xref: /webtrees/app/Http/RequestHandlers/ContactAction.php (revision 37f4d1f0a7a5610284a8bb3182a07ec4441c9fc7)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2019 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22use Fisharebest\Webtrees\Exceptions\HttpAccessDeniedException;
23use Fisharebest\Webtrees\Exceptions\HttpNotFoundException;
24use Fisharebest\Webtrees\FlashMessages;
25use Fisharebest\Webtrees\GuestUser;
26use Fisharebest\Webtrees\Http\ViewResponseTrait;
27use Fisharebest\Webtrees\I18N;
28use Fisharebest\Webtrees\Services\CaptchaService;
29use Fisharebest\Webtrees\Services\MessageService;
30use Fisharebest\Webtrees\Services\UserService;
31use Fisharebest\Webtrees\Tree;
32use Psr\Http\Message\ResponseInterface;
33use Psr\Http\Message\ServerRequestInterface;
34use Psr\Http\Server\RequestHandlerInterface;
35
36use function assert;
37use function checkdnsrr;
38use function e;
39use function in_array;
40use function preg_match;
41use function preg_quote;
42use function redirect;
43use function route;
44
45/**
46 * Send a message from a visitor.
47 */
48class ContactAction implements RequestHandlerInterface
49{
50    use ViewResponseTrait;
51
52    /** @var CaptchaService */
53    private $captcha_service;
54
55    /** @var MessageService */
56    private $message_service;
57
58    /** @var UserService */
59    private $user_service;
60
61    /**
62     * MessagePage constructor.
63     *
64     * @param CaptchaService $captcha_service
65     * @param MessageService $message_service
66     * @param UserService    $user_service
67     */
68    public function __construct(
69        CaptchaService $captcha_service,
70        MessageService $message_service,
71        UserService $user_service
72    ) {
73        $this->captcha_service = $captcha_service;
74        $this->user_service    = $user_service;
75        $this->message_service = $message_service;
76    }
77
78    /**
79     * @param ServerRequestInterface $request
80     *
81     * @return ResponseInterface
82     */
83    public function handle(ServerRequestInterface $request): ResponseInterface
84    {
85        $tree = $request->getAttribute('tree');
86        assert($tree instanceof Tree);
87
88        $params     = (array) $request->getParsedBody();
89        $body       = $params['body'];
90        $from_email = $params['from_email'];
91        $from_name  = $params['from_name'];
92        $subject    = $params['subject'];
93        $to         = $params['to'];
94        $url        = $params['url'];
95        $ip         = $request->getAttribute('client-ip');
96        $to_user    = $this->user_service->findByUserName($to);
97
98        if ($to_user === null) {
99            throw new HttpNotFoundException();
100        }
101
102        if (!in_array($to_user, $this->message_service->validContacts($tree), false)) {
103            throw new HttpAccessDeniedException('Invalid contact user id');
104        }
105
106        $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === '';
107
108        if ($this->captcha_service->isRobot($request)) {
109            FlashMessages::addMessage(I18N::translate('Please try again.'), 'danger');
110            $errors = true;
111        }
112
113        if (!preg_match('/^[^@]+@([^@]+)$/', $from_email, $match) || !checkdnsrr($match[1])) {
114            FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger');
115            $errors = true;
116        }
117
118        $base_url = $request->getAttribute('base_url');
119
120        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
121            FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */
122                I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger');
123            $errors = true;
124        }
125
126        if ($errors) {
127            return redirect(route(ContactPage::class, [
128                'body'       => $body,
129                'from_email' => $from_email,
130                'from_name'  => $from_name,
131                'subject'    => $subject,
132                'to'         => $to,
133                'tree'       => $tree->name(),
134                'url'        => $url,
135            ]));
136        }
137
138        $sender = new GuestUser($from_email, $from_name);
139
140        if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) {
141            FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success');
142
143            $url = $url ?: route(TreePage::class, ['tree' => $tree->name()]);
144
145            return redirect($url);
146        }
147
148        FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger');
149
150        $redirect_url = route(ContactPage::class, [
151            'body'       => $body,
152            'from_email' => $from_email,
153            'from_name'  => $from_name,
154            'subject'    => $subject,
155            'to'         => $to,
156            'tree'       => $tree->name(),
157            'url'        => $url,
158        ]);
159
160        return redirect($redirect_url);
161    }
162}
163