File: /hosting/www/kipepeo.es/public/Fotos/ecard.php
<?php
/**
* Coppermine Photo Gallery
*
* v1.0 originally written by Gregory Demar
*
* @copyright Copyright (c) 2003-2020 Coppermine Dev Team
* @license GNU General Public License version 3 or later; see LICENSE
*
* ecard.php
* @since 1.6.08
*/
define('IN_COPPERMINE', true);
define('ECARDS_PHP', true);
define('SMILIES_PHP', true);
require('include/init.inc.php');
require('include/smilies.inc.php');
if (!USER_CAN_SEND_ECARDS) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$icon_array['ok'] = cpg_fetch_icon('ok', 1);
$icon_array['ecard'] = cpg_fetch_icon('mail', 2);
$icon_array['preview'] = cpg_fetch_icon('search', 1);
$icon_array['preview_table'] = cpg_fetch_icon('search', 2);
function get_post_var($name, $default = '')
{
$superCage = Inspekt::makeSuperCage();
if ($superCage->post->keyExists($name)) {
return $superCage->post->getEscaped($name);
} else {
return $default;
}
}
$pid = $superCage->get->getInt('pid');
$album = $superCage->get->getInt('album');
$pos = $superCage->get->getInt('pos');
$sender_name = get_post_var('sender_name', USER_NAME ? USER_NAME : (isset($USER['name']) ? $USER['name'] : ''));
if (USER_ID) {
$USER_DATA = array_merge($USER_DATA, $cpg_udb->get_user_infos(USER_ID));
}
if ($USER_DATA['user_email']) {
$sender_email = $USER_DATA['user_email'];
$sender_box = $sender_email;
} else {
$sender_email = get_post_var('sender_email', $USER['email'] ? $USER['email'] : '');
$sender_box = "<input type=\"text\" class=\"textinput\" value=\"$sender_email\" name=\"sender_email\" style=\"width: 100%;\" />";
}
$recipient_name = get_post_var('recipient_name');
$recipient_email = get_post_var('recipient_email');
$greetings = get_post_var('greetings');
$message = get_post_var('message');
$sender_email_warning = '';
$recipient_email_warning = '';
// Get picture thumbnail url
$result = cpg_db_query("SELECT url_prefix, filepath, filename, title, caption, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} AS p WHERE pid='$pid' $FORBIDDEN_SET");
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$row = $result->fetchAssoc(true);
$thumb_pic_url = get_pic_url($row, 'thumb');
$normal_pic_url = get_pic_url($row, 'normal');
if (strpos($normal_pic_url, 'thumb_nopic.png') > 0) {
$normal_pic_url = get_pic_url($row, 'fullsize');
}
$pic_title = $row['title'];
$pic_caption = $row['caption'];
if (!is_image($row['filename'])) {
if (!is_flash($row['filename'])) {
// The file is neither image nor flash
if ($CONFIG['ecard_flash'] != 0) {
cpg_die(ERROR, $lang_ecard_php['error_not_image_flash'], __FILE__, __LINE__);
} else {
cpg_die(ERROR, $lang_ecard_php['error_not_image'], __FILE__, __LINE__);
}
} elseif ($CONFIG['ecard_flash'] == 0) {
// The file IS flash, but flash ecards are not enabled
cpg_die(ERROR, $lang_ecard_php['error_not_image'], __FILE__, __LINE__);
}
}
$gallery_url_prefix = $CONFIG['ecards_more_pic_target']. (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
$thumb_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);
if (is_flash($row['filename'])) {
$markup_picname = get_pic_url($row, 'fullsize');
if (!stristr($markup_picname, 'http:')) {
$markup_picname = $gallery_url_prefix . $markup_picname;
}
$pic_markup = <<<EOT
<object id="SWFlash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" type="application/x-shockwave-flash" width="{$thumb_size['width']}" height="{$thumb_size['height']}">
<param name="autostart" value="true" />
<param name="src" value="{$markup_picname}" />
</object>
EOT;
} else {
if (!stristr($normal_pic_url, 'http:')) {
$normal_pic_url = $gallery_url_prefix . $normal_pic_url;
}
$pic_markup = '<img src="'.$normal_pic_url.'" alt="" vspace="8" border="0" class="image" />';
}
// Check supplied email address
$valid_sender_email = Inspekt::isEmail($sender_email);
$valid_recipient_email = Inspekt::isEmail($recipient_email);
if (!$valid_sender_email && $superCage->post->keyExists('sender_name')) {
$sender_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</div>';
}
if (!$valid_recipient_email && $superCage->post->keyExists('sender_name')) {
$recipient_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</div>';
}
$gallery_url_prefix = $CONFIG['ecards_more_pic_target']. (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
pageheader($lang_ecard_php['title']);
if ($superCage->post->keyExists('submit')) {
//Check if the form token is valid
if(!checkFormToken()){
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
// Create and send the e-card
if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) {
if (($CONFIG['ecard_captcha'] == 1) || ($CONFIG['ecard_captcha'] == 2 && !USER_ID)) {
if (!captcha_plugin_enabled('ecard')) {
require("include/captcha.inc.php");
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
if ($CONFIG['log_mode'] != 0) {
log_write('Captcha authentication for ecard failed for user '.$USER_DATA['user_name'].' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__);
}
} else {
CPGPluginAPI::action('captcha_ecard_validate', null);
}
}
require('include/mailer.inc.php');
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) {
$n_picname = $gallery_url_prefix . $n_picname;
}
$msg_content = process_smilies($message, $gallery_url_prefix);
$data = array(
'rn' => $superCage->post->noTags('recipient_name'),
'sn' => $superCage->post->noTags('sender_name'),
'se' => $sender_email,
'p' => $n_picname,
'g' => $greetings,
'm' => $message,
'pid' => $pid,
'pt' => $pic_title,
'pc' => $pic_caption,
);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array(
'{LANG_DIR}' => $lang_text_dir,
'{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name),
'{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
'{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data=$encoded_data",
'{VIEW_ECARD_LNK}' => $lang_ecard_php['view_ecard'],
'{VIEW_ECARD_LNK_PLAINTEXT}' => $lang_ecard_php['view_ecard_plaintext'],
'{PIC_URL}' => $n_picname,
'{URL_PREFIX}' => $gallery_url_prefix,
'{GREETINGS}' => $greetings,
'{MESSAGE}' => bb_decode($msg_content),
'{PLAINTEXT_MESSAGE}' => $message,
'{SENDER_EMAIL}' => $sender_email,
'{SENDER_NAME}' => $sender_name,
'{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
'{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'],
'{PID}' => $pid,
'{PIC_TITLE}' => $pic_title,
'{PIC_CAPTION}' => bb_decode($pic_caption),
'{PIC_MARKUP}' => $pic_markup,
);
$message = template_eval($template_ecard, $params);
$plaintext_message = template_eval($template_ecard_plaintext, $params);
$tempTime = time();
$message .= sprintf($lang_ecard_php['ecards_footer'], $sender_name, $raw_ip, localised_date(-1, $lang_date['comment']));
$subject = sprintf($lang_ecard_php['ecard_title'], $sender_name);
$result = cpg_mail($recipient_email, $subject, $message, 'text/html', $sender_name, $sender_email, $plaintext_message);
if (!USER_ID) {
$USER['name'] = $sender_name;
$USER['email'] = $sender_email;
}
if ($result) {
// write ecard log, only if mail was sent
if ($CONFIG['log_ecards'] == 1) {
$sender_name = addslashes($sender_name);
$recipient_name = addslashes($recipient_name);
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email, recipient_name, recipient_email, link, date, sender_ip) VALUES ('$sender_name', '$sender_email', '$recipient_name', '$recipient_email', '$encoded_data', '$tempTime', '$raw_ip')");
}
msg_box($lang_common['information'], $lang_ecard_php['send_success'], $lang_common['continue'], "displayimage.php?album=$album&pid=$pid");
echo '<br />';
starttable('100%', $icon_array['preview_table'] . $lang_ecard_php['preview']);
echo '<tr><td>';
echo template_eval($template_ecard, $params);
echo '</td></tr>';
endtable();
pagefooter();
exit;
} else {
if ($CONFIG['log_mode'] != 0) {
log_write("Sending an ecard failed (sender name: $sender_name, sender email address: $sender_email, recipient name: $recipient_name, recipient email address: $recipient_email, IP: $raw_ip", CPG_MAIL_LOG);
}
cpg_die(ERROR, $lang_ecard_php['send_failed'], __FILE__, __LINE__);
}
}
} elseif ($superCage->post->keyExists('preview')) {
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) {
$n_picname = $gallery_url_prefix . $n_picname;
}
$msg_content = process_smilies($message, $gallery_url_prefix);
$data = array(
'sn' => $superCage->post->noTags('sender_name'),
'se' => $sender_email,
'p' => $n_picname,
'g' => $greetings,
'm' => $message,
'pid' => $pid,
'pt' => $pic_title,
'pc' => $pic_caption,
);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array(
'{LANG_DIR}' => $lang_text_dir,
'{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name),
'{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
'{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data=$encoded_data",
'{VIEW_ECARD_LNK}' => $lang_ecard_php['preview_view_ecard'],
'{PIC_URL}' => $n_picname,
'{URL_PREFIX}' => $gallery_url_prefix,
'{GREETINGS}' => $greetings,
'{MESSAGE}' => bb_decode($msg_content),
'{SENDER_EMAIL}' => $sender_email,
'{SENDER_NAME}' => $sender_name,
'{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
'{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'],
'{PID}' => $pid,
'{PIC_TITLE}' => $pic_title,
'{PIC_CAPTION}' => bb_decode($pic_caption),
'{PIC_MARKUP}' => $pic_markup,
);
$eccontent = template_eval($template_ecard, $params);
if (preg_match('#<body[^>]*>(.*)</body>#s', $eccontent, $matches)) {
$eccontent = $matches[1];
}
starttable('100%', $icon_array['preview_table'] . $lang_ecard_php['preview']);
echo '<tr><td>';
echo $eccontent;
echo '</td></tr>';
endtable();
echo '<br />';
}
if ($CONFIG['show_bbcode_help']) {
$captionLabel = ' '. cpg_display_help('f=empty.htm&h=lang_bbcode_help_title&t=lang_bbcode_help', 470, 245);
}
if ($row['pwidth'] == 0 || $row['pheight'] == 0) {
$row['pwidth'] = $CONFIG['thumb_width'];
$row['pheight'] = floor($CONFIG['thumb_width'] * 2 / 3);
}
$smilies = generate_smilies();
echo <<< EOT
<form method="post" name="post" id="cpgform" action="{$CPG_PHP_SELF}?album=$album&pid=$pid">
EOT;
starttable("100%", $icon_array['ecard'] . $lang_ecard_php['title'], 3);
echo <<<EOT
<tr>
<td class="tableh2" colspan="2">
<strong>{$lang_ecard_php['from']}</strong>
</td>
<td rowspan="6" align="center" valign="top" class="tableb">
EOT;
if (is_flash($row['filename'])) {
$n_picname = get_pic_url($row, 'fullsize');
echo <<< EOT
<object id="SWFlash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" type="application/x-shockwave-flash" width="{$thumb_size['width']}" height="{$thumb_size['height']}">
<param name="autostart" value="true" />
<param name="src" value="{$n_picname}" />
</object>
EOT;
} else {
echo <<< EOT
<a href="displayimage.php?pid=$pid">
<img src="$thumb_pic_url" width="{$thumb_size['width']}" height="{$thumb_size['height']}" alt="" vspace="8" border="0" class="image" />
</a>
EOT;
}
echo <<<EOT
</td>
</tr>
<tr>
<td class="tableb" valign="top" width="40%">
{$lang_ecard_php['your_name']}<br />
</td>
<td valign="top" class="tableb" width="60%">
<input type="text" class="textinput" name="sender_name" value="$sender_name" style="width: 100%;" /><br />
</td>
</tr>
<tr>
<td class="tableb" valign="top" width="40%">
{$lang_ecard_php['your_email']}<br />
</td>
<td valign="top" class="tableb" width="60%">
{$sender_box}
{$sender_email_warning}
</td>
</tr>
<tr>
<td class="tableh2" colspan="2">
<strong>{$lang_ecard_php['to']}</strong>
</td>
</tr>
<tr>
<td class="tableb" valign="top" width="40%">
{$lang_ecard_php['rcpt_name']}<br />
</td>
<td valign="top" class="tableb" width="60%">
<input type="text" class="textinput" name="recipient_name" value="$recipient_name" style="width: 100%;" /><br />
</td>
</tr>
<tr>
<td class="tableb" valign="top" width="40%">
{$lang_ecard_php['rcpt_email']}<br />
</td>
<td valign="top" class="tableb" width="60%">
<input type="text" class="textinput" name="recipient_email" value="$recipient_email" style="width: 100%;" /><br />
$recipient_email_warning
</td>
</tr>
<tr>
<td class="tableh2" colspan="3">
<strong>{$lang_ecard_php['greetings']}</strong>
</td>
</tr>
<tr>
<td class="tableb" colspan="3">
<input type="text" class="textinput" name="greetings" value="$greetings" style="width: 100%;" /><br />
</td>
</tr>
<tr>
<td class="tableh2" colspan="3">
<strong>{$lang_ecard_php['message']}$captionLabel</strong>
</td>
</tr>
<tr>
<td class="tableb" colspan="3" valign="top"><br />
<textarea name="message" class="textinput" rows="8" cols="40" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" style="width: 100%;">$message</textarea><br /><br />
</td>
</tr>
<tr>
<td class="tableb" colspan="3" valign="top">
$smilies
</td>
</tr>
EOT;
// captcha code
if (($CONFIG['ecard_captcha'] == 1) || ($CONFIG['ecard_captcha'] == 2 && !USER_ID)) {
$help = cpg_display_help('f=empty.htm&h=lang_common[captcha_help_title]&t=lang_common[captcha_help]', 470, 245);
$captcha_print = <<< EOT
<tr>
<td class="tableb">
{$lang_common['confirm']} {$help}
</td>
<td class="tableb" colspan="2">
<input type="text" name="confirmCode" id="confirmCode" size="5" maxlength="5" class="textinput" />
<img src="captcha.php" align="middle" border="0" alt="" />
</td>
</tr>
EOT;
$captcha_print = CPGPluginAPI::filter('captcha_ecard_print', $captcha_print);
echo $captcha_print;
}
echo <<< EOT
<tr>
<td colspan="3" align="center" class="tablef">
<button type="submit" class="button" name="preview" id="preview" value="{$lang_ecard_php['preview_button']}">{$icon_array['preview']}{$lang_ecard_php['preview_button']}</button>
<button type="submit" class="button" name="submit" id="submit" value="{$lang_ecard_php['submit_button']}">{$icon_array['ok']}{$lang_ecard_php['submit_button']}</button>
</td>
</tr>
EOT;
endtable();
list($timestamp, $form_token) = getFormToken();
echo <<< EOT
<input type="hidden" name="form_token" value="{$form_token}" />
<input type="hidden" name="timestamp" value="{$timestamp}" />
</form>
EOT;
pagefooter();
//EOF