setPageTitle(WT_I18N::translate('webtrees message')); $to_user = User::findByIdentifier($to); // Only admins can send broadcast messages if (!$to_user || ($to=='all' || $to=='last_6mo' || $to=='never_logged') && !Auth::isAdmin()) { // TODO, what if we have a user called "all" or "last_6mo" or "never_logged" ??? $controller->pageHeader(); $controller->addInlineJavascript('window.opener.location.reload(); window.close();'); exit; } $errors=''; // Is this message from a member or a visitor? if (WT_USER_ID) { $from=WT_USER_NAME; } else { // Visitors must provide a valid email address if ($from_email && (!preg_match("/(.+)@(.+)/", $from_email, $match) || function_exists('checkdnsrr') && checkdnsrr($match[2])===false)) { $errors.='
'.WT_I18N::translate('Please enter a valid email address.').'
'; $action='compose'; } // Do not allow anonymous visitors to include links to external sites if (preg_match('/(?!'.preg_quote(WT_SERVER_NAME, '/').')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject.$body, $match)) { $errors.= ''.WT_I18N::translate('You are not allowed to send messages that contain external links.').'
'. ''./* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */ WT_I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]).'
'. Log::addAuthenticationLog('Possible spam message from "'.$from_name.'"/"'.$from_email.'", subject="'.$subject.'", body="'.$body.'"'); $action='compose'; } $from=$from_email; } // Ensure the user always visits this page twice - once to compose it and again to send it. // This makes it harder for spammers. switch ($action) { case 'compose': $WT_SESSION->good_to_send=true; break; case 'send': // Only send messages if we've come straight from the compose page. if (!$WT_SESSION->good_to_send) { Log::addAuthenticationLog('Attempt to send a message without visiting the compose page. Spam attack?'); $action='compose'; } if (!WT_Filter::checkCsrf()) { $action='compose'; } unset($WT_SESSION->good_to_send); break; } switch ($action) { case 'compose': $controller ->pageHeader() ->addInlineJavascript(' function checkForm(frm) { if (frm.subject.value=="") { alert("'.WT_I18N::translate('Please enter a message subject.').'"); document.messageform.subject.focus(); return false; } if (frm.body.value=="") { alert("'.WT_I18N::translate('Please enter some message text before sending.').'"); document.messageform.body.focus(); return false; } return true; } '); echo '', WT_I18N::translate('Send a message'), ''; echo $errors; if (!WT_USER_ID) { echo '', '', '
'; break; case 'send': if ($from_email) { $from = $from_email; } $toarray = array($to); if ($to == 'all') { $toarray = array(); foreach (User::all() as $user) { $toarray[$user->getUserId()] = $user->getUserName(); } } if ($to == 'never_logged') { $toarray = array(); foreach (User::all() as $user) { if ($user->getPreference('verified_by_admin') && $user->getPreference('reg_timestamp') > $user->getPreference('sessiontime')) { $toarray[$user->getUserId()] = $user->getUserName(); } } } if ($to == 'last_6mo') { $toarray = array(); $sixmos = 60*60*24*30*6; //-- timestamp for six months foreach (User::all() as $user) { if ($user->getPreference('sessiontime')>0 && (WT_TIMESTAMP - $user->getPreference('sessiontime') > $sixmos)) { $toarray[$user->getUserId()] = $user->getUserName(); } elseif (!$user->getPreference('verified_by_admin') && (WT_TIMESTAMP - $user->getPreference('reg_timestamp') > $sixmos)) { //-- not verified by registration past 6 months $toarray[$user->getUserId()] = $user->getUserName(); } } } $i = 0; foreach ($toarray as $indexval => $to) { $message = array(); $message['to']=$to; $message['from']=$from; if (!empty($from_name)) { $message['from_name'] = $from_name; $message['from_email'] = $from_email; } $message['subject'] = $subject; $message['body'] = $body; $message['created'] = WT_TIMESTAMP; $message['method'] = $method; $message['url'] = $url; if ($i>0) $message['no_from'] = true; if (addMessage($message)) { WT_FlashMessages::addMessage(WT_I18N::translate('Message successfully sent to %s', WT_Filter::escapeHtml($to))); } else { WT_FlashMessages::addMessage(WT_I18N::translate('Message was not sent')); Log::addErrorLog('Unable to send a message. FROM:'.$from.' TO:'.$to.' (failed to send)'); } $i++; } $controller ->pageHeader() ->addInlineJavascript('window.opener.location.reload(); window.close();'); break; }