/**
* Contact::ContactFriendForm()
*
* @param integer $listing_id This should hold the listing ID that you aer emailing your friend about.
* @return
*/
function ContactFriendForm($listing_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$error = array();
if (isset($_POST['message'])) {
// Make sure there is a message
if ($_SESSION['security_code'] != md5($_POST['security_code']) && $config["use_email_image_verification"] == 1) {
$error[] = 'email_verification_code_not_valid';
}
if (trim($_POST['name']) == '') {
$error[] = 'email_no_name';
}
if (trim($_POST['email']) == '') {
$error[] = 'email_no_email_address';
} elseif ($misc->validate_email($_POST['email']) !== true) {
$error[] = 'email_invalid_email_address';
}
if (trim($_POST['friend_email']) == '') {
$error[] = 'email_no_email_address';
} elseif ($misc->validate_email($_POST['friend_email']) !== true) {
$error[] = 'email_invalid_email_address';
}
if (trim($_POST['subject']) == '') {
$error[] = 'email_no_subject';
}
if (trim($_POST['message']) == '') {
$error[] = 'email_no_message';
}
}
if (count($error) == 0 && isset($_POST['message'])) {
// Send Mail
$sent = $misc->send_email($_POST['name'], $_POST['email'], $_POST['friend_email'], $_POST['message'], $_POST['subject']);
if ($sent === true) {
$display .= $lang['email_listing_sent'] . ' ' . $_POST['friend_email'];
} else {
$display .= $sent;
}
} else {
if (count($error) != 0) {
foreach ($error as $err) {
$display .= '<div class="error_text">' . $lang[$err] . '</div>';
}
}
$name = '';
$email = '';
$subject = '';
// $friend_name = '';
$friend_email = '';
$message = '';
if (isset($_POST['message'])) {
$email = stripslashes($_POST['email']);
$name = stripslashes($_POST['name']);
$message = stripslashes($_POST['message']);
$subject = stripslashes($_POST['subject']);
// $friend_name = $_POST['friend_name'];
$friend_email = stripslashes($_POST['friend_email']);
} else {
$subject = $lang['email_in_reference_to_listing'] . $listing_id;
$message = $lang['email_listing_default_message'] . "\r\n\r\n" . $config['baseurl'] . '/index.php?action=listingview&listingID=' . $listing_id;
}
$display .= '<form name="contact_friend" method="post" action="index.php?action=contact_friend&popup=yes&listing_id=' . $listing_id . '">
<table border="0" cellspacing="2" cellpadding="4">
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="name">' . $lang['email_your_name'] . ' </label>
<input id="name" name="name" value="' . htmlentities($name) . '" type="text" size="50">
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_your_email'] . ' </label>
<input id="email" name="email" value="' . htmlentities($email) . '" type="text" size="50">
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_friend_email'] . ' </label>
<input id="email" name="friend_email" value="' . htmlentities($friend_email) . '" type="text" size="50">
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="subject">' . $lang['email_your_subject'] . '</label>
<input id="subject" name="subject" value="' . htmlentities($subject) . '" type="text" size="50">
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="message">' . $lang['email_your_message'] . '</label>
<br />
<br />
<textarea id="message" name="message" rows="5" cols="50">' . htmlentities($message) . '</textarea>
</td>
</tr>
</tr>';
if ($config["use_email_image_verification"] == 1) {
$display .= '<tr>
<td colspan="2"><img src="' . $config['baseurl'] . '/include/class/captcha/captcha_image.php" /></td>
</tr>
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="security_code">' . $lang['email_verification_code'] . '</label>
<input id="security_code" name="security_code" type="text" />
</td>
</tr>';
}
$display .= '<tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="' . $lang['email_send'] . '">
</td>
</tr>
</table>
</form>';
}
return $display;
}
function forgot_password()
{
global $config, $lang, $conn;
$email = $_POST['email'];
if (is_string($email)) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$valid = $misc->validate_email($email);
if ($valid) {
$email = $misc->make_db_safe($email);
// Verify the user has not tried to reset more then 3 times in 24 hours.
$sql = "SELECT forgot_id FROM " . $config['table_prefix_no_lang'] . "forgot WHERE forgot_email = {$email} AND forgot_time > NOW() - INTERVAL 1 DAY";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($recordSet->Recordcount() > 3) {
return $lang['to_many_password_reset_attempts'];
}
if ($config["demo_mode"] == 1) {
return $lang['password_reset_denied_demo_mode'];
}
$sql = "SELECT userdb_user_name, userdb_emailaddress FROM " . $config['table_prefix'] . "userdb WHERE userdb_emailaddress=" . $email;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num = $recordSet->RecordCount();
if ($num == 1) {
$forgot_rand = mt_rand(100000, 999999);
$user_email = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
$user_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']);
$sql = "INSERT INTO " . $config['table_prefix_no_lang'] . "forgot (forgot_rand, forgot_email) VALUES ({$forgot_rand},'{$user_email}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$forgot_link = $config['baseurl'] . '/admin/index.php?action=forgot&id=' . $forgot_rand . '&email=' . $user_email;
$message = $lang['your_username'] . "\r\n\r\n";
$message .= $user_name . "\r\n\r\n";
$message .= $lang['click_to_reset_password'] . "\r\n\r\n";
$message .= $forgot_link . "\r\n\r\n";
$message .= $lang['link_expires'] . "\r\n\r\n";
$header = "From: " . $config['admin_name'] . " <" . $config['admin_email'] . ">\r\n";
$header .= "X-Sender: {$config['admin_email']}\r\n";
$header .= "Return-Path: {$config['admin_email']}\r\n";
mail($user_email, $lang['forgotten_password'], $message, $header);
return $lang['check_your_email'];
} else {
return '<font color="red">' . $lang['email_invalid_email_address'] . '</font>';
}
} else {
return $lang['email_invalid_email_address'];
}
}
}
