// if no User is set, he is not able to ask for delivery confirmation if (!($gCurrentUser->getValue('usr_id') > 0 && $gPreferences['mail_delivery_confirmation'] == 2) && $gPreferences['mail_delivery_confirmation'] != 1) { $postDeliveryConfirmation = 0; } // check if PM or Email and to steps: if ($getMsgType === 'EMAIL') { if (isset($postTo)) { $receiver = array(); $ReceiverString = ''; // Create new Email Object $email = new Email(); foreach ($postTo as $value) { // check if role or user is given if (strpos($value, ':') > 0) { $modulemessages = new ModuleMessages(); $group = $modulemessages->msgGroupSplit($value); // check if role rights are granted to the User $sql = 'SELECT rol_mail_this_role, rol_name, rol_id FROM ' . TBL_ROLES . ' INNER JOIN ' . TBL_CATEGORIES . ' ON cat_id = rol_cat_id WHERE rol_id = ' . $group[0] . ' AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . ' OR cat_org_id IS NULL)'; $statement = $gDb->query($sql); $row = $statement->fetch(); // logged in user is just allowed to send to role with permission // logged out ones just to role with permission level "all visitors" // role must be from actual Organisation if (!$gValidLogin && $row['rol_mail_this_role'] != 3 || $gValidLogin && !$gCurrentUser->hasRightSendMailToRole($row['rol_id']) || $row['rol_id'] === null) { $gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));