Exemplo n.º 1
0
/**
 * Shows the email form for a given content item.
 * @param int The content item id
 */
function emailContentSend($uid, $gid)
{
    global $database, $mainframe;
    global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail;
    $id = intval(mosGetParam($_REQUEST, 'id', 0));
    if ($id) {
        $query = 'SELECT attribs FROM #__content WHERE `id`=' . $id;
        $database->setQuery($query);
        $params = new mosParameters($database->loadResult());
    } else {
        $params = new mosParameters('');
    }
    $paramEmail = intval($params->get('email', 0));
    if ($mosConfig_hideEmail && !$paramEmail) {
        echo _NOT_AUTH;
        return;
    }
    // simple spoof check security
    josSpoofCheck(1);
    // check for session cookie
    // Session Cookie `name`
    $sessionCookieName = mosMainFrame::sessionCookieName();
    // Get Session Cookie `value`
    $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
    if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) {
        mosErrorAlert(_NOT_AUTH);
    }
    $itemid = intval(mosGetParam($_POST, 'itemid', 0));
    $now = _CURRENT_SERVER_TIME;
    $nullDate = $database->getNullDate();
    // query to check for state and access levels
    $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n  s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $uid . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )";
    $database->setQuery($query);
    $row = NULL;
    if ($database->loadObject($row)) {
        /*
         * check whether category is published
         */
        if (!$row->cat_pub && $row->catid) {
            mosNotAuth();
            return;
        }
        /*
         * check whether section is published
         */
        if (!$row->sec_pub && $row->sectionid) {
            mosNotAuth();
            return;
        }
        /*
         * check whether category access level allows access
         */
        if ($row->cat_access > $gid && $row->catid) {
            mosNotAuth();
            return;
        }
        /*
         * check whether section access level allows access
         */
        if ($row->sec_access > $gid && $row->sectionid) {
            mosNotAuth();
            return;
        }
        $email = strval(mosGetParam($_POST, 'email', ''));
        $yourname = strval(mosGetParam($_POST, 'yourname', ''));
        $youremail = strval(mosGetParam($_POST, 'youremail', ''));
        $subject = strval(mosGetParam($_POST, 'subject', ''));
        if (empty($subject)) {
            $subject = _EMAIL_INFO . ' ' . $yourname;
        }
        if ($uid < 1 || !$email || !$youremail || JosIsValidEmail($email) == false || JosIsValidEmail($youremail) == false) {
            mosErrorAlert(_EMAIL_ERR_NOINFO);
        }
        $query = "SELECT template" . "\n FROM #__templates_menu" . "\n WHERE client_id = 0" . "\n AND menuid = 0";
        $database->setQuery($query);
        $template = $database->loadResult();
        // determine Itemid for Item
        if ($itemid) {
            $_itemid = '&Itemid=' . $itemid;
        } else {
            $itemid = $mainframe->getItemid($uid, 0, 0);
            $_itemid = '&Itemid=' . $itemid;
        }
        // link sent in email
        $link = sefRelToAbs('index.php?option=com_content&task=view&id=' . $uid . $_itemid);
        // message text
        $msg = sprintf(_EMAIL_MSG, html_entity_decode($mosConfig_sitename, ENT_QUOTES), $yourname, $youremail, $link);
        // mail function
        $success = mosMail($youremail, $yourname, $email, $subject, $msg);
        if (!$success) {
            mosErrorAlert(_EMAIL_ERR_NOINFO);
        }
        HTML_content::emailSent($email, $template);
    } else {
        mosNotAuth();
        return;
    }
}
Exemplo n.º 2
0
Arquivo: content.php Projeto: cwcw/cms
/**
* Shows the email form for a given content item.
*/
function emailContentSend($uid)
{
    global $database, $mainframe;
    global $mosConfig_live_site, $mosConfig_sitename;
    global $mosConfig_mailfrom, $mosConfig_fromname;
    $_Itemid = $mainframe->getItemid($uid, 0, 0);
    $email = trim(mosGetParam($_POST, 'email', ''));
    $yourname = trim(mosGetParam($_POST, 'yourname', ''));
    $youremail = trim(mosGetParam($_POST, 'youremail', ''));
    $subject_default = _EMAIL_INFO . " {$yourname}";
    $subject = trim(mosGetParam($_POST, 'subject', $subject_default));
    if (!$email || !$youremail || is_email($email) == false || is_email($youremail) == false) {
        echo "<script>alert (\"" . _EMAIL_ERR_NOINFO . "\"); window.history.go(-1);</script>";
        exit(0);
    }
    $template = '';
    $database->setQuery("SELECT template FROM #__templates_menu WHERE client_id='0' AND menuid='0'");
    $template = $database->loadResult();
    // link sent in email
    $link = sefRelToAbs($mosConfig_live_site . '/index.php?option=com_content&task=view&id=' . $uid . '&Itemid=' . $_Itemid);
    // message text
    $msg = sprintf(_EMAIL_MSG, $mosConfig_sitename, $yourname, $youremail, $link);
    // mail function
    mosMail($mosConfig_mailfrom, $mosConfig_fromname, $email, $subject, $msg);
    HTML_content::emailSent($email, $template);
}
Exemplo n.º 3
0
/**
* Shows the email form for a given content item.
*/
function emailContentSend($uid)
{
    global $database, $mainframe;
    global $mosConfig_live_site, $mosConfig_sitename;
    global $mosConfig_mailfrom, $mosConfig_fromname;
    $_Itemid = $mainframe->getItemid($uid, 0, 0);
    $email = trim(mosGetParam($_POST, 'email', ''));
    $yourname = trim(mosGetParam($_POST, 'yourname', ''));
    $youremail = trim(mosGetParam($_POST, 'youremail', ''));
    $subject_default = sprintf(T_('Item sent by %s'), $yourname);
    $subject = trim(mosGetParam($_POST, 'subject', $subject_default));
    session_start();
    $form_check = mosGetParam($_POST, 'form_check', '');
    if (empty($_SESSION['_form_check_']['com_content']) || $form_check != $_SESSION['_form_check_']['com_content']) {
        // the form hasn't been generated by the server on this session
        exit;
    }
    if (!$email || !$youremail || is_email($email) == false || is_email($youremail) == false) {
        echo "<script>alert (\"" . T_('You must enter valid e-mail addresses for both yourself and your recipient.') . "\"); window.history.go(-1);</script>";
        exit(0);
    }
    $template = '';
    $database->setQuery("SELECT template FROM #__templates_menu WHERE client_id='0' AND menuid='0'");
    $template = $database->loadResult();
    // link sent in email
    $link = sefRelToAbs($mosConfig_live_site . '/index.php?option=com_content&task=view&id=' . $uid . '&Itemid=' . $_Itemid);
    // message text
    $msg = sprintf(T_(' The following page from the \\"%s\\" website has been sent to you by %s ( %s ).\\n\\nYou can access it at the following url:\\n%s'), $mosConfig_sitename, $yourname, $youremail, $link);
    // mail function
    mosMail($mosConfig_mailfrom, $mosConfig_fromname, $email, $subject, $msg);
    HTML_content::emailSent($email, $template);
}