function saveUser($loginname,$data) {
# saves user to database
$id_req = Sql_Fetch_Row_Query("select id from user where email = \"$loginname\"");
if ($id_req[0]) {
$userid = $id_req[0];
while (list($key,$val) = each($data)) {
if (ereg("^attribute(\d+)",$key,$regs)) {
$attid = $regs[1];
}
dbg("Saving attribute $key, $attid, $val for $loginname, $userid");
if ($userid && $attid)
saveUserAttribute($userid,$key,$val);
}
}
return 1;
}
function forwardPage($id)
{
global $tables;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
$personalNote = '';
## Check requirements
# message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$messagedata = loadMessageData($mid);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
#mid set
# user
if (!isset($_REQUEST['uid']) || !$_REQUEST['uid']) {
FileNotFound();
}
## get userdata
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_REQUEST['uid'])));
$userdata = Sql_Fetch_Array($req);
## verify that this subscriber actually received this message to forward, otherwise they're not allowed
$allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d', $GLOBALS['tables']['usermessage'], $userdata['id'], $mid));
if (empty($userdata['id']) || $allowed[0] != $userdata['id']) {
## when sending a test email as an admin, the entry isn't there yet
if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != $_SERVER['REMOTE_ADDR']) {
FileNotFound('<br/><i>' . $GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.') . '</i><br/>');
}
}
$firstpage = 1;
## is this the initial page or a followup
# forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
#0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
++$emailCount;
} else {
$info .= sprintf('<br />' . $GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<br />' . $GLOBALS['strForwardCountReached'];
$ok = false;
}
} else {
$ok = false;
}
#0011996: forward to friend - personal message
# text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata['id'] && $mid) {
if ($ok && count($emails)) {
## All is well, send it
require_once 'admin/sendemaillib.php';
#0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = FORWARD_FRIEND_COUNT_ATTRIBUTE;
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
## remember the lists for this message in order to notify only those admins
## that own them
$messagelists = array();
$messagelistsreq = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS['tables']['listmessage'], $mid));
while ($row = Sql_Fetch_Row($messagelistsreq)) {
array_push($messagelists, $row[0]);
}
foreach ($emails as $index => $email) {
#0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
$info .= '<br />' . $email . ': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
# forward the message
# sendEmail will take care of blacklisting
### CHECK $email vs $forwardemail
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS['strForwardSuccessInfo'];
sendAdminCopy(s('Message Forwarded'), s('%s has forwarded message %d to %s', $userdata['email'], $mid, $email), $messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
++$nFriends;
}
} else {
$info .= $GLOBALS['strForwardFailInfo'];
sendAdminCopy(s('Message Forwarded'), s('%s tried forwarding message %d to %s but failed', $userdata['email'], $mid, $email), $messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
}
# foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
}
#ok & emails
} else {
# no valid sender
logEvent(s('Forward request from invalid user ID: %s', substr($_REQUEST['uid'], 0, 150)));
$info .= '<BR />' . $GLOBALS['strForwardFailInfo'];
$ok = false;
}
/*
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($data['language_file']))) {
@include dirname(__FILE__).'/texts/'.basename($data['language_file']);
}
*/
## BAS Multiple Forward
## build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
#0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$form .= '<br /><h2>' . $GLOBALS['strForwardEnterEmail'] . '</h2>';
$form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
} else {
$form .= '<br /><h2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</h2>';
$form .= sprintf('<textarea name="email" rows="10" cols="50" class="attributeinput">%s</textarea>', $forwardemail);
}
#0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</h2>', FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$form .= sprintf('<br/><textarea type="text" name="personalNote" rows="%d" cols="%d" class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type="submit" value="%s"></form>', $GLOBALS['strContinue']);
}
### END BAS
### Michiel, remote response page
$remote_content = '';
if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://' . $url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
if ($firstpage) {
## this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info . $form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>' . $GLOBALS['strForwardTitle'] . '</title>';
$res .= $GLOBALS['pagedata']['header'];
$res .= '<h3>' . $subtitle . '</h3>';
if ($ok) {
$res .= '<h4>' . $info . '</h4>';
} elseif (!empty($info)) {
$res .= '<div class="error missing">' . $info . '</div>';
}
$res .= $form;
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
}
### END MICHIEL
return $res;
}
function saveUser($loginname, $data)
{
dbg("Saving user {$loginname}");
# saves user to database
$id_req = Sql_Fetch_Row_Query("select id from user where email = \"{$loginname}\"");
if ($id_req[0]) {
$userid = $id_req[0];
while (list($key, $val) = each($data)) {
if (preg_match("/^attribute(\\d+)/", $key, $regs)) {
$attid = $regs[1];
}
# dbg("Saving attribute $key, $attid, $val for $loginname, $userid");
if ($userid && $attid) {
saveUserAttribute($userid, $key, $val);
}
}
}
return 1;
}
function forwardPage($id)
{
global $data, $tables, $envelope;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
## Check requirements
# user
if (!isset($_REQUEST["uid"]) || !$_REQUEST['uid']) {
FileNotFound();
}
$firstpage = 1;
## is this the initial page or a followup
# forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
#0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
$emailCount++;
} else {
$info .= sprintf('<BR />' . $GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<BR />' . $GLOBALS["strForwardCountReached"];
$ok = false;
}
} else {
$ok = false;
}
# message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$req = Sql_Query(sprintf('select * from %s where id = %d', $tables["message"], $mid));
$messagedata = Sql_Fetch_Array($req);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
#mid set
## get userdata
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_REQUEST["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
$req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user"], $forwardemail));
$forwarduserdata = Sql_Fetch_Array($req);
#0011996: forward to friend - personal message
# text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata["id"] && $mid) {
if ($ok && count($emails)) {
## All is well, send it
require 'admin/sendemaillib.php';
#0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = getAttributeIDbyName(FORWARD_FRIEND_COUNT_ATTRIBUTE);
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
#0011860: forward to friend, multiple emails
foreach ($emails as $index => $email) {
#0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
$info .= '<BR />' . $email . ': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
# forward the message
# sendEmail will take care of blacklisting
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS["strForwardSuccessInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " has forwarded a message {$mid} to {$email}");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
$nFriends++;
}
} else {
$info .= $GLOBALS["strForwardFailInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " tried forwarding a message {$mid} to {$email} but failed");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
}
# foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
}
#ok & emails
} else {
# no valid sender
logEvent("Forward request from invalid user ID: " . substr($_REQUEST["uid"], 0, 150));
$info .= '<BR />' . $GLOBALS["strForwardFailInfo"];
$ok = false;
}
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . basename($data['language_file']))) {
@(include dirname(__FILE__) . '/texts/' . basename($data['language_file']));
}
## BAS Multiple Forward
## build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
#0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$form .= '<BR /><H2>' . $GLOBALS['strForwardEnterEmail'] . '</H2>';
$form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
} else {
$form .= '<BR /><H2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</H2>';
$form .= sprintf('<textarea name="email" rows=10 cols=50 class="attributeinput">%s</textarea>', $forwardemail);
}
#0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</H2>', FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$form .= sprintf('<BR/><textarea type=text name="personalNote" rows=%d cols=%d class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type=submit value="%s"></form>', $GLOBALS['strContinue']);
}
### END BAS
### Michiel, remote response page
$remote_content = '';
if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://' . $url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
if ($firstpage) {
## this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info . $form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>' . $GLOBALS["strForwardTitle"] . '</title>';
$res .= $data["header"];
$res .= '<h1>' . $subtitle . '</h1>';
if ($ok) {
$res .= '<h2>' . $info . '</h2>';
} else {
$res .= '<div class="missing">' . $info . '</div>';
}
$res .= $form;
$res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $data["footer"];
}
### END MICHIEL
return $res;
}
