/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function contactemail($uid, $author, $authoremail, $subject, $message)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail) && strpos($authoremail, '@') === false) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}");
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags(COM_stripslashes($sig));
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_stripslashes($subject);
$message = COM_stripslashes($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
$retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter();
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$message = strip_tags($message) . $sig;
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$sent = COM_mail($to, $subject, $message, $from);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname']));
$ccmessage .= "\n------------------------------------------------------------\n\n" . $message;
$sent = COM_mail($from, $subject, $ccmessage, $from);
}
COM_updateSpeedlimit('mail');
$retval .= COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85'));
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
return $retval;
}
/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function contactemail($uid, $author, $authoremail, $subject, $message, $html = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG_LOGIN;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser()) {
if (!SEC_inGroup('Contact', (int) $uid)) {
if (($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
$display = COM_siteHeader('menu', $LANG_LOGIN[1]);
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
}
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = " . (int) $uid);
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail)) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid);
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags($sig);
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_filterHTML($subject);
$message = COM_filterHTML($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
$subject = @htmlspecialchars($subject, ENT_QUOTES, COM_getEncodingt());
$retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter();
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
if ($html) {
$message = $message . $sig;
} else {
$message = strip_tags($message) . $sig;
}
$to = array();
$from = array();
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$rc = COM_mail($to, $subject, $message, $from, $html);
COM_updateSpeedlimit('mail');
if (COM_isAnonUser() && $_CONF['profileloginrequired'] == true) {
$redirectURL = $_CONF['site_url'] . '/index.php?msg=';
} else {
$redirectURL = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=';
}
if ($rc === false) {
$retval .= COM_refresh($redirectURL . '26');
} else {
$retval .= COM_refresh($redirectURL . '27');
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt());
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt());
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
return $retval;
}
