/** * Send an mail to the mailing list. We also attempt to intercept any form injection * attacks by slime ball spammers. Returns error message if send failure. * * @param string $subject The subject of the email. * @param string $message The message contents of the email. * @param array $email_list a list of email addresses to send to * @param array $cc_addresses a list of addresses to send copies to. * @param array $bcc_addresses a list of addresses to send blind copies to. * @param string $replyTo reply-to address * * @return string * * @author Todd Papaioannou (lucky@luckyspin.org) * @since 1.0.0 */ function zp_mail($subject, $message, $email_list = NULL, $cc_addresses = NULL, $bcc_addresses = NULL, $replyTo = NULL) { global $_zp_authority, $_zp_gallery, $_zp_UTF8; $result = ''; if ($replyTo) { $t = $replyTo; if (!is_valid_email_zp($m = array_shift($t))) { if (empty($result)) { $result = gettext('Mail send failed.'); } $result .= sprintf(gettext('Invalid “reply-to” mail address %s.'), $m); } } if (is_null($email_list)) { $email_list = $_zp_authority->getAdminEmail(); } else { foreach ($email_list as $key => $email) { if (!is_valid_email_zp($email)) { unset($email_list[$key]); if (empty($result)) { $result = gettext('Mail send failed.'); } $result .= ' ' . sprintf(gettext('Invalid “to” mail address %s.'), $email); } } } if (is_null($cc_addresses)) { $cc_addresses = array(); } else { if (empty($email_list) && !empty($cc_addresses)) { if (empty($result)) { $result = gettext('Mail send failed.'); } $result .= ' ' . gettext('“cc” list provided without “to” address list.'); return $result; } foreach ($cc_addresses as $key => $email) { if (!is_valid_email_zp($email)) { unset($cc_addresses[$key]); if (empty($result)) { $result = gettext('Mail send failed.'); } $result = ' ' . sprintf(gettext('Invalid “cc” mail address %s.'), $email); } } } if (is_null($bcc_addresses)) { $bcc_addresses = array(); } else { foreach ($bcc_addresses as $key => $email) { if (!is_valid_email_zp($email)) { unset($bcc_addresses[$key]); if (empty($result)) { $result = gettext('Mail send failed.'); } $result = ' ' . sprintf(gettext('Invalid “bcc” mail address %s.'), $email); } } } if (count($email_list) + count($bcc_addresses) > 0) { if (zp_has_filter('sendmail')) { $from_mail = getOption('site_email'); $from_name = get_language_string(getOption('site_email_name')); // Convert to UTF-8 if (LOCAL_CHARSET != 'UTF-8') { $subject = $_zp_UTF8->convert($subject, LOCAL_CHARSET); $message = $_zp_UTF8->convert($message, LOCAL_CHARSET); } // we do not support rich text $message = preg_replace('~<p[^>]*>~', "\n", $message); // Replace the start <p> or <p attr=""> $message = preg_replace('~</p>~', "\n", $message); // Replace the end $message = preg_replace('~<br[^>]*>~', "\n", $message); // Replace <br> or <br ...> $message = preg_replace('~<ol[^>]*>~', "", $message); // Replace the start <ol> or <ol attr=""> $message = preg_replace('~</ol>~', "", $message); // Replace the end $message = preg_replace('~<ul[^>]*>~', "", $message); // Replace the start <ul> or <ul attr=""> $message = preg_replace('~</ul>~', "", $message); // Replace the end $message = preg_replace('~<li[^>]*>~', ".\t", $message); // Replace the start <li> or <li attr=""> $message = preg_replace('~</li>~', "", $message); // Replace the end $message = getBare($message); $message = preg_replace('~\\n\\n\\n+~', "\n\n", $message); // Send the mail if (count($email_list) > 0) { $result = zp_apply_filter('sendmail', '', $email_list, $subject, $message, $from_mail, $from_name, $cc_addresses, $replyTo); // will be true if all mailers succeeded } if (count($bcc_addresses) > 0) { foreach ($bcc_addresses as $bcc) { $result = zp_apply_filter('sendmail', '', array($bcc), $subject, $message, $from_mail, $from_name, array(), $replyTo); // will be true if all mailers succeeded } } } else { $result = gettext('Mail send failed. There is no mail handler configured.'); } } else { if (empty($result)) { $result = gettext('Mail send failed.'); } $result .= ' ' . gettext('No “to” address list provided.'); } return $result; }
/** * Check if an e-mail address has been provided * @param $updated * @param $userobj * @param $i * @param $alter */ static function save_custom($updated, $userobj, $i, $alter) { global $_notification_sent; if ($userobj->getGroup() == 'federated_verify' && is_valid_email_zp($userobj->getEmail())) { $userobj->save(); $admin_e = $userobj->getEmail(); $user = $userobj->getUser(); $key = bin2hex(serialize(array('user' => $user, 'email' => $admin_e, 'date' => time()))); $link = FULLWEBPATH . '/index.php?verify_federated_user='******'Visit %s to validate your federated logon credentials.'), $link); zp_mail(get_language_string(gettext('Federated user confirmation')), $message, array($user => $admin_e)); } return $updated; }
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) { if ($pass == trim($_POST['adminpass_2'])) { if (empty($pass)) { $pwd = null; } else { $pwd = passwordHash($_POST['adminuser'], $pass); } $notify = ''; $currentadmins = getAdministrators(); foreach ($currentadmins as $admin) { if ($admin['user'] == $user) { $notify = 'exists'; break; } } if (!is_valid_email_zp($admin_e)) { $notify = 'invalidemail'; } if (empty($notify)) { saveAdmin($user, $pwd, $admin_n, $admin_e, 0, NULL); $link = FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))); $message = sprintf(gettext('You have received this email because you registered on the site. To complete your registration visit %s.'), $link); $headers = "From: " . get_language_string(getOption('gallery_title'), getOption('locale')) . "<zenphoto@" . $_SERVER['SERVER_NAME'] . ">"; $_zp_UTF8->send_mail($admin_e, gettext('Registration confirmation'), $message, $headers); $notify = 'accepted'; } } else { $notify = 'mismatch'; } } else { $notify = 'incomplete';
/** * Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail address and website URL and also supports CAPTCHA. * The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed. * * @param string $subject_override set to override the subject. */ function printContactForm($subject_override = '') { global $_zp_UTF8, $_zp_captcha, $_processing_post, $_zp_current_admin_obj; $error = array(); if (isset($_POST['sendmail'])) { $mailcontent = array(); $mailcontent['title'] = getField('title'); $mailcontent['name'] = getField('name'); $mailcontent['company'] = getField('company'); $mailcontent['street'] = getField('street'); $mailcontent['city'] = getField('city'); $mailcontent['state'] = getField('state'); $mailcontent['postal'] = getField('postal'); $mailcontent['country'] = getField('country'); $mailcontent['email'] = getField('email'); $mailcontent['website'] = getField('website'); $mailcontent['phone'] = getField('phone'); $mailcontent['subject'] = getField('subject'); $mailcontent['message'] = getField('message', 1); // if you want other required fields or less add/modify their checks here if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) { $error[1] = gettext("a title"); } if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) { $error[2] = gettext("a name"); } if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) { $error[3] = gettext("a company"); } if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) { $error[4] = gettext("a street"); } if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) { $error[5] = gettext("a city"); } if (getOption('contactform_state') == "required" && empty($mailcontent['state'])) { $error[5] = gettext("a state"); } if (getOption('contactform_postal') == "required" && empty($mailcontent['postal'])) { $error[5] = gettext("a postal code"); } if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) { $error[6] = gettext("a country"); } if (getOption('contactform_email') == "required" && (empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email']))) { $error[7] = gettext("a valid email address"); } if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) { $error[8] = gettext('a website'); } else { if (!empty($mailcontent['website'])) { if (substr($mailcontent['website'], 0, 7) != "http://") { $mailcontent['website'] = "http://" . $mailcontent['website']; } } } if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) { $error[9] = gettext("a phone number"); } if (getOption("contactform_subject") == "required" && empty($mailcontent['subject'])) { $error[10] = gettext("a subject"); } if (getOption("contactform_message") == "required" && empty($mailcontent['message'])) { $error[11] = gettext("a message"); } // CAPTCHA start if (getOption("contactform_captcha")) { $code_ok = trim(sanitize($_POST['code_h'])); $code = trim(sanitize($_POST['code'])); if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $error[5] = gettext("the correct CAPTCHA verification code"); } // no ticket } // CAPTCHA end // If required fields are empty or not valide print note if (count($error) != 0) { ?> <div class="errorbox"> <h2> <?php $err = $error; switch (count($err)) { case 1: printf(gettext('Please enter %s. Thanks.'), array_shift($err)); break; case 2: printf(gettext('Please enter %1$s and %2$s. Thanks.'), array_shift($err), array_shift($err)); break; default: $list = '<ul class="errorlist">'; foreach ($err as $item) { $list .= '<li>' . $item . '</li>'; } $list .= '</ul>'; printf(gettext('Please enter: %sThanks.'), $list); break; } ?> </h2> </div> <?php } else { $mailaddress = $mailcontent['email']; $name = $mailcontent['name']; $subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")"; $message = $mailcontent['message'] . "\n\n"; if (!empty($mailcontent['title'])) { $message .= $mailcontent['title']; } if (!empty($mailcontent['name'])) { $message .= $mailcontent['name'] . "\n"; } if (!empty($mailcontent['company'])) { $message .= $mailcontent['company'] . "\n"; } if (!empty($mailcontent['street'])) { $message .= $mailcontent['street'] . "\n"; } if (!empty($mailcontent['city'])) { $message .= $mailcontent['city'] . "\n"; } if (!empty($mailcontent['state'])) { $message .= $mailcontent['state'] . "\n"; } if (!empty($mailcontent['postal'])) { $message .= $mailcontent['postal'] . "\n"; } if (!empty($mailcontent['country'])) { $message .= $mailcontent['country'] . "\n"; } if (!empty($mailcontent['email'])) { $message .= $mailcontent['email'] . "\n"; } if (!empty($mailcontent['phone'])) { $message .= $mailcontent['phone'] . "\n"; } if (!empty($mailcontent['website'])) { $message .= $mailcontent['website'] . "\n"; } $message .= "\n\n"; if (getOption('contactform_confirm')) { echo get_language_string(getOption("contactform_confirmtext")); if (getOption('contactform_sendcopy')) { echo get_language_string(getOption("contactform_sendcopy_text")); } ?> <div> <?php $_processing_post = true; include getPlugin('contact_form/form.php', true); ?> <form id="confirm" action="<?php echo sanitize($_SERVER['REQUEST_URI']); ?> " method="post" accept-charset="UTF-8" style="float: left"> <input type="hidden" id="confirm" name="confirm" value="confirm" /> <input type="hidden" id="name" name="name" value="<?php echo html_encode($name); ?> " /> <input type="hidden" id="subject" name="subject" value="<?php echo html_encode($subject); ?> " /> <input type="hidden" id="message" name="message" value="<?php echo html_encode($message); ?> " /> <input type="hidden" id="mailaddress" name="mailaddress" value="<?php echo html_encode($mailaddress); ?> " /> <input type="submit" value="<?php echo gettext("Confirm"); ?> " /> </form> <form id="discard" action="<?php echo sanitize($_SERVER['REQUEST_URI']); ?> " method="post" accept-charset="UTF-8"> <input type="hidden" id="discard" name="discard" value="discard" /> <input type="submit" value="<?php echo gettext("Discard"); ?> " /> </form> </div> <?php return; } else { // simulate confirmation action $_POST['confirm'] = true; $_POST['subject'] = $subject; $_POST['message'] = $message; $_POST['mailaddress'] = $mailaddress; $_POST['name'] = $name; } } } if (isset($_POST['confirm'])) { $subject = sanitize($_POST['subject']); $message = sanitize($_POST['message'], 1); $mailaddress = sanitize($_POST['mailaddress']); $name = sanitize($_POST['name']); $contactform_mailinglist = getOption("contactform_mailaddress"); $mailinglist = explode(';', $contactform_mailinglist); if (getOption('contactform_sendcopy')) { $sendcopy = array($name => $mailaddress); } else { $sendcopy = NULL; } $err_msg = zp_mail($subject, $message, $mailinglist, $sendcopy); if ($err_msg) { $msgs = explode('.', $err_msg); unset($msgs[0]); // the "mail send failed" text unset($msgs[count($msgs)]); // a trailing empty one ?> <div class="errorbox"> <strong><?php echo ngettext('Error sending mail:', 'Errors sending mail:', count($msgs)); ?> </strong> <ul class="errorlist"> <?php foreach ($msgs as $line) { echo '<li>' . trim($line) . '</li>'; } ?> </ul> </div> <?php } else { echo get_language_string(getOption("contactform_thankstext")); } echo '<p><a href="?again">' . get_language_string(getOption('contactform_newmessagelink')) . '</a></p>'; } else { if (count($error) <= 0) { if (zp_loggedin()) { $mailcontent = array('title' => '', 'name' => $_zp_current_admin_obj->getName(), 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'email' => $_zp_current_admin_obj->getEmail(), 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => ''); if (getOption('zp_plugin_comment_form')) { $raw = $_zp_current_admin_obj->getCustomData(); if (preg_match('/^a:[0-9]+:{/', $raw)) { $address = unserialize($raw); foreach ($address as $key => $field) { $mailcontent[$key] = $field; } } } } else { $mailcontent = array('title' => '', 'name' => '', 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'postal' => '', 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => ''); } } echo get_language_string(getOption("contactform_introtext")); if (getOption('contactform_sendcopy')) { echo get_language_string(getOption("contactform_sendcopy_text")); } $_processing_post = false; include getPlugin('contact_form/form.php', true); } }
/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a code for the success of the comment add: * 0: Bad entry * 1: Marked for moderation * 2: Successfully posted * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code Captcha code entered * @param string $code_ok Captcha md5 expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @return int */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon) { global $_zp_captcha; $result = commentObjectClass($receiver); list($type, $class) = $result; $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); $admins = getAdministrators(); $admin = array_shift($admins); $key = $admin['pass']; // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) { return -2; } if (getOption('comment_name_required') && empty($name)) { return -3; } if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) { return -4; } if (getOption('Use_Captcha')) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { return -5; } } if (empty($comment)) { return -6; } if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } $goodMessage = 2; $gallery = new gallery(); if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip); } if ($goodMessage) { if ($goodMessage == 1) { $moderate = 1; } else { $moderate = 0; } if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $receiverid = $receiver->id; // Update the database entry with the new comment query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")'); if ($moderate) { $action = "placed in moderation"; } else { // add to comments array and notify the admin user $newcomment = array(); $newcomment['name'] = $name; $newcomment['email'] = $email; $newcomment['website'] = $website; $newcomment['comment'] = $comment; $newcomment['date'] = time(); $receiver->comments[] = $newcomment; $action = "posted"; } // switch added for zenpage support $class = get_class($receiver); switch ($class) { case "Albums": $on = $receiver->name; $url = "album=" . urlencode($receiver->name); $ur_album = getUrAlbum($receiver); break; case "ZenpageNews": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink()); break; case "ZenpagePage": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink()); break; default: // all image types $on = $receiver->getAlbumName() . " about " . $receiver->getTitle(); $url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); break; } if (getOption('email_new_comments')) { $last_comment = fetchComments(1); $last_comment = $last_comment[0]['id']; $message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n"; $emails = array(); $admin_users = getAdministrators(); foreach ($admin_users as $admin) { // mail anyone else with full rights if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } // take out for zenpage comments since there are no album admins if ($type === "images" or $type === "albums") { $id = $ur_album->getAlbumID(); $sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}"; $result = query_full_array($sql); foreach ($result as $anadmin) { $admin = $admin_users[$anadmin['adminid']]; if (!empty($admin['email'])) { $emails[] = $admin['email']; } } } zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails); } } return $goodMessage; }
/** * Returns the email addresses of the Admin with ADMIN_USERS rights * * @param bit $rights what kind of admins to retrieve * @return array */ function getAdminEmail($rights = NULL) { if (is_null($rights)) { $rights = ADMIN_RIGHTS; } $emails = array(); $admins = $this->getAdministrators(); foreach ($admins as $user) { if ($user['rights'] & $rights && is_valid_email_zp($user['email'])) { $name = $user['name']; if (empty($name)) { $name = $user['user']; } $emails[$name] = $user['email']; } } return $emails; }
static function post_processor() { global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message; //Handle registration if (isset($_POST['username']) && !empty($_POST['username'])) { $_notify = 'honeypot'; // honey pot check } if (getOption('register_user_captcha')) { if (isset($_POST['code'])) { $code = sanitize($_POST['code'], 3); $code_ok = sanitize($_POST['code_h'], 3); } else { $code = ''; $code_ok = ''; } if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $_notify = 'invalidcaptcha'; } } $admin_n = trim(sanitize($_POST['admin_name'])); if (empty($admin_n)) { $_notify = 'incomplete'; } if (isset($_POST['admin_email'])) { $admin_e = trim(sanitize($_POST['admin_email'])); } else { $admin_e = trim(sanitize($_POST['user'], 0)); } if (!is_valid_email_zp($admin_e)) { $_notify = 'invalidemail'; } $pass = trim(sanitize($_POST['pass'], 0)); $user = trim(sanitize($_POST['user'], 0)); if (empty($pass)) { $_notify = 'empty'; } else { if (!empty($user) && !empty($admin_n) && !empty($admin_e)) { if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) { $currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0)); if (is_object($currentadmin)) { $_notify = 'exists'; } else { if ($_zp_authority->getAnAdmin(array('`email`=' => $admin_e, '`valid`=' => '1'))) { $_notify = 'dup_email'; } } if (empty($_notify)) { $userobj = $_zp_authority->newAdministrator(''); $userobj->transient = false; $userobj->setUser($user); $userobj->setPass($pass); $userobj->setName($admin_n); $userobj->setEmail($admin_e); $userobj->setRights(0); $userobj->setObjects(NULL); $userobj->setGroup(''); $userobj->setCustomData(''); $userobj->setLanguage(getUserLocale()); if (extensionEnabled('userAddressFields')) { $addresses = getOption('register_user_address_info'); $userinfo = register_user::getUserInfo(0); $_comment_form_save_post = serialize($userinfo); if ($addresses == 'required') { if (!isset($userinfo['street']) || empty($userinfo['street'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the street field.'); } if (!isset($userinfo['city']) || empty($userinfo['city'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the city field.'); } if (!isset($userinfo['state']) || empty($userinfo['state'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the state field.'); } if (!isset($userinfo['country']) || empty($userinfo['country'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the country field.'); } if (!isset($userinfo['postal']) || empty($userinfo['postal'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the postal code field.'); } } zp_setCookie('reister_user_form_addresses', $_comment_form_save_post); userAddressFields::setCustomData($userobj, $userinfo); } zp_apply_filter('register_user_registered', $userobj); if ($userobj->transient) { if (empty($_notify)) { $_notify = 'filter'; } } else { $userobj->save(); if (MOD_REWRITE) { $verify = '?verify='; } else { $verify = '&verify='; } $_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))); $_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass); $_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e)); if (empty($_notify)) { $_notify = 'accepted'; } } } } else { $_notify = 'mismatch'; } } else { $_notify = 'incomplete'; } } }
/** * Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail adress and website url and also supports Captcha. * The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed. * */ function printContactForm() { global $_zp_UTF8, $_zp_captcha; $error = array(); if (isset($_POST['sendmail'])) { $mailcontent = array(); $mailcontent['title'] = getField('title'); $mailcontent['name'] = getField('name'); $mailcontent['company'] = getField('company'); $mailcontent['street'] = getField('street'); $mailcontent['city'] = getField('city'); $mailcontent['country'] = getField('country'); $mailcontent['email'] = getField('email'); $mailcontent['website'] = getField('website'); $mailcontent['phone'] = getField('phone'); $mailcontent['subject'] = getField('subject'); $mailcontent['message'] = getField('message', 1); // if you want other required fiels or less add/modify their checks here if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) { $error[1] = gettext("a <strong>title</strong>"); } if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) { $error[2] = gettext("a <strong>name</strong>"); } if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) { $error[3] = gettext("a <strong>company</strong>"); } if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) { $error[4] = gettext("a <strong>street</strong>"); } if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) { $error[5] = gettext("a <strong>city</strong>"); } if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) { $error[6] = gettext("a <strong>country</strong>"); } if (getOption('contactform_email') == "required" && empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email'])) { $error[7] = gettext("a <strong>valid email adress</strong>"); } if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) { $error[8] = gettext('a <strong>website</strong>'); } else { if (!empty($mailcontent['website'])) { if (substr($mailcontent['website'], 0, 7) != "http://") { $mailcontent['website'] = "http://" . $mailcontent['website']; } } } if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) { $error[9] = gettext("a <strong>phone number</strong>"); } if (getOption("contactform_subject") == "required" && empty($mailcontent['subject'])) { $error[10] = gettext("a <strong>subject</strong>"); } if (getOption("contactform_message") == "required" && empty($mailcontent['message'])) { $error[11] = gettext("a <strong>message</strong>"); } // captcha start if (getOption("contactform_captcha")) { $code_ok = trim($_POST['code_h']); $code = trim($_POST['code']); if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $error[5] = gettext("<strong>the correct captcha verification code</strong>"); } // no ticket } // captcha end // If required fields are empty or not valide print note if (count($error) != 0) { echo gettext("<p style='color:red'>Please enter "); $count = 0; foreach ($error as $err) { $count++; if (count($error) > 1) { $separator = ", "; } echo $err; if ($count != count($error)) { if ($count === count($error) - 1) { $separator = gettext(" and "); } echo $separator; } } echo gettext(". Thanks.</p>"); } else { $mailaddress = $mailcontent['email']; $name = $mailcontent['name']; $headers = 'From: ' . $mailaddress . '' . "\r\n"; //$headers .= 'Cc: '.$mailaddress.''."\r\n"; // somehow does not work on all servers! $subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")"; $message = $mailcontent['message'] . "\n"; if (!empty($mailcontent['title'])) { $message .= $mailcontent['title']; } if (!empty($mailcontent['name'])) { $message .= $mailcontent['name'] . "\n"; } if (!empty($mailcontent['company'])) { $message .= $mailcontent['company'] . "\n"; } if (!empty($mailcontent['street'])) { $message .= $mailcontent['street'] . "\n"; } if (!empty($mailcontent['city'])) { $message .= $mailcontent['city'] . "\n"; } if (!empty($mailcontent['country'])) { $message .= $mailcontent['country'] . "\n"; } if (!empty($mailcontent['email'])) { $message .= $mailcontent['email'] . "\n"; } if (!empty($mailcontent['phone'])) { $message .= $mailcontent['phone'] . "\n"; } if (!empty($mailcontent['website'])) { $message .= $mailcontent['website'] . "\n"; } $message .= "\n\n"; echo getOption("contactform_confirmtext"); ?> <div> <form id="confirm" action="<?php echo sanitize($_SERVER['REQUEST_URI']); ?> " method="post" accept-charset="UTF-8" style="float: left"> <input type="hidden" id="confirm" name="confirm" value="confirm" /> <input type="hidden" id="subject" name="subject" value="<?php echo $subject; ?> " /> <input type="hidden" id="message" name="message" value="<?php echo $message; ?> " /> <input type="hidden" id="headers" name="headers" value="<?php echo $headers; ?> " /> <input type="hidden" id="mailaddress" name="mailaddress" value="<?php echo $mailaddress; ?> " /> <input type="submit" value="<?php echo gettext("Confirm"); ?> " /> </form> <form id="discard" action="<?php echo sanitize($_SERVER['REQUEST_URI']); ?> " method="post" accept-charset="UTF-8"> <input type="hidden" id="discard" name="discard" value="discard" /> <input type="submit" value="<?php echo gettext("Discard"); ?> " /> </form> </div> <?php } } if (isset($_POST['confirm'])) { $subject = sanitize($_POST['subject']); $message = sanitize($_POST['message'], 1); $headers = sanitize($_POST['headers']); $mailaddress = sanitize($_POST['mailaddress']); $_zp_UTF8->send_mail(getOption("contactform_mailaddress") . "," . $mailaddress, $subject, $message, $headers); echo getOption("contactform_thankstext"); } if (count($error) <= 0) { $mailcontent = array(); $mailcontent['title'] = ''; $mailcontent['name'] = ''; $mailcontent['company'] = ''; $mailcontent['street'] = ''; $mailcontent['city'] = ''; $mailcontent['country'] = ''; $mailcontent['email'] = ''; $mailcontent['website'] = ''; $mailcontent['phone'] = ''; $mailcontent['subject'] = ''; $mailcontent['message'] = ''; } if (count($error) > 0 || !isset($_POST['sendmail'])) { echo getOption("contactform_introtext"); include SERVERPATH . "/" . ZENFOLDER . "/plugins/contact_form/form.php"; } }
/** * Parses the verification and registration if they have occurred * places the user registration form * * @param string $thanks the message shown on successful registration */ function printRegistrationForm($thanks = NULL) { global $notify, $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery_page, $_zp_gallery; require_once dirname(dirname(__FILE__)) . '/admin-functions.php'; $userobj = NULL; // handle any postings if (isset($_GET['verify'])) { $currentadmins = $_zp_authority->getAdministrators(); $params = unserialize(pack("H*", trim(sanitize($_GET['verify']), '.'))); $userobj = $_zp_authority->getAnAdmin(array('`user`=' => $params['user'], '`valid`=' => 1)); if ($userobj->getEmail() == $params['email']) { if (!$userobj->getRights()) { $userobj->setCredentials(array('registered', 'user', 'email')); $rights = getOption('register_user_user_rights'); $group = NULL; if (!is_numeric($rights)) { // a group or template $admin = $_zp_authority->getAnAdmin(array('`user`=' => $rights, '`valid`=' => 0)); if ($admin) { $userobj->setObjects($admin->getObjects()); if ($admin->getName() != 'template') { $group = $rights; } $rights = $admin->getRights(); } else { $rights = NO_RIGHTS; } } $userobj->setRights($rights | NO_RIGHTS); $userobj->setGroup($group); zp_apply_filter('register_user_verified', $userobj); $notify = false; if (getOption('register_user_notify')) { $notify = zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail())); } if (empty($notify)) { if (getOption('register_user_create_album')) { $userobj->createPrimealbum(); } $notify = 'verified'; $_POST['user'] = $userobj->getUser(); } $userobj->save(); } else { $notify = 'verified'; } } else { $notify = 'not_verified'; // User ID no longer exists } } if (isset($_POST['register_user'])) { if (getOption('register_user_captcha')) { if (isset($_POST['code'])) { $code = sanitize($_POST['code'], 3); $code_ok = sanitize($_POST['code_h'], 3); } else { $code = ''; $code_ok = ''; } if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $notify = 'invalidcaptcha'; } } $admin_n = trim(sanitize($_POST['admin_name'])); if (empty($admin_n)) { $notify = 'incomplete'; } if (isset($_POST['admin_email'])) { $admin_e = trim(sanitize($_POST['admin_email'])); } else { $admin_e = trim(sanitize($_POST['adminuser'])); } if (!is_valid_email_zp($admin_e)) { $notify = 'invalidemail'; } $pass = trim(sanitize($_POST['adminpass'])); $user = trim(sanitize($_POST['adminuser'])); if (!empty($user) && !empty($admin_n) && !empty($admin_e)) { if ($pass == trim(sanitize($_POST['adminpass_2']))) { $currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0)); if (is_object($currentadmin)) { $notify = 'exists'; } if (empty($notify)) { $notify = $_zp_authority->validatePassword($pass); // test for valid password if (empty($notify)) { $userobj = $_zp_authority->newAdministrator(''); $userobj->transient = false; $userobj->setUser($user); $userobj->setPass($pass); $userobj->setName($admin_n); $userobj->setEmail($admin_e); $userobj->setRights(0); $userobj->setObjects(NULL); $userobj->setGroup(''); $userobj->setCustomData(''); $userobj->setLanguage(getUserLocale()); zp_apply_filter('register_user_registered', $userobj); if ($userobj->transient) { if (empty($notify)) { $notify = 'filter'; } } else { $userobj->save(); $link = rewrite_path(FULLWEBPATH . '/page/' . substr($_zp_gallery_page, 0, -4) . '?verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), false); $message = sprintf(get_language_string(getOption('register_user_text')), $link); $notify = zp_mail(get_language_string(gettext('Registration confirmation')), $message, array($user => $admin_e)); if (empty($notify)) { $notify = 'accepted'; } } } } } else { $notify = 'mismatch'; } } else { $notify = 'incomplete'; } } if (zp_loggedin()) { if (isset($_GET['userlog']) && $_GET['userlog'] == 1) { echo '<meta http-equiv="refresh" content="1; url=' . WEBPATH . '/">'; } else { echo '<div class="errorbox fade-message">'; echo '<h2>' . gettext("you are already logged in.") . '</h2>'; echo '</div>'; } return; } if (!empty($notify)) { if ($notify == 'verified' || $notify == 'accepted') { ?> <div class="Messagebox fade-message"> <p> <?php if ($notify == 'verified') { if (is_null($thanks)) { $thanks = gettext("Thank you for registering."); } echo $thanks; } else { echo gettext('Your registration information has been accepted. An email has been sent to you to verify your email address.'); } ?> </p> </div> <?php if ($notify == 'verified') { require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_login-out.php'; ?> <p><?php echo gettext('You may now log onto the site.'); ?> </p> <?php printPasswordForm('', false, true, WEBPATH . '/' . ZENFOLDER . '/admin.php'); } $notify = 'success'; } else { echo '<div class="errorbox fade-message">'; echo '<h2>' . gettext("Registration failed.") . '</h2>'; echo '<p>'; switch ($notify) { case 'exists': printf(gettext('The user ID <em>%s</em> is already in use.'), $admin_e); break; case 'mismatch': echo gettext('Your passwords did not match.'); break; case 'incomplete': echo gettext('You have not filled in all the fields.'); break; case 'notverified': echo gettext('Invalid verification link.'); break; case 'invalidemail': echo gettext('Enter a valid email address.'); break; case 'invalidcaptcha': echo gettext('The CAPTCHA you entered was not correct.'); break; case 'not_verified': echo gettext('Your registration request could not be completed.'); break; case 'filter': if (is_object($userobj) && !empty($userobj->msg)) { echo $userobj->msg; } else { echo gettext('Your registration attempt failed a <code>register_user_registered</code> filter check.'); } break; default: echo $notify; break; } echo '</p>'; echo '</div>'; } } if ($notify != 'success') { $form = getPlugin('register_user/register_user_form.php', true); require_once $form; } }
/** * * Handles the POSTing of a comment * @return NULL|boolean */ function comment_form_handle_comment() { global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache; $comment_error = 0; $cookie = zp_getCookie('zenphoto_comment'); if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) { // 'username' is a honey-pot trap /* * do not save the post page in the cache * Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing. * But this has to wait until processing is finished to avoid race conditions. */ $_zp_HTML_cache->disable(); if (in_context(ZP_IMAGE)) { $commentobject = $_zp_current_image; $redirectTo = $_zp_current_image->getLink(); } else { if (in_context(ZP_ALBUM)) { $commentobject = $_zp_current_album; $redirectTo = $_zp_current_album->getLink(); } else { if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) { $commentobject = $_zp_current_article; $redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink(); } else { if (in_context(ZP_ZENPAGE_PAGE)) { $commentobject = $_zp_current_page; $redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink(); } else { $commentobject = NULL; $error = gettext('Comment posted on unknown page!'); } } } } if (is_object($commentobject)) { if (isset($_POST['name'])) { $p_name = sanitize($_POST['name'], 3); } else { $p_name = NULL; } if (isset($_POST['email'])) { $p_email = sanitize($_POST['email'], 3); if (!is_valid_email_zp($p_email)) { $p_email = NULL; } } else { $p_email = NULL; } if (isset($_POST['website'])) { $p_website = sanitize($_POST['website'], 3); if ($p_website && strpos($p_website, 'http') !== 0) { $p_website = 'http://' . $p_website; } if (!isValidURL($p_website)) { $p_website = NULL; } } else { $p_website = NULL; } if (isset($_POST['comment'])) { $p_comment = sanitize($_POST['comment'], 1); } else { $p_comment = ''; } $p_server = getUserIP(); if (isset($_POST['code'])) { $code1 = sanitize($_POST['code'], 3); $code2 = sanitize($_POST['code_h'], 3); } else { $code1 = ''; $code2 = ''; } $p_private = isset($_POST['private']); $p_anon = isset($_POST['anon']); $commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0))); $comment_error = $commentadded->getInModeration(); $_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData()); if ($comment_error) { $error = $commentadded->comment_error_text; $comment_error++; } else { $_zp_HTML_cache->clearHtmlCache(); $error = NULL; if (isset($_POST['remember'])) { // Should always re-cookie to update info in case it's changed... $_zp_comment_stored['comment'] = ''; // clear the comment itself zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored)); } else { zp_clearCookie('zenphoto_comment'); } //use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour) if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) { // but not for Microsoft IIS because that server fails if we redirect! header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId()); exitZP(); } } } return $error; } else { if (!empty($cookie)) { $cookiedata = getSerializedArray($cookie); if (count($cookiedata) > 1) { $_zp_comment_stored = $cookiedata; } } } return false; }
/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a comment object * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code CAPTCHA code entered * @param string $code_ok CAPTCHA hash expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @param bit $check bitmask of which fields must be checked. If set overrides the options * @return object */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $check = false) { global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold; if ($check === false) { $whattocheck = 0; if (getOption('comment_email_required') == 'required') { $whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED; } if (getOption('comment_name_required')) { $whattocheck = $whattocheck | COMMENT_NAME_REQUIRED; } if (getOption('comment_web_required') == 'required') { $whattocheck = $whattocheck | COMMENT_WEB_REQUIRED; } if (getOption('Use_Captcha')) { $whattocheck = $whattocheck | USE_CAPTCHA; } if (getOption('comment_body_requiired')) { $whattocheck = $whattocheck | COMMENT_BODY_REQUIRED; } if (getOption('email_new_comments')) { $whattocheck = $whattocheck | COMMENT_SEND_EMAIL; } } else { $whattocheck = $check; } $type = $receiver->table; $class = get_class($receiver); $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); $receiverid = $receiver->id; $goodMessage = 2; if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $commentobj = new Comment(); $commentobj->transient = false; // otherwise we won't be able to save it.... $commentobj->setOwnerID($receiverid); $commentobj->setName($name); $commentobj->setEmail($email); $commentobj->setWebsite($website); $commentobj->setComment($comment); $commentobj->setType($type); $commentobj->setIP($ip); $commentobj->setPrivate($private); $commentobj->setAnon($anon); $commentobj->setInModeration(0); if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) { $commentobj->setInModeration(-2); $commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address."); $goodMessage = false; } if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) { $commentobj->setInModeration(-3); $commentobj->comment_error_text .= ' ' . gettext("You must enter your name."); $goodMessage = false; } if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) { $commentobj->setInModeration(-4); $commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL."); $goodMessage = false; } if ($whattocheck & USE_CAPTCHA) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $commentobj->setInModeration(-5); $commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed."); $goodMessage = false; } } if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) { $commentobj->setInModeration(-6); $commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text."); $goodMessage = false; } $moderate = 0; if ($goodMessage && !(false === ($requirePath = getPlugin('spamfilters/' . internalToFilesystem(getOption('spam_filter')) . ".php")))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, $receiver, $ip); switch ($goodMessage) { case 0: $commentobj->setInModeration(2); $commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), getOption('spam_filter')); $goodMessage = false; break; case 1: $_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), getOption('spam_filter')); $commentobj->comment_error_text .= $_zp_comment_on_hold; $commentobj->setInModeration(1); $moderate = 1; break; case 2: $commentobj->setInModeration(0); break; } } $localerrors = $commentobj->getInModeration(); zp_apply_filter('comment_post', $commentobj, $receiver); if ($check === false) { // ignore filter provided errors if caller is supplying the fields to check $localerrors = $commentobj->getInModeration(); } if ($goodMessage && $localerrors >= 0) { // Update the database entry with the new comment $commentobj->save(); // add to comments array and notify the admin user if (!$moderate) { $receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData()); } $class = strtolower(get_class($receiver)); switch ($class) { case "album": $url = "album=" . pathurlencode($receiver->name); $ur_album = getUrAlbum($receiver); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your album "%1$s".'), $receiver->name); } else { $action = sprintf(gettext('A comment has been posted on your album "%1$s".'), $receiver->name); } break; case "zenpagenews": $url = "p=news&title=" . urlencode($receiver->getTitlelink()); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your article "%1$s".'), $receiver->getTitlelink()); } else { $action = sprintf(gettext('A comment has been posted on your article "%1$s".'), $receiver->getTitlelink()); } break; case "zenpagepage": $url = "p=pages&title=" . urlencode($receiver->getTitlelink()); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your page "%1$s".'), $receiver->getTitlelink()); } else { $action = sprintf(gettext('A comment has been posted on your page "%1$s".'), $receiver->getTitlelink()); } break; default: // all image types $url = "album=" . pathurlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); if ($moderate) { $action = sprintf(gettext('A comment has been placed in moderation on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName()); } else { $action = sprintf(gettext('A comment has been posted on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName()); } break; } if ($whattocheck & COMMENT_SEND_EMAIL) { $message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/admin-comments.php?page=editcomment&id=' . $commentobj->id); $emails = array(); $admin_users = $_zp_authority->getAdministrators(); foreach ($admin_users as $admin) { // mail anyone with full rights if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } if ($type === "images" or $type === "albums") { // mail to album admins $id = $ur_album->getAlbumID(); $sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type`="album"'; $result = query_full_array($sql); foreach ($result as $anadmin) { $id = $anadmin['adminid']; if (array_key_exists($id, $admin_users)) { $admin = $admin_users[$id]; if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; } } } } $on = gettext('Comment posted'); $gallery = new Gallery(); $result = zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails); if ($result) { $commentobj->setInModeration(-12); $commentobj->comment_error_text = $result; } } } return $commentobj; }