Beispiel #1
0
                 if ($config['language_dir_default'] != $config['language_dir']) {
                     $activation_url .= "&l=" . $config['language_dir'];
                 }
                 $user_details_url = "";
                 $email_to = $user_email;
                 $email_subject = $lang['update_email_emailsubject'];
                 $email_template = "newemail_activation";
                 $new_email_msg = $lang['update_email_instruction'];
                 break;
             case 0:
             default:
                 break;
         }
         if (!empty($email_to)) {
             $site_email->set_to($email_to);
             $site_email->set_subject($email_subject);
             $site_email->register_vars(array("user_details_url" => $user_details_url, "activation_url" => $activation_url, "user_name" => $user_info['user_name'], "site_name" => $config['site_name']));
             $site_email->set_body($email_template, $config['language_dir']);
             $site_email->send_email();
         }
     } else {
         $msg = $lang['general_error'];
         $error = 1;
     }
 }
 if (!$error) {
     $additional_sql = "";
     if (!empty($additional_user_fields)) {
         $table_fields = $site_db->get_table_fields(USERS_TABLE);
         foreach ($additional_user_fields as $key => $val) {
             if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
/** actually send the visitor's message to the selected destination
 *
 * In order to get a feeling for the time a visitor needs, we also
 * record the delay (in seconds) next to the visitor's IP address.
 *
 * @param array mailpage configuration data in a (nested) array
 * @param array $dialogdef array that defines the data fields including values
 * @param string $ip_addr the originating IP-address
 * @param int $delay the # of seconds since time=t0
 * @return bool FALSE on error, TRUE on success + message sent
 * @todo extra validation of set_mailreplyto and set_subject?
 * @todo more available parameters in subject_line?
 * @todo make body of mail configuratble?
 */
function mailpage_send_message($config, $dialogdef, $ip_addr, $delay)
{
    global $CFG;
    $mailfrom = sprintf('(%s) %s', trim($dialogdef['fullname']['value']), trim($dialogdef['email']['value']));
    $index = isset($dialogdef['destination']) ? $dialogdef['destination']['value'] : 0;
    $sendto = trim($config['addresses'][$index]['name']);
    $subject = trim($dialogdef['subject']['value']);
    $message = trim($dialogdef['message']['value']);
    $remote_addr = $ip_addr;
    $body = sprintf("%s: %s\n", t('from', 'm_mailpage'), $mailfrom) . sprintf("%s: %s\n", t('to', 'm_mailpage'), $sendto) . sprintf("%s: %s\n", t('subject', 'm_mailpage'), $subject) . sprintf("%s: %s\n", t('date', 'm_mailpage'), date('r')) . sprintf("%s: %s (%d)\n", t('ip_addr', 'm_mailpage'), $remote_addr, $delay) . sprintf("%s:\n%s\n", t('message', 'm_mailpage'), $message);
    $email = $config['addresses'][$index]['email'];
    $name = $config['addresses'][$index]['name'];
    $params = array('{NODE}' => strval($config['node_id']), '{SUBJECT}' => $subject, '{IP_ADDR}' => $remote_addr);
    $subject_line = t('subject_line', 'm_mailpage', $params);
    include_once $CFG->progdir . '/lib/email.class.php';
    $mailer = new Email();
    $mailer->set_mailto($email, $name);
    $mailer->set_mailreplyto(trim($dialogdef['email']['value']), trim($dialogdef['fullname']['value']));
    $mailer->set_subject($subject_line);
    $mailer->set_message($body);
    return $mailer->send();
}
Beispiel #3
0
            exit;
        }
        $activationkey = trim($HTTP_GET_VARS['activationkey']);
        $sql = "SELECT " . get_user_table_field("", "user_name") . get_user_table_field(", ", "user_email") . get_user_table_field(", ", "user_activationkey") . "\n            FROM " . USERS_TABLE . "\n            WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'";
        $row = $site_db->query_firstrow($sql);
        if (!$row) {
            $msg = $lang['invalid_activationkey'];
        } else {
            $sql = "UPDATE " . USERS_TABLE . "\n              SET " . get_user_table_field("", "user_level") . " = " . USER . "\n              WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'";
            $site_db->query($sql);
            $msg = $lang['activation_success'];
            if ($config['account_activation'] == 2) {
                include ROOT_PATH . 'includes/email.php';
                $site_email = new Email();
                $site_email->set_to($row[$user_table_fields['user_email']]);
                $site_email->set_subject($lang['activation_success_emailsubject']);
                $site_email->register_vars(array("user_name" => $row[$user_table_fields['user_name']], "site_name" => $config['site_name']));
                $site_email->set_body("activation_success", $config['language_dir']);
                $site_email->send_email();
            }
        }
    }
}
//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"" . $site_sess->url(ROOT_PATH . "index.php") . "\" class=\"clickstream\">" . $lang['home'] . "</a>" . $config['category_separator'] . $lang['register'] . "</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array("content" => $content, "msg" => $msg, "clickstream" => $clickstream, "lang_register" => $lang['register']));
 /** scan a file for viruses
  *
  * this scans $path for viruses, returns 0 if file considerd clean, 1 for infected file,
  * or 2 if something else went wrong.
  *
  * If the flag $CFG->clamscan_mandatory is set, we consider the file infected if we are
  * not able to run the virus scanner (better safe than sorry). However, if no virusscanner
  * is configured at all ($CFG->clamscan_path is empty), we indicate a 'clean' file even
  * though we did not scan it. Rationale: it doesn't make sense to make scanning mandatory
  * and at the same time NOT configuring a scanner at all.
  *
  * If scanning succeeds and a virus is found we send an alert to the website owner address
  * (or the reply-to-address) immediately. Furthermore everything is logged.
  *
  * @param string $path the path of the file to scan
  * @param string $name the name of the file as provided by the uploader (from $_FILES)
  * @return int return 0 if clean, 1 if infected, 2 if other error
  * @uses $CFG
  * @uses $USER
  * @todo This routine is quite *nix-centric. I'm not sure how this would work other server platforms.
  *       Should we do something about that?
  * @todo maybe use MIME for sending alert if not 7bit message?
  */
 function virusscan($path, $name = '')
 {
     global $CFG, $USER;
     $clamscan = $CFG->clamscan_path;
     $mandatory = $CFG->clamscan_mandatory;
     if (empty($clamscan) && !$mandatory) {
         logger(sprintf('%s.%s(): file %s (%s) unconditionally accepted because virusscanner is unconfigured', __CLASS__, __FUNCTION__, $path, $name), WLOG_DEBUG);
         return 0;
     }
     // Make sure that the virusscanner can actually read this file
     if (!@chmod($path, 0644)) {
         logger(sprintf('%s.%s(): chmod() %s (%s) to 0644 failed', __CLASS__, __FUNCTION__, $path, $name), WLOG_DEBUG);
     }
     // Construct the command to execute including redirecting stderr to stdout (a quirk in libclamav), see @todo 1
     $command = sprintf('%s %s 2>&1', $clamscan, escapeshellarg($path));
     $exit_code = 0;
     $lines = array();
     $dummy = @exec($command, $lines, $exit_code);
     if ($exit_code == 0) {
         // Pfew! File appears to be clean
         logger(sprintf('%s.%s(): %s (%s) considered clean', __CLASS__, __FUNCTION__, $path, $name), WLOG_DEBUG);
         return 0;
     }
     // Still here? Must have been something wrong.
     $forbidden = array(chr(10), chr(13), '\'');
     $sitename = str_replace($forbidden, '', $CFG->title);
     $params = array('{OUTPUT}' => implode("\n", $lines), '{PATH}' => $path, '{FILENAME}' => $name, '{USERNAME}' => $USER->username, '{FULL_NAME}' => $USER->full_name, '{SITENAME}' => $sitename);
     if ($exit_code == 1) {
         // Darn. We have a virus
         $retval = 1;
         logger(sprintf('%s.%s(): %s (%s) infected: %s', __CLASS__, __FUNCTION__, $path, $name, $params['{OUTPUT}']), WLOG_WARNING);
         $subject = t('filemanager_virus_mailsubject1', 'admin', $params);
         $message = t('filemanager_virus_mailmessage1', 'admin', $params);
     } elseif ($mandatory) {
         // we were not able to scan it and scanning is mandatory: consider the file infected
         $retval = 2;
         logger(sprintf('%s.%s(): virusscan of %s (%s) failed and scanning is mandatory: %s', __CLASS__, __FUNCTION__, $path, $name, $params['{OUTPUT}']), WLOG_WARNING);
         $subject = t('filemanager_virus_mailsubject2', 'admin', $params);
         $message = t('filemanager_virus_mailmessage2', 'admin', $params);
     } else {
         logger(sprintf('%s.%s(): accepted file %s (%s) even though the (optional) virusscanning failed: %s', __CLASS__, __FUNCTION__, $path, $name, $params['{OUTPUT}']));
         return 0;
         // if not mandatory, pretend the file is clean even if clamscan totally failed
     }
     // Still here? Then we have an alert to send. Here we go.
     /** make sure utility routines for creating/sending email messages are available */
     require_once $CFG->progdir . '/lib/email.class.php';
     $email = new Email();
     $mailto = empty($CFG->website_replyto_address) ? $CFG->website_from_address : $CFG->website_replyto_address;
     $email->set_mailto($mailto, $CFG->title);
     $email->set_subject($subject);
     $email->set_message($message);
     // inferred from RFC2156 that these are the right words to use...
     $email->set_header('Priority', 'urgent');
     // RFC2156: "normal" | "non-urgent" | "urgent"
     $email->set_header('Importance', 'high');
     // RFC2156: "low" | "normal" | "high"
     $email->set_header('X-Priority', '1 (Highest)');
     // "1 (Highest)" | "3 (Normal)" | "5 (Lowest)"
     if ($email->send()) {
         // success, mail was accepted for delivery
         logger(sprintf('%s.%s(): success sending \'%s\' to %s', __CLASS__, __FUNCTION__, $subject, $mailto), WLOG_DEBUG);
     } else {
         logger(sprintf('%s.%s(): failure sending \'%s\' to %s', __CLASS__, __FUNCTION__, $subject, $mailto));
     }
     return $retval;
 }
    $postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id");
    $current_time = time();
    if ($captcha_enable_postcards && !captcha_validate($captcha)) {
        $msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
        $action = "previewcard";
        $main_template = "postcard_preview";
    } else {
        $sql = "INSERT INTO " . POSTCARDS_TABLE . "\n            (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)\n            VALUES\n            ('{$postcard_id}', {$image_id}, {$current_time}, '{$bg_color}', '{$border_color}', '{$font_color}', '{$font_face}', '{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$headline}', '{$message}')";
        $result = $site_db->query($sql);
        if ($result) {
            $postcard_url = $script_url . "/postcards.php?" . URL_POSTCARD_ID . "=" . $postcard_id;
            include ROOT_PATH . 'includes/email.php';
            $site_email = new Email();
            $site_email->set_to(stripslashes($recipient_email));
            $site_email->set_from(stripslashes($sender_email), stripslashes($sender_name));
            $site_email->set_subject($lang['send_postcard_emailsubject']);
            $site_email->register_vars(array("sender_name" => stripslashes($sender_name), "sender_email" => stripslashes($sender_email), "recipient_name" => stripslashes($recipient_name), "postcard_url" => stripslashes($postcard_url), "postcard_send_date" => format_date($config['date_format'] . " " . $config['time_format'], $current_time), "site_name" => $config['site_name']));
            $site_email->set_body("postcard_message", $config['language_dir']);
            $site_email->send_email();
            $msg .= $lang['send_postcard_success'];
            $msg .= "<br /><a href=\"" . $back_url . "\">" . $lang['back_to_gallery'] . "</a>";
            $action = "showcard";
        } else {
            $msg = $lang['general_error'];
            $action = "previewcard";
            $main_template = "postcard_preview";
        }
    }
}
if ($action == "showcard") {
    $expiry = time() - 60 * 60 * 24 * POSTCARD_EXPIRY;
/** send email to user confirming password change
 *
 * This sends an email to the user's email addres confirming
 * that the user's password was changed. Note that the new
 * password is _NOT_ sent to the user.
 *
 * @param array $user an associative array with the user record
 * @return bool FALSE on failure, TRUE otherwise
 * @uses $CFG
 */
function login_send_confirmation($user)
{
    global $CFG;
    $datim = strftime("%Y-%m-%d %T");
    $user_id = intval($user['user_id']);
    $mailto = $user['email'];
    $full_name = replace_crlf($user['full_name'], ' ');
    $subject = replace_crlf(t('change_password_confirmation_subject', 'loginlib'), ' ');
    $message = t('change_password_confirmation_message', 'loginlib', array('{DATETIME}' => $datim, '{REMOTE_ADDR}' => $_SERVER['REMOTE_ADDR']));
    /** make sure utility routines for creating/sending email messages are available */
    require_once $CFG->progdir . '/lib/email.class.php';
    $email = new Email();
    $email->set_mailto($mailto, $full_name);
    $email->set_subject($subject);
    $email->set_message($message);
    $retval = $email->send();
    return $retval;
}
/** send pending messages/alerts
 *
 * this goes through all the alert accounts to see if any messages need
 * to be sent out by email. The strategy is as follows.
 * First we collect a maximum of $max_messages alerts in in core 
 * (1 trip to the database) Then we iterate through that collection
 * and for every alert we
 *  1. construct and send an email message
 *  2. update the record (reset the message buffer 
 *     and message count) (+1 trip to the database)
 *
 * Locking and unlocking would be even more expensive, especially when
 * chances of race conditions are not so big. (An earlier version of
 * this routine went to the database once for the list of all pending
 * alerts and subsequently twice for each alert but eventually I
 * considered that too expensive too).
 *
 * Assuming that an UPDATE is more or less atomic, we hopefully
 * can get away with an UPDATE with a where clause looking explicitly
 * for the previous value of the message count. If a message was added
 * after retrieving the alerts but before updating, the message count
 * would be incremented (by the other process) which would prevent us from
 * updating. The alert would be left unchanged but including
 * the added message. Worst case: the receiver gets the same list of
 * alerts again and again. I consider that a fair trade off, given the
 * low probability of it happening. (Mmmm, famous last words...)
 *
 * Bottom line, we don't do locking in this routine.
 *
 * Note that we add a small reminder to the message buffer about
 * us processing the alert and sending a message. However, we don't
 * set the number of messages to 1 because otherwise that would be
 * the signal to sent this message the next time. We don't want
 * sent a message every $cron_interval minutes basically saying 
 * that we didn't do anything since the previous run. (Or is this
 * a feature after all?)
 *
 * Failures are logged, success are logged as WLOG_DEBUG.
 *
 * @param int $max_messages do not send more than this number of messages
 * @return int the number of messages that were processed
 */
function cron_send_queued_alerts($max_messages = 10)
{
    global $CFG;
    //
    // 1 -- any work to do at all?
    //
    $now = strftime('%Y-%m-%d %T');
    $table = 'alerts';
    $fields = '*';
    $where = '(messages > 0) AND (is_active = ' . SQL_TRUE . ') AND (cron_next <= ' . db_escape_and_quote($now) . ')';
    $order = 'cron_next';
    $keyfield = 'alert_id';
    $limit = max(1, intval($max_messages));
    // at least go for 1 alert
    if (($alerts = db_select_all_records($table, $fields, $where, $order, $keyfield, $limit)) === FALSE) {
        // ignore error
        logger(sprintf('%s(): error retrieving alerts: %s', __FUNCTION__, db_errormessage()));
        return 0;
    } elseif (sizeof($alerts) < 1) {
        // nothing to do
        logger(sprintf('%s(): nothing to do', __FUNCTION__), WLOG_DEBUG);
        return 0;
    }
    //
    // 2 -- yes, work to do: iterate through until at most $max_messages are sent
    //
    $alert_messages_sent = 0;
    /** make sure utility routines for creating/sending email messages are available */
    require_once $CFG->progdir . '/lib/email.class.php';
    $email = new Email();
    foreach ($alerts as $alert_id => $alert) {
        $messages = intval($alert['messages']);
        $mailto = $alert['email'];
        $full_name = $alert['full_name'];
        $email->set_mailto($mailto, $full_name);
        $email->set_subject(t('alerts_mail_subject', '', array('{ALERTS}' => $messages, '{SITENAME}' => $CFG->title)));
        $email->set_message(wordwrap($alert['message_buffer'], 70));
        if ($email->send()) {
            // alert was accepted, reset our message buffer, counter
            $cron_next = strftime('%Y-%m-%d %T', time() + 60 * intval($alert['cron_interval']));
            $continuation_line = $now . "\n" . t('alerts_processed', '', array('{ALERTS}' => $messages)) . "\n";
            $fields = array('cron_next' => $cron_next, 'messages' => 0, 'message_buffer' => $continuation_line);
            $where = array('alert_id' => $alert_id, 'messages' => $messages);
            // don't update if another message was added while we were working
            if (($retval = db_update('alerts', $fields, $where)) !== FALSE) {
                logger(sprintf('%s(): %d message(s) for %s (%s) (id=%d) sent; %d record(s) updated', __FUNCTION__, $messages, $mailto, $full_name, $alert_id, $retval), WLOG_DEBUG);
                ++$alert_messages_sent;
                if ($max_messages <= $alert_messages_sent) {
                    break;
                }
            } else {
                logger(sprintf('%s(): error with alert for %s (%s) (id=%d): ' . 'mail was sent, but record not reset. ' . 'Was another process updating this record while we were not looking?', __FUNCTION__, $mailto, $full_name, $alert_id));
            }
        } else {
            logger(sprintf('%s(): error: %d message(s) for %s (%s) (id=%d) NOT sent', __FUNCTION__, $messages, $mailto, $full_name, $alert_id));
        }
    }
    logger(sprintf('%s(): success processing %d alert(s)', __FUNCTION__, $alert_messages_sent));
    return $alert_messages_sent;
}
 /** send new or changed translations back to the project
  *
  * This sends an e-mail back to the project with the translation.
  * We do so in the form of an attachment, but with a 'safe' extension
  * (.bin rather than .php). This means that we will be able to traverse
  * any firewalls and spamfilters and malware detectors.
  *
  * The _notes are used as the body of the message, the file is attached.
  *
  * Note that we send a copy of the message to the site itself (either
  * the from-addres or the reply-to-address).
  *
  * @param string $language_key identifies the language to submit
  * @param string $full_domain indicates which language domain needs to be submitted
  * @param array &$diff contains all key-value-pairs for the modified translation
  * @return bool TRUE on success, FALSE on failure
  */
 function submit_diff_to_project($language_key, $full_domain, &$diff)
 {
     global $CFG;
     /** make sure utility routines for creating/sending email messages are available */
     require_once $CFG->progdir . '/lib/email.class.php';
     $language_name = $this->languages[$language_key]['language_name'];
     $email = new Email();
     $mailto = '*****@*****.**';
     $email->set_mailto($mailto, 'Website@School Translations');
     $subject = sprintf('Website@School Translation: %s (%s) - %s', $language_name, $language_key, $full_domain);
     $email->set_subject($subject);
     $name = trim($diff['_full_name']);
     // maybe add name of translator to human readable From: and Cc: header
     $name = empty($name) ? $CFG->title : $CFG->title . ' - ' . $name;
     $email->set_mailfrom($CFG->website_from_address, $name);
     $addrcc = empty($CFG->website_replyto_address) ? $CFG->website_from_address : $CFG->website_replyto_address;
     $email->add_mailcc($addrcc, $name);
     $message = sprintf("Language name:   %s\n" . "Language key:    %s\n" . "Language domain: %s\n\n", $language_name, $language_key, $full_domain) . wordwrap(str_replace(array("\r\n", "\r", "\n"), "\n", trim($diff['_notes'])), 70, "\n", TRUE);
     $email->set_message($message);
     $attachment = '';
     $this->diff_to_text($language_key, $full_domain, $diff, $attachment);
     $attachment_name = sprintf('%s-%s.bin', $language_key, $full_domain);
     $email->add_attachment($attachment, $attachment_name);
     if ($retval = $email->send()) {
         // success, mail was accepted for delivery
         logger(sprintf('%s.%s(): success sending \'%s\' to <%s>', __CLASS__, __FUNCTION__, $subject, $mailto), WLOG_DEBUG);
     } else {
         logger(sprintf('%s.%s(): failure sending \'%s\' to <%s>', __CLASS__, __FUNCTION__, $subject, $mailto));
     }
     return $retval;
 }