/** * New Topic posting controller, reads, parses, checks and posts a new topic * * What it does: * - New topics do not have security keys in them so they are subject to spoofing * - It must be from the email of a registered user * - It must have been sent to an email ID that has been set to post new topics * - Accessed through emailtopic. * * @param string|null $data used to supply a full body+headers email */ public function action_pbe_topic($data = null) { global $modSettings, $user_info, $maintenance; // The function is not even on ... if (empty($modSettings['maillist_enabled'])) { return; } // Our mail parser and our main subs require_once SUBSDIR . '/EmailParse.class.php'; require_once SUBSDIR . '/Emailpost.subs.php'; // Init loadLanguage('Maillist'); setMemoryLimit('256M'); // Get the data from one of our sources $email_message = new Email_Parse(); $email_message->read_data($data, BOARDDIR); if (!$email_message->raw_message) { return false; } // Parse the header and some needed details $email_message->read_email(true, $email_message->raw_message); $email_message->load_address(); // No key for this, so set some blanks for the error function (if needed) $email_message->message_type = 'x'; $email_message->message_key_id = ''; $email_message->message_id = 0; // If the feature is on but the post/pm function is not enabled, just log the message. if (empty($modSettings['pbe_post_enabled'])) { return pbe_emailError('error_email_notenabled', $email_message); } // Load the user from the database based on the sending email address $email_message->email['from'] = !empty($email_message->email['from']) ? strtolower($email_message->email['from']) : ''; $pbe = query_load_user_info($email_message->email['from']); // Can't find this email as one of our users? if (empty($pbe)) { return pbe_emailError('error_not_find_member', $email_message); } // Getting hammy with it? if ($email_message->load_spam()) { return pbe_emailError('error_found_spam', $email_message); } // The board that this email address corresponds to $board_number = pbe_find_board_number($email_message); if (empty($board_number)) { return pbe_emailError('error_not_find_board', $email_message); } // In maintenance mode so just save it for the moderators to deal with if (!empty($maintenance) && $maintenance !== 2 && !$pbe['user_info']['is_admin'] && !$user_info['is_admin']) { return pbe_emailError('error_in_maintenance_mode', $email_message); } // Any additional spam / security checking call_integration_hook('integrate_mailist_checks_before', array($email_message, $pbe)); // To post a NEW topic, we need some board details for where it goes $board_info = query_load_board_details($board_number, $pbe); if (empty($board_info)) { return pbe_emailError('error_board_gone', $email_message); } // Load up this users permissions for that board query_load_permissions('board', $pbe, $board_info); // Account for any moderation they may be under pbe_check_moderation($pbe); // Create the topic, send notifications return pbe_create_topic($pbe, $email_message, $board_info); }
/** * Loads up the vital user information given an email address * * - Similar to loadMemberData, loadPermissions, loadUserSettings, but only loads a * subset of that data, enough to validate that a user can make a post to a given board. * - Done this way to avoid over-writting user_info etc for those who are running * this function (on behalf of the email owner, simliar to profile views etc) * * Sets: * - pbe['profile'] * - pbe['profile']['options'] * - pbe['user_info'] * - pbe['user_info']['permissions'] * - pbe['user_info']['groups'] * * @package Maillist * @param string $email */ function query_load_user_info($email) { global $user_profile, $modSettings, $language; $db = database(); if (empty($email)) { return false; } // Find the user who owns this email address $request = $db->query('', ' SELECT id_member FROM {db_prefix}members WHERE email_address = {string:email} AND is_activated = {int:act} LIMIT 1', array('email' => $email, 'act' => 1)); list($id_member) = $db->fetch_row($request); $db->free_result($request); // No user found ... back we go if (empty($id_member)) { return false; } // Load the users profile information $pbe = array(); if (loadMemberData($id_member, false, 'profile')) { $pbe['profile'] = $user_profile[$id_member]; // Load in *some* user_info data just like loadUserSettings would do if (empty($pbe['profile']['additional_groups'])) { $pbe['user_info']['groups'] = array($pbe['profile']['id_group'], $pbe['profile']['id_post_group']); } else { $pbe['user_info']['groups'] = array_merge(array($pbe['profile']['id_group'], $pbe['profile']['id_post_group']), explode(',', $pbe['profile']['additional_groups'])); } // Clean up the groups foreach ($pbe['user_info']['groups'] as $k => $v) { $pbe['user_info']['groups'][$k] = (int) $v; } $pbe['user_info']['groups'] = array_unique($pbe['user_info']['groups']); // Load the user's general permissions.... query_load_permissions('general', $pbe); // Set the moderation warning level $pbe['user_info']['warning'] = isset($pbe['profile']['warning']) ? $pbe['profile']['warning'] : 0; // Work out our query_see_board string for security if (in_array(1, $pbe['user_info']['groups'])) { $pbe['user_info']['query_see_board'] = '1=1'; } else { $pbe['user_info']['query_see_board'] = '((FIND_IN_SET(' . implode(', b.member_groups) != 0 OR FIND_IN_SET(', $pbe['user_info']['groups']) . ', b.member_groups) != 0)' . (!empty($modSettings['deny_boards_access']) ? ' AND (FIND_IN_SET(' . implode(', b.deny_member_groups) = 0 AND FIND_IN_SET(', $pbe['user_info']['groups']) . ', b.deny_member_groups) = 0)' : '') . ')'; } // Set some convenience items $pbe['user_info']['is_admin'] = in_array(1, $pbe['user_info']['groups']) ? 1 : 0; $pbe['user_info']['id'] = $id_member; $pbe['user_info']['username'] = isset($pbe['profile']['member_name']) ? $pbe['profile']['member_name'] : ''; $pbe['user_info']['name'] = isset($pbe['profile']['real_name']) ? $pbe['profile']['real_name'] : ''; $pbe['user_info']['email'] = isset($pbe['profile']['email_address']) ? $pbe['profile']['email_address'] : ''; $pbe['user_info']['language'] = empty($pbe['profile']['lngfile']) || empty($modSettings['userLanguage']) ? $language : $pbe['profile']['lngfile']; } return !empty($pbe) ? $pbe : false; }