PageRenderTime 63ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 1ms

/phplist/index.php

https://github.com/radicaldesigns/amp
PHP | 700 lines | 621 code | 46 blank | 33 comment | 138 complexity | b5c8f076a8831a64b82eae7a914c4efc MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0, BSD-3-Clause, LGPL-2.0, CC-BY-SA-3.0, AGPL-1.0 
    

  1. <?php
    2. 

  2. ob_start();
    3. 

  3. $er = error_reporting(0); # some ppl have warnings on
    4. 

  4. if (isset($_SERVER["ConfigFile"]) && is_file($_SERVER["ConfigFile"])) {
    5. 

  5. #  print '<!-- using '.$_SERVER["ConfigFile"].'-->'."\n";
    6. 

  6.   include $_SERVER["ConfigFile"];
    7. 

  7. } elseif (isset($_ENV["CONFIG"]) && is_file($_ENV["CONFIG"])) {
    8. 

  8. #  print '<!-- using '.$_ENV["CONFIG"].'-->'."\n";
    9. 

  9.   include $_ENV["CONFIG"];
    10. 

  10. } elseif (is_file("config/config.php")) {
    11. 

  11. #  print '<!-- using config/config.php -->'."\n";
    12. 

  12.   include "config/config.php";
    13. 

  13. } else {
    14. 

  14.   print "Error, cannot find config file\n";
    15. 

  15.   exit;
    16. 

  16. }
    17. 

  17. if (isset($GLOBALS["developer_email"])) {
    18. 

  18.   error_reporting(E_ALL);
    19. 

  19. } else {
    20. 

  20.   error_reporting(0);
    21. 

  21. }
    22. 

  22. require_once dirname(__FILE__) .'/admin/commonlib/lib/magic_quotes.php';
    23. 

  23. 

  24. require_once dirname(__FILE__).'/admin/init.php';
    25. 

  25. require_once dirname(__FILE__).'/admin/'.$GLOBALS["database_module"];
    26. 

  26. require_once dirname(__FILE__)."/texts/english.inc";
    27. 

  27. include_once dirname(__FILE__)."/texts/".$GLOBALS["language_module"];
    28. 

  28. require_once dirname(__FILE__)."/admin/defaultconfig.inc";
    29. 

  29. require_once dirname(__FILE__).'/admin/connect.php';
    30. 

  30. include_once dirname(__FILE__)."/admin/languages.php";
    31. 

  31. include_once dirname(__FILE__)."/admin/lib.php";
    32. 

  32. $I18N= new phplist_I18N();
    33. 

  33. 

  34. if ($require_login || ASKFORPASSWORD) {
    35. 

  35.   # we need session info if an admin subscribes a user
    36. 

  36.   if (!empty($GLOBALS["SessionTableName"])) {
    37. 

  37.     require_once dirname(__FILE__).'/admin/sessionlib.php';
    38. 

  38.   }
    39. 

  39.   @session_start(); # it may have been started already in languages
    40. 

  40. }
    41. 

  41. 

  42. if (!isset($_POST) && isset($HTTP_POST_VARS)) {
    43. 

  43.     require "admin/commonlib/lib/oldphp_vars.php";
    44. 

  44. }
    45. 

  45. 

  46. /*
    47. 

  47.   We request you retain the inclusion of pagetop below. This will add invisible
    48. 

  48.   additional information to your public pages.
    49. 

  49.   This not only gives respect to the large amount of time given freely
    50. 

  50.   by the developers  but also helps build interest, traffic and use of
    51. 

  51.   PHPlist, which is beneficial to it's future development.
    52. 

    53. 

  53.   Michiel Dethmers, Tincan Ltd 2000,2004
    54. 

  54. */
    55. 

  55. include "admin/pagetop.php";
    56. 

  56. if (isset($_GET['id'])) {
    57. 

  57.   $id = sprintf('%d',$_GET['id']);
    58. 

  58. } else {
    59. 

  59.   $id = 0;
    60. 

  60. }
    61. 

  61. 

  62. if (isset($_GET['uid']) && $_GET["uid"]) {
    63. 

  63.   $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where uniqid = "%s"',
    64. 

  64.     $tables["user"],$_GET["uid"]));
    65. 

  65.   $id = $req[0];
    66. 

  66.   $userid = $req[1];
    67. 

  67.   $userpassword = $req[2];
    68. 

  68.   $emailcheck = $req[3];
    69. 

  69. } elseif (isset($_GET["email"])) {
    70. 

  70.   $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where email = "%s"',
    71. 

  71.     $tables["user"],$_GET["email"]));
    72. 

  72.   $id = $req[0];
    73. 

  73.   $userid = $req[1];
    74. 

  74.   $userpassword = $req[2];
    75. 

  75.   $emailcheck = $req[3];
    76. 

  76. } elseif (isset($_REQUEST["unsubscribeemail"])) {
    77. 

  77.   $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where email = "%s"',
    78. 

  78.     $tables["user"],$_REQUEST["unsubscribeemail"]));
    79. 

  79.   $id = $req[0];
    80. 

  80.   $userid = $req[1];
    81. 

  81.   $userpassword = $req[2];
    82. 

  82.   $emailcheck = $req[3];
    83. 

  83. /*
    84. 

  84. } elseif ($_SESSION["userloggedin"] && $_SESSION["userid"]) {
    85. 

  85.   $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where id = %d',
    86. 

  86.     $tables["user"],$_SESSION["userid"]));
    87. 

  87.   $id = $req[0];
    88. 

  88.   $userid = $req[1];
    89. 

  89.   $userpassword = $req[2];
    90. 

  90.   $emailcheck = $req[3];
    91. 

  91. */
    92. 

  92. } else {
    93. 

  93.   $userid = "";
    94. 

  94.   $userpassword = "";
    95. 

  95.   $emailcheck = "";
    96. 

  96. }
    97. 

  97. 

  98. if (isset($_REQUEST['id']) && $_REQUEST["id"]){
    99. 

  99.   $id = sprintf('%d',$_REQUEST["id"]);
    100. 

  100. }
    101. 

  101. # make sure the subscribe page still exists
    102. 

  102. $req = Sql_fetch_row_query(sprintf('select id from %s where id = %d',$tables["subscribepage"],$id));
    103. 

  103. $id = $req[0];
    104. 

  104. $msg = "";
    105. 

  105. 

  106. if (!empty($_POST["sendpersonallocation"])) {
    107. 

  107.   if (isset($_POST['email']) && $_POST["email"]) {
    108. 

  108.     $uid = Sql_Fetch_Row_Query(sprintf('select uniqid,email,id from %s where email = "%s"',
    109. 

  109.       $tables["user"],$_POST["email"]));
    110. 

  110.     if ($uid[0]) {
    111. 

  111.       sendMail ($uid[1],getConfig("personallocation_subject"),getUserConfig("personallocation_message",$uid[2]),system_messageheaders(),$GLOBALS["envelope"]);
    112. 

  112.       $msg = $GLOBALS["strPersonalLocationSent"];
    113. 

  113.       addSubscriberStatistics('personal location sent',1);
    114. 

  114.     } else {
    115. 

  115.       $msg = $GLOBALS["strUserNotFound"];
    116. 

  116.     }
    117. 

  117.   }
    118. 

  118. }
    119. 

  119. 

  120. if (isset($_GET['p']) && $_GET["p"] == "subscribe") {
    121. 

  121.   $_SESSION["userloggedin"] = 0;
    122. 

  122.   $_SESSION["userdata"] = array();
    123. 

  123. }
    124. 

  124. 

  125. $login_required =
    126. 

  126.   (ASKFORPASSWORD && $userpassword && $_GET["p"] == "preferences") ||
    127. 

  127.   (ASKFORPASSWORD && UNSUBSCRIBE_REQUIRES_PASSWORD && $userpassword && $_GET["p"] == "unsubscribe");
    128. 

  128. 

  129. if ($login_required && empty($_SESSION["userloggedin"])) {
    130. 

  130.   $canlogin = 0;
    131. 

  131.   if (!empty($_POST["login"])) {
    132. 

  132.     if (empty($_POST["email"])) {
    133. 

  133.       $msg = $strEnterEmail;
    134. 

  134.     } elseif (empty($_POST["password"])) {
    135. 

  135.       $msg = $strEnterPassword;
    136. 

  136.     } else {
    137. 

  137.       if (ENCRYPTPASSWORD) {
    138. 

  138.         $canlogin = md5($_POST["password"]) == $userpassword && $_POST["email"] == $emailcheck;
    139. 

  139.       } else {
    140. 

  140.         $canlogin = $_POST["password"] == $userpassword && $_POST["email"] == $emailcheck;
    141. 

  141.       }
    142. 

  142.     }
    143. 

  143.     if (!$canlogin) {
    144. 

  144.       $msg = $strInvalidPassword;
    145. 

  145.     } else {
    146. 

  146.       loadUser($emailcheck);
    147. 

  147.       $_SESSION["userloggedin"] = $_SERVER["REMOTE_ADDR"];
    148. 

  148.      }
    149. 

  149.    } elseif (!empty($_POST["forgotpassword"])) {
    150. 

  150.     if (!empty($_POST["email"]) && $_POST["email"] == $emailcheck) {
    151. 

  151.       sendMail ($emailcheck,$GLOBALS["strPasswordRemindSubject"],$GLOBALS["strPasswordRemindMessage"]." ".$userpassword,system_messageheaders());
    152. 

  152.       $msg = $GLOBALS["strPasswordSent"];
    153. 

  153.     } else {
    154. 

  154.       $msg = $strPasswordRemindInfo;
    155. 

  155.     }
    156. 

  156.   } elseif (isset($_SESSION["userdata"]["email"]["value"]) && $_SESSION["userdata"]["email"]["value"] == $emailcheck) {
    157. 

  157.     $canlogin = $_SESSION["userloggedin"];
    158. 

  158.     $msg = $strEnterPassword;
    159. 

  159.   }
    160. 

  160. } else {
    161. 

  161.   $canlogin = 1;
    162. 

  162. }
    163. 

  163. 

  164. if (!$id) {
    165. 

  165.   # find the default one:
    166. 

  166.   $id = getConfig("defaultsubscribepage");
    167. 

  167.   # fix the true/false issue
    168. 

  168.   if ($id == "true") $id = 1;
    169. 

  169.   if ($id == "false") $id = 0;
    170. 

  170.   if (!$id) {
    171. 

  171.     # pick a first
    172. 

  172.     $req = Sql_Fetch_row_Query(sprintf('select ID from %s where active',$tables["subscribepage"]));
    173. 

  173.     $id = $req[0];
    174. 

  174.   }
    175. 

  175. }
    176. 

  176. 

  177. if ($login_required && empty($_SESSION["userloggedin"]) && !$canlogin) {
    178. 

  178.   print LoginPage($id,$userid,$emailcheck,$msg);
    179. 

  179. } elseif (isset($_GET['p']) && preg_match("/(\w+)/",$_GET["p"],$regs)) {
    180. 

  180.   if ($id) {
    181. 

  181.     switch ($_GET["p"]) {
    182. 

  182.       case "subscribe":
    183. 

  183.         require "admin/subscribelib2.php";
    184. 

  184.          print SubscribePage($id);
    185. 

  185.         break;
    186. 

  186.       case "preferences":
    187. 

  187.         if (!isset($_GET["id"]) || !$_GET['id']) $_GET["id"] = $id;
    188. 

  188.         require "admin/subscribelib2.php";
    189. 

  189.         if (!$userid) {
    190. 

  190. #          print "Userid not set".$_SESSION["userid"];
    191. 

  191.           print sendPersonalLocationPage($id);
    192. 

  192.         } elseif (ASKFORPASSWORD && $passwordcheck && !$canlogin) {
    193. 

  193.           print LoginPage($id,$userid,$emailcheck);
    194. 

  194.         } else {
    195. 

  195.           print PreferencesPage($id,$userid);
    196. 

  196.         }
    197. 

  197.         break;
    198. 

  198.       case "forward":
    199. 

  199.          print ForwardPage($id);
    200. 

  200.         break;
    201. 

  201.       case "confirm":
    202. 

  202.          print ConfirmPage($id);
    203. 

  203.         break;
    204. 

  204.       case "unsubscribe":
    205. 

  205.         print UnsubscribePage($id);
    206. 

  206.         break;
    207. 

  207.       default:
    208. 

  208.         FileNotFound();
    209. 

  209.     }
    210. 

  210.   } else {
    211. 

  211.     FileNotFound();
    212. 

  212.   }
    213. 

  213. } else {
    214. 

  214.   if ($id) $data = PageData($id);
    215. 

  215.   print '<title>'.$GLOBALS["strSubscribeTitle"].'</title>';
    216. 

  216.   print $data["header"];
    217. 

  217.   $req = Sql_Query(sprintf('select * from %s where active',$tables["subscribepage"]));
    218. 

  218.   if (Sql_Affected_Rows()) {
    219. 

  219.     while ($row = Sql_Fetch_Array($req)) {
    220. 

  220.       $intro = Sql_Fetch_Row_Query(sprintf('select data from %s where id = %d and name = "intro"',$tables["subscribepage_data"],$row["id"]));
    221. 

  221.       print $intro[0];
    222. 

  222.       printf('<p><a href="./?p=subscribe&id=%d">%s</a></p>',$row["id"],$row["title"]);
    223. 

  223.      }
    224. 

  224.   } else {
    225. 

  225.     printf('<p><a href="./?p=subscribe">%s</a></p>',$strSubscribeTitle);
    226. 

  226.   }
    227. 

  227. 

  228.   printf('<p><a href="./?p=unsubscribe">%s</a></p>',$strUnsubscribeTitle);
    229. 

  229.   print $PoweredBy;
    230. 

  230.   print $data["footer"];
    231. 

  231. }
    232. 

  232. 

  233. function LoginPage($id,$userid,$email = "",$msg = "") {
    234. 

  234.   $data = PageData($id);
    235. 

  235.   list($attributes,$attributedata) = PageAttributes($data);
    236. 

  236.   $html = '<title>'.$GLOBALS["strLoginTitle"].'</title>';
    237. 

  237.   $html .= $data["header"];
    238. 

  238.   $html .= '<b>'.$GLOBALS["strLoginInfo"].'</b><br/>';
    239. 

  239.   $html .= $msg;
    240. 

  240.   if (isset($_REQUEST["email"])) {
    241. 

  241.     $email = $_REQUEST["email"];
    242. 

  242.   }
    243. 

  243.   if (!isset($_POST["password"])) {
    244. 

  244.     $_POST["password"] = '';
    245. 

  245.   }
    246. 

  246. 

  247.   $html .= formStart('name="loginform"');
    248. 

  248.   $html .= '<table border=0>';
    249. 

  249.   $html .= '<tr><td>'.$GLOBALS["strEmail"].'</td><td><input type=text name="email" value="'.$email.'" size="30"></td></tr>';
    250. 

  250.   $html .= '<tr><td>'.$GLOBALS["strPassword"].'</td><td><input type=password name="password" value="'.$_POST["password"].'" size="30"></td></tr>';
    251. 

  251.   $html .= '</table>';
    252. 

  252.    $html .= '<p><input type=submit name="login" value="'.$GLOBALS["strLogin"].'"></p>';
    253. 

  253.   if (ENCRYPTPASSWORD) {
    254. 

  254.     $html .= sprintf('<a href="mailto:%s?subject=%s">%s</a>',getConfig("admin_address"),$GLOBALS["strForgotPassword"],$GLOBALS["strForgotPassword"]);
    255. 

  255.   } else {
    256. 

  256.     $html .= '<input type=submit name="forgotpassword" value="'.$GLOBALS["strForgotPassword"].'">';
    257. 

  257.   }
    258. 

  258.   $html .= '<br/><br/>
    259. 

  259.     <p><a href="'.getConfig("unsubscribeurl").'&id='.$id.'">'.$GLOBALS["strUnsubscribe"].'</a></p>';
    260. 

  260.   $html .= '</form>'.$GLOBALS["PoweredBy"];
    261. 

  261.   $html .= $data["footer"];
    262. 

  262.   return $html;
    263. 

  263. }
    264. 

  264. 

  265. function sendPersonalLocationPage($id) {
    266. 

  266.   $data = PageData($id);
    267. 

  267.   list($attributes,$attributedata) = PageAttributes($data);
    268. 

  268.   $html = '<title>'.$GLOBALS["strPreferencesTitle"].'</title>';
    269. 

  269.   $html .= $data["header"];
    270. 

  270.   $html .= '<b>'.$GLOBALS["strPreferencesTitle"].'</b><br/>';
    271. 

  271.   $html .= $GLOBALS["msg"];
    272. 

  272.   if ($_REQUEST["email"]) {
    273. 

  273.     $email = $_REQUEST["email"];
    274. 

  274.   } elseif ($_SESSION["userdata"]["email"]["value"]) {
    275. 

  275.     $email = $_SESSION["userdata"]["email"]["value"];
    276. 

  276.   }
    277. 

  277.   $html .= $GLOBALS["strPersonalLocationInfo"];
    278. 

  278. 

  279.   $html .= formStart('name="form"');
    280. 

  280.   $html .= '<table border=0>';
    281. 

  281.   $html .= '<tr><td>'.$GLOBALS["strEmail"].'</td><td><input type=text name="email" value="'.$email.'" size="30"></td></tr>';
    282. 

  282.   $html .= '</table>';
    283. 

  283.    $html .= '<p><input type=submit name="sendpersonallocation" value="'.$GLOBALS["strContinue"].'"></p>';
    284. 

  284.   $html .= '<br/><br/>
    285. 

  285.     <p><a href="'.getConfig("unsubscribeurl").'&id='.$id.'">'.$GLOBALS["strUnsubscribe"].'</a></p>';
    286. 

  286.   $html .= '</form>'.$GLOBALS["PoweredBy"];
    287. 

  287.   $html .= $data["footer"];
    288. 

  288.   return $html;
    289. 

  289. }
    290. 

  290. 

  291. function preferencesPage($id,$userid) {
    292. 

  292.   $data = PageData($id);
    293. 

  293.   list($attributes,$attributedata) = PageAttributes($data);
    294. 

  294.   $selected_lists = explode(',',$data["lists"]);
    295. 

  295.   $html = '<title>'.$GLOBALS["strPreferencesTitle"].'</title>';
    296. 

  296.   $html .= $data["header"];
    297. 

  297.   $html .= '<b>'.$GLOBALS["strPreferencesInfo"].'</b>';
    298. 

  298.   $html .= '
    299. 

    300. 

  300. <br/><font class="required">'.$GLOBALS["strRequired"].'</font><br/>
    301. 

  301. '.$GLOBALS["msg"].'
    302. 

  302. 

  303. <script language="Javascript" type="text/javascript">
    304. 

  304. 

  305. var fieldstocheck = new Array();
    306. 

  306.     fieldnames = new Array();
    307. 

  307. 

  308. function checkform() {
    309. 

  309.   for (i=0;i<fieldstocheck.length;i++) {
    310. 

  310.     if (eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].value") == "") {
    311. 

  311.       alert("'.$GLOBALS["strPleaseEnter"].' "+fieldnames[i]);
    312. 

  312.       eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].focus()");
    313. 

  313.       return false;
    314. 

  314.     }
    315. 

  315.   }
    316. 

  316. ';
    317. 

  317. if ($data['emaildoubleentry']=='yes')
    318. 

  318. {
    319. 

  319. $html .='
    320. 

  320.   if(! compareEmail())
    321. 

  321.   {
    322. 

  322.     alert("Email addresses you entered do not match");
    323. 

  323.     return false;
    324. 

  324.   }';
    325. 

  325. }
    326. 

  326. 

  327. $html .='
    328. 

  328.   return true;
    329. 

  329. }
    330. 

  330. 

  331. function addFieldToCheck(value,name) {
    332. 

  332.   fieldstocheck[fieldstocheck.length] = value;
    333. 

  333.   fieldnames[fieldnames.length] = name;
    334. 

  334. }
    335. 

  335. 

  336. function compareEmail()
    337. 

  337. {
    338. 

  338.   return (document.subscribeform.elements["email"].value == document.subscribeform.elements["emailconfirm"].value);
    339. 

  339. }
    340. 

  340. 

  341. 

  342. </script>';
    343. 

  343.   $html .= formStart('name="subscribeform"');
    344. 

  344.   $html .= '<table border=0>';
    345. 

  345.   $html .= ListAttributes($attributes,$attributedata,$data["htmlchoice"],$userid,$data['emaildoubleentry']);
    346. 

  346.   $html .= '</table>';
    347. 

  347.   if (ENABLE_RSS) {
    348. 

  348.     $html .= RssOptions($data,$userid);
    349. 

  349.    }
    350. 

  350.   $html .= ListAvailableLists($userid,$data["lists"]);
    351. 

  351.   if (isBlackListedID($userid)) {
    352. 

  352.     $html .= $GLOBALS["strYouAreBlacklisted"];
    353. 

  353.   }
    354. 

  354. 

  355.   $html .= '<p><input type=submit name="update" value="'.$GLOBALS["strUpdatePreferences"].'" onClick="return checkform();"></p>
    356. 

  356.     </form><br/><br/>
    357. 

  357.     <p><a href="'.getConfig("unsubscribeurl").'&id='.$id.'">'.$GLOBALS["strUnsubscribe"].'</a></p>
    358. 

  358.   '.$GLOBALS["PoweredBy"];
    359. 

  359.   $html .= $data["footer"];
    360. 

  360.   return $html;
    361. 

  361. }
    362. 

  362. 

  363. function subscribePage($id) {
    364. 

  364.   $data = PageData($id);
    365. 

  365.   list($attributes,$attributedata) = PageAttributes($data);
    366. 

  366.   $selected_lists = explode(',',$data["lists"]);
    367. 

  367.   $html = '<title>'.$GLOBALS["strSubscribeTitle"].'</title>';
    368. 

  368.   $html .= $data["header"];
    369. 

  369.   $html .= $data["intro"];
    370. 

  370.   $html .= '
    371. 

    372. 

  372. <br/><font class="required">'.$GLOBALS["strRequired"].'</font><br/>
    373. 

  373. '.$GLOBALS["msg"].'
    374. 

  374. 

  375. <script language="Javascript" type="text/javascript">
    376. 

  376. 

  377. var fieldstocheck = new Array();
    378. 

  378.     fieldnames = new Array();
    379. 

  379. 

  380. function checkform() {
    381. 

  381.   for (i=0;i<fieldstocheck.length;i++) {
    382. 

  382.     if (eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].value") == "") {
    383. 

  383.       alert("'.$GLOBALS["strPleaseEnter"].' "+fieldnames[i]);
    384. 

  384.       eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].focus()");
    385. 

  385.       return false;
    386. 

  386.     }
    387. 

  387.   }
    388. 

  388. ';
    389. 

  389. if ($data['emaildoubleentry']=='yes')
    390. 

  390. {
    391. 

  391. $html .='
    392. 

  392.   if(! compareEmail())
    393. 

  393.   {
    394. 

  394.     alert("Email addresses you entered do not match");
    395. 

  395.     return false;
    396. 

  396.   }';
    397. 

  397. }
    398. 

  398. 

  399. $html .='
    400. 

  400.   return true;
    401. 

  401. }
    402. 

  402. 

  403. 

  404. function addFieldToCheck(value,name) {
    405. 

  405.   fieldstocheck[fieldstocheck.length] = value;
    406. 

  406.   fieldnames[fieldnames.length] = name;
    407. 

  407. }
    408. 

  408. 

  409. function compareEmail()
    410. 

  410. {
    411. 

  411.   return (document.subscribeform.elements["email"].value == document.subscribeform.elements["emailconfirm"].value);
    412. 

  412. }
    413. 

  413. 

  414. </script>';
    415. 

  415.   $html .= formStart('name="subscribeform"');
    416. 

  416.   # @@@ update
    417. 

  417.   if (isset($_SESSION["adminloggedin"]) && $_SESSION["adminloggedin"]) {
    418. 

  418.     $html .= '<style type="text/css">
    419. 

  419.       div.adminmessage {
    420. 

  420.         width: 100%;
    421. 

  421.         border: 2px dashed #000000;
    422. 

  422.         padding: 10px;
    423. 

  423.         margin-bottom: 15px;
    424. 

  424.         background-color: #E7BE8F;
    425. 

  425. 

  426.       }
    427. 

  427.       </style>';
    428. 

  428.     $html .= '<div class="adminmessage"><p><b>You are logged in as administrator ('.$_SESSION["logindetails"]["adminname"].') of this phplist system</b></p>';
    429. 

  429.     $html .= '<p>You are therefore offered the following choice, which your users will not see when they load this page.</p>';
    430. 

  430.     $html .= '<p><b>Please choose</b>: <br/><input type=radio name="makeconfirmed" value="1"> Make this user confirmed immediately
    431. 

  431.       <br/><input type=radio name="makeconfirmed" value="0" checked> Send this user a request for confirmation email </p></div>';
    432. 

  432.   }
    433. 

  433.   $html .= '<table border=0>';
    434. 

  434.   $html .= ListAttributes($attributes,$attributedata,$data["htmlchoice"],0,$data['emaildoubleentry']);
    435. 

  435.   $html .= '</table>';
    436. 

  436.   if (ENABLE_RSS) {
    437. 

  437.     $html .= RssOptions($data);
    438. 

  438.    }
    439. 

  439.   $html .= ListAvailableLists("",$data["lists"]);
    440. 

  440. 

  441.   $html .= '<p><input type=submit name="subscribe" value="'.$data["button"].'" onClick="return checkform();"></p>
    442. 

  442.     </form><br/><br/>
    443. 

  443.     <p><a href="'.getConfig("unsubscribeurl").'&id='.$id.'">'.$GLOBALS["strUnsubscribe"].'</a></p>
    444. 

  444.   '.$GLOBALS["PoweredBy"];
    445. 

  445.   $html .= $data["footer"];
    446. 

  446.   return $html;
    447. 

  447. }
    448. 

  448. 

  449. function confirmPage($id) {
    450. 

  450.   global $tables,$envelope;
    451. 

  451.   if (!$_GET["uid"]) {
    452. 

  452.     FileNotFound();
    453. 

  453.   }
    454. 

  454.   $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"".$_GET["uid"]."\"");
    455. 

  455.   $userdata = Sql_Fetch_Array($req);
    456. 

  456.   if ($userdata["id"]) {
    457. 

  457.     $blacklisted = isBlackListed($userdata["email"]);
    458. 

  458.     $html = '<ul>';
    459. 

  459.     $lists = '';
    460. 

  460.     Sql_Query("update {$tables["user"]} set confirmed = 1,blacklisted = 0 where id = ".$userdata["id"]);
    461. 

  461.     $req = Sql_Query(sprintf('select name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active',$tables['list'],$tables['listuser'],$userdata['id']));
    462. 

  462.     if (!Sql_Affected_Rows()) {
    463. 

  463.       $lists = "\n * ".$GLOBALS["strNoLists"];
    464. 

  464.       $html .= '<li>'.$GLOBALS["strNoLists"].'</li>';
    465. 

  465.     }
    466. 

  466.     while ($row = Sql_fetch_array($req)) {
    467. 

  467.       $lists .= "\n *".$row["name"];
    468. 

  468.       $html .= '<li class="list">'.$row["name"].'<div class="listdescription">'.stripslashes($row["description"]).'</div></li>';
    469. 

  469.     }
    470. 

  470.     $html .= '</ul>';
    471. 

  471.     if ($blacklisted) {
    472. 

  472.       unBlackList($userdata['id']);
    473. 

  473.       addUserHistory($userdata["email"],"Confirmation","User removed from Blacklist for manual confirmation of subscription");
    474. 

  474.     }
    475. 

  475.     addUserHistory($userdata["email"],"Confirmation","Lists: $lists");
    476. 

  476. 

  477.     $spage = $userdata["subscribepage"];
    478. 

  478. 

  479.     $confirmationmessage = ereg_replace('\[LISTS\]', $lists, getUserConfig("confirmationmessage:$spage",$userdata["id"]));
    480. 

  480. 

  481.     if (!TEST) {
    482. 

  482.       sendMail($userdata["email"], getConfig("confirmationsubject:$spage"), $confirmationmessage,system_messageheaders(),$envelope);
    483. 

  483.       $adminmessage = $userdata["email"] . " has confirmed their subscription";
    484. 

  484.       if ($blacklisted) {
    485. 

  485.         $adminmessage .= "\nUser has been removed from blacklist";
    486. 

  486.       }
    487. 

  487.       sendAdminCopy("List confirmation",$adminmessage);
    488. 

  488.       addSubscriberStatistics('confirmation',1);
    489. 

  489.     }
    490. 

  490.     $info = $GLOBALS["strConfirmInfo"];
    491. 

  491.   } else {
    492. 

  492.     logEvent("Request for confirmation for invalid user ID: ".substr($_GET["uid"],0,150));
    493. 

  493.     $html .= 'Error: '.$GLOBALS["strUserNotFound"];
    494. 

  494.     $info = $GLOBALS["strConfirmFailInfo"];
    495. 

  495.   }
    496. 

  496.   $data = PageData($id);
    497. 

  497. 

  498.   $res = '<title>'.$GLOBALS["strConfirmTitle"].'</title>';
    499. 

  499.   $res .= $data["header"];
    500. 

  500.   $res .= '<h1>'.$info.'</h1>';
    501. 

  501.   $res .= $html;
    502. 

  502.   $res .= "<P>".$GLOBALS["PoweredBy"].'</p>';
    503. 

  503.   $res .= $data["footer"];
    504. 

  504.   return $res;
    505. 

  505. }
    506. 

  506. 

  507. function unsubscribePage($id) {
    508. 

  508.   $pagedata = pageData($id);
    509. 

  509.   global $tables;
    510. 

  510.   $res = $pagedata["header"];
    511. 

  511.   $res .= '<title>'.$GLOBALS["strUnsubscribeTitle"].'</title>';
    512. 

  512.   if (isset($_GET["uid"])) {
    513. 

  513.     $req = Sql_Query("select * from $tables[user] where uniqid = \"".$_GET["uid"]."\"");
    514. 

  514.     $userdata = Sql_Fetch_Array($req);
    515. 

  515.     $email = $userdata["email"];
    516. 

  516.     if (UNSUBSCRIBE_JUMPOFF) {
    517. 

  517.       $_POST["unsubscribe"] = 1;
    518. 

  518.       $_POST["email"] = $email;
    519. 

  519.       $_POST["unsubscribereason"] = '"Jump off" set, reason not requested';
    520. 

  520.     }
    521. 

  521.   }
    522. 

  522. 

  523.   if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) {
    524. 

  524.     if (isset($_POST["email"])) {
    525. 

  525.       $email = trim($_POST["email"]);
    526. 

  526.     } else {
    527. 

  527.       $email = $_POST["unsubscribeemail"];
    528. 

  528.     }
    529. 

  529.     $query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"$email\"");
    530. 

  530.     $userid = $query[0];
    531. 

  531.     $email = $query[1];
    532. 

  532.     if (!$userid) {
    533. 

  533.       $res .= 'Error: '.$GLOBALS["strUserNotFound"];
    534. 

  534.       logEvent("Request to unsubscribe non-existent user: ".substr($_POST["email"],0,150));
    535. 

  535.     } else {
    536. 

  536.       $result = Sql_query("delete from {$tables["listuser"]} where userid = \"$userid\"");
    537. 

  537.       $lists = "  * ".$GLOBALS["strAllMailinglists"]."\n";
    538. 

  538.       # add user to blacklist
    539. 

  539.       addUserToBlacklist($email,$_POST['unsubscribereason']);
    540. 

  540. 

  541.       addUserHistory($email,"Unsubscription","Unsubscribed from $lists");
    542. 

  542.       $unsubscribemessage = ereg_replace("\[LISTS\]", $lists,getUserConfig("unsubscribemessage",$userid));
    543. 

  543.       sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email));
    544. 

  544.       $reason = $_POST["unsubscribereason"] ? "Reason given:\n".stripslashes($_POST["unsubscribereason"]):"No Reason given";
    545. 

  545.       sendAdminCopy("List unsubscription",$email . " has unsubscribed\n$reason");
    546. 

  546.       addSubscriberStatistics('unsubscription',1);
    547. 

  547.     }
    548. 

  548. 

  549.     if ($userid)
    550. 

  550.       $res .= '<h1>'.$GLOBALS["strUnsubscribeDone"] ."</h1><P>";
    551. 

  551.     $res .= $GLOBALS["PoweredBy"].'</p>';
    552. 

  552.     $res .= $pagedata["footer"];
    553. 

  553.     return $res;
    554. 

  554.   } elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) {
    555. 

  555.     $msg = '<span class="error">'.$GLOBALS["strEnterEmail"]."</span><br>";
    556. 

  556.   } elseif (!empty($_GET["email"])) {
    557. 

  557.     $email = trim($_GET["email"]);
    558. 

  558.   } else {
    559. 

  559.     if (isset($_REQUEST["email"])) {
    560. 

  560.       $email = $_REQUEST["email"];
    561. 

  561.     } elseif (isset($_REQUEST['unsubscribeemail'])) {
    562. 

  562.       $email = $_REQUEST['unsubscribeemail'];
    563. 

  563.     } elseif (!isset($email)) {
    564. 

  564.       $email = '';
    565. 

  565.     }
    566. 

  566.   }
    567. 

  567.   if (!isset($msg)) {
    568. 

  568.     $msg = '';
    569. 

  569.   }
    570. 

  570. 

  571.   $res .= '<b>'. $GLOBALS["strUnsubscribeInfo"].'</b><br>'.
    572. 

  572.   $msg.formStart();
    573. 

  573.   $res .= '<table>
    574. 

  574.   <tr><td>'.$GLOBALS["strEnterEmail"].':</td><td colspan=3><input type=text name="unsubscribeemail" value="'.$email.'" size=40></td></tr>
    575. 

  575.   </table>';
    576. 

    577. 

  577.   if (!$email) {
    578. 

  578.     $res .= "<input type=submit name=unsubscribe value=\"$GLOBALS[strContinue]\"></form>\n";
    579. 

  579.     $res .= $GLOBALS["PoweredBy"];
    580. 

  580.     $res .= $pagedata["footer"];
    581. 

  581.     return $res;
    582. 

  582.   }
    583. 

  583. 

  584.   $current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash FROM $tables[list] as list,$tables[listuser] as listuser,$tables[user] as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"$email\"");
    585. 

  585.   $some = $current["listid"];
    586. 

  586.   $hash = $current["userhash"];
    587. 

  587. 

  588.   $finaltext = $GLOBALS["strUnsubscribeFinalInfo"];
    589. 

  589.   $pref_url = getConfig("preferencesurl");
    590. 

  590.   $sep = ereg('\?',$pref_url)?'&':'?';
    591. 

  591.   $finaltext = eregi_replace('\[preferencesurl\]',$pref_url.$sep.'uid='.$hash,$finaltext);
    592. 

  592. 

  593.   if (!$some) {
    594. 

  594.     $res .= "<b>".$GLOBALS["strNoListsFound"]."</b></ul>";
    595. 

  595.     $res .= '<p><input type=submit value="'.$GLOBALS["strResubmit"].'">';
    596. 

  596.   } else {
    597. 

  597.     list($r,$c) = explode(",",getConfig("textarea_dimensions"));
    598. 

  598.     if (!$r) $r = 5;
    599. 

  599.     if (!$c) $c = 65;
    600. 

  600.     $res .= $GLOBALS["strUnsubscribeRequestForReason"];
    601. 

  601.     $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>',$c,$r).'
    602. 

    603. 

  603.     '.$finaltext.'
    604. 

  604. 

  605.     <p><input type=submit name="unsubscribe" value="'.$GLOBALS["strUnsubscribe"].'"></p>';
    606. 

  606.   }
    607. 

  607. 

  608.   $res .= '<p>'.$GLOBALS["PoweredBy"].'</p>';
    609. 

  609.   $res .= $pagedata["footer"];
    610. 

  610.   return $res;
    611. 

  611. }
    612. 

  612. 

  613. function forwardPage($id) {
    614. 

  614.   global $tables,$envelope;
    615. 

  615.   $html = '';
    616. 

  616.   $subtitle = '';
    617. 

  617.   if (!isset($_GET["uid"]) || !$_GET['uid'])
    618. 

  618.     FileNotFound();
    619. 

  619. 

  620.   $forwardemail = '';
    621. 

  621.   if (isset($_GET['email'])) {
    622. 

  622.     $forwardemail = $_GET['email'];
    623. 

  623.   }
    624. 

  624.   $mid = 0;
    625. 

  625.   if (isset($_GET['mid'])) {
    626. 

  626.     $mid = sprintf('%d',$_GET['mid']);
    627. 

  627.     $req = Sql_Query(sprintf('select * from %s where id = %d',$tables["message"],$mid));
    628. 

  628.     $messagedata = Sql_Fetch_Array($req);
    629. 

  629.     $mid = $messagedata['id'];
    630. 

  630.     if ($mid) {
    631. 

  631.       $subtitle = $GLOBALS['strForwardSubtitle'].' '.stripslashes($messagedata['subject']);
    632. 

  632.     }
    633. 

  633.   }
    634. 

  634.   $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"".$_GET["uid"]."\"");
    635. 

  635.   $userdata = Sql_Fetch_Array($req);
    636. 

  636. 

  637.   $req = Sql_Query(sprintf('select * from %s where email = "%s"',$tables["user"],$forwardemail));
    638. 

  638.   $forwarduserdata = Sql_Fetch_Array($req);
    639. 

  639. 

  640.   if ($userdata["id"] && $mid) {
    641. 

  641.     if (!is_email($forwardemail)) {
    642. 

  642.       $info = $GLOBALS['strForwardEnterEmail'];
    643. 

  643.       $html .= '<form method="get">';
    644. 

  644.       $html .= sprintf('<input type=hidden name="mid" value="%d">',$mid);
    645. 

  645.       $html .= sprintf('<input type=hidden name="id" value="%d">',$id);
    646. 

  646.       $html .= sprintf('<input type=hidden name="uid" value="%s">',$userdata['uniqid']);
    647. 

  647.       $html .= sprintf('<input type=hidden name="p" value="forward">');
    648. 

  648.       $html .= sprintf('<input type=text name="email" value="%s" size=35 class="attributeinput">',$forwardemail);
    649. 

  649.       $html .= sprintf('<input type=submit value="%s"></form>',$GLOBALS['strContinue']);
    650. 

  650.     } else {
    651. 

  651.       # check whether the email to forward exists and whether they have received the message
    652. 

  652.       if ($forwarduserdata['id']) {
    653. 

  653.         $sent = Sql_Fetch_Row_Query(sprintf('select entered from %s where userid = %d and messageid = %d',
    654. 

  654.           $tables['usermessage'],$forwarduserdata['id'],$mid));
    655. 

  655.         # however even if that's the case, we don't want to reveal this information
    656. 

  656.       }
    657. 

  657. 

  658.       $done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d',
    659. 

  659.         $tables['user_message_forward'],$forwardemail,$mid));
    660. 

  660.       if ($done['status'] === 'sent') {
    661. 

  661.         $info = $GLOBALS['strForwardAlreadyDone'];
    662. 

  662.       } else {
    663. 

  663.         if (!TEST) {
    664. 

  664.           # forward the message
    665. 

  665.           require 'admin/sendemaillib.php';
    666. 

  666.           # sendEmail will take care of blacklisting
    667. 

  667.           if (sendEmail($mid,$forwardemail,'forwarded',$userdata['htmlemail'],array(),$userdata)) {
    668. 

  668.             $info = $GLOBALS["strForwardSuccessInfo"];
    669. 

  669.             sendAdminCopy("Message Forwarded",$userdata["email"] . " has forwarded a message $mid to $forwardemail");
    670. 

  670.             Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
    671. 

  671.               values(%d,%d,"%s","sent",now())',
    672. 

  672.               $tables['user_message_forward'],$userdata['id'],$mid,$forwardemail));
    673. 

  673.           } else {
    674. 

  674.             $info = $GLOBALS["strForwardFailInfo"];
    675. 

  675.             sendAdminCopy("Message Forwarded",$userdata["email"] . " tried forwarding a message $mid to $forwardemail but failed");
    676. 

  676.             Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
    677. 

  677.               values(%d,%d,"%s","failed",now())',
    678. 

  678.               $tables['user_message_forward'],$userdata['id'],$mid,$forwardemail));
    679. 

  679.           }
    680. 

  680.         }
    681. 

  681.       }
    682. 

  682. 

  683.     }
    684. 

  684. 

  685.   } else {
    686. 

  686.     logEvent("Forward request from invalid user ID: ".substr($_GET["uid"],0,150));
    687. 

  687.     $info = $GLOBALS["strForwardFailInfo"];
    688. 

  688.   }
    689. 

  689.   $data = PageData($id);
    690. 

  690. 

  691.   $res = '<title>'.$GLOBALS["strForwardTitle"].'</title>';
    692. 

  692.   $res .= $data["header"];
    693. 

  693.   $res .= '<h1>'.$subtitle.'</h1>';
    694. 

  694.   $res .= '<h2>'.$info.'</h2>';
    695. 

  695.   $res .= $html;
    696. 

  696.   $res .= "<P>".$GLOBALS["PoweredBy"].'</p>';
    697. 

  697.   $res .= $data["footer"];
    698. 

  698.   return $res;
    699. 

  699. }
    700. 

  700. ?>
    701. 

  701.