'CustomEmail', 'sendtopic' => 'SendTopic', ); if (!isset($_GET['sa']) || !isset($sub_actions[$_GET['sa']])) $_GET['sa'] = 'sendtopic'; $sub_actions[$_GET['sa']](); } /** * Send a topic to a friend. * Uses the SendTopic template, with the main sub template. * Requires the send_topic permission. * Redirects back to the first page of the topic when done. * Is accessed via ?action=emailuser;sa=sendtopic. */ function SendTopic() { global $topic, $txt, $context, $scripturl, $sourcedir, $smcFunc, $modSettings; // Check permissions... isAllowedTo('send_topic'); // We need at least a topic... go away if you don't have one. if (empty($topic)) fatal_lang_error('not_a_topic', false); // Get the topic's subject. $request = $smcFunc['db_query']('', ' SELECT m.subject, t.approved FROM {db_prefix}topics AS t INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg) WHERE t.id_topic = {int:current_topic} LIMIT 1', array( 'current_topic' => $topic, ) ); if ($smcFunc['db_num_rows']($request) == 0) fatal_lang_error('not_a_topic', false); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Can't send topic if its unapproved and using post moderation. if ($modSettings['postmod_active'] && !$row['approved']) fatal_lang_error('not_approved_topic', false); // Censor the subject.... censorText($row['subject']); // Sending yet, or just getting prepped? if (empty($_POST['send'])) { $context['page_title'] = sprintf($txt['sendtopic_title'], $row['subject']); $context['start'] = $_REQUEST['start']; return; } // Actually send the message... checkSession(); spamProtection('sendtopic'); // This is needed for sendmail(). require_once($sourcedir . '/Subs-Post.php'); // Trim the names.. $_POST['y_name'] = trim($_POST['y_name']); $_POST['r_name'] = trim($_POST['r_name']); // Make sure they aren't playing "let's use a fake email". if ($_POST['y_name'] == '_' || !isset($_POST['y_name']) || $_POST['y_name'] == '') fatal_lang_error('no_name', false); if (!isset($_POST['y_email']) || $_POST['y_email'] == '') fatal_lang_error('no_email', false); if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['y_email']) == 0) fatal_lang_error('email_invalid_character', false); // The receiver should be valid to. if ($_POST['r_name'] == '_' || !isset($_POST['r_name']) || $_POST['r_name'] == '') fatal_lang_error('no_name', false); if (!isset($_POST['r_email']) || $_POST['r_email'] == '') fatal_lang_error('no_email', false); if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['r_email']) == 0) fatal_lang_error('email_invalid_character', false); // Emails don't like entities... $row['subject'] = un_htmlspecialchars($row['subject']); $replacements = array( 'TOPICSUBJECT' => $row['subject'], 'SENDERNAME' => $_POST['y_name'], 'RECPNAME' => $_POST['r_name'], 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.0', ); $emailtemplate = 'send_topic'; if (!empty($_POST['comment'])) { $emailtemplate .= '_comment'; $replacements['COMMENT'] = $_POST['comment']; } $emaildata = loadEmailTemplate($emailtemplate, $replacements); // And off we go! sendmail($_POST['r_email'], $emaildata['subject'], $emaildata['body'], $_POST['y_email'], 'sendtopic'); // Back to the topic! redirectexit('topic=' . $topic . '.0;topicsent'); } /** * Allow a user to send an email. * Send an email to the user - allow the sender to write the message. * Can either be passed a user ID as uid or a message id as msg. * Does not check permissions for a message ID as there is no information disclosed. */ function CustomEmail() { global $context, $user_info, $smcFunc, $txt, $scripturl, $sourcedir; // Can the user even see this information? if ($user_info['is_guest']) fatal_lang_error('no_access', false); isAllowedTo('send_email_to_members'); // Are we sending to a user? $context['form_hidden_vars'] = array(); if (isset($_REQUEST['uid'])) { $request = $smcFunc['db_query']('', ' SELECT email_address AS email, real_name AS name, id_member, hide_email FROM {db_prefix}members WHERE id_member = {int:id_member}', array( 'id_member' => (int) $_REQUEST['uid'], ) ); $context['form_hidden_vars']['uid'] = (int) $_REQUEST['uid']; } elseif (isset($_REQUEST['msg'])) { $request = $smcFunc['db_query']('', ' SELECT IFNULL(mem.email_address, m.poster_email) AS email, IFNULL(mem.real_name, m.poster_name) AS name, IFNULL(mem.id_member, 0) AS id_member, hide_email FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) WHERE m.id_msg = {int:id_msg}', array( 'id_msg' => (int) $_REQUEST['msg'], ) ); $context['form_hidden_vars']['msg'] = (int) $_REQUEST['msg']; } if (empty($request) || $smcFunc['db_num_rows']($request) == 0) fatal_lang_error('cant_find_user_email'); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Are you sure you got the address? if (empty($row['email'])) fatal_lang_error('cant_find_user_email'); // Can they actually do this? $context['show_email_address'] = showEmailAddress(!empty($row['hide_email']), $row['id_member']); if ($context['show_email_address'] === 'no') fatal_lang_error('no_access', false); // Setup the context! $context['recipient'] = array( 'id' => $row['id_member'], 'name' => $row['name'], 'email' => $row['email'], 'email_link' => ($context['show_email_address'] == 'yes_permission_override' ? '' : '') . '' . $row['email'] . '' . ($context['show_email_address'] == 'yes_permission_override' ? '' : ''), 'link' => $row['id_member'] ? '' . $row['name'] . '' : $row['name'], ); // Can we see this person's email address? $context['can_view_receipient_email'] = $context['show_email_address'] == 'yes' || $context['show_email_address'] == 'yes_permission_override'; // Are we actually sending it? if (isset($_POST['send']) && isset($_POST['email_body'])) { require_once($sourcedir . '/Subs-Post.php'); checkSession(); // If it's a guest sort out their names. if ($user_info['is_guest']) { if (empty($_POST['y_name']) || $_POST['y_name'] == '_' || trim($_POST['y_name']) == '') fatal_lang_error('no_name', false); if (empty($_POST['y_email'])) fatal_lang_error('no_email', false); if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['y_email']) == 0) fatal_lang_error('email_invalid_character', false); $from_name = trim($_POST['y_name']); $from_email = trim($_POST['y_email']); } else { $from_name = $user_info['name']; $from_email = $user_info['email']; } // Check we have a body (etc). if (trim($_POST['email_body']) == '' || trim($_POST['email_subject']) == '') fatal_lang_error('email_missing_data'); // We use a template in case they want to customise! $replacements = array( 'EMAILSUBJECT' => $_POST['email_subject'], 'EMAILBODY' => $_POST['email_body'], 'SENDERNAME' => $from_name, 'RECPNAME' => $context['recipient']['name'], ); // Don't let them send too many! spamProtection('sendmail'); // Get the template and get out! $emaildata = loadEmailTemplate('send_email', $replacements); sendmail($context['recipient']['email'], $emaildata['subject'], $emaildata['body'], $from_email, 'custemail', false, 1, null, true); // Now work out where to go! if (isset($_REQUEST['uid'])) redirectexit('action=profile;u=' . (int) $_REQUEST['uid']); elseif (isset($_REQUEST['msg'])) redirectexit('msg=' . (int) $_REQUEST['msg']); else redirectexit(); } $context['sub_template'] = 'custom_email'; $context['page_title'] = $txt['send_email']; } /** * Report a post to the moderator... ask for a comment. * Gathers data from the user to report abuse to the moderator(s). * Uses the ReportToModerator template, main sub template. * Requires the report_any permission. * Uses ReportToModerator2() if post data was sent. * Accessed through ?action=reporttm. */ function ReportToModerator() { global $txt, $topic, $context, $smcFunc; $context['robot_no_index'] = true; // No guests! is_not_guest(); // You can't use this if it's off or you are not allowed to do it. isAllowedTo('report_any'); // If they're posting, it should be processed by ReportToModerator2. if ((isset($_POST[$context['session_var']]) || isset($_POST['save'])) && empty($context['post_errors'])) ReportToModerator2(); // We need a message ID to check! if (empty($_REQUEST['msg']) && empty($_REQUEST['mid'])) fatal_lang_error('no_access', false); // For compatibility, accept mid, but we should be using msg. (not the flavor kind!) $_REQUEST['msg'] = empty($_REQUEST['msg']) ? (int) $_REQUEST['mid'] : (int) $_REQUEST['msg']; // Check the message's ID - don't want anyone reporting a post they can't even see! $result = $smcFunc['db_query']('', ' SELECT m.id_msg, m.id_member, t.id_member_started FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic} LIMIT 1', array( 'current_topic' => $topic, 'id_msg' => $_REQUEST['msg'], ) ); if ($smcFunc['db_num_rows']($result) == 0) fatal_lang_error('no_board', false); list ($_REQUEST['msg'], $member, $starter) = $smcFunc['db_fetch_row']($result); $smcFunc['db_free_result']($result); // Show the inputs for the comment, etc. loadLanguage('Post'); loadTemplate('SendTopic'); addInlineJavascript(' var error_box = $("#error_box"); $("#report_comment").keyup(function() { var post_too_long = $("#error_post_too_long"); if ($(this).val().length > 254) { if (post_too_long.length == 0) { error_box.show(); if ($.trim(error_box.html()) == \'\') error_box.append("