/** * Contact::ContactFriendForm() * * @param integer $listing_id This should hold the listing ID that you aer emailing your friend about. * @return */ function ContactFriendForm($listing_id) { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; $error = array(); if (isset($_POST['message'])) { // Make sure there is a message if ($_SESSION['security_code'] != md5($_POST['security_code']) && $config["use_email_image_verification"] == 1) { $error[] = 'email_verification_code_not_valid'; } if (trim($_POST['name']) == '') { $error[] = 'email_no_name'; } if (trim($_POST['email']) == '') { $error[] = 'email_no_email_address'; } elseif ($misc->validate_email($_POST['email']) !== true) { $error[] = 'email_invalid_email_address'; } if (trim($_POST['friend_email']) == '') { $error[] = 'email_no_email_address'; } elseif ($misc->validate_email($_POST['friend_email']) !== true) { $error[] = 'email_invalid_email_address'; } if (trim($_POST['subject']) == '') { $error[] = 'email_no_subject'; } if (trim($_POST['message']) == '') { $error[] = 'email_no_message'; } } if (count($error) == 0 && isset($_POST['message'])) { // Send Mail $sent = $misc->send_email($_POST['name'], $_POST['email'], $_POST['friend_email'], $_POST['message'], $_POST['subject']); if ($sent === true) { $display .= $lang['email_listing_sent'] . ' ' . $_POST['friend_email']; } else { $display .= $sent; } } else { if (count($error) != 0) { foreach ($error as $err) { $display .= '<div class="error_text">' . $lang[$err] . '</div>'; } } $name = ''; $email = ''; $subject = ''; // $friend_name = ''; $friend_email = ''; $message = ''; if (isset($_POST['message'])) { $email = stripslashes($_POST['email']); $name = stripslashes($_POST['name']); $message = stripslashes($_POST['message']); $subject = stripslashes($_POST['subject']); // $friend_name = $_POST['friend_name']; $friend_email = stripslashes($_POST['friend_email']); } else { $subject = $lang['email_in_reference_to_listing'] . $listing_id; $message = $lang['email_listing_default_message'] . "\r\n\r\n" . $config['baseurl'] . '/index.php?action=listingview&listingID=' . $listing_id; } $display .= '<form name="contact_friend" method="post" action="index.php?action=contact_friend&popup=yes&listing_id=' . $listing_id . '"> <table border="0" cellspacing="2" cellpadding="4"> <tr> <td colspan="2" style="vertical-align: top" class="TitleColor"><label for="name">' . $lang['email_your_name'] . ' </label> <input id="name" name="name" value="' . htmlentities($name) . '" type="text" size="50"> </td> </tr> <tr> <td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_your_email'] . ' </label> <input id="email" name="email" value="' . htmlentities($email) . '" type="text" size="50"> </td> </tr> <tr> <td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_friend_email'] . ' </label> <input id="email" name="friend_email" value="' . htmlentities($friend_email) . '" type="text" size="50"> </td> </tr> <tr> <td colspan="2" style="vertical-align: top" class="TitleColor"><label for="subject">' . $lang['email_your_subject'] . '</label> <input id="subject" name="subject" value="' . htmlentities($subject) . '" type="text" size="50"> </td> </tr> <tr> <td colspan="2" style="vertical-align: top" class="TitleColor"><label for="message">' . $lang['email_your_message'] . '</label> <br /> <br /> <textarea id="message" name="message" rows="5" cols="50">' . htmlentities($message) . '</textarea> </td> </tr> </tr>'; if ($config["use_email_image_verification"] == 1) { $display .= '<tr> <td colspan="2"><img src="' . $config['baseurl'] . '/include/class/captcha/captcha_image.php" /></td> </tr> <tr> <td colspan="2" style="vertical-align: top" class="TitleColor"><label for="security_code">' . $lang['email_verification_code'] . '</label> <input id="security_code" name="security_code" type="text" /> </td> </tr>'; } $display .= '<tr> <tr> <td colspan="2"><input type="submit" name="Submit" value="' . $lang['email_send'] . '"> </td> </tr> </table> </form>'; } return $display; }
function forgot_password() { global $config, $lang, $conn; $email = $_POST['email']; if (is_string($email)) { require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $valid = $misc->validate_email($email); if ($valid) { $email = $misc->make_db_safe($email); // Verify the user has not tried to reset more then 3 times in 24 hours. $sql = "SELECT forgot_id FROM " . $config['table_prefix_no_lang'] . "forgot WHERE forgot_email = {$email} AND forgot_time > NOW() - INTERVAL 1 DAY"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($recordSet->Recordcount() > 3) { return $lang['to_many_password_reset_attempts']; } if ($config["demo_mode"] == 1) { return $lang['password_reset_denied_demo_mode']; } $sql = "SELECT userdb_user_name, userdb_emailaddress FROM " . $config['table_prefix'] . "userdb WHERE userdb_emailaddress=" . $email; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $num = $recordSet->RecordCount(); if ($num == 1) { $forgot_rand = mt_rand(100000, 999999); $user_email = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']); $user_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']); $sql = "INSERT INTO " . $config['table_prefix_no_lang'] . "forgot (forgot_rand, forgot_email) VALUES ({$forgot_rand},'{$user_email}')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $forgot_link = $config['baseurl'] . '/admin/index.php?action=forgot&id=' . $forgot_rand . '&email=' . $user_email; $message = $lang['your_username'] . "\r\n\r\n"; $message .= $user_name . "\r\n\r\n"; $message .= $lang['click_to_reset_password'] . "\r\n\r\n"; $message .= $forgot_link . "\r\n\r\n"; $message .= $lang['link_expires'] . "\r\n\r\n"; $header = "From: " . $config['admin_name'] . " <" . $config['admin_email'] . ">\r\n"; $header .= "X-Sender: {$config['admin_email']}\r\n"; $header .= "Return-Path: {$config['admin_email']}\r\n"; mail($user_email, $lang['forgotten_password'], $message, $header); return $lang['check_your_email']; } else { return '<font color="red">' . $lang['email_invalid_email_address'] . '</font>'; } } else { return $lang['email_invalid_email_address']; } } }