if ($config['language_dir_default'] != $config['language_dir']) {
$activation_url .= "&l=" . $config['language_dir'];
}
$user_details_url = "";
$email_to = $user_email;
$email_subject = $lang['update_email_emailsubject'];
$email_template = "newemail_activation";
$new_email_msg = $lang['update_email_instruction'];
break;
case 0:
default:
break;
}
if (!empty($email_to)) {
$site_email->set_to($email_to);
$site_email->set_subject($email_subject);
$site_email->register_vars(array("user_details_url" => $user_details_url, "activation_url" => $activation_url, "user_name" => $user_info['user_name'], "site_name" => $config['site_name']));
$site_email->set_body($email_template, $config['language_dir']);
$site_email->send_email();
}
} else {
$msg = $lang['general_error'];
$error = 1;
}
}
if (!$error) {
$additional_sql = "";
if (!empty($additional_user_fields)) {
$table_fields = $site_db->get_table_fields(USERS_TABLE);
foreach ($additional_user_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
/** actually send the visitor's message to the selected destination
*
* In order to get a feeling for the time a visitor needs, we also
* record the delay (in seconds) next to the visitor's IP address.
*
* @param array mailpage configuration data in a (nested) array
* @param array $dialogdef array that defines the data fields including values
* @param string $ip_addr the originating IP-address
* @param int $delay the # of seconds since time=t0
* @return bool FALSE on error, TRUE on success + message sent
* @todo extra validation of set_mailreplyto and set_subject?
* @todo more available parameters in subject_line?
* @todo make body of mail configuratble?
*/
function mailpage_send_message($config, $dialogdef, $ip_addr, $delay)
{
global $CFG;
$mailfrom = sprintf('(%s) %s', trim($dialogdef['fullname']['value']), trim($dialogdef['email']['value']));
$index = isset($dialogdef['destination']) ? $dialogdef['destination']['value'] : 0;
$sendto = trim($config['addresses'][$index]['name']);
$subject = trim($dialogdef['subject']['value']);
$message = trim($dialogdef['message']['value']);
$remote_addr = $ip_addr;
$body = sprintf("%s: %s\n", t('from', 'm_mailpage'), $mailfrom) . sprintf("%s: %s\n", t('to', 'm_mailpage'), $sendto) . sprintf("%s: %s\n", t('subject', 'm_mailpage'), $subject) . sprintf("%s: %s\n", t('date', 'm_mailpage'), date('r')) . sprintf("%s: %s (%d)\n", t('ip_addr', 'm_mailpage'), $remote_addr, $delay) . sprintf("%s:\n%s\n", t('message', 'm_mailpage'), $message);
$email = $config['addresses'][$index]['email'];
$name = $config['addresses'][$index]['name'];
$params = array('{NODE}' => strval($config['node_id']), '{SUBJECT}' => $subject, '{IP_ADDR}' => $remote_addr);
$subject_line = t('subject_line', 'm_mailpage', $params);
include_once $CFG->progdir . '/lib/email.class.php';
$mailer = new Email();
$mailer->set_mailto($email, $name);
$mailer->set_mailreplyto(trim($dialogdef['email']['value']), trim($dialogdef['fullname']['value']));
$mailer->set_subject($subject_line);
$mailer->set_message($body);
return $mailer->send();
}
exit;
}
$activationkey = trim($HTTP_GET_VARS['activationkey']);
$sql = "SELECT " . get_user_table_field("", "user_name") . get_user_table_field(", ", "user_email") . get_user_table_field(", ", "user_activationkey") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'";
$row = $site_db->query_firstrow($sql);
if (!$row) {
$msg = $lang['invalid_activationkey'];
} else {
$sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_level") . " = " . USER . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'";
$site_db->query($sql);
$msg = $lang['activation_success'];
if ($config['account_activation'] == 2) {
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to($row[$user_table_fields['user_email']]);
$site_email->set_subject($lang['activation_success_emailsubject']);
$site_email->register_vars(array("user_name" => $row[$user_table_fields['user_name']], "site_name" => $config['site_name']));
$site_email->set_body("activation_success", $config['language_dir']);
$site_email->send_email();
}
}
}
}
//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"" . $site_sess->url(ROOT_PATH . "index.php") . "\" class=\"clickstream\">" . $lang['home'] . "</a>" . $config['category_separator'] . $lang['register'] . "</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array("content" => $content, "msg" => $msg, "clickstream" => $clickstream, "lang_register" => $lang['register']));
/** scan a file for viruses
*
* this scans $path for viruses, returns 0 if file considerd clean, 1 for infected file,
* or 2 if something else went wrong.
*
* If the flag $CFG->clamscan_mandatory is set, we consider the file infected if we are
* not able to run the virus scanner (better safe than sorry). However, if no virusscanner
* is configured at all ($CFG->clamscan_path is empty), we indicate a 'clean' file even
* though we did not scan it. Rationale: it doesn't make sense to make scanning mandatory
* and at the same time NOT configuring a scanner at all.
*
* If scanning succeeds and a virus is found we send an alert to the website owner address
* (or the reply-to-address) immediately. Furthermore everything is logged.
*
* @param string $path the path of the file to scan
* @param string $name the name of the file as provided by the uploader (from $_FILES)
* @return int return 0 if clean, 1 if infected, 2 if other error
* @uses $CFG
* @uses $USER
* @todo This routine is quite *nix-centric. I'm not sure how this would work other server platforms.
* Should we do something about that?
* @todo maybe use MIME for sending alert if not 7bit message?
*/
function virusscan($path, $name = '')
{
global $CFG, $USER;
$clamscan = $CFG->clamscan_path;
$mandatory = $CFG->clamscan_mandatory;
if (empty($clamscan) && !$mandatory) {
logger(sprintf('%s.%s(): file %s (%s) unconditionally accepted because virusscanner is unconfigured', __CLASS__, __FUNCTION__, $path, $name), WLOG_DEBUG);
return 0;
}
// Make sure that the virusscanner can actually read this file
if (!@chmod($path, 0644)) {
logger(sprintf('%s.%s(): chmod() %s (%s) to 0644 failed', __CLASS__, __FUNCTION__, $path, $name), WLOG_DEBUG);
}
// Construct the command to execute including redirecting stderr to stdout (a quirk in libclamav), see @todo 1
$command = sprintf('%s %s 2>&1', $clamscan, escapeshellarg($path));
$exit_code = 0;
$lines = array();
$dummy = @exec($command, $lines, $exit_code);
if ($exit_code == 0) {
// Pfew! File appears to be clean
logger(sprintf('%s.%s(): %s (%s) considered clean', __CLASS__, __FUNCTION__, $path, $name), WLOG_DEBUG);
return 0;
}
// Still here? Must have been something wrong.
$forbidden = array(chr(10), chr(13), '\'');
$sitename = str_replace($forbidden, '', $CFG->title);
$params = array('{OUTPUT}' => implode("\n", $lines), '{PATH}' => $path, '{FILENAME}' => $name, '{USERNAME}' => $USER->username, '{FULL_NAME}' => $USER->full_name, '{SITENAME}' => $sitename);
if ($exit_code == 1) {
// Darn. We have a virus
$retval = 1;
logger(sprintf('%s.%s(): %s (%s) infected: %s', __CLASS__, __FUNCTION__, $path, $name, $params['{OUTPUT}']), WLOG_WARNING);
$subject = t('filemanager_virus_mailsubject1', 'admin', $params);
$message = t('filemanager_virus_mailmessage1', 'admin', $params);
} elseif ($mandatory) {
// we were not able to scan it and scanning is mandatory: consider the file infected
$retval = 2;
logger(sprintf('%s.%s(): virusscan of %s (%s) failed and scanning is mandatory: %s', __CLASS__, __FUNCTION__, $path, $name, $params['{OUTPUT}']), WLOG_WARNING);
$subject = t('filemanager_virus_mailsubject2', 'admin', $params);
$message = t('filemanager_virus_mailmessage2', 'admin', $params);
} else {
logger(sprintf('%s.%s(): accepted file %s (%s) even though the (optional) virusscanning failed: %s', __CLASS__, __FUNCTION__, $path, $name, $params['{OUTPUT}']));
return 0;
// if not mandatory, pretend the file is clean even if clamscan totally failed
}
// Still here? Then we have an alert to send. Here we go.
/** make sure utility routines for creating/sending email messages are available */
require_once $CFG->progdir . '/lib/email.class.php';
$email = new Email();
$mailto = empty($CFG->website_replyto_address) ? $CFG->website_from_address : $CFG->website_replyto_address;
$email->set_mailto($mailto, $CFG->title);
$email->set_subject($subject);
$email->set_message($message);
// inferred from RFC2156 that these are the right words to use...
$email->set_header('Priority', 'urgent');
// RFC2156: "normal" | "non-urgent" | "urgent"
$email->set_header('Importance', 'high');
// RFC2156: "low" | "normal" | "high"
$email->set_header('X-Priority', '1 (Highest)');
// "1 (Highest)" | "3 (Normal)" | "5 (Lowest)"
if ($email->send()) {
// success, mail was accepted for delivery
logger(sprintf('%s.%s(): success sending \'%s\' to %s', __CLASS__, __FUNCTION__, $subject, $mailto), WLOG_DEBUG);
} else {
logger(sprintf('%s.%s(): failure sending \'%s\' to %s', __CLASS__, __FUNCTION__, $subject, $mailto));
}
return $retval;
}
$postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id");
$current_time = time();
if ($captcha_enable_postcards && !captcha_validate($captcha)) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['captcha_required'];
$action = "previewcard";
$main_template = "postcard_preview";
} else {
$sql = "INSERT INTO " . POSTCARDS_TABLE . "\n (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)\n VALUES\n ('{$postcard_id}', {$image_id}, {$current_time}, '{$bg_color}', '{$border_color}', '{$font_color}', '{$font_face}', '{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$headline}', '{$message}')";
$result = $site_db->query($sql);
if ($result) {
$postcard_url = $script_url . "/postcards.php?" . URL_POSTCARD_ID . "=" . $postcard_id;
include ROOT_PATH . 'includes/email.php';
$site_email = new Email();
$site_email->set_to(stripslashes($recipient_email));
$site_email->set_from(stripslashes($sender_email), stripslashes($sender_name));
$site_email->set_subject($lang['send_postcard_emailsubject']);
$site_email->register_vars(array("sender_name" => stripslashes($sender_name), "sender_email" => stripslashes($sender_email), "recipient_name" => stripslashes($recipient_name), "postcard_url" => stripslashes($postcard_url), "postcard_send_date" => format_date($config['date_format'] . " " . $config['time_format'], $current_time), "site_name" => $config['site_name']));
$site_email->set_body("postcard_message", $config['language_dir']);
$site_email->send_email();
$msg .= $lang['send_postcard_success'];
$msg .= "<br /><a href=\"" . $back_url . "\">" . $lang['back_to_gallery'] . "</a>";
$action = "showcard";
} else {
$msg = $lang['general_error'];
$action = "previewcard";
$main_template = "postcard_preview";
}
}
}
if ($action == "showcard") {
$expiry = time() - 60 * 60 * 24 * POSTCARD_EXPIRY;
/** send email to user confirming password change
*
* This sends an email to the user's email addres confirming
* that the user's password was changed. Note that the new
* password is _NOT_ sent to the user.
*
* @param array $user an associative array with the user record
* @return bool FALSE on failure, TRUE otherwise
* @uses $CFG
*/
function login_send_confirmation($user)
{
global $CFG;
$datim = strftime("%Y-%m-%d %T");
$user_id = intval($user['user_id']);
$mailto = $user['email'];
$full_name = replace_crlf($user['full_name'], ' ');
$subject = replace_crlf(t('change_password_confirmation_subject', 'loginlib'), ' ');
$message = t('change_password_confirmation_message', 'loginlib', array('{DATETIME}' => $datim, '{REMOTE_ADDR}' => $_SERVER['REMOTE_ADDR']));
/** make sure utility routines for creating/sending email messages are available */
require_once $CFG->progdir . '/lib/email.class.php';
$email = new Email();
$email->set_mailto($mailto, $full_name);
$email->set_subject($subject);
$email->set_message($message);
$retval = $email->send();
return $retval;
}
/** send pending messages/alerts
*
* this goes through all the alert accounts to see if any messages need
* to be sent out by email. The strategy is as follows.
* First we collect a maximum of $max_messages alerts in in core
* (1 trip to the database) Then we iterate through that collection
* and for every alert we
* 1. construct and send an email message
* 2. update the record (reset the message buffer
* and message count) (+1 trip to the database)
*
* Locking and unlocking would be even more expensive, especially when
* chances of race conditions are not so big. (An earlier version of
* this routine went to the database once for the list of all pending
* alerts and subsequently twice for each alert but eventually I
* considered that too expensive too).
*
* Assuming that an UPDATE is more or less atomic, we hopefully
* can get away with an UPDATE with a where clause looking explicitly
* for the previous value of the message count. If a message was added
* after retrieving the alerts but before updating, the message count
* would be incremented (by the other process) which would prevent us from
* updating. The alert would be left unchanged but including
* the added message. Worst case: the receiver gets the same list of
* alerts again and again. I consider that a fair trade off, given the
* low probability of it happening. (Mmmm, famous last words...)
*
* Bottom line, we don't do locking in this routine.
*
* Note that we add a small reminder to the message buffer about
* us processing the alert and sending a message. However, we don't
* set the number of messages to 1 because otherwise that would be
* the signal to sent this message the next time. We don't want
* sent a message every $cron_interval minutes basically saying
* that we didn't do anything since the previous run. (Or is this
* a feature after all?)
*
* Failures are logged, success are logged as WLOG_DEBUG.
*
* @param int $max_messages do not send more than this number of messages
* @return int the number of messages that were processed
*/
function cron_send_queued_alerts($max_messages = 10)
{
global $CFG;
//
// 1 -- any work to do at all?
//
$now = strftime('%Y-%m-%d %T');
$table = 'alerts';
$fields = '*';
$where = '(messages > 0) AND (is_active = ' . SQL_TRUE . ') AND (cron_next <= ' . db_escape_and_quote($now) . ')';
$order = 'cron_next';
$keyfield = 'alert_id';
$limit = max(1, intval($max_messages));
// at least go for 1 alert
if (($alerts = db_select_all_records($table, $fields, $where, $order, $keyfield, $limit)) === FALSE) {
// ignore error
logger(sprintf('%s(): error retrieving alerts: %s', __FUNCTION__, db_errormessage()));
return 0;
} elseif (sizeof($alerts) < 1) {
// nothing to do
logger(sprintf('%s(): nothing to do', __FUNCTION__), WLOG_DEBUG);
return 0;
}
//
// 2 -- yes, work to do: iterate through until at most $max_messages are sent
//
$alert_messages_sent = 0;
/** make sure utility routines for creating/sending email messages are available */
require_once $CFG->progdir . '/lib/email.class.php';
$email = new Email();
foreach ($alerts as $alert_id => $alert) {
$messages = intval($alert['messages']);
$mailto = $alert['email'];
$full_name = $alert['full_name'];
$email->set_mailto($mailto, $full_name);
$email->set_subject(t('alerts_mail_subject', '', array('{ALERTS}' => $messages, '{SITENAME}' => $CFG->title)));
$email->set_message(wordwrap($alert['message_buffer'], 70));
if ($email->send()) {
// alert was accepted, reset our message buffer, counter
$cron_next = strftime('%Y-%m-%d %T', time() + 60 * intval($alert['cron_interval']));
$continuation_line = $now . "\n" . t('alerts_processed', '', array('{ALERTS}' => $messages)) . "\n";
$fields = array('cron_next' => $cron_next, 'messages' => 0, 'message_buffer' => $continuation_line);
$where = array('alert_id' => $alert_id, 'messages' => $messages);
// don't update if another message was added while we were working
if (($retval = db_update('alerts', $fields, $where)) !== FALSE) {
logger(sprintf('%s(): %d message(s) for %s (%s) (id=%d) sent; %d record(s) updated', __FUNCTION__, $messages, $mailto, $full_name, $alert_id, $retval), WLOG_DEBUG);
++$alert_messages_sent;
if ($max_messages <= $alert_messages_sent) {
break;
}
} else {
logger(sprintf('%s(): error with alert for %s (%s) (id=%d): ' . 'mail was sent, but record not reset. ' . 'Was another process updating this record while we were not looking?', __FUNCTION__, $mailto, $full_name, $alert_id));
}
} else {
logger(sprintf('%s(): error: %d message(s) for %s (%s) (id=%d) NOT sent', __FUNCTION__, $messages, $mailto, $full_name, $alert_id));
}
}
logger(sprintf('%s(): success processing %d alert(s)', __FUNCTION__, $alert_messages_sent));
return $alert_messages_sent;
}
/** send new or changed translations back to the project
*
* This sends an e-mail back to the project with the translation.
* We do so in the form of an attachment, but with a 'safe' extension
* (.bin rather than .php). This means that we will be able to traverse
* any firewalls and spamfilters and malware detectors.
*
* The _notes are used as the body of the message, the file is attached.
*
* Note that we send a copy of the message to the site itself (either
* the from-addres or the reply-to-address).
*
* @param string $language_key identifies the language to submit
* @param string $full_domain indicates which language domain needs to be submitted
* @param array &$diff contains all key-value-pairs for the modified translation
* @return bool TRUE on success, FALSE on failure
*/
function submit_diff_to_project($language_key, $full_domain, &$diff)
{
global $CFG;
/** make sure utility routines for creating/sending email messages are available */
require_once $CFG->progdir . '/lib/email.class.php';
$language_name = $this->languages[$language_key]['language_name'];
$email = new Email();
$mailto = '*****@*****.**';
$email->set_mailto($mailto, 'Website@School Translations');
$subject = sprintf('Website@School Translation: %s (%s) - %s', $language_name, $language_key, $full_domain);
$email->set_subject($subject);
$name = trim($diff['_full_name']);
// maybe add name of translator to human readable From: and Cc: header
$name = empty($name) ? $CFG->title : $CFG->title . ' - ' . $name;
$email->set_mailfrom($CFG->website_from_address, $name);
$addrcc = empty($CFG->website_replyto_address) ? $CFG->website_from_address : $CFG->website_replyto_address;
$email->add_mailcc($addrcc, $name);
$message = sprintf("Language name: %s\n" . "Language key: %s\n" . "Language domain: %s\n\n", $language_name, $language_key, $full_domain) . wordwrap(str_replace(array("\r\n", "\r", "\n"), "\n", trim($diff['_notes'])), 70, "\n", TRUE);
$email->set_message($message);
$attachment = '';
$this->diff_to_text($language_key, $full_domain, $diff, $attachment);
$attachment_name = sprintf('%s-%s.bin', $language_key, $full_domain);
$email->add_attachment($attachment, $attachment_name);
if ($retval = $email->send()) {
// success, mail was accepted for delivery
logger(sprintf('%s.%s(): success sending \'%s\' to <%s>', __CLASS__, __FUNCTION__, $subject, $mailto), WLOG_DEBUG);
} else {
logger(sprintf('%s.%s(): failure sending \'%s\' to <%s>', __CLASS__, __FUNCTION__, $subject, $mailto));
}
return $retval;
}