PageRenderTime 74ms CodeModel.GetById 35ms RepoModel.GetById 0ms app.codeStats 0ms

/lists/admin/send_core.php

https://bitbucket.org/bontiv/insomnia
PHP | 1667 lines | 1305 code | 160 blank | 202 comment | 334 complexity | 8b5ffd7655c26cfd483f3722fe5d2740 MD5 | raw file
Possible License(s): Apache-2.0, LGPL-3.0, LGPL-2.1, GPL-3.0, BSD-3-Clause, GPL-2.0

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. // 2004-1-7 This function really isn't quite ready for register globals.
  3. require_once dirname(__FILE__).'/accesscheck.php';
  4. #initialisation###############
  5. // Verify that FCKeditor is available
  6. if (USEFCK && file_exists("./FCKeditor/fckeditor.php")) {
  7. include("./FCKeditor/fckeditor.php") ;
  8. // Create the editor object here so we can check to see if *it* wants us to use it (this
  9. // does a browser check, etc.
  10. $oFCKeditor = new FCKeditor('message') ;
  11. $usefck = $oFCKeditor->IsCompatible();
  12. unset($oFCKeditor); // This object is *very* short-lived. Thankfully, it's also light-weight
  13. } else {
  14. $usefck = 0;
  15. }
  16. // Verify that TinyMCE is available
  17. $useTinyMCE = 0;
  18. if (USETINYMCEMESG && file_exists(TINYMCEPATH)) {
  19. $useTinyMCE = 1;
  20. }
  21. include_once dirname(__FILE__). "/date.php";
  22. $errormsg = '';
  23. $rss_content = '';
  24. $done = 0;
  25. $messageid = 0;
  26. $duplicate_atribute = 0; # not actually used it seems @@@ check
  27. $embargo = new date("embargo");
  28. $embargo->useTime = true;
  29. $repeatuntil = new date("repeatuntil");
  30. $repeatuntil->useTime = true;
  31. if (empty($_GET['id'])) {
  32. $_GET['id'] = '';
  33. }
  34. $baseurl = PageURL2($_GET["page"].'&id='.$_GET["id"]);
  35. echo '<script language="Javascript" src="js/jslib.js" type="text/javascript"></script><hr><p>';
  36. // load some variables in a register globals-safe fashion
  37. if (isset($_POST['send'])) {
  38. $send = $_POST["send"]; // Only get this from the POST variable (not session or anywhere else)
  39. } else {
  40. $send = '';
  41. }
  42. if (isset($_POST['prepare'])) {
  43. $prepare = $_POST["prepare"];
  44. } else {
  45. $prepare = '';
  46. }
  47. if (isset($_GET['id'])) {
  48. $id = sprintf('%d',$_GET["id"]); // Only get this from the GET variable
  49. } else {
  50. $id = 0;
  51. }
  52. if (isset($_POST['save'])) {
  53. $save = $_POST["save"]; // Save button pressed?
  54. } else {
  55. $save = '';
  56. }
  57. if (isset($_POST['sendtest'])) {
  58. $sendtest = $_POST["sendtest"];
  59. } else {
  60. $sendtest = '';
  61. }
  62. if (!isset($_GET['tab'])) $_GET['tab'] = '';
  63. if (!$id) {
  64. $defaulttemplate = getConfig('defaultmessagetemplate');
  65. Sql_Query(sprintf('insert into %s (subject,status,entered,sendformat,embargo,repeatuntil,owner,template,tofield,replyto)
  66. values("(no subject)","draft",now(),"HTML",now(),now(),%d,%d,"","")',$GLOBALS["tables"]["message"],$_SESSION["logindetails"]["id"],$defaulttemplate));
  67. $id = Sql_Insert_id();
  68. # 0008720: Using -p send from the commandline doesn't seem to work
  69. if(!$GLOBALS["commandline"]){
  70. Redirect($_GET["page"]."&id=$id");
  71. exit;
  72. }
  73. }
  74. if (isset($_GET['deleterule']) && $_GET["deleterule"]) {
  75. Sql_Query(sprintf('delete from %s where name = "criterion%d" and id = %d',$GLOBALS["tables"]["messagedata"],$_GET["deleterule"],$_GET["id"]));
  76. Redirect($_GET["page"]."&id=$id&tab=".$_GET["tab"]);
  77. }
  78. ob_end_flush();
  79. #load database data###########################
  80. // If we were passed an ID in the get, and we *weren't* posted a send, then
  81. // initialize the variables from the database.
  82. #if (((!$send) && (!$save) && (!$sendtest)) && ($id)) {
  83. if ($id) {
  84. // Load message attributes / values
  85. require $GLOBALS["coderoot"] . "structure.php"; // This gets the database structures into DBStruct
  86. $result = Sql_query("SELECT * FROM {$tables["message"]} where id = $id $ownership");
  87. if (!Sql_Affected_Rows()) {
  88. print $GLOBALS['I18N']->get("noaccess");
  89. $done = 1;
  90. return;
  91. }
  92. foreach (array('message', 'msgsubject') as $key) {
  93. if (isset($_POST[$key])) {
  94. $_POST[$key] = stripslashes($_POST[$key]);
  95. }
  96. }
  97. while ($msg = Sql_fetch_array($result)) {
  98. foreach ($DBstruct["message"] as $field => $rec) {
  99. if (!isset($_POST[$field])) {
  100. # print "Db: $field = $msg[$field]<br/>";
  101. $_POST[$field] = $msg[$field];
  102. }
  103. }
  104. }
  105. if (!isset($_POST['targetlist']) || !is_array($_POST["targetlist"])) {
  106. $_POST["targetlist"] = array();
  107. // Load lists that were targetted with message...
  108. $result = Sql_Query("select $tables[list].name,$tables[list].id from $tables[listmessage],$tables[list] where $tables[listmessage].messageid = $id and $tables[listmessage].listid = $tables[list].id");
  109. while ($lst = Sql_fetch_array($result)) {
  110. $_POST["targetlist"][$lst["id"]] = 1;
  111. }
  112. }
  113. // A bit of additional cleanup
  114. if (!isset($_POST["from"]))
  115. $_POST["from"] = $_POST["fromfield"]; // Database field name doesn't match form fieldname...
  116. if (!isset($_POST["forwardsubject"])) {
  117. $_POST["forwardsubject"] = "";
  118. }
  119. else $_POST["forwardsubject"] = sprintf("%s", $_POST["forwardsubject"]);
  120. if (!isset($_POST["forwardmessage"])) {
  121. $_POST["forwardmessage"] = "";
  122. }
  123. else $_POST["forwardmessage"] = sprintf("%s", $_POST["forwardmessage"]);
  124. if (!isset($_POST["forwardfooter"])) {
  125. $_POST["forwardfooter"] = "";
  126. }
  127. else $_POST["forwardfooter"] = sprintf("%s", $_POST["forwardfooter"]);
  128. if (!isset($_POST["msgsubject"])) {
  129. $_POST["msgsubject"] = sprintf("%s",$_POST["subject"]);
  130. } else {
  131. $_POST['subject'] = sprintf("%s",$_POST['msgsubject']);
  132. }
  133. if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["embargo"] && $_POST["embargo"] != "0000-00-00 00:00:00") {
  134. $embargo->setDateTime($_POST["embargo"]);
  135. }
  136. if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["repeatuntil"] && $_POST["repeatuntil"] != "0000-00-00 00:00:00") {
  137. $repeatuntil->setDateTime($_POST["repeatuntil"]);
  138. }
  139. # not sure why this is here, but it breaks things when tables are used in the
  140. # message, so for now disable it.
  141. if (0) {#$usefck) {
  142. $_POST["message"] = nl2br($_POST["message"]);
  143. }
  144. // Load the criteria settings...
  145. }
  146. // If we've got magic quotes on, then we need to get rid of the slashes - either
  147. // from the database or from the previous $_POST
  148. #if (get_magic_quotes_gpc()) {
  149. // $_POST["msgsubject"] = stripslashes($_POST["msgsubject"]);
  150. #0013076: different content when forwarding 'to a friend'
  151. $_POST["forwardsubject"] = stripslashes($_POST["forwardsubject"]);
  152. $_POST["from"] = stripslashes($_POST["from"]);
  153. $_POST["tofield"] = stripslashes($_POST["tofield"]);
  154. $_POST["replyto"] = stripslashes($_POST["replyto"]);
  155. // $_POST["message"] = stripslashes($_POST["message"]);
  156. #0013076: different content when forwarding 'to a friend'
  157. $_POST["forwardmessage"] = stripslashes($_POST["forwardmessage"]);
  158. $_POST["textmessage"] = stripslashes($_POST["textmessage"]);
  159. $_POST["footer"] = stripslashes($_POST["footer"]);
  160. #0013076: different content when forwarding 'to a friend'
  161. $_POST["forwardfooter"] = stripslashes($_POST["forwardfooter"]);
  162. #}
  163. #input checking#######################
  164. $duplicate_attribute = 0;
  165. # check the criterias, one attribute can only exist once
  166. if ($send) {
  167. $used_attributes = array();
  168. for ($i=1;$i<=NUMCRITERIAS;$i++) {
  169. if (isset($_POST["use"][$i])) {
  170. $attribute = $_POST["criteria"][$i];
  171. if (!in_array($attribute,$used_attributes))
  172. array_push($used_attributes,$attribute);
  173. else
  174. $duplicate_attribute = 1;
  175. }
  176. }
  177. }
  178. if (!isset($id)) { $id = $_POST["id"]; }; // Pull in the id value from the post if it wasnt in the get
  179. #if ($_POST["htmlformatted"] == "auto")
  180. $htmlformatted = strip_tags($_POST["message"]) != $_POST["message"];
  181. #else
  182. # $htmlformatted = $_POST["htmlformatted"];
  183. # sanitise the header fields, what else do we need to check on?
  184. if (preg_match("/\n|\r/",$_POST["from"])) {
  185. $from = "";
  186. } else {
  187. $from = $_POST["from"];
  188. }
  189. if (preg_match("/\n|\r/",$_POST["msgsubject"])) {
  190. $subject = "";
  191. } else {
  192. $subject = $_POST["msgsubject"];
  193. }
  194. if (preg_match("/\n|\r/",$_POST["forwardsubject"])) {
  195. $forwardsubject = "";
  196. } else {
  197. $forwardsubject = $_POST["forwardsubject"];
  198. }
  199. if (preg_match("/\n|\r/",$_POST["forwardmessage"])) {
  200. $forwardmessage = "";
  201. } else {
  202. $forwardmessage = $_POST["forwardmessage"];
  203. }
  204. if (preg_match("/\n|\r/",$_POST["forwardfooter"])) {
  205. $forwardfooter = "";
  206. } else {
  207. $forwardfooter = $_POST["forwardfooter"];
  208. }
  209. $message = $_POST["message"];
  210. // If the variable isn't filled in, then the input fields don't default to the
  211. // values selected. Need to fill it in so a post will correctly display.
  212. if ((isset($_POST['year']) && is_array($_POST["year"])) || $_POST["embargo"] || $_POST["embargo"] == "0000-00-00 00:00:00") {
  213. $_POST["embargo"] = $embargo->getDate() ." ".$embargo->getTime().':00';
  214. }
  215. if ((isset($_POST['year']) && is_array($_POST["year"])) || !$_POST["repeatuntil"] || $_POST["repeatuntil"] == "0000-00-00 00:00:00") {
  216. $_POST["repeatuntil"] = $repeatuntil->getDate() ." ".$repeatuntil->getTime().':00';
  217. }
  218. if (!isset($_SESSION["fckeditor_height"])) {
  219. $_SESSION["fckeditor_height"] = getConfig("fckeditor_height");
  220. }
  221. if (isset($_POST['expand']) && $_POST["expand"]) {
  222. // request to expand editor area
  223. // $defaultheight = getConfig("fckeditor_height");
  224. // SaveConfig("fckeditor_height",$curheight+100,1);
  225. $_SESSION["fckeditor_height"] += 100;
  226. }
  227. if (isset($_REQUEST['prepare'])) {
  228. $prepare = $_REQUEST['prepare'];
  229. } else {
  230. $prepare = '';
  231. }
  232. #actions and store in database#######################
  233. if ($send || $sendtest || $prepare || $save) {
  234. if ($save || $sendtest) {
  235. // We're just saving, not sending.
  236. if (!isset($_POST['status']) || $_POST["status"] == "") {
  237. // No status - move to draft state
  238. $status = "draft";
  239. } else {
  240. // Keep the status the same
  241. $status = $_POST["status"];
  242. }
  243. } elseif ($send) {
  244. // We're sending - change state to "send-it" status!
  245. if (is_array($_POST["targetlist"]) && sizeof($_POST["targetlist"]) && $subject && $from && $message && !$duplicate_attribute) {
  246. $status = "submitted";
  247. } else {
  248. if (USE_PREPARE) {
  249. $status = "prepared";
  250. } else {
  251. $status = "draft";
  252. }
  253. }
  254. }
  255. if (ENABLE_RSS && $_POST["rsstemplate"]) {
  256. # mark previous RSS templates with this frequency and owner as sent
  257. # this should actually be much more complex than this:
  258. # templates should be allowed by list and therefore a subset of lists, but
  259. # for now we leave it like this
  260. # the trouble is that this may duplicate RSS messages to users, because
  261. # it can cause multiple template for lists. The user_rss should handle that, but it is
  262. # not guaranteed which message will be used.
  263. # Sql_Query(sprintf('update %s set status = "sent" where rsstemplate = "%s" and owner = %d',
  264. # $tables["message"],$_POST["rsstemplate"],$_SESSION["logindetails"]["id"]));
  265. # with RSS message we enforce repeat
  266. switch ($_POST["rsstemplate"]) {
  267. case "weekly": $_POST["repeatinterval"] = 10080; break;
  268. case "monthly": $_POST["repeatinterval"] = 40320; break;
  269. case "daily":
  270. default: $_POST["repeatinterval"] = 1440; break;
  271. }
  272. $_POST["repeatuntil"] = date("Y-m-d H:i:00",mktime(0,0,0,date("m"),date("d"),date("Y")+1));
  273. }
  274. if (!$htmlformatted && strip_tags($_POST["message"]) != $_POST["message"])
  275. $errormsg = '<span class="error">'.$GLOBALS['I18N']->get("htmlusedwarning").'</span>';
  276. $query = sprintf('update %s set '.
  277. 'subject = "%s", '.
  278. 'fromfield = "%s", '.
  279. 'tofield = "%s", '.
  280. 'replyto = "%s", '.
  281. 'embargo = "%s", '.
  282. 'repeatinterval = %d, '.
  283. 'repeatuntil = "%s", '.
  284. 'message = "%s", '.
  285. 'textmessage = "%s", '.
  286. 'footer = "%s", '.
  287. 'status = "%s", '.
  288. 'htmlformatted = %d, '.
  289. 'sendformat = "%s", '.
  290. 'template = %d, '.
  291. 'rsstemplate = "%s" '.
  292. 'where id = %d',
  293. $tables["message"],
  294. addslashes($subject),
  295. addslashes($from),
  296. addslashes($_POST["tofield"]),
  297. addslashes($_POST["replyto"]),
  298. $_POST["embargo"],
  299. $_POST["repeatinterval"],
  300. $_POST["repeatuntil"],
  301. addslashes($_POST["message"]),
  302. addslashes($_POST["textmessage"]),
  303. addslashes($_POST["footer"]),
  304. $status,
  305. $htmlformatted,
  306. $_POST["sendformat"],
  307. $_POST["template"],
  308. $_POST["rsstemplate"],
  309. $id);
  310. # print $query;
  311. $result = Sql_query($query);
  312. $messageid = $id;
  313. # print "Message ID: $id";
  314. # exit;
  315. if (!$GLOBALS["has_pear_http_request"] && preg_match("/\[URL:/i",$_POST["message"])) {
  316. print Warn($GLOBALS['I18N']->get('warnnopearhttprequest'));
  317. }
  318. // More "Insert only" stuff here (no need to change it on an edit!)
  319. if (isset($_POST["targetlist"]) && is_array($_POST["targetlist"])) {
  320. Sql_query("delete from {$tables["listmessage"]} where messageid = $messageid");
  321. if ( (isset($_POST["targetlist"]["all"]) && $_POST["targetlist"]["all"] == "on") ||
  322. (isset($_POST["targetlist"]["allactive"]) && $_POST["targetlist"]["allactive"] == "on")
  323. )
  324. {
  325. $res = Sql_query("select * from $tables[list] $subselect");
  326. while($row = Sql_fetch_array($res)) {
  327. $listid = $row["id"];
  328. if ($row["active"] || $_POST["targetlist"]["all"] == "on") {
  329. $result = Sql_query("insert ignore into $tables[listmessage] (messageid,listid,entered) values($messageid,$listid,now())");
  330. }
  331. }
  332. } else {
  333. foreach($_POST["targetlist"] as $listid => $val) {
  334. $result = Sql_query("insert ignore into $tables[listmessage] (messageid,listid,entered) values($messageid,$listid,now())");
  335. }
  336. }
  337. } else {
  338. # mark this message as listmessage for list 0
  339. $result = Sql_query("insert ignore into $tables[listmessage] (messageid,listid,entered) values($messageid,0,now())");
  340. }
  341. if (USE_LIST_EXCLUDE) {
  342. if (isset($_POST["excludelist"]) && is_array($_POST["excludelist"])) {
  343. $exclude = join(",",$_POST["excludelist"]);
  344. Sql_Query(sprintf('replace into %s (name,id,data) values("excludelist",%d,"%s")',$tables["messagedata"],$messageid,$exclude));
  345. } else {
  346. Sql_Query(sprintf('replace into %s (name,id,data) values("excludelist",%d,"%s")',$tables["messagedata"],$messageid,0));
  347. }
  348. }
  349. #0013076: different content when forwarding 'to a friend'
  350. if (FORWARD_ALTERNATIVE_CONTENT && $_GET['tab'] == 'Forward') {
  351. foreach( array('forwardsubject', 'forwardmessage', 'forwardfooter') as $var) {
  352. Sql_Query(sprintf('replace into %s (name,id,data) values("%s",%d,"%s")',
  353. $tables["messagedata"], $var, $messageid, addslashes($_REQUEST[$var])));
  354. }
  355. }
  356. # we want to create a join on tables as follows, in order to find users who have their attributes to the values chosen
  357. # (independent of their list membership).
  358. # select
  359. # table1.userid from user_attribute as table1
  360. # left join user_attribute as table2 on table1.userid = table2.userid
  361. # left join user_attribute as table3 on table1.userid = table3.userid
  362. # ...
  363. # where
  364. # table1.attributeid = 2 and table1.value in (1,2,3,4)
  365. # and table2.attributeid = 1 and table2.value in (3,15)
  366. # and table3.attributeid = 3 and table3.value in (4,5,6)
  367. # ...
  368. # check the criterias, create the selection query
  369. $used_tables = array();
  370. for ($i=1;$i<=NUMCRITERIAS;$i++) {
  371. if (isset($_POST["use"][$i])) {
  372. $attribute = $_POST["criteria"][$i];
  373. $type = $_POST["attrtype"][$attribute];
  374. switch($type) {
  375. case "checkboxgroup":
  376. $values = "attr$attribute$i";
  377. $or_clause = '';
  378. if (isset($where_clause)) {
  379. $where_clause .= " and ";
  380. $select_clause .= " left join $tables[user_attribute] as table$i on table$first.userid = table$i.userid ";
  381. } else {
  382. $select_clause = "table$i.userid from $tables[user_attribute] as table$i ";
  383. $first = $i;
  384. }
  385. $where_clause .= "table$i.attributeid = $attribute and (";
  386. if (is_array($_POST[$values])) {
  387. foreach ($_POST[$values] as $val) {
  388. if ($or_clause != '') {
  389. $or_clause .= " or ";
  390. }
  391. $or_clause .= "find_in_set('$val',table$i.value) > 0";
  392. }
  393. }
  394. $where_clause .= $or_clause . ")";
  395. break;
  396. case "checkbox":
  397. $values = "attr$attribute$i";
  398. $value = $_POST[$values][0];
  399. if (isset($where_clause)) {
  400. $where_clause .= " and ";
  401. $select_clause .= " left join $tables[user_attribute] as table$i on table$first.userid = table$i.userid ";
  402. } else {
  403. $select_clause = "table$i.userid from $tables[user_attribute] as table$i ";
  404. $first = $i;
  405. }
  406. $where_clause .= "table$i.attributeid = $attribute and ";
  407. if ($value) {
  408. $where_clause .= "( length(table$i.value) and table$i.value != \"off\" and table$i.value != \"0\") ";
  409. } else {
  410. $where_clause .= "( table$i.value = \"\" or table$i.value = \"0\" or table$i.value = \"off\") ";
  411. }
  412. break;
  413. default:
  414. $values = "attr$attribute$i";
  415. if (isset($where_clause)) {
  416. $where_clause .= " and ";
  417. $select_clause .= " left join $tables[user_attribute] as table$i on table$first.userid = table$i.userid ";
  418. } else {
  419. $select_clause = "table$i.userid from $tables[user_attribute] as table$i ";
  420. $first = $i;
  421. }
  422. $where_clause .= "table$i.attributeid = $attribute and table$i.value in (";
  423. $list = array();
  424. if (is_array($_POST[$values])) {
  425. while (list($key,$val) = each ($_POST[$values]))
  426. array_push($list,$val);
  427. }
  428. $where_clause .= join(", ",$list) . ")";
  429. }
  430. }
  431. }
  432. # if no selection was made, use all
  433. if (!isset($where_clause)) {
  434. $count_query = "";
  435. # $count_query = addslashes("select distinct userid from $tables[user_attribute]");
  436. } else {
  437. $count_query = addslashes("select $select_clause where $where_clause");
  438. Sql_query("update $tables[message] set userselection = \"$count_query\" where id = $messageid");
  439. }
  440. # commented, because this could take too long
  441. # Sql_Query($count_query);
  442. # $num = Sql_Affected_rows();
  443. # new criteria system, add one by one:
  444. if (isset($_POST["criteria_attribute"]) && $_POST["criteria_attribute"]) {
  445. $operator = $_POST["criteria_operator"];
  446. if (is_array($_POST["criteria_values"])) {
  447. $values = join(", ",$_POST["criteria_values"]);
  448. $values = cleanCommaList($values);
  449. } else {
  450. $values = $_POST["criteria_values"];
  451. }
  452. foreach ($_POST["attribute_names"] as $key => $val) {
  453. $att_names[$key] = $val;
  454. }
  455. $newcriterion = array(
  456. "attribute" => sprintf('%d',$_POST["criteria_attribute"]),
  457. "attribute_name" => $att_names[$_POST["criteria_attribute"]],
  458. "operator" => $operator,
  459. "values" => $values,
  460. );
  461. # find out what number we are
  462. $numarr = Sql_Fetch_Row_Query(sprintf('select data from %s where id = %d and name = "numcriteria"',
  463. $tables["messagedata"],$messageid));
  464. $num = sprintf('%d',$numarr[0]+1);
  465. # store this one
  466. # print $att_names[$_POST["criteria_attribute"]];
  467. # print $_POST["attribute_names[".$_POST["criteria_attribute"]."]"];
  468. print "<p>".$GLOBALS['I18N']->get("adding")." ".$newcriterion["attribute_name"]." ".$newcriterion["operator"]." ".$newcriterion["values"]."</p>";
  469. Sql_Query(sprintf('insert into %s (name,id,data) values("criterion%d",%d,"%s")',
  470. $tables["messagedata"],$num,$messageid,delimited($newcriterion)));
  471. # increase number
  472. Sql_Query(sprintf('replace into %s (name,id,data) values("numcriteria",%d,"%s")',
  473. $tables["messagedata"],$messageid,$num));
  474. # save overall operator
  475. }
  476. if (isset($_POST["criteria_match"])) {
  477. Sql_Query(sprintf('replace into %s (name,id,data) values("criteria_overall_operator",%d,"%s")',
  478. $tables["messagedata"],$messageid,$_POST["criteria_match"]));
  479. }
  480. if (isset($_POST['notify_start']) && $_POST['notify_start']) {
  481. Sql_Query(sprintf('replace into %s set name = "notify_start",id = %d,data = "%s"',
  482. $GLOBALS['tables']['messagedata'],$id,$_POST['notify_start']));
  483. }
  484. if (isset($_POST['notify_end']) && $_POST['notify_end']) {
  485. Sql_Query(sprintf('replace into %s set name = "notify_end",id = %d,data = "%s"',
  486. $GLOBALS['tables']['messagedata'],$id,$_POST['notify_end']));
  487. }
  488. if (ALLOW_ATTACHMENTS && isset($_FILES) && is_array($_FILES) && sizeof($_FILES) > 0) {
  489. for ($att_cnt = 1;$att_cnt <= NUMATTACHMENTS;$att_cnt++) {
  490. $fieldname = "attachment".$att_cnt;
  491. $tmpfile = $_FILES[$fieldname]['tmp_name'];
  492. $remotename = $_FILES[$fieldname]["name"];
  493. $type = $_FILES[$fieldname]["type"];
  494. $newtmpfile = $remotename.time();
  495. move_uploaded_file($tmpfile, $GLOBALS['tmpdir'].'/'. $newtmpfile);
  496. if (is_file($GLOBALS['tmpdir'].'/'.$newtmpfile) && filesize($GLOBALS['tmpdir'].'/'.$newtmpfile)) {
  497. $tmpfile = $GLOBALS['tmpdir'].'/'.$newtmpfile;
  498. }
  499. if (strlen($_POST[$type]) > 255)
  500. print Warn($GLOBALS['I18N']->get("longmimetype"));
  501. $description = $_POST[$fieldname."_description"];
  502. if ($tmpfile && filesize($tmpfile) && $tmpfile != "none") {
  503. list($name,$ext) = explode(".",basename($remotename));
  504. # create a temporary file to make sure to use a unique file name to store with
  505. $newfile = tempnam($GLOBALS["attachment_repository"],$name);
  506. $newfile .= ".".$ext;
  507. $newfile = basename($newfile);
  508. $file_size = filesize($tmpfile);
  509. $fd = fopen( $tmpfile, "r" );
  510. $contents = fread( $fd, filesize( $tmpfile ) );
  511. fclose( $fd );
  512. if ($file_size) {
  513. # this may seem odd, but it allows for a remote (ftp) repository
  514. # also, "copy" does not work across filesystems
  515. $fd = fopen($GLOBALS["attachment_repository"]."/".$newfile, "w" );
  516. fwrite( $fd, $contents );
  517. fclose( $fd );
  518. Sql_query(sprintf('insert into %s (filename,remotefile,mimetype,description,size) values("%s","%s","%s","%s",%d)',
  519. $tables["attachment"],
  520. basename($newfile),$remotename,$type,$description,$file_size)
  521. );
  522. $attachmentid = Sql_Insert_id();
  523. Sql_query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)',
  524. $tables["message_attachment"],$messageid,$attachmentid));
  525. if (is_file($tmpfile)) {
  526. unlink($tmpfile);
  527. }
  528. # do a final check
  529. if (filesize($GLOBALS["attachment_repository"]."/".$newfile))
  530. print Info($GLOBALS['I18N']->get("addingattachment")." ".$att_cnt . " .. ok");
  531. else
  532. print Info($GLOBALS['I18N']->get("addingattachment")." ".$att_cnt." .. failed");
  533. } else {
  534. print Warn($GLOBALS['I18N']->get("uploadfailed"));
  535. }
  536. } elseif ($_POST["localattachment".$att_cnt]) {
  537. $type = findMime(basename($_POST["localattachment".$att_cnt]));
  538. Sql_query(sprintf('insert into %s (remotefile,mimetype,description,size) values("%s","%s","%s",%d)',
  539. $tables["attachment"],
  540. $_POST["localattachment".$att_cnt],$type,$description,filesize($_POST["localattachment".$att_cnt]))
  541. );
  542. $attachmentid = Sql_Insert_id();
  543. Sql_query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)',
  544. $tables["message_attachment"],$messageid,$attachmentid));
  545. print Info($GLOBALS['I18N']->get("addingattachment")." ".$att_cnt. " mime: $type");
  546. }
  547. }
  548. }
  549. if ($_POST["id"]) {
  550. print "<h3>".$GLOBALS['I18N']->get("saved")."</H3><br/>";
  551. } else {
  552. $id = $messageid; // New ID - need to set it for later use (test email).
  553. print "<h3>".$GLOBALS['I18N']->get("added")."</H3><br/>";
  554. }
  555. // If we're sending the message, just return now to the calling script
  556. # we only need to check that everything is there, once we actually want to send
  557. if ($send && $subject && $from && $message && !$duplicate_atribute && sizeof($_POST["targetlist"])) {
  558. if ($status == "submitted") {
  559. print "<h3>".$GLOBALS['I18N']->get("queued")."</h3>";
  560. print '<p>'.PageLink2("processqueue",$GLOBALS['I18N']->get("processqueue")).'</p>';
  561. }
  562. $done = 1;
  563. return;
  564. } elseif ($send || $sendtest) {
  565. $errormessage = "";
  566. if ($subject != stripslashes($_POST["subject"])) {
  567. $errormessage = $GLOBALS['I18N']->get("errorsubject");
  568. } elseif ($from != $_POST["from"]) {
  569. $errormessage = $GLOBALS['I18N']->get("errorfrom");
  570. } elseif (!$from) {
  571. $errormessage = $GLOBALS['I18N']->get("enterfrom");
  572. } elseif (!$message) {
  573. $errormessage = $GLOBALS['I18N']->get("entermessage");
  574. } elseif (!$subject) {
  575. $errormessage = $GLOBALS['I18N']->get("entersubject");
  576. } elseif ($duplicate_attribute) {
  577. $errormessage = $GLOBALS['I18N']->get("duplicateattribute");
  578. } elseif ($send && !is_array($_POST["targetlist"])) {
  579. $errormessage = $GLOBALS['I18N']->get("selectlist");
  580. }
  581. echo "<font color=red size=+2>$errormessage</font><br>\n";
  582. }
  583. // OK, the message has been saved, now check to see if we need to send a test message
  584. if ($sendtest) {
  585. echo "<HR>";
  586. // Let's send test messages to everyone that was specified in the
  587. if ($_POST["testtarget"] == "") {
  588. print "<font color=red size=+2>".$GLOBALS['I18N']->get("notargetemail")."</font><br>";
  589. }
  590. if (isset($cached))
  591. unset($cached[$id]);
  592. include "sendemaillib.php";
  593. // OK, let's get to sending!
  594. $emailaddresses = split('[/,,/;]', $_POST["testtarget"]);
  595. foreach ($emailaddresses as $address) {
  596. $address = trim($address);
  597. $result = Sql_query(sprintf('select id,email,uniqid,htmlemail,rssfrequency,confirmed from %s where email = "%s"',$tables["user"],$address));
  598. if ($user = Sql_fetch_array($result)) {
  599. if ( FORWARD_ALTERNATIVE_CONTENT && $_GET['tab'] == 'Forward') {
  600. if (SEND_ONE_TESTMAIL) {
  601. $success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail'], array(), array($address) );
  602. } else {
  603. $success = sendEmail($id, $address, $user["uniqid"], 1, array(), array($address) ) && sendEmail($id, $address, $user["uniqid"], 0, array(), array($address));
  604. }
  605. } else {
  606. if (SEND_ONE_TESTMAIL) {
  607. $success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail']);
  608. } else {
  609. $success = sendEmail($id, $address, $user["uniqid"], 1) && sendEmail($id, $address, $user["uniqid"], 0);
  610. }
  611. }
  612. print $GLOBALS['I18N']->get("sentemailto").": $address ";
  613. if (!$success) {
  614. print $GLOBALS['I18N']->get('failed');
  615. } else {
  616. print $GLOBALS['I18N']->get('success');
  617. }
  618. print '<br/>';
  619. } else {
  620. print "<font color=red>".$GLOBALS['I18N']->get("emailnotfound").": $address</font><br>";
  621. }
  622. }
  623. echo "<HR>";
  624. }
  625. } elseif (isset($_POST["deleteattachments"]) && is_array($_POST["deleteattachments"]) && $id) {
  626. if (ALLOW_ATTACHMENTS) {
  627. // Delete Attachment button hit...
  628. $deleteattachments = $_POST["deleteattachments"];
  629. foreach($deleteattachments as $attid)
  630. {
  631. $result = Sql_Query(sprintf("Delete from %s where id = %d and messageid = %d",
  632. $tables["message_attachment"],
  633. $attid,
  634. $id));
  635. print Info($GLOBALS['I18N']->get("removedattachment")." ".$att_cnt);
  636. // NOTE THAT THIS DOESN'T ACTUALLY DELETE THE ATTACHMENT FROM THE DATABASE, OR
  637. // FROM THE FILE SYSTEM - IT ONLY REMOVES THE MESSAGE / ATTACHMENT LINK. THIS
  638. // SHOULD PROBABLY BE CORRECTED, BUT I (Pete Ness) AM NOT SURE WHAT OTHER IMPACTS
  639. // THIS MAY HAVE.
  640. // (My thoughts on this are to check for any orphaned attachment records and if
  641. // there are any, to remove it from the disk and then delete it from the database).
  642. }
  643. }
  644. }
  645. # load all message data
  646. $messagedata = loadMessageData($id);
  647. #0013076: different content when forwarding 'to a friend'
  648. if (FORWARD_ALTERNATIVE_CONTENT) {
  649. foreach( array('forwardsubject', 'forwardmessage', 'forwardfooter') as $var) {
  650. if (isset($_REQUEST[$var])) {
  651. ${$var} = stripslashes($_REQUEST[$var]);
  652. } else {
  653. ${$var} = stripslashes($messagedata[$var]);
  654. }
  655. }
  656. if (!$forwardfooter)
  657. $forwardfooter = getConfig("forwardfooter");
  658. }
  659. ##############################
  660. # Stacked attributes, processing and calculation
  661. ##############################
  662. if (STACKED_ATTRIBUTE_SELECTION) {
  663. # read criteria and parse it into a user query
  664. $num = sprintf('%d',isset($messagedata['numcriteria']) ? $messagedata['numcriteria']: 0);
  665. # print '<br/>'.$num . " criteria already defined";
  666. $ls = new WebblerListing($GLOBALS['I18N']->get("existingcriteria"));
  667. $used_attributes = array();
  668. $delete_base = sprintf('%s&amp;id=%d&amp;tab=%s',$_GET["page"],$_GET["id"],$_GET["tab"]);
  669. $tc = 0; # table counter
  670. if (!isset($messagedata['criteria_overall_operator'])) {
  671. $messagedata['criteria_overall_operator'] = '';
  672. }
  673. $mainoperator = $messagedata['criteria_overall_operator'] == "all"? ' and ':' or ';
  674. $subqueries = array();
  675. for ($i = 1; $i<=$num;$i++) {
  676. $crit_data = parseDelimitedData($messagedata[sprintf('criterion%d',$i)]);
  677. if ($crit_data["attribute"]) {
  678. array_push($used_attributes,$crit_data["attribute"]);
  679. $ls->addElement('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"]);
  680. $ls->addColumn('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"],$GLOBALS['I18N']->get('operator'),$GLOBALS['I18N']->get($crit_data["operator"]));
  681. $ls->addColumn('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"],$GLOBALS['I18N']->get('values'),$crit_data["values"]);
  682. $ls->addColumn('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"],$GLOBALS['I18N']->get('remove'),PageLink2($delete_base."&amp;deleterule=".$i,$GLOBALS['I18N']->get("remove")));
  683. if (isset($_POST["criteria"][$i])) {
  684. $attribute = $_POST["criteria"][$i];
  685. } else {
  686. $attribute = '';
  687. }
  688. ## fix 6063
  689. # $crit_data["values"] = str_replace(" ,", "",$crit_data["values"]);
  690. $crit_data['values'] = cleanCommaList($crit_data["values"]);
  691. # hmm, rather get is some other way, this is a bit unnecessary
  692. $type = Sql_Fetch_Row_Query("select type from {$tables["attribute"]} where id = ".$crit_data["attribute"]);
  693. $operator = $where_clause = $select_clause = "";
  694. switch($type[0]) {
  695. case "checkboxgroup":
  696. $or_clause = '';
  697. if ($tc) {
  698. $where_clause .= " $mainoperator ";
  699. $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid ";
  700. } else {
  701. $select_clause = "table$tc.userid from $tables[user_attribute] as table$tc ";
  702. }
  703. $where_clause .= " ( table$tc.attributeid = ".$crit_data["attribute"]." and (";
  704. if ($crit_data["operator"] == "is") {
  705. $operator = ' or ';
  706. $compare = ' > ';
  707. } else {
  708. $operator = ' and ';
  709. $compare = ' < ';
  710. }
  711. foreach (explode(",",$crit_data["values"]) as $val) {
  712. if ($or_clause != '') {
  713. $or_clause .= " $operator ";
  714. }
  715. $or_clause .= "find_in_set('$val',table$tc.value) $compare 0";
  716. }
  717. $where_clause .= $or_clause . ") ) ";
  718. $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
  719. and ( %s )',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$or_clause);
  720. break;
  721. case "checkbox":
  722. $value = $crit_data["values"][0];
  723. if ($tc) {
  724. $where_clause .= " $mainoperator ";
  725. $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid ";
  726. } else {
  727. $select_clause = "table$tc.userid from $tables[user_attribute] as table$tc";
  728. }
  729. $where_clause .= " ( table$tc.attributeid = ".$crit_data["attribute"]." and ";
  730. if ($crit_data["operator"] == "isnot") {
  731. $where_clause .= ' not ';
  732. }
  733. $valueselect = '';
  734. if ($value) {
  735. $valueselect = " length(table$tc.value) and table$tc.value != \"off\" and table$tc.value != \"0\" ";
  736. } else {
  737. $valueselect = " table$tc.value = \"\" or table$tc.value = \"0\" or table$tc.value = \"off\" ";
  738. }
  739. $where_clause .= '( '.$valueselect . ') ) ';
  740. $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d
  741. and ( %s )',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$valueselect);
  742. break;
  743. case "date":
  744. $date_value = parseDate($crit_data["values"]);
  745. if (!$date_value) {
  746. break;
  747. }
  748. if (isset($where_clause)) {
  749. $where_clause .= " $mainoperator ";
  750. $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid ";
  751. } else {
  752. $select_clause = " table$tc.userid from $tables[user_attribute] as table$tc ";
  753. }
  754. $where_clause .= ' ( table'.$tc.'.attributeid = '.$crit_data["attribute"].' and table'.$tc.'.value != "" and table'.$tc.'.value ';
  755. $dateoperator = '';
  756. switch ($crit_data["operator"]) {
  757. case "is":
  758. $where_clause .= ' = "'.$date_value . '" )';$dateoperator = '=';break;
  759. case "isnot":
  760. $where_clause .= ' != "'.$date_value . '" )';$dateoperator = '!=';break;
  761. case "isbefore":
  762. $where_clause .= ' <= "'.$date_value . '" )';$dateoperator = '<=';break;
  763. case "isafter":
  764. $where_clause .= ' >= "'.$date_value . '" )';$dateoperator = '>=';break;
  765. }
  766. # $where_clause .= " )";
  767. $subqueries[$i]['query'] = sprintf('select userid from %s where attributeid = %d and value != "" and value %s "%s" ',$GLOBALS['tables']['user_attribute'],
  768. $crit_data['attribute'],
  769. $dateoperator,
  770. $date_value);
  771. break;
  772. default:
  773. if (isset($where_clause)) {
  774. $where_clause .= " $mainoperator ";
  775. $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid ";
  776. } else {
  777. $select_clause = " table$tc.userid from $tables[user_attribute] as table$tc ";
  778. }
  779. $where_clause .= " ( table$tc.attributeid = ".$crit_data["attribute"]." and table$tc.value ";
  780. if ($crit_data["operator"] == "isnot") {
  781. $where_clause .= ' not in (';
  782. } else {
  783. $where_clause .= ' in (';
  784. }
  785. $where_clause .= cleanCommaList($crit_data["values"]) . ") )";
  786. $subqueries[$i]['query'] = sprintf('select userid from %s
  787. where attributeid = %d and
  788. value %s in (%s) ',$GLOBALS['tables']['user_attribute'],
  789. $crit_data['attribute'],
  790. $crit_data["operator"] == "isnot" ? 'not' :'',
  791. $crit_data["values"]);
  792. }
  793. $tc++;
  794. }
  795. }
  796. $existing_criteria = '';
  797. if (sizeof($subqueries)) {
  798. # $count_query = "select distinct $select_clause where $where_clause";
  799. # $count_query = addslashes($count_query);
  800. if (!empty($_GET["calculate"])) {
  801. ob_end_flush();
  802. # print "<h1>$count_query</h1>";
  803. print "<p>".$GLOBALS['I18N']->get("calculating")." ...";
  804. flush();
  805. }
  806. foreach ($subqueries as $qid => $querydetails) {
  807. $req = Sql_Query($querydetails['query']);
  808. $subqueries[$qid]['results'] = array();
  809. while ($row = Sql_Fetch_Row($req)) {
  810. array_push($subqueries[$qid]['results'],$row[0]);
  811. }
  812. }
  813. $first = array_shift($subqueries);
  814. $userids = $first['results'];
  815. foreach ($subqueries as $subquery) {
  816. if ($messagedata['criteria_overall_operator'] == 'all') {
  817. $userids = array_intersect($userids,$subquery['results']);
  818. } else {
  819. $userids = array_merge($userids,$subquery['results']);
  820. }
  821. }
  822. $userids = array_unique($userids);
  823. $num_users = sizeof($userids);
  824. $count_query = sprintf('select * from %s where id in (%s)',$GLOBALS['tables']['user'],join(', ',$userids));
  825. if (!empty($_GET["calculate"])) {
  826. printf('.. '.$GLOBALS['I18N']->get('%d users apply'),$num_users).'</p>';
  827. }
  828. if ($messageid) {
  829. Sql_query(sprintf('update %s set userselection = "%s" where id = %d',
  830. $tables["message"],addslashes($count_query),$messageid));
  831. }
  832. if (!isset($_GET['calculate'])) {
  833. $ls->addButton($GLOBALS['I18N']->get("calculate"),$baseurl.'&amp;tab='.$_GET["tab"].'&amp;calculate=1');
  834. } else {
  835. $ls->addButton($GLOBALS['I18N']->get("reload"),$baseurl.'&amp;tab='.$_GET["tab"]);
  836. }
  837. $existing_criteria = $ls->display();
  838. } else {
  839. if ($messageid) {
  840. Sql_query(sprintf('update %s set userselection = "" where id = %d',
  841. $tables["message"],$messageid));
  842. }
  843. }
  844. } // end of define STACKED_ATTRIBUTES
  845. ##############################
  846. # Stacked attributes, end
  847. ##############################
  848. // Pull in $footer variable from post
  849. if (isset($_POST["footer"]))
  850. $footer = $_POST["footer"];
  851. // If $id wasn't passed in (if it was passed, then $_POST should have
  852. // the database value in it already, and if it's empty, then we should
  853. // leave it empty) and $footer is blank, load the default.
  854. if (!$footer)
  855. $footer = getConfig("messagefooter");
  856. echo $errormsg;
  857. if (!$done) {
  858. if (ALLOW_ATTACHMENTS) {
  859. $enctype = 'enctype="multipart/form-data"';
  860. } else {
  861. $enctype = '';
  862. }
  863. #$baseurl = sprintf('./?page=%s&amp;id=%d',$_GET["page"],$_GET["id"]);
  864. if ($_GET["id"]) {
  865. $tabs = new WebblerTabs();
  866. $tabs->addTab($GLOBALS['I18N']->get("Content"),"$baseurl&amp;tab=Content");
  867. if (FORWARD_ALTERNATIVE_CONTENT) {
  868. $tabs->addTab($GLOBALS['I18N']->get("Forward"),"$baseurl&amp;tab=Forward");
  869. }
  870. $tabs->addTab($GLOBALS['I18N']->get("Format"),"$baseurl&amp;tab=Format");
  871. if (ALLOW_ATTACHMENTS) {
  872. $tabs->addTab($GLOBALS['I18N']->get("Attach"),"$baseurl&amp;tab=Attach");
  873. }
  874. $tabs->addTab($GLOBALS['I18N']->get("Scheduling"),"$baseurl&amp;tab=Scheduling");
  875. # if (USE_RSS) {
  876. # $tabs->addTab("RSS","$baseurl&amp;tab=RSS");
  877. # }
  878. $tabs->addTab($GLOBALS['I18N']->get("Criteria"),"$baseurl&amp;tab=Criteria");
  879. $tabs->addTab($GLOBALS['I18N']->get("Lists"),"$baseurl&amp;tab=Lists");
  880. # $tabs->addTab("Review and Send","$baseurl&amp;tab=Review");
  881. $tabs->addTab($GLOBALS['I18N']->get("Misc"),"$baseurl&amp;tab=Misc");
  882. if ($_GET["tab"]) {
  883. $tabs->setCurrent($GLOBALS['I18N']->get($_GET["tab"]));
  884. } else {
  885. $tabs->setCurrent($GLOBALS['I18N']->get("Content"));
  886. }
  887. if (defined("WARN_SAVECHANGES")) {
  888. $tabs->addLinkCode(' onClick="return savechanges();" ');
  889. }
  890. print $tabs->display();
  891. }
  892. ?>
  893. <p></p>
  894. <script language="Javascript">
  895. // some debugging stuff to see what happens
  896. function checkForm() {
  897. return true;
  898. for (var i=0;i<document.sendmessageform.elements.length;i++) {
  899. alert(document.sendmessageform.elements[i].name+" "+document.sendmessageform.elements[i].value);
  900. }
  901. return true;
  902. }
  903. // detection of unsaved changes,
  904. var browser = navigator.appName.substring ( 0, 9 );
  905. var changed = 0; function haschanged() {changed = 1; }
  906. function savechanges() { if (changed) { if (confirm("<?php echo str_replace('"','&quot',reverse_htmlentities($GLOBALS['I18N']->get("unsavedchanges")))?>")) return true; else return false; return false;}}
  907. //'
  908. var event_number = 0;if (browser=="Microsoft") { document.onkeydown=haschanged; document.onchange=haschanged;} else if (browser=="Netscape") { document.captureEvents(Event.KEYDOWN); document.captureEvents(Event.CHANGE); document.onkeydown=haschanged;document.onchange=haschanged;}
  909. function submitform() { document.sendmessageform.submit() }
  910. </script>
  911. <?php
  912. print formStart($enctype . ' name="sendmessageform"');
  913. #print '<form method="post" enctype="multipart/form-data" name="sendmessageform" onSubmit="return checkForm()">';
  914. print '<input type=hidden name="workaround_fck_bug" value="1">';
  915. if ($_GET["page"] == "preparemessage")
  916. print Help("preparemessage",$GLOBALS['I18N']->get("whatisprepare"));
  917. if (!defined("IN_WEBBLER")) {
  918. if (!$from && is_object($GLOBALS["admin_auth"]) && $GLOBALS['require_login']) {
  919. $adminemail = $GLOBALS["admin_auth"]->adminEmail($_SESSION["logindetails"]["id"]);
  920. if ($adminemail && USE_ADMIN_DETAILS_FOR_MESSAGES) {
  921. $from = $GLOBALS["admin_auth"]->adminName($_SESSION["logindetails"]["id"]).' '.$adminemail;
  922. } else {
  923. $from = getConfig("message_from_name") . ' '.getConfig("message_from_address");
  924. }
  925. }
  926. }
  927. $formatting_content = '<table>';
  928. #0013076: different content when forwarding 'to a friend'
  929. // value="'.htmlentities($subject,ENT_QUOTES,'UTF-8').'" size=40></td></tr> --> previous code in line 1032
  930. // value="'.htmlentities($from,ENT_QUOTES,'UTF-8').'" size=40></td></tr> --> previous code in line 1038
  931. $tmp = '<table>';
  932. $maincontent = $tmp;
  933. $forwardcontent = $tmp;
  934. $scheduling_content = '<table>';
  935. // custom code - start
  936. $utf8_subject = $subject;
  937. $utf8_from = $from;
  938. if (strcasecmp($GLOBALS['strCharSet'], 'utf-8') <> 0 && function_exists('iconv')) {
  939. $utf8_subject = iconv($GLOBALS['strCharSet'],'UTF-8',$utf8_subject);
  940. $utf8_from = iconv($GLOBALS['strCharSet'],'UTF-8',$utf8_from);
  941. }
  942. $maincontent .= '
  943. <tr><td>'.Help("subject").' '.$GLOBALS['I18N']->get("Subject").':</td>
  944. <td><input type=text name="msgsubject"
  945. value="'.htmlentities($utf8_subject,ENT_QUOTES,'UTF-8').'" size=40></td></tr>
  946. <tr>
  947. <td colspan=2>
  948. </td></tr>
  949. <tr><td>'.Help("from").' '.$GLOBALS['I18N']->get("fromline").':</td>
  950. <td><input type=text name=from
  951. value="'.htmlentities($utf8_from,ENT_QUOTES,'UTF-8').'" size=40></td></tr>
  952. <tr><td colspan=2>
  953. </td></tr>';
  954. // custom code - end
  955. #0013076: different content when forwarding 'to a friend'
  956. $forwardcontent .= $GLOBALS['I18N']->get("When a user forwards to a friend," .
  957. " the friend will receive this message instead of the one on the content tab.").
  958. '<tr><td>'.Help("subject").' '.$GLOBALS['I18N']->get("Subject").':</td>
  959. <td><input type=text name="forwardsubject"
  960. value="'.htmlentities($forwardsubject,ENT_QUOTES,'UTF-8').'" size=40></td></tr>
  961. <tr>
  962. <td colspan=2>
  963. </td></tr>
  964. <td colspan=2>
  965. </td></tr>';
  966. $scheduling_content .= '
  967. <tr><td>'.Help("embargo").' '.$GLOBALS['I18N']->get("embargoeduntil").':</td>
  968. <td>'.$embargo->showInput("embargo","",$_POST["embargo"]).'</td></tr>
  969. </td></tr>';
  970. if (USE_REPETITION) {
  971. $repeatinterval = $_POST["repeatinterval"];
  972. $scheduling_content .= '
  973. <tr><td>'.Help("repetition").' '.$GLOBALS['I18N']->get("repeatevery").':</td><td>
  974. <select name="repeatinterval">
  975. <option value="0"';
  976. if ($repeatinterval == 0) { $scheduling_content .= " SELECTED"; }
  977. $scheduling_content .= '>-- '.$GLOBALS['I18N']->get("norepetition").'</option>
  978. <option value="60"';
  979. if ($repeatinterval == 60) { $scheduling_content .= " SELECTED"; }
  980. $scheduling_content .= '>'.$GLOBALS['I18N']->get("hour").'</option>
  981. <option value="1440"';
  982. if ($repeatinterval == 1440) { $scheduling_content .= " SELECTED"; }
  983. $scheduling_content .= '>'.$GLOBALS['I18N']->get("day").'</option>
  984. <option value="10080"';
  985. if ($repeatinterval == 10080) { $scheduling_content .= " SELECTED"; }
  986. $scheduling_content .= '>'.$GLOBALS['I18N']->get("week").'</option>
  987. </select>
  988. </td></tr>
  989. </td></tr>
  990. <tr><td> '.$GLOBALS['I18N']->get("repeatuntil").':</td><td>'.$repeatuntil->showInput("repeatuntil","",$_POST["repeatuntil"]).'</td></tr>
  991. </td></tr>';
  992. }
  993. /*
  994. $formatting_content .= '
  995. <tr><td colspan=2>'.Help("format").' '.$GLOBALS['I18N']->get("format").': <b>'.$GLOBALS['I18N']->get("autodetect").'</b>
  996. <input type=radio name="htmlformatted" value="auto" ';
  997. $formatting_content .= !isset($htmlformatted) || $htmlformatted == "auto"?"checked":"";
  998. $formatting_content .= '>
  999. <b>'.$GLOBALS['I18N']->get("html").'</b> <input type=radio name="htmlformatted" value="1" ';
  1000. $formatting_content .= $htmlformatted == "1" ?"checked":"";
  1001. $formatting_content .= '>
  1002. <b>'.$GLOBALS['I18N']->get("text").'</b> <input type=radio name="htmlformatted" value="0" ';
  1003. $formatting_content .= $htmlformatted == "0" ?"checked":"";
  1004. $formatting_content .= '></td></tr>';
  1005. */
  1006. $formatting_content .= '<input type=hidden name="htmlformatted" value="auto">';
  1007. $formatting_content .= '
  1008. <tr><td colspan=2>'.Help("sendformat").' '.$GLOBALS['I18N']->get("sendas").':
  1009. '.$GLOBALS['I18N']->get("html").' <input type=radio name="sendformat" value="HTML" ';
  1010. $formatting_content .= $_POST["sendformat"]=="HTML"?"checked":"";
  1011. $formatting_content .= '>
  1012. '.$GLOBALS['I18N']->get("text").' <input type=radio name="sendformat" value="text" ';
  1013. $formatting_content .= $_POST["sendformat"]=="text"?"checked":"";
  1014. $formatting_content .= '>
  1015. ';
  1016. if (USE_PDF) {
  1017. $formatting_content .= $GLOBALS['I18N']->get("pdf").' <input type=radio name="sendformat" value="PDF" ';
  1018. $formatting_content .= $_POST["sendformat"]=="PDF"?"checked":"";
  1019. $formatting_content .= '>';
  1020. }
  1021. // 0009687: Confusing use of the word "Both", indicating one email with both text and html and not two emails
  1022. // $formatting_content .= $GLOBALS['I18N']->get("textandhtml").' <input type=radio name="sendformat" value="text and HTML" ';
  1023. // $formatting_content .= $_POST["sendformat"]=="text and HTML" || !isset($_POST["sendformat"]) ?"checked":"";
  1024. // $formatting_content .= '>';
  1025. if (USE_PDF) {
  1026. $formatting_content .= $GLOBALS['I18N']->get("textandpdf").' <input type=radio name="sendformat" value="text and PDF" ';
  1027. $formatting_content .= $_POST["sendformat"]=="text and PDF" ?"checked":"";
  1028. $formatting_content .= ' >';
  1029. }
  1030. $formatting_content .= '</td></tr>';
  1031. $req = Sql_Query("select id,title from {$tables["template"]} order by listorder");
  1032. if (Sql_affected_Rows()) {
  1033. $formatting_content .= '<tr><td>'.Help("usetemplate").' '.$GLOBALS['I18N']->get("usetemplate").': </td>
  1034. <td><select name="template"><option value=0>-- '.$GLOBALS['I18N']->get("selectone").'</option>';
  1035. $req = Sql_Query("select id,title from {$tables["template"]} order by listorder");
  1036. while ($row = Sql_Fetch_Array($req)) {
  1037. $formatting_content .= sprintf('<option value="%d" %s>%s</option>',$row["id"], $row["id"]==$_POST["template"]?'SELECTED':'',$row["title"]);
  1038. }
  1039. $formatting_content .= '</select></td></tr>';
  1040. }
  1041. if (ENABLE_RSS) {
  1042. $rss_content .= '<tr><td colspan=2>'.$GLOBALS['I18N']->get("rssintro").'
  1043. </td></tr>';
  1044. $rss_content .= '<tr><td colspan=2><input type=radio name="rsstemplate" value="none">'.$GLOBALS['I18N']->get("none").' ';
  1045. foreach ($rssfrequencies as $key => $val) {
  1046. $rss_content .= sprintf('<input type=radio name="rsstemplate" value="%s" %s>%s ',$key,$_POST["rsstemplate"] == $key ? "checked":"",$val);
  1047. }
  1048. $rss_content .= '</td></tr>';
  1049. }
  1050. #0013076: different content when forwarding 'to a friend'
  1051. $tmp = '<tr><td colspan=2>'.Help("message").' '.$GLOBALS['I18N']->get("message").'. </td></tr>
  1052. <tr><td colspan=2>';
  1053. $maincontent .= $tmp;
  1054. $forwardcontent .= $tmp;
  1055. if ($usefck) {
  1056. $oFCKeditor = new FCKeditor('message') ;
  1057. $oFCKeditor->BasePath = './FCKeditor/';
  1058. //$oFCKeditor->ToolbarSet = 'Accessibility' ;
  1059. $oFCKeditor->ToolbarSet = 'Default' ;
  1060. // $oFCKeditor->Value = stripslashes($_POST["message"]);
  1061. $oFCKeditor->Value = $_POST["message"];
  1062. $w = getConfig("fckeditor_width");
  1063. $h = getConfig("fckeditor_height");
  1064. if ($_SESSION["fckeditor_height"]) {
  1065. $h = sprintf('%d',$_SESSION["fckeditor_height"]);
  1066. }
  1067. # version 1.4
  1068. # $maincontent .= $oFCKeditor->ReturnFCKeditor( 'message', $w.'px', $h.'px' ) ;
  1069. # for version 2.0
  1070. if ($h < 400) {
  1071. $h = 400;
  1072. }
  1073. $oFCKeditor->Height = $h;
  1074. $oFCKeditor->Width = $w;
  1075. $maincontent .= $oFCKeditor->CreateHtml() ;
  1076. $maincontent .= '</td></tr>';
  1077. $maincontent .= '<script language="Javascript" type="text/javascript">
  1078. function expand() {
  1079. document.sendmessageform.expand.value = 1;
  1080. document.sendmessageform.save.value = 1
  1081. document.sendmessageform.submit();
  1082. }
  1083. </script>';
  1084. $maincontent .= '<tr><td colspan=2 align=right><a href="javascript:expand();" class="button">'.$GLOBALS['I18N']->get("expand").'</a></td></tr>';
  1085. } elseif ($useTinyMCE) {
  1086. $tinyMCE_path = TINYMCEPATH;
  1087. $tinyMCE_lang = TINYMCELANG;
  1088. $tinyMCE_theme = TINYMCETHEME;
  1089. $tinyMCE_opts = TINYMCEOPTS;
  1090. $maincontent .= "<script language='javascript' type='text/javascript' src='{$tinyMCE_path}'></script>\n"
  1091. ."<script language='javascript' type='text/javascript'>\n"
  1092. ." tinyMCE.init({\n"
  1093. ." mode : 'exact',\n"
  1094. ." elements : 'message',\n"
  1095. ." language : '{$tinyMCE_lang}',\n"
  1096. ." theme : '{$tinyMCE_theme}'\n"
  1097. ." {$tinyMCE_opts}\n"
  1098. ." });\n"
  1099. ."</script>\n"
  1100. ."<textarea name='message' id='message' cols='65' rows='20'>{$_POST['message']}</textarea>";
  1101. } else {
  1102. $maincontent .= '<textarea name=message cols=65 rows=20>'.htmlspecialchars($_POST["message"]).'</textarea>';
  1103. }
  1104. #0013076: different content when forwarding 'to a friend'
  1105. $forwardcontent .= '<textarea name=forwardmessage cols=65 rows=20>'.htmlspecialchars($forwardmessage).'</textarea>';
  1106. #0013076: different content when forwarding 'to a friend'
  1107. $tmp = '
  1108. </td></tr>
  1109. ';
  1110. $maincontent .= $tmp;
  1111. $forwardcontent .= $tmp;
  1112. if (USE_MANUAL_TEXT_PART) {
  1113. $maincontent .= '<tr><td colspan=2>
  1114. '.$GLOBALS['I18N']->get("plaintextversion").'
  1115. </td></tr>
  1116. <tr><td colspan=2>
  1117. <textarea name=textmessage cols=65 rows=20>'.$_POST["textmessage"].'</textarea>
  1118. </td></tr>';
  1119. }
  1120. #0013076: different content when forwarding 'to a friend'
  1121. $maincontent .= '<tr><td colspan=2>'.$GLOBALS['I18N']->get("messagefooter").'. <br/>
  1122. '.$GLOBALS['I18N']->get("messagefooterexplanation").'<br/>'.
  1123. $GLOBALS['I18N']->get("use […

Large files files are truncated, but you can click here to view the full file