/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function contactemail($uid, $author, $authoremail, $subject, $message) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail) && strpos($authoremail, '@') === false) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}"); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } $subject = COM_stripslashes($subject); $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter(); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $message = strip_tags($message) . $sig; if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; $sent = COM_mail($from, $subject, $ccmessage, $from); } COM_updateSpeedlimit('mail'); $retval .= COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85')); } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } return $retval; }
/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function contactemail($uid, $author, $authoremail, $subject, $message, $html = 0) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG_LOGIN; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser()) { if (!SEC_inGroup('Contact', (int) $uid)) { if (($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { $display = COM_siteHeader('menu', $LANG_LOGIN[1]); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } } } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = " . (int) $uid); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail)) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags($sig); $sig = "\n\n-- \n" . $sig; } } $subject = COM_filterHTML($subject); $message = COM_filterHTML($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { $subject = @htmlspecialchars($subject, ENT_QUOTES, COM_getEncodingt()); $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter(); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); if ($html) { $message = $message . $sig; } else { $message = strip_tags($message) . $sig; } $to = array(); $from = array(); if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $rc = COM_mail($to, $subject, $message, $from, $html); COM_updateSpeedlimit('mail'); if (COM_isAnonUser() && $_CONF['profileloginrequired'] == true) { $redirectURL = $_CONF['site_url'] . '/index.php?msg='; } else { $redirectURL = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg='; } if ($rc === false) { $retval .= COM_refresh($redirectURL . '26'); } else { $retval .= COM_refresh($redirectURL . '27'); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt()); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = @htmlspecialchars(trim($subject), ENT_QUOTES, COM_getEncodingt()); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } return $retval; }
$nameErr = "Name is required"; } else { $name = test_input($_POST["name"]); } if (empty($_POST["message"])) { $messageErr = "Message is required"; } else { $message = test_input($_POST["message"]); } if (empty($_POST["email"])) { $emailErr = "Email is required"; } else { $email = test_input($_POST["email"]); } if ($nameErr == "" && $emailErr == "" && $messageErr == "") { contactform($message, $name, $email); } else { echo "<script>alert(\"There is an error!\");</script>"; } } ?> <div class="row"> <div class="col-md-8 col-md-offset-2 aboutus"> <h1>Have a problem?</h1><br> <form action="index.php?page=contact" method="POST" role="form"> <div class="form-group"> <label for="name">Name:</label> <input type="text" name="name" class="form-control" id="name" value="<?php if (isset($_SESSION["loggedIn"])) { echo $user['name'] . " " . $user['lastname'];
return '<ul style=" list-style-type:none;">' . implode('', $output) . '</ul>'; } if (empty($_POST) === false) { if (empty($_POST['name']) === true) { $errors[] = 'Your name is required.'; } if (empty($_POST['email']) === true) { $errors[] = 'Your email address is required.'; } if (empty($_POST['message']) === true) { $errors[] = 'Please enter a reason for contacting us.'; } if (empty($errors) === false) { echo output_errors($errors); } else { contactform($_POST['name'], $_POST['email'], $_POST['message'], $headers); header("Location: contactus.php?emailsent"); exit; } } ?> <div class="maincontainer col-lg-10 col-md-10 col-sm-10 col-xs-10"><!-- maincontainer starts here --> <?php if (isset($_GET['emailsent'])) { echo '<div style="background:#44B23D;color:black; padding: 10px; text-align:center;"> <p><strong>Your email has been sent to us successfully. Please allow 2-3 working days for a response to your query.</strong> </p> </div>';