function rssUserHasContent($userid,$messageid,$frequency) { global $tables; switch ($frequency) { case "weekly": $interval = 'interval 7 day';break; case "monthly": $interval = 'interval 1 month';break; case "daily": default: $interval = 'interval 1 day';break; } $cansend_req = Sql_Query(sprintf('select date_add(last,%s) < now() from %s where userid = %d', $interval,$tables["user_rss"],$userid)); $exists = Sql_Affected_Rows(); $cansend = Sql_Fetch_Row($cansend_req); if (!$exists || $cansend[0]) { # we can send this user as far as the frequency is concerned # now check whether there is actually some content # check what lists to use. This is the intersection of the lists for the # user and the lists for the message $lists = array(); $listsreq = Sql_Query(sprintf(' select %s.listid from %s,%s where %s.listid = %s.listid and %s.userid = %d and %s.messageid = %d', $tables["listuser"],$tables["listuser"],$tables["listmessage"], $tables["listuser"],$tables["listmessage"], $tables["listuser"],$userid,$tables["listmessage"],$messageid)); while ($row = Sql_Fetch_Row($listsreq)) { array_push($lists,$row[0]); } if (!sizeof($lists)) return 0; $liststosend = join(",",$lists); # request the rss items that match these lists and that have not been sent to this user $itemstosend = array(); $max = sprintf('%d',getConfig("rssmax")); if (!$max) { $max = 30; } $itemreq = Sql_Query("select {$tables["rssitem"]}.* from {$tables["rssitem"]} where {$tables["rssitem"]}.list in ($liststosend) order by added desc, list,title limit $max"); while ($item = Sql_Fetch_Array($itemreq)) { Sql_Query("select * from {$tables["rssitem_user"]} where itemid = {$item["id"]} and userid = $userid"); if (!Sql_Affected_Rows()) { array_push($itemstosend,$item["id"]); } } # print "<br/>Items to send for user $userid: ".sizeof($itemstosend); # if it is less than the treshold return nothing $treshold = getConfig("rsstheshold"); if (sizeof($itemstosend) >= $treshold) return $itemstosend; else return array(); } return array(); }
function isSuperUser() { ## for now mark webbler admins superuser if (defined('WEBBLER') || defined('IN_WEBBLER')) { return 1; } global $tables; $issuperuser = 0; # if (!isset($_SESSION["adminloggedin"])) return 0; # if (!is_array($_SESSION["logindetails"])) return 0; if (isset($_SESSION["logindetails"]["superuser"])) { return $_SESSION["logindetails"]["superuser"]; } if (isset($_SESSION["logindetails"]["id"])) { if (is_object($GLOBALS["admin_auth"])) { $issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]); } else { $query = ' select superuser ' . ' from %s' . ' where id = ?'; $query = sprintf($query, $tables['admin']); $req = Sql_Query_Params($query, array($_SESSION['logindetails']['id'])); $req = Sql_Fetch_Row($req); $issuperuser = $req[0]; } $_SESSION["logindetails"]["superuser"] = $issuperuser; } return $issuperuser; }
function mysql_session_read($SessionID) { # dbg("Reading session info for $SessionID"); $SessionTableName = $GLOBALS["SessionTableName"]; $SessionID = addslashes($SessionID); $session_data_req = sql_query("SELECT data FROM {$SessionTableName} WHERE sessionid = '{$SessionID}'"); if (Sql_Affected_Rows() == 1) { $data = Sql_Fetch_Row($session_data_req); return $data[0]; } else { return false; } }
function accessLevel($page) { global $tables, $access_levels; if (!$GLOBALS["require_login"] || isSuperUser()) { return "all"; } if (!isset($_SESSION["adminloggedin"])) { return 0; } if (!is_array($_SESSION["logindetails"])) { return 0; } # check whether it is a page to protect Sql_Query("select id from {$tables["task"]} where page = \"{$page}\""); if (!Sql_Affected_Rows()) { return "all"; } $req = Sql_Query(sprintf('select level from %s,%s where adminid = %d and page = "%s" and %s.taskid = %s.id', $tables["task"], $tables["admin_task"], $_SESSION["logindetails"]["id"], $page, $tables["admin_task"], $tables["task"])); $row = Sql_Fetch_Row($req); return $access_levels[$row[0]]; }
function resendConfirm($id) { global $tables, $envelope; $userdata = Sql_Fetch_Array_Query("select * from {$tables["user"]} where id = {$id}"); $lists_req = Sql_Query(sprintf('select %s.name from %s,%s where %s.listid = %s.id and %s.userid = %d', $tables["list"], $tables["list"], $tables["listuser"], $tables["listuser"], $tables["list"], $tables["listuser"], $id)); while ($row = Sql_Fetch_Row($lists_req)) { $lists .= ' * ' . $row[0] . "\n"; } if ($userdata["subscribepage"]) { $subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage:" . $userdata["subscribepage"], $id)); $subject = getConfig("subscribesubject:" . $userdata["subscribepage"]); } else { $subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage", $id)); $subject = getConfig("subscribesubject"); } logEvent($GLOBALS['I18N']->get('Resending confirmation request to') . " " . $userdata["email"]); if (!TEST) { return sendMail($userdata["email"], $subject, $_REQUEST["prepend"] . $subscribemessage, system_messageheaders($userdata["email"]), $envelope); } }
function addKeywordLibrary($name) { $req = Sql_Query(sprintf('select id from keywordlib where name = "%s"',$name)); if (Sql_affected_Rows()) { $row = Sql_Fetch_Row($req); return $row[0]; } Sql_Query(sprintf('insert into keywordlib (name) values("%s")',$name)); return Sql_Insert_id(); }
$sortBySql = 'order by entered asc'; break; case 'entereddesc': $sortBySql = 'order by entered desc'; break; case 'embargoasc': $sortBySql = 'order by embargo asc'; break; case 'embargodesc': $sortBySql = 'order by embargo desc'; break; default: $sortBySql = 'order by embargo desc, entered desc'; } $req = Sql_query('select count(*) from ' . $tables['message'] . $whereClause . ' ' . $sortBySql); $total_req = Sql_Fetch_Row($req); $total = $total_req[0]; ## Browse buttons table $limit = $_SESSION['messagenumpp']; $offset = 0; if (isset($start) && $start > 0) { $offset = $start; } else { $start = 0; } $paging = ''; if ($total > $_SESSION['messagenumpp']) { $paging = simplePaging("messages{$url_keep}", $start, $total, $_SESSION['messagenumpp'], $GLOBALS['I18N']->get('Campaigns')); } $ls = new WebblerListing(s('Campaigns')); $ls->usePanel($paging);
function listPlaceHolders() { $html = '<table border="1"><tr><td><strong>' . s('Attribute') . '</strong></td><td><strong>' . s('Placeholder') . '</strong></td></tr>'; $req = Sql_query('select name from ' . $GLOBALS['tables']['attribute'] . ' order by listorder'); while ($row = Sql_Fetch_Row($req)) { if (strlen($row[0]) <= 30) { $html .= sprintf('<tr><td>%s</td><td>[%s]</td></tr>', $row[0], strtoupper(cleanAttributeName($row[0]))); } } $html .= '</table>'; return $html; }
function forwardPage($id) { global $tables; $ok = true; $subtitle = ''; $info = ''; $html = ''; $form = ''; $personalNote = ''; ## Check requirements # message $mid = 0; if (isset($_REQUEST['mid'])) { $mid = sprintf('%d', $_REQUEST['mid']); $messagedata = loadMessageData($mid); $mid = $messagedata['id']; if ($mid) { $subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']); } } #mid set # user if (!isset($_REQUEST['uid']) || !$_REQUEST['uid']) { FileNotFound(); } ## get userdata $req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_REQUEST['uid']))); $userdata = Sql_Fetch_Array($req); ## verify that this subscriber actually received this message to forward, otherwise they're not allowed $allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d', $GLOBALS['tables']['usermessage'], $userdata['id'], $mid)); if (empty($userdata['id']) || $allowed[0] != $userdata['id']) { ## when sending a test email as an admin, the entry isn't there yet if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != $_SERVER['REMOTE_ADDR']) { FileNotFound('<br/><i>' . $GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.') . '</i><br/>'); } } $firstpage = 1; ## is this the initial page or a followup # forward addresses $forwardemail = ''; if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) { $firstpage = 0; $forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id'])); $forwardemail = stripslashes($_REQUEST['email']); $emails = explode("\n", $forwardemail); $emails = trimArray($emails); $forwardemail = implode("\n", $emails); #0011860: forward to friend, multiple emails $emailCount = $forwardPeriodCount[0]; foreach ($emails as $index => $email) { $emails[$index] = trim($email); if (is_email($email)) { ++$emailCount; } else { $info .= sprintf('<br />' . $GLOBALS['strForwardInvalidEmail'], $email); $ok = false; } } if ($emailCount > FORWARD_EMAIL_COUNT) { $info .= '<br />' . $GLOBALS['strForwardCountReached']; $ok = false; } } else { $ok = false; } #0011996: forward to friend - personal message # text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) { if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) { $info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached']; $ok = false; } $personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote']))); $userdata['personalNote'] = $personalNote; } if ($userdata['id'] && $mid) { if ($ok && count($emails)) { ## All is well, send it require_once 'admin/sendemaillib.php'; #0013845 Lead Ref Scheme if (FORWARD_FRIEND_COUNT_ATTRIBUTE) { $iCountFriends = FORWARD_FRIEND_COUNT_ATTRIBUTE; } else { $iCountFriends = 0; } if ($iCountFriends) { $nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends)); } ## remember the lists for this message in order to notify only those admins ## that own them $messagelists = array(); $messagelistsreq = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS['tables']['listmessage'], $mid)); while ($row = Sql_Fetch_Row($messagelistsreq)) { array_push($messagelists, $row[0]); } foreach ($emails as $index => $email) { #0011860: forward to friend, multiple emails $done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid)); $info .= '<br />' . $email . ': '; if ($done['status'] === 'sent') { $info .= $GLOBALS['strForwardAlreadyDone']; } elseif (isBlackListed($email)) { $info .= $GLOBALS['strForwardBlacklistedEmail']; } else { if (!TEST) { # forward the message # sendEmail will take care of blacklisting ### CHECK $email vs $forwardemail if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) { $info .= $GLOBALS['strForwardSuccessInfo']; sendAdminCopy(s('Message Forwarded'), s('%s has forwarded message %d to %s', $userdata['email'], $mid, $email), $messagelists); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email)); if ($iCountFriends) { ++$nFriends; } } else { $info .= $GLOBALS['strForwardFailInfo']; sendAdminCopy(s('Message Forwarded'), s('%s tried forwarding message %d to %s but failed', $userdata['email'], $mid, $email), $messagelists); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email)); $ok = false; } } } } # foreach friend if ($iCountFriends) { saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends)); } } #ok & emails } else { # no valid sender logEvent(s('Forward request from invalid user ID: %s', substr($_REQUEST['uid'], 0, 150))); $info .= '<BR />' . $GLOBALS['strForwardFailInfo']; $ok = false; } /* $data = PageData($id); if (isset($data['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($data['language_file']))) { @include dirname(__FILE__).'/texts/'.basename($data['language_file']); } */ ## BAS Multiple Forward ## build response page $form = '<form method="post" action="">'; $form .= sprintf('<input type=hidden name="mid" value="%d">', $mid); $form .= sprintf('<input type=hidden name="id" value="%d">', $id); $form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']); $form .= sprintf('<input type=hidden name="p" value="forward">'); if (!$ok) { #0011860: forward to friend, multiple emails if (FORWARD_EMAIL_COUNT == 1) { $form .= '<br /><h2>' . $GLOBALS['strForwardEnterEmail'] . '</h2>'; $form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail); } else { $form .= '<br /><h2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</h2>'; $form .= sprintf('<textarea name="email" rows="10" cols="50" class="attributeinput">%s</textarea>', $forwardemail); } #0011996: forward to friend - personal message if (FORWARD_PERSONAL_NOTE_SIZE) { $form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</h2>', FORWARD_PERSONAL_NOTE_SIZE); $cols = 50; $rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40)); $form .= sprintf('<br/><textarea type="text" name="personalNote" rows="%d" cols="%d" class="attributeinput">%s</textarea>', $rows, $cols, $personalNote); } $form .= sprintf('<br /><input type="submit" value="%s"></form>', $GLOBALS['strContinue']); } ### END BAS ### Michiel, remote response page $remote_content = ''; if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) { if (isset($regs[1]) && strlen($regs[1])) { $url = $regs[1]; if (!preg_match('/^http/i', $url)) { $url = 'http://' . $url; } $remote_content = fetchUrl($url); } } if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) { if ($firstpage) { ## this is the initial page, not a follow up one. $remote_content = str_replace($regs[0], $info . $form, $remote_content); } else { $remote_content = str_replace($regs[0], $info, $remote_content); } $res = $remote_content; } else { $res = '<title>' . $GLOBALS['strForwardTitle'] . '</title>'; $res .= $GLOBALS['pagedata']['header']; $res .= '<h3>' . $subtitle . '</h3>'; if ($ok) { $res .= '<h4>' . $info . '</h4>'; } elseif (!empty($info)) { $res .= '<div class="error missing">' . $info . '</div>'; } $res .= $form; $res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; } ### END MICHIEL return $res; }
if (VERBOSE) { output("Invalid email: {$user['1']}, {$user['0']}"); } logEvent("Invalid email, userid {$user['0']}, email {$user['1']}"); # mark it as sent anyway if ($userid) { $um = Sql_query("replace into {$tables['usermessage']} (entered,userid,messageid,status) values(now(),{$userid},{$messageid},\"invalid email\")"); } $invalid++; } } } else { ## and this is quite historical, and also unlikely to be every called # because we now exclude users who have received the message from the # query to find users to send to $um = Sql_Fetch_Row($um); $notsent++; if (VERBOSE) { output($GLOBALS['I18N']->get('Not sending to') . ' ' . $userdata[0] . ', ' . $GLOBALS['I18N']->get('already sent') . ' ' . $um[0]); } } $status = Sql_query("update {$tables['message']} set processed = processed +1 where id = {$messageid}"); $processed = $notsent + $sent + $invalid + $unconfirmed + $cannotsend + $failed_sent; #if ($processed % 10 == 0) { if (0) { output('AR' . $affrows . ' N ' . $num_users . ' P' . $processed . ' S' . $sent . ' N' . $notsent . ' I' . $invalid . ' U' . $unconfirmed . ' C' . $cannotsend . ' F' . $failed_sent); $rn = $reload * $num_per_batch; output('P ' . $processed . ' N' . $num_users . ' NB' . $num_per_batch . ' BT' . $batch_total . ' R' . $reload . ' RN' . $rn); } $totaltime = $GLOBALS['processqueue_timer']->elapsed(1); $msgperhour = 3600 / $totaltime * $sent;
function Get_Attribute_Value_Id_List($attribute_id) { $AttributeChangerPlugin = $GLOBALS['AttributeChangerPlugin']; $AttributeChangerData = $AttributeChangerPlugin->AttributeChangerData; $case_array = $AttributeChangerData['case_array']; $query = sprintf('select type, tablename from %s where id = %d', $AttributeChangerData['tables']['attribute'], $attribute_id); $type_table_return = Sql_Query($query); if (!$type_table_return) { } else { $row = Sql_Fetch_Row($type_table_return); if (!$row[0] || !$row[1]) { } else { $type = $row[0]; $table = $row[1]; if ($case_array[$type] == "case_2" || $case_array[$type] == "case_3") { $attribute_value_id_array = array(); $tablename = $AttributeChangerData['atribute_value_table_prefix'] . $table; $value_query = sprintf('select id, name from %s', $tablename); $value_query_return = Sql_Query($value_query); if (!$value_query_return) { } else { while ($value_row = Sql_Fetch_Row($value_query_return)) { $attribute_value_id_array[$value_row[0]] = $value_row[1]; } } return $attribute_value_id_array; } } } return null; }
$d = Sql_Fetch_Row($val); $user_att_value = $d[0]; } break; case "checkboxgroup": $values = explode(',', $uservalue); $valueIds = array(); foreach ($values as $importValue) { $val = Sql_Query("select id from {$table_prefix}" . "listattr_{$att['1']} where name = \"{$importValue}\""); # if we do not have this value add it if (!Sql_Affected_Rows()) { Sql_Query("insert into {$table_prefix}" . "listattr_{$att['1']} (name) values(\"{$importValue}\")"); Warn("Value {$importValue} added to attribute {$att['2']}"); $valueIds[] = Sql_Insert_Id(); } else { $d = Sql_Fetch_Row($val); $valueIds[] = $d[0]; } } $user_att_value = join(',', $valueIds); break; case "checkbox": $uservalue = trim($uservalue); #print $uservalue;exit; if (!empty($uservalue) && $uservalue != "off") { $user_att_value = "on"; } else { $user_att_value = ""; } break; case "date":
function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array(), $forwardedby = array()) { global $strThisLink, $PoweredByImage, $PoweredByText, $cached, $website; if ($email == "") { return 0; } #0013076: different content when forwarding 'to a friend' if (FORWARD_ALTERNATIVE_CONTENT) { $forwardContent = sizeof($forwardedby) > 0; $messagedata = loadMessageData($messageid); } else { $forwardContent = 0; } if (empty($cached[$messageid])) { $domain = getConfig("domain"); $message = Sql_query("select * from {$GLOBALS["tables"]["message"]} where id = {$messageid}"); $cached[$messageid] = array(); $message = Sql_fetch_array($message); if (ereg("([^ ]+@[^ ]+)", $message["fromfield"], $regs)) { # if there is an email in the from, rewrite it as "name <email>" $message["fromfield"] = ereg_replace($regs[0], "", $message["fromfield"]); $cached[$messageid]["fromemail"] = $regs[0]; # if the email has < and > take them out here $cached[$messageid]["fromemail"] = ereg_replace("<", "", $cached[$messageid]["fromemail"]); $cached[$messageid]["fromemail"] = ereg_replace(">", "", $cached[$messageid]["fromemail"]); # make sure there are no quotes around the name $cached[$messageid]["fromname"] = ereg_replace('"', "", ltrim(rtrim($message["fromfield"]))); } elseif (ereg(" ", $message["fromfield"], $regs)) { # if there is a space, we need to add the email $cached[$messageid]["fromname"] = $message["fromfield"]; $cached[$messageid]["fromemail"] = "listmaster@{$domain}"; } else { $cached[$messageid]["fromemail"] = $message["fromfield"] . "@{$domain}"; ## makes more sense not to add the domain to the word, but the help says it does ## so let's keep it for now $cached[$messageid]["fromname"] = $message["fromfield"] . "@{$domain}"; } # erase double spacing while (ereg(" ", $cached[$messageid]["fromname"])) { $cached[$messageid]["fromname"] = eregi_replace(" ", " ", $cached[$messageid]["fromname"]); } ## this has weird effects when used with only one word, so take it out for now # $cached[$messageid]["fromname"] = eregi_replace("@","",$cached[$messageid]["fromname"]); $cached[$messageid]["fromname"] = trim($cached[$messageid]["fromname"]); $cached[$messageid]["to"] = $message["tofield"]; #0013076: different content when forwarding 'to a friend' $cached[$messageid]["subject"] = $forwardContent ? stripslashes($messagedata["forwardsubject"]) : $message["subject"]; $cached[$messageid]["replyto"] = $message["replyto"]; #0013076: different content when forwarding 'to a friend' $cached[$messageid]["content"] = $forwardContent ? stripslashes($messagedata["forwardmessage"]) : $message["message"]; if (USE_MANUAL_TEXT_PART && !$forwardContent) { $cached[$messageid]["textcontent"] = $message["textmessage"]; } else { $cached[$messageid]["textcontent"] = ''; } #0013076: different content when forwarding 'to a friend' $cached[$messageid]["footer"] = $forwardContent ? stripslashes($messagedata["forwardfooter"]) : $message["footer"]; $cached[$messageid]["htmlformatted"] = $message["htmlformatted"]; $cached[$messageid]["sendformat"] = $message["sendformat"]; if ($message["template"]) { $req = Sql_Fetch_Row_Query("select template from {$GLOBALS["tables"]["template"]} where id = {$message["template"]}"); $cached[$messageid]["template"] = stripslashes($req[0]); $cached[$messageid]["templateid"] = $message["template"]; # dbg("TEMPLATE: ".$req[0]); } else { $cached[$messageid]["template"] = ''; $cached[$messageid]["templateid"] = 0; } ## @@ put this here, so it can become editable per email sent out at a later stage $cached[$messageid]["html_charset"] = getConfig("html_charset"); ## @@ need to check on validity of charset if (!$cached[$messageid]["html_charset"]) { $cached[$messageid]["html_charset"] = 'iso-8859-1'; } $cached[$messageid]["text_charset"] = getConfig("text_charset"); if (!$cached[$messageid]["text_charset"]) { $cached[$messageid]["text_charset"] = 'iso-8859-1'; } } # else # dbg("Using cached {$cached[$messageid]["fromemail"]}"); if (VERBOSE) { output($GLOBALS['I18N']->get('sendingmessage') . ' ' . $messageid . ' ' . $GLOBALS['I18N']->get('withsubject') . ' ' . $cached[$messageid]["subject"] . ' ' . $GLOBALS['I18N']->get('to') . ' ' . $email); } # erase any placeholders that were not found # $msg = ereg_replace("\[[A-Z ]+\]","",$msg); #0011857: forward to friend, retain attributes if ($hash == 'forwarded' && defined('KEEPFORWARDERATTRIBUTES') && KEEPFORWARDERATTRIBUTES) { $user_att_values = getUserAttributeValues($forwardedby['email']); } else { $user_att_values = getUserAttributeValues($email); } $userdata = Sql_Fetch_Assoc_Query(sprintf('select * from %s where email = "%s"', $GLOBALS["tables"]["user"], $email)); $url = getConfig("unsubscribeurl"); $sep = ereg('\\?', $url) ? '&' : '?'; $html["unsubscribe"] = sprintf('<a href="%s%suid=%s">%s</a>', $url, $sep, $hash, $strThisLink); $text["unsubscribe"] = sprintf('%s%suid=%s', $url, $sep, $hash); $html["unsubscribeurl"] = sprintf('%s%suid=%s', $url, $sep, $hash); $text["unsubscribeurl"] = sprintf('%s%suid=%s', $url, $sep, $hash); #0013076: Blacklisting posibility for unknown users $url = getConfig("blacklisturl"); $sep = ereg('\\?', $url) ? '&' : '?'; $html["blacklist"] = sprintf('<a href="%s%semail=%s">%s</a>', $url, $sep, $email, $strThisLink); $text["blacklist"] = sprintf('%s%semail=%s', $url, $sep, $email); $html["blacklisturl"] = sprintf('%s%semail=%s', $url, $sep, $email); $text["blacklisturl"] = sprintf('%s%semail=%s', $url, $sep, $email); #0013076: Problem found during testing: mesage part must be parsed correctly as well. if ($forwardContent) { $html["unsubscribe"] = $html["blacklist"]; $text["unsubscribe"] = $text["blacklist"]; } $url = getConfig("subscribeurl"); $sep = ereg('\\?', $url) ? '&' : '?'; $html["subscribe"] = sprintf('<a href="%s">%s</a>', $url, $strThisLink); $text["subscribe"] = sprintf('%s', $url); $html["subscribeurl"] = sprintf('%s', $url); $text["subscribeurl"] = sprintf('%s', $url); #?mid=1&id=1&uid=a9f35f130593a3d6b89cfe5cfb32a0d8&p=forward&email=michiel%40tincan.co.uk& $url = getConfig("forwardurl"); $sep = ereg('\\?', $url) ? '&' : '?'; $html["forward"] = sprintf('<a href="%s%suid=%s&mid=%d">%s</a>', $url, $sep, $hash, $messageid, $strThisLink); $text["forward"] = sprintf('%s%suid=%s&mid=%d', $url, $sep, $hash, $messageid); $html["forwardurl"] = sprintf('%s%suid=%s&mid=%d', $url, $sep, $hash, $messageid); $text["forwardurl"] = $text["forward"]; $url = getConfig("forwardurl"); # make sure there are no newlines, otherwise they get turned into <br/>s $html["forwardform"] = sprintf('<form method="get" action="%s" name="forwardform" class="forwardform"><input type=hidden name="uid" value="%s" /><input type=hidden name="mid" value="%d" /><input type=hidden name="p" value="forward" /><input type=text name="email" value="" class="forwardinput" /><input name="Send" type="submit" value="%s" class="forwardsubmit"/></form>', $url, $hash, $messageid, $GLOBALS['strForward']); $text["signature"] = "\n\n--\nPowered by PHPlist, www.phplist.com --\n\n"; $url = getConfig("preferencesurl"); $sep = ereg('\\?', $url) ? '&' : '?'; $html["preferences"] = sprintf('<a href="%s%suid=%s">%s</a>', $url, $sep, $hash, $strThisLink); $text["preferences"] = sprintf('%s%suid=%s', $url, $sep, $hash); $html["preferencesurl"] = sprintf('%s%suid=%s', $url, $sep, $hash); $text["preferencesurl"] = sprintf('%s%suid=%s', $url, $sep, $hash); /* We request you retain the signature below in your emails including the links. This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of PHPlist, which is beneficial to it's future development. You can configure how the credits are added to your pages and emails in your config file. Michiel Dethmers, Tincan Ltd 2003, 2004, 2005, 2006 */ if (!EMAILTEXTCREDITS) { $html["signature"] = $PoweredByImage; #'<div align="center" id="signature"><a href="http://www.phplist.com"><img src="powerphplist.png" width=88 height=31 title="Powered by PHPlist" alt="Powered by PHPlist" border="0"></a></div>'; # oops, accidentally became spyware, never intended that, so take it out again :-) $html["signature"] = preg_replace('/src=".*power-phplist.png"/', 'src="powerphplist.png"', $html["signature"]); } else { $html["signature"] = $PoweredByText; } $content = $cached[$messageid]["content"]; if (preg_match("/##LISTOWNER=(.*)/", $content, $regs)) { $listowner = $regs[1]; $content = ereg_replace($regs[0], "", $content); } else { $listowner = 0; } ## Fetch external content if ($GLOBALS["has_pear_http_request"] && preg_match("/\\[URL:([^\\s]+)\\]/i", $content, $regs)) { while (isset($regs[1]) && strlen($regs[1])) { $url = $regs[1]; if (!preg_match('/^http/i', $url)) { $url = 'http://' . $url; } $remote_content = fetchUrl($url, $userdata); if ($remote_content) { $content = eregi_replace(preg_quote($regs[0]), $remote_content, $content); $cached[$messageid]["htmlformatted"] = strip_tags($content) != $content; } else { logEvent("Error fetching URL: {$regs['1']} to send to {$email}"); return 0; } preg_match("/\\[URL:([^\\s]+)\\]/i", $content, $regs); } } #~Bas 0008857 // @@ Switched off for now, needs rigid testing, or config setting // $content = mailto2href($content); // $content = encodeLinks($content); ## Fill text and html versions depending on given versions. if ($cached[$messageid]["htmlformatted"]) { if (!$cached[$messageid]["textcontent"]) { $textcontent = stripHTML($content); } else { $textcontent = $cached[$messageid]["textcontent"]; } $htmlcontent = $content; } else { # $textcontent = $content; if (!$cached[$messageid]["textcontent"]) { $textcontent = $content; } else { $textcontent = $cached[$messageid]["textcontent"]; } $htmlcontent = parseText($content); } $defaultstyle = getConfig("html_email_style"); $adddefaultstyle = 0; if ($cached[$messageid]["template"]) { # template used $htmlmessage = eregi_replace("\\[CONTENT\\]", $htmlcontent, $cached[$messageid]["template"]); } else { # no template used $htmlmessage = $htmlcontent; $adddefaultstyle = 1; } $textmessage = $textcontent; ## Parse placeholders #0013076: Blacklisting posibility for unknown users foreach (array("forwardform", "subscribe", "preferences", "unsubscribe", "signature", 'blacklist') as $item) { if (eregi('\\[' . $item . '\\]', $htmlmessage, $regs)) { $htmlmessage = eregi_replace('\\[' . $item . '\\]', $html[$item], $htmlmessage); // unset($html[$item]); //ASK: Why was this done? It breaks placeholders in the footer } if (eregi('\\[' . $item . '\\]', $textmessage, $regs)) { $textmessage = eregi_replace('\\[' . $item . '\\]', $text[$item], $textmessage); // unset($text[$item]); } } #0013076: Blacklisting posibility for unknown users foreach (array("forward", "forwardurl", "subscribeurl", "preferencesurl", "unsubscribeurl", 'blacklisturl') as $item) { if (eregi('\\[' . $item . '\\]', $htmlmessage, $regs)) { $htmlmessage = eregi_replace('\\[' . $item . '\\]', $html[$item], $htmlmessage); } if (eregi('\\[' . $item . '\\]', $textmessage, $regs)) { $textmessage = eregi_replace('\\[' . $item . '\\]', $text[$item], $textmessage); } } if ($hash != 'forwarded') { $text['footer'] = $cached[$messageid]["footer"]; $html['footer'] = $cached[$messageid]["footer"]; } else { #0013076: different content when forwarding 'to a friend' if (FORWARD_ALTERNATIVE_CONTENT) { $text['footer'] = stripslashes($messagedata["forwardfooter"]); } else { $text['footer'] = getConfig('forwardfooter'); } $html['footer'] = $text['footer']; } $text["footer"] = eregi_replace("\\[SUBSCRIBE\\]", $text["subscribe"], $text['footer']); $html["footer"] = eregi_replace("\\[SUBSCRIBE\\]", $html["subscribe"], $html['footer']); $text["footer"] = eregi_replace("\\[PREFERENCES\\]", $text["preferences"], $text["footer"]); $html["footer"] = eregi_replace("\\[PREFERENCES\\]", $html["preferences"], $html["footer"]); $text["footer"] = eregi_replace("\\[FORWARD\\]", $text["forward"], $text["footer"]); $html["footer"] = eregi_replace("\\[FORWARD\\]", $html["forward"], $html["footer"]); $html["footer"] = eregi_replace("\\[FORWARDFORM\\]", $html["forwardform"], $html["footer"]); if (sizeof($forwardedby) && isset($forwardedby['email'])) { $htmlmessage = eregi_replace("\\[FORWARDEDBY]", $forwardedby["email"], $htmlmessage); $textmessage = eregi_replace("\\[FORWARDEDBY]", $forwardedby["email"], $textmessage); $html["footer"] = eregi_replace("\\[FORWARDEDBY]", $forwardedby["email"], $html["footer"]); $text["footer"] = eregi_replace("\\[FORWARDEDBY]", $forwardedby["email"], $text["footer"]); $text["footer"] = eregi_replace("\\[BLACKLIST\\]", $text["blacklist"], $text['footer']); $html["footer"] = eregi_replace("\\[BLACKLIST\\]", $html["blacklist"], $html['footer']); $text["footer"] = eregi_replace("\\[UNSUBSCRIBE\\]", $text["blacklist"], $text['footer']); $html["footer"] = eregi_replace("\\[UNSUBSCRIBE\\]", $html["blacklist"], $html['footer']); } else { $text["footer"] = eregi_replace("\\[UNSUBSCRIBE\\]", $text["unsubscribe"], $text['footer']); $html["footer"] = eregi_replace("\\[UNSUBSCRIBE\\]", $html["unsubscribe"], $html['footer']); } $html["footer"] = '<div class="emailfooter">' . nl2br($html["footer"]) . '</div>'; if (eregi("\\[FOOTER\\]", $htmlmessage)) { $htmlmessage = eregi_replace("\\[FOOTER\\]", $html["footer"], $htmlmessage); } elseif ($html["footer"]) { $htmlmessage = addHTMLFooter($htmlmessage, '<br /><br />' . $html["footer"]); } if (eregi("\\[SIGNATURE\\]", $htmlmessage)) { $htmlmessage = eregi_replace("\\[SIGNATURE\\]", $html["signature"], $htmlmessage); } elseif ($html["signature"]) { $htmlmessage .= '<br />' . $html["signature"]; } if (eregi("\\[FOOTER\\]", $textmessage)) { $textmessage = eregi_replace("\\[FOOTER\\]", $text["footer"], $textmessage); } else { $textmessage .= "\n\n" . $text["footer"]; } if (eregi("\\[SIGNATURE\\]", $textmessage)) { $textmessage = eregi_replace("\\[SIGNATURE\\]", $text["signature"], $textmessage); } else { $textmessage .= "\n" . $text["signature"]; } # $req = Sql_Query(sprintf('select filename,data from %s where template = %d', # $GLOBALS["tables"]["templateimage"],$cached[$messageid]["templateid"])); $htmlmessage = eregi_replace("\\[USERID\\]", $hash, $htmlmessage); $textmessage = eregi_replace("\\[USERID\\]", $hash, $textmessage); $htmlmessage = preg_replace("/\\[USERTRACK\\]/i", '<img src="' . $GLOBALS['scheme'] . '://' . $website . $GLOBALS["pageroot"] . '/ut.php?u=' . $hash . '&m=' . $messageid . '" width="1" height="1" border="0">', $htmlmessage, 1); $htmlmessage = eregi_replace("\\[USERTRACK\\]", '', $htmlmessage); if ($listowner) { $att_req = Sql_Query("select name,value from {$GLOBALS["tables"]["adminattribute"]},{$GLOBALS["tables"]["admin_attribute"]} where {$GLOBALS["tables"]["adminattribute"]}.id = {$GLOBALS["tables"]["admin_attribute"]}.adminattributeid and {$GLOBALS["tables"]["admin_attribute"]}.adminid = {$listowner}"); while ($att = Sql_Fetch_Array($att_req)) { $htmlmessage = preg_replace("#\\[LISTOWNER." . strtoupper(preg_quote($att["name"])) . "\\]#", $att["value"], $htmlmessage); } } if (is_array($GLOBALS["default_config"])) { foreach ($GLOBALS["default_config"] as $key => $val) { if (is_array($val)) { $htmlmessage = eregi_replace("\\[{$key}\\]", getConfig($key), $htmlmessage); $textmessage = eregi_replace("\\[{$key}\\]", getConfig($key), $textmessage); } } } ## RSS if (ENABLE_RSS && sizeof($rssitems)) { $rssentries = array(); $request = join(",", $rssitems); $texttemplate = getConfig("rsstexttemplate"); $htmltemplate = getConfig("rsshtmltemplate"); $textseparatortemplate = getConfig("rsstextseparatortemplate"); $htmlseparatortemplate = getConfig("rsshtmlseparatortemplate"); $req = Sql_Query("select * from {$GLOBALS["tables"]["rssitem"]} where id in ({$request}) order by list,added"); $curlist = ""; while ($row = Sql_Fetch_array($req)) { if ($curlist != $row["list"]) { $row["listname"] = ListName($row["list"]); $curlist = $row["list"]; $rssentries["text"] .= parseRSSTemplate($textseparatortemplate, $row); $rssentries["html"] .= parseRSSTemplate($htmlseparatortemplate, $row); } $data_req = Sql_Query("select * from {$GLOBALS["tables"]["rssitem_data"]} where itemid = {$row["id"]}"); while ($data = Sql_Fetch_Array($data_req)) { $row[$data["tag"]] = $data["data"]; } $rssentries["text"] .= stripHTML(parseRSSTemplate($texttemplate, $row)); $rssentries["html"] .= parseRSSTemplate($htmltemplate, $row); } $htmlmessage = eregi_replace("\\[RSS\\]", $rssentries["html"], $htmlmessage); $textmessage = eregi_replace("\\[RSS\\]", $rssentries["text"], $textmessage); } if (is_array($userdata)) { foreach ($userdata as $name => $value) { if (eregi("\\[" . $name . "\\]", $htmlmessage, $regs)) { $htmlmessage = eregi_replace("\\[" . $name . "\\]", $value, $htmlmessage); } if (eregi("\\[" . $name . "\\]", $textmessage, $regs)) { $textmessage = eregi_replace("\\[" . $name . "\\]", $value, $textmessage); } } } $destinationemail = ''; if (is_array($user_att_values)) { foreach ($user_att_values as $att_name => $att_value) { if (eregi("\\[" . $att_name . "\\]", $htmlmessage, $regs)) { # the value may be a multiline textarea field $htmlatt_value = str_replace("\n", "<br/>\n", $att_value); $htmlmessage = eregi_replace("\\[" . $att_name . "\\]", $htmlatt_value, $htmlmessage); } if (eregi("\\[" . $att_name . "\\]", $textmessage, $regs)) { $textmessage = eregi_replace("\\[" . $att_name . "\\]", $att_value, $textmessage); } # @@@ undocumented, use alternate field for real email to send to if (isset($GLOBALS["alternate_email"]) && strtolower($att_name) == strtolower($GLOBALS["alternate_email"])) { $destinationemail = $att_value; } } } if (!$destinationemail) { $destinationemail = $email; } if (!ereg('@', $destinationemail) && isset($GLOBALS["expand_unqualifiedemail"])) { $destinationemail .= $GLOBALS["expand_unqualifiedemail"]; } if (eregi("\\[LISTS\\]", $htmlmessage)) { $lists = ""; $listsarr = array(); $req = Sql_Query(sprintf('select list.name from %s as list,%s as listuser where list.id = listuser.listid and listuser.userid = %d', $GLOBALS["tables"]["list"], $GLOBALS["tables"]["listuser"], $user_system_values["id"])); while ($row = Sql_Fetch_Row($req)) { array_push($listsarr, $row[0]); } $lists_html = join('<br/>', $listsarr); $lists_text = join("\n", $listsarr); $htmlmessage = ereg_replace("\\[LISTS\\]", $lists_html, $htmlmessage); $textmessage = ereg_replace("\\[LISTS\\]", $lists_text, $textmessage); } ## click tracking # for now we won't click track forwards, as they are not necessarily users, so everything would fail if (CLICKTRACK && $hash != 'forwarded') { $urlbase = ''; # let's leave this for now /* if (preg_match('/<base href="(.*)"([^>]*)>/Umis',$htmlmessage,$regs)) { $urlbase = $regs[1]; } else { $urlbase = ''; } # print "URLBASE: $urlbase<br/>"; */ # convert html message # preg_match_all('/<a href="?([^> "]*)"?([^>]*)>(.*)<\/a>/Umis',$htmlmessage,$links); preg_match_all('/<a(.*)href=["\'](.*)["\']([^>]*)>(.*)<\\/a>/Umis', $htmlmessage, $links); # to process the Yahoo webpage with base href and link like <a href=link> we'd need this one # preg_match_all('/<a href=([^> ]*)([^>]*)>(.*)<\/a>/Umis',$htmlmessage,$links); $clicktrack_root = sprintf('%s://%s/lt.php', $GLOBALS["scheme"], $website . $GLOBALS["pageroot"]); for ($i = 0; $i < count($links[2]); $i++) { $link = cleanUrl($links[2][$i]); $link = str_replace('"', '', $link); if (preg_match('/\\.$/', $link)) { $link = substr($link, 0, -1); } $linkid = 0; # print "LINK: $link<br/>"; if ((preg_match('/^http|ftp/', $link) || preg_match('/^http|ftp/', $urlbase)) && $link != 'http://www.phplist.com' && !strpos($link, $clicktrack_root)) { # take off personal uids $url = cleanUrl($link, array('PHPSESSID', 'uid')); # $url = preg_replace('/&uid=[^\s&]+/','',$link); # if (!strpos('http:',$link)) { # $link = $urlbase . $link; # } $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,url,forward) values(%d,%d,"%s","%s")', $GLOBALS['tables']['linktrack'], $messageid, $userdata['id'], $url, addslashes($link))); $req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forward = "%s" ', $GLOBALS['tables']['linktrack'], $messageid, $userdata['id'], $link)); $linkid = $req[0]; $masked = "H|{$linkid}|{$messageid}|" . $userdata['id'] ^ XORmask; $masked = urlencode(base64_encode($masked)); $newlink = sprintf('<a%shref="%s://%s/lt.php?id=%s" %s>%s</a>', $links[1][$i], $GLOBALS["scheme"], $website . $GLOBALS["pageroot"], $masked, $links[3][$i], $links[4][$i]); $htmlmessage = str_replace($links[0][$i], $newlink, $htmlmessage); } } # convert Text message # first find occurances of our top domain, to avoid replacing them later # hmm, this is no point, it's not just *our* topdomain, but any if (0) { preg_match_all('#(https?://' . $GLOBALS['website'] . '/?)\\s+#mis', $textmessage, $links); # preg_match_all('#(https?://[a-z0-9\./\#\?&:@=%\-]+)#ims',$textmessage,$links); # preg_match_all('!(https?:\/\/www\.[a-zA-Z0-9\.\/#~\?+=&%@-_]+)!mis',$textmessage,$links); for ($i = 0; $i < count($links[1]); $i++) { # not entirely sure why strtolower was used, but it seems to break things http://mantis.tincan.co.uk/view.php?id=4406 # $link = strtolower(cleanUrl($links[1][$i])); $link = cleanUrl($links[1][$i]); if (preg_match('/\\.$/', $link)) { $link = substr($link, 0, -1); } $linkid = 0; if (preg_match('/^http|ftp/', $link) && $link != 'http://www.phplist.com' && !strpos($link, $clicktrack_root)) { $url = cleanUrl($link, array('PHPSESSID', 'uid')); $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,url,forward) values(%d,%d,"%s","%s")', $GLOBALS['tables']['linktrack'], $messageid, $userdata['id'], $url, $link)); $req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forward = "%s" ', $GLOBALS['tables']['linktrack'], $messageid, $userdata['id'], $link)); $linkid = $req[0]; $masked = "T|{$linkid}|{$messageid}|" . $userdata['id'] ^ XORmask; $masked = urlencode(base64_encode($masked)); $newlink = sprintf('%s://%s/lt.php?id=%s', $GLOBALS["scheme"], $website . $GLOBALS["pageroot"], $masked); $textmessage = str_replace($links[0][$i], '<' . $newlink . '>', $textmessage); } } } #now find the rest # @@@ needs to expand to find complete urls like: #http://user:password@www.web-site.com:1234/document.php?parameter=something&otherpar=somethingelse#anchor # or secure #https://user:password@www.website.com:2345/document.php?parameter=something%20&otherpar=somethingelse#anchor preg_match_all('#(https?://[^\\s\\>\\}\\,]+)#mis', $textmessage, $links); # preg_match_all('#(https?://[a-z0-9\./\#\?&:@=%\-]+)#ims',$textmessage,$links); # preg_match_all('!(https?:\/\/www\.[a-zA-Z0-9\.\/#~\?+=&%@-_]+)!mis',$textmessage,$links); ## sort the results in reverse order, so that they are replaced correctly rsort($links[1]); $newlinks = array(); for ($i = 0; $i < count($links[1]); $i++) { $link = cleanUrl($links[1][$i]); if (preg_match('/\\.$/', $link)) { $link = substr($link, 0, -1); } $linkid = 0; if (preg_match('/^http|ftp/', $link) && $link != 'http://www.phplist.com') { # && !strpos($link,$clicktrack_root)) { $url = cleanUrl($link, array('PHPSESSID', 'uid')); $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,url,forward) values(%d,%d,"%s","%s")', $GLOBALS['tables']['linktrack'], $messageid, $userdata['id'], $url, $link)); $req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forward = "%s" ', $GLOBALS['tables']['linktrack'], $messageid, $userdata['id'], $link)); $linkid = $req[0]; $masked = "T|{$linkid}|{$messageid}|" . $userdata['id'] ^ XORmask; $masked = urlencode(base64_encode($masked)); $newlinks[$linkid] = sprintf('%s://%s/lt.php?id=%s', $GLOBALS["scheme"], $website . $GLOBALS["pageroot"], $masked); # print $links[0][$i] .' -> '.$newlink.'<br/>'; $textmessage = str_replace($links[1][$i], '[%%%' . $linkid . '%%%]', $textmessage); } } foreach ($newlinks as $linkid => $newlink) { $textmessage = str_replace('[%%%' . $linkid . '%%%]', $newlink, $textmessage); } } # if (eregi("\\[LISTS\\]", $htmlmessage)) { $lists = ""; $listsarr = array(); $req = Sql_Query(sprintf('select list.name from %s as list,%s as listuser where list.id = listuser.listid and listuser.userid = %d', $tables["list"], $tables["listuser"], $user_system_values["id"])); while ($row = Sql_Fetch_Row($req)) { array_push($listsarr, $row[0]); } $lists_html = join('<br/>', $listsarr); $lists_text = join("\n", $listsarr); $htmlmessage = ereg_replace("\\[LISTS\\]", $lists_html, $htmlmessage); $textmessage = ereg_replace("\\[LISTS\\]", $lists_text, $textmessage); } #0011996: forward to friend - personal message if (FORWARD_PERSONAL_NOTE_SIZE && ($hash = 'forwarded' && !empty($forwardedby['personalNote']))) { $htmlmessage = nl2br($forwardedby['personalNote']) . '<br/>' . $htmlmessage; $textmessage = $forwardedby['personalNote'] . "\n" . $textmessage; } ## remove any existing placeholders $htmlmessage = eregi_replace("\\[[A-Z\\. ]+\\]", "", $htmlmessage); $textmessage = eregi_replace("\\[[A-Z\\. ]+\\]", "", $textmessage); ## check that the HTML message as proper <head> </head> and <body> </body> tags # some readers fail when it doesn't if (!preg_match("#<body.*</body>#ims", $htmlmessage)) { $htmlmessage = '<body>' . $htmlmessage . '</body>'; } if (!preg_match("#<head>.*</head>#ims", $htmlmessage)) { if (!$adddefaultstyle) { $defaultstyle = ""; } $htmlmessage = '<head> <meta content="text/html;charset=' . $cached[$messageid]["html_charset"] . '" http-equiv="Content-Type"> <title></title>' . $defaultstyle . '</head>' . $htmlmessage; } if (!preg_match("#<html>.*</html>#ims", $htmlmessage)) { $htmlmessage = '<html>' . $htmlmessage . '</html>'; } # particularly Outlook seems to have trouble if it is not \r\n # reports have come that instead this creates lots of trouble # this is now done in the global sendMail function, so it is not # necessary here # if (USE_CARRIAGE_RETURNS) { # $htmlmessage = preg_replace("/\r?\n/", "\r\n", $htmlmessage); # $textmessage = preg_replace("/\r?\n/", "\r\n", $textmessage); # } ## build the email if (!PHPMAILER) { $mail = new html_mime_mail(array('X-Mailer: PHPlist v' . VERSION, "X-MessageId: {$messageid}", "X-ListMember: {$email}", "Precedence: bulk", "List-Help: <" . $text["preferences"] . ">", "List-Unsubscribe: <" . $text["unsubscribe"] . ">", "List-Subscribe: <" . getConfig("subscribeurl") . ">", "List-Owner: <mailto:" . getConfig("admin_address") . ">")); } else { $mail = new PHPlistMailer($messageid, $destinationemail); if ($forwardedby) { $mail->add_timestamp(); } #$mail->IsSMTP(); } list($dummy, $domaincheck) = split('@', $destinationemail); $text_domains = explode("\n", trim(getConfig("alwayssendtextto"))); if (in_array($domaincheck, $text_domains)) { $htmlpref = 0; if (VERBOSE) { output($GLOBALS['I18N']->get('sendingtextonlyto') . " {$domaincheck}"); } } list($dummy, $domaincheck) = split('@', $email); $text_domains = explode("\n", trim(getConfig("alwayssendtextto"))); if (in_array($domaincheck, $text_domains)) { $htmlpref = 0; if (VERBOSE) { output("Sending text only to {$domaincheck}"); } } # so what do we actually send? switch ($cached[$messageid]["sendformat"]) { case "HTML": // # send html to users who want it and text to everyone else // if ($htmlpref) { // Sql_Query("update {$GLOBALS["tables"]["message"]} set ashtml = ashtml + 1 where id = $messageid"); // if (ENABLE_RSS && sizeof($rssitems)) // updateRSSStats($rssitems,"ashtml"); // # dbg("Adding HTML ".$cached[$messageid]["templateid"]); // $mail->add_html($htmlmessage,"",$cached[$messageid]["templateid"]); // addAttachments($messageid,$mail,"HTML"); // } else { // Sql_Query("update {$GLOBALS["tables"]["message"]} set astext = astext + 1 where id = $messageid"); // if (ENABLE_RSS && sizeof($rssitems)) // updateRSSStats($rssitems,"astext"); // $mail->add_text($textmessage); // addAttachments($messageid,$mail,"text"); // } // break; // # send html to users who want it and text to everyone else // if ($htmlpref) { // Sql_Query("update {$GLOBALS["tables"]["message"]} set ashtml = ashtml + 1 where id = $messageid"); // if (ENABLE_RSS && sizeof($rssitems)) // updateRSSStats($rssitems,"ashtml"); // # dbg("Adding HTML ".$cached[$messageid]["templateid"]); // $mail->add_html($htmlmessage,"",$cached[$messageid]["templateid"]); // addAttachments($messageid,$mail,"HTML"); // } else { // Sql_Query("update {$GLOBALS["tables"]["message"]} set astext = astext + 1 where id = $messageid"); // if (ENABLE_RSS && sizeof($rssitems)) // updateRSSStats($rssitems,"astext"); // $mail->add_text($textmessage); // addAttachments($messageid,$mail,"text"); // } // break; case "both": case "text and HTML": # send one big file to users who want html and text to everyone else if ($htmlpref) { Sql_Query("update {$GLOBALS["tables"]["message"]} set ashtml = ashtml + 1 where id = {$messageid}"); if (ENABLE_RSS && sizeof($rssitems)) { updateRSSStats($rssitems, "ashtml"); } # dbg("Adding HTML ".$cached[$messageid]["templateid"]); $mail->add_html($htmlmessage, $textmessage, $cached[$messageid]["templateid"]); addAttachments($messageid, $mail, "HTML"); } else { Sql_Query("update {$GLOBALS["tables"]["message"]} set astext = astext + 1 where id = {$messageid}"); if (ENABLE_RSS && sizeof($rssitems)) { updateRSSStats($rssitems, "astext"); } $mail->add_text($textmessage); addAttachments($messageid, $mail, "text"); } break; case "PDF": # send a PDF file to users who want html and text to everyone else if (ENABLE_RSS && sizeof($rssitems)) { updateRSSStats($rssitems, "astext"); } if ($htmlpref) { Sql_Query("update {$GLOBALS["tables"]["message"]} set aspdf = aspdf + 1 where id = {$messageid}"); $pdffile = createPdf($textmessage); if (is_file($pdffile) && filesize($pdffile)) { $fp = fopen($pdffile, "r"); if ($fp) { $contents = fread($fp, filesize($pdffile)); fclose($fp); unlink($pdffile); $html = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title></title> </head> <body> <embed src="message.pdf" width="450" height="450" href="message.pdf"></embed> </body> </html>'; # $mail->add_html($html,$textmessage); # $mail->add_text($textmessage); $mail->add_attachment($contents, "message.pdf", "application/pdf"); } } addAttachments($messageid, $mail, "HTML"); } else { Sql_Query("update {$GLOBALS["tables"]["message"]} set astext = astext + 1 where id = {$messageid}"); $mail->add_text($textmessage); addAttachments($messageid, $mail, "text"); } break; case "text and PDF": if (ENABLE_RSS && sizeof($rssitems)) { updateRSSStats($rssitems, "astext"); } # send a PDF file to users who want html and text to everyone else if ($htmlpref) { Sql_Query("update {$GLOBALS["tables"]["message"]} set astextandpdf = astextandpdf + 1 where id = {$messageid}"); $pdffile = createPdf($textmessage); if (is_file($pdffile) && filesize($pdffile)) { $fp = fopen($pdffile, "r"); if ($fp) { $contents = fread($fp, filesize($pdffile)); fclose($fp); unlink($pdffile); $html = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title></title> </head> <body> <embed src="message.pdf" width="450" height="450" href="message.pdf"></embed> </body> </html>'; # $mail->add_html($html,$textmessage); $mail->add_text($textmessage); $mail->add_attachment($contents, "message.pdf", "application/pdf"); } } addAttachments($messageid, $mail, "HTML"); } else { Sql_Query("update {$GLOBALS["tables"]["message"]} set astext = astext + 1 where id = {$messageid}"); $mail->add_text($textmessage); addAttachments($messageid, $mail, "text"); } break; case "text": default: # send as text if (ENABLE_RSS && sizeof($rssitems)) { updateRSSStats($rssitems, "astext"); } Sql_Query("update {$GLOBALS["tables"]["message"]} set astext = astext + 1 where id = {$messageid}"); $mail->add_text($textmessage); addAttachments($messageid, $mail, "text"); break; } $mail->build_message(array("html_charset" => $cached[$messageid]["html_charset"], "html_encoding" => HTMLEMAIL_ENCODING, "text_charset" => $cached[$messageid]["text_charset"], "text_encoding" => TEXTEMAIL_ENCODING)); if (!TEST) { if ($hash != 'forwarded' || !sizeof($forwardedby)) { $fromname = $cached[$messageid]["fromname"]; $fromemail = $cached[$messageid]["fromemail"]; $subject = $cached[$messageid]["subject"]; } else { $fromname = ''; $fromemail = $forwardedby['email']; $subject = $GLOBALS['strFwd'] . ': ' . $cached[$messageid]["subject"]; } if (!$mail->send("", $destinationemail, $fromname, $fromemail, $subject)) { logEvent("Error sending message {$messageid} to {$email} ({$destinationemail})"); return 0; } else { return 1; } } return 0; }
function get_template_image($templateid, $filename) { if (basename($filename) == 'powerphplist.png') { $templateid = 0; } $query = ' select data' . ' from ' . $GLOBALS['tables']['templateimage'] . ' where template = ?' . ' and (filename = ? or filename= ?)'; $rs = Sql_Query_Params($query, array($templateid, $filename, basename($filename))); $req = Sql_Fetch_Row($rs); return $req[0]; }
/** * validateAccount, verify that the logged in admin is still valid. * * this allows verification that the admin still exists and is valid * * @param int $id the ID of the admin as provided by validateLogin * * @return array * index 0 -> false if failed, true if successful * index 1 -> error message when validation fails * * eg * return array(1,'OK'); // -> admin valid * return array(0,'No such account'); // admin failed */ public function validateAccount($id) { /* can only do this after upgrade, which means * that the first login will always fail */ $query = sprintf('select id, disabled,password from %s where id = %d', $GLOBALS['tables']['admin'], $id); $data = Sql_Fetch_Row_Query($query); if (!$data[0]) { return array(0, s('No such account')); } elseif (!ENCRYPT_ADMIN_PASSWORDS && sha1($noaccess_req[2]) != $_SESSION['logindetails']['passhash']) { return array(0, s('Your session does not match your password. If you just changed your password, simply log back in.')); } elseif ($data[1]) { return array(0, s('your account has been disabled')); } ## do this seperately from above, to avoid lock out when the DB hasn't been upgraded. ## so, ignore the error $query = sprintf('select privileges from %s where id = %d', $GLOBALS['tables']['admin'], $id); $req = Sql_Query($query); if ($req) { $data = Sql_Fetch_Row($req); } else { $data = array(); } if (!empty($data[0])) { $_SESSION['privileges'] = unserialize($data[0]); } return array(1, 'OK'); }
function snippetListsSelector($optionAll = false) { static $optionList; if (empty($optionList)) { global $tables; $optionList = ''; $req = Sql_Query(sprintf('select id,name from %s order by listorder', $tables['list'])); while ($row = Sql_Fetch_Row($req)) { $optionList .= sprintf('<option value="%d">%s</option>', $row[0], stripslashes($row[1])); } } $result = '<select name="list">;'; if ($optionAll) { $result .= sprintf('<option value="0">%s</option>', $GLOBALS['I18N']->get('-All-')); } $result .= $optionList; $result .= '</select>'; return $result; }
# this message is done if (!$someusers) { processQueueOutput($GLOBALS['I18N']->get('Hmmm, No users found to send to'), 1, 'progress'); } if (!$counters['failed_sent']) { repeatMessage($messageid); $status = Sql_query(sprintf('update %s set status = "sent",sent = now() where id = %d', $GLOBALS['tables']['message'], $messageid)); if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) { $notifications = explode(',', $msgdata['notify_end']); foreach ($notifications as $notification) { sendMail($notification, $GLOBALS['I18N']->get('Message campaign finished'), s('phpList has finished sending the campaign with subject %s', $msgdata['subject']) . "\n\n" . s('to view the statistics of this campaign, go to %s://%s', $GLOBALS['admin_scheme'], getConfig('website') . $GLOBALS['adminpages'] . '/?page=statsoverview&id=' . $messageid)); } Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,now())', $GLOBALS['tables']['messagedata'], $messageid)); } $rs = Sql_Query(sprintf('select sent, sendstart from %s where id = %d', $tables['message'], $messageid)); $timetaken = Sql_Fetch_Row($rs); processQueueOutput($GLOBALS['I18N']->get('It took') . ' ' . timeDiff($timetaken[0], $timetaken[1]) . ' ' . $GLOBALS['I18N']->get('to send this message')); sendMessageStats($messageid); } ## flush cached message track stats to the DB if (isset($GLOBALS['cached']['linktracksent'])) { flushClicktrackCache(); # we're done with $messageid, so get rid of the cache unset($GLOBALS['cached']['linktracksent'][$messageid]); } } else { if ($script_stage < 5) { $script_stage = 5; } } }
$start = sprintf('%d', $_GET['start']); $limit = ' limit ' . $start . ', 10'; } $addcomparison = 0; $access = accessLevel('statsoverview'); $ownership = ''; $subselect = ''; $paging = ''; #print "Access Level: $access"; switch ($access) { case 'owner': $ownership = sprintf(' and owner = %d ', $_SESSION['logindetails']['id']); if ($id) { $query = sprintf('select owner from %s where id = ? and owner = ?', $GLOBALS['tables']['message']); $rs = Sql_Query_Params($query, array($id, $_SESSION['logindetails']['id'])); $allow = Sql_Fetch_Row($rs); if ($allow[0] != $_SESSION["logindetails"]["id"]) { print $GLOBALS['I18N']->get('You do not have access to this page'); return; } } $addcomparison = 1; break; case 'all': break; case 'none': default: $ownership = ' and msg.id = 0'; print $GLOBALS['I18N']->get('You do not have access to this page'); return; break;
$req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $tables["user"],$_GET["uid"])); $userid = $req[0]; } else { $req = Sql_Fetch_Row_query("select * from {$tables["user"]} where email = \"".$_REQUEST["email"]."\""); $userid = $req[0]; } if (!$userid) Fatal_Error("Error, no such user"); # update the existing record, check whether the email has changed $req = Sql_Query("select * from {$tables["user"]} where id = $userid"); $data = Sql_fetch_array($req); # check whether they are changing to an email that already exists, should not be possible $req = Sql_Query("select uniqid from {$tables["user"]} where email = \"$email\""); if (Sql_Affected_Rows()) { $row = Sql_Fetch_Row($req); if ($row[0] != $_GET["uid"]) { Fatal_Error("Cannot change to that email address. <br/>This email already exists. <br/>Please use the preferences URL for this email to make updates. <br/>Click <a href=\"".getConfig("preferencesurl")."&email=$email\">here</a> to request your personal location"); exit; } } if (ASKFORPASSWORD && $_POST["password"]) { if (ENCRYPTPASSWORD) { $newpassword = sprintf('%s',md5($_POST["password"])); } else { $newpassword = sprintf('%s',$_POST["password"]); }
function ListAvailableLists($userid = 0, $lists_to_show = "") { global $tables; if (isset($_POST['list'])) { $list = $_POST["list"]; } else { $list = ''; } $subselect = ""; $listset = array(); $subscribed = array(); $showlists = explode(",", $lists_to_show); if (PREFERENCEPAGE_SHOW_PRIVATE_LISTS && !empty($userid)) { ## merge with the subscribed lists, regardless of public state $req = Sql_Query(sprintf('select listid from %s where userid = %d', $tables['listuser'], $userid)); while ($row = Sql_Fetch_Row($req)) { $subscribed[] = $row[0]; } $showlists = array_unique(array_merge($showlists, $subscribed)); } foreach ($showlists as $listid) { if (preg_match("/^\\d+\$/", $listid)) { array_push($listset, $listid); } } if (sizeof($listset) >= 1) { $subselect = "where id in (" . join(",", $listset) . ") "; } $some = 0; $html = '<ul class="list">'; $result = Sql_query("SELECT * FROM {$GLOBALS["tables"]["list"]} {$subselect} order by listorder, name"); while ($row = Sql_fetch_array($result)) { if ($row["active"] || in_array($row['id'], $subscribed)) { $html .= '<li class="list"><input type="checkbox" name="list[' . $row["id"] . ']" value="signup" '; if (isset($list[$row["id"]]) && $list[$row['id']] == "signup") { $html .= 'checked="checked"'; } if ($userid) { $req = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and listid = %d', $GLOBALS["tables"]["listuser"], $userid, $row["id"])); if (Sql_Affected_Rows()) { $html .= 'checked="checked"'; } } $html .= " /><b>" . stripslashes($row["name"]) . '</b><div class="listdescription">'; $desc = nl2br(stripslashes($row["description"])); # $html .= '<input type="hidden" name="listname['.$row["id"] . ']" value="'.htmlspecialchars(stripslashes($row["name"])).'"/>'; $html .= $desc . '</div></li>'; $some++; if ($some == 1) { $singlelisthtml = sprintf('<input type="hidden" name="list[%d]" value="signup" />', $row["id"]); $singlelisthtml .= '<input type="hidden" name="listname[' . $row["id"] . ']" value="' . htmlspecialchars(stripslashes($row["name"])) . '"/>'; } } } $html .= '</ul>'; $hidesinglelist = getConfig("hide_single_list"); if (!$some) { global $strNotAvailable; return '<p class="information">' . $strNotAvailable . '</p>'; } elseif ($some == 1 && ($hidesinglelist == "true" || $hidesinglelist === true || $hidesinglelist === "1")) { return $singlelisthtml; } else { global $strPleaseSelect; return '<p class="information">' . $strPleaseSelect . ':</p>' . $html; } }
Sql_Query(sprintf('insert into %s values(0,"%s","%s","%s",now(),now(),"%s","%s",now(),%d,0)', $tables["admin"],"admin","admin","",$adminname,"phplist",1),0); if (is_array($system_pages)) while (list($type,$pages) = each ($system_pages)) { foreach ($pages as $page) Sql_Query(sprintf('insert into %s (page,type) values("%s","%s")', $tables["task"],$page,$type)); } # make sure all users have a uniqid $req = Sql_Query("select id from {$tables["user"]} where uniqid = \"\""); print "<br>Giving every user a unique ID<br />"; flush(); $num = Sql_Affected_Rows(); print "$num to process<br/>"; $c =0; while ($user = Sql_Fetch_Row($req)) { $c++; Sql_Query(sprintf('update %s set uniqid = "%s" where id = %d',$tables["user"],getUniqId(),$user[0])); if ($c % 15 == 0) { print $c . "<br/>"; flush(); } } print "<p>All done"; break; } print '<script language="Javascript" type="text/javascript"> finish(); </script>'; # update the system pages while (list($type,$pages) = each ($system_pages)) { foreach ($pages as $page) Sql_Query(sprintf('replace into %s (page,type) values("%s","%s")',
# with a checkbox we know the values Sql_Query('insert into ' . $table_prefix . 'adminattr_' . $lc_name . ' (name) values("Checked")'); Sql_Query('insert into ' . $table_prefix . 'adminattr_' . $lc_name . ' (name) values("Unchecked")'); # we cannot "require" checkboxes, that does not make sense Sql_Query("update {$tables['adminattribute']} set required = 0 where id = {$insertid}"); } } elseif ($_POST["name"][$id] != "") { # it is a change $query = sprintf('update %s set name = "%s" ,listorder = %d,default_value = "%s" ,required = %d where id = %d', $tables["adminattribute"], addslashes($_POST["name"][$id]), $_POST["listorder"][$id], $_POST["default"][$id], $_POST["required"][$id], $id); Sql_Verbose_Query($query); } } if (isset($_POST["delete"])) { while (list($id, $val) = each($_POST["delete"])) { $res = Sql_Query("select tablename,type from {$tables['adminattribute']} where id = {$id}"); $row = Sql_Fetch_Row($res); if ($row[1] != "hidden" && $row[1] != "textline") { Sql_Query("drop table {$table_prefix}" . "adminattr_{$row['0']}"); } Sql_Query("delete from {$tables['adminattribute']} where id = {$id}"); # delete all admin attributes as well Sql_Query("delete from {$tables['admin_attribute']} where adminattributeid = {$id}"); } } } ?> <?php print formStart();
function clickTrackLinkId($messageid, $userid, $url, $link) { global $cached; if (!isset($cached['linktrack']) || !is_array($cached['linktrack'])) { $cached['linktrack'] = array(); } if (!isset($cached['linktracksent']) || !is_array($cached['linktracksent'])) { $cached['linktracksent'] = array(); } if (!isset($cached['linktrack'][$link])) { $query = ' select id' . ' from ' . $GLOBALS['tables']['linktrack_forward'] . ' where url = ?'; $rs = Sql_Query_Params($query, array($url)); $exists = Sql_Fetch_Row($rs); if (!$exists[0]) { $personalise = preg_match('/uid=/', $link); $query = ' insert into ' . $GLOBALS['tables']['linktrack_forward'] . ' (url, personalise)' . ' values' . ' (?, ?)'; Sql_Query_Params($query, array($url, $personalise)); $fwdid = Sql_Insert_Id($GLOBALS['tables']['linktrack_forward'], 'id'); } else { $fwdid = $exists[0]; } $cached['linktrack'][$link] = $fwdid; } else { $fwdid = $cached['linktrack'][$link]; } if (!isset($cached['linktracksent'][$messageid]) || !is_array($cached['linktracksent'][$messageid])) { $cached['linktracksent'][$messageid] = array(); } if (!isset($cached['linktracksent'][$messageid][$fwdid])) { $query = ' select total' . ' from ' . $GLOBALS['tables']['linktrack_ml'] . ' where messageid = ?' . ' and forwardid = ?'; $rs = Sql_Query_Params($query, array($messageid, $fwdid)); if (!Sql_Num_Rows($rs)) { $total = 1; ## first time for this link/message # BCD: Isn't this just an insert? Sql_Replace($GLOBALS['tables']['linktrack_ml'], array('total' => $total, 'messageid' => $messageid, 'forwardid' => $fwdid), array('messageid', 'forwardid')); } else { $tot = Sql_Fetch_Row($rs); $total = $tot[0] + 1; Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $total, $messageid, $fwdid)); } $cached['linktracksent'][$messageid][$fwdid] = $total; } else { $cached['linktracksent'][$messageid][$fwdid]++; ## write every so often, to make sure it's saved when interrupted if ($cached['linktracksent'][$messageid][$fwdid] % 100 == 0) { Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $cached['linktracksent'][$messageid][$fwdid], $messageid, $fwdid)); } } /* $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,forwardid) values(%d,%d,"%s","%s")',$GLOBALS['tables']['linktrack'],$messageid,$userdata['id'],$url,addslashes($link))); $req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forwardid = %d ',$GLOBALS['tables']['linktrack'],$messageid,$userid,$fwdid));*/ return $fwdid; }
$current_level_req = Sql_Query(sprintf(' select level from %s where adminid = %d and taskid = %d', $tables["admin_task"], $id, $row["id"])); if (!Sql_Affected_Rows()) { # take a default $default = $system_pages[$row["type"]][$row["page"]]; # if ($row["type"] == "system") { # $curval = 0; # } else { # $curval = 4; # } # by default disable everything $curval = 0; if ($level == $default) { $curval = $key; } } else { $current_level = Sql_Fetch_Row($current_level_req); $curval = $current_level[0]; } printf('<td><input type=radio name="access[%d]" value="%s" %s></td>', $row["id"], $key, $key == $curval ? "checked" : ""); } print "</tr>\n"; } printf('<tr><td colspan="%d"><input type=submit name=setdefault value="' . $GLOBALS['I18N']->get('Set these permissions as default') . '"><input type=submit name=change value="' . $GLOBALS['I18N']->get('Save Changes') . '"></table>', sizeof($access_levels) + 2); print '<input type=submit name="resetaccess" value="' . $GLOBALS['I18N']->get('Reset to Default') . '">'; } print "</form>"; ?>
function checkLock($processid) { global $tables; $thispage = $GLOBALS["page"]; $res = Sql_query("select alive from {$tables['sendprocess']} where id = {$processid}"); $row = Sql_Fetch_Row($res); return $row[0]; }
Sql_Query("drop table {$table_prefix}" . "listattr_{$req['1']}"); break; case 'checkboxgroup': if ($_POST['type'][$id] == 'hidden' || $_POST['type'][$id] == 'textline') { print s('Converting %s from %s to %s', htmlentities($_POST['name'][$id]), $existingtype, htmlentities($_POST['type'][$id])) . '<br/>'; # we are changing a checkbox group into a hidden or textline # take the first value! $valuereq = Sql_Query("select id,name from {$table_prefix}" . "listattr_{$req['1']}"); while ($row = Sql_Fetch_Row($valuereq)) { Sql_Query("update {$tables['user_attribute']} set value = \"{$row['1']}\" where attributeid = {$id} and value like \"{$row['0']}%\""); } Sql_Query("drop table if exists {$table_prefix}" . "listattr_{$req['1']}"); } elseif ($_POST['type'][$id] == 'radio' || $_POST['type'][$id] == 'select') { $valuereq = Sql_Query("select userid,value from {$tables['user_attribute']} where attributeid = {$id}"); # take the first value! while ($row = Sql_Fetch_Row($valuereq)) { $values = explode(',', $row[1]); Sql_Query("update {$tables['user_attribute']} set value = \"{$values['0']}\" where attributeid = {$id} and userid = \"{$row['0']}\""); } } break; } } if (empty($_POST['required'][$id])) { $nRequired = 0; } else { $nRequired = $_POST['required'][$id]; } $query = sprintf('update %s set name = "%s" ,type = "%s" ,listorder = %d,default_value = "%s" ,required = %d where id = %d', $tables['attribute'], sql_escape(strip_tags($_POST['name'][$id])), sql_escape($_POST['type'][$id]), $_POST['listorder'][$id], sql_escape($_POST['default'][$id]), $nRequired, $id); Sql_Query($query); # save keywordlib seperately in case the DB hasn't been upgraded
case "2.5.0": case "2.5.1": case "2.5.2": Sql_Query("alter table {$tables["subscribepage"]} add column owner integer"); Sql_Query("alter ignore table {$tables["task"]} add unique (page)"); case "2.5.3": case "2.5.4": Sql_Query("alter table {$tables["user"]} add column foreignkey varchar(100)"); Sql_Query("alter table {$tables["user"]} add index fkey (foreignkey)"); case "2.5.5": case "2.5.6": case "2.5.7": case "2.5.8": # some very odd value managed to sneak in $cbgroups = Sql_Query("select id from {$tables["attribute"]} where type = \"checkboxgroup\""); while ($row = Sql_Fetch_Row($cbgroups)) { Sql_Query("update {$tables["user_attribute"]} set value = \"\" where attributeid = {$row['0']} and value=\"Empty\""); } case "2.6.0": case "2.6.1": case "2.6.2": case "2.6.3": case "2.6.4": case "2.6.5": Sql_Verbose_Query("alter table {$tables["message"]} add column embargo datetime"); Sql_Verbose_Query("alter table {$tables["message"]} add column repeat integer default 0"); Sql_Verbose_Query("alter table {$tables["message"]} add column repeatuntil datetime"); # make sure that current queued messages are sent Sql_Verbose_Query("update {$tables["message"]} set embargo = now() where status = \"submitted\""); Sql_Query("alter table {$tables["message"]} change column status status enum('submitted','inprocess','sent','cancelled','prepared','draft')"); case "2.6.6":
function getUserConfig($item, $userid = 0) { global $default_config, $tables, $domain, $website; $hasconf = Sql_Table_Exists($tables["config"]); $value = ''; if ($hasconf) { $query = 'select value,editable from ' . $tables['config'] . ' where item = ?'; $req = Sql_Query_Params($query, array($item)); if (!Sql_Num_Rows($req)) { if (array_key_exists($item, $default_config)) { $value = $default_config[$item]['value']; } } else { $row = Sql_fetch_Row($req); $value = $row[0]; if ($row[1] == 0) { $GLOBALS['noteditableconfig'][] = $item; } } } # if this is a subpage item, and no value was found get the global one if (!$value && strpos($item, ":") !== false) { list($a, $b) = explode(":", $item); $value = getUserConfig($a, $userid); } if ($userid) { $query = 'select uniqid, email from ' . $tables['user'] . ' where id = ?'; $rs = Sql_Query_Params($query, array($userid)); $user_req = Sql_Fetch_Row($rs); $uniqid = $user_req[0]; $email = $user_req[1]; # parse for placeholders # do some backwards compatibility: # hmm, reverted back to old system $url = getConfig("unsubscribeurl"); $sep = strpos($url, '?') !== false ? '&' : '?'; $value = str_ireplace('[UNSUBSCRIBEURL]', $url . $sep . 'uid=' . $uniqid, $value); $url = getConfig("confirmationurl"); $sep = strpos($url, '?') !== false ? '&' : '?'; $value = str_ireplace('[CONFIRMATIONURL]', $url . $sep . 'uid=' . $uniqid, $value); $url = getConfig("preferencesurl"); $sep = strpos($url, '?') !== false ? '&' : '?'; $value = str_ireplace('[PREFERENCESURL]', $url . $sep . 'uid=' . $uniqid, $value); $value = str_ireplace('[EMAIL]', $email, $value); $value = parsePlaceHolders($value, getUserAttributeValues($email)); } $value = str_ireplace('[SUBSCRIBEURL]', getConfig("subscribeurl"), $value); $value = preg_replace('/\\[DOMAIN\\]/i', $domain, $value); #@ID Should be done only in one place. Combine getConfig and this one? $value = preg_replace('/\\[WEBSITE\\]/i', $website, $value); if ($value == "0") { $value = "false"; } elseif ($value == "1") { $value = "true"; } return $value; }
<p>На этой странице Вы можете подготовить письмо для дальнейшей отправки. Можно указать всю необходимую информацию, исключая списки рассылки для отправки. Затем, в момент отправки подготовленного письма, можно будет выбрать списки рассылки и письмо будет отправлено. </p> <p>Ваше подготовленное письмо постоянно, то есть оно не исчезнет после отправки и может быть использовано много раз повторно. Будьте осторожны, пользуясь этой возможностью, потому что это может привести к тому, что Вы будете отправлять одни и те же письма Вашим подписчикам несколько раз.</p> <p> Эта функциональность специально реализована с целью использовать при совместной работе в системе нескольких администраторов. Если главный администратор готовит такое письмо, простые администраторы могут отправлять его по своим спискам рассылки. В этом случае, Вы можете использовать дополнительные метки в письме: атрибуты администратора.</p> <p>Для примера, если у Вас есть атрибут администратора <b>Name</b> (Имя), Вы можете добавить метку [LISTOWNER.NAME], она будет заменена на <b>Имя</b> владельца списка, кому производится отправка этого письма. Значение будет установлено вне зависимости от того, кто отправляет письмо. Таким образом, если главный администратор отправляет письмо по списку, которые принадлежит кому-то ещё, метка [LISTOWNER] будет заменена на значение владельца списка, а не значения главного администратора.</p> <p>Для справки:<br/> Метка [LISTOWNER] задаётся в формате <b>[LISTOWNER.АТРИБУТ]</b></p> <p>На текущий момент заданы следующие атрибуты администратора: <table border=1><tr><td><b>Атрибут</b></td><td><b>Метка</b></td></tr> <?php $req = Sql_query("select name from {$tables['adminattribute']} order by listorder"); if (!Sql_Affected_Rows()) { print '<tr><td colspan=2>Атрибутов администратора нет</td></tr>'; } while ($row = Sql_Fetch_Row($req)) { if (strlen($row[0]) < 20) { printf('<tr><td>%s</td><td>[LISTOWNER.%s]</td></tr>', $row[0], strtoupper($row[0])); } } ?> </p>
function deleteMessage($id = 0) { if (!$GLOBALS['require_login'] || $_SESSION['logindetails']['superuser']) { $ownerselect_and = ''; $ownerselect_where = ''; } else { $ownerselect_where = ' WHERE owner = ' . $_SESSION['logindetails']['id']; $ownerselect_and = ' and owner = ' . $_SESSION['logindetails']['id']; } # delete the message in delete $result = Sql_query('select id from ' . $GLOBALS['tables']['message'] . " where id = {$id} {$ownerselect_and}"); while ($row = Sql_Fetch_Row($result)) { $result = Sql_query('delete from ' . $GLOBALS['tables']['message'] . " where id = {$row['0']}"); $suc6 = Sql_Affected_Rows(); $result = Sql_query('delete from ' . $GLOBALS['tables']['usermessage'] . " where messageid = {$row['0']}"); $result = Sql_query('delete from ' . $GLOBALS['tables']['listmessage'] . " where messageid = {$row['0']}"); return $suc6; } }