[Summary view] [Print] [Text view]

   1  <?php
   2  /***************************************************************************
   3   *                               privmsgs.php
   4   *                            -------------------
   5   *   begin                : Saturday, Jun 9, 2001
   6   *   copyright            : (C) 2001 The phpBB Group
   7   *   email                : support@phpbb.com
   8   *
   9   *   $Id: privmsg.php,v 1.96.2.49 2006/04/10 21:08:15 grahamje Exp $
  10   *
  11   *
  12   ***************************************************************************/
  13  
  14  /***************************************************************************
  15   *
  16   *   This program is free software; you can redistribute it and/or modify
  17   *   it under the terms of the GNU General Public License as published by
  18   *   the Free Software Foundation; either version 2 of the License, or
  19   *   (at your option) any later version.
  20   *
  21   ***************************************************************************/
  22  
  23  define('IN_PHPBB', true);
  24  $phpbb_root_path = './';
  25  include ($phpbb_root_path . 'extension.inc');
  26  include($phpbb_root_path . 'common.'.$phpEx);
  27  include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
  28  include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
  29  
  30  //
  31  // Is PM disabled?
  32  //
  33  if ( !empty($board_config['privmsg_disable']) )
  34  {
  35      message_die(GENERAL_MESSAGE, 'PM_disabled');
  36  }
  37  
  38  $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
  39  $html_entities_replace = array('&amp;', '&lt;', '&gt;', '&quot;');
  40  
  41  //
  42  // Parameters
  43  //
  44  $submit = ( isset($HTTP_POST_VARS['post']) ) ? TRUE : 0;
  45  $submit_search = ( isset($HTTP_POST_VARS['usersubmit']) ) ? TRUE : 0; 
  46  $submit_msgdays = ( isset($HTTP_POST_VARS['submit_msgdays']) ) ? TRUE : 0;
  47  $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0;
  48  $preview = ( isset($HTTP_POST_VARS['preview']) ) ? TRUE : 0;
  49  $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0;
  50  $delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : 0;
  51  $delete_all = ( isset($HTTP_POST_VARS['deleteall']) ) ? TRUE : 0;
  52  $save = ( isset($HTTP_POST_VARS['save']) ) ? TRUE : 0;
  53  
  54  $refresh = $preview || $submit_search;
  55  
  56  $mark_list = ( !empty($HTTP_POST_VARS['mark']) ) ? $HTTP_POST_VARS['mark'] : 0;
  57  
  58  if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
  59  {
  60      $folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
  61      $folder = htmlspecialchars($folder);
  62  
  63      if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
  64      {
  65          $folder = 'inbox';
  66      }
  67  }
  68  else
  69  {
  70      $folder = 'inbox';
  71  }
  72  
  73  //
  74  // Start session management
  75  //
  76  $userdata = session_pagestart($user_ip, PAGE_PRIVMSGS);
  77  init_userprefs($userdata);
  78  //
  79  // End session management
  80  //
  81  
  82  //
  83  // Cancel 
  84  //
  85  if ( $cancel )
  86  {
  87      redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
  88  }
  89  
  90  //
  91  // Var definitions
  92  //
  93  if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
  94  {
  95      $mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
  96      $mode = htmlspecialchars($mode);
  97  }
  98  else
  99  {
 100      $mode = '';
 101  }
 102  
 103  $start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
 104  
 105  if ( isset($HTTP_POST_VARS[POST_POST_URL]) || isset($HTTP_GET_VARS[POST_POST_URL]) )
 106  {
 107      $privmsg_id = ( isset($HTTP_POST_VARS[POST_POST_URL]) ) ? intval($HTTP_POST_VARS[POST_POST_URL]) : intval($HTTP_GET_VARS[POST_POST_URL]);
 108  }
 109  else
 110  {
 111      $privmsg_id = '';
 112  }
 113  
 114  $error = FALSE;
 115  
 116  //
 117  // Define the box image links
 118  //
 119  $inbox_img = ( $folder != 'inbox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '"><img src="' . $images['pm_inbox'] . '" border="0" alt="' . $lang['Inbox'] . '" /></a>' : '<img src="' . $images['pm_inbox'] . '" border="0" alt="' . $lang['Inbox'] . '" />';
 120  $inbox_url = ( $folder != 'inbox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '">' . $lang['Inbox'] . '</a>' : $lang['Inbox'];
 121  
 122  $outbox_img = ( $folder != 'outbox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=outbox") . '"><img src="' . $images['pm_outbox'] . '" border="0" alt="' . $lang['Outbox'] . '" /></a>' : '<img src="' . $images['pm_outbox'] . '" border="0" alt="' . $lang['Outbox'] . '" />';
 123  $outbox_url = ( $folder != 'outbox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=outbox") . '">' . $lang['Outbox'] . '</a>' : $lang['Outbox'];
 124  
 125  $sentbox_img = ( $folder != 'sentbox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=sentbox") . '"><img src="' . $images['pm_sentbox'] . '" border="0" alt="' . $lang['Sentbox'] . '" /></a>' : '<img src="' . $images['pm_sentbox'] . '" border="0" alt="' . $lang['Sentbox'] . '" />';
 126  $sentbox_url = ( $folder != 'sentbox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=sentbox") . '">' . $lang['Sentbox'] . '</a>' : $lang['Sentbox'];
 127  
 128  $savebox_img = ( $folder != 'savebox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=savebox") . '"><img src="' . $images['pm_savebox'] . '" border="0" alt="' . $lang['Savebox'] . '" /></a>' : '<img src="' . $images['pm_savebox'] . '" border="0" alt="' . $lang['Savebox'] . '" />';
 129  $savebox_url = ( $folder != 'savebox' || $mode != '' ) ? '<a href="' . append_sid("privmsg.$phpEx?folder=savebox") . '">' . $lang['Savebox'] . '</a>' : $lang['Savebox'];
 130  
 131  // ----------
 132  // Start main
 133  //
 134  if ( $mode == 'newpm' )
 135  {
 136      $gen_simple_header = TRUE;
 137  
 138      $page_title = $lang['Private_Messaging'];
 139      include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 140  
 141      $template->set_filenames(array(
 142          'body' => 'privmsgs_popup.tpl')
 143      );
 144  
 145      if ( $userdata['session_logged_in'] )
 146      {
 147          if ( $userdata['user_new_privmsg'] )
 148          {
 149              $l_new_message = ( $userdata['user_new_privmsg'] == 1 ) ? $lang['You_new_pm'] : $lang['You_new_pms'];
 150          }
 151          else
 152          {
 153              $l_new_message = $lang['You_no_new_pm'];
 154          }
 155  
 156          $l_new_message .= '<br /><br />' . sprintf($lang['Click_view_privmsg'], '<a href="' . append_sid("privmsg.".$phpEx."?folder=inbox") . '" onclick="jump_to_inbox();return false;" target="_new">', '</a>');
 157      }
 158      else
 159      {
 160          $l_new_message = $lang['Login_check_pm'];
 161      }
 162  
 163      $template->assign_vars(array(
 164          'L_CLOSE_WINDOW' => $lang['Close_window'], 
 165          'L_MESSAGE' => $l_new_message)
 166      );
 167  
 168      $template->pparse('body');
 169  
 170      include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
 171      
 172  }
 173  else if ( $mode == 'read' )
 174  {
 175      if ( !empty($HTTP_GET_VARS[POST_POST_URL]) )
 176      {
 177          $privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]);
 178      }
 179      else
 180      {
 181          message_die(GENERAL_ERROR, $lang['No_post_id']);
 182      }
 183  
 184      if ( !$userdata['session_logged_in'] )
 185      {
 186          redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode&" . POST_POST_URL . "=$privmsgs_id", true));
 187      }
 188  
 189      //
 190      // SQL to pull appropriate message, prevents nosey people
 191      // reading other peoples messages ... hopefully!
 192      //
 193      switch( $folder )
 194      {
 195          case 'inbox':
 196              $l_box_name = $lang['Inbox'];
 197              $pm_sql_user = "AND pm.privmsgs_to_userid = " . $userdata['user_id'] . " 
 198                  AND ( pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " 
 199                      OR pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
 200                      OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 201              break;
 202          case 'outbox':
 203              $l_box_name = $lang['Outbox'];
 204              $pm_sql_user = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'] . " 
 205                  AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
 206                      OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
 207              break;
 208          case 'sentbox':
 209              $l_box_name = $lang['Sentbox'];
 210              $pm_sql_user = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'] . " 
 211                  AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 212              break;
 213          case 'savebox':
 214              $l_box_name = $lang['Savebox'];
 215              $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
 216                      AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) 
 217                  OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
 218                      AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) 
 219                  )";
 220              break;
 221          default:
 222              message_die(GENERAL_ERROR, $lang['No_such_folder']);
 223              break;
 224      }
 225  
 226      //
 227      // Major query obtains the message ...
 228      //
 229      $sql = "SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text
 230          FROM " . PRIVMSGS_TABLE . " pm, " . PRIVMSGS_TEXT_TABLE . " pmt, " . USERS_TABLE . " u, " . USERS_TABLE . " u2 
 231          WHERE pm.privmsgs_id = $privmsgs_id
 232              AND pmt.privmsgs_text_id = pm.privmsgs_id 
 233              $pm_sql_user 
 234              AND u.user_id = pm.privmsgs_from_userid 
 235              AND u2.user_id = pm.privmsgs_to_userid";
 236      if ( !($result = $db->sql_query($sql)) )
 237      {
 238          message_die(GENERAL_ERROR, 'Could not query private message post information', '', __LINE__, __FILE__, $sql);
 239      }
 240  
 241      //
 242      // Did the query return any data?
 243      //
 244      if ( !($privmsg = $db->sql_fetchrow($result)) )
 245      {
 246          redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
 247      }
 248  
 249      $privmsg_id = $privmsg['privmsgs_id'];
 250  
 251      //
 252      // Is this a new message in the inbox? If it is then save
 253      // a copy in the posters sent box
 254      //
 255      if (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL || $privmsg['privmsgs_type'] == PRIVMSGS_UNREAD_MAIL) && $folder == 'inbox')
 256      {
 257          // Update appropriate counter
 258          switch ($privmsg['privmsgs_type'])
 259          {
 260              case PRIVMSGS_NEW_MAIL:
 261                  $sql = "user_new_privmsg = user_new_privmsg - 1";
 262                  break;
 263              case PRIVMSGS_UNREAD_MAIL:
 264                  $sql = "user_unread_privmsg = user_unread_privmsg - 1";
 265                  break;
 266          }
 267  
 268          $sql = "UPDATE " . USERS_TABLE . " 
 269              SET $sql 
 270              WHERE user_id = " . $userdata['user_id'];
 271          if ( !$db->sql_query($sql) )
 272          {
 273              message_die(GENERAL_ERROR, 'Could not update private message read status for user', '', __LINE__, __FILE__, $sql);
 274          }
 275  
 276          $sql = "UPDATE " . PRIVMSGS_TABLE . "
 277              SET privmsgs_type = " . PRIVMSGS_READ_MAIL . "
 278              WHERE privmsgs_id = " . $privmsg['privmsgs_id'];
 279          if ( !$db->sql_query($sql) )
 280          {
 281              message_die(GENERAL_ERROR, 'Could not update private message read status', '', __LINE__, __FILE__, $sql);
 282          }
 283  
 284          // Check to see if the poster has a 'full' sent box
 285          $sql = "SELECT COUNT(privmsgs_id) AS sent_items, MIN(privmsgs_date) AS oldest_post_time 
 286              FROM " . PRIVMSGS_TABLE . " 
 287              WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . " 
 288                  AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
 289          if ( !($result = $db->sql_query($sql)) )
 290          {
 291              message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
 292          }
 293  
 294          $sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
 295  
 296          if ( $sent_info = $db->sql_fetchrow($result) )
 297          {
 298              if ($board_config['max_sentbox_privmsgs'] && $sent_info['sent_items'] >= $board_config['max_sentbox_privmsgs'])
 299              {
 300                  $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " 
 301                      WHERE privmsgs_type = " . PRIVMSGS_SENT_MAIL . " 
 302                          AND privmsgs_date = " . $sent_info['oldest_post_time'] . " 
 303                          AND privmsgs_from_userid = " . $privmsg['privmsgs_from_userid'];
 304                  if ( !$result = $db->sql_query($sql) )
 305                  {
 306                      message_die(GENERAL_ERROR, 'Could not find oldest privmsgs', '', __LINE__, __FILE__, $sql);
 307                  }
 308                  $old_privmsgs_id = $db->sql_fetchrow($result);
 309                  $old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];
 310              
 311                  $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TABLE . " 
 312                      WHERE privmsgs_id = $old_privmsgs_id";
 313                  if ( !$db->sql_query($sql) )
 314                  {
 315                      message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (sent)', '', __LINE__, __FILE__, $sql);
 316                  }
 317  
 318                  $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TEXT_TABLE . " 
 319                      WHERE privmsgs_text_id = $old_privmsgs_id";
 320                  if ( !$db->sql_query($sql) )
 321                  {
 322                      message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (sent)', '', __LINE__, __FILE__, $sql);
 323                  }
 324              }
 325          }
 326  
 327          //
 328          // This makes a copy of the post and stores it as a SENT message from the sendee. Perhaps
 329          // not the most DB friendly way but a lot easier to manage, besides the admin will be able to
 330          // set limits on numbers of storable posts for users ... hopefully!
 331          //
 332          $sql = "INSERT $sql_priority INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig)
 333              VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_subject'])) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "', " . $privmsg['privmsgs_enable_html'] . ", " . $privmsg['privmsgs_enable_bbcode'] . ", " . $privmsg['privmsgs_enable_smilies'] . ", " .  $privmsg['privmsgs_attach_sig'] . ")";
 334          if ( !$db->sql_query($sql) )
 335          {
 336              message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
 337          }
 338  
 339          $privmsg_sent_id = $db->sql_nextid();
 340  
 341          $sql = "INSERT $sql_priority INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
 342              VALUES ($privmsg_sent_id, '" . $privmsg['privmsgs_bbcode_uid'] . "', '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_text'])) . "')";
 343          if ( !$db->sql_query($sql) )
 344          {
 345              message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
 346          }
 347      }
 348  
 349      //
 350      // Pick a folder, any folder, so long as it's one below ...
 351      //
 352      $post_urls = array(
 353          'post' => append_sid("privmsg.$phpEx?mode=post"),
 354          'reply' => append_sid("privmsg.$phpEx?mode=reply&amp;" . POST_POST_URL . "=$privmsg_id"),
 355          'quote' => append_sid("privmsg.$phpEx?mode=quote&amp;" . POST_POST_URL . "=$privmsg_id"),
 356          'edit' => append_sid("privmsg.$phpEx?mode=edit&amp;" . POST_POST_URL . "=$privmsg_id")
 357      );
 358      $post_icons = array(
 359          'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>',
 360          'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>',
 361          'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>',
 362          'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>',
 363          'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0" /></a>',
 364          'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['Post_quote_pm'] . '</a>',
 365          'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0" /></a>',
 366          'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['Edit_pm'] . '</a>'
 367      );
 368  
 369      if ( $folder == 'inbox' )
 370      {
 371          $post_img = $post_icons['post_img'];
 372          $reply_img = $post_icons['reply_img'];
 373          $quote_img = $post_icons['quote_img'];
 374          $edit_img = '';
 375          $post = $post_icons['post'];
 376          $reply = $post_icons['reply'];
 377          $quote = $post_icons['quote'];
 378          $edit = '';
 379          $l_box_name = $lang['Inbox'];
 380      }
 381      else if ( $folder == 'outbox' )
 382      {
 383          $post_img = $post_icons['post_img'];
 384          $reply_img = '';
 385          $quote_img = '';
 386          $edit_img = $post_icons['edit_img'];
 387          $post = $post_icons['post'];
 388          $reply = '';
 389          $quote = '';
 390          $edit = $post_icons['edit'];
 391          $l_box_name = $lang['Outbox'];
 392      }
 393      else if ( $folder == 'savebox' )
 394      {
 395          if ( $privmsg['privmsgs_type'] == PRIVMSGS_SAVED_IN_MAIL )
 396          {
 397              $post_img = $post_icons['post_img'];
 398              $reply_img = $post_icons['reply_img'];
 399              $quote_img = $post_icons['quote_img'];
 400              $edit_img = '';
 401              $post = $post_icons['post'];
 402              $reply = $post_icons['reply'];
 403              $quote = $post_icons['quote'];
 404              $edit = '';
 405          }
 406          else
 407          {
 408              $post_img = $post_icons['post_img'];
 409              $reply_img = '';
 410              $quote_img = '';
 411              $edit_img = '';
 412              $post = $post_icons['post'];
 413              $reply = '';
 414              $quote = '';
 415              $edit = '';
 416          }
 417          $l_box_name = $lang['Saved'];
 418      }
 419      else if ( $folder == 'sentbox' )
 420      {
 421          $post_img = $post_icons['post_img'];
 422          $reply_img = '';
 423          $quote_img = '';
 424          $edit_img = '';
 425          $post = $post_icons['post'];
 426          $reply = '';
 427          $quote = '';
 428          $edit = '';
 429          $l_box_name = $lang['Sent'];
 430      }
 431  
 432      $s_hidden_fields = '<input type="hidden" name="mark[]" value="' . $privmsgs_id . '" />';
 433  
 434      $page_title = $lang['Read_pm'];
 435      include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 436  
 437      //
 438      // Load templates
 439      //
 440      $template->set_filenames(array(
 441          'body' => 'privmsgs_read_body.tpl')
 442      );
 443      make_jumpbox('viewforum.'.$phpEx);
 444  
 445      $template->assign_vars(array(
 446          'INBOX_IMG' => $inbox_img, 
 447          'SENTBOX_IMG' => $sentbox_img, 
 448          'OUTBOX_IMG' => $outbox_img, 
 449          'SAVEBOX_IMG' => $savebox_img, 
 450          'INBOX' => $inbox_url, 
 451  
 452          'POST_PM_IMG' => $post_img, 
 453          'REPLY_PM_IMG' => $reply_img, 
 454          'EDIT_PM_IMG' => $edit_img, 
 455          'QUOTE_PM_IMG' => $quote_img, 
 456          'POST_PM' => $post, 
 457          'REPLY_PM' => $reply, 
 458          'EDIT_PM' => $edit, 
 459          'QUOTE_PM' => $quote, 
 460  
 461          'SENTBOX' => $sentbox_url, 
 462          'OUTBOX' => $outbox_url, 
 463          'SAVEBOX' => $savebox_url, 
 464  
 465          'BOX_NAME' => $l_box_name, 
 466  
 467          'L_MESSAGE' => $lang['Message'], 
 468          'L_INBOX' => $lang['Inbox'],
 469          'L_OUTBOX' => $lang['Outbox'],
 470          'L_SENTBOX' => $lang['Sent'],
 471          'L_SAVEBOX' => $lang['Saved'],
 472          'L_FLAG' => $lang['Flag'],
 473          'L_SUBJECT' => $lang['Subject'],
 474          'L_POSTED' => $lang['Posted'], 
 475          'L_DATE' => $lang['Date'],
 476          'L_FROM' => $lang['From'],
 477          'L_TO' => $lang['To'], 
 478          'L_SAVE_MSG' => $lang['Save_message'], 
 479          'L_DELETE_MSG' => $lang['Delete_message'], 
 480  
 481          'S_PRIVMSGS_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
 482          'S_HIDDEN_FIELDS' => $s_hidden_fields)
 483      );
 484      
 485      $username_from = $privmsg['username_1'];
 486      $user_id_from = $privmsg['user_id_1'];
 487      $username_to = $privmsg['username_2'];
 488      $user_id_to = $privmsg['user_id_2'];
 489  
 490      $post_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']);
 491  
 492      $temp_url = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . '=' . $user_id_from);
 493      $profile_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_profile'] . '" alt="' . $lang['Read_profile'] . '" title="' . $lang['Read_profile'] . '" border="0" /></a>';
 494      $profile = '<a href="' . $temp_url . '">' . $lang['Read_profile'] . '</a>';
 495  
 496      $temp_url = append_sid("privmsg.$phpEx?mode=post&amp;" . POST_USERS_URL . "=$user_id_from");
 497      $pm_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['Send_private_message'] . '" title="' . $lang['Send_private_message'] . '" border="0" /></a>';
 498      $pm = '<a href="' . $temp_url . '">' . $lang['Send_private_message'] . '</a>';
 499  
 500      if ( !empty($privmsg['user_viewemail']) || $userdata['user_level'] == ADMIN )
 501      {
 502          $email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&amp;" . POST_USERS_URL .'=' . $user_id_from) : 'mailto:' . $privmsg['user_email'];
 503  
 504          $email_img = '<a href="' . $email_uri . '"><img src="' . $images['icon_email'] . '" alt="' . $lang['Send_email'] . '" title="' . $lang['Send_email'] . '" border="0" /></a>';
 505          $email = '<a href="' . $email_uri . '">' . $lang['Send_email'] . '</a>';
 506      }
 507      else
 508      {
 509          $email_img = '';
 510          $email = '';
 511      }
 512  
 513      $www_img = ( $privmsg['user_website'] ) ? '<a href="' . $privmsg['user_website'] . '" target="_userwww"><img src="' . $images['icon_www'] . '" alt="' . $lang['Visit_website'] . '" title="' . $lang['Visit_website'] . '" border="0" /></a>' : '';
 514      $www = ( $privmsg['user_website'] ) ? '<a href="' . $privmsg['user_website'] . '" target="_userwww">' . $lang['Visit_website'] . '</a>' : '';
 515  
 516      if ( !empty($privmsg['user_icq']) )
 517      {
 518          $icq_status_img = '<a href="http://wwp.icq.com/' . $privmsg['user_icq'] . '#pager"><img src="http://web.icq.com/whitepages/online?icq=' . $privmsg['user_icq'] . '&img=5" width="18" height="18" border="0" /></a>';
 519          $icq_img = '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $privmsg['user_icq'] . '"><img src="' . $images['icon_icq'] . '" alt="' . $lang['ICQ'] . '" title="' . $lang['ICQ'] . '" border="0" /></a>';
 520          $icq =  '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $privmsg['user_icq'] . '">' . $lang['ICQ'] . '</a>';
 521      }
 522      else
 523      {
 524          $icq_status_img = '';
 525          $icq_img = '';
 526          $icq = '';
 527      }
 528  
 529      $aim_img = ( $privmsg['user_aim'] ) ? '<a href="aim:goim?screenname=' . $privmsg['user_aim'] . '&amp;message=Hello+Are+you+there?"><img src="' . $images['icon_aim'] . '" alt="' . $lang['AIM'] . '" title="' . $lang['AIM'] . '" border="0" /></a>' : '';
 530      $aim = ( $privmsg['user_aim'] ) ? '<a href="aim:goim?screenname=' . $privmsg['user_aim'] . '&amp;message=Hello+Are+you+there?">' . $lang['AIM'] . '</a>' : '';
 531  
 532      $temp_url = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$user_id_from");
 533      $msn_img = ( $privmsg['user_msnm'] ) ? '<a href="' . $temp_url . '"><img src="' . $images['icon_msnm'] . '" alt="' . $lang['MSNM'] . '" title="' . $lang['MSNM'] . '" border="0" /></a>' : '';
 534      $msn = ( $privmsg['user_msnm'] ) ? '<a href="' . $temp_url . '">' . $lang['MSNM'] . '</a>' : '';
 535  
 536      $yim_img = ( $privmsg['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $privmsg['user_yim'] . '&amp;.src=pg"><img src="' . $images['icon_yim'] . '" alt="' . $lang['YIM'] . '" title="' . $lang['YIM'] . '" border="0" /></a>' : '';
 537      $yim = ( $privmsg['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $privmsg['user_yim'] . '&amp;.src=pg">' . $lang['YIM'] . '</a>' : '';
 538  
 539      $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username_from) . "&amp;showresults=posts");
 540      $search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username_from) . '" title="' . sprintf($lang['Search_user_posts'], $username_from) . '" border="0" /></a>';
 541      $search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username_from) . '</a>';
 542  
 543      //
 544      // Processing of post
 545      //
 546      $post_subject = $privmsg['privmsgs_subject'];
 547  
 548      $private_message = $privmsg['privmsgs_text'];
 549      $bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
 550  
 551      if ( $board_config['allow_sig'] )
 552      {
 553          $user_sig = ( $privmsg['privmsgs_from_userid'] == $userdata['user_id'] ) ? $userdata['user_sig'] : $privmsg['user_sig'];
 554      }
 555      else
 556      {
 557          $user_sig = '';
 558      }
 559  
 560      $user_sig_bbcode_uid = ( $privmsg['privmsgs_from_userid'] == $userdata['user_id'] ) ? $userdata['user_sig_bbcode_uid'] : $privmsg['user_sig_bbcode_uid'];
 561  
 562      //
 563      // If the board has HTML off but the post has HTML
 564      // on then we process it, else leave it alone
 565      //
 566      if ( !$board_config['allow_html'] || !$userdata['user_allowhtml'])
 567      {
 568          if ( $user_sig != '')
 569          {
 570              $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "&lt;\\2&gt;", $user_sig);
 571          }
 572  
 573          if ( $privmsg['privmsgs_enable_html'] )
 574          {
 575              $private_message = preg_replace('#(<)([\/]?.*?)(>)#is', "&lt;\\2&gt;", $private_message);
 576          }
 577      }
 578  
 579      if ( $user_sig != '' && $privmsg['privmsgs_attach_sig'] && $user_sig_bbcode_uid != '' )
 580      {
 581          $user_sig = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($user_sig, $user_sig_bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $user_sig);
 582      }
 583  
 584      if ( $bbcode_uid != '' )
 585      {
 586          $private_message = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass($private_message, $bbcode_uid) : preg_replace('/\:[0-9a-z\:]+\]/si', ']', $private_message);
 587      }
 588  
 589      $private_message = make_clickable($private_message);
 590  
 591      if ( $privmsg['privmsgs_attach_sig'] && $user_sig != '' )
 592      {
 593          $private_message .= '<br /><br />_________________<br />' . make_clickable($user_sig);
 594      }
 595  
 596      $orig_word = array();
 597      $replacement_word = array();
 598      obtain_word_list($orig_word, $replacement_word);
 599  
 600      if ( count($orig_word) )
 601      {
 602          $post_subject = preg_replace($orig_word, $replacement_word, $post_subject);
 603          $private_message = preg_replace($orig_word, $replacement_word, $private_message);
 604      }
 605  
 606      if ( $board_config['allow_smilies'] && $privmsg['privmsgs_enable_smilies'] )
 607      {
 608          $private_message = smilies_pass($private_message);
 609      }
 610  
 611      $private_message = str_replace("\n", '<br />', $private_message);
 612  
 613      //
 614      // Dump it to the templating engine
 615      //
 616      $template->assign_vars(array(
 617          'MESSAGE_TO' => $username_to,
 618          'MESSAGE_FROM' => $username_from,
 619          'RANK_IMAGE' => $rank_image,
 620          'POSTER_JOINED' => $poster_joined,
 621          'POSTER_POSTS' => $poster_posts,
 622          'POSTER_FROM' => $poster_from,
 623          'POSTER_AVATAR' => $poster_avatar,
 624          'POST_SUBJECT' => $post_subject,
 625          'POST_DATE' => $post_date, 
 626          'MESSAGE' => $private_message,
 627  
 628          'PROFILE_IMG' => $profile_img, 
 629          'PROFILE' => $profile, 
 630          'SEARCH_IMG' => $search_img,
 631          'SEARCH' => $search,
 632          'EMAIL_IMG' => $email_img,
 633          'EMAIL' => $email,
 634          'WWW_IMG' => $www_img,
 635          'WWW' => $www,
 636          'ICQ_STATUS_IMG' => $icq_status_img,
 637          'ICQ_IMG' => $icq_img, 
 638          'ICQ' => $icq, 
 639          'AIM_IMG' => $aim_img,
 640          'AIM' => $aim,
 641          'MSN_IMG' => $msn_img,
 642          'MSN' => $msn,
 643          'YIM_IMG' => $yim_img,
 644          'YIM' => $yim)
 645      );
 646  
 647      $template->pparse('body');
 648  
 649      include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
 650  
 651  }
 652  else if ( ( $delete && $mark_list ) || $delete_all )
 653  {
 654      if ( !$userdata['session_logged_in'] )
 655      {
 656          redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
 657      }
 658  
 659      if ( isset($mark_list) && !is_array($mark_list) )
 660      {
 661          // Set to empty array instead of '0' if nothing is selected.
 662          $mark_list = array();
 663      }
 664  
 665      if ( !$confirm )
 666      {
 667          $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
 668          $s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />';
 669  
 670          for($i = 0; $i < count($mark_list); $i++)
 671          {
 672              $s_hidden_fields .= '<input type="hidden" name="mark[]" value="' . intval($mark_list[$i]) . '" />';
 673          }
 674  
 675          //
 676          // Output confirmation page
 677          //
 678          include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 679  
 680          $template->set_filenames(array(
 681              'confirm_body' => 'confirm_body.tpl')
 682          );
 683          $template->assign_vars(array(
 684              'MESSAGE_TITLE' => $lang['Information'],
 685              'MESSAGE_TEXT' => ( count($mark_list) == 1 ) ? $lang['Confirm_delete_pm'] : $lang['Confirm_delete_pms'], 
 686  
 687              'L_YES' => $lang['Yes'],
 688              'L_NO' => $lang['No'],
 689  
 690              'S_CONFIRM_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
 691              'S_HIDDEN_FIELDS' => $s_hidden_fields)
 692          );
 693  
 694          $template->pparse('confirm_body');
 695  
 696          include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
 697  
 698      }
 699      else if ( $confirm )
 700      {
 701          $delete_sql_id = '';
 702  
 703          if (!$delete_all)
 704          {
 705              for ($i = 0; $i < count($mark_list); $i++)
 706              {
 707                  $delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
 708              }
 709              $delete_sql_id = "AND privmsgs_id IN ($delete_sql_id)";
 710          }
 711  
 712          switch($folder)
 713          {
 714              case 'inbox':
 715                  $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
 716                  privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 717                  break;
 718  
 719              case 'outbox':
 720                  $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 721                  break;
 722  
 723              case 'sentbox':
 724                  $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 725                  break;
 726  
 727              case 'savebox':
 728                  $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . " 
 729                      AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) 
 730                  OR ( privmsgs_to_userid = " . $userdata['user_id'] . " 
 731                      AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
 732                  break;
 733          }
 734  
 735          $sql = "SELECT privmsgs_id
 736              FROM " . PRIVMSGS_TABLE . "
 737              WHERE $delete_type $delete_sql_id";
 738  
 739          if ( !($result = $db->sql_query($sql)) )
 740          {
 741              message_die(GENERAL_ERROR, 'Could not obtain id list to delete messages', '', __LINE__, __FILE__, $sql);
 742          }
 743  
 744          $mark_list = array();
 745          while ( $row = $db->sql_fetchrow($result) )
 746          {
 747              $mark_list[] = $row['privmsgs_id'];
 748          }
 749  
 750          unset($delete_type);
 751  
 752          if ( count($mark_list) )
 753          {
 754              $delete_sql_id = '';
 755              for ($i = 0; $i < sizeof($mark_list); $i++)
 756              {
 757                  $delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
 758              }
 759  
 760              if ($folder == 'inbox' || $folder == 'outbox')
 761              {
 762                  switch ($folder)
 763                  {
 764                      case 'inbox':
 765                          $sql = "privmsgs_to_userid = " . $userdata['user_id'];
 766                          break;
 767                      case 'outbox':
 768                          $sql = "privmsgs_from_userid = " . $userdata['user_id'];
 769                          break;
 770                  }
 771  
 772                  // Get information relevant to new or unread mail
 773                  // so we can adjust users counters appropriately
 774                  $sql = "SELECT privmsgs_to_userid, privmsgs_type 
 775                      FROM " . PRIVMSGS_TABLE . " 
 776                      WHERE privmsgs_id IN ($delete_sql_id) 
 777                          AND $sql  
 778                          AND privmsgs_type IN (" . PRIVMSGS_NEW_MAIL . ", " . PRIVMSGS_UNREAD_MAIL . ")";
 779                  if ( !($result = $db->sql_query($sql)) )
 780                  {
 781                      message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
 782                  }
 783  
 784                  if ( $row = $db->sql_fetchrow($result))
 785                  {
 786                      $update_users = $update_list = array();
 787                  
 788                      do
 789                      {
 790                          switch ($row['privmsgs_type'])
 791                          {
 792                              case PRIVMSGS_NEW_MAIL:
 793                                  $update_users['new'][$row['privmsgs_to_userid']]++;
 794                                  break;
 795  
 796                              case PRIVMSGS_UNREAD_MAIL:
 797                                  $update_users['unread'][$row['privmsgs_to_userid']]++;
 798                                  break;
 799                          }
 800                      }
 801                      while ($row = $db->sql_fetchrow($result));
 802  
 803                      if (sizeof($update_users))
 804                      {
 805                          while (list($type, $users) = each($update_users))
 806                          {
 807                              while (list($user_id, $dec) = each($users))
 808                              {
 809                                  $update_list[$type][$dec][] = $user_id;
 810                              }
 811                          }
 812                          unset($update_users);
 813  
 814                          while (list($type, $dec_ary) = each($update_list))
 815                          {
 816                              switch ($type)
 817                              {
 818                                  case 'new':
 819                                      $type = "user_new_privmsg";
 820                                      break;
 821  
 822                                  case 'unread':
 823                                      $type = "user_unread_privmsg";
 824                                      break;
 825                              }
 826  
 827                              while (list($dec, $user_ary) = each($dec_ary))
 828                              {
 829                                  $user_ids = implode(', ', $user_ary);
 830  
 831                                  $sql = "UPDATE " . USERS_TABLE . " 
 832                                      SET $type = $type - $dec 
 833                                      WHERE user_id IN ($user_ids)";
 834                                  if ( !$db->sql_query($sql) )
 835                                  {
 836                                      message_die(GENERAL_ERROR, 'Could not update user pm counters', '', __LINE__, __FILE__, $sql);
 837                                  }
 838                              }
 839                          }
 840                          unset($update_list);
 841                      }
 842                  }
 843                  $db->sql_freeresult($result);
 844              }
 845  
 846              // Delete the messages
 847              $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
 848                  WHERE privmsgs_text_id IN ($delete_sql_id)";
 849              $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
 850                  WHERE privmsgs_id IN ($delete_sql_id)
 851                      AND ";
 852  
 853              switch( $folder )
 854              {
 855                  case 'inbox':
 856                      $delete_sql .= "privmsgs_to_userid = " . $userdata['user_id'] . " AND (
 857                          privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 858                      break;
 859  
 860                  case 'outbox':
 861                      $delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( 
 862                          privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
 863                      break;
 864  
 865                  case 'sentbox':
 866                      $delete_sql .= "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
 867                      break;
 868  
 869                  case 'savebox':
 870                      $delete_sql .= "( ( privmsgs_from_userid = " . $userdata['user_id'] . " 
 871                          AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) 
 872                      OR ( privmsgs_to_userid = " . $userdata['user_id'] . " 
 873                          AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )";
 874                      break;
 875              }
 876  
 877              if ( !$db->sql_query($delete_sql, BEGIN_TRANSACTION) )
 878              {
 879                  message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
 880              }
 881  
 882              if ( !$db->sql_query($delete_text_sql, END_TRANSACTION) )
 883              {
 884                  message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
 885              }
 886          }
 887      }
 888  }
 889  else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
 890  {
 891      if ( !$userdata['session_logged_in'] )
 892      {
 893          redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
 894      }
 895      
 896      if (sizeof($mark_list))
 897      {
 898          // See if recipient is at their savebox limit
 899          $sql = "SELECT COUNT(privmsgs_id) AS savebox_items, MIN(privmsgs_date) AS oldest_post_time 
 900              FROM " . PRIVMSGS_TABLE . " 
 901              WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " 
 902                      AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
 903                  OR ( privmsgs_from_userid = " . $userdata['user_id'] . " 
 904                      AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )";
 905          if ( !($result = $db->sql_query($sql)) )
 906          {
 907              message_die(GENERAL_ERROR, 'Could not obtain sent message info for sendee', '', __LINE__, __FILE__, $sql);
 908          }
 909  
 910          $sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
 911  
 912          if ( $saved_info = $db->sql_fetchrow($result) )
 913          {
 914              if ($board_config['max_savebox_privmsgs'] && $saved_info['savebox_items'] >= $board_config['max_savebox_privmsgs'] )
 915              {
 916                  $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " 
 917                      WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " 
 918                                  AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
 919                              OR ( privmsgs_from_userid = " . $userdata['user_id'] . " 
 920                                  AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") ) 
 921                          AND privmsgs_date = " . $saved_info['oldest_post_time'];
 922                  if ( !$result = $db->sql_query($sql) )
 923                  {
 924                      message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (save)', '', __LINE__, __FILE__, $sql);
 925                  }
 926                  $old_privmsgs_id = $db->sql_fetchrow($result);
 927                  $old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];
 928              
 929                  $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TABLE . " 
 930                      WHERE privmsgs_id = $old_privmsgs_id";
 931                  if ( !$db->sql_query($sql) )
 932                  {
 933                      message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (save)', '', __LINE__, __FILE__, $sql);
 934                  }
 935  
 936                  $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TEXT_TABLE . " 
 937                      WHERE privmsgs_text_id = $old_privmsgs_id";
 938                  if ( !$db->sql_query($sql) )
 939                  {
 940                      message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (save)', '', __LINE__, __FILE__, $sql);
 941                  }
 942              }
 943          }
 944      
 945          $saved_sql_id = '';
 946          for ($i = 0; $i < sizeof($mark_list); $i++)
 947          {
 948              $saved_sql_id .= (($saved_sql_id != '') ? ', ' : '') . intval($mark_list[$i]);
 949          }
 950  
 951          // Process request
 952          $saved_sql = "UPDATE " . PRIVMSGS_TABLE;
 953  
 954          // Decrement read/new counters if appropriate
 955          if ($folder == 'inbox' || $folder == 'outbox')
 956          {
 957              switch ($folder)
 958              {
 959                  case 'inbox':
 960                      $sql = "privmsgs_to_userid = " . $userdata['user_id'];
 961                      break;
 962                  case 'outbox':
 963                      $sql = "privmsgs_from_userid = " . $userdata['user_id'];
 964                      break;
 965              }
 966  
 967              // Get information relevant to new or unread mail
 968              // so we can adjust users counters appropriately
 969              $sql = "SELECT privmsgs_to_userid, privmsgs_type 
 970                  FROM " . PRIVMSGS_TABLE . " 
 971                  WHERE privmsgs_id IN ($saved_sql_id) 
 972                      AND $sql  
 973                      AND privmsgs_type IN (" . PRIVMSGS_NEW_MAIL . ", " . PRIVMSGS_UNREAD_MAIL . ")";
 974              if ( !($result = $db->sql_query($sql)) )
 975              {
 976                  message_die(GENERAL_ERROR, 'Could not obtain user id list for outbox messages', '', __LINE__, __FILE__, $sql);
 977              }
 978  
 979              if ( $row = $db->sql_fetchrow($result))
 980              {
 981                  $update_users = $update_list = array();
 982              
 983                  do
 984                  {
 985                      switch ($row['privmsgs_type'])
 986                      {
 987                          case PRIVMSGS_NEW_MAIL:
 988                              $update_users['new'][$row['privmsgs_to_userid']]++;
 989                              break;
 990  
 991                          case PRIVMSGS_UNREAD_MAIL:
 992                              $update_users['unread'][$row['privmsgs_to_userid']]++;
 993                              break;
 994                      }
 995                  }
 996                  while ($row = $db->sql_fetchrow($result));
 997  
 998                  if (sizeof($update_users))
 999                  {
1000                      while (list($type, $users) = each($update_users))
1001                      {
1002                          while (list($user_id, $dec) = each($users))
1003                          {
1004                              $update_list[$type][$dec][] = $user_id;
1005                          }
1006                      }
1007                      unset($update_users);
1008  
1009                      while (list($type, $dec_ary) = each($update_list))
1010                      {
1011                          switch ($type)
1012                          {
1013                              case 'new':
1014                                  $type = "user_new_privmsg";
1015                                  break;
1016  
1017                              case 'unread':
1018                                  $type = "user_unread_privmsg";
1019                                  break;
1020                          }
1021  
1022                          while (list($dec, $user_ary) = each($dec_ary))
1023                          {
1024                              $user_ids = implode(', ', $user_ary);
1025  
1026                              $sql = "UPDATE " . USERS_TABLE . " 
1027                                  SET $type = $type - $dec 
1028                                  WHERE user_id IN ($user_ids)";
1029                              if ( !$db->sql_query($sql) )
1030                              {
1031                                  message_die(GENERAL_ERROR, 'Could not update user pm counters', '', __LINE__, __FILE__, $sql);
1032                              }
1033                          }
1034                      }
1035                      unset($update_list);
1036                  }
1037              }
1038              $db->sql_freeresult($result);
1039          }
1040  
1041          switch ($folder)
1042          {
1043              case 'inbox':
1044                  $saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " 
1045                      WHERE privmsgs_to_userid = " . $userdata['user_id'] . " 
1046                          AND ( privmsgs_type = " . PRIVMSGS_READ_MAIL . " 
1047                              OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
1048                              OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . ")";
1049                  break;
1050  
1051              case 'outbox':
1052                  $saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " 
1053                      WHERE privmsgs_from_userid = " . $userdata['user_id'] . " 
1054                          AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
1055                              OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
1056                  break;
1057  
1058              case 'sentbox':
1059                  $saved_sql .= " SET privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " 
1060                      WHERE privmsgs_from_userid = " . $userdata['user_id'] . " 
1061                          AND privmsgs_type = " . PRIVMSGS_SENT_MAIL;
1062                  break;
1063          }
1064  
1065          $saved_sql .= " AND privmsgs_id IN ($saved_sql_id)";
1066  
1067          if ( !$db->sql_query($saved_sql) )
1068          {
1069              message_die(GENERAL_ERROR, 'Could not save private messages', '', __LINE__, __FILE__, $saved_sql);
1070          }
1071  
1072          redirect(append_sid("privmsg.$phpEx?folder=savebox", true));
1073      }
1074  }
1075  else if ( $submit || $refresh || $mode != '' )
1076  {
1077      if ( !$userdata['session_logged_in'] )
1078      {
1079          $user_id = ( isset($HTTP_GET_VARS[POST_USERS_URL]) ) ? '&' . POST_USERS_URL . '=' . intval($HTTP_GET_VARS[POST_USERS_URL]) : '';
1080          redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode" . $user_id, true));
1081      }
1082      
1083      //
1084      // Toggles
1085      //
1086      if ( !$board_config['allow_html'] )
1087      {
1088          $html_on = 0;
1089      }
1090      else
1091      {
1092          $html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
1093      }
1094  
1095      if ( !$board_config['allow_bbcode'] )
1096      {
1097          $bbcode_on = 0;
1098      }
1099      else
1100      {
1101          $bbcode_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_bbcode']) ) ? 0 : TRUE ) : $userdata['user_allowbbcode'];
1102      }
1103  
1104      if ( !$board_config['allow_smilies'] )
1105      {
1106          $smilies_on = 0;
1107      }
1108      else
1109      {
1110          $smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : $userdata['user_allowsmile'];
1111      }
1112  
1113      $attach_sig = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['attach_sig']) ) ? TRUE : 0 ) : $userdata['user_attachsig'];
1114      $user_sig = ( $userdata['user_sig'] != '' && $board_config['allow_sig'] ) ? $userdata['user_sig'] : "";
1115      
1116      if ( $submit && $mode != 'edit' )
1117      {
1118          //
1119          // Flood control
1120          //
1121          $sql = "SELECT MAX(privmsgs_date) AS last_post_time
1122              FROM " . PRIVMSGS_TABLE . "
1123              WHERE privmsgs_from_userid = " . $userdata['user_id'];
1124          if ( $result = $db->sql_query($sql) )
1125          {
1126              $db_row = $db->sql_fetchrow($result);
1127  
1128              $last_post_time = $db_row['last_post_time'];
1129              $current_time = time();
1130  
1131              if ( ( $current_time - $last_post_time ) < $board_config['flood_interval'])
1132              {
1133                  message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
1134              }
1135          }
1136          //
1137          // End Flood control
1138          //
1139      }
1140  
1141      if ($submit && $mode == 'edit')
1142      {
1143          $sql = 'SELECT privmsgs_from_userid
1144              FROM ' . PRIVMSGS_TABLE . '
1145              WHERE privmsgs_id = ' . (int) $privmsg_id . '
1146                  AND privmsgs_from_userid = ' . $userdata['user_id'];
1147  
1148          if (!($result = $db->sql_query($sql)))
1149          {
1150              message_die(GENERAL_ERROR, "Could not obtain message details", "", __LINE__, __FILE__, $sql);
1151          }
1152  
1153          if (!($row = $db->sql_fetchrow($result)))
1154          {
1155              message_die(GENERAL_MESSAGE, $lang['No_such_post']);
1156          }
1157          $db->sql_freeresult($result);
1158  
1159          unset($row);
1160      }
1161  
1162      if ( $submit )
1163      {
1164          if ( !empty($HTTP_POST_VARS['username']) )
1165          {
1166              $to_username = phpbb_clean_username($HTTP_POST_VARS['username']);
1167  
1168              $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active 
1169                  FROM " . USERS_TABLE . "
1170                  WHERE username = '" . str_replace("\'", "''", $to_username) . "'
1171                      AND user_id <> " . ANONYMOUS;
1172              if ( !($result = $db->sql_query($sql)) )
1173              {
1174                  $error = TRUE;
1175                  $error_msg = $lang['No_such_user'];
1176              }
1177  
1178              if (!($to_userdata = $db->sql_fetchrow($result)))
1179              {
1180                  $error = TRUE;
1181                  $error_msg = $lang['No_such_user'];
1182              }
1183          }
1184          else
1185          {
1186              $error = TRUE;
1187              $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['No_to_user'];
1188          }
1189  
1190          $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
1191          if ( empty($privmsg_subject) )
1192          {
1193              $error = TRUE;
1194              $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Empty_subject'];
1195          }
1196  
1197          if ( !empty($HTTP_POST_VARS['message']) )
1198          {
1199              if ( !$error )
1200              {
1201                  if ( $bbcode_on )
1202                  {
1203                      $bbcode_uid = make_bbcode_uid();
1204                  }
1205  
1206                  $privmsg_message = prepare_message($HTTP_POST_VARS['message'], $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
1207  
1208              }
1209          }
1210          else
1211          {
1212              $error = TRUE;
1213              $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Empty_message'];
1214          }
1215      }
1216  
1217      if ( $submit && !$error )
1218      {
1219          //
1220          // Has admin prevented user from sending PM's?
1221          //
1222          if ( !$userdata['user_allow_pm'] )
1223          {
1224              $message = $lang['Cannot_send_privmsg'];
1225              message_die(GENERAL_MESSAGE, $message);
1226          }
1227  
1228          $msg_time = time();
1229  
1230          if ( $mode != 'edit' )
1231          {
1232              //
1233              // See if recipient is at their inbox limit
1234              //
1235              $sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time 
1236                  FROM " . PRIVMSGS_TABLE . " 
1237                  WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
1238                          OR privmsgs_type = " . PRIVMSGS_READ_MAIL . "  
1239                          OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) 
1240                      AND privmsgs_to_userid = " . $to_userdata['user_id'];
1241              if ( !($result = $db->sql_query($sql)) )
1242              {
1243                  message_die(GENERAL_MESSAGE, $lang['No_such_user']);
1244              }
1245  
1246              $sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : '';
1247  
1248              if ( $inbox_info = $db->sql_fetchrow($result) )
1249              {
1250                  if ($board_config['max_inbox_privmsgs'] && $inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs'])
1251                  {
1252                      $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " 
1253                          WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
1254                                  OR privmsgs_type = " . PRIVMSGS_READ_MAIL . " 
1255                                  OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . "  ) 
1256                              AND privmsgs_date = " . $inbox_info['oldest_post_time'] . " 
1257                              AND privmsgs_to_userid = " . $to_userdata['user_id'];
1258                      if ( !$result = $db->sql_query($sql) )
1259                      {
1260                          message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (inbox)', '', __LINE__, __FILE__, $sql);
1261                      }
1262                      $old_privmsgs_id = $db->sql_fetchrow($result);
1263                      $old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];
1264                  
1265                      $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TABLE . " 
1266                          WHERE privmsgs_id = $old_privmsgs_id";
1267                      if ( !$db->sql_query($sql) )
1268                      {
1269                          message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (inbox)'.$sql, '', __LINE__, __FILE__, $sql);
1270                      }
1271  
1272                      $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TEXT_TABLE . " 
1273                          WHERE privmsgs_text_id = $old_privmsgs_id";
1274                      if ( !$db->sql_query($sql) )
1275                      {
1276                          message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (inbox)', '', __LINE__, __FILE__, $sql);
1277                      }
1278                  }
1279              }
1280  
1281              $sql_info = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig)
1282                  VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\'", "''", $privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '$user_ip', $html_on, $bbcode_on, $smilies_on, $attach_sig)";
1283          }
1284          else
1285          {
1286              $sql_info = "UPDATE " . PRIVMSGS_TABLE . "
1287                  SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . str_replace("\'", "''", $privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '$user_ip', privmsgs_enable_html = $html_on, privmsgs_enable_bbcode = $bbcode_on, privmsgs_enable_smilies = $smilies_on, privmsgs_attach_sig = $attach_sig 
1288                  WHERE privmsgs_id = $privmsg_id";
1289          }
1290  
1291          if ( !($result = $db->sql_query($sql_info, BEGIN_TRANSACTION)) )
1292          {
1293              message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql_info);
1294          }
1295  
1296          if ( $mode != 'edit' )
1297          {
1298              $privmsg_sent_id = $db->sql_nextid();
1299  
1300              $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
1301                  VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", $privmsg_message) . "')";
1302          }
1303          else
1304          {
1305              $sql = "UPDATE " . PRIVMSGS_TEXT_TABLE . "
1306                  SET privmsgs_text = '" . str_replace("\'", "''", $privmsg_message) . "', privmsgs_bbcode_uid = '$bbcode_uid' 
1307                  WHERE privmsgs_text_id = $privmsg_id";
1308          }
1309  
1310          if ( !$db->sql_query($sql, END_TRANSACTION) )
1311          {
1312              message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);
1313          }
1314  
1315          if ( $mode != 'edit' )
1316          {
1317              //
1318              // Add to the users new pm counter
1319              //
1320              $sql = "UPDATE " . USERS_TABLE . "
1321                  SET user_new_privmsg = user_new_privmsg + 1, user_last_privmsg = " . time() . "  
1322                  WHERE user_id = " . $to_userdata['user_id']; 
1323              if ( !$status = $db->sql_query($sql) )
1324              {
1325                  message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql);
1326              }
1327  
1328              if ( $to_userdata['user_notify_pm'] && !empty($to_userdata['user_email']) && $to_userdata['user_active'] )
1329              {
1330                  $script_name = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($board_config['script_path']));
1331                  $script_name = ( $script_name != '' ) ? $script_name . '/privmsg.'.$phpEx : 'privmsg.'.$phpEx;
1332                  $server_name = trim($board_config['server_name']);
1333                  $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
1334                  $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';
1335  
1336                  include($phpbb_root_path . 'includes/emailer.'.$phpEx);
1337                  $emailer = new emailer($board_config['smtp_delivery']);
1338                      
1339                  $emailer->from($board_config['board_email']);
1340                  $emailer->replyto($board_config['board_email']);
1341  
1342                  $emailer->use_template('privmsg_notify', $to_userdata['user_lang']);
1343                  $emailer->email_address($to_userdata['user_email']);
1344                  $emailer->set_subject($lang['Notification_subject']);
1345                      
1346                  $emailer->assign_vars(array(
1347                      'USERNAME' => stripslashes($to_username), 
1348                      'SITENAME' => $board_config['sitename'],
1349                      'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', 
1350  
1351                      'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox')
1352                  );
1353  
1354                  $emailer->send();
1355                  $emailer->reset();
1356              }
1357          }
1358  
1359          $template->assign_vars(array(
1360              'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("privmsg.$phpEx?folder=inbox") . '">')
1361          );
1362  
1363          $msg = $lang['Message_sent'] . '<br /><br />' . sprintf($lang['Click_return_inbox'], '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '">', '</a> ') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
1364  
1365          message_die(GENERAL_MESSAGE, $msg);
1366      }
1367      else if ( $preview || $refresh || $error )
1368      {
1369  
1370          //
1371          // If we're previewing or refreshing then obtain the data
1372          // passed to the script, process it a little, do some checks
1373          // where neccessary, etc.
1374          //
1375          $to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : '';
1376  
1377          $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
1378          $privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : '';
1379          $privmsg_message = preg_replace('#<textarea>#si', '&lt;textarea&gt;', $privmsg_message);
1380          if ( !$preview )
1381          {
1382              $privmsg_message = stripslashes($privmsg_message);
1383          }
1384  
1385          //
1386          // Do mode specific things
1387          //
1388          if ( $mode == 'post' )
1389          {
1390              $page_title = $lang['Post_new_pm'];
1391  
1392              $user_sig = ( $userdata['user_sig'] != '' && $board_config['allow_sig'] ) ? $userdata['user_sig'] : '';
1393  
1394          }
1395          else if ( $mode == 'reply' )
1396          {
1397              $page_title = $lang['Post_reply_pm'];
1398  
1399              $user_sig = ( $userdata['user_sig'] != '' && $board_config['allow_sig'] ) ? $userdata['user_sig'] : '';
1400  
1401          }
1402          else if ( $mode == 'edit' )
1403          {
1404              $page_title = $lang['Edit_pm'];
1405  
1406              $sql = "SELECT u.user_id, u.user_sig 
1407                  FROM " . PRIVMSGS_TABLE . " pm, " . USERS_TABLE . " u 
1408                  WHERE pm.privmsgs_id = $privmsg_id 
1409                      AND u.user_id = pm.privmsgs_from_userid";
1410              if ( !($result = $db->sql_query($sql)) )
1411              {
1412                  message_die(GENERAL_ERROR, "Could not obtain post and post text", "", __LINE__, __FILE__, $sql);
1413              }
1414  
1415              if ( $postrow = $db->sql_fetchrow($result) )
1416              {
1417                  if ( $userdata['user_id'] != $postrow['user_id'] )
1418                  {
1419                      message_die(GENERAL_MESSAGE, $lang['Edit_own_posts']);
1420                  }
1421  
1422                  $user_sig = ( $postrow['user_sig'] != '' && $board_config['allow_sig'] ) ? $postrow['user_sig'] : '';
1423              }
1424          }
1425      }
1426      else 
1427      {
1428          if ( !$privmsg_id && ( $mode == 'reply' || $mode == 'edit' || $mode == 'quote' ) )
1429          {
1430              message_die(GENERAL_ERROR, $lang['No_post_id']);
1431          }
1432  
1433          if ( !empty($HTTP_GET_VARS[POST_USERS_URL]) )
1434          {
1435              $user_id = intval($HTTP_GET_VARS[POST_USERS_URL]);
1436  
1437              $sql = "SELECT username
1438                  FROM " . USERS_TABLE . "
1439                  WHERE user_id = $user_id
1440                      AND user_id <> " . ANONYMOUS;
1441              if ( !($result = $db->sql_query($sql)) )
1442              {
1443                  $error = TRUE;
1444                  $error_msg = $lang['No_such_user'];
1445              }
1446  
1447              if ( $row = $db->sql_fetchrow($result) )
1448              {
1449                  $to_username = $row['username'];
1450              }
1451          }
1452          else if ( $mode == 'edit' )
1453          {
1454              $sql = "SELECT pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text, u.username, u.user_id, u.user_sig 
1455                  FROM " . PRIVMSGS_TABLE . " pm, " . PRIVMSGS_TEXT_TABLE . " pmt, " . USERS_TABLE . " u
1456                  WHERE pm.privmsgs_id = $privmsg_id
1457                      AND pmt.privmsgs_text_id = pm.privmsgs_id
1458                      AND pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1459                      AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
1460                          OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) 
1461                      AND u.user_id = pm.privmsgs_to_userid";
1462              if ( !($result = $db->sql_query($sql)) )
1463              {
1464                  message_die(GENERAL_ERROR, 'Could not obtain private message for editing', '', __LINE__, __FILE__, $sql);
1465              }
1466  
1467              if ( !($privmsg = $db->sql_fetchrow($result)) )
1468              {
1469                  redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
1470              }
1471  
1472              $privmsg_subject = $privmsg['privmsgs_subject'];
1473              $privmsg_message = $privmsg['privmsgs_text'];
1474              $privmsg_bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
1475              $privmsg_bbcode_enabled = ($privmsg['privmsgs_enable_bbcode'] == 1);
1476  
1477              if ( $privmsg_bbcode_enabled )
1478              {
1479                  $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message);
1480              }
1481              
1482              $privmsg_message = str_replace('<br />', "\n", $privmsg_message);
1483              $privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);
1484  
1485              $user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : '';
1486  
1487              $to_username = $privmsg['username'];
1488              $to_userid = $privmsg['user_id'];
1489  
1490          }
1491          else if ( $mode == 'reply' || $mode == 'quote' )
1492          {
1493  
1494              $sql = "SELECT pm.privmsgs_subject, pm.privmsgs_date, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text, u.username, u.user_id
1495                  FROM " . PRIVMSGS_TABLE . " pm, " . PRIVMSGS_TEXT_TABLE . " pmt, " . USERS_TABLE . " u
1496                  WHERE pm.privmsgs_id = $privmsg_id
1497                      AND pmt.privmsgs_text_id = pm.privmsgs_id
1498                      AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
1499                      AND u.user_id = pm.privmsgs_from_userid";
1500              if ( !($result = $db->sql_query($sql)) )
1501              {
1502                  message_die(GENERAL_ERROR, 'Could not obtain private message for editing', '', __LINE__, __FILE__, $sql);
1503              }
1504  
1505              if ( !($privmsg = $db->sql_fetchrow($result)) )
1506              {
1507                  redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
1508              }
1509  
1510              $orig_word = $replacement_word = array();
1511              obtain_word_list($orig_word, $replacement_word);
1512  
1513              $privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
1514              $privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
1515  
1516              $to_username = $privmsg['username'];
1517              $to_userid = $privmsg['user_id'];
1518  
1519              if ( $mode == 'quote' )
1520              {
1521                  $privmsg_message = $privmsg['privmsgs_text'];
1522                  $privmsg_bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
1523  
1524                  $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message);
1525                  $privmsg_message = str_replace('<br />', "\n", $privmsg_message);
1526                  $privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);
1527                  $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
1528                  
1529                  $msg_date =  create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); 
1530  
1531                  $privmsg_message = '[quote="' . $to_username . '"]' . $privmsg_message . '[/quote]';
1532  
1533                  $mode = 'reply';
1534              }
1535          }
1536          else
1537          {
1538              $privmsg_subject = $privmsg_message = $to_username = '';
1539          }
1540      }
1541  
1542      //
1543      // Has admin prevented user from sending PM's?
1544      //
1545      if ( !$userdata['user_allow_pm'] && $mode != 'edit' )
1546      {
1547          $message = $lang['Cannot_send_privmsg'];
1548          message_die(GENERAL_MESSAGE, $message);
1549      }
1550  
1551      //
1552      // Start output, first preview, then errors then post form
1553      //
1554      $page_title = $lang['Send_private_message'];
1555      include($phpbb_root_path . 'includes/page_header.'.$phpEx);
1556  
1557      if ( $preview && !$error )
1558      {
1559          $orig_word = array();
1560          $replacement_word = array();
1561          obtain_word_list($orig_word, $replacement_word);
1562  
1563          if ( $bbcode_on )
1564          {
1565              $bbcode_uid = make_bbcode_uid();
1566          }
1567  
1568          $preview_message = stripslashes(prepare_message($privmsg_message, $html_on, $bbcode_on, $smilies_on, $bbcode_uid));
1569          $privmsg_message = stripslashes(preg_replace($html_entities_match, $html_entities_replace, $privmsg_message));
1570  
1571          //
1572          // Finalise processing as per viewtopic
1573          //
1574          if ( !$html_on || !$board_config['allow_html'] || !$userdata['user_allowhtml'] )
1575          {
1576              if ( $user_sig != '' )
1577              {
1578                  $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "&lt;\\2&gt;", $user_sig);
1579              }
1580          }
1581  
1582          if ( $attach_sig && $user_sig != '' && $userdata['user_sig_bbcode_uid'] )
1583          {
1584              $user_sig = bbencode_second_pass($user_sig, $userdata['user_sig_bbcode_uid']);
1585          }
1586  
1587          if ( $bbcode_on )
1588          {
1589              $preview_message = bbencode_second_pass($preview_message, $bbcode_uid);
1590          }
1591  
1592          if ( $attach_sig && $user_sig != '' )
1593          {
1594              $preview_message = $preview_message . '<br /><br />_________________<br />' . $user_sig;
1595          }
1596          
1597          if ( count($orig_word) )
1598          {
1599              $preview_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
1600              $preview_message = preg_replace($orig_word, $replacement_word, $preview_message);
1601          }
1602          else
1603          {
1604              $preview_subject = $privmsg_subject;
1605          }
1606  
1607          if ( $smilies_on )
1608          {
1609              $preview_message = smilies_pass($preview_message);
1610          }
1611  
1612          $preview_message = make_clickable($preview_message);
1613          $preview_message = str_replace("\n", '<br />', $preview_message);
1614  
1615          $s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
1616          $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
1617  
1618          if ( isset($privmsg_id) )
1619          {
1620              $s_hidden_fields .= '<input type="hidden" name="' . POST_POST_URL . '" value="' . $privmsg_id . '" />';
1621          }
1622  
1623          $template->set_filenames(array(
1624              "preview" => 'privmsgs_preview.tpl')
1625          );
1626  
1627          $template->assign_vars(array(
1628              'TOPIC_TITLE' => $preview_subject,
1629              'POST_SUBJECT' => $preview_subject,
1630              'MESSAGE_TO' => $to_username, 
1631              'MESSAGE_FROM' => $userdata['username'], 
1632              'POST_DATE' => create_date($board_config['default_dateformat'], time(), $board_config['board_timezone']),
1633              'MESSAGE' => $preview_message,
1634  
1635              'S_HIDDEN_FIELDS' => $s_hidden_fields,
1636  
1637              'L_SUBJECT' => $lang['Subject'],
1638              'L_DATE' => $lang['Date'],
1639              'L_FROM' => $lang['From'],
1640              'L_TO' => $lang['To'],
1641              'L_PREVIEW' => $lang['Preview'],
1642              'L_POSTED' => $lang['Posted'])
1643          );
1644  
1645          $template->assign_var_from_handle('POST_PREVIEW_BOX', 'preview');
1646      }
1647  
1648      //
1649      // Start error handling
1650      //
1651      if ($error)
1652      {
1653          $template->set_filenames(array(
1654              'reg_header' => 'error_body.tpl')
1655          );
1656          $template->assign_vars(array(
1657              'ERROR_MESSAGE' => $error_msg)
1658          );
1659          $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
1660      }
1661  
1662      //
1663      // Load templates
1664      //
1665      $template->set_filenames(array(
1666          'body' => 'posting_body.tpl')
1667      );
1668      make_jumpbox('viewforum.'.$phpEx);
1669  
1670      //
1671      // Enable extensions in posting_body
1672      //
1673      $template->assign_block_vars('switch_privmsg', array());
1674  
1675      //
1676      // HTML toggle selection
1677      //
1678      if ( $board_config['allow_html'] )
1679      {
1680          $html_status = $lang['HTML_is_ON'];
1681          $template->assign_block_vars('switch_html_checkbox', array());
1682      }
1683      else
1684      {
1685          $html_status = $lang['HTML_is_OFF'];
1686      }
1687  
1688      //
1689      // BBCode toggle selection
1690      //
1691      if ( $board_config['allow_bbcode'] )
1692      {
1693          $bbcode_status = $lang['BBCode_is_ON'];
1694          $template->assign_block_vars('switch_bbcode_checkbox', array());
1695      }
1696      else
1697      {
1698          $bbcode_status = $lang['BBCode_is_OFF'];
1699      }
1700  
1701      //
1702      // Smilies toggle selection
1703      //
1704      if ( $board_config['allow_smilies'] )
1705      {
1706          $smilies_status = $lang['Smilies_are_ON'];
1707          $template->assign_block_vars('switch_smilies_checkbox', array());
1708      }
1709      else
1710      {
1711          $smilies_status = $lang['Smilies_are_OFF'];
1712      }
1713  
1714      //
1715      // Signature toggle selection - only show if
1716      // the user has a signature
1717      //
1718      if ( $user_sig != '' )
1719      {
1720          $template->assign_block_vars('switch_signature_checkbox', array());
1721      }
1722  
1723      if ( $mode == 'post' )
1724      {
1725          $post_a = $lang['Send_a_new_message'];
1726      }
1727      else if ( $mode == 'reply' )
1728      {
1729          $post_a = $lang['Send_a_reply'];
1730          $mode = 'post';
1731      }
1732      else if ( $mode == 'edit' )
1733      {
1734          $post_a = $lang['Edit_message'];
1735      }
1736  
1737      $s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
1738      $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
1739      if ( $mode == 'edit' )
1740      {
1741          $s_hidden_fields .= '<input type="hidden" name="' . POST_POST_URL . '" value="' . $privmsg_id . '" />';
1742      }
1743  
1744      //
1745      // Send smilies to template
1746      //
1747      generate_smilies('inline', PAGE_PRIVMSGS);
1748  
1749      $template->assign_vars(array(
1750          'SUBJECT' => $privmsg_subject, 
1751          'USERNAME' => $to_username,
1752          'MESSAGE' => $privmsg_message,
1753          'HTML_STATUS' => $html_status, 
1754          'SMILIES_STATUS' => $smilies_status, 
1755          'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'), 
1756          'FORUM_NAME' => $lang['Private_Message'], 
1757  
1758          'BOX_NAME' => $l_box_name, 
1759          'INBOX_IMG' => $inbox_img, 
1760          'SENTBOX_IMG' => $sentbox_img, 
1761          'OUTBOX_IMG' => $outbox_img, 
1762          'SAVEBOX_IMG' => $savebox_img, 
1763          'INBOX' => $inbox_url, 
1764          'SENTBOX' => $sentbox_url, 
1765          'OUTBOX' => $outbox_url, 
1766          'SAVEBOX' => $savebox_url, 
1767  
1768          'L_SUBJECT' => $lang['Subject'],
1769          'L_MESSAGE_BODY' => $lang['Message_body'],
1770          'L_OPTIONS' => $lang['Options'],
1771          'L_SPELLCHECK' => $lang['Spellcheck'],
1772          'L_PREVIEW' => $lang['Preview'],
1773          'L_SUBMIT' => $lang['Submit'],
1774          'L_CANCEL' => $lang['Cancel'],
1775          'L_POST_A' => $post_a,
1776          'L_FIND_USERNAME' => $lang['Find_username'],
1777          'L_FIND' => $lang['Find'],
1778          'L_DISABLE_HTML' => $lang['Disable_HTML_pm'], 
1779          'L_DISABLE_BBCODE' => $lang['Disable_BBCode_pm'], 
1780          'L_DISABLE_SMILIES' => $lang['Disable_Smilies_pm'], 
1781          'L_ATTACH_SIGNATURE' => $lang['Attach_signature'], 
1782  
1783          'L_BBCODE_B_HELP' => $lang['bbcode_b_help'], 
1784          'L_BBCODE_I_HELP' => $lang['bbcode_i_help'], 
1785          'L_BBCODE_U_HELP' => $lang['bbcode_u_help'], 
1786          'L_BBCODE_Q_HELP' => $lang['bbcode_q_help'], 
1787          'L_BBCODE_C_HELP' => $lang['bbcode_c_help'], 
1788          'L_BBCODE_L_HELP' => $lang['bbcode_l_help'], 
1789          'L_BBCODE_O_HELP' => $lang['bbcode_o_help'], 
1790          'L_BBCODE_P_HELP' => $lang['bbcode_p_help'], 
1791          'L_BBCODE_W_HELP' => $lang['bbcode_w_help'], 
1792          'L_BBCODE_A_HELP' => $lang['bbcode_a_help'], 
1793          'L_BBCODE_S_HELP' => $lang['bbcode_s_help'], 
1794          'L_BBCODE_F_HELP' => $lang['bbcode_f_help'], 
1795          'L_EMPTY_MESSAGE' => $lang['Empty_message'],
1796  
1797          'L_FONT_COLOR' => $lang['Font_color'], 
1798          'L_COLOR_DEFAULT' => $lang['color_default'], 
1799          'L_COLOR_DARK_RED' => $lang['color_dark_red'], 
1800          'L_COLOR_RED' => $lang['color_red'], 
1801          'L_COLOR_ORANGE' => $lang['color_orange'], 
1802          'L_COLOR_BROWN' => $lang['color_brown'], 
1803          'L_COLOR_YELLOW' => $lang['color_yellow'], 
1804          'L_COLOR_GREEN' => $lang['color_green'], 
1805          'L_COLOR_OLIVE' => $lang['color_olive'], 
1806          'L_COLOR_CYAN' => $lang['color_cyan'], 
1807          'L_COLOR_BLUE' => $lang['color_blue'], 
1808          'L_COLOR_DARK_BLUE' => $lang['color_dark_blue'], 
1809          'L_COLOR_INDIGO' => $lang['color_indigo'], 
1810          'L_COLOR_VIOLET' => $lang['color_violet'], 
1811          'L_COLOR_WHITE' => $lang['color_white'], 
1812          'L_COLOR_BLACK' => $lang['color_black'], 
1813  
1814          'L_FONT_SIZE' => $lang['Font_size'], 
1815          'L_FONT_TINY' => $lang['font_tiny'], 
1816          'L_FONT_SMALL' => $lang['font_small'], 
1817          'L_FONT_NORMAL' => $lang['font_normal'], 
1818          'L_FONT_LARGE' => $lang['font_large'], 
1819          'L_FONT_HUGE' => $lang['font_huge'], 
1820  
1821          'L_BBCODE_CLOSE_TAGS' => $lang['Close_Tags'], 
1822          'L_STYLES_TIP' => $lang['Styles_tip'], 
1823  
1824          'S_HTML_CHECKED' => ( !$html_on ) ? ' checked="checked"' : '', 
1825          'S_BBCODE_CHECKED' => ( !$bbcode_on ) ? ' checked="checked"' : '', 
1826          'S_SMILIES_CHECKED' => ( !$smilies_on ) ? ' checked="checked"' : '', 
1827          'S_SIGNATURE_CHECKED' => ( $attach_sig ) ? ' checked="checked"' : '', 
1828          'S_HIDDEN_FORM_FIELDS' => $s_hidden_fields,
1829          'S_POST_ACTION' => append_sid("privmsg.$phpEx"),
1830              
1831          'U_SEARCH_USER' => append_sid("search.$phpEx?mode=searchuser"), 
1832          'U_VIEW_FORUM' => append_sid("privmsg.$phpEx"))
1833      );
1834  
1835      $template->pparse('body');
1836  
1837      include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
1838  }
1839  
1840  //
1841  // Default page
1842  //
1843  if ( !$userdata['session_logged_in'] )
1844  {
1845      redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
1846  }
1847  
1848  //
1849  // Update unread status 
1850  //
1851  $sql = "UPDATE " . USERS_TABLE . "
1852      SET user_unread_privmsg = user_unread_privmsg + user_new_privmsg, user_new_privmsg = 0, user_last_privmsg = " . $userdata['session_start'] . " 
1853      WHERE user_id = " . $userdata['user_id'];
1854  if ( !$db->sql_query($sql) )
1855  {
1856      message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql);
1857  }
1858  
1859  $sql = "UPDATE " . PRIVMSGS_TABLE . "
1860      SET privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " 
1861      WHERE privmsgs_type = " . PRIVMSGS_NEW_MAIL . " 
1862          AND privmsgs_to_userid = " . $userdata['user_id'];
1863  if ( !$db->sql_query($sql) )
1864  {
1865      message_die(GENERAL_ERROR, 'Could not update private message new/read status (2) for user', '', __LINE__, __FILE__, $sql);
1866  }
1867  
1868  //
1869  // Reset PM counters
1870  //
1871  $userdata['user_new_privmsg'] = 0;
1872  $userdata['user_unread_privmsg'] = ( $userdata['user_new_privmsg'] + $userdata['user_unread_privmsg'] );
1873  
1874  //
1875  // Generate page
1876  //
1877  $page_title = $lang['Private_Messaging'];
1878  include($phpbb_root_path . 'includes/page_header.'.$phpEx);
1879  
1880  //
1881  // Load templates
1882  //
1883  $template->set_filenames(array(
1884      'body' => 'privmsgs_body.tpl')
1885  );
1886  make_jumpbox('viewforum.'.$phpEx);
1887  
1888  $orig_word = array();
1889  $replacement_word = array();
1890  obtain_word_list($orig_word, $replacement_word);
1891  
1892  //
1893  // New message
1894  //
1895  $post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" border="0" /></a>';
1896  
1897  //
1898  // General SQL to obtain messages
1899  //
1900  $sql_tot = "SELECT COUNT(privmsgs_id) AS total 
1901      FROM " . PRIVMSGS_TABLE . " ";
1902  $sql = "SELECT pm.privmsgs_type, pm.privmsgs_id, pm.privmsgs_date, pm.privmsgs_subject, u.user_id, u.username 
1903      FROM " . PRIVMSGS_TABLE . " pm, " . USERS_TABLE . " u ";
1904  switch( $folder )
1905  {
1906      case 'inbox':
1907          $sql_tot .= "WHERE privmsgs_to_userid = " . $userdata['user_id'] . "
1908              AND ( privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1909                  OR privmsgs_type = " . PRIVMSGS_READ_MAIL . " 
1910                  OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1911  
1912          $sql .= "WHERE pm.privmsgs_to_userid = " . $userdata['user_id'] . "
1913              AND u.user_id = pm.privmsgs_from_userid
1914              AND ( pm.privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1915                  OR pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . " 
1916                  OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1917          break;
1918  
1919      case 'outbox':
1920          $sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
1921              AND ( privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1922                  OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1923  
1924          $sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1925              AND u.user_id = pm.privmsgs_to_userid
1926              AND ( pm.privmsgs_type =  " . PRIVMSGS_NEW_MAIL . "
1927                  OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
1928          break;
1929  
1930      case 'sentbox':
1931          $sql_tot .= "WHERE privmsgs_from_userid = " . $userdata['user_id'] . "
1932              AND privmsgs_type =  " . PRIVMSGS_SENT_MAIL;
1933  
1934          $sql .= "WHERE pm.privmsgs_from_userid = " . $userdata['user_id'] . "
1935              AND u.user_id = pm.privmsgs_to_userid
1936              AND pm.privmsgs_type =  " . PRIVMSGS_SENT_MAIL;
1937          break;
1938  
1939      case 'savebox':
1940          $sql_tot .= "WHERE ( ( privmsgs_to_userid = " . $userdata['user_id'] . " 
1941                  AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
1942              OR ( privmsgs_from_userid = " . $userdata['user_id'] . " 
1943                  AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . ") )";
1944  
1945          $sql .= "WHERE u.user_id = pm.privmsgs_from_userid 
1946              AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " 
1947                  AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) 
1948              OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . " 
1949                  AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
1950          break;
1951  
1952      default:
1953          message_die(GENERAL_MESSAGE, $lang['No_such_folder']);
1954          break;
1955  }
1956  
1957  //
1958  // Show messages over previous x days/months
1959  //
1960  if ( $submit_msgdays && ( !empty($HTTP_POST_VARS['msgdays']) || !empty($HTTP_GET_VARS['msgdays']) ) )
1961  {
1962      $msg_days = ( !empty($HTTP_POST_VARS['msgdays']) ) ? intval($HTTP_POST_VARS['msgdays']) : intval($HTTP_GET_VARS['msgdays']);
1963      $min_msg_time = time() - ($msg_days * 86400);
1964  
1965      $limit_msg_time_total = " AND privmsgs_date > $min_msg_time";
1966      $limit_msg_time = " AND pm.privmsgs_date > $min_msg_time ";
1967  
1968      if ( !empty($HTTP_POST_VARS['msgdays']) )
1969      {
1970          $start = 0;
1971      }
1972  }
1973  else
1974  {
1975      $limit_msg_time = $limit_msg_time_total = '';
1976      $msg_days = 0;
1977  }
1978  
1979  $sql .= $limit_msg_time . " ORDER BY pm.privmsgs_date DESC LIMIT $start, " . $board_config['topics_per_page'];
1980  $sql_all_tot = $sql_tot;
1981  $sql_tot .= $limit_msg_time_total;
1982  
1983  //
1984  // Get messages
1985  //
1986  if ( !($result = $db->sql_query($sql_tot)) )
1987  {
1988      message_die(GENERAL_ERROR, 'Could not query private message information', '', __LINE__, __FILE__, $sql_tot);
1989  }
1990  
1991  $pm_total = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] : 0;
1992  
1993  if ( !($result = $db->sql_query($sql_all_tot)) )
1994  {
1995      message_die(GENERAL_ERROR, 'Could not query private message information', '', __LINE__, __FILE__, $sql_tot);
1996  }
1997  
1998  $pm_all_total = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] : 0;
1999  
2000  //
2001  // Build select box
2002  //
2003  $previous_days = array(0, 1, 7, 14, 30, 90, 180, 364);
2004  $previous_days_text = array($lang['All_Posts'], $lang['1_Day'], $lang['7_Days'], $lang['2_Weeks'], $lang['1_Month'], $lang['3_Months'], $lang['6_Months'], $lang['1_Year']);
2005  
2006  $select_msg_days = '';
2007  for($i = 0; $i < count($previous_days); $i++)
2008  {
2009      $selected = ( $msg_days == $previous_days[$i] ) ? ' selected="selected"' : '';
2010      $select_msg_days .= '<option value="' . $previous_days[$i] . '"' . $selected . '>' . $previous_days_text[$i] . '</option>';
2011  }
2012  
2013  //
2014  // Define correct icons
2015  //
2016  switch ( $folder )
2017  {
2018      case 'inbox':
2019          $l_box_name = $lang['Inbox'];
2020          break;
2021      case 'outbox':
2022          $l_box_name = $lang['Outbox'];
2023          break;
2024      case 'savebox':
2025          $l_box_name = $lang['Savebox'];
2026          break;
2027      case 'sentbox':
2028          $l_box_name = $lang['Sentbox'];
2029          break;
2030  }
2031  $post_pm = append_sid("privmsg.$phpEx?mode=post");
2032  $post_pm_img = '<a href="' . $post_pm . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>';
2033  $post_pm = '<a href="' . $post_pm . '">' . $lang['Post_new_pm'] . '</a>';
2034  
2035  //
2036  // Output data for inbox status
2037  //
2038  if ( $folder != 'outbox' )
2039  {
2040      $inbox_limit_pct = ( $board_config['max_' . $folder . '_privmsgs'] > 0 ) ? round(( $pm_all_total / $board_config['max_' . $folder . '_privmsgs'] ) * 100) : 100;
2041      $inbox_limit_img_length = ( $board_config['max_' . $folder . '_privmsgs'] > 0 ) ? round(( $pm_all_total / $board_config['max_' . $folder . '_privmsgs'] ) * $board_config['privmsg_graphic_length']) : $board_config['privmsg_graphic_length'];
2042      $inbox_limit_remain = ( $board_config['max_' . $folder . '_privmsgs'] > 0 ) ? $board_config['max_' . $folder . '_privmsgs'] - $pm_all_total : 0;
2043  
2044      $template->assign_block_vars('switch_box_size_notice', array());
2045  
2046      switch( $folder )
2047      {
2048          case 'inbox':
2049              $l_box_size_status = sprintf($lang['Inbox_size'], $inbox_limit_pct);
2050              break;
2051          case 'sentbox':
2052              $l_box_size_status = sprintf($lang['Sentbox_size'], $inbox_limit_pct);
2053              break;
2054          case 'savebox':
2055              $l_box_size_status = sprintf($lang['Savebox_size'], $inbox_limit_pct);
2056              break;
2057          default:
2058              $l_box_size_status = '';
2059              break;
2060      }
2061  }
2062  else
2063  {
2064      $inbox_limit_img_length = $inbox_limit_pct = $l_box_size_status = '';
2065  }
2066  
2067  //
2068  // Dump vars to template
2069  //
2070  $template->assign_vars(array(
2071      'BOX_NAME' => $l_box_name, 
2072      'INBOX_IMG' => $inbox_img, 
2073      'SENTBOX_IMG' => $sentbox_img, 
2074      'OUTBOX_IMG' => $outbox_img, 
2075      'SAVEBOX_IMG' => $savebox_img, 
2076      'INBOX' => $inbox_url, 
2077      'SENTBOX' => $sentbox_url, 
2078      'OUTBOX' => $outbox_url, 
2079      'SAVEBOX' => $savebox_url, 
2080  
2081      'POST_PM_IMG' => $post_pm_img, 
2082      'POST_PM' => $post_pm, 
2083  
2084      'INBOX_LIMIT_IMG_WIDTH' => $inbox_limit_img_length, 
2085      'INBOX_LIMIT_PERCENT' => $inbox_limit_pct, 
2086  
2087      'BOX_SIZE_STATUS' => $l_box_size_status, 
2088  
2089      'L_INBOX' => $lang['Inbox'],
2090      'L_OUTBOX' => $lang['Outbox'],
2091      'L_SENTBOX' => $lang['Sent'],
2092      'L_SAVEBOX' => $lang['Saved'],
2093      'L_MARK' => $lang['Mark'],
2094      'L_FLAG' => $lang['Flag'],
2095      'L_SUBJECT' => $lang['Subject'],
2096      'L_DATE' => $lang['Date'],
2097      'L_DISPLAY_MESSAGES' => $lang['Display_messages'],
2098      'L_FROM_OR_TO' => ( $folder == 'inbox' || $folder == 'savebox' ) ? $lang['From'] : $lang['To'], 
2099      'L_MARK_ALL' => $lang['Mark_all'], 
2100      'L_UNMARK_ALL' => $lang['Unmark_all'], 
2101      'L_DELETE_MARKED' => $lang['Delete_marked'], 
2102      'L_DELETE_ALL' => $lang['Delete_all'], 
2103      'L_SAVE_MARKED' => $lang['Save_marked'], 
2104  
2105      'S_PRIVMSGS_ACTION' => append_sid("privmsg.$phpEx?folder=$folder"),
2106      'S_HIDDEN_FIELDS' => '',
2107      'S_POST_NEW_MSG' => $post_new_mesg_url,
2108      'S_SELECT_MSG_DAYS' => $select_msg_days,
2109  
2110      'U_POST_NEW_TOPIC' => append_sid("privmsg.$phpEx?mode=post"))
2111  );
2112  
2113  //
2114  // Okay, let's build the correct folder
2115  //
2116  if ( !($result = $db->sql_query($sql)) )
2117  {
2118      message_die(GENERAL_ERROR, 'Could not query private messages', '', __LINE__, __FILE__, $sql);
2119  }
2120  
2121  if ( $row = $db->sql_fetchrow($result) )
2122  {
2123      $i = 0;
2124      do
2125      {
2126          $privmsg_id = $row['privmsgs_id'];
2127  
2128          $flag = $row['privmsgs_type'];
2129  
2130          $icon_flag = ( $flag == PRIVMSGS_NEW_MAIL || $flag == PRIVMSGS_UNREAD_MAIL ) ? $images['pm_unreadmsg'] : $images['pm_readmsg'];
2131          $icon_flag_alt = ( $flag == PRIVMSGS_NEW_MAIL || $flag == PRIVMSGS_UNREAD_MAIL ) ? $lang['Unread_message'] : $lang['Read_message'];
2132  
2133          $msg_userid = $row['user_id'];
2134          $msg_username = $row['username'];
2135  
2136          $u_from_user_profile = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$msg_userid");
2137  
2138          $msg_subject = $row['privmsgs_subject'];
2139  
2140          if ( count($orig_word) )
2141          {
2142              $msg_subject = preg_replace($orig_word, $replacement_word, $msg_subject);
2143          }
2144          
2145          $u_subject = append_sid("privmsg.$phpEx?folder=$folder&amp;mode=read&amp;" . POST_POST_URL . "=$privmsg_id");
2146  
2147          $msg_date = create_date($board_config['default_dateformat'], $row['privmsgs_date'], $board_config['board_timezone']);
2148  
2149          if ( $flag == PRIVMSGS_NEW_MAIL && $folder == 'inbox' )
2150          {
2151              $msg_subject = '<b>' . $msg_subject . '</b>';
2152              $msg_date = '<b>' . $msg_date . '</b>';
2153              $msg_username = '<b>' . $msg_username . '</b>';
2154          }
2155  
2156          $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
2157          $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
2158          $i++;
2159  
2160          $template->assign_block_vars('listrow', array(
2161              'ROW_COLOR' => '#' . $row_color,
2162              'ROW_CLASS' => $row_class,
2163              'FROM' => $msg_username,
2164              'SUBJECT' => $msg_subject,
2165              'DATE' => $msg_date,
2166              'PRIVMSG_FOLDER_IMG' => $icon_flag,
2167  
2168              'L_PRIVMSG_FOLDER_ALT' => $icon_flag_alt, 
2169  
2170              'S_MARK_ID' => $privmsg_id, 
2171  
2172              'U_READ' => $u_subject,
2173              'U_FROM_USER_PROFILE' => $u_from_user_profile)
2174          );
2175      }
2176      while( $row = $db->sql_fetchrow($result) );
2177  
2178      $template->assign_vars(array(
2179          'PAGINATION' => generate_pagination("privmsg.$phpEx?folder=$folder", $pm_total, $board_config['topics_per_page'], $start),
2180          'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $pm_total / $board_config['topics_per_page'] )), 
2181  
2182          'L_GOTO_PAGE' => $lang['Goto_page'])
2183      );
2184  
2185  }
2186  else
2187  {
2188      $template->assign_vars(array(
2189          'L_NO_MESSAGES' => $lang['No_messages_folder'])
2190      );
2191  
2192      $template->assign_block_vars("switch_no_messages", array() );
2193  }
2194  
2195  $template->pparse('body');
2196  
2197  include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
2198  
2199  ?>