<?php
/*
Open Media Collectors Database
Copyright (C) 2001,2006 by Jason Pell
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// This must be first - includes config.php
require_once("./include/begin.inc.php");
include_once("./functions/database.php");
include_once("./functions/auth.php");
include_once("./functions/logging.php");
include_once("./functions/email.php");
include_once("./functions/widgets.php");
include_once("./functions/user.php");
include_once("./functions/HTML_Listing.class.inc");
/*
* This script supports several different operations
*
* $op = 'send_to_all'
* This will format an email email to all OpenDb users, except the currently
* logged in users.
*
* Applicable variables:
* $toname - A title identifying the user group.
* $subject - The subject of the email
* $message - The message, if bypassing the email form.
*
* This operation is NOT available to a non-opendb Administrator user, and so
* the $from and $fromname variables will be ignored.
*
* $op = 'send_to_uids'
*
* Applicable Variables:
* $uids_rs - An array of userid's to send mail to. The user trying to send
* email should be at least of the usertype of all the $uid's
* in this array variable.
* $subject - The subject of the email
* $message - The message, if bypassing the email form.
*
* This operation is NOT available to a non-opendb user, and so the $from
* and $fromname variables will be ignored.
*
* $op = 'send_to_uid'
*
* Applicable Variables:
* $uid - A single UID to send email to. The user trying to send
* email should be at least of the usertype of the $uid
* in this variable.
* $subject - The subject of the email
* $message - The message, if bypassing the email form.
*
* This operation is NOT available to a non-opendb user, and so the $from
* and $fromname variables will be ignored.
*/
/*
* @param $to Formatted readonly To: address information. This will often NOT
* be an actual email address, but may be something like a comma
* delimited list of Userid's or names.
* @param $toname
* @param $from A $from email address, which will correspond to the current user
* in all cases. We no longer support using this script for non-opendb
* email.
* @param $fromname
* @param $subject
* @param message
* @param $HTTP_VARS - Any variables to include as hidden variables in the form.
*/
function show_email_form($to_userid, $to_fullname, $from_userid, $from_fullname, $subject, $message, $HTTP_VARS, $errors)
{
global $PHP_SELF;
if(strlen($to_userid)>0 && strlen($to_fullname)>0)
$to = get_opendb_lang_var('user_name', array('fullname'=>$to_fullname, 'user_id'=>$to_userid));
else if(strlen($to_fullname)>0)
$to = $to_fullname;
else if(strlen($to_userid)>0)
$to = $to_userid;
$isFromReadonly = FALSE;
if(strlen($from_userid)>0 && strlen($from_fullname)>0) {
$from = get_opendb_lang_var('current_user', array('fullname'=>$from_fullname, 'user_id'=>$from_userid));
$isFromReadonly = TRUE;
} else if(strlen($from_fullname)>0) {
$from = $from_fullname; // this is an email address
} else if(strlen($from_userid)>0) {
$from = $from_userid; // this is an email address
}
if(is_array($errors)) {
echo format_error_block($errors);
}
echo("\n<form action=\"$PHP_SELF\" method=\"POST\">");
echo get_url_fields($HTTP_VARS, array('op2'=>'send'), array('subject', 'message'));
echo("\n<table class=\"emailForm\">");
echo format_field(get_opendb_lang_var('to'), $to);
echo get_input_field("from",
NULL, // s_attribute_type
get_opendb_lang_var('from'),
$isFromReadonly?"readonly":"email(50,100)", //input type.
"Y", //compulsory!
$from,
TRUE);
echo get_input_field("subject",
NULL, // s_attribute_type
get_opendb_lang_var('subject'),
"text(50,100)", //input type.
"Y", //compulsory!
$subject,
TRUE);
echo get_input_field("message",
NULL, // s_attribute_type
get_opendb_lang_var('message'),
"textarea(50,10)", //input type.
"N", //compulsory!
$message,
TRUE);
echo("</table>");
$help_block_r[] = array('img'=>'compulsory.gif', 'text'=>get_opendb_lang_var('compulsory_field'), id=>'compulsory');
echo format_help_block($help_block_r);
echo("<input type=\"submit\" class=\"submit\" value=\"".get_opendb_lang_var('submit')."\">");
echo("\n</form>");
}
/*
* Will not check whether $user_id_rs contains the current users user_id. It is expected
* that this should have already been done.
*/
function send_email_to_userids($user_id_rs, $from_userid, $subject, $message, &$errors)
{
if(strlen($subject)==0)
{
$errors[] = get_opendb_lang_var('invalid_subject');
return FALSE;
}
reset($user_id_rs);
while (list(,$user_id) = each($user_id_rs))
{
$touser_r = fetch_user_r($user_id);
if(is_not_empty_array($touser_r))
{
if(opendb_user_email($touser_r['user_id'], $from_userid, $subject, $message, $errors))
{
$success[] = $touser_r['fullname']." (".$user_id.")";
}
else
{
$failures[] = array(user=>$touser_r['fullname']." (".$user_id.")", error=>$errors);
}
$errors = NULL;
}
}
if(is_not_empty_array($success))
{
echo ("<p class=\"success\">".get_opendb_lang_var('message_sent_to').": <ul>");
while (list(,$touser) = each($success))
{
echo("<li class=\"smsuccess\">".$touser."</li>");
}
echo("</ul></p>");
}
if(is_not_empty_array($failures))
{
echo ("<p class=\"error\">".get_opendb_lang_var('message_not_sent_to').": <ul>");
while (list(,$failure_r) = each($failures))
{
echo("<li class=\smerror\">".$failure_r['user'].
format_error_block($failure_r['error'])."</li>");
}
echo("</ul></p>");
}
return TRUE;
}
function get_user_id_rs()
{
$user_id_rs = NULL;
$result = fetch_user_rs(PERM_RECEIVE_EMAIL, INCLUDE_ROLE_PERMISSIONS, INCLUDE_CURRENT_USER, EXCLUDE_DEACTIVATED_USER, TRUE, 'user_id', 'ASC');
if($result)
{
while ($user_r = db_fetch_assoc($result))
{
$user_id_rs[] = $user_r['user_id'];
}
db_free_result($result);
}
return $user_id_rs;
}
/**
*/
function get_user_ids_tovalue($user_id_rs)
{
$to = "";
if(is_not_empty_array($user_id_rs))
{
reset($user_id_rs);
while(list(,$user_id) = each($user_id_rs))
{
if(strlen($to)==0)
$to = $user_id;
else
$to .= ", ".$user_id;
}
}
return $to;
}
if(is_site_enabled())
{
if(is_opendb_valid_session() ||
($HTTP_VARS['op'] == 'send_to_site_admin' && get_opendb_config_var('email', 'send_to_site_admin')!==FALSE))
{
echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
echo("<h2 class=\"sendEmail\">".get_opendb_lang_var('send_email')."</h2>");
// no email functionality is available unless a valid mailer is configured.
if(is_valid_opendb_mailer())
{
// Avoid any attempts to foil required validation checks.
$HTTP_VARS['subject'] = trim(strip_tags($HTTP_VARS['subject']));
$HTTP_VARS['message'] = trim(strip_tags($HTTP_VARS['message']));
if($HTTP_VARS['op'] == 'send_to_site_admin')
{
// Avoid any attempts to foil required validation checks.
$HTTP_VARS['from'] = trim(strip_tags($HTTP_VARS['from']));
if($HTTP_VARS['op2'] == 'send' &&
send_email_to_site_admins(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS['from'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
echo("<p class=\"success\">".get_opendb_lang_var('message_sent_to')." ".get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title'))."</p>");
} else {
show_email_form(
NULL,// email
get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')),
$HTTP_VARS['from'], // from_userid
NULL, // from_fullname
$HTTP_VARS['subject'],
$HTTP_VARS['message'],
$HTTP_VARS,
$errors);
}
}
else if(($HTTP_VARS['op'] == 'send_to_all' ||
$HTTP_VARS['op'] == 'send_to_uids') &&
is_user_granted_permission(PERM_ADMIN_SEND_EMAIL))
{
$from_user_r = fetch_user_r(get_opendb_session_var('user_id'));
$HTTP_VARS['toname'] = trim(strip_tags($HTTP_VARS['toname']));
if($HTTP_VARS['op'] == 'send_to_all')
{
// Default toname for bulk email.
if(strlen($HTTP_VARS['toname'])==0)
{
$HTTP_VARS['toname'] = get_opendb_lang_var('site_users', 'user_desc', get_opendb_config_var('site', 'title'));
}
$user_id_r = get_user_id_rs();
if(is_not_empty_array($user_id_r))
{
if($HTTP_VARS['op2'] == 'send' &&
send_email_to_userids($user_id_r, $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
// do nothing
} else {
show_email_form(
get_user_ids_tovalue($user_id_r),
$HTTP_VARS['toname'],
$from_user_r['user_id'],
$from_user_r['fullname'],
$HTTP_VARS['subject'],
$HTTP_VARS['message'],
$HTTP_VARS,
$errors);
}
}
else
{
echo("<p class=\"error\">".get_opendb_lang_var('no_users_found')."</p>");
}
}
else if($HTTP_VARS['op'] == 'send_to_uids' &&
(is_not_empty_array($HTTP_VARS['user_id_rs']) ||
strlen(trim($HTTP_VARS['checked_user_id_rs_list']))>0))
{
if($HTTP_VARS['op2'] == 'send' &&
send_email_to_userids(
$HTTP_VARS['user_id_rs'],
$from_user_r['user_id'],
$HTTP_VARS['subject'],
$HTTP_VARS['message'],
$errors)) {
// do nothing
} else {
show_email_form(
get_user_ids_tovalue($HTTP_VARS['user_id_rs']),
get_opendb_lang_var('site_users', 'user_desc', get_opendb_config_var('site', 'title')),
$from_user_r['user_id'],
$from_user_r['fullname'],
$HTTP_VARS['subject'],
$HTTP_VARS['message'],
$HTTP_VARS,
$errors);
}
}
}
else if($HTTP_VARS['op'] == 'send_to_uid' && is_user_permitted_to_receive_email($HTTP_VARS['uid']) &&
is_user_granted_permission(PERM_SEND_EMAIL))
{
$from_user_r = fetch_user_r(get_opendb_session_var('user_id'));
$HTTP_VARS['toname'] = trim(strip_tags($HTTP_VARS['toname']));
if($HTTP_VARS['op2'] == 'send' &&
send_email_to_userids(
array($HTTP_VARS['uid']),
$from_user_r['user_id'],
$HTTP_VARS['subject'],
$HTTP_VARS['message'],
$errors)) {
// do nothing
} else {
show_email_form(
$HTTP_VARS['uid'],
fetch_user_name($HTTP_VARS['uid']),
$from_user_r['user_id'],
$from_user_r['fullname'],
$HTTP_VARS['subject'],
$HTTP_VARS['message'],
$HTTP_VARS,
$errors);
}
}
else
{
echo("<p class=\"error\">".get_opendb_lang_var('not_authorized_to_page')."</p>");
}
}
else
{
echo("<p class=\"error\">".get_opendb_lang_var('operation_not_available')."</p>");
}
echo _theme_footer();
}
else
{
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
}//if(is_site_enabled())
else
{
echo _theme_header(get_opendb_lang_var('site_is_disabled'), FALSE);
echo("<p class=\"error\">".get_opendb_lang_var('site_is_disabled')."</p>");
echo _theme_footer();
}
// Cleanup after begin.inc.php
require_once("./include/end.inc.php");
?>