Ajout du FR

Ajout du FR + correction du "functions.php"

includes/ucp/info/ucp_attachments.php

@@ -0,0 +1,34 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_attachments_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_attachments',
+			'title'		=> 'UCP_ATTACHMENTS',
+			'modes'		=> array(
+				'attachments'	=> array('title' => 'UCP_MAIN_ATTACHMENTS', 'auth' => 'acl_u_attach', 'cat' => array('UCP_MAIN')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_auth_link.php

@@ -0,0 +1,34 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_auth_link_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_auth_link',
+			'title'		=> 'UCP_AUTH_LINK',
+			'modes'		=> array(
+				'auth_link'	=> array('title' => 'UCP_AUTH_LINK_MANAGE', 'auth' => 'authmethod_oauth', 'cat' => array('UCP_PROFILE')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_groups.php

@@ -0,0 +1,35 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_groups_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_groups',
+			'title'		=> 'UCP_USERGROUPS',
+			'modes'		=> array(
+				'membership'	=> array('title' => 'UCP_USERGROUPS_MEMBER', 'auth' => '', 'cat' => array('UCP_USERGROUPS')),
+				'manage'		=> array('title' => 'UCP_USERGROUPS_MANAGE', 'auth' => '', 'cat' => array('UCP_USERGROUPS')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_main.php

@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_main_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_main',
+			'title'		=> 'UCP_MAIN',
+			'modes'		=> array(
+				'front'			=> array('title' => 'UCP_MAIN_FRONT', 'auth' => '', 'cat' => array('UCP_MAIN')),
+				'subscribed'	=> array('title' => 'UCP_MAIN_SUBSCRIBED', 'auth' => '', 'cat' => array('UCP_MAIN')),
+				'bookmarks'		=> array('title' => 'UCP_MAIN_BOOKMARKS', 'auth' => 'cfg_allow_bookmarks', 'cat' => array('UCP_MAIN')),
+				'drafts'		=> array('title' => 'UCP_MAIN_DRAFTS', 'auth' => '', 'cat' => array('UCP_MAIN')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_notifications.php

@@ -0,0 +1,35 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_notifications_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_notifications',
+			'title'		=> 'UCP_NOTIFICATION_OPTIONS',
+			'modes'		=> array(
+				'notification_options'		=> array('title' => 'UCP_NOTIFICATION_OPTIONS', 'auth' => '', 'cat' => array('UCP_PREFS')),
+				'notification_list'			=> array('title' => 'UCP_NOTIFICATION_LIST',    'auth' => 'cfg_allow_board_notifications', 'cat' => array('UCP_MAIN')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_pm.php

@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_pm_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_pm',
+			'title'		=> 'UCP_PM',
+			'modes'		=> array(
+				'view'		=> array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg', 'display' => false, 'cat' => array('UCP_PM')),
+				'compose'	=> array('title' => 'UCP_PM_COMPOSE', 'auth' => 'cfg_allow_privmsg', 'cat' => array('UCP_PM')),
+				'drafts'	=> array('title' => 'UCP_PM_DRAFTS', 'auth' => 'cfg_allow_privmsg', 'cat' => array('UCP_PM')),
+				'options'	=> array('title' => 'UCP_PM_OPTIONS', 'auth' => 'cfg_allow_privmsg', 'cat' => array('UCP_PM')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_prefs.php

@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_prefs_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_prefs',
+			'title'		=> 'UCP_PREFS',
+			'modes'		=> array(
+				'personal'	=> array('title' => 'UCP_PREFS_PERSONAL', 'auth' => '', 'cat' => array('UCP_PREFS')),
+				'post'		=> array('title' => 'UCP_PREFS_POST', 'auth' => '', 'cat' => array('UCP_PREFS')),
+				'view'		=> array('title' => 'UCP_PREFS_VIEW', 'auth' => '', 'cat' => array('UCP_PREFS')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_profile.php

@@ -0,0 +1,38 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_profile_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_profile',
+			'title'		=> 'UCP_PROFILE',
+			'modes'		=> array(
+				'profile_info'	=> array('title' => 'UCP_PROFILE_PROFILE_INFO', 'auth' => 'acl_u_chgprofileinfo', 'cat' => array('UCP_PROFILE')),
+				'signature'		=> array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => 'acl_u_sig', 'cat' => array('UCP_PROFILE')),
+				'avatar'		=> array('title' => 'UCP_PROFILE_AVATAR', 'auth' => 'cfg_allow_avatar', 'cat' => array('UCP_PROFILE')),
+				'reg_details'	=> array('title' => 'UCP_PROFILE_REG_DETAILS', 'auth' => '', 'cat' => array('UCP_PROFILE')),
+				'autologin_keys'=> array('title' => 'UCP_PROFILE_AUTOLOGIN_KEYS', 'auth' => '', 'cat' => array('UCP_PROFILE')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/info/ucp_zebra.php

@@ -0,0 +1,35 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class ucp_zebra_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_zebra',
+			'title'		=> 'UCP_ZEBRA',
+			'modes'		=> array(
+				'friends'		=> array('title' => 'UCP_ZEBRA_FRIENDS', 'auth' => '', 'cat' => array('UCP_ZEBRA')),
+				'foes'			=> array('title' => 'UCP_ZEBRA_FOES', 'auth' => '', 'cat' => array('UCP_ZEBRA')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

includes/ucp/ucp_activate.php

@@ -0,0 +1,170 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_activate
+* User activation
+*/
+class ucp_activate
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $phpbb_root_path, $phpEx, $request;
+		global $db, $user, $auth, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
+
+		$user_id = $request->variable('u', 0);
+		$key = $request->variable('k', '');
+
+		$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
+			FROM ' . USERS_TABLE . "
+			WHERE user_id = $user_id";
+		$result = $db->sql_query($sql);
+		$user_row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if (!$user_row)
+		{
+			trigger_error('NO_USER');
+		}
+
+		if ($user_row['user_type'] <> USER_INACTIVE && !$user_row['user_newpasswd'])
+		{
+			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
+			trigger_error('ALREADY_ACTIVATED');
+		}
+
+		if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL || $user_row['user_actkey'] !== $key)
+		{
+			trigger_error('WRONG_ACTIVATION');
+		}
+
+		// Do not allow activating by non administrators when admin activation is on
+		// Only activation type the user should be able to do is INACTIVE_REMIND
+		// or activate a new password which is not an activation state :@
+		if (!$user_row['user_newpasswd'] && $user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user'))
+		{
+			if (!$user->data['is_registered'])
+			{
+				login_box('', $user->lang['NO_AUTH_OPERATION']);
+			}
+			send_status_line(403, 'Forbidden');
+			trigger_error('NO_AUTH_OPERATION');
+		}
+
+		$update_password = ($user_row['user_newpasswd']) ? true : false;
+
+		if ($update_password)
+		{
+			$sql_ary = array(
+				'user_actkey'		=> '',
+				'user_password'		=> $user_row['user_newpasswd'],
+				'user_newpasswd'	=> '',
+				'user_login_attempts'	=> 0,
+			);
+
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+				WHERE user_id = ' . $user_row['user_id'];
+			$db->sql_query($sql);
+
+			$user->reset_login_keys($user_row['user_id']);
+
+			$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
+				'reportee_id' => $user_row['user_id'],
+				$user_row['username']
+			));
+		}
+
+		if (!$update_password)
+		{
+			include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+
+			user_active_flip('activate', $user_row['user_id']);
+
+			$sql = 'UPDATE ' . USERS_TABLE . "
+				SET user_actkey = ''
+				WHERE user_id = {$user_row['user_id']}";
+			$db->sql_query($sql);
+
+			// Create the correct logs
+			$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE_USER', false, array(
+				'reportee_id' => $user_row['user_id']
+			));
+
+			if ($auth->acl_get('a_user'))
+			{
+				$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE', false, array($user_row['username']));
+			}
+		}
+
+		if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password)
+		{
+			/* @var $phpbb_notifications \phpbb\notification\manager */
+			$phpbb_notifications = $phpbb_container->get('notification_manager');
+			$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
+
+			include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+
+			$messenger = new messenger(false);
+
+			$messenger->template('admin_welcome_activated', $user_row['user_lang']);
+
+			$messenger->set_addresses($user_row);
+
+			$messenger->anti_abuse_headers($config, $user);
+
+			$messenger->assign_vars(array(
+				'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
+			);
+
+			$messenger->send($user_row['user_notify_type']);
+
+			$message = 'ACCOUNT_ACTIVE_ADMIN';
+		}
+		else
+		{
+			if (!$update_password)
+			{
+				$message = ($user_row['user_inactive_reason'] == INACTIVE_PROFILE) ? 'ACCOUNT_ACTIVE_PROFILE' : 'ACCOUNT_ACTIVE';
+			}
+			else
+			{
+				$message = 'PASSWORD_ACTIVATED';
+			}
+		}
+
+		/**
+		* This event can be used to modify data after user account's activation
+		*
+		* @event core.ucp_activate_after
+		* @var	array	user_row	Array with some user data
+		* @var	string	message		Language string of the message that will be displayed to the user
+		* @since 3.1.6-RC1
+		*/
+		$vars = array('user_row', 'message');
+		extract($phpbb_dispatcher->trigger_event('core.ucp_activate_after', compact($vars)));
+
+		meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
+		trigger_error($user->lang[$message]);
+	}
+}

includes/ucp/ucp_attachments.php

@@ -0,0 +1,205 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_attachments
+* User attachments
+*/
+class ucp_attachments
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
+
+		$start		= $request->variable('start', 0);
+		$sort_key	= $request->variable('sk', 'a');
+		$sort_dir	= $request->variable('sd', 'a');
+
+		$delete		= (isset($_POST['delete'])) ? true : false;
+		$delete_ids	= array_keys($request->variable('attachment', array(0)));
+
+		if ($delete && count($delete_ids))
+		{
+			// Validate $delete_ids...
+			$sql = 'SELECT attach_id
+				FROM ' . ATTACHMENTS_TABLE . '
+				WHERE poster_id = ' . $user->data['user_id'] . '
+					AND is_orphan = 0
+					AND ' . $db->sql_in_set('attach_id', $delete_ids);
+			$result = $db->sql_query($sql);
+
+			$delete_ids = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$delete_ids[] = $row['attach_id'];
+			}
+			$db->sql_freeresult($result);
+		}
+
+		if ($delete && count($delete_ids))
+		{
+			$s_hidden_fields = array(
+				'delete'	=> 1
+			);
+
+			foreach ($delete_ids as $attachment_id)
+			{
+				$s_hidden_fields['attachment'][$attachment_id] = 1;
+			}
+
+			if (confirm_box(true))
+			{
+				/** @var \phpbb\attachment\manager $attachment_manager */
+				$attachment_manager = $phpbb_container->get('attachment.manager');
+				$attachment_manager->delete('attach', $delete_ids);
+				unset($attachment_manager);
+
+				meta_refresh(3, $this->u_action);
+				$message = ((count($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+				trigger_error($message);
+			}
+			else
+			{
+				confirm_box(false, (count($delete_ids) == 1) ? 'DELETE_ATTACHMENT' : 'DELETE_ATTACHMENTS', build_hidden_fields($s_hidden_fields));
+			}
+		}
+
+		// Select box eventually
+		$sort_key_text = array('a' => $user->lang['SORT_FILENAME'], 'b' => $user->lang['SORT_COMMENT'], 'c' => $user->lang['SORT_EXTENSION'], 'd' => $user->lang['SORT_SIZE'], 'e' => $user->lang['SORT_DOWNLOADS'], 'f' => $user->lang['SORT_POST_TIME'], 'g' => $user->lang['SORT_TOPIC_TITLE']);
+		$sort_key_sql = array('a' => 'a.real_filename', 'b' => 'a.attach_comment', 'c' => 'a.extension', 'd' => 'a.filesize', 'e' => 'a.download_count', 'f' => 'a.filetime', 'g' => 't.topic_title');
+
+		$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
+
+		$s_sort_key = '';
+		foreach ($sort_key_text as $key => $value)
+		{
+			$selected = ($sort_key == $key) ? ' selected="selected"' : '';
+			$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
+		}
+
+		$s_sort_dir = '';
+		foreach ($sort_dir_text as $key => $value)
+		{
+			$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
+			$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
+		}
+
+		if (!isset($sort_key_sql[$sort_key]))
+		{
+			$sort_key = 'a';
+		}
+
+		$order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
+
+		$sql = 'SELECT COUNT(attach_id) as num_attachments
+			FROM ' . ATTACHMENTS_TABLE . '
+			WHERE poster_id = ' . $user->data['user_id'] . '
+				AND is_orphan = 0';
+		$result = $db->sql_query($sql);
+		$num_attachments = $db->sql_fetchfield('num_attachments');
+		$db->sql_freeresult($result);
+
+		// Ensure start is a valid value
+		/* @var $pagination \phpbb\pagination */
+		$pagination = $phpbb_container->get('pagination');
+		$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
+
+		$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
+			FROM ' . ATTACHMENTS_TABLE . ' a
+				LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
+				LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
+			WHERE a.poster_id = ' . $user->data['user_id'] . "
+				AND a.is_orphan = 0
+			ORDER BY $order_by";
+		$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
+
+		$row_count = 0;
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$template->assign_var('S_ATTACHMENT_ROWS', true);
+
+			do
+			{
+				if ($row['in_message'])
+				{
+					$view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;p={$row['post_msg_id']}");
+				}
+				else
+				{
+					$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}";
+				}
+
+				$template->assign_block_vars('attachrow', array(
+					'ROW_NUMBER'		=> $row_count + ($start + 1),
+					'FILENAME'			=> $row['real_filename'],
+					'COMMENT'			=> bbcode_nl2br($row['attach_comment']),
+					'EXTENSION'			=> $row['extension'],
+					'SIZE'				=> get_formatted_filesize($row['filesize']),
+					'DOWNLOAD_COUNT'	=> $row['download_count'],
+					'POST_TIME'			=> $user->format_date($row['filetime']),
+					'TOPIC_TITLE'		=> ($row['in_message']) ? $row['message_title'] : $row['topic_title'],
+
+					'ATTACH_ID'			=> $row['attach_id'],
+					'POST_ID'			=> $row['post_msg_id'],
+					'TOPIC_ID'			=> $row['topic_id'],
+
+					'S_IN_MESSAGE'		=> $row['in_message'],
+
+					'U_VIEW_ATTACHMENT'	=> append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
+					'U_VIEW_TOPIC'		=> $view_topic)
+				);
+
+				$row_count++;
+			}
+			while ($row = $db->sql_fetchrow($result));
+		}
+		$db->sql_freeresult($result);
+
+		$base_url = $this->u_action . "&amp;sk=$sort_key&amp;sd=$sort_dir";
+		$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start);
+
+		$template->assign_vars(array(
+			'TOTAL_ATTACHMENTS'		=> $num_attachments,
+			'NUM_ATTACHMENTS'		=> $user->lang('NUM_ATTACHMENTS', $num_attachments),
+
+			'L_TITLE'				=> $user->lang['UCP_ATTACHMENTS'],
+
+			'U_SORT_FILENAME'		=> $this->u_action . "&amp;sk=a&amp;sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'),
+			'U_SORT_FILE_COMMENT'	=> $this->u_action . "&amp;sk=b&amp;sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'),
+			'U_SORT_EXTENSION'		=> $this->u_action . "&amp;sk=c&amp;sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'),
+			'U_SORT_FILESIZE'		=> $this->u_action . "&amp;sk=d&amp;sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'),
+			'U_SORT_DOWNLOADS'		=> $this->u_action . "&amp;sk=e&amp;sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'),
+			'U_SORT_POST_TIME'		=> $this->u_action . "&amp;sk=f&amp;sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'),
+			'U_SORT_TOPIC_TITLE'	=> $this->u_action . "&amp;sk=g&amp;sd=" . (($sort_key == 'g' && $sort_dir == 'a') ? 'd' : 'a'),
+
+			'S_DISPLAY_MARK_ALL'	=> ($num_attachments) ? true : false,
+			'S_DISPLAY_PAGINATION'	=> ($num_attachments) ? true : false,
+			'S_UCP_ACTION'			=> $this->u_action,
+			'S_SORT_OPTIONS' 		=> $s_sort_key,
+			'S_ORDER_SELECT'		=> $s_sort_dir)
+		);
+
+		$this->tpl_name = 'ucp_attachments';
+		$this->page_title = 'UCP_ATTACHMENTS';
+	}
+}

includes/ucp/ucp_auth_link.php

@@ -0,0 +1,148 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+class ucp_auth_link
+{
+	/**
+	* @var string
+	*/
+	public $u_action;
+
+	/**
+	* Generates the ucp_auth_link page and handles the auth link process
+	*
+	* @param	int		$id
+	* @param	string	$mode
+	*/
+	public function main($id, $mode)
+	{
+		global $request, $template, $phpbb_container, $user;
+
+		$error = array();
+
+		/* @var $provider_collection \phpbb\auth\provider_collection */
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
+		$auth_provider = $provider_collection->get_provider();
+
+		// confirm that the auth provider supports this page
+		$provider_data = $auth_provider->get_auth_link_data();
+		if ($provider_data === null)
+		{
+			$error[] = 'UCP_AUTH_LINK_NOT_SUPPORTED';
+		}
+
+		$s_hidden_fields = array();
+		add_form_key('ucp_auth_link');
+
+		$submit	= $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
+
+		// This path is only for primary actions
+		if (!count($error) && $submit)
+		{
+			if (!check_form_key('ucp_auth_link'))
+			{
+				$error[] = 'FORM_INVALID';
+			}
+
+			if (!count($error))
+			{
+				// Any post data could be necessary for auth (un)linking
+				$link_data = $request->get_super_global(\phpbb\request\request_interface::POST);
+
+				// The current user_id is also necessary
+				$link_data['user_id'] = $user->data['user_id'];
+
+				// Tell the provider that the method is auth_link not login_link
+				$link_data['link_method'] = 'auth_link';
+
+				if ($request->variable('link', 0, false, \phpbb\request\request_interface::POST))
+				{
+					$error[] = $auth_provider->link_account($link_data);
+				}
+				else
+				{
+					$error[] = $auth_provider->unlink_account($link_data);
+				}
+
+				// Template data may have changed, get new data
+				$provider_data = $auth_provider->get_auth_link_data();
+			}
+		}
+
+		// In some cases, a request to an external server may be required. In
+		// these cases, the GET parameter 'link' should exist and should be true
+		if ($request->variable('link', false))
+		{
+			// In this case the link data should only be populated with the
+			// link_method as the provider dictates how data is returned to it.
+			$link_data = array('link_method' => 'auth_link');
+
+			$error[] = $auth_provider->link_account($link_data);
+
+			// Template data may have changed, get new data
+			$provider_data = $auth_provider->get_auth_link_data();
+		}
+
+		if (isset($provider_data['VARS']))
+		{
+			// Handle hidden fields separately
+			if (isset($provider_data['VARS']['HIDDEN_FIELDS']))
+			{
+				$s_hidden_fields = array_merge($s_hidden_fields, $provider_data['VARS']['HIDDEN_FIELDS']);
+				unset($provider_data['VARS']['HIDDEN_FIELDS']);
+			}
+
+			$template->assign_vars($provider_data['VARS']);
+		}
+
+		if (isset($provider_data['BLOCK_VAR_NAME']))
+		{
+			foreach ($provider_data['BLOCK_VARS'] as $block_vars)
+			{
+				// See if there are additional hidden fields. This should be an associative array
+				if (isset($block_vars['HIDDEN_FIELDS']))
+				{
+					$block_vars['HIDDEN_FIELDS'] = build_hidden_fields($block_vars['HIDDEN_FIELDS']);
+				}
+
+				$template->assign_block_vars($provider_data['BLOCK_VAR_NAME'], $block_vars);
+			}
+		}
+
+		$s_hidden_fields = build_hidden_fields($s_hidden_fields);
+
+		// Replace "error" strings with their real, localised form
+		$error = array_map(array($user, 'lang'), $error);
+		$error = implode('<br />', $error);
+
+		$template->assign_vars(array(
+			'ERROR'	=> $error,
+
+			'PROVIDER_TEMPLATE_FILE'	=> $provider_data['TEMPLATE_FILE'],
+
+			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
+			'S_UCP_ACTION'		=> $this->u_action,
+		));
+
+		$this->tpl_name = 'ucp_auth_link';
+		$this->page_title = 'UCP_AUTH_LINK';
+	}
+}

includes/ucp/ucp_confirm.php

@@ -0,0 +1,48 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_confirm
+* Visual confirmation
+*
+* Note to potential users of this code ...
+*
+* Remember this is released under the _GPL_ and is subject
+* to that licence. Do not incorporate this within software
+* released or distributed in any way under a licence other
+* than the GPL. We will be watching ... ;)
+*/
+class ucp_confirm
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $phpbb_container, $request;
+
+		$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+		$captcha->init($request->variable('type', 0));
+		$captcha->execute();
+
+		garbage_collection();
+		exit_handler();
+	}
+}

includes/ucp/ucp_login_link.php

@@ -0,0 +1,264 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_login_link
+* Allows users of external accounts link those accounts to their phpBB accounts
+* during an attempted login.
+*/
+class ucp_login_link
+{
+	/**
+	* @var	string
+	*/
+	public $u_action;
+
+	/**
+	* Generates the ucp_login_link page and handles login link process
+	*
+	* @param	int		$id
+	* @param	string	$mode
+	*/
+	function main($id, $mode)
+	{
+		global $phpbb_container, $request, $template, $user, $phpbb_dispatcher;
+		global $phpbb_root_path, $phpEx;
+
+		// Initialize necessary variables
+		$login_error = null;
+		$login_link_error = null;
+		$login_username = null;
+
+		// Build the data array
+		$data = $this->get_login_link_data_array();
+
+		// Ensure the person was sent here with login_link data
+		if (empty($data))
+		{
+			$login_link_error = $user->lang['LOGIN_LINK_NO_DATA_PROVIDED'];
+		}
+
+		// Use the auth_provider requested even if different from configured
+		/* @var $provider_collection \phpbb\auth\provider_collection */
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
+		$auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));
+
+		// Set the link_method to login_link
+		$data['link_method'] = 'login_link';
+
+		// Have the authentication provider check that all necessary data is available
+		$result = $auth_provider->login_link_has_necessary_data($data);
+		if ($result !== null)
+		{
+			$login_link_error = $user->lang[$result];
+		}
+
+		// Perform link action if there is no error
+		if (!$login_link_error)
+		{
+			if ($request->is_set_post('login'))
+			{
+				$login_username = $request->variable('login_username', '', true, \phpbb\request\request_interface::POST);
+				$login_password = $request->untrimmed_variable('login_password', '', true, \phpbb\request\request_interface::POST);
+
+				$login_result = $auth_provider->login($login_username, $login_password);
+
+				// We only care if there is or is not an error
+				$login_error = $this->process_login_result($login_result);
+
+				if (!$login_error)
+				{
+					// Give the user_id to the data
+					$data['user_id'] = $login_result['user_row']['user_id'];
+
+					// The user is now logged in, attempt to link the user to the external account
+					$result = $auth_provider->link_account($data);
+
+					if ($result)
+					{
+						$login_link_error = $user->lang[$result];
+					}
+					else
+					{
+						// Finish login
+						$user->session_create($login_result['user_row']['user_id'], false, false, true);
+
+						// Perform a redirect as the account has been linked
+						$this->perform_redirect();
+					}
+				}
+			}
+		}
+
+		$tpl_ary = array(
+			// Common template elements
+			'LOGIN_LINK_ERROR'		=> $login_link_error,
+			'PASSWORD_CREDENTIAL'	=> 'login_password',
+			'USERNAME_CREDENTIAL'	=> 'login_username',
+			'S_HIDDEN_FIELDS'		=> $this->get_hidden_fields($data),
+
+			// Registration elements
+			'REGISTER_ACTION'	=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
+
+			// Login elements
+			'LOGIN_ERROR'		=> $login_error,
+			'LOGIN_USERNAME'	=> $login_username,
+		);
+
+		/**
+		* Event to perform additional actions before ucp_login_link is displayed
+		*
+		* @event core.ucp_login_link_template_after
+		* @var	array							data				Login link data
+		* @var	\phpbb\auth\provider_interface	auth_provider		Auth provider
+		* @var	string							login_link_error	Login link error
+		* @var	string							login_error			Login error
+		* @var	string							login_username		Login username
+		* @var	array							tpl_ary				Template variables
+		* @since 3.2.4-RC1
+		*/
+		$vars = array('data', 'auth_provider', 'login_link_error', 'login_error', 'login_username', 'tpl_ary');
+		extract($phpbb_dispatcher->trigger_event('core.ucp_login_link_template_after', compact($vars)));
+
+		$template->assign_vars($tpl_ary);
+
+		$this->tpl_name = 'ucp_login_link';
+		$this->page_title = 'UCP_LOGIN_LINK';
+	}
+
+	/**
+	* Builds the hidden fields string from the data array.
+	*
+	* @param	array	$data	This function only includes data in the array
+	*							that has a key that begins with 'login_link_'
+	* @return	string	A string of hidden fields that can be included in the
+	*					template
+	*/
+	protected function get_hidden_fields($data)
+	{
+		$fields = array();
+
+		foreach ($data as $key => $value)
+		{
+			$fields['login_link_' . $key] = $value;
+		}
+
+		return build_hidden_fields($fields);
+	}
+
+	/**
+	* Builds the login_link data array
+	*
+	* @return	array	All login_link data. This is all GET data whose names
+	*					begin with 'login_link_'
+	*/
+	protected function get_login_link_data_array()
+	{
+		global $request;
+
+		$var_names = $request->variable_names(\phpbb\request\request_interface::GET);
+		$login_link_data = array();
+		$string_start_length = strlen('login_link_');
+
+		foreach ($var_names as $var_name)
+		{
+			if (strpos($var_name, 'login_link_') === 0)
+			{
+				$key_name = substr($var_name, $string_start_length);
+				$login_link_data[$key_name] = $request->variable($var_name, '', false, \phpbb\request\request_interface::GET);
+			}
+		}
+
+		return $login_link_data;
+	}
+
+	/**
+	* Processes the result array from the login process
+	* @param	array	$result	The login result array
+	* @return	string|null	If there was an error in the process, a string is
+	*						returned. If the login was successful, then null is
+	*						returned.
+	*/
+	protected function process_login_result($result)
+	{
+		global $config, $template, $user, $phpbb_container;
+
+		$login_error = null;
+
+		if ($result['status'] != LOGIN_SUCCESS)
+		{
+			// Handle all errors first
+			if ($result['status'] == LOGIN_BREAK)
+			{
+				trigger_error($result['error_msg']);
+			}
+
+			switch ($result['status'])
+			{
+				case LOGIN_ERROR_ATTEMPTS:
+
+					$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+					$captcha->init(CONFIRM_LOGIN);
+
+					$template->assign_vars(array(
+						'CAPTCHA_TEMPLATE'			=> $captcha->get_template(),
+					));
+
+					$login_error = $user->lang[$result['error_msg']];
+				break;
+
+				case LOGIN_ERROR_PASSWORD_CONVERT:
+					$login_error = sprintf(
+						$user->lang[$result['error_msg']],
+						($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
+						($config['email_enable']) ? '</a>' : '',
+						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
+						($config['board_contact']) ? '</a>' : ''
+					);
+				break;
+
+				// Username, password, etc...
+				default:
+					$login_error = $user->lang[$result['error_msg']];
+
+					// Assign admin contact to some error messages
+					if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
+					{
+						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
+					}
+
+				break;
+			}
+		}
+
+		return $login_error;
+	}
+
+	/**
+	* Performs a post login redirect
+	*/
+	protected function perform_redirect()
+	{
+		global $phpbb_root_path, $phpEx;
+		$url = append_sid($phpbb_root_path . 'index.' . $phpEx);
+		redirect($url);
+	}
+}

includes/ucp/ucp_notifications.php

@@ -0,0 +1,233 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+class ucp_notifications
+{
+	public $u_action;
+
+	public function main($id, $mode)
+	{
+		global $config, $template, $user, $request, $phpbb_container;
+		global $phpbb_root_path, $phpEx;
+
+		add_form_key('ucp_notification');
+
+		$start = $request->variable('start', 0);
+		$form_time = $request->variable('form_time', 0);
+		$form_time = ($form_time <= 0 || $form_time > time()) ? time() : $form_time;
+
+		/* @var $phpbb_notifications \phpbb\notification\manager */
+		$phpbb_notifications = $phpbb_container->get('notification_manager');
+
+		/* @var $pagination \phpbb\pagination */
+		$pagination = $phpbb_container->get('pagination');
+
+		switch ($mode)
+		{
+			case 'notification_options':
+				$subscriptions = $phpbb_notifications->get_global_subscriptions(false);
+
+				// Add/remove subscriptions
+				if ($request->is_set_post('submit'))
+				{
+					if (!check_form_key('ucp_notification'))
+					{
+						trigger_error('FORM_INVALID');
+					}
+
+					$notification_methods = $phpbb_notifications->get_subscription_methods();
+
+					foreach ($phpbb_notifications->get_subscription_types() as $group => $subscription_types)
+					{
+						foreach ($subscription_types as $type => $data)
+						{
+							foreach ($notification_methods as $method => $method_data)
+							{
+								if ($request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && (!isset($subscriptions[$type]) || !in_array($method_data['id'], $subscriptions[$type])))
+								{
+									$phpbb_notifications->add_subscription($type, 0, $method_data['id']);
+								}
+								else if (!$request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type]))
+								{
+									$phpbb_notifications->delete_subscription($type, 0, $method_data['id']);
+								}
+							}
+						}
+					}
+
+					meta_refresh(3, $this->u_action);
+					$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+					trigger_error($message);
+				}
+
+				$this->output_notification_methods($phpbb_notifications, $template, $user, 'notification_methods');
+
+				$this->output_notification_types($subscriptions, $phpbb_notifications, $template, $user, 'notification_types');
+
+				$this->tpl_name = 'ucp_notifications';
+				$this->page_title = 'UCP_NOTIFICATION_OPTIONS';
+			break;
+
+			case 'notification_list':
+			default:
+				// Mark all items read
+				if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read'))
+				{
+					$phpbb_notifications->mark_notifications(false, false, $user->data['user_id'], $form_time);
+
+					meta_refresh(3, $this->u_action);
+					$message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
+
+					if ($request->is_ajax())
+					{
+						$json_response = new \phpbb\json_response();
+						$json_response->send(array(
+							'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
+							'MESSAGE_TEXT'	=> $message,
+							'success'		=> true,
+						));
+					}
+					$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+					trigger_error($message);
+				}
+
+				// Mark specific notifications read
+				if ($request->is_set_post('submit'))
+				{
+					if (!check_form_key('ucp_notification'))
+					{
+						trigger_error('FORM_INVALID');
+					}
+
+					$mark_read = $request->variable('mark', array(0));
+
+					if (!empty($mark_read))
+					{
+						$phpbb_notifications->mark_notifications_by_id('notification.method.board', $mark_read, $form_time);
+					}
+				}
+
+				$notifications = $phpbb_notifications->load_notifications('notification.method.board', array(
+					'start'			=> $start,
+					'limit'			=> $config['topics_per_page'],
+					'count_total'	=> true,
+				));
+
+				foreach ($notifications['notifications'] as $notification)
+				{
+					$template->assign_block_vars('notification_list', $notification->prepare_for_display());
+				}
+
+				$base_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=ucp_notifications&amp;mode=notification_list");
+				$start = $pagination->validate_start($start, $config['topics_per_page'], $notifications['total_count']);
+				$pagination->generate_template_pagination($base_url, 'pagination', 'start', $notifications['total_count'], $config['topics_per_page'], $start);
+
+				$template->assign_vars(array(
+					'TOTAL_COUNT'	=> $notifications['total_count'],
+					'U_MARK_ALL'	=> $base_url . '&amp;mark=all&amp;token=' . generate_link_hash('mark_all_notifications_read'),
+				));
+
+				$this->tpl_name = 'ucp_notifications';
+				$this->page_title = 'UCP_NOTIFICATION_LIST';
+			break;
+		}
+
+		$template->assign_vars(array(
+			'TITLE'				=> $user->lang($this->page_title),
+			'TITLE_EXPLAIN'		=> $user->lang($this->page_title . '_EXPLAIN'),
+
+			'MODE'				=> $mode,
+
+			'FORM_TIME'			=> time(),
+		));
+	}
+
+	/**
+	* Output all the notification types to the template
+	*
+	* @param array $subscriptions Array containing global subscriptions
+	* @param \phpbb\notification\manager $phpbb_notifications
+	* @param \phpbb\template\template $template
+	* @param \phpbb\user $user
+	* @param string $block
+	*/
+	public function output_notification_types($subscriptions, \phpbb\notification\manager $phpbb_notifications, \phpbb\template\template $template, \phpbb\user $user, $block = 'notification_types')
+	{
+		$notification_methods = $phpbb_notifications->get_subscription_methods();
+
+		foreach ($phpbb_notifications->get_subscription_types() as $group => $subscription_types)
+		{
+			$template->assign_block_vars($block, array(
+				'GROUP_NAME'	=> $user->lang($group),
+			));
+
+			foreach ($subscription_types as $type => $type_data)
+			{
+				$template->assign_block_vars($block, array(
+					'TYPE'				=> $type,
+
+					'NAME'				=> $user->lang($type_data['lang']),
+					'EXPLAIN'			=> (isset($user->lang[$type_data['lang'] . '_EXPLAIN'])) ? $user->lang($type_data['lang'] . '_EXPLAIN') : '',
+				));
+
+				foreach ($notification_methods as $method => $method_data)
+				{
+					$template->assign_block_vars($block . '.notification_methods', array(
+						'METHOD'			=> $method_data['id'],
+
+						'NAME'				=> $user->lang($method_data['lang']),
+
+						'AVAILABLE'			=> $method_data['method']->is_available($type_data['type']),
+
+						'SUBSCRIBED'		=> (isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type])) ? true : false,
+					));
+				}
+			}
+		}
+
+		$template->assign_vars(array(
+			strtoupper($block) . '_COLS' => count($notification_methods) + 1,
+		));
+	}
+
+	/**
+	* Output all the notification methods to the template
+	*
+	* @param \phpbb\notification\manager $phpbb_notifications
+	* @param \phpbb\template\template $template
+	* @param \phpbb\user $user
+	* @param string $block
+	*/
+	public function output_notification_methods(\phpbb\notification\manager $phpbb_notifications, \phpbb\template\template $template, \phpbb\user $user, $block = 'notification_methods')
+	{
+		$notification_methods = $phpbb_notifications->get_subscription_methods();
+
+		foreach ($notification_methods as $method => $method_data)
+		{
+			$template->assign_block_vars($block, array(
+				'METHOD'			=> $method_data['id'],
+
+				'NAME'				=> $user->lang($method_data['lang']),
+			));
+		}
+	}
+}

includes/ucp/ucp_pm.php

@@ -0,0 +1,435 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Private Message Class
+*
+* $_REQUEST['folder'] display folder with the id used
+* $_REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
+*
+*	Display Messages (default to inbox) - mode=view
+*	Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage)
+*
+*	if the folder id with (&f=[folder_id]) is used when displaying messages, one query will be saved. If it is not used, phpBB needs to grab
+*	the folder id first in order to display the input boxes and folder names and such things. ;) phpBB always checks this against the database to make
+*	sure the user is able to view the message.
+*
+*	Composing Messages (mode=compose):
+*		To specific user (u=[user_id])
+*		To specific group (g=[group_id])
+*		Quoting a post (action=quotepost&p=[post_id])
+*		Quoting a PM (action=quote&p=[msg_id])
+*		Forwarding a PM (action=forward&p=[msg_id])
+*/
+class ucp_pm
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config, $request;
+
+		if (!$user->data['is_registered'])
+		{
+			trigger_error('NO_MESSAGE');
+		}
+
+		// Is PM disabled?
+		if (!$config['allow_privmsg'])
+		{
+			trigger_error('PM_DISABLED');
+		}
+
+		$user->add_lang('posting');
+		$template->assign_var('S_PRIVMSGS', true);
+
+		// Folder directly specified?
+		$folder_specified = $request->variable('folder', '');
+
+		if (!in_array($folder_specified, array('inbox', 'outbox', 'sentbox')))
+		{
+			$folder_specified = (int) $folder_specified;
+		}
+		else
+		{
+			$folder_specified = ($folder_specified == 'inbox') ? PRIVMSGS_INBOX : (($folder_specified == 'outbox') ? PRIVMSGS_OUTBOX : PRIVMSGS_SENTBOX);
+		}
+
+		if (!$folder_specified)
+		{
+			$mode = (!$mode) ? $request->variable('mode', 'view') : $mode;
+		}
+		else
+		{
+			$mode = 'view';
+		}
+
+		if (!function_exists('get_folder'))
+		{
+			include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
+		}
+
+		switch ($mode)
+		{
+			// Compose message
+			case 'compose':
+				$action = $request->variable('action', 'post');
+
+				$user_folders = get_folder($user->data['user_id']);
+
+				if ($action != 'delete' && !$auth->acl_get('u_sendpm'))
+				{
+					// trigger_error('NO_AUTH_SEND_MESSAGE');
+					$template->assign_vars(array(
+						'S_NO_AUTH_SEND_MESSAGE'	=> true,
+						'S_COMPOSE_PM_VIEW'			=> true,
+					));
+
+					$tpl_file = 'ucp_pm_viewfolder';
+					break;
+				}
+
+				if (!function_exists('compose_pm'))
+				{
+					include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx);
+				}
+				compose_pm($id, $mode, $action, $user_folders);
+
+				$tpl_file = 'posting_body';
+			break;
+
+			case 'options':
+				set_user_message_limit();
+				get_folder($user->data['user_id']);
+
+				if (!function_exists('message_options'))
+				{
+					include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx);
+				}
+				message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions);
+
+				$tpl_file = 'ucp_pm_options';
+			break;
+
+			case 'drafts':
+
+				get_folder($user->data['user_id']);
+				$this->p_name = 'pm';
+
+				if (!class_exists('ucp_main'))
+				{
+					include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx);
+				}
+
+				$module = new ucp_main($this);
+				$module->u_action = $this->u_action;
+				$module->main($id, $mode);
+
+				$this->tpl_name = $module->tpl_name;
+				$this->page_title = 'UCP_PM_DRAFTS';
+
+				unset($module);
+				return;
+
+			break;
+
+			case 'view':
+
+				set_user_message_limit();
+
+				if ($folder_specified)
+				{
+					$folder_id = $folder_specified;
+					$action = 'view_folder';
+				}
+				else
+				{
+					$folder_id = $request->variable('f', PRIVMSGS_NO_BOX);
+					$action = $request->variable('action', 'view_folder');
+				}
+
+				$msg_id = $request->variable('p', 0);
+				$view	= $request->variable('view', '');
+
+				// View message if specified
+				if ($msg_id)
+				{
+					$action = 'view_message';
+				}
+
+				if (!$auth->acl_get('u_readpm'))
+				{
+					send_status_line(403, 'Forbidden');
+					trigger_error('NO_AUTH_READ_MESSAGE');
+				}
+
+				if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm')))
+				{
+					send_status_line(403, 'Forbidden');
+					trigger_error('NO_AUTH_PRINT_MESSAGE');
+				}
+
+				// Do not allow hold messages to be seen
+				if ($folder_id == PRIVMSGS_HOLD_BOX)
+				{
+					trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
+				}
+
+				// First Handle Mark actions and moving messages
+				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
+				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
+				$mark_option	= $request->variable('mark_option', '');
+				$dest_folder	= $request->variable('dest_folder', PRIVMSGS_NO_BOX);
+
+				// Is moving PM triggered through mark options?
+				if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark)
+				{
+					$move_pm = true;
+					$dest_folder = (int) $mark_option;
+					$submit_mark = false;
+				}
+
+				// Move PM
+				if ($move_pm)
+				{
+					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
+					$cur_folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);
+
+					if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id))
+					{
+						// Return to folder view if single message moved
+						if ($action == 'view_message')
+						{
+							$msg_id		= 0;
+							$folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);
+							$action		= 'view_folder';
+						}
+					}
+				}
+
+				// Message Mark Options
+				if ($submit_mark)
+				{
+					handle_mark_actions($user->data['user_id'], $mark_option);
+				}
+
+				// If new messages arrived, place them into the appropriate folder
+				$num_not_moved = $num_removed = 0;
+				$release = $request->variable('release', 0);
+
+				if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message'))
+				{
+					$return = place_pm_into_folder($global_privmsgs_rules, $release);
+					$num_not_moved = $return['not_moved'];
+					$num_removed = $return['removed'];
+				}
+
+				if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX)
+				{
+					$folder_id = PRIVMSGS_INBOX;
+				}
+				else if ($msg_id && $folder_id == PRIVMSGS_NO_BOX)
+				{
+					$sql = 'SELECT folder_id
+						FROM ' . PRIVMSGS_TO_TABLE . "
+						WHERE msg_id = $msg_id
+							AND folder_id <> " . PRIVMSGS_NO_BOX . '
+							AND user_id = ' . $user->data['user_id'];
+					$result = $db->sql_query($sql);
+					$row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					if (!$row)
+					{
+						trigger_error('NO_MESSAGE');
+					}
+					$folder_id = (int) $row['folder_id'];
+				}
+
+				if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_pms_read'))
+				{
+					mark_folder_read($user->data['user_id'], $folder_id);
+
+					meta_refresh(3, $this->u_action);
+					$message = $user->lang['PM_MARK_ALL_READ_SUCCESS'];
+
+					if ($request->is_ajax())
+					{
+						$json_response = new \phpbb\json_response();
+						$json_response->send(array(
+							'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
+							'MESSAGE_TEXT'	=> $message,
+							'success'		=> true,
+						));
+					}
+					$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+					trigger_error($message);
+				}
+
+				$message_row = array();
+				if ($action == 'view_message' && $msg_id)
+				{
+					// Get Message user want to see
+					if ($view == 'next' || $view == 'previous')
+					{
+						$sql_condition = ($view == 'next') ? '>' : '<';
+						$sql_ordering = ($view == 'next') ? 'ASC' : 'DESC';
+
+						$sql = 'SELECT t.msg_id
+							FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TABLE . " p2
+							WHERE p2.msg_id = $msg_id
+								AND t.folder_id = $folder_id
+								AND t.user_id = " . $user->data['user_id'] . "
+								AND t.msg_id = p.msg_id
+								AND p.message_time $sql_condition p2.message_time
+							ORDER BY p.message_time $sql_ordering";
+						$result = $db->sql_query_limit($sql, 1);
+						$row = $db->sql_fetchrow($result);
+						$db->sql_freeresult($result);
+
+						if (!$row)
+						{
+							$message = ($view == 'next') ? 'NO_NEWER_PM' : 'NO_OLDER_PM';
+							trigger_error($message);
+						}
+						else
+						{
+							$msg_id = $row['msg_id'];
+						}
+					}
+
+					$sql = 'SELECT t.*, p.*, u.*
+						FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u
+						WHERE t.user_id = ' . $user->data['user_id'] . "
+							AND p.author_id = u.user_id
+							AND t.folder_id = $folder_id
+							AND t.msg_id = p.msg_id
+							AND p.msg_id = $msg_id";
+					$result = $db->sql_query($sql);
+					$message_row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					if (!$message_row)
+					{
+						trigger_error('NO_MESSAGE');
+					}
+
+					// Update unread status
+					update_unread_status($message_row['pm_unread'], $message_row['msg_id'], $user->data['user_id'], $folder_id);
+				}
+
+				$folder = get_folder($user->data['user_id'], $folder_id);
+
+				$s_folder_options = $s_to_folder_options = '';
+				foreach ($folder as $f_id => $folder_ary)
+				{
+					$option = '<option' . ((!in_array($f_id, array(PRIVMSGS_INBOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX))) ? ' class="sep"' : '') . ' value="' . $f_id . '"' . (($f_id == $folder_id) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . '</option>';
+
+					$s_to_folder_options .= ($f_id != PRIVMSGS_OUTBOX && $f_id != PRIVMSGS_SENTBOX) ? $option : '';
+					$s_folder_options .= $option;
+				}
+				clean_sentbox($folder[PRIVMSGS_SENTBOX]['num_messages']);
+
+				// Header for message view - folder and so on
+				$folder_status = get_folder_status($folder_id, $folder);
+
+				$template->assign_vars(array(
+					'CUR_FOLDER_ID'			=> $folder_id,
+					'CUR_FOLDER_NAME'		=> $folder_status['folder_name'],
+					'NUM_NOT_MOVED'			=> $num_not_moved,
+					'NUM_REMOVED'			=> $num_removed,
+					'RELEASE_MESSAGE_INFO'	=> sprintf($user->lang['RELEASE_MESSAGES'], '<a href="' . $this->u_action . '&amp;folder=' . $folder_id . '&amp;release=1">', '</a>'),
+					'NOT_MOVED_MESSAGES'	=> $user->lang('NOT_MOVED_MESSAGES', (int) $num_not_moved),
+					'RULE_REMOVED_MESSAGES'	=> $user->lang('RULE_REMOVED_MESSAGES', (int) $num_removed),
+
+					'S_FOLDER_OPTIONS'		=> $s_folder_options,
+					'S_TO_FOLDER_OPTIONS'	=> $s_to_folder_options,
+					'S_FOLDER_ACTION'		=> $this->u_action . '&amp;action=view_folder',
+					'S_PM_ACTION'			=> $this->u_action . '&amp;action=' . $action,
+
+					'U_INBOX'				=> $this->u_action . '&amp;folder=inbox',
+					'U_OUTBOX'				=> $this->u_action . '&amp;folder=outbox',
+					'U_SENTBOX'				=> $this->u_action . '&amp;folder=sentbox',
+					'U_CREATE_FOLDER'		=> $this->u_action . '&amp;mode=options',
+					'U_CURRENT_FOLDER'		=> $this->u_action . '&amp;folder=' . $folder_id,
+					'U_MARK_ALL'			=> $this->u_action . '&amp;folder=' . $folder_id . '&amp;mark=all&amp;token=' . generate_link_hash('mark_all_pms_read'),
+
+					'S_IN_INBOX'			=> ($folder_id == PRIVMSGS_INBOX) ? true : false,
+					'S_IN_OUTBOX'			=> ($folder_id == PRIVMSGS_OUTBOX) ? true : false,
+					'S_IN_SENTBOX'			=> ($folder_id == PRIVMSGS_SENTBOX) ? true : false,
+
+					'FOLDER_STATUS'				=> $folder_status['message'],
+					'FOLDER_MAX_MESSAGES'		=> $folder_status['max'],
+					'FOLDER_CUR_MESSAGES'		=> $folder_status['cur'],
+					'FOLDER_REMAINING_MESSAGES'	=> $folder_status['remaining'],
+					'FOLDER_PERCENT'			=> $folder_status['percent'])
+				);
+
+				if ($action == 'view_folder')
+				{
+					if (!function_exists('view_folder'))
+					{
+						include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx);
+					}
+					view_folder($id, $mode, $folder_id, $folder);
+
+					$tpl_file = 'ucp_pm_viewfolder';
+				}
+				else if ($action == 'view_message')
+				{
+					$template->assign_vars(array(
+						'S_VIEW_MESSAGE'		=> true,
+						'L_RETURN_TO_FOLDER'	=> $user->lang('RETURN_TO', $folder_status['folder_name']),
+						'MSG_ID'				=> $msg_id,
+					));
+
+					if (!$msg_id)
+					{
+						trigger_error('NO_MESSAGE');
+					}
+
+					if (!function_exists('view_message'))
+					{
+						include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx);
+					}
+					view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row);
+
+					$tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage';
+				}
+
+			break;
+
+			default:
+				trigger_error('NO_ACTION_MODE', E_USER_ERROR);
+			break;
+		}
+
+		$template->assign_vars(array(
+			'L_TITLE'			=> $user->lang['UCP_PM_' . strtoupper($mode)],
+			'S_UCP_ACTION'		=> $this->u_action . ((isset($action)) ? "&amp;action=$action" : ''))
+		);
+
+		// Set desired template
+		$this->tpl_name = $tpl_file;
+		$this->page_title = 'UCP_PM_' . strtoupper($mode);
+	}
+}

includes/ucp/ucp_pm_options.php

@@ -0,0 +1,874 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Execute message options
+*/
+function message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions)
+{
+	global $phpbb_root_path, $phpEx, $user, $template, $config, $db, $request;
+
+	$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=options");
+
+	add_form_key('ucp_pm_options');
+	// Change "full folder" setting - what to do if folder is full
+	if (isset($_POST['fullfolder']))
+	{
+		if (!check_form_key('ucp_pm_options'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
+		$full_action = $request->variable('full_action', 0);
+
+		$set_folder_id = 0;
+		switch ($full_action)
+		{
+			case 1:
+				$set_folder_id = FULL_FOLDER_DELETE;
+			break;
+
+			case 2:
+				$set_folder_id = $request->variable('full_move_to', PRIVMSGS_INBOX);
+			break;
+
+			case 3:
+				$set_folder_id = FULL_FOLDER_HOLD;
+			break;
+
+			default:
+				$full_action = 0;
+			break;
+		}
+
+		if ($full_action)
+		{
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_full_folder = ' . $set_folder_id . '
+				WHERE user_id = ' . $user->data['user_id'];
+			$db->sql_query($sql);
+
+			$user->data['user_full_folder'] = $set_folder_id;
+
+			$message = $user->lang['FULL_FOLDER_OPTION_CHANGED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
+			meta_refresh(3, $redirect_url);
+			trigger_error($message);
+		}
+	}
+
+	// Add Folder
+	if (isset($_POST['addfolder']))
+	{
+		if (check_form_key('ucp_pm_options'))
+		{
+			$folder_name = $request->variable('foldername', '', true);
+
+			if ($folder_name)
+			{
+				$sql = 'SELECT folder_name
+					FROM ' . PRIVMSGS_FOLDER_TABLE . "
+					WHERE folder_name = '" . $db->sql_escape($folder_name) . "'
+						AND user_id = " . $user->data['user_id'];
+				$result = $db->sql_query_limit($sql, 1);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				if ($row)
+				{
+					trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name));
+				}
+
+				$sql = 'SELECT COUNT(folder_id) as num_folder
+					FROM ' . PRIVMSGS_FOLDER_TABLE . '
+						WHERE user_id = ' . $user->data['user_id'];
+				$result = $db->sql_query($sql);
+				$num_folder = (int) $db->sql_fetchfield('num_folder');
+				$db->sql_freeresult($result);
+
+				if ($num_folder >= $config['pm_max_boxes'])
+				{
+					trigger_error('MAX_FOLDER_REACHED');
+				}
+
+				$sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+					'user_id'		=> (int) $user->data['user_id'],
+					'folder_name'	=> $folder_name)
+				);
+				$db->sql_query($sql);
+				$msg = $user->lang['FOLDER_ADDED'];
+			}
+			else
+			{
+				$msg = $user->lang['FOLDER_NAME_EMPTY'];
+			}
+		}
+		else
+		{
+			$msg = $user->lang['FORM_INVALID'];
+		}
+		$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
+		meta_refresh(3, $redirect_url);
+		trigger_error($message);
+	}
+
+	// Rename folder
+	if (isset($_POST['rename_folder']))
+	{
+		if (check_form_key('ucp_pm_options'))
+		{
+			$new_folder_name = $request->variable('new_folder_name', '', true);
+			$rename_folder_id= $request->variable('rename_folder_id', 0);
+
+			if (!$new_folder_name)
+			{
+				trigger_error('NO_NEW_FOLDER_NAME');
+			}
+
+			// Select custom folder
+			$sql = 'SELECT folder_name, pm_count
+				FROM ' . PRIVMSGS_FOLDER_TABLE . "
+				WHERE user_id = {$user->data['user_id']}
+					AND folder_id = $rename_folder_id";
+			$result = $db->sql_query_limit($sql, 1);
+			$folder_row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if (!$folder_row)
+			{
+				trigger_error('CANNOT_RENAME_FOLDER');
+			}
+
+			$sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . "
+				SET folder_name = '" . $db->sql_escape($new_folder_name) . "'
+				WHERE folder_id = $rename_folder_id
+					AND user_id = {$user->data['user_id']}";
+			$db->sql_query($sql);
+			$msg = $user->lang['FOLDER_RENAMED'];
+		}
+		else
+		{
+			$msg = $user->lang['FORM_INVALID'];
+		}
+
+		$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
+
+		meta_refresh(3, $redirect_url);
+		trigger_error($message);
+	}
+
+	// Remove Folder
+	if (isset($_POST['remove_folder']))
+	{
+		$remove_folder_id = $request->variable('remove_folder_id', 0);
+
+		// Default to "move all messages to inbox"
+		$remove_action = $request->variable('remove_action', 1);
+		$move_to = $request->variable('move_to', PRIVMSGS_INBOX);
+
+		// Move to same folder?
+		if ($remove_action == 1 && $remove_folder_id == $move_to)
+		{
+			trigger_error('CANNOT_MOVE_TO_SAME_FOLDER');
+		}
+
+		// Select custom folder
+		$sql = 'SELECT folder_name, pm_count
+			FROM ' . PRIVMSGS_FOLDER_TABLE . "
+			WHERE user_id = {$user->data['user_id']}
+				AND folder_id = $remove_folder_id";
+		$result = $db->sql_query_limit($sql, 1);
+		$folder_row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		if (!$folder_row)
+		{
+			trigger_error('CANNOT_REMOVE_FOLDER');
+		}
+
+		$s_hidden_fields = array(
+			'remove_folder_id'	=> $remove_folder_id,
+			'remove_action'		=> $remove_action,
+			'move_to'			=> $move_to,
+			'remove_folder'		=> 1
+		);
+
+		// Do we need to confirm?
+		if (confirm_box(true))
+		{
+			// Gather message ids
+			$sql = 'SELECT msg_id
+				FROM ' . PRIVMSGS_TO_TABLE . '
+				WHERE user_id = ' . $user->data['user_id'] . "
+					AND folder_id = $remove_folder_id";
+			$result = $db->sql_query($sql);
+
+			$msg_ids = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$msg_ids[] = (int) $row['msg_id'];
+			}
+			$db->sql_freeresult($result);
+
+			// First of all, copy all messages to another folder... or delete all messages
+			switch ($remove_action)
+			{
+				// Move Messages
+				case 1:
+					$num_moved = move_pm($user->data['user_id'], $user->data['message_limit'], $msg_ids, $move_to, $remove_folder_id);
+
+					// Something went wrong, only partially moved?
+					if ($num_moved != $folder_row['pm_count'])
+					{
+						trigger_error($user->lang('MOVE_PM_ERROR', $user->lang('MESSAGES_COUNT', (int) $folder_row['pm_count']), $num_moved));
+					}
+				break;
+
+				// Remove Messages
+				case 2:
+					delete_pm($user->data['user_id'], $msg_ids, $remove_folder_id);
+				break;
+			}
+
+			// Remove folder
+			$sql = 'DELETE FROM ' . PRIVMSGS_FOLDER_TABLE . "
+				WHERE user_id = {$user->data['user_id']}
+					AND folder_id = $remove_folder_id";
+			$db->sql_query($sql);
+
+			// Check full folder option. If the removed folder has been specified as destination switch back to inbox
+			if ($user->data['user_full_folder'] == $remove_folder_id)
+			{
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_full_folder = ' . PRIVMSGS_INBOX . '
+					WHERE user_id = ' . $user->data['user_id'];
+				$db->sql_query($sql);
+
+				$user->data['user_full_folder'] = PRIVMSGS_INBOX;
+			}
+
+			// Now make sure the folder is not used for rules
+			// We assign another folder id (the one the messages got moved to) or assign the INBOX (to not have to remove any rule)
+			$sql = 'UPDATE ' . PRIVMSGS_RULES_TABLE . ' SET rule_folder_id = ';
+			$sql .= ($remove_action == 1) ? $move_to : PRIVMSGS_INBOX;
+			$sql .= ' WHERE rule_folder_id = ' . $remove_folder_id;
+
+			$db->sql_query($sql);
+
+			$meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=$mode");
+			$message = $user->lang['FOLDER_REMOVED'];
+
+			meta_refresh(3, $meta_info);
+			$message .= '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $meta_info . '">', '</a>');
+			trigger_error($message);
+		}
+		else
+		{
+			confirm_box(false, 'REMOVE_FOLDER', build_hidden_fields($s_hidden_fields));
+		}
+	}
+
+	// Add Rule
+	if (isset($_POST['add_rule']))
+	{
+		if (check_form_key('ucp_pm_options'))
+		{
+			$check_option	= $request->variable('check_option', 0);
+			$rule_option	= $request->variable('rule_option', 0);
+			$cond_option	= $request->variable('cond_option', '');
+			$action_option	= explode('|', $request->variable('action_option', ''));
+			$rule_string	= ($cond_option != 'none') ? $request->variable('rule_string', '', true) : '';
+			$rule_user_id	= ($cond_option != 'none') ? $request->variable('rule_user_id', 0) : 0;
+			$rule_group_id	= ($cond_option != 'none') ? $request->variable('rule_group_id', 0) : 0;
+
+			$action = (int) $action_option[0];
+			$folder_id = (int) $action_option[1];
+
+			if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string))
+			{
+				trigger_error('RULE_NOT_DEFINED');
+			}
+
+			if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id))
+			{
+				trigger_error('RULE_NOT_DEFINED');
+			}
+
+			$rule_ary = array(
+				'user_id'			=> $user->data['user_id'],
+				'rule_check'		=> $check_option,
+				'rule_connection'	=> $rule_option,
+				'rule_string'		=> $rule_string,
+				'rule_user_id'		=> $rule_user_id,
+				'rule_group_id'		=> $rule_group_id,
+				'rule_action'		=> $action,
+				'rule_folder_id'	=> $folder_id
+			);
+
+			$sql = 'SELECT rule_id
+				FROM ' . PRIVMSGS_RULES_TABLE . '
+				WHERE ' . $db->sql_build_array('SELECT', $rule_ary);
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if ($row)
+			{
+				trigger_error('RULE_ALREADY_DEFINED');
+			}
+
+			// Prevent users from flooding the rules table
+			$sql = 'SELECT COUNT(rule_id) AS num_rules
+				FROM ' . PRIVMSGS_RULES_TABLE . '
+				WHERE user_id = ' . (int) $user->data['user_id'];
+			$result = $db->sql_query($sql);
+			$num_rules = (int) $db->sql_fetchfield('num_rules');
+			$db->sql_freeresult($result);
+
+			if ($num_rules >= 5000)
+			{
+				trigger_error('RULE_LIMIT_REACHED');
+			}
+
+			$sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary);
+			$db->sql_query($sql);
+
+			// Set the user_message_rules bit
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_message_rules = 1
+				WHERE user_id = ' . $user->data['user_id'];
+			$db->sql_query($sql);
+
+			$msg = $user->lang['RULE_ADDED'];
+		}
+		else
+		{
+			$msg = $user->lang['FORM_INVALID'];
+		}
+		$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
+		meta_refresh(3, $redirect_url);
+		trigger_error($message);
+	}
+
+	// Remove Rule
+	if (isset($_POST['delete_rule']) && !isset($_POST['cancel']))
+	{
+		$delete_id = array_keys($request->variable('delete_rule', array(0 => 0)));
+		$delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0;
+
+		if (!$delete_id)
+		{
+			redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=' . $mode));
+		}
+
+		// Do we need to confirm?
+		if (confirm_box(true))
+		{
+			$sql = 'DELETE FROM ' . PRIVMSGS_RULES_TABLE . '
+				WHERE user_id = ' . $user->data['user_id'] . "
+					AND rule_id = $delete_id";
+			$db->sql_query($sql);
+
+			$meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=' . $mode);
+			$message = $user->lang['RULE_DELETED'];
+
+			// Reset user_message_rules if no more assigned
+			$sql = 'SELECT rule_id
+				FROM ' . PRIVMSGS_RULES_TABLE . '
+				WHERE user_id = ' . $user->data['user_id'];
+			$result = $db->sql_query_limit($sql, 1);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			// Unset the user_message_rules bit
+			if (!$row)
+			{
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_message_rules = 0
+					WHERE user_id = ' . $user->data['user_id'];
+				$db->sql_query($sql);
+			}
+
+			meta_refresh(3, $meta_info);
+			$message .= '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $meta_info . '">', '</a>');
+			trigger_error($message);
+		}
+		else
+		{
+			confirm_box(false, 'DELETE_RULE', build_hidden_fields(array('delete_rule' => array($delete_id => 1))));
+		}
+	}
+
+	$folder = array();
+
+	$sql = 'SELECT COUNT(msg_id) as num_messages
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE user_id = ' . $user->data['user_id'] . '
+			AND folder_id = ' . PRIVMSGS_INBOX;
+	$result = $db->sql_query($sql);
+	$num_messages = (int) $db->sql_fetchfield('num_messages');
+	$db->sql_freeresult($result);
+
+	$folder[PRIVMSGS_INBOX] = array(
+		'folder_name'		=> $user->lang['PM_INBOX'],
+		'message_status'	=> $user->lang('FOLDER_MESSAGE_STATUS', $user->lang('MESSAGES_COUNT', (int) $user->data['message_limit']), $num_messages),
+	);
+
+	$sql = 'SELECT folder_id, folder_name, pm_count
+		FROM ' . PRIVMSGS_FOLDER_TABLE . '
+			WHERE user_id = ' . $user->data['user_id'];
+	$result = $db->sql_query($sql);
+
+	$num_user_folder = 0;
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$num_user_folder++;
+		$folder[$row['folder_id']] = array(
+			'folder_name'		=> $row['folder_name'],
+			'message_status'	=> $user->lang('FOLDER_MESSAGE_STATUS', $user->lang('MESSAGES_COUNT', (int) $user->data['message_limit']), (int) $row['pm_count']),
+		);
+	}
+	$db->sql_freeresult($result);
+
+	$s_full_folder_options = $s_to_folder_options = $s_folder_options = '';
+
+	if ($user->data['user_full_folder'] == FULL_FOLDER_NONE)
+	{
+		// -3 here to let the correct folder id be selected
+		$to_folder_id = $config['full_folder_action'] - 3;
+	}
+	else
+	{
+		$to_folder_id = $user->data['user_full_folder'];
+	}
+
+	foreach ($folder as $folder_id => $folder_ary)
+	{
+		$s_full_folder_options .= '<option value="' . $folder_id . '"' . (($user->data['user_full_folder'] == $folder_id) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . ' (' . $folder_ary['message_status'] . ')</option>';
+		$s_to_folder_options .= '<option value="' . $folder_id . '"' . (($to_folder_id == $folder_id) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . ' (' . $folder_ary['message_status'] . ')</option>';
+
+		if ($folder_id != PRIVMSGS_INBOX)
+		{
+			$s_folder_options .= '<option value="' . $folder_id . '">' . $folder_ary['folder_name'] . ' (' . $folder_ary['message_status'] . ')</option>';
+		}
+	}
+
+	$s_delete_checked = ($user->data['user_full_folder'] == FULL_FOLDER_DELETE) ? ' checked="checked"' : '';
+	$s_hold_checked = ($user->data['user_full_folder'] == FULL_FOLDER_HOLD) ? ' checked="checked"' : '';
+	$s_move_checked = ($user->data['user_full_folder'] >= 0) ? ' checked="checked"' : '';
+
+	if ($user->data['user_full_folder'] == FULL_FOLDER_NONE)
+	{
+		switch ($config['full_folder_action'])
+		{
+			case 1:
+				$s_delete_checked = ' checked="checked"';
+			break;
+
+			case 2:
+				$s_hold_checked = ' checked="checked"';
+			break;
+		}
+	}
+
+	$template->assign_vars(array(
+		'S_FULL_FOLDER_OPTIONS'	=> $s_full_folder_options,
+		'S_TO_FOLDER_OPTIONS'	=> $s_to_folder_options,
+		'S_FOLDER_OPTIONS'		=> $s_folder_options,
+		'S_DELETE_CHECKED'		=> $s_delete_checked,
+		'S_HOLD_CHECKED'		=> $s_hold_checked,
+		'S_MOVE_CHECKED'		=> $s_move_checked,
+		'S_MAX_FOLDER_REACHED'	=> ($num_user_folder >= $config['pm_max_boxes']) ? true : false,
+		'S_MAX_FOLDER_ZERO'		=> ($config['pm_max_boxes'] == 0) ? true : false,
+
+		'DEFAULT_ACTION'		=> ($config['full_folder_action'] == 1) ? $user->lang['DELETE_OLDEST_MESSAGES'] : $user->lang['HOLD_NEW_MESSAGES'],
+
+		'U_FIND_USERNAME'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=rule_string&amp;select_single=true'),
+	));
+
+	$rule_lang = $action_lang = $check_lang = array();
+
+	// Build all three language arrays
+	preg_replace_callback('#^((RULE|ACTION|CHECK)_([A-Z0-9_]+))$#', function ($match) use(&$rule_lang, &$action_lang, &$check_lang, $user) {
+		${strtolower($match[2]) . '_lang'}[constant($match[1])] = $user->lang['PM_' . $match[2]][$match[3]];
+	}, array_keys(get_defined_constants()));
+
+	/*
+		Rule Ordering:
+			-> CHECK_* -> RULE_* [IN $global_privmsgs_rules:CHECK_*] -> [IF $rule_conditions[RULE_*] [|text|bool|user|group|own_group]] -> ACTION_*
+	*/
+
+	$check_option	= $request->variable('check_option', 0);
+	$rule_option	= $request->variable('rule_option', 0);
+	$cond_option	= $request->variable('cond_option', '');
+	$action_option	= $request->variable('action_option', '');
+	$back = (isset($_REQUEST['back'])) ? $request->variable('back', array('' => 0)) : array();
+
+	if (count($back))
+	{
+		if ($action_option)
+		{
+			$action_option = '';
+		}
+		else if ($cond_option)
+		{
+			$cond_option = '';
+		}
+		else if ($rule_option)
+		{
+			$rule_option = 0;
+		}
+		else if ($check_option)
+		{
+			$check_option = 0;
+		}
+	}
+
+	if (isset($back['action']) && $cond_option == 'none')
+	{
+		$back['cond'] = true;
+	}
+
+	// Check
+	if (!isset($global_privmsgs_rules[$check_option]))
+	{
+		$check_option = 0;
+	}
+
+	define_check_option(($check_option && !isset($back['rule'])) ? true : false, $check_option, $check_lang);
+
+	if ($check_option && !isset($back['rule']))
+	{
+		define_rule_option(($rule_option && !isset($back['cond'])) ? true : false, $rule_option, $rule_lang, $global_privmsgs_rules[$check_option]);
+	}
+
+	if ($rule_option && !isset($back['cond']))
+	{
+		if (!isset($global_rule_conditions[$rule_option]))
+		{
+			$cond_option = 'none';
+			$template->assign_var('NONE_CONDITION', true);
+		}
+		else
+		{
+			define_cond_option(($cond_option && !isset($back['action'])) ? true : false, $cond_option, $rule_option, $global_rule_conditions);
+		}
+	}
+
+	if ($cond_option && !isset($back['action']))
+	{
+		define_action_option(false, $action_option, $action_lang, $folder);
+	}
+
+	show_defined_rules($user->data['user_id'], $check_lang, $rule_lang, $action_lang, $folder);
+}
+
+/**
+* Defining check option for message rules
+*/
+function define_check_option($hardcoded, $check_option, $check_lang)
+{
+	global $template;
+
+	$s_check_options = '';
+	if (!$hardcoded)
+	{
+		foreach ($check_lang as $value => $lang)
+		{
+			$s_check_options .= '<option value="' . $value . '"' . (($value == $check_option) ? ' selected="selected"' : '') . '>' . $lang . '</option>';
+		}
+	}
+
+	$template->assign_vars(array(
+		'S_CHECK_DEFINED'	=> true,
+		'S_CHECK_SELECT'	=> ($hardcoded) ? false : true,
+		'CHECK_CURRENT'		=> isset($check_lang[$check_option]) ? $check_lang[$check_option] : '',
+		'S_CHECK_OPTIONS'	=> $s_check_options,
+		'CHECK_OPTION'		=> $check_option)
+	);
+}
+
+/**
+* Defining action option for message rules
+*/
+function define_action_option($hardcoded, $action_option, $action_lang, $folder)
+{
+	global $template;
+
+	$l_action = $s_action_options = '';
+	if ($hardcoded)
+	{
+		$option = explode('|', $action_option);
+		$action = (int) $option[0];
+		$folder_id = (int) $option[1];
+
+		$l_action = $action_lang[$action];
+		if ($action == ACTION_PLACE_INTO_FOLDER)
+		{
+			$l_action .= ' -> ' . $folder[$folder_id]['folder_name'];
+		}
+	}
+	else
+	{
+		foreach ($action_lang as $action => $lang)
+		{
+			if ($action == ACTION_PLACE_INTO_FOLDER)
+			{
+				foreach ($folder as $folder_id => $folder_ary)
+				{
+					$s_action_options .= '<option value="' . $action . '|' . $folder_id . '"' . (($action_option == $action . '|' . $folder_id) ? ' selected="selected"' : '') . '>' . $lang . ' -> ' . $folder_ary['folder_name'] . '</option>';
+				}
+			}
+			else
+			{
+				$s_action_options .= '<option value="' . $action . '|0"' . (($action_option == $action . '|0') ? ' selected="selected"' : '') . '>' . $lang . '</option>';
+			}
+		}
+	}
+
+	$template->assign_vars(array(
+		'S_ACTION_DEFINED'	=> true,
+		'S_ACTION_SELECT'	=> ($hardcoded) ? false : true,
+		'ACTION_CURRENT'	=> $l_action,
+		'S_ACTION_OPTIONS'	=> $s_action_options,
+		'ACTION_OPTION'		=> $action_option)
+	);
+}
+
+/**
+* Defining rule option for message rules
+*/
+function define_rule_option($hardcoded, $rule_option, $rule_lang, $check_ary)
+{
+	global $template;
+	global $module;
+
+	$exclude = array();
+
+	if (!$module->loaded('zebra', 'friends'))
+	{
+		$exclude[RULE_IS_FRIEND] = true;
+	}
+
+	if (!$module->loaded('zebra', 'foes'))
+	{
+		$exclude[RULE_IS_FOE] = true;
+	}
+
+	$s_rule_options = '';
+	if (!$hardcoded)
+	{
+		foreach ($check_ary as $value => $_check)
+		{
+			if (isset($exclude[$value]))
+			{
+				continue;
+			}
+			$s_rule_options .= '<option value="' . $value . '"' . (($value == $rule_option) ? ' selected="selected"' : '') . '>' . $rule_lang[$value] . '</option>';
+		}
+	}
+
+	$template->assign_vars(array(
+		'S_RULE_DEFINED'	=> true,
+		'S_RULE_SELECT'		=> !$hardcoded,
+		'RULE_CURRENT'		=> isset($rule_lang[$rule_option]) ? $rule_lang[$rule_option] : '',
+		'S_RULE_OPTIONS'	=> $s_rule_options,
+		'RULE_OPTION'		=> $rule_option)
+	);
+}
+
+/**
+* Defining condition option for message rules
+*/
+function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule_conditions)
+{
+	global $db, $template, $auth, $user, $request, $phpbb_container;
+
+	/** @var \phpbb\group\helper $group_helper */
+	$group_helper = $phpbb_container->get('group_helper');
+
+	$template->assign_vars(array(
+		'S_COND_DEFINED'	=> true,
+		'S_COND_SELECT'		=> (!$hardcoded && isset($global_rule_conditions[$rule_option])) ? true : false)
+	);
+
+	// Define COND_OPTION
+	if (!isset($global_rule_conditions[$rule_option]))
+	{
+		$template->assign_vars(array(
+			'COND_OPTION'	=> 'none',
+			'COND_CURRENT'	=> false)
+		);
+		return;
+	}
+
+	// Define Condition
+	$condition = $global_rule_conditions[$rule_option];
+
+	switch ($condition)
+	{
+		case 'text':
+			$rule_string = $request->variable('rule_string', '', true);
+
+			$template->assign_vars(array(
+				'S_TEXT_CONDITION'	=> true,
+				'CURRENT_STRING'	=> $rule_string,
+				'CURRENT_USER_ID'	=> 0,
+				'CURRENT_GROUP_ID'	=> 0)
+			);
+
+			$current_value = $rule_string;
+		break;
+
+		case 'user':
+			$rule_user_id = $request->variable('rule_user_id', 0);
+			$rule_string = $request->variable('rule_string', '', true);
+
+			if ($rule_string && !$rule_user_id)
+			{
+				$sql = 'SELECT user_id
+					FROM ' . USERS_TABLE . "
+					WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($rule_string)) . "'";
+				$result = $db->sql_query($sql);
+				$rule_user_id = (int) $db->sql_fetchfield('user_id');
+				$db->sql_freeresult($result);
+
+				if (!$rule_user_id)
+				{
+					$rule_string = '';
+				}
+			}
+			else if (!$rule_string && $rule_user_id)
+			{
+				$sql = 'SELECT username
+					FROM ' . USERS_TABLE . "
+					WHERE user_id = $rule_user_id";
+				$result = $db->sql_query($sql);
+				$rule_string = $db->sql_fetchfield('username');
+				$db->sql_freeresult($result);
+
+				if (!$rule_string)
+				{
+					$rule_user_id = 0;
+				}
+			}
+
+			$template->assign_vars(array(
+				'S_USER_CONDITION'	=> true,
+				'CURRENT_STRING'	=> $rule_string,
+				'CURRENT_USER_ID'	=> $rule_user_id,
+				'CURRENT_GROUP_ID'	=> 0)
+			);
+
+			$current_value = $rule_string;
+		break;
+
+		case 'group':
+			$rule_group_id = $request->variable('rule_group_id', 0);
+			$rule_string = $request->variable('rule_string', '', true);
+
+			$sql = 'SELECT g.group_id, g.group_name, g.group_type
+					FROM ' . GROUPS_TABLE . ' g ';
+
+			if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel'))
+			{
+				$sql .= 'LEFT JOIN ' . USER_GROUP_TABLE . ' ug
+					ON (
+						g.group_id = ug.group_id
+						AND ug.user_id = ' . $user->data['user_id'] . '
+						AND ug.user_pending = 0
+					)
+					WHERE (ug.user_id = ' . $user->data['user_id'] . ' OR g.group_type <> ' . GROUP_HIDDEN . ')
+					AND';
+			}
+			else
+			{
+				$sql .= 'WHERE';
+			}
+
+			$sql .= " (g.group_name NOT IN ('GUESTS', 'BOTS') OR g.group_type <> " . GROUP_SPECIAL . ')
+				ORDER BY g.group_type DESC, g.group_name ASC';
+
+			$result = $db->sql_query($sql);
+
+			$s_group_options = '';
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if ($rule_group_id && ($row['group_id'] == $rule_group_id))
+				{
+					$rule_string = $group_helper->get_name($row['group_name']);
+				}
+
+				$s_class	= ($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '';
+				$s_selected	= ($row['group_id'] == $rule_group_id) ? ' selected="selected"' : '';
+
+				$s_group_options .= '<option value="' . $row['group_id'] . '"' . $s_class . $s_selected . '>' . $group_helper->get_name($row['group_name']) . '</option>';
+			}
+			$db->sql_freeresult($result);
+
+			$template->assign_vars(array(
+				'S_GROUP_CONDITION'	=> true,
+				'S_GROUP_OPTIONS'	=> $s_group_options,
+				'CURRENT_STRING'	=> $rule_string,
+				'CURRENT_USER_ID'	=> 0,
+				'CURRENT_GROUP_ID'	=> $rule_group_id)
+			);
+
+			$current_value = $rule_string;
+		break;
+
+		default:
+			return;
+	}
+
+	$template->assign_vars(array(
+		'COND_OPTION'	=> $condition,
+		'COND_CURRENT'	=> $current_value)
+	);
+}
+
+/**
+* Display defined message rules
+*/
+function show_defined_rules($user_id, $check_lang, $rule_lang, $action_lang, $folder)
+{
+	global $db, $template;
+
+	$sql = 'SELECT *
+		FROM ' . PRIVMSGS_RULES_TABLE . '
+		WHERE user_id = ' . $user_id . '
+		ORDER BY rule_id ASC';
+	$result = $db->sql_query($sql);
+
+	$count = 0;
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$template->assign_block_vars('rule', array(
+			'COUNT'		=> ++$count,
+			'RULE_ID'	=> $row['rule_id'],
+			'CHECK'		=> $check_lang[$row['rule_check']],
+			'RULE'		=> $rule_lang[$row['rule_connection']],
+			'STRING'	=> $row['rule_string'],
+			'ACTION'	=> $action_lang[$row['rule_action']],
+			'FOLDER'	=> ($row['rule_action'] == ACTION_PLACE_INTO_FOLDER) ? $folder[$row['rule_folder_id']]['folder_name'] : '')
+		);
+	}
+	$db->sql_freeresult($result);
+}

includes/ucp/ucp_pm_viewfolder.php

@@ -0,0 +1,604 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* View message folder
+* Called from ucp_pm with mode == 'view' && action == 'view_folder'
+*/
+function view_folder($id, $mode, $folder_id, $folder)
+{
+	global $user, $template, $auth, $db, $cache, $request;
+	global $phpbb_root_path, $config, $phpEx;
+
+	$submit_export = (isset($_POST['submit_export'])) ? true : false;
+
+	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
+
+	if (!$submit_export)
+	{
+		$user->add_lang('viewforum');
+
+		// Grab icons
+		$icons = $cache->obtain_icons();
+
+		$color_rows = array('message_reported', 'marked', 'replied');
+
+		$_module = new p_master();
+		$_module->list_modules('ucp');
+		$_module->set_active('zebra');
+
+		$zebra_enabled = ($_module->active_module === false) ? false : true;
+
+		unset($_module);
+
+		if ($zebra_enabled)
+		{
+			$color_rows = array_merge($color_rows, array('friend', 'foe'));
+		}
+
+		foreach ($color_rows as $var)
+		{
+			$template->assign_block_vars('pm_colour_info', array(
+				'IMG'	=> $user->img("pm_{$var}", ''),
+				'CLASS'	=> "pm_{$var}_colour",
+				'LANG'	=> $user->lang[strtoupper($var) . '_MESSAGE'])
+			);
+		}
+
+		$mark_options = array('mark_important', 'delete_marked');
+
+		// Minimise edits
+		if (!$auth->acl_get('u_pm_delete') && $key = array_search('delete_marked', $mark_options))
+		{
+			unset($mark_options[$key]);
+		}
+
+		$s_mark_options = '';
+		foreach ($mark_options as $mark_option)
+		{
+			$s_mark_options .= '<option value="' . $mark_option . '">' . $user->lang[strtoupper($mark_option)] . '</option>';
+		}
+
+		// We do the folder moving options here too, for template authors to use...
+		$s_folder_move_options = '';
+		if ($folder_id != PRIVMSGS_NO_BOX && $folder_id != PRIVMSGS_OUTBOX)
+		{
+			foreach ($folder as $f_id => $folder_ary)
+			{
+				if ($f_id == PRIVMSGS_OUTBOX || $f_id == PRIVMSGS_SENTBOX || $f_id == $folder_id)
+				{
+					continue;
+				}
+
+				$s_folder_move_options .= '<option' . (($f_id != PRIVMSGS_INBOX) ? ' class="sep"' : '') . ' value="' . $f_id . '">';
+				$s_folder_move_options .= sprintf($user->lang['MOVE_MARKED_TO_FOLDER'], $folder_ary['folder_name']);
+				$s_folder_move_options .= (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . '</option>';
+			}
+		}
+		$friend = $foe = array();
+
+		// Get friends and foes
+		$sql = 'SELECT *
+			FROM ' . ZEBRA_TABLE . '
+			WHERE user_id = ' . $user->data['user_id'];
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$friend[$row['zebra_id']] = $row['friend'];
+			$foe[$row['zebra_id']] = $row['foe'];
+		}
+		$db->sql_freeresult($result);
+
+		$template->assign_vars(array(
+			'S_MARK_OPTIONS'		=> $s_mark_options,
+			'S_MOVE_MARKED_OPTIONS'	=> $s_folder_move_options)
+		);
+
+		// Okay, lets dump out the page ...
+		if (count($folder_info['pm_list']))
+		{
+			$address_list = array();
+
+			// Build Recipient List if in outbox/sentbox - max two additional queries
+			if ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX)
+			{
+				$address_list = get_recipient_strings($folder_info['rowset']);
+			}
+
+			foreach ($folder_info['pm_list'] as $message_id)
+			{
+				$row = &$folder_info['rowset'][$message_id];
+
+				$folder_img = ($row['pm_unread']) ? 'pm_unread' : 'pm_read';
+				$folder_alt = ($row['pm_unread']) ? 'NEW_MESSAGES' : 'NO_NEW_MESSAGES';
+
+				// Generate all URIs ...
+				$view_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=view&amp;f=$folder_id&amp;p=$message_id");
+				$remove_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=compose&amp;action=delete&amp;p=$message_id");
+
+				$row_indicator = '';
+				foreach ($color_rows as $var)
+				{
+					if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"])
+						||
+						(($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
+					{
+						$row_indicator = $var;
+						break;
+					}
+				}
+
+				// Send vars to template
+				$template->assign_block_vars('messagerow', array(
+					'PM_CLASS'			=> ($row_indicator) ? 'pm_' . $row_indicator . '_colour' : '',
+
+					'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $row['author_id'], $row['username'], $row['user_colour'], $row['username']),
+					'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $row['author_id'], $row['username'], $row['user_colour'], $row['username']),
+					'MESSAGE_AUTHOR'			=> get_username_string('username', $row['author_id'], $row['username'], $row['user_colour'], $row['username']),
+					'U_MESSAGE_AUTHOR'			=> get_username_string('profile', $row['author_id'], $row['username'], $row['user_colour'], $row['username']),
+
+					'FOLDER_ID'			=> $folder_id,
+					'MESSAGE_ID'		=> $message_id,
+					'SENT_TIME'			=> $user->format_date($row['message_time']),
+					'SUBJECT'			=> censor_text($row['message_subject']),
+					'FOLDER'			=> (isset($folder[$row['folder_id']])) ? $folder[$row['folder_id']]['folder_name'] : '',
+					'U_FOLDER'			=> (isset($folder[$row['folder_id']])) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'folder=' . $row['folder_id']) : '',
+					'PM_ICON_IMG'		=> (!empty($icons[$row['icon_id']])) ? '<img src="' . $config['icons_path'] . '/' . $icons[$row['icon_id']]['img'] . '" width="' . $icons[$row['icon_id']]['width'] . '" height="' . $icons[$row['icon_id']]['height'] . '" alt="" title="" />' : '',
+					'PM_ICON_URL'		=> (!empty($icons[$row['icon_id']])) ? $config['icons_path'] . '/' . $icons[$row['icon_id']]['img'] : '',
+					'FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
+					'FOLDER_IMG_STYLE'	=> $folder_img,
+					'PM_IMG'			=> ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '',
+					'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
+
+					'S_PM_UNREAD'		=> ($row['pm_unread']) ? true : false,
+					'S_PM_DELETED'		=> ($row['pm_deleted']) ? true : false,
+					'S_PM_REPORTED'		=> (isset($row['report_id'])) ? true : false,
+					'S_AUTHOR_DELETED'	=> ($row['author_id'] == ANONYMOUS) ? true : false,
+
+					'U_VIEW_PM'			=> ($row['pm_deleted']) ? '' : $view_message_url,
+					'U_REMOVE_PM'		=> ($row['pm_deleted']) ? $remove_message_url : '',
+					'U_MCP_REPORT'		=> (isset($row['report_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=pm_reports&amp;mode=pm_report_details&amp;r=' . $row['report_id']) : '',
+					'RECIPIENTS'		=> ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? implode($user->lang['COMMA_SEPARATOR'], $address_list[$message_id]) : '')
+				);
+			}
+			unset($folder_info['rowset']);
+
+			$template->assign_vars(array(
+				'S_SHOW_RECIPIENTS'		=> ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? true : false,
+				'S_SHOW_COLOUR_LEGEND'	=> true,
+
+				'REPORTED_IMG'			=> $user->img('icon_topic_reported', 'PM_REPORTED'),
+				'S_PM_ICONS'			=> ($config['enable_pm_icons']) ? true : false)
+			);
+		}
+	}
+	else
+	{
+		$export_type = $request->variable('export_option', '');
+		$enclosure = $request->variable('enclosure', '');
+		$delimiter = $request->variable('delimiter', '');
+
+		if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
+		{
+			$template->assign_var('PROMPT', true);
+		}
+		else
+		{
+			// Build Recipient List if in outbox/sentbox
+
+			$address_temp = $address = $data = array();
+
+			if ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX)
+			{
+				foreach ($folder_info['rowset'] as $message_id => $row)
+				{
+					$address_temp[$message_id] = rebuild_header(array('to' => $row['to_address'], 'bcc' => $row['bcc_address']));
+					$address[$message_id] = array();
+				}
+			}
+
+			foreach ($folder_info['pm_list'] as $message_id)
+			{
+				$row = &$folder_info['rowset'][$message_id];
+
+				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+
+				$sql = 'SELECT p.message_text, p.bbcode_uid
+					FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u
+					WHERE t.user_id = ' . $user->data['user_id'] . "
+						AND p.author_id = u.user_id
+						AND t.folder_id = $folder_id
+						AND t.msg_id = p.msg_id
+						AND p.msg_id = $message_id";
+				$result = $db->sql_query_limit($sql, 1);
+				$message_row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_types = array('u', 'g');
+				foreach ($_types as $ug_type)
+				{
+					if (isset($address_temp[$message_id][$ug_type]) && count($address_temp[$message_id][$ug_type]))
+					{
+						if (!isset($address[$message_id][$ug_type]))
+						{
+							$address[$message_id][$ug_type] = array();
+						}
+						if ($ug_type == 'u')
+						{
+							$sql = 'SELECT user_id as id, username as name
+								FROM ' . USERS_TABLE . '
+								WHERE ';
+						}
+						else
+						{
+							$sql = 'SELECT group_id as id, group_name as name
+								FROM ' . GROUPS_TABLE . '
+								WHERE ';
+						}
+						$sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($address_temp[$message_id][$ug_type])));
+
+						$result = $db->sql_query($sql);
+
+						while ($info_row = $db->sql_fetchrow($result))
+						{
+							$address[$message_id][$ug_type][$address_temp[$message_id][$ug_type][$info_row['id']]][] = $info_row['name'];
+							unset($address_temp[$message_id][$ug_type][$info_row['id']]);
+						}
+						$db->sql_freeresult($result);
+					}
+				}
+
+				// There is the chance that all recipients of the message got deleted. To avoid creating
+				// exports without recipients, we add a bogus "undisclosed recipient".
+				if (!(isset($address[$message_id]['g']) && count($address[$message_id]['g'])) &&
+					!(isset($address[$message_id]['u']) && count($address[$message_id]['u'])))
+				{
+					$address[$message_id]['u'] = array();
+					$address[$message_id]['u']['to'] = array();
+					$address[$message_id]['u']['to'][] = $user->lang['UNDISCLOSED_RECIPIENT'];
+				}
+
+				decode_message($message_row['message_text'], $message_row['bbcode_uid']);
+
+				$data[] = array(
+					'subject'	=> censor_text($row['message_subject']),
+					'sender'	=> $row['username'],
+					// ISO 8601 date. For PHP4 we are able to hardcode the timezone because $user->format_date() does not set it.
+					'date'		=> $user->format_date($row['message_time'], 'c', true),
+					'to'		=> ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? $address[$message_id] : '',
+					'message'	=> $message_row['message_text']
+				);
+			}
+
+			switch ($export_type)
+			{
+				case 'CSV':
+				case 'CSV_EXCEL':
+					$mimetype = 'text/csv';
+					$filetype = 'csv';
+
+					if ($export_type == 'CSV_EXCEL')
+					{
+						$enclosure = '"';
+						$delimiter = ',';
+						$newline = "\r\n";
+					}
+					else
+					{
+						$newline = "\n";
+					}
+
+					$string = '';
+					foreach ($data as $value)
+					{
+						$recipients = $value['to'];
+						$value['to'] = $value['bcc'] = '';
+
+						if (is_array($recipients))
+						{
+							foreach ($recipients as $values)
+							{
+								$value['bcc'] .= (isset($values['bcc']) && is_array($values['bcc'])) ? ',' . implode(',', $values['bcc']) : '';
+								$value['to'] .= (isset($values['to']) && is_array($values['to'])) ? ',' . implode(',', $values['to']) : '';
+							}
+
+							// Remove the commas which will appear before the first entry.
+							$value['to'] = substr($value['to'], 1);
+							$value['bcc'] = substr($value['bcc'], 1);
+						}
+
+						foreach ($value as $tag => $text)
+						{
+							$cell = str_replace($enclosure, $enclosure . $enclosure, $text);
+
+							if (strpos($cell, $enclosure) !== false || strpos($cell, $delimiter) !== false || strpos($cell, $newline) !== false)
+							{
+								$string .= $enclosure . $text . $enclosure . $delimiter;
+							}
+							else
+							{
+								$string .= $cell . $delimiter;
+							}
+						}
+						$string = substr($string, 0, -1) . $newline;
+					}
+				break;
+
+				case 'XML':
+					$mimetype = 'application/xml';
+					$filetype = 'xml';
+					$string = '<?xml version="1.0"?>' . "\n";
+					$string .= "<phpbb>\n";
+
+					foreach ($data as $value)
+					{
+						$string .= "\t<privmsg>\n";
+
+						if (is_array($value['to']))
+						{
+							foreach ($value['to'] as $key => $values)
+							{
+								foreach ($values as $type => $types)
+								{
+									foreach ($types as $name)
+									{
+										$string .= "\t\t<recipient type=\"$type\" status=\"$key\">$name</recipient>\n";
+									}
+								}
+							}
+						}
+
+						unset($value['to']);
+
+						foreach ($value as $tag => $text)
+						{
+							$string .= "\t\t<$tag>$text</$tag>\n";
+						}
+
+						$string .= "\t</privmsg>\n";
+					}
+					$string .= '</phpbb>';
+				break;
+			}
+
+			header('Cache-Control: private, no-cache');
+			header("Content-Type: $mimetype; name=\"data.$filetype\"");
+			header("Content-disposition: attachment; filename=data.$filetype");
+			echo $string;
+			exit;
+		}
+	}
+}
+
+/**
+* Get Messages from folder/user
+*/
+function get_pm_from($folder_id, $folder, $user_id)
+{
+	global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher;
+
+	$start = $request->variable('start', 0);
+
+	// Additional vars later, pm ordering is mostly different from post ordering. :/
+	$sort_days	= $request->variable('st', 0);
+	$sort_key	= $request->variable('sk', 't');
+	$sort_dir	= $request->variable('sd', 'd');
+
+	/* @var $pagination \phpbb\pagination */
+	$pagination = $phpbb_container->get('pagination');
+
+	// PM ordering options
+	$limit_days = array(0 => $user->lang['ALL_MESSAGES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
+
+	// No sort by Author for sentbox/outbox (already only author available)
+	// Also, sort by msg_id for the time - private messages are not as prone to errors as posts are.
+	if ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX)
+	{
+		$sort_by_text = array('t' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
+		$sort_by_sql = array('t' => 'p.message_time', 's' => array('p.message_subject', 'p.message_time'));
+	}
+	else
+	{
+		$sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
+		$sort_by_sql = array('a' => array('u.username_clean', 'p.message_time'), 't' => 'p.message_time', 's' => array('p.message_subject', 'p.message_time'));
+	}
+
+	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
+	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
+
+	$folder_sql = 't.folder_id = ' . (int) $folder_id;
+
+	// Limit pms to certain time frame, obtain correct pm count
+	if ($sort_days)
+	{
+		$min_post_time = time() - ($sort_days * 86400);
+
+		if (isset($_POST['sort']))
+		{
+			$start = 0;
+		}
+
+		$sql = 'SELECT COUNT(t.msg_id) AS pm_count
+			FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . " p
+			WHERE $folder_sql
+				AND t.user_id = $user_id
+				AND t.msg_id = p.msg_id
+				AND p.message_time >= $min_post_time";
+		$result = $db->sql_query_limit($sql, 1);
+		$pm_count = (int) $db->sql_fetchfield('pm_count');
+		$db->sql_freeresult($result);
+
+		$sql_limit_time = "AND p.message_time >= $min_post_time";
+	}
+	else
+	{
+		$pm_count = (!empty($folder[$folder_id]['num_messages'])) ? $folder[$folder_id]['num_messages'] : 0;
+		$sql_limit_time = '';
+	}
+
+	$base_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=view&amp;action=view_folder&amp;f=$folder_id&amp;$u_sort_param");
+	$start = $pagination->validate_start($start, $config['topics_per_page'], $pm_count);
+	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $pm_count, $config['topics_per_page'], $start);
+
+	$template_vars = array(
+		'TOTAL_MESSAGES'	=> $user->lang('VIEW_PM_MESSAGES', (int) $pm_count),
+
+		'POST_IMG'		=> (!$auth->acl_get('u_sendpm')) ? $user->img('button_topic_locked', 'POST_PM_LOCKED') : $user->img('button_pm_new', 'POST_NEW_PM'),
+
+		'S_NO_AUTH_SEND_MESSAGE'	=> !$auth->acl_get('u_sendpm'),
+
+		'S_SELECT_SORT_DIR'		=> $s_sort_dir,
+		'S_SELECT_SORT_KEY'		=> $s_sort_key,
+		'S_SELECT_SORT_DAYS'	=> $s_limit_days,
+		'S_TOPIC_ICONS'			=> ($config['enable_pm_icons']) ? true : false,
+
+		'U_POST_NEW_TOPIC'	=> ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose') : '',
+		'S_PM_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=view&amp;action=view_folder&amp;f=$folder_id" . (($start !== 0) ? "&amp;start=$start" : '')),
+	);
+
+	/**
+	* Modify template variables before they are assigned
+	*
+	* @event core.ucp_pm_view_folder_get_pm_from_template
+	* @var	int		folder_id		Folder ID
+	* @var	array	folder			Folder data
+	* @var	int		user_id			User ID
+	* @var	string	base_url		Pagination base URL
+	* @var	int		start			Pagination start
+	* @var	int		pm_count		Count of PMs
+	* @var	array	template_vars	Template variables to be assigned
+	* @since 3.1.11-RC1
+	*/
+	$vars = array(
+		'folder_id',
+		'folder',
+		'user_id',
+		'base_url',
+		'start',
+		'pm_count',
+		'template_vars',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_folder_get_pm_from_template', compact($vars)));
+
+	$template->assign_vars($template_vars);
+
+	// Grab all pm data
+	$rowset = $pm_list = array();
+
+	// If the user is trying to reach late pages, start searching from the end
+	$store_reverse = false;
+	$sql_limit = $config['topics_per_page'];
+	if ($start > $pm_count / 2)
+	{
+		$store_reverse = true;
+
+		// Select the sort order
+		$direction = ($sort_dir == 'd') ? 'ASC' : 'DESC';
+		$sql_limit = $pagination->reverse_limit($start, $sql_limit, $pm_count);
+		$sql_start = $pagination->reverse_start($start, $sql_limit, $pm_count);
+	}
+	else
+	{
+		// Select the sort order
+		$direction = ($sort_dir == 'd') ? 'DESC' : 'ASC';
+		$sql_start = $start;
+	}
+
+	// Sql sort order
+	if (is_array($sort_by_sql[$sort_key]))
+	{
+		$sql_sort_order = implode(' ' . $direction . ', ', $sort_by_sql[$sort_key]) . ' ' . $direction;
+	}
+	else
+	{
+		$sql_sort_order = $sort_by_sql[$sort_key] . ' ' . $direction;
+	}
+
+	$sql_ary = array(
+		'SELECT'	=> 't.*, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username, u.username_clean, u.user_colour, p.message_reported',
+		'FROM'		=> array(
+			PRIVMSGS_TO_TABLE	=> 't',
+			PRIVMSGS_TABLE		=> 'p',
+			USERS_TABLE			=> 'u',
+		),
+		'WHERE'		=> "t.user_id = $user_id
+			AND p.author_id = u.user_id
+			AND $folder_sql
+			AND t.msg_id = p.msg_id
+			$sql_limit_time",
+		'ORDER_BY'	=> $sql_sort_order,
+	);
+
+	/**
+	* Modify SQL before it is executed
+	*
+	* @event core.ucp_pm_view_folder_get_pm_from_sql
+	* @var	array	sql_ary		SQL array
+	* @var	int		sql_limit	SQL limit
+	* @var	int		sql_start	SQL start
+	* @since 3.1.11-RC1
+	*/
+	$vars = array(
+		'sql_ary',
+		'sql_limit',
+		'sql_start',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_folder_get_pm_from_sql', compact($vars)));
+
+	$result = $db->sql_query_limit($db->sql_build_query('SELECT', $sql_ary), $sql_limit, $sql_start);
+
+	$pm_reported = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$rowset[$row['msg_id']] = $row;
+		$pm_list[] = $row['msg_id'];
+		if ($row['message_reported'])
+		{
+			$pm_reported[] = $row['msg_id'];
+		}
+	}
+	$db->sql_freeresult($result);
+
+	// Fetch the report_ids, if there are any reported pms.
+	if (!empty($pm_reported) && $auth->acl_getf_global('m_report'))
+	{
+		$sql = 'SELECT pm_id, report_id
+			FROM ' . REPORTS_TABLE . '
+			WHERE report_closed = 0
+				AND ' . $db->sql_in_set('pm_id', $pm_reported);
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$rowset[$row['pm_id']]['report_id'] = $row['report_id'];
+		}
+		$db->sql_freeresult($result);
+	}
+
+	$pm_list = ($store_reverse) ? array_reverse($pm_list) : $pm_list;
+
+	return array(
+		'pm_count'	=> $pm_count,
+		'pm_list'	=> $pm_list,
+		'rowset'	=> $rowset
+	);
+}

includes/ucp/ucp_pm_viewmessage.php

@@ -0,0 +1,449 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* View private message
+*/
+function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
+{
+	global $user, $template, $auth, $db, $phpbb_container;
+	global $phpbb_root_path, $request, $phpEx, $config, $phpbb_dispatcher;
+
+	$user->add_lang(array('viewtopic', 'memberlist'));
+
+	$msg_id		= (int) $msg_id;
+	$folder_id	= (int) $folder_id;
+	$author_id	= (int) $message_row['author_id'];
+	$view		= $request->variable('view', '');
+
+	// Not able to view message, it was deleted by the sender
+	if ($message_row['pm_deleted'])
+	{
+		$meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;folder=$folder_id");
+		$message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE'];
+
+		$message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
+		send_status_line(403, 'Forbidden');
+		trigger_error($message);
+	}
+
+	// Do not allow hold messages to be seen
+	if ($folder_id == PRIVMSGS_HOLD_BOX)
+	{
+		trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
+	}
+
+	// Load the custom profile fields
+	if ($config['load_cpf_pm'])
+	{
+		/* @var $cp \phpbb\profilefields\manager */
+		$cp = $phpbb_container->get('profilefields.manager');
+
+		$profile_fields = $cp->grab_profile_fields_data($author_id);
+	}
+
+	// Assign TO/BCC Addresses to template
+	write_pm_addresses(array('to' => $message_row['to_address'], 'bcc' => $message_row['bcc_address']), $author_id);
+
+	$user_info = get_user_information($author_id, $message_row);
+
+	// Parse the message and subject
+	$parse_flags = ($message_row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0) | OPTION_FLAG_SMILIES;
+	$message = generate_text_for_display($message_row['message_text'], $message_row['bbcode_uid'], $message_row['bbcode_bitfield'], $parse_flags, true);
+
+	// Replace naughty words such as farty pants
+	$message_row['message_subject'] = censor_text($message_row['message_subject']);
+
+	// Editing information
+	if ($message_row['message_edit_count'] && $config['display_last_edited'])
+	{
+		if (!$message_row['message_edit_user'])
+		{
+			$display_username = get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour']);
+		}
+		else
+		{
+			$edit_user_info = get_user_information($message_row['message_edit_user'], false);
+			$display_username = get_username_string('full', $message_row['message_edit_user'], $edit_user_info['username'], $edit_user_info['user_colour']);
+		}
+		$l_edited_by = '<br /><br />' . $user->lang('EDITED_TIMES_TOTAL', (int) $message_row['message_edit_count'], $display_username, $user->format_date($message_row['message_edit_time'], false, true));
+	}
+	else
+	{
+		$l_edited_by = '';
+	}
+
+	// Pull attachment data
+	$display_notice = false;
+	$attachments = array();
+
+	if ($message_row['message_attachment'] && $config['allow_pm_attach'])
+	{
+		if ($auth->acl_get('u_pm_download'))
+		{
+			$sql = 'SELECT *
+				FROM ' . ATTACHMENTS_TABLE . "
+				WHERE post_msg_id = $msg_id
+					AND in_message = 1
+				ORDER BY filetime DESC, post_msg_id ASC";
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$attachments[] = $row;
+			}
+			$db->sql_freeresult($result);
+
+			// No attachments exist, but message table thinks they do so go ahead and reset attach flags
+			if (!count($attachments))
+			{
+				$sql = 'UPDATE ' . PRIVMSGS_TABLE . "
+					SET message_attachment = 0
+					WHERE msg_id = $msg_id";
+				$db->sql_query($sql);
+			}
+		}
+		else
+		{
+			$display_notice = true;
+		}
+	}
+
+	// Assign inline attachments
+	if (!empty($attachments))
+	{
+		$update_count = array();
+		parse_attachments(false, $message, $attachments, $update_count);
+
+		// Update the attachment download counts
+		if (count($update_count))
+		{
+			$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
+				SET download_count = download_count + 1
+				WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count));
+			$db->sql_query($sql);
+		}
+	}
+
+	$user_info['sig'] = '';
+
+	$signature = ($message_row['enable_sig'] && $config['allow_sig'] && $auth->acl_get('u_sig') && $user->optionget('viewsigs')) ? $user_info['user_sig'] : '';
+
+	// End signature parsing, only if needed
+	if ($signature)
+	{
+		$parse_flags = ($user_info['user_sig_bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0) | OPTION_FLAG_SMILIES;
+		$signature = generate_text_for_display($signature, $user_info['user_sig_bbcode_uid'], $user_info['user_sig_bbcode_bitfield'], $parse_flags, true);
+	}
+
+	$url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm');
+
+	// Number of "to" recipients
+	$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match);
+
+	$bbcode_status	= ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false;
+
+	// Get the profile fields template data
+	$cp_row = array();
+	if ($config['load_cpf_pm'] && isset($profile_fields[$author_id]))
+	{
+		// Filter the fields we don't want to show
+		foreach ($profile_fields[$author_id] as $used_ident => $profile_field)
+		{
+			if (!$profile_field['data']['field_show_on_pm'])
+			{
+				unset($profile_fields[$author_id][$used_ident]);
+			}
+		}
+
+		if (isset($profile_fields[$author_id]))
+		{
+			$cp_row = $cp->generate_profile_fields_template_data($profile_fields[$author_id]);
+		}
+	}
+
+	$u_pm = $u_jabber = '';
+
+	if ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')))
+	{
+		$u_pm = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $author_id);
+	}
+
+	if ($config['jab_enable'] && $user_info['user_jabber'] && $auth->acl_get('u_sendim'))
+	{
+		$u_jabber = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=jabber&amp;u=' . $author_id);
+	}
+
+	$msg_data = array(
+		'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
+		'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
+		'MESSAGE_AUTHOR'			=> get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
+		'U_MESSAGE_AUTHOR'			=> get_username_string('profile', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
+
+		'RANK_TITLE'		=> $user_info['rank_title'],
+		'RANK_IMG'			=> $user_info['rank_image'],
+		'AUTHOR_AVATAR'		=> (isset($user_info['avatar'])) ? $user_info['avatar'] : '',
+		'AUTHOR_JOINED'		=> $user->format_date($user_info['user_regdate']),
+		'AUTHOR_POSTS'		=> (int) $user_info['user_posts'],
+		'U_AUTHOR_POSTS'	=> ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$author_id&amp;sr=posts") : '',
+		'CONTACT_USER'		=> $user->lang('CONTACT_USER', get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username'])),
+
+		'ONLINE_IMG'		=> (!$config['load_onlinetrack']) ? '' : ((isset($user_info['online']) && $user_info['online']) ? $user->img('icon_user_online', $user->lang['ONLINE']) : $user->img('icon_user_offline', $user->lang['OFFLINE'])),
+		'S_ONLINE'			=> (!$config['load_onlinetrack']) ? false : ((isset($user_info['online']) && $user_info['online']) ? true : false),
+		'DELETE_IMG'		=> $user->img('icon_post_delete', $user->lang['DELETE_MESSAGE']),
+		'INFO_IMG'			=> $user->img('icon_post_info', $user->lang['VIEW_PM_INFO']),
+		'PROFILE_IMG'		=> $user->img('icon_user_profile', $user->lang['READ_PROFILE']),
+		'EMAIL_IMG'			=> $user->img('icon_contact_email', $user->lang['SEND_EMAIL']),
+		'QUOTE_IMG'			=> $user->img('icon_post_quote', $user->lang['POST_QUOTE_PM']),
+		'REPLY_IMG'			=> $user->img('button_pm_reply', $user->lang['POST_REPLY_PM']),
+		'REPORT_IMG'		=> $user->img('icon_post_report', 'REPORT_PM'),
+		'EDIT_IMG'			=> $user->img('icon_post_edit', $user->lang['POST_EDIT_PM']),
+		'MINI_POST_IMG'		=> $user->img('icon_post_target', $user->lang['PM']),
+
+		'SENT_DATE'			=> ($view == 'print') ? $user->format_date($message_row['message_time'], false, true) : $user->format_date($message_row['message_time']),
+		'SUBJECT'			=> $message_row['message_subject'],
+		'MESSAGE'			=> $message,
+		'SIGNATURE'			=> ($message_row['enable_sig']) ? $signature : '',
+		'EDITED_MESSAGE'	=> $l_edited_by,
+		'MESSAGE_ID'		=> $message_row['msg_id'],
+
+		'U_PM'			=>  $u_pm,
+		'U_JABBER'		=>  $u_jabber,
+
+		'U_DELETE'			=> ($auth->acl_get('u_pm_delete')) ? "$url&amp;mode=compose&amp;action=delete&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '',
+		'U_EMAIL'			=> $user_info['email'],
+		'U_REPORT'			=> ($config['allow_pm_report']) ? $phpbb_container->get('controller.helper')->route('phpbb_report_pm_controller', array('id' => $message_row['msg_id'])) : '',
+		'U_QUOTE'			=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&amp;mode=compose&amp;action=quote&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '',
+		'U_EDIT'			=> (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&amp;mode=compose&amp;action=edit&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '',
+		'U_POST_REPLY_PM'	=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&amp;mode=compose&amp;action=reply&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '',
+		'U_POST_REPLY_ALL'	=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&amp;mode=compose&amp;action=reply&amp;f=$folder_id&amp;reply_to_all=1&amp;p=" . $message_row['msg_id'] : '',
+		'U_PREVIOUS_PM'		=> "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=previous",
+		'U_NEXT_PM'			=> "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=next",
+
+		'U_PM_ACTION'		=> $url . '&amp;mode=compose&amp;f=' . $folder_id . '&amp;p=' . $message_row['msg_id'],
+
+		'S_HAS_ATTACHMENTS'	=> (count($attachments)) ? true : false,
+		'S_DISPLAY_NOTICE'	=> $display_notice && $message_row['message_attachment'],
+		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
+		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
+		'S_PM_RECIPIENTS'	=> $num_recipients,
+		'S_BBCODE_ALLOWED'	=> ($bbcode_status) ? 1 : 0,
+		'S_CUSTOM_FIELDS'	=> (!empty($cp_row['row'])) ? true : false,
+
+		'U_PRINT_PM'		=> ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=print" : '',
+		'U_FORWARD_PM'		=> ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&amp;mode=compose&amp;action=forward&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '',
+	);
+
+	/**
+	* Modify pm and sender data before it is assigned to the template
+	*
+	* @event core.ucp_pm_view_messsage
+	* @var	mixed	id			Active module category (can be int or string)
+	* @var	string	mode		Active module
+	* @var	int		folder_id	ID of the folder the message is in
+	* @var	int		msg_id		ID of the private message
+	* @var	array	folder		Array with data of user's message folders
+	* @var	array	message_row	Array with message data
+	* @var	array	cp_row		Array with senders custom profile field data
+	* @var	array	msg_data	Template array with message data
+	* @var 	array	user_info	User data of the sender
+	* @since 3.1.0-a1
+	* @changed 3.1.6-RC1		Added user_info into event
+	* @changed 3.2.2-RC1		Deprecated
+	* @deprecated 4.0.0			Event name is misspelled and is replaced with new event with correct name
+	*/
+	$vars = array(
+		'id',
+		'mode',
+		'folder_id',
+		'msg_id',
+		'folder',
+		'message_row',
+		'cp_row',
+		'msg_data',
+		'user_info',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_messsage', compact($vars)));
+
+	/**
+	 * Modify pm and sender data before it is assigned to the template
+	 *
+	 * @event core.ucp_pm_view_message
+	 * @var	mixed	id			Active module category (can be int or string)
+	 * @var	string	mode		Active module
+	 * @var	int		folder_id	ID of the folder the message is in
+	 * @var	int		msg_id		ID of the private message
+	 * @var	array	folder		Array with data of user's message folders
+	 * @var	array	message_row	Array with message data
+	 * @var	array	cp_row		Array with senders custom profile field data
+	 * @var	array	msg_data	Template array with message data
+	 * @var array	user_info	User data of the sender
+	 * @var array	attachments	Attachments data
+	 * @since 3.2.2-RC1
+	 * @changed 3.2.5-RC1 Added attachments
+	 */
+	$vars = array(
+		'id',
+		'mode',
+		'folder_id',
+		'msg_id',
+		'folder',
+		'message_row',
+		'cp_row',
+		'msg_data',
+		'user_info',
+		'attachments',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_message', compact($vars)));
+
+	$template->assign_vars($msg_data);
+
+	$contact_fields = array(
+		array(
+			'ID'		=> 'pm',
+			'NAME'		=> $user->lang['SEND_PRIVATE_MESSAGE'],
+			'U_CONTACT' => $u_pm,
+		),
+		array(
+			'ID'		=> 'email',
+			'NAME'		=> $user->lang['SEND_EMAIL'],
+			'U_CONTACT'	=> $user_info['email'],
+		),
+		array(
+			'ID'		=> 'jabber',
+			'NAME'		=> $user->lang['JABBER'],
+			'U_CONTACT'	=> $u_jabber,
+		),
+	);
+
+	foreach ($contact_fields as $field)
+	{
+		if ($field['U_CONTACT'])
+		{
+			$template->assign_block_vars('contact', $field);
+		}
+	}
+
+	// Display the custom profile fields
+	if (!empty($cp_row['row']))
+	{
+		$template->assign_vars($cp_row['row']);
+
+		foreach ($cp_row['blockrow'] as $cp_block_row)
+		{
+			$template->assign_block_vars('custom_fields', $cp_block_row);
+
+			if ($cp_block_row['S_PROFILE_CONTACT'])
+			{
+				$template->assign_block_vars('contact', array(
+					'ID'		=> $cp_block_row['PROFILE_FIELD_IDENT'],
+					'NAME'		=> $cp_block_row['PROFILE_FIELD_NAME'],
+					'U_CONTACT'	=> $cp_block_row['PROFILE_FIELD_CONTACT'],
+				));
+			}
+		}
+	}
+
+	// Display not already displayed Attachments for this post, we already parsed them. ;)
+	if (isset($attachments) && count($attachments))
+	{
+		foreach ($attachments as $attachment)
+		{
+			$template->assign_block_vars('attachment', array(
+				'DISPLAY_ATTACHMENT'	=> $attachment)
+			);
+		}
+	}
+
+	if (!isset($_REQUEST['view']) || $request->variable('view', '') != 'print')
+	{
+		// Message History
+		if (message_history($msg_id, $user->data['user_id'], $message_row, $folder))
+		{
+			$template->assign_var('S_DISPLAY_HISTORY', true);
+		}
+	}
+}
+
+/**
+* Get user information (only for message display)
+*/
+function get_user_information($user_id, $user_row)
+{
+	global $db, $auth, $user;
+	global $phpbb_root_path, $phpEx, $config;
+
+	if (!$user_id)
+	{
+		return array();
+	}
+
+	if (empty($user_row))
+	{
+		$sql = 'SELECT *
+			FROM ' . USERS_TABLE . '
+			WHERE user_id = ' . (int) $user_id;
+		$result = $db->sql_query($sql);
+		$user_row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+	}
+
+	// Some standard values
+	$user_row['online'] = false;
+	$user_row['rank_title'] = $user_row['rank_image'] = $user_row['rank_image_src'] = $user_row['email'] = '';
+
+	// Generate online information for user
+	if ($config['load_onlinetrack'])
+	{
+		$sql = 'SELECT session_user_id, MAX(session_time) as online_time, MIN(session_viewonline) AS viewonline
+			FROM ' . SESSIONS_TABLE . "
+			WHERE session_user_id = $user_id
+			GROUP BY session_user_id";
+		$result = $db->sql_query_limit($sql, 1);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		$update_time = $config['load_online_time'] * 60;
+		if ($row)
+		{
+			$user_row['online'] = (time() - $update_time < $row['online_time'] && ($row['viewonline'] || $auth->acl_get('u_viewonline'))) ? true : false;
+		}
+	}
+
+	$user_row['avatar'] = ($user->optionget('viewavatars')) ? phpbb_get_user_avatar($user_row) : '';
+
+	if (!function_exists('phpbb_get_user_rank'))
+	{
+		include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+	}
+
+	$user_rank_data = phpbb_get_user_rank($user_row, $user_row['user_posts']);
+	$user_row['rank_title'] = $user_rank_data['title'];
+	$user_row['rank_image'] = $user_rank_data['img'];
+	$user_row['rank_image_src'] = $user_rank_data['img_src'];
+
+	if ((!empty($user_row['user_allow_viewemail']) && $auth->acl_get('u_sendemail')) || $auth->acl_get('a_email'))
+	{
+		$user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&amp;u=$user_id") : ((($config['board_hide_emails'] && !$auth->acl_get('a_email')) || empty($user_row['user_email'])) ? '' : 'mailto:' . $user_row['user_email']);
+	}
+
+	return $user_row;
+}

includes/ucp/ucp_prefs.php

@@ -0,0 +1,537 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_prefs
+* Changing user preferences
+*/
+class ucp_prefs
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $db, $user, $auth, $template, $phpbb_dispatcher, $request;
+
+		$submit = (isset($_POST['submit'])) ? true : false;
+		$error = $data = array();
+		$s_hidden_fields = '';
+
+		switch ($mode)
+		{
+			case 'personal':
+				add_form_key('ucp_prefs_personal');
+				$data = array(
+					'notifymethod'	=> $request->variable('notifymethod', $user->data['user_notify_type']),
+					'dateformat'	=> $request->variable('dateformat', $user->data['user_dateformat'], true),
+					'lang'			=> basename($request->variable('lang', $user->data['user_lang'])),
+					'user_style'		=> $request->variable('user_style', (int) $user->data['user_style']),
+					'tz'			=> $request->variable('tz', $user->data['user_timezone']),
+
+					'viewemail'		=> $request->variable('viewemail', (bool) $user->data['user_allow_viewemail']),
+					'massemail'		=> $request->variable('massemail', (bool) $user->data['user_allow_massemail']),
+					'hideonline'	=> $request->variable('hideonline', (bool) !$user->data['user_allow_viewonline']),
+					'allowpm'		=> $request->variable('allowpm', (bool) $user->data['user_allow_pm']),
+				);
+
+				if ($data['notifymethod'] == NOTIFY_IM && (!$config['jab_enable'] || !$user->data['user_jabber'] || !@extension_loaded('xml')))
+				{
+					// Jabber isnt enabled, or no jabber field filled in. Update the users table to be sure its correct.
+					$data['notifymethod'] = NOTIFY_BOTH;
+				}
+
+				/**
+				* Add UCP edit global settings data before they are assigned to the template or submitted
+				*
+				* To assign data to the template, use $template->assign_vars()
+				*
+				* @event core.ucp_prefs_personal_data
+				* @var	bool	submit		Do we display the form only
+				*							or did the user press submit
+				* @var	array	data		Array with current ucp options data
+				* @var	array	error		Array with list of errors
+				* @since 3.1.0-a1
+				* @changed 3.1.4-RC1 Added error variable to the event
+				*/
+				$vars = array('submit', 'data', 'error');
+				extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_personal_data', compact($vars)));
+
+				if ($submit)
+				{
+					if ($config['override_user_style'])
+					{
+						$data['user_style'] = (int) $config['default_style'];
+					}
+					else if (!phpbb_style_is_active($data['user_style']))
+					{
+						$data['user_style'] = (int) $user->data['user_style'];
+					}
+
+					$error = array_merge(validate_data($data, array(
+						'dateformat'	=> array('string', false, 1, 64),
+						'lang'			=> array('language_iso_name'),
+						'tz'			=> array('timezone'),
+					)), $error);
+
+					if (!check_form_key('ucp_prefs_personal'))
+					{
+						$error[] = 'FORM_INVALID';
+					}
+
+					if (!count($error))
+					{
+						$sql_ary = array(
+							'user_allow_pm'			=> $data['allowpm'],
+							'user_allow_viewemail'	=> $data['viewemail'],
+							'user_allow_massemail'	=> $data['massemail'],
+							'user_allow_viewonline'	=> ($auth->acl_get('u_hideonline')) ? !$data['hideonline'] : $user->data['user_allow_viewonline'],
+							'user_notify_type'		=> $data['notifymethod'],
+							'user_options'			=> $user->data['user_options'],
+
+							'user_dateformat'		=> $data['dateformat'],
+							'user_lang'				=> $data['lang'],
+							'user_timezone'			=> $data['tz'],
+							'user_style'			=> $data['user_style'],
+						);
+
+						/**
+						* Update UCP edit global settings data on form submit
+						*
+						* @event core.ucp_prefs_personal_update_data
+						* @var	array	data		Submitted display options data
+						* @var	array	sql_ary		Display options data we update
+						* @since 3.1.0-a1
+						*/
+						$vars = array('data', 'sql_ary');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_personal_update_data', compact($vars)));
+
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+							WHERE user_id = ' . $user->data['user_id'];
+						$db->sql_query($sql);
+
+						meta_refresh(3, $this->u_action);
+						$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+						trigger_error($message);
+					}
+
+					// Replace "error" strings with their real, localised form
+					$error = array_map(array($user, 'lang'), $error);
+				}
+
+				$dateformat_options = '';
+
+				foreach ($user->lang['dateformats'] as $format => $null)
+				{
+					$dateformat_options .= '<option value="' . $format . '"' . (($format == $data['dateformat']) ? ' selected="selected"' : '') . '>';
+					$dateformat_options .= $user->format_date(time(), $format, false) . ((strpos($format, '|') !== false) ? $user->lang['VARIANT_DATE_SEPARATOR'] . $user->format_date(time(), $format, true) : '');
+					$dateformat_options .= '</option>';
+				}
+
+				$s_custom = false;
+
+				$dateformat_options .= '<option value="custom"';
+				if (!isset($user->lang['dateformats'][$data['dateformat']]))
+				{
+					$dateformat_options .= ' selected="selected"';
+					$s_custom = true;
+				}
+				$dateformat_options .= '>' . $user->lang['CUSTOM_DATEFORMAT'] . '</option>';
+
+				phpbb_timezone_select($template, $user, $data['tz'], true);
+
+				// check if there are any user-selectable languages
+				$sql = 'SELECT COUNT(lang_id) as languages_count
+								FROM ' . LANG_TABLE;
+				$result = $db->sql_query($sql);
+				if ($db->sql_fetchfield('languages_count') > 1)
+				{
+					$s_more_languages = true;
+				}
+				else
+				{
+					$s_more_languages = false;
+				}
+				$db->sql_freeresult($result);
+
+				// check if there are any user-selectable styles
+				$sql = 'SELECT COUNT(style_id) as styles_count
+								FROM ' . STYLES_TABLE . '
+								WHERE style_active = 1';
+				$result = $db->sql_query($sql);
+				if ($db->sql_fetchfield('styles_count') > 1)
+				{
+					$s_more_styles = true;
+				}
+				else
+				{
+					$s_more_styles = false;
+				}
+				$db->sql_freeresult($result);
+
+				$template->assign_vars(array(
+					'ERROR'				=> (count($error)) ? implode('<br />', $error) : '',
+
+					'S_NOTIFY_EMAIL'	=> ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false,
+					'S_NOTIFY_IM'		=> ($data['notifymethod'] == NOTIFY_IM) ? true : false,
+					'S_NOTIFY_BOTH'		=> ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
+					'S_VIEW_EMAIL'		=> $data['viewemail'],
+					'S_MASS_EMAIL'		=> $data['massemail'],
+					'S_ALLOW_PM'		=> $data['allowpm'],
+					'S_HIDE_ONLINE'		=> $data['hideonline'],
+
+					'DATE_FORMAT'			=> $data['dateformat'],
+					'A_DATE_FORMAT'			=> addslashes($data['dateformat']),
+					'S_DATEFORMAT_OPTIONS'	=> $dateformat_options,
+					'S_CUSTOM_DATEFORMAT'	=> $s_custom,
+					'DEFAULT_DATEFORMAT'	=> $config['default_dateformat'],
+					'A_DEFAULT_DATEFORMAT'	=> addslashes($config['default_dateformat']),
+
+					'S_MORE_LANGUAGES'	=> $s_more_languages,
+					'S_MORE_STYLES'			=> $s_more_styles,
+
+					'S_LANG_OPTIONS'		=> language_select($data['lang']),
+					'S_STYLE_OPTIONS'		=> ($config['override_user_style']) ? '' : style_select($data['user_style']),
+					'S_CAN_HIDE_ONLINE'		=> ($auth->acl_get('u_hideonline')) ? true : false,
+					'S_SELECT_NOTIFY'		=> ($config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml')) ? true : false)
+				);
+
+			break;
+
+			case 'view':
+
+				add_form_key('ucp_prefs_view');
+
+				$data = array(
+					'topic_sk'		=> $request->variable('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'),
+					'topic_sd'		=> $request->variable('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'),
+					'topic_st'		=> $request->variable('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0),
+
+					'post_sk'		=> $request->variable('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'),
+					'post_sd'		=> $request->variable('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'),
+					'post_st'		=> $request->variable('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0),
+
+					'images'		=> $request->variable('images', (bool) $user->optionget('viewimg')),
+					'flash'			=> $request->variable('flash', (bool) $user->optionget('viewflash')),
+					'smilies'		=> $request->variable('smilies', (bool) $user->optionget('viewsmilies')),
+					'sigs'			=> $request->variable('sigs', (bool) $user->optionget('viewsigs')),
+					'avatars'		=> $request->variable('avatars', (bool) $user->optionget('viewavatars')),
+					'wordcensor'	=> $request->variable('wordcensor', (bool) $user->optionget('viewcensors')),
+				);
+
+				/**
+				* Add UCP edit display options data before they are assigned to the template or submitted
+				*
+				* To assign data to the template, use $template->assign_vars()
+				*
+				* @event core.ucp_prefs_view_data
+				* @var	bool	submit		Do we display the form only
+				*							or did the user press submit
+				* @var	array	data		Array with current ucp options data
+				* @since 3.1.0-a1
+				*/
+				$vars = array('submit', 'data');
+				extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_data', compact($vars)));
+
+				if ($submit)
+				{
+					$error = validate_data($data, array(
+						'topic_sk'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|r|s|t|v)#'),
+						),
+						'topic_sd'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|d)#'),
+						),
+						'post_sk'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|s|t)#'),
+						),
+						'post_sd'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|d)#'),
+						),
+					));
+
+					if (!check_form_key('ucp_prefs_view'))
+					{
+						$error[] = 'FORM_INVALID';
+					}
+
+					if (!count($error))
+					{
+						$user->optionset('viewimg', $data['images']);
+						$user->optionset('viewflash', $data['flash']);
+						$user->optionset('viewsmilies', $data['smilies']);
+						$user->optionset('viewsigs', $data['sigs']);
+						$user->optionset('viewavatars', $data['avatars']);
+
+						if ($auth->acl_get('u_chgcensors'))
+						{
+							$user->optionset('viewcensors', $data['wordcensor']);
+						}
+
+						$sql_ary = array(
+							'user_options'				=> $user->data['user_options'],
+							'user_topic_sortby_type'	=> $data['topic_sk'],
+							'user_post_sortby_type'		=> $data['post_sk'],
+							'user_topic_sortby_dir'		=> $data['topic_sd'],
+							'user_post_sortby_dir'		=> $data['post_sd'],
+
+							'user_topic_show_days'	=> $data['topic_st'],
+							'user_post_show_days'	=> $data['post_st'],
+						);
+
+						/**
+						* Update UCP edit display options data on form submit
+						*
+						* @event core.ucp_prefs_view_update_data
+						* @var	array	data		Submitted display options data
+						* @var	array	sql_ary		Display options data we update
+						* @since 3.1.0-a1
+						*/
+						$vars = array('data', 'sql_ary');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_update_data', compact($vars)));
+
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+							WHERE user_id = ' . $user->data['user_id'];
+						$db->sql_query($sql);
+
+						meta_refresh(3, $this->u_action);
+						$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+						trigger_error($message);
+					}
+
+					// Replace "error" strings with their real, localised form
+					$error = array_map(array($user, 'lang'), $error);
+				}
+
+				$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
+
+				// Topic ordering options
+				$limit_topic_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
+
+				$sort_by_topic_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
+				$sort_by_topic_sql = array('a' => 't.topic_first_poster_name', 't' => array('t.topic_last_post_time', 't.topic_last_post_id'), 'r' => 't.topic_posts_approved', 's' => 't.topic_title', 'v' => 't.topic_views');
+
+				// Post ordering options
+				$limit_post_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
+
+				$sort_by_post_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
+				$sort_by_post_sql = array('a' => 'u.username_clean', 't' => 'p.post_id', 's' => 'p.post_subject');
+
+				$_options = array('topic', 'post');
+				foreach ($_options as $sort_option)
+				{
+					${'s_limit_' . $sort_option . '_days'} = '<select name="' . $sort_option . '_st">';
+					foreach (${'limit_' . $sort_option . '_days'} as $day => $text)
+					{
+						$selected = ($data[$sort_option . '_st'] == $day) ? ' selected="selected"' : '';
+						${'s_limit_' . $sort_option . '_days'} .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
+					}
+					${'s_limit_' . $sort_option . '_days'} .= '</select>';
+
+					${'s_sort_' . $sort_option . '_key'} = '<select name="' . $sort_option . '_sk">';
+					foreach (${'sort_by_' . $sort_option . '_text'} as $key => $text)
+					{
+						$selected = ($data[$sort_option . '_sk'] == $key) ? ' selected="selected"' : '';
+						${'s_sort_' . $sort_option . '_key'} .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
+					}
+					${'s_sort_' . $sort_option . '_key'} .= '</select>';
+
+					${'s_sort_' . $sort_option . '_dir'} = '<select name="' . $sort_option . '_sd">';
+					foreach ($sort_dir_text as $key => $value)
+					{
+						$selected = ($data[$sort_option . '_sd'] == $key) ? ' selected="selected"' : '';
+						${'s_sort_' . $sort_option . '_dir'} .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
+					}
+					${'s_sort_' . $sort_option . '_dir'} .= '</select>';
+				}
+
+				/**
+				* Run code before view form is displayed
+				*
+				* @event core.ucp_prefs_view_after
+				* @var	bool	submit				Do we display the form only
+				*									or did the user press submit
+				* @var	array	data				Array with current ucp options data
+				* @var	array	sort_dir_text		Array with sort dir language strings
+				* @var	array	limit_topic_days	Topic ordering options
+				* @var	array	sort_by_topic_text	Topic ordering language strings
+				* @var	array	sort_by_topic_sql	Topic ordering sql
+				* @var	array	limit_post_days		Post ordering options
+				* @var	array	sort_by_post_text	Post ordering language strings
+				* @var	array	sort_by_post_sql	Post ordering sql
+				* @var	array	_options			Sort options
+				* @var	string	s_limit_topic_days	Sort limit topic by days select box
+				* @var	string	s_sort_topic_key	Sort topic key select box
+				* @var	string	s_sort_topic_dir	Sort topic dir select box
+				* @var	string	s_limit_post_days	Sort limit post by days select box
+				* @var	string	s_sort_post_key		Sort post key select box
+				* @var	string	s_sort_post_dir		Sort post dir select box
+				* @since 3.1.8-RC1
+				*/
+				$vars = array(
+					'submit',
+					'data',
+					'sort_dir_text',
+					'limit_topic_days',
+					'sort_by_topic_text',
+					'sort_by_topic_sql',
+					'limit_post_days',
+					'sort_by_post_text',
+					'sort_by_post_sql',
+					'_options',
+					's_limit_topic_days',
+					's_sort_topic_key',
+					's_sort_topic_dir',
+					's_limit_post_days',
+					's_sort_post_key',
+					's_sort_post_dir',
+				);
+				extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_after', compact($vars)));
+
+				$template->assign_vars(array(
+					'ERROR'				=> (count($error)) ? implode('<br />', $error) : '',
+
+					'S_IMAGES'			=> $data['images'],
+					'S_FLASH'			=> $data['flash'],
+					'S_SMILIES'			=> $data['smilies'],
+					'S_SIGS'			=> $data['sigs'],
+					'S_AVATARS'			=> $data['avatars'],
+					'S_DISABLE_CENSORS'	=> $data['wordcensor'],
+
+					'S_CHANGE_CENSORS'		=> ($auth->acl_get('u_chgcensors') && $config['allow_nocensors']) ? true : false,
+
+					'S_TOPIC_SORT_DAYS'		=> $s_limit_topic_days,
+					'S_TOPIC_SORT_KEY'		=> $s_sort_topic_key,
+					'S_TOPIC_SORT_DIR'		=> $s_sort_topic_dir,
+					'S_POST_SORT_DAYS'		=> $s_limit_post_days,
+					'S_POST_SORT_KEY'		=> $s_sort_post_key,
+					'S_POST_SORT_DIR'		=> $s_sort_post_dir)
+				);
+
+			break;
+
+			case 'post':
+
+				$data = array(
+					'bbcode'	=> $request->variable('bbcode', $user->optionget('bbcode')),
+					'smilies'	=> $request->variable('smilies', $user->optionget('smilies')),
+					'sig'		=> $request->variable('sig', $user->optionget('attachsig')),
+					'notify'	=> $request->variable('notify', (bool) $user->data['user_notify']),
+				);
+				add_form_key('ucp_prefs_post');
+
+				/**
+				* Add UCP edit posting defaults data before they are assigned to the template or submitted
+				*
+				* To assign data to the template, use $template->assign_vars()
+				*
+				* @event core.ucp_prefs_post_data
+				* @var	bool	submit		Do we display the form only
+				*							or did the user press submit
+				* @var	array	data		Array with current ucp options data
+				* @since 3.1.0-a1
+				*/
+				$vars = array('submit', 'data');
+				extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_post_data', compact($vars)));
+
+				if ($submit)
+				{
+					if (check_form_key('ucp_prefs_post'))
+					{
+						$user->optionset('bbcode', $data['bbcode']);
+						$user->optionset('smilies', $data['smilies']);
+						$user->optionset('attachsig', $data['sig']);
+
+						$sql_ary = array(
+							'user_options'	=> $user->data['user_options'],
+							'user_notify'	=> $data['notify'],
+						);
+
+						/**
+						* Update UCP edit posting defaults data on form submit
+						*
+						* @event core.ucp_prefs_post_update_data
+						* @var	array	data		Submitted display options data
+						* @var	array	sql_ary		Display options data we update
+						* @since 3.1.0-a1
+						*/
+						$vars = array('data', 'sql_ary');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_post_update_data', compact($vars)));
+
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+							WHERE user_id = ' . $user->data['user_id'];
+						$db->sql_query($sql);
+
+						$msg = $user->lang['PREFERENCES_UPDATED'];
+					}
+					else
+					{
+						$msg = $user->lang['FORM_INVALID'];
+					}
+					meta_refresh(3, $this->u_action);
+					$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+					trigger_error($message);
+				}
+
+				$template->assign_vars(array(
+					'S_BBCODE'	=> $data['bbcode'],
+					'S_SMILIES'	=> $data['smilies'],
+					'S_SIG'		=> $data['sig'],
+					'S_NOTIFY'	=> $data['notify'])
+				);
+			break;
+		}
+
+		/**
+		* Modify UCP preferences data before the page load
+		*
+		* @event core.ucp_prefs_modify_common
+		* @var	array	data		Array with current/submitted UCP options data
+		* @var	array	error		Errors data
+		* @var	string	mode		UCP prefs operation mode
+		* @var	string	s_hidden_fields		Hidden fields data
+		* @since 3.1.0-RC3
+		*/
+		$vars = array(
+			'data',
+			'error',
+			'mode',
+			's_hidden_fields',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_modify_common', compact($vars)));
+
+		$template->assign_vars(array(
+			'L_TITLE'			=> $user->lang['UCP_PREFS_' . strtoupper($mode)],
+
+			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
+			'S_UCP_ACTION'		=> $this->u_action)
+		);
+
+		$this->tpl_name = 'ucp_prefs_' . $mode;
+		$this->page_title = 'UCP_PREFS_' . strtoupper($mode);
+	}
+}

includes/ucp/ucp_profile.php

@@ -0,0 +1,847 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_profile
+* Changing profile settings
+*
+* @todo what about pertaining user_sig_options?
+*/
+class ucp_profile
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
+		global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
+
+		$user->add_lang('posting');
+
+		$submit		= $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
+		$error = $data = array();
+		$s_hidden_fields = '';
+
+		switch ($mode)
+		{
+			case 'reg_details':
+
+				$data = array(
+					'username'			=> $request->variable('username', $user->data['username'], true),
+					'email'				=> strtolower($request->variable('email', $user->data['user_email'])),
+					'new_password'		=> $request->variable('new_password', '', true),
+					'cur_password'		=> $request->variable('cur_password', '', true),
+					'password_confirm'	=> $request->variable('password_confirm', '', true),
+				);
+
+				/**
+				* Modify user registration data on editing account settings in UCP
+				*
+				* @event core.ucp_profile_reg_details_data
+				* @var	array	data		Array with current or updated user registration data
+				* @var	bool	submit		Flag indicating if submit button has been pressed
+				* @since 3.1.4-RC1
+				*/
+				$vars = array('data', 'submit');
+				extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
+
+				add_form_key('ucp_reg_details');
+
+				if ($submit)
+				{
+					// Do not check cur_password, it is the old one.
+					$check_ary = array(
+						'new_password'		=> array(
+							array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+							array('password')),
+						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
+						'email'				=> array(
+							array('string', false, 6, 60),
+							array('user_email')),
+					);
+
+					if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
+					{
+						$check_ary['username'] = array(
+							array('string', false, $config['min_name_chars'], $config['max_name_chars']),
+							array('username'),
+						);
+					}
+
+					$error = validate_data($data, $check_ary);
+
+					if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
+					{
+						$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
+					}
+
+					// Instantiate passwords manager
+					/* @var $passwords_manager \phpbb\passwords\manager */
+					$passwords_manager = $phpbb_container->get('passwords.manager');
+
+					// Only check the new password against the previous password if there have been no errors
+					if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
+					{
+						$error[] = 'SAME_PASSWORD_ERROR';
+					}
+
+					if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
+					{
+						$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
+					}
+
+					if (!check_form_key('ucp_reg_details'))
+					{
+						$error[] = 'FORM_INVALID';
+					}
+
+					/**
+					* Validate user data on editing registration data in UCP
+					*
+					* @event core.ucp_profile_reg_details_validate
+					* @var	array	data			Array with user profile data
+					* @var	bool	submit			Flag indicating if submit button has been pressed
+					* @var array	error			Array of any generated errors
+					* @since 3.1.4-RC1
+					*/
+					$vars = array('data', 'submit', 'error');
+					extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
+
+					if (!count($error))
+					{
+						$sql_ary = array(
+							'username'			=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
+							'username_clean'	=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
+							'user_email'		=> ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
+							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
+							'user_password'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
+							'user_passchg'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
+						);
+
+						if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
+						{
+							$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
+								'reportee_id' => $user->data['user_id'],
+								$user->data['username'],
+								$data['username']
+							));
+						}
+
+						if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
+						{
+							$user->reset_login_keys();
+							$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
+								'reportee_id' => $user->data['user_id'],
+								$user->data['username']
+							));
+						}
+
+						if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
+						{
+							$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
+								'reportee_id' => $user->data['user_id'],
+								$user->data['username'],
+								$user->data['user_email'],
+								$data['email']
+							));
+						}
+
+						$message = 'PROFILE_UPDATED';
+
+						if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
+						{
+							$message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
+
+							include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+
+							$server_url = generate_board_url();
+
+							$user_actkey = gen_rand_string(mt_rand(6, 10));
+
+							$messenger = new messenger(false);
+
+							$template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
+							$messenger->template($template_file, $user->data['user_lang']);
+
+							$messenger->to($data['email'], $data['username']);
+
+							$messenger->anti_abuse_headers($config, $user);
+
+							$messenger->assign_vars(array(
+								'USERNAME'		=> htmlspecialchars_decode($data['username']),
+								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
+							);
+
+							$messenger->send(NOTIFY_EMAIL);
+
+							if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
+							{
+								$notifications_manager = $phpbb_container->get('notification_manager');
+								$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
+									'user_id'		=> $user->data['user_id'],
+									'user_actkey'	=> $user_actkey,
+									'user_regdate'	=> time(), // Notification time
+								));
+							}
+
+							user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
+
+							// Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
+							$sql_ary['user_actkey'] = $user_actkey;
+							$sql_ary['user_newpasswd'] = '';
+						}
+
+						/**
+						* Modify user registration data before submitting it to the database
+						*
+						* @event core.ucp_profile_reg_details_sql_ary
+						* @var	array	data		Array with current or updated user registration data
+						* @var	array	sql_ary		Array with user registration data to submit to the database
+						* @since 3.1.4-RC1
+						*/
+						$vars = array('data', 'sql_ary');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
+
+						if (count($sql_ary))
+						{
+							$sql = 'UPDATE ' . USERS_TABLE . '
+								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+								WHERE user_id = ' . $user->data['user_id'];
+							$db->sql_query($sql);
+						}
+
+						// Need to update config, forum, topic, posting, messages, etc.
+						if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
+						{
+							user_update_name($user->data['username'], $data['username']);
+						}
+
+						// Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
+						if (!empty($sql_ary['user_actkey']))
+						{
+							meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
+							$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
+
+							// Because the user gets deactivated we log him out too, killing his session
+							$user->session_kill();
+						}
+						else
+						{
+							meta_refresh(3, $this->u_action);
+							$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+						}
+
+						trigger_error($message);
+					}
+
+					// Replace "error" strings with their real, localised form
+					$error = array_map(array($user, 'lang'), $error);
+				}
+
+				$template->assign_vars(array(
+					'ERROR'				=> (count($error)) ? implode('<br />', $error) : '',
+
+					'USERNAME'			=> $data['username'],
+					'EMAIL'				=> $data['email'],
+					'PASSWORD_CONFIRM'	=> $data['password_confirm'],
+					'NEW_PASSWORD'		=> $data['new_password'],
+					'CUR_PASSWORD'		=> '',
+
+					'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
+					'L_CHANGE_PASSWORD_EXPLAIN'	=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
+
+					'S_FORCE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
+					'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
+					'S_CHANGE_EMAIL'	=> ($auth->acl_get('u_chgemail')) ? true : false,
+					'S_CHANGE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd')) ? true : false)
+				);
+			break;
+
+			case 'profile_info':
+				// Do not display profile information panel if not authed to do so
+				if (!$auth->acl_get('u_chgprofileinfo'))
+				{
+					send_status_line(403, 'Forbidden');
+					trigger_error('NO_AUTH_PROFILEINFO');
+				}
+
+				/* @var $cp \phpbb\profilefields\manager */
+				$cp = $phpbb_container->get('profilefields.manager');
+
+				$cp_data = $cp_error = array();
+
+				$data = array(
+					'jabber'		=> $request->variable('jabber', $user->data['user_jabber'], true),
+				);
+
+				if ($config['allow_birthdays'])
+				{
+					$data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
+
+					if ($user->data['user_birthday'])
+					{
+						list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
+					}
+
+					$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
+					$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
+					$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
+					$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
+				}
+
+				/**
+				* Modify user data on editing profile in UCP
+				*
+				* @event core.ucp_profile_modify_profile_info
+				* @var	array	data		Array with user profile data
+				* @var	bool	submit		Flag indicating if submit button has been pressed
+				* @since 3.1.4-RC1
+				*/
+				$vars = array('data', 'submit');
+				extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
+
+				add_form_key('ucp_profile_info');
+
+				if ($submit)
+				{
+					$validate_array = array(
+						'jabber'		=> array(
+							array('string', true, 5, 255),
+							array('jabber')),
+					);
+
+					if ($config['allow_birthdays'])
+					{
+						$validate_array = array_merge($validate_array, array(
+							'bday_day'		=> array('num', true, 1, 31),
+							'bday_month'	=> array('num', true, 1, 12),
+							'bday_year'		=> array('num', true, 1901, gmdate('Y', time()) + 50),
+							'user_birthday' => array('date', true),
+						));
+					}
+
+					$error = validate_data($data, $validate_array);
+
+					// validate custom profile fields
+					$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
+
+					if (count($cp_error))
+					{
+						$error = array_merge($error, $cp_error);
+					}
+
+					if (!check_form_key('ucp_profile_info'))
+					{
+						$error[] = 'FORM_INVALID';
+					}
+
+					/**
+					* Validate user data on editing profile in UCP
+					*
+					* @event core.ucp_profile_validate_profile_info
+					* @var	array	data			Array with user profile data
+					* @var	bool	submit			Flag indicating if submit button has been pressed
+					* @var array	error			Array of any generated errors
+					* @since 3.1.4-RC1
+					*/
+					$vars = array('data', 'submit', 'error');
+					extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
+
+					if (!count($error))
+					{
+						$data['notify'] = $user->data['user_notify_type'];
+
+						if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml')))
+						{
+							// User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
+							// Disable notify by Jabber now for this user.
+							$data['notify'] = NOTIFY_EMAIL;
+						}
+
+						$sql_ary = array(
+							'user_jabber'	=> $data['jabber'],
+							'user_notify_type'	=> $data['notify'],
+						);
+
+						if ($config['allow_birthdays'])
+						{
+							$sql_ary['user_birthday'] = $data['user_birthday'];
+						}
+
+						/**
+						* Modify profile data in UCP before submitting to the database
+						*
+						* @event core.ucp_profile_info_modify_sql_ary
+						* @var	array	cp_data		Array with the user custom profile fields data
+						* @var	array	data		Array with user profile data
+						* @var  array	sql_ary		user options data we update
+						* @since 3.1.4-RC1
+						*/
+						$vars = array('cp_data', 'data', 'sql_ary');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
+
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+							WHERE user_id = ' . $user->data['user_id'];
+						$db->sql_query($sql);
+
+						// Update Custom Fields
+						$cp->update_profile_field_data($user->data['user_id'], $cp_data);
+
+						meta_refresh(3, $this->u_action);
+						$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+						trigger_error($message);
+					}
+
+					// Replace "error" strings with their real, localised form
+					$error = array_map(array($user, 'lang'), $error);
+				}
+
+				if ($config['allow_birthdays'])
+				{
+					$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
+					for ($i = 1; $i < 32; $i++)
+					{
+						$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
+						$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
+					}
+
+					$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
+					for ($i = 1; $i < 13; $i++)
+					{
+						$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
+						$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
+					}
+
+					$now = getdate();
+					$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
+					for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
+					{
+						$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
+						$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
+					}
+					unset($now);
+
+					$template->assign_vars(array(
+						'S_BIRTHDAY_DAY_OPTIONS'	=> $s_birthday_day_options,
+						'S_BIRTHDAY_MONTH_OPTIONS'	=> $s_birthday_month_options,
+						'S_BIRTHDAY_YEAR_OPTIONS'	=> $s_birthday_year_options,
+						'S_BIRTHDAYS_ENABLED'		=> true,
+					));
+				}
+
+				$template->assign_vars(array(
+					'ERROR'				=> (count($error)) ? implode('<br />', $error) : '',
+					'S_JABBER_ENABLED'	=> $config['jab_enable'],
+					'JABBER'			=> $data['jabber'],
+				));
+
+				// Get additional profile fields and assign them to the template block var 'profile_fields'
+				$user->get_profile_fields($user->data['user_id']);
+
+				$cp->generate_profile_fields('profile', $user->get_iso_lang_id());
+
+			break;
+
+			case 'signature':
+
+				if (!$auth->acl_get('u_sig'))
+				{
+					send_status_line(403, 'Forbidden');
+					trigger_error('NO_AUTH_SIGNATURE');
+				}
+
+				if (!function_exists('generate_smilies'))
+				{
+					include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+				}
+
+				if (!function_exists('display_custom_bbcodes'))
+				{
+					include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+				}
+
+				$preview	= $request->is_set_post('preview');
+
+				$enable_bbcode	= ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false;
+				$enable_smilies	= ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false;
+				$enable_urls	= ($config['allow_sig_links']) ? $user->optionget('sig_links') : false;
+
+				$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
+
+				$decoded_message	= generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags);
+				$signature			= $request->variable('signature', $decoded_message['text'], true);
+				$signature_preview	= '';
+
+				if ($submit || $preview)
+				{
+					$enable_bbcode	= ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
+					$enable_smilies	= ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
+					$enable_urls	= ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
+
+					if (!check_form_key('ucp_sig'))
+					{
+						$error[] = 'FORM_INVALID';
+					}
+				}
+
+				/**
+				* Modify user signature on editing profile in UCP
+				*
+				* @event core.ucp_profile_modify_signature
+				* @var	bool	enable_bbcode		Whether or not bbcode is enabled
+				* @var	bool	enable_smilies		Whether or not smilies are enabled
+				* @var	bool	enable_urls			Whether or not urls are enabled
+				* @var	string	signature			Users signature text
+				* @var	array	error				Any error strings
+				* @var	bool	submit				Whether or not the form has been sumitted
+				* @var	bool	preview				Whether or not the signature is being previewed
+				* @since 3.1.10-RC1
+				* @changed 3.2.0-RC2 Removed message parser
+				*/
+				$vars = array(
+					'enable_bbcode',
+					'enable_smilies',
+					'enable_urls',
+					'signature',
+					'error',
+					'submit',
+					'preview',
+				);
+				extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
+
+				$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
+				$warn_msg = generate_text_for_storage(
+					$signature,
+					$bbcode_uid,
+					$bbcode_bitfield,
+					$bbcode_flags,
+					$enable_bbcode,
+					$enable_urls,
+					$enable_smilies,
+					$config['allow_sig_img'],
+					$config['allow_sig_flash'],
+					true,
+					$config['allow_sig_links'],
+					'sig'
+				);
+
+				if (count($warn_msg))
+				{
+					$error += $warn_msg;
+				}
+
+				if (!$submit)
+				{
+					// Parse it for displaying
+					$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
+				}
+				else
+				{
+					if (!count($error))
+					{
+						$user->optionset('sig_bbcode', $enable_bbcode);
+						$user->optionset('sig_smilies', $enable_smilies);
+						$user->optionset('sig_links', $enable_urls);
+
+						$sql_ary = array(
+							'user_sig'					=> $signature,
+							'user_options'				=> $user->data['user_options'],
+							'user_sig_bbcode_uid'		=> $bbcode_uid,
+							'user_sig_bbcode_bitfield'	=> $bbcode_bitfield
+						);
+
+						/**
+						* Modify user registration data before submitting it to the database
+						*
+						* @event core.ucp_profile_modify_signature_sql_ary
+						* @var	array	sql_ary		Array with user signature data to submit to the database
+						* @since 3.1.10-RC1
+						*/
+						$vars = array('sql_ary');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
+
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+							WHERE user_id = ' . $user->data['user_id'];
+						$db->sql_query($sql);
+
+						$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+						trigger_error($message);
+					}
+				}
+
+				// Replace "error" strings with their real, localised form
+				$error = array_map(array($user, 'lang'), $error);
+
+				if ($request->is_set_post('preview'))
+				{
+					$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
+				}
+
+				/** @var \phpbb\controller\helper $controller_helper */
+				$controller_helper = $phpbb_container->get('controller.helper');
+
+				$template->assign_vars(array(
+					'ERROR'				=> (count($error)) ? implode('<br />', $error) : '',
+					'SIGNATURE'			=> $decoded_message['text'],
+					'SIGNATURE_PREVIEW'	=> $signature_preview,
+
+					'S_BBCODE_CHECKED' 		=> (!$enable_bbcode) ? ' checked="checked"' : '',
+					'S_SMILIES_CHECKED' 	=> (!$enable_smilies) ? ' checked="checked"' : '',
+					'S_MAGIC_URL_CHECKED' 	=> (!$enable_urls) ? ' checked="checked"' : '',
+
+					'BBCODE_STATUS'			=> $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
+					'SMILIES_STATUS'		=> ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
+					'IMG_STATUS'			=> ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
+					'FLASH_STATUS'			=> ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
+					'URL_STATUS'			=> ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
+					'MAX_FONT_SIZE'			=> (int) $config['max_sig_font_size'],
+
+					'L_SIGNATURE_EXPLAIN'	=> $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
+
+					'S_BBCODE_ALLOWED'		=> $config['allow_sig_bbcode'],
+					'S_SMILIES_ALLOWED'		=> $config['allow_sig_smilies'],
+					'S_BBCODE_IMG'			=> ($config['allow_sig_img']) ? true : false,
+					'S_BBCODE_FLASH'		=> ($config['allow_sig_flash']) ? true : false,
+					'S_LINKS_ALLOWED'		=> ($config['allow_sig_links']) ? true : false)
+				);
+
+				add_form_key('ucp_sig');
+
+				// Build custom bbcodes array
+				display_custom_bbcodes();
+
+				// Generate smiley listing
+				generate_smilies('inline', 0);
+
+			break;
+
+			case 'avatar':
+
+				add_form_key('ucp_avatar');
+
+				$avatars_enabled = false;
+
+				if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar'))
+				{
+					/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
+					$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
+					$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
+
+					// This is normalised data, without the user_ prefix
+					$avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
+
+					if ($submit)
+					{
+						if (check_form_key('ucp_avatar'))
+						{
+							$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
+
+							if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
+							{
+								$driver = $phpbb_avatar_manager->get_driver($driver_name);
+								$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
+
+								if ($result && empty($error))
+								{
+									// Success! Lets save the result in the database
+									$result = array(
+										'user_avatar_type' => $driver_name,
+										'user_avatar' => $result['avatar'],
+										'user_avatar_width' => $result['avatar_width'],
+										'user_avatar_height' => $result['avatar_height'],
+									);
+
+									/**
+									* Trigger events on successfull avatar change
+									*
+									* @event core.ucp_profile_avatar_sql
+									* @var	array	result	Array with data to be stored in DB
+									* @since 3.1.11-RC1
+									*/
+									$vars = array('result');
+									extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_sql', compact($vars)));
+
+									$sql = 'UPDATE ' . USERS_TABLE . '
+										SET ' . $db->sql_build_array('UPDATE', $result) . '
+										WHERE user_id = ' . (int) $user->data['user_id'];
+									$db->sql_query($sql);
+
+									meta_refresh(3, $this->u_action);
+									$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+									trigger_error($message);
+								}
+							}
+						}
+						else
+						{
+							$error[] = 'FORM_INVALID';
+						}
+					}
+
+					// Handle deletion of avatars
+					if ($request->is_set_post('avatar_delete'))
+					{
+						if (!confirm_box(true))
+						{
+							confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
+									'avatar_delete'     => true,
+									'i'                 => $id,
+									'mode'              => $mode))
+							);
+						}
+						else
+						{
+							$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
+
+							meta_refresh(3, $this->u_action);
+							$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+							trigger_error($message);
+						}
+					}
+
+					$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
+
+					$template->assign_vars(array(
+						'AVATAR_MIN_WIDTH'	=> $config['avatar_min_width'],
+						'AVATAR_MAX_WIDTH'	=> $config['avatar_max_width'],
+						'AVATAR_MIN_HEIGHT'	=> $config['avatar_min_height'],
+						'AVATAR_MAX_HEIGHT'	=> $config['avatar_max_height'],
+					));
+
+					foreach ($avatar_drivers as $current_driver)
+					{
+						$driver = $phpbb_avatar_manager->get_driver($current_driver);
+
+						$avatars_enabled = true;
+						$template->set_filenames(array(
+							'avatar' => $driver->get_template_name(),
+						));
+
+						if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
+						{
+							$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
+							$driver_upper = strtoupper($driver_name);
+
+							$template->assign_block_vars('avatar_drivers', array(
+								'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
+								'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
+
+								'DRIVER' => $driver_name,
+								'SELECTED' => $current_driver == $selected_driver,
+								'OUTPUT' => $template->assign_display('avatar'),
+							));
+						}
+					}
+
+					// Replace "error" strings with their real, localised form
+					$error = $phpbb_avatar_manager->localize_errors($user, $error);
+				}
+
+				$avatar = phpbb_get_user_avatar($user->data, 'USER_AVATAR', true);
+
+				$template->assign_vars(array(
+					'ERROR'			=> (count($error)) ? implode('<br />', $error) : '',
+					'AVATAR'		=> $avatar,
+
+					'S_FORM_ENCTYPE'	=> ' enctype="multipart/form-data"',
+
+					'L_AVATAR_EXPLAIN'	=> phpbb_avatar_explanation_string(),
+
+					'S_AVATARS_ENABLED'		=> ($config['allow_avatar'] && $avatars_enabled),
+				));
+
+			break;
+
+			case 'autologin_keys':
+
+				add_form_key('ucp_autologin_keys');
+
+				if ($submit)
+				{
+					$keys = $request->variable('keys', array(''));
+
+					if (!check_form_key('ucp_autologin_keys'))
+					{
+						$error[] = 'FORM_INVALID';
+					}
+
+					if (!count($error))
+					{
+						if (!empty($keys))
+						{
+							foreach ($keys as $key => $id)
+							{
+								$keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
+							}
+							$sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
+							$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
+								WHERE user_id = ' . (int) $user->data['user_id'] . '
+								AND ' . $sql_where ;
+
+							$db->sql_query($sql);
+
+							meta_refresh(3, $this->u_action);
+							$message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+							trigger_error($message);
+						}
+					}
+
+					// Replace "error" strings with their real, localised form
+					$error = array_map(array($user, 'lang'), $error);
+				}
+
+				$sql = 'SELECT key_id, last_ip, last_login
+					FROM ' . SESSIONS_KEYS_TABLE . '
+					WHERE user_id = ' . (int) $user->data['user_id'] . '
+					ORDER BY last_login ASC';
+
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$template->assign_block_vars('sessions', array(
+						'KEY' => substr($row['key_id'], 0, 8),
+						'IP' => $row['last_ip'],
+						'LOGIN_TIME' => $user->format_date($row['last_login']),
+					));
+				}
+
+				$db->sql_freeresult($result);
+
+			break;
+		}
+
+		$template->assign_vars(array(
+			'ERROR'		=> (count($error)) ? implode('<br />', $error) : '',
+
+			'L_TITLE'	=> $user->lang['UCP_PROFILE_' . strtoupper($mode)],
+
+			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
+			'S_UCP_ACTION'		=> $this->u_action)
+		);
+
+		// Set desired template
+		$this->tpl_name = 'ucp_profile_' . $mode;
+		$this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
+	}
+}

includes/ucp/ucp_register.php

@@ -0,0 +1,709 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_register
+* Board registration
+*/
+class ucp_register
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $db, $user, $template, $phpbb_root_path, $phpEx;
+		global $request, $phpbb_container, $phpbb_dispatcher;
+
+		//
+		if ($config['require_activation'] == USER_ACTIVATION_DISABLE ||
+			(in_array($config['require_activation'], array(USER_ACTIVATION_SELF, USER_ACTIVATION_ADMIN)) && !$config['email_enable']))
+		{
+			trigger_error('UCP_REGISTER_DISABLE');
+		}
+
+		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$agreed			= $request->variable('agreed', false);
+		$submit			= $request->is_set_post('submit');
+		$change_lang	= $request->variable('change_lang', '');
+		$user_lang		= $request->variable('lang', $user->lang_name);
+
+		/**
+		* Add UCP register data before they are assigned to the template or submitted
+		*
+		* To assign data to the template, use $template->assign_vars()
+		*
+		* @event core.ucp_register_requests_after
+		* @var	bool	coppa		Is set coppa
+		* @var	bool	agreed		Did user agree to coppa?
+		* @var	bool	submit		Is set post submit?
+		* @var	string	change_lang	Change language request
+		* @var	string	user_lang	User language request
+		* @since 3.1.11-RC1
+		*/
+		$vars = array(
+			'coppa',
+			'agreed',
+			'submit',
+			'change_lang',
+			'user_lang',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
+
+		if ($agreed)
+		{
+			add_form_key('ucp_register');
+		}
+		else
+		{
+			add_form_key('ucp_register_terms');
+		}
+
+		if ($change_lang || $user_lang != $config['default_lang'])
+		{
+			$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
+
+			if (!validate_language_iso_name($use_lang))
+			{
+				if ($change_lang)
+				{
+					$submit = false;
+
+					// Setting back agreed to let the user view the agreement in his/her language
+					$agreed = false;
+				}
+
+				$user_lang = $use_lang;
+			}
+			else
+			{
+				$change_lang = '';
+				$user_lang = $user->lang_name;
+			}
+		}
+
+		/* @var $cp \phpbb\profilefields\manager */
+		$cp = $phpbb_container->get('profilefields.manager');
+
+		$error = $cp_data = $cp_error = array();
+		$s_hidden_fields = array();
+
+		// Handle login_link data added to $_hidden_fields
+		$login_link_data = $this->get_login_link_data_array();
+
+		if (!empty($login_link_data))
+		{
+			// Confirm that we have all necessary data
+			/* @var $provider_collection \phpbb\auth\provider_collection */
+			$provider_collection = $phpbb_container->get('auth.provider_collection');
+			$auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));
+
+			$result = $auth_provider->login_link_has_necessary_data($login_link_data);
+			if ($result !== null)
+			{
+				$error[] = $user->lang[$result];
+			}
+
+			$s_hidden_fields = array_merge($s_hidden_fields, $this->get_login_link_data_for_hidden_fields($login_link_data));
+		}
+
+		if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
+		{
+			$add_coppa = ($coppa !== false) ? '&amp;coppa=' . $coppa : '';
+
+			$s_hidden_fields = array_merge($s_hidden_fields, array(
+				'change_lang'	=> '',
+			));
+
+			// If we change the language, we want to pass on some more possible parameter.
+			if ($change_lang)
+			{
+				// We do not include the password
+				$s_hidden_fields = array_merge($s_hidden_fields, array(
+					'username'			=> $request->variable('username', '', true),
+					'email'				=> strtolower($request->variable('email', '')),
+					'lang'				=> $user->lang_name,
+					'tz'				=> $request->variable('tz', $config['board_timezone']),
+				));
+
+			}
+
+			// Checking amount of available languages
+			$sql = 'SELECT lang_id
+				FROM ' . LANG_TABLE;
+			$result = $db->sql_query($sql);
+
+			$lang_row = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$lang_row[] = $row;
+			}
+			$db->sql_freeresult($result);
+
+			if ($coppa === false && $config['coppa_enable'])
+			{
+				$now = getdate();
+				$coppa_birthday = $user->create_datetime()
+					->setDate($now['year'] - 13, $now['mon'], $now['mday'] - 1)
+					->setTime(0, 0, 0)
+					->format($user->lang['DATE_FORMAT'], true);
+				unset($now);
+
+				$template_vars = array(
+					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
+					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
+					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
+
+					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0'),
+					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1'),
+
+					'S_SHOW_COPPA'		=> true,
+					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
+					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
+
+					'COOKIE_NAME'		=> $config['cookie_name'],
+					'COOKIE_PATH'		=> $config['cookie_path'],
+				);
+			}
+			else
+			{
+				$template_vars = array(
+					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
+					'L_TERMS_OF_USE'	=> sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()),
+
+					'S_SHOW_COPPA'		=> false,
+					'S_REGISTRATION'	=> true,
+					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
+					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_coppa),
+
+					'COOKIE_NAME'		=> $config['cookie_name'],
+					'COOKIE_PATH'		=> $config['cookie_path'],
+				);
+			}
+
+			$tpl_name = 'ucp_agreement';
+
+			/**
+			* Allows to modify the agreements.
+			*
+			* @event core.ucp_register_agreement_modify_template_data
+			* @var	string	tpl_name			Template file
+			* @var	array	template_vars		Array with data about to be assigned to the template
+			* @var	array	s_hidden_fields		Array with hidden form elements
+			* @var	array	lang_row			Array with available languages, read only
+			* @since 3.2.2-RC1
+			*/
+			$vars = array('tpl_name', 'template_vars', 's_hidden_fields', 'lang_row');
+			extract($phpbb_dispatcher->trigger_event('core.ucp_register_agreement_modify_template_data', compact($vars)));
+
+			unset($lang_row);
+
+			$template_vars = array_merge($template_vars, array(
+				'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
+			));
+
+			$template->assign_vars($template_vars);
+
+			/**
+			* Allows to modify the agreements.
+			*
+			* To assign data to the template, use $template->assign_vars()
+			*
+			* @event core.ucp_register_agreement
+			* @since 3.1.6-RC1
+			* @deprecated 3.2.2-RC1 Replaced by core.ucp_register_agreement_modify_template_data and to be removed in 3.3.0-RC1
+			*/
+			$phpbb_dispatcher->dispatch('core.ucp_register_agreement');
+
+			$this->tpl_name = $tpl_name;
+			return;
+		}
+
+		// The CAPTCHA kicks in here. We can't help that the information gets lost on language change.
+		if ($config['enable_confirm'])
+		{
+			$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+			$captcha->init(CONFIRM_REG);
+		}
+
+		$timezone = $config['board_timezone'];
+
+		$data = array(
+			'username'			=> $request->variable('username', '', true),
+			'new_password'		=> $request->variable('new_password', '', true),
+			'password_confirm'	=> $request->variable('password_confirm', '', true),
+			'email'				=> strtolower($request->variable('email', '')),
+			'lang'				=> basename($request->variable('lang', $user->lang_name)),
+			'tz'				=> $request->variable('tz', $timezone),
+		);
+		/**
+		* Add UCP register data before they are assigned to the template or submitted
+		*
+		* To assign data to the template, use $template->assign_vars()
+		*
+		* @event core.ucp_register_data_before
+		* @var	bool	submit		Do we display the form only
+		*							or did the user press submit
+		* @var	array	data		Array with current ucp registration data
+		* @since 3.1.4-RC1
+		*/
+		$vars = array('submit', 'data');
+		extract($phpbb_dispatcher->trigger_event('core.ucp_register_data_before', compact($vars)));
+
+		// Check and initialize some variables if needed
+		if ($submit)
+		{
+			$error = validate_data($data, array(
+				'username'			=> array(
+					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
+					array('username', '')),
+				'new_password'		=> array(
+					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+					array('password')),
+				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
+				'email'				=> array(
+					array('string', false, 6, 60),
+					array('user_email')),
+				'tz'				=> array('timezone'),
+				'lang'				=> array('language_iso_name'),
+			));
+
+			if (!check_form_key('ucp_register'))
+			{
+				$error[] = $user->lang['FORM_INVALID'];
+			}
+
+			// Replace "error" strings with their real, localised form
+			$error = array_map(array($user, 'lang'), $error);
+
+			if ($config['enable_confirm'])
+			{
+				$vc_response = $captcha->validate($data);
+				if ($vc_response !== false)
+				{
+					$error[] = $vc_response;
+				}
+
+				if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts'])
+				{
+					$error[] = $user->lang['TOO_MANY_REGISTERS'];
+				}
+			}
+
+			// DNSBL check
+			if ($config['check_dnsbl'])
+			{
+				if (($dnsbl = $user->check_dnsbl('register')) !== false)
+				{
+					$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
+				}
+			}
+
+			// validate custom profile fields
+			$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);
+
+			if (!count($error))
+			{
+				if ($data['new_password'] != $data['password_confirm'])
+				{
+					$error[] = $user->lang['NEW_PASSWORD_ERROR'];
+				}
+			}
+			/**
+			* Check UCP registration data after they are submitted
+			*
+			* @event core.ucp_register_data_after
+			* @var	bool	submit		Do we display the form only
+			*							or did the user press submit
+			* @var	array 	data		Array with current ucp registration data
+			* @var	array	cp_data		Array with custom profile fields data
+			* @var	array 	error		Array with list of errors
+			* @since 3.1.4-RC1
+			*/
+			$vars = array('submit', 'data', 'cp_data', 'error');
+			extract($phpbb_dispatcher->trigger_event('core.ucp_register_data_after', compact($vars)));
+
+			if (!count($error))
+			{
+				$server_url = generate_board_url();
+
+				// Which group by default?
+				$group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';
+
+				$sql = 'SELECT group_id
+					FROM ' . GROUPS_TABLE . "
+					WHERE group_name = '" . $db->sql_escape($group_name) . "'
+						AND group_type = " . GROUP_SPECIAL;
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				if (!$row)
+				{
+					trigger_error('NO_GROUP');
+				}
+
+				$group_id = $row['group_id'];
+
+				if (($coppa ||
+					$config['require_activation'] == USER_ACTIVATION_SELF ||
+					$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
+				{
+					$user_actkey = gen_rand_string(mt_rand(6, 10));
+					$user_type = USER_INACTIVE;
+					$user_inactive_reason = INACTIVE_REGISTER;
+					$user_inactive_time = time();
+				}
+				else
+				{
+					$user_type = USER_NORMAL;
+					$user_actkey = '';
+					$user_inactive_reason = 0;
+					$user_inactive_time = 0;
+				}
+
+				// Instantiate passwords manager
+				/* @var $passwords_manager \phpbb\passwords\manager */
+				$passwords_manager = $phpbb_container->get('passwords.manager');
+
+				$user_row = array(
+					'username'				=> $data['username'],
+					'user_password'			=> $passwords_manager->hash($data['new_password']),
+					'user_email'			=> $data['email'],
+					'group_id'				=> (int) $group_id,
+					'user_timezone'			=> $data['tz'],
+					'user_lang'				=> $data['lang'],
+					'user_type'				=> $user_type,
+					'user_actkey'			=> $user_actkey,
+					'user_ip'				=> $user->ip,
+					'user_regdate'			=> time(),
+					'user_inactive_reason'	=> $user_inactive_reason,
+					'user_inactive_time'	=> $user_inactive_time,
+				);
+
+				if ($config['new_member_post_limit'])
+				{
+					$user_row['user_new'] = 1;
+				}
+				/**
+				* Add into $user_row before user_add
+				*
+				* user_add allows adding more data into the users table
+				*
+				* @event core.ucp_register_user_row_after
+				* @var	bool	submit		Do we display the form only
+				*							or did the user press submit
+				* @var	array	cp_data		Array with custom profile fields data
+				* @var	array	user_row	Array with current ucp registration data
+				* @since 3.1.4-RC1
+				*/
+				$vars = array('submit', 'cp_data', 'user_row');
+				extract($phpbb_dispatcher->trigger_event('core.ucp_register_user_row_after', compact($vars)));
+
+				// Register user...
+				$user_id = user_add($user_row, $cp_data);
+
+				// This should not happen, because the required variables are listed above...
+				if ($user_id === false)
+				{
+					trigger_error('NO_USER', E_USER_ERROR);
+				}
+
+				// Okay, captcha, your job is done.
+				if ($config['enable_confirm'] && isset($captcha))
+				{
+					$captcha->reset();
+				}
+
+				if ($coppa && $config['email_enable'])
+				{
+					$message = $user->lang['ACCOUNT_COPPA'];
+					$email_template = 'coppa_welcome_inactive';
+				}
+				else if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'])
+				{
+					$message = $user->lang['ACCOUNT_INACTIVE'];
+					$email_template = 'user_welcome_inactive';
+				}
+				else if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable'])
+				{
+					$message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
+					$email_template = 'admin_welcome_inactive';
+				}
+				else
+				{
+					$message = $user->lang['ACCOUNT_ADDED'];
+					$email_template = 'user_welcome';
+				}
+
+				if ($config['email_enable'])
+				{
+					include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+
+					$messenger = new messenger(false);
+
+					$messenger->template($email_template, $data['lang']);
+
+					$messenger->to($data['email'], $data['username']);
+
+					$messenger->anti_abuse_headers($config, $user);
+
+					$messenger->assign_vars(array(
+						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
+						'USERNAME'		=> htmlspecialchars_decode($data['username']),
+						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
+						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
+					);
+
+					if ($coppa)
+					{
+						$messenger->assign_vars(array(
+							'FAX_INFO'		=> $config['coppa_fax'],
+							'MAIL_INFO'		=> $config['coppa_mail'],
+							'EMAIL_ADDRESS'	=> $data['email'])
+						);
+					}
+
+					/**
+					* Modify messenger data before welcome mail is sent
+					*
+					* @event core.ucp_register_welcome_email_before
+					* @var	array		user_row	Array with user registration data
+					* @var	array		cp_data		Array with custom profile fields data
+					* @var	array		data		Array with current ucp registration data
+					* @var	string		message		Message to be displayed to the user after registration
+					* @var	string		server_url	Server URL
+					* @var	int			user_id		New user ID
+					* @var	string		user_actkey	User activation key
+					* @var	messenger	messenger	phpBB Messenger
+					* @since 3.2.4-RC1
+					*/
+					$vars = array(
+						'user_row',
+						'cp_data',
+						'data',
+						'message',
+						'server_url',
+						'user_id',
+						'user_actkey',
+						'messenger',
+					);
+					extract($phpbb_dispatcher->trigger_event('core.ucp_register_welcome_email_before', compact($vars)));
+
+					$messenger->send(NOTIFY_EMAIL);
+				}
+
+				if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
+				{
+					/* @var $phpbb_notifications \phpbb\notification\manager */
+					$phpbb_notifications = $phpbb_container->get('notification_manager');
+					$phpbb_notifications->add_notifications('notification.type.admin_activate_user', array(
+						'user_id'		=> $user_id,
+						'user_actkey'	=> $user_row['user_actkey'],
+						'user_regdate'	=> $user_row['user_regdate'],
+					));
+				}
+
+				// Perform account linking if necessary
+				if (!empty($login_link_data))
+				{
+					$login_link_data['user_id'] = $user_id;
+
+					$result = $auth_provider->link_account($login_link_data);
+
+					if ($result)
+					{
+						$message = $message . '<br /><br />' . $user->lang[$result];
+					}
+				}
+
+				/**
+				* Perform additional actions after user registration
+				*
+				* @event core.ucp_register_register_after
+				* @var	array		user_row	Array with user registration data
+				* @var	array		cp_data		Array with custom profile fields data
+				* @var	array		data		Array with current ucp registration data
+				* @var	string		message		Message to be displayed to the user after registration
+				* @var	string		server_url	Server URL
+				* @var	int			user_id		New user ID
+				* @var	string		user_actkey	User activation key
+				* @since 3.2.4-RC1
+				*/
+				$vars = array(
+					'user_row',
+					'cp_data',
+					'data',
+					'message',
+					'server_url',
+					'user_id',
+					'user_actkey',
+				);
+				extract($phpbb_dispatcher->trigger_event('core.ucp_register_register_after', compact($vars)));
+
+				$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
+				trigger_error($message);
+			}
+		}
+
+		$s_hidden_fields = array_merge($s_hidden_fields, array(
+			'agreed'		=> 'true',
+			'change_lang'	=> 0,
+		));
+
+		if ($config['coppa_enable'])
+		{
+			$s_hidden_fields['coppa'] = $coppa;
+		}
+
+		if ($config['enable_confirm'])
+		{
+			$s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
+		}
+
+		// Visual Confirmation - Show images
+		if ($config['enable_confirm'])
+		{
+			$template->assign_vars(array(
+				'CAPTCHA_TEMPLATE'		=> $captcha->get_template(),
+			));
+		}
+
+		//
+		$l_reg_cond = '';
+		switch ($config['require_activation'])
+		{
+			case USER_ACTIVATION_SELF:
+				$l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
+			break;
+
+			case USER_ACTIVATION_ADMIN:
+				$l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
+			break;
+		}
+
+		// Assign template vars for timezone select
+		phpbb_timezone_select($template, $user, $data['tz'], true);
+
+		$template_vars = array(
+			'USERNAME'			=> $data['username'],
+			'PASSWORD'			=> $data['new_password'],
+			'PASSWORD_CONFIRM'	=> $data['password_confirm'],
+			'EMAIL'				=> $data['email'],
+
+			'L_REG_COND'				=> $l_reg_cond,
+			'L_USERNAME_EXPLAIN'		=> $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
+			'L_PASSWORD_EXPLAIN'		=> $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
+
+			'S_LANG_OPTIONS'	=> language_select($data['lang']),
+			'S_TZ_PRESELECT'	=> !$submit,
+			'S_CONFIRM_REFRESH'	=> ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false,
+			'S_REGISTRATION'	=> true,
+			'S_COPPA'			=> $coppa,
+			'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
+
+			'COOKIE_NAME'		=> $config['cookie_name'],
+			'COOKIE_PATH'		=> $config['cookie_path'],
+		);
+
+		$tpl_name = 'ucp_register';
+
+		/**
+		* Modify template data on the registration page
+		*
+		* @event core.ucp_register_modify_template_data
+		* @var	array	template_vars		Array with template data
+		* @var	array	data				Array with user data, read only
+		* @var	array	error				Array with errors
+		* @var	array	s_hidden_fields		Array with hidden field elements
+		* @var	string	tpl_name			Template name
+		* @since 3.2.2-RC1
+		*/
+		$vars = array(
+			'template_vars',
+			'data',
+			'error',
+			's_hidden_fields',
+			'tpl_name',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.ucp_register_modify_template_data', compact($vars)));
+
+		$template_vars = array_merge($template_vars, array(
+			'ERROR'				=> (count($error)) ? implode('<br />', $error) : '',
+			'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
+		));
+
+		$template->assign_vars($template_vars);
+
+		//
+		$user->profile_fields = array();
+
+		// Generate profile fields -> Template Block Variable profile_fields
+		$cp->generate_profile_fields('register', $user->get_iso_lang_id());
+
+		//
+		$this->tpl_name = $tpl_name;
+	}
+
+	/**
+	* Creates the login_link data array
+	*
+	* @return	array	Returns an array of all POST paramaters whose names
+	*					begin with 'login_link_'
+	*/
+	protected function get_login_link_data_array()
+	{
+		global $request;
+
+		$var_names = $request->variable_names(\phpbb\request\request_interface::POST);
+		$login_link_data = array();
+		$string_start_length = strlen('login_link_');
+
+		foreach ($var_names as $var_name)
+		{
+			if (strpos($var_name, 'login_link_') === 0)
+			{
+				$key_name = substr($var_name, $string_start_length);
+				$login_link_data[$key_name] = $request->variable($var_name, '', false, \phpbb\request\request_interface::POST);
+			}
+		}
+
+		return $login_link_data;
+	}
+
+	/**
+	* Prepends they key names of an associative array with 'login_link_' for
+	* inclusion on the page as hidden fields.
+	*
+	* @param	array	$data	The array to be modified
+	* @return	array	The modified array
+	*/
+	protected function get_login_link_data_for_hidden_fields($data)
+	{
+		$new_data = array();
+
+		foreach ($data as $key => $value)
+		{
+			$new_data['login_link_' . $key] = $value;
+		}
+
+		return $new_data;
+	}
+}

includes/ucp/ucp_remind.php

@@ -0,0 +1,174 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_remind
+* Sending password reminders
+*/
+class ucp_remind
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $phpbb_root_path, $phpEx, $request;
+		global $db, $user, $template, $phpbb_container, $phpbb_dispatcher;
+
+		if (!$config['allow_password_reset'])
+		{
+			trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
+		}
+
+		$username	= $request->variable('username', '', true);
+		$email		= strtolower($request->variable('email', ''));
+		$submit		= (isset($_POST['submit'])) ? true : false;
+
+		add_form_key('ucp_remind');
+
+		if ($submit)
+		{
+			if (!check_form_key('ucp_remind'))
+			{
+				trigger_error('FORM_INVALID');
+			}
+
+			if (empty($email))
+			{
+				trigger_error('NO_EMAIL_USER');
+			}
+
+			$sql_array = array(
+				'SELECT'	=> 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
+				'FROM'		=> array(USERS_TABLE => 'u'),
+				'WHERE'		=> "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
+					(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
+			);
+
+			/**
+			* Change SQL query for fetching user data
+			*
+			* @event core.ucp_remind_modify_select_sql
+			* @var	string	email		User's email from the form
+			* @var	string	username	User's username from the form
+			* @var	array	sql_array	Fully assembled SQL query with keys SELECT, FROM, WHERE
+			* @since 3.1.11-RC1
+			*/
+			$vars = array(
+				'email',
+				'username',
+				'sql_array',
+			);
+			extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
+
+			$sql = $db->sql_build_query('SELECT', $sql_array);
+			$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
+			$rowset = $db->sql_fetchrowset($result);
+
+			if (count($rowset) > 1)
+			{
+				$db->sql_freeresult($result);
+
+				$template->assign_vars(array(
+					'USERNAME_REQUIRED'	=> true,
+					'EMAIL'				=> $email,
+				));
+			}
+			else
+			{
+				$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
+
+				if (empty($rowset))
+				{
+					trigger_error($message);
+				}
+
+				$user_row = $rowset[0];
+				$db->sql_freeresult($result);
+
+				if (!$user_row)
+				{
+					trigger_error($message);
+				}
+
+				if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
+				{
+					trigger_error($message);
+				}
+
+				// Check users permissions
+				$auth2 = new \phpbb\auth\auth();
+				$auth2->acl($user_row);
+
+				if (!$auth2->acl_get('u_chgpasswd'))
+				{
+					trigger_error($message);
+				}
+
+				$server_url = generate_board_url();
+
+				// Make password at least 8 characters long, make it longer if admin wants to.
+				// gen_rand_string() however has a limit of 12 or 13.
+				$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
+
+				// For the activation key a random length between 6 and 10 will do.
+				$user_actkey = gen_rand_string(mt_rand(6, 10));
+
+				// Instantiate passwords manager
+				/* @var $manager \phpbb\passwords\manager */
+				$passwords_manager = $phpbb_container->get('passwords.manager');
+
+				$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
+					WHERE user_id = " . $user_row['user_id'];
+				$db->sql_query($sql);
+
+				include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+
+				$messenger = new messenger(false);
+
+				$messenger->template('user_activate_passwd', $user_row['user_lang']);
+
+				$messenger->set_addresses($user_row);
+
+				$messenger->anti_abuse_headers($config, $user);
+
+				$messenger->assign_vars(array(
+					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+					'PASSWORD'		=> htmlspecialchars_decode($user_password),
+					'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
+				);
+
+				$messenger->send($user_row['user_notify_type']);
+
+				trigger_error($message);
+			}
+		}
+
+		$template->assign_vars(array(
+			'USERNAME'			=> $username,
+			'EMAIL'				=> $email,
+			'S_PROFILE_ACTION'	=> append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
+		);
+
+		$this->tpl_name = 'ucp_remind';
+		$this->page_title = 'UCP_REMIND';
+	}
+}

includes/ucp/ucp_resend.php

@@ -0,0 +1,163 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_resend
+* Resending activation emails
+*/
+class ucp_resend
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $phpbb_root_path, $phpEx;
+		global $db, $user, $auth, $template, $request;
+
+		$username	= $request->variable('username', '', true);
+		$email		= strtolower($request->variable('email', ''));
+		$submit		= (isset($_POST['submit'])) ? true : false;
+
+		add_form_key('ucp_resend');
+
+		if ($submit)
+		{
+			if (!check_form_key('ucp_resend'))
+			{
+				trigger_error('FORM_INVALID');
+			}
+
+			$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
+				FROM ' . USERS_TABLE . "
+				WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
+					AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
+			$result = $db->sql_query($sql);
+			$user_row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if (!$user_row)
+			{
+				trigger_error('NO_EMAIL_USER');
+			}
+
+			if ($user_row['user_type'] == USER_IGNORE)
+			{
+				trigger_error('NO_USER');
+			}
+
+			if (!$user_row['user_actkey'] && $user_row['user_type'] != USER_INACTIVE)
+			{
+				trigger_error('ACCOUNT_ALREADY_ACTIVATED');
+			}
+
+			if (!$user_row['user_actkey'] || ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_MANUAL))
+			{
+				trigger_error('ACCOUNT_DEACTIVATED');
+			}
+
+			// Determine coppa status on group (REGISTERED(_COPPA))
+			$sql = 'SELECT group_name, group_type
+				FROM ' . GROUPS_TABLE . '
+				WHERE group_id = ' . $user_row['group_id'];
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if (!$row)
+			{
+				trigger_error('NO_GROUP');
+			}
+
+			$coppa = ($row['group_name'] == 'REGISTERED_COPPA' && $row['group_type'] == GROUP_SPECIAL) ? true : false;
+
+			include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+			$messenger = new messenger(false);
+
+			if ($config['require_activation'] == USER_ACTIVATION_SELF || $coppa)
+			{
+				$messenger->template(($coppa) ? 'coppa_resend_inactive' : 'user_resend_inactive', $user_row['user_lang']);
+				$messenger->set_addresses($user_row);
+
+				$messenger->anti_abuse_headers($config, $user);
+
+				$messenger->assign_vars(array(
+					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
+					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+					'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
+				);
+
+				if ($coppa)
+				{
+					$messenger->assign_vars(array(
+						'FAX_INFO'		=> $config['coppa_fax'],
+						'MAIL_INFO'		=> $config['coppa_mail'],
+						'EMAIL_ADDRESS'	=> $user_row['user_email'])
+					);
+				}
+
+				$messenger->send(NOTIFY_EMAIL);
+			}
+
+			if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
+			{
+				// Grab an array of user_id's with a_user permissions ... these users can activate a user
+				$admin_ary = $auth->acl_get_list(false, 'a_user', false);
+
+				$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
+					FROM ' . USERS_TABLE . '
+					WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$messenger->template('admin_activate', $row['user_lang']);
+					$messenger->set_addresses($row);
+
+					$messenger->anti_abuse_headers($config, $user);
+
+					$messenger->assign_vars(array(
+						'USERNAME'			=> htmlspecialchars_decode($user_row['username']),
+						'U_USER_DETAILS'	=> generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
+						'U_ACTIVATE'		=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
+					);
+
+					$messenger->send($row['user_notify_type']);
+				}
+				$db->sql_freeresult($result);
+			}
+
+			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
+
+			$message = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? $user->lang['ACTIVATION_EMAIL_SENT_ADMIN'] : $user->lang['ACTIVATION_EMAIL_SENT'];
+			$message .= '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
+			trigger_error($message);
+		}
+
+		$template->assign_vars(array(
+			'USERNAME'			=> $username,
+			'EMAIL'				=> $email,
+			'S_PROFILE_ACTION'	=> append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=resend_act'))
+		);
+
+		$this->tpl_name = 'ucp_resend';
+		$this->page_title = 'UCP_RESEND';
+	}
+}

includes/ucp/ucp_zebra.php

@@ -0,0 +1,296 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+class ucp_zebra
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher;
+
+		$submit	= (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false;
+		$s_hidden_fields = '';
+
+		$l_mode = strtoupper($mode);
+
+		if ($submit)
+		{
+			$data = $error = array();
+			$updated = false;
+
+			$var_ary = array(
+				'usernames'	=> array(0),
+				'add'		=> '',
+			);
+
+			foreach ($var_ary as $var => $default)
+			{
+				$data[$var] = $request->variable($var, $default, true);
+			}
+
+			if (!empty($data['add']) || count($data['usernames']))
+			{
+				if (confirm_box(true))
+				{
+					// Remove users
+					if (!empty($data['usernames']))
+					{
+						$user_ids = $data['usernames'];
+
+						/**
+						* Remove users from friends/foes
+						*
+						* @event core.ucp_remove_zebra
+						* @var	string	mode		Zebra type: friends|foes
+						* @var	array	user_ids	User ids we remove
+						* @since 3.1.0-a1
+						*/
+						$vars = array('mode', 'user_ids');
+						extract($phpbb_dispatcher->trigger_event('core.ucp_remove_zebra', compact($vars)));
+
+						$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
+							WHERE user_id = ' . $user->data['user_id'] . '
+								AND ' . $db->sql_in_set('zebra_id', $user_ids);
+						$db->sql_query($sql);
+
+						$updated = true;
+					}
+
+					// Add users
+					if ($data['add'])
+					{
+						$data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add'])));
+
+						// Do these name/s exist on a list already? If so, ignore ... we could be
+						// 'nice' and automatically handle names added to one list present on
+						// the other (by removing the existing one) ... but I have a feeling this
+						// may lead to complaints
+						$sql = 'SELECT z.*, u.username, u.username_clean
+							FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u
+							WHERE z.user_id = ' . $user->data['user_id'] . '
+								AND u.user_id = z.zebra_id';
+						$result = $db->sql_query($sql);
+
+						$friends = $foes = array();
+						while ($row = $db->sql_fetchrow($result))
+						{
+							if ($row['friend'])
+							{
+								$friends[] = utf8_clean_string($row['username']);
+							}
+							else
+							{
+								$foes[] = utf8_clean_string($row['username']);
+							}
+						}
+						$db->sql_freeresult($result);
+
+						// remove friends from the username array
+						$n = count($data['add']);
+						$data['add'] = array_diff($data['add'], $friends);
+
+						if (count($data['add']) < $n && $mode == 'foes')
+						{
+							$error[] = $user->lang['NOT_ADDED_FOES_FRIENDS'];
+						}
+
+						// remove foes from the username array
+						$n = count($data['add']);
+						$data['add'] = array_diff($data['add'], $foes);
+
+						if (count($data['add']) < $n && $mode == 'friends')
+						{
+							$error[] = $user->lang['NOT_ADDED_FRIENDS_FOES'];
+						}
+
+						// remove the user himself from the username array
+						$n = count($data['add']);
+						$data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username'])));
+
+						if (count($data['add']) < $n)
+						{
+							$error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF'];
+						}
+
+						unset($friends, $foes, $n);
+
+						if (count($data['add']))
+						{
+							$sql = 'SELECT user_id, user_type
+								FROM ' . USERS_TABLE . '
+								WHERE ' . $db->sql_in_set('username_clean', $data['add']) . '
+									AND user_type <> ' . USER_INACTIVE;
+							$result = $db->sql_query($sql);
+
+							$user_id_ary = array();
+							while ($row = $db->sql_fetchrow($result))
+							{
+								if ($row['user_id'] != ANONYMOUS && $row['user_type'] != USER_IGNORE)
+								{
+									$user_id_ary[] = $row['user_id'];
+								}
+								else if ($row['user_id'] != ANONYMOUS)
+								{
+									$error[] = $user->lang['NOT_ADDED_' . $l_mode . '_BOTS'];
+								}
+								else
+								{
+									$error[] = $user->lang['NOT_ADDED_' . $l_mode . '_ANONYMOUS'];
+								}
+							}
+							$db->sql_freeresult($result);
+
+							if (count($user_id_ary))
+							{
+								// Remove users from foe list if they are admins or moderators
+								if ($mode == 'foes')
+								{
+									$perms = array();
+									foreach ($auth->acl_get_list($user_id_ary, array('a_', 'm_')) as $forum_id => $forum_ary)
+									{
+										foreach ($forum_ary as $auth_option => $user_ary)
+										{
+											$perms = array_merge($perms, $user_ary);
+										}
+									}
+
+									$perms = array_unique($perms);
+
+									if (count($perms))
+									{
+										$error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN'];
+									}
+
+									// This may not be right ... it may yield true when perms equate to deny
+									$user_id_ary = array_diff($user_id_ary, $perms);
+									unset($perms);
+								}
+
+								if (count($user_id_ary))
+								{
+									$sql_mode = ($mode == 'friends') ? 'friend' : 'foe';
+
+									$sql_ary = array();
+									foreach ($user_id_ary as $zebra_id)
+									{
+										$sql_ary[] = array(
+											'user_id'		=> (int) $user->data['user_id'],
+											'zebra_id'		=> (int) $zebra_id,
+											$sql_mode		=> 1
+										);
+									}
+
+									/**
+									* Add users to friends/foes
+									*
+									* @event core.ucp_add_zebra
+									* @var	string	mode		Zebra type:
+									*							friends|foes
+									* @var	array	sql_ary		Array of
+									*							entries we add
+									* @since 3.1.0-a1
+									*/
+									$vars = array('mode', 'sql_ary');
+									extract($phpbb_dispatcher->trigger_event('core.ucp_add_zebra', compact($vars)));
+
+									$db->sql_multi_insert(ZEBRA_TABLE, $sql_ary);
+
+									$updated = true;
+								}
+								unset($user_id_ary);
+							}
+							else if (!count($error))
+							{
+								$error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE'];
+							}
+						}
+					}
+
+					if ($request->is_ajax())
+					{
+						$message = ($updated) ? $user->lang[$l_mode . '_UPDATED'] : implode('<br />', $error);
+
+						$json_response = new \phpbb\json_response;
+						$json_response->send(array(
+							'success' => $updated,
+
+							'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
+							'MESSAGE_TEXT'	=> $message,
+							'REFRESH_DATA'	=> array(
+								'time'	=> 3,
+								'url'		=> $this->u_action
+							)
+						));
+					}
+					else if ($updated)
+					{
+						meta_refresh(3, $this->u_action);
+						$message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((count($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+						trigger_error($message);
+					}
+					else
+					{
+						$template->assign_var('ERROR', implode('<br />', $error));
+					}
+				}
+				else
+				{
+					confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
+						'mode'		=> $mode,
+						'submit'	=> true,
+						'usernames'	=> $data['usernames'],
+						'add'		=> $data['add']))
+					);
+				}
+			}
+		}
+
+		$sql_and = ($mode == 'friends') ? 'z.friend = 1' : 'z.foe = 1';
+		$sql = 'SELECT z.*, u.username, u.username_clean
+			FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u
+			WHERE z.user_id = ' . $user->data['user_id'] . "
+				AND $sql_and
+				AND u.user_id = z.zebra_id
+			ORDER BY u.username_clean ASC";
+		$result = $db->sql_query($sql);
+
+		$s_username_options = '';
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$s_username_options .= '<option value="' . $row['zebra_id'] . '">' . $row['username'] . '</option>';
+		}
+		$db->sql_freeresult($result);
+
+		$template->assign_vars(array(
+			'L_TITLE'			=> $user->lang['UCP_ZEBRA_' . $l_mode],
+
+			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=add'),
+
+			'S_USERNAME_OPTIONS'	=> $s_username_options,
+			'S_HIDDEN_FIELDS'		=> $s_hidden_fields,
+			'S_UCP_ACTION'			=> $this->u_action)
+		);
+
+		$this->tpl_name = 'ucp_zebra_' . $mode;
+		$this->page_title = 'UCP_ZEBRA_' . $l_mode;
+	}
+}