function mime_content_type($f)
{
return trim(exec('file -bi ' . escapeshellarg($f)));
}
}
$msgid = isset($_GET['id']) ? intval($_GET['id']) : 0;
$file = basename($_GET['file']);
if ($msgid) {
$res = $xoopsDB->query("SELECT msgid,uid,touid,onepass FROM " . CCMES . " WHERE msgid={$msgid}");
if (!$res || $xoopsDB->getRowsNum($res) == 0) {
die("No File");
}
$data = $xoopsDB->fetchArray($res);
if (!cc_check_perm($data)) {
redirect_header(XOOPS_URL . '/user.php', 3, _NOPERM);
exit;
}
}
$path = XOOPS_UPLOAD_PATH . cc_attach_path($msgid, $file);
$type = cc_mime_content_type($path);
$stat = stat($path);
if (!$stat) {
die('No File');
}
//header("Last-Modified: ".formatTimestamp($stat['mtime'], "r"));
header("Content-Type: {$type}");
//header("Content-Length: ".$stat['size']);
if ($stat && $_SERVER["REQUEST_METHOD"] == "GET") {
header('Content-Disposition: inline;filename="' . $file . '"');
print file_get_contents($path);
}
function store_message($items, $form)
{
global $xoopsUser, $xoopsDB, $xoopsModuleConfig;
$uid = is_object($xoopsUser) ? $xoopsUser->getVar('uid') : 0;
$store = $form['store'];
if ($store == _DB_STORE_NONE) {
$showaddr = true;
// no store to need show address
} else {
$showaddr = get_attr_value(null, 'notify_with_email');
}
$from = $email = "";
$attach = array();
$vals = array();
$rtext = '';
foreach ($items as $item) {
if (empty($item['name'])) {
continue;
}
$name = $item['name'];
$val = $item['value'];
$vals[$name] = $val;
$opts =& $item['options'];
switch ($item['type']) {
case 'mail':
if (empty($email)) {
// save first email for contact
$email = $vals[$name];
$mail_name = $name;
if ($showaddr) {
$from = $email;
break;
}
continue 2;
/* PHP switch catch continue! */
}
break;
case 'file':
$val = $vals[$name];
if ($val) {
$vals[$name] = "file=" . $val;
$attach[] = $val;
}
break;
case 'radio':
case 'select':
if (isset($opts[$val])) {
$val = strip_tags($opts[$val]);
}
break;
case 'checkbox':
foreach ($val as $k => $v) {
$val[$k] = isset($opts[$v]) ? strip_tags($opts[$v]) : $v;
}
$val = join(', ', $val);
break;
}
if (!empty($val) && preg_match('/\\n/', $val)) {
$val = "\n\t" . preg_replace('/\\n/', "\n\t", $val);
}
$rtext .= strip_tags($item['label']) . ": {$val}\n";
}
// remove if not show/store email address in database
if (!$showaddr && isset($mail_name)) {
unset($vals[$mail_name]);
}
$text = serialize_text($vals);
// store value
$onepass = $uid == 0 ? cc_onetime_ticket($email) : "";
if ($form['priuid'] < 0) {
$touid = empty($form['priuser']) ? 0 : $form['priuser']['uid'];
} else {
$touid = $form['priuid'];
}
$now = time();
$values = array('uid' => $uid, 'touid' => $touid, 'ctime' => $now, 'mtime' => $now, 'atime' => $now, 'fidref' => $form['formid'], 'email' => $xoopsDB->quoteString($email), 'onepass' => $xoopsDB->quoteString($onepass));
$parg = $onepass ? "&p=" . urlencode($onepass) : "";
if ($store == _DB_STORE_YES) {
$values['body'] = $xoopsDB->quoteString($text);
}
if ($store != _DB_STORE_NONE) {
$res = $xoopsDB->query("INSERT INTO " . CCMES . "(" . join(',', array_keys($values)) . ") VALUES (" . join(',', $values) . ")");
if ($res === false) {
return array("Error in DATABASE insert");
}
$id = $xoopsDB->getInsertID();
if (empty($id)) {
return array("Internal Error in Store Message");
}
} else {
$id = 0;
}
$member_handler =& xoops_gethandler('member');
if ($touid) {
$toUser = $member_handler->getUser($touid);
$toUname = $toUser->getVar('uname');
} else {
$toUser = false;
$toUname = _MD_CONTACT_NOTYET;
}
$atext = "";
// reply sender
$btext = "";
// to contact and monitors
if (count($attach)) {
$atext = $btext = "\n" . _MD_ATTACHMENT . "\n";
foreach ($attach as $i => $file) {
move_attach_file('', $file, $id);
$a = cc_attach_image($id, $file, true);
$atext .= "{$a}{$parg}\n";
$btext .= "{$a}\n";
}
rmdir(XOOPS_UPLOAD_PATH . cc_attach_path(0, ''));
}
$dirname = basename(dirname(__FILE__));
$uname = $xoopsUser ? $xoopsUser->getVar('uname') : $GLOBALS['xoopsConfig']['anonymous'];
$tags = array('SUBJECT' => $form['title'], 'TO_USER' => $toUname, 'FROM_USER' => $uname, 'FROM_EMAIL' => $email, 'REMOTE_ADDR' => $_SERVER["REMOTE_ADDR"], 'HTTP_USER_AGENT' => $_SERVER["HTTP_USER_AGENT"], 'MSGID' => $id);
foreach ($vals as $k => $v) {
$tags[$k] = is_array($v) ? implode(', ', $v) : $v;
}
$tpl = get_attr_value(null, 'from_confirm_tpl', 'form_confirm.tpl');
$msgurl = XOOPS_URL . ($id ? "/modules/{$dirname}/message.php?id={$id}" : '/');
if ($email) {
// reply automaticaly
$tags['VALUES'] = "{$rtext}{$atext}";
$tags['MSG_URL'] = $store == _DB_STORE_NONE ? '' : "\n" . _MD_NOTIFY_URL . "\n{$msgurl}{$parg}";
cc_notify_mail($tpl, $tags, $email, $toUser ? $toUser->getVar('email') : '');
}
$tags['VALUES'] = "{$rtext}{$btext}";
$tags['MSG_URL'] = $store == _DB_STORE_NONE ? '' : "\n" . _MD_NOTIFY_URL . "\n" . $msgurl;
$notification_handler =& xoops_gethandler('notification');
$notification_handler->triggerEvent('global', 0, 'new', $tags);
$notification_handler->triggerEvent('form', $form['formid'], 'new', $tags);
// force subscribe sender and recipient
if ($id) {
$notification_handler->subscribe('message', $id, 'comment');
}
if ($touid) {
if ($id) {
$notification_handler->subscribe('message', $id, 'comment', null, null, $touid);
}
cc_notify_mail(get_attr_value(null, 'charge_notify_tpl', $tpl), $tags, $toUser, $from);
} elseif ($form['cgroup']) {
// contact group notify
$users = $member_handler->getUsersByGroup($form['cgroup'], true);
cc_notify_mail(get_attr_value(null, 'group_notify_tpl', $tpl), $tags, $users, $from);
}
if ($id) {
$msgurl .= $parg;
}
$redirect = get_attr_value(null, 'redirect');
if (!empty($redirect)) {
$msgurl = preg_match('/^\\//', $redirect) ? XOOPS_URL . $redirect : $redirect;
}
redirect_header($msgurl, 3, _MD_CONTACT_DONE);
exit;
}
function cc_delete_message($msgid)
{
global $xoopsDB;
//$res = $xoopsDB->query("DELETE FROM ".CCMES." WHERE msgid=".$msgid);
$dir = XOOPS_UPLOAD_PATH . cc_attach_path(0, '');
$dh = opendir($dir);
while ($file = readdir($dh)) {
if ($file == ".." || $file == ".") {
continue;
}
$path = "{$dir}/{$file}";
unlink($path);
}
}