Location: PHPKode > projects > Esvon Personals > esvon-personals/modules/Form_to_Email/hw_user.php
<?php

// --------------------------------------------------------------------------
//
// Esvon Classifieds v.4.0
// Copyright(C), Esvon LTD, 2001-2010, All Rights Reserved.
// E-mail: hide@address.com
//
// All forms of reproduction, including, but not limited to, internet posting, 
// printing, e-mailing, faxing and recording are strictly prohibited.
// One license required per site running Esvon Classifieds. 
// To obtain a license for using Esvon Classifieds, please register at
// http://www.esvon.com/pg/products/p_classifieds/
//
// --------------------------------------------------------------------------

if(!defined('SITE_PATH')) die('Access denied');

define('TBL_SEND_MSG', hwModTable(HW_MOD,'log'));

function Form_to_Email_main(){
  global $TITLE_FIELD,$MOD_CFG,$db;
  
  if(!GD_VER) $MOD_CFG['EN_IMG_VER'] = 0;

  if($_GET['mode']=='image'){
    if($MOD_CFG['EN_IMG_VER']) {
      $o_iv =& Factory::create('Image_Verify');
      $o_iv->DisplayImage();
    }
    exit;
  }

  if($MOD_CFG['EN_REG_REPLY']) CheckLoggedIn();
  //if($_GET['no_wrap']) $GLOBALS['HW_WRAP'] = 0;


  $id = (int)$_GET['id'];
  $uid = (int)$_GET['uid'];
  
  $sql = '';
  if($id) {
    $fset = $db->one_data('SELECT c.fset FROM '.TBL_CAT.' c,'.TBL_AD.' a WHERE a.catid=c.id AND a.link_id='.$id);
    $sql = 'SELECT '.$TITLE_FIELD.',userid FROM '.TBL_AD.' WHERE link_id='.$id;
  }
  elseif($uid) $sql = 'SELECT username, id FROM '.TBL_USER.' WHERE id='.$uid;
  
  if($sql) list($to,$uid) = $db->one_row($sql);
  
  if(!$to){
    echo('Wrong ID');
    exit;
  }

  $a_v = array('sender','msg');
  foreach($a_v as $v) $$v = $_REQUEST[$v];

if($MOD_CFG['EN_REG_REPLY']){ 
  $sender = $db->one_data('SELECT email FROM '.TBL_USER.' WHERE id='.(int)hwSessionGetVar('userid'));
}


$tpl_v = array();
if($id){
  $tpl_v = $db->one_assoc('SELECT * FROM '.TBL_AD.' WHERE link_id='.$id);
  $v = array();
  $v['catid'] = $tpl_v['catid'];
  $v['cat_path'] = GetCatPathCached($v['catid']);
  // end level category ##cat_path|reverse:" > "|explode:" > "##
  $O_LFS = &Factory::singleton('FieldsSet', $fset);
  $tpl_v = $O_LFS->FillCustomFieldsArray($tpl_v, true);
  $O_LFS->AdjustCustomFields($tpl_v);
  $tpl_v = array_merge($tpl_v, $v);
}

/*if($tpl_v['f_seller']=='Private') $to = 'Private Seller';
else $to = $db->one_data('SELECT v_255_3 FROM '.TBL_USER.' WHERE id='.$uid);*/

$tpl_v = array_merge($tpl_v, compact('id','uid','to','msg','sender'));
$tpl_v['EN_REG_REPLY'] = $MOD_CFG['EN_REG_REPLY'];

if($_POST['go']){

  if (count($_POST, 1) < 100){ 
    $tpl_v['post_vars'] = html_esc(var_export($_POST, 1)); 
    foreach(array_keys($_POST) as $k) {
      //$tpl_v['post_vars'] .= "$k: $v\n";
      $tpl_v[$k] = html_esc($_POST[$k]);
    }
  }
  else $tpl_v['post_vars'] = 'Too many vars: '.count($_POST, 1);
  
  $ip = $db->quote($_SERVER['REMOTE_ADDR']);
  
  $err_msg = '';
  if(!IsEmail($sender)) $err_msg = hwLng('req_email');
  elseif($db->one_data('SELECT '.HW_TIME.'-UNIX_TIMESTAMP(date_added)<'.$MOD_CFG['FLOOD_PROT'].' FROM '.TBL_SEND_MSG.
  ' WHERE ip=INET_ATON("'.$ip.'")')) $err_msg = hwLng('err_flood');
  elseif($_FILES['attachment']['size']>$MOD_CFG['ATTACH_SIZE']*1024) $err_msg = sprintf(hwLng('err_filesize'),$_FILES['attachment']['name'],$MOD_CFG['ATTACH_SIZE']);
  elseif(hwIsBannedIP(HW_MOD_TPL.'banned_ips.txt', 'ban_ip_mod_form')) $err_msg = hwLng('err_ip_blocked');

  if(!$err_msg && $_POST['req_fields']){
    $a_f = explode('/',$_POST['req_fields']);
    foreach($a_f as $fid){ 
      if(!$_POST[$fid]){
        $err_msg = hwLng('err_req');
        break;
      }
    }
  }

  if(!$err_msg && $MOD_CFG['EN_IMG_VER']){
    $o_iv =& Factory::create('Image_Verify');
    if(!$o_iv->IsTextOK($_POST['img_text'])) $err_msg = hwLng('err_img_code');
  }
  
  if(!$err_msg){

    if($MOD_CFG['EN_BAD_WORDS']) {

      $a_words = hwGetBadWordsForPreg();
      if($a_words){
        $tpl_v['msg'] = preg_replace($a_words,'*',$tpl_v['msg']);
      }
    }

    $db->query('REPLACE INTO '.TBL_SEND_MSG.' (ip,date_added) VALUES(INET_ATON("'.$ip.'"),'.SQL_NOW.')');
    if(mt_rand(1,33) == 1){ // 3% probability
      $db->query('DELETE FROM '.TBL_SEND_MSG.' WHERE date_added < DATE_SUB('.SQL_NOW.',INTERVAL 1 DAY)');
    }
    
    $email = $db->one_data('SELECT email FROM '.TBL_USER.' WHERE id='.$uid);
    
    $tpl_f = FE_TplName($_POST['tpl_ok'], 'send_msg_ok.htm');
    EvalAdvTpl($tpl_f,'',1);

    $tpl_v['email'] = $email;
    
    $tpl_f = FE_TplName($_POST['email_send'], 'send_msg.mail');
    $email_body = EvalAdvTpl($tpl_f, $tpl_v); //GetFileWithForm('send_msg.mail',$fset)
    
    $a_File = ($_FILES['attachment'] && is_uploaded_file($_FILES['attachment']['tmp_name'])) ? array($_FILES['attachment']['name'] => $_FILES['attachment']['tmp_name']) : false;
    hwSendMail($email,$sender,'',$email_body,0,$a_File);
    
    /*if(hwModGetState('Mailing_Lists')=='A' && file_exists(SITE_PATH.'modules/Mailing_Lists/hw_api.php')){
      include SITE_PATH.'modules/Mailing_Lists/hw_api.php';
      Mod_ML_Capture($sender);
    }*/

    if($MOD_CFG['EN_C_S']){
      $tpl_f = FE_TplName($_POST['email_confirm'], 'send_confirm.mail');
      $email_body = EvalAdvTpl($tpl_f,$tpl_v); // GetFileWithForm('send_confirm.mail',$fset)
      hwSendMail($sender,ADMIN_EMAIL,'',$email_body,0,$a_File);
    }

    if($MOD_CFG['EN_CC_ADM']){
      $tpl_f = FE_TplName($_POST['email_admin'], 'send_msg_to_adm.mail');
      $email_body = EvalAdvTpl($tpl_f,$tpl_v); //GetFileWithForm('send_msg_to_adm.mail',$fset)
      hwSendMail(ADMIN_EMAIL,$sender,'',$email_body);
    }
    
    return;
  }
}
  
  $tpl_v['en_attach'] = $MOD_CFG['ATTACH_SIZE'];
  $tpl_v['enctype'] = $MOD_CFG['ATTACH_SIZE'] ? 'enctype="multipart/form-data"' : '';
  $tpl_v['EN_IMG_VER'] = $MOD_CFG['EN_IMG_VER'];
  $tpl_v['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
  $tpl_v['err_msg'] = $err_msg;

  $tpl_f = (string)$_GET['f'];
  if(!$tpl_f || strpos($tpl_f,'.')!==false || !file_exists(HW_MOD_TPL.$tpl_f.'.htm')) $tpl_f = 'send_msg';
  EvalAdvTpl(HW_MOD_TPL.$tpl_f.'.htm', $tpl_v, 1); // GetFileWithForm('send_msg.htm',$fset)
}

function FE_TplName($tpl_f, $base_f){
  if(strpos($tpl_f,'.')===false) $tpl_f.='.mail';
  if(!$tpl_f || !is_string($tpl_f) || preg_match('/\.\.|\\\|\\//',$tpl_f) || !file_exists(HW_MOD_TPL.$tpl_f)) $tpl_f = $base_f;
  return HW_MOD_TPL.$tpl_f;
}

function GetFileWithForm($f,$fset){
  $f_out = TPL_PATH.FS_DIR.'/'.$fset.'/'.$f;
  if(!file_exists($f_out)) $f_out = HW_MOD_TPL.$f;
  return $f_out;
}
Return current item: Esvon Personals