. */ namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\PageController; /** @global Tree $WT_TREE */ global $WT_TREE; require 'includes/session.php'; $controller = new PageController; $controller->setPageTitle(I18N::translate('webtrees message')); // Send the message. if ($_SERVER['REQUEST_METHOD'] === 'POST') { $to = Filter::post('to', null, ''); $from_name = Filter::post('from_name', null, ''); $from_email = Filter::post('from_email'); $subject = Filter::post('subject', null, ''); $body = Filter::post('body', null, ''); $url = Filter::postUrl('url', 'index.php'); // Only an administration can use the distribution lists. $controller->restrictAccess(!in_array($to, ['all', 'never_logged', 'last_6mo']) || Auth::isAdmin()); $recipients = recipients($to); // Different validation for admin/user/visitor. $errors = !Filter::checkCsrf(); if (Auth::check()) { $from_name = Auth::user()->getRealName(); $from_email = Auth::user()->getEmail(); } elseif ($from_name === '' || $from_email === '') { $errors = true; } elseif (!preg_match('/@(.+)/', $from_email, $match) || function_exists('checkdnsrr') && !checkdnsrr($match[1])) { FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger'); $errors = true; } elseif (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */ I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger'); $errors = true; } elseif (empty($recipients)) { $errors = true; } if ($errors) { // Errors? Go back to the form. header( 'Location: message.php' . '?to=' . Filter::escapeUrl($to) . '&from_name=' . Filter::escapeUrl($from_name) . '&from_email=' . Filter::escapeUrl($from_email) . '&subject=' . Filter::escapeUrl($subject) . '&body=' . Filter::escapeUrl($body) . '&url=' . Filter::escapeUrl($url) ); } else { // No errors. Send the message. foreach ($recipients as $recipient) { if (deliverMessage($WT_TREE, $from_email, $from_name, $recipient, $subject, $body, $url)) { FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', Html::escape($to)), 'info'); } else { FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger'); Log::addErrorLog('Unable to send a message. FROM:' . $from_email . ' TO:' . $recipient->getEmail()); } } header('Location: ' . $url); } return; } $to = Filter::get('to', null, ''); $from_name = Filter::get('from_name', null, ''); $from_email = Filter::get('from_email', ''); $subject = Filter::get('subject', null, ''); $body = Filter::get('body', null, ''); $url = Filter::getUrl('url', 'index.php'); // Only an administration can use the distribution lists. $controller->restrictAccess(!in_array($to, ['all', 'never_logged', 'last_6mo']) || Auth::isAdmin()); $controller->pageHeader(); $to_names = implode(I18N::$list_separator, array_map(function(User $user) { return $user->getRealName(); }, recipients($to))); ?>

getRealName()) ?>
getPreference('sessiontime') > 0 && WT_TIMESTAMP - $user->getPreference('sessiontime') > 60 * 60 * 24 * 30 * 6; }); } elseif ($to === 'never_logged') { $recipients = array_filter(User::all(), function(User $user) { return $user->getPreference('verified_by_admin') && $user->getPreference('reg_timestamp') > $user->getPreference('sessiontime'); }); } else { $recipients = array_filter([User::findByUserName($to)]); } return $recipients; } /** * Add a message to a user's inbox, send it to them via email, or both. * * @param Tree $tree * @param string $sender_name * @param string $sender_email * @param User $recipient * @param string $subject * @param string $body * @param string $url * * @return bool */ function deliverMessage(Tree $tree, $sender_email, $sender_name, User $recipient, $subject, $body, $url) { $success = true; $hr = '--------------------------------------------------'; $body = nl2br($body, false); $body_cc = I18N::translate('You sent the following message to a webtrees user:') . ' ' . $recipient->getRealNameHtml() . Mail::EOL . $hr . Mail::EOL . $body; I18N::init($recipient->getPreference('language', WT_LOCALE)); $body = /* I18N: %s is a person's name */ I18N::translate('%s sent you the following message.', $sender_email) . Mail::EOL . Mail::EOL . $body; if ($url !== 'index.php') { $body .= Mail::EOL . $hr . Mail::EOL . I18N::translate('This message was sent while viewing the following URL: ') . $url . Mail::EOL; } // Send via the internal messaging system. if (in_array($recipient->getPreference('contactmethod'), ['messaging', 'messaging2', 'mailto', 'none'])) { Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)") ->execute([ Auth::check() ? Auth::user()->getEmail() : $sender_email, WT_CLIENT_IP, $recipient->getUserId(), $subject, str_replace('
', '', $body), ]); } // CC to the author via the internal messaging system. if (Auth::check() && in_array(Auth::user()->getPreference('contactmethod'), ['messaging', 'messaging2', 'mailto', 'none'])) { Database::prepare( "INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)" )->execute([ Auth::user()->getEmail(), WT_CLIENT_IP, $recipient->getUserId(), $subject, str_replace('
', '', $body_cc), ]); } // Send via email if (in_array($recipient->getPreference('contactmethod'), ['messaging2', 'messaging3', 'mailto', 'none'])) { $success = $success && Mail::send( // “From:” header $tree, // “To:” header $sender_email, $sender_name, // “Reply-To:” header Site::getPreference('SMTP_FROM_NAME'), $tree->getPreference('title'), // Message body I18N::translate('webtrees message') . ' - ' . $subject, $body ); } I18N::init(WT_LOCALE); return $success; }