/** ----------------------------------- /** Bulletin Board /** -----------------------------------*/ function bulletin_board($message = '') { global $LANG, $DB, $OUT, $IN, $LOC, $SESS, $PREFS; $DB->query("UPDATE exp_members SET last_view_bulletins = '" . $LOC->now . "' WHERE member_id = '{$this->member_id}'"); $this->title = $LANG->line('bulletin_board'); $this->crumb = $LANG->line('bulletin_board'); $this->conditionals['bulletins'] = 'n'; $this->conditionals['no_bulletins'] = 'y'; $this->conditionals['paginate'] = 'n'; $this->conditionals['can_post_bulletin'] = $SESS->userdata['can_send_bulletins'] == 'y' ? 'y' : 'n'; $this->single_parts['include']['message'] = $message; $this->conditionals['message'] = $message != '' ? 'y' : 'n'; $this->single_parts['path']['send_bulletin'] = $this->_create_path('send_bulletin'); /** --------------------------------------- /** Retrieve Bulletins /** ---------------------------------------*/ $dql = "SELECT m.screen_name, b.sender_id, b.bulletin_message, b.bulletin_date, b.bulletin_id "; $sql = "FROM exp_member_bulletin_board b, exp_members m\n\t\t\t\t WHERE b.sender_id = m.member_id\n\t\t\t\t AND b.bulletin_group = " . $DB->escape_str($SESS->userdata['group_id']) . "\n\t\t\t\t AND bulletin_date < " . $LOC->now . "\n\t\t\t\t AND \n\t\t\t\t (\n\t\t\t\t \tb.bulletin_expires > " . $LOC->now . "\n\t\t\t\t \tOR\n\t\t\t\t \tb.bulletin_expires = 0\n\t\t\t\t )\n\t\t\t\t ORDER BY b.bulletin_date DESC"; /** ---------------------------------------- /** Run "count" query for pagination /** ----------------------------------------*/ $query = $DB->query("SELECT COUNT(b.bulletin_id) AS count " . $sql); /** ---------------------------------------- /** If No Messages, we say so. /** ----------------------------------------*/ if ($query->row['count'] == 0) { $this->single_parts['include']['bulletins'] = $LANG->line('message_no_bulletins'); $this->return_data = $this->_process_template($this->retrieve_template('bulletin_board')); return; } /** ---------------------------------------- /** Determine Current Page /** ----------------------------------------*/ $row_count = 0; // How many rows shown this far (i.e. offset) if ($this->allegiance == 'user') { $row_count = $this->cur_id; } else { $row_count = $IN->GBL('page', 'GP') === false ? 0 : $IN->GBL('page', 'GP'); } if (!is_numeric($row_count)) { $row_count = 0; } $this->per_page = 5; $current_page = $row_count / $this->per_page + 1; $total_pages = intval($query->row['count'] / $this->per_page); if ($query->row['count'] % $this->per_page) { $total_pages++; } $this->single_parts['include']['page_count'] = $current_page . ' ' . $LANG->line('of') . ' ' . $total_pages; /** ----------------------------- /** Do we need pagination? /** -----------------------------*/ $pager = ''; if ($query->row['count'] > $this->per_page) { if (!class_exists('Paginate')) { require PATH_CORE . 'core.paginate' . EXT; } $PGR = new Paginate(); if ($this->allegiance == 'user') { $PGR->path = $this->base_url . 'bulletin_board/'; } else { $PGR->base_url = $this->base_url . 'bulletin_board'; $PGR->qstr_var = 'page'; } $PGR->total_count = $query->row['count']; $PGR->per_page = $this->per_page; $PGR->cur_page = $row_count; $this->single_parts['include']['pagination_link'] = $PGR->show_links(); $this->conditionals['paginate'] = 'y'; $sql .= " LIMIT " . $row_count . ", " . $this->per_page; } /** ---------------------------------------- /** Create Bulletins /** ----------------------------------------*/ $this->conditionals['bulletins'] = 'y'; $this->conditionals['no_bulletins'] = 'n'; $folder_rows_template = $this->retrieve_template('bulletin'); $i = 0; $r = ''; $censor = FALSE; if ($PREFS->ini('enable_censoring') == 'y' && $PREFS->ini('censored_words') != '') { $censor = TRUE; if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(0); } $query = $DB->query($dql . $sql); if ($query->row['bulletin_date'] != $SESS->userdata['last_bulletin_date']) { $DB->query($DB->update_string('exp_members', array('last_bulletin_date' => $query->row['bulletin_date']), "group_id = '" . $DB->escape_str($SESS->userdata['group_id']) . "'")); } foreach ($query->result as $row) { ++$i; $data = $row; $this->conditionals['can_delete_bulletin'] = ($SESS->userdata['group_id'] == 1 or $row['sender_id'] == $SESS->userdata['member_id']) ? 'y' : 'n'; if ($this->allegiance == 'cp') { $this->single_parts['path']['delete_bulletin'] = $this->_create_path('delete_bulletin', AMP . 'bulletin_id=' . $row['bulletin_id']); } else { $this->single_parts['path']['delete_bulletin'] = $this->_create_path('delete_bulletin') . $row['bulletin_id'] . '/'; } $data['bulletin_message'] = $censor === FALSE ? $data['bulletin_message'] : $TYPE->filter_censored_words($data['bulletin_message']); $data['bulletin_sender'] = $row['screen_name']; $data['bulletin_date'] = $LOC->set_human_time($row['bulletin_date']); $data['style'] = $i % 2 ? 'tableCellTwo' : 'tableCellOne'; $r .= $this->_process_template($folder_rows_template, $data); } $this->single_parts['include']['bulletins'] = $r; /** ---------------------------------------- /** Return the Folder's Contents /** ----------------------------------------*/ $this->return_data = $this->_process_template($this->retrieve_template('bulletin_board')); }
/** ----------------------------- /** Send email /** -----------------------------*/ function send_email() { global $DSP, $DB, $IN, $FNS, $REGX, $LANG, $SESS, $LOC, $PREFS; $debug_msg = ''; /** ----------------------------- /** Are we missing any fields? /** -----------------------------*/ if (!$IN->GBL('from', 'POST') or !$IN->GBL('subject', 'POST') or !$IN->GBL('message', 'POST')) { return $DSP->error_message($LANG->line('empty_form_fields')); } /** ----------------------------- /** Fetch $_POST data /** -----------------------------*/ // We'll turn the $_POST data into variables for simplicity $groups = array(); $list_ids = array(); foreach ($_POST as $key => $val) { if (substr($key, 0, 6) == 'group_') { $groups[] = $val; } elseif (substr($key, 0, 5) == 'list_') { $list_ids[] = $val; } else { ${$key} = stripslashes($val); } } /** ----------------------------- /** Verify privileges /** -----------------------------*/ if (count($groups) > 0 and !$DSP->allowed_group('can_email_member_groups')) { return $DSP->no_access_message($LANG->line('not_allowed_to_email_member_groups')); } if (count($list_ids) > 0 and !$DSP->allowed_group('can_email_mailinglist') and $this->mailinglist_exists == TRUE) { return $DSP->no_access_message($LANG->line('not_allowed_to_email_mailinglist')); } if (count($groups) == 0 and count($list_ids) == 0 and !$IN->GBL('recipient', 'POST')) { return $DSP->error_message($LANG->line('empty_form_fields')); } /** ------------------------------- /** Assign data for caching /** -------------------------------*/ $cache_data = array('cache_id' => '', 'cache_date' => $LOC->now, 'total_sent' => 0, 'from_name' => $name, 'from_email' => $from, 'recipient' => $recipient, 'cc' => $cc, 'bcc' => $bcc, 'recipient_array' => '', 'subject' => $subject, 'message' => $message, 'plaintext_alt' => $plaintext_alt, 'mailtype' => $mailtype, 'text_fmt' => $text_fmt, 'wordwrap' => $wordwrap, 'priority' => $priority); /** --------------------------------------- /** Apply text formatting if necessary /** ---------------------------------------*/ if ($text_fmt != 'none' && $text_fmt != '') { if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(0); $TYPE->parse_smileys = FALSE; $subject = $TYPE->filter_censored_words($subject); $message = $TYPE->parse_type($message, array('text_format' => $text_fmt, 'html_format' => 'all', 'auto_links' => 'n', 'allow_img_url' => 'y')); } /** ----------------------------- /** Send a single email /** -----------------------------*/ if (count($groups) == 0 and count($list_ids) == 0) { require PATH_CORE . 'core.email' . EXT; $to = $recipient == '' ? $SESS->userdata['email'] : $recipient; $email = new EEmail(); $email->wordwrap = $wordwrap == 'y' ? TRUE : FALSE; $email->mailtype = $mailtype; $email->priority = $priority; $email->from($from, $name); $email->to($to); $email->cc($cc); $email->bcc($bcc); $email->subject($subject); $email->message($message, $plaintext_alt); $error = FALSE; if (!$email->Send()) { $error = TRUE; } $debug_msg = $this->debug_message($email->debug_msg); if ($error == TRUE) { return $DSP->error_message($LANG->line('error_sending_email') . $debug_msg, 0); } /** --------------------------------- /** Save cache data /** ---------------------------------*/ $cache_data['total_sent'] = $this->fetch_total($to, $cc, $bcc); $this->save_cache_data($cache_data); /** --------------------------------- /** Show success message /** ---------------------------------*/ $DSP->set_return_data($LANG->line('email_sent'), $DSP->qdiv('defaultPad', $DSP->qdiv('success', $LANG->line('email_sent_message'))) . $debug_msg, $LANG->line('email_sent')); // We're done return; } // Send Multi-emails /** ---------------------------------------- /** Is Batch Mode set? /** ----------------------------------------*/ $batch_mode = $PREFS->ini('email_batchmode'); $batch_size = $PREFS->ini('email_batch_size'); if (!is_numeric($batch_size)) { $batch_mode = 'n'; } $emails = array(); /** --------------------------------- /** Fetch member group emails /** ---------------------------------*/ if (count($groups) > 0) { $sql = "SELECT exp_members.member_id, exp_members.email, exp_members.screen_name \n\t\t\t\t\tFROM exp_members, exp_member_groups\n\t\t\t\t\tWHERE exp_members.group_id = exp_member_groups.group_id \n\t\t\t\t\tAND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "' \n\t\t\t\t\tAND include_in_mailinglists = 'y' "; if (isset($_POST['accept_admin_email'])) { $sql .= "AND exp_members.accept_admin_email = 'y' "; } $sql .= "AND exp_member_groups.group_id IN ("; foreach ($groups as $id) { $sql .= "'" . $DB->escape_str($id) . "',"; } $sql = substr($sql, 0, -1); $sql .= ")"; // Run the query $query = $DB->query($sql); if ($query->num_rows > 0) { foreach ($query->result as $row) { $emails['m' . $row['member_id']] = array($row['email'], $row['screen_name']); } } } /** --------------------------------- /** Fetch mailing list emails /** ---------------------------------*/ $list_templates = array(); if ($this->mailinglist_exists == TRUE) { if (count($list_ids) > 0) { $sql = "SELECT authcode, email, list_id FROM exp_mailing_list WHERE list_id IN ("; foreach ($list_ids as $id) { $sql .= "'" . $DB->escape_str($id) . "',"; // Fetch the template for each list $query = $DB->query("SELECT list_template, list_title FROM exp_mailing_lists WHERE list_id = '" . $DB->escape_str($id) . "'"); $list_templates[$id] = array('list_template' => $query->row['list_template'], 'list_title' => $query->row['list_title']); } $sql = substr($sql, 0, -1); $sql .= ")"; $sql .= " ORDER BY user_id"; $query = $DB->query($sql); // No result? Show error message if ($query->num_rows == 0 && sizeof($emails) == 0) { return $DSP->set_return_data($LANG->line('send_an_email'), $DSP->qdiv('defaultPad', $DSP->qdiv('alert', $LANG->line('no_email_matching_criteria'))), $LANG->line('send_an_email')); } if ($query->num_rows > 0) { foreach ($query->result as $row) { $emails['l' . $row['authcode']] = array($row['email'], $row['list_id']); } } } } /** ---------------------------------------- /** Kill duplicates /** ----------------------------------------*/ $cleaned_emails = array(); foreach ($emails as $key => $value) { if (is_array($value)) { $val = $value['0']; } else { $val = $value; } if (!isset($cleaned_emails[$key])) { $cleaned_emails[$key] = $value; } } $emails = $cleaned_emails; /** ---------------------------------------- /** After all that, do we have any emails? /** ----------------------------------------*/ if (count($emails) == 0 and $recipient == '') { return $DSP->set_return_data($LANG->line('send_an_email'), $DSP->qdiv('defaultPad', $DSP->qdiv('alert', $LANG->line('no_email_matching_criteria'))), $LANG->line('send_an_email')); } /** ---------------------------------------- /** Do we have any CCs or BCCs? /** ----------------------------------------*/ // If so, we'll send those separately first $total_sent = 0; $recips = array(); if ($cc != '' || $bcc != '') { if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $to = $recipient == '' ? $SESS->userdata['email'] : $recipient; $email = new EEmail(); $email->wordwrap = $wordwrap == 'y' ? TRUE : FALSE; $email->mailtype = $mailtype; $email->priority = $priority; $email->from($from, $name); $email->to($to); $email->cc($cc); $email->bcc($bcc); $email->subject($subject); $email->message($message, $plaintext_alt); $error = FALSE; if (!$email->Send()) { $error = TRUE; } $debug_msg = $this->debug_message($email->debug_msg); if ($error == TRUE) { return $DSP->error_message($LANG->line('error_sending_email') . $debug_msg, 0); } $total_sent = $this->fetch_total($to, $cc, $bcc); } else { // No CC/BCCs? Convert recipients to an array so we can include them in the email sending cycle if ($recipient != '') { $recips = $this->convert_recipients($recipient); } } if (count($recips) > 0) { $emails = array_merge($emails, $recips); } // Store email cache $cache_data['recipient_array'] = addslashes(serialize($emails)); $cache_data['total_sent'] = 0; $id = $this->save_cache_data($cache_data, $groups, $list_ids); /** ---------------------------------------- /** If batch-mode is not set, send emails /** ----------------------------------------*/ if (count($emails) <= $batch_size) { $batch_mode = 'n'; } if ($batch_mode == 'n') { $action_id = $FNS->fetch_action_id('Mailinglist', 'unsubscribe'); if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = $wordwrap == 'y' ? TRUE : FALSE; $email->mailtype = $mailtype; $email->priority = $priority; foreach ($emails as $key => $val) { $screen_name = ''; $list_id = FALSE; if (is_array($val) and substr($key, 0, 1) == 'm') { $screen_name = $val['1']; $val = $val['0']; } elseif (is_array($val) and substr($key, 0, 1) == 'l') { $list_id = $val['1']; $val = $val['0']; } $email->initialize(); $email->to($val); $email->from($from, $name); $email->subject($subject); // We need to add the unsubscribe link to emails - but only ones // from the mailing list. When we gathered the email addresses // above, we added one of three prefixes to the array key: // // m = member id // l = mailing list // r = general recipient // Make a copy so we don't mess up the original $msg = $message; $msg_alt = $plaintext_alt; if (substr($key, 0, 1) == 'l') { $msg = $this->parse_template($list_templates[$list_id], $msg, $action_id, substr($key, 1), $mailtype); $msg_alt = $this->parse_template($list_templates[$list_id], $msg_alt, $action_id, substr($key, 1), 'plain'); } $msg = str_replace('{name}', $screen_name, $msg); $msg_alt = str_replace('{name}', $screen_name, $msg_alt); $email->message($msg, $msg_alt); $error = FALSE; if (!$email->Send()) { $error = TRUE; } $debug_msg = $this->debug_message($email->debug_msg); if ($error == TRUE) { // Let's adjust the recipient array up to this point reset($recipient_array); $recipient_array = addslashes(serialize(array_slice($recipient_array, $i))); $DB->query("UPDATE exp_email_cache SET total_sent = '{$total_sent}', recipient_array = '{$recipient_array}' WHERE cache_id = '" . $DB->escape_str($id) . "'"); return $DSP->error_message($LANG->line('error_sending_email') . $debug_msg, 0); } $total_sent++; } /** ---------------------------------------- /** Update email cache /** ----------------------------------------*/ $DB->query("UPDATE exp_email_cache SET total_sent = '{$total_sent}', recipient_array = '' WHERE cache_id = '" . $DB->escape_str($id) . "'"); /** ---------------------------------------- /** Success Mesage /** ----------------------------------------*/ $DSP->set_return_data($LANG->line('email_sent'), $DSP->qdiv('defaultPad', $DSP->qdiv('success', $LANG->line('email_sent_message'))) . $DSP->qdiv('defaultPad', $DSP->qdiv('', $LANG->line('total_emails_sent') . NBS . NBS . $total_sent)) . $debug_msg, $LANG->line('email_sent')); // We're done return; } /** ---------------------------------------- /** Start Batch-Mode /** ----------------------------------------*/ // Turn on "refresh" // By putting the URL in the $DSP->refresh variable we'll tell the // system to write a <meta> refresh header, starting the batch process $DSP->refresh = BASE . AMP . 'C=communicate' . AMP . 'M=batch_send' . AMP . 'id=' . $id; $DSP->ref_rate = 6; // Kill the bread-crumb links, just to keep it away from the user $DSP->show_crumb = FALSE; // Write the initial message, telling the user the batch processor is about to start $r = $DSP->heading(BR . $LANG->line('sending_email')); $r .= $DSP->qdiv('itemWrapper', $LANG->line('batchmode_ready_to_begin')); $r .= $DSP->qdiv('', $DSP->qdiv('alert', $LANG->line('batchmode_warning'))); $DSP->body = $r; }
/** ----------------------------------- /** Send Message /** -----------------------------------*/ function send_message() { global $LANG, $DB, $IN, $LOC, $FNS, $SESS, $REGX, $PREFS; $submission_error = array(); /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if ($SESS->userdata['is_banned'] === TRUE) { return $this->_error_page(); } /** ---------------------------------------- /** Is the IP or User Agent unavalable? /** ----------------------------------------*/ if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == '') { return $this->_error_page(); } /** ------------------------------------- /** Status Setting /** -------------------------------------*/ if ($IN->GBL('preview') or $IN->GBL('remove')) { $status = 'preview'; } elseif ($IN->GBL('draft')) { $status = 'draft'; } else { $status = 'sent'; } /** ------------------------------------- /** Already Sent? /** -------------------------------------*/ if ($IN->GBL('message_id') !== FALSE && is_numeric($IN->GBL('message_id'))) { $query = $DB->query("SELECT message_status FROM exp_message_data WHERE message_id = '" . $DB->escape_str($IN->GBL('message_id')) . "'"); if ($query->num_rows > 0 && $query->row['message_status'] == 'sent') { return $this->_error_page($LANG->line('messsage_already_sent')); } } /* ------------------------------------------- /* Hidden Configuration Variables /* - prv_msg_waiting_period => How many hours after becoming a member until they can PM? /* -------------------------------------------*/ $waiting_period = $PREFS->ini('prv_msg_waiting_period') !== FALSE ? (int) $PREFS->ini('prv_msg_waiting_period') : 1; if ($SESS->userdata['join_date'] > $LOC->now - $waiting_period * 60 * 60) { return $this->_error_page(str_replace(array('%time%', '%email%', '%site%'), array($waiting_period, $FNS->encode_email($PREFS->ini('webmaster_email')), $PREFS->ini('site_name')), $LANG->line('waiting_period_not_reached'))); } /* ------------------------------------------- /* Hidden Configuration Variables /* - prv_msg_throttling_period => How many seconds between PMs? /* -------------------------------------------*/ if ($status == 'sent' && $SESS->userdata['group_id'] != 1) { $period = $PREFS->ini('prv_msg_throttling_period') !== FALSE ? (int) $PREFS->ini('prv_msg_throttling_period') : 30; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . $DB->escape_str($LOC->now - $period)); if ($query->row['count'] > 0) { return $this->_error_page(str_replace('%x', $period, $LANG->line('send_throttle'))); } } /** ------------------------------------------ /** Is there a recipient, subject, and body? /** ------------------------------------------*/ if ($IN->GBL('recipients') == '' && $status == 'sent') { $submission_error[] = $LANG->line('empty_recipients_field'); } elseif ($IN->GBL('subject') == '') { $submission_error[] = $LANG->line('empty_subject_field'); } elseif ($IN->GBL('body') == '') { $submission_error[] = $LANG->line('empty_body_field'); } /** ------------------------------------------- /** Deny Duplicate Data /** -------------------------------------------*/ if ($PREFS->ini('deny_duplicate_data') == 'y') { $query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_body = '" . $DB->escape_str($REGX->xss_clean($IN->GBL('body'))) . "'"); if ($query->row['count'] > 0) { return $this->_error_page($LANG->line('duplicate_message_sent')); } } /** ------------------------------------------ /** Valid Recipients? - Only Checked on Sent /** ------------------------------------------*/ $recipients = $this->convert_recipients($IN->GBL('recipients'), 'array', 'member_id'); $cc = trim($IN->GBL('cc')) == '' ? array() : $this->convert_recipients($IN->GBL('cc'), 'array', 'member_id'); $recip_orig = sizeof($recipients); $cc_orig = sizeof($cc); // Make sure CC does not contain members in Recipients $cc = array_diff($cc, $recipients); if (sizeof($recipients) == 0 && $status == 'sent') { $submission_error[] = $LANG->line('empty_recipients_field'); } if ($this->invalid_name === TRUE) { $submission_error[] = $LANG->line('invalid_username'); } /** ------------------------------------------ /** Too Big for Its Britches? /** ------------------------------------------*/ if ($this->max_chars != 0 && strlen($IN->GBL('body')) > $this->max_chars) { $submission_error[] = str_replace('%max%', $this->max_chars, $LANG->line('message_too_large')); } /** ------------------------------------- /** Super Admins get a free pass /** -------------------------------------*/ if ($SESS->userdata('group_id') != 1) { /** ------------------------------------------ /** Sender Allowed to Send More Messages? /** ------------------------------------------*/ $query = $DB->query("SELECT COUNT(c.copy_id) AS count \n\t\t\t\t\t\t\t\t FROM exp_message_copies c, exp_message_data d\n\t\t\t\t\t\t\t\t WHERE c.message_id = d.message_id\n\t\t\t\t\t\t\t\t AND c.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . ($LOC->now - 24 * 60 * 60)); if ($query->row['count'] + sizeof($recipients) + sizeof($cc) > $this->send_limit) { $submission_error[] = $LANG->line('sending_limit_warning'); } /** ------------------------------------------ /** Sender Allowed to Store More Messages? /** ------------------------------------------*/ if ($this->storage_limit != '0' && ($IN->GBL('sent_copy') !== FALSE && $IN->GBL('sent_copy') == 'y')) { if ($this->total_messages == '') { $this->storage_usage(); } if ($this->total_messages + 1 > $this->storage_limit) { $submission_error[] = $LANG->line('storage_limit_warning'); } } } /** ------------------------------------- /** Upload Path Set? /** -------------------------------------*/ if ($this->upload_path == '' && (isset($_POST['remove']) || isset($_FILES['userfile']['name']) && $_FILES['userfile']['name'] != '')) { $submission_error[] = $LANG->line('unable_to_recieve_attach'); } /** ------------------------------------- /** Attachments? /** -------------------------------------*/ if ($IN->GBL('attach') !== FALSE && $IN->GBL('attach') != '') { $this->attachments = explode('|', $_POST['attach']); } /* ------------------------------------- /* Create Forward Attachments /* /* We have to copy the attachments for /* forwarded messages. We only do this /* when the compose messaage page is first /* submitted. We have a special variable /* called 'create_attach' to tell us when /* that is. /* -------------------------------------*/ if ($this->attach_allowed == 'y' && $this->upload_path != '' && sizeof($this->attachments) > 0 && $IN->GBL('create_attach')) { if (($message = $this->_duplicate_files()) !== TRUE) { $submission_error[] = $message . BR; } } /** ------------------------------------- /** Is this a remove attachment request? /** -------------------------------------*/ if (isset($_POST['remove']) && $this->upload_path != '') { $id = key($_POST['remove']); if (is_numeric($id)) { $this->_remove_attachment($id); // Treat an attachment removal like a draft, where we do not // see the preview only the message. $this->hide_preview = TRUE; } } /** ------------------------------------- /** Do we have an attachment to deal with? /** -------------------------------------*/ if ($this->attach_allowed == 'y') { if ($this->upload_path != '' and isset($_FILES['userfile']['name']) and $_FILES['userfile']['name'] != '') { $preview = $IN->GBL('preview', 'POST') !== FALSE ? TRUE : FALSE; if (($message = $this->_attach_file()) !== TRUE) { $submission_error[] = $message . BR; } } } /** ----------------------------------- /** Check Overflow /** -----------------------------------*/ $details = array(); $details['overflow_recipients'] = array(); $details['overflow_cc'] = array(); for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) { if ($this->_check_overflow($recipients[$i]) === FALSE) { $details['overflow_recipients'][] = $recipients[$i]; unset($recipients[$i]); } } for ($i = 0, $size = sizeof($cc); $i < $size; $i++) { if ($this->_check_overflow($cc[$i]) === FALSE) { $details['overflow_cc'][] = $cc[$i]; unset($cc[$i]); } } /* ------------------------------------------------- /* If we have people unable to receive a message /* because of an overflow we make the message a /* preview and will send a message to the sender. /* -------------------------------------*/ if (sizeof($details['overflow_recipients']) > 0 or sizeof($details['overflow_cc']) > 0) { sort($recipients); sort($cc); $overflow_names = array(); /* ------------------------------------- /* Send email alert regarding a full /* inbox to these users, load names /* for error message /* -------------------------------------*/ global $PREFS; $query = $DB->query("SELECT exp_members.screen_name, exp_members.email, exp_members.accept_messages, exp_member_groups.prv_msg_storage_limit\n\t\t\t\t\t\t\t\t FROM exp_members\n\t\t\t\t\t\t\t\t LEFT JOIN exp_member_groups ON exp_member_groups.group_id = exp_members.group_id\n\t\t\t\t\t\t\t\t WHERE exp_members.member_id IN ('" . implode("','", array_merge($details['overflow_recipients'], $details['overflow_cc'])) . "')\n\t\t\t\t\t\t\t\t AND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'"); if ($query->num_rows > 0) { if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $swap = array('sender_name' => $SESS->userdata('screen_name'), 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url')); $template = $FNS->fetch_email_template('pm_inbox_full'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); foreach ($query->result as $row) { $overflow_names[] = $row['screen_name']; if ($row['accept_messages'] != 'y') { continue; } $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($row['email']); $email->subject($email_tit); $email->message($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name'], 'pm_storage_limit' => $row['prv_msg_storage_limit']))); $email->Send(); } } $submission_error[] = str_replace('%overflow_names%', implode(', ', $overflow_names), $LANG->line('overflow_recipients')); } /** ---------------------------------------- /** Submission Errors Force a Preview /** ----------------------------------------*/ if (sizeof($submission_error) > 0) { $status = 'preview'; $this->hide_preview = TRUE; $this->invalid_name = FALSE; } /* ------------------------------------- /* Check Blocked on Sent /* /* If a message is blocked, we will not notify /* the sender of this and simply proceed. /* -------------------------------------*/ if ($status == 'sent') { $sql = "SELECT member_id FROM exp_message_listed\n\t\t\t\t\tWHERE listed_type = 'blocked'\n\t\t\t\t\tAND listed_member = '{$this->member_id}'\n\t\t\t\t\tAND \n\t\t\t\t\t(\n\t\t\t\t\tmember_id IN ('" . implode("','", $recipients) . "')"; if (sizeof($cc) > 0) { $sql .= "OR\n\t\t\t\t\t\t member_id IN ('" . implode("','", $cc) . "')"; } $sql .= ")"; $blocked = $DB->query($sql); if ($blocked->num_rows > 0) { foreach ($blocked->result as $row) { $details['blocked'][] = $row['member_id']; } $recipients = array_diff($recipients, $details['blocked']); $cc = sizeof($cc) > 0 ? array_diff($cc, $details['blocked']) : array(); sort($recipients); sort($cc); } } /** ------------------------------------- /** Store Data /** -------------------------------------*/ $data = array('message_id' => '', 'sender_id' => $this->member_id, 'message_date' => $LOC->now, 'message_subject' => $REGX->xss_clean($IN->GBL('subject')), 'message_body' => $REGX->xss_clean($IN->GBL('body')), 'message_tracking' => !$IN->GBL('tracking') ? 'n' : 'y', 'message_attachments' => sizeof($this->attachments) > 0 ? 'y' : 'n', 'message_recipients' => implode('|', $recipients), 'message_cc' => implode('|', $cc), 'message_hide_cc' => !$IN->GBL('hide_cc') ? 'n' : 'y', 'message_sent_copy' => !$IN->GBL('sent_copy') ? 'n' : 'y', 'total_recipients' => sizeof($recipients) + sizeof($cc), 'message_status' => $status); if ($IN->GBL('message_id') && is_numeric($IN->GBL('message_id'))) { /* ------------------------------------- /* Preview or Draft previously submitted. /* So, we're updating an already existing message /* -------------------------------------*/ $message_id = $IN->GBL('message_id'); unset($data['message_id']); $DB->query($DB->update_string('exp_message_data', $data, "message_id = '" . $DB->escape_str($message_id) . "'")); } else { $DB->query($DB->insert_string('exp_message_data', $data)); $message_id = $DB->insert_id; } /** ----------------------------------------- /** Send out Messages to Recipients and CC /** -----------------------------------------*/ if ($status == 'sent') { $copy_data = array('copy_id' => '', 'message_id' => $message_id, 'sender_id' => $this->member_id); /** ----------------------------------------- /** Send out Messages to Recipients and CC /** -----------------------------------------*/ for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) { $copy_data['recipient_id'] = $recipients[$i]; $copy_data['message_authcode'] = $FNS->random('alpha', 10); $DB->query($DB->insert_string('exp_message_copies', $copy_data)); } for ($i = 0, $size = sizeof($cc); $i < $size; $i++) { $copy_data['recipient_id'] = $cc[$i]; $copy_data['message_authcode'] = $FNS->random('alpha', 10); $DB->query($DB->insert_string('exp_message_copies', $copy_data)); } /** ---------------------------------- /** Increment exp_members.private_messages /** ----------------------------------*/ $DB->query("UPDATE exp_members SET private_messages = private_messages + 1\n\t\t\t\t\t\tWHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')"); /** ---------------------------------- /** Send Any and All Email Notifications /** ----------------------------------*/ $query = $DB->query("SELECT screen_name, email FROM exp_members\n\t\t\t\t\t\t\t\t WHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')\n\t\t\t\t\t\t\t\t AND notify_of_pm = 'y'\n\t\t\t\t\t\t\t\t AND member_id != {$this->member_id}"); if ($query->num_rows > 0) { global $PREFS; if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(0); $TYPE->smileys = FALSE; $TYPE->highlight_code = TRUE; if ($PREFS->ini('enable_censoring') == 'y' && $PREFS->ini('censored_words') != '') { $subject = $TYPE->filter_censored_words($REGX->xss_clean($IN->GBL('subject'))); } else { $subject = $REGX->xss_clean($IN->GBL('subject')); } $body = $TYPE->parse_type(stripslashes($REGX->xss_clean($IN->GBL('body'))), array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $swap = array('sender_name' => $SESS->userdata('screen_name'), 'message_subject' => $subject, 'message_content' => $body, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url')); $template = $FNS->fetch_email_template('private_message_notification'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); foreach ($query->result as $row) { $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($row['email']); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name'])))); $email->Send(); } } } /** ------------------------------------- /** Sent Copy? /** -------------------------------------*/ if ($status == 'sent' && $data['message_sent_copy'] == 'y') { $copy_data['recipient_id'] = $this->member_id; $copy_data['message_authcode'] = $FNS->random('alpha', 10); $copy_data['message_folder'] = '2'; // Sent Message Folder $copy_data['message_read'] = 'y'; // Already read automatically $DB->query($DB->insert_string('exp_message_copies', $copy_data)); } /** ------------------------------------- /** Replying or Forwarding? /** -------------------------------------*/ if ($status == 'sent' && ($IN->GBL('replying') !== FALSE or $IN->GBL('forwarding') !== FALSE)) { $copy_id = $IN->GBL('replying') !== FALSE ? $IN->GBL('replying') : $IN->GBL('forwarding'); $status = $IN->GBL('replying') !== FALSE ? 'replied' : 'forwarded'; $DB->query("UPDATE exp_message_copies SET message_status = '{$status}' WHERE copy_id = '{$copy_id}'"); } /** ------------------------------------- /** Correct Member ID for Attachments /** -------------------------------------*/ if (sizeof($this->attachments) > 0) { $DB->query("UPDATE exp_message_attachments SET message_id = '{$message_id}' \n\t\t\t\t\t\tWHERE attachment_id IN ('" . implode("','", $this->attachments) . "')"); } /** ------------------------------------- /** Remove Temp Status for Attachments /** -------------------------------------*/ if ($status == 'sent') { $DB->query("UPDATE exp_message_attachments SET is_temp = 'n' WHERE message_id = '{$message_id}'"); } /** ------------------------------------- /** Redirect Them /** -------------------------------------*/ if ($status == 'preview') { return $this->compose($message_id, $submission_error); } elseif ($status == 'draft') { $this->drafts(); } else { $FNS->redirect($this->_create_path('inbox')); } }