function lovd_mailNewColleagues($sUserID, $sUserFullname, $sUserInstitute, $sUserEmail, $aNewColleagues)
{
// Send an email to users with an ID in $aNewColleagues, letting them know
// the user denoted by $sUserID has shared access to his data with them.
require_once ROOT_PATH . 'inc-lib-form.php';
global $_DB, $_SETT, $_AUTH;
if (!is_array($aNewColleagues) || !$aNewColleagues) {
// Nothing to be done.
return false;
}
// Fetch names/email addresses for new colleagues.
$sPlaceholders = '(?' . str_repeat(',?', count($aNewColleagues) - 1) . ')';
$sColleagueQuery = 'SELECT id, name, institute, email FROM ' . TABLE_USERS . ' WHERE id IN ' . $sPlaceholders;
$zColleagues = $_DB->query($sColleagueQuery, $aNewColleagues)->fetchAllAssoc();
$sApplicationURL = lovd_getInstallURL();
$sGranterFullname = $_AUTH['name'];
$sGranterInstitute = $_AUTH['institute'];
$aGranterEmails = explode("\r\n", $_AUTH['email']);
$sGranterEmail = isset($aGranterEmails[0]) ? $aGranterEmails[0] : '';
if ($sUserID == $_AUTH['id']) {
// User who is granting permissions is the same as who's data is being shared.
$sResourceDescription = 'their data';
} else {
// Somebody else (e.g. a manager) is granting access to someone else's data.
$sResourceDescription = 'data of ' . $sUserFullname . ' (' . $sUserInstitute . ')';
// Send notification email to the one who's data is being shared.
$aSharerEmails = explode("\r\n", $sUserEmail);
$sSharerEmail = isset($aSharerEmails[0]) ? $aSharerEmails[0] : '';
$aRecipients = array();
foreach ($zColleagues as $zColleague) {
$aRecipients[] = '* ' . $zColleague['name'] . ' (' . $zColleague['institute'] . ')';
}
$sRecipients = join("\n", $aRecipients);
$sSharerAccountURL = $sApplicationURL . 'users/' . $sUserID;
$sSharerMailbody = sprintf(EMAIL_SHARER_NEW_COLLEAGUE, $sUserFullname, $_AUTH['name'], $_AUTH['institute'], $sGranterEmail, $sRecipients, $sSharerAccountURL);
lovd_sendMail(array(array($sUserFullname, $sSharerEmail)), 'LOVD access sharing', $sSharerMailbody, $_SETT['email_headers'], false, false);
}
// Now loop through new colleagues to send them all one email.
foreach ($zColleagues as $zColleague) {
$sRecipientAccountURL = $sApplicationURL . 'users/' . $zColleague['id'];
// Setup mail text and fill placeholders.
$sMailBody = sprintf(EMAIL_NEW_COLLEAGUE, $zColleague['name'], $sApplicationURL, $sGranterFullname, $sGranterInstitute, $sGranterEmail, $sResourceDescription, $sRecipientAccountURL);
// Note: email field is new-line separated list of email addresses.
lovd_sendMail(array(array($zColleague['name'], $zColleague['email'])), 'LOVD access sharing', $sMailBody, $_SETT['email_headers'], false, false);
}
}
$aTo = array(array($zData['name'], $zData['email']));
$sMessage = 'Dear ' . $zData['name'] . ',' . "\n\n" . 'Your password from your LOVD account has been reset, as requested. Your new, randomly generated, password can be found below. Please log in to LOVD and choose a new password.' . "\n\n" . 'Below is a copy of your updated account information.' . "\n\n" . 'If you did not request a new password, you can disregard this message. Your old password will continue to function normally. However, you may then want to report this email to the Database administrator ' . $_SETT['admin']['name'] . ', email: ' . $_SETT['admin']['email'] . ', who can investigate possible misuse of the system.' . "\n\n";
// Add the location of the database, so that the user can just click the link.
if ($_CONF['location_url']) {
$sMessage .= 'To log in to LOVD, click this link:' . "\n" . $_CONF['location_url'] . 'login' . "\n\n";
}
$sMessage .= 'Regards,' . "\n" . ' LOVD ' . $_SETT['system']['version'] . ' system at ' . $_CONF['institute'] . "\n\n";
// Array containing the unlock code field.
$a['password_autogen'] = $sPasswd;
$aMailFields = array('a', 'password_autogen' => 'New password / unlocking code');
$aBody = array($sMessage, 'restore_password' => $aMailFields);
$sBody = lovd_formatMail($aBody);
$sSubject = 'LOVD password reset';
// Don't just change this; lovd_sendMail() is parsing it.
// Send mail.
$bMail = lovd_sendMail($aTo, $sSubject, $sBody, $_SETT['email_headers'], true, $_CONF['send_admin_submissions']);
// Thank the user...
$_T->printHeader();
$_T->printTitle();
if ($bMail) {
print ' Successfully reset your password.<BR>' . "\n" . ' We\'ve sent you an email containing your new password. With this new password, you can <A href="' . ROOT_PATH . 'login.php">unlock your account</A> and choose a new password.<BR><BR>' . "\n\n";
} else {
// Couldn't send confirmation...
lovd_writeLog('Error', LOG_EVENT, 'Error sending email for account ' . $_AUTH['username'] . ' (' . $zData['name'] . ')');
print ' Due to an error, we couldn\'t send you an email containing your new password. Our apologies for the inconvenience.<BR><BR>' . "\n\n";
}
$_T->printFooter();
exit;
} else {
unset($_POST['username']);
lovd_writeLog('Auth', LOG_EVENT, $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried to reset password for denied account ' . $_POST['username']);
function lovd_sendMail($aTo, $sSubject, $sBody, $sHeaders, $bHalt = true, $bFwdAdmin = true, $aCc = array(), $aBcc = array())
{
// Format:
// $aTo, $aCc, $aBcc = array(
// array('Name', "Email\r\nEmail\r\nEmail"),
// array('Name', "Email\r\nEmail")
// );
global $_SETT, $_CONF;
$aEmailsUsed = array();
// Make sure no email address is used more than once.
$sTo = lovd_sendMailFormatAddresses($aTo, $aEmailsUsed);
$sCc = lovd_sendMailFormatAddresses($aCc, $aEmailsUsed);
$sBcc = lovd_sendMailFormatAddresses($aBcc, $aEmailsUsed);
// 2013-02-06; 3.0-02; Fix for MIME emails that have long lines in the MIME headers.
// Lines that are not to be wrapped will have their spaces (and other characters lovd_wrapText()
// responds to) replaced with something else; then the body is wrapped, and then the spaces are replaced back in.
$sBody = preg_replace_callback('/^(Content-(Type|Description):.+)/im', function ($aRegs) {
return str_replace(array(' ', '-', ',', ':', ';'), array('{{SPACE}}', '{{HYPHEN}}', '{{COMMA}}', '{{COLON}}', '{{SEMICOLON}}'), $aRegs[1]);
}, $sBody);
// Normal message body wrapping, which now cannot wrap the headers anymore...
$sBody = lovd_wrapText($sBody);
// Now, let's restore what we replaced.
$sBody = preg_replace_callback('/^(Content{{HYPHEN}}(Type|Description){{COLON}}.+)/im', function ($aRegs) {
return str_replace(array('{{SPACE}}', '{{HYPHEN}}', '{{COMMA}}', '{{COLON}}', '{{SEMICOLON}}'), array(' ', '-', ',', ':', ';'), $aRegs[1]);
}, $sBody);
$sHeaders = $sHeaders . (!empty($sCc) ? PHP_EOL . 'Cc: ' . $sCc : '') . (!empty($sBcc) ? PHP_EOL . 'Bcc: ' . $sBcc : '');
// 2013-08-26; 3.0-08; Encode the subject as well. Prefixing with "Subject: " to make sure the first line including the SMTP header does not exceed the 76 chars.
$sSubjectEncoded = substr(mb_encode_mimeheader('Subject: ' . $sSubject, 'UTF-8'), 9);
$bSafeMode = ini_get('safe_mode');
if (!$bSafeMode) {
$bMail = @mail($sTo, $sSubjectEncoded, $sBody, $sHeaders, '-f ' . $_CONF['email_address']);
} else {
$bMail = @mail($sTo, $sSubjectEncoded, $sBody, $sHeaders);
}
if ($bMail && $bFwdAdmin) {
$sBody = preg_replace('/^(Password[\\s*]+: ).+/m', "\$1" . '<password hidden>', $sBody);
$sBody = 'Dear ' . $_SETT['admin']['name'] . ",\n\n" . 'As requested, a copy of the message I\'ve just sent.' . "\n\n" . str_repeat('-', 25) . ' Forwarded Message ' . str_repeat('-', 25) . "\n\n" . rtrim($sBody) . "\n\n" . str_repeat('-', 22) . ' End of Forwarded Message ' . str_repeat('-', 22) . "\n";
// The admin should have a proper Reply-to header.
$sAdditionalHeaders = '';
if (in_array($sSubject, array('LOVD account registration', 'LOVD password reset'))) {
// Reply-to should be original addressees.
$sAdditionalHeaders .= 'Reply-To: ' . $sTo;
} elseif (strpos($sSubject, 'LOVD submission') === 0) {
// Reply-to should be submitter.
$sAdditionalHeaders .= 'Reply-To: ' . $sCc;
}
$sSubject = 'FW: ' . $sSubject;
// 2013-08-26; 3.0-08; Encode the subject as well. Prefixing with "Subject: " to make sure the first line including the SMTP header does not exceed the 76 chars.
$sSubjectEncoded = substr(mb_encode_mimeheader('Subject: ' . $sSubject, 'UTF-8'), 9);
return lovd_sendMail(array($_SETT['admin']), $sSubjectEncoded, $sBody, $_SETT['email_headers'] . ($sAdditionalHeaders ? PHP_EOL . $sAdditionalHeaders : ''), $bHalt, false);
} elseif (!$bMail) {
// $sSubject is used here as it can always be used to describe the email type. This function also logs the email error.
lovd_emailError(LOG_EVENT, $sSubject, $sTo, $bHalt);
}
return $bMail;
}
