Some refactoring of access checks - in progress.
[timetracker.git] / invoice_send.php
1 <?php
2 // +----------------------------------------------------------------------+
3 // | Anuko Time Tracker
4 // +----------------------------------------------------------------------+
5 // | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
6 // +----------------------------------------------------------------------+
7 // | LIBERAL FREEWARE LICENSE: This source code document may be used
8 // | by anyone for any purpose, and freely redistributed alone or in
9 // | combination with other software, provided that the license is obeyed.
10 // |
11 // | There are only two ways to violate the license:
12 // |
13 // | 1. To redistribute this code in source form, with the copyright
14 // |    notice or license removed or altered. (Distributing in compiled
15 // |    forms without embedded copyright notices is permitted).
16 // |
17 // | 2. To redistribute modified versions of this code in *any* form
18 // |    that bears insufficient indications that the modifications are
19 // |    not the work of the original author(s).
20 // |
21 // | This license applies to this document only, not any other software
22 // | that it may be combined with.
23 // |
24 // +----------------------------------------------------------------------+
25 // | Contributors:
26 // | https://www.anuko.com/time_tracker/credits.htm
27 // +----------------------------------------------------------------------+
28
29 require_once('initialize.php');
30 import('form.Form');
31 import('ttInvoiceHelper');
32 import('ttSysConfig');
33
34 // Access checks.
35 if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) {
36   header('Location: access_denied.php');
37   exit();
38 }
39 if (!$user->isPluginEnabled('iv')) {
40   header('Location: feature_disabled.php');
41   exit();
42 }
43
44 $cl_invoice_id = (int)$request->getParameter('id');
45 $invoice = ttInvoiceHelper::getInvoice($cl_invoice_id); 
46 $sc = new ttSysConfig($user->id);
47
48 // Security check.
49 if (!$cl_invoice_id || !$invoice)
50   die ($i18n->get('error.sys'));
51
52 if ($request->isPost()) {
53   $cl_receiver = trim($request->getParameter('receiver'));
54   $cl_cc = trim($request->getParameter('cc'));
55   $cl_subject = trim($request->getParameter('subject'));
56   $cl_comment = trim($request->getParameter('comment'));
57 } else {
58   $cl_receiver = $sc->getValue(SYSC_LAST_INVOICE_EMAIL);
59   $cl_cc = $sc->getValue(SYSC_LAST_INVOICE_CC);
60   $cl_subject = $i18n->get('title.invoice').' '.$invoice['name'].', '.$user->team;
61 }
62
63 $form = new Form('mailForm');
64 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_invoice_id));
65 $form->addInput(array('type'=>'text','name'=>'receiver','style'=>'width: 300px;','value'=>$cl_receiver));
66 $form->addInput(array('type'=>'text','name'=>'cc','style'=>'width: 300px;','value'=>$cl_cc));
67 $form->addInput(array('type'=>'text','name'=>'subject','style'=>'width: 300px;','value'=>$cl_subject));
68 $form->addInput(array('type'=>'textarea','name'=>'comment','maxlength'=>'250','style'=>'width: 300px; height: 60px;'));
69 $form->addInput(array('type'=>'submit','name'=>'btn_send','value'=>$i18n->get('button.send')));
70
71 if ($request->isPost()) {
72   // Validate user input.
73   if (!ttValidEmailList($cl_receiver)) $err->add($i18n->get('error.field'), $i18n->get('form.mail.to'));
74   if (!ttValidEmailList($cl_cc, true)) $err->add($i18n->get('error.field'), $i18n->get('label.cc'));
75   if (!ttValidString($cl_subject)) $err->add($i18n->get('error.field'), $i18n->get('label.subject'));
76   if (!ttValidString($cl_comment, true)) $err->add($i18n->get('error.field'), $i18n->get('label.comment'));
77
78   if ($err->no()) {
79     // Save last invoice emails for future use.
80     $sc->setValue(SYSC_LAST_INVOICE_EMAIL, $cl_receiver);
81     $sc->setValue(SYSC_LAST_INVOICE_CC, $cl_cc);
82
83     $body = ttInvoiceHelper::prepareInvoiceBody($cl_invoice_id, $cl_comment);
84
85     import('mail.Mailer');
86     $mailer = new Mailer();
87     $mailer->setCharSet(CHARSET);
88     $mailer->setContentType('text/html');
89     $mailer->setSender(SENDER);
90     $mailer->setReceiver($cl_receiver);
91     if (isset($cl_cc))
92       $mailer->setReceiverCC($cl_cc);
93     if (!empty($user->bcc_email))
94       $mailer->setReceiverBCC($user->bcc_email);
95     $mailer->setMailMode(MAIL_MODE);
96     if ($mailer->send($cl_subject, $body))
97       $msg->add($i18n->get('form.mail.invoice_sent'));
98     else
99       $err->add($i18n->get('error.mail_send'));
100   }
101 } // isPost
102
103 $smarty->assign('sender', SENDER);
104 if (function_exists('imap_mime_header_decode')) {
105   // Decode sender in case it is encoded. PHP IMAP extension must be installed for us to get here.
106   $elements = imap_mime_header_decode(SENDER);
107   if (count($elements) > 1) {
108       // Reassign sender.
109       $smarty->assign('sender', $elements[count($elements) - 2]->text);
110   }
111 }
112
113 $smarty->assign('title', $i18n->get('title.send_invoice'));
114 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
115 $smarty->assign('onload', 'onLoad="document.mailForm.'.($cl_receiver?'comment':'receiver').'.focus()"');
116 $smarty->assign('content_page_name', 'mail.tpl');
117 $smarty->display('index.tpl');