function uddeIMdrawWriteform($myself, $my_gid, $item_id, $backto, $recipname, $pmessage, $messageid, $dwf_isreply, $dwf_errorcode, $dwf_sysgm, $config) { $pathtouser = uddeIMgetPath('user'); $pathtosite = uddeIMgetPath('live_site'); // possible values for dwf_errorcode: // 0 = no error // 1 = no error, show complete userlist // 2 = don't send to yourself // 3 = username not found // 4 = no message // 5 = no username // 6 = too many recipients // 7 = wrong captcha code // 8 = does not allow public messages // 9 = one user has blocked you // 10 = sending to this group not allowed // 11 = contact list not found // 12 = error in from name (n/a, public frontend only) // 13 = error in from email (n/a, public frontend only) // 14 = time delay for spam protection // 15 = csrf protection // 16 = administrative blocking // 17 = user is banned // 18 = file upload failed // 19 = file size exceeded // 20 - file type not allowed // 21 - bad words // This functions expects values stripslashed // allowed to send messages? if ($config->waitdays && uddeIMisReggedOnly($my_gid)) { $rightnow=uddetime($config->timezone); $offset=((float)$config->waitdays) * 86400; $timeframe=$rightnow-$offset; $registerDate=uddeIMgetRegisterDate($myself, $config); // $registerDate=mktime(0, 0, 0, 3, 28, 2010); if ($timeframe<$registerDate) { $temp = ($registerDate-$timeframe)/86400; $showinboxlimit_borderbottom = "<span class='uddeim-warning'>"; if ($temp>=1) $showinboxlimit_borderbottom.= _UDDEIM_WAITDAYS1.sprintf("%0.1f", $temp)._UDDEIM_WAITDAYS2; else $showinboxlimit_borderbottom.= _UDDEIM_WAITDAYS1.sprintf("%0.1f", $temp*24)._UDDEIM_WAITDAYS2H; $showinboxlimit_borderbottom.= "</span>"; echo "<div id='uddeim-bottomlines'>".$showinboxlimit_borderbottom."</div>"; return; } } echo "<div id='uddeim-writeform'>\n"; if ($dwf_sysgm) { echo "<br />"; echo "<form enctype='multipart/form-data' name='sendeform' method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=savesysgm&Itemid=".$item_id)."'>\n"; uddeIMwriteCSRF($config); echo "<p><input type='checkbox' checked='checked' name='sysgm_sys' value='1' />"._UDDEIM_SEND_ASSYSM."</p>\n"; if ($config->showgroups) { echo "<p><select name='sysgm_universe' size='1'>"; echo "<option value='sysgm_toall'>"._UDDEIM_SEND_TOALL."</option>"; echo "<option value='sysgm_toallspecial'>"._UDDEIM_SEND_TOALLSPECIAL."</option>"; echo "<option value='sysgm_toalladmins'>"._UDDEIM_SEND_TOALLADMINS."</option>"; echo "<option value='sysgm_toalllogged'>"._UDDEIM_SEND_TOALLLOGGED."</option>"; $groups = uddeIMselectAROgroups(); foreach ($groups as $group) { $groupid = $group->id; $groupname = $group->name; echo "<option value='".$groupid."'>".$groupname."</option>"; } echo "</select></p>"; } else { echo "<p><input type='radio' name='sysgm_universe' value='sysgm_toall' />"._UDDEIM_SEND_TOALL."<br />\n"; echo "<input type='radio' name='sysgm_universe' checked='checked' value='sysgm_toallspecial' />"._UDDEIM_SEND_TOALLSPECIAL."<br />\n"; echo "<input type='radio' name='sysgm_universe' checked='checked' value='sysgm_toalladmins' />"._UDDEIM_SEND_TOALLADMINS."<br />\n"; echo "<input type='radio' name='sysgm_universe' value='sysgm_toalllogged' />"._UDDEIM_SEND_TOALLLOGGED."</p>\n"; } echo "<p>"._UDDEIM_VALIDFOR_1; echo "<input name='sysgm_validfor' type='text' size='4' />"._UDDEIM_VALIDFOR_2."</p>\n"; echo "<p>"._UDDEIM_SYSGM_SHORTHELP."</p>\n"; } else { echo "<br />"; echo "<form enctype='multipart/form-data' name='sendeform' method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=save&Itemid=".$item_id)."'>"; echo "<input type='hidden' name='sendeform_showallusers' value='' />\n"; uddeIMwriteCSRF($config); if (uddeIMgetEMNmoderated($myself) ) { //&& uddeIMisReggedOnly($my_gid)) { echo "<p>"._UDDEIM_MCP_MODERATED."</p>"; } } echo "\n"; if($dwf_errorcode==0 && $backto) { echo "<input type='hidden' name='backto' value='".htmlspecialchars($backto)."' />"; } if(!$dwf_sysgm) { if($dwf_isreply!=1) { // if this is NOT a reply echo "<table width='100%' cellspacing='0' cellpadding='0' width='100%'>"; if(0 && $dwf_errorcode==0 && $recipname) { // BUGBUG "0 &&". don't need this case echo "<tr><td valign='top'>"; echo "<b>".$recipname."</b>"; echo "<input type='hidden' name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> "; echo "</td></tr>"; } else { // START FIRST LINE IN TABLE (contains two fields: TO USER and select from ALL USER list) echo "<tr><td valign='top'>"; // if ($dwf_errorcode==0 && $recipname) { // does not really make sense // echo "<a href='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=new&Itemid=".$item_id)."'>"._UDDEIM_TODP."</a>"; // } else { echo "<span title='".($config->allowmultipleuser ? _UDDEIM_TODP_TITLE_CC : _UDDEIM_TODP_TITLE)."'>"; echo _UDDEIM_TODP; // } echo "<br />"; if($dwf_errorcode==2 || $dwf_errorcode==3 || $dwf_errorcode==5 || $dwf_errorcode==6 || $dwf_errorcode==8 || $dwf_errorcode==9 || $dwf_errorcode==10 || $dwf_errorcode==11 || $dwf_errorcode==16 || $dwf_errorcode==17 || $dwf_errorcode==18 || $dwf_errorcode==19 || $dwf_errorcode==20) { $errorstyle='style="background-color: #ff0000;" '; } else { $errorstyle=''; } echo "<input type='hidden' name='to_id' value='' />"; echo "<input type='hidden' name='messageid' value='".$messageid."' />"; if (!($config->flags & 0x04)) { echo "<input type='text' ".$errorstyle."name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> "; } else { echo "<span ".$errorstyle.">".htmlentities($recipname, ENT_QUOTES, $config->charset)."</span>"; echo "<input type='hidden' name='to_name' id='input_to_name' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> "; } echo "</span>"; if ($config->useautocomplete) { uddeIMdoAutocomplete($config); } // SECOND FIELD IN FIRST LINE IN TABLE echo "</td><td valign='top' align='right'>\n"; $allusersallowed = 0; if( ($config->restrictallusers==0) || ($config->restrictallusers==1 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) || ($config->restrictallusers==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ) $allusersallowed=1; if (!($config->flags & 0x01) && $allusersallowed) { if ($config->modeshowallusers==1 || $config->modeshowallusers==2) { if ($dwf_errorcode==0 && $config->modeshowallusers==1) { // link to drop down box with names of connected users, value is 2 since it is shown the first time (so selecting the link does not show an error message because of an empty recipient field) echo "<br />"; echo "<a href=\"#\" onclick=\"document.sendeform.sendeform_showallusers.value='2'; document.sendeform.submit(); return false;\">"._UDDEIM_SHOWUSERS."</a>"; } else { // now show all users uddeIMdoShowAllUsers($myself, $my_gid, $config, 1); } } } echo "</td></tr>"; // START SECOND LINE IN TABLE (colspan=2) if ($dwf_errorcode==3) { echo "<tr><td valign=left colspan=2>"._UDDEIM_NOSUCHUSER."</td></tr>"; } elseif ($dwf_errorcode==2) { echo "<tr><td valign=left colspan=2>"._UDDEIM_NOTTOYOURSELF."</td></tr>"; } elseif ($dwf_errorcode==5) { echo "<tr><td valign=left colspan=2>"._UDDEIM_ENTERNAME."</td></tr>"; } elseif ($dwf_errorcode==6) { echo "<tr><td valign=left colspan=2>"._UDDEIM_TOOMANYRECIPIENTS."</td></tr>"; } elseif ($dwf_errorcode==7) { if ($config->captchatype==0) { echo "<tr><td valign=left colspan=2>"._UDDEIM_WRONGCAPTCHA."</td></tr>"; } else { echo "<tr><td valign=left colspan=2><span style='background-color: #ff0000;'>"._UDDEIM_WRONGCAPTCHA."</span></td></tr>"; } } elseif ($dwf_errorcode==8) { echo "<tr><td valign=left colspan=2>"._UDDEIM_NOPUBLICMSG."</td></tr>"; } elseif ($dwf_errorcode==9) { echo "<tr><td valign=left colspan=2>"._UDDEIM_ONEUSERBLOCKS."</td></tr>"; } elseif ($dwf_errorcode==10) { echo "<tr><td valign=left colspan=2>"._UDDEIM_GROUPBLOCKED."</td></tr>"; } elseif ($dwf_errorcode==11) { echo "<tr><td valign=left colspan=2>"._UDDEIM_NOSUCHLIST."</td></tr>"; } elseif ($dwf_errorcode==12) { echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINFROMNAME."</td></tr>"; } elseif ($dwf_errorcode==13) { echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINEMAIL."</td></tr>"; } elseif ($dwf_errorcode==14) { echo "<tr><td valign=left colspan=2>"._UDDEIM_YOUHAVETOWAIT."</td></tr>"; } elseif ($dwf_errorcode==15) { echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORCSRF."</td></tr>"; } elseif ($dwf_errorcode==16) { echo "<tr><td valign=left colspan=2>"._UDDEIM_USERBLOCKED."</td></tr>"; } elseif ($dwf_errorcode==17) { echo "<tr><td valign=left colspan=2>"._UDDEIM_USERBANNED."</td></tr>"; } elseif ($dwf_errorcode==18) { echo "<tr><td valign=left colspan=2>"._UDDEIM_FILEUPLOAD_FAILED."</td></tr>"; } elseif ($dwf_errorcode==19) { echo "<tr><td valign=left colspan=2>"._UDDEIM_FILESIZE_EXCEEDED."</td></tr>"; } elseif ($dwf_errorcode==20) { echo "<tr><td valign=left colspan=2>"._UDDEIM_FILETYPE_NOTALLOWED."</td></tr>"; } elseif ($dwf_errorcode==21) { echo "<tr><td valign=left colspan=2>"._UDDEIM_BADWORD."</td></tr>"; } // START THIRD LINE IN TABLE WHEN CONNECTIONS AVAILABLE $have_lists=0; if( ($config->enablelists==1) || ($config->enablelists==2 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) || ($config->enablelists==3 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ) $have_lists=1; if (!($config->flags & 0x02)) { if ($config->showconnex || $have_lists) { // if (uddeIMcheckCB() && $showconnex && !($recipname && $dwf_errorcode==0)) { uddeIMdoShowConnections($myself, $my_gid, $config); // this creates a third row in table } } } echo "</table>"; echo "<br />"; } else { // it IS a reply if ($dwf_errorcode) { echo "<table width='100%' cellspacing='0' cellpadding='0'>"; if ($dwf_errorcode==7) { echo "<tr><td valign=left colspan=2>"._UDDEIM_WRONGCAPTCHA."</td></tr>"; } elseif ($dwf_errorcode==13) { echo "<tr><td valign=left colspan=2>"._UDDEIM_ERRORINEMAIL."</td></tr>"; } elseif ($dwf_errorcode==14) { echo "<tr><td valign=left colspan=2>"._UDDEIM_YOUHAVETOWAIT."</td></tr>"; } echo "</table>"; echo "<br />"; } echo "<input type='hidden' name='to_id' value='".htmlentities($recipname, ENT_QUOTES, $config->charset)."' /> "; echo "<input type='hidden' name='messageid' value='".$messageid."' />"; echo "<input type='hidden' name='to_name' value='' />"; } } if(($config->showtextcounter && $config->maxlength) || $config->cryptmode==2 || $config->cryptmode==4) { uddeIMaddScript($pathtosite."/components/com_uddeim/js/uddeimtools.js"); } if($config->allowbb || $config->allowsmile) { uddeIMaddScript($pathtosite."/components/com_uddeim/js/bbsmile.js"); $num = uddeIMdoSmileysEx($config); uddeIMdoBB($config); uddeIMdoSmileys($config, $num); } // well, I think the complete textarea should be red (or only the label? or both?) // if($dwf_errorcode==4) { // $errorstyle=' style="background-color: #ff0000;"'; // } else { $errorstyle=''; // } if($dwf_isreply==1) { echo "<span".$errorstyle.">"._UDDEIM_REPLY."</span>"; } else { echo "<span".$errorstyle.">"._UDDEIM_MESSAGE."</span>"; } echo "<br />"; $thestyle = ""; if ($config->width) $thestyle .= "width: ".(int)$config->width."px; "; if ($dwf_errorcode==4 || $dwf_errorcode==21) $thestyle .= "background-color: #ff0000; "; $errorstyle=""; if ($thestyle!="") $errorstyle="style='".$thestyle."' "; // ================================== TEXTBOX/TEXTCOUNTER ============================== if($config->showtextcounter && $config->maxlength) { $uc = ($config->showtextcounter) ? "textCount(document.sendeform.pmessage,document.sendeform.characterstyped,".$config->maxlength.");" : ""; echo "<textarea name='pmessage' ".$errorstyle."class='inputbox' rows='".(int)$config->rows."' cols='".(int)$config->cols."' onkeydown='".$uc."' onkeyup='".$uc."'>".$pmessage."</textarea>"; echo "<div class='uddeim-textcounter'>"; echo "<input style='background-color: lightgray;' readonly='readonly' type='text' name='characterstyped' size='4' maxlength='4' value='".$config->maxlength."' /> "._UDDEIM_CHARSLEFT; echo "</div>"; } else { echo "<textarea name='pmessage' ".$errorstyle."class='inputbox' rows='".(int)$config->rows."' cols='".(int)$config->cols."'>".$pmessage."</textarea>"; } // ================================== FILE UPLOAD ============================== if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) uddeIMshowUploadButtons($config); // ================================== PASSWORD ============================== // CRYPT if($config->cryptmode==2 || $config->cryptmode==4) { echo "<div class='uddeim-password'>"; echo "<a href='javascript:uddeidswap(\"divpass\");'>"._UDDEIM_PASSWORDBOX."</a>"; echo "<span id='divpass' style='visibility:hidden;'>: <input name='cryptpass' value='' />"._UDDEIM_ENCRYPTIONTEXT."</span>"; echo "</div>"; } // ================================== CAPTCHA ============================== if ( $config->usecaptcha>=4 || // all users (incl. admins) ($config->usecaptcha==3 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) || // CAPTCHA enabled for public frontend, registered and special users ($config->usecaptcha==2 && !uddeIMisSpecial($my_gid) && !uddeIMisSpecial2($my_gid, $config)) ) { // CAPTCHA enabled for public frontend and registered users (note: 0 is not required since this is done in public.php) // CAPTCHA if ($config->captchatype==0) { if($dwf_errorcode==7) { $errorstyle='style="background-color: #ff0000;" '; } else { $errorstyle=''; } echo "<div class='uddeim-captcha'>"; echo "<label for='security_code'>"._UDDEIM_SECURITYCODE." </label><input id='security_code' name='security_code' type='text' ".$errorstyle." /> "; if (class_exists('JFactory')) { // CAPTCHA15 echo "<img style='vertical-align:middle;' src='".$pathtosite."/components/com_uddeim/captcha15.php' alt='' /><br />"; } else { // CAPTCHA10 echo "<img style='vertical-align:middle;' src='".$pathtosite."/components/com_uddeim/captcha.php' alt='' /><br />"; } echo "</div>"; } else { $pathtouser = uddeIMgetPath('user'); require_once($pathtouser."/recaptchalib.php"); echo "<div class='uddeim-captcha'>"; echo recaptcha_get_html($config->recaptchapub); echo "</div>"; } } // ================================== Show the SEND OPTIONS ============================== $showoptions = ($config->trashoriginal && $dwf_isreply==1) || ($config->trashoriginalsent && !$dwf_sysgm) || ($config->allowcopytome && !$dwf_sysgm) || ($config->addccline && $config->allowmultipleuser && !$dwf_sysgm) || ($config->allowemailnotify && $config->emailwithmessage==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) || ($config->allowemailnotify && $dwf_sysgm); if ($showoptions) { echo "<div class='uddeim-sendoption'>"; } if($config->trashoriginal && $dwf_isreply==1) { echo "<input type='checkbox' value='1' checked='checked' name='tobedeleted' />"._UDDEIM_TRASHORIGINAL." "; } if($config->trashoriginalsent && !$dwf_sysgm) { echo "<input type='checkbox' value='1' name='tobedeletedsent' />"._UDDEIM_TRASHORIGINALSENT." "; } if($config->allowcopytome && !$dwf_sysgm) { echo "<input type='checkbox' value='1' name='copytome' />"._UDDEIM_SENDCOPYTOME." "; } if($config->addccline && $config->allowmultipleuser && !$dwf_sysgm) { echo "<span title='"._UDDEIM_ADDCCINFO_TITLE."'>"; echo "<input type='checkbox' value='1' checked='checked' name='addccinfo' />"._UDDEIM_ADDCCINFO; echo "</span>"; } // Email notifications must be on AND emailwithmessage for admins AND its an admin if($config->allowemailnotify && $config->emailwithmessage==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) { echo "<span title='"._UDDEAIM_ADDEMAIL_TITLE."'>"; echo "<input type='checkbox' value='1' name='forceembedded' />"._UDDEAIM_ADDEMAIL_SELECT; echo "</span>"; } if($config->allowemailnotify && $dwf_sysgm) { echo "<span><input type='checkbox' value='1' name='sysgm_nonotify' />"._UDDEIM_SEND_NONOTIFY."</span>\n"; } if ($showoptions) { echo "</div>"; } // ================================== SEND BUTTON ============================== echo "<div class='uddeim-sendbutton'>"; // when going back one page (history(-1)) the button stays disabled // echo "<input type='submit' name='reply' class='button' onclick=\"this.disabled=true;this.value='"._UDDEIM_PROCESSING."';this.form.submit();\" value='"._UDDEIM_SUBMIT."' /> "; echo "<input type='submit' name='reply' class='button' value='"._UDDEIM_SUBMIT."' /> "; echo "</div>"; echo "</form>\n"; echo "</div>\n"; // end of uddeim-writeform }
/** * Sends a PM notification * * @param cbmypmsproTable $pm * @param null|string $message */ private function sendNotification($pm, $message = null) { if (!$pm->get('id')) { return; } $itemId = uddeIMgetItemid($this->uddeIMConfigRAW); if (!uddeIMexistsEMN($pm->get('toid'))) { uddeIMinsertEMNdefaults($pm->get('toid'), $this->uddeIMConfigRAW); } $emailNotify = $this->uddeIMConfig->get('allowemailnotify', 0); $isModerated = uddeIMgetEMNmoderated($pm->get('fromid')); $isReply = stristr($pm->get('message'), $this->uddeIMConfig->get('quotedivider'), '__________'); $isOnline = uddeIMisOnline($pm->get('toid')); // Strip the html and bbcode as uddeim supports neither in its notification: $message = strip_tags(uddeIMbbcode_strip($message ? $message : $pm->get('message'), $this->uddeIMConfigRAW)); if (!$isModerated) { if ($emailNotify == 1 || $emailNotify == 2 && Application::User($pm->get('toid'))->isSuperAdmin()) { $status = uddeIMgetEMNstatus($pm->get('toid')); if ($status == 1 || $status == 2 && !$isOnline || $status == 10 && !$isReply || $status == 20 && !$isOnline && !$isReply) { uddeIMdispatchEMN($pm->get('id'), $itemId, 0, $pm->get('fromid'), $pm->get('toid'), $message, 0, $this->uddeIMConfigRAW); } } } }
function uddeIMsaveMessage($myself, $to_name, $to_id, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $copytome, $addccinfo, $sendeform_showallusers, $cryptpass, $backto, $config) { $database = uddeIMgetDatabase(); $to_name = stripslashes($to_name); // I could have modified this function to process mails to public users but instead of adding // several exceptions it is better to have an own function for this purpose. // Everything we need is available here, so we can use this for the new function. // When we have the public frontend enabled and the user saves a REPLY (=$messageid exists) and the receiver is a public user then do it... if ($config->pubfrontend && $messageid && !$to_id) { uddeIMtoPublicSaveMessage($myself, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $copytome, $cryptpass, $backto, $config); return; } $my_gid = $config->usergid; $to_name_bak = $to_name; // save all already typed in names if($config->inboxlimit) { if ($config->allowarchive) { // have an archive and an "archive and inbox" limit, so get number of messages in inbox and archive $total = uddeIMgetInboxArchiveCount($myself); } else { // user has switched of archive but there is an limit for "inbox and archive", so count inbox messages only $total = uddeIMgetInboxCount($myself); } if($total>$config->maxarchive && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) { $mosmsg=_UDDEIM_MSGLIMITREACHED; uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg); } } // link to drop down box with names of connected users, value is 2 since it is shown the first time (so selecting the link does not show an error message because of an empty recipient field) if(!$to_id && !$to_name && $sendeform_showallusers!=2) { // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 5, $config); return; } if($sendeform_showallusers) { // =2, click on button / =1, keep on showing // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 1, $config); return; } $lastsent = uddeIMgetEMNlastsent($myself); $flooding = 0; if ($config->timedelay>0) { if (uddeIMisReggedOnly($config->usergid)) { if ($lastsent) { $delay = uddetime($config->timezone) - $lastsent; if ($delay <= $config->timedelay) $flooding = 1; } } } if($flooding) { // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 14, $config); return; } if( ($config->enablelists==1) || ($config->enablelists==2 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) || ($config->enablelists==3 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) ) { // when userlists are not enabled, then "#listname" is treated as "normal" username $ok = uddeIMreplaceListsWithNames($to_name, $myself, $config); if (!$ok) { // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 11, $config); return; } // the list is ok, so we work with the expanded names from now $to_name_bak = $to_name; // save all expanded names, we do not want to work with lists because this minimizes db queries } if ($config->separator==1) $anames = explode(";", $to_name); else $anames = explode(",", $to_name); // expand always, so the next condition may be fulfilled if( ( $config->allowmultiplerecipients && count($anames)>$config->maxrecipients && $config->maxrecipients>0) || (!$config->allowmultiplerecipients && count($anames)>1) ) { // too many recipients // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 6, $config); return; } // FIRST ROUND: Check all names that were typed in (lists have been replaced by the corresponding names) // ATTENTION: $to_name contains one name only below this line, to restore what the user typed in use $to_name_bak // NOTE: A reply contains a valid $to_id and an emtpy string in $to_name, so the array contains an empty entry here. foreach ($anames as $value) { $to_name = trim($value); // when we have a name, then resolve the name // remember that replies provide $to_id only and $to_name is empty, so do not try to resolve names when it is empty if ($to_name) { $to_id = uddeIMgetIDfromName($to_name, $config, true); // add "AND block=0" // BUGBUG: maybe it is a good idea to do the query vice versa (so I could add a query for "realname"s here) if (!$to_id) { // no user with this name found, so try again with username (maybe we do the query twice (see query above, but who cares) if ($config->realnames) { $to_id = uddeIMgetIDfromUsername($to_name, true); // add "AND block=0" } } if(!$to_id) { // no user with this username found // display to form again so that the user can correct his/her fault // the wrong name is displayed in brackets (add brackets only once) if (substr($to_name,0,1)!="(") { $to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak); } // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 3, $config); return; } elseif ($to_id==$myself) { // don't send to yourself if (substr($to_name,0,1)!="(") { $to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak); } // write the uddeim menu // $to_name=stripslashes($to_name_bak); // all names uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 2, $config); return; } } // now check banning if (uddeIMisAllNotAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) { // I am not an admin, so check if the recipient has been banned $is_banned = uddeIMisBanned($to_id, $config); if ($is_banned) { if (substr($to_name,0,1)!="(") { $to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak); } // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 17, $config); return; } } // now check blocking $isblocked = uddeIMcheckBlockerBlocked($to_id, $myself); // well, should be changed in a way that the user can change his input again if ($isblocked && $config->blocksystem) { // must not send message to to_id if ($config->blockalert) { // sending user shall be informed that (s)he's been blocked if (substr($to_name,0,1)!="(") { $to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak); } // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 9, $config); return; } } // now check group blocking if (uddeIMisReggedOnly($my_gid)) { // I am a registered user, so check if I am allowed to send to this group $is_group_blocked = uddeIMisRecipientBlockedReg($myself, $to_id, $config); if ($is_group_blocked) { if (substr($to_name,0,1)!="(") { $to_name = str_replace($to_name, "(".$to_name.")", $to_name_bak); } // write the uddeim menu uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 10, $config); return; } } } if(!$pmessage) { // write the uddeim menu $to_name = $to_name_bak; uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 4, $config); return; } // BADWORDFILTER $temp = trim($config->badwords); if ($temp) { $badwordlist = explode(";", $temp); //$badwordlist = Array(); //$badwordlist[] = 'badword1'; //$badwordlist[] = 'badword2'; $pmessage_orig = $pmessage; foreach ($badwordlist as $val) { $tval = trim($val); $pmessage = preg_replace("/\b$tval\b/i", '***',$pmessage); } if ($pmessage_orig!=$pmessage) { $to_name = $to_name_bak; uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 21, $config); return; } } // UDDEIMFILE // We have checked that everything is ok, now do the file uploads $uploadfile_temppathname = array(); $uploadfile_original = array(); $uploadfile_id = array(); $uploadfile_size = array(); $uploadfile_error = array(); if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) { $noerror = uddeIMhandleAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $uploadfile_error, $config); if (!$noerror) { // something goes wrong // BUGBUG: that is not the best error handling possible but is will do the work // iterate through all errorcodes and show the first error found, rest of data will be lost // ==> delete all files that were uploaded ok while (list($key, $value) = each( $uploadfile_temppathname )) { if (file_exists($value)) unlink($value); } while (list($key, $value) = each( $uploadfile_error )) { if ($value==-1) { // upload failed uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 18, $config); return; } if ($value==-2) { // file size exceeded uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 19, $config); return; } if ($value==-3) { // file type not allowed uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 20, $config); return; } } $uploadfile_temppathname = array(); // should never been reached when an error occurs but neverthless destroy old arrays $uploadfile_original = array(); $uploadfile_id = array(); $uploadfile_size = array(); $uploadfile_error = array(); } } // The uploaded file is stored in "$uploadfile_tempname" (with path) ad the original name in "$uploadfile_original" (without path) and an Id for the file. // When we reach this line we can store these fileames in the DB. if(!$to_id) { // this should never be reached $mosmsg = _UDDEIM_NOID; uddeJSEFredirect("index.php?option=com_uddeim&task=new&Itemid=".$item_id, $mosmsg); } // CAPTCHA (first check for all other errors and then the CAPTCHA) if (!uddeIMcheckCAPTCHA($my_gid, $config)) { $to_name = $to_name_bak; uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 7, $config); return; } if (!uddeIMcheckCSRF($config)) { $to_name = $to_name_bak; uddeIMmenuWriteform($myself, $my_gid, $item_id, $to_name, $pmessage, 15, $config); return; } foreach ($anames as $value) { $to_name = trim($value); if ($to_name) { $to_id = uddeIMgetIDfromName($to_name, $config, true); // add "AND block=0" // BUGBUG: maybe it is a good idea to do the query vice versa (so I could add a query for "realname"s here) if (!$to_id) { // no user with this name found, so try again with username (maybe we do the query twice (see query above, but who cares) if ($config->realnames) { $to_id = uddeIMgetIDfromUsername($to_name, true); // add "AND block=0" } } } if (!$to_id) { // that should never happen, but you never know... $mosmsg=_UDDEIM_NOID; uddeJSEFredirect("index.php?option=com_uddeim&task=new&Itemid=".$item_id, $mosmsg); } // now check blocking $isblocked = uddeIMcheckBlockerBlocked($to_id, $myself); if ($isblocked && $config->blocksystem) { // must not send message to to_id continue; } $savedatum = uddetime($config->timezone); $savetoid = $to_id; $savefromid = $myself; // CRYPT if ($config->cryptmode>=1) { // because of encoding do not use slashes $savemessage=strip_tags($pmessage); } else { $savemessage=addslashes(strip_tags($pmessage)); // original 0.6+ } $savemessage = uddeIMRemoveXSS($savemessage); if (!$config->allowbb) $savemessage=uddeIMbbcode_strip($savemessage); // set message max length if ($config->maxlength>0) // because if 0 do not use any maxlength $savemessage=uddeIM_utf8_substr($config->languagecharset, $savemessage, 0, $config->maxlength); // add CC: information if ($config->allowmultipleuser && $addccinfo && count($anames)>1) { $ccinfo = implode(", ", $anames); if ($config->allowbb) $ccheader = "\n\n[i]"._UDDEIM_CC." ".(($config->cryptmode>=1) ? $ccinfo : addslashes($ccinfo))."[/i]"; else $ccheader = "\n\n"._UDDEIM_CC." ".(($config->cryptmode>=1) ? $ccinfo : addslashes($ccinfo)).""; $savemessage .= $ccheader; } // ################################################################################################## // SAVE MESSAGE // ################################################################################################## uddeIMemit("onSaveMessage", Array( "fromid" => $savefromid, "toid" => $savetoid, "replyid" => $messageid ) ); $insID = uddeIMsaveRAWmessage($savefromid, $savetoid, $messageid, $savemessage, $savedatum, $config, $config->cryptmode, $cryptpass); // update lastsent field (record already exists since we check this at the very beginning of this component) uddeIMupdateEMNlastsent($myself, uddetime($config->timezone)); // When the account is moderated, delay the message $ismoderated = uddeIMgetEMNmoderated($myself); if ($ismoderated) { // && uddeIMisReggedOnly($my_gid)) { uddeIMupdateDelayed($myself, $insID, 1); } // Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver. // Note: Not necessary for "copy to myself" sind the record for the current user has been set at the very beginning... if ($config->modnewusers>0 || $config->notifydefault>0 || $config->popupdefault>0 || $config->pubfrontenddefault>0 || $config->autoresponder>0 || $config->autoforward>0) { if (!uddeIMexistsEMN($savetoid)) uddeIMinsertEMNdefaults($savetoid, $config); } // get the group ID of the recipient $rec_gid = uddeIMgetGID((int)$savetoid); // UDDEIMFILE // Now save the uploads if (count($uploadfile_temppathname)>=1) { $num = count($uploadfile_temppathname); uddeIMemit("onSaveMessageAttachment", Array( "num" => $num, "fromid" => $savefromid, "toid" => $savetoid, "replyid" => $messageid ) ); } if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) uddeIMsaveAttachments($insID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config); // ################################################################################################## // autoforward code // ################################################################################################## if ($config->autoforward==1 || ($config->autoforward==2 && (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config))) || ($config->autoforward==3 && (uddeIMisSpecial($my_gid) || uddeIMisSpecial2($my_gid, $config))) ) { $ison = uddeIMgetEMNautoforward($savetoid); // recipient has autoforward enabled if ($ison==1) { $autoforwardid = uddeIMgetEMNautoforwardid($savetoid); // new recipient if (uddeIMgetUserExists($autoforwardid)) { if (!uddeIMgetUserBlock($autoforwardid)) { $temp = uddeIMgetNameFromID($savetoid, $config); $temp = (($config->cryptmode>=1) ? $temp : addslashes($temp)); if ($config->allowbb) $forwardheader="\n\n[i]("._UDDEIM_THISISAFORWARD.$temp.")[/i]"; else $forwardheader="\n\n("._UDDEIM_THISISAFORWARD.$temp.")"; $savemessagecopy = $savemessage.$forwardheader; $insIDforward = uddeIMsaveRAWmessage($savefromid, $autoforwardid, 0, $savemessagecopy, $savedatum, $config, $config->cryptmode, $cryptpass); // When the account is moderated, delay also the forwarded message if (uddeIMgetEMNmoderated($myself) ) { // && uddeIMisReggedOnly($my_gid)) { uddeIMupdateDelayed($myself, $insIDforward, 1); } // UDDEIMFILE if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) uddeIMsaveAttachments($insIDforward, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config); } } } } // ################################################################################################## // copy to myself? // ################################################################################################## if($copytome && $config->allowcopytome) { $to_name = uddeIMgetNameFromID($savetoid, $config); // set reply id if necessary (also copy2me messages might be replies) $replyid = $messageid; $temp = (($config->cryptmode>=1) ? $to_name : addslashes($to_name)); if ($config->allowbb) $copyheader="\n\n[i]("._UDDEIM_THISISACOPY.$temp.")[/i]"; else $copyheader="\n\n("._UDDEIM_THISISACOPY.$temp.")"; $savemessagecopy = $savemessage.$copyheader; $copyname = _UDDEIM_TO_SMALL." ".$temp; // "to username" in systemmsg // if($config->allowarchive) { $archiveflag=1; } // it is a copy to myself, so assume that the message has already been trashed in the senders outbox (remember: system messages are not shown in the outbox) // so set totrashoutbox=1, totrashdateoutbox=uddetime($config->timezone) // CRYPT $themode=0; if ($config->cryptmode==1) { $cm = uddeIMencrypt($savemessagecopy,$config->cryptkey,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm."', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",1,'".md5($config->cryptkey)."')"; } elseif ($config->cryptmode==2) { $themode=2; $thepass=$cryptpass; if (!$thepass) { // no password entered, then fallback to obfuscating $themode=1; $thepass=$config->cryptkey; } $cm = uddeIMencrypt($savemessagecopy,$thepass,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm. "', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",".$themode.",'".md5($thepass)."')"; } elseif ($config->cryptmode==3) { $cm = uddeIMencrypt($savemessagecopy,"",CRYPT_MODE_STOREBASE64); $sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm."', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",3)"; } elseif ($config->cryptmode==4) { $themode=4; $thepass=$cryptpass; $cipher = CRYPT_MODE_3DESBASE64; if (!$thepass) { // no password entered, then fallback to obfuscating $themode=1; $thepass=$config->cryptkey; $cipher = CRYPT_MODE_BASE64; } $cm = uddeIMencrypt($savemessagecopy,$thepass,$cipher); $sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$cm. "', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.",".$themode.",'".md5($thepass)."')"; } else { $sql="INSERT INTO #__uddeim (fromid, toid, replyid, toread, message, datum, disablereply, systemflag, systemmessage, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savefromid.", ".(int)$savefromid.", ".(int)$replyid.", 1, '".$savemessagecopy."', ".$savedatum.", 1, 2, '".$copyname."', 1,".$savedatum.")"; } $database->setQuery($sql); if (!$database->query()) { die("SQL error when attempting to save a message" . $database->stderr(true)); } // UDDEIMFILE $insCopyID = $database->insertid(); if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) uddeIMsaveAttachments($insCopyID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config); } // ################################################################################################## // autoresponder // ################################################################################################## if ($config->autoresponder==1 || ($config->autoresponder==2 && (uddeIMisAdmin($rec_gid) || uddeIMisAdmin2($rec_gid, $config)))) { $ison = uddeIMgetEMNautoresponder($savetoid); if ($ison==1) { // NOTE: An autoresponder message is created and the outbox message is marked deleted. // This is not a bug since in my opinion it does not make sense to store autoresponder messages AND the received message. $autorespondertext = uddeIMgetEMNautorespondertext($savetoid); $savemessage2=addslashes(strip_tags($autorespondertext)); // $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $savemessage ."', ".$savedatum.", 1,".$savedatum.")"; $themode=0; if ($config->cryptmode==1) { $themode=1; $thepass=$config->cryptkey; $cm = uddeIMencrypt($savemessage2,$config->cryptkey,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.",".$themode.",'".md5($thepass)."')"; } elseif ($config->cryptmode==2) { // no password entered, then fallback to obfuscating $themode=1; $thepass=$config->cryptkey; $cm = uddeIMencrypt($savemessage2,$thepass,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.",".$themode.",'".md5($thepass)."')"; } elseif ($config->cryptmode==3) { $cm = uddeIMencrypt($savemessage2,"",CRYPT_MODE_STOREBASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.", 3)"; } elseif ($config->cryptmode==4) { // no password entered, then fallback to obfuscating $themode=1; $thepass=$config->cryptkey; $cm = uddeIMencrypt($savemessage2,$thepass,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.",".$themode.",'".md5($thepass)."')"; } else { $cm = $savemessage2; $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savetoid.", ".(int)$savefromid.", '". $cm ."', ".$savedatum.", 1,".$savedatum.")"; } $database->setQuery($sql); if (!$database->query()) { die("SQL error when attempting to save a message" . $database->stderr(true)); } } } // ################################################################################################## // email notification // ################################################################################################## // is this a reply? $itisareply = stristr($savemessage, $config->quotedivider); // is the receiver currently online? $currentlyonline = uddeIMisOnline($savetoid); if ($config->cryptmode>=1) { $email=stripslashes($savemessage); } else { $email=stripslashes(stripslashes($savemessage)); // without encoding remove the safety slashes } if ($config->emailwithmessage==2 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config) || $config->emailwithmessage==1 || $config->emailwithmessage==0) $forceembedded = 0; $type = 0; // 0=normal message, 1=forgetmenot, 2=admin forces text if ($forceembedded) $type = 2; // admin forces // BUGBUG: it would be better to have the correct cryptmode here (it might be 1 when no password has been entered, otherwise 2 if($config->allowemailnotify==1 && !$ismoderated) { $ison = uddeIMgetEMNstatus($savetoid); if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10 && !$itisareply) || ($ison==20 && !$currentlyonline && !$itisareply)) { uddeIMdispatchEMN($insID, $item_id, $config->cryptmode, $savefromid, $savetoid, $email, $type, $config); // 0 stands for normal (not forgetmenot) } } elseif($config->allowemailnotify==2 && !$ismoderated) { if (uddeIMisAdmin($rec_gid) || uddeIMisAdmin2($rec_gid, $config)) { $ison = uddeIMgetEMNstatus($savetoid); if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10 && !$itisareply) || ($ison==20 && !$currentlyonline && !$itisareply)) { uddeIMdispatchEMN($insID, $item_id, $config->cryptmode, $savefromid, $savetoid, $email, $type, $config); // 0 stands for normal (not forgetmenot) } } } if ($tobedeletedsent) { $deletetime=uddetime($config->timezone); uddeIMdeleteMessageFromOutbox($myself, $insID, $deletetime); } } // delete original message? if ($tobedeleted) { $deletetime=uddetime($config->timezone); uddeIMdeleteMessageFromInbox($myself, $messageid, $deletetime); } if($messageid) { $mosmsg=_UDDEIM_MESSAGE_REPLIEDTO; } else { $mosmsg=_UDDEIM_MESSAGE_SENT; } if ($tobedeleted) { $mosmsg.=_UDDEIM_MOVEDTOTRASH; } if($backto) { uddeIMmosRedirect($backto, $mosmsg); } uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg); }