탐색 도움말
가입하기 로그인
Jones
/
MastodonHelp
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 758e570794
브랜치 태그
MastodonHelp
/
web
/
site
/
mustard
/
invite.php

invite.php 9.0 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214 
  1. <?php
    2. 

  2. 

  3. require '../../lib/glob.php';
    4. 

  4. require '../../lib/muoribene.php';
    5. 

  5. require '../../lib/sessionstart.php';
    6. 

  6. require '../../lib/myconn.php';
    7. 

  7. require '../../lib/getadmacc.php';
    8. 

  8. if ($account['Level']=='guest')
    9. 

  9. 	muoribene('Sorry, you are not authorized.',true);
    10. 

  10. require '../../lib/jsencode.php';
    11. 

  11. require '../../lib/menu.php';
    12. 

  12. $menu['menu']['selected']=true;
    13. 

  13. $menu['menu']['submenu']['instances']['selected']=true;
    14. 

  14. buildmenu($menu);
    15. 

  15. 

  16. $dbg='';
    17. 

  17. 

  18. use function mysqli_real_escape_string as myesc;
    19. 

  19. 

  20. // praticamente una macro
    21. 

  21. function hspech($str) {
    22. 

  22. 	return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
    23. 

  23. }
    24. 

  24. 

  25. require '../../lib/randstr.php';
    26. 

  26. 

  27. function parsetempline($line,$substarr) {
    28. 

  28. 	$patterns=array('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/');
    29. 

  29. 	return(preg_replace($patterns,$substarr,$line));
    30. 

  30. }
    31. 

  31. 

  32. if (array_key_exists('id',$_GET) && preg_match('/^[0-9]+$/',$_GET['id'])===1) {
    33. 

  33. 	$_GET['id']+=0;
    34. 

  34. 	$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$_GET['id'])
    35. 

  35. 		or muoribene(__LINE__.': '.mysqli_error($link),true);
    36. 

  36. 	if (mysqli_num_rows($res)!=1)
    37. 

  37. 		muoribene('Non esiste alcuna istanza con ID='.$_GET['id'].'.',true);
    38. 

  38. 	$inst=mysqli_fetch_assoc($res);
    39. 

  39. 	if (trim($inst['Email'])=='')
    40. 

  40. 		muoribene('Nessun indirizzo email è definito per questa istanza.',true);
    41. 

  41. 	$createacc='false';
    42. 

  42. 	if (!is_null($inst['GuestID'])) {
    43. 

  43. 		$res=mysqli_query($link,'SELECT * FROM Admins WHERE ID='.$inst['GuestID'])
    44. 

  44. 			or muoribene(__LINE__.': '.mysqli_error($link),true);
    45. 

  45. 		if (mysqli_num_rows($res)==0)
    46. 

  46. 			muoribene('Non esiste alcun account con ID='.$inst['GuestID'].'.',true);
    47. 

  47. 		$templfp='mailtemplates/reminder';
    48. 

  48. 	} else {
    49. 

  49. 		$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$inst['Email']).'\'')
    50. 

  50. 			or muoribene(__LINE__.': '.mysqli_error($link),true);
    51. 

  51. 		if (mysqli_num_rows($res)==0) {
    52. 

  52. 			$templfp='mailtemplates/first_invitation';
    53. 

  53. 			$createacc='true';
    54. 

  54. 		} else {
    55. 

  55. 			$templfp='mailtemplates/more_instances';
    56. 

  56. 		}
    57. 

  57. 	}
    58. 

  58. 	$templ=file($templfp,FILE_IGNORE_NEW_LINES);
    59. 

  59. 	if ($templ===false)
    60. 

  60. 		muoribene('Impossibile aprire «'.$templfp.'».',true);
    61. 

  61. 

  62. 	$out='<form action="invite.php" method="post" id="f" onsubmit="return send();">'.N;
    63. 

  63. 	$out.='<table class="bigtab">'.N;
    64. 

  64. 	$out.='<tbody>'.N;
    65. 

  65. 	$out.='<tr><td class="insthead">Email di invito</td></tr>'.N;
    66. 

  66. 	$out.='<tr><td>'.N;
    67. 

  67. 	if (is_null($inst['AdmDisplayName']))
    68. 

  68. 		$admname='';
    69. 

  69. 	elseif (trim($inst['AdmDisplayName'])!='')
    70. 

  70. 		$admname=$inst['AdmDisplayName'];
    71. 

  71. 	elseif (trim($inst['AdmAccount'])!='')
    72. 

  72. 		$admname=$inst['AdmAccount'];
    73. 

  73. 	else
    74. 

  74. 		$admname='';
    75. 

  75. 	$haddress=$inst['Email'];
    76. 

  76. 	if ($admname!='') $haddress=$admname.' <'.$haddress.'>';
    77. 

  77. 	$madmname='';
    78. 

  78. 	if ($admname!='') $madmname=' '.$admname;
    79. 

  79. 	if ($admname=='') $admname='Unknown';
    80. 

  80. 	$password=randstr(16);
    81. 

  81. 	define('RN',"\r\n");
    82. 

  82. 	//('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/')
    83. 

  83. 	$subj=parsetempline($templ[0],array($inst['URI'],$madmname,$inst['Email'],$password,$iniarr['site_domain']));
    84. 

  84. 	$message='';
    85. 

  85. 	for ($i=2; $i<count($templ); $i++)
    86. 

  86. 		$message.=parsetempline($templ[$i],array($inst['URI'],$madmname,$inst['Email'],$password,$iniarr['site_domain'])).RN;
    87. 

  87. 

  88. 	$out.='<div class="mailheader"><strong>Mittente:</strong> '.hspech($iniarr['ref_name']).' '.hspech('<'.$iniarr['ref_email'].'>').'</div>'.N;
    89. 

  89. 	$out.='<div class="mailheader"><strong>Destinatario:</strong> '.hspech($haddress).'</div>'.N;
    90. 

  90. 	$out.='<div class="mailheader"><strong>Oggetto:</strong> <input type="text" id="subject" name="subject" class="mailsubj" value="'.hspech($subj).'"></div>'.N;
    91. 

  91. 	$out.='<textarea id="message" name="message" rows="20" class="mailmsg">'.hspech($message).'</textarea>'.N;
    92. 

  92. 	$out.='<input type="button" value="Invia" class="mailbut" onclick="send();">'.N;
    93. 

  93. 	$out.='<input type="hidden" name="id" value="'.$inst['ID'].'">'.N;
    94. 

  94. 	$out.='<input type="hidden" name="insturi" value="'.hspech($inst['URI']).'">'.N;
    95. 

  95. 	$out.='<input type="hidden" name="password" value="'.hspech($password).'">'.N;
    96. 

  96. 	$out.='<input type="hidden" name="to" value="'.hspech($haddress).'">'.N;
    97. 

  97. 	$out.='<input type="hidden" name="guestname" value="'.hspech($admname).'">'.N;
    98. 

  98. 	$out.='<input type="hidden" name="guestaddr" value="'.hspech($inst['Email']).'">'.N;
    99. 

  99. 	$out.='<input type="hidden" name="createacc" value="'.$createacc.'">'.N;
    100. 

  100. 	$out.='</td></tr>'.N;
    101. 

  101. 	$out.='</tbody>'.N;
    102. 

  102. 	$out.='</table>'.N;
    103. 

  103. 	$out.='</form>'.N;
    104. 

  104. 	$insturi=$inst['URI'];
    105. 

  105. } elseif (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1 && array_key_exists('insturi',$_POST) && trim($_POST['insturi'])!='' && array_key_exists('subject',$_POST) && trim($_POST['subject'])!='' && array_key_exists('to',$_POST) && trim($_POST['to'])!='' && array_key_exists('message',$_POST) && trim($_POST['message'])!='' && array_key_exists('password',$_POST) && trim($_POST['password'])!='' && array_key_exists('guestaddr',$_POST) && trim($_POST['guestaddr'])!='' && array_key_exists('createacc',$_POST) && preg_match('/^true|false$/',$_POST['createacc'])===1) {
    106. 

  106. 	$_POST['id']+=0;
    107. 

  107. 	$from=$iniarr['ref_name'].' <'.$iniarr['ref_email'].'>';
    108. 

  108. 	//questo per far provette d'invio mail senza toccare il db
    109. 

  109. 	if ($iniarr['mail_test_to']!=false && trim($iniarr['mail_test_to'])!='') {
    110. 

  110. 		$test=true;
    111. 

  111. 		$to=$iniarr['mail_test_to'];
    112. 

  112. 	} else {
    113. 

  113. 		$test=false;
    114. 

  114. 		$to=$_POST['to'];
    115. 

  115. 	}
    116. 

  116. 	$mail=mail($to,'=?utf-8?B?'.base64_encode($_POST['subject']).'?=',wordwrap($_POST['message'],76,"\r\n",false),array('From'=>$from,'Content-Type'=>'text/plain; charset=UTF-8','Content-Transfer-Encoding'=>'8bit'));
    117. 

  117. 	if (!$mail)	{
    118. 

  118. 		$out='<div class="message">Errori nell’invio della mail.<br>Puoi <a href="invite.php?id='.$_POST['id'].'">riprovare</a>.</div>'.N;
    119. 

  119. 	} elseif (!$test) {
    120. 

  120. 		if ($_POST['createacc']=='true') {
    121. 

  121. 			mysqli_query($link,'INSERT INTO Admins (ID, Username, Email, Password, Level, Page, MaxLocalities, MaxLanguages, MaxFinancing, MaxPolicies, MaxTags, Enabled) VALUES (NULL, \''.myesc($link,$_POST['guestname']).'\', \''.myesc($link,$_POST['guestaddr']).'\', \''.myesc($link,password_hash($_POST['password'],PASSWORD_DEFAULT)).'\', \'guest\', \'0\', \'1\', \'0\', \'3\', \'3\', \'3\', \'1\')')
    122. 

  122. 				or muoribene(__LINE__.': '.mysqli_error($link),true);
    123. 

  123. 			$accid=mysqli_insert_id($link);
    124. 

  124. 		} else {
    125. 

  125. 			$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$_POST['guestaddr']).'\'')
    126. 

  126. 				or muoribene(__LINE__.': '.mysqli_error($link),true);
    127. 

  127. 			if (mysqli_num_rows($res)==0)
    128. 

  128. 				muoribene(__LINE__.': Non esiste alcun account con Email=“'.$_POST['guestaddr'].'”.',true);
    129. 

  129. 			$row=mysqli_fetch_assoc($res);
    130. 

  130. 			$accid=$row['ID'];
    131. 

  131. 		}
    132. 

  132. 		mysqli_query($link,'UPDATE Instances SET GuestID='.$accid.' WHERE ID='.$_POST['id'])
    133. 

  133. 			or muoribene(__LINE__.': '.mysqli_error($link),true);
    134. 

  134. 		$out='<div class="message">La mail è stata inviata correttamente all’indirizzo «'.$to.'».<br>L’account relativo è stato creato/aggiornato correttamente.</div>'.N;
    135. 

  135. 	} else {
    136. 

  136. 		$out='<div class="message">La mail è stata inviata correttamente all’indirizzo di test «'.$to.'».<br>Nessun account è stato creato/aggiornato.<br>Se vuoi abilitare l’invio ai destinatari reali e la creazione o l’aggiornamento degli account relativi devi editare il file di configurazione di Mustard.</div>'.N;
    137. 

  137. 	}
    138. 

  138. 	$insturi=$_POST['insturi'];
    139. 

  139. } else {
    140. 

  140. 	muoribene('Malformed input.',true);
    141. 

  141. }
    142. 

  142. 

  143. mysqli_close($link);
    144. 

  144. 

  145. ?>
    146. 

  146. <!DOCTYPE HTML>
    147. 

  147. <html lang="it">
    148. 

  148. <head>
    149. 

  149. <title>Mustard - Invito admin di «<?php echo(hspech($insturi)); ?>»</title>
    150. 

  150. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    151. 

  151. <meta name="description" content="Admin pages for Mastodon Help">
    152. 

  152. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
    153. 

  153. <link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">
    154. 

  154. <link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">
    155. 

  155. <link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">
    156. 

  156. <link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">
    157. 

  157. <link rel="stylesheet" type="text/css" href="css/theme.css?v=<?php echo($cjrand); ?>">
    158. 

  158. <script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>
    159. 

  159. <script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>
    160. 

  160. <script language="JavaScript">
    161. 

  161. <!--
    162. 

  162. function send() {
    163. 

  163. 	var errors='';
    164. 

  164. 	if (document.getElementById('subject').value.trim()=='') errors+='<li>Destinatario non definito</li>';
    165. 

  165. 	if (document.getElementById('message').value.trim()=='') errors+='<li>Il messaggio è vuoto</li>';
    166. 

  166. 	if (errors!='') {
    167. 

  167. 		alerta('Errore','<ul>'+errors+'</ul>');
    168. 

  168. 		return(false);
    169. 

  169. 	} else {
    170. 

  170. 		document.getElementById('f').submit();
    171. 

  171. 	}
    172. 

  172. }
    173. 

  173. //-->
    174. 

  174. </script>
    175. 

  175. </head>
    176. 

  176. <body>
    177. 

  177. 

  178. <nav>
    179. 

  179. <div id="hmenu">
    180. 

  180. <ul>
    181. 

  181. <?php echo($menuout); ?>
    182. 

  182. </ul>
    183. 

  183. <div class="mtit">Invito admin di «<?php echo(hspech($insturi)); ?>»</div>
    184. 

  184. <div id="rightdiv">
    185. 

  185. <img src="imgs/esci.svg" class="rlinks" title="Esci" onclick="document.location.href='logout.php';">
    186. 

  186. </div>
    187. 

  187. </div>
    188. 

  188. </nav>
    189. 

  189. 

  190. <div id="popup">
    191. 

  191. <div id="inpopup">
    192. 

  192. <div id="popupcont">
    193. 

  193. ...
    194. 

  194. </div>
    195. 

  195. </div>
    196. 

  196. </div>
    197. 

  197. 

  198. <!-- <div id="footer">
    199. 

  199. </div> -->
    200. 

  200. 

  201. <div id="fullscreen">
    202. 

  202. <div id="middlerow">
    203. 

  203. <?php
    204. 

  204. echo($out);
    205. 

  205. ?>
    206. 

  206. </div>
    207. 

  207. </div>
    208. 

  208. 

  209. <div id="debug">
    210. 

  210. <?php echo($dbg); ?>
    211. 

  211. </div>
    212. 

  212. 

  213. </body>
    214. 

  214. </html>
    215.