$bcclist[$countbcc - 1]['comma'] = ''; } if ($countcc > 1 or is_array($touser['cc']) and !in_array($vbulletin->userinfo['username'], $touser['cc']) or $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) { if ($countcc) { $ccrecipients = $cclist; } if ($countbcc and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) { if ($countcc) { $bccrecipients = $bcclist; } else { $ccrecipients = $bcclist; } } $show['recipients'] = true; } $show['quickreply'] = ($permissions['pmquota'] and $vbulletin->userinfo['receivepm'] and !fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])); if ($pm['fromuserid']) { $recipient = $db->query_first("\n\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\tWHERE user.userid = " . intval($pm['fromuserid'])); if (!empty($recipient)) { $recipient = array_merge($recipient, convert_bits_to_array($recipient['options'], $vbulletin->bf_misc_useroptions)); cache_permissions($recipient, false); if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$recipient['receivepm'] or !$recipient['permissions']['pmquota'] or $recipient['receivepmbuddies'] and !can_moderate() and $recipient['type'] != 'buddy')) { $show['quickreply'] = false; } } else { $show['quickreply'] = false; } } else { $show['quickreply'] = false; } if ($vbulletin->GPC['showhistory'] and $pm['parentpmid']) {
function do_send_pm() { global $vbulletin, $db, $permissions; if (!$vbulletin->userinfo['userid']) { json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN); } $vbulletin->input->clean_array_gpc('r', array('wysiwyg' => TYPE_BOOL, 'title' => TYPE_NOHTML, 'message' => TYPE_STR, 'parseurl' => TYPE_BOOL, 'savecopy' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'receipt' => TYPE_BOOL, 'preview' => TYPE_STR, 'recipients' => TYPE_STR, 'bccrecipients' => TYPE_STR, 'iconid' => TYPE_UINT, 'forward' => TYPE_BOOL, 'folderid' => TYPE_INT, 'sendanyway' => TYPE_BOOL)); if ($vbulletin->GPC['message']) { $vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']); } if ($vbulletin->GPC['title']) { $vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']); } if ($vbulletin->GPC['recipients']) { $vbulletin->GPC['recipients'] = prepare_remote_utf8_string($vbulletin->GPC['recipients']); } $vbulletin->GPC['savecopy'] = true; if ($permissions['pmquota'] < 1) { json_error(ERR_NO_PERMISSION); } else { if (!$vbulletin->userinfo['receivepm']) { json_error(strip_tags(fetch_error('pm_turnedoff')), RV_POST_ERROR); } } if (fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])) { json_error(strip_tags(fetch_error('pm_throttle_reached', $vbulletin->userinfo['permissions']['pmthrottlequantity'], $vbulletin->options['pmthrottleperiod'])), RV_POST_ERROR); } // include useful functions require_once DIR . '/includes/functions_newpost.php'; // parse URLs in message text if ($vbulletin->options['privallowbbcode'] and $vbulletin->GPC['parseurl']) { $vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']); } $pm['message'] =& $vbulletin->GPC['message']; $pm['title'] =& $vbulletin->GPC['title']; $pm['parseurl'] =& $vbulletin->GPC['parseurl']; $pm['savecopy'] =& $vbulletin->GPC['savecopy']; $pm['signature'] =& $vbulletin->GPC['signature']; $pm['disablesmilies'] =& $vbulletin->GPC['disablesmilies']; $pm['sendanyway'] =& $vbulletin->GPC['sendanyway']; $pm['receipt'] =& $vbulletin->GPC['receipt']; $pm['recipients'] =& $vbulletin->GPC['recipients']; $pm['bccrecipients'] =& $vbulletin->GPC['bccrecipients']; $pm['pmid'] =& $vbulletin->GPC['pmid']; $pm['iconid'] =& $vbulletin->GPC['iconid']; $pm['forward'] =& $vbulletin->GPC['forward']; $pm['folderid'] =& $vbulletin->GPC['folderid']; // ************************************************************* // PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE $errors = array(); // catches errors if ($vbulletin->userinfo['pmtotal'] > $permissions['pmquota'] or $vbulletin->userinfo['pmtotal'] == $permissions['pmquota'] and $pm['savecopy']) { json_error(strip_tags(fetch_error('yourpmquotaexceeded')), RV_POST_ERROR); } // create the DM to do error checking and insert the new PM $pmdm =& datamanager_init('PM', $vbulletin, ERRTYPE_ARRAY); $pmdm->set_info('savecopy', $pm['savecopy']); $pmdm->set_info('receipt', $pm['receipt']); $pmdm->set_info('cantrackpm', $cantrackpm); $pmdm->set_info('forward', $pm['forward']); $pmdm->set_info('bccrecipients', $pm['bccrecipients']); if ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) { $pmdm->overridequota = true; } $pmdm->set('fromuserid', $vbulletin->userinfo['userid']); $pmdm->set('fromusername', $vbulletin->userinfo['username']); $pmdm->setr('title', $pm['title']); $pmdm->set_recipients($pm['recipients'], $permissions, 'cc'); $pmdm->set_recipients($pm['bccrecipients'], $permissions, 'bcc'); $pmdm->setr('message', $pm['message']); $pmdm->setr('iconid', $pm['iconid']); $pmdm->set('dateline', TIMENOW); $pmdm->setr('showsignature', $pm['signature']); $pmdm->set('allowsmilie', $pm['disablesmilies'] ? 0 : 1); if (!$pm['forward']) { $pmdm->set_info('parentpmid', $pm['pmid']); } $pmdm->set_info('replypmid', $pm['pmid']); ($hook = vBulletinHook::fetch_hook('private_insertpm_process')) ? eval($hook) : false; $pmdm->pre_save(); // deal with user using receivepmbuddies sending to non-buddies if ($vbulletin->userinfo['receivepmbuddies'] and is_array($pmdm->info['recipients'])) { $users_not_on_list = array(); // get a list of super mod groups $smod_groups = array(); foreach ($vbulletin->usergroupcache as $ugid => $groupinfo) { if ($groupinfo['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) { // super mod group $smod_groups[] = $ugid; } } // now filter out all moderators (and super mods) from the list of recipients // to check against the buddy list $check_recipients = $pmdm->info['recipients']; $mods = $db->query_read_slave("\n\t\t\tSELECT user.userid\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "moderator AS moderator ON (moderator.userid = user.userid)\n\t\t\tWHERE user.userid IN (" . implode(',', array_keys($check_recipients)) . ")\n\t\t\t\tAND ((moderator.userid IS NOT NULL AND moderator.forumid <> -1)\n\t\t\t\t" . (!empty($smod_groups) ? "OR user.usergroupid IN (" . implode(',', $smod_groups) . ")" : '') . "\n\t\t\t\t)\n\t\t"); while ($mod = $db->fetch_array($mods)) { unset($check_recipients["{$mod['userid']}"]); } if (!empty($check_recipients)) { // filter those on our buddy list out $users = $db->query_read_slave("\n\t\t\t\tSELECT userlist.relationid\n\t\t\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\tAND userlist.relationid IN(" . implode(array_keys($check_recipients), ',') . ")\n\t\t\t\t\tAND type = 'buddy'\n\t\t\t"); while ($user = $db->fetch_array($users)) { unset($check_recipients["{$user['relationid']}"]); } } // what's left must be those who are neither mods or on our buddy list foreach ($check_recipients as $userid => $user) { $users_not_on_list["{$userid}"] = $user['username']; } if (!empty($users_not_on_list) and (!$vbulletin->GPC['sendanyway'] or !empty($errors))) { $users = ''; foreach ($users_not_on_list as $userid => $username) { $users .= "<li><a href=\"member.php?" . $vbulletin->session->vars['sessionurl'] . "u={$userid}\" target=\"profile\">{$username}</a></li>"; } $pmdm->error('pm_non_contacts_cant_reply', $users); } } // check for message flooding if ($vbulletin->options['pmfloodtime'] > 0 and !$vbulletin->GPC['preview']) { if (!($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and !can_moderate()) { $floodcheck = $db->query_first("\n\t\t\t\tSELECT pmtextid, title, dateline\n\t\t\t\tFROM " . TABLE_PREFIX . "pmtext AS pmtext\n\t\t\t\tWHERE fromuserid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tORDER BY dateline DESC\n\t\t\t"); if (($timepassed = TIMENOW - $floodcheck['dateline']) < $vbulletin->options['pmfloodtime']) { json_error(strip_tags(fetch_error('pmfloodcheck', $vbulletin->options['pmfloodtime'], $vbulletin->options['pmfloodtime'] - $timepassed)), RV_POST_ERROR); } } } // process errors if there are any $errors = array_merge($errors, $pmdm->errors); if (!empty($errors)) { json_error(strip_tags($errors[0]), RV_POST_ERROR); } else { if ($vbulletin->GPC['preview'] != '') { define('PMPREVIEW', 1); $foruminfo = array('forumid' => 'privatemessage', 'allowicons' => $vbulletin->options['privallowicons']); $preview = process_post_preview($pm); $_REQUEST['do'] = 'newpm'; } else { // everything's good! $pmdm->save(); // force pm counters to be rebuilt $vbulletin->userinfo['pmunread'] = -1; build_pm_counters(); } } return array('success' => 1); }