Fixes #900 - Contact form results were going to incorrect recipient.

2025-07-25 08:51:50 +02:00 · 2015-03-01 21:33:16 -08:00
parent 39bc3d1336
commit c1430f257a
2 changed files with 19 additions and 14 deletions
--- a/contact.php
+++ b/contact.php
@@ -11,7 +11,7 @@
 */

 require_once("class2.php");
-define('e_HANDLER', "e107_handlers/");
+//define('e_HANDLER', "e107_handlers/");
 // security image may be disabled by removing the appropriate shortcodes from the template.
 require_once(e_HANDLER."secure_img_handler.php");
 $sec_img = new secure_image;
@@ -96,15 +96,16 @@ if(isset($_POST['send-contactus']))
 	}

 	// No errors - so proceed to email the admin and the user (if selected).
-    if(!$error)
+    if(empty($error))
 	{
 		$body .= "\n\nIP:\t".e107::getIPHandler()->getIP(TRUE)."\n";
+
 		if (USER)
 		{
-		$body .= "User:\t#".USERID." ".USERNAME."\n";
+			$body .= "User:\t#".USERID." ".USERNAME."\n";
 		}

-		if(!$_POST['contact_person'] && isset($pref['sitecontacts'])) // only 1 person, so contact_person not posted.
+		if(empty($_POST['contact_person']) && !empty($pref['sitecontacts'])) // only 1 person, so contact_person not posted.
 		{
    		if($pref['sitecontacts'] == e_UC_MAINADMIN)
 			{
@@ -124,9 +125,9 @@ if(isset($_POST['send-contactus']))
      		$query = "user_id = ".intval($_POST['contact_person']);
 		}

-    	if($sql -> db_Select("user", "user_name,user_email",$query." LIMIT 1"))
+    	if($sql->gen("SELECT user_name,user_email FROM `#user` WHERE ".$query." LIMIT 1"))
 		{
-    		$row = $sql -> db_Fetch();
+    		$row = $sql->fetch();
    		$send_to = $row['user_email'];
 			$send_to_name = $row['user_name'];
 		}
@@ -137,11 +138,15 @@ if(isset($_POST['send-contactus']))
 		}

    	require_once(e_HANDLER."mail.php");
+
 		$message =  (sendemail($send_to,"[".SITENAME."] ".$subject, $body,$send_to_name,$sender,$sender_name)) ? LANCONTACT_09 : LANCONTACT_10;
-    	if(isset($pref['contact_emailcopy']) && $pref['contact_emailcopy'] && $_POST['email_copy'] == 1){
+
+    	if(isset($pref['contact_emailcopy']) && $pref['contact_emailcopy'] && $_POST['email_copy'] == 1)
+    	{
 			sendemail($sender,"[".SITENAME."] ".$subject, $body,ADMIN,$sender,$sender_name);
    	}
-    	$ns -> tablerender('', $message);
+
+    	$ns->tablerender('', $message);
 		require_once(FOOTERF);
 		exit;
    }
--- a/e107_core/shortcodes/batch/contact_shortcodes.php
+++ b/e107_core/shortcodes/batch/contact_shortcodes.php
@@ -26,7 +26,7 @@ class contact_shortcodes extends e_shortcode
 		global $pref;
 		if(!isset($pref['contact_emailcopy']) || !$pref['contact_emailcopy'])
 		{
-			return;
+			return '';
 		}
 		return "<input type='checkbox' name='email_copy'  value='1'  />";
 	}
@@ -41,7 +41,7 @@ class contact_shortcodes extends e_shortcode
 		
 		if(varset($pref['sitecontacts']) == e_UC_ADMIN)
 		{
-			$query = "user_admin =1";
+			$query = "user_admin =1 AND user_ban = 0";
 		}
 		elseif(varset($pref['sitecontacts']) == e_UC_MAINADMIN)
 		{
@@ -49,23 +49,23 @@ class contact_shortcodes extends e_shortcode
 		}
 		else
 		{
-			$query = "FIND_IN_SET(".$pref['sitecontacts'].",user_class) ";
+			$query = "FIND_IN_SET(".$pref['sitecontacts'].",user_class) AND user_ban = 0 ";
 		}
 		
 		$text = "<select name='contact_person' class='tbox contact_person form-control'>\n";
 		
-		$count = $sql -> db_Select("user", "user_id,user_name", $query . " ORDER BY user_name");
+		$count = $sql ->select("user", "user_id,user_name", $query . " ORDER BY user_name");
 		
 		if($count > 1)
 		{
-		    while($row = $sql-> db_Fetch())
+		    while($row = $sql->fetch())
 			{
 		    	$text .= "<option value='".$row['user_id']."'>".$row['user_name']."</option>\n";
 		    }
 		}
 		else
 		{
-			return;
+			return '';
 		}
 		
 		$text .= "</select>";