/**
* New Topic posting controller, reads, parses, checks and posts a new topic
*
* What it does:
* - New topics do not have security keys in them so they are subject to spoofing
* - It must be from the email of a registered user
* - It must have been sent to an email ID that has been set to post new topics
* - Accessed through emailtopic.
*
* @param string|null $data used to supply a full body+headers email
*/
public function action_pbe_topic($data = null)
{
global $modSettings, $user_info, $maintenance;
// The function is not even on ...
if (empty($modSettings['maillist_enabled'])) {
return;
}
// Our mail parser and our main subs
require_once SUBSDIR . '/EmailParse.class.php';
require_once SUBSDIR . '/Emailpost.subs.php';
// Init
loadLanguage('Maillist');
setMemoryLimit('256M');
// Get the data from one of our sources
$email_message = new Email_Parse();
$email_message->read_data($data, BOARDDIR);
if (!$email_message->raw_message) {
return false;
}
// Parse the header and some needed details
$email_message->read_email(true, $email_message->raw_message);
$email_message->load_address();
// No key for this, so set some blanks for the error function (if needed)
$email_message->message_type = 'x';
$email_message->message_key_id = '';
$email_message->message_id = 0;
// If the feature is on but the post/pm function is not enabled, just log the message.
if (empty($modSettings['pbe_post_enabled'])) {
return pbe_emailError('error_email_notenabled', $email_message);
}
// Load the user from the database based on the sending email address
$email_message->email['from'] = !empty($email_message->email['from']) ? strtolower($email_message->email['from']) : '';
$pbe = query_load_user_info($email_message->email['from']);
// Can't find this email as one of our users?
if (empty($pbe)) {
return pbe_emailError('error_not_find_member', $email_message);
}
// Getting hammy with it?
if ($email_message->load_spam()) {
return pbe_emailError('error_found_spam', $email_message);
}
// The board that this email address corresponds to
$board_number = pbe_find_board_number($email_message);
if (empty($board_number)) {
return pbe_emailError('error_not_find_board', $email_message);
}
// In maintenance mode so just save it for the moderators to deal with
if (!empty($maintenance) && $maintenance !== 2 && !$pbe['user_info']['is_admin'] && !$user_info['is_admin']) {
return pbe_emailError('error_in_maintenance_mode', $email_message);
}
// Any additional spam / security checking
call_integration_hook('integrate_mailist_checks_before', array($email_message, $pbe));
// To post a NEW topic, we need some board details for where it goes
$board_info = query_load_board_details($board_number, $pbe);
if (empty($board_info)) {
return pbe_emailError('error_board_gone', $email_message);
}
// Load up this users permissions for that board
query_load_permissions('board', $pbe, $board_info);
// Account for any moderation they may be under
pbe_check_moderation($pbe);
// Create the topic, send notifications
return pbe_create_topic($pbe, $email_message, $board_info);
}
/**
* Loads up the vital user information given an email address
*
* - Similar to loadMemberData, loadPermissions, loadUserSettings, but only loads a
* subset of that data, enough to validate that a user can make a post to a given board.
* - Done this way to avoid over-writting user_info etc for those who are running
* this function (on behalf of the email owner, simliar to profile views etc)
*
* Sets:
* - pbe['profile']
* - pbe['profile']['options']
* - pbe['user_info']
* - pbe['user_info']['permissions']
* - pbe['user_info']['groups']
*
* @package Maillist
* @param string $email
*/
function query_load_user_info($email)
{
global $user_profile, $modSettings, $language;
$db = database();
if (empty($email)) {
return false;
}
// Find the user who owns this email address
$request = $db->query('', '
SELECT
id_member
FROM {db_prefix}members
WHERE email_address = {string:email}
AND is_activated = {int:act}
LIMIT 1', array('email' => $email, 'act' => 1));
list($id_member) = $db->fetch_row($request);
$db->free_result($request);
// No user found ... back we go
if (empty($id_member)) {
return false;
}
// Load the users profile information
$pbe = array();
if (loadMemberData($id_member, false, 'profile')) {
$pbe['profile'] = $user_profile[$id_member];
// Load in *some* user_info data just like loadUserSettings would do
if (empty($pbe['profile']['additional_groups'])) {
$pbe['user_info']['groups'] = array($pbe['profile']['id_group'], $pbe['profile']['id_post_group']);
} else {
$pbe['user_info']['groups'] = array_merge(array($pbe['profile']['id_group'], $pbe['profile']['id_post_group']), explode(',', $pbe['profile']['additional_groups']));
}
// Clean up the groups
foreach ($pbe['user_info']['groups'] as $k => $v) {
$pbe['user_info']['groups'][$k] = (int) $v;
}
$pbe['user_info']['groups'] = array_unique($pbe['user_info']['groups']);
// Load the user's general permissions....
query_load_permissions('general', $pbe);
// Set the moderation warning level
$pbe['user_info']['warning'] = isset($pbe['profile']['warning']) ? $pbe['profile']['warning'] : 0;
// Work out our query_see_board string for security
if (in_array(1, $pbe['user_info']['groups'])) {
$pbe['user_info']['query_see_board'] = '1=1';
} else {
$pbe['user_info']['query_see_board'] = '((FIND_IN_SET(' . implode(', b.member_groups) != 0 OR FIND_IN_SET(', $pbe['user_info']['groups']) . ', b.member_groups) != 0)' . (!empty($modSettings['deny_boards_access']) ? ' AND (FIND_IN_SET(' . implode(', b.deny_member_groups) = 0 AND FIND_IN_SET(', $pbe['user_info']['groups']) . ', b.deny_member_groups) = 0)' : '') . ')';
}
// Set some convenience items
$pbe['user_info']['is_admin'] = in_array(1, $pbe['user_info']['groups']) ? 1 : 0;
$pbe['user_info']['id'] = $id_member;
$pbe['user_info']['username'] = isset($pbe['profile']['member_name']) ? $pbe['profile']['member_name'] : '';
$pbe['user_info']['name'] = isset($pbe['profile']['real_name']) ? $pbe['profile']['real_name'] : '';
$pbe['user_info']['email'] = isset($pbe['profile']['email_address']) ? $pbe['profile']['email_address'] : '';
$pbe['user_info']['language'] = empty($pbe['profile']['lngfile']) || empty($modSettings['userLanguage']) ? $language : $pbe['profile']['lngfile'];
}
return !empty($pbe) ? $pbe : false;
}
