function MG_approveSubmission($media_id)
{
global $_CONF, $_TABLES, $LANG_MG01;
$mid = addslashes($media_id);
$owner_uid = DB_getItem($_TABLES['mg_mediaqueue'], 'media_user_id', "media_id='" . $mid . "'");
DB_delete($_TABLES['mg_mediaqueue'], 'media_id', $mid);
$album_id = DB_getItem($_TABLES['mg_media_album_queue'], 'album_id', "media_id='" . $mid . "'");
DB_save($_TABLES['mg_media_albums'], 'album_id, media_id, media_order', "{$album_id}, '{$mid}', 0");
require_once $_CONF['path'] . 'plugins/mediagallery/include/sort.php';
MG_SortMedia($album_id);
DB_delete($_TABLES['mg_media_album_queue'], 'media_id', $mid);
$sql = "SELECT media_filename, media_type " . "FROM {$_TABLES['mg_media']} WHERE media_id='" . $mid . "'";
$result = DB_query($sql);
list($media_filename, $media_type) = DB_fetchArray($result);
$media_count = DB_getItem($_TABLES['mg_albums'], 'media_count', 'album_id=' . $album_id);
$media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $media_count, 'album_id', $album_id);
MG_updateAlbumLastUpdate($album_id);
$album_cover = DB_getItem($_TABLES['mg_albums'], 'album_cover', 'album_id=' . $album_id);
if ($album_cover == -1 && $media_type == 0) {
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $media_filename, 'album_id', $album_id);
}
// email the owner / uploader that the item has been approved.
COM_clearSpeedlimit(600, 'mgapprove');
$last = COM_checkSpeedlimit('mgapprove');
if ($last == 0) {
$result2 = DB_query("SELECT username, fullname, email FROM {$_TABLES['users']} WHERE uid='" . $owner_uid . "'");
list($username, $fullname, $email) = DB_fetchArray($result2);
if ($email != '') {
$subject = $LANG_MG01['upload_approved'];
$body = $LANG_MG01['upload_approved'];
$body .= '<br' . XHTML . '><br' . XHTML . '>';
$body .= $LANG_MG01['thanks_submit'];
$body .= '<br' . XHTML . '><br' . XHTML . '>';
$body .= $_CONF['site_name'] . '<br' . XHTML . '>';
$body .= $_CONF['site_url'] . '<br' . XHTML . '>';
$to = array();
$from = array();
$to = COM_formatEmailAddress($username, $email);
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
if (!COM_mail($to, $subject, $body, $from, true)) {
COM_errorLog("Media Gallery Error - Unable to send queue notification email");
}
COM_updateSpeedlimit('mgapprove');
}
}
// PLG_itemSaved($media_id, 'mediagallery');
// COM_rdfUpToDateCheck();
// COM_olderStuff();
return;
}
function execute($comment)
{
global $result, $_CONF, $_USER, $LANG_SX00, $_SPX_CONF;
if (isset($_USER['uid']) && $_USER['uid'] > 1) {
$uid = $_USER['uid'];
} else {
$uid = 1;
}
$uid .= '@' . $_SERVER['REMOTE_ADDR'];
$msg = sprintf($LANG_SX00['emailmsg'], $_CONF['site_name'], $uid, $comment);
// Add headers of the spam post to help track down the source.
// Function 'getallheaders' is not available when PHP is running as
// CGI. Print the HTTP_... headers from $_SERVER array instead then.
$msg .= "\n\n" . $LANG_SX00['headers'] . "\n";
if (function_exists('getallheaders')) {
$headers = getallheaders();
foreach ($headers as $key => $content) {
if (strcasecmp($key, 'Cookie') != 0) {
$msg .= $key . ': ' . $content . "\n";
}
}
} else {
foreach ($_SERVER as $key => $content) {
if (substr($key, 0, 4) == 'HTTP') {
if ($key != 'HTTP_COOKIE') {
$msg .= $key . ': ' . $content . "\n";
}
}
}
}
$subject = sprintf($LANG_SX00['emailsubject'], $_CONF['site_name']);
if (empty($_SPX_CONF['notification_email'])) {
$email_address = $_CONF['site_mail'];
} else {
$email_address = $_SPX_CONF['notification_email'];
}
$to = array();
$to = COM_formatEmailAddress('', $email_address);
COM_mail($to, $subject, $msg);
$result = 8;
SPAMX_log('Mail Sent to Admin');
return 0;
}
/**
* User request for a verification token - send email with a link and request id
*
* @param uid int userid of user who requested the new token
* @param msg int index of message to display (if any)
* @return string form or meta redirect
*
*/
function requesttoken($uid, $msg = 0)
{
global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
if (!isset($_SYSTEM['verification_token_ttl'])) {
$_SYSTEM['verification_token_ttl'] = 86400;
}
$retval = '';
$uid = (int) $uid;
$result = DB_query("SELECT uid,username,email,passwd,status FROM {$_TABLES['users']} WHERE uid = " . (int) $uid . " AND (account_type & " . LOCAL_USER . ")");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
}
$verification_id = USER_createActivationToken($uid, $A['username']);
$activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid;
$mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
$mailtext .= $LANG04[170] . "\n\n";
$mailtext .= "----------------------------\n";
$mailtext .= $LANG04[2] . ': ' . $A['username'] . "\n";
$mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
$mailtext .= "----------------------------\n\n";
$mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n";
$mailtext .= $activation_link . "\n\n";
$mailtext .= $LANG04[173] . "\n\n";
$mailtext .= $LANG04[174] . "\n\n";
$mailtext .= "--\n";
$mailtext .= $_CONF['site_name'] . "\n";
$mailtext .= $_CONF['site_url'] . "\n";
$subject = $_CONF['site_name'] . ': ' . $LANG04[16];
if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) {
$mailfrom = $_CONF['noreply_mail'];
global $LANG_LOGIN;
$mailtext .= LB . LB . $LANG04[159];
} else {
$mailfrom = $_CONF['site_mail'];
}
$to = array();
$to = COM_formatEmailAddress('', $A['email']);
$from = array();
$from = COM_formatEmailAddress('', $mailfrom);
COM_mail($to, $subject, $mailtext, $from);
COM_updateSpeedlimit('verifytoken');
if ($msg) {
echo COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}");
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
COM_updateSpeedlimit('verifytoken');
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=getnewtoken');
}
return $retval;
}
/**
* This function actually sends the messages to the specified group
*
* @param array $vars Same as $_POST, holds all the email info
* @return string HTML with success or error message
*
*/
function send_messages($vars)
{
global $_CONF, $_TABLES, $LANG31;
require_once $_CONF['path_system'] . 'lib-user.php';
$retval = '';
if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['message']) or empty($vars['to_group']) or strpos($vars['fra'], '@') !== false) {
$retval .= COM_showMessageText($LANG31[26]);
return $retval;
}
$to_group = COM_applyFilter($vars['to_group'], true);
if ($to_group > 0) {
$group_name = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$to_group}");
if (!SEC_inGroup($group_name)) {
return COM_refresh($_CONF['site_admin_url'] . '/mail.php');
}
} else {
return COM_refresh($_CONF['site_admin_url'] . '/mail.php');
}
// Urgent message!
if (isset($vars['priority'])) {
$priority = 1;
} else {
$priority = 0;
}
// If you want to send html mail
if (isset($vars['html'])) {
$html = true;
} else {
$html = false;
}
$groupList = implode(',', USER_getChildGroups($to_group));
// and now mail it
if (isset($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email IS NOT NULL) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email IS NOT NULL) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
$result = DB_query($sql);
$nrows = DB_numRows($result);
$from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']);
$subject = COM_stripslashes($vars['subject']);
$message = COM_stripslashes($vars['message']);
// Loop through and send the messages!
$successes = array();
$failures = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['username'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
}
if (!COM_mail($to, $subject, $message, $from, $html, $priority)) {
$failures[] = htmlspecialchars($to);
} else {
$successes[] = htmlspecialchars($to);
}
}
$retval .= COM_startBlock($LANG31[1]);
$failcount = count($failures);
$successcount = count($successes);
$mailresult = str_replace('<successcount>', $successcount, $LANG31[20]);
$retval .= str_replace('<failcount>', $failcount, $mailresult);
$retval .= '<h2>' . $LANG31[21] . '</h2>';
for ($i = 0; $i < count($failures); $i++) {
$retval .= current($failures) . '<br' . XHTML . '>';
next($failures);
}
if (count($failures) == 0) {
$retval .= $LANG31[23];
}
$retval .= '<h2>' . $LANG31[22] . '</h2>';
for ($i = 0; $i < count($successes); $i++) {
$retval .= current($successes) . '<br' . XHTML . '>';
next($successes);
}
if (count($successes) == 0) {
$retval .= $LANG31[24];
}
$retval .= COM_endBlock();
return $retval;
}
/**
* Custom email function for creating an email message in ISO-2022-JP
*/
function CUSTOM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0, $cc = '')
{
global $_CONF, $LANG_CHARSET;
static $mailobj;
include_once 'Mail.php';
include_once 'Mail/RFC822.php';
if (defined('CUSTOM_MAIL_DEBUG')) {
COM_errorLog('CUSTOM_mail: to=' . $to . ' subject=' . $subject);
}
// 余分なヘッダを追加されないように改行コードを削除
$to = substr($to, 0, strcspn($to, "\r\n"));
$cc = substr($cc, 0, strcspn($cc, "\r\n"));
$from = substr($from, 0, strcspn($from, "\r\n"));
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
// Fromが空の場合は、サイト管理者のアドレスにする
if (empty($from)) {
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
}
// ヘッダをエスケープ(1.5.2では、この時点でエスケープ済み)
// NOTE: version_compare(VERSION, '1.5.2')とすると、security releaseでは
// 判定に失敗する
preg_match("/^(\\d+\\.\\d+\\.\\d+).*\$/", VERSION, $match);
if (version_compare($match[1], '1.5.2') < 0) {
list($temp_to_comment, $temp_to_address) = CUSTOM_splitAddress($to);
$to = CUSTOM_formatEmailAddress($temp_to_comment, $temp_to_address);
list($temp_cc_comment, $temp_cc_address) = CUSTOM_splitAddress($cc);
$cc = CUSTOM_formatEmailAddress($temp_cc_comment, $temp_cc_address);
list($temp_from_comment, $temp_from_address) = CUSTOM_splitAddress($from);
$from = CUSTOM_formatEmailAddress($temp_from_comment, $temp_from_address);
$subject = CUSTOM_emailEscape($subject);
}
// 本文をエスケープ
$message = CUSTOM_convertEncoding($message, CUSTOM_MAIL_ENCODING);
$message = str_replace(array("\r\n", "\n", "\r"), CUSTOM_MAIL_BODY_LINEBREAK, $message);
// メールオブジェクトを作成
$method = $_CONF['mail_settings']['backend'];
if (!isset($mailobj)) {
if ($method === 'sendmail' or $method === 'smtp') {
$mailobj =& Mail::factory($method, $_CONF['mail_settings']);
} else {
$mailobj =& Mail::factory($method);
}
}
// ヘッダ組み立て
$headers = array();
$headers['From'] = $from;
if ($method != 'mail') {
$headers['To'] = $to;
}
if (!empty($cc)) {
$headers['Cc'] = $cc;
}
$headers['Date'] = date('r');
// RFC822 formatted date
if ($method === 'smtp') {
list($usec, $sec) = explode(' ', microtime());
$m = substr($usec, 2, 5);
$headers['Message-Id'] = '<' . date('YmdHis') . '.' . $m . '@' . $_CONF['mail_settings']['host'] . '>';
}
if ($html) {
$headers['Content-Type'] = 'text/html; charset=' . CUSTOM_MAIL_ENCODING;
$headers['Content-Transfer-Encoding'] = '8bit';
} else {
$headers['Content-Type'] = 'text/plain; charset=' . CUSTOM_MAIL_ENCODING;
}
$headers['Subject'] = $subject;
if ($priority > 0) {
$headers['X-Priority'] = $priority;
}
$headers['X-Mailer'] = 'Geeklog-' . VERSION . ' (' . CUSTOM_MAIL_ENCODING . ')';
$retval = $mailobj->send($to, $headers, $message);
if ($retval !== true) {
COM_errorLog($retval->toString(), 1);
}
return $retval === true;
}
/**
* User request for a verification token - send email with a link and request id
*
* @param uid int userid of user who requested the new token
* @param msg int index of message to display (if any)
* @return string form or meta redirect
*
*/
function requesttoken($uid, $msg = 0)
{
global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
if (!isset($_SYSTEM['verification_token_ttl'])) {
$_SYSTEM['verification_token_ttl'] = 86400;
}
$retval = '';
$uid = (int) $uid;
$result = DB_query("SELECT uid,username,email,passwd,status FROM {$_TABLES['users']} WHERE uid = " . (int) $uid . " AND (account_type & " . LOCAL_USER . ")");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
}
$verification_id = USER_createActivationToken($uid, $A['username']);
$activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid;
$T = new Template($_CONF['path_layout'] . 'email/');
$T->set_file(array('html_msg' => 'newuser_template_html.thtml', 'text_msg' => 'newuser_template_text.thtml'));
$T->set_var(array('url' => $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid, 'lang_site_or_password' => $LANG04[171], 'site_link_url' => $_CONF['site_url'], 'lang_activation' => sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600), 'lang_button_text' => $LANG04[203], 'title' => $_CONF['site_name'] . ': ' . $LANG04[16], 'site_name' => $_CONF['site_name'], 'username' => $A['username']));
$T->parse('output', 'html_msg');
$mailhtml = $T->finish($T->get_var('output'));
$T->parse('output', 'text_msg');
$mailtext = $T->finish($T->get_var('output'));
$msgData['htmlmessage'] = $mailhtml;
$msgData['textmessage'] = $mailtext;
$msgData['subject'] = $_CONF['site_name'] . ': ' . $LANG04[16];
$to = array();
$from = array();
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['noreply_mail']);
$to = COM_formatEmailAddress('', $A['email']);
COM_mail($to, $msgData['subject'], $msgData['htmlmessage'], $from, true, 0, '', $msgData['textmessage']);
COM_updateSpeedlimit('verifytoken');
if ($msg) {
echo COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}");
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
COM_updateSpeedlimit('verifytoken');
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=getnewtoken');
}
return $retval;
}
/**
* Send an email.
*
* All emails sent by Geeklog are sent through this function.
*
* NOTE: Please note that using CC: will expose the email addresses of
* all recipients. Use with care.
*
* @param string $to recipients name and email address
* @param string $subject subject of the email
* @param string $message the text of the email
* @param string $from (optional) sender of the the email
* @param boolean $html (optional) true if to be sent as HTML email
* @param int $priority (optional) add X-Priority header, if > 0
* @param mixed $optional (optional) other headers or CC:
* @return boolean true if successful, otherwise false
*
*/
function COM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0, $optional = null)
{
global $_CONF;
static $mailobj;
if (empty($from)) {
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
}
$to = substr($to, 0, strcspn($to, "\r\n"));
if ($optional != null && !is_array($optional)) {
$optional = substr($optional, 0, strcspn($optional, "\r\n"));
}
$from = substr($from, 0, strcspn($from, "\r\n"));
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = COM_emailEscape($subject);
if (function_exists('CUSTOM_mail')) {
return CUSTOM_mail($to, $subject, $message, $from, $html, $priority, $optional);
}
include_once 'Mail.php';
include_once 'Mail/RFC822.php';
$method = $_CONF['mail_settings']['backend'];
if (!isset($mailobj)) {
if ($method == 'sendmail' || $method == 'smtp') {
$mailobj =& Mail::factory($method, $_CONF['mail_settings']);
} else {
$method = 'mail';
$mailobj =& Mail::factory($method);
}
}
$charset = COM_getCharset();
$headers = array();
$headers['From'] = $from;
if ($method != 'mail') {
$headers['To'] = $to;
}
if ($optional != null && !is_array($optional) && !empty($optional)) {
// assume old (optional) CC: header
$headers['Cc'] = $optional;
}
$headers['Date'] = date('r');
// RFC822 formatted date
if ($method == 'smtp') {
list($usec, $sec) = explode(' ', microtime());
$m = substr($usec, 2, 5);
$headers['Message-Id'] = '<' . date('YmdHis') . '.' . $m . '@' . $_CONF['mail_settings']['host'] . '>';
}
if ($html) {
$headers['Content-Type'] = 'text/html; charset=' . $charset;
$headers['Content-Transfer-Encoding'] = '8bit';
} else {
$headers['Content-Type'] = 'text/plain; charset=' . $charset;
}
$headers['Subject'] = $subject;
if ($priority > 0) {
$headers['X-Priority'] = $priority;
}
$headers['X-Mailer'] = 'Geeklog ' . VERSION;
if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
$url = COM_getCurrentURL();
if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) {
$headers['X-Originating-IP'] = $_SERVER['REMOTE_ADDR'];
}
}
// add optional headers last
if ($optional != null && is_array($optional)) {
foreach ($optional as $h => $v) {
$headers[$h] = $v;
}
}
$retval = $mailobj->send($to, $headers, $message);
if ($retval !== true) {
COM_errorLog($retval->toString(), 1);
}
return $retval === true ? true : false;
}
public function testFormatEmailAddress()
{
// Line 3133
$email = COM_formatEmailAddress('John Doe', '*****@*****.**');
$formattedEmail = 'John Doe <*****@*****.**>';
$this->assertEquals($formattedEmail, $email);
}
/**
* This function used to send out reminders to users to access the site or account may be deleted
*
* @return string HTML with success or error message
*
*/
function USER_sendReminders()
{
global $_CONF, $_TABLES, $LANG04, $LANG28;
$msg = '';
$user_list = array();
if (isset($_POST['delitem'])) {
$user_list = $_POST['delitem'];
}
$nusers = count($user_list);
if (count($user_list) == 0) {
$msg = $LANG28[79] . '<br/>';
} else {
$c = 0;
if (isset($_POST['delitem']) and is_array($_POST['delitem'])) {
foreach ($_POST['delitem'] as $delitem) {
$uid = COM_applyFilter($delitem);
$useremail = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
$username = DB_getItem($_TABLES['users'], 'username', "uid = '{$uid}'");
$lastlogin = DB_getItem($_TABLES['userinfo'], 'lastlogin', "uid = '{$uid}'");
$lasttime = COM_getUserDateTimeFormat($lastlogin);
if (file_exists($_CONF['path_data'] . 'reminder_email.txt')) {
$template = new Template($_CONF['path_data']);
$template->set_file(array('mail' => 'reminder_email.txt'));
$template->set_var('site_url', $_CONF['site_url']);
$template->set_var('site_name', $_CONF['site_name']);
$template->set_var('site_slogan', $_CONF['site_slogan']);
$template->set_var('lang_username', $LANG04[2]);
$template->set_var('username', $username);
$template->set_var('name', COM_getDisplayName($uid));
$template->set_var('lastlogin', $lasttime[0]);
$template->parse('output', 'mail');
$mailtext = $template->get_var('output');
} else {
if ($lastlogin == 0) {
$mailtext = $LANG28[83] . "\n\n";
} else {
$mailtext = sprintf($LANG28[82], $lasttime[0]) . "\n\n";
}
$mailtext .= sprintf($LANG28[84], $username) . "\n";
$mailtext .= sprintf($LANG28[85], $_CONF['site_url'] . '/users.php?mode=getpassword') . "\n\n";
}
$subject = sprintf($LANG28[81], $_CONF['site_name']);
if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) {
$mailfrom = $_CONF['noreply_mail'];
global $LANG_LOGIN;
$mailtext .= LB . LB . $LANG04[159];
} else {
$mailfrom = $_CONF['site_mail'];
}
$to = array();
$to = COM_formatEmailAddress($username, $useremail);
$from = array();
$from = COM_formatEmailAddress('', $mailfrom);
if (COM_mail($to, $subject, $mailtext, $from)) {
DB_query("UPDATE {$_TABLES['users']} SET num_reminders=num_reminders+1 WHERE uid={$uid}");
$c++;
} else {
COM_errorLog("Error attempting to send account reminder to user: {$username} ({$uid})");
}
}
}
COM_numberFormat($c);
// just in case we have more than 999)..
$msg .= "{$LANG28[80]}: {$c}<br/>\n";
}
return $msg;
}
/**
* Send an email notification when a new user registers with the site.
*
* @param username string User name of the new user
* @param email string Email address of the new user
* @param uid int User id of the new user
* @param mode string Mode user was added at.
*
*/
function USER_sendNotification($username, $email, $uid, $mode = 'inactive')
{
global $_CONF, $_USER, $_TABLES, $LANG01, $LANG04, $LANG08, $LANG28, $LANG29;
$dt = new Date('now', $_USER['tzid']);
$mailbody = "{$LANG04['2']}: {$username}\n" . "{$LANG04['5']}: {$email}\n" . "{$LANG28['14']}: " . $dt->format($_CONF['date'], true) . "\n\n";
if ($mode == 'inactive') {
// user needs admin approval
$mailbody .= "{$LANG01['10']} {$_CONF['site_admin_url']}/moderation.php\n\n";
} else {
// user has been created, or has activated themselves:
$mailbody .= "{$LANG29['4']} {$_CONF['site_url']}/users.php?mode=profile&uid={$uid}\n\n";
}
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG29[40];
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
}
/**
* Email ad to a friend
*
* @param string $ad id of ad to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the ad
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function CLASSIFIEDS_mailAd($ad, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
// check for correct $_CONF permission
if (COM_isAnonUser() && $_CONF['loginrequired'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
//Query ad
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
return $retval;
}
function fncsendmail($mode = "", $uidfrom = "", $uidto = "", $wkymlmguserflg = "")
{
global $_CONF;
global $_TABLES;
global $LANG_ASSIST_ADMIN;
require_once $_CONF['path_system'] . 'lib-user.php';
//$html = true ; // If you want to send html mail
$html = false;
// If you want to send html mail
/// Loop through and send the messages!
//log 出力モード設定 0:作成しない,1:ファイルに出力
$logmode = 1;
//$logfile = $_CONF['path_log'] . 'wkymlmguser.log';
$logfile = $_CONF['path_log'] . 'assist_newsletter.log';
$retval = '';
$fromname = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_fromname'");
$fromname = COM_stripslashes($fromname);
$replyto = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_replyto'");
$replyto = COM_stripslashes($replyto);
$sprefix = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_sprefix'");
$sprefix = COM_stripslashes($sprefix);
$sid = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_sid'");
$sid = COM_stripslashes($sid);
$testto = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_testto'");
$testto = COM_stripslashes($testto);
$uidfrom = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_uidfrom'");
$uidfrom = COM_stripslashes($uidfrom);
$uidto = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_uidto'");
$uidto = COM_stripslashes($uidto);
//送信先環境
$toenv = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_toenv'");
$toenv = COM_stripslashes($toenv);
//送信先グループ
$selectgroup = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_selectgroup'");
$selectgroup = COM_stripslashes($selectgroup);
// 冒頭文 本文 introbody
$introbody = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_introbody'");
$introbody = COM_stripslashes($introbody);
// ユーザの受信許可設定を無視して送る
$overstyr = DB_getItem($_TABLES['vars'], 'value', "name = 'assist_overstyr'");
$overstyr = COM_stripslashes($overstyr);
$from = COM_formatEmailAddress($fromname, $replyto);
$subject = DB_getItem($_TABLES['stories'], "title", "sid='{$sid}'");
$subject = $sprefix . $subject;
if ($introbody == "1") {
$message = DB_getItem($_TABLES['stories'], "bodytext", "sid='{$sid}'");
} else {
$message = DB_getItem($_TABLES['stories'], "introtext", "sid='{$sid}'");
}
$message = str_replace('<br' . XHTML . '>', LB, $message);
$message = strip_tags($message);
$failures = array();
$successes = array();
if ($mode == "test") {
$message = $LANG_ASSIST_ADMIN['mail_test_message'] . LB . $message;
$to = $testto;
if (!COM_mail($to, $subject, $message, $from, $html, $priority)) {
$failures[] = htmlspecialchars($to);
$logentry = $LANG_ASSIST_ADMIN['mail_test_ng'] . $to;
$dummy = LIB_OutLog($logentry, $logfile, $logmode);
} else {
$successes[] = htmlspecialchars($to);
$logentry = $LANG_ASSIST_ADMIN['mail_test_ok'] . $to;
$dummy = LIB_OutLog($logentry, $logfile, $logmode);
}
$retval = $logentry;
} else {
$sql = "SELECT DISTINCT t1.uid ,t1.email FROM ";
//メルマガユーザか選択されたグループの登録ユーザか
if ($selectgroup === "99999") {
if ($wkymlmguserflg) {
$sql .= $_TABLES['wkymlmguser'] . " AS t1 " . LB;
$sql .= " where " . LB;
if ($uidfrom != "0") {
$sql .= " (t1.uid between " . $uidfrom . " and " . $uidto . ")" . LB;
}
} else {
$err = "メルマガプラグインが有効ではありません";
return $err;
}
} else {
$groupList = implode(',', USER_getChildGroups($selectgroup));
$sql .= "{$_TABLES['users']} AS t1 " . LB;
$sql .= ",{$_TABLES['userprefs']} AS t2 " . LB;
$sql .= ",{$_TABLES['group_assignments']} AS t3 " . LB;
$sql .= " where " . LB;
$sql .= " (t1.uid = t2.uid ) " . LB;
$sql .= " AND (t1.uid >1) " . LB;
$sql .= " AND (t1.status =3) " . LB;
// ユーザの受信許可設定を無視して送る でなければ
if ($overstyr != "1") {
$sql .= " AND (t2.emailfromadmin =1) " . LB;
}
//指定グループ
$sql .= " AND (t1.uid = t3.ug_uid) AND t3.ug_main_grp_id IN ({$groupList})" . LB;
if ($uidfrom != "0") {
$sql .= " AND (t1.uid between " . $uidfrom . " and " . $uidto . ")" . LB;
}
}
//---
$sql .= " order by uid " . LB;
$result = DB_query($sql);
if ($result !== false) {
$result = DB_query($sql);
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
//送付先環境のチェック
if ($toenv == '1') {
// PCのみ
if (LIB_mail_is_mobile($A['email'])) {
continue;
}
} elseif ($toenv == '2') {
// 携帯のみ
if (!LIB_mail_is_mobile($A['email'])) {
continue;
}
}
//
$to = $A['email'];
if (!COM_mail($to, $subject, $message, $from, $html, $priority)) {
$failures[] = htmlspecialchars($to);
$logentry = "NG uid:{$A['uid']} mail:{$A['email']}";
$dummy = LIB_OutLog($logentry, $logfile, $logmode);
} else {
$successes[] = htmlspecialchars($to);
$logentry = "OK uid:{$A['uid']} mail:{$A['email']}";
$dummy = LIB_OutLog($logentry, $logfile, $logmode);
}
}
}
$failcount = count($failures);
$successcount = count($successes);
$retval .= $LANG_ASSIST_ADMIN['mail_send_success'] . "=" . $successcount . $LANG_ASSIST_ADMIN['mail_send_failure'] . "=" . $failcount . "<br>";
}
return $retval;
}
/**
* This function actually sends the messages to the specified group
*
* @param array $vars Same as $_POST, holds all the email info
* @return string HTML with success or error message
*
*/
function MAIL_sendMessages($vars)
{
global $_CONF, $_TABLES, $LANG31;
USES_lib_user();
$retval = '';
$html = 0;
$message = $vars['message'];
if ($vars['postmode'] == 'html') {
$html = true;
}
$usermode = (int) $vars['to_uid'] > 0 && (int) $vars['to_group'] == 0 ? true : false;
if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($message) or empty($vars['to_group']) && empty($vars['to_uid'])) {
$retval .= COM_showMessageText($LANG31[26], $LANG31[1], true);
$msg = htmlspecialchars($vars['message'], ENT_COMPAT, COM_getEncodingt());
$subject = htmlspecialchars($vars['subject'], ENT_COMPAT, COM_getEncodingt());
$fra = htmlspecialchars($vars['fra'], ENT_COMPAT, COM_getEncodingt());
$fraepost = htmlspecialchars($vars['fraepost'], ENT_COMPAT, COM_getEncodingt());
$retval .= MAIL_displayForm($vars['to_uid'], $vars['to_group'], $fra, $fraepost, $subject, $msg);
return $retval;
}
// Urgent message!
if (isset($vars['priority'])) {
$priority = 1;
} else {
$priority = 0;
}
$toUsers = array();
if ($usermode) {
$result = DB_query("SELECT email,username FROM {$_TABLES['users']} WHERE uid=" . (int) COM_applyFilter($vars['to_uid'], true));
if (DB_numRows($result) > 0) {
list($email, $username) = DB_fetchArray($result);
$toUsers[] = COM_formatEmailAddress($username, $email);
}
} else {
$groupList = implode(',', USER_getChildGroups((int) COM_applyFilter($vars['to_group'], true)));
// and now mail it
if (isset($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
$result = DB_query($sql);
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (empty($A['fullname'])) {
$toUsers[] = COM_formatEmailAddress($A['username'], $A['email']);
} else {
$toUsers[] = COM_formatEmailAddress($A['fullname'], $A['email']);
}
}
}
$from = array();
$from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']);
$subject = $vars['subject'];
// Loop through and send the messages!
$successes = array();
$failures = array();
foreach ($toUsers as $to) {
if (defined('DEMO_MODE')) {
$successes[] = htmlspecialchars($to[0]);
} else {
if (!COM_mail($to, $subject, $message, $from, $html, $priority)) {
$failures[] = htmlspecialchars($to[0]);
} else {
$successes[] = htmlspecialchars($to[0]);
}
}
}
$retval .= COM_startBlock($LANG31[1]);
$failcount = count($failures);
$successcount = count($successes);
$mailresult = str_replace('<successcount>', $successcount, $LANG31[20]);
$retval .= str_replace('<failcount>', $failcount, $mailresult);
$retval .= '<h2>' . $LANG31[21] . '</h2>';
for ($i = 0; $i < count($failures); $i++) {
$retval .= current($failures) . '<br/>';
next($failures);
}
if (count($failures) == 0) {
$retval .= $LANG31[23];
}
$retval .= '<h2>' . $LANG31[22] . '</h2>';
for ($i = 0; $i < count($successes); $i++) {
$retval .= current($successes) . '<br/>';
next($successes);
}
if (count($successes) == 0) {
$retval .= $LANG31[24];
}
$retval .= COM_endBlock();
return $retval;
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
$dt = new Date('now', $_USER['tzid']);
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retURL = $storyurl . '?msg=85';
} else {
$retURL = $storyurl . '&msg=85';
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
echo COM_refresh($retURL);
exit;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
echo COM_refresh($retURL);
exit;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
echo COM_refresh($retURL);
exit;
}
$filter = sanitizer::getInstance();
if ($html) {
$filter->setPostmode('html');
} else {
$filter->setPostmode('text');
}
$allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']);
$filter->setAllowedElements($allowedElements);
$filter->setCensorData(true);
$filter->setReplaceTags(true);
$filter->setNamespace('glfusion', 'mail_story');
$sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
$result = DB_query($sql);
if (DB_numRows($result) == 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
if ($html) {
$shortmsg = $filter->filterHTML($shortmsg);
}
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$dt->setTimestamp($A['day']);
if ($html) {
$mailtext .= '<p>------------------------------------------------------------</p>' . '<p>' . COM_undoSpecialChars($A['title']) . '</p>' . '<p>' . $dt->format($_CONF['date'], true) . '</p>';
} else {
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($A['title']) . LB . $dt->format($_CONF['date'], true) . LB;
}
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($A['uid']);
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
if ($html) {
$mailtext .= '<p>' . $filter->displayText($A['introtext']) . '<br />' . $filter->displayText($A['bodytext']) . '</p>' . '<p>------------------------------------------------------------</p>';
} else {
$mailtext .= $filter->displayText($A['introtext']) . LB . $filter->displayText($A['bodytext']) . LB . LB . '------------------------------------------------------------' . LB;
}
if ($A['commentcode'] == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = array();
$mailfrom = array();
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title']));
$rc = COM_mail($mailto, $subject, $mailtext, $mailfrom, $html);
COM_updateSpeedlimit('mail');
if ($rc) {
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=27');
} else {
$retval = COM_refresh($storyurl . '&msg=27');
}
} else {
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=26');
} else {
$retval = COM_refresh($storyurl . '&msg=26');
}
}
echo COM_refresh($retval);
exit;
}
/**
* This will email new stories in the topics that the user is interested in
*
* In account information the user can specify which topics for which they
* will receive any new article for in a daily digest.
*
* @return void
*/
function COM_emailUserTopics()
{
global $_CONF, $_USER, $_VARS, $_TABLES, $LANG04, $LANG08, $LANG24;
if ($_CONF['emailstories'] == 0) {
return;
}
$storytext = '';
$storytext_text = '';
USES_lib_story();
$subject = strip_tags($_CONF['site_name'] . $LANG08[30] . strftime('%Y-%m-%d', time()));
$authors = array();
// Get users who want stories emailed to them
$usersql = "SELECT username,email,etids,{$_TABLES['users']}.uid AS uuid, status " . "FROM {$_TABLES['users']}, {$_TABLES['userindex']} " . "WHERE {$_TABLES['users']}.uid > 1 AND {$_TABLES['userindex']}.uid = {$_TABLES['users']}.uid AND status=" . USER_ACCOUNT_ACTIVE . " AND (etids <> '-' OR etids IS NULL) ORDER BY {$_TABLES['users']}.uid";
$users = DB_query($usersql);
$nrows = DB_numRows($users);
if (!isset($_VARS['lastemailedstories'])) {
$_VARS['lastemailedstories'] = 0;
}
$lastrun = $_VARS['lastemailedstories'];
// For each user, pull the stories they want and email it to them
for ($x = 0; $x < $nrows; $x++) {
$U = DB_fetchArray($users);
$storysql = "SELECT sid,uid,date AS day,title,introtext,bodytext";
$commonsql = " FROM {$_TABLES['stories']} WHERE draft_flag = 0 AND date <= NOW() AND date >= '{$lastrun}'";
$topicsql = "SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL('WHERE', $U['uuid']);
$tresult = DB_query($topicsql);
$trows = DB_numRows($tresult);
if ($trows == 0) {
// this user doesn't seem to have access to any topics ...
continue;
}
$TIDS = array();
for ($i = 0; $i < $trows; $i++) {
$T = DB_fetchArray($tresult);
$TIDS[] = $T['tid'];
}
if (!empty($U['etids'])) {
$ETIDS = explode(' ', $U['etids']);
$TIDS = array_intersect($TIDS, $ETIDS);
}
if (sizeof($TIDS) > 0) {
$commonsql .= " AND (tid IN ('" . implode("','", $TIDS) . "'))";
}
$commonsql .= COM_getPermSQL('AND', $U['uuid']);
$commonsql .= ' ORDER BY featured DESC, date DESC';
$storysql .= $commonsql;
$stories = DB_query($storysql);
$nsrows = DB_numRows($stories);
if ($nsrows == 0) {
// If no new stories where pulled for this user, continue with next
continue;
}
$T = new Template($_CONF['path_layout']);
$T->set_file(array('message' => 'digest.thtml', 'story' => 'digest_story.thtml'));
$TT = new Template($_CONF['path_layout']);
$TT->set_file(array('message' => 'digest_text.thtml', 'story' => 'digest_story_text.thtml'));
$T->set_var('week_date', strftime($_CONF['shortdate'], time()));
$TT->set_var('week_date', strftime($_CONF['shortdate'], time()));
$T->set_var('site_name', $_CONF['site_name']);
$TT->set_var('site_name', $_CONF['site_name']);
$T->set_var('remove_msg', sprintf($LANG08[36], $_CONF['site_name'], $_CONF['site_url']));
$TT->set_var('remove_msg', sprintf($LANG08[37], $_CONF['site_name'], $_CONF['site_url']));
for ($y = 0; $y < $nsrows; $y++) {
// Loop through stories building the requested email message
$S = DB_fetchArray($stories);
$story = new Story();
$args = array('sid' => $S['sid'], 'mode' => 'view');
$output = STORY_LOADED_OK;
$result = PLG_invokeService('story', 'get', $args, $output, $svc_msg);
if ($result == PLG_RET_OK) {
/* loadFromArray cannot be used, since it overwrites the timestamp */
reset($story->_dbFields);
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
if (array_key_exists($fieldname, $output)) {
$story->{$varname} = $output[$fieldname];
}
}
$story->_username = $output['username'];
$story->_fullname = $output['fullname'];
}
$story_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $S['sid']);
$title = COM_undoSpecialChars($S['title']);
if ($_CONF['contributedbyline'] == 1) {
if (empty($authors[$S['uid']])) {
$storyauthor = COM_getDisplayName($S['uid']);
$authors[$S['uid']] = $storyauthor;
} else {
$storyauthor = $authors[$S['uid']];
}
}
$dt = new Date($S['day'], $_USER['tzid']);
$story_date = $dt->format($_CONF['date'], true);
if ($_CONF['emailstorieslength'] > 0) {
$storytext = COM_undoSpecialChars(strip_tags(PLG_replaceTags($S['introtext'], 'glfusion', 'story')));
$storytext_text = COM_undoSpecialChars(strip_tags(PLG_replaceTags($S['introtext'], 'glfusion', 'story')));
if ($_CONF['emailstorieslength'] > 1) {
$storytext = COM_truncate($storytext, $_CONF['emailstorieslength'], '...');
$storytext_text = COM_truncate($storytext_text, $_CONF['emailstorieslength'], '...');
}
} else {
$storytext = '';
$storytext_text = '';
}
$T->set_var('story_introtext', $storytext);
$TT->set_var('story_introtext', $storytext_text);
$T->set_var(array('story_url' => $story_url, 'story_title' => $title, 'story_author' => $storyauthor, 'story_date' => $story_date, 'story_text' => $storytext));
$T->parse('digest_stories', 'story', true);
$TT->set_var(array('story_url' => $story_url, 'story_title' => $title, 'story_author' => $storyauthor, 'story_date' => $story_date, 'story_text' => $storytext_text));
$TT->parse('digest_stories', 'story', true);
}
$T->parse('digest', 'message', true);
$TT->parse('digest', 'message', true);
$mailtext = $T->finish($T->get_var('digest'));
$mailtext_text = $TT->finish($TT->get_var('digest'));
$mailfrom = $_CONF['noreply_mail'];
$mailtext .= LB . LB . $LANG04[159];
$mailtext_text .= LB . LB . $LANG04[159];
$to = array();
$from = array();
$from = COM_formatEmailAddress('', $mailfrom);
$to = COM_formatEmailAddress($U['username'], $U['email']);
COM_mail($to, $subject, $mailtext, $from, 1, 0, '', $mailtext_text);
}
DB_query("UPDATE {$_TABLES['vars']} SET value = NOW() WHERE name = 'lastemailedstories'");
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
$dt = new Date('now', $_USER['tzid']);
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retURL = $storyurl . '?msg=85';
} else {
$retURL = $storyurl . '&msg=85';
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
echo COM_refresh($retURL);
exit;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
echo COM_refresh($retURL);
exit;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
echo COM_refresh($retURL);
exit;
}
$filter = sanitizer::getInstance();
if ($html) {
$filter->setPostmode('html');
} else {
$filter->setPostmode('text');
}
$allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']);
$filter->setAllowedElements($allowedElements);
$filter->setCensorData(true);
$filter->setReplaceTags(true);
$filter->setNamespace('glfusion', 'mail_story');
$sql = "SELECT uid,title,introtext,bodytext,story_image,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
$result = DB_query($sql);
if (DB_numRows($result) == 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$result = PLG_checkforSpam($shortmsg, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
USES_lib_html2text();
$T = new Template($_CONF['path_layout'] . 'email/');
$T->set_file(array('html_msg' => 'mailstory_html.thtml', 'text_msg' => 'mailstory_text.thtml'));
// filter any HTML from the short message
$shortmsg = $filter->filterHTML($shortmsg);
$html2txt = new html2text($shortmsg, false);
$shortmsg_text = $html2txt->get_text();
$story_body = COM_truncateHTML($A['introtext'], 512);
$html2txt = new html2text($story_body, false);
$story_body_text = $html2txt->get_text();
$dt->setTimestamp($A['day']);
$story_date = $dt->format($_CONF['date'], true);
$story_title = COM_undoSpecialChars($A['title']);
$story_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($A['uid']);
} else {
$author = '';
}
if ($A['story_image'] != '') {
$story_image = $_CONF['site_url'] . $A['story_image'];
} else {
$story_image = '';
}
$T->set_var(array('shortmsg_html' => $shortmsg, 'shortmsg_text' => $shortmsg_text, 'story_title' => $story_title, 'story_date' => $story_date, 'story_url' => $story_url, 'author' => $author, 'story_image' => $story_image, 'story_body_html' => $story_body, 'story_body_text' => $story_body_text, 'lang_by' => $LANG01[1], 'site_name' => $_CONF['site_name'], 'from_name' => $from, 'disclaimer' => sprintf($LANG08[23], $from, $fromemail)));
$T->parse('message_body_html', 'html_msg');
$message_body_html = $T->finish($T->get_var('message_body_html'));
$T->parse('message_body_text', 'text_msg');
$message_body_text = $T->finish($T->get_var('message_body_text'));
$msgData = array('htmlmessage' => $message_body_html, 'textmessage' => $message_body_text, 'subject' => $story_title, 'from' => array('email' => $_CONF['site_mail'], 'name' => $from), 'to' => array('email' => $toemail, 'name' => $to));
$mailto = array();
$mailfrom = array();
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title']));
$rc = COM_mail($mailto, $msgData['subject'], $msgData['htmlmessage'], $mailfrom, true, 0, '', $msgData['textmessage']);
COM_updateSpeedlimit('mail');
if ($rc) {
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=27');
} else {
$retval = COM_refresh($storyurl . '&msg=27');
}
} else {
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=26');
} else {
$retval = COM_refresh($storyurl . '&msg=26');
}
}
echo COM_refresh($retval);
exit;
}
/**
* Send report about abusive comment
*
* @param string $cid comment id
* @param string $type type of comment ('article', 'poll', ...)
* @return string Meta refresh or HTML for error message
*
*/
function CMT_sendReport($cid, $type)
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09, $LANG_LOGIN;
if (COM_isAnonUser()) {
$retval = COM_siteHeader('menu', $LANG_LOGIN[1]);
$retval .= SEC_loginRequiredForm();
$retval .= COM_siteFooter();
return $retval;
}
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}");
$result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid . " AND type = '" . DB_escapeString($type) . "'");
$A = DB_fetchArray($result);
$title = $A['title'];
$comment = $A['comment'];
// strip HTML if posted in HTML mode
if (preg_match('/<.*>/', $comment) != 0) {
$comment = strip_tags($comment);
}
$author = COM_getDisplayName($A['uid']);
if ($A['uid'] <= 1 && !empty($A['ipaddress'])) {
// add IP address for anonymous posters
$author .= ' (' . $A['ipaddress'] . ')';
}
$mailbody = sprintf($LANG03[26], $username);
$mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n";
if ($type != 'article' && $type != 'poll') {
$mailbody .= "{$LANG09['5']}: {$type}\n";
}
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $comment . "\n\n";
}
$mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27];
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
COM_updateSpeedlimit('mail');
return COM_refresh($_CONF['site_url'] . '/index.php?msg=27');
}
/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param bool $cc Whether to send a copy of the message to the author
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function CONTACT_contactemail($uid, $cc, $author, $authoremail, $subject, $message)
{
global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG12, $MESSAGE;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
$last = COM_checkSpeedlimit('mail');
if ($last > 0) {
$return .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG08[39] . $last . $LANG08[40] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $return;
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail) && strpos($author, '@') === false) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}");
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags(COM_stripslashes($sig));
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_stripslashes($subject);
$message = COM_stripslashes($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($msg, 2) . CONTACT_contactform($uid, $cc, $subject, $message);
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$message = strip_tags($message) . $sig;
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$sent = COM_mail($to, $subject, $message, $from);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname']));
$ccmessage .= "\n------------------------------------------------------------\n\n" . $message;
$sent = COM_mail($from, $subject, $ccmessage, $from);
}
COM_updateSpeedlimit('mail');
$retval .= COM_refresh($_CONF['site_url'] . '/' . $_CONTACT_CONF['folder_name'] . '/index.php?what=msg&msg=' . urlencode($sent ? $MESSAGE['27'] : $MESSAGE['85']));
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($LANG08[3], 2) . CONTACT_contactform($uid, $cc, $subject, $message);
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($LANG08[4], 2) . CONTACT_contactform($uid, $cc, $subject, $message);
}
return $retval;
}
/**
* Send a notification email when a new trackback comment has been posted
*
* @param int $cid ID of the trackback comment
* @param string $what type of notification: 'trackback' or 'pingback'
* @return void
*/
function TRB_sendNotificationEmail($cid, $what = 'trackback')
{
global $_CONF, $_TABLES, $LANG03, $LANG08, $LANG09, $LANG29, $LANG_TRB;
$cid = DB_escapeString($cid);
$result = DB_query("SELECT sid,type,title,excerpt,url,blog,ipaddress FROM {$_TABLES['trackback']} WHERE (cid = '{$cid}')");
$A = DB_fetchArray($result);
$type = $A['type'];
$id = $A['sid'];
$mailbody = '';
if (!empty($A['title'])) {
$mailbody .= $LANG03[16] . ': ' . $A['title'] . "\n";
}
$mailbody .= $LANG_TRB['blog_name'] . ': ';
if (!empty($A['blog'])) {
$mailbody .= $A['blog'] . ' ';
}
$mailbody .= '(' . $A['ipaddress'] . ")\n";
$mailbody .= $LANG29[12] . ': ' . $A['url'] . "\n";
if ($type != 'article') {
$mailbody .= $LANG09[5] . ': ' . $type . "\n";
}
if (!empty($A['excerpt'])) {
// the excerpt is max. 255 characters long anyway, so we add it
// in its entirety
$mailbody .= $A['excerpt'] . "\n\n";
}
// assume that plugins follow the convention and have a 'trackback' anchor
$trackbackurl = PLG_getItemInfo($type, $id, 'url') . '#trackback';
$mailbody .= $LANG08[33] . ' <' . $trackbackurl . ">\n\n";
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
if ($what == 'pingback') {
$mailsubject = $_CONF['site_name'] . ' ' . $LANG_TRB['pingback'];
} else {
$mailsubject = $_CONF['site_name'] . ' ' . $LANG_TRB['trackback'];
}
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
}
/**
* Save the current values to the database.
* Appends error messages to the $Errors property.
*
* The $forceNew parameter is a hack to force this record to be saved
* as a new record even if it already has an ID. This is only to
* handle events imported from the Calendar plugin.
*
* @param array $A Optional array of values from $_POST
* @param string $table Table name (submission or production)
* @param boolean $forceNew Hack to force this record to be "new"
* @return boolean True if no errors, False otherwise
*/
public function Save($A = '', $table = 'evlist_submissions', $forceNew = false)
{
global $_TABLES, $LANG_EVLIST, $_EV_CONF, $_USER, $_CONF;
// This is a bit of a hack, but we're going to save the old schedule
// first before changing our own values. This is done so that we
// can determine whether we have to update the repeats table, and
// is only relevant for an existing record.
if (!$this->isNew) {
$this->old_schedule = array('date_start1' => $this->date_start1, 'date_end1' => $this->date_end1, 'time_start1' => $this->time_start1, 'time_end1' => $this->time_end1, 'time_start2' => $this->time_start2, 'time_end2' => $this->time_end2, 'allday' => $this->allday, 'recurring' => $this->recurring, 'rec_data' => $this->rec_data);
} else {
// submit privilege required to submit new events
if (!$this->isSubmitter) {
return false;
}
$this->old_schedule = array();
}
// Now we can update our main record with the new info
if (is_array($A)) {
$this->SetVars($A);
$this->MakeRecData();
}
if (isset($A['eid']) && !empty($A['eid']) && !$forceNew) {
$this->isNew = false;
$oldid = COM_sanitizeID($A['eid']);
}
// Authorized to bypass the queue
if ($this->isAdmin) {
$table = 'evlist_events';
}
$this->table = $table;
if ($this->id == '') {
// If we allow users to create IDs, this could happen
$this->id = COM_makesid();
}
$ev_id_DB = DB_escapeString($this->id);
// Used often, sanitize now
// Insert or update the record, as appropriate
if (!$this->isNew) {
// Existing event, we already have a Detail object instantiated
$this->Detail->SetVars($A);
$this->Detail->ev_id = $this->id;
if (!$this->isValidRecord()) {
return $this->PrintErrors();
}
// Delete the category lookups
DB_delete($_TABLES['evlist_lookup'], 'eid', $this->id);
// Save the main event record
$sql1 = "UPDATE {$_TABLES[$this->table]} SET ";
$sql2 = "WHERE id='{$ev_id_DB}'";
// Save the new detail record & get the ID
$this->det_id = $this->Detail->Save();
// Quit now if the detail record failed
if ($this->det_id == 0) {
return false;
}
// Determine if the schedule has changed so that we need to
// update the repeat tables. If we do, any customizations will
// be lost.
if ($this->NeedRepeatUpdate($A)) {
if ($this->old_schedule['recurring'] || $this->recurring) {
// If this was, or is now, a recurring event then clear
// out the repeats and update with new ones.
// First, delete all detail records except the master
DB_query("DELETE FROM {$_TABLES['evlist_detail']}\n WHERE ev_id = '{$this->id}'\n AND det_id <> '{$this->det_id}'");
// This function sets the rec_data value.
$this->UpdateRepeats();
} else {
// this is a one-time event, update the existing instance
$sql = "UPDATE {$_TABLES['evlist_repeat']} SET\n rp_date_start = '{$this->date_start1}',\n rp_date_end = '{$this->date_end1}',\n rp_time_start1 = '{$this->time_start1}',\n rp_time_end1 = '{$this->time_end1}',\n rp_time_start2 = '{$this->time_start2}',\n rp_time_end2 = '{$this->time_end2}'\n WHERE rp_ev_id = '{$this->id}'";
DB_query($sql, 1);
}
}
} else {
// New event
if (!$this->isAdmin) {
// Override any submitted permissions if user is not an admin
$this->perm_owner = $_EV_CONF['default_permissions'][0];
$this->perm_group = $_EV_CONF['default_permissions'][1];
$this->perm_members = $_EV_CONF['default_permissions'][2];
$this->perm_anon = $_EV_CONF['default_permissions'][3];
// Set the group_id to the default
$this->group_id = (int) DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="evList Admin"');
// Set the owner to the submitter
$this->owner_id = (int) $_USER['uid'];
}
// Create a detail record
$this->Detail = new evDetail();
$this->Detail->SetVars($A);
$this->Detail->ev_id = $this->id;
if (!$this->isValidRecord()) {
return $this->PrintErrors();
}
// Save the new detail record & get the ID
$this->det_id = $this->Detail->Save();
// Quit now if the detail record failed
if ($this->det_id == 0) {
return false;
}
if ($this->table != 'evlist_submissions') {
// This function gets the rec_data value.
$this->UpdateRepeats();
//var_dump($this);die;
}
$sql1 = "INSERT INTO {$_TABLES[$this->table]} SET\n id = '" . DB_escapeString($this->id) . "', ";
$sql2 = '';
}
// Now save the categories
// First save the new category if one was submitted
if (!is_array($this->categories)) {
$this->categories = array();
}
if (isset($A['newcat']) && !empty($A['newcat'])) {
$newcat = $this->SaveCategory($A['newcat']);
if ($newcat > 0) {
$this->categories[] = $newcat;
}
}
$tmp = array();
foreach ($this->categories as $cat_id) {
$tmp[] = "('{$this->id}', '{$cat_id}')";
}
if (!empty($tmp)) {
$sql = "INSERT INTO {$_TABLES['evlist_lookup']}\n (eid, cid)\n VALUES " . implode(',', $tmp);
DB_query($sql);
}
$fld_sql = "date_start1 = '" . DB_escapeString($this->date_start1) . "',\n date_end1 = '" . DB_escapeString($this->date_end1) . "',\n time_start1 = '" . DB_escapeString($this->time_start1) . "',\n time_end1 = '" . DB_escapeString($this->time_end1) . "',\n time_start2 = '" . DB_escapeString($this->time_start2) . "',\n time_end2 = '" . DB_escapeString($this->time_end2) . "',\n recurring = '{$this->recurring}',\n rec_data = '" . DB_escapeString(serialize($this->rec_data)) . "',\n allday = '{$this->allday}',\n split = '{$this->split}',\n status = '{$this->status}',\n postmode = '" . DB_escapeString($this->postmode) . "',\n enable_reminders = '{$this->enable_reminders}',\n owner_id = '{$this->owner_id}',\n group_id = '{$this->group_id}',\n perm_owner = '{$this->perm_owner}',\n perm_group = '{$this->perm_group}',\n perm_members = '{$this->perm_members}',\n perm_anon = '{$this->perm_anon}',\n det_id = '{$this->det_id}',\n cal_id = '{$this->cal_id}',\n show_upcoming = '{$this->show_upcoming}',\n options = '" . DB_escapeString(serialize($this->options)) . "' ";
$sql = $sql1 . $fld_sql . $sql2;
//echo $sql;die;
DB_query($sql, 1);
if (DB_error()) {
$this->Errors[] = $LANG_EVLIST['err_db_saving'];
} elseif ($this->table == 'evlist_submissions' && isset($_CONF['notification']) && in_array('evlist', $_CONF['notification'])) {
$N = new Template(EVLIST_PI_PATH . '/templates/');
$N->set_file('mail', 'notify_submission.thtml');
$N->set_var(array('title' => $this->Detail->title, 'summary' => $this->Detail->summary, 'start_date' => $this->date_start1, 'end_date' => $this->date_end1, 'start_time' => $this->time_start1, 'end_time' => $this->time_end1, 'submitter' => COM_getDisplayName($this->owner_id)));
$N->parse('output', 'mail');
$mailbody = $N->finish($N->get_var('output'));
$subject = $LANG_EVLIST['notify_subject'];
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $subject, $mailbody, '', true);
}
if (empty($this->Errors)) {
return '';
} else {
return $this->PrintErrors();
}
}
/**
* Send an email notification for a new submission.
*
* @param string $table Table where the new submission can be found
* @param string $story Story object that was submitted.
*
*/
function sendNotification($table, $story)
{
global $_CONF, $_USER, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN;
$dt = new Date('now', $_USER['tzid']);
$title = COM_undoSpecialChars($story->displayElements('title'));
$postmode = $story->displayElements('postmode');
$introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext'));
if ($postmode == 'html') {
USES_lib_html2text();
$introtext = str_replace("\\r", "", $introtext);
$introtext = $introtext;
$html2txt = new html2text($introtext, false);
$introtext = trim($html2txt->get_text());
}
$storyauthor = COM_getDisplayName($story->displayelements('uid'));
$topic = DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . DB_escapeString($story->displayElements('tid')) . '\'');
$mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . $dt->format($_CONF['date'], true) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n";
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $introtext . "\n\n";
}
if ($table == $_TABLES['storysubmission']) {
$mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n";
} else {
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
$mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n";
}
$mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35];
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
}
function approve()
{
global $_TABLES, $_TABLES, $_CONF, $myts, $eh, $filemgmt_FileStore, $filemgmt_SnapStore, $filemgmt_Emailoption, $filemgmtFilePermissions;
$lid = (int) COM_applyFilter($_POST['lid'], true);
$title = $_POST['title'];
$cid = intval($_POST['cid']);
if (empty($cid)) {
$cid = 0;
}
$homepage = $_POST['homepage'];
$version = $_POST['version'];
$size = isset($_POST['size']) ? COM_applyFilter($_POST['size'], true) : 0;
$description = $_POST['description'];
if ($_POST['url'] || $_POST['url'] != '') {
$name = $myts->makeTboxData4Save($_POST['url']);
$url = rawurlencode($name);
}
if ($_POST['logourl'] || $_POST['logourl'] != '') {
$shotname = $myts->makeTboxData4Save($_POST['logourl']);
$logourl = $myts->makeTboxData4Save(rawurlencode($_POST['logourl']));
} else {
$logourl = '';
$shotname = '';
}
$result = DB_query("SELECT COUNT(*) FROM {$_TABLES['filemgmt_filedetail']} WHERE url='{$url}' and status=1");
list($numrows) = DB_fetchArray($result);
// Comment out this check if you want to allow duplicate filelistings for same file in the repository
// Check for duplicate files of the same filename (actual filename in repository)
if ($numrows > 0) {
$eh->show("1108");
}
$title = $myts->makeTboxData4Save($title);
$homepage = $myts->makeTboxData4Save($homepage);
$version = $myts->makeTboxData4Save($_POST['version']);
$size = $myts->makeTboxData4Save($size);
$description = $myts->makeTareaData4Save($description);
$commentoption = (int) COM_applyFilter($_POST["commentoption"], true);
// Move file from tmp directory under the document filestore to the main file directory
// Now to extract the temporary names for both the file and optional thumbnail. I've used th platform field which I'm not using now for anything.
$tmpnames = explode(";", DB_getItem($_TABLES['filemgmt_filedetail'], 'platform', "lid='{$lid}'"));
$tmpfilename = $tmpnames[0];
if (isset($tmpnames[1])) {
$tmpshotname = $tmpnames[1];
} else {
$tmpshotname = '';
}
$tmp = $filemgmt_FileStore . "tmp/" . $tmpfilename;
if (file_exists($tmp) && !is_dir($tmp)) {
// if this temporary file was really uploaded?
$newfile = $filemgmt_FileStore . $name;
COM_errorLOG("File move from " . $tmp . " to " . $newfile);
$rename = @rename($tmp, $newfile);
COM_errorLOG("Results of rename is: " . $rename);
$chown = @chmod($newfile, $filemgmtFilePermissions);
if (!file_exists($newfile)) {
COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'");
$AddNewFile = false;
// Set false again - in case it was set true above for actual file
$eh->show("1101");
} else {
$AddNewFile = true;
}
} else {
COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'");
$eh->show("1101");
}
if ($tmpshotname != "") {
$tmp = $filemgmt_SnapStore . "tmp/" . $tmpshotname;
if (file_exists($tmp) && !is_dir($tmp)) {
// if this temporary Thumbnail was really uploaded?
$newfile = $filemgmt_SnapStore . $shotname;
$rename = @rename($tmp, $newfile);
$chown = @chmod($newfile, $filemgmtFilePermissions);
if (!file_exists($newfile)) {
COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'");
$AddNewFile = false;
// Set false again - in case it was set true above for actual file
$eh->show("1101");
}
} else {
COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'");
$eh->show("1101");
}
}
if ($AddNewFile) {
DB_query("UPDATE {$_TABLES['filemgmt_filedetail']} SET cid='{$cid}', title='{$title}', url='{$url}', homepage='{$homepage}', version='{$version}', logourl='{$logourl}', status=1, date=" . time() . ", comments={$commentoption} where lid='{$lid}'");
DB_query("UPDATE {$_TABLES['filemgmt_filedesc']} SET description='{$description}' where lid='{$lid}'");
PLG_itemSaved($lid, 'filemgmt');
CACHE_remove_instance('whatsnew');
// Send a email to submitter notifying them that file was approved
if ($filemgmt_Emailoption) {
$result = DB_query("SELECT username, email FROM {$_TABLES['users']} a, {$_TABLES['filemgmt_filedetail']} b WHERE a.uid=b.submitter and b.lid='{$lid}'");
list($submitter_name, $emailaddress) = DB_fetchArray($result);
$mailtext = sprintf(_MD_HELLO, $submitter_name);
$mailtext .= ",\n\n" . _MD_WEAPPROVED . " " . $title . " \n" . _MD_THANKSSUBMIT . "\n\n";
$mailtext .= "{$_CONF["site_name"]}\n";
$mailtext .= "{$_CONF['site_url']}\n";
//COM_errorLOG("email: ".$emailaddress.", text: ".$mailtext);
$to = array();
$to = COM_formatEmailAddress($submitter_name, $emailaddress);
COM_mail($to, _MD_APPROVED, $mailtext);
}
}
CACHE_remove_instance('whatsnew');
redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php?op=listNewDownloads", 2, _MD_NEWDLADDED);
exit;
}
echo plugin_savesubmission_links($A);
echo LINKS_siteFooter();
exit;
}
if ($mode == 'report' && (isset($_USER['uid']) && $_USER['uid'] > 1)) {
if (isset($_GET['lid'])) {
$lid = COM_sanitizeID(COM_applyFilter($_GET['lid']));
}
if (!empty($lid)) {
$lidsl = DB_escapeString($lid);
$result = DB_query("SELECT url, title FROM {$_TABLES['links']} WHERE lid = '{$lidsl}'");
list($url, $title) = DB_fetchArray($result);
$editurl = $_CONF['site_admin_url'] . '/plugins/links/index.php?edit=x&lid=' . $lid;
$msg = $LANG_LINKS[119] . LB . LB . "{$title}, <{$url}>" . LB . LB . $LANG_LINKS[120] . LB . '<' . $editurl . '>' . LB . LB . $LANG_LINKS[121] . $_USER['username'] . ', IP: ' . $_SERVER['REMOTE_ADDR'];
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $LANG_LINKS[118], $msg);
$message = array($LANG_LINKS[123], $LANG_LINKS[122]);
}
}
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_LI_CONF['linksloginrequired'] == 1)) {
$display .= LINKS_siteHeader($LANG_LINKS[114]);
$display .= SEC_loginRequiredForm();
$display .= LINKS_siteFooter();
echo $display;
exit;
} else {
$display .= links_list($message);
}
$display .= LINKS_siteFooter();
echo $display;
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
require_once $_CONF['path_system'] . 'lib-story.php';
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=85');
} else {
$retval = COM_refresh($storyurl . '&msg=85');
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
return $retval;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85'));
} else {
$retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85'));
}
return $retval;
}
/**
* This function record in the hello queue the message to send to the specified group or to csv list
*
* @param array $vars Same as $_POST, holds all the email info
* @return string HTML with success or error message
*
*/
function send_messages($vars)
{
global $_CONF, $_TABLES, $LANG31, $LANG_HELLO01;
require_once $_CONF['path_system'] . 'lib-user.php';
$retval = '';
if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['content'])) {
$retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG31[26];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= $display .= display_mailform($vars);
return $retval;
}
// Urgent message!
if (isset($vars['priority'])) {
$priority = 1;
} else {
$priority = 0;
}
if (!empty($vars['to_group'])) {
$groupList = implode(',', USER_getChildGroups($vars['to_group']));
//Group name
$group_name = DB_query("SELECT grp_name FROM {$_TABLES['groups']} WHERE grp_id =" . $vars['to_group'] . " ");
$group_name = DB_fetchArray($group_name);
$email_group = $group_name[0];
if (isset($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
$result = DB_query($sql);
$nrows = DB_numRows($result);
$quantity = $nrows;
} else {
// OK, let's upload csv file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
//Debug with story debug function
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv', 'application/x-csv' => '.csv'));
if (!$upload->setPath($_CONF['path_data'])) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $upload->printErrors(false);
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filename = 'import_hello_' . COM_makesid() . '.' . $fextension;
}
if ($filename == '') {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= 'Upload error: csv file name is empty. Please try again...';
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
$upload->setFileNames($filename);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$msg = $upload->printErrors(false);
return $LANG24[30];
}
//email group
$email_group = $LANG_HELLO01['csv_file'];
$destinataires = array();
$separator = $vars['separator'];
if (!in_array($separator, array(',', 'tab', ';'))) {
$separator = ',';
}
if ($separator == 'tab') {
$separator = "\t";
}
if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) {
$quantity = 0;
while (($data = fgetcsv($handle, 0, $separator)) !== FALSE) {
//todo check if email is valid
if ($data[0] != '' and COM_isEmail($data[0])) {
$quantity++;
$destinataires[] = $data[0];
}
}
fclose($handle);
}
}
$retval .= COM_startBlock($LANG31[1]);
// register hello
$creation = date('YmdHi', time());
$subject = addslashes($vars['subject']);
$content = addslashes($vars['content']);
$from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']);
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello']} (subject, creation, email_group, quantity, content) VALUES ('{$subject}', '{$creation}', '{$email_group}', '{$quantity}','{$content}')";
DB_query($sql_ajout_hello);
$new_hello_id = DB_insertId();
// Loop through and send the messages in the DB!
$successes = 0;
$failures = 0;
if (!empty($vars['to_group'])) {
for ($i = 0; $i < $quantity; $i++) {
$A = DB_fetchArray($result);
$destinataire = $A['email'];
$expediteur = $from;
$date = date('YmdHi', time());
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
if ($destinataire != '') {
if (DB_query($sql_ajout_hello)) {
$successes = $successes + 1;
} else {
$failures = $failures + 1;
}
} else {
$failures = $failures + 1;
}
}
} else {
//csv file
for ($i = 0; $i < $quantity; $i++) {
$destinataire = $destinataires[$i];
$expediteur = $from;
$date = date('YmdHi', time());
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
if (DB_query($sql_ajout_hello)) {
$successes = $successes + 1;
} else {
$failures = $failures + 1;
}
}
}
if ($successes >= 0) {
$retval .= $i . ' ' . $LANG_HELLO01['email_schedule'] . '<br />' . $vars['priority'];
}
if ($failures > 0) {
$retval .= 'Oups... There was ' . $failures . ' failure(s)';
}
if (empty($vars['to_group'])) {
//list emails from csv
reset($destinataires);
$retval .= COM_makeList($destinataires);
}
$retval .= COM_endBlock();
return $retval;
}
