1<?php
2/**
3 * Embed a contact form onto any page
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Bob Baddeley <bob@bobbaddeley.com>
7 */
8
9if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../').'/');
10if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
11require_once(DOKU_PLUGIN.'syntax.php');
12require_once(DOKU_INC.'inc/auth.php');
13
14class syntax_plugin_contact extends DokuWiki_Syntax_Plugin {
15    /**
16     * return some info
17     */
18    function getInfo(){
19        return array(
20            'author' => 'Bob Baddeley',
21            'email'  => 'bob@bobbaddeley.com',
22            'date'   => '2008-2-2',
23            'name'   => 'Contact Form Plugin',
24            'desc'   => 'Creates a contact form to email the webmaster',
25            'url'    => 'http://bobbaddeley.com/doku.php/projects/programming/wiki/contact',
26        );
27    }
28
29    /**
30     * What kind of syntax are we?
31     */
32    function getType(){
33        return 'container';
34    }
35
36    /**
37     * What about paragraphs?
38     */
39    function getPType(){
40        return 'block';
41    }
42
43    /**
44     * Where to sort in?
45     */
46    function getSort(){
47        return 309;
48    }
49
50
51    /**
52     * Connect pattern to lexer
53     */
54    function connectTo($mode) {
55        $this->Lexer->addSpecialPattern('\{\{contact>[^}]*\}\}',$mode,'plugin_contact');
56    }
57
58    /**
59     * Handle the match
60     */
61    function handle($match, $state, $pos, &$handler){
62        $match = substr($match,10,-2); //strip markup from start and end
63
64        $data = array();
65
66        //handle params
67        $params = explode('|',$match,2);
68        foreach($params as $param){
69        $splitparam = explode('=',$param);
70        if ($splitparam[0]=='to')$data['to'] = $splitparam[1];
71        else if ($splitparam[0]=='subj')$data['subj'] = $splitparam[1];
72        }
73        return $data;
74    }
75
76    /**
77     * Create output
78     */
79    function render($mode, &$renderer, $data) {
80        if($mode == 'xhtml'){
81            $renderer->doc .= $this->_contact($data);
82            return true;
83        }
84        return false;
85    }
86
87	function _send_contact(){
88                    global $conf;
89		    require_once(DOKU_INC.'inc/mail.php');
90                    $verify = strtoupper($_REQUEST['verify']);
91		    if ($verify!="HUMAN"){
92		    	$this->_show_message ("Mail not sent. You could not be verified as a human.");
93                        return '';
94                    }
95		    $name = $_REQUEST['name'];
96		    $email = $_REQUEST['email'];
97                    $subject = $_REQUEST['subject'];
98		    $comment = $name."\r\n";
99		    $comment .= $email."\r\n\n";
100		    $comment .= $_REQUEST['content'];
101                    if (isset($_REQUEST['to'])){
102                    $to = $conf['plugin']['contact'][$_REQUEST['to']];
103                    }
104                    else{
105                    $to = $conf['plugin']['contact']['default'];
106                   }
107		   // A bunch of tests to make sure it's legitimate mail and not spoofed
108		   // This should make it not very easy to do injection
109		   if (eregi("\r",$name) || eregi("\n",$name) || eregi("MIME-Version: ",$name) || eregi("Content-Type: ",$name)){
110		     $this->_show_message("Name has invalid input");
111		     die();
112		   }
113		   if (eregi("\r",$email) || eregi("\n",$email) || eregi("MIME-Version: ",$email || eregi("Content-Type: ",$email))){
114		     $this->_show_message("Email address has invalid input");
115		     die();
116		   }
117		   if (eregi("\r",$subject) || eregi("\n",$subject) || eregi("MIME-Version: ",$subject) || eregi("Content-Type: ",$subject)){
118		     $this->_show_message("Subject has invalid input");
119		     die();
120		   }
121		   if (eregi("\r",$to) || eregi("\n",$to) || eregi("MIME-Version: ",$to) || eregi("Content-Type: ",$to)){
122		     $this->_show_message("Destination address has invalid input");
123		     die();
124		   }
125		   if (eregi("MIME-Version: ",$comment) || eregi("Content-Type: ",$comment)){
126		     $this->_show_message("Comment has invalid input");
127		     die();
128		   }
129		    // send only if comment is not empty
130		    // this should never be the case anyway because the form has
131		    // validation to ensure a non-empty comment
132		    if (trim($comment, " \t") != ''){
133		      if (mail_send($to, $subject, $comment, $to)){
134		      	$this->_show_message ("Mail sent successfully");
135		      	}
136		      else{
137		      	$this->_show_message ("Mail not sent. Please contact the administrator");
138		      	}
139		      //we're using the included mail_send command because it's
140		      //already there and it's easy to use and it works
141		      }
142		      return '';
143		  }
144
145	function _show_message($string){
146		echo "<script type='text/javascript'>
147			alert('$string');
148		</script>";
149	}
150
151    /**
152     * Does the contact form xhtml creation. Adds some javascript to validate the form
153     * and creates the input form.
154     */
155    function _contact($data){
156        global $lang;
157	    global $conf;
158        global $ID;
159    		//there is a hidden field on the contact submission field
160			//that essentially says 'contact' = true. When the page is loaded,
161			//we'll look to see if that is part of the post data so we know we need
162			//to send the mail
163		$ret = '';
164		if ($_POST['contact'] == 'true') {$ret .= $this->_send_contact();}
165
166        $ret .= "<div class=\"level2\">";
167		$ret .= "<form action=\"".script()."\" method=\"post\" onsubmit=\"return validatecontact(this);\">";
168		$ret .= "<table class=\"inline\">";
169		$ret .= "<tr><td>".$this->getLang("name")." : </td><td><input type=\"text\" name=\"name\" value=\"\" /></td></tr>";
170		$ret .= "<tr><td>".$this->getLang("email")." : </td><td><input type=\"text\" name=\"email\" value=\"\" /></td></tr>";
171                if (!isset($data['subj'])){
172                  $ret .= "<tr><td>".$this->getLang("subject")." : </td><td><input type=\"text\" name=\"subject\" value=\"\" /></td></tr>";
173                }
174		$ret .= "<tr><td>".$this->getLang("content")." : </td><td><textarea name=\"content\" wrap=\"on\" cols=\"40\" rows=\"6\" value=\"\" ></textarea></td></tr>";
175		$ret .= "<tr><td>".$this->getLang("verify")." : </td><td><input type=\"text\" name=\"verify\" value=\"\" /></td></tr>";
176                $ret .= "</table>";
177		$ret .= "<p>";
178                if (isset($data['subj'])){
179                  $ret .= "<input type=\"hidden\" name=\"subject\" value=\"".$data['subj']."\" />";
180                }
181                if (isset($data['to'])){
182                  $ret .= "<input type=\"hidden\" name=\"to\" value=\"".$data['to']."\" />";
183                }
184                $ret .= "<input type=\"hidden\" name=\"do\" value=\"show\" />";
185		$ret .= '<input type="hidden" name="id" value="'.$ID.'" />';
186		$ret .= '<input type="hidden" name="purge" value="true" />';
187                $ret .= "<input type=\"hidden\" name=\"contact\"   value=\"true\" />";
188		$ret .= "<input type=\"submit\" name=\"submit\" value=\"".$this->getLang("contact")."\" />";
189		$ret .= "</p>";
190		$ret .= "</form>";
191   		$ret .= "</div>";
192        return $ret;
193    }
194
195}
196