goodoldpaul/MastodonStartpage
1
0
Fork 0
Code Releases Activity
MastodonStartpage/web/mustard/invite.php
pezcurrel 85876775c4 ...
2020-05-07 07:24:56 +02:00

191 lines
7.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
require('include/glob.php');
require('include/muoribene.php');
require('include/sessionstart.php');
require('include/myconn.php');
require('include/getadmacc.php');
if ($account['Level']=='guest')
muoribene('Sorry, you are not authorized.',true);
require('include/jsencode.php');
require('include/menu.php');
$menu['menu']['selected']=true;
$menu['menu']['submenu']['instances']['selected']=true;
buildmenu($menu);
$dbg='';
use function mysqli_real_escape_string as myesc;
// praticamente una macro
function hspech($str) {
return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
}
require('include/randstr.php');
if (array_key_exists('id',$_GET) && preg_match('/^[0-9]+$/',$_GET['id'])===1) {
$_GET['id']+=0;
$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$_GET['id'])
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)!=1)
muoribene('Non esiste alcuna istanza con ID='.$_GET['id'].'.',true);
$inst=mysqli_fetch_assoc($res);
if (trim($inst['Email'])=='')
muoribene('Nessun indirizzo email è definito per questa istanza.',true);
$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$inst['Email']).'\'')
or muoribene(__LINE__.': '.mysqli_error($link),true);
(mysqli_num_rows($res)==0) ? $mode='create' : $mode='update';
$out='<form action="invite.php" method="post" id="f" onsubmit="return send();">'.N;
$out.='<table class="bigtab">'.N;
$out.='<tbody>'.N;
$out.='<tr><td class="insthead">Email di invito</td></tr>'.N;
$out.='<tr><td>'.N;
$out.='<div class="mailheader"><strong>Mittente:</strong> '.hspech($iniarr['ref_name']).' '.hspech('<'.$iniarr['ref_email'].'>').'</div>'.N;
if (trim($inst['AdmDisplayName'])!='')
$admname=$inst['AdmDisplayName'];
elseif (trim($inst['AdmAccount'])!='')
$admname=$inst['AdmAccount'];
else
$admname='';
$haddress=$inst['Email'];
if ($admname!='') $haddress=$admname.' <'.$haddress.'>';
$out.='<div class="mailheader"><strong>Destinatario:</strong> '.hspech($haddress).'</div>'.N;
$out.='<div class="mailheader"><strong>Oggetto:</strong> <input type="text" id="subject" name="subject" class="mailsubj" value="'.hspech($inst['URI']).' in our search engine"></div>'.N;
$madmname='';
if ($admname!='') $madmname=' '.$admname;
$password=randstr(16);
define('RN',"\r\n");
if ($mode=='create')
$message='Hello'.hspech($madmname).','.RN.'we are a little group of italian people who are trying to create a search engine for Mastodon instances.'.RN.'Wed like you to ....'.RN.RN.'Your login data:'.RN.RN.'Username: '.$inst['Email'].RN.'Password: '.hspech($password).RN.RN.'Kind regards'.RN;
else
$message='Hello'.hspech($madmname).','.RN.'we already contacted you ...';
$out.='<textarea id="message" name="message" rows="20" class="mailmsg">'.$message.'</textarea>'.N;
$out.='<input type="button" value="Crea laccount e invia la mail di invito" class="mailbut" onclick="send();">'.N;
$out.='<input type="hidden" name="id" value="'.$inst['ID'].'">'.N;
$out.='<input type="hidden" name="password" value="'.hspech($password).'">'.N;
//$out.='<input type="hidden" name="mode" value="'.$mode.'">'.N;
$out.='</td></tr>'.N;
$out.='</tbody>'.N;
$out.='</table>'.N;
$out.='</form>'.N;
} elseif (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1 && array_key_exists('subject',$_POST) && trim($_POST['subject'])!='' && array_key_exists('message',$_POST) && trim($_POST['message'])!='' && array_key_exists('password',$_POST) && trim($_POST['password'])!='') {
$_POST['id']+=0;
//echo('<pre>'.print_r($_POST,1).'</pre>'.N);
$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$_POST['id'])
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)!=1)
muoribene('Non esiste alcuna istanza con ID='.$_GET['id'],true);
$inst=mysqli_fetch_assoc($res);
if (trim($inst['AdmDisplayName'])!='') {
$admname=$inst['AdmDisplayName'];
$to=$inst['AdmDisplayName'];
} elseif (trim($inst['AdmAccount'])!='') {
$admname=$inst['AdmAccount'];
$to=$inst['AdmAccount'];
} else {
$admname='Unknown';
$to='';
}
if (trim($inst['Email'])!='')
if ($to=='')
$to=$inst['Email'];
else
$to.=' <'.$inst['Email'].'>';
else
muoribene('Nessun indirizzo email è definito per questa istanza.',true);
$to='pezcurrel@tiscali.it';
$from=$iniarr['ref_name'].' <'.$iniarr['ref_email'].'>';
$mail=mail($to,'=?utf-8?B?'.base64_encode($_POST['subject']).'?=',wordwrap($_POST['message'],76,"\r\n",false),array('From'=>$from,'Content-Type'=>'text/plain; charset=UTF-8','Content-Transfer-Encoding'=>'8bit'));
if (!$mail) {
$out='Non è stato possibile inviare lemail.<br>Puoi <a href="invite.php?id='.$inst['ID'].'">riprovare</a>.';
} else {
$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$inst['Email']).'\'')
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)==0) {
mysqli_query($link,'INSERT INTO Admins (ID, Username, Email, Password, Level, Page, MaxLocalities, MaxLanguages, MaxFinancing, MaxPolicies, MaxTags) VALUES (NULL, \''.myesc($link,$admname).'\', \''.myesc($link,$inst['Email']).'\', \''.myesc($link,password_hash($_POST['password'],PASSWORD_DEFAULT)).'\', \'guest\', \'0\', \'1\', \'0\', \'3\', \'3\', \'3\')')
or muoribene(__LINE__.': '.mysqli_error($link),true);
$accid=mysqli_insert_id($link);
} else {
$row=mysqli_fetch_assoc($res);
$accid=$row['ID'];
}
mysqli_query($link,'UPDATE Instances SET GuestID='.$accid.' WHERE ID='.$_POST['id'])
or muoribene(__LINE__.': '.mysqli_error($link),true);
}
} else {
muoribene('Malformed input.',true);
}
mysqli_close($link);
?>
<!DOCTYPE HTML>
<html lang="it">
<head>
<title>Mustard - Invito admin di «<?php echo(hspech($inst['URI'])); ?>»</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Admin pages for Mastodon Startpage">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">
<link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">
<link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">
<link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">
<link rel="stylesheet" type="text/css" href="theme.css?v=<?php echo($cjrand); ?>">
<script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript">
<!--
function send() {
var errors='';
if (document.getElementById('subject').value.trim()=='') errors+='<li>Destinatario non definito</li>';
if (document.getElementById('message').value.trim()=='') errors+='<li>Il messaggio è vuoto</li>';
if (errors!='') {
alerta('Errore','<ul>'+errors+'</ul>');
return(false);
} else {
document.getElementById('f').submit();
}
}
//-->
</script>
</head>
<body>
<nav>
<div id="hmenu">
<ul>
<?php echo($menuout); ?>
</ul>
<div class="mtit">Invito admin di «<?php echo(hspech($inst['URI'])); ?>»</div>
<div id="rightdiv">
<img src="imgs/esci.svg" class="rlinks" title="Esci" onclick="document.location.href='logout.php';">
</div>
</div>
</nav>
<div id="popup">
<div id="inpopup">
<div id="popupcont">
...
</div>
</div>
</div>
<!-- <div id="footer">
</div> -->
<div id="fullscreen">
<div id="middlerow">
<?php
echo($out);
?>
</div>
</div>
<div id="debug">
<?php echo($dbg); ?>
</div>
</body>
</html>
View git blame Copy permalink