/**
* Shows the contact form for the user to fill out
* Needs to be enabled to be used
*/
public function action_contact()
{
global $context, $txt, $user_info, $modSettings;
// Already inside, no need to use this, just send a PM
// Disabled, you cannot enter.
if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') {
redirectexit();
}
loadLanguage('Login');
loadTemplate('Register');
if (isset($_REQUEST['send'])) {
checkSession('post');
validateToken('contact');
spamProtection('contact');
// No errors, yet.
$context['errors'] = array();
loadLanguage('Errors');
// Could they get the right send topic verification code?
require_once SUBSDIR . '/VerificationControls.class.php';
require_once SUBSDIR . '/Members.subs.php';
// form validation
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars'));
$validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required'));
$validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message']));
// Any form errors
if (!$validator->validate($_POST)) {
$context['errors'] = $validator->validation_errors();
}
// How about any verification errors
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$context['errors'][] = $txt['error_' . $error];
}
}
// No errors, then send the PM to the admins
if (empty($context['errors'])) {
$admins = admins();
if (!empty($admins)) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress));
}
// Send the PM
redirectexit('action=contact;sa=done');
} else {
$context['emailaddress'] = $validator->emailaddress;
$context['contactmessage'] = $validator->contactmessage;
}
}
if (isset($_GET['sa']) && $_GET['sa'] == 'done') {
$context['sub_template'] = 'contact_form_done';
} else {
$context['sub_template'] = 'contact_form';
$context['page_title'] = $txt['admin_contact_form'];
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
createToken('contact');
}
/**
* Set any setting related to paid subscriptions,
*
* - i.e. modify which payment methods are to be used.
* - It requires the moderate_forum permission
* - Accessed from ?action=admin;area=paidsubscribe;sa=settings.
*/
public function action_paidSettings_display()
{
global $context, $txt, $scripturl;
require_once SUBSDIR . '/PaidSubscriptions.subs.php';
// Initialize the form
$this->_init_paidSettingsForm();
$config_vars = $this->_paidSettings->settings();
// Now load all the other gateway settings.
$gateways = loadPaymentGateways();
foreach ($gateways as $gateway) {
$gatewayClass = new $gateway['display_class']();
$setting_data = $gatewayClass->getGatewaySettings();
if (!empty($setting_data)) {
$config_vars[] = array('title', $gatewayClass->title, 'text_label' => isset($txt['paidsubs_gateway_title_' . $gatewayClass->title]) ? $txt['paidsubs_gateway_title_' . $gatewayClass->title] : $gatewayClass->title);
$config_vars = array_merge($config_vars, $setting_data);
}
}
// Some important context stuff
$context['page_title'] = $txt['settings'];
$context['sub_template'] = 'show_settings';
$context['settings_message'] = replaceBasicActionUrl($txt['paid_note']);
$context[$context['admin_menu_name']]['current_subsection'] = 'settings';
// Get the final touches in place.
$context['post_url'] = $scripturl . '?action=admin;area=paidsubscribe;save;sa=settings';
$context['settings_title'] = $txt['settings'];
// We want javascript for our currency options.
addInlineJavascript('
toggleCurrencyOther();', true);
// Saving the settings?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_subscription_settings');
// Check that the entered email addresses are valid
if (!empty($_POST['paid_email_to'])) {
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// Some cleaning and some rules
$validator->sanitation_rules(array('paid_email_to' => 'trim'));
$validator->validation_rules(array('paid_email_to' => 'valid_email'));
$validator->input_processing(array('paid_email_to' => 'csv'));
$validator->text_replacements(array('paid_email_to' => $txt['paid_email_to']));
if ($validator->validate($_POST)) {
$_POST['paid_email_to'] = $validator->paid_email_to;
} else {
// Thats not an email, lets set it back in the form to be fixed and let them know its wrong
$config_vars[1]['value'] = $_POST['paid_email_to'];
$context['error_type'] = 'minor';
$context['settings_message'] = array();
foreach ($validator->validation_errors() as $id => $error) {
$context['settings_message'][] = $error;
}
}
}
// No errors, then save away
if (empty($context['error_type'])) {
// Sort out the currency stuff.
if ($_POST['paid_currency'] != 'other') {
$_POST['paid_currency_code'] = $_POST['paid_currency'];
$_POST['paid_currency_symbol'] = $txt[$_POST['paid_currency'] . '_symbol'];
}
$_POST['paid_currency_code'] = trim($_POST['paid_currency_code']);
unset($config_vars['dummy_currency']);
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=paidsubscribe;sa=settings');
}
}
// Prepare the settings...
Settings_Form::prepare_db($config_vars);
}
/**
* Does the actual saving of the article data
*
* - validates the data is safe to save
* - updates existing articles or creates new ones
*/
private function _sportal_admin_article_edit_save()
{
global $context, $txt, $modSettings;
// No errors, yet.
$article_errors = Error_Context::context('article', 0);
// Use our standard validation functions in a few spots
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// If its not new, lets load the current data
if (!$this->_is_new) {
$_REQUEST['article_id'] = (int) $_REQUEST['article_id'];
$context['article'] = sportal_get_articles($_REQUEST['article_id']);
}
// Clean and Review the post data for compliance
$validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'article_id' => 'intval', 'category_id' => 'intval', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
$validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
$validator->text_replacements(array('title' => $txt['sp_admin_articles_col_title'], 'namespace' => $txt['sp_admin_articles_col_namespace'], 'content' => $txt['sp_admin_articles_col_body']));
// If you messed this up, back you go
if (!$validator->validate($_POST)) {
foreach ($validator->validation_errors() as $id => $error) {
$article_errors->addError($error);
}
$this->action_sportal_admin_article_edit();
}
// Lets make sure this namespace (article id) is unique
$has_duplicate = sp_duplicate_articles($validator->article_id, $validator->namespace);
if (!empty($has_duplicate)) {
$article_errors->addError('sp_error_article_namespace_duplicate');
}
// And we can't have just a numeric namespace (article id)
if (preg_replace('~[0-9]+~', '', $validator->namespace) === '') {
$article_errors->addError('sp_error_article_namespace_numeric');
}
// Posting some PHP code, and allowed? Then we need to validate it will run
if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$validator_php = new Data_Validator();
$validator_php->validation_rules(array('content' => 'php_syntax'));
// Bad PHP code
if (!$validator_php->validate(array('content' => $_POST['content']))) {
$article_errors->addError($validator_php->validation_errors());
}
}
// None shall pass ... with errors
if ($article_errors->hasErrors()) {
$this->action_sportal_admin_article_edit();
}
// No errors then, prepare the data for saving
$article_info = array('id' => $validator->article_id, 'id_category' => $validator->category_id, 'namespace' => $validator->namespace, 'title' => $validator->title, 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($validator->type, array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => $validator->permissions, 'status' => !empty($_POST['status']) ? 1 : 0);
if ($article_info['type'] === 'bbc') {
preparsecode($article_info['body']);
}
// Save away
checkSession();
sp_save_article($article_info, $this->_is_new);
redirectexit('action=admin;area=portalarticles');
return true;
}
/**
* Allow a user to send an email.
*
* - Send an email to the user - allow the sender to write the message.
* - Can either be passed a user ID as uid or a message id as msg.
* - Does not check permissions for a message ID as there is no information disclosed.
* - accessed by ?action=emailuser;sa=email
*/
public function action_email()
{
global $context, $user_info, $txt, $scripturl;
// Can the user even see this information?
if ($user_info['is_guest']) {
fatal_lang_error('no_access', false);
}
isAllowedTo('send_email_to_members');
// Are we sending to a user?
$context['form_hidden_vars'] = array();
if (isset($_REQUEST['uid'])) {
require_once SUBSDIR . '/Members.subs.php';
// Get the latest activated member's display name.
$row = getBasicMemberData((int) $_REQUEST['uid']);
$context['form_hidden_vars']['uid'] = (int) $_REQUEST['uid'];
} elseif (isset($_REQUEST['msg'])) {
require_once SUBSDIR . '/Messages.subs.php';
$row = mailFromMessage((int) $_REQUEST['msg']);
$context['form_hidden_vars']['msg'] = (int) $_REQUEST['msg'];
}
// Are you sure you got the address or any data?
if (empty($row['email_address']) || empty($row)) {
fatal_lang_error('cant_find_user_email');
}
// Can they actually do this?
$context['show_email_address'] = showEmailAddress(!empty($row['hide_email']), $row['id_member']);
if ($context['show_email_address'] === 'no') {
fatal_lang_error('no_access', false);
}
// Does the user want to be contacted at all by you?
require_once SUBSDIR . '/Members.subs.php';
if (!canContact($row['id_member'])) {
fatal_lang_error('no_access', false);
}
// Setup the context!
$context['recipient'] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'email' => $row['email_address'], 'email_link' => ($context['show_email_address'] == 'yes_permission_override' ? '<em>' : '') . '<a href="mailto:' . $row['email_address'] . '">' . $row['email_address'] . '</a>' . ($context['show_email_address'] == 'yes_permission_override' ? '</em>' : ''), 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>' : $row['real_name']);
// Can we see this person's email address?
$context['can_view_recipient_email'] = $context['show_email_address'] == 'yes' || $context['show_email_address'] == 'yes_permission_override';
// Template
$context['sub_template'] = 'custom_email';
$context['page_title'] = $txt['send_email'];
// Are we actually sending it?
if (isset($_POST['send']) && isset($_POST['email_body'])) {
checkSession();
// Don't let them send too many!
spamProtection('sendmail');
require_once SUBSDIR . '/Mail.subs.php';
require_once SUBSDIR . '/DataValidator.class.php';
// We will need to do some data checking
$validator = new Data_Validator();
$validator->sanitation_rules(array('y_name' => 'trim', 'email_body' => 'trim', 'email_subject' => 'trim'));
$validator->validation_rules(array('y_name' => 'required|notequal[_]', 'y_email' => 'required|valid_email', 'email_body' => 'required', 'email_subject' => 'required'));
$validator->text_replacements(array('y_name' => $txt['sendtopic_sender_name'], 'y_email' => $txt['sendtopic_sender_email'], 'email_body' => $txt['message'], 'email_subject' => $txt['send_email_subject']));
$validator->validate($_POST);
// If it's a guest sort out their names.
if ($user_info['is_guest']) {
$errors = $validator->validation_errors(array('y_name', 'y_email'));
if ($errors) {
$context['sendemail_error'] = array('errors' => $errors, 'type' => 'minor', 'title' => $txt['validation_failure']);
return;
}
$from_name = $validator->y_name;
$from_email = $validator->y_email;
} else {
$from_name = $user_info['name'];
$from_email = $user_info['email'];
}
// Check we have a body (etc).
$errors = $validator->validation_errors(array('email_body', 'email_subject'));
if (!empty($errors)) {
$context['sendemail_error'] = array('errors' => $errors, 'type' => 'minor', 'title' => $txt['validation_failure']);
return;
}
// We use a template in case they want to customise!
$replacements = array('EMAILSUBJECT' => $validator->email_subject, 'EMAILBODY' => $validator->email_body, 'SENDERNAME' => $from_name, 'RECPNAME' => $context['recipient']['name']);
// Get the template and get out!
$emaildata = loadEmailTemplate('send_email', $replacements);
sendmail($context['recipient']['email'], $emaildata['subject'], $emaildata['body'], $from_email, null, false, 1, null, true);
// Now work out where to go!
if (isset($_REQUEST['uid'])) {
redirectexit('action=profile;u=' . (int) $_REQUEST['uid']);
} elseif (isset($_REQUEST['msg'])) {
redirectexit('msg=' . (int) $_REQUEST['msg']);
} else {
redirectexit();
}
}
}
/**
* Does the actual saving of the page data
*
* - validates the data is safe to save
* - updates existing pages or creates new ones
*/
private function _sportal_admin_page_edit_save()
{
global $txt, $context, $modSettings;
// No errors, yet.
$pages_errors = Error_Context::context('pages', 0);
// Use our standard validation functions in a few spots
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// Clean and Review the post data for compliance
$validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
$validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
$validator->text_replacements(array('title' => $txt['sp_error_page_name_empty'], 'namespace' => $txt['sp_error_page_namespace_empty'], 'content' => $txt['sp_admin_pages_col_body']));
// If you messed this up, back you go
if (!$validator->validate($_POST)) {
foreach ($validator->validation_errors() as $id => $error) {
$pages_errors->addError($error);
}
$this->action_sportal_admin_page_edit();
}
// Can't have the same name in the same space twice
$has_duplicate = sp_check_duplicate_pages($_POST['namespace'], $_POST['page_id']);
if (!empty($has_duplicate)) {
$pages_errors->addError('sp_error_page_namespace_duplicate');
}
// Can't have a simple numeric namespace
if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
$pages_errors->addError('sp_error_page_namespace_numeric');
}
if ($_POST['type'] === 'php' && !allowedTo('admin_forum')) {
fatal_lang_error('cannot_admin_forum', false);
}
// Running some php code, then we need to validate its legit code
if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$validator_php = new Data_Validator();
$validator_php->validation_rules(array('content' => 'php_syntax'));
// Bad PHP code
if (!$validator_php->validate(array('content' => $_POST['content']))) {
$pages_errors->addError($validator_php->validation_errors());
}
}
// None shall pass ... with errors
if ($pages_errors->hasErrors()) {
$this->action_sportal_admin_page_edit();
}
// If you made it this far, we are going to save the work
if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
foreach ($_POST['blocks'] as $id => $block) {
$_POST['blocks'][$id] = (int) $block;
}
} else {
$_POST['blocks'] = array();
}
// The data for the fields
$page_info = array('id' => (int) $_POST['page_id'], 'namespace' => Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES), 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($_POST['type'], array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => (int) $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
if ($page_info['type'] === 'bbc') {
preparsecode($page_info['body']);
}
// Save away
sp_save_page($page_info, $context['SPortal']['is_new']);
$to_show = array();
$not_to_show = array();
$changes = array();
foreach ($context['page_blocks'] as $page_blocks) {
foreach ($page_blocks as $block) {
if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
$not_to_show[] = $block['id'];
} elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
$to_show[] = $block['id'];
}
}
}
foreach ($to_show as $id) {
if (empty($this->blocks[$id]['display']) && empty($this->blocks[$id]['display_custom']) || $this->blocks[$id]['display'] == 'sportal') {
$changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
} elseif (in_array($this->blocks[$id]['display'], array('allaction', 'allboard'))) {
$changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . ',p' . $page_info['id']);
} elseif (in_array('-p' . $page_info['id'], explode(',', $this->blocks[$id]['display_custom']))) {
$changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
} elseif (empty($this->blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_merge(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($not_to_show as $id) {
if (count(array_intersect(array($this->blocks[$id]['display'], $this->blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
$changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . $this->blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
} elseif (empty($this->blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
// Update the blocks as needed
foreach ($changes as $id => $data) {
sp_update_block_visibility($id, $data);
}
redirectexit('action=admin;area=portalpages');
return true;
}
