function lovd_mailNewColleagues($sUserID, $sUserFullname, $sUserInstitute, $sUserEmail, $aNewColleagues) { // Send an email to users with an ID in $aNewColleagues, letting them know // the user denoted by $sUserID has shared access to his data with them. require_once ROOT_PATH . 'inc-lib-form.php'; global $_DB, $_SETT, $_AUTH; if (!is_array($aNewColleagues) || !$aNewColleagues) { // Nothing to be done. return false; } // Fetch names/email addresses for new colleagues. $sPlaceholders = '(?' . str_repeat(',?', count($aNewColleagues) - 1) . ')'; $sColleagueQuery = 'SELECT id, name, institute, email FROM ' . TABLE_USERS . ' WHERE id IN ' . $sPlaceholders; $zColleagues = $_DB->query($sColleagueQuery, $aNewColleagues)->fetchAllAssoc(); $sApplicationURL = lovd_getInstallURL(); $sGranterFullname = $_AUTH['name']; $sGranterInstitute = $_AUTH['institute']; $aGranterEmails = explode("\r\n", $_AUTH['email']); $sGranterEmail = isset($aGranterEmails[0]) ? $aGranterEmails[0] : ''; if ($sUserID == $_AUTH['id']) { // User who is granting permissions is the same as who's data is being shared. $sResourceDescription = 'their data'; } else { // Somebody else (e.g. a manager) is granting access to someone else's data. $sResourceDescription = 'data of ' . $sUserFullname . ' (' . $sUserInstitute . ')'; // Send notification email to the one who's data is being shared. $aSharerEmails = explode("\r\n", $sUserEmail); $sSharerEmail = isset($aSharerEmails[0]) ? $aSharerEmails[0] : ''; $aRecipients = array(); foreach ($zColleagues as $zColleague) { $aRecipients[] = '* ' . $zColleague['name'] . ' (' . $zColleague['institute'] . ')'; } $sRecipients = join("\n", $aRecipients); $sSharerAccountURL = $sApplicationURL . 'users/' . $sUserID; $sSharerMailbody = sprintf(EMAIL_SHARER_NEW_COLLEAGUE, $sUserFullname, $_AUTH['name'], $_AUTH['institute'], $sGranterEmail, $sRecipients, $sSharerAccountURL); lovd_sendMail(array(array($sUserFullname, $sSharerEmail)), 'LOVD access sharing', $sSharerMailbody, $_SETT['email_headers'], false, false); } // Now loop through new colleagues to send them all one email. foreach ($zColleagues as $zColleague) { $sRecipientAccountURL = $sApplicationURL . 'users/' . $zColleague['id']; // Setup mail text and fill placeholders. $sMailBody = sprintf(EMAIL_NEW_COLLEAGUE, $zColleague['name'], $sApplicationURL, $sGranterFullname, $sGranterInstitute, $sGranterEmail, $sResourceDescription, $sRecipientAccountURL); // Note: email field is new-line separated list of email addresses. lovd_sendMail(array(array($zColleague['name'], $zColleague['email'])), 'LOVD access sharing', $sMailBody, $_SETT['email_headers'], false, false); } }
$aTo = array(array($zData['name'], $zData['email'])); $sMessage = 'Dear ' . $zData['name'] . ',' . "\n\n" . 'Your password from your LOVD account has been reset, as requested. Your new, randomly generated, password can be found below. Please log in to LOVD and choose a new password.' . "\n\n" . 'Below is a copy of your updated account information.' . "\n\n" . 'If you did not request a new password, you can disregard this message. Your old password will continue to function normally. However, you may then want to report this email to the Database administrator ' . $_SETT['admin']['name'] . ', email: ' . $_SETT['admin']['email'] . ', who can investigate possible misuse of the system.' . "\n\n"; // Add the location of the database, so that the user can just click the link. if ($_CONF['location_url']) { $sMessage .= 'To log in to LOVD, click this link:' . "\n" . $_CONF['location_url'] . 'login' . "\n\n"; } $sMessage .= 'Regards,' . "\n" . ' LOVD ' . $_SETT['system']['version'] . ' system at ' . $_CONF['institute'] . "\n\n"; // Array containing the unlock code field. $a['password_autogen'] = $sPasswd; $aMailFields = array('a', 'password_autogen' => 'New password / unlocking code'); $aBody = array($sMessage, 'restore_password' => $aMailFields); $sBody = lovd_formatMail($aBody); $sSubject = 'LOVD password reset'; // Don't just change this; lovd_sendMail() is parsing it. // Send mail. $bMail = lovd_sendMail($aTo, $sSubject, $sBody, $_SETT['email_headers'], true, $_CONF['send_admin_submissions']); // Thank the user... $_T->printHeader(); $_T->printTitle(); if ($bMail) { print ' Successfully reset your password.<BR>' . "\n" . ' We\'ve sent you an email containing your new password. With this new password, you can <A href="' . ROOT_PATH . 'login.php">unlock your account</A> and choose a new password.<BR><BR>' . "\n\n"; } else { // Couldn't send confirmation... lovd_writeLog('Error', LOG_EVENT, 'Error sending email for account ' . $_AUTH['username'] . ' (' . $zData['name'] . ')'); print ' Due to an error, we couldn\'t send you an email containing your new password. Our apologies for the inconvenience.<BR><BR>' . "\n\n"; } $_T->printFooter(); exit; } else { unset($_POST['username']); lovd_writeLog('Auth', LOG_EVENT, $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') tried to reset password for denied account ' . $_POST['username']);
function lovd_sendMail($aTo, $sSubject, $sBody, $sHeaders, $bHalt = true, $bFwdAdmin = true, $aCc = array(), $aBcc = array()) { // Format: // $aTo, $aCc, $aBcc = array( // array('Name', "Email\r\nEmail\r\nEmail"), // array('Name', "Email\r\nEmail") // ); global $_SETT, $_CONF; $aEmailsUsed = array(); // Make sure no email address is used more than once. $sTo = lovd_sendMailFormatAddresses($aTo, $aEmailsUsed); $sCc = lovd_sendMailFormatAddresses($aCc, $aEmailsUsed); $sBcc = lovd_sendMailFormatAddresses($aBcc, $aEmailsUsed); // 2013-02-06; 3.0-02; Fix for MIME emails that have long lines in the MIME headers. // Lines that are not to be wrapped will have their spaces (and other characters lovd_wrapText() // responds to) replaced with something else; then the body is wrapped, and then the spaces are replaced back in. $sBody = preg_replace_callback('/^(Content-(Type|Description):.+)/im', function ($aRegs) { return str_replace(array(' ', '-', ',', ':', ';'), array('{{SPACE}}', '{{HYPHEN}}', '{{COMMA}}', '{{COLON}}', '{{SEMICOLON}}'), $aRegs[1]); }, $sBody); // Normal message body wrapping, which now cannot wrap the headers anymore... $sBody = lovd_wrapText($sBody); // Now, let's restore what we replaced. $sBody = preg_replace_callback('/^(Content{{HYPHEN}}(Type|Description){{COLON}}.+)/im', function ($aRegs) { return str_replace(array('{{SPACE}}', '{{HYPHEN}}', '{{COMMA}}', '{{COLON}}', '{{SEMICOLON}}'), array(' ', '-', ',', ':', ';'), $aRegs[1]); }, $sBody); $sHeaders = $sHeaders . (!empty($sCc) ? PHP_EOL . 'Cc: ' . $sCc : '') . (!empty($sBcc) ? PHP_EOL . 'Bcc: ' . $sBcc : ''); // 2013-08-26; 3.0-08; Encode the subject as well. Prefixing with "Subject: " to make sure the first line including the SMTP header does not exceed the 76 chars. $sSubjectEncoded = substr(mb_encode_mimeheader('Subject: ' . $sSubject, 'UTF-8'), 9); $bSafeMode = ini_get('safe_mode'); if (!$bSafeMode) { $bMail = @mail($sTo, $sSubjectEncoded, $sBody, $sHeaders, '-f ' . $_CONF['email_address']); } else { $bMail = @mail($sTo, $sSubjectEncoded, $sBody, $sHeaders); } if ($bMail && $bFwdAdmin) { $sBody = preg_replace('/^(Password[\\s*]+: ).+/m', "\$1" . '<password hidden>', $sBody); $sBody = 'Dear ' . $_SETT['admin']['name'] . ",\n\n" . 'As requested, a copy of the message I\'ve just sent.' . "\n\n" . str_repeat('-', 25) . ' Forwarded Message ' . str_repeat('-', 25) . "\n\n" . rtrim($sBody) . "\n\n" . str_repeat('-', 22) . ' End of Forwarded Message ' . str_repeat('-', 22) . "\n"; // The admin should have a proper Reply-to header. $sAdditionalHeaders = ''; if (in_array($sSubject, array('LOVD account registration', 'LOVD password reset'))) { // Reply-to should be original addressees. $sAdditionalHeaders .= 'Reply-To: ' . $sTo; } elseif (strpos($sSubject, 'LOVD submission') === 0) { // Reply-to should be submitter. $sAdditionalHeaders .= 'Reply-To: ' . $sCc; } $sSubject = 'FW: ' . $sSubject; // 2013-08-26; 3.0-08; Encode the subject as well. Prefixing with "Subject: " to make sure the first line including the SMTP header does not exceed the 76 chars. $sSubjectEncoded = substr(mb_encode_mimeheader('Subject: ' . $sSubject, 'UTF-8'), 9); return lovd_sendMail(array($_SETT['admin']), $sSubjectEncoded, $sBody, $_SETT['email_headers'] . ($sAdditionalHeaders ? PHP_EOL . $sAdditionalHeaders : ''), $bHalt, false); } elseif (!$bMail) { // $sSubject is used here as it can always be used to describe the email type. This function also logs the email error. lovd_emailError(LOG_EVENT, $sSubject, $sTo, $bHalt); } return $bMail; }