forked from science-ation/science-ation
142 lines
5.1 KiB
PHP
142 lines
5.1 KiB
PHP
<?
|
|
|
|
/*
|
|
* This file is part of the 'Science Fair In A Box' project
|
|
* SFIAB Website: http://www.sfiab.ca
|
|
*
|
|
* Copyright (C) 2007 James Grant <james@lightbox.org>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public
|
|
* License as published by the Free Software Foundation, version 2.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; see the file COPYING. If not, write to
|
|
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
* Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
require ('common.inc.php');
|
|
send_header('Contact Us', null, 'communication');
|
|
|
|
global $pdo;
|
|
|
|
function cleanify($in)
|
|
{
|
|
$in = preg_replace("\r", "\n", $in);
|
|
$lines = explode("\n", $in);
|
|
return trim($lines[0]);
|
|
}
|
|
|
|
if (get_value_from_array($_POST, 'action') == 'send') {
|
|
if (get_value_from_array($_POST, 'to') && get_value_from_array($_POST, 'subject') && get_value_from_array($_POST, 'message') && get_value_from_array($_POST, 'from') && get_value_from_array($_POST, 'fromemail')) {
|
|
if (isEmailAddress(get_value_from_array($_POST, 'fromemail'))) {
|
|
list($id, $md5email) = explode(':', $_POST['to']);
|
|
|
|
$q = $pdo->prepare('SELECT * FROM users WHERE uid=? ORDER BY year DESC LIMIT 1');
|
|
$q->execute([$id]);
|
|
// if a valid selection is made from the list, then this will always match.
|
|
if ($md5email == md5($r->email)) {
|
|
$from = cleanify($_POST['from']) . ' <' . cleanify($_POST['fromemail']) . '>';
|
|
$extra = "Return-Path: $from\r\nFrom: $from\r\nReply-To: $from\r\n";
|
|
|
|
// make sure they dont do anything funky with the subject header
|
|
$subject = cleanify($_POST['subject']);
|
|
|
|
// and strip the slashes from the message
|
|
$message = stripslashes($_POST['message']);
|
|
|
|
mail("$r->firstname $r->lastname <$r->email>", $subject, $message, $extra);
|
|
echo happy(i18n('Contact email successfully sent'));
|
|
} else {
|
|
// this should never happen unless a spammer us auto-submitting stuff and it doesnt match.
|
|
echo error(i18n('Invalid email address'));
|
|
}
|
|
} else
|
|
echo error(i18n('Please enter a valid email address'));
|
|
} else
|
|
echo error(i18n('All fields are required'));
|
|
}
|
|
|
|
?>
|
|
<script type="text/javascript">
|
|
function tochange() {
|
|
if(!document.forms.contactform.to.options[document.forms.contactform.to.selectedIndex].value)
|
|
document.forms.contactform.to.selectedIndex=0;
|
|
}
|
|
</script>
|
|
<?
|
|
|
|
echo i18n("Choose who you would like to contact from the list below, type your subject and message, and click the 'Send' button");
|
|
echo '<br />';
|
|
echo '<br />';
|
|
echo "<form name=\"contactform\" method=\"post\" action=\"contact.php\">\n";
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"send\">\n";
|
|
echo '<table class="tableedit">';
|
|
echo '<tr><td>' . i18n('To') . ':</td>';
|
|
echo '<td><select name="to" onchange="tochange()">';
|
|
echo '<option value="">' . i18n('Choose a person to contact') . "</option>\n";
|
|
$q = $pdo->prepare('SELECT * FROM committees ORDER BY ord,name');
|
|
$q->execute();
|
|
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
|
/*
|
|
* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent
|
|
* user data
|
|
*/
|
|
$q2 = $pdo->prepare('SELECT committees_link.*,
|
|
users.uid,
|
|
MAX(users.year) AS my,
|
|
users.firstname,
|
|
users.lastname,
|
|
users.email,
|
|
users.deleted
|
|
FROM committees_link
|
|
LEFT JOIN users ON users.uid = committees_link.users_uid
|
|
WHERE committees_id=?
|
|
GROUP BY users.uid
|
|
ORDER BY ord,users.lastname');
|
|
|
|
$q2->execute([$r['id']]);
|
|
|
|
// if there's nobody in this committee, then just skip it and go on to the next one.
|
|
|
|
if ($q2->rowCount() == 0)
|
|
continue;
|
|
|
|
echo '<option value="">' . $r['name'] . "</option>\n";
|
|
|
|
while ($r2 = $q2->fetch()) {
|
|
$q3 = $pdo->query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='" . $r2['uid'] . "' AND year='" . $r2['my'] . "'");
|
|
|
|
$r3 = $q3->fetch();
|
|
if ($r3['deleted'] != 'no')
|
|
continue;
|
|
|
|
if ($r3['email']) {
|
|
$name = $r3['firstname'] . ' ' . $r3['lastname'];
|
|
if ($r2['title'])
|
|
$titlestr = ' (' . $r2['title'] . ')';
|
|
else
|
|
$titlestr = '';
|
|
echo '<option value="' . $r2['uid'] . ':' . md5($r3['email']) . "\"> -{$name}{$titlestr}</option>\n";
|
|
}
|
|
}
|
|
}
|
|
echo '</select></td></tr>';
|
|
echo '<tr><td>' . i18n('Your Name') . ':</td><td><input type="text" name="from" size="50"></td></tr>';
|
|
echo '<tr><td>' . i18n('Your Email Address') . ':</td><td><input type="text" name="fromemail" size="50"></td></tr>';
|
|
echo '<tr><td>' . i18n('Subject') . ':</td><td><input type="text" name="subject" size="50"></td></tr>';
|
|
echo '<tr><td>' . i18n('Message') . ':</td><td><textarea cols="50" rows="6" name="message"></textarea></td></tr>';
|
|
echo '<tr><td></td><td align="center"><input type="submit" value="' . i18n('Send') . '"></td></tr>';
|
|
echo '</table>';
|
|
echo '</form>';
|
|
|
|
send_footer();
|
|
?>
|