| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | profiles.php | 8 // | | 9 // | This pages lets GL users communicate with each other without risk of | 10 // | their email address being intercepted by spammers. | 11 // +---------------------------------------------------------------------------+ 12 // | Copyright (C) 2000-2006 by the following authors: | 13 // | | 14 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 15 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 16 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 17 // | Dirk Haun - dirk AT haun-online DOT de | 18 // +---------------------------------------------------------------------------+ 19 // | | 20 // | This program is free software; you can redistribute it and/or | 21 // | modify it under the terms of the GNU General Public License | 22 // | as published by the Free Software Foundation; either version 2 | 23 // | of the License, or (at your option) any later version. | 24 // | | 25 // | This program is distributed in the hope that it will be useful, | 26 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 27 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 28 // | GNU General Public License for more details. | 29 // | | 30 // | You should have received a copy of the GNU General Public License | 31 // | along with this program; if not, write to the Free Software Foundation, | 32 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 33 // | | 34 // +---------------------------------------------------------------------------+ 35 // 36 // $Id: profiles.php,v 1.52 2006/12/09 21:02:51 dhaun Exp $ 37 38 require_once ('lib-common.php'); 39 40 /** 41 * Mails the contents of the contact form to that user 42 * 43 * @param int $uid User ID of person to send email to 44 * @param string $author The name of the person sending the email 45 * @param string $authoremail Email address of person sending the email 46 * @param string $subject Subject of email 47 * @param string $message Text of message to send 48 * @return string Meta redirect or HTML for the contact form 49 */ 50 function contactemail($uid,$author,$authoremail,$subject,$message) 51 { 52 global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08; 53 54 $retval = ''; 55 56 // check for correct $_CONF permission 57 if (empty ($_USER['username']) && 58 (($_CONF['loginrequired'] == 1) || ($_CONF['emailuserloginrequired'] == 1)) 59 && ($uid != 2)) { 60 return COM_refresh ($_CONF['site_url'] . '/index.php'); 61 } 62 63 // check for correct 'to' user preferences 64 $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); 65 $P = DB_fetchArray ($result); 66 if (SEC_inGroup ('Root') || SEC_hasRights ('user.mail')) { 67 $isAdmin = true; 68 } else { 69 $isAdmin = false; 70 } 71 if ((($P['emailfromadmin'] != 1) && $isAdmin) || 72 (($P['emailfromuser'] != 1) && !$isAdmin)) { 73 return COM_refresh ($_CONF['site_url'] . '/index.php'); 74 } 75 76 // check mail speedlimit 77 COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); 78 if (COM_checkSpeedlimit ('mail') > 0) { 79 return COM_refresh ($_CONF['site_url'] . '/index.php'); 80 } 81 82 if (!empty($author) && !empty($subject) && !empty($message)) { 83 if (COM_isemail($authoremail)) { 84 $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = $uid"); 85 $A = DB_fetchArray($result); 86 87 // Append the user's signature to the message 88 $sig = ''; 89 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) { 90 $sig = DB_getItem ($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); 91 if (!empty ($sig)) { 92 $sig = strip_tags (COM_stripslashes ($sig)); 93 $sig = "\n\n-- \n" . $sig; 94 } 95 } 96 97 $subject = COM_stripslashes ($subject); 98 $message = COM_stripslashes ($message); 99 100 // do a spam check with the unfiltered message text and subject 101 $mailtext = $subject . "\n" . $message . $sig; 102 $result = PLG_checkforSpam ($mailtext, $_CONF['spamx']); 103 if ($result > 0) { 104 COM_updateSpeedlimit ('mail'); 105 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); 106 } 107 108 $msg = PLG_itemPreSave ('contact', $message); 109 if (!empty ($msg)) { 110 $retval .= COM_siteHeader ('menu', '') 111 . COM_errorLog ($msg, 2) 112 . contactform ($uid, $subject, $message) 113 . COM_siteFooter (); 114 115 return $retval; 116 } 117 118 $subject = strip_tags ($subject); 119 $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); 120 $message = strip_tags ($message) . $sig; 121 if (!empty ($A['fullname'])) { 122 $to = COM_formatEmailAddress ($A['fullname'], $A['email']); 123 } else { 124 $to = COM_formatEmailAddress ($A['username'], $A['email']); 125 } 126 $from = COM_formatEmailAddress ($author, $authoremail); 127 128 COM_mail ($to, $subject, $message, $from); 129 COM_updateSpeedlimit ('mail'); 130 131 $retval .= COM_refresh($_CONF['site_url'] . '/index.php?msg=27'); 132 } else { 133 $retval .= COM_siteHeader ('menu', $LANG04[81]) 134 . COM_errorLog ($LANG08[3], 2) 135 . contactform ($uid, $subject, $message) 136 . COM_siteFooter (); 137 } 138 } else { 139 $retval .= COM_siteHeader ('menu', $LANG04[81]) 140 . COM_errorLog ($LANG08[4], 2) 141 . contactform ($uid, $subject, $message) 142 . COM_siteFooter (); 143 } 144 145 return $retval; 146 } 147 148 /** 149 * Displays the contact form 150 * 151 * @param int $uid User ID of article author 152 * @param string $subject Subject of email 153 * @param string $message Text of message to send 154 * @return string HTML for the contact form 155 * 156 */ 157 function contactform ($uid, $subject = '', $message = '') 158 { 159 global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN; 160 161 $retval = ''; 162 163 if (empty ($_USER['username']) && 164 (($_CONF['loginrequired'] == 1) || ($_CONF['emailuserloginrequired'] == 1))) { 165 $retval = COM_startBlock ($LANG_LOGIN[1], '', 166 COM_getBlockTemplate ('_msg_block', 'header')); 167 $login = new Template($_CONF['path_layout'] . 'submit'); 168 $login->set_file (array ('login'=>'submitloginrequired.thtml')); 169 $login->set_var ('login_message', $LANG_LOGIN[2]); 170 $login->set_var ('site_url', $_CONF['site_url']); 171 $login->set_var ('lang_login', $LANG_LOGIN[3]); 172 $login->set_var ('lang_newuser', $LANG_LOGIN[4]); 173 $login->parse ('output', 'login'); 174 $retval .= $login->finish ($login->get_var('output')); 175 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 176 } else { 177 $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); 178 $P = DB_fetchArray ($result); 179 if (SEC_inGroup ('Root') || SEC_hasRights ('user.mail')) { 180 $isAdmin = true; 181 } else { 182 $isAdmin = false; 183 } 184 185 $displayname = COM_getDisplayName ($uid); 186 if ((($P['emailfromadmin'] == 1) && $isAdmin) || 187 (($P['emailfromuser'] == 1) && !$isAdmin)) { 188 189 $retval = COM_startBlock ($LANG08[10] . ' ' . $displayname); 190 $mail_template = new Template ($_CONF['path_layout'] . 'profiles'); 191 $mail_template->set_file ('form', 'contactuserform.thtml'); 192 $mail_template->set_var ('site_url', $_CONF['site_url']); 193 $mail_template->set_var ('lang_description', $LANG08[26]); 194 $mail_template->set_var ('lang_username', $LANG08[11]); 195 if (empty ($_USER['username'])) { 196 $sender = ''; 197 if (isset ($_POST['author'])) { 198 $sender = strip_tags ($_POST['author']); 199 $sender = substr ($sender, 0, strcspn ($sender, "\r\n")); 200 $sender = htmlspecialchars (trim ($sender), ENT_QUOTES); 201 } 202 $mail_template->set_var ('username', $sender); 203 } else { 204 $mail_template->set_var ('username', 205 COM_getDisplayName ($_USER['uid'], $_USER['username'], 206 $_USER['fullname'])); 207 } 208 $mail_template->set_var ('lang_useremail', $LANG08[12]); 209 if (empty ($_USER['email'])) { 210 $email = ''; 211 if (isset ($_POST['authoremail'])) { 212 $email = strip_tags ($_POST['authoremail']); 213 $email = substr ($email, 0, strcspn ($email, "\r\n")); 214 $email = htmlspecialchars (trim ($email), ENT_QUOTES); 215 } 216 $mail_template->set_var ('useremail', $email); 217 } else { 218 $mail_template->set_var ('useremail', $_USER['email']); 219 } 220 $mail_template->set_var ('lang_subject', $LANG08[13]); 221 $mail_template->set_var ('subject', $subject); 222 $mail_template->set_var ('lang_message', $LANG08[14]); 223 $mail_template->set_var ('message', $message); 224 $mail_template->set_var ('lang_nohtml', $LANG08[15]); 225 $mail_template->set_var ('lang_submit', $LANG08[16]); 226 $mail_template->set_var ('uid', $uid); 227 PLG_templateSetVars ('contact', $mail_template); 228 $mail_template->parse ('output', 'form'); 229 $retval .= $mail_template->finish ($mail_template->get_var ('output')); 230 $retval .= COM_endBlock (); 231 } else { 232 $retval = COM_startBlock ($LANG08[10] . ' ' . $displayname, '', 233 COM_getBlockTemplate ('_msg_block', 'header')); 234 $retval .= $LANG08[35]; 235 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 236 'footer')); 237 } 238 } 239 240 return $retval; 241 } 242 243 /** 244 * Email story to a friend 245 * 246 * @param string $sid id of story to email 247 * @param string $to name of person / friend to email 248 * @param string $toemail friend's email address 249 * @param string $from name of person sending the email 250 * @param string $fromemail sender's email address 251 * @param string $shortmsg short intro text to send with the story 252 * @return string Meta refresh 253 * 254 * Modification History 255 * 256 * Date Author Description 257 * ---- ------ ----------- 258 * 4/17/01 Tony Bibbs Code now allows anonymous users to send email 259 * and it allows user to input a message as well 260 * Thanks to Yngve Wassvik Bergheim for some of 261 * this code 262 * 263 */ 264 function mailstory ($sid, $to, $toemail, $from, $fromemail, $shortmsg) 265 { 266 global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08; 267 268 $retval = COM_refresh (COM_buildUrl ($_CONF['site_url'] 269 . '/article.php?story=' . $sid)); 270 271 // check for correct $_CONF permission 272 if (empty ($_USER['username']) && 273 (($_CONF['loginrequired'] == 1) || ($_CONF['emailstoryloginrequired'] == 1))) { 274 return $retval; 275 } 276 277 // check if emailing of stories is disabled 278 if ($_CONF['hideemailicon'] == 1) { 279 return $retval; 280 } 281 282 // check mail speedlimit 283 COM_clearSpeedlimit ($_CONF['speedlimit'], 'mail'); 284 if (COM_checkSpeedlimit ('mail') > 0) { 285 return $retval; 286 } 287 288 $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'"; 289 $result = DB_query ($sql); 290 $A = DB_fetchArray ($result); 291 $shortmsg = COM_stripslashes ($shortmsg); 292 $mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB; 293 if (strlen ($shortmsg) > 0) { 294 $mailtext .= LB . sprintf ($LANG08[28], $from) . $shortmsg . LB; 295 } 296 297 // just to make sure this isn't an attempt at spamming users ... 298 $result = PLG_checkforSpam ($mailtext, $_CONF['spamx']); 299 if ($result > 0) { 300 COM_updateSpeedlimit ('mail'); 301 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); 302 } 303 304 $mailtext .= '------------------------------------------------------------' 305 . LB . LB 306 . COM_undoSpecialChars (stripslashes ($A['title'])) . LB 307 . strftime ($_CONF['date'], $A['day']) . LB; 308 309 if ($_CONF['contributedbyline'] == 1) { 310 $author = COM_getDisplayName ($A['uid']); 311 $mailtext .= $LANG01[1] . ' ' . $author . LB; 312 } 313 $mailtext .= LB 314 . COM_undoSpecialChars(stripslashes(strip_tags($A['introtext']))).LB.LB 315 . COM_undoSpecialChars(stripslashes(strip_tags($A['bodytext']))).LB.LB 316 . '------------------------------------------------------------'.LB; 317 if ($A['commentcode'] == 0) { // comments allowed 318 $mailtext .= $LANG08[24] . LB 319 . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' 320 . $sid . '#comments'); 321 } else { // comments not allowed - just add the story's URL 322 $mailtext .= $LANG08[33] . LB 323 . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' 324 . $sid); 325 } 326 327 $mailto = COM_formatEmailAddress ($to, $toemail); 328 $mailfrom = COM_formatEmailAddress ($from, $fromemail); 329 $subject = COM_undoSpecialChars(strip_tags(stripslashes('Re: '.$A['title']))); 330 331 COM_mail ($mailto, $subject, $mailtext, $mailfrom); 332 COM_updateSpeedlimit ('mail'); 333 334 // Increment numemails counter for story 335 DB_query ("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '$sid'"); 336 337 return $retval; 338 } 339 340 /** 341 * Display form to email a story to someone. 342 * 343 * @param string $sid ID of article to email 344 * @return string HTML for email story form 345 * 346 */ 347 function mailstoryform ($sid, $to = '', $toemail = '', $from = '', 348 $fromemail = '', $shortmsg = '', $msg = 0) 349 { 350 global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN; 351 352 $retval = ''; 353 354 if (empty ($_USER['username']) && 355 (($_CONF['loginrequired'] == 1) || ($_CONF['emailstoryloginrequired'] == 1))) { 356 $retval = COM_startBlock ($LANG_LOGIN[1], '', 357 COM_getBlockTemplate ('_msg_block', 'header')); 358 $login = new Template($_CONF['path_layout'] . 'submit'); 359 $login->set_file (array ('login'=>'submitloginrequired.thtml')); 360 $login->set_var ('login_message', $LANG_LOGIN[2]); 361 $login->set_var ('site_url', $_CONF['site_url']); 362 $login->set_var ('lang_login', $LANG_LOGIN[3]); 363 $login->set_var ('lang_newuser', $LANG_LOGIN[4]); 364 $login->parse ('output', 'login'); 365 $retval .= $login->finish ($login->get_var('output')); 366 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 367 368 return $retval; 369 } 370 371 if ($msg > 0) { 372 $retval .= COM_showMessage ($msg); 373 } 374 375 if (empty ($from) && empty ($fromemail)) { 376 if (!empty ($_USER['username'])) { 377 $from = COM_getDisplayName ($_USER['uid'], $_USER['username'], 378 $_USER['fullname']); 379 $fromemail = DB_getItem ($_TABLES['users'], 'email', 380 "uid = {$_USER['uid']}"); 381 } 382 } 383 384 $mail_template = new Template($_CONF['path_layout'] . 'profiles'); 385 $mail_template->set_file('form', 'contactauthorform.thtml'); 386 $mail_template->set_var('site_url', $_CONF['site_url']); 387 $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17])); 388 $mail_template->set_var('lang_fromname', $LANG08[20]); 389 $mail_template->set_var('name', $from); 390 $mail_template->set_var('lang_fromemailaddress', $LANG08[21]); 391 $mail_template->set_var('email', $fromemail); 392 $mail_template->set_var('lang_toname', $LANG08[18]); 393 $mail_template->set_var('toname', $to); 394 $mail_template->set_var('lang_toemailaddress', $LANG08[19]); 395 $mail_template->set_var('toemail', $toemail); 396 $mail_template->set_var('lang_shortmessage', $LANG08[27]); 397 $mail_template->set_var('shortmsg', $shortmsg); 398 $mail_template->set_var('lang_warning', $LANG08[22]); 399 $mail_template->set_var('lang_sendmessage', $LANG08[16]); 400 $mail_template->set_var('story_id',$sid); 401 PLG_templateSetVars ('emailstory', $mail_template); 402 $mail_template->set_var('end_block', COM_endBlock()); 403 $mail_template->parse('output', 'form'); 404 $retval .= $mail_template->finish($mail_template->get_var('output')); 405 406 return $retval; 407 } 408 409 410 // MAIN 411 $display = ''; 412 413 if (isset ($_POST['what'])) { 414 $what = COM_applyFilter ($_POST['what']); 415 } else if (isset ($_GET['what'])) { 416 $what = COM_applyFilter ($_GET['what']); 417 } else { 418 $what = ''; 419 } 420 421 switch ($what) { 422 case 'contact': 423 $uid = COM_applyFilter ($_POST['uid'], true); 424 if ($uid > 1) { 425 $display .= contactemail ($uid, $_POST['author'], 426 $_POST['authoremail'], $_POST['subject'], 427 $_POST['message']); 428 } else { 429 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 430 } 431 break; 432 433 case 'emailstory': 434 $sid = COM_applyFilter ($_GET['sid']); 435 if (empty ($sid)) { 436 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 437 } else if ($_CONF['hideemailicon'] == 1) { 438 $display = COM_refresh (COM_buildUrl ($_CONF['site_url'] 439 . '/article.php?story=' . $sid)); 440 } else { 441 $display .= COM_siteHeader ('menu', $LANG08[17]) 442 . mailstoryform ($sid) 443 . COM_siteFooter (); 444 } 445 break; 446 447 case 'sendstory': 448 $sid = COM_applyFilter ($_POST['sid']); 449 if (empty ($sid)) { 450 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 451 } else { 452 if (empty ($_POST['toemail']) || empty ($_POST['fromemail']) 453 || !COM_isEmail ($_POST['toemail']) 454 || !COM_isEmail ($_POST['fromemail'])) { 455 $display .= COM_siteHeader ('menu', $LANG08[17]) 456 . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), 457 COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), 458 COM_applyFilter($_POST['shortmsg']), 52) 459 . COM_siteFooter (); 460 } else if (empty ($_POST['to']) || empty ($_POST['from']) || 461 empty ($_POST['shortmsg'])) { 462 $display .= COM_siteHeader ('menu', $LANG08[17]) 463 . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), 464 COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), 465 COM_applyFilter($_POST['shortmsg'])) 466 . COM_siteFooter (); 467 } else { 468 $msg = PLG_itemPreSave ('emailstory', $message); 469 if (!empty ($msg)) { 470 $display .= COM_siteHeader ('menu', '') 471 . COM_errorLog ($msg, 2) 472 . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), 473 COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), 474 COM_applyFilter($_POST['shortmsg'])) 475 . COM_siteFooter (); 476 } else { 477 $display .= mailstory ($sid, $_POST['to'], $_POST['toemail'], 478 $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']); 479 } 480 } 481 } 482 break; 483 484 default: 485 if (isset ($_GET['uid'])) { 486 $uid = COM_applyFilter ($_GET['uid'], true); 487 } else { 488 $uid = 0; 489 } 490 if ($uid > 1) { 491 $subject = ''; 492 if (isset ($_GET['subject'])) { 493 $subject = strip_tags ($_GET['subject']); 494 $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); 495 $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); 496 } 497 $display .= COM_siteHeader ('menu', $LANG04[81]) 498 . contactform ($uid, $subject) 499 . COM_siteFooter (); 500 } else { 501 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 502 } 503 break; 504 } 505 506 echo $display; 507 508 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|