SendTopic.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452
  1. <?php
  2. /**
  3. * The functions in this file deal with sending topics to a friend or moderator
  4. * Simple Machines Forum (SMF)
  5. *
  6. * @package SMF
  7. * @author Simple Machines http://www.simplemachines.org
  8. * @copyright 2014 Simple Machines and individual contributors
  9. * @license http://www.simplemachines.org/about/smf/license.php BSD
  10. *
  11. * @version 2.1 Alpha 1
  12. */
  13. if (!defined('SMF'))
  14. die('No direct access...');
  15. /**
  16. * Allow a user to send an email.
  17. * Send an email to the user - allow the sender to write the message.
  18. * Can either be passed a user ID as uid or a message id as msg.
  19. * Does not check permissions for a message ID as there is no information disclosed.
  20. */
  21. function EmailUser()
  22. {
  23. global $context, $user_info, $smcFunc, $txt, $scripturl, $sourcedir;
  24. // Can the user even see this information?
  25. if ($user_info['is_guest'])
  26. fatal_lang_error('no_access', false);
  27. isAllowedTo('send_email_to_members');
  28. // Don't index anything here.
  29. $context['robot_no_index'] = true;
  30. // Load the template.
  31. loadTemplate('SendTopic');
  32. // Are we sending to a user?
  33. $context['form_hidden_vars'] = array();
  34. if (isset($_REQUEST['uid']))
  35. {
  36. $request = $smcFunc['db_query']('', '
  37. SELECT email_address AS email, real_name AS name, id_member, hide_email
  38. FROM {db_prefix}members
  39. WHERE id_member = {int:id_member}',
  40. array(
  41. 'id_member' => (int) $_REQUEST['uid'],
  42. )
  43. );
  44. $context['form_hidden_vars']['uid'] = (int) $_REQUEST['uid'];
  45. }
  46. elseif (isset($_REQUEST['msg']))
  47. {
  48. $request = $smcFunc['db_query']('', '
  49. SELECT IFNULL(mem.email_address, m.poster_email) AS email, IFNULL(mem.real_name, m.poster_name) AS name, IFNULL(mem.id_member, 0) AS id_member, hide_email
  50. FROM {db_prefix}messages AS m
  51. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
  52. WHERE m.id_msg = {int:id_msg}',
  53. array(
  54. 'id_msg' => (int) $_REQUEST['msg'],
  55. )
  56. );
  57. $context['form_hidden_vars']['msg'] = (int) $_REQUEST['msg'];
  58. }
  59. if (empty($request) || $smcFunc['db_num_rows']($request) == 0)
  60. fatal_lang_error('cant_find_user_email');
  61. $row = $smcFunc['db_fetch_assoc']($request);
  62. $smcFunc['db_free_result']($request);
  63. // Are you sure you got the address?
  64. if (empty($row['email']))
  65. fatal_lang_error('cant_find_user_email');
  66. // Can they actually do this?
  67. $context['show_email_address'] = showEmailAddress(!empty($row['hide_email']), $row['id_member']);
  68. if ($context['show_email_address'] === 'no')
  69. fatal_lang_error('no_access', false);
  70. // Setup the context!
  71. $context['recipient'] = array(
  72. 'id' => $row['id_member'],
  73. 'name' => $row['name'],
  74. 'email' => $row['email'],
  75. 'email_link' => ($context['show_email_address'] == 'yes_permission_override' ? '<em>' : '') . '<a href="mailto:' . $row['email'] . '">' . $row['email'] . '</a>' . ($context['show_email_address'] == 'yes_permission_override' ? '</em>' : ''),
  76. 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['name'] . '</a>' : $row['name'],
  77. );
  78. // Can we see this person's email address?
  79. $context['can_view_receipient_email'] = $context['show_email_address'] == 'yes' || $context['show_email_address'] == 'yes_permission_override';
  80. // Are we actually sending it?
  81. if (isset($_POST['send']) && isset($_POST['email_body']))
  82. {
  83. require_once($sourcedir . '/Subs-Post.php');
  84. checkSession();
  85. // If it's a guest sort out their names.
  86. if ($user_info['is_guest'])
  87. {
  88. if (empty($_POST['y_name']) || $_POST['y_name'] == '_' || trim($_POST['y_name']) == '')
  89. fatal_lang_error('no_name', false);
  90. if (empty($_POST['y_email']))
  91. fatal_lang_error('no_email', false);
  92. if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['y_email']) == 0)
  93. fatal_lang_error('email_invalid_character', false);
  94. $from_name = trim($_POST['y_name']);
  95. $from_email = trim($_POST['y_email']);
  96. }
  97. else
  98. {
  99. $from_name = $user_info['name'];
  100. $from_email = $user_info['email'];
  101. }
  102. // Check we have a body (etc).
  103. if (trim($_POST['email_body']) == '' || trim($_POST['email_subject']) == '')
  104. fatal_lang_error('email_missing_data');
  105. // We use a template in case they want to customise!
  106. $replacements = array(
  107. 'EMAILSUBJECT' => $_POST['email_subject'],
  108. 'EMAILBODY' => $_POST['email_body'],
  109. 'SENDERNAME' => $from_name,
  110. 'RECPNAME' => $context['recipient']['name'],
  111. );
  112. // Don't let them send too many!
  113. spamProtection('sendmail');
  114. // Get the template and get out!
  115. $emaildata = loadEmailTemplate('send_email', $replacements);
  116. sendmail($context['recipient']['email'], $emaildata['subject'], $emaildata['body'], $from_email, 'custemail', false, 1, null, true);
  117. // Now work out where to go!
  118. if (isset($_REQUEST['uid']))
  119. redirectexit('action=profile;u=' . (int) $_REQUEST['uid']);
  120. elseif (isset($_REQUEST['msg']))
  121. redirectexit('msg=' . (int) $_REQUEST['msg']);
  122. else
  123. redirectexit();
  124. }
  125. $context['sub_template'] = 'custom_email';
  126. $context['page_title'] = $txt['send_email'];
  127. }
  128. /**
  129. * Report a post to the moderator... ask for a comment.
  130. * Gathers data from the user to report abuse to the moderator(s).
  131. * Uses the ReportToModerator template, main sub template.
  132. * Requires the report_any permission.
  133. * Uses ReportToModerator2() if post data was sent.
  134. * Accessed through ?action=reporttm.
  135. */
  136. function ReportToModerator()
  137. {
  138. global $txt, $topic, $context, $smcFunc, $sourcedir;
  139. $context['robot_no_index'] = true;
  140. $context['comment_body'] = '';
  141. // No guests!
  142. is_not_guest();
  143. // You can't use this if it's off or you are not allowed to do it.
  144. isAllowedTo('report_any');
  145. // Previewing or modifying?
  146. if (isset($_POST['preview']) && !isset($_POST['save']))
  147. {
  148. require_once($sourcedir . '/Subs-Post.php');
  149. // Set up the preview message.
  150. $context['preview_message'] = $smcFunc['htmlspecialchars']($_POST['comment'], ENT_QUOTES);
  151. preparsecode($context['preview_message']);
  152. // We censor for your protection...
  153. censorText($context['preview_message']);
  154. $context['comment_body'] = !empty($_POST['comment']) ? trim($_POST['comment']) : '';
  155. }
  156. // If they're posting, it should be processed by ReportToModerator2.
  157. if ((isset($_POST[$context['session_var']]) || isset($_POST['save'])) && empty($context['post_errors']) && !isset($_POST['preview']))
  158. ReportToModerator2();
  159. // We need a message ID to check!
  160. if (empty($_REQUEST['msg']) && empty($_REQUEST['mid']))
  161. fatal_lang_error('no_access', false);
  162. // For compatibility, accept mid, but we should be using msg. (not the flavor kind!)
  163. $_REQUEST['msg'] = empty($_REQUEST['msg']) ? (int) $_REQUEST['mid'] : (int) $_REQUEST['msg'];
  164. // Check the message's ID - don't want anyone reporting a post they can't even see!
  165. $result = $smcFunc['db_query']('', '
  166. SELECT m.id_msg, m.id_member, t.id_member_started
  167. FROM {db_prefix}messages AS m
  168. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
  169. WHERE m.id_msg = {int:id_msg}
  170. AND m.id_topic = {int:current_topic}
  171. LIMIT 1',
  172. array(
  173. 'current_topic' => $topic,
  174. 'id_msg' => $_REQUEST['msg'],
  175. )
  176. );
  177. if ($smcFunc['db_num_rows']($result) == 0)
  178. fatal_lang_error('no_board', false);
  179. list ($_REQUEST['msg'], $member, $starter) = $smcFunc['db_fetch_row']($result);
  180. $smcFunc['db_free_result']($result);
  181. // Show the inputs for the comment, etc.
  182. loadLanguage('Post');
  183. loadTemplate('SendTopic');
  184. addInlineJavascript('
  185. var error_box = $("#error_box");
  186. $("#report_comment").keyup(function() {
  187. var post_too_long = $("#error_post_too_long");
  188. if ($(this).val().length > 254)
  189. {
  190. if (post_too_long.length == 0)
  191. {
  192. error_box.show();
  193. if ($.trim(error_box.html()) == \'\')
  194. error_box.append("<ul id=\'error_list\'></ul>");
  195. $("#error_list").append("<li id=\'error_post_too_long\' class=\'error\'>" + ' . JavaScriptEscape($txt['post_too_long']) . ' + "</li>");
  196. }
  197. }
  198. else
  199. {
  200. post_too_long.remove();
  201. if ($("#error_list li").length == 0)
  202. error_box.hide();
  203. }
  204. });', true);
  205. // This is here so that the user could, in theory, be redirected back to the topic.
  206. $context['start'] = $_REQUEST['start'];
  207. $context['message_id'] = $_REQUEST['msg'];
  208. $context['page_title'] = $txt['report_to_mod'];
  209. $context['sub_template'] = 'report';
  210. }
  211. /**
  212. * Send the emails.
  213. * Sends off emails to all the moderators.
  214. * Sends to administrators and global moderators. (1 and 2)
  215. * Called by ReportToModerator(), and thus has the same permission and setting requirements as it does.
  216. * Accessed through ?action=reporttm when posting.
  217. */
  218. function ReportToModerator2()
  219. {
  220. global $txt, $topic, $user_info, $modSettings, $sourcedir, $context, $smcFunc;
  221. // Sorry, no guests allowed... Probably just trying to spam us anyway
  222. is_not_guest();
  223. // You must have the proper permissions!
  224. isAllowedTo('report_any');
  225. // Make sure they aren't spamming.
  226. spamProtection('reporttm');
  227. require_once($sourcedir . '/Subs-Post.php');
  228. // Prevent double submission of this form.
  229. checkSubmitOnce('check');
  230. // No errors, yet.
  231. $post_errors = array();
  232. // Check their session.
  233. if (checkSession('post', '', false) != '')
  234. $post_errors[] = 'session_timeout';
  235. // Make sure we have a comment and it's clean.
  236. if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '')
  237. $post_errors[] = 'no_comment';
  238. $poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\t" => ''));
  239. if ($smcFunc['strlen']($poster_comment) > 254)
  240. $post_errors[] = 'post_too_long';
  241. // Guests need to provide their address!
  242. if ($user_info['is_guest'])
  243. {
  244. $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
  245. if ($_POST['email'] === '')
  246. $post_errors[] = 'no_email';
  247. elseif (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['email']) == 0)
  248. $post_errors[] = 'bad_email';
  249. isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
  250. $user_info['email'] = $smcFunc['htmlspecialchars']($_POST['email']);
  251. }
  252. // Could they get the right verification code?
  253. if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha']))
  254. {
  255. require_once($sourcedir . '/Subs-Editor.php');
  256. $verificationOptions = array(
  257. 'id' => 'report',
  258. );
  259. $context['require_verification'] = create_control_verification($verificationOptions, true);
  260. if (is_array($context['require_verification']))
  261. $post_errors = array_merge($post_errors, $context['require_verification']);
  262. }
  263. // Any errors?
  264. if (!empty($post_errors))
  265. {
  266. loadLanguage('Errors');
  267. $context['post_errors'] = array();
  268. foreach ($post_errors as $post_error)
  269. $context['post_errors'][$post_error] = $txt['error_' . $post_error];
  270. return ReportToModerator();
  271. }
  272. // Get the basic topic information, and make sure they can see it.
  273. $_POST['msg'] = (int) $_POST['msg'];
  274. $request = $smcFunc['db_query']('', '
  275. SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name
  276. FROM {db_prefix}messages AS m
  277. LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member)
  278. WHERE m.id_msg = {int:id_msg}
  279. AND m.id_topic = {int:current_topic}
  280. LIMIT 1',
  281. array(
  282. 'current_topic' => $topic,
  283. 'id_msg' => $_POST['msg'],
  284. )
  285. );
  286. if ($smcFunc['db_num_rows']($request) == 0)
  287. fatal_lang_error('no_board', false);
  288. $message = $smcFunc['db_fetch_assoc']($request);
  289. $smcFunc['db_free_result']($request);
  290. $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
  291. $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
  292. $subject = un_htmlspecialchars($message['subject']);
  293. $request = $smcFunc['db_query']('', '
  294. SELECT id_report, ignore_all
  295. FROM {db_prefix}log_reported
  296. WHERE id_msg = {int:id_msg}
  297. AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
  298. ORDER BY ignore_all DESC',
  299. array(
  300. 'id_msg' => $_POST['msg'],
  301. 'not_closed' => 0,
  302. 'ignored' => 1,
  303. )
  304. );
  305. if ($smcFunc['db_num_rows']($request) != 0)
  306. list ($id_report, $ignore) = $smcFunc['db_fetch_row']($request);
  307. $smcFunc['db_free_result']($request);
  308. // If we're just going to ignore these, then who gives a monkeys...
  309. if (!empty($ignore))
  310. redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
  311. // Already reported? My god, we could be dealing with a real rogue here...
  312. if (!empty($id_report))
  313. $smcFunc['db_query']('', '
  314. UPDATE {db_prefix}log_reported
  315. SET num_reports = num_reports + 1, time_updated = {int:current_time}
  316. WHERE id_report = {int:id_report}',
  317. array(
  318. 'current_time' => time(),
  319. 'id_report' => $id_report,
  320. )
  321. );
  322. // Otherwise, we shall make one!
  323. else
  324. {
  325. if (empty($message['real_name']))
  326. $message['real_name'] = $message['poster_name'];
  327. $smcFunc['db_insert']('',
  328. '{db_prefix}log_reported',
  329. array(
  330. 'id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string',
  331. 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int',
  332. 'num_reports' => 'int', 'closed' => 'int',
  333. ),
  334. array(
  335. $_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'],
  336. $message['subject'], $message['body'] , time(), time(), 1, 0,
  337. ),
  338. array('id_report')
  339. );
  340. $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
  341. }
  342. // Now just add our report...
  343. if ($id_report)
  344. {
  345. $smcFunc['db_insert']('',
  346. '{db_prefix}log_reported_comments',
  347. array(
  348. 'id_report' => 'int', 'id_member' => 'int', 'membername' => 'string',
  349. 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int',
  350. ),
  351. array(
  352. $id_report, $user_info['id'], $user_info['name'],
  353. $user_info['ip'], $poster_comment, time(),
  354. ),
  355. array('id_comment')
  356. );
  357. // And get ready to notify people.
  358. $smcFunc['db_insert']('insert',
  359. '{db_prefix}background_tasks',
  360. array('task_file' => 'string', 'task_class' => 'string', 'task_data' => 'string', 'claimed_time' => 'int'),
  361. array('$sourcedir/tasks/MsgReport-Notify.php', 'MsgReport_Notify_Background', serialize(array(
  362. 'report_id' => $id_report,
  363. 'msg_id' => $_POST['msg'],
  364. 'topic_id' => $message['id_topic'],
  365. 'board_id' => $message['id_board'],
  366. 'sender_id' => $context['user']['id'],
  367. 'sender_name' => $context['user']['name'],
  368. 'time' => time(),
  369. )), 0),
  370. array('id_task')
  371. );
  372. }
  373. // Keep track of when the mod reports get updated, that way we know when we need to look again.
  374. updateSettings(array('last_mod_report_action' => time()));
  375. // Back to the post we reported!
  376. redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
  377. }
  378. ?>