function sendmail($con_id, $option) { global $mainframe, $database, $Itemid; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_db; // simple spoof check security josSpoofCheck(1); $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE id = " . (int) $con_id; $database->setQuery($query); $contact = $database->loadObjectList(); if (count($contact) > 0) { $default = $mosConfig_sitename . ' ' . _ENQUIRY; $email = strval(mosGetParam($_POST, 'email', '')); $text = strval(mosGetParam($_POST, 'text', '')); $name = strval(mosGetParam($_POST, 'name', '')); $subject = strval(mosGetParam($_POST, 'subject', $default)); $email_copy = strval(mosGetParam($_POST, 'email_copy', 0)); $menu = $mainframe->get('menu'); $mparams = new mosParameters($menu->params); $bannedEmail = $mparams->get('bannedEmail', ''); $bannedSubject = $mparams->get('bannedSubject', ''); $bannedText = $mparams->get('bannedText', ''); $sessionCheck = $mparams->get('sessionCheck', 1); // check for session cookie if ($sessionCheck) { // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) { mosErrorAlert(_NOT_AUTH); } } // Prevent form submission if one of the banned text is discovered in the email field if ($bannedEmail) { $bannedEmail = explode(';', $bannedEmail); foreach ($bannedEmail as $value) { if (stristr($email, $value)) { mosErrorAlert(_NOT_AUTH); } } } // Prevent form submission if one of the banned text is discovered in the subject field if ($bannedSubject) { $bannedSubject = explode(';', $bannedSubject); foreach ($bannedSubject as $value) { if (stristr($subject, $value)) { mosErrorAlert(_NOT_AUTH); } } } // Prevent form submission if one of the banned text is discovered in the text field if ($bannedText) { $bannedText = explode(';', $bannedText); foreach ($bannedText as $value) { if (stristr($text, $value)) { mosErrorAlert(_NOT_AUTH); } } } // test to ensure that only one email address is entered $check = explode('@', $email); if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) { mosErrorAlert(_CONTACT_MORE_THAN); } if (!$email || !$text || JosIsValidEmail($email) == false) { mosErrorAlert(_CONTACT_FORM_NC); } $prefix = sprintf(_ENQUIRY_TEXT, $mosConfig_live_site); $text = $prefix . "\n" . $name . ' <' . $email . '>' . "\n\n" . stripslashes($text); $success = mosMail($email, $name, $contact[0]->email_to, $mosConfig_fromname . ': ' . $subject, $text); if (!$success) { mosErrorAlert(_CONTACT_FORM_NC); } // parameter check $params = new mosParameters($contact[0]->params); $emailcopyCheck = $params->get('email_copy', 0); // check whether email copy function activated if ($email_copy && $emailcopyCheck) { $copy_text = sprintf(_COPY_TEXT, $contact[0]->name, $mosConfig_sitename); $copy_text = $copy_text . "\n\n" . $text . ''; $copy_subject = _COPY_SUBJECT . $subject; $success = mosMail($mosConfig_mailfrom, $mosConfig_fromname, $email, $copy_subject, $copy_text); if (!$success) { mosErrorAlert(_CONTACT_FORM_NC); } } $link = sefRelToAbs('index.php?option=com_contact&task=view&contact_id=' . $contact[0]->id . '&Itemid=' . $Itemid); mosRedirect($link, _THANK_MESSAGE); } }
/** * Shows the email form for a given content item. * @param int The content item id */ function emailContentSend($uid, $gid) { global $database, $mainframe; global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail; $id = intval(mosGetParam($_REQUEST, 'id', 0)); if ($id) { $query = 'SELECT attribs FROM #__content WHERE `id`=' . $id; $database->setQuery($query); $params = new mosParameters($database->loadResult()); } else { $params = new mosParameters(''); } $paramEmail = intval($params->get('email', 0)); if ($mosConfig_hideEmail && !$paramEmail) { echo _NOT_AUTH; return; } // simple spoof check security josSpoofCheck(1); // check for session cookie // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) { mosErrorAlert(_NOT_AUTH); } $itemid = intval(mosGetParam($_POST, 'itemid', 0)); $now = _CURRENT_SERVER_TIME; $nullDate = $database->getNullDate(); // query to check for state and access levels $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $uid . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )"; $database->setQuery($query); $row = NULL; if ($database->loadObject($row)) { /* * check whether category is published */ if (!$row->cat_pub && $row->catid) { mosNotAuth(); return; } /* * check whether section is published */ if (!$row->sec_pub && $row->sectionid) { mosNotAuth(); return; } /* * check whether category access level allows access */ if ($row->cat_access > $gid && $row->catid) { mosNotAuth(); return; } /* * check whether section access level allows access */ if ($row->sec_access > $gid && $row->sectionid) { mosNotAuth(); return; } $email = strval(mosGetParam($_POST, 'email', '')); $yourname = strval(mosGetParam($_POST, 'yourname', '')); $youremail = strval(mosGetParam($_POST, 'youremail', '')); $subject = strval(mosGetParam($_POST, 'subject', '')); if (empty($subject)) { $subject = _EMAIL_INFO . ' ' . $yourname; } if ($uid < 1 || !$email || !$youremail || JosIsValidEmail($email) == false || JosIsValidEmail($youremail) == false) { mosErrorAlert(_EMAIL_ERR_NOINFO); } $query = "SELECT template" . "\n FROM #__templates_menu" . "\n WHERE client_id = 0" . "\n AND menuid = 0"; $database->setQuery($query); $template = $database->loadResult(); // determine Itemid for Item if ($itemid) { $_itemid = '&Itemid=' . $itemid; } else { $itemid = $mainframe->getItemid($uid, 0, 0); $_itemid = '&Itemid=' . $itemid; } // link sent in email $link = sefRelToAbs('index.php?option=com_content&task=view&id=' . $uid . $_itemid); // message text $msg = sprintf(_EMAIL_MSG, html_entity_decode($mosConfig_sitename, ENT_QUOTES), $yourname, $youremail, $link); // mail function $success = mosMail($youremail, $yourname, $email, $subject, $msg); if (!$success) { mosErrorAlert(_EMAIL_ERR_NOINFO); } HTML_content::emailSent($email, $template); } else { mosNotAuth(); return; } }
/** * Mail function (uses phpMailer) * @param string From e-mail address * @param string From name * @param string/array Recipient e-mail address(es) * @param string E-mail subject * @param string Message body * @param boolean false = plain text, true = HTML * @param string/array CC e-mail address(es) * @param string/array BCC e-mail address(es) * @param string/array Attachment file name(s) * @param string/array ReplyTo e-mail address(es) * @param string/array ReplyTo name(s) * @return boolean */ function mosMail($from, $fromname, $recipient, $subject, $body, $mode = 0, $cc = NULL, $bcc = NULL, $attachment = NULL, $replyto = NULL, $replytoname = NULL) { global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_debug; // Allow empty $from and $fromname settings (backwards compatibility) if ($from == '') { $from = $mosConfig_mailfrom; } if ($fromname == '') { $fromname = $mosConfig_fromname; } // Filter from, fromname and subject if (!JosIsValidEmail($from) || !JosIsValidName($fromname) || !JosIsValidName($subject)) { return false; } $mail = mosCreateMail($from, $fromname, $subject, $body); // activate HTML formatted emails if ($mode) { $mail->IsHTML(true); } if (is_array($recipient)) { foreach ($recipient as $to) { if (!JosIsValidEmail($to)) { return false; } $mail->AddAddress($to); } } else { if (!JosIsValidEmail($recipient)) { return false; } $mail->AddAddress($recipient); } if (isset($cc)) { if (is_array($cc)) { foreach ($cc as $to) { if (!JosIsValidEmail($to)) { return false; } $mail->AddCC($to); } } else { if (!JosIsValidEmail($cc)) { return false; } $mail->AddCC($cc); } } if (isset($bcc)) { if (is_array($bcc)) { foreach ($bcc as $to) { if (!JosIsValidEmail($to)) { return false; } $mail->AddBCC($to); } } else { if (!JosIsValidEmail($bcc)) { return false; } $mail->AddBCC($bcc); } } if ($attachment) { if (is_array($attachment)) { foreach ($attachment as $fname) { $mail->AddAttachment($fname); } } else { $mail->AddAttachment($attachment); } } //Important for being able to use mosMail without spoofing... if ($replyto) { if (is_array($replyto)) { reset($replytoname); foreach ($replyto as $to) { $toname = (list($key, $value) = each($replytoname)) ? $value : ''; if (!JosIsValidEmail($to) || !JosIsValidName($toname)) { return false; } $mail->AddReplyTo($to, $toname); } } else { if (!JosIsValidEmail($replyto) || !JosIsValidName($replytoname)) { return false; } $mail->AddReplyTo($replyto, $replytoname); } } $mailssend = $mail->Send(); if ($mosConfig_debug) { //$mosDebug->message( "Mails send: $mailssend"); } if ($mail->error_count > 0) { //$mosDebug->message( "The mail message $fromname <$from> about $subject to $recipient <b>failed</b><br /><pre>$body</pre>", false ); //$mosDebug->message( "Mailer Error: " . $mail->ErrorInfo . "" ); } return $mailssend; }