From 259d3a370802455338b64142f83d5258312013b9 Mon Sep 17 00:00:00 2001
From: e107steved <steved@e107.org>
Date: Mon, 28 Sep 2009 21:00:18 +0000
Subject: [PATCH] Allow control of who can email items

---
 e107_admin/prefs.php                          |  26 +++-
 e107_files/default_install.xml                |  10 +-
 .../shortcode/batch/news_shortcodes.php       | 121 +-----------------
 e107_files/shortcode/email_item.sc            |   4 +
 e107_languages/English/admin/lan_prefs.php    |  11 +-
 email.php                                     |  86 +++++++------
 6 files changed, 85 insertions(+), 173 deletions(-)

diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php
index c05145f4f..dfea2140c 100644
--- a/e107_admin/prefs.php
+++ b/e107_admin/prefs.php
@@ -9,9 +9,9 @@
  * Administration - Site Preferences
  *
  * $Source: /cvs_backup/e107_0.8/e107_admin/prefs.php,v $
- * $Revision: 1.34 $
- * $Date: 2009-08-28 16:10:59 $
- * $Author: marj_nl_fr $
+ * $Revision: 1.35 $
+ * $Date: 2009-09-28 21:00:15 $
+ * $Author: e107steved $
  *
 */
 require_once ("../class2.php");
@@ -1051,6 +1051,24 @@ $text .= "
 
 				</tbody>
 			</table>
+
+			<legend>".PRFLAN_209."</legend>
+			<table cellpadding='0' cellspacing='0' class='adminform'>
+				<colgroup span='2'>
+					<col class='col-label' />
+					<col class='col-control' />
+				</colgroup>
+				<tbody>
+
+					<tr>
+						<td class='label'>".PRFLAN_208.":</td>
+						<td class='control'>
+							".$e_userclass->uc_dropdown('email_item_class',varset($pref['email_item_class'],e_UC_MEMBER),'nobody,admin,main,public,member,classes', "tabindex='".$frm->getNext()."'")."
+						</td>
+					</tr>
+
+				</tbody>
+			</table>
 			".pref_submit('comments')."
 		</fieldset>
 	";
@@ -1170,7 +1188,7 @@ function prefs_adminmenu()
 	$var['core-prefs-signup']['text'] = PRFLAN_19;
 	$var['core-prefs-textpost']['text'] = PRFLAN_101;
 	$var['core-prefs-security']['text'] = PRFLAN_47;
-	$var['core-prefs-comments']['text'] = PRFLAN_87;
+	$var['core-prefs-comments']['text'] = PRFLAN_210;
 	$var['core-prefs-advanced']['text'] = PRFLAN_149;
 	e_admin_menu(LAN_OPTIONS.'--id--prev_nav', 'core-prefs-main', $var);
 }
diff --git a/e107_files/default_install.xml b/e107_files/default_install.xml
index 9f6fcc6db..21feb7268 100644
--- a/e107_files/default_install.xml
+++ b/e107_files/default_install.xml
@@ -55,13 +55,6 @@
 		<core name='displaysql'>0</core>
 		<core name='displaythemeinfo'>0</core>
 		<core name='download_email'>0</core>
-		<core name='e_jslib_core'><![CDATA[array (
-  'prototype/prototype.js' => 'all',
-  'scriptaculous/scriptaculous.js' => 'all',
-  'scriptaculous/effects.js' => 'all',
-  'e107.js.php' => 'all',
-)]]></core>
-		<core name='e_jslib_plugin'><![CDATA[array ()]]></core>
 		<core name='email_notify'>0</core>
 		<core name='email_text'></core>
 		<core name='emotepack'>default</core>
@@ -220,7 +213,8 @@ City, State, Country
 		<core name='wysiwyg'>0</core>
 		<core name='xup_enabled'>1</core>
 		<core name='xmlfeed_languagepacks'>http://www.e107.org/themeupdate.php</core>
-		<core name='xmlfeed_security'>http://www.e107.org/themeupdate.php</core>	
+		<core name='xmlfeed_security'>http://www.e107.org/themeupdate.php</core>
+		<core name='email_item_class'>253</core>
 		<emote name='alien!png'>!alien</emote>
 		<emote name='amazed!png'>!amazed</emote>
 		<emote name='angry!png'>!grr !angry</emote>
diff --git a/e107_files/shortcode/batch/news_shortcodes.php b/e107_files/shortcode/batch/news_shortcodes.php
index ab54ca0e8..9974cdb5f 100644
--- a/e107_files/shortcode/batch/news_shortcodes.php
+++ b/e107_files/shortcode/batch/news_shortcodes.php
@@ -1,7 +1,7 @@
 <?php
 /*
 * Copyright e107 Inc e107.org, Licensed under GNU GPL (http://www.gnu.org/licenses/gpl.txt)
-* $Id: news_shortcodes.php,v 1.29 2009-09-27 20:07:05 e107coders Exp $
+* $Id: news_shortcodes.php,v 1.30 2009-09-28 21:00:16 e107steved Exp $
 *
 * News shortcode batch
 */
@@ -200,6 +200,11 @@ class news_shortcodes
 
 	function sc_emailicon($parm)
 	{
+		global $pref;
+		if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
+		{
+			return '';
+		}
 		require_once(e_HANDLER.'emailprint_class.php');
 		return emailprint::render_emailprint('news', $this->news_item['news_id'], 1);
 	}
@@ -403,121 +408,7 @@ class news_shortcodes
 		//return $this->e107->ns->tablerender(LAN_NEWS_18, $info);
 		return $info;
 	}
-	
-	function sc_alt_news($news_category)
-	{
-		global $sql, $aj, $ns;
-		$ix = new news;
-		if (strstr(e_QUERY, "cat"))
-		{
-			$category = $news_category;
-			if ($category != 0)
-			{
-				$gen = new convert;
-				$sql2 = new db;
-				$sql->db_Select("news_category", "*", "category_id='".intval($category)."'");
-				list($category_id, $category_name, $category_icon) = $sql->db_Fetch();
-				$category_name = $aj->tpa($category_name);
-				if (strstr($category_icon, "../"))
-				{
-					$category_icon = str_replace("../", "", e_BASE.$category_icon);
-				} else {
-				$category_icon = THEME.$category_icon;
-			}
 
-			if ($count = $sql->db_Select("news", "*", "news_category='".intval($category)."' ORDER BY news_datestamp DESC"))
-			{
-				while ($row = $sql->db_Fetch())
-				{
-					extract($row);
-					if ($news_title == "")
-					{
-						$news_title = "Untitled";
-					}
-					$datestamp = $gen->convert_date($news_datestamp, "short");
-					$news_body = strip_tags(substr($news_body, 0, 100))." ...";
-					$comment_total = $sql2->db_Count("comments", "(*)", "WHERE comment_item_id='".intval($news_id)."' AND comment_type='0' ");
-					$bullet = '';
-					if(defined('BULLET'))
-					{
-						$bullet = '<img src="'.THEME.'images/'.BULLET.'" alt="" class="icon" />';
-					}
-					elseif(file_exists(THEME.'images/bullet2.gif'))
-					{
-						$bullet = '<img src="'.THEME.'images/bullet2.gif" alt="" class="icon" />';
-					}
-					$text .= "
-						<div class='mediumtext'>
-						".$bullet;
-
-					if ($news_allow_comments) {
-						$text .= "<a href='news.php?extend.".$news_id."'>".$news_title."</a>";
-					} else {
-						$text .= "<a href='comment.php?comment.news.".$news_id."'>".$news_title."</a>";
-					}
-					$text .= "<br />
-						".LAN_NEWS_100." ".$datestamp." (".LAN_NEWS_99.": ";
-					if ($news_allow_comments) {
-						$text .= COMMENTOFFSTRING.")";
-					} else {
-						$text .= $comment_total.")";
-					}
-					$text .= "</div>
-						".$news_body."
-						<br /><br />\n";
-				}
-				$text = "<img src='$category_icon' alt='' /><br />". LAN_NEWS_307.$count."
-					<br /><br />".$text;
-				$ns->tablerender(LAN_NEWS_82." '".$category_name."'", $text, 'alt_news');
-			}
-		}
-			return TRUE;
-		}
-
-		if ($sql->db_Select("news", "*", "news_class<255 AND (news_start=0 || news_start < ".time().") AND (news_end=0 || news_end>".time().") AND news_category='".intval($news_category)."' ORDER BY news_datestamp DESC LIMIT 0,".ITEMVIEW)) {
-		$sql2 = new db;
-		while (list($news['news_id'], $news['news_title'], $news['data'], $news['news_extended'], $news['news_datestamp'], $news['admin_id'], $news_category, $news['news_allow_comments'], $news['news_start'], $news['news_end'], $news['news_class']) = $sql->db_Fetch()) {
-
-			if (check_class($news['news_class']) || !$news['news_class']) {
-
-				if ($news['admin_id'] == 1 && $pref['siteadmin']) {
-					$news['admin_name'] = $pref['siteadmin'];
-				}
-				else if(!$news['admin_name'] = getcachedvars($news['admin_id'])) {
-					$sql2->db_Select("user", "user_name", "user_id='".intval($news['admin_id'])."' ");
-					list($news['admin_name']) = $sql2->db_Fetch();
-					cachevars($news['admin_id'], $news['admin_name']);
-				}
-
-					$sql2->db_Select("news_category", "*", "category_id='".intval($news_category)."' ");
-
-				list($news['category_id'], $news['category_name'], $news['category_icon']) = $sql2->db_Fetch();
-				$news['comment_total'] = $sql2->db_Count("comments", "(*)", "WHERE comment_item_id='".intval($news['news_id'])."' AND comment_type='0' ");
-				$ix->render_newsitem($news);
-			} 
-			/*
-			else 
-			{
-				if ($pref['subnews_hide_news'] == 1) 		This $pref no longer available
-				{
-					if ($news['admin_id'] == 1 && $pref['siteadmin']) {
-						$news['admin_name'] = $pref['siteadmin'];
-					}
-					else if(!$news['admin_name'] = getcachedvars($news['admin_id'])) {
-						$sql2->db_Select("user", "user_name", "user_id='".intval($news['admin_id'])."' ");
-						list($news['admin_name']) = $sql2->db_Fetch();
-						cachevars($news['admin_id'], $news['admin_name']);
-					}
-
-					$sql2->db_Select("news_category", "*", "category_id='".intval($news_category)."' ");
-
-					list($news['category_id'], $news['category_name'], $news['category_icon']) = $sql2->db_Fetch();
-					$ix->render_newsitem($news, "", "userclass");
-				}
-			} */
-			}
-		}
-	}
 
 }
 ?>
\ No newline at end of file
diff --git a/e107_files/shortcode/email_item.sc b/e107_files/shortcode/email_item.sc
index 55a300ceb..52754bfd3 100644
--- a/e107_files/shortcode/email_item.sc
+++ b/e107_files/shortcode/email_item.sc
@@ -1,3 +1,7 @@
+if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
+{
+	return '';
+}
 
 if (defined("ICONMAIL") && file_exists(THEME."images/".ICONMAIL)) 
 {
diff --git a/e107_languages/English/admin/lan_prefs.php b/e107_languages/English/admin/lan_prefs.php
index e6057c1b5..788b77382 100644
--- a/e107_languages/English/admin/lan_prefs.php
+++ b/e107_languages/English/admin/lan_prefs.php
@@ -12,9 +12,9 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_prefs.php,v $
-|     $Revision: 1.21 $
-|     $Date: 2009-08-20 11:38:24 $
-|     $Author: e107coders $
+|     $Revision: 1.22 $
+|     $Date: 2009-09-28 21:00:17 $
+|     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
 
@@ -221,7 +221,10 @@ define("PRFLAN_203", "Username/Email and Password");
 define("PRFLAN_204", "Separate plugins into their own menu.");
 define("PRFLAN_205", "If enabled, plugins will be displayed in their own navigation menu, similar to e107 v0.7 and before.");
 define("PRFLAN_206", "Members-only URL exceptions");
-define("PRFLAN_207", "Membersonly-mode with be disabled for URLs that match any of the terms in this list. One per line.");
+define("PRFLAN_207", "Members only-mode will be disabled for URLs that match any of the terms in this list. One per line.");
+define('PRFLAN_208', 'User class which can email links to items on site');
+define('PRFLAN_209', 'Other Features');
+define('PRFLAN_210', 'Comments/Posting');
 
 
 ?>
\ No newline at end of file
diff --git a/email.php b/email.php
index 367a0603a..11651cb00 100644
--- a/email.php
+++ b/email.php
@@ -11,21 +11,28 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/email.php,v $
-|     $Revision: 1.7 $
-|     $Date: 2009-09-25 21:22:34 $
+|     $Revision: 1.8 $
+|     $Date: 2009-09-28 21:00:18 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
-require_once('class2.php');
+require_once("class2.php");
+
+if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
+{
+	header('Location: '.e_BASE.'index.php');
+	exit();
+}
+
 include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);
 
 require_once(HEADERF);
 
 $use_imagecode = FALSE;
-$imgtypes = array('jpeg', 'png', 'gif');
+$imgtypes = array("jpeg", "png", "gif");
 foreach($imgtypes as $t)
 {
-	if(function_exists('imagecreatefrom'.$t))
+	if(function_exists("imagecreatefrom".$t))
 	{
 		$use_imagecode = TRUE;
 	}
@@ -33,30 +40,24 @@ foreach($imgtypes as $t)
 
 if ($use_imagecode)
 {
-	require_once(e_HANDLER.'secure_img_handler.php');
+	require_once(e_HANDLER."secure_img_handler.php");
 	$sec_img = new secure_image;
 }
 
-if (e_QUERY)
+$qs = explode(".", e_QUERY, 2);
+if ($qs[0] == "")
 {
-	$qs = explode('.', e_QUERY, 2);
-}
-else
-{
-	header('location:'.e_BASE.'index.php');
+	header("location:".e_BASE."index.php");
 	exit;
 }
 $source = $qs[0];
-$parms = varset($qs[1], '');
-unset($qs);
-$error = '';
-$message = '';
+$parms = $qs[1];
 
-$emailurl = ($source == 'referer') ? strip_tags($_SERVER['HTTP_REFERER']) : SITEURL;
+$emailurl = ($source == "referer") ? $_SERVER['HTTP_REFERER'] : SITEURL;
 
-$comments = $tp->post_toHTML(varset($_POST['comment'],''), TRUE, 'retain_nl, emotes_off, no_make_clickable');
-$author = $tp->post_toHTML(varset($_POST['author_name'],''),FALSE,'emotes_off, no_make_clickable');
-$email_send = check_email(varset($_POST['email_send'],''));
+$comments = $tp->post_toHTML($_POST['comment'], TRUE, 'retain_nl, emotes_off, no_make_clickable');
+$author = $tp->post_toHTML($_POST['author_name'],FALSE,"emotes_off, no_make_clickable");
+$email_send = check_email($_POST['email_send']);
 
 
 if (isset($_POST['emailsubmit']))
@@ -70,19 +71,19 @@ if (isset($_POST['emailsubmit']))
 	{
 		if(!isset($_POST['code_verify']) || !isset($_POST['rand_num']))
 		{
-			header('location:'.e_BASE.'index.php');
+			header("location:".e_BASE."index.php");
 			exit;
 		}
 		if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
 		{
-			header('location:'.e_BASE.'index.php');
+			header("location:".e_BASE."index.php");
 			exit;
 		}
 	}
 
-	if ($comments == '')
+	if ($comments == "")
 	{
-		$message = LAN_EMAIL_188.' '.SITENAME.' ('.SITEURL.')';
+		$message = LAN_EMAIL_188." ".SITENAME." (".SITEURL.")";
 		if (USER == TRUE)
 		{
 			$message .= "\n\n".LAN_EMAIL_1." ".USERNAME;
@@ -94,43 +95,43 @@ if (isset($_POST['emailsubmit']))
 	}
 	else
 	{
-		$message .= $comments."\n";
+		$message .= $comments;
 	}
 	$ip = $e107->getip();
 	$message .= "\n\n".LAN_EMAIL_2." ".$ip."\n\n";
 
-	if (substr($source,0,7) == 'plugin:')
+	if(strpos($source,'plugin:') !== FALSE)
 	{
 		$plugin = substr($source,7);
-		$text = '';
-		if(file_exists(e_PLUGIN.$plugin.'/e_emailprint.php'))
+		$text = "";
+		if(file_exists(e_PLUGIN.$plugin."/e_emailprint.php"))
 		{
-			include_once(e_PLUGIN.$plugin.'/e_emailprint.php');
+			include_once(e_PLUGIN.$plugin."/e_emailprint.php");
 			$text = email_item($parms);
 			$emailurl = SITEURL;
 		}
-		if($text == '')
+		if($text == "")
 		{
-			header('location:'.e_BASE.'index.php');
+			header("location:".e_BASE."index.php");
 			exit;
 		}
 		$message .= $text;
 	}
-	elseif($source == 'referer')
+	elseif($source == "referer")
 	{
 		if(!isset($_POST['referer']) || $_POST['referer'] == '')
 		{
-			header('location:'.e_BASE.'index.php');
+			header("location:".e_BASE."index.php");
 			exit;
 		}
-		$message .= strip_tags($_POST['referer']);
-		$emailurl = strip_tags($_POST['referer']);
+		$message .= $_POST['referer'];
+		$emailurl = $_POST['referer'];
 	}
 	else
 	{
-		$emailurl = strip_tags($_POST['referer']);
+
+		$emailurl = $_POST['referer'];
 		$message = '';
-		$parms = intval($parms);
 		if($sql->db_Select('news', 'news_title, news_body, news_extended', 'news_id='.((int)$parms)))
 		{
 			$row = $sql->db_Fetch();
@@ -138,19 +139,20 @@ if (isset($_POST['emailsubmit']))
 			$message = $tp->toEmail($message);
 		}
 
-		if($message == '')
+		if($message == "")
 		{
-			header('location:'.e_BASE.'index.php');
+			header("location:".e_BASE."index.php");
 			exit;
 		}
 	}
 
-	if ($error == '')
+	if ($error == "")
 	{
+
 		// Load Mail Handler and Email Template.
-		require_once(e_HANDLER.'mail.php');
+		require_once(e_HANDLER."mail.php");
 		$email_body = $EMAIL_HEADER;
-		$email_body .= (trim($comments) != '') ? $tp->toEmail($comments).'<hr />' : '';
+		$email_body .= (trim($comments) != "") ? $tp->toEmail($comments)."<hr />" : "";
 		$email_body .= $tp->toEmail($message).$EMAIL_FOOTER;
 
 		if (sendemail($email_send, LAN_EMAIL_3.SITENAME,$email_body))