--- contact.module.orig 2006-09-05 00:28:13.000000000 -0700 +++ contact.module 2006-09-06 09:54:57.000000000 -0700 @@ -106,7 +106,7 @@ 'title' => t('contact'), 'callback' => 'contact_user_page', 'type' => MENU_LOCAL_TASK, - 'access' => ($user->uid && user_access('access personal contact forms')), + 'access' => (user_access('access personal contact forms')), 'weight' => 2, ); } @@ -308,10 +308,10 @@ global $user; if ($account = user_load(array('uid' => arg(1)))) { - if (!valid_email_address($user->mail)) { + if ($user->uid && !valid_email_address($user->mail)) { $output = t('You need to provide a valid e-mail address to contact other users. Please update your user information and try again.', array('@url' => url("user/$user->uid/edit"))); } - else if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) { + else if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 6))) { $output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3))); } else { @@ -329,10 +329,28 @@ function contact_mail_user() { global $user; $form['#token'] = $user->name . $user->mail; - $form['from'] = array('#type' => 'item', - '#title' => t('From'), - '#value' => $user->name .' <'. $user->mail .'>', - ); + $account = user_load(array('uid' => arg(1))); + if ($user->uid) { + // User is logged in so we'll use the account e-mail address + $form['from'] = array('#type' => 'item', + '#title' => t('From'), + '#value' => $user->name .' <'. $user->mail .'>', + ); + } + else { + // User is not logged in so we must ask his e-mail address and validate it + $form['from_name'] = array('#type' => 'textfield', + '#title' => t('Your full name'), + '#required' => TRUE, + '#maxlength' => 60, + ); + $form['from'] = array('#type' => 'textfield', + '#title' => t('Your e-mail'), + '#required' => TRUE, + '#maxlength' => 64, + '#validate' => array('contact_email_validate' => array()), + ); + } $form['to'] = array('#type' => 'item', '#title' => t('To'), '#value' => $account->name, @@ -347,15 +365,26 @@ '#rows' => 15, '#required' => TRUE, ); - $form['copy'] = array('#type' => 'checkbox', - '#title' => t('Send yourself a copy.'), - ); + if ($user->uid) { + // User is logged in so we'll allow them to send themselves a copy + // Otherwise, an anonymous user could use the form to send out spam (to "themselves") + $form['copy'] = array('#type' => 'checkbox', + '#title' => t('Send yourself a copy.'), + ); + } $form['submit'] = array('#type' => 'submit', '#value' => t('Send e-mail'), ); return $form; } +function contact_email_validate($form) { + $address = $form['#value']; + if (!valid_email_address($address)) { + form_error($form, t('%address is an invalid e-mail address.', array('%address' => $address))); + } +} + /** * Process the personal contact page form submission. */ @@ -365,7 +394,7 @@ $account = user_load(array('uid' => arg(1), 'status' => 1)); // Compose the body: $message[] = "$account->name,"; - $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->name, '!name-url' => url("user/$user->uid", NULL, NULL, TRUE), '!form-url' => url($_GET['q'], NULL, NULL, TRUE), '!site' => variable_get('site_name', 'drupal'))); + $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->uid ? $user->name : $edit['from_name'], '!name-url' => $user->uid ? url("user/$user->uid", NULL, NULL, TRUE) : $edit['form_name'] . t('Not verified'), '!form-url' => url($_GET['q'], NULL, NULL, TRUE), '!site' => variable_get('site_name', 'drupal'))); $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", NULL, NULL, TRUE))); $message[] = t('Message:'); $message[] = $edit['message']; @@ -377,7 +406,7 @@ // Prepare all fields: $to = $account->mail; - $from = $user->mail; + $from = $edit['from']; // Format the subject: $subject = '['. variable_get('site_name', 'drupal') .'] '. $edit['subject'];