2020-05-01 06:51:22 +02:00
< ? php
require ( 'include/glob.php' );
require ( 'include/muoribene.php' );
require ( 'include/sessionstart.php' );
require ( 'include/myconn.php' );
require ( 'include/getadmacc.php' );
if ( $account [ 'Level' ] == 'guest' )
muoribene ( 'Sorry, you are not authorized.' , true );
require ( 'include/jsencode.php' );
require ( 'include/menu.php' );
$menu [ 'menu' ][ 'selected' ] = true ;
$menu [ 'menu' ][ 'submenu' ][ 'instances' ][ 'selected' ] = true ;
buildmenu ( $menu );
$dbg = '' ;
use function mysqli_real_escape_string as myesc ;
// praticamente una macro
function hspech ( $str ) {
return ( htmlspecialchars ( $str , ENT_QUOTES | ENT_HTML5 , 'UTF-8' ));
}
2020-05-03 19:55:24 +02:00
require ( 'include/randstr.php' );
2020-05-01 06:51:22 +02:00
2020-05-08 17:38:54 +02:00
function parsetempline ( $line , $substarr ) {
$patterns = array ( '/%guestinsturi/' , '/%guestname/' , '/%guestemail/' , '/%guestpassword/' , '/%ourdomain/' );
return ( preg_replace ( $patterns , $substarr , $line ));
}
2020-05-01 06:51:22 +02:00
if ( array_key_exists ( 'id' , $_GET ) && preg_match ( '/^[0-9]+$/' , $_GET [ 'id' ]) === 1 ) {
$_GET [ 'id' ] += 0 ;
$res = mysqli_query ( $link , 'SELECT * FROM Instances WHERE ID=' . $_GET [ 'id' ])
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
if ( mysqli_num_rows ( $res ) != 1 )
muoribene ( 'Non esiste alcuna istanza con ID=' . $_GET [ 'id' ] . '.' , true );
$inst = mysqli_fetch_assoc ( $res );
if ( trim ( $inst [ 'Email' ]) == '' )
muoribene ( 'Nessun indirizzo email è definito per questa istanza.' , true );
2020-05-08 17:38:54 +02:00
$createacc = 'false' ;
if ( ! is_null ( $inst [ 'GuestID' ])) {
$res = mysqli_query ( $link , 'SELECT * FROM Admins WHERE ID=' . $inst [ 'GuestID' ])
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
if ( mysqli_num_rows ( $res ) == 0 )
muoribene ( 'Non esiste alcun account con ID=' . $inst [ 'GuestID' ] . '.' , true );
$templfp = 'mailtemplates/reminder' ;
} else {
$res = mysqli_query ( $link , 'SELECT * FROM Admins WHERE Email=\'' . myesc ( $link , $inst [ 'Email' ]) . '\'' )
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
if ( mysqli_num_rows ( $res ) == 0 ) {
$templfp = 'mailtemplates/first_invitation' ;
$createacc = 'true' ;
} else {
$templfp = 'mailtemplates/more_instances' ;
}
}
$templ = file ( $templfp , FILE_IGNORE_NEW_LINES );
if ( $templ === false )
muoribene ( 'Impossibile aprire «' . $templfp . '».' , true );
2020-05-01 06:51:22 +02:00
$out = '<form action="invite.php" method="post" id="f" onsubmit="return send();">' . N ;
$out .= '<table class="bigtab">' . N ;
$out .= '<tbody>' . N ;
$out .= '<tr><td class="insthead">Email di invito</td></tr>' . N ;
$out .= '<tr><td>' . N ;
if ( trim ( $inst [ 'AdmDisplayName' ]) != '' )
$admname = $inst [ 'AdmDisplayName' ];
elseif ( trim ( $inst [ 'AdmAccount' ]) != '' )
$admname = $inst [ 'AdmAccount' ];
else
$admname = '' ;
$haddress = $inst [ 'Email' ];
if ( $admname != '' ) $haddress = $admname . ' <' . $haddress . '>' ;
$madmname = '' ;
if ( $admname != '' ) $madmname = ' ' . $admname ;
2020-05-08 17:38:54 +02:00
if ( $admname == '' ) $admname = 'Unknown' ;
2020-05-01 06:51:22 +02:00
$password = randstr ( 16 );
define ( 'RN' , " \r \n " );
2020-05-08 17:38:54 +02:00
//('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/')
$subj = parsetempline ( $templ [ 0 ], array ( $inst [ 'URI' ], $madmname , $inst [ 'Email' ], $password , $iniarr [ 'site_domain' ]));
$message = '' ;
for ( $i = 2 ; $i < count ( $templ ); $i ++ )
$message .= parsetempline ( $templ [ $i ], array ( $inst [ 'URI' ], $madmname , $inst [ 'Email' ], $password , $iniarr [ 'site_domain' ])) . RN ;
$out .= '<div class="mailheader"><strong>Mittente:</strong> ' . hspech ( $iniarr [ 'ref_name' ]) . ' ' . hspech ( '<' . $iniarr [ 'ref_email' ] . '>' ) . '</div>' . N ;
$out .= '<div class="mailheader"><strong>Destinatario:</strong> ' . hspech ( $haddress ) . '</div>' . N ;
$out .= '<div class="mailheader"><strong>Oggetto:</strong> <input type="text" id="subject" name="subject" class="mailsubj" value="' . hspech ( $subj ) . '"></div>' . N ;
$out .= '<textarea id="message" name="message" rows="20" class="mailmsg">' . hspech ( $message ) . '</textarea>' . N ;
$out .= '<input type="button" value="Invia" class="mailbut" onclick="send();">' . N ;
2020-05-01 06:51:22 +02:00
$out .= '<input type="hidden" name="id" value="' . $inst [ 'ID' ] . '">' . N ;
2020-05-08 17:38:54 +02:00
$out .= '<input type="hidden" name="insturi" value="' . hspech ( $inst [ 'URI' ]) . '">' . N ;
2020-05-01 06:51:22 +02:00
$out .= '<input type="hidden" name="password" value="' . hspech ( $password ) . '">' . N ;
2020-05-08 17:38:54 +02:00
$out .= '<input type="hidden" name="to" value="' . hspech ( $haddress ) . '">' . N ;
$out .= '<input type="hidden" name="guestname" value="' . hspech ( $admname ) . '">' . N ;
$out .= '<input type="hidden" name="guestaddr" value="' . hspech ( $inst [ 'Email' ]) . '">' . N ;
$out .= '<input type="hidden" name="createacc" value="' . $createacc . '">' . N ;
2020-05-01 06:51:22 +02:00
$out .= '</td></tr>' . N ;
$out .= '</tbody>' . N ;
$out .= '</table>' . N ;
$out .= '</form>' . N ;
2020-05-08 17:38:54 +02:00
$insturi = $inst [ 'URI' ];
} elseif ( array_key_exists ( 'id' , $_POST ) && preg_match ( '/^[0-9]+$/' , $_POST [ 'id' ]) === 1 && array_key_exists ( 'insturi' , $_POST ) && trim ( $_POST [ 'insturi' ]) != '' && array_key_exists ( 'subject' , $_POST ) && trim ( $_POST [ 'subject' ]) != '' && array_key_exists ( 'to' , $_POST ) && trim ( $_POST [ 'to' ]) != '' && array_key_exists ( 'message' , $_POST ) && trim ( $_POST [ 'message' ]) != '' && array_key_exists ( 'password' , $_POST ) && trim ( $_POST [ 'password' ]) != '' && array_key_exists ( 'guestaddr' , $_POST ) && trim ( $_POST [ 'guestaddr' ]) != '' && array_key_exists ( 'createacc' , $_POST ) && preg_match ( '/^true|false$/' , $_POST [ 'createacc' ]) === 1 ) {
2020-05-01 06:51:22 +02:00
$_POST [ 'id' ] += 0 ;
$from = $iniarr [ 'ref_name' ] . ' <' . $iniarr [ 'ref_email' ] . '>' ;
2020-05-08 17:38:54 +02:00
$to = $_POST [ 'to' ];
$dbchange = true ;
//questo per far provette d'invio mail senza toccare il db
if ( $iniarr [ 'mail_test_address' ] == false || trim ( $iniarr [ 'mail_test_address' ]) == '' ) {
$to = $iniarr [ 'mail_test_address' ];
$dbchange = false ;
}
2020-05-01 06:51:22 +02:00
$mail = mail ( $to , '=?utf-8?B?' . base64_encode ( $_POST [ 'subject' ]) . '?=' , wordwrap ( $_POST [ 'message' ], 76 , " \r \n " , false ), array ( 'From' => $from , 'Content-Type' => 'text/plain; charset=UTF-8' , 'Content-Transfer-Encoding' => '8bit' ));
if ( ! $mail ) {
2020-05-08 17:38:54 +02:00
$out = 'Errori nell’ invio della mail.<br>Puoi <a href="invite.php?id=' . $_POST [ 'id' ] . '">riprovare</a>.' ;
} elseif ( $dbchange ) {
if ( $_POST [ 'createacc' ] == 'true' ) {
mysqli_query ( $link , 'INSERT INTO Admins (ID, Username, Email, Password, Level, Page, MaxLocalities, MaxLanguages, MaxFinancing, MaxPolicies, MaxTags, Enabled) VALUES (NULL, \'' . myesc ( $link , $_POST [ 'guestname' ]) . '\', \'' . myesc ( $link , $_POST [ 'guestaddr' ]) . '\', \'' . myesc ( $link , password_hash ( $_POST [ 'password' ], PASSWORD_DEFAULT )) . '\', \'guest\', \'0\', \'1\', \'0\', \'3\', \'3\', \'3\', \'1\')' )
2020-05-01 06:51:22 +02:00
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
$accid = mysqli_insert_id ( $link );
} else {
2020-05-08 17:38:54 +02:00
$res = mysqli_query ( $link , 'SELECT * FROM Admins WHERE Email=\'' . myesc ( $link , $_POST [ 'guestaddr' ]) . '\'' )
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
if ( mysqli_num_rows ( $res ) == 0 )
muoribene ( __LINE__ . ': Non esiste alcun account con Email=“' . $_POST [ 'guestaddr' ] . '”.' , true );
2020-05-01 06:51:22 +02:00
$row = mysqli_fetch_assoc ( $res );
$accid = $row [ 'ID' ];
}
mysqli_query ( $link , 'UPDATE Instances SET GuestID=' . $accid . ' WHERE ID=' . $_POST [ 'id' ])
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
2020-05-08 17:38:54 +02:00
$out = 'TUTT’ OCCHEI!' ;
} else {
$out = 'La mail è stata inviata correttamente all’ indirizzo di test definito nella configurazione, «' . $to . '».<br>Nessuna modifica è stata apportata al database.' ;
2020-05-01 06:51:22 +02:00
}
2020-05-08 17:38:54 +02:00
$insturi = $_POST [ 'insturi' ];
2020-05-01 06:51:22 +02:00
} else {
muoribene ( 'Malformed input.' , true );
}
mysqli_close ( $link );
?>
<! DOCTYPE HTML >
< html lang = " it " >
< head >
2020-05-08 17:38:54 +02:00
< title > Mustard - Invito admin di « < ? php echo ( hspech ( $insturi )); ?> »</title>
2020-05-01 06:51:22 +02:00
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " >
< meta name = " description " content = " Admin pages for Mastodon Startpage " >
< meta name = " viewport " content = " width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no " >
< link rel = " icon " type = " image/png " href = " imgs/icona-32.png " sizes = " 32x32 " >
< link rel = " icon " type = " image/png " href = " imgs/icona-192.png " sizes = " 192x192 " >
< link rel = " icon " type = " image/png " href = " imgs/icona-512.png " sizes = " 512x512 " >
< link rel = " apple-touch-icon-precomposed " href = " imgs/icona-180.png " >
< link rel = " stylesheet " type = " text/css " href = " theme.css?v=<?php echo( $cjrand ); ?> " >
< script language = " JavaScript " src = " js/menu.js?v=<?php echo( $cjrand ); ?> " ></ script >
< script language = " JavaScript " src = " js/alerta.js?v=<?php echo( $cjrand ); ?> " ></ script >
< script language = " JavaScript " >
<!--
function send () {
var errors = '' ;
if ( document . getElementById ( 'subject' ) . value . trim () == '' ) errors += '<li>Destinatario non definito</li>' ;
if ( document . getElementById ( 'message' ) . value . trim () == '' ) errors += '<li>Il messaggio è vuoto</li>' ;
if ( errors != '' ) {
alerta ( 'Errore' , '<ul>' + errors + '</ul>' );
return ( false );
} else {
document . getElementById ( 'f' ) . submit ();
}
}
//-->
</ script >
</ head >
< body >
< nav >
< div id = " hmenu " >
< ul >
< ? php echo ( $menuout ); ?>
</ ul >
2020-05-08 17:38:54 +02:00
< div class = " mtit " > Invito admin di « < ? php echo ( hspech ( $insturi )); ?> »</div>
2020-05-01 06:51:22 +02:00
< div id = " rightdiv " >
< img src = " imgs/esci.svg " class = " rlinks " title = " Esci " onclick = " document.location.href='logout.php'; " >
</ div >
</ div >
</ nav >
< div id = " popup " >
< div id = " inpopup " >
< div id = " popupcont " >
...
</ div >
</ div >
</ div >
<!-- < div id = " footer " >
</ div > -->
< div id = " fullscreen " >
< div id = " middlerow " >
< ? php
echo ( $out );
?>
</ div >
</ div >
< div id = " debug " >
< ? php echo ( $dbg ); ?>
</ div >
</ body >
</ html >