| [ Index ] |
|
Code source de b2evolution 2.1.0-beta |
1 <?php 2 /** 3 * This file sends an email to the user! 4 * 5 * It's the form action for {@link _msgform.php}. 6 * 7 * This file is part of the evoCore framework - {@link http://evocore.net/} 8 * See also {@link http://sourceforge.net/projects/evocms/}. 9 * 10 * @copyright (c)2003-2007 by Francois PLANQUE - {@link http://fplanque.net/} 11 * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}. 12 * 13 * {@internal License choice 14 * - If you have received this file as part of a package, please find the license.txt file in 15 * the same folder or the closest folder above for complete license terms. 16 * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) 17 * then you must choose one of the following licenses before using the file: 18 * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php 19 * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php 20 * }} 21 * 22 * {@internal Open Source relicensing agreement: 23 * Daniel HAHLER grants Francois PLANQUE the right to license 24 * Daniel HAHLER's contributions to this file and the b2evolution project 25 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 26 * }} 27 * 28 * @package htsrv 29 * 30 * @author Jeff Bearer - {@link http://www.jeffbearer.com/} + blueyed, fplanque 31 * 32 * @todo dh> we should use the current_User's ID, if he's logged in here. It seems that only the message form gets pre-filled with hidden fields currently. 33 */ 34 35 /** 36 * Includes 37 */ 38 require_once dirname(__FILE__).'/../conf/_config.php'; 39 40 require_once $inc_path.'_main.inc.php'; 41 42 header( 'Content-Type: text/html; charset='.$io_charset ); 43 44 45 // TODO: Flood protection (Use Hit class to prevent mass mailings to members..) 46 47 // -------------------------------------------------- 48 // TODO: fp> v2.0: this bloats this file. MOVE to msg_remove.php or sth alike 49 if( param( 'optout_cmt_email', 'string', '' ) ) 50 { // an anonymous commentator wants to opt-out from receiving mails through a message form: 51 52 if( param( 'req_ID', 'string', '' ) ) 53 { // clicked on link from e-mail 54 if( $req_ID == $Session->get( 'core.msgform.optout_cmt_reqID' ) 55 && $optout_cmt_email == $Session->get( 'core.msgform.optout_cmt_email' ) ) 56 { 57 $DB->query( ' 58 UPDATE T_comments 59 SET comment_allow_msgform = 0 60 WHERE comment_author_email = '.$DB->quote($optout_cmt_email) ); 61 62 $Messages->add( T_('All your comments have been marked not to allow emailing you through a message form.'), 'success' ); 63 64 $Session->delete('core.msgform.optout_cmt_email'); 65 } 66 else 67 { 68 $Messages->add( T_('The request not to receive emails through a message form for your comments failed.'), 'error' ); 69 } 70 71 $Messages->display(); 72 73 debug_info(); 74 exit; 75 } 76 77 $req_ID = generate_random_key(32); 78 79 $message = sprintf( T_("We have received a request that you do not want to receive emails through\na message form on your comments anymore.\n\nTo confirm that this request is from you, please click on the following link:") ) 80 ."\n\n" 81 .$htsrv_url.'message_send.php?optout_cmt_email='.$optout_cmt_email.'&req_ID='.$req_ID 82 ."\n\n" 83 .T_('Please note:') 84 .' '.T_('For security reasons the link is only valid for your current session (by means of your session cookie).') 85 ."\n\n" 86 .T_('If it was not you that requested this, simply ignore this mail.'); 87 88 if( send_mail( $optout_cmt_email, T_('Confirm opt-out for emails through message form'), $message ) ) 89 { 90 echo T_('An email has been sent to you, with a link to confirm your request not to receive emails through the comments you have made on this blog.'); 91 $Session->set( 'core.msgform.optout_cmt_email', $optout_cmt_email ); 92 $Session->set( 'core.msgform.optout_cmt_reqID', $req_ID ); 93 } 94 else 95 { 96 $Messages->add( T_('Sorry, could not send email.') 97 .'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' ); 98 } 99 100 debug_info(); 101 exit; 102 } 103 // END OF BLOCK TO BE MOVED 104 // -------------------------------------------------- 105 106 107 // Getting GET or POST parameters: 108 param( 'blog', 'integer', '' ); 109 param( 'recipient_id', 'integer', '' ); 110 param( 'post_id', 'integer', '' ); 111 param( 'comment_id', 'integer', '' ); 112 // Note: we use funky field names in order to defeat the most basic guestbook spam bots: 113 $sender_name = param( 'd', 'string', '' ); 114 $sender_address = param( 'f', 'string', '' ); 115 $subject = param( 'g', 'string', '' ); 116 $message = param( 'h', 'html', '' ); // We accept html but we will NEVER display it 117 118 // Prevent register_globals injection! 119 $recipient_address = ''; 120 $recipient_name = ''; 121 $recipient_User = NULL; 122 $Comment = NULL; 123 124 // Core param validation 125 if( empty($sender_name) ) 126 { 127 $Messages->add( T_('Please fill in your name.'), 'error' ); 128 } 129 if( empty($sender_address) ) 130 { 131 $Messages->add( T_('Please fill in your email.'), 'error' ); 132 } 133 elseif( !is_email($sender_address) || antispam_check( $sender_address ) ) // TODO: dh> using antispam_check() here might not allow valid users to contact the admin in case of problems due to the antispam list itself.. :/ 134 { 135 $Messages->add( T_('Supplied email address is invalid.'), 'error' ); 136 } 137 138 if( empty($subject) ) 139 { 140 $Messages->add( T_('Please fill in the subject of your message.'), 'error' ); 141 } 142 143 if( empty( $message ) ) 144 { // message should not be empty! 145 $Messages->add( T_('Please do not send empty messages.'), 'error' ); 146 } 147 elseif( $antispam_on_message_form && antispam_check( $message ) ) 148 { // a blacklisted keyword ha sbeen found in the message: 149 $Messages->add( T_('The supplied message is invalid / appears to be spam.'), 'error' ); 150 } 151 152 153 // Build message footer: 154 $BlogCache = & get_Cache( 'BlogCache' ); 155 $message_footer = ''; 156 if( !empty( $comment_id ) ) 157 { 158 // Getting current blog info: 159 $Blog = & $BlogCache->get_by_ID( $blog ); // Required 160 $message_footer .= T_('Message sent from your comment:') . "\n" 161 .url_add_param( $Blog->get('url'), 'p='.$post_id.'#'.$comment_id, '&' ) 162 ."\n\n"; 163 } 164 elseif( !empty( $post_id ) ) 165 { 166 // Getting current blog info: 167 $Blog = & $BlogCache->get_by_ID( $blog ); // Required 168 $message_footer .= T_('Message sent from your post:') . "\n" 169 .url_add_param( $Blog->get('url'), 'p='.$post_id, '&' ) 170 ."\n\n"; 171 } 172 else 173 { 174 // Getting current blog info: 175 $Blog = & $BlogCache->get_by_ID( $blog, true, false ); // Optional 176 } 177 178 179 if( ! empty( $recipient_id ) ) 180 { // Get the email address for the recipient if a member: 181 $UserCache = & get_Cache( 'UserCache' ); 182 $recipient_User = & $UserCache->get_by_ID( $recipient_id ); 183 184 if( empty($recipient_User->allow_msgform) ) 185 { // should be prevented by UI 186 debug_die( 'Invalid recipient!' ); 187 } 188 189 $recipient_name = trim($recipient_User->get('preferredname')); 190 $recipient_address = $recipient_name.' <'.$recipient_User->get('email').'>'; 191 192 // Change the locale so the email is in the recipients language 193 locale_temp_switch($recipient_User->locale); 194 } 195 elseif( ! empty( $comment_id ) ) 196 { // Get the email address for the recipient if a visiting commenter. 197 198 // Load comment from DB: 199 $row = $DB->get_row( 200 'SELECT * 201 FROM T_comments 202 WHERE comment_ID = '.$comment_id, ARRAY_A ); 203 $Comment = & new Comment( $row ); 204 205 if( $comment_author_User = & $Comment->get_author_User() ) 206 { // Comment is from a registered user: 207 if( ! $comment_author_User->allow_msgform ) 208 { // should be prevented by UI 209 debug_die( 'Invalid recipient!' ); 210 } 211 $recipient_User = & $comment_author_User; 212 } 213 elseif( empty($Comment->allow_msgform) ) 214 { // should be prevented by UI 215 debug_die( 'Invalid recipient!' ); 216 } 217 218 $recipient_name = trim($Comment->get_author_name()); 219 $recipient_address = $recipient_name.' <'.$Comment->get_author_email().'>'; 220 221 // We don't know the recipient's language - Change the locale so the email is in the blog's language: 222 locale_temp_switch($Blog->locale); 223 } 224 225 if( empty($recipient_address) ) 226 { // should be prevented by UI 227 debug_die( 'No recipient specified!' ); 228 } 229 230 231 // opt-out links: 232 if( $recipient_User ) 233 { // Member: 234 if( !empty( $Blog ) ) 235 { 236 $message_footer .= T_("You can edit your profile to not reveive mails through a form:") 237 ."\n".url_add_param( str_replace( '&', '&', $Blog->get('url') ), 'disp=profile', '&' ); 238 } 239 // TODO: else go to admin 240 } 241 elseif( $Comment ) 242 { // Visitor: 243 $message_footer .= T_("Click on the following link to not receive e-mails on your comments\nfor this e-mail address anymore:") 244 ."\n".$htsrv_url.'message_send.php?optout_cmt_email='.rawurlencode($Comment->author_email); 245 } 246 247 248 // Trigger event: a Plugin could add a $category="error" message here.. 249 $Plugins->trigger_event( 'MessageFormSent', array( 250 'recipient_ID' => & $recipient_id, 251 'item_ID' => $post_id, 252 'comment_ID' => $comment_id, 253 'subject' => & $subject, 254 'message' => & $message, 255 'message_footer' => & $message_footer, 256 'Blog' => & $Blog, 257 'sender_name' => & $sender_name, 258 'sender_email' => & $sender_address, 259 ) ); 260 261 262 if( $Messages->count( 'error' ) ) 263 { // there were errors: display them and get out of here 264 $Messages->display( T_('Cannot send email, please correct these errors:'), 265 '[<a href="javascript:history.go(-1)">'. T_('Back to email editing') . '</a>]' ); 266 debug_info(); 267 exit; 268 } 269 270 if( !empty( $Blog ) ) 271 { 272 $message = $message 273 ."\n\n-- \n" 274 .sprintf( T_('This message was sent via the messaging system on %s.'), $Blog->name )."\n" 275 .$Blog->get('url')."\n\n" 276 .$message_footer; 277 } 278 else 279 { 280 $message = $message 281 ."\n\n-- \n" 282 .sprintf( T_('This message was sent via the messaging system on %s.'), $baseurl )."\n\n" 283 .$message_footer; 284 } 285 286 // Send mail 287 $success_mail = send_mail( $recipient_address, $subject, $message, "$sender_name <$sender_address>" ); 288 289 290 // Plugins should cleanup their temporary data here: 291 $Plugins->trigger_event( 'MessageFormSentCleanup' ); 292 293 294 // restore the locale to the blog visitor language 295 locale_restore_previous(); 296 297 if( $success_mail ) 298 { 299 // Never say to whom we sent the email -- prevent user enumeration. 300 $Messages->add( T_('Your message has been sent.'), 'success' ); 301 } 302 else 303 { 304 $Messages->add( T_('Sorry, could not send email.') 305 .'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' ); 306 } 307 308 309 // Header redirection 310 header_nocache(); 311 // redirect Will save $Messages into Session: 312 header_redirect(); // exits! 313 314 315 /* 316 * $Log: message_send.php,v $ 317 * Revision 1.54 2007/04/26 00:11:14 fplanque 318 * (c) 2007 319 * 320 * Revision 1.53 2007/04/10 16:59:10 fplanque 321 * fixed antispam on message form 322 * 323 * Revision 1.52 2007/03/09 10:07:53 yabs 324 * Added antispam check 325 * 326 * Revision 1.51 2007/02/03 20:25:37 blueyed 327 * Added "sender_name", "sender_email" and "subject" params to MessageFormSent 328 * 329 * Revision 1.50 2007/02/03 19:49:36 blueyed 330 * Added "Blog" param to MessageFormSent hook 331 * 332 * Revision 1.49 2007/01/23 05:30:21 fplanque 333 * "Contact the owner" 334 * 335 * Revision 1.48 2006/12/12 02:53:56 fplanque 336 * Activated new item/comments controllers + new editing navigation 337 * Some things are unfinished yet. Other things may need more testing. 338 * 339 * Revision 1.47 2006/11/26 02:30:38 fplanque 340 * doc / todo 341 * 342 * Revision 1.46 2006/11/24 18:27:22 blueyed 343 * Fixed link to b2evo CVS browsing interface in file docblocks 344 * 345 * Revision 1.45 2006/11/24 18:06:02 blueyed 346 * Handle saving of $Messages centrally in header_redirect() 347 * 348 * Revision 1.44 2006/11/23 01:44:24 fplanque 349 * finalized standalone messaging 350 * changed block order so that $Blog gets initalized 351 * 352 * Revision 1.43 2006/11/22 19:20:51 blueyed 353 * Output charset header 354 * 355 * Revision 1.42 2006/11/22 19:12:22 blueyed 356 * Normalized. TODO about merge error 357 * 358 * Revision 1.41 2006/11/22 01:20:33 fplanque 359 * contact the admin feature 360 * 361 * Revision 1.40 2006/11/20 22:21:46 blueyed 362 * Fixed typo 363 * 364 * Revision 1.39 2006/11/15 00:09:16 blueyed 365 * Use the blog locale when sending e-mails to non-members - instead of the one from the visitor 366 * 367 * Revision 1.38 2006/11/14 21:12:55 blueyed 368 * doc 369 * 370 * Revision 1.37 2006/09/10 18:14:24 blueyed 371 * Do report error, if sending email fails in message_send.php (msgform and opt-out) 372 * 373 * Revision 1.36 2006/08/21 00:03:12 fplanque 374 * obsoleted some dirty old thing 375 * 376 * Revision 1.35 2006/08/19 07:56:29 fplanque 377 * Moved a lot of stuff out of the automatic instanciation in _main.inc 378 * 379 * Revision 1.34 2006/06/16 20:34:19 fplanque 380 * basic spambot defeating 381 * 382 * Revision 1.33 2006/05/30 20:32:56 blueyed 383 * Lazy-instantiate "expensive" properties of Comment and Item. 384 * 385 * Revision 1.31 2006/05/04 14:28:15 blueyed 386 * Fix/enhanced 387 * 388 * Revision 1.30 2006/04/20 22:24:07 blueyed 389 * plugin hooks cleanup 390 * 391 * Revision 1.29 2006/04/20 16:31:29 fplanque 392 * comment moderation (finished for 1.8) 393 * 394 * Revision 1.28 2006/04/20 12:15:32 fplanque 395 * no message 396 * 397 * Revision 1.27 2006/04/19 23:50:39 blueyed 398 * Normalized Messages handling (error displaying and transport in Session) 399 * 400 * Revision 1.26 2006/04/19 20:13:48 fplanque 401 * do not restrict to :// (does not catch subdomains, not even www.) 402 * 403 * Revision 1.25 2006/04/11 21:22:25 fplanque 404 * partial cleanup 405 * 406 */ 407 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 23:58:50 2007 | par Balluche grâce à PHPXref 0.7 |
|
|