Location: PHPKode > projects > MGB OpenSource Guestbook > mgb-0.6.9.2/email.php
<?php
	/*
	MGB 0.6.x - OpenSource PHP and MySql Guestbook
	Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
	*/

	// ========= //
	// email.php //
	// ========= //
	//
	// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //

	// show all errors
	error_reporting(E_ALL & ~E_NOTICE);

	header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Datum in der Vergangenheit

	// check if MGB has been already installed or updated
	if (file_exists("includes/config.inc.php"))
		{
		require ("includes/config.inc.php");
		if(!isset($mgb_installation_complete))
			{
			echo "<span style='font-family: verdana, arial, helvetica, sans-serif; font-size: 12px; color: darkblue;'>It seems as if you haven't installed the MGB yet. You can do it
					<a href=\"install/install.php\">here</a>.<br><br> If MGB is already installed, try to copy your 'config.inc.php' from root directory into 'includes/config.inc.php'.</span>";
			die();
			}
		elseif (isset($mgb_installation_complete) AND $mgb_installation_complete == TRUE AND file_exists('install'))
			{
			echo "<center><span style='font-family: verdana, arial, helvetica, sans-serif; font-size: 12px; color: darkblue;'>If you upgraded to a newer version shortly, please run
			<a href='install/upgrade.php'>upgrade.php</a> in install directory <b>now!</b> Otherwise you might discover problems when using this software.<br>If you did a fresh install, you can ignore this message. To remove it, delete install directory. Thank you!<br><br></span></center>";			}
		}
	else
		{
		echo "<span style='font-family: verdana, arial, helvetica, sans-serif; font-size: 12px; color: darkblue;'>The config file could not be found. If you haven't installed MGB yet,
				you can do it <a href=\"install/install.php\">here</a>.<br><br>Maybe you've forgotten to run <a href=\"install/upgrade.php\">upgrade.php</a>?<br><br>
				If MGB is already installed and you ran upgrade.php try to copy your 'config.inc.php' from root directory into 'includes/config.inc.php' manually.</span>";
		die();
		}

	$site_name = "email.php";

	// load config, settings, language files and necessary templates
	require ("includes/config.inc.php");
	require ("includes/functions.inc.php");
	require ("includes/load_settings.inc.php");
	require ("language/".$settings['language_path']."/lang_main.php");
	require ("language/".$settings['language_path']."/settings.php");
	require ("includes/load_templates.inc.php");

	$captcha_generated = 0;

	// load user data
	if ($_GET['id'] == "denied")
		{
		$errorcode = 8;
		$_POST['sent'] = 1;
		}
	elseif ($_GET['id'] != "admin")
		{
		$sql = "SELECT name, email, user_show_email FROM ".$db['prefix']."entries WHERE id=".secure_value($_GET['id']);
		$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(email.php) Error, line 78: ".mysql_error());
		@mysql_select_db($db['dbname'], $link) or die ("(email.php) Error, line 79 ".mysql_error());
		$result = @mysql_query($sql, $link) or die ("(email.php) Error, line 80: ".mysql_error());

		$sendemail = @mysql_fetch_array($result);
		
		$sendemail_name = $sendemail['name'];
		$sendemail_email = $sendemail['email'];
		$sendemail_user_show_email = $sendemail['user_show_email'];
		
		if ($sendemail_user_show_email == 0) { $errorcode = 8; $_POST['sent'] = 1; }
		}
	else
		{
		$sendemail_email = $settings['admin_email'];
		$sendemail_name = $settings['admin_name'];
		}

	if (isset($_POST['sent']) AND $_POST['sent'] == 1)
		{
		// delete html, php code and white spaces
		
		if(!isset($_POST['user_sendcopytome'])) { $_POST['user_sendcopytome'] = 0; }
		if(!isset($_POST['name'])) { $_POST['name'] = NULL; }
		if(!isset($_POST['email'])) { $_POST['email'] = NULL; }
		if(!isset($_POST['message'])) { $_POST['message'] = NULL; }
		
		$_POST['name'] = cleanstr($_POST['name']);
		$_POST['email'] = cleanstr($_POST['email']);
		$_POST['message'] = cleanstr($_POST['message']);
		$_POST['user_sendcopytome'] = cleanstr($_POST['user_sendcopytome']);

		// include akismet if it exists
		if (file_exists("plugins/akismet/akismet.class.php") AND (isset($settings['akismet_api'])) AND ($settings['akismet_api'] != "") AND (isset($_POST['user_accept_akismet_service']) AND $_POST['user_accept_akismet_service'] == 1) AND ($_POST['name'] != "") AND ($_POST['email'] != "") AND ($_POST['message'] != ""))
			{
			include ("plugins/akismet/akismet.class.php");

			$akismet_author = bbcode_delete($_POST['name']);
			$akismet_email = bbcode_delete($_POST['email']);
			$akismet_website = bbcode_delete($_POST['hp']);
			$akismet_body = bbcode_delete($_POST['message']);

			// check for spam
			// Load array with comment data.
			$comment = array(
				'author' => $akismet_author,
				'email' => $akismet_email,
				'website' => $akismet_website,
				'body' => $akismet_body,
				'permalink' => 'http://'.$settings['h_domain'].$settings['gb_path'],
				'user_ip' => $_SERVER['REMOTE_ADDR'], // Optional, if not in array defaults to $_SERVER['REMOTE_ADDR'].
				'user_agent' => $_SERVER['HTTP_USER_AGENT'], // Optional, if not in array defaults to $_SERVER['HTTP_USER_AGENT'].
				);

			// Instantiate an instance of the class.
			$akismet = new Akismet('http://'.$settings['h_domain'].$settings['gb_path'], $settings['akismet_api'], $comment);

			// Test for errors.
			if($akismet->errorsExist())
				{ // Returns true if any errors exist.
				if($akismet->isError('AKISMET_INVALID_KEY'))
					{
					echo "AKISMET API KEY INVALID";
					}
				elseif($akismet->isError('AKISMET_RESPONSE_FAILED'))
					{
					echo "AKISMET RESPONSE FAILED";
					}
				elseif($akismet->isError('AKISMET_SERVER_NOT_FOUND'))
					{
					echo "AKISMET_SERVER_NOT_FOUND";
					}
				}
			else
				{
				// No errors, check for spam.
				if ($akismet->isSpam())
					{ // Returns true if Akismet thinks the comment is spam.
					// outcomment the following line if you want to know when AKISMET blocks spam.
					// mail($settings['admin_email'], "AKISMET: Spam-Eintrag erfolgreich abgewehrt.", "Soeben wurde ein Spam-Eintrag von ".$_SERVER["REMOTE_ADDR"]." mit folgendem Inhalt von AKISMET abgewehrt:\n\n".$_POST['message'], $mail_header);
					die();
					}
				}
			}

		// search for content to identify spam
		$string = bbcode_delete($_POST['message']);
		$searchstring = "Hi there, very nice homepage :-)";
		$pos = strpos($string, $searchstring);

		if ($pos !== false)
			{
			// mail($settings['admin_email'], "Spam-Eintrag erfolgreich abgewehrt.", "Soeben wurde ein Spam-Eintrag von ".$_SERVER["REMOTE_ADDR"]." mit folgendem Inhalt abgewehrt:\n\n".$_POST['message'], $mail_header);
			die();
			}
	
		// following IP adresses will be blocked. Add desired IPs to the array.
		// NOTE: the last entry has to be without a comma at the end like here:
		//
		// $string = array(
		// 'xxx.xxx.xxx.xxx',
		// 'xxx.xxx.xxx.xxx',
		// 'xxx.xxx.xxx.xxx'	 <-- see? no comma :)
		// );

	  // Array for blocked IPs
	  $blocked_ips = array(
			'xxx.xxx.xxx.xxx',
			'xxx.xxx.xxx.xxx',
			'xxx.xxx.xxx.xxx'
			);

		 foreach ($blocked_ips as $ip)
			{
			if ($_SERVER["REMOTE_ADDR"] == $ip)
				{
				// mail($settings['admin_email'], "Spam-Eintrag erfolgreich abgewehrt.", "Soeben wurde ein Spam-Eintrag von ".$_SERVER["REMOTE_ADDR"]." mit folgendem Inhalt abgewehrt:\n\n".$_POST['message'], $mail_header);
				echo "Are you a spammer? Not? Your IP was blocked. If that happened by mistake report it to the admin.";
				die();
				}
			}

		// form was sent and is ok!
		
		if (!isset($errorcode) OR $errorcode != 8)
			{
			// check if captcha is correct
		if ($settings['captcha'] == 1)
			{
			if ($settings['captcha_method'] == 0)
				{
				$sql = "SELECT `code` FROM ".$db['prefix']."captcha LIMIT 1";
				$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(email.php) Error, line 210: ".mysql_error());
				mysql_select_db($db['dbname'], $link) or die ("(email.php) Error, line 211: ".mysql_error());
				$result = mysql_query($sql, $link) or die ("(email.php) Error, line 212: ".mysql_error());

				$saved_code = @mysql_fetch_array($result);
				$captcha_code = $saved_code['code'];

				if ($captcha_code != $_POST['captcha']) { $errorcode = 7; }
				}
			elseif ($settings['captcha_method'] == 1)
				{
				$sql = "SELECT `sum` FROM ".$db['prefix']."captcha_math LIMIT 1";
				$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(email.php) Error, line 222: ".mysql_error());
				mysql_select_db($db['dbname'], $link) or die ("(email.php) Error, line 223: ".mysql_error());
				$result = mysql_query($sql, $link) or die ("(email.php) Error, line 224: ".mysql_error());

				$saved_code = @mysql_fetch_array($result);
				$captcha_code = $saved_code['sum'];

				if ($captcha_code != $_POST['captcha']) { $errorcode = 7; }
				}
			}

			// check email
			if (!check_mail($_POST['email'])) { $errorcode = 4; }

			// check necessary fields
			if (!$_POST['message']) { $errorcode = 1; }
			if (!$_POST['email']) { $errorcode = 2; }
			if (!$_POST['name']) { $errorcode = 3; }
			if ((isset($settings['akismet_plugin'])) AND ($settings['akismet_plugin'] == 1) AND $_POST['user_accept_akismet_service'] != 1) { $errorcode = 11; }

			if (!isset($errorcode))
				{
				// delete bbcode
				$_POST['name'] = bbcode_delete($_POST['name']);
				$_POST['message'] = bbcode_delete($_POST['message']);

				$_POST['message'] = nl2br($_POST['message']);
				$t1 = chr(10);
				$t2 = chr(13);
				$_POST['message'] = str_replace($t1,'', $_POST['message']);
				$_POST['message'] = str_replace($t2,'', $_POST['message']);
				
				$name = $_POST['name'];
				$email = $_POST['email'];
				$message = $_POST['message'];
				$url_to_gb = "http://".$settings['h_domain'].$settings['gb_path']."index.php";

				$date = date("d"."/"."m"."/"."Y");
				$time = date("H".":"."i");

				$mail_header = "content-type: text/plain; charset=".$charset."\n";
				$mail_header .= "from: ".$_POST['email'];

				$mail_send = mail($sendemail_email,
					format_mail(repl_uml($lang['email_caption'], $charset), $name, $date, $time, xhtmlbr2nl($message), $settings['h_domain'], $url_to_gb, "", "", "", "", "", ""),
					format_mail(repl_uml($settings['sendmail_contactmail_text'], $charset), $name, $date, $time, xhtmlbr2nl($message), $settings['h_domain'], $url_to_gb, "", "", "", "", "", ""),
					$mail_header);

				if ($mail_send)
					{
					$sendemail_successfull = 1;
					
					if ($_POST['user_sendcopytome'] == 1)
						{
						$mail_send_copy = mail($email,
							format_mail(repl_uml($lang['email_caption'], $charset), $name, $date, $time, xhtmlbr2nl($message), $settings['h_domain'], $url_to_gb, "", "", "", "", "", ""),
							format_mail(repl_uml($settings['sendmail_contactmail_text'], $charset), $name, $date, $time, xhtmlbr2nl($message), $settings['h_domain'], $url_to_gb, "", "", "", "", "", ""),
							$mail_header);

						if (!$mail_send_copy)
							{
							$errorcode = 9;
							}
						}

					// refresh site
					$refresh = "<meta http-equiv=\"refresh\" content=\"3; URL=index.php\">";
					}
				else
					{
					unset($sendemail_successfull);
					$errorcode = 9;
					$refresh = NULL;
					}
				}
			else
				{
				if ($errorcode == 1) { $errormessage = $lang['errormessage1']; }
				if ($errorcode == 2) { $errormessage = $lang['errormessage2']; }
				if ($errorcode == 3) { $errormessage = $lang['errormessage3']; }
				if ($errorcode == 4) { $errormessage = $_POST['email']."&nbsp;".$lang['errormessage4']; }
				if ($errorcode == 7) { $errormessage = $lang['errormessage7']; }
				if ($errorcode == 8) { $errormessage = $lang['errormessage8']; }
				if ($errorcode == 11) { $errormessage = $lang['errormessage11']; }

				// do not refresh site
				$refresh = NULL;

				// generate new captchacode if activated
				if (($settings['captcha'] == 1) AND ($captcha_generated != 1))
					{
					generate_captcha($settings['captcha_method']);
					$captcha = "<img src=\"includes/captcha.inc.php\" class=\"captcha\" title=\"".$lang['security_code']."\" alt=\"".$lang['security_code']."\">";
					$captcha = template("CAPTCHA_IMG", $captcha, $content_captcha);
					$captcha_generated = 1;
					}
				}
			}
		else
			{
			// user don't wants to receive emails over guestbook
			$errormessage = $lang['errormessage8'];
			$refresh = NULL;
			$sendemail_name = "-";

			// generate new captchacode if activated
			if (($settings['captcha'] == 1) AND ($captcha_generated != 1))
				{
				generate_captcha($settings['captcha_method']);
				$captcha = "<img src=\"includes/captcha.inc.php\" class=\"captcha\" title=\"".$lang['security_code']."\" alt=\"".$lang['security_code']."\">";
				$captcha = template("CAPTCHA_IMG", $captcha, $content_captcha);
				$captcha_generated = 1;
				}
			}
		}
	else
		{
		// form was not sent
		// do not refresh site
		$refresh = NULL;
		}

	// Generate Page

	// fill header template with content
	$page_header = $content_header;
	
	// check if "install" directory has been deleted
	if (file_exists("install"))
		{
		$page_header = template("INSTALL_DIRECTORY_EXISTS", "<div style=\"background-color: white; padding: 3px; border: 2px solid black; width: 500px;\"><span style=\"color: red; font-size: 12px; font-weight: bold;\">".$lang['install_directory_exists']."</span></div>", $page_header);
		}
	else
		{
		$page_header = template("INSTALL_DIRECTORY_EXISTS", "", $page_header);
		}
		
	$page_header = template("H_LANGUAGE_SHORT", $language_short, $page_header);
	$page_header = template("H_DOMAIN", $settings['h_domain'], $page_header);
	$page_header = template("H_AUTHOR", $settings['h_author'], $page_header);
	$page_header = template("H_KEYWORDS", $settings['h_keywords'], $page_header);
	$page_header = template("H_DESCRIPTION", $settings['h_description'], $page_header);
	$page_header = template("H_CHARSET", $charset, $page_header);
	$page_header = template("REFRESH", $refresh, $page_header);

	if(!isset($errorcode))
		{
		$content_errormessage = NULL;
		}

	// generate captcha image
	if(($settings['captcha'] == 1) AND ($captcha_generated != 1))
		{
		generate_captcha($settings['captcha_method']);
		$captcha = "<img src=\"includes/captcha.inc.php\" class=\"captcha\" title=\"".$lang['security_code']."\" alt=\"".$lang['security_code']."\">";
		$captcha = template("CAPTCHA_IMG", $captcha, $content_captcha);
		$captcha_generated = 1;
		}

		// insert template if akismet is acitvated
		if (file_exists("plugins/akismet/akismet.class.php") AND (isset($settings['akismet_plugin'])) AND ($settings['akismet_plugin'] == 1))
			{
			$content_email_user_accept_akismet_service = template("LANG_USER_ACCEPT_AKISMET_SERVICE", $lang['user_accept_akismet_service'], $content_email_user_accept_akismet_service);
			$user_accept_akismet_service = $content_email_user_accept_akismet_service;
			}
		else
			{
			$user_accept_akismet_service = NULL;
			}

	 // entry was not successfull or it is the first time the site is loaded
	if(!isset($sendemail_successfull))
		{
		// get data from template
		$page_email_body = $content_email_body;

		// eMail could not be sent, show errormessage
		if(isset($errorcode) AND $errorcode == 9) { $errormessage = $lang['errormessage9']; }

		// generate captchacode if activated
		if (($settings['captcha'] == 1) AND ($captcha_generated != 1))
			{
			generate_captcha($settings['captcha_method']);
			$captcha = "<img src=\"includes/captcha.inc.php\" class=\"captcha\" title=\"".$lang['security_code']."\" alt=\"".$lang['security_code']."\">";
			$captcha = template("CAPTCHA_IMG", $captcha, $content_captcha);
			$captcha_generated = 1;
			}

		// fill template with other templates if set
		$page_email_body = template("HEADER", $page_header, $page_email_body);
		$page_email_body = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_email_body);
		$page_email_body = template("TEMPLATE_CAPTCHA", $captcha, $page_email_body);
		$page_email_body = template("TEMPLATE_COPYRIGHT", $content_copyright, $page_email_body);
		$page_email_body = template("TEMPLATE_FOOTER", $content_footer, $page_email_body);
		$page_email_body = template("MGB_VERSION", $settings['version'], $page_email_body);
		$page_email_body = template("COPYRIGHT_DATE", date("Y"), $page_email_body);
		$page_email_body = template("ICONSET_PATH", $settings['iconset_path'], $page_email_body);
		$page_email_body = template("TEMPLATE_PATH", "templates/".$settings['template_path'], $page_email_body);
		$page_email_body = template("TEMPLATE_STYLE_PATH", $settings['template_style_path'], $page_email_body);
		$page_email_body = template("TEMPLATE_USER_ACCEPT_AKISMET_SERVICE", $user_accept_akismet_service, $page_email_body);

		// fill template with language and text strings
		if(!isset($errormessage)) { $errormessage = NULL; }
		$page_email_body = template("ERRORMESSAGE", $errormessage, $page_email_body);
		$page_email_body = template("TITLE", $settings['title'], $page_email_body);
		$page_email_body = template("LANG_EMAIL_NAME", $lang['name'], $page_email_body);
		$page_email_body = template("LANG_EMAIL_EMAIL", $lang['email'], $page_email_body);
		$page_email_body = template("LANG_EMAIL_MESSAGE", $lang['message'], $page_email_body);
		$page_email_body = template("LANG_NECESSARY_FIELDS", $lang['necessary_fields'], $page_email_body);
		$page_email_body = template("LANG_EMAIL_SENT_TO", $lang['email_sent_to'], $page_email_body);
		$page_email_body = template("EMAIL_RECEIVER", $sendemail_name, $page_email_body);
		$page_email_body = template("LANG_USER_SENDCOPYTOME", $lang['email_sendcopytome'], $page_email_body);
		$page_email_body = template("LANG_CAPTCHA_WHAT_IS_THAT", $lang['captcha_what_is_that'], $page_email_body);
		$page_email_body = template("LANG_CAPTCHA_WIKIPEDIA", $lang['captcha_wikipedia'], $page_email_body);
		$page_email_body = template("LANG_CAPTCHA_TOOLTIP", $lang['captcha_tooltip'], $page_email_body);
		$page_email_body = template("LANG_SECURITY_CODE", $lang['security_code'], $page_email_body);
		$page_email_body = template("LANG_SEND", $lang['email_send'], $page_email_body);
		$page_email_body = template("LANG_BACK", $lang['back'], $page_email_body);
		$page_email_body = template("LANG_BACK_TO_MAINPAGE", $lang['back_to_mainpage'], $page_email_body);
		$page_email_body = template("LANG_ADMINPANEL_DESCR", $lang['adminpanel_descr'], $page_email_body);
		$page_email_body = template("LANG_ADMINPANEL", $lang['adminpanel'], $page_email_body);


		// fill template with sent strings
		if(!isset($_POST['sent']))
			{
			$_POST['name'] = "";
			$_POST['email'] = "";
			$_POST['message'] = "";
			}
			
		$page_email_body = template("POST_NAME", $_POST['name'], $page_email_body);
		$page_email_body = template("POST_EMAIL", $_POST['email'], $page_email_body);
		$page_email_body = template("POST_MESSAGE", $_POST['message'], $page_email_body);

		// fill template with general data
		$page_email_body = template("FORM_ACTION", "email.php?id=".cleanstr($_GET['id']), $page_email_body);
		}
	else
		{
		 // entry was successfull, load other template
		$page_email_body = $content_email_body_success;

		// fill template with other templates and load them first
		$page_email_body = template("HEADER", $page_header, $page_email_body);
		$page_email_body = template("TEMPLATE_PATH", "templates/".$settings['template_path'], $page_email_body);
		$page_email_body = template("TEMPLATE_STYLE_PATH", $settings['template_style_path'], $page_email_body);
		$page_email_body = template("TEMPLATE_COPYRIGHT", $content_copyright, $page_email_body);
		$page_email_body = template("TEMPLATE_FOOTER", $content_footer, $page_email_body);

		// then strings
		$page_email_body = template("TITLE", $settings['title'], $page_email_body);
		$page_email_body = template("LANG_EMAIL_SUCCESS", $lang['email_success'], $page_email_body);
		$page_email_body = template("LANG_FORWARDING", $lang['forwarding'], $page_email_body);
		$page_email_body = template("LANG_BACK", $lang['back'], $page_email_body);
		$page_email_body = template("LANG_BACK_TO_MAINPAGE", $lang['back_to_mainpage'], $page_email_body);
		$page_email_body = template("MGB_VERSION", $settings['version'], $page_email_body);
		$page_email_body = template("COPYRIGHT_DATE", date("Y"), $page_email_body);
		$page_email_body = template("ICONSET_PATH", $settings['iconset_path'], $page_email_body);
		$page_email_body = template("LANG_ADMINPANEL_DESCR", $lang['adminpanel_descr'], $page_email_body);
		$page_email_body = template("LANG_ADMINPANEL", $lang['adminpanel'], $page_email_body);
		}

	// close sql connection
	@mysql_close($link);

	echo $page_email_body;
?>
Return current item: MGB OpenSource Guestbook