1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10 11$section = 'user_messages'; 12$inputConfiguration = [[ 13 'staticKeyFilters' => [ 14 'body' => 'text', 15 'groupbr' => 'groupname', 16 'priority' => 'digits', 17 'replyto_hash' => 'alnumdash', 18 'preview' => 'alphaspace', 19 'send' => 'alphaspace', 20 'subject' => 'text', 21 ], 22 'catchAllUnset' => null, 23]]; 24require_once('tiki-setup.php'); 25$messulib = TikiLib::lib('message'); 26$access->check_user($user); 27$access->check_feature('feature_messages'); 28$auto_query_args = ['subject', 'body', 'priority', 'replyto_hash', 'groupbr']; 29 30if (! isset($_POST['subject'])) { 31 $_POST['subject'] = ''; 32} 33if (! isset($_POST['body'])) { 34 $_POST['body'] = ''; 35} 36if (! isset($_POST['priority'])) { 37 $_POST['priority'] = 3; 38} 39if (! isset($_POST['replyto_hash'])) { 40 $_POST['replyto_hash'] = ''; 41} 42$smarty->assign('subject', $_POST['subject']); 43$smarty->assign('body', $_POST['body']); 44$smarty->assign('priority', $_POST['priority']); 45$smarty->assign('replyto_hash', $_POST['replyto_hash']); 46$smarty->assign('mid', 'messu-broadcast.tpl'); 47$smarty->assign('sent', 0); 48perm_broadcast_check($access, $userlib); 49$groups = $userlib->get_user_groups($user); 50 51if (in_array('Admins', $groups)) { 52 //admins can write to members of all groups 53 $groups = $userlib->list_all_groups(); 54 $groups = array_diff($groups, ['Registered', 'Anonymous']); 55} else { 56 //registered users can write to members of groups they belong to 57 $groups = array_diff($groups, ['Registered', 'Anonymous']); 58} 59 60$smarty->assign('groups', $groups); 61 62if ((isset($_POST['send']) && $access->checkCsrf()) || isset($_POST['preview'])) { 63 $message = []; 64 // Validation: 65 // must have a subject or body non-empty (or both) 66 if (empty($_POST['subject']) && empty($_POST['body'])) { 67 Feedback::error(tra('The message must have either a subject or a body.')); 68 } else { 69 // Remove invalid users from the to, cc and bcc fields 70 if (isset($_POST['groupbr'])) { 71 if ($_POST['groupbr'] == 'all' && $tiki_p_broadcast_all == 'y') { 72 $a_all_users = $userlib->get_users(0, -1, 'login_desc', ''); 73 $all_users = []; 74 foreach ($a_all_users['data'] as $a_user) { 75 $all_users[] = $a_user['user']; 76 } 77 } elseif (in_array($_POST['groupbr'], $groups)) { 78 $all_users = $userlib->get_group_users($_POST['groupbr']); 79 } else { 80 $access->display_error('', tra("You do not have the permission that is needed to use this feature") . ": " . $permission, '403', false); 81 } 82 $smarty->assign('groupbr', $_POST['groupbr']); 83 } 84 85 $users = []; 86 asort($all_users); 87 foreach ($all_users as $a_user) { 88 if (! empty($a_user)) { 89 if ($userlib->user_exists($a_user)) { 90 if (! $userlib->user_has_permission($a_user, 'tiki_p_messages')) { 91 $message[] = sprintf(tra('User %s does not have the permission'), $a_user); 92 } elseif ($tikilib->get_user_preference($a_user, 'allowMsgs', 'y') == 'y') { 93 $users[] = $a_user; 94 } else { 95 $message[] = sprintf(tra("User %s does not want to receive messages"), $a_user); 96 } 97 } else { 98 $message[] = tra("Invalid user") . "$a_user"; 99 } 100 } 101 } 102 $users = array_unique($users); 103 // Validation: either to, cc or bcc must have a valid user 104 if (count($users) > 0) { 105 if (isset($_POST['send'])) { 106 $smarty->assign('sent', 1); 107 $message[] = tra('The message has been sent to:') . ' ' . implode(', ', $users); 108 // Insert the message in the inboxes of each user 109 foreach ($users as $a_user) { 110 $messulib->post_message($a_user, $user, $a_user, '', $_POST['subject'], $_POST['body'], $_POST['priority']); 111 // if this is a reply flag the original messages replied to 112 if ($_POST['replyto_hash'] <> '') { 113 $messulib->mark_replied($a_user, $_POST['replyto_hash']); 114 } 115 } 116 // Insert a copy of the message in the sent box of the sender 117 $messulib->save_sent_message($user, $user, $_POST['groupbr'], null, $_POST['subject'], $_POST['body'], $_POST['priority'], $_POST['replyto_hash']); 118 Feedback::success(['mes' => $message]); 119 if ($prefs['feature_actionlog'] == 'y') { 120 $logslib->add_action('Posted', '', 'message', 'add=' . strlen($_POST['body'])); 121 } 122 } elseif (isset($_POST['preview'])) { 123 $message[] = tra('The message will be sent to:') . ' ' . implode(', ', $users); 124 $smarty->assign('confirm_detail', $message); 125 $smarty->assign('confirmSubmitName', 'send'); 126 $smarty->assign('confirmSubmitValue', 1); 127 unset($_POST['preview']); 128 $access->checkCsrfForm(tra('See below for how the broadcast message will be handled upon confirmation')); 129 } 130 } else { 131 $message[] = tra('No valid users to send the message to.'); 132 Feedback::error(['mes' => $message]); 133 } 134 } 135} 136include_once('tiki-section_options.php'); 137include_once('tiki-mytiki_shared.php'); 138$smarty->display("tiki.tpl"); 139 140//TODO Seems to just check whether any group has broadcast permission. Not sure why regular perm checking wouldn't work 141function perm_broadcast_check($access, $userlib) 142{ 143//check permissions 144 $groups_perm = $userlib->list_all_groups(); 145 $groups_perm = array_diff($groups_perm, ['Anonymous']); 146 $groups_perm = array_filter( 147 $groups_perm, 148 function ($groupName) { 149 $perms = Perms::get('group', $groupName); 150 return $perms->broadcast; 151 } 152 ); 153 154 if (empty($groups_perm)) { 155 $access->display_error('', tra("You do not have the permission that is needed to use this feature") . ": " . $permission, '403', false); 156 exit; 157 } 158} 159