/** * Sends a PM notification * * @param cbmypmsproTable $pm * @param null|string $message */ private function sendNotification($pm, $message = null) { if (!$pm->get('id')) { return; } $itemId = uddeIMgetItemid($this->uddeIMConfigRAW); if (!uddeIMexistsEMN($pm->get('toid'))) { uddeIMinsertEMNdefaults($pm->get('toid'), $this->uddeIMConfigRAW); } $emailNotify = $this->uddeIMConfig->get('allowemailnotify', 0); $isModerated = uddeIMgetEMNmoderated($pm->get('fromid')); $isReply = stristr($pm->get('message'), $this->uddeIMConfig->get('quotedivider'), '__________'); $isOnline = uddeIMisOnline($pm->get('toid')); // Strip the html and bbcode as uddeim supports neither in its notification: $message = strip_tags(uddeIMbbcode_strip($message ? $message : $pm->get('message'), $this->uddeIMConfigRAW)); if (!$isModerated) { if ($emailNotify == 1 || $emailNotify == 2 && Application::User($pm->get('toid'))->isSuperAdmin()) { $status = uddeIMgetEMNstatus($pm->get('toid')); if ($status == 1 || $status == 2 && !$isOnline || $status == 10 && !$isReply || $status == 20 && !$isOnline && !$isReply) { uddeIMdispatchEMN($pm->get('id'), $itemId, 0, $pm->get('fromid'), $pm->get('toid'), $message, 0, $this->uddeIMConfigRAW); } } } }
function uddeIMreminderDispatch($item_id, $config) { $database = uddeIMgetDatabase(); // send reminder if forgetmenot is activated if ($config->longwaitingemail && $config->longwaitingdays>0) { if(!$config->forgetmenotstart) { $config->forgetmenotstart=0; } $rightnow=uddetime($config->timezone); $sincewhen=$rightnow-($config->longwaitingdays*86400); // $sql="SELECT * FROM #__uddeim WHERE toread=0 AND totrash=0 AND datum<".$sincewhen; // $sql="SELECT * FROM #__uddeim WHERE toread=0 AND totrash=0 AND datum<".$sincewhen. " AND datum>".$config->forgetmenotstart; // select only messages from users which still exist in the database (public users and deleted users have no inbox and so we do not send forgetmenot mails) // only messages before "$sincewhen" can be forgetmenot messages // $sql = "SELECT a.* FROM #__uddeim AS a, #__users AS b WHERE a.fromid=b.id AND a.toread=0 AND a.totrash=0 AND a.datum<".$sincewhen." AND a.datum>".$config->forgetmenotstart; $sql = "SELECT a.* FROM #__uddeim AS a, #__users AS b WHERE a.toid=b.id AND a.toread=0 AND a.totrash=0 AND a.datum<".$sincewhen." AND a.datum>".$config->forgetmenotstart; $next = (int)$config->longwaitingdays*86400; $sql = "SELECT min(a.id) AS mid, a.toid, b.name, a.cryptmode " . "FROM #__uddeim AS a, #__users AS b, #__uddeim_emn AS c " . "WHERE a.toid=b.id AND a.toid=c.userid AND " . "a.toread=0 AND a.totrash=0 AND b.block=0 AND " . "a.datum<".$sincewhen." AND a.datum>".$config->forgetmenotstart." AND " . "c.remindersent+".$next."<".$rightnow." " . "GROUP BY a.toid"; $database->setQuery($sql); $castaways=$database->loadObjectList(); if (!$castaways) $castaways = Array(); $loopcounter=0; foreach($castaways as $castaway) { // has this user already received a reminder? // $var_remindersent = uddeIMgetEMNremindersent($castaway->toid); // $next_remindersent=$var_remindersent+($config->longwaitingdays*86400); // if ($next_remindersent < $rightnow) { // send only if no reminder has already been sent // =1 means: send forgetmenot message, fromid=0 uses sysmessage as sender name $var_message=""; uddeIMdispatchEMN($castaway->mid, $item_id, $castaway->cryptmode, 0, $castaway->toid, $var_message, 1, $config); $loopcounter++; // } // new: never send more than 25 forgetmenot e-mails in one script call to avoid too many mails to be sent out at once if ($loopcounter>=25) { break; } } } }
function sendNewSysMessage($fromid, $recipients, $message, $systemmsg=0, $validfor=0, $sendnotification=0, $forceembedded=0) { $database = uddeIMgetDatabase(); if ($systemmsg) { // system message $sendername = $this->config->sysm_username; $savesysflag = addslashes($sendername); // system message $savedisablereply = 1; // and users can't reply to them $emn_fromid = 0; // for email notifications set userid 0 } else { $sendername = uddeIMgetNameFromID($fromid, $this->config); $savesysflag = addslashes($sendername); $savedisablereply = 0; $emn_fromid = $fromid; } $savedatum = uddetime($this->config->timezone); if ($validfor>0) { $now = uddetime($this->config->timezone); $validuntil = $now+($validfor*3600); } else { $validuntil = 0; } if ($this->config->cryptmode>=1) { // because of encoding do not use slashes $savemessage = strip_tags($message); } else { $savemessage = addslashes(strip_tags($message)); // original 0.6+ } getAdditonalGroups($add_special, $add_admin, $config); if (uddeIMcheckJversion()>=2) { // J1.6 if ($recipients=="all") { $sql="SELECT id FROM #__users WHERE block=0"; } elseif($recipients=="online") { $sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid"; } elseif($recipients=="special") { $sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")"; } elseif($recipients=="admins") { $sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id IN (7,8".$add_admin.")"; } else { $sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id=".(int)$recipients; } } else { if ($recipients=="all") { $sql="SELECT id FROM #__users WHERE block=0"; } elseif($recipients=="online") { $sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid"; } elseif($recipients=="special") { $sql="SELECT id FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")"; } elseif($recipients=="admins") { $sql="SELECT id FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")"; } else { $sql="SELECT id FROM #__users WHERE block=0 AND gid=".(int)$recipients; } } $database->setQuery($sql); $receivers=$database->loadObjectList(); if (!count($receivers)) { return 1; } foreach($receivers as $receiver) { $toid = $receiver->id; $themode = 0; if ($this->config->cryptmode==1 || $this->config->cryptmode==2 || $this->config->cryptmode==4) { $themode = 1; $cm = uddeIMencrypt($savemessage,$this->config->cryptkey,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$fromid.", ".(int)$toid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",1,'".md5($this->config->cryptkey)."')"; } elseif ($this->config->cryptmode==3) { $themode = 3; $cm = uddeIMencrypt($savemessage,"",CRYPT_MODE_STOREBASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$fromid.", ".(int)$toid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",3)"; } else { $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox) VALUES (".(int)$fromid.", ".(int)$toid.", '".$savemessage."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1,".$savedatum.")"; } $database->setQuery($sql); if (!$database->query()) { die("SQL error when attempting to save a message" . $database->stderr(true)); } $insID = $database->insertid(); if ($sendnotification) { // Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver. if ($this->config->notifydefault>0 || $this->config->popupdefault>0 || $this->config->pubfrontenddefault>0 || $this->config->autoresponder>0 || $this->config->autoforward>0) { if (!uddeIMexistsEMN($toid)) uddeIMinsertEMNdefaults($toid, $this->config); } } // ################################################################################################## // email notification // ################################################################################################## if ($sendnotification) { $currentlyonline = uddeIMisOnline($toid); if ($this->config->cryptmode>=1) { $email = stripslashes($savemessage); } else { $email = stripslashes(stripslashes($savemessage)); } $type = 0; if ($forceembedded) $type = 2; if ($this->config->allowemailnotify==1) { $ison = uddeIMgetEMNstatus($toid); if (($ison==1) || ($ison==2 && !$currentlyonline) || $ison==10 || ($ison==20 && !$currentlyonline)) { uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $toid, $email, $type, $this->config); } } elseif($this->config->allowemailnotify==2) { $gid = uddeIMgetGID((int)$toid); if (uddeIMisAdmin($gid) || uddeIMisAdmin2($gid, $this->config)) { $ison = uddeIMgetEMNstatus($toid); if (($ison==1) || ($ison==2 && !$currentlyonline) || $ison==10 || ($ison==20 && !$currentlyonline)) { uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $toid, $email, $type, $this->config); } } } } } return 0; }
function uddeIMsaveSysgm($myself, $to_name, $to_id, $pmessage, $tobedeleted, $tobedeletedsent, $forceembedded, $item_id, $messageid, $sysgm_sys, $sysgm_nonotify, $sysgm_universe, $sysgm_validfor, $sysgm_really, $cryptpass, $config) { $database = uddeIMgetDatabase(); $to_name = stripslashes($to_name); $my_gid = $config->usergid; if ($config->allowsysgm==0 || ($config->allowsysgm==1 && !uddeIMisAdmin($my_gid) && !uddeIMisAdmin2($my_gid, $config)) || ($config->allowsysgm==2 && !uddeIMisManager($my_gid)) ) { $mosmsg=_UDDEIM_NOTALLOWED_SYSM_GM; uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg); } // what is username of sender? $sendername = uddeIMgetNameFromID($myself, $config); if ($sysgm_sys) $sendername=$config->sysm_username; if (!$sysgm_really) { // send not confirmed. ask for confirmation // CAPTCHA (first check for all other errors and then the CAPTCHA) if (!uddeIMcheckCAPTCHA($my_gid, $config)) { uddeIMprintMenu($myself, 'new', $item_id, $config); echo "<div id='uddeim-m'>\n"; $to_name=stripslashes($to_name); $pmessage=stripslashes($pmessage); uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 7, 1, $config); echo "</div>\n<div id='uddeim-bottomborder'></div>\n"; return; } if (!uddeIMcheckCSRF($config)) { uddeIMprintMenu($myself, 'new', $item_id, $config); echo "<div id='uddeim-m'>\n"; $to_name=stripslashes($to_name); $pmessage=stripslashes($pmessage); uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 15, 1, $config); echo "</div>\n<div id='uddeim-bottomborder'></div>\n"; return; } uddeIMprintMenu($myself, 'new', $item_id, $config); echo "<div id='uddeim-m'>\n"; echo "<div id='uddeim-toplines'><p>"._UDDEIM_SYSGM_PLEASECONFIRM."</p></div>\n"; echo "<div id='uddeim-message'><table cellpadding='7' cellspacing='1' width='100%'>\n"; $usql=""; // send to unblocked users only getAdditonalGroups($add_special, $add_admin, $config); if (uddeIMcheckJversion()>=2) { // J1.6 if ($sysgm_universe=="sysgm_toall") { $universe=_UDDEIM_SYSGM_WILLSENDTOALL; $usql="SELECT count(id) FROM #__users WHERE block=0"; } elseif ($sysgm_universe=="sysgm_toalllogged") { $universe=_UDDEIM_SYSGM_WILLSENDTOALLLOGGED; $usql="SELECT count(a.id) FROM #__users AS a, #__session AS b WHERE a.block=0 AND a.id=b.userid"; } elseif ($sysgm_universe=="sysgm_toallspecial") { $universe=_UDDEIM_SYSGM_WILLSENDTOALLSPECIAL; $usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")) AS aTable"; } elseif ($sysgm_universe=="sysgm_toalladmins") { $universe=_UDDEIM_SYSGM_WILLSENDTOALLADMINS; $usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id IN (7,8".$add_admin.")) AS aTable"; } elseif ($config->showgroups) { $aclsql = "SELECT title AS name FROM #__usergroups WHERE id=".(int)$sysgm_universe; $database->setQuery($aclsql); $universe=$database->loadResult(); $usql="SELECT count(*) FROM (SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE g.id=".(int)$sysgm_universe.") AS aTable"; } } else { if ($sysgm_universe=="sysgm_toall") { $universe=_UDDEIM_SYSGM_WILLSENDTOALL; $usql="SELECT count(id) FROM #__users WHERE block=0"; } elseif ($sysgm_universe=="sysgm_toalllogged") { $universe=_UDDEIM_SYSGM_WILLSENDTOALLLOGGED; $usql="SELECT count(a.id) FROM #__users AS a, #__session AS b WHERE a.block=0 AND a.id=b.userid"; } elseif ($sysgm_universe=="sysgm_toallspecial") { $universe=_UDDEIM_SYSGM_WILLSENDTOALLSPECIAL; $usql="SELECT count(id) FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")"; } elseif ($sysgm_universe=="sysgm_toalladmins") { $universe=_UDDEIM_SYSGM_WILLSENDTOALLADMINS; $usql="SELECT count(id) FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")"; } else { if ($config->showgroups) { if (uddeIMcheckJversion()>=1) $aclsql = "SELECT name FROM #__core_acl_aro_groups WHERE id=".(int)$sysgm_universe; else $aclsql = "SELECT name FROM #__core_acl_aro_groups WHERE group_id=".(int)$sysgm_universe; $database->setQuery($aclsql); $universe=$database->loadResult(); $usql="SELECT count(id) FROM #__users WHERE block=0 AND gid=".(int)$sysgm_universe; } } } if (!$universe) { $mosmsg=_UDDEIM_UNEXPECTEDERROR_QUIT." No recipients selected"; uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg); } if ($usql) { $database->setQuery($usql); $rf = (int)$database->loadResult(); $rft = ($rf==1) ? _UDDEIM_RECIPIENTFOUND : _UDDEIM_RECIPIENTSFOUND; $universe.=" (".$rf." ".$rft.")"; } // UDDEIMFILE // We have checked that everything is ok, now do the file uploads $uploadfile_temppathname = array(); $uploadfile_original = array(); $uploadfile_id = array(); $uploadfile_size = array(); $uploadfile_error = array(); if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) { $noerror = uddeIMhandleAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $uploadfile_error, $config); if (!$noerror) { // something goes wrong // BUGBUG: that is not the best error handling possible but is will do the work // iterate through all errorcodes and show the first error found, rest of data will be lost // ==> delete all files that were uploaded ok while (list($key, $value) = each( $uploadfile_temppathname )) { if (file_exists($value)) unlink($value); } while (list($key, $value) = each( $uploadfile_error )) { if ($value==-1) { // upload failed uddeIMprintMenu($myself, 'new', $item_id, $config); echo "<div id='uddeim-m'>\n"; $to_name=stripslashes($to_name); $pmessage=stripslashes($pmessage); uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 18, 1, $config); return; } if ($value==-2) { // file size exceeded uddeIMprintMenu($myself, 'new', $item_id, $config); echo "<div id='uddeim-m'>\n"; $to_name=stripslashes($to_name); $pmessage=stripslashes($pmessage); uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 19, 1, $config); return; } if ($value==-3) { // file type not allowed uddeIMprintMenu($myself, 'new', $item_id, $config); echo "<div id='uddeim-m'>\n"; $to_name=stripslashes($to_name); $pmessage=stripslashes($pmessage); uddeIMdrawWriteform($myself, $my_gid, $item_id, "", $to_name, $pmessage, 0, 0, 20, 1, $config); return; } } $uploadfile_temppathname = array(); // should never been reached when an error occurs but neverthless destroy old arrays $uploadfile_original = array(); $uploadfile_id = array(); $uploadfile_size = array(); $uploadfile_error = array(); } else { $savedatum=uddetime($config->timezone); uddeIMpreSaveAttachments($uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config); } } // The uploaded file is stored in "$uploadfile_tempname" (with path) ad the original name in "$uploadfile_original" (without path) and an Id for the file. // When we reach this line we can store these fileames in the DB. $udde_infoheader = $universe."<br />"; $udde_infoheader .= _UDDEIM_SYSGM_WILLSENDAS_1.$sendername._UDDEIM_SYSGM_WILLSENDAS_2."<br />"; if($sysgm_sys) { $udde_infoheader .= _UDDEIM_SYSGM_WILLDISABLEREPLY."<br />"; } if($forceembedded && !$sysgm_nonotify) { $udde_infoheader .= _UDDEIM_SYSGM_FORCEEMBEDDED."<br />"; } if($sysgm_nonotify) { $udde_infoheader .= _UDDEIM_SYSGM_NONOTIFY."<br />"; } if($sysgm_validfor>0) { $now=uddetime($config->timezone); $validuntil_timestamp=$now+($sysgm_validfor*3600); $validuntil=date("Y-m-d H:i", $validuntil_timestamp); $udde_infoheader .= _UDDEIM_SYSGM_WILLEXPIRE." ".$validuntil."<br />"; } echo "\t<tr class='sectiontableentry1'>\n\t\t<td>".$udde_infoheader."</td></tr>\n"; // strip any HTML from message but don't add slashes yet $dmessage=strip_tags($pmessage); $dmessage=stripslashes($pmessage); $hmessage=htmlspecialchars($dmessage, ENT_QUOTES, $config->charset); $jmessage=$dmessage; $containslink=stristr($dmessage, "[url"); // parse bb code if it is a sysgm $dmessage=uddeIMbbcode_replace($dmessage, $config); $dmessage=uddeIMsmile_replace($dmessage, $config); echo "\t<tr class='sectiontableentry2'>\n\t\t\n\t\t<td>".nl2br($dmessage)."</td></tr>\n"; // to do echo "</table></div>\n"; echo "<div id='uddeim-writeform'>\n"; echo "<form method='post' action='".uddeIMsefRelToAbs("index.php?option=com_uddeim&task=savesysgm&Itemid=".$item_id)."'><input type='hidden' name='sysgm_sys' value='".$sysgm_sys."' />\n"; echo "<span style='display: none'>\n"; if ($sysgm_universe=="sysgm_toall") { echo "<input type='hidden' name='sysgm_universe' value='sysgm_toall' />\n"; } elseif ($sysgm_universe=="sysgm_toallspecial") { echo "<input type='hidden' name='sysgm_universe' value='sysgm_toallspecial' />\n"; } elseif ($sysgm_universe=="sysgm_toalladmins") { echo "<input type='hidden' name='sysgm_universe' value='sysgm_toalladmins' />\n"; } elseif ($sysgm_universe=="sysgm_toalllogged") { echo "<input type='hidden' name='sysgm_universe' value='sysgm_toalllogged' />\n"; } elseif ($config->showgroups) { echo "<input type='hidden' name='sysgm_universe' value='".$sysgm_universe."' />\n"; } echo "<input type='hidden' name='sysgm_validfor' value='".(int)$sysgm_validfor."' />\n"; echo "<textarea style='visibility: hidden;' name='pmessage' class='inputbox' rows='1' cols='60'>".$jmessage."</textarea>\n"; echo "<input type='hidden' name='sysgm_really' value='1' />\n"; echo "<input type='hidden' name='forceembedded' value='".(int)$forceembedded."' />\n"; echo "<input type='hidden' name='sysgm_nonotify' value='".(int)$sysgm_nonotify."' />\n"; echo "<span id='divpass' style='visibility:hidden;'><input type='hidden' name='cryptpass' value='".$cryptpass."' /></span>\n"; if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) { while (list($key, $value) = each( $uploadfile_temppathname )) { echo "<input type='hidden' name='uploadfile_temppathname[". $key ."]' value=". $database->Quote($uploadfile_temppathname[$key]) ." />\n"; echo "<input type='hidden' name='uploadfile_original[". $key ."]' value=". $database->Quote($uploadfile_original[$key]) ." />\n"; echo "<input type='hidden' name='uploadfile_id[". $key ."]' value=". $database->Quote($uploadfile_id[$key]) ." />\n"; echo "<input type='hidden' name='uploadfile_size[". $key ."]' value=". $database->Quote($uploadfile_size[$key]) ." />\n"; } } echo "</span>\n"; echo "<input type='submit' name='reply' class='button' value='"._UDDEIM_SUBMIT."' />\n"; echo "<input type='button' class='button' value='".htmlspecialchars(_UDDEIM_DONTSEND, ENT_QUOTES, $config->charset)."' onclick='history.go(-1); return false;' />"; echo "</form>"; echo "</div>"; if ($containslink) { echo "<div id='uddeim-bottomlines'><p>"._UDDEIM_SYSGM_CHECKLINK."</p>\n</div>\n"; } echo "</div>\n<div id='uddeim-bottomborder'>".uddeIMcontentBottomborder($myself, $item_id, 'standard', 'none', $config)."</div>\n"; } else { // sysgm_really is set to true, send is confirmed. Now send it. $uploadfile_temppathname = uddeIMmosGetParam ($_POST, 'uploadfile_temppathname', array()); $uploadfile_original = uddeIMmosGetParam ($_POST, 'uploadfile_original', array()); $uploadfile_id = uddeIMmosGetParam ($_POST, 'uploadfile_id', array()); $uploadfile_size = uddeIMmosGetParam ($_POST, 'uploadfile_size', array()); $savedatum=uddetime($config->timezone); if($sysgm_validfor>0) { $now=uddetime($config->timezone); $validuntil=$now+($sysgm_validfor*3600); } else { $validuntil=0; } $savefromid=$myself; $savedisablereply=0; $savesysflag=""; if($sysgm_sys) { $savesysflag=addslashes($config->sysm_username); // system message $savedisablereply=1; // and users can't reply to them } else { $savesysflag=addslashes($sendername); $savedisablereply=0; } if ($config->cryptmode>=1) { // because of encoding do not use slashes $savemessage=strip_tags($pmessage); } else { $savemessage=addslashes(strip_tags($pmessage)); // original 0.6+ } // strip XSS code $savemessage = uddeIMRemoveXSS($savemessage); getAdditonalGroups($add_special, $add_admin, $config); if (uddeIMcheckJversion()>=2) { // J1.6 // who shall get the message? if($sysgm_universe=="sysgm_toall") { $sql="SELECT id FROM #__users WHERE block=0"; } elseif($sysgm_universe=="sysgm_toalllogged") { $sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid"; } elseif($sysgm_universe=="sysgm_toallspecial") { $sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id IN (3,4,5,6,7,8".$add_admin.$add_special.")"; } elseif($sysgm_universe=="sysgm_toalladmins") { $sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id IN (7,8".$add_admin.")"; } elseif ($config->showgroups) { $sql="SELECT DISTINCT u.id FROM (#__users AS u INNER JOIN #__user_usergroup_map AS um ON u.id=um.user_id) INNER JOIN #__usergroups AS g ON um.group_id=g.id WHERE u.block=0 AND g.id=".(int)$sysgm_universe; } } else { // who shall get the message? if($sysgm_universe=="sysgm_toall") { $sql="SELECT id FROM #__users WHERE block=0"; } elseif($sysgm_universe=="sysgm_toalllogged") { $sql="SELECT a.id, b.userid FROM #__users AS a, #__session AS b WHERE block=0 AND a.id=b.userid"; } elseif($sysgm_universe=="sysgm_toallspecial") { $sql="SELECT id FROM #__users WHERE block=0 AND gid IN (19,20,21,23,24,25".$add_admin.")"; } elseif($sysgm_universe=="sysgm_toalladmins") { $sql="SELECT id FROM #__users WHERE block=0 AND gid IN (24,25".$add_admin.")"; } elseif ($config->showgroups) { $sql="SELECT id FROM #__users WHERE block=0 AND gid=".(int)$sysgm_universe; } } // query the database $database->setQuery($sql); $receivers=$database->loadObjectList(); if (!count($receivers)) { // when there are temporary files, remove them and the markers uddeIMpreSaveAttachmentsRemove($config); $mosmsg = _UDDEIM_SYSGM_ERRORNORECIPS; uddeJSEFredirect("index.php?option=com_uddeim&task=sysgm&Itemid=".$item_id, $mosmsg); } // we have all we need, now save it // when we have reached that, we can remove the temporary attachment markers since the files will be referenced later if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) uddeIMpreSaveAttachmentsFinish($config); foreach($receivers as $receiver) { $savetoid=$receiver->id; // it is a systemmsg to "toid", so assume that the message has already been trashed in the senders outbox (remember: system messages are not shown in the outbox) // so set totrashoutbox=1, totrashdateoutbox=uddetime($config->timezone) // CRYPT $themode = 0; if ($config->cryptmode==1) { $themode = 1; $cm = uddeIMencrypt($savemessage,$config->cryptkey,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",1,'".md5($config->cryptkey)."')"; } elseif ($config->cryptmode==2) { $themode = 2; $thepass=$cryptpass; if (!$thepass) { // no password entered, then fallback to obfuscating $themode = 1; $thepass=$config->cryptkey; } $cm = uddeIMencrypt($savemessage,$thepass,CRYPT_MODE_BASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.", ".$themode.",'".md5($thepass)."')"; } elseif ($config->cryptmode==3) { $themode = 3; $cm = uddeIMencrypt($savemessage,"",CRYPT_MODE_STOREBASE64); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.",3)"; } elseif ($config->cryptmode==4) { $themode = 4; $thepass=$cryptpass; $cipher = CRYPT_MODE_3DESBASE64; if (!$thepass) { // no password entered, then fallback to obfuscating $themode = 1; $thepass=$config->cryptkey; $cipher = CRYPT_MODE_BASE64; } $cm = uddeIMencrypt($savemessage,$thepass,$cipher); $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox, cryptmode, crypthash) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$cm."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1, ".$savedatum.", ".$themode.",'".md5($thepass)."')"; } else { $sql="INSERT INTO #__uddeim (fromid, toid, message, datum, expires, systemmessage, systemflag, disablereply, totrashoutbox, totrashdateoutbox) VALUES (".(int)$savefromid.", ".(int)$savetoid.", '".$savemessage."', ".$savedatum.", ".$validuntil.", '".$savesysflag."', 1,".$savedisablereply.", 1,".$savedatum.")"; } $database->setQuery($sql); if (!$database->query()) { die("SQL error when attempting to save a message" . $database->stderr(true)); } $insID = $database->insertid(); // UDDEIMFILE // Now save the uploads if( $config->enableattachment && uddeIMisAttachmentAllowed($my_gid, $config)) uddeIMsaveAttachments($insID, $uploadfile_temppathname, $uploadfile_original, $uploadfile_id, $uploadfile_size, $savedatum, $config); // Check if E-Mail notification or popups are enabled by default, if so create a record for the receiver. if ($config->modnewusers>0 || $config->notifydefault>0 || $config->popupdefault>0 || $config->pubfrontenddefault>0 || $config->autoresponder>0 || $config->autoforward>0) { if (!uddeIMexistsEMN($savetoid)) uddeIMinsertEMNdefaults($savetoid, $config); } // Check if notifications are not disabled temporary if (!$sysgm_nonotify) { // e-mail notification code // is the receiver currently online? $currentlyonline = uddeIMisOnline($savetoid); if ($config->cryptmode>=1) { $email=stripslashes($savemessage); } else { $email=stripslashes(stripslashes($savemessage)); // without encoding remove the safety slashes } $type = 0; // 0=normal message, 1=forgetmenot, 2=admin forces text if ($forceembedded) $type = 2; // admin forces if($config->allowemailnotify==1) { $ison = uddeIMgetEMNstatus($savetoid); if($sysgm_sys) { $emn_fromid = 0; } else { $emn_fromid = $savefromid; } if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline)) { uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $savetoid, $email, $type, $config); // 0 stands for normal (not forgetmenot) } } elseif($config->allowemailnotify==2) { $my_gid = uddeIMgetGID($savetoid); if (uddeIMisAdmin($my_gid) || uddeIMisAdmin2($my_gid, $config)) { $ison = uddeIMgetEMNstatus($savetoid); if($sysgm_sys) { $emn_fromid = 0; } else { $emn_fromid = $savefromid; } if (($ison==1) || ($ison==2 && !$currentlyonline) || ($ison==10) || ($ison==20 && !$currentlyonline)) { uddeIMdispatchEMN($insID, $item_id, $themode, $emn_fromid, $savetoid, $email, $type, $config); // 0 stands for normal (not forgetmenot) } } } } } $mosmsg=_UDDEIM_MESSAGE_SENT; uddeJSEFredirect("index.php?option=com_uddeim&task=inbox&Itemid=".$item_id, $mosmsg); } }