1<?php
2/**
3 * @package tikiwiki
4 */
5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6//
7// All Rights Reserved. See copyright.txt for details and a complete list of authors.
8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9// $Id$
10
11$section = 'user_messages';
12$inputConfiguration = [[
13	'staticKeyFilters'	=> [
14		'body'			=> 'text',
15		'groupbr'		=> 'groupname',
16		'priority'		=> 'digits',
17		'replyto_hash'	=> 'alnumdash',
18		'preview'		=> 'alphaspace',
19		'send'			=> 'alphaspace',
20		'subject'		=> 'text',
21	],
22	'catchAllUnset' => null,
23]];
24require_once('tiki-setup.php');
25$messulib = TikiLib::lib('message');
26$access->check_user($user);
27$access->check_feature('feature_messages');
28$auto_query_args = ['subject', 'body', 'priority', 'replyto_hash', 'groupbr'];
29
30if (! isset($_POST['subject'])) {
31	$_POST['subject'] = '';
32}
33if (! isset($_POST['body'])) {
34	$_POST['body'] = '';
35}
36if (! isset($_POST['priority'])) {
37	$_POST['priority'] = 3;
38}
39if (! isset($_POST['replyto_hash'])) {
40	$_POST['replyto_hash'] = '';
41}
42$smarty->assign('subject', $_POST['subject']);
43$smarty->assign('body', $_POST['body']);
44$smarty->assign('priority', $_POST['priority']);
45$smarty->assign('replyto_hash', $_POST['replyto_hash']);
46$smarty->assign('mid', 'messu-broadcast.tpl');
47$smarty->assign('sent', 0);
48perm_broadcast_check($access, $userlib);
49$groups = $userlib->get_user_groups($user);
50
51if (in_array('Admins', $groups)) {
52	//admins can write to members of all groups
53	$groups = $userlib->list_all_groups();
54	$groups = array_diff($groups, ['Registered', 'Anonymous']);
55} else {
56	//registered users can write to members of groups they belong to
57	$groups = array_diff($groups, ['Registered', 'Anonymous']);
58}
59
60$smarty->assign('groups', $groups);
61
62if ((isset($_POST['send']) && $access->checkCsrf()) || isset($_POST['preview'])) {
63	$message = [];
64	// Validation:
65	// must have a subject or body non-empty (or both)
66	if (empty($_POST['subject']) && empty($_POST['body'])) {
67		Feedback::error(tra('The message must have either a subject or a body.'));
68	} else {
69		// Remove invalid users from the to, cc and bcc fields
70		if (isset($_POST['groupbr'])) {
71			if ($_POST['groupbr'] == 'all' && $tiki_p_broadcast_all == 'y') {
72				$a_all_users = $userlib->get_users(0, -1, 'login_desc', '');
73				$all_users = [];
74				foreach ($a_all_users['data'] as $a_user) {
75					$all_users[] = $a_user['user'];
76				}
77			} elseif (in_array($_POST['groupbr'], $groups)) {
78				$all_users = $userlib->get_group_users($_POST['groupbr']);
79			} else {
80				$access->display_error('', tra("You do not have the permission that is needed to use this feature") . ": " . $permission, '403', false);
81			}
82			$smarty->assign('groupbr', $_POST['groupbr']);
83		}
84
85		$users = [];
86		asort($all_users);
87		foreach ($all_users as $a_user) {
88			if (! empty($a_user)) {
89				if ($userlib->user_exists($a_user)) {
90					if (! $userlib->user_has_permission($a_user, 'tiki_p_messages')) {
91						$message[] = sprintf(tra('User %s does not have the permission'), $a_user);
92					} elseif ($tikilib->get_user_preference($a_user, 'allowMsgs', 'y') == 'y') {
93						$users[] = $a_user;
94					} else {
95						$message[] = sprintf(tra("User %s does not want to receive messages"), $a_user);
96					}
97				} else {
98					$message[] = tra("Invalid user") . "$a_user";
99				}
100			}
101		}
102		$users = array_unique($users);
103		// Validation: either to, cc or bcc must have a valid user
104		if (count($users) > 0) {
105			if (isset($_POST['send'])) {
106				$smarty->assign('sent', 1);
107				$message[] = tra('The message has been sent to:') . ' ' . implode(', ', $users);
108				// Insert the message in the inboxes of each user
109				foreach ($users as $a_user) {
110					$messulib->post_message($a_user, $user, $a_user, '', $_POST['subject'], $_POST['body'], $_POST['priority']);
111					// if this is a reply flag the original messages replied to
112					if ($_POST['replyto_hash'] <> '') {
113						$messulib->mark_replied($a_user, $_POST['replyto_hash']);
114					}
115				}
116				// Insert a copy of the message in the sent box of the sender
117				$messulib->save_sent_message($user, $user, $_POST['groupbr'], null, $_POST['subject'], $_POST['body'], $_POST['priority'], $_POST['replyto_hash']);
118				Feedback::success(['mes' => $message]);
119				if ($prefs['feature_actionlog'] == 'y') {
120					$logslib->add_action('Posted', '', 'message', 'add=' . strlen($_POST['body']));
121				}
122			} elseif (isset($_POST['preview'])) {
123				$message[] = tra('The message will be sent to:') . ' ' . implode(', ', $users);
124				$smarty->assign('confirm_detail', $message);
125				$smarty->assign('confirmSubmitName', 'send');
126				$smarty->assign('confirmSubmitValue', 1);
127				unset($_POST['preview']);
128				$access->checkCsrfForm(tra('See below for how the broadcast message will be handled upon confirmation'));
129			}
130		} else {
131			$message[] = tra('No valid users to send the message to.');
132			Feedback::error(['mes' => $message]);
133		}
134	}
135}
136include_once('tiki-section_options.php');
137include_once('tiki-mytiki_shared.php');
138$smarty->display("tiki.tpl");
139
140//TODO Seems to just check whether any group has broadcast permission. Not sure why regular perm checking wouldn't work
141function perm_broadcast_check($access, $userlib)
142{
143//check permissions
144	$groups_perm = $userlib->list_all_groups();
145	$groups_perm = array_diff($groups_perm, ['Anonymous']);
146	$groups_perm = array_filter(
147		$groups_perm,
148		function ($groupName) {
149			$perms = Perms::get('group', $groupName);
150			return $perms->broadcast;
151		}
152	);
153
154	if (empty($groups_perm)) {
155		$access->display_error('', tra("You do not have the permission that is needed to use this feature") . ": " . $permission, '403', false);
156		exit;
157	}
158}
159