/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function contactemail($uid, $author, $authoremail, $subject, $message) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail) && strpos($authoremail, '@') === false) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}"); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } $subject = COM_stripslashes($subject); $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter(); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $message = strip_tags($message) . $sig; if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; $sent = COM_mail($from, $subject, $ccmessage, $from); } COM_updateSpeedlimit('mail'); $retval .= COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85')); } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } return $retval; }
/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function contactemail($uid, $author, $authoremail, $subject, $message, $html = 0) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG_LOGIN; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser()) { if (!SEC_inGroup('Contact', (int) $uid)) { if (($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { $display = COM_siteHeader('menu', $LANG_LOGIN[1]); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } } } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = " . (int) $uid); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail)) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags($sig); $sig = "\n\n-- \n" . $sig; } } $subject = COM_filterHTML($subject); $message = COM_filterHTML($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { $subject = @htmlspecialchars($subject, ENT_QUOTES, COM_getEncodingt()); $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter(); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); if ($html) { $message = $message . $sig; } else { $message = strip_tags($message) . $sig; } $to = array(); $from = array(); if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $rc = COM_mail($to, $subject, $message, $from, $html); COM_updateSpeedlimit('mail'); if (COM_isAnonUser() && $_CONF['profileloginrequired'] == true) { $redirectURL = $_CONF['site_url'] . '/index.php?msg='; } else { $redirectURL = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg='; } if ($rc === false) { $retval .= COM_refresh($redirectURL . '26'); } else { $retval .= COM_refresh($redirectURL . '27'); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt()); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt()); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } return $retval; }