# fix the true/false issue if ($id == 'true') { $id = 1; } if ($id == 'false') { $id = 0; } if (!$id) { # pick a first $req = Sql_Fetch_row_Query(sprintf('select ID from %s where active', $tables['subscribepage'])); $id = $req[0]; } } $pagedata = array(); if ($id) { $GLOBALS['pagedata'] = PageData($id); if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . basename($pagedata['language_file']))) { @(include dirname(__FILE__) . '/texts/' . basename($pagedata['language_file'])); # Allow customisation per installation if (is_file($_SERVER['DOCUMENT_ROOT'] . '/' . basename($pagedata['language_file']))) { include_once $_SERVER['DOCUMENT_ROOT'] . '/' . basename($pagedata['language_file']); } } } /* We request you retain the inclusion of pagetop below. This will add invisible additional information to your public pages. This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of phpList, which is beneficial to it's future development.
mt_srand((double) microtime() * 1000000); $randval = mt_rand(); if (empty($id) && isset($_GET['id'])) { $id = sprintf('%d', $_GET["id"]); } elseif (!isset($id)) { $id = 0; } if (!$id && $_GET["page"] != "import1") { Fatal_Error("Invalid call"); exit; } require_once dirname(__FILE__) . "/date.php"; $date = new Date(); ## Check if input is complete $allthere = 1; $subscribepagedata = PageData($id); if (isset($subscribepagedata['language_file']) && is_file(dirname(__FILE__) . '/../texts/' . basename($subscribepagedata['language_file']))) { @(include_once dirname(__FILE__) . '/../texts/' . basename($subscribepagedata['language_file'])); } # Allow customisation per installation if (is_file($_SERVER['DOCUMENT_ROOT'] . '/' . basename($GLOBALS["language_module"]))) { include_once $_SERVER['DOCUMENT_ROOT'] . '/' . basename($GLOBALS["language_module"]); } if (!empty($data['language_file']) && is_file($_SERVER['DOCUMENT_ROOT'] . '/' . basename($data['language_file']))) { include_once $_SERVER['DOCUMENT_ROOT'] . '/' . basename($data['language_file']); } $required = array(); # id's of missing attribbutes if (sizeof($subscribepagedata)) { $attributes = explode('+', $subscribepagedata["attributes"]); foreach ($attributes as $attribute) {
function forwardPage($id) { global $data, $tables, $envelope; $ok = true; $subtitle = ''; $info = ''; $html = ''; $form = ''; ## Check requirements # user if (!isset($_REQUEST["uid"]) || !$_REQUEST['uid']) { FileNotFound(); } $firstpage = 1; ## is this the initial page or a followup # forward addresses $forwardemail = ''; if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) { $firstpage = 0; $forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id'])); $forwardemail = stripslashes($_REQUEST['email']); $emails = explode("\n", $forwardemail); $emails = trimArray($emails); $forwardemail = implode("\n", $emails); #0011860: forward to friend, multiple emails $emailCount = $forwardPeriodCount[0]; foreach ($emails as $index => $email) { $emails[$index] = trim($email); if (is_email($email)) { $emailCount++; } else { $info .= sprintf('<BR />' . $GLOBALS['strForwardInvalidEmail'], $email); $ok = false; } } if ($emailCount > FORWARD_EMAIL_COUNT) { $info .= '<BR />' . $GLOBALS["strForwardCountReached"]; $ok = false; } } else { $ok = false; } # message $mid = 0; if (isset($_REQUEST['mid'])) { $mid = sprintf('%d', $_REQUEST['mid']); $req = Sql_Query(sprintf('select * from %s where id = %d', $tables["message"], $mid)); $messagedata = Sql_Fetch_Array($req); $mid = $messagedata['id']; if ($mid) { $subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']); } } #mid set ## get userdata $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_REQUEST["uid"] . "\""); $userdata = Sql_Fetch_Array($req); $req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user"], $forwardemail)); $forwarduserdata = Sql_Fetch_Array($req); #0011996: forward to friend - personal message # text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) { if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) { $info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached']; $ok = false; } $personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote']))); $userdata['personalNote'] = $personalNote; } if ($userdata["id"] && $mid) { if ($ok && count($emails)) { ## All is well, send it require 'admin/sendemaillib.php'; #0013845 Lead Ref Scheme if (FORWARD_FRIEND_COUNT_ATTRIBUTE) { $iCountFriends = getAttributeIDbyName(FORWARD_FRIEND_COUNT_ATTRIBUTE); } else { $iCountFriends = 0; } if ($iCountFriends) { $nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends)); } #0011860: forward to friend, multiple emails foreach ($emails as $index => $email) { #0011860: forward to friend, multiple emails $done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid)); $info .= '<BR />' . $email . ': '; if ($done['status'] === 'sent') { $info .= $GLOBALS['strForwardAlreadyDone']; } elseif (isBlackListed($email)) { $info .= $GLOBALS['strForwardBlacklistedEmail']; } else { if (!TEST) { # forward the message # sendEmail will take care of blacklisting if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) { $info .= $GLOBALS["strForwardSuccessInfo"]; sendAdminCopy("Message Forwarded", $userdata["email"] . " has forwarded a message {$mid} to {$email}"); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email)); if ($iCountFriends) { $nFriends++; } } else { $info .= $GLOBALS["strForwardFailInfo"]; sendAdminCopy("Message Forwarded", $userdata["email"] . " tried forwarding a message {$mid} to {$email} but failed"); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email)); $ok = false; } } } } # foreach friend if ($iCountFriends) { saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends)); } } #ok & emails } else { # no valid sender logEvent("Forward request from invalid user ID: " . substr($_REQUEST["uid"], 0, 150)); $info .= '<BR />' . $GLOBALS["strForwardFailInfo"]; $ok = false; } $data = PageData($id); if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . basename($data['language_file']))) { @(include dirname(__FILE__) . '/texts/' . basename($data['language_file'])); } ## BAS Multiple Forward ## build response page $form = '<form method="post" action="">'; $form .= sprintf('<input type=hidden name="mid" value="%d">', $mid); $form .= sprintf('<input type=hidden name="id" value="%d">', $id); $form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']); $form .= sprintf('<input type=hidden name="p" value="forward">'); if (!$ok) { #0011860: forward to friend, multiple emails if (FORWARD_EMAIL_COUNT == 1) { $form .= '<BR /><H2>' . $GLOBALS['strForwardEnterEmail'] . '</H2>'; $form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail); } else { $form .= '<BR /><H2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</H2>'; $form .= sprintf('<textarea name="email" rows=10 cols=50 class="attributeinput">%s</textarea>', $forwardemail); } #0011996: forward to friend - personal message if (FORWARD_PERSONAL_NOTE_SIZE) { $form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</H2>', FORWARD_PERSONAL_NOTE_SIZE); $cols = 50; $rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40)); $form .= sprintf('<BR/><textarea type=text name="personalNote" rows=%d cols=%d class="attributeinput">%s</textarea>', $rows, $cols, $personalNote); } $form .= sprintf('<br /><input type=submit value="%s"></form>', $GLOBALS['strContinue']); } ### END BAS ### Michiel, remote response page $remote_content = ''; if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) { if (isset($regs[1]) && strlen($regs[1])) { $url = $regs[1]; if (!preg_match('/^http/i', $url)) { $url = 'http://' . $url; } $remote_content = fetchUrl($url); } } if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) { if ($firstpage) { ## this is the initial page, not a follow up one. $remote_content = str_replace($regs[0], $info . $form, $remote_content); } else { $remote_content = str_replace($regs[0], $info, $remote_content); } $res = $remote_content; } else { $res = '<title>' . $GLOBALS["strForwardTitle"] . '</title>'; $res .= $data["header"]; $res .= '<h1>' . $subtitle . '</h1>'; if ($ok) { $res .= '<h2>' . $info . '</h2>'; } else { $res .= '<div class="missing">' . $info . '</div>'; } $res .= $form; $res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>'; $res .= $data["footer"]; } ### END MICHIEL return $res; }
function forwardPage($id) { global $tables, $envelope; $html = ''; $subtitle = ''; if (!isset($_GET["uid"]) || !$_GET['uid']) { FileNotFound(); } $forwardemail = ''; if (isset($_GET['email'])) { $forwardemail = $_GET['email']; } $mid = 0; if (isset($_GET['mid'])) { $mid = sprintf('%d', $_GET['mid']); $req = Sql_Query(sprintf('select * from %s where id = %d', $tables["message"], $mid)); $messagedata = Sql_Fetch_Array($req); $mid = $messagedata['id']; if ($mid) { $subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']); } } $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_GET["uid"] . "\""); $userdata = Sql_Fetch_Array($req); $req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user"], $forwardemail)); $forwarduserdata = Sql_Fetch_Array($req); if ($userdata["id"] && $mid) { if (!is_email($forwardemail)) { $info = $GLOBALS['strForwardEnterEmail']; $html .= '<form method="get">'; $html .= sprintf('<input type=hidden name="mid" value="%d">', $mid); $html .= sprintf('<input type=hidden name="id" value="%d">', $id); $html .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']); $html .= sprintf('<input type=hidden name="p" value="forward">'); $html .= sprintf('<input type=text name="email" value="%s" size=35 class="attributeinput">', $forwardemail); $html .= sprintf('<input type=submit value="%s"></form>', $GLOBALS['strContinue']); } else { # check whether the email to forward exists and whether they have received the message if ($forwarduserdata['id']) { $sent = Sql_Fetch_Row_Query(sprintf('select entered from %s where userid = %d and messageid = %d', $tables['usermessage'], $forwarduserdata['id'], $mid)); # however even if that's the case, we don't want to reveal this information } $done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $forwardemail, $mid)); if ($done['status'] === 'sent') { $info = $GLOBALS['strForwardAlreadyDone']; } else { if (!TEST) { # forward the message require 'admin/sendemaillib.php'; # sendEmail will take care of blacklisting if (sendEmail($mid, $forwardemail, 'forwarded', $userdata['htmlemail'], array(), $userdata)) { $info = $GLOBALS["strForwardSuccessInfo"]; sendAdminCopy("Message Forwarded", $userdata["email"] . " has forwarded a message {$mid} to {$forwardemail}"); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $forwardemail)); } else { $info = $GLOBALS["strForwardFailInfo"]; sendAdminCopy("Message Forwarded", $userdata["email"] . " tried forwarding a message {$mid} to {$forwardemail} but failed"); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $forwardemail)); } } } } } else { logEvent("Forward request from invalid user ID: " . substr($_GET["uid"], 0, 150)); $info = $GLOBALS["strForwardFailInfo"]; } $data = PageData($id); if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $data['language_file'])) { @(include dirname(__FILE__) . '/texts/' . $data['language_file']); } $res = '<title>' . $GLOBALS["strForwardTitle"] . '</title>'; $res .= $data["header"]; $res .= '<h1>' . $subtitle . '</h1>'; $res .= '<h2>' . $info . '</h2>'; $res .= $html; $res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>'; $res .= $data["footer"]; return $res; }
function confirmPage($id) { global $tables,$envelope; if (!$_GET["uid"]) FileNotFound(); $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"".$_GET["uid"]."\""); $userdata = Sql_Fetch_Array($req); if ($userdata["id"]) { $html = '<ul>'; Sql_Query("update {$tables["user"]} set confirmed = 1 where id = ".$userdata["id"]); $req = Sql_Query("select name,description from $tables[list],$tables[listuser] where $tables[listuser].userid = ".$userdata["id"] ." and $tables[listuser].listid = $tables[list].id"); if (!Sql_Affected_Rows()) { $lists = "\n * ".$GLOBALS["strNoLists"]; $html .= '<li>'.$GLOBALS["strNoLists"]; } while ($row = Sql_fetch_array($req)) { $lists .= "\n *".$row["name"]; $html .= '<li class="list">'.$row["name"].'<div class="listdescription">'.stripslashes($row["description"]).'</div></li>'; } $html .= '</ul>'; $spage = $userdata["subscribepage"]; $confirmationmessage = ereg_replace('\[LISTS\]', $lists, getUserConfig("confirmationmessage:$spage",$userdata["id"])); if (!TEST) { sendMail($userdata["email"], getConfig("confirmationsubject:$spage"), $confirmationmessage,system_messageheaders(),$envelope); sendAdminCopy("List confirmation",$userdata["email"] . " has confirmed their subscription"); } $info = $GLOBALS["strConfirmInfo"]; } else { $html .= 'Error: '.$GLOBALS["strUserNotFound"]; $info = $GLOBALS["strConfirmFailInfo"]; } $data = PageData($id); $res = '<title>'.$GLOBALS["strConfirmTitle"].'</title>'; $res .= $data["header"]; $res .= '<h1>'.$info.'</h1>'; $res .= $html; $res .= "<P>".$GLOBALS["PoweredBy"].'</p>'; $res .= $data["footer"]; return $res; }