xref: /webtrees/app/Http/RequestHandlers/ContactAction.php (revision b8fc901f205cd6af65496b916bf63547a3065a2f) 
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2019 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22use Fisharebest\Webtrees\FlashMessages;
23use Fisharebest\Webtrees\GuestUser;
24use Fisharebest\Webtrees\Http\ViewResponseTrait;
25use Fisharebest\Webtrees\I18N;
26use Fisharebest\Webtrees\Services\MessageService;
27use Fisharebest\Webtrees\Services\UserService;
28use Fisharebest\Webtrees\Tree;
29use Psr\Http\Message\ResponseInterface;
30use Psr\Http\Message\ServerRequestInterface;
31use Psr\Http\Server\RequestHandlerInterface;
32use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
33use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
34
35use function assert;
36use function checkdnsrr;
37use function e;
38use function in_array;
39use function preg_match;
40use function preg_quote;
41use function redirect;
42use function route;
43
44/**
45 * Send a message from a visitor.
46 */
47class ContactAction implements RequestHandlerInterface
48{
49    use ViewResponseTrait;
50
51    /** @var MessageService */
52    private $message_service;
53
54    /** @var UserService */
55    private $user_service;
56
57    /**
58     * MessagePage constructor.
59     *
60     * @param MessageService $message_service
61     * @param UserService    $user_service
62     */
63    public function __construct(MessageService $message_service, UserService $user_service)
64    {
65        $this->user_service = $user_service;
66        $this->message_service = $message_service;
67    }
68
69    /**
70     * @param ServerRequestInterface $request
71     *
72     * @return ResponseInterface
73     */
74    public function handle(ServerRequestInterface $request): ResponseInterface
75    {
76        $tree = $request->getAttribute('tree');
77        assert($tree instanceof Tree);
78
79        $params     = $request->getParsedBody();
80        $body       = $params['body'];
81        $from_email = $params['from_email'];
82        $from_name  = $params['from_name'];
83        $subject    = $params['subject'];
84        $to         = $params['to'];
85        $url        = $params['url'];
86        $ip         = $request->getAttribute('client-ip');
87        $to_user    = $this->user_service->findByUserName($to);
88
89        if ($to_user === null) {
90            throw new NotFoundHttpException();
91        }
92
93        if (!in_array($to_user, $this->message_service->validContacts($tree), false)) {
94            throw new AccessDeniedHttpException('Invalid contact user id');
95        }
96
97        $errors = $body === '' || $subject === '' || $from_email === '' || $from_name === '';
98
99        if (!preg_match('/^[^@]+@([^@]+)$/', $from_email, $match) || !checkdnsrr($match[1])) {
100            FlashMessages::addMessage(I18N::translate('Please enter a valid email address.'), 'danger');
101            $errors = true;
102        }
103
104        $base_url = $request->getAttribute('base_url');
105
106        if (preg_match('/(?!' . preg_quote($base_url, '/') . ')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
107            FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . /* I18N: e.g. ‘You should delete the “http://” from “http://www.example.com” and try again.’ */
108                I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]), 'danger');
109            $errors = true;
110        }
111
112        if ($errors) {
113            return redirect(route(ContactPage::class, [
114                'body'       => $body,
115                'from_email' => $from_email,
116                'from_name'  => $from_name,
117                'subject'    => $subject,
118                'to'         => $to,
119                'tree'       => $tree->name(),
120                'url'        => $url,
121            ]));
122        }
123
124        $sender = new GuestUser($from_email, $from_name);
125
126        if ($this->message_service->deliverMessage($sender, $to_user, $subject, $body, $url, $ip)) {
127            FlashMessages::addMessage(I18N::translate('The message was successfully sent to %s.', e($to_user->realName())), 'success');
128
129            $url = $url ?: route('tree-page', ['tree' => $tree->name()]);
130
131            return redirect($url);
132        }
133
134        FlashMessages::addMessage(I18N::translate('The message was not sent.'), 'danger');
135
136        $redirect_url = route(ContactPage::class, [
137            'body'       => $body,
138            'from_email' => $from_email,
139            'from_name'  => $from_name,
140            'subject'    => $subject,
141            'to'         => $to,
142            'tree'       => $tree->name(),
143            'url'        => $url,
144        ]);
145
146        return redirect($redirect_url);
147    }
148}
149