function manage_form($default, $select_from_user_list = null, $sent_to = null) { $group_id = isset($_REQUEST['group_id']) ? intval($_REQUEST['group_id']) : null; $message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null; $param_f = isset($_GET['f']) && $_GET['f'] == 'social' ? 'social' : null; $form = new FormValidator('compose_message', null, api_get_self() . '?f=' . $param_f, null, array('enctype' => 'multipart/form-data')); if (empty($group_id)) { if (isset($select_from_user_list)) { $form->addText('id_text_name', get_lang('SendMessageTo'), true, array('id' => 'id_text_name', 'onkeyup' => 'send_request_and_search()', 'autocomplete' => 'off')); $form->addRule('id_text_name', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('html', '<div id="id_div_search" style="padding:0px" class="message-select-box" > </div>'); $form->addElement('hidden', 'user_list', 0, array('id' => 'user_list')); } else { if (!empty($sent_to)) { $form->addLabel(get_lang('SendMessageTo'), $sent_to); } if (empty($default['users'])) { //fb select $form->addElement('select_ajax', 'users', get_lang('SendMessageTo'), array(), ['multiple' => 'multiple', 'url' => api_get_path(WEB_AJAX_PATH) . 'message.ajax.php?a=find_users']); } else { $form->addElement('hidden', 'hidden_user', $default['users'][0], array('id' => 'hidden_user')); } } } else { $userGroup = new UserGroup(); $group_info = $userGroup->get($group_id); $form->addElement('label', get_lang('ToGroup'), api_xml_http_response_encode($group_info['name'])); $form->addElement('hidden', 'group_id', $group_id); $form->addElement('hidden', 'parent_id', $message_id); } $form->addText('title', get_lang('Subject'), true); $form->addHtmlEditor('content', get_lang('Message'), false, false, array('ToolbarSet' => 'Messages', 'Width' => '100%', 'Height' => '250')); if (isset($_GET['re_id'])) { $message_reply_info = MessageManager::get_message_by_id($_GET['re_id']); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_reply_info['title']; $form->addElement('hidden', 're_id', intval($_GET['re_id'])); $form->addElement('hidden', 'save_form', 'save_form'); //adding reply mail $user_reply_info = api_get_user_info($message_reply_info['user_sender_id']); $default['content'] = '<p><br/></p>' . sprintf(get_lang('XWroteY'), $user_reply_info['complete_name'], Security::filter_terms($message_reply_info['content'])); } if (empty($group_id)) { $form->addElement('label', '', '<div id="filepaths" class="form-group"> <div id="filepath_1"> <label>' . get_lang('FilesAttachment') . '</label> <input type="file" name="attach_1"/> <label>' . get_lang('Description') . '</label> <input id="file-descrtiption" type="text" name="legend[]" class="form-control"/> </div> </div>'); $form->addElement('label', '', '<span id="link-more-attach"><a href="javascript://" onclick="return add_image_form()">' . get_lang('AddOneMoreFile') . '</a></span> (' . sprintf(get_lang('MaximunFileSizeX'), format_file_size(api_get_setting('message.message_max_upload_filesize'))) . ')'); } $form->addButtonSend(get_lang('SendMessage'), 'compose'); $form->setRequiredNote('<span class="form_required">*</span> <small>' . get_lang('ThisFieldIsRequired') . '</small>'); if (!empty($group_id) && !empty($message_id)) { $message_info = MessageManager::get_message_by_id($message_id); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_info['title']; } $form->setDefaults($default); $html = ''; if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $user_list = $default['users']; $file_comments = $_POST['legend']; $title = $default['title']; $content = $default['content']; $group_id = isset($default['group_id']) ? $default['group_id'] : null; $parent_id = isset($default['parent_id']) ? $default['parent_id'] : null; if (is_array($user_list) && count($user_list) > 0) { //all is well, send the message foreach ($user_list as $user) { $res = MessageManager::send_message($user, $title, $content, $_FILES, $file_comments, $group_id, $parent_id); if ($res) { $html .= MessageManager::display_success_message($user); } } } else { Display::display_error_message('ErrorSendingMessage'); } } Security::clear_token(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $html .= $form->returnForm(); } return $html; }
header('Location: ' . $url); exit; } else { if (!empty($_POST['social_wall_new_msg']) && !empty($_POST['messageId'])) { $messageId = intval($_POST['messageId']); $messageContent = $_POST['social_wall_new_msg']; $res = SocialManager::sendWallMessage(api_get_user_id(), $friendId, $messageContent, $messageId, MESSAGE_STATUS_WALL); Display::addFlash(Display::return_message(get_lang('MessageSent'))); $url = api_get_path(WEB_CODE_PATH) . 'social/profile.php'; $url .= empty($_SERVER['QUERY_STRING']) ? '' : '?' . Security::remove_XSS($_SERVER['QUERY_STRING']); header('Location: ' . $url); exit; } else { if (isset($_GET['messageId'])) { $messageId = intval($_GET['messageId']); $messageInfo = MessageManager::get_message_by_id($messageId); if (!empty($messageInfo)) { // I can only delete messages of my own wall if ($messageInfo['user_receiver_id'] == $user_id) { $status = SocialManager::deleteMessage($messageId); Display::addFlash(Display::return_message(get_lang('MessageDeleted'))); header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php'); exit; } } api_not_allowed(true); } else { if (isset($_GET['u'])) { //I'm your friend? I can see your profile? $user_id = intval($_GET['u']); if (api_is_anonymous($user_id, true)) {
$message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null; $actions = array('add_message_group', 'edit_message_group', 'reply_message_group'); $allowed_action = isset($_GET['action']) && in_array($_GET['action'], $actions) ? Security::remove_XSS($_GET['action']) : ''; $to_group = ''; $subject = ''; $message = ''; $usergroup = new UserGroup(); if (!empty($group_id) && $allowed_action) { $group_info = $usergroup->get($group_id); $is_member = $usergroup->is_group_member($group_id); if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) { api_not_allowed(true); } $to_group = $group_info['name']; if (!empty($message_id)) { $message_info = MessageManager::get_message_by_id($message_id); if ($allowed_action == 'reply_message_group') { $subject = get_lang('Reply') . ': ' . api_xml_http_response_encode($message_info['title']); //$message = api_xml_http_response_encode($message_info['content']); } else { $subject = api_xml_http_response_encode($message_info['title']); $message = api_xml_http_response_encode($message_info['content']); } } } $page_item = !empty($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : 1; $param_item_page = isset($_GET['items_page_nr']) && isset($_GET['topic_id']) ? '&items_' . intval($_GET['topic_id']) . '_page_nr=' . (!empty($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : 1) : ''; if (isset($_GET['topic_id'])) { $param_item_page .= '&topic_id=' . intval($_GET['topic_id']); } $page_topic = isset($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : 1;
<?php /* For license terms, see /license.txt */ /** * Render an email from data * @package chamilo.plugin.advanced_subscription */ /** * Init */ require_once __DIR__ . '/../config.php'; $plugin = AdvancedSubscriptionPlugin::create(); // Get validation hash $hash = Security::remove_XSS($_REQUEST['v']); // Get data from request (GET or POST) $data['queueId'] = intval($_REQUEST['q']); // Check if data is valid or is for start subscription $verified = $plugin->checkHash($data, $hash); if ($verified) { // Render mail $message = MessageManager::get_message_by_id($data['queueId']); $message = str_replace(array('<br /><hr>', '<br />', '<br/>'), '', $message['content']); echo $message; }