print $ls->tabDelimited(); } print $ls->display(); return; } if ($download) { ob_end_clean(); # header("Content-type: text/plain"); header('Content-type: text/csv'); ob_start(); } if (empty($start)) { print '<p>' . PageLinkButton('mviews&dl=true&id=' . $id . '&start=' . $start, $GLOBALS['I18N']->get('Download as CSV file')) . '</p>'; } #print '<h3>'.$GLOBALS['I18N']->get('View Details for a Message').'</h3>'; $messagedata = Sql_Fetch_Array_query("SELECT * FROM {$tables['message']} where id = {$id} {$subselect}"); print '<table class="mviewsDetails"> <tr><td>' . $GLOBALS['I18N']->get('Subject') . '<td><td>' . $messagedata['subject'] . '</td></tr> <tr><td>' . $GLOBALS['I18N']->get('Entered') . '<td><td>' . $messagedata['entered'] . '</td></tr> <tr><td>' . $GLOBALS['I18N']->get('Sent') . '<td><td>' . $messagedata['sent'] . '</td></tr> </table><hr/>'; if ($download) { header('Content-disposition: attachment; filename="phpList Message open statistics for ' . $messagedata['subject'] . '.csv"'); } $ls = new WebblerListing(ucfirst($GLOBALS['I18N']->get('Open statistics'))); $req = Sql_Query(sprintf('select um.userid from %s um,%s msg where um.messageid = %d and um.messageid = msg.id and um.viewed is not null %s group by userid', $GLOBALS['tables']['usermessage'], $GLOBALS['tables']['message'], $id, $subselect)); $total = Sql_Affected_Rows(); if (isset($start) && $start > 0) { $listing = sprintf($GLOBALS['I18N']->get("Listing user %d to %d"), $start, $start + MAX_USER_PP);
break; case 'none': default: print $GLOBALS['I18N']->get('You do not have access to this page'); return; break; } $ls = new WebblerListing($GLOBALS['I18N']->get('User Click Statistics')); if ($linkid) { $urldata = Sql_Fetch_Array_Query(sprintf('select url from %s where linkid = %d', $GLOBALS['tables']['linktrack'], $linkid)); } if ($msgid) { $messagedata = Sql_Fetch_Array_query("SELECT * FROM {$tables['message']} where id = {$msgid} {$subselect}"); } if ($userid) { $userdata = Sql_Fetch_Array_query("SELECT * FROM {$tables['user']} where id = {$userid} {$subselect}"); } if ($linkid && $msgid) { print '<h1>' . $GLOBALS['I18N']->get('User Click Details for a URL in a message'); print ' ' . PageLink2('uclicks&id=' . $linkid, $urldata['url']); print '</h1>'; print '<table> <tr><td>' . $GLOBALS['I18N']->get('Subject') . '<td><td>' . PageLink2('mclicks&id=' . $msgid, $messagedata['subject']) . '</td></tr> <tr><td>' . $GLOBALS['I18N']->get('Entered') . '<td><td>' . $messagedata['entered'] . '</td></tr> <tr><td>' . $GLOBALS['I18N']->get('Sent') . '<td><td>' . $messagedata['sent'] . '</td></tr> </table><hr/>'; $req = Sql_Query(sprintf('select user.email,user.id as userid,firstclick,date_format(latestclick, "%%e %%b %%Y %%H:%%i") as latestclick,sum(clicked) as numclicks from %s as linktrack, %s as user where linktrack.userid = user.id and linktrack.url = "%s" and linktrack.messageid = %d and linktrack.clicked group by linktrack.userid', $GLOBALS['tables']['linktrack'], $GLOBALS['tables']['user'], $urldata['url'], $msgid)); } elseif ($userid && $msgid) {
$GLOBALS["wait"] = $batch_period; return; } $userid = $userdata[0]; # id of the user $some = 1; set_time_limit(120); # check if we have been "killed" $alive = checkLock($send_process_id); if ($alive) { keepLock($send_process_id); } else { ProcessError($GLOBALS['I18N']->get('Process Killed by other process')); } # check if the message we are working on is still there and in process $status = Sql_Fetch_Array_query("select id,status from {$tables['message']} where id = {$messageid}"); if (!$status['id']) { ProcessError($GLOBALS['I18N']->get('Message I was working on has disappeared')); } elseif ($status['status'] != 'inprocess') { ProcessError($GLOBALS['I18N']->get('Sending of this message has been suspended')); } flush(); # check whether the user has already received the message $um = Sql_query("select entered from {$tables['usermessage']} where userid = {$userdata['0']} and messageid = {$messageid}"); if (!Sql_Affected_Rows()) { if ($script_stage < 4) { $script_stage = 4; } # we know a user $someusers = 1; $users = Sql_query("select id,email,uniqid,htmlemail,rssfrequency,confirmed,blacklisted from {$tables['user']} where id = {$userid}");
function unsubscribePage($id) { global $tables; $email = ''; $userid = 0; $msg = ''; ## for unsubscribe, don't validate host $GLOBALS['check_for_host'] = 0; $res = '<title>' . $GLOBALS['strUnsubscribeTitle'] . '</title>' . "\n"; $res .= $GLOBALS['pagedata']['header']; if (isset($_GET['uid'])) { $userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid']))); $email = $userdata['email']; $userid = $userdata['id']; $isBlackListed = $userdata['blacklisted'] != '0'; $blacklistRequest = false; } else { if (isset($_REQUEST['email'])) { $email = $_REQUEST['email']; } if (!validateEmail($email)) { $email = ''; } #0013076: Blacklisting posibility for unknown users # Set flag for blacklisting $blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend'; # only proceed when user has confirm the form if ($blacklistRequest && is_email($email)) { $_POST['unsubscribe'] = 1; $_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist'); } } if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) { $_POST['unsubscribe'] = 1; $_REQUEST['email'] = $email; if (!empty($_GET['jo'])) { $blacklistRequest = true; $_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested'); } else { $_POST['unsubscribereason'] = s('"Jump off" set, reason not requested'); } } foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { # print $pluginname.'<br/>'; if ($plugin->unsubscribePage($email)) { return; } } if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) { ## all conditions met, do the unsubscribe #0013076: Blacklisting posibility for unknown users // It would be better to do this above, where the email is set for the other cases. // But to prevent vulnerabilities let's keep it here for now. [bas] if (!$blacklistRequest) { $query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"', $tables['user'], sql_escape($email))); $userid = $query[0]; $email = $query[1]; $isBlackListed = !empty($query[2]); } if (!$userid) { #0013076: Blacklisting posibility for unknown users if ($blacklistRequest && !empty($email)) { addUserToBlacklist($email, $_POST['unsubscribereason']); addSubscriberStatistics('blacklist', 1); $res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>'; } else { $res .= $GLOBALS['strNoListsFound']; #'Error: '.$GLOBALS["strUserNotFound"]; logEvent('Request to unsubscribe non-existent user: '******'select listid from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid)); while ($row = Sql_Fetch_Row($listsreq)) { array_push($subscriptions, $row[0]); } ## 17753 - do not actually remove the list-membership when unsubscribing # $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid)); $lists = ' * ' . $GLOBALS['strAllMailinglists'] . "\n"; if (empty($isBlackListed)) { // only process when not already marked as blacklisted # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, 'Unsubscription', "Unsubscribed from {$lists}"); $unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:{$id}", $userid)); sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true); $reason = $_POST['unsubscribereason'] ? "Reason given:\n" . stripslashes($_POST['unsubscribereason']) : 'No Reason given'; sendAdminCopy('List unsubscription', $email . " has unsubscribed\n{$reason}", $subscriptions); addSubscriberStatistics('unsubscription', 1); } } if ($userid) { $res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>'; } #0013076: Blacklisting posibility for unknown users //if ($blacklistRequest) { //$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>"; //} $res .= $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; } elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) { $msg = '<span class="error">' . $GLOBALS['strEnterEmail'] . '</span><br>'; } $res .= '<h3>' . $GLOBALS['strUnsubscribeInfo'] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />'; if (!isset($_POST['email']) || empty($email)) { $res .= '<p>' . $GLOBALS['strEnterEmail'] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>'; } else { $res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS['strEmail'] . ': ' . $email . '</p>'; } if (!$email) { $res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>'; $res .= $GLOBALS['PoweredBy']; $res .= $GLOBALS['pagedata']['footer']; return $res; } $current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"', $tables['list'], $tables['listuser'], $tables['user'], sql_escape($email))); $some = $current['listid']; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current['userhash']; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS['strUnsubscribeFinalInfo']; $pref_url = getConfig('preferencesurl'); $sep = strpos($pref_url, '?') !== false ? '&' : '?'; $finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { #0013076: Blacklisting posibility for unknown users if (!$blacklistRequest) { $res .= '<b>' . $GLOBALS['strNoListsFound'] . '</b></ul>'; } $res .= '<p><input type=submit value="' . $GLOBALS['strUnsubscribe'] . '">'; } else { if ($blacklistRequest) { $res .= $GLOBALS['strExplainBlacklist']; } elseif (!UNSUBSCRIBE_JUMPOFF) { list($r, $c) = explode(',', getConfig('textarea_dimensions')); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS['strUnsubscribeRequestForReason']; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext; } $res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS['strUnsubscribe'] . '"></p>'; } $res .= '</form>'; $res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; }
function unsubscribePage($id) { $pagedata = pageData($id); if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $pagedata['language_file'])) { @(include dirname(__FILE__) . '/texts/' . $pagedata['language_file']); } global $tables; $res .= '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>'; $res = $pagedata["header"]; if (isset($_GET["uid"])) { $req = Sql_Query("select * from {$tables['user']} where uniqid = \"" . $_GET["uid"] . "\""); $userdata = Sql_Fetch_Array($req); $email = $userdata["email"]; if (UNSUBSCRIBE_JUMPOFF) { $_POST["unsubscribe"] = 1; $_POST["email"] = $email; $_POST["unsubscribereason"] = '"Jump off" set, reason not requested'; } } if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) { if (isset($_POST["email"])) { $email = trim($_POST["email"]); } else { $email = $_POST["unsubscribeemail"]; } $query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"{$email}\""); $userid = $query[0]; $email = $query[1]; if (!$userid) { $res .= 'Error: ' . $GLOBALS["strUserNotFound"]; logEvent("Request to unsubscribe non-existent user: "******"email"], 0, 150)); } else { $result = Sql_query("delete from {$tables["listuser"]} where userid = \"{$userid}\""); $lists = " * " . $GLOBALS["strAllMailinglists"] . "\n"; # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}"); $unsubscribemessage = ereg_replace("\\[LISTS\\]", $lists, getUserConfig("unsubscribemessage", $userid)); sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email)); $reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given"; sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}"); addSubscriberStatistics('unsubscription', 1); } if ($userid) { $res .= '<h1>' . $GLOBALS["strUnsubscribeDone"] . "</h1><P>"; } $res .= $GLOBALS["PoweredBy"] . '</p>'; $res .= $pagedata["footer"]; return $res; } elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) { $msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>"; } elseif (!empty($_GET["email"])) { $email = trim($_GET["email"]); } else { if (isset($_REQUEST["email"])) { $email = $_REQUEST["email"]; } elseif (isset($_REQUEST['unsubscribeemail'])) { $email = $_REQUEST['unsubscribeemail']; } elseif (!isset($email)) { $email = ''; } } if (!isset($msg)) { $msg = ''; } $res .= '<b>' . $GLOBALS["strUnsubscribeInfo"] . '</b><br>' . $msg . formStart(); $res .= '<table> <tr><td>' . $GLOBALS["strEnterEmail"] . ':</td><td colspan=3><input type=text name="unsubscribeemail" value="' . $email . '" size=40></td></tr> </table>'; if (!$email) { $res .= "<input type=submit name=unsubscribe value=\"{$GLOBALS['strContinue']}\"></form>\n"; $res .= $GLOBALS["PoweredBy"]; $res .= $pagedata["footer"]; return $res; } $current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash, user.password as password FROM {$tables['list']} as list,{$tables['listuser']} as listuser,{$tables['user']} as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"{$email}\""); $some = $current["listid"]; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current["userhash"]; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS["strUnsubscribeFinalInfo"]; $pref_url = getConfig("preferencesurl"); $sep = ereg('\\?', $pref_url) ? '&' : '?'; $finaltext = eregi_replace('\\[preferencesurl\\]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { $res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>"; $res .= '<p><input type=submit value="' . $GLOBALS["strResubmit"] . '">'; } else { list($r, $c) = explode(",", getConfig("textarea_dimensions")); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS["strUnsubscribeRequestForReason"]; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . ' ' . $finaltext . ' <p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>'; } $res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>'; $res .= $pagedata["footer"]; return $res; }