function sendmail($con_id, $option)
{
global $mainframe, $database, $Itemid;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_db;
// simple spoof check security
josSpoofCheck(1);
$query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE id = " . (int) $con_id;
$database->setQuery($query);
$contact = $database->loadObjectList();
if (count($contact) > 0) {
$default = $mosConfig_sitename . ' ' . _ENQUIRY;
$email = strval(mosGetParam($_POST, 'email', ''));
$text = strval(mosGetParam($_POST, 'text', ''));
$name = strval(mosGetParam($_POST, 'name', ''));
$subject = strval(mosGetParam($_POST, 'subject', $default));
$email_copy = strval(mosGetParam($_POST, 'email_copy', 0));
$menu = $mainframe->get('menu');
$mparams = new mosParameters($menu->params);
$bannedEmail = $mparams->get('bannedEmail', '');
$bannedSubject = $mparams->get('bannedSubject', '');
$bannedText = $mparams->get('bannedText', '');
$sessionCheck = $mparams->get('sessionCheck', 1);
// check for session cookie
if ($sessionCheck) {
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) {
mosErrorAlert(_NOT_AUTH);
}
}
// Prevent form submission if one of the banned text is discovered in the email field
if ($bannedEmail) {
$bannedEmail = explode(';', $bannedEmail);
foreach ($bannedEmail as $value) {
if (stristr($email, $value)) {
mosErrorAlert(_NOT_AUTH);
}
}
}
// Prevent form submission if one of the banned text is discovered in the subject field
if ($bannedSubject) {
$bannedSubject = explode(';', $bannedSubject);
foreach ($bannedSubject as $value) {
if (stristr($subject, $value)) {
mosErrorAlert(_NOT_AUTH);
}
}
}
// Prevent form submission if one of the banned text is discovered in the text field
if ($bannedText) {
$bannedText = explode(';', $bannedText);
foreach ($bannedText as $value) {
if (stristr($text, $value)) {
mosErrorAlert(_NOT_AUTH);
}
}
}
// test to ensure that only one email address is entered
$check = explode('@', $email);
if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) {
mosErrorAlert(_CONTACT_MORE_THAN);
}
if (!$email || !$text || JosIsValidEmail($email) == false) {
mosErrorAlert(_CONTACT_FORM_NC);
}
$prefix = sprintf(_ENQUIRY_TEXT, $mosConfig_live_site);
$text = $prefix . "\n" . $name . ' <' . $email . '>' . "\n\n" . stripslashes($text);
$success = mosMail($email, $name, $contact[0]->email_to, $mosConfig_fromname . ': ' . $subject, $text);
if (!$success) {
mosErrorAlert(_CONTACT_FORM_NC);
}
// parameter check
$params = new mosParameters($contact[0]->params);
$emailcopyCheck = $params->get('email_copy', 0);
// check whether email copy function activated
if ($email_copy && $emailcopyCheck) {
$copy_text = sprintf(_COPY_TEXT, $contact[0]->name, $mosConfig_sitename);
$copy_text = $copy_text . "\n\n" . $text . '';
$copy_subject = _COPY_SUBJECT . $subject;
$success = mosMail($mosConfig_mailfrom, $mosConfig_fromname, $email, $copy_subject, $copy_text);
if (!$success) {
mosErrorAlert(_CONTACT_FORM_NC);
}
}
$link = sefRelToAbs('index.php?option=com_contact&task=view&contact_id=' . $contact[0]->id . '&Itemid=' . $Itemid);
mosRedirect($link, _THANK_MESSAGE);
}
}
/**
* Shows the email form for a given content item.
* @param int The content item id
*/
function emailContentSend($uid, $gid)
{
global $database, $mainframe;
global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail;
$id = intval(mosGetParam($_REQUEST, 'id', 0));
if ($id) {
$query = 'SELECT attribs FROM #__content WHERE `id`=' . $id;
$database->setQuery($query);
$params = new mosParameters($database->loadResult());
} else {
$params = new mosParameters('');
}
$paramEmail = intval($params->get('email', 0));
if ($mosConfig_hideEmail && !$paramEmail) {
echo _NOT_AUTH;
return;
}
// simple spoof check security
josSpoofCheck(1);
// check for session cookie
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) {
mosErrorAlert(_NOT_AUTH);
}
$itemid = intval(mosGetParam($_POST, 'itemid', 0));
$now = _CURRENT_SERVER_TIME;
$nullDate = $database->getNullDate();
// query to check for state and access levels
$query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $uid . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )";
$database->setQuery($query);
$row = NULL;
if ($database->loadObject($row)) {
/*
* check whether category is published
*/
if (!$row->cat_pub && $row->catid) {
mosNotAuth();
return;
}
/*
* check whether section is published
*/
if (!$row->sec_pub && $row->sectionid) {
mosNotAuth();
return;
}
/*
* check whether category access level allows access
*/
if ($row->cat_access > $gid && $row->catid) {
mosNotAuth();
return;
}
/*
* check whether section access level allows access
*/
if ($row->sec_access > $gid && $row->sectionid) {
mosNotAuth();
return;
}
$email = strval(mosGetParam($_POST, 'email', ''));
$yourname = strval(mosGetParam($_POST, 'yourname', ''));
$youremail = strval(mosGetParam($_POST, 'youremail', ''));
$subject = strval(mosGetParam($_POST, 'subject', ''));
if (empty($subject)) {
$subject = _EMAIL_INFO . ' ' . $yourname;
}
if ($uid < 1 || !$email || !$youremail || JosIsValidEmail($email) == false || JosIsValidEmail($youremail) == false) {
mosErrorAlert(_EMAIL_ERR_NOINFO);
}
$query = "SELECT template" . "\n FROM #__templates_menu" . "\n WHERE client_id = 0" . "\n AND menuid = 0";
$database->setQuery($query);
$template = $database->loadResult();
// determine Itemid for Item
if ($itemid) {
$_itemid = '&Itemid=' . $itemid;
} else {
$itemid = $mainframe->getItemid($uid, 0, 0);
$_itemid = '&Itemid=' . $itemid;
}
// link sent in email
$link = sefRelToAbs('index.php?option=com_content&task=view&id=' . $uid . $_itemid);
// message text
$msg = sprintf(_EMAIL_MSG, html_entity_decode($mosConfig_sitename, ENT_QUOTES), $yourname, $youremail, $link);
// mail function
$success = mosMail($youremail, $yourname, $email, $subject, $msg);
if (!$success) {
mosErrorAlert(_EMAIL_ERR_NOINFO);
}
HTML_content::emailSent($email, $template);
} else {
mosNotAuth();
return;
}
}
/**
* Mail function (uses phpMailer)
* @param string From e-mail address
* @param string From name
* @param string/array Recipient e-mail address(es)
* @param string E-mail subject
* @param string Message body
* @param boolean false = plain text, true = HTML
* @param string/array CC e-mail address(es)
* @param string/array BCC e-mail address(es)
* @param string/array Attachment file name(s)
* @param string/array ReplyTo e-mail address(es)
* @param string/array ReplyTo name(s)
* @return boolean
*/
function mosMail($from, $fromname, $recipient, $subject, $body, $mode = 0, $cc = NULL, $bcc = NULL, $attachment = NULL, $replyto = NULL, $replytoname = NULL)
{
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_debug;
// Allow empty $from and $fromname settings (backwards compatibility)
if ($from == '') {
$from = $mosConfig_mailfrom;
}
if ($fromname == '') {
$fromname = $mosConfig_fromname;
}
// Filter from, fromname and subject
if (!JosIsValidEmail($from) || !JosIsValidName($fromname) || !JosIsValidName($subject)) {
return false;
}
$mail = mosCreateMail($from, $fromname, $subject, $body);
// activate HTML formatted emails
if ($mode) {
$mail->IsHTML(true);
}
if (is_array($recipient)) {
foreach ($recipient as $to) {
if (!JosIsValidEmail($to)) {
return false;
}
$mail->AddAddress($to);
}
} else {
if (!JosIsValidEmail($recipient)) {
return false;
}
$mail->AddAddress($recipient);
}
if (isset($cc)) {
if (is_array($cc)) {
foreach ($cc as $to) {
if (!JosIsValidEmail($to)) {
return false;
}
$mail->AddCC($to);
}
} else {
if (!JosIsValidEmail($cc)) {
return false;
}
$mail->AddCC($cc);
}
}
if (isset($bcc)) {
if (is_array($bcc)) {
foreach ($bcc as $to) {
if (!JosIsValidEmail($to)) {
return false;
}
$mail->AddBCC($to);
}
} else {
if (!JosIsValidEmail($bcc)) {
return false;
}
$mail->AddBCC($bcc);
}
}
if ($attachment) {
if (is_array($attachment)) {
foreach ($attachment as $fname) {
$mail->AddAttachment($fname);
}
} else {
$mail->AddAttachment($attachment);
}
}
//Important for being able to use mosMail without spoofing...
if ($replyto) {
if (is_array($replyto)) {
reset($replytoname);
foreach ($replyto as $to) {
$toname = (list($key, $value) = each($replytoname)) ? $value : '';
if (!JosIsValidEmail($to) || !JosIsValidName($toname)) {
return false;
}
$mail->AddReplyTo($to, $toname);
}
} else {
if (!JosIsValidEmail($replyto) || !JosIsValidName($replytoname)) {
return false;
}
$mail->AddReplyTo($replyto, $replytoname);
}
}
$mailssend = $mail->Send();
if ($mosConfig_debug) {
//$mosDebug->message( "Mails send: $mailssend");
}
if ($mail->error_count > 0) {
//$mosDebug->message( "The mail message $fromname <$from> about $subject to $recipient <b>failed</b><br /><pre>$body</pre>", false );
//$mosDebug->message( "Mailer Error: " . $mail->ErrorInfo . "" );
}
return $mailssend;
}
