Example #1
0
 public function __construct()
 {
     parent::__construct();
     $this->spam = antispam::getInstance();
     $this->security = security::getInstance();
     $this->filter = array('content' => array('filters' => array()), 'suscribe' => array('filters' => array(array('trueOrFalse'))));
     $this->validate = array('author' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Por favor introduce tu Nombre.'))), 'url' => array('rules' => array(array('rule' => VALID_URL, 'message' => 'No es una URL valida.'))), 'email' => array('required' => true, 'rules' => array(array('rule' => VALID_EMAIL, 'message' => 'El e-mail no es valido.'))), 'content' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Debes introducir un comentario.'), array('rule' => array('isSpam'), 'message' => 'No se aceptan comentarios en blanco o con spam.'))));
 }
Example #2
0
 /**
  * UCP Register
  *
  * @param array $data Data from ucp_register
  * @param array $error
  */
 public static function ucp_register($data, &$error)
 {
     global $config, $user;
     if (!$config['asacp_enable']) {
         return;
     }
     // Profile fields stuff
     foreach (self::$profile_fields as $field => $ary) {
         if ($ary['field_type'] == 'disabled') {
             continue;
         }
         switch ($config['asacp_profile_' . $field]) {
             case 1:
                 // Required
                 if (isset($_POST[$field]) && !request_var($field, '')) {
                     $error[] = sprintf($user->lang['FIELD_REQUIRED'], $user->lang[$ary['lang']]);
                 }
                 break;
             case 2:
                 // Normal
                 if (!$config['asacp_profile_during_reg'] && isset($_POST[$field]) && request_var($field, '')) {
                     $error[] = sprintf($user->lang['FIELD_TOO_LONG'], $user->lang[$ary['lang']], 0);
                 }
                 break;
             case 3:
                 // Never allowed
             // Never allowed
             case 4:
                 // Post Count
                 if (isset($_POST[$field]) && request_var($field, '')) {
                     $error[] = sprintf($user->lang['FIELD_TOO_LONG'], $user->lang[$ary['lang']], 0);
                 }
                 break;
         }
     }
     // Stop Forum Spam stuff
     if (!sizeof($error) && $config['asacp_sfs_action'] > 1) {
         if (!function_exists('get_remote_file')) {
             global $phpbb_root_path, $phpEx;
             include $phpbb_root_path . 'includes/functions_admin.' . $phpEx;
         }
         $stop_forum_spam_urls = array('api?username='******'username']), 'api?email=' . urlencode($data['email']));
         foreach ($stop_forum_spam_urls as $url) {
             $errstr = $errno = '';
             $file = get_remote_file('stopforumspam.com', '', $url, $errstr, $errno);
             if ($file !== false) {
                 $file = str_replace("\r\n", "\n", $file);
                 $file = explode("\n", $file);
                 $appears = $frequency = false;
                 foreach ($file as $line) {
                     if (strpos($line, '<appears>') !== false && strpos($line, '</appears>') !== false) {
                         $start = strpos($line, '<appears>') + 9;
                         $end = strpos($line, '</appears>') - $start;
                         $appears = substr($line, $start, $end) == 'yes' ? true : false;
                     } else {
                         if (strpos($line, '<frequency>') !== false && strpos($line, '</frequency>') !== false) {
                             $start = strpos($line, '<frequency>') + 11;
                             $end = strpos($line, '</frequency>') - $start;
                             $frequency = (int) substr($line, $start, $end);
                         }
                     }
                 }
                 if ($appears && $frequency >= $config['asacp_sfs_min_freq']) {
                     self::$sfs_spam = true;
                     if ($config['asacp_sfs_action']) {
                         self::add_log('LOG_SPAM_USER_DENIED_SFS', array($url));
                     }
                     break;
                 }
             }
         }
         if (self::$sfs_spam) {
             switch ($config['asacp_sfs_action']) {
                 case 3:
                     $config['require_activation'] = USER_ACTIVATION_SELF;
                     break;
                 case 4:
                     $config['require_activation'] = USER_ACTIVATION_ADMIN;
                     break;
                 case 5:
                     $user->add_lang('mods/asacp');
                     $error[] = $user->lang['PROFILE_SPAM_DENIED'];
                     break;
             }
         }
     }
 }
	);

	if (isset($cp_row['row']) && sizeof($cp_row['row']))
	{
		$postrow = array_merge($postrow, $cp_row['row']);
	}

        // [+] Karma MOD
	$karmamod->viewtopic_postrow($postrow, $user_cache[$poster_id], $poster_id, $forum_id, $topic_id, $row);
	// [-] Karma MOD

	// Dump vars into template
	$template->assign_block_vars('postrow', $postrow);

	// START Anti-Spam ACP
	antispam::flagged_output($poster_id, $user_cache[$poster_id], 'postrow.custom_fields', $row['post_id']);
	// END Anti-Spam ACP

	if (!empty($cp_row['blockrow']))
	{
		foreach ($cp_row['blockrow'] as $field_data)
		{
			$template->assign_block_vars('postrow.custom_fields', $field_data);
		}
	}

	// Display not already displayed Attachments for this post, we already parsed them. ;)
	if (!empty($attachments[$row['post_id']]))
	{
		foreach ($attachments[$row['post_id']] as $attachment)
		{
    function main($id, $mode)
    {
        global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
        $user->add_lang('posting');
        $preview = !empty($_POST['preview']) ? true : false;
        $submit = !empty($_POST['submit']) ? true : false;
        $delete = !empty($_POST['delete']) ? true : false;
        $error = $data = array();
        $s_hidden_fields = '';
        switch ($mode) {
            case 'reg_details':
                $data = array('username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), 'email' => strtolower(request_var('email', $user->data['user_email'])), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'new_password' => request_var('new_password', '', true), 'cur_password' => request_var('cur_password', '', true), 'password_confirm' => request_var('password_confirm', '', true));
                add_form_key('ucp_reg_details');
                if ($submit) {
                    // Do not check cur_password, it is the old one.
                    $check_ary = array('new_password' => array(array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', true, 6, 60));
                    if ($auth->acl_get('u_chgname') && $config['allow_namechange']) {
                        $check_ary['username'] = array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username'));
                    }
                    $error = validate_data($data, $check_ary);
                    if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) {
                        $error[] = $data['email_confirm'] ? 'NEW_EMAIL_ERROR' : 'NEW_EMAIL_CONFIRM_EMPTY';
                    }
                    if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) {
                        $error[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
                    }
                    // Only check the new password against the previous password if there have been no errors
                    if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password'])) {
                        $error[] = 'SAME_PASSWORD_ERROR';
                    }
                    if (!phpbb_check_hash($data['cur_password'], $user->data['user_password'])) {
                        $error[] = $data['cur_password'] ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
                    }
                    if (!check_form_key('ucp_reg_details')) {
                        $error[] = 'FORM_INVALID';
                    }
                    if (!sizeof($error)) {
                        $sql_ary = array('username' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? $data['username'] : $user->data['username'], 'username_clean' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => $auth->acl_get('u_chgemail') ? $data['email'] : $user->data['user_email'], 'user_email_hash' => $auth->acl_get('u_chgemail') ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? phpbb_hash($data['new_password']) : $user->data['user_password'], 'user_passchg' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? time() : 0);
                        if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) {
                            add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
                        }
                        if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password'])) {
                            $user->reset_login_keys();
                            add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
                        }
                        if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) {
                            add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
                        }
                        $message = 'PROFILE_UPDATED';
                        if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) {
                            $message = $config['require_activation'] == USER_ACTIVATION_SELF ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
                            include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
                            $server_url = generate_board_url();
                            $user_actkey = gen_rand_string(mt_rand(6, 10));
                            $messenger = new messenger(false);
                            $template_file = $config['require_activation'] == USER_ACTIVATION_ADMIN ? 'user_activate_inactive' : 'user_activate';
                            $messenger->template($template_file, $user->data['user_lang']);
                            $messenger->to($data['email'], $data['username']);
                            $messenger->anti_abuse_headers($config, $user);
                            $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}"));
                            $messenger->send(NOTIFY_EMAIL);
                            if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
                                // Grab an array of user_id's with a_user permissions ... these users can activate a user
                                $admin_ary = $auth->acl_get_list(false, 'a_user', false);
                                $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array();
                                // Also include founders
                                $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
                                if (sizeof($admin_ary)) {
                                    $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
                                }
                                $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
									FROM ' . USERS_TABLE . ' ' . $where_sql;
                                $result = $db->sql_query($sql);
                                while ($row = $db->sql_fetchrow($result)) {
                                    $messenger->template('admin_activate', $row['user_lang']);
                                    $messenger->to($row['user_email'], $row['username']);
                                    $messenger->im($row['user_jabber'], $row['username']);
                                    $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user->data['user_id']}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}"));
                                    $messenger->send($row['user_notify_type']);
                                }
                                $db->sql_freeresult($result);
                            }
                            user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
                            // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
                            $sql_ary['user_actkey'] = $user_actkey;
                            $sql_ary['user_newpasswd'] = '';
                        }
                        if (sizeof($sql_ary)) {
                            $sql = 'UPDATE ' . USERS_TABLE . '
								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
								WHERE user_id = ' . $user->data['user_id'];
                            $db->sql_query($sql);
                        }
                        // Need to update config, forum, topic, posting, messages, etc.
                        if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange']) {
                            user_update_name($user->data['username'], $data['username']);
                        }
                        // Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
                        if (!empty($sql_ary['user_actkey'])) {
                            meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
                            $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
                            // Because the user gets deactivated we log him out too, killing his session
                            $user->session_kill();
                        } else {
                            meta_refresh(3, $this->u_action);
                            $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                        }
                        trigger_error($message);
                    }
                    // Replace "error" strings with their real, localised form
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
                }
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'EMAIL' => $data['email'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'NEW_PASSWORD' => $data['new_password'], 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_FORCE_PASSWORD' => $auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce'] * 86400 ? true : false, 'S_CHANGE_USERNAME' => $config['allow_namechange'] && $auth->acl_get('u_chgname') ? true : false, 'S_CHANGE_EMAIL' => $auth->acl_get('u_chgemail') ? true : false, 'S_CHANGE_PASSWORD' => $auth->acl_get('u_chgpasswd') ? true : false));
                break;
            case 'profile_info':
                include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx;
                $cp = new custom_profile();
                $cp_data = $cp_error = array();
                $data = array('icq' => request_var('icq', $user->data['user_icq']), 'aim' => request_var('aim', $user->data['user_aim']), 'msn' => request_var('msn', $user->data['user_msnm']), 'yim' => request_var('yim', $user->data['user_yim']), 'jabber' => utf8_normalize_nfc(request_var('jabber', $user->data['user_jabber'], true)), 'website' => request_var('website', $user->data['user_website']), 'location' => utf8_normalize_nfc(request_var('location', $user->data['user_from'], true)), 'occupation' => utf8_normalize_nfc(request_var('occupation', $user->data['user_occ'], true)), 'interests' => utf8_normalize_nfc(request_var('interests', $user->data['user_interests'], true)));
                if ($config['allow_birthdays']) {
                    $data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
                    if ($user->data['user_birthday']) {
                        list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
                    }
                    $data['bday_day'] = request_var('bday_day', $data['bday_day']);
                    $data['bday_month'] = request_var('bday_month', $data['bday_month']);
                    $data['bday_year'] = request_var('bday_year', $data['bday_year']);
                    $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
                }
                add_form_key('ucp_profile_info');
                if ($submit) {
                    $validate_array = array('icq' => array(array('string', true, 3, 15), array('match', true, '#^[0-9]+$#i')), 'aim' => array('string', true, 3, 255), 'msn' => array('string', true, 5, 255), 'jabber' => array(array('string', true, 5, 255), array('jabber')), 'yim' => array('string', true, 5, 255), 'website' => array(array('string', true, 12, 255), array('match', true, '#^http[s]?://(.*?\\.)*?[a-z0-9\\-]+\\.[a-z]{2,4}#i')), 'location' => array('string', true, 2, 100), 'occupation' => array('string', true, 2, 500), 'interests' => array('string', true, 2, 500));
                    if ($config['allow_birthdays']) {
                        $validate_array = array_merge($validate_array, array('bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50), 'user_birthday' => array('date', true)));
                    }
                    $error = validate_data($data, $validate_array);
                    // validate custom profile fields
                    $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
                    if (sizeof($cp_error)) {
                        $error = array_merge($error, $cp_error);
                    }
                    if (!check_form_key('ucp_profile_info')) {
                        $error[] = 'FORM_INVALID';
                    }
                    // START Anti-Spam ACP
                    antispam::ucp_profile($data, $error);
                    // END Anti-Spam ACP
                    if (!sizeof($error)) {
                        $data['notify'] = $user->data['user_notify_type'];
                        if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml'))) {
                            // User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
                            // Disable notify by Jabber now for this user.
                            $data['notify'] = NOTIFY_EMAIL;
                        }
                        $sql_ary = array('user_icq' => $data['icq'], 'user_aim' => $data['aim'], 'user_msnm' => $data['msn'], 'user_yim' => $data['yim'], 'user_jabber' => $data['jabber'], 'user_website' => $data['website'], 'user_from' => $data['location'], 'user_occ' => $data['occupation'], 'user_interests' => $data['interests'], 'user_notify_type' => $data['notify']);
                        if ($config['allow_birthdays']) {
                            $sql_ary['user_birthday'] = $data['user_birthday'];
                        }
                        $sql = 'UPDATE ' . USERS_TABLE . '
							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
							WHERE user_id = ' . $user->data['user_id'];
                        $db->sql_query($sql);
                        // Update Custom Fields
                        $cp->update_profile_field_data($user->data['user_id'], $cp_data);
                        meta_refresh(3, $this->u_action);
                        $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                        trigger_error($message);
                    }
                    // Replace "error" strings with their real, localised form
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
                }
                if ($config['allow_birthdays']) {
                    $s_birthday_day_options = '<option value="0"' . (!$data['bday_day'] ? ' selected="selected"' : '') . '>--</option>';
                    for ($i = 1; $i < 32; $i++) {
                        $selected = $i == $data['bday_day'] ? ' selected="selected"' : '';
                        $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                    }
                    $s_birthday_month_options = '<option value="0"' . (!$data['bday_month'] ? ' selected="selected"' : '') . '>--</option>';
                    for ($i = 1; $i < 13; $i++) {
                        $selected = $i == $data['bday_month'] ? ' selected="selected"' : '';
                        $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                    }
                    $s_birthday_year_options = '';
                    $now = getdate();
                    $s_birthday_year_options = '<option value="0"' . (!$data['bday_year'] ? ' selected="selected"' : '') . '>--</option>';
                    for ($i = $now['year'] - 100; $i <= $now['year']; $i++) {
                        $selected = $i == $data['bday_year'] ? ' selected="selected"' : '';
                        $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>";
                    }
                    unset($now);
                    $template->assign_vars(array('S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_BIRTHDAYS_ENABLED' => true));
                }
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'ICQ' => $data['icq'], 'YIM' => $data['yim'], 'AIM' => $data['aim'], 'MSN' => $data['msn'], 'JABBER' => $data['jabber'], 'WEBSITE' => $data['website'], 'LOCATION' => $data['location'], 'OCCUPATION' => $data['occupation'], 'INTERESTS' => $data['interests']));
                // START Anti-Spam ACP
                antispam::ucp_profile_display();
                // END Anti-Spam ACP
                // Get additional profile fields and assign them to the template block var 'profile_fields'
                $user->get_profile_fields($user->data['user_id']);
                $cp->generate_profile_fields('profile', $user->get_iso_lang_id());
                break;
            case 'signature':
                if (!$auth->acl_get('u_sig')) {
                    trigger_error('NO_AUTH_SIGNATURE');
                }
                include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
                include $phpbb_root_path . 'includes/functions_display.' . $phpEx;
                $enable_bbcode = $config['allow_sig_bbcode'] ? (bool) $user->optionget('sig_bbcode') : false;
                $enable_smilies = $config['allow_sig_smilies'] ? (bool) $user->optionget('sig_smilies') : false;
                $enable_urls = $config['allow_sig_links'] ? (bool) $user->optionget('sig_links') : false;
                $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true));
                add_form_key('ucp_sig');
                // START Anti-Spam ACP
                antispam::ucp_signature($signature, $error);
                // END Anti-Spam ACP
                if ($submit || $preview) {
                    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
                    $enable_bbcode = $config['allow_sig_bbcode'] ? request_var('disable_bbcode', false) ? false : true : false;
                    $enable_smilies = $config['allow_sig_smilies'] ? request_var('disable_smilies', false) ? false : true : false;
                    $enable_urls = $config['allow_sig_links'] ? request_var('disable_magic_url', false) ? false : true : false;
                    if (!sizeof($error)) {
                        $message_parser = new parse_message($signature);
                        // Allowing Quote BBCode
                        $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
                        if (sizeof($message_parser->warn_msg)) {
                            $error[] = implode('<br />', $message_parser->warn_msg);
                        }
                        if (!check_form_key('ucp_sig')) {
                            $error[] = 'FORM_INVALID';
                        }
                        if (!sizeof($error) && $submit) {
                            $user->optionset('sig_bbcode', $enable_bbcode);
                            $user->optionset('sig_smilies', $enable_smilies);
                            $user->optionset('sig_links', $enable_urls);
                            $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_options' => $user->data['user_options'], 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield);
                            $sql = 'UPDATE ' . USERS_TABLE . '
								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
								WHERE user_id = ' . $user->data['user_id'];
                            $db->sql_query($sql);
                            $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                            trigger_error($message);
                        }
                    }
                    // Replace "error" strings with their real, localised form
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
                }
                $signature_preview = '';
                if ($preview) {
                    // Now parse it for displaying
                    $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
                    unset($message_parser);
                }
                decode_message($signature, $user->data['user_sig_bbcode_uid']);
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => !$enable_bbcode ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? ' checked="checked"' : '', 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'URL_STATUS' => $config['allow_sig_links'] ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'], 'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => $config['allow_sig_img'] ? true : false, 'S_BBCODE_FLASH' => $config['allow_sig_flash'] ? true : false, 'S_LINKS_ALLOWED' => $config['allow_sig_links'] ? true : false));
                // Build custom bbcodes array
                display_custom_bbcodes();
                break;
            case 'avatar':
                include $phpbb_root_path . 'includes/functions_display.' . $phpEx;
                $display_gallery = request_var('display_gallery', '0');
                $avatar_select = basename(request_var('avatar_select', ''));
                $category = basename(request_var('category', ''));
                $can_upload = file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
                add_form_key('ucp_avatar');
                if ($submit) {
                    if (check_form_key('ucp_avatar')) {
                        if (avatar_process_user($error, false, $can_upload)) {
                            meta_refresh(3, $this->u_action);
                            $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
                            trigger_error($message);
                        }
                    } else {
                        $error[] = 'FORM_INVALID';
                    }
                    // Replace "error" strings with their real, localised form
                    $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
                }
                if (!$config['allow_avatar'] && $user->data['user_avatar_type']) {
                    $error[] = $user->lang['AVATAR_NOT_ALLOWED'];
                } else {
                    if ($user->data['user_avatar_type'] == AVATAR_UPLOAD && !$config['allow_avatar_upload'] || $user->data['user_avatar_type'] == AVATAR_REMOTE && !$config['allow_avatar_remote'] || $user->data['user_avatar_type'] == AVATAR_GALLERY && !$config['allow_avatar_local']) {
                        $error[] = $user->lang['AVATAR_TYPE_NOT_ALLOWED'];
                    }
                }
                $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'AVATAR' => get_user_avatar($user->data['user_avatar'], $user->data['user_avatar_type'], $user->data['user_avatar_width'], $user->data['user_avatar_height'], 'USER_AVATAR', true), 'AVATAR_SIZE' => $config['avatar_filesize'], 'U_GALLERY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=profile&amp;mode=avatar&amp;display_gallery=1'), 'S_FORM_ENCTYPE' => $can_upload && ($config['allow_avatar_upload'] || $config['allow_avatar_remote_upload']) ? ' enctype="multipart/form-data"' : '', 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024)));
                if ($config['allow_avatar'] && $display_gallery && $auth->acl_get('u_chgavatar') && $config['allow_avatar_local']) {
                    avatar_gallery($category, $avatar_select, 4);
                } else {
                    if ($config['allow_avatar']) {
                        $avatars_enabled = $can_upload && ($config['allow_avatar_upload'] || $config['allow_avatar_remote_upload']) || $auth->acl_get('u_chgavatar') && ($config['allow_avatar_local'] || $config['allow_avatar_remote']) ? true : false;
                        $template->assign_vars(array('AVATAR_WIDTH' => request_var('width', $user->data['user_avatar_width']), 'AVATAR_HEIGHT' => request_var('height', $user->data['user_avatar_height']), 'S_AVATARS_ENABLED' => $avatars_enabled, 'S_UPLOAD_AVATAR_FILE' => $can_upload && $config['allow_avatar_upload'] ? true : false, 'S_UPLOAD_AVATAR_URL' => $can_upload && $config['allow_avatar_remote_upload'] ? true : false, 'S_LINK_AVATAR' => $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'] ? true : false, 'S_DISPLAY_GALLERY' => $auth->acl_get('u_chgavatar') && $config['allow_avatar_local'] ? true : false));
                    }
                }
                break;
        }
        $template->assign_vars(array('L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $this->u_action));
        // Set desired template
        $this->tpl_name = 'ucp_profile_' . $mode;
        $this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
    }
    function asacp_latest_version()
	{
		global $user, $config;

		$latest_version = antispam::version_check();
		if ($latest_version === false)
		{
			$version = $user->lang['NOT_AVAILABLE'];
			$version .= '<br />' . sprintf($user->lang['CLICK_CHECK_NEW_VERSION'], '<a href="http://www.lithiumstudios.org/phpBB3/viewtopic.php?f=31&amp;t=941">', '</a>');
		}
		else
		{
			$version = $latest_version;
			if (version_compare(ASACP_VERSION, $latest_version, '<'))
			{
				$version .= '<br />' . sprintf($user->lang['CLICK_GET_NEW_VERSION'], '<a href="http://www.lithiumstudios.org/phpBB3/viewtopic.php?f=31&amp;t=941">', '</a>');
			}
		}

		return $version;
	}
			if ($mode == 'edit')
			{
				$data['topic_replies_real'] = $post_data['topic_replies_real'];
				$data['topic_replies'] = $post_data['topic_replies'];
			}

			// The last parameter tells submit_post if search indexer has to be run
			// START Anti-Spam ACP
			if ($asacp_is_spam)
			{
				$data['force_approved_state'] = false;
			}
			// END Anti-Spam ACP
			$redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
			// START Anti-Spam ACP
			antispam::submit_post($mode, $data['post_id']);
			// END Anti-Spam ACP

			if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
			{
				$captcha->reset();
			}

			// Check the permissions for post approval. Moderators are not affected.
			if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
			{
				meta_refresh(10, $redirect_url);
				$message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
				$message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
			}
			else
    function main($id, $mode)
    {
        global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
        //
        if ($config['require_activation'] == USER_ACTIVATION_DISABLE) {
            trigger_error('UCP_REGISTER_DISABLE');
        }
        include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx;
        // START Anti-Spam ACP
        antispam::ucp_preregister();
        // END Anti-Spam ACP
        $coppa = isset($_REQUEST['coppa']) ? !empty($_REQUEST['coppa']) ? 1 : 0 : false;
        $agreed = !empty($_POST['agreed']) ? 1 : 0;
        $submit = isset($_POST['submit']) ? true : false;
        $change_lang = request_var('change_lang', '');
        $user_lang = request_var('lang', $user->lang_name);
        if ($agreed) {
            add_form_key('ucp_register');
        } else {
            add_form_key('ucp_register_terms');
        }
        if ($change_lang || $user_lang != $config['default_lang']) {
            $use_lang = $change_lang ? basename($change_lang) : basename($user_lang);
            if (!validate_language_iso_name($use_lang)) {
                if ($change_lang) {
                    $submit = false;
                    // Setting back agreed to let the user view the agreement in his/her language
                    $agreed = empty($_GET['change_lang']) ? 0 : $agreed;
                }
                $user->lang_name = $user_lang = $use_lang;
                $user->lang = array();
                $user->data['user_lang'] = $user->lang_name;
                $user->add_lang(array('common', 'ucp'));
            } else {
                $change_lang = '';
                $user_lang = $user->lang_name;
            }
        }
        $cp = new custom_profile();
        $error = $cp_data = $cp_error = array();
        if (!$agreed || $coppa === false && $config['coppa_enable'] || $coppa && !$config['coppa_enable']) {
            $add_lang = $change_lang ? '&amp;change_lang=' . urlencode($change_lang) : '';
            $add_coppa = $coppa !== false ? '&amp;coppa=' . $coppa : '';
            $s_hidden_fields = array('change_lang' => $change_lang);
            // If we change the language, we want to pass on some more possible parameter.
            if ($change_lang) {
                // We do not include the password
                $s_hidden_fields = array_merge($s_hidden_fields, array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => $user->lang_name, 'tz' => request_var('tz', (double) $config['board_timezone'])));
            }
            // Checking amount of available languages
            $sql = 'SELECT lang_id
				FROM ' . LANG_TABLE;
            $result = $db->sql_query($sql);
            $lang_row = array();
            while ($row = $db->sql_fetchrow($result)) {
                $lang_row[] = $row;
            }
            $db->sql_freeresult($result);
            if ($coppa === false && $config['coppa_enable']) {
                $now = getdate();
                $coppa_birthday = $user->format_date(mktime($now['hours'] + $user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), $user->lang['DATE_FORMAT']);
                unset($now);
                $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&amp;coppa=0' . $add_lang), 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&amp;coppa=1' . $add_lang), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang)));
            } else {
                $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_TERMS_OF_USE' => sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()), 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang . $add_coppa)));
            }
            unset($lang_row);
            $this->tpl_name = 'ucp_agreement';
            return;
        }
        // The CAPTCHA kicks in here. We can't help that the information gets lost on language change.
        if ($config['enable_confirm']) {
            include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
            // START Anti-Spam ACP
            antispam::ucp_preregister();
            // END Anti-Spam ACP
            $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
            $captcha->init(CONFIRM_REG);
        }
        $is_dst = $config['board_dst'];
        $timezone = $config['board_timezone'];
        $data = array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', (double) $timezone));
        // Check and initialize some variables if needed
        if ($submit) {
            $error = validate_data($data, array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array(array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), 'lang' => array('language_iso_name')));
            if (!check_form_key('ucp_register')) {
                $error[] = $user->lang['FORM_INVALID'];
            }
            // Replace "error" strings with their real, localised form
            $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
            if ($config['enable_confirm']) {
                $vc_response = $captcha->validate($data);
                if ($vc_response !== false) {
                    $error[] = $vc_response;
                }
                if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts']) {
                    $error[] = $user->lang['TOO_MANY_REGISTERS'];
                }
            }
            // DNSBL check
            if ($config['check_dnsbl']) {
                if (($dnsbl = $user->check_dnsbl('register')) !== false) {
                    $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
                }
            }
            // validate custom profile fields
            $cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);
            if (!sizeof($error)) {
                if ($data['new_password'] != $data['password_confirm']) {
                    $error[] = $user->lang['NEW_PASSWORD_ERROR'];
                }
                if ($data['email'] != $data['email_confirm']) {
                    $error[] = $user->lang['NEW_EMAIL_ERROR'];
                }
            }
            // START Anti-Spam ACP
            antispam::ucp_register($data, $error);
            // END Anti-Spam ACP
            if (!sizeof($error)) {
                $server_url = generate_board_url();
                // Which group by default?
                $group_name = $coppa ? 'REGISTERED_COPPA' : 'REGISTERED';
                $sql = 'SELECT group_id
					FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape($group_name) . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL;
                $result = $db->sql_query($sql);
                $row = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if (!$row) {
                    trigger_error('NO_GROUP');
                }
                $group_id = $row['group_id'];
                if (($coppa || $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) {
                    $user_actkey = gen_rand_string(mt_rand(6, 10));
                    $user_type = USER_INACTIVE;
                    $user_inactive_reason = INACTIVE_REGISTER;
                    $user_inactive_time = time();
                } else {
                    $user_type = USER_NORMAL;
                    $user_actkey = '';
                    $user_inactive_reason = 0;
                    $user_inactive_time = 0;
                }
                $user_row = array('username' => $data['username'], 'user_password' => phpbb_hash($data['new_password']), 'user_email' => $data['email'], 'group_id' => (int) $group_id, 'user_timezone' => (double) $data['tz'], 'user_dst' => $is_dst, 'user_lang' => $data['lang'], 'user_type' => $user_type, 'user_actkey' => $user_actkey, 'user_ip' => $user->ip, 'user_regdate' => time(), 'user_inactive_reason' => $user_inactive_reason, 'user_inactive_time' => $user_inactive_time);
                if ($config['new_member_post_limit']) {
                    $user_row['user_new'] = 1;
                }
                // Register user...
                $user_id = user_add($user_row, $cp_data);
                // START Anti-Spam ACP
                antispam::ucp_postregister($user_id, $user_row);
                // END Anti-Spam ACP
                // This should not happen, because the required variables are listed above...
                if ($user_id === false) {
                    trigger_error('NO_USER', E_USER_ERROR);
                }
                // Okay, captcha, your job is done.
                if ($config['enable_confirm'] && isset($captcha)) {
                    $captcha->reset();
                }
                if ($coppa && $config['email_enable']) {
                    $message = $user->lang['ACCOUNT_COPPA'];
                    $email_template = 'coppa_welcome_inactive';
                } else {
                    if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) {
                        $message = $user->lang['ACCOUNT_INACTIVE'];
                        $email_template = 'user_welcome_inactive';
                    } else {
                        if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable']) {
                            $message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
                            $email_template = 'admin_welcome_inactive';
                        } else {
                            $message = $user->lang['ACCOUNT_ADDED'];
                            $email_template = 'user_welcome';
                        }
                    }
                }
                if ($config['email_enable']) {
                    include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
                    $messenger = new messenger(false);
                    $messenger->template($email_template, $data['lang']);
                    $messenger->to($data['email'], $data['username']);
                    $messenger->anti_abuse_headers($config, $user);
                    $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($data['username']), 'PASSWORD' => htmlspecialchars_decode($data['new_password']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}"));
                    if ($coppa) {
                        $messenger->assign_vars(array('FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], 'EMAIL_ADDRESS' => $data['email']));
                    }
                    $messenger->send(NOTIFY_EMAIL);
                    if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
                        // Grab an array of user_id's with a_user permissions ... these users can activate a user
                        $admin_ary = $auth->acl_get_list(false, 'a_user', false);
                        $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array();
                        // Also include founders
                        $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
                        if (sizeof($admin_ary)) {
                            $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
                        }
                        $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
							FROM ' . USERS_TABLE . ' ' . $where_sql;
                        $result = $db->sql_query($sql);
                        while ($row = $db->sql_fetchrow($result)) {
                            $messenger->template('admin_activate', $row['user_lang']);
                            $messenger->to($row['user_email'], $row['username']);
                            $messenger->im($row['user_jabber'], $row['username']);
                            $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user_id}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}"));
                            $messenger->send($row['user_notify_type']);
                        }
                        $db->sql_freeresult($result);
                    }
                }
                $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
                trigger_error($message);
            }
        }
        $s_hidden_fields = array('agreed' => 'true', 'change_lang' => 0);
        if ($config['coppa_enable']) {
            $s_hidden_fields['coppa'] = $coppa;
        }
        if ($config['enable_confirm']) {
            $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
        }
        $s_hidden_fields = build_hidden_fields($s_hidden_fields);
        $confirm_image = '';
        // Visual Confirmation - Show images
        if ($config['enable_confirm']) {
            $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
        }
        //
        $l_reg_cond = '';
        switch ($config['require_activation']) {
            case USER_ACTIVATION_SELF:
                $l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
                break;
            case USER_ACTIVATION_ADMIN:
                $l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
                break;
        }
        $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'PASSWORD' => $data['new_password'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'EMAIL' => $data['email'], 'EMAIL_CONFIRM' => $data['email_confirm'], 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => tz_select($data['tz']), 'S_CONFIRM_REFRESH' => $config['enable_confirm'] && $config['confirm_refresh'] ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register')));
        //
        $user->profile_fields = array();
        // Generate profile fields -> Template Block Variable profile_fields
        $cp->generate_profile_fields('register', $user->get_iso_lang_id());
        //
        $this->tpl_name = 'ucp_register';
        $this->page_title = 'UCP_REGISTRATION';
    }
/**
* Generate page header
*/
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
{
    global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
    if (defined('HEADER_INC')) {
        return;
    }
    define('HEADER_INC', true);
    // gzip_compression
    if ($config['gzip_compress']) {
        // to avoid partially compressed output resulting in blank pages in
        // the browser or error messages, compression is disabled in a few cases:
        //
        // 1) if headers have already been sent, this indicates plaintext output
        //    has been started so further content must not be compressed
        // 2) the length of the current output buffer is non-zero. This means
        //    there is already some uncompressed content in this output buffer
        //    so further output must not be compressed
        // 3) if more than one level of output buffering is used because we
        //    cannot test all output buffer level content lengths. One level
        //    could be caused by php.ini output_buffering. Anything
        //    beyond that is manual, so the code wrapping phpBB in output buffering
        //    can easily compress the output itself.
        //
        if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0) {
            ob_start('ob_gzhandler');
        }
    }
    // Generate logged in/logged out status
    if ($user->data['user_id'] != ANONYMOUS) {
        $u_login_logout = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=logout', true, $user->session_id);
        $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
    } else {
        $u_login_logout = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login');
        $l_login_logout = $user->lang['LOGIN'];
    }
    // Last visit date/time
    $s_last_visit = $user->data['user_id'] != ANONYMOUS ? $user->format_date($user->data['session_last_visit']) : '';
    // Get users online list ... if required
    $l_online_users = $online_userlist = $l_online_record = $l_online_time = '';
    if ($config['load_online'] && $config['load_online_time'] && $display_online_list) {
        /**
         * Load online data:
         * For obtaining another session column use $item and $item_id in the function-parameter, whereby the column is session_{$item}_id.
         */
        $item_id = max($item_id, 0);
        $online_users = obtain_users_online($item_id, $item);
        $user_online_strings = obtain_users_online_string($online_users, $item_id, $item);
        $l_online_users = $user_online_strings['l_online_users'];
        $online_userlist = $user_online_strings['online_userlist'];
        $total_online_users = $online_users['total_online'];
        if ($total_online_users > $config['record_online_users']) {
            set_config('record_online_users', $total_online_users, true);
            set_config('record_online_date', time(), true);
        }
        $l_online_record = sprintf($user->lang['RECORD_ONLINE_USERS'], $config['record_online_users'], $user->format_date($config['record_online_date'], false, true));
        $l_online_time = $config['load_online_time'] == 1 ? 'VIEW_ONLINE_TIME' : 'VIEW_ONLINE_TIMES';
        $l_online_time = sprintf($user->lang[$l_online_time], $config['load_online_time']);
    }
    $l_privmsgs_text = $l_privmsgs_text_unread = '';
    $s_privmsg_new = false;
    // Obtain number of new private messages if user is logged in
    if (!empty($user->data['is_registered'])) {
        if ($user->data['user_new_privmsg']) {
            $l_message_new = $user->data['user_new_privmsg'] == 1 ? $user->lang['NEW_PM'] : $user->lang['NEW_PMS'];
            $l_privmsgs_text = sprintf($l_message_new, $user->data['user_new_privmsg']);
            if (!$user->data['user_last_privmsg'] || $user->data['user_last_privmsg'] > $user->data['session_last_visit']) {
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_last_privmsg = ' . $user->data['session_last_visit'] . '
					WHERE user_id = ' . $user->data['user_id'];
                $db->sql_query($sql);
                $s_privmsg_new = true;
            } else {
                $s_privmsg_new = false;
            }
        } else {
            $l_privmsgs_text = $user->lang['NO_NEW_PM'];
            $s_privmsg_new = false;
        }
        $l_privmsgs_text_unread = '';
        if ($user->data['user_unread_privmsg'] && $user->data['user_unread_privmsg'] != $user->data['user_new_privmsg']) {
            $l_message_unread = $user->data['user_unread_privmsg'] == 1 ? $user->lang['UNREAD_PM'] : $user->lang['UNREAD_PMS'];
            $l_privmsgs_text_unread = sprintf($l_message_unread, $user->data['user_unread_privmsg']);
        }
    }
    $forum_id = request_var('f', 0);
    $topic_id = request_var('t', 0);
    $s_feed_news = false;
    // Get option for news
    if ($config['feed_enable']) {
        $sql = 'SELECT forum_id
			FROM ' . FORUMS_TABLE . '
			WHERE ' . $db->sql_bit_and('forum_options', FORUM_OPTION_FEED_NEWS, '<> 0');
        $result = $db->sql_query_limit($sql, 1, 0, 600);
        $s_feed_news = (int) $db->sql_fetchfield('forum_id');
        $db->sql_freeresult($result);
    }
    // Determine board url - we may need it later
    $board_url = generate_board_url() . '/';
    $web_path = defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH ? $board_url : $phpbb_root_path;
    // Which timezone?
    $tz = $user->data['user_id'] != ANONYMOUS ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));
    // Send a proper content-language to the output
    $user_lang = $user->lang['USER_LANG'];
    if (strpos($user_lang, '-x-') !== false) {
        $user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
    }
    $s_search_hidden_fields = array();
    if ($_SID) {
        $s_search_hidden_fields['sid'] = $_SID;
    }
    if (!empty($_EXTRA_URL)) {
        foreach ($_EXTRA_URL as $url_param) {
            $url_param = explode('=', $url_param, 2);
            $s_search_hidden_fields[$url_param[0]] = $url_param[1];
        }
    }
    // The following assigns all _common_ variables that may be used at any point in a template.
    $template->assign_vars(array('SITENAME' => $config['sitename'], 'SITE_DESCRIPTION' => $config['site_desc'], 'PAGE_TITLE' => $page_title, 'SCRIPT_NAME' => str_replace('.' . $phpEx, '', $user->page['page_name']), 'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit), 'LAST_VISIT_YOU' => $s_last_visit, 'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)), 'TOTAL_USERS_ONLINE' => $l_online_users, 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => $l_online_record, 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, 'S_USER_NEW_PRIVMSG' => $user->data['user_new_privmsg'], 'S_USER_UNREAD_PRIVMSG' => $user->data['user_unread_privmsg'], 'S_USER_NEW' => $user->data['user_new'], 'SID' => $SID, '_SID' => $_SID, 'SESSION_ID' => $user->session_id, 'ROOT_PATH' => $phpbb_root_path, 'BOARD_URL' => $board_url, 'L_LOGIN_LOGOUT' => $l_login_logout, 'L_INDEX' => $user->lang['FORUM_INDEX'], 'L_ONLINE_EXPLAIN' => $l_online_time, 'U_PRIVATEMSGS' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=inbox'), 'U_RETURN_INBOX' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=inbox'), 'U_POPUP_PM' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=popup'), 'UA_POPUP_PM' => addslashes(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=popup')), 'U_MEMBERLIST' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}"), 'U_VIEWONLINE' => $auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel') ? append_sid("{$phpbb_root_path}viewonline.{$phpEx}") : '', 'U_LOGIN_LOGOUT' => $u_login_logout, 'U_INDEX' => append_sid("{$phpbb_root_path}index.{$phpEx}"), 'U_SEARCH' => append_sid("{$phpbb_root_path}search.{$phpEx}"), 'U_REGISTER' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register'), 'U_PROFILE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}"), 'U_MODCP' => append_sid("{$phpbb_root_path}mcp.{$phpEx}", false, true, $user->session_id), 'U_FAQ' => append_sid("{$phpbb_root_path}faq.{$phpEx}"), 'U_SEARCH_SELF' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=egosearch'), 'U_SEARCH_NEW' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=newposts'), 'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=unanswered'), 'U_SEARCH_UNREAD' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=unreadposts'), 'U_SEARCH_ACTIVE_TOPICS' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=active_topics'), 'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=delete_cookies'), 'U_TEAM' => $user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile') ? '' : append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=leaders'), 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'U_RESTORE_PERMISSIONS' => $user->data['user_perm_from'] && $auth->acl_get('a_switchperm') ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=restore_perm') : '', 'U_FEED' => generate_board_url() . "/feed.{$phpEx}", 'S_USER_LOGGED_IN' => $user->data['user_id'] != ANONYMOUS ? true : false, 'S_AUTOLOGIN_ENABLED' => $config['allow_autologin'] ? true : false, 'S_BOARD_DISABLED' => $config['board_disable'] ? true : false, 'S_REGISTERED_USER' => !empty($user->data['is_registered']) ? true : false, 'S_IS_BOT' => !empty($user->data['is_bot']) ? true : false, 'S_USER_PM_POPUP' => $user->optionget('popuppm'), 'S_USER_LANG' => $user_lang, 'S_USER_BROWSER' => isset($user->data['session_browser']) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'], 'S_USERNAME' => $user->data['username'], 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], 'S_CONTENT_FLOW_BEGIN' => $user->lang['DIRECTION'] == 'ltr' ? 'left' : 'right', 'S_CONTENT_FLOW_END' => $user->lang['DIRECTION'] == 'ltr' ? 'right' : 'left', 'S_CONTENT_ENCODING' => 'UTF-8', 'S_TIMEZONE' => $user->data['user_dst'] || $user->data['user_id'] == ANONYMOUS && $config['board_dst'] ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''), 'S_DISPLAY_ONLINE_LIST' => $l_online_time ? 1 : 0, 'S_DISPLAY_SEARCH' => !$config['load_search'] ? 0 : (isset($auth) ? $auth->acl_get('u_search') && $auth->acl_getf_global('f_search') : 1), 'S_DISPLAY_PM' => $config['allow_privmsg'] && !empty($user->data['is_registered']) && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm')) ? true : false, 'S_DISPLAY_MEMBERLIST' => isset($auth) ? $auth->acl_get('u_viewprofile') : 0, 'S_NEW_PM' => $s_privmsg_new ? 1 : 0, 'S_REGISTER_ENABLED' => $config['require_activation'] != USER_ACTIVATION_DISABLE ? true : false, 'S_FORUM_ID' => $forum_id, 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => !defined('ADMIN_START') ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login') : append_sid("index.{$phpEx}", false, true, $user->session_id), 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), 'S_ENABLE_FEEDS' => $config['feed_enable'] ? true : false, 'S_ENABLE_FEEDS_OVERALL' => $config['feed_overall'] ? true : false, 'S_ENABLE_FEEDS_FORUMS' => $config['feed_overall_forums'] ? true : false, 'S_ENABLE_FEEDS_TOPICS' => $config['feed_topics_new'] ? true : false, 'S_ENABLE_FEEDS_TOPICS_ACTIVE' => $config['feed_topics_active'] ? true : false, 'S_ENABLE_FEEDS_NEWS' => $s_feed_news ? true : false, 'S_LOAD_UNREADS' => $config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered']) ? true : false, 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields), 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', 'T_SUPER_TEMPLATE_PATH' => isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path'] ? "{$web_path}styles/" . rawurlencode($user->theme['template_inherit_path']) . '/template' : "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', 'T_IMAGESET_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset', 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset/' . $user->lang_name, 'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/", 'T_AVATAR_GALLERY_PATH' => "{$web_path}{$config['avatar_gallery_path']}/", 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", 'T_STYLESHEET_LINK' => !$user->theme['theme_storedb'] ? "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.{$phpEx}", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_THEME_NAME' => rawurlencode($user->theme['theme_path']), 'T_TEMPLATE_NAME' => rawurlencode($user->theme['template_path']), 'T_SUPER_TEMPLATE_NAME' => rawurlencode(isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path'] ? $user->theme['template_inherit_path'] : $user->theme['template_path']), 'T_IMAGESET_NAME' => rawurlencode($user->theme['imageset_path']), 'T_IMAGESET_LANG_NAME' => $user->data['user_lang'], 'T_IMAGES' => 'images', 'T_SMILIES' => $config['smilies_path'], 'T_AVATAR' => $config['avatar_path'], 'T_AVATAR_GALLERY' => $config['avatar_gallery_path'], 'T_ICONS' => $config['icons_path'], 'T_RANKS' => $config['ranks_path'], 'T_UPLOAD' => $config['upload_path'], 'SITE_LOGO_IMG' => $user->img('site_logo'), 'A_COOKIE_SETTINGS' => addslashes('; path=' . $config['cookie_path'] . (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1' ? '' : '; domain=' . $config['cookie_domain']) . (!$config['cookie_secure'] ? '' : '; secure'))));
    // START Anti-Spam ACP
    antispam::page_header();
    // END Anti-Spam ACP
    // application/xhtml+xml not used because of IE
    header('Content-type: text/html; charset=UTF-8');
    header('Cache-Control: private, no-cache="set-cookie"');
    header('Expires: 0');
    header('Pragma: no-cache');
    if (!empty($user->data['is_bot'])) {
        // Let reverse proxies know we detected a bot.
        header('X-PHPBB-IS-BOT: yes');
    }
    return;
}
/**
* Compose private message
* Called from ucp_pm with mode == 'compose'
*/
function compose_pm($id, $mode, $action, $user_folders = array())
{
    global $template, $db, $auth, $user;
    global $phpbb_root_path, $phpEx, $config;
    // Damn php and globals - i know, this is horrible
    // Needed for handle_message_list_actions()
    global $refresh, $submit, $preview;
    include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
    include $phpbb_root_path . 'includes/functions_display.' . $phpEx;
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    if (!$action) {
        $action = 'post';
    }
    add_form_key('ucp_pm_compose');
    // Grab only parameters needed here
    $to_user_id = request_var('u', 0);
    $to_group_id = request_var('g', 0);
    $msg_id = request_var('p', 0);
    $draft_id = request_var('d', 0);
    $lastclick = request_var('lastclick', 0);
    // Reply to all triggered (quote/reply)
    $reply_to_all = request_var('reply_to_all', 0);
    // Do NOT use request_var or specialchars here
    $address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
    if (!is_array($address_list)) {
        $address_list = array();
    }
    $submit = isset($_POST['post']) ? true : false;
    $preview = isset($_POST['preview']) ? true : false;
    $save = isset($_POST['save']) ? true : false;
    $load = isset($_POST['load']) ? true : false;
    $cancel = isset($_POST['cancel']) && !isset($_POST['save']) ? true : false;
    $delete = isset($_POST['delete']) ? true : false;
    $remove_u = isset($_REQUEST['remove_u']) ? true : false;
    $remove_g = isset($_REQUEST['remove_g']) ? true : false;
    $add_to = isset($_REQUEST['add_to']) ? true : false;
    $add_bcc = isset($_REQUEST['add_bcc']) ? true : false;
    $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc;
    $action = $delete && !$preview && !$refresh && $submit ? 'delete' : $action;
    $select_single = $config['allow_mass_pm'] && $auth->acl_get('u_masspm') ? false : true;
    $error = array();
    $current_time = time();
    // Was cancel pressed? If so then redirect to the appropriate page
    if ($cancel || $current_time - $lastclick < 2 && $submit) {
        if ($msg_id) {
            redirect(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=view&amp;action=view_message&amp;p=' . $msg_id));
        }
        redirect(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm'));
    }
    // Since viewtopic.php language entries are used in several modes,
    // we include the language file here
    $user->add_lang('viewtopic');
    // Output PM_TO box if message composing
    if ($action != 'edit') {
        // Add groups to PM box
        if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) {
            $sql = 'SELECT g.group_id, g.group_name, g.group_type
				FROM ' . GROUPS_TABLE . ' g';
            if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) {
                $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug
					ON (
						g.group_id = ug.group_id
						AND ug.user_id = ' . $user->data['user_id'] . '
						AND ug.user_pending = 0
					)
					WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')';
            }
            $sql .= $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND ';
            $sql .= 'g.group_receive_pm = 1
				ORDER BY g.group_type DESC, g.group_name ASC';
            $result = $db->sql_query($sql);
            $group_options = '';
            while ($row = $db->sql_fetchrow($result)) {
                $group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
            }
            $db->sql_freeresult($result);
        }
        $template->assign_vars(array('S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => $config['allow_mass_pm'] && $auth->acl_get('u_masspm') ? true : false, 'S_GROUP_OPTIONS' => $config['allow_mass_pm'] && $auth->acl_get('u_masspm_group') ? $group_options : '', 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=searchuser&amp;form=postform&amp;field=username_list&amp;select_single={$select_single}")));
    }
    $sql = '';
    $folder_id = 0;
    // What is all this following SQL for? Well, we need to know
    // some basic information in all cases before we do anything.
    switch ($action) {
        case 'post':
            if (!$auth->acl_get('u_sendpm')) {
                trigger_error('NO_AUTH_SEND_MESSAGE');
            }
            break;
        case 'reply':
        case 'quote':
        case 'forward':
        case 'quotepost':
            if (!$msg_id) {
                trigger_error('NO_MESSAGE');
            }
            if (!$auth->acl_get('u_sendpm')) {
                trigger_error('NO_AUTH_SEND_MESSAGE');
            }
            if ($action == 'quotepost') {
                $sql = 'SELECT p.post_id as msg_id, p.forum_id, p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username
					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u\n\t\t\t\t\tWHERE p.post_id = {$msg_id}\n\t\t\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\t\t\tAND u.user_id = p.poster_id";
            } else {
                $sql = 'SELECT t.folder_id, p.*, u.username as quote_username
					FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u
					WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\tAND p.author_id = u.user_id\n\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\tAND p.msg_id = {$msg_id}";
            }
            break;
        case 'edit':
            if (!$msg_id) {
                trigger_error('NO_MESSAGE');
            }
            // check for outbox (not read) status, we do not allow editing if one user already having the message
            $sql = 'SELECT p.*, t.folder_id
				FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p
				WHERE t.user_id = ' . $user->data['user_id'] . '
					AND t.folder_id = ' . PRIVMSGS_OUTBOX . "\n\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\tAND t.msg_id = p.msg_id";
            break;
        case 'delete':
            if (!$auth->acl_get('u_pm_delete')) {
                trigger_error('NO_AUTH_DELETE_MESSAGE');
            }
            if (!$msg_id) {
                trigger_error('NO_MESSAGE');
            }
            $sql = 'SELECT msg_id, pm_unread, pm_new, author_id, folder_id
				FROM ' . PRIVMSGS_TO_TABLE . '
				WHERE user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\tAND msg_id = {$msg_id}";
            break;
        case 'smilies':
            generate_smilies('window', 0);
            break;
        default:
            trigger_error('NO_ACTION_MODE', E_USER_ERROR);
            break;
    }
    if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) {
        trigger_error('NO_AUTH_FORWARD_MESSAGE');
    }
    if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) {
        trigger_error('NO_AUTH_EDIT_MESSAGE');
    }
    if ($sql) {
        $result = $db->sql_query($sql);
        $post = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if (!$post) {
            // If editing it could be the recipient already read the message...
            if ($action == 'edit') {
                $sql = 'SELECT p.*, t.folder_id
					FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p
					WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\t\tAND t.msg_id = p.msg_id";
                $result = $db->sql_query($sql);
                $post = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if ($post) {
                    trigger_error('NO_EDIT_READ_MESSAGE');
                }
            }
            trigger_error('NO_MESSAGE');
        }
        if ($action == 'quotepost') {
            if ($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id']) || !$post['forum_id'] && !$auth->acl_getf_global('f_read')) {
                trigger_error('NOT_AUTHORISED');
            }
            // Passworded forum?
            if ($post['forum_id']) {
                $sql = 'SELECT forum_password
					FROM ' . FORUMS_TABLE . '
					WHERE forum_id = ' . (int) $post['forum_id'];
                $result = $db->sql_query($sql);
                $forum_password = (string) $db->sql_fetchfield('forum_password');
                $db->sql_freeresult($result);
                if ($forum_password) {
                    login_forum_box(array('forum_id' => $post['forum_id'], 'forum_password' => $forum_password));
                }
            }
        }
        $msg_id = (int) $post['msg_id'];
        $folder_id = isset($post['folder_id']) ? $post['folder_id'] : 0;
        $message_text = isset($post['message_text']) ? $post['message_text'] : '';
        if ((!$post['author_id'] || $post['author_id'] == ANONYMOUS && $action != 'delete') && $msg_id) {
            trigger_error('NO_AUTHOR');
        }
        if ($action == 'quotepost') {
            // Decode text for message display
            decode_message($message_text, $post['bbcode_uid']);
        }
        if ($action != 'delete') {
            $enable_urls = $post['enable_magic_url'];
            $enable_sig = isset($post['enable_sig']) ? $post['enable_sig'] : 0;
            $message_attachment = isset($post['message_attachment']) ? $post['message_attachment'] : 0;
            $message_subject = $post['message_subject'];
            $message_time = $post['message_time'];
            $bbcode_uid = $post['bbcode_uid'];
            $quote_username = isset($post['quote_username']) ? $post['quote_username'] : '';
            $icon_id = isset($post['icon_id']) ? $post['icon_id'] : 0;
            if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) {
                // Add the original author as the recipient if quoting a post or only replying and not having checked "reply to all"
                if ($action == 'quotepost' || !$reply_to_all) {
                    $address_list = array('u' => array($post['author_id'] => 'to'));
                } else {
                    // We try to include every previously listed member from the TO Header - Reply to all
                    $address_list = rebuild_header(array('to' => $post['to_address']));
                    // Add the author (if he is already listed then this is no shame (it will be overwritten))
                    $address_list['u'][$post['author_id']] = 'to';
                    // Now, make sure the user itself is not listed. ;)
                    if (isset($address_list['u'][$user->data['user_id']])) {
                        unset($address_list['u'][$user->data['user_id']]);
                    }
                }
            } else {
                if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) {
                    // Rebuild TO and BCC Header
                    $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address']));
                }
            }
            if ($action == 'quotepost') {
                $check_value = 0;
            } else {
                $check_value = ($post['enable_bbcode'] + 1 << 8) + ($post['enable_smilies'] + 1 << 4) + ($enable_urls + 1 << 2) + ($post['enable_sig'] + 1 << 1);
            }
        }
    } else {
        $message_attachment = 0;
        $message_text = $message_subject = '';
        if ($to_user_id && $action == 'post') {
            $address_list['u'][$to_user_id] = 'to';
        } else {
            if ($to_group_id && $action == 'post') {
                $address_list['g'][$to_group_id] = 'to';
            }
        }
        $check_value = 0;
    }
    if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) {
        trigger_error('NO_AUTH_GROUP_MESSAGE');
    }
    if ($action == 'edit' && !$refresh && !$preview && !$submit) {
        if (!($message_time > time() - $config['pm_edit_time'] * 60 || !$config['pm_edit_time'])) {
            trigger_error('CANNOT_EDIT_MESSAGE_TIME');
        }
    }
    if ($action == 'post') {
        $template->assign_var('S_NEW_MESSAGE', true);
    }
    if (!isset($icon_id)) {
        $icon_id = 0;
    }
    $message_parser = new parse_message();
    $message_parser->message = $action == 'reply' ? '' : $message_text;
    unset($message_text);
    $s_action = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i={$id}&amp;mode={$mode}&amp;action={$action}", true, $user->session_id);
    $s_action .= ($folder_id ? "&amp;f={$folder_id}" : '') . ($msg_id ? "&amp;p={$msg_id}" : '');
    // Delete triggered ?
    if ($action == 'delete') {
        // Folder id has been determined by the SQL Statement
        // $folder_id = request_var('f', PRIVMSGS_NO_BOX);
        // Do we need to confirm ?
        if (confirm_box(true)) {
            delete_pm($user->data['user_id'], $msg_id, $folder_id);
            // jump to next message in "history"? nope, not for the moment. But able to be included later.
            $meta_info = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&amp;folder={$folder_id}");
            $message = $user->lang['MESSAGE_DELETED'];
            meta_refresh(3, $meta_info);
            $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
            trigger_error($message);
        } else {
            $s_hidden_fields = array('p' => $msg_id, 'f' => $folder_id, 'action' => 'delete');
            // "{$phpbb_root_path}ucp.$phpEx?i=pm&amp;mode=compose"
            confirm_box(false, 'DELETE_MESSAGE', build_hidden_fields($s_hidden_fields));
        }
        redirect(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=view&amp;action=view_message&amp;p=' . $msg_id));
    }
    // Get maximum number of allowed recipients
    $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients
		FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
		WHERE ug.user_id = ' . $user->data['user_id'] . '
			AND ug.user_pending = 0
			AND ug.group_id = g.group_id';
    $result = $db->sql_query($sql);
    $max_recipients = (int) $db->sql_fetchfield('max_recipients');
    $db->sql_freeresult($result);
    $max_recipients = !$max_recipients ? $config['pm_max_recipients'] : $max_recipients;
    // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients
    if (($action == 'reply' || $action == 'quote') && $max_recipients && $reply_to_all) {
        // We try to include every previously listed member from the TO Header
        $list = rebuild_header(array('to' => $post['to_address']));
        // Can be an empty array too ;)
        $list = !empty($list['u']) ? $list['u'] : array();
        $list[$post['author_id']] = 'to';
        if (isset($list[$user->data['user_id']])) {
            unset($list[$user->data['user_id']]);
        }
        $max_recipients = $max_recipients < sizeof($list) ? sizeof($list) : $max_recipients;
        unset($list);
    }
    // Handle User/Group adding/removing
    handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc);
    // Check mass pm to group permission
    if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')) && !empty($address_list['g'])) {
        $address_list = array();
        $error[] = $user->lang['NO_AUTH_GROUP_MESSAGE'];
    }
    // Check mass pm to users permission
    if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1) {
        $address_list = get_recipients($address_list, 1);
        $error[] = $user->lang('TOO_MANY_RECIPIENTS', 1);
    }
    // Check for too many recipients
    if (!empty($address_list['u']) && $max_recipients && sizeof($address_list['u']) > $max_recipients) {
        $address_list = get_recipients($address_list, $max_recipients);
        $error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients);
    }
    // Always check if the submitted attachment data is valid and belongs to the user.
    // Further down (especially in submit_post()) we do not check this again.
    $message_parser->get_submitted_attachment_data();
    if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') {
        // Do not change to SELECT *
        $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename
			FROM ' . ATTACHMENTS_TABLE . "\n\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\tAND in_message = 1\n\t\t\t\tAND is_orphan = 0\n\t\t\tORDER BY filetime DESC";
        $result = $db->sql_query($sql);
        $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
        $db->sql_freeresult($result);
    }
    if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) {
        $enable_sig = $config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig') && $user->optionget('attachsig');
        $enable_smilies = $config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smilies');
        $enable_bbcode = $config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') && $user->optionget('bbcode');
        $enable_urls = true;
    }
    $enable_magic_url = $drafts = false;
    // User own some drafts?
    if ($auth->acl_get('u_savedrafts') && $action != 'delete') {
        $sql = 'SELECT draft_id
			FROM ' . DRAFTS_TABLE . '
			WHERE forum_id = 0
				AND topic_id = 0
				AND user_id = ' . $user->data['user_id'] . ($draft_id ? " AND draft_id <> {$draft_id}" : '');
        $result = $db->sql_query_limit($sql, 1);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if ($row) {
            $drafts = true;
        }
    }
    if ($action == 'edit') {
        $message_parser->bbcode_uid = $bbcode_uid;
    }
    $bbcode_status = $config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode') ? true : false;
    $smilies_status = $config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies') ? true : false;
    $img_status = $config['auth_img_pm'] && $auth->acl_get('u_pm_img') ? true : false;
    $flash_status = $config['auth_flash_pm'] && $auth->acl_get('u_pm_flash') ? true : false;
    $url_status = $config['allow_post_links'] ? true : false;
    // Save Draft
    if ($save && $auth->acl_get('u_savedrafts')) {
        $subject = utf8_normalize_nfc(request_var('subject', '', true));
        $subject = !$subject && $action != 'post' ? $user->lang['NEW_MESSAGE'] : $subject;
        $message = utf8_normalize_nfc(request_var('message', '', true));
        if ($subject && $message) {
            if (confirm_box(true)) {
                $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $user->data['user_id'], 'topic_id' => 0, 'forum_id' => 0, 'save_time' => $current_time, 'draft_subject' => $subject, 'draft_message' => $message));
                $db->sql_query($sql);
                $redirect_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&amp;mode={$mode}");
                meta_refresh(3, $redirect_url);
                $message = $user->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
                trigger_error($message);
            } else {
                $s_hidden_fields = build_hidden_fields(array('mode' => $mode, 'action' => $action, 'save' => true, 'subject' => $subject, 'message' => $message, 'u' => $to_user_id, 'g' => $to_group_id, 'p' => $msg_id));
                $s_hidden_fields .= build_address_field($address_list);
                confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
            }
        } else {
            if (utf8_clean_string($subject) === '') {
                $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
            }
            if (utf8_clean_string($message) === '') {
                $error[] = $user->lang['TOO_FEW_CHARS'];
            }
        }
        unset($subject, $message);
    }
    // Load Draft
    if ($draft_id && $auth->acl_get('u_savedrafts')) {
        $sql = 'SELECT draft_subject, draft_message
			FROM ' . DRAFTS_TABLE . "\n\t\t\tWHERE draft_id = {$draft_id}\n\t\t\t\tAND topic_id = 0\n\t\t\t\tAND forum_id = 0\n\t\t\t\tAND user_id = " . $user->data['user_id'];
        $result = $db->sql_query_limit($sql, 1);
        if ($row = $db->sql_fetchrow($result)) {
            $message_parser->message = $row['draft_message'];
            $message_subject = $row['draft_subject'];
            $template->assign_var('S_DRAFT_LOADED', true);
        } else {
            $draft_id = 0;
        }
        $db->sql_freeresult($result);
    }
    // Load Drafts
    if ($load && $drafts) {
        load_drafts(0, 0, $id, $action, $msg_id);
    }
    if ($submit || $preview || $refresh) {
        if (($submit || $preview) && !check_form_key('ucp_pm_compose')) {
            $error[] = $user->lang['FORM_INVALID'];
        }
        $subject = utf8_normalize_nfc(request_var('subject', '', true));
        $message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
        $icon_id = request_var('icon', 0);
        $enable_bbcode = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
        $enable_smilies = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
        $enable_urls = isset($_POST['disable_magic_url']) ? 0 : 1;
        $enable_sig = !$config['allow_sig'] || !$config['allow_sig_pm'] ? false : (isset($_POST['attach_sig']) ? true : false);
        if ($submit) {
            $status_switch = ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1);
            $status_switch = $status_switch != $check_value;
        } else {
            $status_switch = 1;
        }
        // Parse Attachments - before checksum is calculated
        $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
        if (sizeof($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) {
            $error[] = implode('<br />', $message_parser->warn_msg);
            $message_parser->warn_msg = array();
        }
        // Parse message
        $message_parser->parse($enable_bbcode, $config['allow_post_links'] ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_post_links']);
        // On a refresh we do not care about message parsing errors
        if (sizeof($message_parser->warn_msg) && !$refresh) {
            $error[] = implode('<br />', $message_parser->warn_msg);
        }
        if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_ignoreflood')) {
            // Flood check
            $last_post_time = $user->data['user_lastpost_time'];
            if ($last_post_time) {
                if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
                    $error[] = $user->lang['FLOOD_ERROR'];
                }
            }
        }
        // Subject defined
        if ($submit) {
            if (utf8_clean_string($subject) === '') {
                $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
            }
            if (!sizeof($address_list)) {
                $error[] = $user->lang['NO_RECIPIENT'];
            }
        }
        // START Anti-Spam ACP
        if (!sizeof($error) && $config['asacp_spam_words_pm_action'] && antispam::spam_words(array($subject, $message_parser->message))) {
            $user->add_lang('mods/asacp');
            antispam::add_log('LOG_SPAM_PM_DENIED', array($subject, $message_parser->message));
            $error[] = $user->lang['SPAM_DENIED'];
        }
        if (!sizeof($error) && $config['asacp_akismet_pm_action'] && antispam::akismet($message_parser->message)) {
            $user->add_lang('mods/asacp');
            antispam::add_log('LOG_SPAM_PM_DENIED_AKISMET', array($subject, $message_parser->message));
            $error[] = $user->lang['SPAM_DENIED'];
        }
        if (!sizeof($error) && $submit && $user->data['user_flagged']) {
            antispam::add_log('LOG_SENT_PM', array('pm' => $address_list), 'flag');
        }
        // END Anti-Spam ACP
        // Store message, sync counters
        if (!sizeof($error) && $submit) {
            $pm_data = array('msg_id' => (int) $msg_id, 'from_user_id' => $user->data['user_id'], 'from_user_ip' => $user->ip, 'from_username' => $user->data['username'], 'reply_from_root_level' => isset($post['root_level']) ? (int) $post['root_level'] : 0, 'reply_from_msg_id' => (int) $msg_id, 'icon_id' => (int) $icon_id, 'enable_sig' => (bool) $enable_sig, 'enable_bbcode' => (bool) $enable_bbcode, 'enable_smilies' => (bool) $enable_smilies, 'enable_urls' => (bool) $enable_urls, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'address_list' => $address_list);
            // ((!$message_subject) ? $subject : $message_subject)
            $msg_id = submit_pm($action, $subject, $pm_data);
            $return_message_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;mode=view&amp;p=' . $msg_id);
            $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=inbox');
            $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=outbox');
            $folder_url = '';
            if ($folder_id > 0 && isset($user_folders[$folder_id])) {
                $folder_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&amp;folder=' . $folder_id);
            }
            $return_box_url = $action === 'post' || $action === 'edit' ? $outbox_folder_url : $inbox_folder_url;
            $return_box_lang = $action === 'post' || $action === 'edit' ? 'PM_OUTBOX' : 'PM_INBOX';
            $message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>');
            $last_click_type = 'CLICK_RETURN_FOLDER';
            if ($folder_url) {
                $message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']);
                $last_click_type = 'CLICK_GOTO_FOLDER';
            }
            $message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]);
            meta_refresh(3, $return_message_url);
            trigger_error($message);
        }
        $message_subject = $subject;
    }
    // Preview
    if (!sizeof($error) && $preview) {
        $preview_message = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
        $preview_signature = $user->data['user_sig'];
        $preview_signature_uid = $user->data['user_sig_bbcode_uid'];
        $preview_signature_bitfield = $user->data['user_sig_bbcode_bitfield'];
        // Signature
        if ($enable_sig && $config['allow_sig'] && $preview_signature) {
            $parse_sig = new parse_message($preview_signature);
            $parse_sig->bbcode_uid = $preview_signature_uid;
            $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
            $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']);
            $preview_signature = $parse_sig->message;
            unset($parse_sig);
        } else {
            $preview_signature = '';
        }
        // Attachment Preview
        if (sizeof($message_parser->attachment_data)) {
            $template->assign_var('S_HAS_ATTACHMENTS', true);
            $update_count = array();
            $attachment_data = $message_parser->attachment_data;
            parse_attachments(false, $preview_message, $attachment_data, $update_count, true);
            foreach ($attachment_data as $i => $attachment) {
                $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $attachment));
            }
            unset($attachment_data);
        }
        $preview_subject = censor_text($subject);
        if (!sizeof($error)) {
            $template->assign_vars(array('PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true));
        }
        unset($message_text);
    }
    // Decode text for message display
    $bbcode_uid = ($action == 'quote' || $action == 'forward') && !$preview && !$refresh && (!sizeof($error) || sizeof($error) && !$submit) ? $bbcode_uid : $message_parser->bbcode_uid;
    $message_parser->decode_message($bbcode_uid);
    if (($action == 'quote' || $action == 'quotepost') && !$preview && !$refresh && !$submit) {
        if ($action == 'quotepost') {
            $post_id = request_var('p', 0);
            if ($config['allow_post_links']) {
                $message_link = "[url=" . generate_board_url() . "/viewtopic.{$phpEx}?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}: {$message_subject}[/url]\n\n";
            } else {
                $message_link = $user->lang['SUBJECT'] . ': ' . $message_subject . " (" . generate_board_url() . "/viewtopic.{$phpEx}?p={$post_id}#p{$post_id})\n\n";
            }
        } else {
            $message_link = '';
        }
        $message_parser->message = $message_link . '[quote=&quot;' . $quote_username . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
    }
    if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) {
        $message_subject = (!preg_match('/^Re:/', $message_subject) ? 'Re: ' : '') . censor_text($message_subject);
    }
    if ($action == 'forward' && !$preview && !$refresh && !$submit) {
        $fwd_to_field = write_pm_addresses(array('to' => $post['to_address']), 0, true);
        if ($config['allow_post_links']) {
            $quote_username_text = '[url=' . generate_board_url() . "/memberlist.{$phpEx}?mode=viewprofile&amp;u={$post['author_id']}]{$quote_username}[/url]";
        } else {
            $quote_username_text = $quote_username . ' (' . generate_board_url() . "/memberlist.{$phpEx}?mode=viewprofile&amp;u={$post['author_id']})";
        }
        $forward_text = array();
        $forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE'];
        $forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject));
        $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time, false, true));
        $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text);
        $forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to']));
        $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=&quot;{$quote_username}&quot;]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
        $message_subject = (!preg_match('/^Fwd:/', $message_subject) ? 'Fwd: ' : '') . censor_text($message_subject);
    }
    $attachment_data = $message_parser->attachment_data;
    $filename_data = $message_parser->filename_data;
    $message_text = $message_parser->message;
    // MAIN PM PAGE BEGINS HERE
    // Generate smiley listing
    generate_smilies('inline', 0);
    // Generate PM Icons
    $s_pm_icons = false;
    if ($config['enable_pm_icons']) {
        $s_pm_icons = posting_gen_topic_icons($action, $icon_id);
    }
    // Generate inline attachment select box
    posting_gen_inline_attachments($attachment_data);
    // Build address list for display
    // array('u' => array($author_id => 'to'));
    if (sizeof($address_list)) {
        // Get Usernames and Group Names
        $result = array();
        if (!empty($address_list['u'])) {
            $sql = 'SELECT user_id as id, username as name, user_colour as colour
				FROM ' . USERS_TABLE . '
				WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u']))) . '
				ORDER BY username_clean ASC';
            $result['u'] = $db->sql_query($sql);
        }
        if (!empty($address_list['g'])) {
            $sql = 'SELECT g.group_id AS id, g.group_name AS name, g.group_colour AS colour, g.group_type
				FROM ' . GROUPS_TABLE . ' g';
            if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) {
                $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug
					ON (
						g.group_id = ug.group_id
						AND ug.user_id = ' . $user->data['user_id'] . '
						AND ug.user_pending = 0
					)
					WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')';
            }
            $sql .= $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND ';
            $sql .= 'g.group_receive_pm = 1
				AND ' . $db->sql_in_set('g.group_id', array_map('intval', array_keys($address_list['g']))) . '
				ORDER BY g.group_name ASC';
            $result['g'] = $db->sql_query($sql);
        }
        $u = $g = array();
        $_types = array('u', 'g');
        foreach ($_types as $type) {
            if (isset($result[$type]) && $result[$type]) {
                while ($row = $db->sql_fetchrow($result[$type])) {
                    if ($type == 'g') {
                        $row['name'] = $row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['name']] : $row['name'];
                    }
                    ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']);
                }
                $db->sql_freeresult($result[$type]);
            }
        }
        // Now Build the address list
        $plain_address_field = '';
        foreach ($address_list as $type => $adr_ary) {
            foreach ($adr_ary as $id => $field) {
                if (!isset(${$type}[$id])) {
                    unset($address_list[$type][$id]);
                    continue;
                }
                $field = $field == 'to' ? 'to' : 'bcc';
                $type = $type == 'u' ? 'u' : 'g';
                $id = (int) $id;
                $tpl_ary = array('IS_GROUP' => $type == 'g' ? true : false, 'IS_USER' => $type == 'u' ? true : false, 'UG_ID' => $id, 'NAME' => ${$type}[$id]['name'], 'COLOUR' => ${$type}[$id]['colour'] ? '#' . ${$type}[$id]['colour'] : '', 'TYPE' => $type);
                if ($type == 'u') {
                    $tpl_ary = array_merge($tpl_ary, array('U_VIEW' => get_username_string('profile', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), 'NAME_FULL' => get_username_string('full', $id, ${$type}[$id]['name'], ${$type}[$id]['colour'])));
                } else {
                    $tpl_ary = array_merge($tpl_ary, array('U_VIEW' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=group&amp;g=' . $id)));
                }
                $template->assign_block_vars($field . '_recipient', $tpl_ary);
            }
        }
    }
    // Build hidden address list
    $s_hidden_address_field = build_address_field($address_list);
    $bbcode_checked = isset($enable_bbcode) ? !$enable_bbcode : ($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') ? !$user->optionget('bbcode') : 1);
    $smilies_checked = isset($enable_smilies) ? !$enable_smilies : ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') ? !$user->optionget('smilies') : 1);
    $urls_checked = isset($enable_urls) ? !$enable_urls : 0;
    $sig_checked = $enable_sig;
    switch ($action) {
        case 'post':
            $page_title = $user->lang['POST_NEW_PM'];
            break;
        case 'quote':
            $page_title = $user->lang['POST_QUOTE_PM'];
            break;
        case 'quotepost':
            $page_title = $user->lang['POST_PM_POST'];
            break;
        case 'reply':
            $page_title = $user->lang['POST_REPLY_PM'];
            break;
        case 'edit':
            $page_title = $user->lang['POST_EDIT_PM'];
            break;
        case 'forward':
            $page_title = $user->lang['POST_FORWARD_PM'];
            break;
        default:
            trigger_error('NO_ACTION_MODE', E_USER_ERROR);
            break;
    }
    $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
    $s_hidden_fields .= isset($check_value) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
    $s_hidden_fields .= $draft_id || isset($_REQUEST['draft_loaded']) ? '<input type="hidden" name="draft_loaded" value="' . (isset($_REQUEST['draft_loaded']) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
    $form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach') ? '' : ' enctype="multipart/form-data"';
    // Start assigning vars for main posting page ...
    $template->assign_vars(array('L_POST_A' => $page_title, 'L_ICON' => $user->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'SUBJECT' => isset($message_subject) ? $message_subject : '', 'MESSAGE' => $message_text, 'BBCODE_STATUS' => $bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 'ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MAX_RECIPIENTS' => $config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group')) ? $max_recipients : 0, 'S_COMPOSE_PM' => true, 'S_EDIT_POST' => $action == 'edit', 'S_SHOW_PM_ICONS' => $s_pm_icons, 'S_BBCODE_ALLOWED' => $bbcode_status ? 1 : 0, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig'), 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_SAVE_ALLOWED' => $auth->acl_get('u_savedrafts') && $action != 'edit' ? true : false, 'S_HAS_DRAFTS' => $auth->acl_get('u_savedrafts') && $drafts, 'S_FORM_ENCTYPE' => $form_enctype, 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => true, 'S_BBCODE_URL' => $url_status, 'S_POST_ACTION' => $s_action, 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.{$phpEx}", 'f=0&amp;mode=popup'), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.{$phpEx}", 'f=0&amp;mode=popup'))));
    // Build custom bbcodes array
    display_custom_bbcodes();
    // Show attachment box for adding attachments if true
    $allowed = $auth->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype;
    // Attachment entry
    posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
    // Message History
    if ($action == 'reply' || $action == 'quote' || $action == 'forward') {
        if (message_history($msg_id, $user->data['user_id'], $post, array(), true)) {
            $template->assign_var('S_DISPLAY_HISTORY', true);
        }
    }
}
Example #10
0
function antispam_reply_edit_after_sql($reply_id)
{
    global $config, $user;
    if (!class_exists('antispam')) {
        return;
    }
    if ($user->data['user_flagged']) {
        global $blog_id;
        antispam::add_log('LOG_EDITED_BLOG_REPLY', blog_url($user->data['user_id'], $blog_id, $reply_id), 'flag');
    }
}