Index: contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/Attic/contact.module,v
retrieving revision 1.51.2.1
diff -u -r1.51.2.1 contact.module
--- contact.module	18 Oct 2006 20:14:42 -0000	1.51.2.1
+++ contact.module	5 Jan 2007 22:17:43 -0000
@@ -98,6 +98,7 @@
       $items[] = array('path' => "user/". arg(1) ."/contact",
         'title' => t('contact'),
         'callback' => 'contact_mail_user',
+        'access' => user_access('access content'),
         'type' => MENU_LOCAL_TASK,
         'weight' => 2,
       );
@@ -298,7 +299,6 @@
  */
 function contact_mail_user() {
   global $user;
-
   if ($account = user_load(array('uid' => arg(1)))) {
     $admin_access = user_access('administer users');
     if (!$account->status && !$admin_access) {
@@ -307,23 +307,40 @@
     else if (!$account->contact && !$admin_access) {
       $output = t('%name is not accepting e-mails.', array('%name' => check_plain($account->name)));
     }
-    else if (!$user->uid) {
-      $output = t('Please <a href="%login">login</a> or <a href="%register">register</a> to send %name a message.', array('%login' => url('user/login'), '%register' => url('user/register'), '%name' => check_plain($account->name)));
-    }
-    else if (!valid_email_address($user->mail)) {
+    else if ($user->uid && !valid_email_address($user->mail)) {
       $output = t('You need to provide a valid e-mail address to contact other users. Please update your <a href="%url">user information</a> and try again.', array('%url' => url("user/$user->uid/edit")));
     }
-    else if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 3))) {
+    else if (!flood_is_allowed('contact', variable_get('contact_hourly_threshold', 6))) {
       $output = t('You cannot contact more than %number users per hour. Please try again later.', array('%number' => variable_get('contact_hourly_threshold', 3)));
     }
     else {
       drupal_set_title(check_plain($account->name));
 
       $form['#token'] = $user->name . $user->mail;
-      $form['from'] = array('#type' => 'item',
-        '#title' => t('From'),
-        '#value' => check_plain($user->name) .' &lt;'. $user->mail .'&gt;',
-      );
+      if ($user->uid) {
+        // User is logged in so we'll use the account e-mail address
+        $form['from'] = array(
+          '#type' => 'item',
+          '#title' => t('From'),
+          '#value' => check_plain($user->name) .' &lt;'. $user->mail .'&gt;',
+        );
+      }
+      else {
+        // User is not logged in so we must ask his e-mail address and validate it
+        $form['from_name'] = array(
+          '#type' => 'textfield',
+          '#title' => t('Your full name'),
+          '#required' => TRUE,
+          '#maxlength' => 60,
+        );
+        $form['from'] = array(
+          '#type' => 'textfield',
+          '#title' => t('Your e-mail'),
+          '#required' => TRUE,
+          '#maxlength' => 64,
+          '#validate' => array('contact_email_validate' => array()),
+        );
+      }
       $form['to'] = array('#type' => 'item',
         '#title' => t('To'),
         '#value' => check_plain($account->name),
@@ -338,9 +355,13 @@
         '#rows' => 15,
         '#required' => TRUE,
       );
-      $form['copy'] = array('#type' => 'checkbox',
-        '#title' => t('Send me a copy.'),
-      );
+      if ($user->uid) {
+        // User is logged in so we'll allow them to send themselves a copy
+        // Otherwise, an anonymous user could use the form to send out spam (to "themselves")
+        $form['copy'] = array('#type' => 'checkbox',
+          '#title' => t('Send yourself a copy.'),
+        );
+      }
       $form['submit'] = array('#type' => 'submit',
         '#value' => t('Send e-mail'),
       );
@@ -354,6 +375,13 @@
   }
 }
 
+function contact_email_validate($form) {
+  $address = $form['#value'];
+  if (!valid_email_address($address)) {
+    form_error($form, t('%address is an invalid e-mail address.', array('%address' => $address)));
+  }
+}
+
 /**
  * Process the personal contact page form submission.
  */
@@ -363,7 +391,7 @@
   $account = user_load(array('uid' => arg(1), 'status' => 1));
   // Compose the body:
   $message[] = "$account->name,";
-  $message[] = t("%name (%name-url) has sent you a message via your contact form (%form-url) at %site.", array('%name' => $user->name, '%name-url' => url("user/$user->uid", NULL, NULL, TRUE), '%form-url' => url($_GET['q'], NULL, NULL, TRUE), '%site' => variable_get('site_name', 'drupal')));
+  $message[] = t("!name (!name-url) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $user->uid ? $user->name : $edit['from_name'], '!name-url' => $user->uid ? url("user/$user->uid", NULL, NULL, TRUE) : $edit['form_name'] . t('Not verified'), '!form-url' => url($_GET['q'], NULL, NULL, TRUE), '!site' => variable_get('site_name', 'drupal')));
   $message[] = t("If you don't want to receive such e-mails, you can change your settings at %url.", array('%url' => url("user/$account->uid", NULL, NULL, TRUE)));
   $message[] = t('Message:');
   $message[] = $edit['message'];
@@ -375,7 +403,7 @@
 
   // Prepare all fields:
   $to = $account->mail;
-  $from = $user->mail;
+  $from = $edit['from'];
 
   // Format the subject:
   $subject = '['. variable_get('site_name', 'drupal') .'] '. $edit['subject'];
@@ -399,7 +427,8 @@
   drupal_set_message(t('The message has been sent.'));
 
   // Jump to the user's profile page:
-  return "user/$account->uid";
+  return $user->uid ? "user/$account->uid" : "";
+
 }
 
 /**