// if no User is set, he is not able to ask for delivery confirmation
if (!($gCurrentUser->getValue('usr_id') > 0 && $gPreferences['mail_delivery_confirmation'] == 2) && $gPreferences['mail_delivery_confirmation'] != 1) {
$postDeliveryConfirmation = 0;
}
// check if PM or Email and to steps:
if ($getMsgType === 'EMAIL') {
if (isset($postTo)) {
$receiver = array();
$ReceiverString = '';
// Create new Email Object
$email = new Email();
foreach ($postTo as $value) {
// check if role or user is given
if (strpos($value, ':') > 0) {
$modulemessages = new ModuleMessages();
$group = $modulemessages->msgGroupSplit($value);
// check if role rights are granted to the User
$sql = 'SELECT rol_mail_this_role, rol_name, rol_id
FROM ' . TBL_ROLES . '
INNER JOIN ' . TBL_CATEGORIES . '
ON cat_id = rol_cat_id
WHERE rol_id = ' . $group[0] . '
AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL)';
$statement = $gDb->query($sql);
$row = $statement->fetch();
// logged in user is just allowed to send to role with permission
// logged out ones just to role with permission level "all visitors"
// role must be from actual Organisation
if (!$gValidLogin && $row['rol_mail_this_role'] != 3 || $gValidLogin && !$gCurrentUser->hasRightSendMailToRole($row['rol_id']) || $row['rol_id'] === null) {
$gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
