Home Explore Help
Register Sign In
goodoldpaul
/
MastodonStartpage
1
0
Fork 0
Files
Branch: master
Branches Tags
MastodonStar...
/
web
/
mustard
/
invite.php

invite.php 8.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 
  1. <?php
    2. 

  2. 

  3. require('include/glob.php');
    4. 

  4. require('include/muoribene.php');
    5. 

  5. require('include/sessionstart.php');
    6. 

  6. require('include/myconn.php');
    7. 

  7. require('include/getadmacc.php');
    8. 

  8. if ($account['Level']=='guest')
    9. 

  9. 	muoribene('Sorry, you are not authorized.',true);
    10. 

  10. require('include/jsencode.php');
    11. 

  11. require('include/menu.php');
    12. 

  12. $menu['menu']['selected']=true;
    13. 

  13. $menu['menu']['submenu']['instances']['selected']=true;
    14. 

  14. buildmenu($menu);
    15. 

  15. 

  16. $dbg='';
    17. 

  17. 

  18. use function mysqli_real_escape_string as myesc;
    19. 

  19. 

  20. // praticamente una macro
    21. 

  21. function hspech($str) {
    22. 

  22. 	return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
    23. 

  23. }
    24. 

  24. 

  25. require('include/randstr.php');
    26. 

  26. 

  27. function parsetempline($line,$substarr) {
    28. 

  28. 	$patterns=array('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/');
    29. 

  29. 	return(preg_replace($patterns,$substarr,$line));
    30. 

  30. }
    31. 

  31. 

  32. if (array_key_exists('id',$_GET) && preg_match('/^[0-9]+$/',$_GET['id'])===1) {
    33. 

  33. 	$_GET['id']+=0;
    34. 

  34. 	$res=mysqli_query($link,'SELECT * FROM Instances WHERE ID='.$_GET['id'])
    35. 

  35. 		or muoribene(__LINE__.': '.mysqli_error($link),true);
    36. 

  36. 	if (mysqli_num_rows($res)!=1)
    37. 

  37. 		muoribene('Non esiste alcuna istanza con ID='.$_GET['id'].'.',true);
    38. 

  38. 	$inst=mysqli_fetch_assoc($res);
    39. 

  39. 	if (trim($inst['Email'])=='')
    40. 

  40. 		muoribene('Nessun indirizzo email è definito per questa istanza.',true);
    41. 

  41. 	$createacc='false';
    42. 

  42. 	if (!is_null($inst['GuestID'])) {
    43. 

  43. 		$res=mysqli_query($link,'SELECT * FROM Admins WHERE ID='.$inst['GuestID'])
    44. 

  44. 			or muoribene(__LINE__.': '.mysqli_error($link),true);
    45. 

  45. 		if (mysqli_num_rows($res)==0)
    46. 

  46. 			muoribene('Non esiste alcun account con ID='.$inst['GuestID'].'.',true);
    47. 

  47. 		$templfp='mailtemplates/reminder';
    48. 

  48. 	} else {
    49. 

  49. 		$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$inst['Email']).'\'')
    50. 

  50. 			or muoribene(__LINE__.': '.mysqli_error($link),true);
    51. 

  51. 		if (mysqli_num_rows($res)==0) {
    52. 

  52. 			$templfp='mailtemplates/first_invitation';
    53. 

  53. 			$createacc='true';
    54. 

  54. 		} else {
    55. 

  55. 			$templfp='mailtemplates/more_instances';
    56. 

  56. 		}
    57. 

  57. 	}
    58. 

  58. 	$templ=file($templfp,FILE_IGNORE_NEW_LINES);
    59. 

  59. 	if ($templ===false)
    60. 

  60. 		muoribene('Impossibile aprire «'.$templfp.'».',true);
    61. 

  61. 

  62. 	$out='<form action="invite.php" method="post" id="f" onsubmit="return send();">'.N;
    63. 

  63. 	$out.='<table class="bigtab">'.N;
    64. 

  64. 	$out.='<tbody>'.N;
    65. 

  65. 	$out.='<tr><td class="insthead">Email di invito</td></tr>'.N;
    66. 

  66. 	$out.='<tr><td>'.N;
    67. 

  67. 	if (trim($inst['AdmDisplayName'])!='')
    68. 

  68. 		$admname=$inst['AdmDisplayName'];
    69. 

  69. 	elseif (trim($inst['AdmAccount'])!='')
    70. 

  70. 		$admname=$inst['AdmAccount'];
    71. 

  71. 	else
    72. 

  72. 		$admname='';
    73. 

  73. 	$haddress=$inst['Email'];
    74. 

  74. 	if ($admname!='') $haddress=$admname.' <'.$haddress.'>';
    75. 

  75. 	$madmname='';
    76. 

  76. 	if ($admname!='') $madmname=' '.$admname;
    77. 

  77. 	if ($admname=='') $admname='Unknown';
    78. 

  78. 	$password=randstr(16);
    79. 

  79. 	define('RN',"\r\n");
    80. 

  80. 	//('/%guestinsturi/','/%guestname/','/%guestemail/','/%guestpassword/','/%ourdomain/')
    81. 

  81. 	$subj=parsetempline($templ[0],array($inst['URI'],$madmname,$inst['Email'],$password,$iniarr['site_domain']));
    82. 

  82. 	$message='';
    83. 

  83. 	for ($i=2; $i<count($templ); $i++)
    84. 

  84. 		$message.=parsetempline($templ[$i],array($inst['URI'],$madmname,$inst['Email'],$password,$iniarr['site_domain'])).RN;
    85. 

  85. 

  86. 	$out.='<div class="mailheader"><strong>Mittente:</strong> '.hspech($iniarr['ref_name']).' '.hspech('<'.$iniarr['ref_email'].'>').'</div>'.N;
    87. 

  87. 	$out.='<div class="mailheader"><strong>Destinatario:</strong> '.hspech($haddress).'</div>'.N;
    88. 

  88. 	$out.='<div class="mailheader"><strong>Oggetto:</strong> <input type="text" id="subject" name="subject" class="mailsubj" value="'.hspech($subj).'"></div>'.N;
    89. 

  89. 	$out.='<textarea id="message" name="message" rows="20" class="mailmsg">'.hspech($message).'</textarea>'.N;
    90. 

  90. 	$out.='<input type="button" value="Invia" class="mailbut" onclick="send();">'.N;
    91. 

  91. 	$out.='<input type="hidden" name="id" value="'.$inst['ID'].'">'.N;
    92. 

  92. 	$out.='<input type="hidden" name="insturi" value="'.hspech($inst['URI']).'">'.N;
    93. 

  93. 	$out.='<input type="hidden" name="password" value="'.hspech($password).'">'.N;
    94. 

  94. 	$out.='<input type="hidden" name="to" value="'.hspech($haddress).'">'.N;
    95. 

  95. 	$out.='<input type="hidden" name="guestname" value="'.hspech($admname).'">'.N;
    96. 

  96. 	$out.='<input type="hidden" name="guestaddr" value="'.hspech($inst['Email']).'">'.N;
    97. 

  97. 	$out.='<input type="hidden" name="createacc" value="'.$createacc.'">'.N;
    98. 

  98. 	$out.='</td></tr>'.N;
    99. 

  99. 	$out.='</tbody>'.N;
    100. 

  100. 	$out.='</table>'.N;
    101. 

  101. 	$out.='</form>'.N;
    102. 

  102. 	$insturi=$inst['URI'];
    103. 

  103. } elseif (array_key_exists('id',$_POST) && preg_match('/^[0-9]+$/',$_POST['id'])===1 && array_key_exists('insturi',$_POST) && trim($_POST['insturi'])!='' && array_key_exists('subject',$_POST) && trim($_POST['subject'])!='' && array_key_exists('to',$_POST) && trim($_POST['to'])!='' && array_key_exists('message',$_POST) && trim($_POST['message'])!='' && array_key_exists('password',$_POST) && trim($_POST['password'])!='' && array_key_exists('guestaddr',$_POST) && trim($_POST['guestaddr'])!='' && array_key_exists('createacc',$_POST) && preg_match('/^true|false$/',$_POST['createacc'])===1) {
    104. 

  104. 	$_POST['id']+=0;
    105. 

  105. 	$from=$iniarr['ref_name'].' <'.$iniarr['ref_email'].'>';
    106. 

  106. 	//questo per far provette d'invio mail senza toccare il db
    107. 

  107. 	if ($iniarr['mail_test_to']!=false && trim($iniarr['mail_test_to'])!='') {
    108. 

  108. 		$test=true;
    109. 

  109. 		$to=$iniarr['mail_test_to'];
    110. 

  110. 	} else {
    111. 

  111. 		$test=false;
    112. 

  112. 		$to=$_POST['to'];
    113. 

  113. 	}
    114. 

  114. 	$mail=mail($to,'=?utf-8?B?'.base64_encode($_POST['subject']).'?=',wordwrap($_POST['message'],76,"\r\n",false),array('From'=>$from,'Content-Type'=>'text/plain; charset=UTF-8','Content-Transfer-Encoding'=>'8bit'));
    115. 

  115. 	if (!$mail)	{
    116. 

  116. 		$out='<div class="message">Errori nell’invio della mail.<br>Puoi <a href="invite.php?id='.$_POST['id'].'">riprovare</a>.</div>'.N;
    117. 

  117. 	} elseif (!$test) {
    118. 

  118. 		if ($_POST['createacc']=='true') {
    119. 

  119. 			mysqli_query($link,'INSERT INTO Admins (ID, Username, Email, Password, Level, Page, MaxLocalities, MaxLanguages, MaxFinancing, MaxPolicies, MaxTags, Enabled) VALUES (NULL, \''.myesc($link,$_POST['guestname']).'\', \''.myesc($link,$_POST['guestaddr']).'\', \''.myesc($link,password_hash($_POST['password'],PASSWORD_DEFAULT)).'\', \'guest\', \'0\', \'1\', \'0\', \'3\', \'3\', \'3\', \'1\')')
    120. 

  120. 				or muoribene(__LINE__.': '.mysqli_error($link),true);
    121. 

  121. 			$accid=mysqli_insert_id($link);
    122. 

  122. 		} else {
    123. 

  123. 			$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.myesc($link,$_POST['guestaddr']).'\'')
    124. 

  124. 				or muoribene(__LINE__.': '.mysqli_error($link),true);
    125. 

  125. 			if (mysqli_num_rows($res)==0)
    126. 

  126. 				muoribene(__LINE__.': Non esiste alcun account con Email=“'.$_POST['guestaddr'].'”.',true);
    127. 

  127. 			$row=mysqli_fetch_assoc($res);
    128. 

  128. 			$accid=$row['ID'];
    129. 

  129. 		}
    130. 

  130. 		mysqli_query($link,'UPDATE Instances SET GuestID='.$accid.' WHERE ID='.$_POST['id'])
    131. 

  131. 			or muoribene(__LINE__.': '.mysqli_error($link),true);
    132. 

  132. 		$out='<div class="message">La mail è stata inviata correttamente all’indirizzo «'.$to.'».<br>L’account relativo è stato creato/aggiornato correttamente.</div>'.N;
    133. 

  133. 	} else {
    134. 

  134. 		$out='<div class="message">La mail è stata inviata correttamente all’indirizzo di test «'.$to.'».<br>Nessun account è stato creato/aggiornato.<br>Se vuoi abilitare l’invio ai destinatari reali e la creazione o l’aggiornamento degli account relativi devi editare il file di configurazione di Mustard.</div>'.N;
    135. 

  135. 	}
    136. 

  136. 	$insturi=$_POST['insturi'];
    137. 

  137. } else {
    138. 

  138. 	muoribene('Malformed input.',true);
    139. 

  139. }
    140. 

  140. 

  141. mysqli_close($link);
    142. 

  142. 

  143. ?>
    144. 

  144. <!DOCTYPE HTML>
    145. 

  145. <html lang="it">
    146. 

  146. <head>
    147. 

  147. <title>Mustard - Invito admin di «<?php echo(hspech($insturi)); ?>»</title>
    148. 

  148. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    149. 

  149. <meta name="description" content="Admin pages for Mastodon Startpage">
    150. 

  150. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
    151. 

  151. <link rel="icon" type="image/png" href="imgs/icona-32.png" sizes="32x32">
    152. 

  152. <link rel="icon" type="image/png" href="imgs/icona-192.png" sizes="192x192">
    153. 

  153. <link rel="icon" type="image/png" href="imgs/icona-512.png" sizes="512x512">
    154. 

  154. <link rel="apple-touch-icon-precomposed" href="imgs/icona-180.png">
    155. 

  155. <link rel="stylesheet" type="text/css" href="theme.css?v=<?php echo($cjrand); ?>">
    156. 

  156. <script language="JavaScript" src="js/menu.js?v=<?php echo($cjrand); ?>"></script>
    157. 

  157. <script language="JavaScript" src="js/alerta.js?v=<?php echo($cjrand); ?>"></script>
    158. 

  158. <script language="JavaScript">
    159. 

  159. <!--
    160. 

  160. function send() {
    161. 

  161. 	var errors='';
    162. 

  162. 	if (document.getElementById('subject').value.trim()=='') errors+='<li>Destinatario non definito</li>';
    163. 

  163. 	if (document.getElementById('message').value.trim()=='') errors+='<li>Il messaggio è vuoto</li>';
    164. 

  164. 	if (errors!='') {
    165. 

  165. 		alerta('Errore','<ul>'+errors+'</ul>');
    166. 

  166. 		return(false);
    167. 

  167. 	} else {
    168. 

  168. 		document.getElementById('f').submit();
    169. 

  169. 	}
    170. 

  170. }
    171. 

  171. //-->
    172. 

  172. </script>
    173. 

  173. </head>
    174. 

  174. <body>
    175. 

  175. 

  176. <nav>
    177. 

  177. <div id="hmenu">
    178. 

  178. <ul>
    179. 

  179. <?php echo($menuout); ?>
    180. 

  180. </ul>
    181. 

  181. <div class="mtit">Invito admin di «<?php echo(hspech($insturi)); ?>»</div>
    182. 

  182. <div id="rightdiv">
    183. 

  183. <img src="imgs/esci.svg" class="rlinks" title="Esci" onclick="document.location.href='logout.php';">
    184. 

  184. </div>
    185. 

  185. </div>
    186. 

  186. </nav>
    187. 

  187. 

  188. <div id="popup">
    189. 

  189. <div id="inpopup">
    190. 

  190. <div id="popupcont">
    191. 

  191. ...
    192. 

  192. </div>
    193. 

  193. </div>
    194. 

  194. </div>
    195. 

  195. 

  196. <!-- <div id="footer">
    197. 

  197. </div> -->
    198. 

  198. 

  199. <div id="fullscreen">
    200. 

  200. <div id="middlerow">
    201. 

  201. <?php
    202. 

  202. echo($out);
    203. 

  203. ?>
    204. 

  204. </div>
    205. 

  205. </div>
    206. 

  206. 

  207. <div id="debug">
    208. 

  208. <?php echo($dbg); ?>
    209. 

  209. </div>
    210. 

  210. 

  211. </body>
    212. 

  212. </html>
    213.