function sendNewSysMessage($fromid, $recipients, $message, $systemmsg=0, $validfor=0, $sendnotification=0, $forceembedded=0) {
$database = uddeIMgetDatabase();
if ($systemmsg) { // system message
$sendername = $this->config->sysm_username;
$savesysflag = addslashes($sendername); // system message
$savedisablereply = 1; // and users can't reply to them
$emn_fromid = 0; // for email notifications set userid 0
} else {
$sendername = uddeIMgetNameFromID($fromid, $this->config);
$savesysflag = addslashes($sendername);
$savedisablereply = 0;
$emn_fromid = $fromid;
}
$savedatum = uddetime($this->config->timezone);
if ($validfor>0) {
$now = uddetime($this->config->timezone);
$validuntil = $now+($validfor*3600);
} else {
$validuntil = 0;
}
if ($this->config->cryptmode>=1) { // because of encoding do not use slashes
$savemessage = strip_tags($message);
} else {
$savemessage = addslashes(strip_tags($message)); // original 0.6+
}
getAdditonalGroups($add_special, $add_admin, $config);
if (uddeIMcheckJversion()>=2) { // J1.6
if ($recipients=="all") {
$sql="SELECT id FROM #__users WHERE block=0";
} elseif($recipients=="online") {
$sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid";
} elseif($recipients=="special") {
$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")";
} elseif($recipients=="admins") {
$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id IN (7,8".$add_admin.")";
} else {
$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id=".(int)$recipients;
}
} else {
if ($recipients=="all") {
$sql="SELECT id FROM #__users WHERE block=0";
} elseif($recipients=="online") {
$sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid";
} elseif($recipients=="special") {
$sql="SELECT id FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")";
} elseif($recipients=="admins") {
$sql="SELECT id FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")";
} else {
$sql="SELECT id FROM #__users WHERE block=0 AND gid=".(int)$recipients;
}
}
$database->setQuery($sql);
$receivers=$database->loadObjectList();
if (!count($receivers)) {
return 1;
}
foreach($receivers as $receiver) {
$toid = $receiver->id;
$themode = 0;
if ($this->config->cryptmode==1 || $this->config->cryptmode==2 || $this->config->cryptmode==4) {
$themode = 1;
$cm = uddeIMencrypt($savemessage,$this->config->cryptkey,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$fromid.", ".(int)$toid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",1,'".md5($this->config->cryptkey)."')";
} elseif ($this->config->cryptmode==3) {
$themode = 3;
$cm = uddeIMencrypt($savemessage,"",CRYPT_MODE_STOREBASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$fromid.", ".(int)$toid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",3)";
} else {
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox) VALUES (".(int)$fromid.", ".(int)$toid.", '".$savemessage."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1,".$savedatum.")";
}
$database->setQuery($sql);
if (!$database->query()) {
die("SQL error when attempting to save a message" . $database->stderr(true));
}
$insID = $database->insertid();
if ($sendnotification) {
// Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver.
if ($this->config->notifydefault>0 || $this->config->popupdefault>0 || $this->config->pubfrontenddefault>0 || $this->config->autoresponder>0 || $this->config->autoforward>0) {
if (!uddeIMexistsEMN($toid))
uddeIMinsertEMNdefaults($toid, $this->config);
}
}
// ##################################################################################################
// email notification
// ##################################################################################################
if ($sendnotification) {
$currentlyonline = uddeIMisOnline($toid);
if ($this->config->cryptmode>=1) {
$email = stripslashes($savemessage);
} else {
$email = stripslashes(stripslashes($savemessage));
}
$type = 0;
if ($forceembedded)
$type = 2;
if ($this->config->allowemailnotify==1) {
$ison = uddeIMgetEMNstatus($toid);
if (($ison==1) || ($ison==2 && !$currentlyonline) || $ison==10 || ($ison==20 && !$currentlyonline)) {
uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $toid, $email, $type, $this->config);
}
} elseif($this->config->allowemailnotify==2) {
$gid = uddeIMgetGID((int)$toid);
if (uddeIMisAdmin($gid) || uddeIMisAdmin2($gid, $this->config)) {
$ison = uddeIMgetEMNstatus($toid);
if (($ison==1) || ($ison==2 && !$currentlyonline) || $ison==10 || ($ison==20 && !$currentlyonline)) {
uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $toid, $email, $type, $this->config);
}
}
}
}
}
return 0;
}
function uddeIMblockUserUdde($myself, $item_id, $recip, $ret, $config) {
$addlink = "";
if ($recip)
$addlink = "&recip=".(int)$recip;
$task = "inbox";
if ($ret=="postboxuser" && $config->enablepostbox)
$task = "postboxuser";
if (!$config->blocksystem) {
$mosmsg = _UDDEIM_BLOCKSDISABLED;
uddeJSEFredirect("index.php?option=com_uddeim&task=".$task."&Itemid=".$item_id.$addlink, $mosmsg);
}
// is this user already blocked?
$isblocked = uddeIMcheckBlockerBlocked($myself, $recip);
if ($isblocked)
uddeJSEFredirect("index.php?option=com_uddeim&task=settings&Itemid=".$item_id);
$recip_gid = uddeIMgetGID($recip);
if (uddeIMisAdmin($recip_gid) || uddeIMisAdmin2($recip_gid, $config)) {
$mosmsg = _UDDEIM_CANTBLOCKADMINS;
uddeJSEFredirect("index.php?option=com_uddeim&task=".$task."&Itemid=".$item_id.$addlink, $mosmsg);
}
uddeIMinsertBlockerBlocked($myself, $recip);
uddeJSEFredirect("index.php?option=com_uddeim&task=settings&Itemid=".$item_id);
}
function uddeIMpublicSaveMessage($fromname, $fromemail, $to_name, $to_id, $pmessage, $item_id, $sendeform_showallusers, $backto, $config) {
$mosConfig_sitename = uddeIMgetSitename();
$pathtosite = uddeIMgetPath('live_site');
$database = uddeIMgetDatabase();
$to_name = stripslashes($to_name);
$to_name_bak = $to_name; // save all already typed in names
if(!$to_id && !$to_name && $sendeform_showallusers!=2) {
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 5, $config);
return;
}
if($sendeform_showallusers) { // =2, click on button / =1, keep on showing
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 1, $config);
return;
}
// do not allow multiple recipients from public frontend
$to_name = trim($to_name);
$fromname = trim($fromname);
$fromemail = trim($fromemail);
if(!$fromname) {
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 12, $config);
return;
}
// When there is an email address this must be valid
if ($fromemail && !preg_match("/\b[a-z0-9!#$%&'*+\/=?^_`{|}-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+(?:[A-Z]{2}|com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|museum)\b/i", $fromemail)) {
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 13, $config);
return;
}
// Check if an email address is required
if (!$fromemail && $config->pubemail) {
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 13, $config);
return;
}
$to_id = uddeIMgetIDfromNamePublic($to_name, $config, true); // add "AND block=0"
// BUGBUG: Maybe it is a good idea to do the query vice versa (so I could add a query for "realname"s here)
if (!$to_id) { // no user with this name found, so try again with username (maybe we do the query twice (see query above, but who cares)
if ($config->pubrealnames) {
$to_id = uddeIMgetIDfromUsername($to_name, true); // add "AND block=0"
}
}
if(!$to_id) { // no user with this username found
// display to form again so that the user can correct his/her fault
// the wrong name is displayed in brackets (add brackets only once)
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 3, $config);
return;
}
// now check banning
$is_banned = uddeIMisBanned($to_id, $config);
if ($is_banned) {
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
// write the uddeim menu
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 17, $config);
return;
}
// now check group blocking
$is_group_blocked = uddeIMisRecipientBlockedPublic($to_id, $config);
if ($is_group_blocked) {
if (substr($to_name,0,1)!="(") {
$to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak);
}
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 10, $config);
return;
}
if(!$pmessage) {
// write the uddeim menu
$to_name = $to_name_bak;
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 4, $config);
return;
}
// check if user allows public access (this check must be done after group blocking, because the admin can block a certain group and the user cannot longer decide if he allows the public frontend or not)
$ispublic = uddeIMgetEMNpublic($to_id);
if (!$ispublic) { // user does not allow public messages
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 8, $config);
return;
}
// CAPTCHA (first check for all other errors and then the CAPTCHA)
if ($config->usecaptcha>=1) { // CAPTCHA is enabled for public frontend
if ($config->captchatype==0) {
if (class_exists('JFactory')) {
// CAPTCHA15
$session = JFactory::getSession();
$_SESSION['security_code'] = $session->get('security_code'); // so I do not need to modify saveMessage code
} else {
// CAPTCHA10
session_start();
}
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
// CAPTCHA is correct, so unset security code
if (class_exists('JFactory')) {
$session = JFactory::getSession();
$session->set('security_code', null);
} else {
unset($_SESSION['security_code']);
}
} else {
// wrong captcha, so write the uddeim menu
$to_name = $to_name_bak;
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 7, $config);
return;
}
} else {
$pathtouser = uddeIMgetPath('user');
require_once($pathtouser."/recaptchalib.php");
$resp = recaptcha_check_answer ($config->recaptchaprv,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$to_name = $to_name_bak;
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 7, $config);
return;
// die ("The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")");
}
}
}
if (!uddeIMcheckCSRF($config)) {
$to_name = $to_name_bak;
uddeIMpublicMenuWriteform($item_id, $fromname, $fromemail, $to_name, $pmessage, 15, $config);
return;
}
$savedatum = uddetime($config->timezone);
$savetoid = $to_id;
$savefromid = 0; // This is '0' in public frontend
// CRYPT
if ($config->cryptmode>=1) { // because of encoding do not use slashes
$savemessage=strip_tags($pmessage);
} else {
$savemessage=addslashes(strip_tags($pmessage)); // original 0.6+
}
// strip bbcodes
if (!$config->allowbb) {
$savemessage=uddeIMbbcode_strip($savemessage);
}
// set message max length
if ($config->maxlength>0) { // because if 0 do not use any maxlength
$savemessage=substr($savemessage, 0, $config->maxlength);
}
$fromname=addslashes(strip_tags($fromname));
$fromemail=addslashes(strip_tags($fromemail));
$delayed = 0;
if ($config->modpubusers)
$delayed = 1;
// we have all we need, now save it
// no replyid can be set here, since public users cannot reply to a message, replyid = 0
// CRYPT
if ($config->cryptmode==1 || $config->cryptmode==2 || $config->cryptmode==4) { // do not allow individual encryption
$cm = uddeIMencrypt($savemessage,$config->cryptkey,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (`delayed`, publicname, publicemail, fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$delayed.", '".$fromname."', '".$fromemail."', ".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.",1,".$savedatum.",1,'".md5($config->cryptkey)."')";
} elseif ($config->cryptmode==3) {
$cm = uddeIMencrypt($savemessage,"",CRYPT_MODE_STOREBASE64);
$sql="INSERT INTO #__uddeim (`delayed`, publicname, publicemail, fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$delayed.", '".$fromname."', '".$fromemail."', ".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.",1,".$savedatum.",3)";
} else {
$sql="INSERT INTO #__uddeim (`delayed`, publicname, publicemail, fromid, toid, message, datum, totrashoutbox, totrashdateoutbox) VALUES (".(int)$delayed.", '".$fromname."', '".$fromemail."', ".(int)$savefromid.", ".(int)$savetoid.", '".$savemessage."', ".$savedatum.",1,".$savedatum.")";
}
$database->setQuery($sql);
if (!$database->query()) {
die("SQL error when attempting to save a message" . $database->stderr(true));
}
$insID = $database->insertid();
// When public users are moderated, delay the message
// if (uddeIMgetEMNmoderated($savefromid) ) { // && uddeIMisReggedOnly($my_gid)) {
// uddeIMupdateDelayed($savefromid, $insID, 1);
// }
// Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver.
// Note: Not necessary for "copy to myself" sind the record for the current user has been set at the very beginning...
if ($config->notifydefault>0 || $config->popupdefault>0 || $config->pubfrontenddefault>0 || $config->autoresponder>0 || $config->autoforward>0) {
if (!uddeIMexistsEMN($savetoid))
uddeIMinsertEMNdefaults($savetoid, $config);
}
$rec_gid = uddeIMgetGID((int)$savetoid);
// ##################################################################################################
// autoforward code
// ##################################################################################################
if ($config->autoforward==1 || ($config->autoforward==2 && (uddeIMisAdmin($rec_gid) || uddeIMisAdmin2($rec_gid, $config)))) {
$ison = uddeIMgetEMNautoforward($savetoid); // recipient has autoforward enabled
if ($ison==1) {
$autoforwardid = uddeIMgetEMNautoforwardid($savetoid); // new recipient
$forwardheader="
[i]("._UDDEIM_THISISAFORWARD.uddeIMgetNameFromID($savetoid, $config).")[/i]";
$savemessagecopy = $savemessage.$forwardheader;
$themode = 0;
if ($config->cryptmode==1) {
$themode = 1;
$cm = uddeIMencrypt($savemessagecopy,$config->cryptkey,CRYPT_MODE_BASE64);
$sql = "INSERT INTO #__uddeim (fromid, toid, message, datum, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$autoforwardid.", '".$cm."', ".$savedatum.",1,'".md5($config->cryptkey)."')";
} elseif ($config->cryptmode==2) {
$themode = 2;
$thepass=$cryptpass;
if (!$thepass) { // no password entered, then fallback to obfuscating
$themode = 1;
$thepass=$config->cryptkey;
}
$cm = uddeIMencrypt($savemessagecopy,$thepass,CRYPT_MODE_BASE64);
$sql = "INSERT INTO #__uddeim (fromid, toid, message, datum, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$autoforwardid.", '".$cm."', ".$savedatum.",".$themode.",'".md5($thepass)."')";
} elseif ($config->cryptmode==3) {
$themode = 3;
$cm = uddeIMencrypt($savemessagecopy,"",CRYPT_MODE_STOREBASE64);
$sql = "INSERT INTO #__uddeim (fromid, toid, message, datum, cryptmode) VALUES (".(int)$savefromid.", ".(int)$autoforwardid.", '".$cm."', ".$savedatum.",3)";
} elseif ($config->cryptmode==4) {
$themode = 4;
$thepass=$cryptpass;
if (!$thepass) { // no password entered, then fallback to obfuscating
$themode = 1;
$thepass=$config->cryptkey;
}
$cm = uddeIMencrypt($savemessagecopy,$thepass,CRYPT_MODE_3DESBASE64);
$sql = "INSERT INTO #__uddeim (fromid, toid, message, datum, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$autoforwardid.", '".$cm."', ".$savedatum.",".$themode.",'".md5($thepass)."')";
} else {
$sql = "INSERT INTO #__uddeim (fromid, toid, message, datum) VALUES (".(int)$savefromid.", ".(int)$autoforwardid.", '".$savemessage."', ".$savedatum.")";
}
$database->setQuery($sql);
if (!$database->query()) {
die("SQL error when attempting to save a message" . $database->stderr(true));
}
$insIDforward = $database->insertid();
}
}
// ##################################################################################################
// autoresponder
// ##################################################################################################
if ($config->autoresponder==1 || ($config->autoresponder==2 && (uddeIMisAdmin($rec_gid) || uddeIMisAdmin2($rec_gid, $config)))) {
$ison = uddeIMgetEMNautoresponder($savetoid);
if ($ison==1) {
// $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". _UDDEIM_AUTORESPONDER_DEFAULT ."', ".$savedatum.", 1,".uddetime($config->timezone).")";
// BUGBUG: An autoresponder message is send via email but no message in the outbox is created.
// This is not a bug since in my opinion it does not make sense to store autoresponder messages AND the received message.
if($config->emailtrafficenabled && $fromemail) {
$autorespondertext = uddeIMgetEMNautorespondertext($savetoid);
$var_fromname = uddeIMgetNameFromID($savetoid, $config);
if (!$var_fromname)
$var_fromname=$config->sysm_username;
$var_body = _UDDEIM_EMN_BODY_PUBLICWITHMESSAGE;
$var_body = str_replace("%livesite%", $pathtosite, $var_body);
$var_body = str_replace("%user%", $var_fromname, $var_body);
$var_body = str_replace("%site%", $mosConfig_sitename, $var_body);
$var_body = str_replace("%you%", $fromname, $var_body);
$autorespondertext = str_replace(chr(13).chr(10), "\n", $autorespondertext);
$var_body = str_replace("%pmessage%", $autorespondertext, $var_body);
$subject = _UDDEIM_EMN_SUBJECT;
$subject = str_replace("%livesite%", $pathtosite, $subject);
$subject = str_replace("%site%", $mosConfig_sitename, $subject);
$subject = str_replace("%you%", $fromname, $subject);
$subject = str_replace("%user%", $var_fromname, $subject);
$replyto = $fromemail;
$replytoname = "";
if(uddeIMsendmail($config->emn_sendername, $config->emn_sendermail, $var_toname, $fromemail, $subject, $var_body, $replyto, $replytoname, "", $config)) {
// maybe a code here that the email cound not have been sent
}
}
}
}
// ##################################################################################################
// email notification
// ##################################################################################################
// is the receiver currently online?
$currentlyonline = uddeIMisOnline($savetoid);
if ($config->cryptmode>=1) {
$email=stripslashes($savemessage);
} else {
$email=stripslashes(stripslashes($savemessage)); // without encoding remove the safety slashes
}
if($config->allowemailnotify==1) {
$ison = uddeIMgetEMNstatus($savetoid);
if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline)) {
uddeIMpublicDispatchEMN($insID, $fromname, $savetoid, $email, 0, $config);
// 0 stands for normal (not forgetmenot)
}
} elseif($config->allowemailnotify==2) {
$my_gid = uddeIMgetGID((int)$savetoid);
if (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config)) {
$ison = uddeIMgetEMNstatus($savetoid);
if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline)) {
uddeIMpublicDispatchEMN($insID, $fromname, $savetoid, $email, 0, $config);
// 0 stands for normal (not forgetmenot)
}
}
}
$mosmsg=""; // _UDDEIM_MESSAGE_SENT
uddeJSEFredirect("index.php?option=com_uddeim&task=publicsent&Itemid=".$item_id, $mosmsg);
}
function uddeIMrssFeedPlugin($versionstring, $userid, $config) {
$database = uddeIMgetDatabase();
$sitename = uddeIMgetSitename();
$live_site = uddeIMgetPath('live_site');
$Itemid = uddeIMmosGetParam( $_REQUEST, 'Itemid');
if (!$Itemid || !isset($Itemid) || empty( $Itemid )) {
$Itemid = uddeIMgetItemid($config);
} else if ($config->overwriteitemid) {
$Itemid = (int)$config->useitemid;
}
$item_id = (int)$Itemid;
$username = stripslashes( strval( uddeIMmosGetParam ($_REQUEST, 'user', '') ));
$passwd = stripslashes( strval( uddeIMmosGetParam ($_REQUEST, 'pass', '') ));
$showall = (int) uddeIMmosGetParam ($_REQUEST, 'showall', 0);
$type = (int) uddeIMmosGetParam ($_REQUEST, 'type', 0);
$row = uddeIMselectUserrecordFromUsername($username, $config);
if ($row) {
if ($row->block) {
uddeIMrssOutputHeader($versionstring);
uddeIMrssOutputItem($type, "Code=5", _UDDEIM_RSS_USERBLOCKED, "");
uddeIMrssOutputFooter();
return;
}
$gid = uddeIMgetGID($row->id); // $userid
if (!$config->enablerss || ($config->enablerss==2 && !uddeIMisAdmin($gid) && !uddeIMisAdmin2($gid, $config))) {
uddeIMrssOutputHeader($versionstring);
uddeIMrssOutputItem($type, "Code=2", _UDDEIM_RSS_NOTALLOWED, "");
uddeIMrssOutputFooter();
return;
}
if ((strpos($row->password, ':') === false) && $row->password == md5($passwd)) {
// Old password hash storage but authentic ... lets convert it
$salt = uddeIMmosMakePassword(16);
$crypt = md5($passwd.$salt);
$row->password = $crypt.':'.$salt;
}
list($hash, $salt) = explode(':', $row->password);
$hash_db = sha1($hash); // the hash value from the user database
$hash_post = $passwd;
if ($hash_db != $hash_post) {
uddeIMrssOutputHeader($versionstring);
uddeIMrssOutputItem($type, "Code=3", _UDDEIM_RSS_WRONGPASSWORD, "");
uddeIMrssOutputFooter();
return;
}
uddeIMrssOutputHeader($versionstring);
$filter = "";
if (!$showall) {
$filter = "AND a.toread=0 ";
}
$limit = "";
if ($config->rsslimit)
$limit = " LIMIT ".(int)$config->rsslimit;
$userid = uddeIMgetIDfromUsername($username, $config, true);
$sql = "SELECT a.*, b.".($config->realnames ? "name" : "username")." AS fromname FROM #__uddeim AS a LEFT JOIN #__users AS b ON a.fromid=b.id WHERE a.toid=".(int)$userid." AND a.totrash=0 AND a.archived=0 AND `a`.`delayed`=0 ".$filter."ORDER BY a.datum DESC".$limit;
$database->setQuery($sql);
$rows = $database->loadObjectList();
if (!$rows) {
$pms_show = uddeIMsefRelToAbs("index.php?option=com_uddeim&Itemid=".$item_id);
uddeIMrssOutputItem($type,($showall ? "Code=0" : "Code=1"),
($showall ? _UDDEIM_RSS_NOMESSAGES : _UDDEIM_RSS_NONEWMESSAGES),
"", $pms_show);
} else {
foreach ($rows as $row) {
$fromname = uddeIMevaluateUsername($row->fromname, $row->fromid, $row->publicname);
if($row->systemmessage)
$fromname = $row->systemmessage;
if ($row->cryptmode==2)
$pms_show = uddeIMsefRelToAbs("index.php?option=com_uddeim&Itemid=".$item_id."&task=showpass&messageid=".$row->id);
else
$pms_show = uddeIMsefRelToAbs("index.php?option=com_uddeim&Itemid=".$item_id."&task=show&messageid=".$row->id);
$cm = uddeIMgetMessage($row->message, "", $row->cryptmode, "", $config->cryptkey);
$cm = stripslashes($cm);
if($row->systemflag || $config->allowbb) {
$cm = uddeIMbbcode_strip($cm);
}
$cm = htmlspecialchars($cm, ENT_QUOTES, $config->charset);
$cm = str_replace("&#", "&#", $cm);
$title = $fromname.": ".substr($cm,0,30);
$pubdate = date("r",$row->datum);
$desc = substr($cm,0,500);
uddeIMrssOutputItem(0, "", $title, $desc, $pms_show, $pubdate);
}
}
uddeIMrssOutputFooter();
} else {
uddeIMrssOutputHeader($versionstring);
uddeIMrssOutputItem($type, "Code=4", _UDDEIM_RSS_NOOBJECT, "");
uddeIMrssOutputFooter();
}
}
function uddeIMsaveSysgm($myself, $to_name, $to_id, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $sysgm_sys, $sysgm_nonotify, $sysgm_universe, $sysgm_validfor, $sysgm_really, $cryptpass, $config) {
$database = uddeIMgetDatabase();
$to_name = stripslashes($to_name);
$my_gid = $config->usergid;
if ($config->allowsysgm==0 ||
($config->allowsysgm==1 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) ||
($config->allowsysgm==2 && !uddeIMisManager($my_gid)) ) {
$mosmsg=_UDDEIM_NOTALLOWED_SYSM_GM;
uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
}
// what is username of sender?
$sendername = uddeIMgetNameFromID($myself, $config);
if ($sysgm_sys)
$sendername=$config->sysm_username;
if (!$sysgm_really) {
// send not confirmed. ask for confirmation
// CAPTCHA (first check for all other errors and then the CAPTCHA)
if (!uddeIMcheckCAPTCHA($my_gid, $config)) {
uddeIMprintMenu($myself, 'new', $item_id, $config);
echo "<div id='uddeim-m'>\n";
$to_name=stripslashes($to_name);
$pmessage=stripslashes($pmessage);
uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 7, 1, $config);
echo "</div>\n<div id='uddeim-bottomborder'></div>\n";
return;
}
if (!uddeIMcheckCSRF($config)) {
uddeIMprintMenu($myself, 'new', $item_id, $config);
echo "<div id='uddeim-m'>\n";
$to_name=stripslashes($to_name);
$pmessage=stripslashes($pmessage);
uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 15, 1, $config);
echo "</div>\n<div id='uddeim-bottomborder'></div>\n";
return;
}
uddeIMprintMenu($myself, 'new', $item_id, $config);
echo "<div id='uddeim-m'>\n";
echo "<div id='uddeim-toplines'><p>"._UDDEIM_SYSGM_PLEASECONFIRM."</p></div>\n";
echo "<div id='uddeim-message'><table cellpadding='7' cellspacing='1' width='100%'>\n";
$usql=""; // send to unblocked users only
getAdditonalGroups($add_special, $add_admin, $config);
if (uddeIMcheckJversion()>=2) { // J1.6
if ($sysgm_universe=="sysgm_toall") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALL;
$usql="SELECT count(id) FROM #__users WHERE block=0";
} elseif ($sysgm_universe=="sysgm_toalllogged") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALLLOGGED;
$usql="SELECT count(a.id) FROM #__users AS a, #__session AS b WHERE a.block=0 AND a.id=b.userid";
} elseif ($sysgm_universe=="sysgm_toallspecial") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALLSPECIAL;
$usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")) AS aTable";
} elseif ($sysgm_universe=="sysgm_toalladmins") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALLADMINS;
$usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id IN (7,8".$add_admin.")) AS aTable";
} elseif ($config->showgroups) {
$aclsql = "SELECT title AS name FROM #__usergroups WHERE id=".(int)$sysgm_universe;
$database->setQuery($aclsql);
$universe=$database->loadResult();
$usql="SELECT count(*) FROM (SELECT DISTINCT u.id
FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE g.id=".(int)$sysgm_universe.") AS aTable";
}
} else {
if ($sysgm_universe=="sysgm_toall") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALL;
$usql="SELECT count(id) FROM #__users WHERE block=0";
} elseif ($sysgm_universe=="sysgm_toalllogged") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALLLOGGED;
$usql="SELECT count(a.id) FROM #__users AS a, #__session AS b WHERE a.block=0 AND a.id=b.userid";
} elseif ($sysgm_universe=="sysgm_toallspecial") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALLSPECIAL;
$usql="SELECT count(id) FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")";
} elseif ($sysgm_universe=="sysgm_toalladmins") {
$universe=_UDDEIM_SYSGM_WILLSENDTOALLADMINS;
$usql="SELECT count(id) FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")";
} else {
if ($config->showgroups) {
if (uddeIMcheckJversion()>=1)
$aclsql = "SELECT name FROM #__core_acl_aro_groups WHERE id=".(int)$sysgm_universe;
else
$aclsql = "SELECT name FROM #__core_acl_aro_groups WHERE group_id=".(int)$sysgm_universe;
$database->setQuery($aclsql);
$universe=$database->loadResult();
$usql="SELECT count(id) FROM #__users WHERE block=0 AND gid=".(int)$sysgm_universe;
}
}
}
if (!$universe) {
$mosmsg=_UDDEIM_UNEXPECTEDERROR_QUIT." No recipients selected";
uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
}
if ($usql) {
$database->setQuery($usql);
$rf = (int)$database->loadResult();
$rft = ($rf==1) ? _UDDEIM_RECIPIENTFOUND : _UDDEIM_RECIPIENTSFOUND;
$universe.=" (".$rf." ".$rft.")";
}
// UDDEIMFILE
// We have checked that everything is ok, now do the file uploads
$uploadfile_temppathname = array();
$uploadfile_original = array();
$uploadfile_id = array();
$uploadfile_size = array();
$uploadfile_error = array();
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) {
$noerror = uddeIMhandleAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $uploadfile_error, $config);
if (!$noerror) { // something goes wrong
// BUGBUG: that is not the best error handling possible but is will do the work
// iterate through all errorcodes and show the first error found, rest of data will be lost
// ==> delete all files that were uploaded ok
while (list($key, $value) = each( $uploadfile_temppathname )) {
if (file_exists($value))
unlink($value);
}
while (list($key, $value) = each( $uploadfile_error )) {
if ($value==-1) { // upload failed
uddeIMprintMenu($myself, 'new', $item_id, $config);
echo "<div id='uddeim-m'>\n";
$to_name=stripslashes($to_name);
$pmessage=stripslashes($pmessage);
uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 18, 1, $config);
return;
}
if ($value==-2) { // file size exceeded
uddeIMprintMenu($myself, 'new', $item_id, $config);
echo "<div id='uddeim-m'>\n";
$to_name=stripslashes($to_name);
$pmessage=stripslashes($pmessage);
uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 19, 1, $config);
return;
}
if ($value==-3) { // file type not allowed
uddeIMprintMenu($myself, 'new', $item_id, $config);
echo "<div id='uddeim-m'>\n";
$to_name=stripslashes($to_name);
$pmessage=stripslashes($pmessage);
uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 20, 1, $config);
return;
}
}
$uploadfile_temppathname = array(); // should never been reached when an error occurs but neverthless destroy old arrays
$uploadfile_original = array();
$uploadfile_id = array();
$uploadfile_size = array();
$uploadfile_error = array();
} else {
$savedatum=uddetime($config->timezone);
uddeIMpreSaveAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);
}
}
// The uploaded file is stored in "$uploadfile_tempname" (with path) ad the original name in "$uploadfile_original" (without path) and an Id for the file.
// When we reach this line we can store these fileames in the DB.
$udde_infoheader = $universe."<br />";
$udde_infoheader .= _UDDEIM_SYSGM_WILLSENDAS_1.$sendername._UDDEIM_SYSGM_WILLSENDAS_2."<br />";
if($sysgm_sys) {
$udde_infoheader .= _UDDEIM_SYSGM_WILLDISABLEREPLY."<br />";
}
if($forceembedded && !$sysgm_nonotify) {
$udde_infoheader .= _UDDEIM_SYSGM_FORCEEMBEDDED."<br />";
}
if($sysgm_nonotify) {
$udde_infoheader .= _UDDEIM_SYSGM_NONOTIFY."<br />";
}
if($sysgm_validfor>0) {
$now=uddetime($config->timezone);
$validuntil_timestamp=$now+($sysgm_validfor*3600);
$validuntil=date("Y-m-d H:i", $validuntil_timestamp);
$udde_infoheader .= _UDDEIM_SYSGM_WILLEXPIRE." ".$validuntil."<br />";
}
echo "\t<tr class='sectiontableentry1'>\n\t\t<td>".$udde_infoheader."</td></tr>\n";
// strip any HTML from message but don't add slashes yet
$dmessage=strip_tags($pmessage);
$dmessage=stripslashes($pmessage);
$hmessage=htmlspecialchars($dmessage, ENT_QUOTES, $config->charset);
$jmessage=$dmessage;
$containslink=stristr($dmessage, "[url");
// parse bb code if it is a sysgm
$dmessage=uddeIMbbcode_replace($dmessage, $config);
$dmessage=uddeIMsmile_replace($dmessage, $config);
echo "\t<tr class='sectiontableentry2'>\n\t\t\n\t\t<td>".nl2br($dmessage)."</td></tr>\n"; // to do
echo "</table></div>\n";
echo "<div id='uddeim-writeform'>\n";
echo "<form method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=savesysgm&Itemid=".$item_id)."'><input type='hidden' name='sysgm_sys' value='".$sysgm_sys."' />\n";
echo "<span style='display: none'>\n";
if ($sysgm_universe=="sysgm_toall") {
echo "<input type='hidden' name='sysgm_universe' value='sysgm_toall' />\n";
} elseif ($sysgm_universe=="sysgm_toallspecial") {
echo "<input type='hidden' name='sysgm_universe' value='sysgm_toallspecial' />\n";
} elseif ($sysgm_universe=="sysgm_toalladmins") {
echo "<input type='hidden' name='sysgm_universe' value='sysgm_toalladmins' />\n";
} elseif ($sysgm_universe=="sysgm_toalllogged") {
echo "<input type='hidden' name='sysgm_universe' value='sysgm_toalllogged' />\n";
} elseif ($config->showgroups) {
echo "<input type='hidden' name='sysgm_universe' value='".$sysgm_universe."' />\n";
}
echo "<input type='hidden' name='sysgm_validfor' value='".(int)$sysgm_validfor."' />\n";
echo "<textarea style='visibility: hidden;' name='pmessage' class='inputbox' rows='1' cols='60'>".$jmessage."</textarea>\n";
echo "<input type='hidden' name='sysgm_really' value='1' />\n";
echo "<input type='hidden' name='forceembedded' value='".(int)$forceembedded."' />\n";
echo "<input type='hidden' name='sysgm_nonotify' value='".(int)$sysgm_nonotify."' />\n";
echo "<span id='divpass' style='visibility:hidden;'><input type='hidden' name='cryptpass' value='".$cryptpass."' /></span>\n";
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) {
while (list($key, $value) = each( $uploadfile_temppathname )) {
echo "<input type='hidden' name='uploadfile_temppathname[". $key ."]' value=". $database->Quote($uploadfile_temppathname[$key]) ." />\n";
echo "<input type='hidden' name='uploadfile_original[". $key ."]' value=". $database->Quote($uploadfile_original[$key]) ." />\n";
echo "<input type='hidden' name='uploadfile_id[". $key ."]' value=". $database->Quote($uploadfile_id[$key]) ." />\n";
echo "<input type='hidden' name='uploadfile_size[". $key ."]' value=". $database->Quote($uploadfile_size[$key]) ." />\n";
}
}
echo "</span>\n";
echo "<input type='submit' name='reply' class='button' value='"._UDDEIM_SUBMIT."' />\n";
echo "<input type='button' class='button' value='".htmlspecialchars(_UDDEIM_DONTSEND, ENT_QUOTES, $config->charset)."' onclick='history.go(-1); return false;' />";
echo "</form>";
echo "</div>";
if ($containslink) {
echo "<div id='uddeim-bottomlines'><p>"._UDDEIM_SYSGM_CHECKLINK."</p>\n</div>\n";
}
echo "</div>\n<div id='uddeim-bottomborder'>".uddeIMcontentBottomborder($myself, $item_id, 'standard', 'none', $config)."</div>\n";
} else { // sysgm_really is set to true, send is confirmed. Now send it.
$uploadfile_temppathname = uddeIMmosGetParam ($_POST, 'uploadfile_temppathname', array());
$uploadfile_original = uddeIMmosGetParam ($_POST, 'uploadfile_original', array());
$uploadfile_id = uddeIMmosGetParam ($_POST, 'uploadfile_id', array());
$uploadfile_size = uddeIMmosGetParam ($_POST, 'uploadfile_size', array());
$savedatum=uddetime($config->timezone);
if($sysgm_validfor>0) {
$now=uddetime($config->timezone);
$validuntil=$now+($sysgm_validfor*3600);
} else {
$validuntil=0;
}
$savefromid=$myself;
$savedisablereply=0;
$savesysflag="";
if($sysgm_sys) {
$savesysflag=addslashes($config->sysm_username); // system message
$savedisablereply=1; // and users can't reply to them
} else {
$savesysflag=addslashes($sendername);
$savedisablereply=0;
}
if ($config->cryptmode>=1) { // because of encoding do not use slashes
$savemessage=strip_tags($pmessage);
} else {
$savemessage=addslashes(strip_tags($pmessage)); // original 0.6+
}
// strip XSS code
$savemessage = uddeIMRemoveXSS($savemessage);
getAdditonalGroups($add_special, $add_admin, $config);
if (uddeIMcheckJversion()>=2) { // J1.6
// who shall get the message?
if($sysgm_universe=="sysgm_toall") {
$sql="SELECT id FROM #__users WHERE block=0";
} elseif($sysgm_universe=="sysgm_toalllogged") {
$sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid";
} elseif($sysgm_universe=="sysgm_toallspecial") {
$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")";
} elseif($sysgm_universe=="sysgm_toalladmins") {
$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id IN (7,8".$add_admin.")";
} elseif ($config->showgroups) {
$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id)
INNER JOIN #__usergroups AS g ON um.group_id=g.id
WHERE u.block=0 AND g.id=".(int)$sysgm_universe;
}
} else {
// who shall get the message?
if($sysgm_universe=="sysgm_toall") {
$sql="SELECT id FROM #__users WHERE block=0";
} elseif($sysgm_universe=="sysgm_toalllogged") {
$sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid";
} elseif($sysgm_universe=="sysgm_toallspecial") {
$sql="SELECT id FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")";
} elseif($sysgm_universe=="sysgm_toalladmins") {
$sql="SELECT id FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")";
} elseif ($config->showgroups) {
$sql="SELECT id FROM #__users WHERE block=0 AND gid=".(int)$sysgm_universe;
}
}
// query the database
$database->setQuery($sql);
$receivers=$database->loadObjectList();
if (!count($receivers)) {
// when there are temporary files, remove them and the markers
uddeIMpreSaveAttachmentsRemove($config);
$mosmsg = _UDDEIM_SYSGM_ERRORNORECIPS;
uddeJSEFredirect("index.php?option=com_uddeim&task=sysgm&Itemid=".$item_id, $mosmsg);
}
// we have all we need, now save it
// when we have reached that, we can remove the temporary attachment markers since the files will be referenced later
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
uddeIMpreSaveAttachmentsFinish($config);
foreach($receivers as $receiver) {
$savetoid=$receiver->id;
// it is a systemmsg to "toid", so assume that the message has already been trashed in the senders outbox (remember: system messages are not shown in the outbox)
// so set totrashoutbox=1, totrashdateoutbox=uddetime($config->timezone)
// CRYPT
$themode = 0;
if ($config->cryptmode==1) {
$themode = 1;
$cm = uddeIMencrypt($savemessage,$config->cryptkey,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",1,'".md5($config->cryptkey)."')";
} elseif ($config->cryptmode==2) {
$themode = 2;
$thepass=$cryptpass;
if (!$thepass) { // no password entered, then fallback to obfuscating
$themode = 1;
$thepass=$config->cryptkey;
}
$cm = uddeIMencrypt($savemessage,$thepass,CRYPT_MODE_BASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.", ".$themode.",'".md5($thepass)."')";
} elseif ($config->cryptmode==3) {
$themode = 3;
$cm = uddeIMencrypt($savemessage,"",CRYPT_MODE_STOREBASE64);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",3)";
} elseif ($config->cryptmode==4) {
$themode = 4;
$thepass=$cryptpass;
$cipher = CRYPT_MODE_3DESBASE64;
if (!$thepass) { // no password entered, then fallback to obfuscating
$themode = 1;
$thepass=$config->cryptkey;
$cipher = CRYPT_MODE_BASE64;
}
$cm = uddeIMencrypt($savemessage,$thepass,$cipher);
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.", ".$themode.",'".md5($thepass)."')";
} else {
$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$savemessage."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1,".$savedatum.")";
}
$database->setQuery($sql);
if (!$database->query()) {
die("SQL error when attempting to save a message" . $database->stderr(true));
}
$insID = $database->insertid();
// UDDEIMFILE
// Now save the uploads
if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
uddeIMsaveAttachments($insID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);
// Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver.
if ($config->modnewusers>0 || $config->notifydefault>0 || $config->popupdefault>0 || $config->pubfrontenddefault>0 || $config->autoresponder>0 || $config->autoforward>0) {
if (!uddeIMexistsEMN($savetoid))
uddeIMinsertEMNdefaults($savetoid, $config);
}
// Check if notifications are not disabled temporary
if (!$sysgm_nonotify) {
// e-mail notification code
// is the receiver currently online?
$currentlyonline = uddeIMisOnline($savetoid);
if ($config->cryptmode>=1) {
$email=stripslashes($savemessage);
} else {
$email=stripslashes(stripslashes($savemessage)); // without encoding remove the safety slashes
}
$type = 0; // 0=normal message, 1=forgetmenot, 2=admin forces text
if ($forceembedded)
$type = 2; // admin forces
if($config->allowemailnotify==1) {
$ison = uddeIMgetEMNstatus($savetoid);
if($sysgm_sys) {
$emn_fromid = 0;
} else {
$emn_fromid = $savefromid;
}
if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline)) {
uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $savetoid, $email, $type, $config);
// 0 stands for normal (not forgetmenot)
}
} elseif($config->allowemailnotify==2) {
$my_gid = uddeIMgetGID($savetoid);
if (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config)) {
$ison = uddeIMgetEMNstatus($savetoid);
if($sysgm_sys) {
$emn_fromid = 0;
} else {
$emn_fromid = $savefromid;
}
if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline)) {
uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $savetoid, $email, $type, $config);
// 0 stands for normal (not forgetmenot)
}
}
}
}
}
$mosmsg=_UDDEIM_MESSAGE_SENT;
uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
}
}
$task = uddeIMmosGetParam( $_REQUEST, 'task', 'settings');
$option = uddeIMmosGetParam( $_REQUEST, 'option', 'com_uddeim');
if ($config->version!=$configversion) {
$task='convertconfig'; // its the wrong configuration file, so we have to convert it first
}
if (uddeIMcheckJversion()>=4) { // Joomla >=2.5
// Action: "Access Administration Interface "
// Access check: is this user allowed to access the backend of this component?
if (!JFactory::getUser()->authorise('core.manage', 'com_uddeim')) {
return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
}
} else {
$userid = uddeIMgetUserID();
$my_gid = uddeIMgetGID($userid);
if (!uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) {
$mosmsg = _UDDEIM_VIOLATION;
$redirecturl = uddeIMredirectIndex();
uddeIMmosRedirect($redirecturl, $mosmsg);
}
}
$act = uddeIMmosGetParam($_REQUEST, 'act', '');
$id = uddeIMmosGetParam($_REQUEST, 'id', 0);
$uddeid = uddeIMmosGetParam($_REQUEST, 'uddeid', array());
if (!is_array($uddeid)) {
$uddeid = array();
}
echo "\n<!-- ".$versionstring." output below -->\n";
