setPageTitle(WT_I18N::translate('webtrees Message')); $controller->pageHeader(); $subject =isset($_REQUEST['subject' ]) ? $_REQUEST['subject' ] : ''; $url =isset($_REQUEST['url' ]) ? $_REQUEST['url' ] : ''; $method =isset($_REQUEST['method' ]) ? $_REQUEST['method' ] : 'messaging2'; $body =isset($_REQUEST['body' ]) ? $_REQUEST['body' ] : ''; $from_email=isset($_REQUEST['from_email']) ? $_REQUEST['from_email'] : ''; $from_name =isset($_REQUEST['from_name' ]) ? $_REQUEST['from_name' ] : ''; $to =isset($_REQUEST['to' ]) ? $_REQUEST['to' ] : ''; $action =isset($_REQUEST['action' ]) ? $_REQUEST['action' ] : 'compose'; $from =isset($_REQUEST['from' ]) ? $_REQUEST['from' ] : ''; $time =isset($_REQUEST['time' ]) ? $_REQUEST['time' ] : ''; $method =isset($_REQUEST['method' ]) ? $_REQUEST['method' ] : ''; if (empty($to)) { echo '

'.WT_I18N::translate('No recipient user was provided. Cannot continue.').'

'; exit; } if ($to=='all' && !WT_USER_IS_ADMIN) { echo '

'.WT_I18N::translate('No recipient user was provided. Cannot continue.').'

'; exit; } // Do not allow anonymous visitors to include links to external sites if (!WT_USER_ID) { if ( preg_match('/(?!'.preg_quote(WT_SERVER_NAME, '/').')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject, $match) || preg_match('/(?!'.preg_quote(WT_SERVER_NAME, '/').')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $body, $match) ) { echo '

'.WT_I18N::translate('You are not allowed to send messages that contain external links.').'

'; echo '

'./* I18N: e.g. "You should delete the “http://” from “http://www.example.com” and try again." */ WT_I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]).'

'; AddToLog('Possible spam message from "'.$from_name.'"/"'.$from_email.'", IP="'.$_SERVER['REMOTE_ADDR'].'", subject="'.$subject.'", body="'.$body.'"', 'auth'); $action='compose'; } } if (($action=='send')&&(isset($_SESSION['good_to_send']))&&($_SESSION['good_to_send']===true)) { $_SESSION['good_to_send'] = false; if (!empty($from_email)) $from = $from_email; if (!get_user_id($from)) { $mt = preg_match("/(.+)@(.+)/", $from, $match); if ($mt>0) { $host = trim($match[2]); if (function_exists('checkdnsrr')) { $ip = checkdnsrr($host); if ($ip === false) { //$host = "www.".$host; $ip = checkdnsrr($host); if ($ip === false) { echo '

'.WT_I18N::translate('Please enter a valid email address.').'

'; $action='compose'; } } } } else { echo '

'.WT_I18N::translate('Please enter a valid email address.').'

'; $action='compose'; } } //-- check referer for possible spam attack if (!isset($_SERVER['HTTP_REFERER']) || stristr($_SERVER['HTTP_REFERER'],"message.php")===false) { echo "

Invalid page referer."; echo "

"; AddToLog('Invalid page referer while trying to send a message. Possible spam attack.', 'auth'); $action="compose"; } if ($action!='compose') { $toarray = array($to); if ($to == 'all') { $toarray = get_all_users(); } if ($to == 'never_logged') { $toarray = array(); foreach (get_all_users() as $user_id=>$user_name) { // SEE Bug [ 1827547 ] Message to inactive users sent to newcomers if (get_user_setting($user_id,'verified_by_admin') && get_user_setting($user_id, 'reg_timestamp') > get_user_setting($user_id, 'sessiontime')) { $toarray[$user_id] = $user_name; } } } if ($to == 'last_6mo') { $toarray = array(); $sixmos = 60*60*24*30*6; //-- timestamp for six months foreach (get_all_users() as $user_id=>$user_name) { // SEE Bug [ 1827547 ] Message to inactive users sent to newcomers if (get_user_setting($user_id,'sessiontime')>0 && (time() - get_user_setting($user_id, 'sessiontime') > $sixmos)) { $toarray[$user_id] = $user_name; } //-- not verified by registration past 6 months else if (!get_user_setting($user_id, 'verified_by_admin') && (time() - get_user_setting($user_id, 'reg_timestamp') > $sixmos)) { $toarray[$user_id] = $user_name; } } } $i = 0; foreach ($toarray as $indexval => $to) { $message = array(); $message['to']=$to; $message['from']=$from; if (!empty($from_name)) { $message['from_name'] = $from_name; $message['from_email'] = $from_email; } $message['subject'] = $subject; $url = preg_replace("/".WT_SESSION_NAME."=.*/", "", $url); $message['body'] = $body; $message['created'] = $time; $message['method'] = $method; $message['url'] = $url; if ($i>0) $message['no_from'] = true; if ($message['from']==$message['to']) { //-- do not allow users to send a message to themselves echo WT_I18N::translate('It is not allowed to send messages to yourself.'), '
'; echo WT_I18N::translate('Message was not sent'), '
'; AddToLog('Unable to send message. TO:'.$to.' FROM:'.$from, 'error'); } else if (!get_user_id($to)) { //-- the to user must be a valid user in the system before it will send any mails echo WT_I18N::translate('Invalid user identifier: %s.', get_user_id($to)), '
'; echo WT_I18N::translate('Message was not sent'), '
'; AddToLog('Unable to send message. TO:'.$to.' FROM:'.$from, 'error'); } else if (addMessage($message)) { $to_user_id=get_user_id($to); if ($to_user_id) { echo WT_I18N::translate('Message successfully sent to %s', ''.getUserFullName($to_user_id).''); echo '
'; } else { AddToLog('Invalid TO user.'.$to.' Possible spam attack.', 'auth'); } } else { echo WT_I18N::translate('Message was not sent'), '
'; AddToLog('Unable to send message. TO:'.$to.' FROM:'.$from, 'error'); } $i++; } } } else if ($action=='send') AddToLog('Invalid Compose Session while trying to send a message. Possible spam attack.', 'auth'); if ($action=='compose') { echo '', WT_I18N::translate('Send Message'), ''; $_SESSION['good_to_send'] = true; ?>
', WT_I18N::translate('Please Note: Private information of living individuals will only be given to family relatives and close friends. You will be asked to verify your relationship before you will receive any private data. Sometimes information of dead persons may also be private. If this is the case, it is because there is not enough information known about the person to determine whether they are alive or not and we probably do not have more information on this person.

Before asking a question, please verify that you are inquiring about the correct person by checking dates, places, and close relatives. If you are submitting changes to the genealogical data, please include the sources where you obtained the data.'); } echo '
'; echo ''; $to_user_id=get_user_id($to); if ($to_user_id) { echo ''; } if (!WT_USER_ID) { echo ''; echo ''; } echo ''; echo ''; echo ''; echo ''; echo '
', WT_I18N::translate('This message will be sent to %s', ''.getUserFullName($to_user_id).''), '
'; echo WT_I18N::translate('This user prefers to receive messages in %s', Zend_Locale::getTranslation(get_user_setting($to_user_id, 'language'), 'language', WT_LOCALE)), '
', WT_I18N::translate('Your Name:'), '
', WT_I18N::translate('Email Address:'), '
', WT_I18N::translate('Please provide your email address so that we may contact you in response to this message. If you do not provide your email address we will not be able to respond to your inquiry. Your email address will not be used in any other way besides responding to this inquiry.'), '

', WT_I18N::translate('Subject:'), ''; if (WT_USER_ID) { echo ''; } echo ''; echo ''; echo ''; echo ''; echo ''; echo '
', WT_I18N::translate('Body:'), '

'; echo '
'; if ($method=='messaging2') echo WT_I18N::translate('When you send this message you will receive a copy sent via email to the address you provided.'); } else if ($action=='delete') { if (deleteMessage($id)) echo WT_I18N::translate('Message Deleted'); } echo '


', WT_I18N::translate('Close Window'), '
';