3
* This file sends an email to the user!
5
* It's the form action for {@link _msgform.disp.php}.
7
* This file is part of Quam Plures - {@link http://quamplures.net/}
8
* See also {@link https://launchpad.net/quam-plures}.
10
* @copyright (c) 2009 by the Quam Plures developers - {@link http://quamplures.net/}
11
* @copyright (c)2003-2009 by Francois PLANQUE - {@link http://fplanque.net/}
12
* Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}.
14
* {@internal License choice
15
* - If you have received this file as part of a package, please find the license.txt file in
16
* the same folder or the closest folder above for complete license terms.
17
* - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
18
* then you must choose one of the following licenses before using the file:
19
* - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
20
* - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
23
* {@internal Open Source relicensing agreement:
24
* Daniel HAHLER grants Francois PLANQUE the right to license
25
* Daniel HAHLER's contributions to this file and the b2evolution project
26
* under any OSI approved OSS license (http://www.opensource.org/licenses/).
29
* @author Jeff Bearer - {@link http://www.jeffbearer.com/} + blueyed, fplanque
31
* @todo dh> we should use the current_User's ID, if he's logged in here. It seems that only the message form gets pre-filled with hidden fields currently.
39
require_once dirname(__FILE__).'/../qp_config/_config.php';
41
require_once $inc_path.'_main.inc.php';
43
header( 'Content-Type: text/html; charset='.$io_charset );
46
// TODO: Flood protection (Use Hit class to prevent mass mailings to members..)
48
// --------------------------------------------------
49
// TODO: fp> v2.0: this bloats this file. MOVE to msg_remove.php or sth alike
50
if( param( 'optout_cmt_email', 'string', '' ) )
51
{ // an anonymous commentator wants to opt-out from receiving mails through a message form:
53
if( param( 'req_ID', 'string', '' ) )
54
{ // clicked on link from e-mail
55
if( $req_ID == $Session->get( 'core.msgform.optout_cmt_reqID' )
56
&& $optout_cmt_email == $Session->get( 'core.msgform.optout_cmt_email' ) )
60
SET comment_allow_msgform = 0
61
WHERE comment_author_email = '.$DB->quote($optout_cmt_email) );
63
$Messages->add( T_('All your comments have been marked not to allow emailing you through a message form.'), 'success' );
65
$Session->delete('core.msgform.optout_cmt_email');
69
$Messages->add( T_('The request not to receive emails through a message form for your comments failed.'), 'error' );
76
$req_ID = generate_random_key(32);
78
$message = sprintf( T_("We have received a request that you do not want to receive emails through\na message form on your comments anymore.\n\nTo confirm that this request is from you, please click on the following link:") )
80
.$srvc_url.'message_send.php?optout_cmt_email='.$optout_cmt_email.'&req_ID='.$req_ID
83
.' '.T_('For security reasons the link is only valid for your current session (by means of your session cookie).')
85
.T_('If it was not you that requested this, simply ignore this mail.');
87
if( send_mail( $optout_cmt_email, NULL, T_('Confirm opt-out for emails through message form'), $message ) )
89
echo T_('An email has been sent to you, with a link to confirm your request not to receive emails through the comments you have made on this blog.');
90
$Session->set( 'core.msgform.optout_cmt_email', $optout_cmt_email );
91
$Session->set( 'core.msgform.optout_cmt_reqID', $req_ID );
95
$Messages->add( T_('Sorry, could not send email.')
96
.'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' );
101
// END OF BLOCK TO BE MOVED
102
// --------------------------------------------------
105
// Getting GET or POST parameters:
106
param( 'blog', 'integer', '' );
107
param( 'recipient_id', 'integer', '' );
108
param( 'post_id', 'integer', '' );
109
param( 'comment_id', 'integer', '' );
110
// Note: we use funky field names in order to defeat the most basic guestbook spam bots:
111
$sender_name = param( 'd', 'string', '' );
112
$sender_address = param( 'f', 'string', '' );
113
$subject = param( 'g', 'string', '' );
114
$message = param( 'h', 'html', '' ); // We accept html but we will NEVER display it
116
// Prevent register_globals injection!
117
$recipient_address = '';
118
$recipient_name = '';
119
$recipient_User = NULL;
122
// Core param validation
123
if( empty($sender_name) )
125
$Messages->add( T_('Please fill in your name.'), 'error' );
127
if( empty($sender_address) )
129
$Messages->add( T_('Please fill in your email.'), 'error' );
131
elseif( !is_email($sender_address) || antispam_check( $sender_address ) ) // TODO: dh> using antispam_check() here might not allow valid users to contact the admin in case of problems due to the antispam list itself.. :/
133
$Messages->add( T_('Supplied email address is invalid.'), 'error' );
136
if( empty($subject) )
138
$Messages->add( T_('Please fill in the subject of your message.'), 'error' );
141
if( empty( $message ) )
142
{ // message should not be empty!
143
$Messages->add( T_('Please do not send empty messages.'), 'error' );
145
elseif( $antispam_on_message_form && antispam_check( $message ) )
146
{ // a blacklisted keyword ha sbeen found in the message:
147
$Messages->add( T_('The supplied message is invalid / appears to be spam.'), 'error' );
151
// Build message footer:
152
$BlogCache = & get_Cache( 'BlogCache' );
153
$message_footer = '';
154
if( !empty( $comment_id ) )
156
// Getting current blog info:
157
$Blog = & $BlogCache->get_by_ID( $blog ); // Required
158
$message_footer .= T_('Message sent from your comment:') . "\n"
159
.url_add_param( $Blog->get('url'), 'p='.$post_id.'#'.$comment_id, '&' )
162
elseif( !empty( $post_id ) )
164
// Getting current blog info:
165
$Blog = & $BlogCache->get_by_ID( $blog ); // Required
166
$message_footer .= T_('Message sent from your post:') . "\n"
167
.url_add_param( $Blog->get('url'), 'p='.$post_id, '&' )
172
// Getting current blog info:
173
$Blog = & $BlogCache->get_by_ID( $blog, true, false ); // Optional
177
if( ! empty( $recipient_id ) )
178
{ // Get the email address for the recipient if a member:
179
$UserCache = & get_Cache( 'UserCache' );
180
$recipient_User = & $UserCache->get_by_ID( $recipient_id );
182
if( empty($recipient_User->allow_msgform) )
183
{ // should be prevented by UI
184
debug_die( 'Invalid recipient!' );
187
$recipient_name = trim($recipient_User->get('preferredname'));
188
$recipient_address = $recipient_User->get('email');
190
// Change the locale so the email is in the recipients language
191
locale_temp_switch($recipient_User->locale);
193
elseif( ! empty( $comment_id ) )
194
{ // Get the email address for the recipient if a visiting commenter.
196
// Load comment from DB:
200
WHERE comment_ID = '.$comment_id, ARRAY_A );
201
$Comment = new Comment( $row );
203
if( $comment_author_User = & $Comment->get_author_User() )
204
{ // Comment is from a registered user:
205
if( ! $comment_author_User->allow_msgform )
206
{ // should be prevented by UI
207
debug_die( 'Invalid recipient!' );
209
$recipient_User = & $comment_author_User;
211
elseif( empty($Comment->allow_msgform) )
212
{ // should be prevented by UI
213
debug_die( 'Invalid recipient!' );
216
$recipient_name = trim($Comment->get_author_name());
217
$recipient_address = $Comment->get_author_email();
219
// We don't know the recipient's language - Change the locale so the email is in the blog's language:
220
locale_temp_switch($Blog->locale);
223
if( empty($recipient_address) )
224
{ // should be prevented by UI
225
debug_die( 'No recipient specified!' );
230
if( $recipient_User )
232
if( !empty( $Blog ) )
234
$message_footer .= T_("You can edit your profile to not reveive mails through a form:")
235
."\n".url_add_param( str_replace( '&', '&', $Blog->get('url') ), 'disp=profile', '&' );
237
// TODO: else go to admin
241
$message_footer .= T_("Click on the following link to not receive e-mails on your comments\nfor this e-mail address anymore:")
242
."\n".$srvc_url.'message_send.php?optout_cmt_email='.rawurlencode($Comment->author_email);
246
// Trigger event: a Plugin could add a $category="error" message here..
247
$Plugins->trigger_event( 'BeforeSendMessage', array(
248
'recipient_ID' => & $recipient_id,
249
'item_ID' => $post_id,
250
'comment_ID' => $comment_id,
251
'subject' => & $subject,
252
'message' => & $message,
253
'message_footer' => & $message_footer,
255
'sender_name' => & $sender_name,
256
'sender_email' => & $sender_address,
260
if( $Messages->count( 'error' ) )
261
{ // there were errors: display them and get out of here
262
$Messages->display( T_('Cannot send email, please correct these errors:'),
263
'[<a href="javascript:history.go(-1)">'. T_('Back to email editing') . '</a>]' );
267
if( !empty( $Blog ) )
271
.sprintf( T_('This message was sent via the messaging system on %s.'), $Blog->name )."\n"
272
.$Blog->get('url')."\n\n"
279
.sprintf( T_('This message was sent via the messaging system on %s.'), $app_baseurl )."\n\n"
284
$success_mail = send_mail( $recipient_address, $recipient_name, $subject, $message, $sender_address, $sender_name );
287
// Plugins should cleanup their temporary data here:
288
$Plugins->trigger_event( 'AfterSendMessage' );
291
// restore the locale to the blog visitor language
292
locale_restore_previous();
296
// Never say to whom we sent the email -- prevent user enumeration.
297
$Messages->add( T_('Your message has been sent.'), 'success' );
301
$Messages->add( T_('Sorry, could not send email.')
302
.'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' );
306
// Header redirection
308
// redirect Will save $Messages into Session:
309
header_redirect(); // exits!
b'\\ No newline at end of file'