1
0
Derivar 0
MastodonStartpage/web/mustard/invite.php
pezcurrel 1ae0e3c71b ...
2020-05-08 17:38:54 +02:00

211 linhas
8,6 KiB
PHP

Este ficheiro contém caracteres Unicode ambíguos

Este ficheiro contém caracteres Unicode que podem ser confundidos com outros caracteres. Se acha que é intencional, pode ignorar este aviso com segurança. Use o botão Revelar para os mostrar.

<?php
require('include/glob.php');
require('include/muoribene.php');
require('include/sessionstart.php');
require('include/myconn.php');
require('include/getadmacc.php');
if ($account['Level']=='guest')
muoribene('Sorry, you are not authorized.',true);
require('include/jsencode.php');
require('include/menu.php');
$menu['menu']['selected']=true;
$menu['menu']['submenu']['instances']['selected']=true;
buildmenu($menu);
$dbg='';
use function mysqli_real_escape_string as myesc;
// praticamente una macro
function hspech($str) {
return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
}
require('include/randstr.php');
function parsetempline($line,$substarr) {
$patterns=array('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/');
return(preg_replace($patterns,$substarr,$line));
}
if (array_key_exists('id',$_GET) && preg_match('/^[0-9]+$/',$_GET['id'])===1) {
$_GET['id']+=0;
$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$_GET['id'])
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)!=1)
muoribene('Non esiste alcuna istanza con ID='.$_GET['id'].'.',true);
$inst=mysqli_fetch_assoc($res);
if (trim($inst['Email'])=='')
muoribene('Nessun indirizzo email è definito per questa istanza.',true);
$createacc='false';
if (!is_null($inst['GuestID'])) {
$res=mysqli_query($link,'SELECT * FROM Admins WHERE ID='.$inst['GuestID'])
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)==0)
muoribene('Non esiste alcun account con ID='.$inst['GuestID'].'.',true);
$templfp='mailtemplates/reminder';
} else {
$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$inst['Email']).'\'')
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)==0) {
$templfp='mailtemplates/first_invitation';
$createacc='true';
} else {
$templfp='mailtemplates/more_instances';
}
}
$templ=file($templfp,FILE_IGNORE_NEW_LINES);
if ($templ===false)
muoribene('Impossibile aprire «'.$templfp.'».',true);
$out='<form action="invite.php" method="post" id="f" onsubmit="return send();">'.N;
$out.='<table class="bigtab">'.N;
$out.='<tbody>'.N;
$out.='<tr><td class="insthead">Email di invito</td></tr>'.N;
$out.='<tr><td>'.N;
if (trim($inst['AdmDisplayName'])!='')
$admname=$inst['AdmDisplayName'];
elseif (trim($inst['AdmAccount'])!='')
$admname=$inst['AdmAccount'];
else
$admname='';
$haddress=$inst['Email'];
if ($admname!='') $haddress=$admname.' <'.$haddress.'>';
$madmname='';
if ($admname!='') $madmname=' '.$admname;
if ($admname=='') $admname='Unknown';
$password=randstr(16);
define('RN',"\r\n");
//('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/')
$subj=parsetempline($templ[0],array($inst['URI'],$madmname,$inst['Email'],$password,$iniarr['site_domain']));
$message='';
for ($i=2; $i<count($templ); $i++)
$message.=parsetempline($templ[$i],array($inst['URI'],$madmname,$inst['Email'],$password,$iniarr['site_domain'])).RN;
$out.='<div class="mailheader"><strong>Mittente:</strong> '.hspech($iniarr['ref_name']).' '.hspech('<'.$iniarr['ref_email'].'>').'</div>'.N;
$out.='<div class="mailheader"><strong>Destinatario:</strong> '.hspech($haddress).'</div>'.N;
$out.='<div class="mailheader"><strong>Oggetto:</strong> <input type="text" id="subject" name="subject" class="mailsubj" value="'.hspech($subj).'"></div>'.N;
$out.='<textarea id="message" name="message" rows="20" class="mailmsg">'.hspech($message).'</textarea>'.N;
$out.='<input type="button" value="Invia" class="mailbut" onclick="send();">'.N;
$out.='<input type="hidden" name="id" value="'.$inst['ID'].'">'.N;
$out.='<input type="hidden" name="insturi" value="'.hspech($inst['URI']).'">'.N;
$out.='<input type="hidden" name="password" value="'.hspech($password).'">'.N;
$out.='<input type="hidden" name="to" value="'.hspech($haddress).'">'.N;
$out.='<input type="hidden" name="guestname" value="'.hspech($admname).'">'.N;
$out.='<input type="hidden" name="guestaddr" value="'.hspech($inst['Email']).'">'.N;
$out.='<input type="hidden" name="createacc" value="'.$createacc.'">'.N;
$out.='</td></tr>'.N;
$out.='</tbody>'.N;
$out.='</table>'.N;
$out.='</form>'.N;
$insturi=$inst['URI'];
} elseif (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1 && array_key_exists('insturi',$_POST) && trim($_POST['insturi'])!='' && array_key_exists('subject',$_POST) && trim($_POST['subject'])!='' && array_key_exists('to',$_POST) && trim($_POST['to'])!='' && array_key_exists('message',$_POST) && trim($_POST['message'])!='' && array_key_exists('password',$_POST) && trim($_POST['password'])!='' && array_key_exists('guestaddr',$_POST) && trim($_POST['guestaddr'])!='' && array_key_exists('createacc',$_POST) && preg_match('/^true|false$/',$_POST['createacc'])===1) {
$_POST['id']+=0;
$from=$iniarr['ref_name'].' <'.$iniarr['ref_email'].'>';
$to=$_POST['to'];
$dbchange=true;
//questo per far provette d'invio mail senza toccare il db
if ($iniarr['mail_test_address']==false || trim($iniarr['mail_test_address'])=='') {
$to=$iniarr['mail_test_address'];
$dbchange=false;
}
$mail=mail($to,'=?utf-8?B?'.base64_encode($_POST['subject']).'?=',wordwrap($_POST['message'],76,"\r\n",false),array('From'=>$from,'Content-Type'=>'text/plain; charset=UTF-8','Content-Transfer-Encoding'=>'8bit'));
if (!$mail) {
$out='Errori nellinvio della mail.<br>Puoi <a href="invite.php?id='.$_POST['id'].'">riprovare</a>.';
} elseif ($dbchange) {
if ($_POST['createacc']=='true') {
mysqli_query($link,'INSERT INTO Admins (ID, Username, Email, Password, Level, Page, MaxLocalities, MaxLanguages, MaxFinancing, MaxPolicies, MaxTags, Enabled) VALUES (NULL, \''.myesc($link,$_POST['guestname']).'\', \''.myesc($link,$_POST['guestaddr']).'\', \''.myesc($link,password_hash($_POST['password'],PASSWORD_DEFAULT)).'\', \'guest\', \'0\', \'1\', \'0\', \'3\', \'3\', \'3\', \'1\')')
or muoribene(__LINE__.': '.mysqli_error($link),true);
$accid=mysqli_insert_id($link);
} else {
$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$_POST['guestaddr']).'\'')
or muoribene(__LINE__.': '.mysqli_error($link),true);
if (mysqli_num_rows($res)==0)
muoribene(__LINE__.': Non esiste alcun account con Email=“'.$_POST['guestaddr'].'”.',true);
$row=mysqli_fetch_assoc($res);
$accid=$row['ID'];
}
mysqli_query($link,'UPDATE Instances SET GuestID='.$accid.' WHERE ID='.$_POST['id'])
or muoribene(__LINE__.': '.mysqli_error($link),true);
$out='TUTTOCCHEI!';
} else {
$out='La mail è stata inviata correttamente allindirizzo di test definito nella configurazione, «'.$to.'».<br>Nessuna modifica è stata apportata al database.';
}
$insturi=$_POST['insturi'];
} else {
muoribene('Malformed input.',true);
}
mysqli_close($link);
?>
<!DOCTYPE HTML>
<html lang="it">
<head>
<title>Mustard - Invito admin di «<?php echo(hspech($insturi)); ?>»</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Admin pages for Mastodon Startpage">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">
<link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">
<link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">
<link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">
<link rel="stylesheet" type="text/css" href="theme.css?v=<?php echo($cjrand); ?>">
<script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>
<script language="JavaScript">
<!--
function send() {
var errors='';
if (document.getElementById('subject').value.trim()=='') errors+='<li>Destinatario non definito</li>';
if (document.getElementById('message').value.trim()=='') errors+='<li>Il messaggio è vuoto</li>';
if (errors!='') {
alerta('Errore','<ul>'+errors+'</ul>');
return(false);
} else {
document.getElementById('f').submit();
}
}
//-->
</script>
</head>
<body>
<nav>
<div id="hmenu">
<ul>
<?php echo($menuout); ?>
</ul>
<div class="mtit">Invito admin di «<?php echo(hspech($insturi)); ?>»</div>
<div id="rightdiv">
<img src="imgs/esci.svg" class="rlinks" title="Esci" onclick="document.location.href='logout.php';">
</div>
</div>
</nav>
<div id="popup">
<div id="inpopup">
<div id="popupcont">
...
</div>
</div>
</div>
<!-- <div id="footer">
</div> -->
<div id="fullscreen">
<div id="middlerow">
<?php
echo($out);
?>
</div>
</div>
<div id="debug">
<?php echo($dbg); ?>
</div>
</body>
</html>