science-ation/contact.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2007 James Grant <james@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
 require("common.inc.php");
 send_header("Contact Us",null,"communication");

 function cleanify($in) {
 	$in=ereg_replace("\r","\n",$in);
 	$lines=explode("\n",$in);
	return trim($lines[0]);
 }

 if(get_value_from_array($_POST, 'action') == "send") {
 	if(get_value_from_array($_POST, 'to') && get_value_from_array($_POST, 'subject') && get_value_from_array($_POST, 'message') && get_value_from_array($_POST, 'from') && get_value_from_array($_POST, 'fromemail')) {
		if(isEmailAddress(get_value_from_array($_POST, 'fromemail'))) {
			list($id,$md5email)=explode(":",$_POST['to']);
			
			$q=pdo->prepare("SELECT * FROM users WHERE uid=.?. ORDER BY year DESC LIMIT 1");
			$q->bindParam(1, $id);
			$q->execute();
			//if a valid selection is made from the list, then this will always match.
			if($md5email == md5($r->email)) {
				$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";
				$extra="Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n"; 
				
				//make sure they dont do anything funky with the subject header
				$subject=cleanify($_POST['subject']);

				//and strip the slashes from the message
				$message=stripslashes($_POST['message']);

				mail("$r->firstname $r->lastname <$r->email>",$subject,$message,$extra);
				echo happy(i18n("Contact email successfully sent"));
			}
			else {
				//this should never happen unless a spammer us auto-submitting stuff and it doesnt match.
				echo error(i18n("Invalid email address"));
			}
		}	
		else
			echo error(i18n("Please enter a valid email address"));
	}
	else
		echo error(i18n("All fields are required"));
 }

?>
<script type="text/javascript">
function tochange() {
	if(!document.forms.contactform.to.options[document.forms.contactform.to.selectedIndex].value)
		document.forms.contactform.to.selectedIndex=0;
}
</script>
<?

	echo i18n("Choose who you would like to contact from the list below, type your subject and message, and click the 'Send' button");
	echo "<br />";
	echo "<br />";
	echo "<form name=\"contactform\" method=\"post\" action=\"contact.php\">\n";
	echo "<input type=\"hidden\" name=\"action\" value=\"send\">\n";
	echo "<table class=\"tableedit\">";
	echo "<tr><td>".i18n("To").":</td>";
	echo "<td><select name=\"to\" onchange=\"tochange()\">";
	echo "<option value=\"\">".i18n("Choose a person to contact")."</option>\n";
	$q=pdo->query("SELECT * FROM committees ORDER BY ord,name");
	while($r->fetch()) {

		/* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent
		 * user data */
		$q2=pdo->query("SELECT committees_link.*,
								users.uid,
								MAX(users.year) AS my,
								users.firstname,
								users.lastname,
								users.email,
								users.deleted
							FROM committees_link 
							LEFT JOIN users ON users.uid = committees_link.users_uid 
							WHERE committees_id='{$r->id}' 
							GROUP BY users.uid
							ORDER BY ord,users.lastname ");

		//if there's nobody in this committee, then just skip it and go on to the next one.

		// FIX ME !!!!!
		if($q2->rowCount()==0)
			continue;

		echo "<option value=\"\">{$r->name}</option>\n";

		echo pdo->errorInfo();
		while($r2=$q2->fetch()) {
			$q3=pdo->query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='$r2->uid' AND year='$r2->my'");
	
			$r3 = $q3->fetch();
			if($r3->deleted != 'no') continue;

			if($r3->email) {
				$name=$r3->firstname.' '.$r3->lastname;
				if($r2->title) $titlestr=" ($r2->title)"; else $titlestr="";
				echo "<option value=\"$r2->uid:".md5($r3->email)."\">&nbsp;&nbsp;-{$name}{$titlestr}</option>\n";
			}
		}
	}
	echo "</select></td></tr>";
	echo "<tr><td>".i18n("Your Name").":</td><td><input type=\"text\" name=\"from\" size=\"50\"></td></tr>";
	echo "<tr><td>".i18n("Your Email Address").":</td><td><input type=\"text\" name=\"fromemail\" size=\"50\"></td></tr>";
	echo "<tr><td>".i18n("Subject").":</td><td><input type=\"text\" name=\"subject\" size=\"50\"></td></tr>";
	echo "<tr><td>".i18n("Message").":</td><td><textarea cols=\"50\" rows=\"6\" name=\"message\"></textarea></td></tr>";
	echo "<tr><td></td><td align=\"center\"><input type=\"submit\" value=\"".i18n("Send")."\"></td></tr>";
	echo "</table>";
	echo "</form>";

	send_footer();
?>
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`<?`
			`/*`
			`This file is part of the 'Science Fair In A Box' project`
			`SFIAB Website: http://www.sfiab.ca`

			`Copyright (C) 2007 James Grant <james@lightbox.org>`

			`This program is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU General Public`
			`License as published by the Free Software Foundation, version 2.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; see the file COPYING. If not, write to`
			`the Free Software Foundation, Inc., 59 Temple Place - Suite 330,`
			`Boston, MA 02111-1307, USA.`
			`*/`
			`?>`
			`<?`
			`require("common.inc.php");`
Put some icons on some of the front-end pages too 2008-08-22 21:03:25 +00:00			`send_header("Contact Us",null,"communication");`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00
			`function cleanify($in) {`
			`$in=ereg_replace("\r","\n",$in);`
Replacements of calls to deprecated function "explode", "ereg", and "ereg_replace" with their recommended equivalents. 2012-02-09 17:52:17 +00:00			`$lines=explode("\n",$in);`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`return trim($lines[0]);`
			`}`

Remove warnings for undefined variables on main pages 2024-12-13 15:38:18 +00:00			`if(get_value_from_array($_POST, 'action') == "send") {`
			`if(get_value_from_array($_POST, 'to') && get_value_from_array($_POST, 'subject') && get_value_from_array($_POST, 'message') && get_value_from_array($_POST, 'from') && get_value_from_array($_POST, 'fromemail')) {`
			`if(isEmailAddress(get_value_from_array($_POST, 'fromemail'))) {`
Replacements of calls to deprecated function "explode", "ereg", and "ereg_replace" with their recommended equivalents. 2012-02-09 17:52:17 +00:00			`list($id,$md5email)=explode(":",$_POST['to']);`
First pass for PHP/MariaDB updates 2024-11-25 23:06:33 +00:00
			`$q=pdo->prepare("SELECT * FROM users WHERE uid=.?. ORDER BY year DESC LIMIT 1");`
			`$q->bindParam(1, $id);`
			`$q->execute();`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`//if a valid selection is made from the list, then this will always match.`
			`if($md5email == md5($r->email)) {`
			`$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";`
			`$extra="Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n";`
Cleanify the subject, and strip slashes from the message body 2008-03-03 20:12:59 +00:00
			`//make sure they dont do anything funky with the subject header`
			`$subject=cleanify($_POST['subject']);`

			`//and strip the slashes from the message`
			`$message=stripslashes($_POST['message']);`

			`mail("$r->firstname $r->lastname <$r->email>",$subject,$message,$extra);`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`echo happy(i18n("Contact email successfully sent"));`
			`}`
			`else {`
			`//this should never happen unless a spammer us auto-submitting stuff and it doesnt match.`
			`echo error(i18n("Invalid email address"));`
			`}`
			`}`
			`else`
			`echo error(i18n("Please enter a valid email address"));`
			`}`
			`else`
			`echo error(i18n("All fields are required"));`
			`}`

			`?>`
			`<script type="text/javascript">`
			`function tochange() {`
			`if(!document.forms.contactform.to.options[document.forms.contactform.to.selectedIndex].value)`
			`document.forms.contactform.to.selectedIndex=0;`
			`}`
			`</script>`
			`<?`

			`echo i18n("Choose who you would like to contact from the list below, type your subject and message, and click the 'Send' button");`
			`echo "<br />";`
			`echo "<br />";`
			`echo "<form name=\"contactform\" method=\"post\" action=\"contact.php\">\n";`
			`echo "<input type=\"hidden\" name=\"action\" value=\"send\">\n";`
			`echo "<table class=\"tableedit\">";`
			`echo "<tr><td>".i18n("To").":</td>";`
			`echo "<td><select name=\"to\" onchange=\"tochange()\">";`
			`echo "<option value=\"\">".i18n("Choose a person to contact")."</option>\n";`
First pass for PHP/MariaDB updates 2024-11-25 23:06:33 +00:00			`$q=pdo->query("SELECT * FROM committees ORDER BY ord,name");`
			`while($r->fetch()) {`
Merge all changes from branch r1284:1498 into trunk 2009-09-09 00:26:12 +00:00
			`/* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent`
			`* user data */`
First pass for PHP/MariaDB updates 2024-11-25 23:06:33 +00:00			`$q2=pdo->query("SELECT committees_link.*,`
Fix the contact form.. using MAX(year) to do joins is completely useless. 2012-02-29 19:13:14 +00:00			`users.uid,`
			`MAX(users.year) AS my,`
			`users.firstname,`
			`users.lastname,`
			`users.email,`
			`users.deleted`
			`FROM committees_link`
			`LEFT JOIN users ON users.uid = committees_link.users_uid`
			`WHERE committees_id='{$r->id}'`
			`GROUP BY users.uid`
			`ORDER BY ord,users.lastname ");`
Merge all changes from branch r1284:1498 into trunk 2009-09-09 00:26:12 +00:00
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`//if there's nobody in this committee, then just skip it and go on to the next one.`
First pass for PHP/MariaDB updates 2024-11-25 23:06:33 +00:00
			`// FIX ME !!!!!`
converted mysql to pdo 2024-12-09 06:06:15 +00:00			`if($q2->rowCount()==0)`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`continue;`

Merge all changes from branch r1284:1498 into trunk 2009-09-09 00:26:12 +00:00			`echo "<option value=\"\">{$r->name}</option>\n";`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00
First pass for PHP/MariaDB updates 2024-11-25 23:06:33 +00:00			`echo pdo->errorInfo();`
			`while($r2=$q2->fetch()) {`
			`$q3=pdo->query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='$r2->uid' AND year='$r2->my'");`

			`$r3 = $q3->fetch();`
Fix the contact form.. using MAX(year) to do joins is completely useless. 2012-02-29 19:13:14 +00:00			`if($r3->deleted != 'no') continue;`
Merge all changes from branch r1284:1498 into trunk 2009-09-09 00:26:12 +00:00
Fix the contact form.. using MAX(year) to do joins is completely useless. 2012-02-29 19:13:14 +00:00			`if($r3->email) {`
			`$name=$r3->firstname.' '.$r3->lastname;`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`if($r2->title) $titlestr=" ($r2->title)"; else $titlestr="";`
Fix the contact form.. using MAX(year) to do joins is completely useless. 2012-02-29 19:13:14 +00:00			`echo "<option value=\"$r2->uid:".md5($r3->email)."\">  -{$name}{$titlestr}</option>\n";`
Bump version for development 2.1.7 Create page text entry for 'invite only' volunteer registration Create a contact page to contact committee members, and link it into the committees page, and the bottom of the left side menu 2007-12-13 19:52:27 +00:00			`}`
			`}`
			`}`
			`echo "</select></td></tr>";`
			`echo "<tr><td>".i18n("Your Name").":</td><td><input type=\"text\" name=\"from\" size=\"50\"></td></tr>";`
			`echo "<tr><td>".i18n("Your Email Address").":</td><td><input type=\"text\" name=\"fromemail\" size=\"50\"></td></tr>";`
			`echo "<tr><td>".i18n("Subject").":</td><td><input type=\"text\" name=\"subject\" size=\"50\"></td></tr>";`
			`echo "<tr><td>".i18n("Message").":</td><td><textarea cols=\"50\" rows=\"6\" name=\"message\"></textarea></td></tr>";`
			`echo "<tr><td></td><td align=\"center\"><input type=\"submit\" value=\"".i18n("Send")."\"></td></tr>";`
			`echo "</table>";`
			`echo "</form>";`

			`send_footer();`
			`?>`