phpBB

<?php

/**

*

* @package phpBB3

* @version $Id: memberlist.php 9064 2008-11-13 13:04:54Z toonarmy $

* @copyright (c) 2005 phpBB Group

* @license http://opensource.org/licenses/gpl-license.php GNU Public License

*

*/

/**

* @ignore

*/

define('IN_PHPBB', true);

if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './');

if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));

include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);

include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);

// Start session management

$user->session_begin();

$auth->acl($user->data);

$user->setup(array('memberlist', 'groups'));

// Grab data

$mode		= request_var('mode', '');

$action		= request_var('action', '');

$user_id	= request_var('u', ANONYMOUS);

$username	= request_var('un', '', true);

$group_id	= request_var('g', 0);

$topic_id	= request_var('t', 0);

// Check our mode...

if (!in_array($mode, array('', 'group', 'viewprofile', 'email', 'contact', 'searchuser', 'leaders')))

{

	trigger_error('NO_MODE');

}

switch ($mode)

{

	case 'email':

	break;

	default:

		// Can this user view profiles/memberlist?

		if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))

		{

			if ($user->data['user_id'] != ANONYMOUS)

			{

				trigger_error('NO_VIEW_USERS');

			}

			login_box('', ((isset($user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)])) ? $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)] : $user->lang['LOGIN_EXPLAIN_MEMBERLIST']));

		}

	break;

}

$start	= request_var('start', 0);

$submit = (isset($_POST['submit'])) ? true : false;

$default_key = 'c';

$sort_key = request_var('sk', $default_key);

$sort_dir = request_var('sd', 'a');

// Grab rank information for later

$ranks = cache::obtain_ranks();

// What do you want to do today? ... oops, I think that line is taken ...

switch ($mode)

{

	case 'leaders':

		// Display a listing of board admins, moderators

		include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);

		$page_title = $user->lang['THE_TEAM'];

		$template_html = 'memberlist_leaders.html';

		$user_ary = $auth->acl_get_list(false, array('a_', 'm_'), false);

		$admin_id_ary = $global_mod_id_ary = $mod_id_ary = $forum_id_ary = array();

		foreach ($user_ary as $forum_id => $forum_ary)

		{

			foreach ($forum_ary as $auth_option => $id_ary)

			{

				if (!$forum_id)

				{

					if ($auth_option == 'a_')

					{

						$admin_id_ary = array_merge($admin_id_ary, $id_ary);

					}

					else

					{

						$global_mod_id_ary = array_merge($global_mod_id_ary, $id_ary);

					}

					continue;

				}

				else

				{

					$mod_id_ary = array_merge($mod_id_ary, $id_ary);

				}

				if ($forum_id)

				{

					foreach ($id_ary as $id)

					{

						$forum_id_ary[$id][] = $forum_id;

					}

				}

			}

		}

		$admin_id_ary = array_unique($admin_id_ary);

		$global_mod_id_ary = array_unique($global_mod_id_ary);

		$mod_id_ary = array_merge($mod_id_ary, $global_mod_id_ary);

		$mod_id_ary = array_unique($mod_id_ary);

		// Admin group id...

		$sql = 'SELECT group_id

			FROM ' . GROUPS_TABLE . "

			WHERE group_name = 'ADMINISTRATORS'";

		$result = $db->sql_query($sql);

		$admin_group_id = (int) $db->sql_fetchfield('group_id');

		$db->sql_freeresult($result);

		// Get group memberships for the admin id ary...

		$admin_memberships = group_memberships($admin_group_id, $admin_id_ary);

		$admin_user_ids = array();

		if (!empty($admin_memberships))

		{

			// ok, we only need the user ids...

			foreach ($admin_memberships as $row)

			{

				$admin_user_ids[$row['user_id']] = true;

			}

		}

		unset($admin_memberships);

		$sql = 'SELECT forum_id, forum_name

			FROM ' . FORUMS_TABLE;

		$result = $db->sql_query($sql);

		$forums = array();

		while ($row = $db->sql_fetchrow($result))

		{

			$forums[$row['forum_id']] = $row['forum_name'];

		}

		$db->sql_freeresult($result);

		$sql = $db->sql_build_query('SELECT', array(

			'SELECT'	=> 'u.user_id, u.group_id as default_group, u.username, u.username_clean, u.user_colour, u.user_rank, u.user_posts, u.user_allow_pm, g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id as ug_user_id',

			'FROM'		=> array(

				USERS_TABLE		=> 'u',

				GROUPS_TABLE	=> 'g'

			),

			'LEFT_JOIN'	=> array(

				array(

					'FROM'	=> array(USER_GROUP_TABLE => 'ug'),

					'ON'	=> 'ug.group_id = g.group_id AND ug.user_pending = 0 AND ug.user_id = ' . $user->data['user_id']

				)

			),

			'WHERE'		=> $db->sql_in_set('u.user_id', array_unique(array_merge($admin_id_ary, $mod_id_ary)), false, true) . '

				AND u.group_id = g.group_id',

			'ORDER_BY'	=> 'g.group_name ASC, u.username_clean ASC'

		));

		$result = $db->sql_query($sql);

		while ($row = $db->sql_fetchrow($result))

		{

			$which_row = (in_array($row['user_id'], $admin_id_ary)) ? 'admin' : 'mod';

			// We sort out admins not within the 'Administrators' group.

			// Else, we will list those as admin only having the permission to view logs for example.

			if ($which_row == 'admin' && empty($admin_user_ids[$row['user_id']]))

			{

				// Remove from admin_id_ary, because the user may be a mod instead

				unset($admin_id_ary[array_search($row['user_id'], $admin_id_ary)]);

				if (!in_array($row['user_id'], $mod_id_ary) && !in_array($row['user_id'], $global_mod_id_ary))

				{

					continue;

				}

				else

				{

					$which_row = 'mod';

				}

			}

			$s_forum_select = '';

			$undisclosed_forum = false;

			if (isset($forum_id_ary[$row['user_id']]) && !in_array($row['user_id'], $global_mod_id_ary))

			{

				if ($which_row == 'mod' && sizeof(array_diff(array_keys($forums), $forum_id_ary[$row['user_id']])))

				{

					foreach ($forum_id_ary[$row['user_id']] as $forum_id)

					{

						if (isset($forums[$forum_id]))

						{

							if ($auth->acl_get('f_list', $forum_id))

							{

								$s_forum_select .= '<option value="">' . $forums[$forum_id] . '</option>';

							}

							else

							{

								$undisclosed_forum = true;

							}

						}

					}

				}

			}

			// If the mod is only moderating non-viewable forums we skip the user. There is no gain in displaying the person then...

			if (!$s_forum_select && $undisclosed_forum)

			{

//				$s_forum_select = '<option value="">' . $user->lang['FORUM_UNDISCLOSED'] . '</option>';

				continue;

			}

			// The person is moderating several "public" forums, therefore the person should be listed, but not giving the real group name if hidden.

			if ($row['group_type'] == GROUP_HIDDEN && !$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') && $row['ug_user_id'] != $user->data['user_id'])

			{

				$group_name = $user->lang['GROUP_UNDISCLOSED'];

				$u_group = '';

			}

			else

			{

				$group_name = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];

				$u_group = append_sid('memberlist', 'mode=group&g=' . $row['group_id']);

			}

			$rank_title = $rank_img = '';

			get_user_rank($row['user_rank'], $row['user_posts'], $rank_title, $rank_img, $rank_img_src);

			$template->assign_block_vars($which_row, array(

				'USER_ID'		=> $row['user_id'],

				'FORUMS'		=> $s_forum_select,

				'RANK_TITLE'	=> $rank_title,

				'GROUP_NAME'	=> $group_name,

				'GROUP_COLOR'	=> $row['group_colour'],

				'RANK_IMG'		=> $rank_img,

				'RANK_IMG_SRC'	=> $rank_img_src,

				'U_GROUP'			=> $u_group,

				'U_PM'				=> ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($row['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid('ucp', 'i=pm&mode=compose&u=' . $row['user_id']) : '',

				'USERNAME_FULL'		=> get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),

				'USERNAME'			=> get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),

				'USER_COLOR'		=> get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),

				'U_VIEW_PROFILE'	=> get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),

			));

		}

		$db->sql_freeresult($result);

		$template->assign_vars(array(

			'PM_IMG'		=> $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']))

		);

	break;

	case 'contact':

		$page_title = $user->lang['IM_USER'];

		$template_html = 'memberlist_im.html';

		if (!$auth->acl_get('u_sendim'))

		{

			trigger_error('NOT_AUTHORISED');

		}

		$presence_img = '';

		switch ($action)

		{

			case 'aim':

				$lang = 'AIM';

				$sql_field = 'user_aim';

				$s_select = 'S_SEND_AIM';

				$s_action = '';

			break;

			case 'msnm':

				$lang = 'MSNM';

				$sql_field = 'user_msnm';

				$s_select = 'S_SEND_MSNM';

				$s_action = '';

			break;

			case 'jabber':

				$lang = 'JABBER';

				$sql_field = 'user_jabber';

				$s_select = (@extension_loaded('xml') && $config['jab_enable']) ? 'S_SEND_JABBER' : 'S_NO_SEND_JABBER';

				$s_action = append_sid('memberlist', "mode=contact&action=$action&u=$user_id");

			break;

			default:

				trigger_error('NO_MODE', E_USER_ERROR);

			break;

		}

		// Grab relevant data

		$sql = "SELECT user_id, username, user_email, user_lang, $sql_field

			FROM " . USERS_TABLE . "

			WHERE user_id = $user_id

				AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';

		$result = $db->sql_query($sql);

		$row = $db->sql_fetchrow($result);

		$db->sql_freeresult($result);

		if (!$row)

		{

			trigger_error('NO_USER');

		}

		else if (empty($row[$sql_field]))

		{

			trigger_error('IM_NO_DATA');

		}

		// Post data grab actions

		switch ($action)

		{

			case 'jabber':

				add_form_key('memberlist_messaging');

				if ($submit && @extension_loaded('xml') && $config['jab_enable'])

				{

					if (check_form_key('memberlist_messaging'))

					{

						include_once(PHPBB_ROOT_PATH . 'includes/functions_messenger.' . PHP_EXT);

						$subject = sprintf($user->lang['IM_JABBER_SUBJECT'], $user->data['username'], $config['server_name']);

						$message = utf8_normalize_nfc(request_var('message', '', true));

						if (empty($message))

						{

							trigger_error('EMPTY_MESSAGE_IM');

						}

						$messenger = new messenger(false);

						$messenger->template('profile_send_im', $row['user_lang']);

						$messenger->subject(htmlspecialchars_decode($subject));

						$messenger->replyto($user->data['user_email']);

						$messenger->im($row['user_jabber'], $row['username']);

						$messenger->assign_vars(array(

							'BOARD_CONTACT'	=> $config['board_contact'],

							'FROM_USERNAME'	=> htmlspecialchars_decode($user->data['username']),

							'TO_USERNAME'	=> htmlspecialchars_decode($row['username']),

							'MESSAGE'		=> htmlspecialchars_decode($message))

						);

						$messenger->send(NOTIFY_IM);

						$s_select = 'S_SENT_JABBER';

					}

					else

					{

						trigger_error('FORM_INVALID');

					}

				}

			break;

		}

		// Send vars to the template

		$template->assign_vars(array(

			'IM_CONTACT'	=> $row[$sql_field],

			'A_IM_CONTACT'	=> addslashes($row[$sql_field]),

			'U_AIM_CONTACT'	=> ($action == 'aim') ? 'aim:addbuddy?screenname=' . urlencode($row[$sql_field]) : '',

			'U_AIM_MESSAGE'	=> ($action == 'aim') ? 'aim:goim?screenname=' . urlencode($row[$sql_field]) . '&message=' . urlencode($config['sitename']) : '',

			'USERNAME'		=> $row['username'],

			'CONTACT_NAME'	=> $row[$sql_field],

			'SITENAME'		=> $config['sitename'],

			'PRESENCE_IMG'		=> $presence_img,

			'L_SEND_IM_EXPLAIN'	=> $user->lang['IM_' . $lang],

			'L_IM_SENT_JABBER'	=> sprintf($user->lang['IM_SENT_JABBER'], $row['username']),

			$s_select			=> true,

			'S_IM_ACTION'		=> $s_action)

		);

	break;

	case 'viewprofile':

		// Display a profile

		if ($user_id == ANONYMOUS && !$username)

		{

			trigger_error('NO_USER');

		}

		// Get user...

		$sql = 'SELECT *

			FROM ' . USERS_TABLE . '

			WHERE ' . (($username) ? "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : "user_id = $user_id");

		$result = $db->sql_query($sql);

		$member = $db->sql_fetchrow($result);

		$db->sql_freeresult($result);

		if (!$member)

		{

			trigger_error('NO_USER');

		}

		// a_user admins and founder are able to view inactive users and bots to be able to manage them more easily

		// Normal users are able to see at least users having only changed their profile settings but not yet reactivated.

		if (!$auth->acl_get('a_user') && $user->data['user_type'] != USER_FOUNDER)

		{

			if ($member['user_type'] == USER_IGNORE)

			{

				trigger_error('NO_USER');

			}

			else if ($member['user_type'] == USER_INACTIVE && $member['user_inactive_reason'] != INACTIVE_PROFILE)

			{

				trigger_error('NO_USER');

			}

		}

		$user_id = (int) $member['user_id'];

		// Do the SQL thang

		$sql = 'SELECT g.group_id, g.group_name, g.group_type

			FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug

			WHERE ug.user_id = $user_id

				AND g.group_id = ug.group_id" . ((!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? ' AND g.group_type <> ' . GROUP_HIDDEN : '') . '

				AND ug.user_pending = 0

			ORDER BY g.group_type, g.group_name';

		$result = $db->sql_query($sql);

		$group_options = '';

		while ($row = $db->sql_fetchrow($result))

		{

			$group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';

		}

		$db->sql_freeresult($result);

		// What colour is the zebra

		$sql = 'SELECT friend, foe

			FROM ' . ZEBRA_TABLE . "

			WHERE zebra_id = $user_id

				AND user_id = {$user->data['user_id']}";

		$result = $db->sql_query($sql);

		$row = $db->sql_fetchrow($result);

		$foe = ($row['foe']) ? true : false;

		$friend = ($row['friend']) ? true : false;

		$db->sql_freeresult($result);

		if ($config['load_onlinetrack'])

		{

			$sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline

				FROM ' . SESSIONS_TABLE . "

				WHERE session_user_id = $user_id";

			$result = $db->sql_query($sql);

			$row = $db->sql_fetchrow($result);

			$db->sql_freeresult($result);

			$member['session_time'] = (isset($row['session_time'])) ? $row['session_time'] : 0;

			$member['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] :	0;

			unset($row);

		}

		if ($config['load_user_activity'])

		{

			display_user_activity($member);

		}

		// Do the relevant calculations

		$memberdays = max(1, round((time() - $member['user_regdate']) / 86400));

		$posts_per_day = $member['user_posts'] / $memberdays;

		$percentage = ($config['num_posts']) ? min(100, ($member['user_posts'] / $config['num_posts']) * 100) : 0;

		if ($member['user_sig'])

		{

			$member['user_sig'] = censor_text($member['user_sig']);

			if ($member['user_sig_bbcode_bitfield'])

			{

				include_once(PHPBB_ROOT_PATH . 'includes/bbcode.' . PHP_EXT);

				$bbcode = new bbcode();

				$bbcode->bbcode_second_pass($member['user_sig'], $member['user_sig_bbcode_uid'], $member['user_sig_bbcode_bitfield']);

			}

			$member['user_sig'] = bbcode_nl2br($member['user_sig']);

			$member['user_sig'] = smiley_text($member['user_sig']);

		}

		$poster_avatar = get_user_avatar($member['user_avatar'], $member['user_avatar_type'], $member['user_avatar_width'], $member['user_avatar_height']);

		$template->assign_vars(show_profile($member));

		// Custom Profile Fields

		$profile_fields = array();

		if ($config['load_cpf_viewprofile'])

		{

			include_once(PHPBB_ROOT_PATH . 'includes/functions_profile_fields.' . PHP_EXT);

			$cp = new custom_profile();

			$profile_fields = $cp->generate_profile_fields_template('grab', $user_id);

			$profile_fields = (isset($profile_fields[$user_id])) ? $cp->generate_profile_fields_template('show', false, $profile_fields[$user_id]) : array();

		}

		// We need to check if the module 'zebra' is accessible

		$zebra_enabled = false;

		if ($user->data['user_id'] != $user_id && $user->data['is_registered'])

		{

			include_once(PHPBB_ROOT_PATH . 'includes/functions_module.' . PHP_EXT);

			$module = new p_master();

			$module->list_modules('ucp');

			$module->set_active('zebra');

			$zebra_enabled = ($module->active_module === false) ? false : true;

			unset($module);

		}

		// If the user has m_approve permission or a_user permission, then list then display unapproved posts

		if ($auth->acl_getf_global('m_approve') || $auth->acl_get('a_user'))

		{

			$sql = 'SELECT COUNT(post_id) as posts_in_queue

				FROM ' . POSTS_TABLE . '

				WHERE poster_id = ' . $user_id . '

					AND post_approved = 0';

			$result = $db->sql_query($sql);

			$member['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');

			$db->sql_freeresult($result);

		}

		else

		{

			$member['posts_in_queue'] = 0;

		}

		$template->assign_vars(array(

			'L_POSTS_IN_QUEUE'	=> $user->lang('NUM_POSTS_IN_QUEUE', $member['posts_in_queue']),

			'POSTS_DAY'			=> sprintf($user->lang['POST_DAY'], $posts_per_day),

			'POSTS_PCT'			=> sprintf($user->lang['POST_PCT'], $percentage),

			'OCCUPATION'	=> (!empty($member['user_occ'])) ? censor_text($member['user_occ']) : '',

			'INTERESTS'		=> (!empty($member['user_interests'])) ? censor_text($member['user_interests']) : '',

			'SIGNATURE'		=> $member['user_sig'],

			'POSTS_IN_QUEUE'=> $member['posts_in_queue'],

			'AVATAR_IMG'	=> $poster_avatar,

			'PM_IMG'		=> $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']),

			'EMAIL_IMG'		=> $user->img('icon_contact_email', $user->lang['EMAIL']),

			'WWW_IMG'		=> $user->img('icon_contact_www', $user->lang['WWW']),

			'ICQ_IMG'		=> $user->img('icon_contact_icq', $user->lang['ICQ']),

			'AIM_IMG'		=> $user->img('icon_contact_aim', $user->lang['AIM']),

			'MSN_IMG'		=> $user->img('icon_contact_msnm', $user->lang['MSNM']),

			'YIM_IMG'		=> $user->img('icon_contact_yahoo', $user->lang['YIM']),

			'JABBER_IMG'	=> $user->img('icon_contact_jabber', $user->lang['JABBER']),

			'SEARCH_IMG'	=> $user->img('icon_user_search', $user->lang['SEARCH']),

			'S_PROFILE_ACTION'	=> append_sid('memberlist', 'mode=group'),

			'S_GROUP_OPTIONS'	=> $group_options,

			'S_CUSTOM_FIELDS'	=> (isset($profile_fields['row']) && sizeof($profile_fields['row'])) ? true : false,

			'U_USER_ADMIN'			=> ($auth->acl_get('a_user')) ? append_sid(CONFIG_ADM_FOLDER . '/index', 'i=users&mode=overview&u=' . $user_id, true, $user->session_id) : '',

			'U_USER_BAN'			=> ($auth->acl_get('m_ban')) ? append_sid('mcp', 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '',

			'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid('ucp', "mode=switch_perm&u={$user_id}") : '',

			'U_MCP_QUEUE'			=> ($auth->acl_getf_global('m_approve')) ? append_sid('mcp', 'i=queue', true, $user->session_id) : '',

			'S_ZEBRA'			=> ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false,

			'U_ADD_FRIEND'		=> (!$friend) ? append_sid('ucp', 'i=zebra&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '',

			'U_ADD_FOE'			=> (!$foe) ? append_sid('ucp', 'i=zebra&mode=foes&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '',

			'U_REMOVE_FRIEND'	=> ($friend) ? append_sid('ucp', 'i=zebra&remove=1&usernames[]=' . $user_id) : '',

			'U_REMOVE_FOE'		=> ($foe) ? append_sid('ucp', 'i=zebra&remove=1&mode=foes&usernames[]=' . $user_id) : '',

		));

		if (!empty($profile_fields['row']))

		{

			$template->assign_vars($profile_fields['row']);

		}

		if (!empty($profile_fields['blockrow']))

		{

			foreach ($profile_fields['blockrow'] as $field_data)

			{

				$template->assign_block_vars('custom_fields', $field_data);

			}

		}

		// Inactive reason/account?

		if ($member['user_type'] == USER_INACTIVE)

		{

			$user->add_lang('acp/common');

			$inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN'];

			switch ($member['user_inactive_reason'])

			{

				case INACTIVE_REGISTER:

					$inactive_reason = $user->lang['INACTIVE_REASON_REGISTER'];

				break;

				case INACTIVE_PROFILE:

					$inactive_reason = $user->lang['INACTIVE_REASON_PROFILE'];

				break;

				case INACTIVE_MANUAL:

					$inactive_reason = $user->lang['INACTIVE_REASON_MANUAL'];

				break;

				case INACTIVE_REMIND:

					$inactive_reason = $user->lang['INACTIVE_REASON_REMIND'];

				break;

			}

			$template->assign_vars(array(

				'S_USER_INACTIVE'		=> true,

				'USER_INACTIVE_REASON'	=> $inactive_reason)

			);

		}

		// Now generate page title

		$page_title = sprintf($user->lang['VIEWING_PROFILE'], $member['username']);

		$template_html = 'memberlist_view.html';

	break;

	case 'email':

		// Send an email

		$page_title = $user->lang['SEND_EMAIL'];

		$template_html = 'memberlist_email.html';

		add_form_key('memberlist_email');

		if (!$config['email_enable'])

		{

			trigger_error('EMAIL_DISABLED');

		}

		if (!$auth->acl_get('u_sendemail'))

		{

			trigger_error('NO_EMAIL');

		}

		// Are we trying to abuse the facility?

		if (time() - $user->data['user_emailtime'] < $config['flood_interval'])

		{

			trigger_error('FLOOD_EMAIL_LIMIT');

		}

		// Determine action...

		$user_id = request_var('u', 0);

		$topic_id = request_var('t', 0);

		// Send email to user...

		if ($user_id)

		{

			if ($user_id == ANONYMOUS || !$config['board_email_form'])

			{

				trigger_error('NO_EMAIL');

			}

			// Get the appropriate username, etc.

			$sql = 'SELECT username, user_email, user_allow_viewemail, user_lang, user_jabber, user_notify_type

				FROM ' . USERS_TABLE . "

				WHERE user_id = $user_id

					AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';

			$result = $db->sql_query($sql);

			$row = $db->sql_fetchrow($result);

			$db->sql_freeresult($result);

			if (!$row)

			{

				trigger_error('NO_USER');

			}

			// Can we send email to this user?

			if (!$row['user_allow_viewemail'] && !$auth->acl_get('a_user'))

			{

				trigger_error('NO_EMAIL');

			}

		}

		else if ($topic_id)

		{

			// Send topic heads-up to email address

			$sql = 'SELECT forum_id, topic_title

				FROM ' . TOPICS_TABLE . "

				WHERE topic_id = $topic_id";

			$result = $db->sql_query($sql);

			$row = $db->sql_fetchrow($result);

			$db->sql_freeresult($result);

			if (!$row)

			{

				trigger_error('NO_TOPIC');

			}

			if ($row['forum_id'])

			{

				if (!$auth->acl_get('f_read', $row['forum_id']))

				{

					trigger_error('SORRY_AUTH_READ');

				}

				if (!$auth->acl_get('f_email', $row['forum_id']))

				{

					trigger_error('NO_EMAIL');

				}

			}

			else

			{

				// If global announcement, we need to check if the user is able to at least read and email in one forum...

				if (!$auth->acl_getf_global('f_read'))

				{

					trigger_error('SORRY_AUTH_READ');

				}

				if (!$auth->acl_getf_global('f_email'))

				{

					trigger_error('NO_EMAIL');

				}

			}

		}

		else

		{

			trigger_error('NO_EMAIL');

		}

		$error = array();

		$name		= utf8_normalize_nfc(request_var('name', '', true));

		$email		= request_var('email', '');

		$email_lang = request_var('lang', $config['default_lang']);

		$subject	= utf8_normalize_nfc(request_var('subject', '', true));

		$message	= utf8_normalize_nfc(request_var('message', '', true));

		$cc			= (isset($_POST['cc_email'])) ? true : false;

		$submit		= (isset($_POST['submit'])) ? true : false;

		if ($submit)

		{

			if (!check_form_key('memberlist_email'))

			{

				$error[] = 'FORM_INVALID';

			}

			if ($user_id)

			{

				if (!$subject)

				{

					$error[] = $user->lang['EMPTY_SUBJECT_EMAIL'];

				}

				if (!$message)

				{

					$error[] = $user->lang['EMPTY_MESSAGE_EMAIL'];

				}

				$name = $row['username'];

				$email_lang = $row['user_lang'];

				$email = $row['user_email'];

			}

			else

			{

				if (!$email || !preg_match('/^' . get_preg_expression('email') . '$/i', $email))

				{

					$error[] = $user->lang['EMPTY_ADDRESS_EMAIL'];

				}

				if (!$name)

				{

					$error[] = $user->lang['EMPTY_NAME_EMAIL'];

				}

			}

			if (!sizeof($error))

			{

				$sql = 'UPDATE ' . USERS_TABLE . '

					SET user_emailtime = ' . time() . '

					WHERE user_id = ' . $user->data['user_id'];

				$result = $db->sql_query($sql);

				include_once(PHPBB_ROOT_PATH . 'includes/functions_messenger.' . PHP_EXT);

				$messenger = new messenger(false);

				$email_tpl = ($user_id) ? 'profile_send_email' : 'email_notify';

				$mail_to_users = array();

				$mail_to_users[] = array(

					'email_lang'		=> $email_lang,

					'email'				=> $email,

					'name'				=> $name,

					'username'			=> ($user_id) ? $row['username'] : '',

					'to_name'			=> $name,

					'user_jabber'		=> ($user_id) ? $row['user_jabber'] : '',

					'user_notify_type'	=> ($user_id) ? $row['user_notify_type'] : NOTIFY_EMAIL,

					'topic_title'		=> (!$user_id) ? $row['topic_title'] : '',

					'forum_id'			=> (!$user_id) ? $row['forum_id'] : 0,

				);

				// Ok, now the same email if CC specified, but without exposing the users email address

				if ($cc)

				{

					$mail_to_users[] = array(

						'email_lang'		=> $user->data['user_lang'],

						'email'				=> $user->data['user_email'],

						'name'				=> $user->data['username'],

						'username'			=> $user->data['username'],

						'to_name'			=> $name,

						'user_jabber'		=> $user->data['user_jabber'],

						'user_notify_type'	=> ($user_id) ? $user->data['user_notify_type'] : NOTIFY_EMAIL,

						'topic_title'		=> (!$user_id) ? $row['topic_title'] : '',

						'forum_id'			=> (!$user_id) ? $row['forum_id'] : 0,

					);

				}

				foreach ($mail_to_users as $row)

				{

					$messenger->template($email_tpl, $row['email_lang']);

					$messenger->replyto($user->data['user_email']);

					$messenger->to($row['email'], $row['name']);

					if ($user_id)

					{

						$messenger->subject(htmlspecialchars_decode($subject));

						$messenger->im($row['user_jabber'], $row['username']);

						$notify_type = $row['user_notify_type'];

					}

					else

					{

						$notify_type = NOTIFY_EMAIL;

					}

					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);

					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);

					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);

					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

					$messenger->assign_vars(array(

						'BOARD_CONTACT'	=> $config['board_contact'],

						'TO_USERNAME'	=> htmlspecialchars_decode($row['to_name']),

						'FROM_USERNAME'	=> htmlspecialchars_decode($user->data['username']),

						'MESSAGE'		=> htmlspecialchars_decode($message))

					);

					if ($topic_id)

					{

						$messenger->assign_vars(array(

							'TOPIC_NAME'	=> htmlspecialchars_decode($row['topic_title']),

							'U_TOPIC'		=> generate_board_url() . '/viewtopic.' . PHP_EXT . '?f=' . $row['forum_id'] . "&t=$topic_id")

						);

					}

					$messenger->send($notify_type);

				}

				meta_refresh(3, append_sid('index'));

				$message = ($user_id) ? sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid('index') . '">', '</a>') : sprintf($user->lang['RETURN_TOPIC'],  '<a href="' . append_sid('viewtopic', "f={$row['forum_id']}&amp;t=$topic_id") . '">', '</a>');

				trigger_error($user->lang['EMAIL_SENT'] . '<br /><br />' . $message);

			}

		}

		if ($user_id)

		{

			$template->assign_vars(array(

				'S_SEND_USER'	=> true,

				'USERNAME'		=> $row['username'],

				'L_EMAIL_BODY_EXPLAIN'	=> $user->lang['EMAIL_BODY_EXPLAIN'],

				'S_POST_ACTION'			=> append_sid('memberlist', 'mode=email&u=' . $user_id))

			);

		}

		else

		{

			$template->assign_vars(array(

				'EMAIL'				=> $email,

				'NAME'				=> $name,

				'S_LANG_OPTIONS'	=> language_select($email_lang),

				'L_EMAIL_BODY_EXPLAIN'	=> $user->lang['EMAIL_TOPIC_EXPLAIN'],

				'S_POST_ACTION'			=> append_sid('memberlist', 'mode=email&t=' . $topic_id))

			);

		}

		$template->assign_vars(array(

			'ERROR_MESSAGE'		=> (sizeof($error)) ? implode('<br />', $error) : '')

		);