function isSuperUser()
{
## for now mark webbler admins superuser
if (defined('WEBBLER') || defined('IN_WEBBLER')) {
return 1;
}
global $tables;
$issuperuser = 0;
# if (!isset($_SESSION["adminloggedin"])) return 0;
# if (!is_array($_SESSION["logindetails"])) return 0;
if (isset($_SESSION["logindetails"]["superuser"])) {
return $_SESSION["logindetails"]["superuser"];
}
if (isset($_SESSION["logindetails"]["id"])) {
if (is_object($GLOBALS["admin_auth"])) {
$issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]);
} else {
$query = ' select superuser ' . ' from %s' . ' where id = ?';
$query = sprintf($query, $tables['admin']);
$req = Sql_Query_Params($query, array($_SESSION['logindetails']['id']));
$req = Sql_Fetch_Row($req);
$issuperuser = $req[0];
}
$_SESSION["logindetails"]["superuser"] = $issuperuser;
}
return $issuperuser;
}
function get_template_image($templateid, $filename)
{
if (basename($filename) == 'powerphplist.png') {
$templateid = 0;
}
$query = ' select data' . ' from ' . $GLOBALS['tables']['templateimage'] . ' where template = ?' . ' and (filename = ? or filename= ?)';
$rs = Sql_Query_Params($query, array($templateid, $filename, basename($filename)));
$req = Sql_Fetch_Row($rs);
return $req[0];
}
# this message is done
if (!$someusers) {
output($GLOBALS['I18N']->get('Hmmm, No users found to send to'), 1, 'progress');
}
if (!$failed_sent) {
repeatMessage($messageid);
$status = Sql_query(sprintf('update %s set status = "sent",sent = current_timestamp where id = %d', $GLOBALS['tables']['message'], $messageid));
if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) {
$notifications = explode(',', $msgdata['notify_end']);
foreach ($notifications as $notification) {
sendMail($notification, $GLOBALS['I18N']->get('Message campaign finished'), sprintf($GLOBALS['I18N']->get('phpList has finished sending the campaign with subject %s'), $msgdata['subject']) . "\n\n" . sprintf($GLOBALS['I18N']->get('to view the results of this campaign, go to http://%s'), getConfig('website') . $GLOBALS['adminpages'] . '/?page=statsoverview&id=' . $messageid));
}
Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,current_timestamp)', $GLOBALS['tables']['messagedata'], $messageid));
}
$query = " select sent, sendstart" . " from {$tables['message']}" . " where id = ?";
$rs = Sql_Query_Params($query, array($messageid));
$timetaken = Sql_Fetch_Row($rs);
output($GLOBALS['I18N']->get('It took') . ' ' . timeDiff($timetaken[0], $timetaken[1]) . ' ' . $GLOBALS['I18N']->get('to send this message'));
sendMessageStats($messageid);
}
## flush cached message track stats to the DB
if (isset($GLOBALS['cached']['linktracksent'])) {
flushClicktrackCache();
# we're done with $messageid, so get rid of the cache
unset($GLOBALS['cached']['linktracksent'][$messageid]);
}
} else {
if ($script_stage < 5) {
$script_stage = 5;
}
}
if (isset($_GET['start'])) {
$start = sprintf('%d', $_GET['start']);
} else {
$start = 0;
}
$offset = $start;
$baseurl = "bounces&start={$start}";
if ($total > MAX_USER_PP) {
$limit = MAX_USER_PP;
$paging = simplePaging("bounces", $start, $total, MAX_USER_PP, $status . ' ' . $GLOBALS['I18N']->get('bounces'));
$query = sprintf("select * from %s where status {$status_compare} ? order by date desc limit {$limit} offset {$offset}", $tables['bounce']);
$result = Sql_Query_Params($query, array('unidentified bounce'));
} else {
$paging = '';
$query = sprintf('select * from %s where status ' . $status_compare . ' ? order by date desc', $tables['bounce']);
$result = Sql_Query_Params($query, array('unidentified bounce'));
}
print '<div class="actions">';
print PageLinkButton('listbounces', $GLOBALS['I18N']->get('view bounces by list'));
$buttons = new ButtonGroup(new Button(PageURL2("bounces"), 'delete'));
$buttons->addButton(new ConfirmButton($GLOBALS['I18N']->get('are you sure you want to delete all unidentified bounces older than 2 months') . "?", PageURL2("{$baseurl}&action=deleteunidentified"), $GLOBALS['I18N']->get('delete all unidentified (> 2 months old)')));
$buttons->addButton(new ConfirmButton($GLOBALS['I18N']->get('are you sure you want to delete all bounces older than 2 months') . "?", PageURL2("{$baseurl}&action=deleteprocessed"), $GLOBALS['I18N']->get('delete all processed (> 2 months old)')));
$buttons->addButton(new ConfirmButton($GLOBALS['I18N']->get('are you sure you want to delete all bounces') . "?", PageURL2("{$baseurl}&action=deleteall"), $GLOBALS['I18N']->get('Delete all')));
if (ALLOW_DELETEBOUNCE) {
print $buttons->show();
}
print $tabs->display();
print '</div>';
if (!Sql_Num_Rows($result)) {
switch ($status) {
case 'unidentified':
function unsubscribePage($id)
{
global $tables;
$email = '';
$userid = 0;
$msg = '';
## for unsubscribe, don't validate host
$GLOBALS["check_for_host"] = 0;
$res = '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>' . "\n";
$res .= $GLOBALS['pagedata']["header"];
if (isset($_GET["uid"])) {
$query = sprintf('select id,email,blacklisted from %s where uniqid = ?', $tables['user']);
$req = Sql_Query_Params($query, array($_GET['uid']));
$userdata = Sql_Fetch_Array($req);
$email = $userdata["email"];
$userid = $userdata['id'];
$isBlackListed = $userdata['blacklisted'] != "0";
$blacklistRequest = false;
//invariant
} else {
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
}
if (!validateEmail($email)) {
$email = '';
}
#0013076: Blacklisting posibility for unknown users
# Set flag for blacklisting
$blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend';
# only proceed when user has confirm the form
if ($blacklistRequest && is_email($email)) {
$_POST["unsubscribe"] = 1;
$_POST["unsubscribereason"] = s('Forwarded receiver requested blacklist');
}
}
if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) {
$_POST["unsubscribe"] = 1;
$_REQUEST["email"] = $email;
if (!empty($_GET['jo'])) {
$blacklistRequest = true;
$_POST["unsubscribereason"] = s('"Jump off" used by subscriber, reason not requested');
} else {
$_POST["unsubscribereason"] = s('"Jump off" set, reason not requested');
}
}
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
# print $pluginname.'<br/>';
if ($plugin->unsubscribePage($email)) {
return;
}
}
if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) {
## all conditions met, do the unsubscribe
#0013076: Blacklisting posibility for unknown users
// It would be better to do this above, where the email is set for the other cases.
// But to prevent vulnerabilities let's keep it here for now. [bas]
if (!$blacklistRequest) {
$query = ' select id, email' . ' from ' . $tables['user'] . ' where email = ?';
$rs = Sql_Query_Params($query, array($email));
$query = Sql_Fetch_Row($rs);
$userid = $query[0];
$email = $query[1];
}
if (!$userid) {
#0013076: Blacklisting posibility for unknown users
if ($blacklistRequest && !empty($email)) {
addUserToBlacklist($email, $_POST['unsubscribereason']);
addSubscriberStatistics('blacklist', 1);
$res .= '<h3>' . $GLOBALS["strUnsubscribedNoConfirm"] . "</h3>";
} else {
$res .= $GLOBALS["strNoListsFound"];
#'Error: '.$GLOBALS["strUserNotFound"];
logEvent("Request to unsubscribe non-existent user: "******" * " . $GLOBALS["strAllMailinglists"] . "\n";
# add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}");
$unsubscribemessage = str_replace("[LISTS]", $lists, getUserConfig("unsubscribemessage:{$id}", $userid));
sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true);
$reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given";
sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}", $subscriptions);
addSubscriberStatistics('unsubscription', 1);
}
if ($userid) {
$res .= '<h3>' . $GLOBALS["strUnsubscribeDone"] . "</h3>";
}
#0013076: Blacklisting posibility for unknown users
//if ($blacklistRequest) {
//$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>";
//}
$res .= $GLOBALS["PoweredBy"] . '</p>';
$res .= $GLOBALS['pagedata']["footer"];
return $res;
} elseif (isset($_POST["unsubscribe"]) && !is_email($email) && !empty($email)) {
$msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>";
}
$res .= '<h3>' . $GLOBALS["strUnsubscribeInfo"] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />';
if (!isset($_POST['email']) || empty($email)) {
$res .= '<p>' . $GLOBALS["strEnterEmail"] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>';
} else {
$res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS["strEmail"] . ': ' . $email . '</p>';
}
if (!$email) {
$res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>';
$res .= $GLOBALS["PoweredBy"];
$res .= $GLOBALS['pagedata']["footer"];
return $res;
}
$query = ' select l.id as listid, u.uniqid as userhash, u.password as password' . ' from %s as l, %s as lu, %s as u' . ' where l.id = lu.listid' . ' and u.id = lu.userid' . ' and u.email = ?';
$query = sprintf($query, $tables['list'], $tables['listuser'], $tables['user']);
$rs = Sql_Query_Params($query, array($email));
$current = Sql_Fetch_Array($rs);
$some = $current["listid"];
if (ASKFORPASSWORD && !empty($user['password'])) {
# it is safe to link to the preferences page, because it will still ask for
# a password
$hash = $current["userhash"];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
# they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS["strUnsubscribeFinalInfo"];
$pref_url = getConfig("preferencesurl");
$sep = strpos($pref_url, '?') !== false ? '&' : '?';
$finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext);
if (!$some) {
#0013076: Blacklisting posibility for unknown users
if (!$blacklistRequest) {
$res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>";
}
$res .= '<p><input type=submit value="' . $GLOBALS["strUnsubscribe"] . '">';
} else {
if ($blacklistRequest) {
$res .= $GLOBALS["strExplainBlacklist"];
} elseif (!UNSUBSCRIBE_JUMPOFF) {
list($r, $c) = explode(",", getConfig("textarea_dimensions"));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS["strUnsubscribeRequestForReason"];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext;
}
$res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>';
}
$res .= '</form>';
$res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>';
$res .= $GLOBALS['pagedata']["footer"];
return $res;
}
$_POST['prefix'] = '';
$categories = listCategories();
if (isset($_POST['category']) && in_array($_POST['category'], $categories)) {
$category = $_POST['category'];
} else {
$category = '';
}
if ($id) {
$query = ' update %s' . ' set name = ?, description = ?, active = ?,' . ' listorder = ?, prefix = ?, owner = ?, category = ?' . ' where id = ?';
$query = sprintf($query, $GLOBALS['tables']['list']);
$result = Sql_Query_Params($query, array($_POST['listname'], $_POST['description'], $_POST['active'], $_POST['listorder'], $_POST['prefix'], $_POST['owner'], $category, $id));
} else {
$query = ' insert into %s' . ' (name, description, entered, listorder, owner, prefix, active, category)' . ' values' . ' (?, ?, current_timestamp, ?, ?, ?, ?, ?)';
$query = sprintf($query, $GLOBALS['tables']['list']);
# print $query;
$result = Sql_Query_Params($query, array($_POST['listname'], $_POST['description'], $_POST['listorder'], $_POST['owner'], $_POST['prefix'], $_POST['active'], $category));
}
if (!$id) {
$id = Sql_Insert_Id($GLOBALS['tables']['list'], 'id');
$_SESSION['action_result'] = s('New list added') . ": {$id}";
$_SESSION['newlistid'] = $id;
} else {
$_SESSION['action_result'] = s('Changes saved');
}
## allow plugins to save their fields
foreach ($GLOBALS['plugins'] as $plugin) {
$result = $result && $plugin->processEditList($id);
}
print '<div class="actionresult">' . $_SESSION['action_result'] . '</div>';
if ($_GET['page'] == 'editlist') {
print '<div class="actions">' . PageLinkButton('importsimple&list=' . $id, s('Add some subscribers')) . '</div>';
function getUserConfig($item, $userid = 0)
{
global $default_config, $tables, $domain, $website;
$hasconf = Sql_Table_Exists($tables["config"]);
$value = '';
if ($hasconf) {
$query = 'select value,editable from ' . $tables['config'] . ' where item = ?';
$req = Sql_Query_Params($query, array($item));
if (!Sql_Num_Rows($req)) {
if (array_key_exists($item, $default_config)) {
$value = $default_config[$item]['value'];
}
} else {
$row = Sql_fetch_Row($req);
$value = $row[0];
if ($row[1] == 0) {
$GLOBALS['noteditableconfig'][] = $item;
}
}
}
# if this is a subpage item, and no value was found get the global one
if (!$value && strpos($item, ":") !== false) {
list($a, $b) = explode(":", $item);
$value = getUserConfig($a, $userid);
}
if ($userid) {
$query = 'select uniqid, email from ' . $tables['user'] . ' where id = ?';
$rs = Sql_Query_Params($query, array($userid));
$user_req = Sql_Fetch_Row($rs);
$uniqid = $user_req[0];
$email = $user_req[1];
# parse for placeholders
# do some backwards compatibility:
# hmm, reverted back to old system
$url = getConfig("unsubscribeurl");
$sep = strpos($url, '?') !== false ? '&' : '?';
$value = str_ireplace('[UNSUBSCRIBEURL]', $url . $sep . 'uid=' . $uniqid, $value);
$url = getConfig("confirmationurl");
$sep = strpos($url, '?') !== false ? '&' : '?';
$value = str_ireplace('[CONFIRMATIONURL]', $url . $sep . 'uid=' . $uniqid, $value);
$url = getConfig("preferencesurl");
$sep = strpos($url, '?') !== false ? '&' : '?';
$value = str_ireplace('[PREFERENCESURL]', $url . $sep . 'uid=' . $uniqid, $value);
$value = str_ireplace('[EMAIL]', $email, $value);
$value = parsePlaceHolders($value, getUserAttributeValues($email));
}
$value = str_ireplace('[SUBSCRIBEURL]', getConfig("subscribeurl"), $value);
$value = preg_replace('/\\[DOMAIN\\]/i', $domain, $value);
#@ID Should be done only in one place. Combine getConfig and this one?
$value = preg_replace('/\\[WEBSITE\\]/i', $website, $value);
if ($value == "0") {
$value = "false";
} elseif ($value == "1") {
$value = "true";
}
return $value;
}
= ' select *'
. ' from ' . $tables['list']
. $subselect
. ' order by listorder '.$limit;
$result = Sql_query($query);
*/
}
while ($row = Sql_fetch_array($result)) {
## we only consider confirmed and not blacklisted subscribers members of a list
## we assume "confirmed" to be 1 or 0, so that the sum gives the total confirmed
## could be incorrect, as 1000 is also "true" but will be ok (saves a few queries)
## same with blacklisted, but we're disregarding that for now, because blacklisted subscribers should not
## be on the list at all.
## @@TODO increase accuracy, without adding loads of queries.
$query = ' select count(u.id) as total,' . ' sum(u.confirmed) as confirmed, ' . ' sum(u.blacklisted) as blacklisted ' . ' from ' . $tables['listuser'] . ' lu, ' . $tables['user'] . ' u where u.id = lu.userid and listid = ? ';
$req = Sql_Query_Params($query, array($row["id"]));
$membercount = Sql_Fetch_Assoc($req);
$members = $membercount['confirmed'];
$unconfirmedMembers = (int) ($membercount['total'] - $members);
$desc = stripslashes($row['description']);
if ($unconfirmedMembers > 0) {
$membersDisplay = '<span class="memberCount">' . $members . '</span> <span class="unconfirmedCount">(' . $unconfirmedMembers . ')</span>';
} else {
$membersDisplay = '<span class="memberCount">' . $members . '</span>';
}
//## allow plugins to add columns
// @@@ TODO review this
//foreach ($GLOBALS['plugins'] as $plugin) {
//$desc = $plugin->displayLists($row) . $desc;
//}
$element = '<!-- ' . $row['id'] . '-->' . stripslashes($row['name']);
while ($list = Sql_Fetch_Assoc($lists)) {
$selectOtherlist->addButton(new Button(PageUrl2('listbounces') . '&id=' . $list['id'], htmlspecialchars($list['name'])));
}
print $selectOtherlist->show();
if ($total) {
print PageLinkButton('listbounces&type=dl&id=' . $listid, 'Download emails');
}
print '<p>' . s('%d bounces to list %s', $total, listName($listid)) . "</p>";
$start = empty($_GET['start']) ? 0 : sprintf('%d', $_GET['start']);
if ($total > $numpp && !$download) {
# print Paging2('listbounces&id='.$listid,$total,$numpp,'Page');
# $listing = sprintf($GLOBALS['I18N']->get("Listing %s to %s"),$s,$s+$numpp);
$limit = "limit {$start}," . $numpp;
print simplePaging('listbounces&id=' . $listid, $start, $total, $numpp);
$query .= $limit;
$req = Sql_Query_Params($query, array($listid));
}
if ($download) {
ob_end_clean();
Header("Content-type: text/plain");
$filename = 'Bounces on ' . listName($listid);
header("Content-disposition: attachment; filename=\"{$filename}\"");
}
$ls = new WebblerListing($GLOBALS['I18N']->get('Bounces on') . ' ' . listName($listid));
$ls->noShader();
while ($row = Sql_Fetch_Array($req)) {
$userdata = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], $row['userid']));
if ($download) {
print $userdata['email'] . "\n";
}
$ls->addElement($row['userid'], PageUrl2('user&id=' . $row['userid']));
reset($import_attribute);
foreach ($import_attribute as $item) {
if (!empty($data['values'][$item["index"]])) {
$attribute_index = $item["record"];
$value = $data['values'][$item["index"]];
# check whether this is a textline or a selectable item
$att = Sql_Fetch_Row_Query("select type,tablename,name from " . $tables["adminattribute"] . " where id = {$attribute_index}");
switch ($att[0]) {
case "select":
case "radio":
$query = "select id from {$table_prefix}adminattr_{$att['1']} where name = ?";
$val = Sql_Query_Params($query, array($value));
# if we don't have this value add it '
if (!Sql_Num_Rows($val)) {
$tn = $table_prefix . 'adminattr_' . $att[1];
Sql_Query_Params("insert into {$tn} (name) values (?)", array($value));
Warn($GLOBALS['I18N']->get("Value") . " {$value} " . $GLOBALS['I18N']->get("added to attribute") . " {$att['2']}");
$att_value = Sql_Insert_Id($tn, 'id');
} else {
$d = Sql_Fetch_Row($val);
$att_value = $d[0];
}
break;
case "checkbox":
if ($value) {
$val = Sql_Fetch_Row_Query("select id from {$table_prefix}" . "adminattr_{$att['1']} where name = \"Checked\"");
} else {
$val = Sql_Fetch_Row_Query("select id from {$table_prefix}" . "adminattr_{$att['1']} where name = \"Unchecked\"");
}
$att_value = $val[0];
break;
# add public newsletter list
$info = s("Sign up to our newsletter");
$stmt = ' insert into ' . $tables['list'] . ' (name, description, entered, active, owner)' . ' values' . ' (?, ?, current_timestamp, ?, ?)';
$result = Sql_Query_Params($stmt, array('newsletter', $info, '1', '1'));
## add the admin to the lists
Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 1, $userid));
Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 2, $userid));
$uri = $_SERVER['REQUEST_URI'];
$uri = str_replace('?' . $_SERVER['QUERY_STRING'], '', $uri);
$body = '
Version: ' . VERSION . "\r\n" . ' Url: ' . $_SERVER['SERVER_NAME'] . $uri . "\r\n";
printf('<p class="information">' . $GLOBALS['I18N']->get('Success') . ': <a class="button" href="mailto:info@phplist.com?subject=Successful installation of phplist&body=%s">' . $GLOBALS['I18N']->get('Tell us about it') . '</a>. </p>', $body);
printf('<p class="information">
' . $GLOBALS['I18N']->get("Please make sure to read the file README.security that can be found in the zip file.") . '</p>');
printf('<p class="information">' . $GLOBALS['I18N']->get("Please make sure to") . '<a href="http://announce.hosted.phplist.com"> ' . $GLOBALS['I18N']->get("subscribe to the announcements list") . "</a> " . $GLOBALS['I18N']->get("to make sure you are updated when new versions come out. Sometimes security bugs are found which make it important to upgrade. Traffic on the list is very low.") . ' </p>');
if (ENCRYPT_ADMIN_PASSWORDS && !empty($adminid)) {
print sendAdminPasswordToken($adminid);
}
# make sure the 0 template has the powered by image
$query = ' insert into %s' . ' (template, mimetype, filename, data, width, height)' . ' values (0, ?, ?, ?, ?, ?)';
$query = sprintf($query, $GLOBALS["tables"]["templateimage"]);
Sql_Query_Params($query, array('image/png', 'powerphplist.png', $newpoweredimage, 70, 30));
print '<p>' . $GLOBALS['I18N']->get("Continue with") . " " . PageLinkButton("setup", $GLOBALS['I18N']->get("phpList Setup")) . "</p>";
unset($_SESSION['hasI18Ntable']);
## load language files
# this is too slow
$GLOBALS['I18N']->initFSTranslations();
} else {
print '<div class="initialiseOptions"><ul><li>' . s("Maybe you want to") . " " . PageLinkButton("upgrade", s("Upgrade")) . ' ' . s("instead?") . '</li>
<li>' . PageLinkButton("initialise", s("Force Initialisation"), "force=yes") . ' ' . s("(will erase all data!)") . ' ' . "</li></ul></div>\n";
}
$query = ' insert into ' . $GLOBALS['tables']['linktrack_uml_click'] . ' (firstclick, forwardid, messageid, userid)' . ' values' . ' (current_timestamp, ?, ?, ?)';
Sql_Query_Params($query, array($fwdid, $messageid, $userid));
}
$query = sprintf('update %s set clicked = clicked + 1, latestclick = current_timestamp where forwardid = ? and messageid = ? and userid = ?', $GLOBALS['tables']['linktrack_uml_click']);
Sql_Query_Params($query, array($fwdid, $messageid, $userid));
if ($msgtype == 'H') {
$query = sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = ? and messageid = ? and userid = ?', $GLOBALS['tables']['linktrack_uml_click']);
Sql_Query_Params($query, array($fwdid, $messageid, $userid));
} elseif ($msgtype == 'T') {
$query = sprintf('update %s set textclicked = textclicked + 1 where forwardid = ? and messageid = ? and userid = ?', $GLOBALS['tables']['linktrack_uml_click']);
Sql_Query_Params($query, array($fwdid, $messageid, $userid));
}
$url = $linkdata['url'];
if ($linkdata['personalise']) {
$query = sprintf('select uniqid from %s where id = ?', $GLOBALS['tables']['user']);
$rs = Sql_Query_Params($query, array($userid));
$uid = Sql_Fetch_Row($rs);
if ($uid[0]) {
if (strpos($url, '?')) {
$url .= '&uid=' . $uid[0];
} else {
$url .= '?uid=' . $uid[0];
}
}
}
#print "$url<br/>";
if (!isset($_SESSION['entrypoint'])) {
$_SESSION['entrypoint'] = $url;
}
if (!empty($messagedata['google_track'])) {
## take off existing tracking code, if found
# check for latest version
$checkinterval = sprintf('%d', getConfig("check_new_version"));
if (!isset($checkinterval)) {
$checkinterval = 7;
}
$showUpdateAvail = !empty($_GET['showupdate']);
## just to check the design
$thisversion = VERSION;
$thisversion = preg_replace("/[^\\.\\d]/", "", $thisversion);
$latestversion = getConfig('updateavailable');
$showUpdateAvail = $showUpdateAvail || !empty($latestversion) && !versionCompare($thisversion, $latestversion);
if (!$showUpdateAvail && $checkinterval) {
$query = ' select date_add(value, interval %d day) < current_timestamp as needscheck' . ' from %s' . ' where item = ?';
##https://mantis.phplist.com/view.php?id=16815
$query = sprintf($query, $checkinterval, $tables["config"]);
$req = Sql_Query_Params($query, array('updatelastcheck'));
$needscheck = Sql_Fetch_Row($req);
if ($needscheck[0] != "0") {
@ini_set("user_agent", NAME . " (phplist version " . VERSION . ")");
@ini_set("default_socket_timeout", 5);
if ($fp = @fopen("https://www.phplist.com/files/LATESTVERSION", "r")) {
$latestversion = fgets($fp);
$latestversion = preg_replace("/[^\\.\\d]/", "", $latestversion);
@fclose($fp);
if (!versionCompare($thisversion, $latestversion)) {
## remember this, so we can remind about the update, without the need to check the phplist site
$values = array('item' => "updateavailable", 'value' => $latestversion, 'editable' => '0');
Sql_Replace($tables['config'], $values, 'item', false);
$showUpdateAvail = true;
}
}
case 550:
$action = 'blacklistuseranddeletebounce';
break;
default:
$action = 'unconfirmuseranddeletebounce';
break;
}
$query = ' insert into %s' . ' (regex, action, comment, status)' . ' values' . ' (?, ?, ?, ?)';
$query = sprintf($query, $GLOBALS['tables']['bounceregex']);
Sql_Query_Params($query, array(trim($rule), $action, 'Auto Created from bounce ' . $row['id'] . "\n line: " . $line, 'candidate'));
$regexid = Sql_Insert_Id($GLOBALS['tables']['bounceregex'], 'id');
if ($regexid) {
# most likely duplicate entry if no value
$query = ' insert into %s' . ' (regex, bounce)' . ' values' . ' (?, ?)';
$query = sprintf($query, $GLOBALS['tables']['bounceregex_bounce']);
Sql_Query_Params($query, array($regexid, $row['id']));
} else {
# print matchedBounceRule($row['data']);
print $GLOBALS['I18N']->get('Hmm, duplicate entry, ') . ' ' . $row['id'] . " {$code} {$rule}<br/>";
}
}
}
}
}
if (!$bouncematched) {
$notmatched++;
}
}
print '<ul>';
print '<li>' . sizeof($rules) . ' ' . $GLOBALS['I18N']->get('new rules found') . '</li>';
print '<li>' . $notmatched . ' ' . $GLOBALS['I18N']->get('bounces not matched') . '</li>';
$plugin->processError('Send test capped from ' . sizeof($emailaddresses) . ' to ' . SENDTEST_MAX);
}
$limited = array_chunk($emailaddresses, SENDTEST_MAX);
$emailaddresses = $limited[0];
$sendtestresult .= s("There is a maximum of %d test emails allowed", SENDTEST_MAX) . "<br/>";
}
}
# var_dump($emailaddresses);#exit;
foreach ($emailaddresses as $address) {
$address = trim($address);
if (empty($address)) {
continue;
}
$query = ' select id, email, uniqid, htmlemail, confirmed' . ' from %s' . ' where email = ?';
$query = sprintf($query, $tables['user']);
$result = Sql_Query_Params($query, array($address));
//Leftover from the preplugin era
if ($user = Sql_fetch_array($result)) {
if (FORWARD_ALTERNATIVE_CONTENT && $_GET['tab'] == 'Forward') {
if (SEND_ONE_TESTMAIL) {
$success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail'], array(), array($address));
} else {
$success = sendEmail($id, $address, $user["uniqid"], 1, array(), array($address)) && sendEmail($id, $address, $user["uniqid"], 0, array(), array($address));
}
} else {
if (SEND_ONE_TESTMAIL) {
$success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail']);
} else {
$success = sendEmail($id, $address, $user["uniqid"], 1) && sendEmail($id, $address, $user["uniqid"], 0);
}
}
if ($minor < 11 || $minor == 11 && $sub < 5) {
Sql_Query(sprintf('alter table %s add column category varchar(255) default ""', $tables['list']));
Sql_Query(sprintf('alter table %s add column requeueinterval integer default 0', $tables['message']));
Sql_Query(sprintf('alter table %s add column requeueuntil datetime', $tables['message']));
}
if ($minor < 11 || $minor == 11 && $sub < 7) {
Sql_Create_Table($tables["admin_password_request"], $DBstruct["admin_password_request"], 1);
Sql_Create_Table($tables["admintoken"], $DBstruct["admintoken"], 1);
Sql_Create_Table($tables["i18n"], $DBstruct["i18n"], 1);
unset($_SESSION['hasI18Ntable']);
$req = Sql_Query(sprintf('select loginname,password from %s where length(password) < %d', $GLOBALS['tables']['admin'], $GLOBALS['hash_length']));
while ($row = Sql_Fetch_Assoc($req)) {
$encryptedPassDB = hash(ENCRYPTION_ALGO, $row['password']);
$query = "update %s set password = '******' where loginname = ?";
$query = sprintf($query, $GLOBALS['tables']['admin'], $encryptedPassDB);
Sql_Query_Params($query, array($row['loginname']));
}
# Sql_Create_Table($tables["gchartcache"],$DBstruct["gchartcache"],1); ## really need this?
}
break;
}
## add index on bounces, but ignore the error
Sql_Query("create index statusindex on {$tables["user_attribute"]} (status(10))", 1);
Sql_Query("create index message_lookup using btree on {$tables["user_message_bounce"]} (message)", 1);
## add index to i18n to avoid duplicate translations
## alter ignore doesn't seem to work on InnoDB: http://bugs.mysql.com/bug.php?id=40344
# convert to MyIsam first @@Mysql Specific code !
Sql_Query('alter table ' . $tables["i18n"] . ' engine MyIsam', 1);
Sql_Query('alter ignore table ' . $tables["i18n"] . ' add unique lanorigunq (lan(10),original(200))', 1);
## mantis issue 9001, make sure that the "repeat" column in the messages table is renamed to repeatinterval
# to avoid a name clash with Mysql 5.
if (isset($_GET['start'])) {
$start = sprintf('%d', $_GET['start']);
$limit = ' limit ' . $start . ', 10';
}
$addcomparison = 0;
$access = accessLevel('statsoverview');
$ownership = '';
$subselect = '';
$paging = '';
#print "Access Level: $access";
switch ($access) {
case 'owner':
$ownership = sprintf(' and owner = %d ', $_SESSION['logindetails']['id']);
if ($id) {
$query = sprintf('select owner from %s where id = ? and owner = ?', $GLOBALS['tables']['message']);
$rs = Sql_Query_Params($query, array($id, $_SESSION['logindetails']['id']));
$allow = Sql_Fetch_Row($rs);
if ($allow[0] != $_SESSION["logindetails"]["id"]) {
print $GLOBALS['I18N']->get('You do not have access to this page');
return;
}
}
$addcomparison = 1;
break;
case 'all':
break;
case 'none':
default:
$ownership = ' and msg.id = 0';
print $GLOBALS['I18N']->get('You do not have access to this page');
return;
} else {
$att["value"] = $valueid[0];
}
break;
case "checkboxgroup":
$vals = explode(",", $att["displayvalue"]);
array_pop($vals);
$att["value"] = "";
foreach ($vals as $val) {
$query = sprintf('select id from %slistattr_%s where name = ?', $table_prefix, $tname[0]);
$rs = Sql_Query_Params($query, array($val));
$valueid = Sql_Fetch_Row($rs);
if (!$valueid[0]) {
$tn = $table_prefix . 'listattr_' . $tname[0];
$query = sprintf('insert into %s set name = ?', $tn);
Sql_Query_Params($query, array($val));
$att["value"] .= Sql_Insert_Id($tn, 'id') . ',';
} else {
$att["value"] .= $valueid[0] . ",";
}
}
$att["value"] = substr($att["value"], 0, -1);
break;
}
if ($att["value"]) {
Sql_Replace($tables["user_attribute"], array('attributeid' => $localattid, 'userid' => $userid, 'value' => $att['value']), array('attributeid', 'userid'));
}
}
}
}
if (is_array($userlists)) {
function addSubscriberStatistics($item = '', $amount, $list = 0)
{
switch (STATS_INTERVAL) {
case 'monthly':
# mark everything as the first day of the month
$time = mktime(0, 0, 0, date('m'), 1, date('Y'));
break;
case 'weekly':
# mark everything for the first sunday of the week
$time = mktime(0, 0, 0, date('m'), date('d') - date('w'), date('Y'));
break;
case 'daily':
$time = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
break;
}
$query = ' update ' . $GLOBALS['tables']['userstats'] . ' set value = value + ?' . ' where unixdate = ?' . ' and item = ?' . ' and listid = ?';
Sql_Query_Params($query, array($amount, $time, $item, $list));
$done = Sql_Affected_Rows();
if (!$done) {
$query = ' insert into ' . $GLOBALS['tables']['userstats'] . ' (value, unixdate, item, listid)' . ' values' . ' (?, ?, ?, ?)';
Sql_Query_Params($query, array($amount, $time, $item, $list));
}
}
$offset = $start;
$paging = '';
if ($total > MAX_USER_PP) {
if ($start > 0) {
$listing = sprintf(s("Listing subscriber %d to %d", $start, $start + MAX_USER_PP));
$limit = "limit {$start}," . MAX_USER_PP;
} else {
$listing = s("Listing subscriber 1 to 50");
$limit = "limit 0,50";
}
$paging = simplePaging("members&{$pagingKeep}&id=" . $id, $start, $total, MAX_USER_PP, $GLOBALS['I18N']->get('subscribers'));
}
$query = ' select u.*' . " from %s lu" . " join %s u" . ' on lu.userid = u.id' . ' where lu.listid = ?' . ' and ' . $confirmedSelection . ' order by confirmed desc, email' . ' limit ' . MAX_USER_PP . ' offset ' . $offset;
// TODO Consider using a subselect. select user where uid in select uid from list
$query = sprintf($query, $tables['listuser'], $tables['user']);
$result = Sql_Query_Params($query, array($id));
$tabs = new WebblerTabs();
$tabs->addTab(s("confirmed"), PageUrl2("members&id=" . $id), 'confirmed');
$tabs->addTab(s("unconfirmed"), PageUrl2("members&tab=unconfirmed&id=" . $id), 'unconfirmed');
if (!empty($_GET['tab'])) {
$tabs->setCurrent($_GET["tab"]);
} else {
$_GET['tab'] = 'confirmed';
$tabs->setCurrent('confirmed');
}
print $tabs->display();
print "<p>" . s('%d subscribers', $total) . '</p>';
print formStart(' name="users" class="membersProcess" ');
printf('<input type="hidden" name="id" value="%d" />', $id);
?>
function clickTrackLinkId($messageid, $userid, $url, $link)
{
global $cached;
if (!isset($cached['linktrack']) || !is_array($cached['linktrack'])) {
$cached['linktrack'] = array();
}
if (!isset($cached['linktracksent']) || !is_array($cached['linktracksent'])) {
$cached['linktracksent'] = array();
}
if (!isset($cached['linktrack'][$link])) {
$query = ' select id' . ' from ' . $GLOBALS['tables']['linktrack_forward'] . ' where url = ?';
$rs = Sql_Query_Params($query, array($url));
$exists = Sql_Fetch_Row($rs);
if (!$exists[0]) {
$personalise = preg_match('/uid=/', $link);
$query = ' insert into ' . $GLOBALS['tables']['linktrack_forward'] . ' (url, personalise)' . ' values' . ' (?, ?)';
Sql_Query_Params($query, array($url, $personalise));
$fwdid = Sql_Insert_Id($GLOBALS['tables']['linktrack_forward'], 'id');
} else {
$fwdid = $exists[0];
}
$cached['linktrack'][$link] = $fwdid;
} else {
$fwdid = $cached['linktrack'][$link];
}
if (!isset($cached['linktracksent'][$messageid]) || !is_array($cached['linktracksent'][$messageid])) {
$cached['linktracksent'][$messageid] = array();
}
if (!isset($cached['linktracksent'][$messageid][$fwdid])) {
$query = ' select total' . ' from ' . $GLOBALS['tables']['linktrack_ml'] . ' where messageid = ?' . ' and forwardid = ?';
$rs = Sql_Query_Params($query, array($messageid, $fwdid));
if (!Sql_Num_Rows($rs)) {
$total = 1;
## first time for this link/message
# BCD: Isn't this just an insert?
Sql_Replace($GLOBALS['tables']['linktrack_ml'], array('total' => $total, 'messageid' => $messageid, 'forwardid' => $fwdid), array('messageid', 'forwardid'));
} else {
$tot = Sql_Fetch_Row($rs);
$total = $tot[0] + 1;
Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $total, $messageid, $fwdid));
}
$cached['linktracksent'][$messageid][$fwdid] = $total;
} else {
$cached['linktracksent'][$messageid][$fwdid]++;
## write every so often, to make sure it's saved when interrupted
if ($cached['linktracksent'][$messageid][$fwdid] % 100 == 0) {
Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $cached['linktracksent'][$messageid][$fwdid], $messageid, $fwdid));
}
}
/* $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,forwardid)
values(%d,%d,"%s","%s")',$GLOBALS['tables']['linktrack'],$messageid,$userdata['id'],$url,addslashes($link)));
$req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forwardid = %d
',$GLOBALS['tables']['linktrack'],$messageid,$userid,$fwdid));*/
return $fwdid;
}
<?php
@ob_end_clean();
$id = sprintf('%d', $_GET['id']);
if (!$id) {
return '';
}
/*
$message = Sql_Fetch_Assoc_Query(sprintf('select * from %s where id = %d',$GLOBALS['tables']['message'],$id));
if ($message['id'] != $id) return '';
$messagedata = loadMessageData($id);
$totalsent = $message['astext'] +
$message['ashtml'] +
$message['astextandhtml'] +
$message['aspdf'] +
$message['astextandpdf'];
*/
$status = '';
#$status = 'select count(userid) as num,status from '.$GLOBALS['tables']['usermessage'].' where messageid = '.$id.' group by status<br/>';
$req = Sql_Query_Params('select count(userid) as num,status from ' . $GLOBALS['tables']['usermessage'] . ' where messageid = ? group by status', array($id));
while ($row = Sql_Fetch_Assoc($req)) {
if (!empty($row['num'])) {
$status .= $row['status'] . ' ' . $row['num'] . '<br/>';
}
}
#$status = $totalsent;
