function uddeIMdrawWriteform($myself, $my_gid, $item_id, $backto, $recipname, $pmessage, $messageid, $dwf_isreply, $dwf_errorcode, $dwf_sysgm, $config) {
$pathtouser = uddeIMgetPath('user');
$pathtosite = uddeIMgetPath('live_site');
// possible values for dwf_errorcode:
// 0 = no error
// 1 = no error, show complete userlist
// 2 = don't send to yourself
// 3 = username not found
// 4 = no message
// 5 = no username
// 6 = too many recipients
// 7 = wrong captcha code
// 8 = does not allow public messages
// 9 = one user has blocked you
// 10 = sending to this group not allowed
// 11 = contact list not found
// 12 = error in from name (n/a, public frontend only)
// 13 = error in from email (n/a, public frontend only)
// 14 = time delay for spam protection
// 15 = csrf protection
// 16 = administrative blocking
// 17 = user is banned
// 18 = file upload failed
// 19 = file size exceeded
// 20 - file type not allowed
// 21 - bad words
// This functions expects values stripslashed
// allowed to send messages?
if ($config->waitdays && uddeIMisReggedOnly($my_gid)) {
$rightnow=uddetime($config->timezone);
$offset=((float)$config->waitdays) * 86400;
$timeframe=$rightnow-$offset;
$registerDate=uddeIMgetRegisterDate($myself, $config);
// $registerDate=mktime(0, 0, 0, 3, 28, 2010);
if ($timeframe<$registerDate) {
$temp = ($registerDate-$timeframe)/86400;
$showinboxlimit_borderbottom = "<span class='uddeim-warning'>";
if ($temp>=1)
$showinboxlimit_borderbottom.= _UDDEIM_WAITDAYS1.sprintf("%0.1f", $temp)._UDDEIM_WAITDAYS2;
else
$showinboxlimit_borderbottom.= _UDDEIM_WAITDAYS1.sprintf("%0.1f", $temp*24)._UDDEIM_WAITDAYS2H;
$showinboxlimit_borderbottom.= "</span>";
echo "<div id='uddeim-bottomlines'>".$showinboxlimit_borderbottom."</div>";
return;
}
}
echo "<div id='uddeim-writeform'>\n";
if ($dwf_sysgm) {
echo "<br />";
echo "<form enctype='multipart/form-data' name='sendeform' method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=savesysgm&Itemid=".$item_id)."'>\n";
uddeIMwriteCSRF($config);
echo "<p><input type='checkbox' checked='checked' name='sysgm_sys' value='1' />"._UDDEIM_SEND_ASSYSM."</p>\n";
if ($config->showgroups) {
echo "<p><select name='sysgm_universe' size='1'>";
echo "<option value='sysgm_toall'>"._UDDEIM_SEND_TOALL."</option>";
echo "<option value='sysgm_toallspecial'>"._UDDEIM_SEND_TOALLSPECIAL."</option>";
echo "<option value='sysgm_toalladmins'>"._UDDEIM_SEND_TOALLADMINS."</option>";
echo "<option value='sysgm_toalllogged'>"._UDDEIM_SEND_TOALLLOGGED."</option>";
$groups = uddeIMselectAROgroups();
foreach ($groups as $group) {
$groupid = $group->id;
$groupname = $group->name;
echo "<option value='".$groupid."'>".$groupname."</option>";
}
echo "</select></p>";
} else {
echo "<p><input type='radio' name='sysgm_universe' value='sysgm_toall' />"._UDDEIM_SEND_TOALL."<br />\n";
echo "<input type='radio' name='sysgm_universe' checked='checked' value='sysgm_toallspecial' />"._UDDEIM_SEND_TOALLSPECIAL."<br />\n";
echo "<input type='radio' name='sysgm_universe' checked='checked' value='sysgm_toalladmins' />"._UDDEIM_SEND_TOALLADMINS."<br />\n";
echo "<input type='radio' name='sysgm_universe' value='sysgm_toalllogged' />"._UDDEIM_SEND_TOALLLOGGED."</p>\n";
}
echo "<p>"._UDDEIM_VALIDFOR_1;
echo "<input name='sysgm_validfor' type='text' size='4' />"._UDDEIM_VALIDFOR_2."</p>\n";
echo "<p>"._UDDEIM_SYSGM_SHORTHELP."</p>\n";
} else {
echo "<br />";
echo "<form enctype='multipart/form-data' name='sendeform' method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=save&Itemid=".$item_id)."'>";
echo "<input type='hidden' name='sendeform_showallusers' value='' />\n";
uddeIMwriteCSRF($config);
if (uddeIMgetEMNmoderated($myself) ) { //&& uddeIMisReggedOnly($my_gid)) {
echo "<p>"._UDDEIM_MCP_MODERATED."</p>";
}
}
echo "\n";
if($dwf_errorcode==0 && $backto) {
echo "<input type='hidden' name='backto' value='".htmlspecialchars($backto)."' />";
}
if(!$dwf_sysgm) {
if($dwf_isreply!=1) { // if this is NOT a reply
echo "<table width='100%' cellspacing='0' cellpadding='0' width='100%'>";
if(0 && $dwf_errorcode==0 && $recipname) { // BUGBUG "0 &&". don't need this case
echo "<tr><td valign='top'>";
echo "<b>".$recipname."</b>";
echo "<input type='hidden' name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> ";
echo "</td></tr>";
} else {
// START FIRST LINE IN TABLE (contains two fields: TO USER and select from ALL USER list)
echo "<tr><td valign='top'>";
// if ($dwf_errorcode==0 && $recipname) { // does not really make sense
// echo "<a href='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=new&Itemid=".$item_id)."'>"._UDDEIM_TODP."</a>";
// } else {
echo "<span title='".($config->allowmultipleuser ? _UDDEIM_TODP_TITLE_CC : _UDDEIM_TODP_TITLE)."'>";
echo _UDDEIM_TODP;
// }
echo "<br />";
if($dwf_errorcode==2 || $dwf_errorcode==3 || $dwf_errorcode==5 ||
$dwf_errorcode==6 || $dwf_errorcode==8 || $dwf_errorcode==9 ||
$dwf_errorcode==10 || $dwf_errorcode==11 || $dwf_errorcode==16 ||
$dwf_errorcode==17 || $dwf_errorcode==18 || $dwf_errorcode==19 ||
$dwf_errorcode==20) {
$errorstyle='style="background-color: #ff0000;" ';
} else {
$errorstyle='';
}
echo "<input type='hidden' name='to_id' value='' />";
echo "<input type='hidden' name='messageid' value='".$messageid."' />";
if (!($config->flags & 0x04)) {
echo "<input type='text' ".$errorstyle."name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> ";
} else {
echo "<span ".$errorstyle.">".htmlentities($recipname, ENT_QUOTES, $config->charset)."</span>";
echo "<input type='hidden' name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> ";
}
echo "</span>";
if ($config->useautocomplete) {
uddeIMdoAutocomplete($config);
}
// SECOND FIELD IN FIRST LINE IN TABLE
echo "</td><td valign='top' align='right'>\n";
$allusersallowed = 0;
if( ($config->restrictallusers==0) ||
($config->restrictallusers==1 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) ||
($config->restrictallusers==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) )
$allusersallowed=1;
if (!($config->flags & 0x01) && $allusersallowed) {
if ($config->modeshowallusers==1 || $config->modeshowallusers==2) {
if ($dwf_errorcode==0 && $config->modeshowallusers==1) {
// link to drop down box with names of connected users, value is 2 since it is shown the first time (so selecting the link does not show an error message because of an empty recipient field)
echo "<br />";
echo "<a href=\"#\" onclick=\"document.sendeform.sendeform_showallusers.value='2'; document.sendeform.submit(); return false;\">"._UDDEIM_SHOWUSERS."</a>";
} else { // now show all users
uddeIMdoShowAllUsers($myself, $my_gid, $config, 1);
}
}
}
echo "</td></tr>";
// START SECOND LINE IN TABLE (colspan=2)
if ($dwf_errorcode==3) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_NOSUCHUSER."</td></tr>";
} elseif ($dwf_errorcode==2) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_NOTTOYOURSELF."</td></tr>";
} elseif ($dwf_errorcode==5) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_ENTERNAME."</td></tr>";
} elseif ($dwf_errorcode==6) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_TOOMANYRECIPIENTS."</td></tr>";
} elseif ($dwf_errorcode==7) {
if ($config->captchatype==0) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_WRONGCAPTCHA."</td></tr>";
} else {
echo "<tr><td valign=left colspan=2><span style='background-color: #ff0000;'>"._UDDEIM_WRONGCAPTCHA."</span></td></tr>";
}
} elseif ($dwf_errorcode==8) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_NOPUBLICMSG."</td></tr>";
} elseif ($dwf_errorcode==9) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_ONEUSERBLOCKS."</td></tr>";
} elseif ($dwf_errorcode==10) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_GROUPBLOCKED."</td></tr>";
} elseif ($dwf_errorcode==11) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_NOSUCHLIST."</td></tr>";
} elseif ($dwf_errorcode==12) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINFROMNAME."</td></tr>";
} elseif ($dwf_errorcode==13) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINEMAIL."</td></tr>";
} elseif ($dwf_errorcode==14) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_YOUHAVETOWAIT."</td></tr>";
} elseif ($dwf_errorcode==15) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORCSRF."</td></tr>";
} elseif ($dwf_errorcode==16) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_USERBLOCKED."</td></tr>";
} elseif ($dwf_errorcode==17) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_USERBANNED."</td></tr>";
} elseif ($dwf_errorcode==18) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_FILEUPLOAD_FAILED."</td></tr>";
} elseif ($dwf_errorcode==19) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_FILESIZE_EXCEEDED."</td></tr>";
} elseif ($dwf_errorcode==20) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_FILETYPE_NOTALLOWED."</td></tr>";
} elseif ($dwf_errorcode==21) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_BADWORD."</td></tr>";
}
// START THIRD LINE IN TABLE WHEN CONNECTIONS AVAILABLE
$have_lists=0;
if( ($config->enablelists==1) ||
($config->enablelists==2 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) ||
($config->enablelists==3 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) )
$have_lists=1;
if (!($config->flags & 0x02)) {
if ($config->showconnex || $have_lists) {
// if (uddeIMcheckCB() && $showconnex && !($recipname && $dwf_errorcode==0)) {
uddeIMdoShowConnections($myself, $my_gid, $config); // this creates a third row in table
}
}
}
echo "</table>";
echo "<br />";
} else { // it IS a reply
if ($dwf_errorcode) {
echo "<table width='100%' cellspacing='0' cellpadding='0'>";
if ($dwf_errorcode==7) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_WRONGCAPTCHA."</td></tr>";
} elseif ($dwf_errorcode==13) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINEMAIL."</td></tr>";
} elseif ($dwf_errorcode==14) {
echo "<tr><td valign=left colspan=2>"._UDDEIM_YOUHAVETOWAIT."</td></tr>";
}
echo "</table>";
echo "<br />";
}
echo "<input type='hidden' name='to_id' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> ";
echo "<input type='hidden' name='messageid' value='".$messageid."' />";
echo "<input type='hidden' name='to_name' value='' />";
}
}
if(($config->showtextcounter && $config->maxlength) ||
$config->cryptmode==2 || $config->cryptmode==4) {
uddeIMaddScript($pathtosite."/components/com_uddeim/js/uddeimtools.js");
}
if($config->allowbb || $config->allowsmile) {
uddeIMaddScript($pathtosite."/components/com_uddeim/js/bbsmile.js");
$num = uddeIMdoSmileysEx($config);
uddeIMdoBB($config);
uddeIMdoSmileys($config, $num);
}
// well, I think the complete textarea should be red (or only the label? or both?)
// if($dwf_errorcode==4) {
// $errorstyle=' style="background-color: #ff0000;"';
// } else {
$errorstyle='';
// }
if($dwf_isreply==1) {
echo "<span".$errorstyle.">"._UDDEIM_REPLY."</span>";
} else {
echo "<span".$errorstyle.">"._UDDEIM_MESSAGE."</span>";
}
echo "<br />";
$thestyle = "";
if ($config->width)
$thestyle .= "width: ".(int)$config->width."px; ";
if ($dwf_errorcode==4 || $dwf_errorcode==21)
$thestyle .= "background-color: #ff0000; ";
$errorstyle="";
if ($thestyle!="")
$errorstyle="style='".$thestyle."' ";
// ================================== TEXTBOX/TEXTCOUNTER ==============================
if($config->showtextcounter && $config->maxlength) {
$uc = ($config->showtextcounter) ? "textCount(document.sendeform.pmessage,document.sendeform.characterstyped,".$config->maxlength.");" : "";
echo "<textarea name='pmessage' ".$errorstyle."class='inputbox' rows='".(int)$config->rows."' cols='".(int)$config->cols."' onkeydown='".$uc."' onkeyup='".$uc."'>".$pmessage."</textarea>";
echo "<div class='uddeim-textcounter'>";
echo "<input style='background-color: lightgray;' readonly='readonly' type='text' name='characterstyped' size='4' maxlength='4' value='".$config->maxlength."' /> "._UDDEIM_CHARSLEFT;
echo "</div>";
} else {
echo "<textarea name='pmessage' ".$errorstyle."class='inputbox' rows='".(int)$config->rows."' cols='".(int)$config->cols."'>".$pmessage."</textarea>";
}
// ================================== FILE UPLOAD ==============================
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
uddeIMshowUploadButtons($config);
// ================================== PASSWORD ==============================
// CRYPT
if($config->cryptmode==2 || $config->cryptmode==4) {
echo "<div class='uddeim-password'>";
echo "<a href='javascript:uddeidswap(\"divpass\");'>"._UDDEIM_PASSWORDBOX."</a>";
echo "<span id='divpass' style='visibility:hidden;'>: <input name='cryptpass' value='' />"._UDDEIM_ENCRYPTIONTEXT."</span>";
echo "</div>";
}
// ================================== CAPTCHA ==============================
if ( $config->usecaptcha>=4 || // all users (incl. admins)
($config->usecaptcha==3 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) || // CAPTCHA enabled for public frontend, registered and special users
($config->usecaptcha==2 && !uddeIMisSpecial($my_gid) && !uddeIMisSpecial2($my_gid, $config)) ) { // CAPTCHA enabled for public frontend and registered users (note: 0 is not required since this is done in public.php)
// CAPTCHA
if ($config->captchatype==0) {
if($dwf_errorcode==7) {
$errorstyle='style="background-color: #ff0000;" ';
} else {
$errorstyle='';
}
echo "<div class='uddeim-captcha'>";
echo "<label for='security_code'>"._UDDEIM_SECURITYCODE." </label><input id='security_code' name='security_code' type='text' ".$errorstyle." /> ";
if (class_exists('JFactory')) {
// CAPTCHA15
echo "<img style='vertical-align:middle;' src='".$pathtosite."/components/com_uddeim/captcha15.php' alt='' /><br />";
} else {
// CAPTCHA10
echo "<img style='vertical-align:middle;' src='".$pathtosite."/components/com_uddeim/captcha.php' alt='' /><br />";
}
echo "</div>";
} else {
$pathtouser = uddeIMgetPath('user');
require_once($pathtouser."/recaptchalib.php");
echo "<div class='uddeim-captcha'>";
echo recaptcha_get_html($config->recaptchapub);
echo "</div>";
}
}
// ================================== Show the SEND OPTIONS ==============================
$showoptions = ($config->trashoriginal && $dwf_isreply==1) ||
($config->trashoriginalsent && !$dwf_sysgm) ||
($config->allowcopytome && !$dwf_sysgm) ||
($config->addccline && $config->allowmultipleuser && !$dwf_sysgm) ||
($config->allowemailnotify && $config->emailwithmessage==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ||
($config->allowemailnotify && $dwf_sysgm);
if ($showoptions) {
echo "<div class='uddeim-sendoption'>";
}
if($config->trashoriginal && $dwf_isreply==1) {
echo "<input type='checkbox' value='1' checked='checked' name='tobedeleted' />"._UDDEIM_TRASHORIGINAL." ";
}
if($config->trashoriginalsent && !$dwf_sysgm) {
echo "<input type='checkbox' value='1' name='tobedeletedsent' />"._UDDEIM_TRASHORIGINALSENT." ";
}
if($config->allowcopytome && !$dwf_sysgm) {
echo "<input type='checkbox' value='1' name='copytome' />"._UDDEIM_SENDCOPYTOME." ";
}
if($config->addccline && $config->allowmultipleuser && !$dwf_sysgm) {
echo "<span title='"._UDDEIM_ADDCCINFO_TITLE."'>";
echo "<input type='checkbox' value='1' checked='checked' name='addccinfo' />"._UDDEIM_ADDCCINFO;
echo "</span>";
}
// Email notifications must be on AND emailwithmessage for admins AND its an admin
if($config->allowemailnotify && $config->emailwithmessage==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) {
echo "<span title='"._UDDEAIM_ADDEMAIL_TITLE."'>";
echo "<input type='checkbox' value='1' name='forceembedded' />"._UDDEAIM_ADDEMAIL_SELECT;
echo "</span>";
}
if($config->allowemailnotify && $dwf_sysgm) {
echo "<span><input type='checkbox' value='1' name='sysgm_nonotify' />"._UDDEIM_SEND_NONOTIFY."</span>\n";
}
if ($showoptions) {
echo "</div>";
}
// ================================== SEND BUTTON ==============================
echo "<div class='uddeim-sendbutton'>";
// when going back one page (history(-1)) the button stays disabled
// echo "<input type='submit' name='reply' class='button' onclick=\"this.disabled=true;this.value='"._UDDEIM_PROCESSING."';this.form.submit();\" value='"._UDDEIM_SUBMIT."' /> ";
echo "<input type='submit' name='reply' class='button' value='"._UDDEIM_SUBMIT."' /> ";
echo "</div>";
echo "</form>\n";
echo "</div>\n"; // end of uddeim-writeform
}
/**
* Sends a PM notification
*
* @param cbmypmsproTable $pm
* @param null|string $message
*/
private function sendNotification($pm, $message = null)
{
if (!$pm->get('id')) {
return;
}
$itemId = uddeIMgetItemid($this->uddeIMConfigRAW);
if (!uddeIMexistsEMN($pm->get('toid'))) {
uddeIMinsertEMNdefaults($pm->get('toid'), $this->uddeIMConfigRAW);
}
$emailNotify = $this->uddeIMConfig->get('allowemailnotify', 0);
$isModerated = uddeIMgetEMNmoderated($pm->get('fromid'));
$isReply = stristr($pm->get('message'), $this->uddeIMConfig->get('quotedivider'), '__________');
$isOnline = uddeIMisOnline($pm->get('toid'));
// Strip the html and bbcode as uddeim supports neither in its notification:
$message = strip_tags(uddeIMbbcode_strip($message ? $message : $pm->get('message'), $this->uddeIMConfigRAW));
if (!$isModerated) {
if ($emailNotify == 1 || $emailNotify == 2 && Application::User($pm->get('toid'))->isSuperAdmin()) {
$status = uddeIMgetEMNstatus($pm->get('toid'));
if ($status == 1 || $status == 2 && !$isOnline || $status == 10 && !$isReply || $status == 20 && !$isOnline && !$isReply) {
uddeIMdispatchEMN($pm->get('id'), $itemId, 0, $pm->get('fromid'), $pm->get('toid'), $message, 0, $this->uddeIMConfigRAW);
}
}
}
}
function uddeIMsaveMessage($myself, $to_name, $to_id, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $copytome, $addccinfo, $sendeform_showallusers, $cryptpass, $backto, $config) {
$database = uddeIMgetDatabase();
$to_name = stripslashes($to_name);
// I could have modified this function to process mails to public users but instead of adding
// several exceptions it is better to have an own function for this purpose.
// Everything we need is available here, so we can use this for the new function.
// When we have the public frontend enabled and the user saves a REPLY (=$messageid exists) and the receiver is a public user then do it...
if ($config->pubfrontend && $messageid && !$to_id) {
uddeIMtoPublicSaveMessage($myself, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $copytome, $cryptpass, $backto, $config);
return;
}
$my_gid = $config->usergid;
$to_name_bak = $to_name; // save all already typed in names
if($config->inboxlimit) {
if ($config->allowarchive) { // have an archive and an "archive and inbox" limit, so get number of messages in inbox and archive
$total = uddeIMgetInboxArchiveCount($myself);
} else { // user has switched of archive but there is an limit for "inbox and archive", so count inbox messages only
$total = uddeIMgetInboxCount($myself);
}
if($total>$config->maxarchive && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) {
$mosmsg=_UDDEIM_MSGLIMITREACHED;
uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
}
}
// link to drop down box with names of connected users, value is 2 since it is shown the first time (so selecting the link does not show an error message because of an empty recipient field)
if(!$to_id && !$to_name && $sendeform_showallusers!=2) {
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 5, $config);
return;
}
if($sendeform_showallusers) { // =2, click on button / =1, keep on showing
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 1, $config);
return;
}
$lastsent = uddeIMgetEMNlastsent($myself);
$flooding = 0;
if ($config->timedelay>0) {
if (uddeIMisReggedOnly($config->usergid)) {
if ($lastsent) {
$delay = uddetime($config->timezone) - $lastsent;
if ($delay <= $config->timedelay)
$flooding = 1;
}
}
}
if($flooding) {
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 14, $config);
return;
}
if( ($config->enablelists==1) ||
($config->enablelists==2 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) ||
($config->enablelists==3 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ) {
// when userlists are not enabled, then "#listname" is treated as "normal" username
$ok = uddeIMreplaceListsWithNames($to_name, $myself, $config);
if (!$ok) {
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 11, $config);
return;
}
// the list is ok, so we work with the expanded names from now
$to_name_bak = $to_name; // save all expanded names, we do not want to work with lists because this minimizes db queries
}
if ($config->separator==1)
$anames = explode(";", $to_name);
else
$anames = explode(",", $to_name);
// expand always, so the next condition may be fulfilled
if( ( $config->allowmultiplerecipients && count($anames)>$config->maxrecipients && $config->maxrecipients>0) ||
(!$config->allowmultiplerecipients && count($anames)>1) ) { // too many recipients
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 6, $config);
return;
}
// FIRST ROUND: Check all names that were typed in (lists have been replaced by the corresponding names)
// ATTENTION: $to_name contains one name only below this line, to restore what the user typed in use $to_name_bak
// NOTE: A reply contains a valid $to_id and an emtpy string in $to_name, so the array contains an empty entry here.
foreach ($anames as $value) {
$to_name = trim($value);
// when we have a name, then resolve the name
// remember that replies provide $to_id only and $to_name is empty, so do not try to resolve names when it is empty
if ($to_name) {
$to_id = uddeIMgetIDfromName($to_name, $config, true); // add "AND block=0"
// BUGBUG: maybe it is a good idea to do the query vice versa (so I could add a query for "realname"s here)
if (!$to_id) { // no user with this name found, so try again with username (maybe we do the query twice (see query above, but who cares)
if ($config->realnames) {
$to_id = uddeIMgetIDfromUsername($to_name, true); // add "AND block=0"
}
}
if(!$to_id) { // no user with this username found
// display to form again so that the user can correct his/her fault
// the wrong name is displayed in brackets (add brackets only once)
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 3, $config);
return;
} elseif ($to_id==$myself) { // don't send to yourself
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
// $to_name=stripslashes($to_name_bak); // all names
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 2, $config);
return;
}
}
// now check banning
if (uddeIMisAllNotAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) { // I am not an admin, so check if the recipient has been banned
$is_banned = uddeIMisBanned($to_id, $config);
if ($is_banned) {
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 17, $config);
return;
}
}
// now check blocking
$isblocked = uddeIMcheckBlockerBlocked($to_id, $myself);
// well, should be changed in a way that the user can change his input again
if ($isblocked && $config->blocksystem) { // must not send message to to_id
if ($config->blockalert) { // sending user shall be informed that (s)he's been blocked
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 9, $config);
return;
}
}
// now check group blocking
if (uddeIMisReggedOnly($my_gid)) { // I am a registered user, so check if I am allowed to send to this group
$is_group_blocked = uddeIMisRecipientBlockedReg($myself, $to_id, $config);
if ($is_group_blocked) {
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 10, $config);
return;
}
}
}
if(!$pmessage) {
// write the uddeim menu
$to_name = $to_name_bak;
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 4, $config);
return;
}
// BADWORDFILTER
$temp = trim($config->badwords);
if ($temp) {
$badwordlist = explode(";", $temp);
//$badwordlist = Array();
//$badwordlist[] = 'badword1';
//$badwordlist[] = 'badword2';
$pmessage_orig = $pmessage;
foreach ($badwordlist as $val) {
$tval = trim($val);
$pmessage = preg_replace("/\b$tval\b/i", '***',$pmessage);
}
if ($pmessage_orig!=$pmessage) {
$to_name = $to_name_bak;
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 21, $config);
return;
}
}
// UDDEIMFILE
// We have checked that everything is ok, now do the file uploads
$uploadfile_temppathname = array();
$uploadfile_original = array();
$uploadfile_id = array();
$uploadfile_size = array();
$uploadfile_error = array();
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) {
$noerror = uddeIMhandleAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $uploadfile_error, $config);
if (!$noerror) { // something goes wrong
// BUGBUG: that is not the best error handling possible but is will do the work
// iterate through all errorcodes and show the first error found, rest of data will be lost
// ==> delete all files that were uploaded ok
while (list($key, $value) = each( $uploadfile_temppathname )) {
if (file_exists($value))
unlink($value);
}
while (list($key, $value) = each( $uploadfile_error )) {
if ($value==-1) { // upload failed
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 18, $config);
return;
}
if ($value==-2) { // file size exceeded
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 19, $config);
return;
}
if ($value==-3) { // file type not allowed
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 20, $config);
return;
}
}
$uploadfile_temppathname = array(); // should never been reached when an error occurs but neverthless destroy old arrays
$uploadfile_original = array();
$uploadfile_id = array();
$uploadfile_size = array();
$uploadfile_error = array();
}
}
// The uploaded file is stored in "$uploadfile_tempname" (with path) ad the original name in "$uploadfile_original" (without path) and an Id for the file.
// When we reach this line we can store these fileames in the DB.
if(!$to_id) { // this should never be reached
$mosmsg = _UDDEIM_NOID;
uddeJSEFredirect("index.php?option=com_uddeim&task=new&Itemid=".$item_id, $mosmsg);
}
// CAPTCHA (first check for all other errors and then the CAPTCHA)
if (!uddeIMcheckCAPTCHA($my_gid, $config)) {
$to_name = $to_name_bak;
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 7, $config);
return;
}
if (!uddeIMcheckCSRF($config)) {
$to_name = $to_name_bak;
uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 15, $config);
return;
}
foreach ($anames as $value) {
$to_name = trim($value);
if ($to_name) {
$to_id = uddeIMgetIDfromName($to_name, $config, true); // add "AND block=0"
// BUGBUG: maybe it is a good idea to do the query vice versa (so I could add a query for "realname"s here)
if (!$to_id) { // no user with this name found, so try again with username (maybe we do the query twice (see query above, but who cares)
if ($config->realnames) {
$to_id = uddeIMgetIDfromUsername($to_name, true); // add "AND block=0"
}
}
}
if (!$to_id) { // that should never happen, but you never know...
$mosmsg=_UDDEIM_NOID;
uddeJSEFredirect("index.php?option=com_uddeim&task=new&Itemid=".$item_id, $mosmsg);
}
// now check blocking
$isblocked = uddeIMcheckBlockerBlocked($to_id, $myself);
if ($isblocked && $config->blocksystem) { // must not send message to to_id
continue;
}
$savedatum = uddetime($config->timezone);
$savetoid = $to_id;
$savefromid = $myself;
// CRYPT
if ($config->cryptmode>=1) { // because of encoding do not use slashes
$savemessage=strip_tags($pmessage);
} else {
$savemessage=addslashes(strip_tags($pmessage)); // original 0.6+
}
$savemessage = uddeIMRemoveXSS($savemessage);
if (!$config->allowbb)
$savemessage=uddeIMbbcode_strip($savemessage);
// set message max length
if ($config->maxlength>0) // because if 0 do not use any maxlength
$savemessage=uddeIM_utf8_substr($config->languagecharset, $savemessage, 0, $config->maxlength);
// add CC: information
if ($config->allowmultipleuser && $addccinfo && count($anames)>1) {
$ccinfo = implode(", ", $anames);
if ($config->allowbb)
$ccheader = "\n\n[i]"._UDDEIM_CC." ".(($config->cryptmode>=1) ? $ccinfo : addslashes($ccinfo))."[/i]";
else
$ccheader = "\n\n"._UDDEIM_CC." ".(($config->cryptmode>=1) ? $ccinfo : addslashes($ccinfo))."";
$savemessage .= $ccheader;
}
// ##################################################################################################
// SAVE MESSAGE
// ##################################################################################################
uddeIMemit("onSaveMessage", Array( "fromid" => $savefromid, "toid" => $savetoid, "replyid" => $messageid ) );
$insID = uddeIMsaveRAWmessage($savefromid, $savetoid, $messageid, $savemessage, $savedatum, $config, $config->cryptmode, $cryptpass);
// update lastsent field (record already exists since we check this at the very beginning of this component)
uddeIMupdateEMNlastsent($myself, uddetime($config->timezone));
// When the account is moderated, delay the message
$ismoderated = uddeIMgetEMNmoderated($myself);
if ($ismoderated) { // && uddeIMisReggedOnly($my_gid)) {
uddeIMupdateDelayed($myself, $insID, 1);
}
// Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver.
// Note: Not necessary for "copy to myself" sind the record for the current user has been set at the very beginning...
if ($config->modnewusers>0 || $config->notifydefault>0 || $config->popupdefault>0 || $config->pubfrontenddefault>0 || $config->autoresponder>0 || $config->autoforward>0) {
if (!uddeIMexistsEMN($savetoid))
uddeIMinsertEMNdefaults($savetoid, $config);
}
// get the group ID of the recipient
$rec_gid = uddeIMgetGID((int)$savetoid);
// UDDEIMFILE
// Now save the uploads
if (count($uploadfile_temppathname)>=1) {
$num = count($uploadfile_temppathname);
uddeIMemit("onSaveMessageAttachment", Array( "num" => $num, "fromid" => $savefromid, "toid" => $savetoid, "replyid" => $messageid ) );
}
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
uddeIMsaveAttachments($insID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);
// ##################################################################################################
// autoforward code
// ##################################################################################################
if ($config->autoforward==1 ||
($config->autoforward==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ||
($config->autoforward==3 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) ) {
$ison = uddeIMgetEMNautoforward($savetoid); // recipient has autoforward enabled
if ($ison==1) {
$autoforwardid = uddeIMgetEMNautoforwardid($savetoid); // new recipient
if (uddeIMgetUserExists($autoforwardid)) {
if (!uddeIMgetUserBlock($autoforwardid)) {
$temp = uddeIMgetNameFromID($savetoid, $config);
$temp = (($config->cryptmode>=1) ? $temp : addslashes($temp));
if ($config->allowbb)
$forwardheader="\n\n[i]("._UDDEIM_THISISAFORWARD.$temp.")[/i]";
else
$forwardheader="\n\n("._UDDEIM_THISISAFORWARD.$temp.")";
$savemessagecopy = $savemessage.$forwardheader;
$insIDforward = uddeIMsaveRAWmessage($savefromid, $autoforwardid, 0, $savemessagecopy, $savedatum, $config, $config->cryptmode, $cryptpass);
// When the account is moderated, delay also the forwarded message
if (uddeIMgetEMNmoderated($myself) ) { // && uddeIMisReggedOnly($my_gid)) {
uddeIMupdateDelayed($myself, $insIDforward, 1);
}
// UDDEIMFILE
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
uddeIMsaveAttachments($insIDforward, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);
}
}
}
}
// ##################################################################################################
// copy to myself?
// ##################################################################################################
if($copytome && $config->allowcopytome) {
$to_name = uddeIMgetNameFromID($savetoid, $config);
// set reply id if necessary (also copy2me messages might be replies)
$replyid = $messageid;
$temp = (($config->cryptmode>=1) ? $to_name : addslashes($to_name));
if ($config->allowbb)
$copyheader="\n\n[i]("._UDDEIM_THISISACOPY.$temp.")[/i]";
else
$copyheader="\n\n("._UDDEIM_THISISACOPY.$temp.")";
$savemessagecopy = $savemessage.$copyheader;
$copyname = _UDDEIM_TO_SMALL." ".$temp; // "to username" in systemmsg
// if($config->allowarchive) { $archiveflag=1; }
// it is a copy to myself, so assume that the message has already been trashed in the senders outbox (remember: system messages are not shown in the outbox)
// so set totrashoutbox=1, totrashdateoutbox=uddetime($config->timezone)
// CRYPT
$themode=0;
if ($config->cryptmode==1) {
$cm = uddeIMencrypt($savemessagecopy,$config->cryptkey,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm."', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",1,'".md5($config->cryptkey)."')";
} elseif ($config->cryptmode==2) {
$themode=2;
$thepass=$cryptpass;
if (!$thepass) { // no password entered, then fallback to obfuscating
$themode=1;
$thepass=$config->cryptkey;
}
$cm = uddeIMencrypt($savemessagecopy,$thepass,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm. "', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",".$themode.",'".md5($thepass)."')";
} elseif ($config->cryptmode==3) {
$cm = uddeIMencrypt($savemessagecopy,"",CRYPT_MODE_STOREBASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm."', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",3)";
} elseif ($config->cryptmode==4) {
$themode=4;
$thepass=$cryptpass;
$cipher = CRYPT_MODE_3DESBASE64;
if (!$thepass) { // no password entered, then fallback to obfuscating
$themode=1;
$thepass=$config->cryptkey;
$cipher = CRYPT_MODE_BASE64;
}
$cm = uddeIMencrypt($savemessagecopy,$thepass,$cipher);
$sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm. "', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",".$themode.",'".md5($thepass)."')";
} else {
$sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$savemessagecopy."', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.")";
}
$database->setQuery($sql);
if (!$database->query()) {
die("SQL error when attempting to save a message" . $database->stderr(true));
}
// UDDEIMFILE
$insCopyID = $database->insertid();
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
uddeIMsaveAttachments($insCopyID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);
}
// ##################################################################################################
// autoresponder
// ##################################################################################################
if ($config->autoresponder==1 ||
($config->autoresponder==2 && (uddeIMisAdmin($rec_gid) || uddeIMisAdmin2($rec_gid, $config)))) {
$ison = uddeIMgetEMNautoresponder($savetoid);
if ($ison==1) {
// NOTE: An autoresponder message is created and the outbox message is marked deleted.
// This is not a bug since in my opinion it does not make sense to store autoresponder messages AND the received message.
$autorespondertext = uddeIMgetEMNautorespondertext($savetoid);
$savemessage2=addslashes(strip_tags($autorespondertext));
// $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $savemessage ."', ".$savedatum.", 1,".$savedatum.")";
$themode=0;
if ($config->cryptmode==1) {
$themode=1;
$thepass=$config->cryptkey;
$cm = uddeIMencrypt($savemessage2,$config->cryptkey,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.",".$themode.",'".md5($thepass)."')";
} elseif ($config->cryptmode==2) {
// no password entered, then fallback to obfuscating
$themode=1;
$thepass=$config->cryptkey;
$cm = uddeIMencrypt($savemessage2,$thepass,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.",".$themode.",'".md5($thepass)."')";
} elseif ($config->cryptmode==3) {
$cm = uddeIMencrypt($savemessage2,"",CRYPT_MODE_STOREBASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.", 3)";
} elseif ($config->cryptmode==4) {
// no password entered, then fallback to obfuscating
$themode=1;
$thepass=$config->cryptkey;
$cm = uddeIMencrypt($savemessage2,$thepass,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.",".$themode.",'".md5($thepass)."')";
} else {
$cm = $savemessage2;
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.")";
}
$database->setQuery($sql);
if (!$database->query()) {
die("SQL error when attempting to save a message" . $database->stderr(true));
}
}
}
// ##################################################################################################
// email notification
// ##################################################################################################
// is this a reply?
$itisareply = stristr($savemessage, $config->quotedivider);
// is the receiver currently online?
$currentlyonline = uddeIMisOnline($savetoid);
if ($config->cryptmode>=1) {
$email=stripslashes($savemessage);
} else {
$email=stripslashes(stripslashes($savemessage)); // without encoding remove the safety slashes
}
if ($config->emailwithmessage==2 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config) ||
$config->emailwithmessage==1 ||
$config->emailwithmessage==0)
$forceembedded = 0;
$type = 0; // 0=normal message, 1=forgetmenot, 2=admin forces text
if ($forceembedded)
$type = 2; // admin forces
// BUGBUG: it would be better to have the correct cryptmode here (it might be 1 when no password has been entered, otherwise 2
if($config->allowemailnotify==1 && !$ismoderated) {
$ison = uddeIMgetEMNstatus($savetoid);
if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10 && !$itisareply) || ($ison==20 && !$currentlyonline && !$itisareply)) {
uddeIMdispatchEMN($insID, $item_id, $config->cryptmode, $savefromid, $savetoid, $email, $type, $config);
// 0 stands for normal (not forgetmenot)
}
} elseif($config->allowemailnotify==2 && !$ismoderated) {
if (uddeIMisAdmin($rec_gid) || uddeIMisAdmin2($rec_gid, $config)) {
$ison = uddeIMgetEMNstatus($savetoid);
if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10 && !$itisareply) || ($ison==20 && !$currentlyonline && !$itisareply)) {
uddeIMdispatchEMN($insID, $item_id, $config->cryptmode, $savefromid, $savetoid, $email, $type, $config);
// 0 stands for normal (not forgetmenot)
}
}
}
if ($tobedeletedsent) {
$deletetime=uddetime($config->timezone);
uddeIMdeleteMessageFromOutbox($myself, $insID, $deletetime);
}
}
// delete original message?
if ($tobedeleted) {
$deletetime=uddetime($config->timezone);
uddeIMdeleteMessageFromInbox($myself, $messageid, $deletetime);
}
if($messageid) {
$mosmsg=_UDDEIM_MESSAGE_REPLIEDTO;
} else {
$mosmsg=_UDDEIM_MESSAGE_SENT;
}
if ($tobedeleted) {
$mosmsg.=_UDDEIM_MOVEDTOTRASH;
}
if($backto) {
uddeIMmosRedirect($backto, $mosmsg);
}
uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
}
