Source

Selador / brain / portaladmin.php

Full commit
<?php

/* overview.php - Front-end code for the overview in admin pages
 *
 * Copyright (C) 2006-2010 Kevin Read, Simone Schaefer
 * Copyright (C) 2010 Markus Bender
 *
 * This file is part of Selador, a browser-based fantasy strategy game
 *
 * This program is distributed under the terms of the GNU Affero General Public License.
 *
 *
 *   Selador is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU Affero General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   any later version.
 *
 *   Selador is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU Affero General Public License for more details.
 *
 *   You should have received a copy of the GNU Affero General Public License
 *   along with Selador.  If not, see <http://www.gnu.org/licenses/>.
 **/

// Based on Kevin Roths RTE demo

require_once ("base_functions.php");
require_once ("base_outside.php");

$glob_log = array ();

require_once ("AuthDB.inc.php");
require_once ("mail.inc.php");

function rteSafe($strText) {
	//returns safe code for preloading in the RTE
	$tmpString = $strText;

	//convert all types of single quotes
	$tmpString = str_replace(chr(145), chr(39), $tmpString);
	$tmpString = str_replace(chr(146), chr(39), $tmpString);
	$tmpString = str_replace("'", "&#39;", $tmpString);

	//convert all types of double quotes
	$tmpString = str_replace(chr(147), chr(34), $tmpString);
	$tmpString = str_replace(chr(148), chr(34), $tmpString);
//	$tmpString = str_replace("\"", "\"", $tmpString);

	//replace carriage returns & line feeds
	$tmpString = str_replace(chr(10), " ", $tmpString);
	$tmpString = str_replace(chr(13), " ", $tmpString);

	return $tmpString;
}

$error = array ();

?>

<form name="MailForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" onsubmit="return submitForm();">
<input type="hidden" name="module" value="portal"><br>

<?php
if (isset ($_POST['sendmail']) || isset ($_POST['SendForReal']))
{
	$authdb = new AuthDB;
	$htmlbody = str_replace ("\\\"", "\"", $_POST['mailrte']);
	echo "HTML: ".htmlentities ($htmlbody)."<br>";
	$plaintextbody = strip_tags (str_replace ("<br />", "\n", str_replace ("\n", "", html_entity_decode ($htmlbody, ENT_QUOTES, "UTF-8"))));
	echo "Textmail:<pre>".$plaintextbody."</pre>";

	if (!isset ($_POST['subject']) || strlen ($_POST['subject']) < 5)
		$error[1] = "Betreff muss mindestens 5 Zeichen lang sein";

	if ($_POST['emailtarget'] == "onlyone")
	{
		if (isset ($_POST['emailaccount']) && strlen ($_POST['emailaccount']) > 1)
		{
			$query = 'select user,email from user where wants_mail=1 and user="'.mysql_real_escape_string ($_POST['emailaccount']).'"';

			$res = $authdb->query ($query);
			if (!$res)
				$error[0] = "DB-Fehler: ".$authdb->error ();
			else
			{
				if (mysql_num_rows ($res) == 0)
				{
					$error[3] = "Account nicht gefunden";
				}
			}
		}
		else
			$error[3] = "Account muss gesetzt sein";
	}

	if ($_POST['emailtarget'] == "all" || $_POST['emailtarget'] == "really_all")
	{
		$query = 'select user,email from user where user not like "\_d%"';
		
		if ($_POST['emailtarget'] == "all")
			$query .= ' and wants_mail=1';

		$res = $authdb->query ($query);
		if (!$res)
			$error[0] = "DB-Fehler: ".$authdb->error ();
	}

	if ($_POST['emailtarget'] == "group")
	{
		$query = 'select user,email from user where user not like "\_d%" and userflags&256=256';
		
		$res = $authdb->query ($query);
		if (!$res)
			$error[0] = "DB-Fehler: ".$authdb->error ();
	}

	if (isset ($res) && !count ($error))
	{
		if (isset ($_POST['SendForReal']))
		{
			echo '<h1>Versandmeldungen ('.mysql_num_rows ($res).' Einträge):</h1>';
			echo '<div style="height:300px; width:800px; overflow:auto;">';
			echo '<table><tr><th>Username</th><th>Email-Adresse</th><th>Status</th></tr>';
			$mail->From = "bounces@selador.de";
			$mail->FromName = "Selador-Team";

			while ($row = mysql_fetch_array ($res))
			{
				$email = $row['email'];
				$user = $row['user'];

				$mail->ClearAllRecipients ();
				$mail->AddAddress($email);                  // name is optional

				$mail->Subject = $_POST['subject'];
				$this_html_body = str_replace ("_USER_", $user, $htmlbody);
				$this_text_body = str_replace ("_USER_", $user, $plaintextbody);

				$mail->Body    = $this_html_body;
				$mail->AltBody = $this_text_body;

				echo '<tr><td>'.$user.'</td><td>'.$email.'</td>';
				if (!$mail->Send())
					echo '<td>Fehler: '.$mail->ErrorInfo.'</td></tr>';
				else
					echo '<td>Ok.</td></tr>';
			}
			echo '</table></div>';
		}
		else
		{
			echo '<h1>Empfängerliste ('.mysql_num_rows ($res).' Einträge):</h1>';
			echo '<div style="height:300px; width:600px; overflow:auto;">';
			echo '<table><tr><th>Username</th><th>Email-Adresse</th></tr>';
			while ($row = mysql_fetch_array ($res))
			{
				echo '<tr><td>'.$row[0].'</td><td>'.$row[1].'</td></tr>';
			}
			echo '</table></div>';

			echo '<b>Wirklich absenden? <input type="submit" name="SendForReal" value="Ja!"></b><br><br>';
		}
	}
}


if (isset ($error[0]))
	echo "<b>".$error[0]."</b><br>";
?>

<!-- START Demo Code -->

<table style="border-width:0px">
<tr><td><label for="subject">Mail-Betreff</label></td>
<td><input type="text" name="subject" value="<?php echo $_POST['subject'].'"></td>';

if (isset ($error[1]))
	echo "<td><b>".$error[1]."</b></td>";

if (!isset ($_POST['emailtarget']))
	$_POST['emailtarget'] = "onlyone";

?></tr>
<tr><td><label for="emailReallyAll">Mail an <b>alle</b> Spieler versenden(ja, wirklich ALLE)</label></td>
<td><input type="radio" id="emailReallyAll" name="emailtarget" value="really_all" <?php if ($_POST['emailtarget'] == "really_all") echo "checked"; ?>></td></tr>
<tr><td><label for="emailAll">Mail an alle Spieler versenden, die Mails wünschen</label></td>
<td><input type="radio" id="emailAll" name="emailtarget" value="all" <?php if ($_POST['emailtarget'] == "all") echo "checked"; ?>></td></tr>
<tr><td><label for="emailAll">Mail an alle Vereinsmitglieder senden</label></td>
<td><input type="radio" id="emailGroup" name="emailtarget" value="group" <?php if ($_POST['emailtarget'] == "group") echo "checked"; ?>></td></tr>
<tr><td><label for="emailOne">Mail nur an einen Account senden</label></td>
<td><input type="radio" id="emailOne" name="emailtarget" value="onlyone" <?php if ($_POST['emailtarget'] == "onlyone") echo "checked"; ?>><br>
Und zwar an <input name="emailaccount" value="<?php echo $_POST['emailaccount']; ?>" type="text" length="20">
</td>
<?php
if (isset ($error[3]))
	echo "<td><b>".$error[3]."</b></td>";

?></tr>
</table>
<script language="JavaScript" type="text/javascript">
<!--
function submitForm() {
	//make sure hidden and iframe values are in sync for all rtes before submitting form
	updateRTEs();

	return true;
}

//Usage: initRTE(imagesPath, includesPath, cssFile, genXHTML, encHTML)
initRTE("../cbrte/images/", "../cbrte/", "", true);
//-->
</script>
<noscript><p><b>Javascript must be enabled to use this form.</b></p></noscript>

<script language="JavaScript" type="text/javascript">
<!--
//build new richTextEditor
var mailrte = new richTextEditor('mailrte');
<?php
//format content for preloading
if (!(isset($_POST["mailrte"]))) {
	$content = '<center><a href="http://www.selador.de/"><img style="border:0px;" src="http://www.selador.de/gfx/banner_gross.jpg"></a></center><br />Hallo _USER_,<br /><br />Hier kommt der Text rein.<br /><br />PS: Wenn Du keine Weltankündigungen mehr erhalten willst, kannst Du das jederzeit in den Einstellungen im Portal ändern.';
	$content = rteSafe($content);
} else {
	//retrieve posted value
	$content = rteSafe($_POST["mailrte"]);
}
echo "mailrte.html = '".$content."';\n";
?>
mailrte.width=800;
mailrte.height=300;
//rte1.toggleSrc = false;
mailrte.build();
//-->
</script>
<p><input type="submit" name="sendmail" value="Submit" /></p>
</form>
</body>
</html>