Example #1
0
/**
* Mails the contents of the contact form to that user
*
* @param    int     $uid            User ID of person to send email to
* @param    string  $author         The name of the person sending the email
* @param    string  $authoremail    Email address of person sending the email
* @param    string  $subject        Subject of email
* @param    string  $message        Text of message to send
* @return   string                  Meta redirect or HTML for the contact form
*/
function contactemail($uid, $author, $authoremail, $subject, $message, $html = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG_LOGIN;
    $retval = '';
    // check for correct $_CONF permission
    if (COM_isAnonUser()) {
        if (!SEC_inGroup('Contact', (int) $uid)) {
            if (($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
                $display = COM_siteHeader('menu', $LANG_LOGIN[1]);
                $display .= SEC_loginRequiredForm();
                $display .= COM_siteFooter();
                echo $display;
                exit;
            }
        }
    }
    // check for correct 'to' user preferences
    $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = " . (int) $uid);
    $P = DB_fetchArray($result);
    if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
        $isAdmin = true;
    } else {
        $isAdmin = false;
    }
    if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
        return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
    }
    // check mail speedlimit
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
    }
    if (!empty($author) && !empty($subject) && !empty($message)) {
        if (COM_isemail($authoremail)) {
            $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid);
            $A = DB_fetchArray($result);
            // Append the user's signature to the message
            $sig = '';
            if (!COM_isAnonUser()) {
                $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
                if (!empty($sig)) {
                    $sig = strip_tags($sig);
                    $sig = "\n\n-- \n" . $sig;
                }
            }
            $subject = COM_filterHTML($subject);
            $message = COM_filterHTML($message);
            // do a spam check with the unfiltered message text and subject
            $mailtext = $subject . "\n" . $message . $sig;
            $result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
            if ($result > 0) {
                COM_updateSpeedlimit('mail');
                COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
            }
            $msg = PLG_itemPreSave('contact', $message);
            if (!empty($msg)) {
                $subject = @htmlspecialchars($subject, ENT_QUOTES, COM_getEncodingt());
                $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter();
                return $retval;
            }
            $subject = strip_tags($subject);
            $subject = substr($subject, 0, strcspn($subject, "\r\n"));
            if ($html) {
                $message = $message . $sig;
            } else {
                $message = strip_tags($message) . $sig;
            }
            $to = array();
            $from = array();
            if (!empty($A['fullname'])) {
                $to = COM_formatEmailAddress($A['fullname'], $A['email']);
            } else {
                $to = COM_formatEmailAddress($A['username'], $A['email']);
            }
            $from = COM_formatEmailAddress($author, $authoremail);
            $rc = COM_mail($to, $subject, $message, $from, $html);
            COM_updateSpeedlimit('mail');
            if (COM_isAnonUser() && $_CONF['profileloginrequired'] == true) {
                $redirectURL = $_CONF['site_url'] . '/index.php?msg=';
            } else {
                $redirectURL = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=';
            }
            if ($rc === false) {
                $retval .= COM_refresh($redirectURL . '26');
            } else {
                $retval .= COM_refresh($redirectURL . '27');
            }
        } else {
            $subject = strip_tags($subject);
            $subject = substr($subject, 0, strcspn($subject, "\r\n"));
            $subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt());
            $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
        }
    } else {
        $subject = strip_tags($subject);
        $subject = substr($subject, 0, strcspn($subject, "\r\n"));
        $subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt());
        $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
    }
    return $retval;
}
Example #2
0
 /**
  *   Send an email with attachments.
  *   This is a verbatim copy of COM_mail(), but with the $attachments
  *   paramater added and 3 extra lines of code near the end.
  *
  *   @param  string  $to         Receiver's email address
  *   @param  string  $from       Sender's email address
  *   @param  string  $subject    Message Subject
  *   @param  string  $message    Message Body
  *   @param  boolean $html       True for HTML message, False for Text
  *   @param  integer $priority   Message priority value
  *   @param  string  $cc         Other recipients
  *   @param  string  $altBody    Alt. body (text)
  *   @param  array   $attachments    Array of attachments
  *   @return boolean             True on success, False on Failure
  */
 private function SendMail($to, $subject, $message, $from = '', $html = false, $priority = 0, $cc = '', $altBody = '', $attachments = array())
 {
     global $_CONF;
     $subject = substr($subject, 0, strcspn($subject, "\r\n"));
     $subject = COM_emailEscape($subject);
     require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php';
     $mail = new PHPMailer();
     $mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/');
     $mail->CharSet = COM_getCharset();
     if ($_CONF['mail_backend'] == 'smtp') {
         $mail->IsSMTP();
         $mail->Host = $_CONF['mail_smtp_host'];
         $mail->Port = $_CONF['mail_smtp_port'];
         if ($_CONF['mail_smtp_secure'] != 'none') {
             $mail->SMTPSecure = $_CONF['mail_smtp_secure'];
         }
         if ($_CONF['mail_smtp_auth']) {
             $mail->SMTPAuth = true;
             $mail->Username = $_CONF['mail_smtp_username'];
             $mail->Password = $_CONF['mail_smtp_password'];
         }
         $mail->Mailer = "smtp";
     } elseif ($_CONF['mail_backend'] == 'sendmail') {
         $mail->Mailer = "sendmail";
         $mail->Sendmail = $_CONF['mail_sendmail_path'];
     } else {
         $mail->Mailer = "mail";
     }
     $mail->WordWrap = 76;
     $mail->IsHTML($html);
     if ($html) {
         $mail->Body = COM_filterHTML($message);
     } else {
         $mail->Body = $message;
     }
     if ($altBody != '') {
         $mail->AltBody = $altBody;
     }
     $mail->Subject = $subject;
     if (is_array($from) && isset($from[0]) && $from[0] != '') {
         if ($_CONF['use_from_site_mail'] == 1) {
             $mail->From = $_CONF['site_mail'];
             $mail->AddReplyTo($from[0]);
         } else {
             $mail->From = $from[0];
         }
     } else {
         $mail->From = $_CONF['site_mail'];
     }
     if (is_array($from) && isset($from[1]) && $from[1] != '') {
         $mail->FromName = $from[1];
     } else {
         $mail->FromName = $_CONF['site_name'];
     }
     if (is_array($to) && isset($to[0]) && $to[0] != '') {
         if (isset($to[1]) && $to[1] != '') {
             $mail->AddAddress($to[0], $to[1]);
         } else {
             $mail->AddAddress($to[0]);
         }
     } else {
         // assume old style....
         $mail->AddAddress($to);
     }
     if (isset($cc[0]) && $cc[0] != '') {
         if (isset($cc[1]) && $cc[1] != '') {
             $mail->AddCC($cc[0], $cc[1]);
         } else {
             $mail->AddCC($cc[0]);
         }
     } else {
         // assume old style....
         if (isset($cc) && $cc != '') {
             $mail->AddCC($cc);
         }
     }
     if ($priority) {
         $mail->Priority = 1;
     }
     // Add attachments
     foreach ($attachments as $key => $value) {
         $mail->AddAttachment($value);
     }
     if (!$mail->Send()) {
         COM_errorLog("Email Error: " . $mail->ErrorInfo);
         return false;
     }
     return true;
 }
Example #3
0
/**
* This function checks html tags.
*
* Checks to see that the HTML tags are on the approved list and
* removes them if not.
*
* @param    string  $str            HTML to check
* @param    string  $permissions    comma-separated list of rights which identify the current user as an "Admin"
* @return   string                  Filtered HTML
*
*/
function COM_checkHTML($str, $permissions = 'story.edit')
{
    global $_CONF;
    return COM_filterHTML($str, $permissions);
}