Feedback Action Upgrade
Last Updated: 2004-11-22 - RewriteRules bug fixedThis is action extends the basic FeedbackAction. It allows not only to send feedback to the Wikka administrator but also to any other registered user via a user GET variable
This action is meant as a module to integrate the FeedbackAction into the UserAdmin tool.
To use it as a standalone action simply add {{userfeedback}} in one of your pages.
To use it as a standalone action simply add {{userfeedback}} in one of your pages.
Save the following code as actions/userfeedback.php.
-- DarTar
actions/userfeedback.php
<?php
// USER FEEDBACK ACTION
// Displays a form to send feedback to the site administrator, as specified in the configuration file,
// or to a registered user as specified by a "user" GET variable
// Build feedback form
if ($_REQUEST["user"]) {
$form = "<p>Send feedback to :".$this->Link($_REQUEST["user"])."</p>".
$this->FormOpen().
"<input type=\"hidden\" name=\"mail\" value=\"result\">".
"<input type=\"hidden\" name=\"user\" value=\"".$_REQUEST["user"]."\">".
"Comments:<br />\n".
"<textarea name=\"comments\" rows=\"15\" cols=\"40\">".$_POST["comments"]."</textarea><br />".
"<input type=\"submit\" />".
$this->FormClose();
} else {
$form = "<p>Fill in the form below to send us your comments:</p>".
$this->FormOpen().
"Name: <input name=\"name\" value=\"".$_POST["name"]."\" type=\"text\" /><br />".
"<input type=\"hidden\" name=\"mail\" value=\"result\">".
"Email: <input name=\"email\" value=\"".$_POST["email"]."\" type=\"text\" /><br />".
"Comments:<br />\n<textarea name=\"comments\" rows=\"15\" cols=\"40\">".$_POST["comments"]."</textarea><br />\n".
"<input type=\"submit\" />".
$this->FormClose();
}
// Results
if ($_REQUEST["mail"]=="result") {
$comments = $_POST["comments"];
if ($_REQUEST["user"]) {
// Sender
$name = $this->GetUserName();
$senderdata = $this->LoadSingle("select email from ".$this->config["table_prefix"]."users WHERE name =\"".$name."\"");
$email = $senderdata["email"];
// Recipient
$recipient = $_REQUEST["user"];
$recipientdata = $this->LoadSingle("select email from ".$this->config["table_prefix"]."users WHERE name =\"".$recipient."\"");
$recipientmail = $recipientdata["email"];
if (!$recipientmail) {
echo $this->Format("== User ".$recipient." unknown == --- ");
echo $this->Format("Sorry, the recipient of your message (**".$recipient."**) is unknown --- --- --- ");
echo $this->Format("Return to the [[".$this->GetConfigValue("root_page")." | main page]]");
} elseif (!$comments) {
// some text must be entered
echo "<p class=\"error\">Please enter some text</p>";
echo $alert;
echo $form;
}
} else {
$name = $_POST["name"];
$email = $_REQUEST["email"];
$recipient = $this->GetConfigValue("admin_users");
$recipientmail = $this->GetConfigValue("admin_email");
list($user, $host) = sscanf($email, "%[a-zA-Z0-9._-]@%[a-zA-Z0-9._-]");
if (!$name) {
// a valid name must be entered
echo "<p class=\"error\">Please enter your name</p>";
echo $form;
} elseif (!$email || !strchr($email, "@") || !$user || !$host) {
// a valid email address must be entered
echo "<p class=\"error\">Please enter a valid email address</p>";
echo $form;
} elseif (!$comments) {
// some text must be entered
echo "<p class=\"error\">Please enter some text</p>";
echo $alert;
echo $form;
}
}
if ($name && $email && $comments && $recipientmail) {
// send email and display message
$msg = "Name:\t".$name."\n";
$msg .= "Email:\t".$email."\n";
$msg .= "Comments:".$comments."\n";
$subject = "Feedback from ".$this->GetConfigValue("wakka_name");
$mailheaders = "From:".$email."\n";
$mailheaders .= "Reply-To:".$email."\n\n";
mail($recipientmail, $subject, $msg, $mailheaders);
echo $this->Format("== Feedback sent! == --- ");
echo $this->Format("Thanks for your interest: your message has been sent to [[".$recipient."]] --- --- ");
// optionally displays the feedback text
echo $this->Format("---- ''**Your name:** ".$name."---**Your email:** ".$email."---**Your comments:**".$comments."'' ---- ");
echo $this->Format(" --- Return to the [[".$this->GetConfigValue("root_page")." | main page]]");
}
} else {
// Display initial form
echo $form;
}
?>
// USER FEEDBACK ACTION
// Displays a form to send feedback to the site administrator, as specified in the configuration file,
// or to a registered user as specified by a "user" GET variable
// Build feedback form
if ($_REQUEST["user"]) {
$form = "<p>Send feedback to :".$this->Link($_REQUEST["user"])."</p>".
$this->FormOpen().
"<input type=\"hidden\" name=\"mail\" value=\"result\">".
"<input type=\"hidden\" name=\"user\" value=\"".$_REQUEST["user"]."\">".
"Comments:<br />\n".
"<textarea name=\"comments\" rows=\"15\" cols=\"40\">".$_POST["comments"]."</textarea><br />".
"<input type=\"submit\" />".
$this->FormClose();
} else {
$form = "<p>Fill in the form below to send us your comments:</p>".
$this->FormOpen().
"Name: <input name=\"name\" value=\"".$_POST["name"]."\" type=\"text\" /><br />".
"<input type=\"hidden\" name=\"mail\" value=\"result\">".
"Email: <input name=\"email\" value=\"".$_POST["email"]."\" type=\"text\" /><br />".
"Comments:<br />\n<textarea name=\"comments\" rows=\"15\" cols=\"40\">".$_POST["comments"]."</textarea><br />\n".
"<input type=\"submit\" />".
$this->FormClose();
}
// Results
if ($_REQUEST["mail"]=="result") {
$comments = $_POST["comments"];
if ($_REQUEST["user"]) {
// Sender
$name = $this->GetUserName();
$senderdata = $this->LoadSingle("select email from ".$this->config["table_prefix"]."users WHERE name =\"".$name."\"");
$email = $senderdata["email"];
// Recipient
$recipient = $_REQUEST["user"];
$recipientdata = $this->LoadSingle("select email from ".$this->config["table_prefix"]."users WHERE name =\"".$recipient."\"");
$recipientmail = $recipientdata["email"];
if (!$recipientmail) {
echo $this->Format("== User ".$recipient." unknown == --- ");
echo $this->Format("Sorry, the recipient of your message (**".$recipient."**) is unknown --- --- --- ");
echo $this->Format("Return to the [[".$this->GetConfigValue("root_page")." | main page]]");
} elseif (!$comments) {
// some text must be entered
echo "<p class=\"error\">Please enter some text</p>";
echo $alert;
echo $form;
}
} else {
$name = $_POST["name"];
$email = $_REQUEST["email"];
$recipient = $this->GetConfigValue("admin_users");
$recipientmail = $this->GetConfigValue("admin_email");
list($user, $host) = sscanf($email, "%[a-zA-Z0-9._-]@%[a-zA-Z0-9._-]");
if (!$name) {
// a valid name must be entered
echo "<p class=\"error\">Please enter your name</p>";
echo $form;
} elseif (!$email || !strchr($email, "@") || !$user || !$host) {
// a valid email address must be entered
echo "<p class=\"error\">Please enter a valid email address</p>";
echo $form;
} elseif (!$comments) {
// some text must be entered
echo "<p class=\"error\">Please enter some text</p>";
echo $alert;
echo $form;
}
}
if ($name && $email && $comments && $recipientmail) {
// send email and display message
$msg = "Name:\t".$name."\n";
$msg .= "Email:\t".$email."\n";
$msg .= "Comments:".$comments."\n";
$subject = "Feedback from ".$this->GetConfigValue("wakka_name");
$mailheaders = "From:".$email."\n";
$mailheaders .= "Reply-To:".$email."\n\n";
mail($recipientmail, $subject, $msg, $mailheaders);
echo $this->Format("== Feedback sent! == --- ");
echo $this->Format("Thanks for your interest: your message has been sent to [[".$recipient."]] --- --- ");
// optionally displays the feedback text
echo $this->Format("---- ''**Your name:** ".$name."---**Your email:** ".$email."---**Your comments:**".$comments."'' ---- ");
echo $this->Format(" --- Return to the [[".$this->GetConfigValue("root_page")." | main page]]");
}
} else {
// Display initial form
echo $form;
}
?>
CategoryUserContributions
While I can imagine that an Admin would (should?) be able to send email to a registered used (somehow implied when one registers for an account in the first place), this action would apparently enable *any* user to send email to *any other* user - without the recipient's consent. That opens it up to spammers...
I'd like to see this either limited to Admins, or at least be dependent on a user-configurable (personal) option whether they want to receive email from other WikiUsers (excepting Admins) or not.
And then - why a GET parameter? Why not simply a parameter for the action itself that would "create" another input field for adressee?
The GET parameter is because this action is meant as a module of UserAdmin (if you install it, you'll se what I mean..) ;)