function mime_content_type($f) { return trim(exec('file -bi ' . escapeshellarg($f))); } } $msgid = isset($_GET['id']) ? intval($_GET['id']) : 0; $file = basename($_GET['file']); if ($msgid) { $res = $xoopsDB->query("SELECT msgid,uid,touid,onepass FROM " . CCMES . " WHERE msgid={$msgid}"); if (!$res || $xoopsDB->getRowsNum($res) == 0) { die("No File"); } $data = $xoopsDB->fetchArray($res); if (!cc_check_perm($data)) { redirect_header(XOOPS_URL . '/user.php', 3, _NOPERM); exit; } } $path = XOOPS_UPLOAD_PATH . cc_attach_path($msgid, $file); $type = cc_mime_content_type($path); $stat = stat($path); if (!$stat) { die('No File'); } //header("Last-Modified: ".formatTimestamp($stat['mtime'], "r")); header("Content-Type: {$type}"); //header("Content-Length: ".$stat['size']); if ($stat && $_SERVER["REQUEST_METHOD"] == "GET") { header('Content-Disposition: inline;filename="' . $file . '"'); print file_get_contents($path); }
function store_message($items, $form) { global $xoopsUser, $xoopsDB, $xoopsModuleConfig; $uid = is_object($xoopsUser) ? $xoopsUser->getVar('uid') : 0; $store = $form['store']; if ($store == _DB_STORE_NONE) { $showaddr = true; // no store to need show address } else { $showaddr = get_attr_value(null, 'notify_with_email'); } $from = $email = ""; $attach = array(); $vals = array(); $rtext = ''; foreach ($items as $item) { if (empty($item['name'])) { continue; } $name = $item['name']; $val = $item['value']; $vals[$name] = $val; $opts =& $item['options']; switch ($item['type']) { case 'mail': if (empty($email)) { // save first email for contact $email = $vals[$name]; $mail_name = $name; if ($showaddr) { $from = $email; break; } continue 2; /* PHP switch catch continue! */ } break; case 'file': $val = $vals[$name]; if ($val) { $vals[$name] = "file=" . $val; $attach[] = $val; } break; case 'radio': case 'select': if (isset($opts[$val])) { $val = strip_tags($opts[$val]); } break; case 'checkbox': foreach ($val as $k => $v) { $val[$k] = isset($opts[$v]) ? strip_tags($opts[$v]) : $v; } $val = join(', ', $val); break; } if (!empty($val) && preg_match('/\\n/', $val)) { $val = "\n\t" . preg_replace('/\\n/', "\n\t", $val); } $rtext .= strip_tags($item['label']) . ": {$val}\n"; } // remove if not show/store email address in database if (!$showaddr && isset($mail_name)) { unset($vals[$mail_name]); } $text = serialize_text($vals); // store value $onepass = $uid == 0 ? cc_onetime_ticket($email) : ""; if ($form['priuid'] < 0) { $touid = empty($form['priuser']) ? 0 : $form['priuser']['uid']; } else { $touid = $form['priuid']; } $now = time(); $values = array('uid' => $uid, 'touid' => $touid, 'ctime' => $now, 'mtime' => $now, 'atime' => $now, 'fidref' => $form['formid'], 'email' => $xoopsDB->quoteString($email), 'onepass' => $xoopsDB->quoteString($onepass)); $parg = $onepass ? "&p=" . urlencode($onepass) : ""; if ($store == _DB_STORE_YES) { $values['body'] = $xoopsDB->quoteString($text); } if ($store != _DB_STORE_NONE) { $res = $xoopsDB->query("INSERT INTO " . CCMES . "(" . join(',', array_keys($values)) . ") VALUES (" . join(',', $values) . ")"); if ($res === false) { return array("Error in DATABASE insert"); } $id = $xoopsDB->getInsertID(); if (empty($id)) { return array("Internal Error in Store Message"); } } else { $id = 0; } $member_handler =& xoops_gethandler('member'); if ($touid) { $toUser = $member_handler->getUser($touid); $toUname = $toUser->getVar('uname'); } else { $toUser = false; $toUname = _MD_CONTACT_NOTYET; } $atext = ""; // reply sender $btext = ""; // to contact and monitors if (count($attach)) { $atext = $btext = "\n" . _MD_ATTACHMENT . "\n"; foreach ($attach as $i => $file) { move_attach_file('', $file, $id); $a = cc_attach_image($id, $file, true); $atext .= "{$a}{$parg}\n"; $btext .= "{$a}\n"; } rmdir(XOOPS_UPLOAD_PATH . cc_attach_path(0, '')); } $dirname = basename(dirname(__FILE__)); $uname = $xoopsUser ? $xoopsUser->getVar('uname') : $GLOBALS['xoopsConfig']['anonymous']; $tags = array('SUBJECT' => $form['title'], 'TO_USER' => $toUname, 'FROM_USER' => $uname, 'FROM_EMAIL' => $email, 'REMOTE_ADDR' => $_SERVER["REMOTE_ADDR"], 'HTTP_USER_AGENT' => $_SERVER["HTTP_USER_AGENT"], 'MSGID' => $id); foreach ($vals as $k => $v) { $tags[$k] = is_array($v) ? implode(', ', $v) : $v; } $tpl = get_attr_value(null, 'from_confirm_tpl', 'form_confirm.tpl'); $msgurl = XOOPS_URL . ($id ? "/modules/{$dirname}/message.php?id={$id}" : '/'); if ($email) { // reply automaticaly $tags['VALUES'] = "{$rtext}{$atext}"; $tags['MSG_URL'] = $store == _DB_STORE_NONE ? '' : "\n" . _MD_NOTIFY_URL . "\n{$msgurl}{$parg}"; cc_notify_mail($tpl, $tags, $email, $toUser ? $toUser->getVar('email') : ''); } $tags['VALUES'] = "{$rtext}{$btext}"; $tags['MSG_URL'] = $store == _DB_STORE_NONE ? '' : "\n" . _MD_NOTIFY_URL . "\n" . $msgurl; $notification_handler =& xoops_gethandler('notification'); $notification_handler->triggerEvent('global', 0, 'new', $tags); $notification_handler->triggerEvent('form', $form['formid'], 'new', $tags); // force subscribe sender and recipient if ($id) { $notification_handler->subscribe('message', $id, 'comment'); } if ($touid) { if ($id) { $notification_handler->subscribe('message', $id, 'comment', null, null, $touid); } cc_notify_mail(get_attr_value(null, 'charge_notify_tpl', $tpl), $tags, $toUser, $from); } elseif ($form['cgroup']) { // contact group notify $users = $member_handler->getUsersByGroup($form['cgroup'], true); cc_notify_mail(get_attr_value(null, 'group_notify_tpl', $tpl), $tags, $users, $from); } if ($id) { $msgurl .= $parg; } $redirect = get_attr_value(null, 'redirect'); if (!empty($redirect)) { $msgurl = preg_match('/^\\//', $redirect) ? XOOPS_URL . $redirect : $redirect; } redirect_header($msgurl, 3, _MD_CONTACT_DONE); exit; }
function cc_delete_message($msgid) { global $xoopsDB; //$res = $xoopsDB->query("DELETE FROM ".CCMES." WHERE msgid=".$msgid); $dir = XOOPS_UPLOAD_PATH . cc_attach_path(0, ''); $dh = opendir($dir); while ($file = readdir($dh)) { if ($file == ".." || $file == ".") { continue; } $path = "{$dir}/{$file}"; unlink($path); } }