124 lines
5.7 KiB
PHP
124 lines
5.7 KiB
PHP
<?php
|
|
if( ! defined( 'DATALIFEENGINE' ) ) {
|
|
die( "Hacking attempt!" );
|
|
}
|
|
|
|
if( isset( $_POST['send'] ) ) {
|
|
$stop = "";
|
|
if( $is_logged ) {
|
|
$name = $member_id['name'];
|
|
$email = $member_id['email'];
|
|
} else {
|
|
$name = $db->safesql( strip_tags( $_POST['name'] ) );
|
|
$not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'" );
|
|
$email = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['email'] ) ) ) ) );
|
|
|
|
$db->query( "SELECT name from " . USERPREFIX . "_users where LOWER(name) = '" . strtolower( $name ) . "' OR LOWER(email) = '" . strtolower( $email ) . "'" );
|
|
|
|
if( $db->num_rows() > 0 ) {$stop = $lang['news_err_7'];}
|
|
|
|
$name = strip_tags( stripslashes( $_POST['name'] ) );
|
|
}
|
|
|
|
$subject = strip_tags( stripslashes( $_POST['subject'] ) );
|
|
$message = stripslashes( $_POST['message'] );
|
|
$recip = intval( $_POST['recip'] );
|
|
|
|
if( !$user_group[$member_id['user_group']]['allow_feed'] ) {$recipient = $db->super_query( "SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND user_group = '1'" );
|
|
} else {$recipient = $db->super_query( "SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND allow_mail = '1'" );}
|
|
|
|
if( empty( $recipient['fullname'] ) ) $recipient['fullname'] = $recipient['name'];
|
|
if (!$recipient['name']) $stop .= $lang['feed_err_8'];
|
|
|
|
if( empty( $name ) OR strlen( $name ) > 100 ) {$stop .= $lang['feed_err_1'];}
|
|
if( empty( $email ) OR strlen($email) > 50 OR @count(explode("@", $email)) != 2) {$stop .= $lang['feed_err_2'];}
|
|
if( empty( $subject ) OR strlen($subject) > 200 ) {$stop .= $lang['feed_err_4'];}
|
|
if( empty( $message ) OR strlen($message) > 20000 ) {$stop .= $lang['feed_err_5'];}
|
|
|
|
if( $_POST['sec_code'] != $_SESSION['sec_code_session'] OR ! $_SESSION['sec_code_session'] ) {$stop .= $lang['reg_err_19'];}
|
|
$_SESSION['sec_code_session'] = false;
|
|
|
|
if( $stop ) {msgbox( $lang['all_err_1'], "$stop<br /><br /><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>" );
|
|
} else {
|
|
include_once SYSTEM_DIR . '/classes/mail.class.php';
|
|
$mail = new dle_mail( $config );
|
|
|
|
$row = $db->super_query( "SELECT template FROM " . PREFIX . "_email where name='feed_mail' LIMIT 0,1" );
|
|
|
|
$row['template'] = stripslashes( $row['template'] );
|
|
$row['template'] = str_replace( "{%username_to%}", $recipient['fullname'], $row['template'] );
|
|
$row['template'] = str_replace( "{%username_from%}", $name, $row['template'] );
|
|
$row['template'] = str_replace( "{%text%}", $message, $row['template'] );
|
|
$row['template'] = str_replace( "{%ip%}", $_SERVER['REMOTE_ADDR'], $row['template'] );
|
|
|
|
$mail->from = $email;
|
|
$mail->send( $recipient['email'], $subject, $row['template'] );
|
|
|
|
if( $mail->send_error ) msgbox( $lang['all_info'], $mail->smtp_msg );
|
|
else msgbox( $lang['feed_ok_1'], "$lang[feed_ok_2] " . $recipient['name'] . " $lang[feed_ok_3] <a href=\"{$config['http_home_url']}\">$lang[feed_ok_4]</a>" );
|
|
}} else {
|
|
if( ! $user_group[$member_id['user_group']]['allow_feed'] ) {
|
|
$group = 2;
|
|
$user = false;
|
|
if ($_GET['user']) {
|
|
$lang['feed_error'] = str_replace( '{group}', $user_group[$member_id['user_group']]['group_name'], $lang['feed_error'] );
|
|
msgbox( $lang['all_info'], $lang['feed_error'] );
|
|
}} else {
|
|
$user = intval( $_GET['user'] );
|
|
$group = 3;
|
|
}
|
|
if( ! $user ) $db->query( "SELECT name, user_group, user_id FROM " . USERPREFIX . "_users WHERE user_group < '$group' AND allow_mail = '1' ORDER BY user_group" );
|
|
else $db->query( "SELECT name, user_group, user_id FROM " . USERPREFIX . "_users WHERE user_id = '$user' AND allow_mail = '1'" );
|
|
if( $db->num_rows() ) {
|
|
$empf = "<select name=\"recip\">";
|
|
$i = 1;
|
|
while ( $row = $db->get_array() ) {
|
|
$str = $row['name'] . " (" . stripslashes( $user_group[$row['user_group']]['group_name'] ) . ")";
|
|
|
|
if( $i == 1 ) {
|
|
$empf .= "<option selected=\"selected\" value=\"" . $row["user_id"] . "\">" . $str . "</option>\n";
|
|
} else {
|
|
$empf .= "<option value=\"" . $row["user_id"] . "\">" . $str . "</option>\n";
|
|
}
|
|
$i ++;
|
|
}
|
|
$empf .= "</select>";
|
|
|
|
$db->free();
|
|
|
|
$tpl->load_template( 'feedback.tpl' );
|
|
|
|
$path = parse_url( $config['http_home_url'] );
|
|
$tpl->set( '{recipient}', $empf );
|
|
$tpl->set( '{code}', "<span id=\"dle-captcha\"><a onclick=\"reload(); return false;\" href=\"#\"><img src=\"" . $path['path'] . "system/modules/antibot.php\" alt=\"{$lang['sec_image']}\" border=\"0\" /></a></span>" );
|
|
|
|
if( ! $is_logged ) {
|
|
$tpl->set( '[not-logged]', "" );
|
|
$tpl->set( '[/not-logged]', "" );
|
|
} else
|
|
$tpl->set_block( "'\\[not-logged\\](.*?)\\[/not-logged\\]'si", "" );
|
|
|
|
$tpl->copy_template = "<form method=\"post\" name=\"sendmail\" onsubmit=\"if(document.sendmail.subject.value == '' || document.sendmail.message.value == ''){alert('{$lang['comm_req_f']}');return false}\" action=\"\">\n" . $tpl->copy_template . "
|
|
<input name=\"send\" type=\"hidden\" value=\"send\" />
|
|
</form>";
|
|
|
|
$tpl->copy_template .= <<<HTML
|
|
<script language="javascript" type="text/javascript">
|
|
<!--
|
|
function reload () {
|
|
var rndval = new Date().getTime();
|
|
document.getElementById('dle-captcha').innerHTML = '<a onclick="reload(); return false;" href="#"><img src="{$path['path']}system/modules/antibot.php?rndval=' + rndval + '" border="0" width="120" height="50" alt="" /></a>';
|
|
};
|
|
//-->
|
|
</script>
|
|
HTML;
|
|
|
|
$tpl->compile( 'content' );
|
|
$tpl->clear();
|
|
|
|
} else {
|
|
msgbox( $lang['all_err_1'], $lang['feed_err_7'] );
|
|
}
|
|
}
|
|
|
|
?>
|