コード例 #1
0
ファイル: includes.php プロジェクト: kosmosby/medicine-prof
function uddeIMdrawWriteform($myself, $my_gid, $item_id, $backto, $recipname, $pmessage, $messageid, $dwf_isreply, $dwf_errorcode, $dwf_sysgm, $config) {
	$pathtouser  = uddeIMgetPath('user');
	$pathtosite  = uddeIMgetPath('live_site');

	// possible values for dwf_errorcode:
	// 0 = no error
	// 1 = no error, show complete userlist
	// 2 = don't send to yourself
	// 3 = username not found
	// 4 = no message
	// 5 = no username
	// 6 = too many recipients
	// 7 = wrong captcha code
	// 8 = does not allow public messages
	// 9 = one user has blocked you
	// 10 = sending to this group not allowed
	// 11 = contact list not found
	// 12 = error in from name (n/a, public frontend only)
	// 13 = error in from email (n/a, public frontend only)
	// 14 = time delay for spam protection
	// 15 = csrf protection
	// 16 = administrative blocking
	// 17 = user is banned
	// 18 = file upload failed
	// 19 = file size exceeded
	// 20 - file type not allowed
	// 21 - bad words

	// This functions expects values stripslashed

	// allowed to send messages?
	if ($config->waitdays && uddeIMisReggedOnly($my_gid)) {
		$rightnow=uddetime($config->timezone);
		$offset=((float)$config->waitdays) * 86400;
		$timeframe=$rightnow-$offset;
		$registerDate=uddeIMgetRegisterDate($myself, $config);
		// $registerDate=mktime(0, 0, 0, 3, 28, 2010);
		if ($timeframe<$registerDate) {
			$temp = ($registerDate-$timeframe)/86400;
			$showinboxlimit_borderbottom = "<span class='uddeim-warning'>";
			if ($temp>=1)
				$showinboxlimit_borderbottom.= _UDDEIM_WAITDAYS1.sprintf("%0.1f", $temp)._UDDEIM_WAITDAYS2;
			else 
				$showinboxlimit_borderbottom.= _UDDEIM_WAITDAYS1.sprintf("%0.1f", $temp*24)._UDDEIM_WAITDAYS2H;
			$showinboxlimit_borderbottom.= "</span>";
			echo "<div id='uddeim-bottomlines'>".$showinboxlimit_borderbottom."</div>";
			return;
		}
	}
	
	echo "<div id='uddeim-writeform'>\n";
	if ($dwf_sysgm) {
		echo "<br />";
		echo "<form enctype='multipart/form-data' name='sendeform' method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=savesysgm&Itemid=".$item_id)."'>\n";
		uddeIMwriteCSRF($config);
		echo "<p><input type='checkbox' checked='checked' name='sysgm_sys' value='1' />"._UDDEIM_SEND_ASSYSM."</p>\n";

		if ($config->showgroups) {
			echo "<p><select name='sysgm_universe' size='1'>";
			echo "<option value='sysgm_toall'>"._UDDEIM_SEND_TOALL."</option>";
			echo "<option value='sysgm_toallspecial'>"._UDDEIM_SEND_TOALLSPECIAL."</option>";
			echo "<option value='sysgm_toalladmins'>"._UDDEIM_SEND_TOALLADMINS."</option>";
			echo "<option value='sysgm_toalllogged'>"._UDDEIM_SEND_TOALLLOGGED."</option>";
			$groups = uddeIMselectAROgroups();
			foreach ($groups as $group) {
				$groupid = $group->id;
				$groupname = $group->name;
				echo "<option value='".$groupid."'>".$groupname."</option>";
			}
			echo "</select></p>";
		} else {
			echo "<p><input type='radio' name='sysgm_universe' value='sysgm_toall' />"._UDDEIM_SEND_TOALL."<br />\n";
			echo "<input type='radio' name='sysgm_universe' checked='checked' value='sysgm_toallspecial' />"._UDDEIM_SEND_TOALLSPECIAL."<br />\n";
			echo "<input type='radio' name='sysgm_universe' checked='checked' value='sysgm_toalladmins' />"._UDDEIM_SEND_TOALLADMINS."<br />\n";
			echo "<input type='radio' name='sysgm_universe' value='sysgm_toalllogged' />"._UDDEIM_SEND_TOALLLOGGED."</p>\n";
		}
		echo "<p>"._UDDEIM_VALIDFOR_1;
		echo "<input name='sysgm_validfor' type='text' size='4' />"._UDDEIM_VALIDFOR_2."</p>\n";
		echo "<p>"._UDDEIM_SYSGM_SHORTHELP."</p>\n";
	} else {
		echo "<br />";
		echo "<form enctype='multipart/form-data' name='sendeform' method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=save&Itemid=".$item_id)."'>";
		echo "<input type='hidden' name='sendeform_showallusers' value='' />\n";
		uddeIMwriteCSRF($config);
		if (uddeIMgetEMNmoderated($myself) ) { //&& uddeIMisReggedOnly($my_gid)) {
			echo "<p>"._UDDEIM_MCP_MODERATED."</p>";
		}
	}
	echo "\n";

	if($dwf_errorcode==0 && $backto) {
		echo "<input type='hidden' name='backto' value='".htmlspecialchars($backto)."' />";
	}

	if(!$dwf_sysgm) {
	
		if($dwf_isreply!=1) { // if this is NOT a reply

			echo "<table width='100%' cellspacing='0' cellpadding='0' width='100%'>";

			if(0 && $dwf_errorcode==0 && $recipname) {		// BUGBUG "0 &&". don't need this case
				echo "<tr><td valign='top'>";
				echo "<b>".$recipname."</b>";
				echo "<input type='hidden' name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' />&nbsp;";
				echo "</td></tr>";
			} else {

// START FIRST LINE IN TABLE (contains two fields: TO USER and select from ALL USER list)
				echo "<tr><td valign='top'>";
//				if ($dwf_errorcode==0 && $recipname) {	// does not really make sense
//					echo "<a href='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=new&Itemid=".$item_id)."'>"._UDDEIM_TODP."</a>";
//				} else {
				echo "<span title='".($config->allowmultipleuser ? _UDDEIM_TODP_TITLE_CC : _UDDEIM_TODP_TITLE)."'>";
				echo _UDDEIM_TODP;
//				}
				echo "<br />";

				if($dwf_errorcode==2 || $dwf_errorcode==3 || $dwf_errorcode==5 || 
				   $dwf_errorcode==6 || $dwf_errorcode==8 || $dwf_errorcode==9 || 
				   $dwf_errorcode==10 || $dwf_errorcode==11 || $dwf_errorcode==16 ||
				   $dwf_errorcode==17 || $dwf_errorcode==18 || $dwf_errorcode==19 ||
				   $dwf_errorcode==20) {
					$errorstyle='style="background-color: #ff0000;" ';
				} else {
					$errorstyle='';
				}

				echo "<input type='hidden' name='to_id' value='' />";
				echo "<input type='hidden' name='messageid' value='".$messageid."' />";
				if (!($config->flags & 0x04)) {
					echo "<input type='text' ".$errorstyle."name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' />&nbsp;";
				} else {
					echo "<span ".$errorstyle.">".htmlentities($recipname, ENT_QUOTES, $config->charset)."</span>";
					echo "<input type='hidden' name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' />&nbsp;";
				}
				echo "</span>";

				if ($config->useautocomplete) {
					uddeIMdoAutocomplete($config);
				}

// SECOND FIELD IN FIRST LINE IN TABLE
				echo "</td><td valign='top' align='right'>\n";
				$allusersallowed = 0;
				if( ($config->restrictallusers==0) ||
					($config->restrictallusers==1 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) || 
					($config->restrictallusers==2 && (uddeIMisAdmin($my_gid)   || uddeIMisAdmin2($my_gid, $config))) )
					$allusersallowed=1;
				if (!($config->flags & 0x01) && $allusersallowed) {
					if ($config->modeshowallusers==1 || $config->modeshowallusers==2) {
						if ($dwf_errorcode==0 && $config->modeshowallusers==1) {
							// link to drop down box with names of connected users, value is 2 since it is shown the first time (so selecting the link does not show an error message because of an empty recipient field)
							echo "<br />";
							echo "<a href=\"#\" onclick=\"document.sendeform.sendeform_showallusers.value='2'; document.sendeform.submit(); return false;\">"._UDDEIM_SHOWUSERS."</a>";
						} else { // now show all users
							uddeIMdoShowAllUsers($myself, $my_gid, $config, 1);
						}
					}
				}
				echo "</td></tr>";

// START SECOND LINE IN TABLE (colspan=2)
				if ($dwf_errorcode==3) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_NOSUCHUSER."</td></tr>";
				} elseif ($dwf_errorcode==2) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_NOTTOYOURSELF."</td></tr>";
				} elseif ($dwf_errorcode==5) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_ENTERNAME."</td></tr>";
				} elseif ($dwf_errorcode==6) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_TOOMANYRECIPIENTS."</td></tr>";
				} elseif ($dwf_errorcode==7) {
					if ($config->captchatype==0) {
						echo "<tr><td valign=left colspan=2>"._UDDEIM_WRONGCAPTCHA."</td></tr>";
					} else {
						echo "<tr><td valign=left colspan=2><span style='background-color: #ff0000;'>"._UDDEIM_WRONGCAPTCHA."</span></td></tr>";
					}
				} elseif ($dwf_errorcode==8) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_NOPUBLICMSG."</td></tr>";
				} elseif ($dwf_errorcode==9) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_ONEUSERBLOCKS."</td></tr>";
				} elseif ($dwf_errorcode==10) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_GROUPBLOCKED."</td></tr>";
				} elseif ($dwf_errorcode==11) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_NOSUCHLIST."</td></tr>";
				} elseif ($dwf_errorcode==12) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINFROMNAME."</td></tr>";
				} elseif ($dwf_errorcode==13) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINEMAIL."</td></tr>";
				} elseif ($dwf_errorcode==14) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_YOUHAVETOWAIT."</td></tr>";
				} elseif ($dwf_errorcode==15) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORCSRF."</td></tr>";
				} elseif ($dwf_errorcode==16) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_USERBLOCKED."</td></tr>";
				} elseif ($dwf_errorcode==17) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_USERBANNED."</td></tr>";
				} elseif ($dwf_errorcode==18) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_FILEUPLOAD_FAILED."</td></tr>";
				} elseif ($dwf_errorcode==19) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_FILESIZE_EXCEEDED."</td></tr>";
				} elseif ($dwf_errorcode==20) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_FILETYPE_NOTALLOWED."</td></tr>";
				} elseif ($dwf_errorcode==21) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_BADWORD."</td></tr>";
				}
// START THIRD LINE IN TABLE WHEN CONNECTIONS AVAILABLE

				$have_lists=0;
				if( ($config->enablelists==1) ||
					($config->enablelists==2 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) || 
					($config->enablelists==3 && (uddeIMisAdmin($my_gid)   || uddeIMisAdmin2($my_gid, $config))) )
					$have_lists=1;

				if (!($config->flags & 0x02)) {
					if ($config->showconnex || $have_lists) {
						// if (uddeIMcheckCB() && $showconnex && !($recipname && $dwf_errorcode==0)) {
						uddeIMdoShowConnections($myself, $my_gid, $config);	// this creates a third row in table
					}
				}
			}
			echo "</table>";
			echo "<br />";
		} else { // it IS a reply
			if ($dwf_errorcode) {
				echo "<table width='100%' cellspacing='0' cellpadding='0'>";
				if ($dwf_errorcode==7) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_WRONGCAPTCHA."</td></tr>";
				} elseif ($dwf_errorcode==13) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINEMAIL."</td></tr>";
				} elseif ($dwf_errorcode==14) {
					echo "<tr><td valign=left colspan=2>"._UDDEIM_YOUHAVETOWAIT."</td></tr>";
				}
				echo "</table>";
				echo "<br />";
			}
			echo "<input type='hidden' name='to_id' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' />&nbsp;";
			echo "<input type='hidden' name='messageid' value='".$messageid."' />";
			echo "<input type='hidden' name='to_name' value='' />";
		}
	}

	if(($config->showtextcounter && $config->maxlength) || 
		$config->cryptmode==2 || $config->cryptmode==4) {
		uddeIMaddScript($pathtosite."/components/com_uddeim/js/uddeimtools.js");
	}

	if($config->allowbb || $config->allowsmile) {
		uddeIMaddScript($pathtosite."/components/com_uddeim/js/bbsmile.js");
		$num = uddeIMdoSmileysEx($config);
		uddeIMdoBB($config);
		uddeIMdoSmileys($config, $num);
	}

// well, I think the complete textarea should be red (or only the label? or both?)
//	if($dwf_errorcode==4) {
//		$errorstyle=' style="background-color: #ff0000;"';
//	} else {
		$errorstyle='';
//	}

	if($dwf_isreply==1) {
		echo "<span".$errorstyle.">"._UDDEIM_REPLY."</span>";
	} else {
		echo "<span".$errorstyle.">"._UDDEIM_MESSAGE."</span>";
	}
	echo "<br />";

	$thestyle = "";
	if ($config->width)
		$thestyle .= "width: ".(int)$config->width."px; ";

	if ($dwf_errorcode==4 || $dwf_errorcode==21)
		$thestyle .= "background-color: #ff0000; ";

	$errorstyle="";
	if ($thestyle!="")
		$errorstyle="style='".$thestyle."' ";

	// ================================== TEXTBOX/TEXTCOUNTER ==============================

	if($config->showtextcounter && $config->maxlength) {
		$uc = ($config->showtextcounter) ? "textCount(document.sendeform.pmessage,document.sendeform.characterstyped,".$config->maxlength.");" : "";
		echo "<textarea name='pmessage' ".$errorstyle."class='inputbox' rows='".(int)$config->rows."' cols='".(int)$config->cols."' onkeydown='".$uc."' onkeyup='".$uc."'>".$pmessage."</textarea>";
		echo "<div class='uddeim-textcounter'>";
		echo "<input style='background-color: lightgray;' readonly='readonly' type='text' name='characterstyped' size='4' maxlength='4' value='".$config->maxlength."' /> "._UDDEIM_CHARSLEFT;
		echo "</div>";
	} else {
		echo "<textarea name='pmessage' ".$errorstyle."class='inputbox' rows='".(int)$config->rows."' cols='".(int)$config->cols."'>".$pmessage."</textarea>";
	}

	// ================================== FILE UPLOAD ==============================

	if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
		uddeIMshowUploadButtons($config);

	// ================================== PASSWORD ==============================

	// CRYPT
	if($config->cryptmode==2 || $config->cryptmode==4) {
		echo "<div class='uddeim-password'>";
		echo "<a href='javascript:uddeidswap(\"divpass\");'>"._UDDEIM_PASSWORDBOX."</a>";
		echo "<span id='divpass' style='visibility:hidden;'>: <input name='cryptpass' value='' />"._UDDEIM_ENCRYPTIONTEXT."</span>";
		echo "</div>";
	}

	// ================================== CAPTCHA ==============================

	if ( $config->usecaptcha>=4 ||																			// all users (incl. admins)
		($config->usecaptcha==3 && !uddeIMisAdmin($my_gid)   && !uddeIMisAdmin2($my_gid, $config)) ||		// CAPTCHA enabled for public frontend, registered and special users
		($config->usecaptcha==2 && !uddeIMisSpecial($my_gid) && !uddeIMisSpecial2($my_gid, $config)) ) {	// CAPTCHA enabled for public frontend and registered users (note: 0 is not required since this is done in public.php)
		// CAPTCHA
		if ($config->captchatype==0) {
			if($dwf_errorcode==7) {
				$errorstyle='style="background-color: #ff0000;" ';
			} else {
				$errorstyle='';
			}
			echo "<div class='uddeim-captcha'>";
			echo "<label for='security_code'>"._UDDEIM_SECURITYCODE." </label><input id='security_code' name='security_code' type='text' ".$errorstyle." />&nbsp;";

			if (class_exists('JFactory')) {
				// CAPTCHA15
				echo "<img style='vertical-align:middle;' src='".$pathtosite."/components/com_uddeim/captcha15.php' alt='' /><br />";
			} else {
				// CAPTCHA10
				echo "<img style='vertical-align:middle;' src='".$pathtosite."/components/com_uddeim/captcha.php' alt='' /><br />";
			}
			echo "</div>";
		} else {
			$pathtouser  = uddeIMgetPath('user');
			require_once($pathtouser."/recaptchalib.php");
			echo "<div class='uddeim-captcha'>";
		    echo recaptcha_get_html($config->recaptchapub);
			echo "</div>";
		}
	}

	// ================================== Show the SEND OPTIONS ==============================

	$showoptions =  ($config->trashoriginal && $dwf_isreply==1) ||
					($config->trashoriginalsent && !$dwf_sysgm) ||
					($config->allowcopytome && !$dwf_sysgm) ||
					($config->addccline && $config->allowmultipleuser && !$dwf_sysgm) ||
					($config->allowemailnotify && $config->emailwithmessage==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ||
					($config->allowemailnotify && $dwf_sysgm);

	if ($showoptions) {
		echo "<div class='uddeim-sendoption'>";
	}
	if($config->trashoriginal && $dwf_isreply==1) {
		echo "<input type='checkbox' value='1' checked='checked' name='tobedeleted' />"._UDDEIM_TRASHORIGINAL."&nbsp;";
	}
	if($config->trashoriginalsent && !$dwf_sysgm) {
		echo "<input type='checkbox' value='1' name='tobedeletedsent' />"._UDDEIM_TRASHORIGINALSENT."&nbsp;";
	}
	if($config->allowcopytome && !$dwf_sysgm) {
		echo "<input type='checkbox' value='1' name='copytome' />"._UDDEIM_SENDCOPYTOME."&nbsp;";
	}
	if($config->addccline && $config->allowmultipleuser && !$dwf_sysgm) {
		echo "<span title='"._UDDEIM_ADDCCINFO_TITLE."'>";
		echo "<input type='checkbox' value='1' checked='checked' name='addccinfo' />"._UDDEIM_ADDCCINFO;
		echo "</span>";
	}
	// Email notifications must be on AND emailwithmessage for admins AND its an admin
	if($config->allowemailnotify && $config->emailwithmessage==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) {
		echo "<span title='"._UDDEAIM_ADDEMAIL_TITLE."'>";
		echo "<input type='checkbox' value='1' name='forceembedded' />"._UDDEAIM_ADDEMAIL_SELECT;
		echo "</span>";
	}
	if($config->allowemailnotify && $dwf_sysgm) {
		echo "<span><input type='checkbox' value='1' name='sysgm_nonotify' />"._UDDEIM_SEND_NONOTIFY."</span>\n";
	}

	if ($showoptions) {
		echo "</div>";
	}

	// ================================== SEND BUTTON ==============================

	echo "<div class='uddeim-sendbutton'>";
	// when going back one page (history(-1)) the button stays disabled
    // echo "<input type='submit' name='reply' class='button' onclick=\"this.disabled=true;this.value='"._UDDEIM_PROCESSING."';this.form.submit();\" value='"._UDDEIM_SUBMIT."' /> ";
    echo "<input type='submit' name='reply' class='button' value='"._UDDEIM_SUBMIT."' /> ";
	echo "</div>";

	echo "</form>\n";
	echo "</div>\n"; // end of uddeim-writeform
}
コード例 #2
0
ファイル: uddeim.php プロジェクト: kosmosby/medicine-prof
function uddeIMsaveSysgm($myself, $to_name, $to_id, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $sysgm_sys, $sysgm_nonotify, $sysgm_universe, $sysgm_validfor, $sysgm_really, $cryptpass, $config) {
	$database = uddeIMgetDatabase();

	$to_name = stripslashes($to_name);

	$my_gid = $config->usergid;
	if ($config->allowsysgm==0 || 
	   ($config->allowsysgm==1 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) ||
	   ($config->allowsysgm==2 && !uddeIMisManager($my_gid)) ) {
		$mosmsg=_UDDEIM_NOTALLOWED_SYSM_GM;
		uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
	}

	// what is username of sender?
	$sendername = uddeIMgetNameFromID($myself, $config);
	if ($sysgm_sys)
		$sendername=$config->sysm_username;

	if (!$sysgm_really) {
		// send not confirmed. ask for confirmation

		// CAPTCHA (first check for all other errors and then the CAPTCHA)
		if (!uddeIMcheckCAPTCHA($my_gid, $config)) {
			uddeIMprintMenu($myself, 'new', $item_id, $config);
			echo "<div id='uddeim-m'>\n";
			$to_name=stripslashes($to_name);
			$pmessage=stripslashes($pmessage);
			uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 7, 1, $config);
			echo "</div>\n<div id='uddeim-bottomborder'></div>\n";
			return;
		}

		if (!uddeIMcheckCSRF($config)) {
			uddeIMprintMenu($myself, 'new', $item_id, $config);
			echo "<div id='uddeim-m'>\n";
			$to_name=stripslashes($to_name);
			$pmessage=stripslashes($pmessage);
			uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 15, 1, $config);
			echo "</div>\n<div id='uddeim-bottomborder'></div>\n";
			return;
		}

		uddeIMprintMenu($myself, 'new', $item_id, $config);
		echo "<div id='uddeim-m'>\n";

		echo "<div id='uddeim-toplines'><p>"._UDDEIM_SYSGM_PLEASECONFIRM."</p></div>\n";
		echo "<div id='uddeim-message'><table cellpadding='7' cellspacing='1' width='100%'>\n";
		$usql="";	// send to unblocked users only

		getAdditonalGroups($add_special, $add_admin, $config);
		if (uddeIMcheckJversion()>=2) {		// J1.6
			if ($sysgm_universe=="sysgm_toall") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALL;
				$usql="SELECT count(id) FROM #__users WHERE block=0";
			} elseif ($sysgm_universe=="sysgm_toalllogged") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALLLOGGED;
				$usql="SELECT count(a.id) FROM #__users AS a, #__session AS b WHERE a.block=0 AND a.id=b.userid";
			} elseif ($sysgm_universe=="sysgm_toallspecial") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALLSPECIAL;
				$usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) 
						INNER JOIN #__usergroups AS g ON um.group_id=g.id 
						WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")) AS aTable";
			} elseif ($sysgm_universe=="sysgm_toalladmins") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALLADMINS;
				$usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) 
						INNER JOIN #__usergroups AS g ON um.group_id=g.id 
						WHERE u.block=0 AND g.id IN (7,8".$add_admin.")) AS aTable";
			} elseif ($config->showgroups) {
				$aclsql = "SELECT title AS name FROM #__usergroups WHERE id=".(int)$sysgm_universe;
				$database->setQuery($aclsql);
				$universe=$database->loadResult();
				$usql="SELECT count(*) FROM (SELECT DISTINCT u.id
						FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) 
						INNER JOIN #__usergroups AS g ON um.group_id=g.id 
						WHERE g.id=".(int)$sysgm_universe.") AS aTable";
			}
		} else {
			if ($sysgm_universe=="sysgm_toall") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALL;
				$usql="SELECT count(id) FROM #__users WHERE block=0";
			} elseif ($sysgm_universe=="sysgm_toalllogged") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALLLOGGED;
				$usql="SELECT count(a.id) FROM #__users AS a, #__session AS b WHERE a.block=0 AND a.id=b.userid";
			} elseif ($sysgm_universe=="sysgm_toallspecial") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALLSPECIAL;
				$usql="SELECT count(id) FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")";
			} elseif ($sysgm_universe=="sysgm_toalladmins") {
				$universe=_UDDEIM_SYSGM_WILLSENDTOALLADMINS;
				$usql="SELECT count(id) FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")";
			} else {
				if ($config->showgroups) {
					if (uddeIMcheckJversion()>=1)
						$aclsql = "SELECT name FROM  #__core_acl_aro_groups WHERE id=".(int)$sysgm_universe;
					else
						$aclsql = "SELECT name FROM  #__core_acl_aro_groups WHERE group_id=".(int)$sysgm_universe;
					$database->setQuery($aclsql);
					$universe=$database->loadResult();
					$usql="SELECT count(id) FROM #__users WHERE block=0 AND gid=".(int)$sysgm_universe;
				}
			}
		}
		if (!$universe) {
			$mosmsg=_UDDEIM_UNEXPECTEDERROR_QUIT." No recipients selected";
			uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
		}

		if ($usql) {
			$database->setQuery($usql);
			$rf = (int)$database->loadResult();
			$rft = ($rf==1) ? _UDDEIM_RECIPIENTFOUND : _UDDEIM_RECIPIENTSFOUND;
			$universe.=" (".$rf." ".$rft.")";
		}



		// UDDEIMFILE
		// We have checked that everything is ok, now do the file uploads
		$uploadfile_temppathname = array();
		$uploadfile_original = array();
		$uploadfile_id = array(); 
		$uploadfile_size = array(); 
		$uploadfile_error = array();
		if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) {
			$noerror = uddeIMhandleAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $uploadfile_error, $config);
			if (!$noerror) { // something goes wrong
				// BUGBUG: that is not the best error handling possible but is will do the work
				// iterate through all errorcodes and show the first error found, rest of data will be lost
				// ==> delete all files that were uploaded ok
				while (list($key, $value) = each( $uploadfile_temppathname )) {
					if (file_exists($value))
						unlink($value);
				}
				while (list($key, $value) = each( $uploadfile_error )) {
					if ($value==-1) {	// upload failed
						uddeIMprintMenu($myself, 'new', $item_id, $config);
						echo "<div id='uddeim-m'>\n";
						$to_name=stripslashes($to_name);
						$pmessage=stripslashes($pmessage);
						uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 18, 1, $config);
						return;
					}
					if ($value==-2) {	// file size exceeded
						uddeIMprintMenu($myself, 'new', $item_id, $config);
						echo "<div id='uddeim-m'>\n";
						$to_name=stripslashes($to_name);
						$pmessage=stripslashes($pmessage);
						uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 19, 1, $config);
						return;
					}
					if ($value==-3) {	// file type not allowed
						uddeIMprintMenu($myself, 'new', $item_id, $config);
						echo "<div id='uddeim-m'>\n";
						$to_name=stripslashes($to_name);
						$pmessage=stripslashes($pmessage);
						uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 20, 1, $config);
						return;
					}
				}
				$uploadfile_temppathname = array();		// should never been reached when an error occurs but neverthless destroy old arrays
				$uploadfile_original = array();
				$uploadfile_id = array(); 
				$uploadfile_size = array(); 
				$uploadfile_error = array();
			} else {
				$savedatum=uddetime($config->timezone);
				uddeIMpreSaveAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);
			}
		}
		// The uploaded file is stored in "$uploadfile_tempname" (with path) ad the original name in "$uploadfile_original" (without path) and an Id for the file.
		// When we reach this line we can store these fileames in the DB.

		$udde_infoheader = $universe."<br />";
		$udde_infoheader .= _UDDEIM_SYSGM_WILLSENDAS_1.$sendername._UDDEIM_SYSGM_WILLSENDAS_2."<br />";
		if($sysgm_sys) {
			$udde_infoheader .= _UDDEIM_SYSGM_WILLDISABLEREPLY."<br />";
		}
		if($forceembedded && !$sysgm_nonotify) {
			$udde_infoheader .= _UDDEIM_SYSGM_FORCEEMBEDDED."<br />";
		}
		if($sysgm_nonotify) {
			$udde_infoheader .= _UDDEIM_SYSGM_NONOTIFY."<br />";
		}
		if($sysgm_validfor>0) {
			$now=uddetime($config->timezone);
			$validuntil_timestamp=$now+($sysgm_validfor*3600);
			$validuntil=date("Y-m-d H:i", $validuntil_timestamp);
			$udde_infoheader .= _UDDEIM_SYSGM_WILLEXPIRE." ".$validuntil."<br />";
		}

		echo "\t<tr class='sectiontableentry1'>\n\t\t<td>".$udde_infoheader."</td></tr>\n";

		// strip any HTML from message but don't add slashes yet
		$dmessage=strip_tags($pmessage);
		$dmessage=stripslashes($pmessage);
		$hmessage=htmlspecialchars($dmessage, ENT_QUOTES, $config->charset);
		$jmessage=$dmessage;

		$containslink=stristr($dmessage, "[url");
		// parse bb code if it is a sysgm
		$dmessage=uddeIMbbcode_replace($dmessage, $config);
		$dmessage=uddeIMsmile_replace($dmessage, $config);

		echo "\t<tr class='sectiontableentry2'>\n\t\t\n\t\t<td>".nl2br($dmessage)."</td></tr>\n"; // to do
		echo "</table></div>\n";

		echo "<div id='uddeim-writeform'>\n";
		echo "<form method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=savesysgm&Itemid=".$item_id)."'><input type='hidden' name='sysgm_sys' value='".$sysgm_sys."' />\n";
		echo "<span style='display: none'>\n";

		if ($sysgm_universe=="sysgm_toall") {
			echo "<input type='hidden' name='sysgm_universe' value='sysgm_toall' />\n";
		} elseif ($sysgm_universe=="sysgm_toallspecial") {
			echo "<input type='hidden' name='sysgm_universe' value='sysgm_toallspecial' />\n";
		} elseif ($sysgm_universe=="sysgm_toalladmins") {
			echo "<input type='hidden' name='sysgm_universe' value='sysgm_toalladmins' />\n";
		} elseif ($sysgm_universe=="sysgm_toalllogged") {
			echo "<input type='hidden' name='sysgm_universe' value='sysgm_toalllogged' />\n";
		} elseif ($config->showgroups) { 
			echo "<input type='hidden' name='sysgm_universe' value='".$sysgm_universe."' />\n";
		} 
		echo "<input type='hidden' name='sysgm_validfor' value='".(int)$sysgm_validfor."' />\n";
		echo "<textarea style='visibility: hidden;' name='pmessage' class='inputbox' rows='1' cols='60'>".$jmessage."</textarea>\n";
		echo "<input type='hidden' name='sysgm_really' value='1' />\n";
		echo "<input type='hidden' name='forceembedded' value='".(int)$forceembedded."' />\n";
		echo "<input type='hidden' name='sysgm_nonotify' value='".(int)$sysgm_nonotify."' />\n";
		echo "<span id='divpass' style='visibility:hidden;'><input type='hidden' name='cryptpass' value='".$cryptpass."' /></span>\n";

		if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) {
			while (list($key, $value) = each( $uploadfile_temppathname )) {
				echo "<input type='hidden' name='uploadfile_temppathname[". $key ."]' value=". $database->Quote($uploadfile_temppathname[$key]) ." />\n";
				echo "<input type='hidden' name='uploadfile_original[". $key ."]' value=". $database->Quote($uploadfile_original[$key]) ." />\n";
				echo "<input type='hidden' name='uploadfile_id[". $key ."]' value=". $database->Quote($uploadfile_id[$key]) ." />\n";
				echo "<input type='hidden' name='uploadfile_size[". $key ."]' value=". $database->Quote($uploadfile_size[$key]) ." />\n";
			}
		}

		echo "</span>\n";
		echo "<input type='submit' name='reply' class='button' value='"._UDDEIM_SUBMIT."' />\n";
		echo "<input type='button' class='button' value='".htmlspecialchars(_UDDEIM_DONTSEND, ENT_QUOTES, $config->charset)."' onclick='history.go(-1); return false;' />";
		echo "</form>";
		echo "</div>";

		if ($containslink) {
			echo "<div id='uddeim-bottomlines'><p>"._UDDEIM_SYSGM_CHECKLINK."</p>\n</div>\n";
		}

		echo "</div>\n<div id='uddeim-bottomborder'>".uddeIMcontentBottomborder($myself, $item_id, 'standard', 'none', $config)."</div>\n";

	} else { // sysgm_really is set to true, send is confirmed. Now send it.

		$uploadfile_temppathname = uddeIMmosGetParam ($_POST, 'uploadfile_temppathname', array());
		$uploadfile_original = uddeIMmosGetParam ($_POST, 'uploadfile_original', array());
		$uploadfile_id = uddeIMmosGetParam ($_POST, 'uploadfile_id', array());
		$uploadfile_size = uddeIMmosGetParam ($_POST, 'uploadfile_size', array());

		$savedatum=uddetime($config->timezone);
		if($sysgm_validfor>0) {
			$now=uddetime($config->timezone);
			$validuntil=$now+($sysgm_validfor*3600);
		} else {
			$validuntil=0;
		}
		$savefromid=$myself;
		$savedisablereply=0;
		$savesysflag="";
		if($sysgm_sys) {
			$savesysflag=addslashes($config->sysm_username); 	// system message
			$savedisablereply=1; 								// and users can't reply to them
		} else {
			$savesysflag=addslashes($sendername);
			$savedisablereply=0;
		}

		if ($config->cryptmode>=1) {	// because of encoding do not use slashes
			$savemessage=strip_tags($pmessage);
		} else {
			$savemessage=addslashes(strip_tags($pmessage));   // original 0.6+
		}
		// strip XSS code
		$savemessage = uddeIMRemoveXSS($savemessage);

		getAdditonalGroups($add_special, $add_admin, $config);
		if (uddeIMcheckJversion()>=2) {		// J1.6
			// who shall get the message?
			if($sysgm_universe=="sysgm_toall") {
				$sql="SELECT id FROM #__users WHERE block=0";
			} elseif($sysgm_universe=="sysgm_toalllogged") {
				$sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid";
			} elseif($sysgm_universe=="sysgm_toallspecial") {
				$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) 
							INNER JOIN #__usergroups AS g ON um.group_id=g.id 
							WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")";
			} elseif($sysgm_universe=="sysgm_toalladmins") {
				$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) 
							INNER JOIN #__usergroups AS g ON um.group_id=g.id 
							WHERE u.block=0 AND g.id IN (7,8".$add_admin.")";
			} elseif ($config->showgroups) {
				$sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) 
							INNER JOIN #__usergroups AS g ON um.group_id=g.id 
							WHERE u.block=0 AND g.id=".(int)$sysgm_universe;
			}
		} else {
			// who shall get the message?
			if($sysgm_universe=="sysgm_toall") {
				$sql="SELECT id FROM #__users WHERE block=0";
			} elseif($sysgm_universe=="sysgm_toalllogged") {
				$sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid";
			} elseif($sysgm_universe=="sysgm_toallspecial") {
				$sql="SELECT id FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")";
			} elseif($sysgm_universe=="sysgm_toalladmins") {
				$sql="SELECT id FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")";
			} elseif ($config->showgroups) {
				$sql="SELECT id FROM #__users WHERE block=0 AND gid=".(int)$sysgm_universe;
			}
		}
		// query the database
		$database->setQuery($sql);
		$receivers=$database->loadObjectList();

		if (!count($receivers)) {
			// when there are temporary files, remove them and the markers
			uddeIMpreSaveAttachmentsRemove($config);
			$mosmsg = _UDDEIM_SYSGM_ERRORNORECIPS;
			uddeJSEFredirect("index.php?option=com_uddeim&task=sysgm&Itemid=".$item_id, $mosmsg);
		}
		// we have all we need, now save it


		// when we have reached that, we can remove the temporary attachment markers since the files will be referenced later
		if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
			uddeIMpreSaveAttachmentsFinish($config);


		foreach($receivers as $receiver) {
			$savetoid=$receiver->id;

			// it is a systemmsg to "toid", so assume that the message has already been trashed in the senders outbox (remember: system messages are not shown in the outbox)
			// so set totrashoutbox=1, totrashdateoutbox=uddetime($config->timezone)
			// CRYPT
			$themode = 0;
			if ($config->cryptmode==1) {
				$themode = 1;
				$cm = uddeIMencrypt($savemessage,$config->cryptkey,CRYPT_MODE_BASE64);
				$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",1,'".md5($config->cryptkey)."')";
			} elseif ($config->cryptmode==2) {
				$themode = 2;
				$thepass=$cryptpass;
				if (!$thepass) {	// no password entered, then fallback to obfuscating
					$themode = 1;
					$thepass=$config->cryptkey;
				}
				$cm = uddeIMencrypt($savemessage,$thepass,CRYPT_MODE_BASE64);
				$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.", ".$themode.",'".md5($thepass)."')";
			} elseif ($config->cryptmode==3) {
				$themode = 3;
				$cm = uddeIMencrypt($savemessage,"",CRYPT_MODE_STOREBASE64);
				$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",3)";
			} elseif ($config->cryptmode==4) {
				$themode = 4;
				$thepass=$cryptpass;
				$cipher = CRYPT_MODE_3DESBASE64;
				if (!$thepass) {	// no password entered, then fallback to obfuscating
					$themode = 1;
					$thepass=$config->cryptkey;
					$cipher = CRYPT_MODE_BASE64;
				}
				$cm = uddeIMencrypt($savemessage,$thepass,$cipher);
				$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.", ".$themode.",'".md5($thepass)."')";
			} else {
				$sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$savemessage."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1,".$savedatum.")";
			}
			$database->setQuery($sql);
			if (!$database->query()) {
				die("SQL error when attempting to save a message" . $database->stderr(true));
			}
			$insID = $database->insertid();



			// UDDEIMFILE
			// Now save the uploads
			if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config))
				uddeIMsaveAttachments($insID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config);

			

			// Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver.
			if ($config->modnewusers>0 || $config->notifydefault>0 || $config->popupdefault>0 || $config->pubfrontenddefault>0 || $config->autoresponder>0 || $config->autoforward>0) {
				if (!uddeIMexistsEMN($savetoid))
					uddeIMinsertEMNdefaults($savetoid, $config);
			}

			// Check if notifications are not disabled temporary
			if (!$sysgm_nonotify) {

				// e-mail notification code
				// is the receiver currently online?
				$currentlyonline = uddeIMisOnline($savetoid);

				if ($config->cryptmode>=1) {
					$email=stripslashes($savemessage);
				} else {
					$email=stripslashes(stripslashes($savemessage));	// without encoding remove the safety slashes
				}

				$type = 0; 			// 0=normal message, 1=forgetmenot, 2=admin forces text
				if ($forceembedded)
					$type = 2;		// admin forces
				if($config->allowemailnotify==1) {
					$ison = uddeIMgetEMNstatus($savetoid);
					if($sysgm_sys) {
						$emn_fromid = 0;
					} else {
						$emn_fromid = $savefromid;
					}
					if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline))  {
						uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $savetoid, $email, $type, $config);
						// 0 stands for normal (not forgetmenot)
					}
				} elseif($config->allowemailnotify==2) {
					$my_gid = uddeIMgetGID($savetoid);
					if (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config)) {
						$ison = uddeIMgetEMNstatus($savetoid);
						if($sysgm_sys) {
							$emn_fromid = 0;
						} else {
							$emn_fromid = $savefromid;
						}
						if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline))  {
							uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $savetoid, $email, $type, $config);
							// 0 stands for normal (not forgetmenot)
						}
					}
				}
			}
		}
		$mosmsg=_UDDEIM_MESSAGE_SENT;
		uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg);
	}
}