Admin: Add config allow_email_editor_for_anonymous BT#15596

- Allow anon users to send emails to the platform admin. - Add captcha form type shortcut in FormValidator.class.php
chamilo · Dec 21, 2020 · 6e85003 · 6e85003
1 parent 4520bdf
commit 6e85003
Show file tree

Hide file tree

Showing 7 changed files with 138 additions and 14 deletions.
diff --git a/main/inc/email_editor_external.php b/main/inc/email_editor_external.php
@@ -0,0 +1,72 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+use ChamiloSession as Session;
+
+/**
+ * This script contains the code to send an e-mail to the portal admin
+ */
+require_once __DIR__.'/../inc/global.inc.php';
+
+if (false === api_get_configuration_value('allow_external_email_editor')) {
+    api_not_allowed(true);
+}
+
+$originUrl = Session::read('origin_url');
+if (empty($originUrl) && isset($_SERVER['HTTP_REFERER'])) {
+    Session::write('origin_url', $_SERVER['HTTP_REFERER']);
+}
+
+$action = isset($_GET['action']) ? $_GET['action'] : null;
+
+$form = new FormValidator('email_editor', 'post');
+$form->addText('email', get_lang('Email'));
+$form->addRule('email', get_lang('EmailWrong'), 'email');
+$form->addText('email_title', get_lang('EmailTitle'));
+$form->addTextarea('email_text', get_lang('Message'), ['rows' => '6'], true);
+$form->addCaptcha();
+$form->addButtonSend(get_lang('SendMail'));
+
+$emailTitle = isset($_REQUEST['subject']) ? Security::remove_XSS($_REQUEST['subject']) : '';
+$emailText = isset($_REQUEST['body']) ? Security::remove_XSS($_REQUEST['body']) : '';
+
+$defaults = [
+    'email_title' => $emailTitle,
+    'email_text' => $emailText,
+];
+
+if (isset($_POST)) {
+    $defaults = [
+        'email' => $_REQUEST['email'] ?? null,
+        'email_title' => $_REQUEST['email_title'] ?? null,
+        'email_text' => $_REQUEST['email_text'] ?? null,
+    ];
+}
+
+$form->setDefaults($defaults);
+if ($form->validate()) {
+    $values = $form->getSubmitValues();
+    $message =
+        get_lang('Sender').': '.$values['email'].'<br /><br />'.
+        nl2br($values['email_text']).
+        '<br /><br /><br />'.get_lang('EmailSentFromLMS').' '.api_get_path(WEB_PATH);
+
+    api_mail_html(
+        '',
+        api_get_setting('emailAdministrator'),
+        $values['email_title'],
+        $message,
+        get_lang('Anonymous')
+    );
+
+    Display::addFlash(Display::return_message(get_lang('MessageSent')));
+    $orig = Session::read('origin_url');
+    Session::erase('origin_url');
+    header('Location:'.$orig);
+    exit;
+}
+
+Display::display_header(get_lang('SendEmail'));
+$form->display();
+Display::display_footer();
diff --git a/main/inc/lib/formvalidator/FormValidator.class.php b/main/inc/lib/formvalidator/FormValidator.class.php
@@ -1649,6 +1649,51 @@ public function addUserAvatar($name, $label, $imageSize = 'small', $subtitle = '
         return $this->addElement('UserAvatar', $name, $label, ['image_size' => $imageSize, 'sub_title' => $subtitle]);
     }
 
+    public function addCaptcha()
+    {
+        $ajax = api_get_path(WEB_AJAX_PATH).'form.ajax.php?a=get_captcha';
+        $options = [
+            'width' => 220,
+            'height' => 90,
+            'callback' => $ajax.'&var='.basename(__FILE__, '.php'),
+            'sessionVar' => basename(__FILE__, '.php'),
+            'imageOptions' => [
+                'font_size' => 20,
+                'font_path' => api_get_path(SYS_FONTS_PATH).'opensans/',
+                'font_file' => 'OpenSans-Regular.ttf',
+                //'output' => 'gif'
+            ],
+        ];
+
+        $captcha_question = $this->addElement(
+            'CAPTCHA_Image',
+            'captcha_question',
+            '',
+            $options
+        );
+        $this->addElement('static', null, null, get_lang('ClickOnTheImageForANewOne'));
+
+        $this->addElement(
+            'text',
+            'captcha',
+            get_lang('EnterTheLettersYouSee'),
+            ['size' => 40]
+        );
+        $this->addRule(
+            'captcha',
+            get_lang('EnterTheCharactersYouReadInTheImage'),
+            'required',
+            null,
+            'client'
+        );
+        $this->addRule(
+            'captcha',
+            get_lang('TheTextYouEnteredDoesNotMatchThePicture'),
+            'CAPTCHA',
+            $captcha_question
+        );
+    }
+
     /**
      * @param array $typeList
      */

diff --git a/main/inc/lib/pear/Text/CAPTCHA.php b/main/inc/lib/pear/Text/CAPTCHA.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Text_CAPTCHA - creates a CAPTCHA for Turing tests.
  * Base class file for using Text_CAPTCHA.
@@ -11,14 +12,6 @@
  * @license  http://www.opensource.org/licenses/bsd-license.php BSD License
  * @link     http://pear.php.net/package/Text_CAPTCHA
  */
-/**
- * Require Exception class for error handling.
- */
-//require_once 'Text/CAPTCHA/Exception.php';
-/**
- * Require Text_Password class for generating the phrase.
- */
-//require_once 'Text/Password.php';
 
 /**
  * Text_CAPTCHA - creates a CAPTCHA for Turing tests.

diff --git a/main/inc/lib/pear/Text/CAPTCHA/Driver/Image.php b/main/inc/lib/pear/Text/CAPTCHA/Driver/Image.php
@@ -234,7 +234,7 @@ private function _getCAPTCHAAsPNG($image)
      *
      * @return string image contents
      */
-    private function _getCAPTCHAAsJPEG($image)
+    public function _getCAPTCHAAsJPEG($image)
     {
         ob_start();
         imagejpeg($image);

diff --git a/main/inc/lib/template.lib.php b/main/inc/lib/template.lib.php
@@ -816,9 +816,20 @@ public function set_js_files()
         }
 
         // Loading email_editor js
-        if (!api_is_anonymous() && api_get_setting('allow_email_editor') === 'true') {
-            $template = $this->get_template('mail_editor/email_link.js.tpl');
-            $js_file_to_string .= $this->fetch($template);
+        if (api_get_setting('allow_email_editor') === 'true') {
+            $link = 'email_editor.php';
+            if (!api_is_anonymous()) {
+                $this->assign('email_editor', $link);
+                $template = $this->get_template('mail_editor/email_link.js.tpl');
+                $js_file_to_string .= $this->fetch($template);
+            } else {
+                if (api_get_configuration_value('allow_external_email_editor')) {
+                    $link = 'email_editor_external.php';
+                    $this->assign('email_editor', $link);
+                    $template = $this->get_template('mail_editor/email_link.js.tpl');
+                    $js_file_to_string .= $this->fetch($template);
+                }
+            }
         }
 
         if (!$disable_js_and_css_files) {

diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
@@ -1807,6 +1807,9 @@
 */
 // $_configuration['allow_gradebook_comments'] = true;
 
+// Allow anon users to send emails to the platform admin.
+// $_configuration['allow_email_editor_for_anonymous'] = true;
+
 // KEEP THIS AT THE END
 // -------- Custom DB changes
 // Add user activation by confirmation email

diff --git a/main/template/default/mail_editor/email_link.js.tpl b/main/template/default/mail_editor/email_link.js.tpl
@@ -32,7 +32,7 @@ function addEvent(elm, evType, fn, useCapture) {
  * Adds the event listener
  */
 function addListeners(e) {
-	var my_links = $('.clickable_email_link');    
+	var my_links = $('.clickable_email_link');
 	for(var i=0;i < my_links.length;i++) {
 		addEvent(my_links[i],'click',loadEmailEditor,false);
 	}
@@ -54,7 +54,7 @@ function loadEmailEditor(e) {
 	}
 	//el is now my link object, so I can get el.href here to load the new window
 	var link = el.href.replace('mailto:','');
-	document.location = "{{ _p.web_main }}inc/email_editor.php?dest=" + link;
+	document.location = "{{ _p.web_main }}inc/{{ email_editor }}?dest=" + link;
 	//cancel default link action
 	if (window.event && window.event.returnValue){
 		window.event.returnValue = false;