arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
science-ation/contact.php

142 lines
5.1 KiB
PHP
Raw Permalink Blame History

<?
/*
* This file is part of the 'Science Fair In A Box' project
* SFIAB Website: http://www.sfiab.ca
*
* Copyright (C) 2007 James Grant <james@lightbox.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation, version 2.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*/
?>
<?
require ('common.inc.php');
send_header('Contact Us', null, 'communication');
global $pdo;
function cleanify($in)
{
$in = preg_replace("/\r/", "\n", $in);
$lines = explode("\n", $in);
return trim($lines[0]);
}
if (get_value_from_array($_POST, 'action') == 'send') {
if (get_value_from_array($_POST, 'to') && get_value_from_array($_POST, 'subject') && get_value_from_array($_POST, 'message') && get_value_from_array($_POST, 'from') && get_value_from_array($_POST, 'fromemail')) {
if (isEmailAddress(get_value_from_array($_POST, 'fromemail'))) {
list($id, $md5email) = explode(':', $_POST['to']);
$q = $pdo->prepare('SELECT * FROM users WHERE uid=? ORDER BY year DESC LIMIT 1');
$q->execute([$id]);
// if a valid selection is made from the list, then this will always match.
if ($md5email == md5($r->email)) {
$from = cleanify($_POST['from']) . ' <' . cleanify($_POST['fromemail']) . '>';
$extra = "Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n";
// make sure they dont do anything funky with the subject header
$subject = cleanify($_POST['subject']);
// and strip the slashes from the message
$message = stripslashes($_POST['message']);
mail("$r->firstname $r->lastname <$r->email>", $subject, $message, $extra);
echo happy(i18n('Contact email successfully sent'));
} else {
// this should never happen unless a spammer us auto-submitting stuff and it doesnt match.
echo error(i18n('Invalid email address'));
}
} else
echo error(i18n('Please enter a valid email address'));
} else
echo error(i18n('All fields are required'));
}
?>
<script type="text/javascript">
function tochange() {
if(!document.forms.contactform.to.options[document.forms.contactform.to.selectedIndex].value)
document.forms.contactform.to.selectedIndex=0;
}
</script>
<?
echo i18n("Choose who you would like to contact from the list below, type your subject and message, and click the 'Send' button");
echo '<br />';
echo '<br />';
echo "<form name=\"contactform\" method=\"post\" action=\"contact.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"send\">\n";
echo '<table class="tableedit">';
echo '<tr><td>' . i18n('To') . ':</td>';
echo '<td><select name="to" onchange="tochange()">';
echo '<option value="">' . i18n('Choose a person to contact') . "</option>\n";
$q = $pdo->prepare('SELECT * FROM committees ORDER BY ord,name');
$q->execute();
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
/*
* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent
* user data
*/
$q2 = $pdo->prepare('SELECT committees_link.*,
users.uid,
MAX(users.year) AS my,
users.firstname,
users.lastname,
users.email,
users.deleted
FROM committees_link
LEFT JOIN users ON users.uid = committees_link.users_uid
WHERE committees_id=?
GROUP BY users.uid
ORDER BY ord,users.lastname');
$q2->execute([$r['id']]);
// if there's nobody in this committee, then just skip it and go on to the next one.
if ($q2->rowCount() == 0)
continue;
echo '<option value="">' . $r['name'] . "</option>\n";
while ($r2 = $q2->fetch()) {
$q3 = $pdo->query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='" . $r2['uid'] . "' AND year='" . $r2['my'] . "'");
$r3 = $q3->fetch();
if ($r3['deleted'] != 'no')
continue;
if ($r3['email']) {
$name = $r3['firstname'] . ' ' . $r3['lastname'];
if ($r2['title'])
$titlestr = ' (' . $r2['title'] . ')';
else
$titlestr = '';
echo '<option value="' . $r2['uid'] . ':' . md5($r3['email']) . "\">&nbsp;&nbsp;-{$name}{$titlestr}</option>\n";
}
}
}
echo '</select></td></tr>';
echo '<tr><td>' . i18n('Your Name') . ':</td><td><input type="text" name="from" size="50"></td></tr>';
echo '<tr><td>' . i18n('Your Email Address') . ':</td><td><input type="text" name="fromemail" size="50"></td></tr>';
echo '<tr><td>' . i18n('Subject') . ':</td><td><input type="text" name="subject" size="50"></td></tr>';
echo '<tr><td>' . i18n('Message') . ':</td><td><textarea cols="50" rows="6" name="message"></textarea></td></tr>';
echo '<tr><td></td><td align="center"><input type="submit" value="' . i18n('Send') . '"></td></tr>';
echo '</table>';
echo '</form>';
send_footer();
?>
View Git Blame Copy Permalink