Index: modules/contact/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact/contact.module,v
retrieving revision 1.88
diff -u -F^function -r1.88 contact.module
--- modules/contact/contact.module 4 Jun 2007 15:56:32 -0000 1.88
+++ modules/contact/contact.module 13 Jun 2007 03:03:17 -0000
@@ -35,7 +35,7 @@ function contact_help($section) {
* Implementation of hook_perm
*/
function contact_perm() {
- return array('access site-wide contact form');
+ return array('access site-wide contact form', 'access personal contact forms');
}
/**
* Implementation of hook_menu().
@@ -104,7 +104,8 @@ function _contact_user_tab_access($accou
return
$account &&
(
- ($user->uid != $account->uid && $account->contact) ||
+ ($user->uid && $user->uid != $account->uid && $account->contact == 1) || // authenticated users only
+ ($user->uid != $account->uid && $account->contact == 2) || // authenticated and anonymous users
user_access('administer users')
);
}
@@ -121,10 +122,15 @@ function contact_user($type, &$edit, &$u
'#weight' => 5,
'#collapsible' => TRUE,
);
- $form['contact']['contact'] = array('#type' => 'checkbox',
+ $form['contact']['contact'] = array('#type' => 'radios',
'#title' => t('Personal contact form'),
'#default_value' => !empty($edit['contact']) ? $edit['contact'] : FALSE,
'#description' => t('Allow other users to contact you by e-mail via your personal contact form. Note that while your e-mail address is not made public to other members of the community, privileged users such as site administrators are able to contact you even if you choose not to enable this feature.', array('@url' => url("user/$user->uid/contact"))),
+ '#options' => array(
+ t('Nobody can contact me via my personal contact form.'),
+ t('Authenticated users can contact me via my personal contact form.'),
+ t('Authenticated and anonymous users can contact me via my personal contact form.')
+ ),
);
return $form;
}
@@ -312,7 +318,7 @@ function contact_admin_settings() {
function contact_user_page($account) {
global $user;
- if (!valid_email_address($user->mail)) {
+ if ($user->uid && !valid_email_address($user->mail)) {
$output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit")));
}
else if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) {
@@ -326,13 +332,32 @@ function contact_user_page($account) {
return $output;
}
-function contact_mail_user($recipient) {
+/**
+ * Generates the personal contact form.
+ */
+function contact_mail_user(&$form_state, $recipient) {
global $user;
- $form['#token'] = $user->name . $user->mail;
- $form['from'] = array('#type' => 'item',
- '#title' => t('From'),
- '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>',
- );
+
+ if ($user->uid) {
+ $form['#token'] = $user->name . $user->mail;
+ $form['from'] = array('#type' => 'item',
+ '#title' => t('From'),
+ '#value' => check_plain($user->name) .' <'. check_plain($user->mail) .'>',
+ );
+ }
+ else {
+ $form['#token'] = $recipient->name . $recipient->mail;
+ $form['name'] = array('#type' => 'textfield',
+ '#title' => t('Your name'),
+ '#maxlength' => 255,
+ '#required' => TRUE,
+ );
+ $form['mail'] = array('#type' => 'textfield',
+ '#title' => t('Your e-mail address'),
+ '#maxlength' => 255,
+ '#required' => TRUE,
+ );
+ }
$form['to'] = array('#type' => 'item',
'#title' => t('To'),
'#value' => check_plain($recipient->name),
@@ -347,8 +372,11 @@ function contact_mail_user($recipient) {
'#rows' => 15,
'#required' => TRUE,
);
+ // We do not allow anonymous users to send themselves a copy
+ // because it can be abused to spam people.
$form['copy'] = array('#type' => 'checkbox',
'#title' => t('Send yourself a copy.'),
+ '#access' => (bool)$user->uid,
);
$form['submit'] = array('#type' => 'submit',
'#value' => t('Send e-mail'),
@@ -356,6 +384,18 @@ function contact_mail_user($recipient) {
return $form;
}
+
+/**
+ * Validate the personal contact page form submission.
+ */
+function contact_mail_user_validate($form, &$form_state) {
+ global $user;
+
+ if (!$user->uid && !valid_email_address($form_state['values']['mail'])) {
+ form_set_error('mail', t('You must enter a valid e-mail address.'));
+ }
+}
+
/**
* Process the personal contact page form submission.
*/
@@ -365,8 +405,13 @@ function contact_mail_user_submit($form,
$account = user_load(array('uid' => arg(1), 'status' => 1));
// Compose the body:
$message[] = "$account->name,";
- $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", array('absolute' => TRUE)), '!form-url' => url($_GET['q'], array('absolute' => TRUE)), '!site' => variable_get('site_name', 'Drupal')));
- $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", array('absolute' => TRUE))));
+ if ($user->uid) {
+ $message[] = t("@name (@name-url) has sent you a message via your contact form (@form-url) at !site.", array('@name' => $user->name, '@name-url' => url("user/$user->uid", array('absolute' => TRUE)), '@form-url' => url($_GET['q'], array('absolute' => TRUE)), '!site' => variable_get('site_name', 'Drupal')));
+ }
+ else {
+ $message[] = t("@name (@mail) has sent you a message via your contact form (@form-url) at !site.", array('@name' => $form_state['values']['name'], '@mail' => $form_state['values']['mail'], '@form-url' => url($_GET['q'], array('absolute' => TRUE)), '!site' => variable_get('site_name', 'Drupal')));
+ }
+ $message[] = t("If you don't want to receive such e-mails, you can change your settings at @url.", array('@url' => url("user/$account->uid", array('absolute' => TRUE))));
$message[] = t('Message:');
$message[] = $form_state['values']['message'];
@@ -377,7 +422,12 @@ function contact_mail_user_submit($form,
// Prepare all fields:
$to = $account->mail;
- $from = $user->mail;
+ if ($user->uid) {
+ $from = $user->mail;
+ }
+ else {
+ $from = $form_state['values']['mail'];
+ }
// Format the subject:
$subject = '['. variable_get('site_name', 'Drupal') .'] '. $form_state['values']['subject'];
@@ -389,13 +439,18 @@ function contact_mail_user_submit($form,
drupal_mail('contact-user-mail', $to, $subject, $body, $from);
// Send a copy if requested:
- if ($form_state['values']['copy']) {
+ if (isset($form_state['values']['copy'])) {
drupal_mail('contact-user-copy', $from, $subject, $body, $from);
}
// Log the operation:
flood_register_event('contact');
- watchdog('mail', '%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name));
+ if ($user->uid) {
+ watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)));
+ }
+ else {
+ watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $form_state['values']['name'] . ', ' . $form_state['values']['mail'] . ',', '%name-to' => $account->name)));
+ }
// Set a status message:
drupal_set_message(t('The message has been sent.'));
@@ -421,6 +476,9 @@ function contact_site_page() {
return $output;
}
+/**
+ * Generates the site-wide contact form.
+ */
function contact_mail_page() {
global $user;
@@ -515,7 +573,7 @@ function contact_mail_page_submit($form,
$from = $form_state['values']['mail'];
// Compose the body:
- $message[] = t("!name sent a message using the contact form at !form.", array('!name' => $form_state['values']['name'], '!form' => url($_GET['q'], array('absolute' => TRUE))));
+ $message[] = t("@name sent a message using the contact form at @form.", array('@name' => $form_state['values']['name'], '@form' => url($_GET['q'], array('absolute' => TRUE))));
$message[] = $form_state['values']['message'];
// Tidy up the body: