. */ namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\PageController; /** @global Tree $WT_TREE */ global $WT_TREE; require 'includes/session.php'; $controller = new PageController; $controller->setPageTitle(I18N::translate('webtrees message')); // Send the message. if ($_SERVER['REQUEST_METHOD'] === 'POST') { $to = Filter::post('to', null, ''); $from_name = Filter::post('from_name', null, ''); $from_email = Filter::post('from_email'); $subject = Filter::post('subject', null, ''); $body = Filter::post('body', null, ''); $url = Filter::postUrl('url', 'index.php'); // Only an administration can use the distribution lists. $controller->restrictAccess(!in_array($to, ['all', 'never_logged', 'last_6mo']) || Auth::isAdmin()); $recipients = recipients($to); // Different validation for admin/user/visitor. $errors = !Filter::checkCsrf(); if (Auth::check()) { $from_name = Auth::user()->getRealName(); $from_email = Auth::user()->getEmail(); } elseif ($from_name === '' || $from_email === '') { $errors = true; } elseif (!preg_match('/@(.+)/', $from_email, $match) || function_exists('checkdnsrr') && !checkdnsrr($match[1])) { FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger'); $errors = true; } elseif (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */ I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger'); $errors = true; } elseif (empty($recipients)) { $errors = true; } if ($errors) { // Errors? Go back to the form. header( 'Location: message.php' . '?to=' . rawurlencode($to) . '&from_name=' . rawurlencode($from_name) . '&from_email=' . rawurlencode($from_email) . '&subject=' . rawurlencode($subject) . '&body=' . rawurlencode($body) . '&url=' . rawurlencode($url) ); } else { // No errors. Send the message. foreach ($recipients as $recipient) { if (deliverMessage($WT_TREE, $from_email, $from_name, $recipient, $subject, $body, $url)) { FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Html::escape($to)), 'info'); } else { FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); Log::addErrorLog('Unable to send a message. FROM:' . $from_email . ' TO:' . $recipient->getEmail()); } } header('Location: ' . $url); } return; } $to = Filter::get('to', null, ''); $from_name = Filter::get('from_name', null, ''); $from_email = Filter::get('from_email', ''); $subject = Filter::get('subject', null, ''); $body = Filter::get('body', null, ''); $url = Filter::getUrl('url', 'index.php'); // Only an administration can use the distribution lists. $controller->restrictAccess(!in_array($to, ['all', 'never_logged', 'last_6mo']) || Auth::isAdmin()); $controller->pageHeader(); $to_names = implode(I18N::$list_separator, array_map(function(User $user) { return $user->getRealName(); }, recipients($to))); ?>

getRealName()) ?>
getPreference('sessiontime') > 0 && WT_TIMESTAMP - $user->getPreference('sessiontime') > 60 * 60 * 24 * 30 * 6; }); } elseif ($to === 'never_logged') { $recipients = array_filter(User::all(), function(User $user) { return $user->getPreference('verified_by_admin') && $user->getPreference('reg_timestamp') > $user->getPreference('sessiontime'); }); } else { $recipients = array_filter([User::findByUserName($to)]); } return $recipients; } /** * Add a message to a user's inbox, send it to them via email, or both. * * @param Tree $tree * @param string $sender_name * @param string $sender_email * @param User $recipient * @param string $subject * @param string $body * @param string $url * * @return bool */ function deliverMessage(Tree $tree, $sender_email, $sender_name, User $recipient, $subject, $body, $url) { // Create a dummy user, so we can send messages from the tree. $from = new User( (object) [ 'user_id' => null, 'user_name' => '', 'real_name' => $tree->getTitle(), 'email' => $tree->getPreference('WEBTREES_EMAIL'), ] ); // Create a dummy user, so we can reply to visitors. $sender = new User( (object) [ 'user_id' => null, 'user_name' => '', 'real_name' => $sender_name, 'email' => $sender_email, ] ); $success = true; // Switch to the recipient's language I18N::init($recipient->getPreference('language')); // Send via the internal messaging system. if (in_array($recipient->getPreference('contactmethod'), ['messaging', 'messaging2', 'mailto', 'none'])) { Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)") ->execute([ Auth::check() ? Auth::user()->getEmail() : $sender_email, WT_CLIENT_IP, $recipient->getUserId(), $subject, View::make('emails/message-user-text', ['sender' => $sender, 'recipient' => $recipient, 'message' => $body, 'url' => $url]), ]); } // Send via email if (in_array($recipient->getPreference('contactmethod'), ['messaging2', 'messaging3', 'mailto', 'none'])) { $success = $success && Mail::send( $from, $recipient, $sender, I18N::translate('webtrees message') . ' - ' . $subject, View::make('emails/message-user-text', ['sender' => $sender, 'recipient' => $recipient, 'message' => $body, 'url' => $url]), View::make('emails/message-user-html', ['sender' => $sender, 'recipient' => $recipient, 'message' => $body, 'url' => $url]) ); } I18N::init(WT_LOCALE); // Copy the message back to the user if (Auth::check() && in_array(Auth::user()->getPreference('contactmethod'), ['messaging', 'messaging2', 'mailto', 'none'])) { Database::prepare( "INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)" )->execute([ Auth::user()->getEmail(), WT_CLIENT_IP, $recipient->getUserId(), $subject, View::make('emails/message-copy-text', ['sender' => $sender, 'recipient' => $recipient, 'message' => $body, 'url' => $url]) ]); } return $success; }