/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function contactemail($uid, $author, $authoremail, $subject, $message, $html = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG_LOGIN;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser()) {
if (!SEC_inGroup('Contact', (int) $uid)) {
if (($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
$display = COM_siteHeader('menu', $LANG_LOGIN[1]);
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
}
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = " . (int) $uid);
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail)) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid);
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags($sig);
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_filterHTML($subject);
$message = COM_filterHTML($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
$subject = @htmlspecialchars($subject, ENT_QUOTES, COM_getEncodingt());
$retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter();
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
if ($html) {
$message = $message . $sig;
} else {
$message = strip_tags($message) . $sig;
}
$to = array();
$from = array();
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$rc = COM_mail($to, $subject, $message, $from, $html);
COM_updateSpeedlimit('mail');
if (COM_isAnonUser() && $_CONF['profileloginrequired'] == true) {
$redirectURL = $_CONF['site_url'] . '/index.php?msg=';
} else {
$redirectURL = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=';
}
if ($rc === false) {
$retval .= COM_refresh($redirectURL . '26');
} else {
$retval .= COM_refresh($redirectURL . '27');
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt());
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt());
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
return $retval;
}
/**
* Send an email with attachments.
* This is a verbatim copy of COM_mail(), but with the $attachments
* paramater added and 3 extra lines of code near the end.
*
* @param string $to Receiver's email address
* @param string $from Sender's email address
* @param string $subject Message Subject
* @param string $message Message Body
* @param boolean $html True for HTML message, False for Text
* @param integer $priority Message priority value
* @param string $cc Other recipients
* @param string $altBody Alt. body (text)
* @param array $attachments Array of attachments
* @return boolean True on success, False on Failure
*/
private function SendMail($to, $subject, $message, $from = '', $html = false, $priority = 0, $cc = '', $altBody = '', $attachments = array())
{
global $_CONF;
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = COM_emailEscape($subject);
require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php';
$mail = new PHPMailer();
$mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/');
$mail->CharSet = COM_getCharset();
if ($_CONF['mail_backend'] == 'smtp') {
$mail->IsSMTP();
$mail->Host = $_CONF['mail_smtp_host'];
$mail->Port = $_CONF['mail_smtp_port'];
if ($_CONF['mail_smtp_secure'] != 'none') {
$mail->SMTPSecure = $_CONF['mail_smtp_secure'];
}
if ($_CONF['mail_smtp_auth']) {
$mail->SMTPAuth = true;
$mail->Username = $_CONF['mail_smtp_username'];
$mail->Password = $_CONF['mail_smtp_password'];
}
$mail->Mailer = "smtp";
} elseif ($_CONF['mail_backend'] == 'sendmail') {
$mail->Mailer = "sendmail";
$mail->Sendmail = $_CONF['mail_sendmail_path'];
} else {
$mail->Mailer = "mail";
}
$mail->WordWrap = 76;
$mail->IsHTML($html);
if ($html) {
$mail->Body = COM_filterHTML($message);
} else {
$mail->Body = $message;
}
if ($altBody != '') {
$mail->AltBody = $altBody;
}
$mail->Subject = $subject;
if (is_array($from) && isset($from[0]) && $from[0] != '') {
if ($_CONF['use_from_site_mail'] == 1) {
$mail->From = $_CONF['site_mail'];
$mail->AddReplyTo($from[0]);
} else {
$mail->From = $from[0];
}
} else {
$mail->From = $_CONF['site_mail'];
}
if (is_array($from) && isset($from[1]) && $from[1] != '') {
$mail->FromName = $from[1];
} else {
$mail->FromName = $_CONF['site_name'];
}
if (is_array($to) && isset($to[0]) && $to[0] != '') {
if (isset($to[1]) && $to[1] != '') {
$mail->AddAddress($to[0], $to[1]);
} else {
$mail->AddAddress($to[0]);
}
} else {
// assume old style....
$mail->AddAddress($to);
}
if (isset($cc[0]) && $cc[0] != '') {
if (isset($cc[1]) && $cc[1] != '') {
$mail->AddCC($cc[0], $cc[1]);
} else {
$mail->AddCC($cc[0]);
}
} else {
// assume old style....
if (isset($cc) && $cc != '') {
$mail->AddCC($cc);
}
}
if ($priority) {
$mail->Priority = 1;
}
// Add attachments
foreach ($attachments as $key => $value) {
$mail->AddAttachment($value);
}
if (!$mail->Send()) {
COM_errorLog("Email Error: " . $mail->ErrorInfo);
return false;
}
return true;
}
/**
* This function checks html tags.
*
* Checks to see that the HTML tags are on the approved list and
* removes them if not.
*
* @param string $str HTML to check
* @param string $permissions comma-separated list of rights which identify the current user as an "Admin"
* @return string Filtered HTML
*
*/
function COM_checkHTML($str, $permissions = 'story.edit')
{
global $_CONF;
return COM_filterHTML($str, $permissions);
}