|
|
|
$privatekey = $params->get( 'privkey' );
// the response from reCAPTCHA
$resp = null;
// the error code from reCAPTCHA, if any
$error = null;
// was there a reCAPTCHA response?
$recaptcha_response_field = JRequest::getVar('recaptcha_response_field', '', 'post', 'string');
//if ($_POST["recaptcha_response_field"]) {
if ( $recaptcha_response_field !='' ) {
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
//$_POST["recaptcha_response_field"]);
$recaptcha_response_field);
if (!$resp->is_valid) {
// set the error code so that we can display it
$error = $resp->error;
JError::raiseWarning(0, $error );
return $this->invite ();
}
} else {
JError::raiseWarning(0, 'Captcha' );
return $this->invite ();
}
}
// An array of e-mail headers we do not want to allow as input
$headers = array ( 'Content-Type:',
'MIME-Version:',
'Content-Transfer-Encoding:',
'bcc:',
'cc:');
// An array of the input fields to scan for injected headers
$fields = array ('mailto',
'sender',
'from',
'subject',
);
/*
* Here is the meat and potatoes of the header injection test. We
* iterate over the array of form input and check for header strings.
* If we fine one, send an unauthorized header and die.
*/
foreach ($fields as $field)
{
foreach ($headers as $header)
{
if (strpos(@$_POST[$field], $header) !== false)
{
JError::raiseError(403, '');
}
}
}
/*
* Free up memory
*/
unset ($headers, $fields);
$imported_emails = $_POST['importedemails'];
$other_emails = JRequest::getString('other_recipients', '', 'post');
$sender = JRequest::getString('sender', '', 'post');
$custommessage = JRequest::getString('custommessage', '', 'post');
$subject = JText::_( 'AR_YOUAREINVITEDON' ) . " " . $SiteName;
// Check for a valid to address
$errorMail = false;
// build list emails
if($imported_emails=='' && $other_emails!='') {
$emails = $other_emails;
} elseif($other_emails=='' && $imported_emails!='') {
$emails = $imported_emails;
} elseif ( $imported_emails!='' && $other_emails!='') {
$emails = $imported_emails . "," . $other_emails;
} else {
$emails = "";
$errorMail = JText::_( 'AR_EMAIL_INVALID' );
JError::raiseWarning(0, $errorMail );
}
$emails = @explode( ',', $emails );
// Check for a valid from address
if ( ! $MailFrom || ! JMailHelper::isEmailAddress($MailFrom) )
{
$errorMail = JText::sprintf('AR_EMAIL_INVALID', $MailFrom);
JError::raiseWarning(0, $errorMail );
}
if ( $errorMail ) return $this->invite ();
// Build the message to send
$msg = JText :: _('AR_EMAIL_MSG_INVITE');
$body = sprintf( $msg, $SiteName, $sender, $link) . " \n" . $custommessage;
// Clean the email data
$subject = JMailHelper::cleanSubject($subject);
$body = JMailHelper::cleanBody($body);
// Limit
$max = $params->get( 'maxemailperinvite' );
$maxperday = $params->get( 'maxinvitesperday' );
$delay = intval($params->get( 'delaybetweeninvites' ));
$counter = 0;
$currentmaxperday = $model->_checkCurrentMaxPerDay( $_SERVER["REMOTE_ADDR"] );
$checkdelay = 1;
if ( $delay ) {
$checkdelay = $model->_checkLastInviteForDelay( $_SERVER["REMOTE_ADDR"], $delay );
}
if ( !$checkdelay ) {
$errorTime = JText :: _('AR_DELAY_BETWEEN_INVITES_INVALID');
JError::raiseWarning(0, $errorTime );
return $this->invite ();
}
if ( $currentmaxperday < $maxperday ) {
foreach ($emails as $email) {
$aEmails[0] = $model->_extractEmailsFromString($email);
$email= $aEmails[0][0];
if ( JMailHelper::isEmailAddress($email) ) {
$mailer =& JFactory::getMailer();
$mailer->setSender( array( $MailFrom, $FromName ) );
$mailer->setSubject( $subject);
$mailer->setBody($body);
$mailer->addRecipient( $email );
//if ( JUtility::sendMail($FromName, $MailFrom, $email, $subject, $body) === true ) {
if ( $mailer->Send() === true ) {
// Insert UserID, IP and email
$insert = $model->_insertInfos( $_SERVER["REMOTE_ADDR"], $email );
$counter++;
$currentmaxperday++;
}
if ( $counter==$max || $currentmaxperday==$maxperday ) break;
}
}
} else {
$maxperdaylimit = JText :: _('AR_MAXINVITESPERDAY') . " " . $maxperday ;
JError::raiseWarning(0, $maxperdaylimit );
return $this->invite ();
}
$view->assign('params', $params );
// Display
$view->_display_sent( $counter );
}
}
?>
Invite your friends to visit this website!
|
|
|
