-
Notifications
You must be signed in to change notification settings - Fork 42
/
Copy pathborrowask.php
80 lines (65 loc) · 2.48 KB
/
borrowask.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
/**
* Ask to borrow form
*
* Allows to request a movie
*
* @package videoDB
* @author Andreas Gohr <[email protected]>
* @version $Id: borrowask.php,v 2.13 2008/06/15 13:58:13 andig2 Exp $
*/
require_once './core/functions.php';
// Auth-Checks
$user_id = get_current_user_id();
$user = get_username($user_id);
if (empty($user))
{
errorpage('Access denied','You don\'t have enough permissions to access this
page try to <a href="login.php">login</a> first. (This feature is not
available in Single User Mode)');
}
/**
* input
*/
$id = req_int('id');
$diskid = req_string('diskid');
if (empty($id) || empty($diskid))
{
errorpage('Error', 'No Ids given');
}
$owner = get_owner($diskid, true);
$result = runSQL('SELECT email FROM '.TBL_USERS." WHERE name = '".escapeSQL($owner)."'");
$owner_email = $result[0]['email'];
$result = runSQL('SELECT email FROM '.TBL_USERS." WHERE id = '".escapeSQL($user_id)."'");
$user_email = $result[0]['email'];
$result = runSQL('SELECT title FROM '.TBL_DATA." WHERE id = '".escapeSQL($id)."'");
$title = $result[0]['title'];
$mail = $lang['msg_borrowaskmail'];
$subject = $lang['msg_borrowasksubject'];
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']).'/show.php?id='.$id;
// replace place holders
$mail = str_replace('%id%', $id, $mail);
$mail = str_replace('%diskid%', $diskid, $mail);
$mail = str_replace('%owner%', $owner, $mail);
$mail = str_replace('%ownermail%', $owner_email, $mail);
$mail = str_replace('%user%', $user, $mail);
$mail = str_replace('%usermail%', $user_email, $mail);
$mail = str_replace('%title%', $title, $mail);
$mail = str_replace('%url%', $url, $mail);
$subject = str_replace('%id%', $id, $subject);
$subject = str_replace('%diskid%', $diskid, $subject);
$subject = str_replace('%owner%', $owner, $subject);
$subject = str_replace('%ownermail%', $owner_email, $subject);
$subject = str_replace('%user%', $user, $subject);
$subject = str_replace('%usermail%', $user_email, $subject);
$subject = str_replace('%title%', $title, $subject);
$subject = str_replace('%url%', $url, $subject);
// prepare templates
tpl_page();
/*
$smarty->assign('success', @mail($owner_email, $subject, $mail));
Fix for https://sourceforge.net/tracker/?func=detail&atid=586362&aid=1570618&group_id=88349
*/
$smarty->assign('success', @mail($owner_email, $subject, $mail, "From: $user <$user_email>\r\nReply-To: $user_email\r\n"));
// display templates
smarty_display('borrowask.tpl');