup = $db->fetch_array($query))
2717      {
2718          $memberlistlink = $moderaterequestslink = '';
2719          $memberlistlink = " [<a href=\"managegroup.php?gid=".$usergroup['gid']."\">".$lang->view_members."</a>]";
2720          if($usergroup['type'] != 4)
2721          {
2722              $usergroup['joinrequests'] = '--';
2723          }
2724          if($usergroup['joinrequests'] > 0 && $usergroup['canmanagerequests'] == 1)
2725          {
2726              $moderaterequestslink = " [<a href=\"managegroup.php?action=joinrequests&amp;gid={$usergroup['gid']}\">{$lang->view_requests}</a>]";
2727          }
2728          $groupleader[$usergroup['gid']] = 1;
2729          $trow = alt_trow();
2730          eval("\$groupsledlist .= \"".$templates->get("usercp_usergroups_leader_usergroup")."\";");
2731      }
2732      if($groupsledlist)
2733      {
2734          eval("\$leadinggroups = \"".$templates->get("usercp_usergroups_leader")."\";");
2735      }
2736  
2737      // Fetch the list of groups the member is in
2738      // Do the primary group first
2739      $query = $db->simple_select("usergroups", "*", "gid='".$mybb->user['usergroup']."'");
2740      $usergroup = $db->fetch_array($query);
2741      $leavelink = "<div style=\"text-align:center;\"><span class=\"smalltext\">{$lang->usergroup_leave_primary}</span></div>";
2742      $trow = alt_trow();
2743      if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
2744      {
2745          $displaycode = " ({$lang->display_group})";
2746      }
2747      elseif($usergroup['candisplaygroup'] == 1)
2748      {
2749          $displaycode = " (<a href=\"usercp.php?action=usergroups&amp;displaygroup={$usergroup['gid']}&amp;my_post_key={$mybb->post_code}\">{$lang->set_as_display_group}</a>)";
2750      }
2751      else
2752      {
2753          $displaycode = '';
2754      }
2755  
2756      eval("\$memberoflist = \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
2757      $showmemberof = false;
2758      if($mybb->user['additionalgroups'])
2759      {
2760          $query = $db->simple_select("usergroups", "*", "gid IN (".$mybb->user['additionalgroups'].") AND gid !='".$mybb->user['usergroup']."'", array('order_by' => 'title'));
2761          while($usergroup = $db->fetch_array($query))
2762          {
2763              $showmemberof = true;
2764  
2765              if($groupleader[$usergroup['gid']])
2766              {
2767                  $leavelink = "<div style=\"text-align: center;\"><span class=\"smalltext\">$lang->usergroup_leave_leader</span></div>";
2768              }
2769              elseif($usergroup['type'] != 4 && $usergroup['type'] != 3)
2770              {
2771                  $leavelink = "<div style=\"text-align: center;\"><span class=\"smalltext\">{$lang->usergroup_cannot_leave}</span></div>";
2772              }
2773              else
2774              {
2775                  $leavelink = "<div style=\"text-align: center;\"><a href=\"usercp.php?action=usergroups&amp;leavegroup=".$usergroup['gid']."&amp;my_post_key={$mybb->post_code}\">".$lang->usergroup_leave."</a></div>";
2776              }
2777              if($usergroup['description'])
2778              {
2779                  $description = "<br /><span class=\"smalltext\">".$usergroup['description']."</span>";
2780              }
2781              else
2782              {
2783                  $description = '';
2784              }
2785              if(!$usergroup['usertitle'])
2786              {
2787                  // fetch title here
2788              }
2789              $trow = alt_trow();
2790              if($usergroup['candisplaygroup'] == 1 && $usergroup['gid'] == $mybb->user['displaygroup'])
2791              {
2792                  $displaycode = " ({$lang->display_group})";
2793              }
2794              elseif($usergroup['candisplaygroup'] == 1)
2795              {
2796                  $displaycode = "(<a href=\"usercp.php?action=usergroups&amp;displaygroup={$usergroup['gid']}&amp;my_post_key={$mybb->post_code}\">{$lang->set_as_display_group}</a>)";
2797              }
2798              else
2799              {
2800                  $displaycode = '';
2801              }
2802              eval("\$memberoflist .= \"".$templates->get("usercp_usergroups_memberof_usergroup")."\";");
2803          }
2804      }
2805      eval("\$membergroups = \"".$templates->get("usercp_usergroups_memberof")."\";");
2806  
2807      // List of groups this user has applied for but has not been accepted in to
2808      $query = $db->simple_select("joinrequests", "*", "uid='".$mybb->user['uid']."'");
2809      while($request = $db->fetch_array($query))
2810      {
2811          $appliedjoin[$request['gid']] = $request['dateline'];
2812      }
2813  
2814      // Fetch list of groups the member can join
2815      $existinggroups = $mybb->user['usergroup'];
2816      if($mybb->user['additionalgroups'])
2817      {
2818          $existinggroups .= ",".$mybb->user['additionalgroups'];
2819      }
2820  
2821      $joinablegroups = '';
2822      $query = $db->simple_select("usergroups", "*", "(type='3' OR type='4') AND gid NOT IN ($existinggroups)", array('order_by' => 'title'));
2823      while($usergroup = $db->fetch_array($query))
2824      {
2825          $trow = alt_trow();
2826          if($usergroup['description'])
2827          {
2828              $description = "<br /><span class=\"smallfont\">".$usergroup['description']."</span>";
2829          }
2830          else
2831          {
2832              $description = '';
2833          }
2834  
2835           // Moderating join requests?
2836          if($usergroup['type'] == 4)
2837          {
2838              $conditions = $lang->usergroup_joins_moderated;
2839          }
2840          else
2841          {
2842              $conditions = $lang->usergroup_joins_anyone;
2843          }
2844  
2845          if($appliedjoin[$usergroup['gid']])
2846          {
2847              $applydate = my_date($mybb->settings['dateformat'], $appliedjoin[$usergroup['gid']]);
2848              $applytime = my_date($mybb->settings['timeformat'], $appliedjoin[$usergroup['gid']]);
2849              $joinlink = $lang->sprintf($lang->join_group_applied, $applydate, $applytime);
2850          }
2851          else
2852          {
2853              $joinlink = "<a href=\"usercp.php?action=usergroups&amp;joingroup={$usergroup['gid']}&amp;my_post_key={$mybb->post_code}\">{$lang->join_group}</a>";
2854          }
2855  
2856          $usergroupleaders = '';
2857          if($groupleaders[$usergroup['gid']])
2858          {
2859              $comma = '';
2860              $usergroupleaders = '';
2861              foreach($groupleaders[$usergroup['gid']] as $leader)
2862              {
2863                  $leader['username'] = format_name($leader['username'], $leader['usergroup'], $leader['displaygroup']);
2864                  $usergroupleaders .= $comma.build_profile_link($leader['username'], $leader['uid']);
2865                  $comma = $lang->comma;
2866              }
2867              $usergroupleaders = $lang->usergroup_leaders." ".$usergroupleaders;
2868          }
2869  
2870          if(my_strpos($usergroupleaders, $mybb->user['username']) === false)
2871          {
2872              // User is already a leader of the group, so don't show as a "Join Group"
2873              eval("\$joinablegrouplist .= \"".$templates->get("usercp_usergroups_joinable_usergroup")."\";");
2874          }
2875      }
2876      if($joinablegrouplist)
2877      {
2878          eval("\$joinablegroups = \"".$templates->get("usercp_usergroups_joinable")."\";");
2879      }
2880  
2881      $plugins->run_hooks("usercp_usergroups_end");
2882  
2883      eval("\$groupmemberships = \"".$templates->get("usercp_usergroups")."\";");
2884      output_page($groupmemberships);
2885  }
2886  if($mybb->input['action'] == "attachments")
2887  {
2888      $plugins->run_hooks("usercp_attachments_start");
2889      require_once  MYBB_ROOT."inc/functions_upload.php";
2890  
2891      $attachments = '';
2892  
2893      // Pagination
2894      if(!$mybb->settings['threadsperpage'])
2895      {
2896          $mybb->settings['threadsperpage'] = 20;
2897      }
2898  
2899      $perpage = $mybb->settings['threadsperpage'];
2900      $page = intval($mybb->input['page']);
2901  
2902      if(intval($mybb->input['page']) > 0)
2903      {
2904          $start = ($page-1) *$perpage;
2905      }
2906      else
2907      {
2908          $start = 0;
2909          $page = 1;
2910      }
2911  
2912      $end = $start + $perpage;
2913      $lower = $start+1;
2914  
2915      $query = $db->query("
2916          SELECT a.*, p.subject, p.dateline, t.tid, t.subject AS threadsubject
2917          FROM ".TABLE_PREFIX."attachments a
2918          LEFT JOIN ".TABLE_PREFIX."posts p ON (a.pid=p.pid)
2919          LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
2920          WHERE a.uid='".$mybb->user['uid']."'
2921          ORDER BY p.dateline DESC LIMIT {$start}, {$perpage}
2922      ");
2923  
2924      $bandwidth = $totaldownloads = 0;
2925      while($attachment = $db->fetch_array($query))
2926      {
2927          if($attachment['dateline'] && $attachment['tid'])
2928          {
2929              $attachment['subject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['subject']));
2930              $attachment['postlink'] = get_post_link($attachment['pid'], $attachment['tid']);
2931              $attachment['threadlink'] = get_thread_link($attachment['tid']);
2932              $attachment['threadsubject'] = htmlspecialchars_uni($parser->parse_badwords($attachment['threadsubject']));
2933  
2934              $size = get_friendly_size($attachment['filesize']);
2935              $icon = get_attachment_icon(get_extension($attachment['filename']));
2936              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
2937  
2938              $sizedownloads = $lang->sprintf($lang->attachment_size_downloads, $size, $attachment['downloads']);
2939              $attachdate = my_date($mybb->settings['dateformat'], $attachment['dateline']);
2940              $attachtime = my_date($mybb->settings['timeformat'], $attachment['dateline']);
2941              $altbg = alt_trow();
2942  
2943              eval("\$attachments .= \"".$templates->get("usercp_attachments_attachment")."\";");
2944  
2945              // Add to bandwidth total
2946              $bandwidth += ($attachment['filesize'] * $attachment['downloads']);
2947              $totaldownloads += $attachment['downloads'];
2948          }
2949          else
2950          {
2951              // This little thing delets attachments without a thread/post
2952              remove_attachment($attachment['pid'], $attachment['posthash'], $attachment['aid']);
2953          }
2954      }
2955  
2956      $query = $db->simple_select("attachments", "SUM(filesize) AS ausage, COUNT(aid) AS acount", "uid='".$mybb->user['uid']."'");
2957      $usage = $db->fetch_array($query);
2958      $totalusage = $usage['ausage'];
2959      $totalattachments = $usage['acount'];
2960      $friendlyusage = get_friendly_size($totalusage);
2961      if($mybb->usergroup['attachquota'])
2962      {
2963          $percent = round(($totalusage/($mybb->usergroup['attachquota']*1024))*100)."%";
2964          $attachquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
2965          $usagenote = $lang->sprintf($lang->attachments_usage_quota, $friendlyusage, $attachquota, $percent, $totalattachments);
2966      }
2967      else
2968      {
2969          $percent = $lang->unlimited;
2970          $attachquota = $lang->unlimited;
2971          $usagenote = $lang->sprintf($lang->attachments_usage, $friendlyusage, $totalattachments);
2972      }
2973  
2974      $multipage = multipage($totalattachments, $perpage, $page, "usercp.php?action=attachments");
2975      $bandwidth = get_friendly_size($bandwidth);
2976  
2977      if(!$attachments)
2978      {
2979          eval("\$attachments = \"".$templates->get("usercp_attachments_none")."\";");
2980          $usagenote = '';
2981      }
2982  
2983      $plugins->run_hooks("usercp_attachments_end");
2984  
2985      eval("\$manageattachments = \"".$templates->get("usercp_attachments")."\";");
2986      output_page($manageattachments);
2987  }
2988  
2989  if($mybb->input['action'] == "do_attachments" && $mybb->request_method == "post")
2990  {
2991      // Verify incoming POST request
2992      verify_post_check($mybb->input['my_post_key']);
2993  
2994      $plugins->run_hooks("usercp_do_attachments_start");
2995      require_once  MYBB_ROOT."inc/functions_upload.php";
2996      if(!is_array($mybb->input['attachments']))
2997      {
2998          error($lang->no_attachments_selected);
2999      }
3000      $aids = implode(',', array_map('intval', $mybb->input['attachments']));
3001      $query = $db->simple_select("attachments", "*", "aid IN ($aids) AND uid='".$mybb->user['uid']."'");
3002      while($attachment = $db->fetch_array($query))
3003      {
3004          remove_attachment($attachment['pid'], '', $attachment['aid']);
3005      }
3006      $plugins->run_hooks("usercp_do_attachments_end");
3007      redirect("usercp.php?action=attachments", $lang->attachments_deleted);
3008  }
3009  
3010  if($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post")
3011  {
3012      // Verify incoming POST request
3013      verify_post_check($mybb->input['my_post_key']);
3014  
3015      // Cap at 60,000 chars; text will allow up to 65535?
3016      if(my_strlen($mybb->input['notepad']) > 60000)
3017      {
3018          $mybb->input['notepad'] = my_substr($mybb->input['notepad'], 0, 60000);
3019      }
3020  
3021      $plugins->run_hooks("usercp_do_notepad_start");
3022      $db->update_query("users", array('notepad' => $db->escape_string($mybb->input['notepad'])), "uid='".$mybb->user['uid']."'");
3023      $plugins->run_hooks("usercp_do_notepad_end");
3024      redirect("usercp.php", $lang->redirect_notepadupdated);
3025  }
3026  
3027  if(!$mybb->input['action'])
3028  {
3029      // Get posts per day
3030      $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24*3600);
3031  
3032      if($daysreg < 1)
3033      {
3034          $daysreg = 1;
3035      }
3036  
3037      $perday = $mybb->user['postnum'] / $daysreg;
3038      $perday = round($perday, 2);
3039      if($perday > $mybb->user['postnum'])
3040      {
3041          $perday = $mybb->user['postnum'];
3042      }
3043  
3044      $stats = $cache->read("stats");
3045      $posts = $stats['numposts'];
3046      if($posts == 0)
3047      {
3048          $percent = "0";
3049      }
3050      else
3051      {
3052          $percent = $mybb->user['postnum']*100/$posts;
3053          $percent = round($percent, 2);
3054      }
3055  
3056      $lang->posts_day = $lang->sprintf($lang->posts_day, my_number_format($perday), $percent);
3057      $usergroup = $groupscache[$mybb->user['usergroup']]['title'];
3058  
3059      $colspan = 1;
3060      if($mybb->user['avatar'])
3061      {
3062          $avatar_dimensions = explode("|", $mybb->user['avatardimensions']);
3063          if($avatar_dimensions[0] && $avatar_dimensions[1])
3064          {
3065              $avatar_width_height = "width=\"{$avatar_dimensions[0]}\" height=\"{$avatar_dimensions[1]}\"";
3066          }
3067          $mybb->user['avatar'] = htmlspecialchars_uni($mybb->user['avatar']);
3068          eval("\$avatar = \"".$templates->get("usercp_currentavatar")."\";");
3069          $colspan = 2;
3070      }
3071      else
3072      {
3073          $avatar = '';
3074      }
3075      $regdate = my_date($mybb->settings['dateformat'].", ".$mybb->settings['timeformat'], $mybb->user['regdate']);
3076  
3077      if($mybb->user['usergroup'] == 5 && $mybb->settings['regtype'] != "admin")
3078      {
3079          $usergroup .= "<br />(<a href=\"member.php?action=resendactivation\">$lang->resend_activation</a>)";
3080      }
3081      // Make reputations row
3082      $reputations = '';
3083      if($mybb->usergroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
3084      {
3085          $reputation_link = get_reputation($mybb->user['reputation']);
3086          eval("\$reputation = \"".$templates->get("usercp_reputation")."\";");
3087      }
3088  
3089      $latest_warnings = '';
3090      if($mybb->settings['enablewarningsystem'] != 0 && $mybb->settings['canviewownwarning'] != 0)
3091      {
3092          $warning_level = round($mybb->user['warningpoints']/$mybb->settings['maxwarningpoints']*100);
3093          if($warning_level > 100)
3094          {
3095              $warning_level = 100;
3096          }
3097  
3098          if($mybb->user['warningpoints'] > $mybb->settings['maxwarningpoints'])
3099          {
3100              $mybb->user['warningpoints'] = $mybb->settings['maxwarningpoints'];
3101          }
3102  
3103          if($warning_level > 0)
3104          {
3105              expire_warnings();
3106  
3107              $lang->current_warning_level = $lang->sprintf($lang->current_warning_level, $warning_level, $mybb->user['warningpoints'], $mybb->settings['maxwarningpoints']);
3108              // Fetch latest warnings
3109              $query = $db->query("
3110                  SELECT w.*, t.title AS type_title, u.username, p.subject AS post_subject
3111                  FROM ".TABLE_PREFIX."warnings w
3112                  LEFT JOIN ".TABLE_PREFIX."warningtypes t ON (t.tid=w.tid)
3113                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=w.issuedby)
3114                  LEFT JOIN ".TABLE_PREFIX."posts p ON (p.pid=w.pid)
3115                  WHERE w.uid='{$mybb->user['uid']}'
3116                  ORDER BY w.expired ASC, w.dateline DESC
3117                  LIMIT 5
3118              ");
3119              while($warning = $db->fetch_array($query))
3120              {
3121                  $post_link = "";
3122                  if($warning['post_subject'])
3123                  {
3124                      $warning['post_subject'] = $parser->parse_badwords($warning['post_subject']);
3125                      $warning['post_subject'] = htmlspecialchars_uni($warning['post_subject']);
3126                      $post_link = "<br /><small>{$lang->warning_for_post} <a href=\"".get_post_link($warning['pid'])."\">{$warning['post_subject']}</a></small>";
3127                  }
3128                  $issuedby = build_profile_link($warning['username'], $warning['issuedby']);
3129                  $date_issued = my_date($mybb->settings['dateformat'], $warning['dateline']).", ".my_date($mybb->settings['timeformat'], $warning['dateline']);
3130                  if($warning['type_title'])
3131                  {
3132                      $warning_type = $warning['type_title'];
3133                  }
3134                  else
3135                  {
3136                      $warning_type = $warning['title'];
3137                  }
3138                  $warning_type = htmlspecialchars_uni($warning_type);
3139                  if($warning['points'] > 0)
3140                  {
3141                      $warning['points'] = "+{$warning['points']}";
3142                  }
3143                  $points = $lang->sprintf($lang->warning_points, $warning['points']);
3144  
3145                  // Figure out expiration time
3146                  if($warning['daterevoked'])
3147                  {
3148                      $expires = $lang->warning_revoked;
3149                  }
3150                  elseif($warning['expired'])
3151                  {
3152                      $expires = $lang->already_expired;
3153                  }
3154                  elseif($warning['expires'] == 0)
3155                  {
3156                      $expires = $lang->never;
3157                  }
3158                  else
3159                  {
3160                      $expires = my_date($mybb->settings['dateformat'], $warning['expires']).", ".my_date($mybb->settings['timeformat'], $warning['expires']);
3161                  }
3162  
3163                  $alt_bg = alt_trow();
3164                  eval("\$warnings .= \"".$templates->get("usercp_warnings_warning")."\";");
3165              }
3166              if($warnings)
3167              {
3168                  eval("\$latest_warnings = \"".$templates->get("usercp_warnings")."\";");
3169              }
3170          }
3171      }
3172  
3173      // Format username
3174      $username = format_name($mybb->user['username'], $mybb->user['usergroup'], $mybb->user['displaygroup']);
3175      $username = build_profile_link($username, $mybb->user['uid']);
3176  
3177      // Format post numbers
3178      $mybb->user['posts'] = my_number_format($mybb->user['postnum']);
3179  
3180      // Build referral link
3181      if($mybb->settings['usereferrals'] == 1)
3182      {
3183          $referral_link = $lang->sprintf($lang->referral_link, $settings['bburl'], $mybb->user['uid']);
3184          eval("\$referral_info = \"".$templates->get("usercp_referrals")."\";");
3185      }
3186  
3187      // User Notepad
3188      $plugins->run_hooks("usercp_notepad_start");
3189      $mybb->user['notepad'] = htmlspecialchars_uni($mybb->user['notepad']);
3190      eval("\$user_notepad = \"".$templates->get("usercp_notepad")."\";");
3191      $plugins->run_hooks("usercp_notepad_end");
3192  
3193      // Thread Subscriptions with New Posts
3194      $latest_subscribed = '';
3195      $query = $db->simple_select("threadsubscriptions", "sid", "uid = '".$mybb->user['uid']."'", array("limit" => 1));
3196      if($db->num_rows($query))
3197      {
3198          $visible = "AND t.visible != 0";
3199          if(is_moderator() == true)
3200          {
3201              $visible = '';
3202          }
3203  
3204          $query = $db->query("
3205              SELECT s.*, t.*, t.username AS threadusername, u.username
3206              FROM ".TABLE_PREFIX."threadsubscriptions s
3207              LEFT JOIN ".TABLE_PREFIX."threads t ON (s.tid=t.tid)
3208              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
3209              WHERE s.uid='".$mybb->user['uid']."' {$visible}
3210              ORDER BY t.lastpost DESC
3211              LIMIT 0, 10
3212          ");
3213  
3214          $fpermissions = forum_permissions();
3215          while($subscription = $db->fetch_array($query))
3216          {
3217              $forumpermissions = $fpermissions[$subscription['fid']];
3218              if($forumpermissions['canview'] != 0 && $forumpermissions['canviewthreads'] != 0 && ($forumpermissions['canonlyviewownthreads'] == 0 || $subscription['uid'] == $mybb->user['uid']))
3219              {
3220                  $subscriptions[$subscription['tid']] = $subscription;
3221              }
3222          }
3223  
3224          if(is_array($subscriptions))
3225          {
3226              $tids = implode(",", array_keys($subscriptions));
3227  
3228              // Checking read
3229              if($mybb->settings['threadreadcut'] > 0)
3230              {
3231                  $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3232                  while($readthread = $db->fetch_array($query))
3233                  {
3234                      if($readthread['dateline'] >= $subscriptions[$readthread['tid']]['lastpost'])
3235                      {
3236                          unset($subscriptions[$readthread['tid']]); // If it's already been read, then don't display the thread
3237                      }
3238                      else
3239                      {
3240                          $subscriptions[$readthread['tid']]['lastread'] = $readthread['dateline'];
3241                      }
3242                  }
3243              }
3244  
3245              if($subscriptions)
3246              {
3247                  if($mybb->settings['dotfolders'] != 0)
3248                  {
3249                      $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3250                      while($post = $db->fetch_array($query))
3251                      {
3252                          $subscriptions[$post['tid']]['doticon'] = 1;
3253                      }
3254                  }
3255  
3256                  $icon_cache = $cache->read("posticons");
3257  
3258                  foreach($subscriptions as $thread)
3259                  {
3260                      $folder = '';
3261                      $folder_label = '';
3262                      $gotounread = '';
3263  
3264                      if($thread['tid'])
3265                      {
3266                          $bgcolor = alt_trow();
3267                          $thread['subject'] = $parser->parse_badwords($thread['subject']);
3268                          $thread['subject'] = htmlspecialchars_uni($thread['subject']);
3269                          $thread['threadlink'] = get_thread_link($thread['tid']);
3270                          $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
3271  
3272                          // If this thread has a prefix...
3273                          if($thread['prefix'] != 0)
3274                          {
3275                              $query = $db->simple_select('threadprefixes', 'prefix, displaystyle', "pid='{$thread['prefix']}'");
3276                              $threadprefix = $db->fetch_array($query);
3277  
3278                              $thread['displayprefix'] = $threadprefix['displaystyle'].'&nbsp;';
3279                          }
3280                          else
3281                          {
3282                              $thread['displayprefix'] = '';
3283                          }
3284  
3285                          // Icons
3286                          if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
3287                          {
3288                              $icon = $icon_cache[$thread['icon']];
3289                              $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";
3290                          }
3291                          else
3292                          {
3293                              $icon = "&nbsp;";
3294                          }
3295  
3296                          if($thread['doticon'])
3297                          {
3298                              $folder = "dot_";
3299                              $folder_label .= $lang->icon_dot;
3300                          }
3301  
3302                          // Check to see which icon we display
3303                          if($thread['lastread'] && $thread['lastread'] < $thread['lastpost'])
3304                          {
3305                              $folder .= "new";
3306                              $folder_label .= $lang->icon_new;
3307                              $new_class = "subject_new";
3308                              $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
3309                              eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
3310                          }
3311                          else
3312                          {
3313                              $folder_label .= $lang->icon_no_new;
3314                              $new_class = "subject_old";
3315                          }
3316  
3317                          $folder .= "folder";
3318  
3319                          if($thread['visible'] == 0)
3320                          {
3321                              $bgcolor = "trow_shaded";
3322                          }
3323  
3324                          $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
3325                          $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
3326                          $lastposter = $thread['lastposter'];
3327                          $lastposteruid = $thread['lastposteruid'];
3328  
3329                          if($lastposteruid == 0)
3330                          {
3331                              $lastposterlink = $lastposter;
3332                          }
3333                          else
3334                          {
3335                              $lastposterlink = build_profile_link($lastposter, $lastposteruid);
3336                          }
3337  
3338                          $thread['replies'] = my_number_format($thread['replies']);
3339                          $thread['views'] = my_number_format($thread['views']);
3340                          $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
3341  
3342                          eval("\$latest_subscribed_threads .= \"".$templates->get("usercp_latest_subscribed_threads")."\";");
3343                      }
3344                  }
3345                  eval("\$latest_subscribed = \"".$templates->get("usercp_latest_subscribed")."\";");
3346              }
3347          }
3348      }
3349  
3350      // User's Latest Threads
3351  
3352      // Get unviewable forums
3353      $f_perm_sql = '';
3354      $unviewable_forums = get_unviewable_forums();
3355      if($unviewable_forums)
3356      {
3357          $f_perm_sql = "AND t.fid NOT IN (".$unviewable_forums.")";
3358      }
3359  
3360      $visible = " AND t.visible != 0";
3361      if(is_moderator() == true)
3362      {
3363          $visible = '';
3364      }
3365  
3366      $query = $db->query("
3367          SELECT t.*, t.username AS threadusername, u.username
3368          FROM ".TABLE_PREFIX."threads t
3369          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid = t.uid)
3370          WHERE t.uid='".$mybb->user['uid']."' AND t.firstpost != 0 AND t.visible != '-2' {$visible} {$f_perm_sql}
3371          ORDER BY t.lastpost DESC
3372          LIMIT 0, 5
3373      ");
3374  
3375      // Figure out whether we can view these threads...
3376      $threadcache = array();
3377      $fpermissions = forum_permissions();
3378      while($thread = $db->fetch_array($query))
3379      {
3380          // Moderated, and not moderator?
3381          if($thread['visible'] == 0 && is_moderator($thread['fid']) === false)
3382          {
3383              continue;
3384          }
3385  
3386          $forumpermissions = $fpermissions[$thread['fid']];
3387          if($forumpermissions['canview'] != 0 || $forumpermissions['canviewthreads'] != 0)
3388          {
3389              $threadcache[$thread['tid']] = $thread;
3390          }
3391      }
3392  
3393      if(!empty($threadcache))
3394      {
3395          $tids = implode(",", array_keys($threadcache));
3396  
3397          // Read Forums
3398          $query = $db->query("
3399              SELECT f.fid, fr.dateline AS lastread
3400              FROM ".TABLE_PREFIX."forums f
3401              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
3402              WHERE f.active != 0
3403              ORDER BY pid, disporder
3404          ");
3405          while($forum = $db->fetch_array($query))
3406          {
3407              $readforums[$forum['fid']] = $forum['lastread'];
3408          }
3409  
3410          // Threads being read?
3411          if($mybb->settings['threadreadcut'] > 0)
3412          {
3413              $query = $db->simple_select("threadsread", "*", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3414              while($readthread = $db->fetch_array($query))
3415              {
3416                  $threadcache[$readthread['tid']]['lastread'] = $readthread['dateline'];
3417              }
3418          }
3419  
3420          // Icon Stuff
3421          if($mybb->settings['dotfolders'] != 0)
3422          {
3423              $query = $db->simple_select("posts", "tid,uid", "uid='{$mybb->user['uid']}' AND tid IN ({$tids})");
3424              while($post = $db->fetch_array($query))
3425              {
3426                  $threadcache[$post['tid']]['doticon'] = 1;
3427              }
3428          }
3429  
3430          $icon_cache = $cache->read("posticons");
3431  
3432          // Run the threads...
3433          $latest_threads_threads = '';
3434          foreach($threadcache as $thread)
3435          {
3436              if($thread['tid'])
3437              {
3438                  $bgcolor = alt_trow();
3439                  $folder = '';
3440                  $folder_label = '';
3441                  $prefix = '';
3442                  $gotounread = '';
3443                  $isnew = 0;
3444                  $donenew = 0;
3445                  $lastread = 0;
3446  
3447                  // If this thread has a prefix...
3448                  if($thread['prefix'] != 0)
3449                  {
3450                      $query = $db->simple_select('threadprefixes', 'prefix, displaystyle', "pid='{$thread['prefix']}'");
3451                      $threadprefix = $db->fetch_array($query);
3452  
3453                      $thread['displayprefix'] = $threadprefix['displaystyle'].'&nbsp;';
3454                  }
3455                  else
3456                  {
3457                      $thread['displayprefix'] = '';
3458                  }
3459  
3460                  $thread['subject'] = $parser->parse_badwords($thread['subject']);
3461                  $thread['subject'] = htmlspecialchars_uni($thread['subject']);
3462                  $thread['threadlink'] = get_thread_link($thread['tid']);
3463                  $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
3464  
3465                  if($thread['icon'] > 0 && $icon_cache[$thread['icon']])
3466                  {
3467                      $icon = $icon_cache[$thread['icon']];
3468                      $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" />";
3469                  }
3470                  else
3471                  {
3472                      $icon = "&nbsp;";
3473                  }
3474  
3475                  if($mybb->settings['threadreadcut'] > 0)
3476                  {
3477                      $forum_read = $readforums[$thread['fid']];
3478  
3479                      $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
3480                      if($forum_read == 0 || $forum_read < $read_cutoff)
3481                      {
3482                          $forum_read = $read_cutoff;
3483                      }
3484                  }
3485  
3486                  if($mybb->settings['threadreadcut'] > 0 && $thread['lastpost'] > $forum_read)
3487                  {
3488                      $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
3489                  }
3490  
3491                  $cutoff = 0;
3492                  if($thread['lastpost'] > $cutoff)
3493                  {
3494                      if($thread['lastread'])
3495                      {
3496                          $lastread = $thread['lastread'];
3497                      }
3498                  }
3499  
3500                  if(!$lastread)
3501                  {
3502                      $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']);
3503                      if($readcookie > $forum_read)
3504                      {
3505                          $lastread = $readcookie;
3506                      }
3507                      else
3508                      {
3509                          $lastread = $forum_read;
3510                      }
3511                  }
3512  
3513                  // Folder Icons
3514                  if($thread['doticon'])
3515                  {
3516                      $folder = "dot_";
3517                      $folder_label .= $lang->icon_dot;
3518                  }
3519  
3520                  if($thread['lastpost'] > $lastread && $lastread)
3521                  {
3522                      $folder .= "new";
3523                      $folder_label .= $lang->icon_new;
3524                      $new_class = "subject_new";
3525                      $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost");
3526                      eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
3527                      $unreadpost = 1;
3528                  }
3529                  else
3530                  {
3531                      $folder_label .= $lang->icon_no_new;
3532                      $new_class = "subject_old";
3533                  }
3534  
3535                  if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
3536                  {
3537                      $folder .= "hot";
3538                      $folder_label .= $lang->icon_hot;
3539                  }
3540  
3541                  // Is our thread visible?
3542                  if($thread['visible'] == 0)
3543                  {
3544                      $bgcolor = 'trow_shaded';
3545                  }
3546  
3547                  if($thread['closed'] == 1)
3548                  {
3549                      $folder .= "lock";
3550                      $folder_label .= $lang->icon_lock;
3551                  }
3552  
3553                  $folder .= "folder";
3554  
3555                  $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
3556                  $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
3557                  $lastposter = $thread['lastposter'];
3558                  $lastposteruid = $thread['lastposteruid'];
3559  
3560                  if($lastposteruid == 0)
3561                  {
3562                      $lastposterlink = $lastposter;
3563                  }
3564                  else
3565                  {
3566                      $lastposterlink = build_profile_link($lastposter, $lastposteruid);
3567                  }
3568  
3569                  $thread['replies'] = my_number_format($thread['replies']);
3570                  $thread['views'] = my_number_format($thread['views']);
3571                  $thread['author'] = build_profile_link($thread['username'], $thread['uid']);
3572  
3573                  eval("\$latest_threads_threads .= \"".$templates->get("usercp_latest_threads_threads")."\";");
3574              }
3575          }
3576  
3577          eval("\$latest_threads = \"".$templates->get("usercp_latest_threads")."\";");
3578      }
3579  
3580      $plugins->run_hooks("usercp_end");
3581  
3582      eval("\$usercp = \"".$templates->get("usercp")."\";");
3583      output_page($usercp);
3584  }
3585  ?>

title

Description

title

Description

title

Description

title

title

Body