b2evolution PHP Cross Reference Blogging Systems

Source: /htsrv/message_send.php - 282 lines - 9364 bytes - Text - Print

Description: This file sends an email to the user! It's used to handle the contact form send message action. Even visitors are able to send emails. It's the form action for {@link _msgform.disp.php}.

   1  <?php
   2  /**
   3   * This file sends an email to the user!
   4   * It's used to handle the contact form send message action. Even visitors are able to send emails.
   5   *
   6   * It's the form action for {@link _msgform.disp.php}.
   7   *
   8   * This file is part of the evoCore framework - {@link http://evocore.net/}
   9   * See also {@link http://sourceforge.net/projects/evocms/}.
  10   *
  11   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
  12   * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}.
  13   *
  14   * {@internal License choice
  15   * - If you have received this file as part of a package, please find the license.txt file in
  16   *   the same folder or the closest folder above for complete license terms.
  17   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  18   *   then you must choose one of the following licenses before using the file:
  19   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  20   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  21   * }}
  22   *
  23   * {@internal Open Source relicensing agreement:
  24   * Daniel HAHLER grants Francois PLANQUE the right to license
  25   * Daniel HAHLER's contributions to this file and the b2evolution project
  26   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  27   * }}
  28   *
  29   * @package htsrv
  30   *
  31   * @author Jeff Bearer - {@link http://www.jeffbearer.com/} + blueyed, fplanque
  32   *
  33   * @todo dh> we should use the current_User's ID, if he's logged in here. It seems that only the message form gets pre-filled with hidden fields currently.
  34   */
  35  
  36  /**
  37   * Includes
  38   */
  39  require_once dirname(__FILE__).'/../conf/_config.php';
  40  
  41  require_once $inc_path.'_main.inc.php';
  42  
  43  global $Session, $Settings, $admin_url, $baseurl, $dummy_fields;
  44  
  45  header( 'Content-Type: text/html; charset='.$io_charset );
  46  
  47  // Check that this action request is not a CSRF hacked request:
  48  $Session->assert_received_crumb( 'newmessage' );
  49  
  50  if( $Settings->get('system_lock') )
  51  { // System is locked for maintenance, users cannot send a message
  52      $Messages->add( T_('You cannot send a message at this time because the system is under maintenance. Please try again in a few moments.'), 'error' );
  53      header_redirect(); // Will save $Messages into Session
  54  }
  55  
  56  // TODO: Flood protection (Use Hit class to prevent mass mailings to members..)
  57  
  58  // Get rediredt_to param
  59  $redirect_to = param( 'redirect_to', 'url', '' );
  60  
  61  // Getting GET or POST parameters:
  62  param( 'blog', 'integer', '' );
  63  param( 'recipient_id', 'integer', '' );
  64  param( 'post_id', 'integer', '' );
  65  param( 'comment_id', 'integer', '' );
  66  
  67  // Activate the blog locale because all params were introduced with that locale
  68  activate_blog_locale( $blog );
  69  
  70  // Note: we use funky field names in order to defeat the most basic guestbook spam bots:
  71  $sender_name = param( $dummy_fields[ 'name' ], 'string', '' );
  72  $sender_address = param( $dummy_fields[ 'email' ], 'string', '' );
  73  $subject = param( $dummy_fields[ 'subject' ], 'string', '' );
  74  $message = param( $dummy_fields[ 'content' ], 'html', '' );    // We accept html but we will NEVER display it
  75  // save the message original content
  76  $original_content = $message;
  77  
  78  // Prevent register_globals injection!
  79  $recipient_address = '';
  80  $recipient_name = '';
  81  $recipient_User = NULL;
  82  $Comment = NULL;
  83  
  84  // Core param validation
  85  
  86  if( empty($subject) )
  87  {
  88      $Messages->add( T_('Please fill in the subject of your message.'), 'error' );
  89  }
  90  
  91  if( empty( $message ) )
  92  { // message should not be empty!
  93      $Messages->add( T_('Please do not send empty messages.'), 'error' );
  94  }
  95  elseif( $antispam_on_message_form && antispam_check( $message ) )
  96  { // a blacklisted keyword ha sbeen found in the message:
  97      $Messages->add( T_('The supplied message is invalid / appears to be spam.'), 'error' );
  98  }
  99  
 100  // Getting current blog info:
 101  $BlogCache = & get_BlogCache();
 102  if( !empty( $comment_id ) || !empty( $post_id ) )
 103  {
 104      $Blog = & $BlogCache->get_by_ID( $blog );    // Required
 105  }
 106  else
 107  {
 108      $Blog = & $BlogCache->get_by_ID( $blog, true, false );    // Optional
 109  }
 110  
 111  $allow_msgform = '';
 112  if( ! empty( $recipient_id ) )
 113  { // Get the email address for the recipient if a member:
 114      $UserCache = & get_UserCache();
 115      $recipient_User = & $UserCache->get_by_ID( $recipient_id );
 116  
 117      $allow_msgform = $recipient_User->get_msgform_possibility();
 118      if( ! $allow_msgform )
 119      { // should be prevented by UI
 120          debug_die( 'Invalid recipient!' );
 121      }
 122  }
 123  elseif( ! empty( $comment_id ) )
 124  { // Get the email address for the recipient if a visiting commenter.
 125      $CommentCache = & get_CommentCache();
 126      $Comment = $CommentCache->get_by_ID( $comment_id );
 127  
 128      if( empty( $Comment ) )
 129      {
 130          debug_die( 'Invalid request, comment doesn\'t exists!' );
 131      }
 132  
 133      if( $recipient_User = & $Comment->get_author_User() )
 134      { // Comment is from a registered user:
 135          $allow_msgform = $recipient_User->get_msgform_possibility();
 136          if( ! $allow_msgform )
 137          { // should be prevented by UI
 138              debug_die( 'Invalid recipient!' );
 139          }
 140      }
 141      elseif( empty($Comment->allow_msgform) )
 142      { // should be prevented by UI
 143          debug_die( 'Invalid recipient!' );
 144      }
 145      else
 146      {
 147          $recipient_name = $Comment->get_author_name();
 148          $recipient_address = $Comment->get_author_email();
 149      }
 150  }
 151  
 152  if( empty($sender_name) )
 153  {
 154      $Messages->add( T_('Please fill in your name.'), 'error' );
 155  }
 156  if( empty($sender_address) )
 157  {
 158      $Messages->add( T_('Please fill in your email.'), 'error' );
 159  }
 160  elseif( !is_email($sender_address) || antispam_check( $sender_address ) ) // TODO: dh> using antispam_check() here might not allow valid users to contact the admin in case of problems due to the antispam list itself.. :/
 161  {
 162      $Messages->add( T_('Supplied email address is invalid.'), 'error' );
 163  }
 164  
 165  if( empty( $recipient_User ) && empty( $recipient_address ) )
 166  { // should be prevented by UI
 167      debug_die( 'No recipient specified!' );
 168  }
 169  
 170  // opt-out links:
 171  if( $recipient_User )
 172  { // Member:
 173      // Change the locale so the email is in the recipients language
 174      locale_temp_switch($recipient_User->locale);
 175  }
 176  else
 177  { // Visitor:
 178      // We don't know the recipient's language - Change the locale so the email is in the blog's language:
 179      locale_temp_switch($Blog->locale);
 180  }
 181  
 182  // Trigger event: a Plugin could add a $category="error" message here..
 183  $Plugins->trigger_event( 'MessageFormSent', array(
 184      'recipient_ID' => $recipient_id,
 185      'item_ID' => $post_id,
 186      'comment_ID' => $comment_id,
 187      'subject' => & $subject,
 188      'message' => & $message,
 189      'Blog' => & $Blog,
 190      'sender_name' => & $sender_name,
 191      'sender_email' => & $sender_address,
 192      ) );
 193  
 194  
 195  $success_message = ( !$Messages->has_errors() );
 196  if( $success_message )
 197  { // no errors, try to send the message
 198      $email_template_params = array(
 199              'sender_name'    => $sender_name,
 200              'sender_address' => $sender_address,
 201              'Blog'           => $Blog,
 202              'message'        => $message,
 203              'comment_id'     => $comment_id,
 204              'post_id'        => $post_id,
 205              'recipient_User' => $recipient_User,
 206              'Comment'        => $Comment,
 207          );
 208  
 209      if( empty( $recipient_User ) )
 210      { // Send mail to visitor
 211          // Get a message text from template file
 212          $message = mail_template( 'contact_message_new', 'text', $email_template_params );
 213          $success_message = send_mail( $recipient_address, $recipient_name, $subject, $message, NULL, NULL, array( 'Reply-To' => $sender_address ) );
 214      }
 215      else
 216      { // Send mail to registered user
 217          $success_message = send_mail_to_User( $recipient_User->ID, $subject, 'contact_message_new', $email_template_params, false, array( 'Reply-To' => $sender_address ) );
 218      }
 219  
 220      // restore the locale to the blog visitor language, before we would display an error message
 221      locale_restore_previous();
 222  
 223      if( !$success_message )
 224      { // could not send email
 225          if( $demo_mode )
 226          {
 227              $Messages->add( 'Sorry, could not send email. Sending email in demo mode is disabled.', 'error' );
 228          }
 229          else
 230          {
 231              $Messages->add( T_('Sorry, could not send email.')
 232                  .'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' );
 233          }
 234      }
 235  }
 236  else
 237  { // Restore the locale to the blog visitor language even in case of errors
 238      locale_restore_previous();
 239  }
 240  
 241  
 242  // Plugins should cleanup their temporary data here:
 243  $Plugins->trigger_event( 'MessageFormSentCleanup', array(
 244          'success_message' => $success_message,
 245      ) );
 246  
 247  if( empty( $redirect_to ) && empty( $Blog ) )
 248  {
 249      $redirect_to = $baseurl;
 250  }
 251  if( $success_message )
 252  {
 253      // Never say to whom we sent the email -- prevent user enumeration.
 254      $Messages->add( T_('Your message has been sent.'), 'success' );
 255      if( empty( $redirect_to ) )
 256      {
 257          $redirect_to = $Blog->gen_blogurl();
 258          if( !empty( $recipient_User ) )
 259          {
 260              $redirect_to = url_add_param( $redirect_to, 'disp=msgform&recipient_id='.$recipient_User->ID );
 261          }
 262      }
 263      header_redirect( $redirect_to );
 264      // exited here
 265  }
 266  
 267  // unsuccessful message send, save message params into the Session to not lose the content
 268  $unsaved_message_params = array();
 269  $unsaved_message_params[ 'sender_name' ] = $sender_name;
 270  $unsaved_message_params[ 'sender_address' ] = $sender_address;
 271  $unsaved_message_params[ 'subject' ] = $subject;
 272  $unsaved_message_params[ 'message' ] = $original_content;
 273  save_message_params_to_session( $unsaved_message_params );
 274  
 275  if( empty( $redirect_to ) )
 276  {
 277      $redirect_to = url_add_param( $Blog->gen_blogurl(), 'disp=msgform&recipient_id='.$recipient_id );
 278  }
 279  header_redirect( $redirect_to );
 280  //exited here
 281  
 282  ?>

title

Description

title

Description

title

Description

title

title

Body