~quam-plures-core/quam-plures/qp5_final_branch : revision 7480.1.6

1

<?php

2

/**

3

* This file sends an email to the user!

4

*

5

* It's the form action for {@link _msgform.disp.php}.

6

*

7

* This file is part of Quam Plures - {@link http://quamplures.net/}

8

* See also {@link https://launchpad.net/quam-plures}.

9

*

10

11

12

13

*

14

* {@internal License choice

15

* - If you have received this file as part of a package, please find the license.txt file in

16

* the same folder or the closest folder above for complete license terms.

17

* - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)

18

* then you must choose one of the following licenses before using the file:

19

* - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php

20

* - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php

21

* }}

22

*

23

* {@internal Open Source relicensing agreement:

24

* Daniel HAHLER grants Francois PLANQUE the right to license

25

* Daniel HAHLER's contributions to this file and the b2evolution project

26

* under any OSI approved OSS license (http://www.opensource.org/licenses/).

27

* }}

28

*

29

* @author Jeff Bearer - {@link http://www.jeffbearer.com/} + blueyed, fplanque

30

*

31

* @todo dh> we should use the current_User's ID, if he's logged in here. It seems that only the message form gets pre-filled with hidden fields currently.

32

*

33

* @package pond

34

*/

35

36

/**

37

* Includes

38

*/

39

require_once dirname(__FILE__).'/../qp_config/_config.php';

40

41

require_once $inc_path.'_main.inc.php';

42

43

header( 'Content-Type: text/html; charset='.$io_charset );

44

45

46

// TODO: Flood protection (Use Hit class to prevent mass mailings to members..)

47

48

// --------------------------------------------------

49

// TODO: fp> v2.0: this bloats this file. MOVE to msg_remove.php or sth alike

50

if( param( 'optout_cmt_email', 'string', '' ) )

51

{ // an anonymous commentator wants to opt-out from receiving mails through a message form:

52

53

if( param( 'req_ID', 'string', '' ) )

54

{ // clicked on link from e-mail

55

if( $req_ID == $Session->get( 'core.msgform.optout_cmt_reqID' )

56

&& $optout_cmt_email == $Session->get( 'core.msgform.optout_cmt_email' ) )

57

{

58

$DB->query( '

59

UPDATE T_comments

60

SET comment_allow_msgform = 0

61

WHERE comment_author_email = '.$DB->quote($optout_cmt_email) );

62

63

$Messages->add( T_('All your comments have been marked not to allow emailing you through a message form.'), 'success' );

64

65

$Session->delete('core.msgform.optout_cmt_email');

66

}

67

else

68

{

69

$Messages->add( T_('The request not to receive emails through a message form for your comments failed.'), 'error' );

70

}

71

72

$Messages->display();

73

exit(0);

74

}

75

76

$req_ID = generate_random_key(32);

77

78

$message = sprintf( T_("We have received a request that you do not want to receive emails through\na message form on your comments anymore.\n\nTo confirm that this request is from you, please click on the following link:") )

79

."\n\n"

80

.$srvc_url.'message_send.php?optout_cmt_email='.$optout_cmt_email.'&req_ID='.$req_ID

81

."\n\n"

82

.T_('Please note:')

83

.' '.T_('For security reasons the link is only valid for your current session (by means of your session cookie).')

84

."\n\n"

85

.T_('If it was not you that requested this, simply ignore this mail.');

86

87

if( send_mail( $optout_cmt_email, NULL, T_('Confirm opt-out for emails through message form'), $message ) )

88

{

89

echo T_('An email has been sent to you, with a link to confirm your request not to receive emails through the comments you have made on this blog.');

90

$Session->set( 'core.msgform.optout_cmt_email', $optout_cmt_email );

91

$Session->set( 'core.msgform.optout_cmt_reqID', $req_ID );

92

}

93

else

94

{

95

$Messages->add( T_('Sorry, could not send email.')

96

.'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' );

97

}

98

99

exit(0);

100

}

101

// END OF BLOCK TO BE MOVED

102

// --------------------------------------------------

103

104

105

// Getting GET or POST parameters:

106

param( 'blog', 'integer', '' );

107

param( 'recipient_id', 'integer', '' );

108

param( 'post_id', 'integer', '' );

109

param( 'comment_id', 'integer', '' );

110

// Note: we use funky field names in order to defeat the most basic guestbook spam bots:

111

$sender_name = param( 'd', 'string', '' );

112

$sender_address = param( 'f', 'string', '' );

113

$subject = param( 'g', 'string', '' );

114

$message = param( 'h', 'html', '' ); // We accept html but we will NEVER display it

115

116

// Prevent register_globals injection!

117

$recipient_address = '';

118

$recipient_name = '';

119

$recipient_User = NULL;

120

$Comment = NULL;

121

122

// Core param validation

123

if( empty($sender_name) )

124

{

125

$Messages->add( T_('Please fill in your name.'), 'error' );

126

}

127

if( empty($sender_address) )

128

{

129

$Messages->add( T_('Please fill in your email.'), 'error' );

130

}

131

elseif( !is_email($sender_address) || antispam_check( $sender_address ) ) // TODO: dh> using antispam_check() here might not allow valid users to contact the admin in case of problems due to the antispam list itself.. :/

132

{

133

$Messages->add( T_('Supplied email address is invalid.'), 'error' );

134

}

135

136

if( empty($subject) )

137

{

138

$Messages->add( T_('Please fill in the subject of your message.'), 'error' );

139

}

140

141

if( empty( $message ) )

142

{ // message should not be empty!

143

$Messages->add( T_('Please do not send empty messages.'), 'error' );

144

}

145

elseif( $antispam_on_message_form && antispam_check( $message ) )

146

{ // a blacklisted keyword ha sbeen found in the message:

147

$Messages->add( T_('The supplied message is invalid / appears to be spam.'), 'error' );

148

}

149

150

151

// Build message footer:

152

$BlogCache = & get_Cache( 'BlogCache' );

153

$message_footer = '';

154

if( !empty( $comment_id ) )

155

{

156

// Getting current blog info:

157

$Blog = & $BlogCache->get_by_ID( $blog ); // Required

158

$message_footer .= T_('Message sent from your comment:') . "\n"

159

.url_add_param( $Blog->get('url'), 'p='.$post_id.'#'.$comment_id, '&' )

160

."\n\n";

161

}

162

elseif( !empty( $post_id ) )

163

{

164

// Getting current blog info:

165

$Blog = & $BlogCache->get_by_ID( $blog ); // Required

166

$message_footer .= T_('Message sent from your post:') . "\n"

167

.url_add_param( $Blog->get('url'), 'p='.$post_id, '&' )

168

."\n\n";

169

}

170

else

171

{

172

// Getting current blog info:

173

$Blog = & $BlogCache->get_by_ID( $blog, true, false ); // Optional

174

}

175

176

177

if( ! empty( $recipient_id ) )

178

{ // Get the email address for the recipient if a member:

179

$UserCache = & get_Cache( 'UserCache' );

180

$recipient_User = & $UserCache->get_by_ID( $recipient_id );

181

182

if( empty($recipient_User->allow_msgform) )

183

{ // should be prevented by UI

184

debug_die( 'Invalid recipient!' );

185

}

186

187

$recipient_name = trim($recipient_User->get('preferredname'));

188

$recipient_address = $recipient_User->get('email');

189

190

// Change the locale so the email is in the recipients language

191

locale_temp_switch($recipient_User->locale);

192

}

193

elseif( ! empty( $comment_id ) )

194

{ // Get the email address for the recipient if a visiting commenter.

195

196

// Load comment from DB:

197

$row = $DB->get_row(

198

'SELECT *

199

FROM T_comments

200

WHERE comment_ID = '.$comment_id, ARRAY_A );

201

$Comment = new Comment( $row );

202

203

if( $comment_author_User = & $Comment->get_author_User() )

204

{ // Comment is from a registered user:

205

if( ! $comment_author_User->allow_msgform )

206

{ // should be prevented by UI

207

debug_die( 'Invalid recipient!' );

208

}

209

$recipient_User = & $comment_author_User;

210

}

211

elseif( empty($Comment->allow_msgform) )

212

{ // should be prevented by UI

213

debug_die( 'Invalid recipient!' );

214

}

215

216

$recipient_name = trim($Comment->get_author_name());

217

$recipient_address = $Comment->get_author_email();

218

219

// We don't know the recipient's language - Change the locale so the email is in the blog's language:

220

locale_temp_switch($Blog->locale);

221

}

222

223

if( empty($recipient_address) )

224

{ // should be prevented by UI

225

debug_die( 'No recipient specified!' );

226

}

227

228

229

// opt-out links:

230

if( $recipient_User )

231

{ // Member:

232

if( !empty( $Blog ) )

233

{

234

$message_footer .= T_("You can edit your profile to not reveive mails through a form:")

235

."\n".url_add_param( str_replace( '&', '&', $Blog->get('url') ), 'disp=profile', '&' );

236

}

237

// TODO: else go to admin

238

}

239

elseif( $Comment )

240

{ // Visitor:

241

$message_footer .= T_("Click on the following link to not receive e-mails on your comments\nfor this e-mail address anymore:")

242

."\n".$srvc_url.'message_send.php?optout_cmt_email='.rawurlencode($Comment->author_email);

243

}

244

245

246

// Trigger event: a Plugin could add a $category="error" message here..

247

$Plugins->trigger_event( 'BeforeSendMessage', array(

248

'recipient_ID' => & $recipient_id,

249

'item_ID' => $post_id,

250

'comment_ID' => $comment_id,

251

'subject' => & $subject,

252

'message' => & $message,

253

'message_footer' => & $message_footer,

254

'Blog' => & $Blog,

255

'sender_name' => & $sender_name,

256

'sender_email' => & $sender_address,

257

) );

258

259

260

if( $Messages->count( 'error' ) )

261

{ // there were errors: display them and get out of here

262

$Messages->display( T_('Cannot send email, please correct these errors:'),

263

'[<a href="javascript:history.go(-1)">'. T_('Back to email editing') . '</a>]' );

264

exit(0);

265

}

266

267

if( !empty( $Blog ) )

268

{

269

$message = $message

270

."\n\n-- \n"

271

.sprintf( T_('This message was sent via the messaging system on %s.'), $Blog->name )."\n"

272

.$Blog->get('url')."\n\n"

273

.$message_footer;

274

}

275

else

276

{

277

$message = $message

278

."\n\n-- \n"

279

.sprintf( T_('This message was sent via the messaging system on %s.'), $app_baseurl )."\n\n"

280

.$message_footer;

281

}

282

283

// Send mail

284

$success_mail = send_mail( $recipient_address, $recipient_name, $subject, $message, $sender_address, $sender_name );

285

286

287

// Plugins should cleanup their temporary data here:

288

$Plugins->trigger_event( 'AfterSendMessage' );

289

290

291

// restore the locale to the blog visitor language

292

locale_restore_previous();

293

294

if( $success_mail )

295

{

296

// Never say to whom we sent the email -- prevent user enumeration.

297

$Messages->add( T_('Your message has been sent.'), 'success' );

298

}

299

else

300

{

301

$Messages->add( T_('Sorry, could not send email.')

302

.'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' );

303

}

304

305

306

// Header redirection

307

header_nocache();

308

// redirect Will save $Messages into Session:

309

header_redirect(); // exits!

310

311

312

?>

b'\\ No newline at end of file'