function viewInvitations()
{
global $debug, $message, $success;
$output = ' <div class="textLeft" id="viewInvitationsReturn">';
$class = 'rowAlt';
$getInvitationsQuery = "SELECT\n\tfolders.folderName AS 'folderName',\n\tinvitations.invitationId AS 'invitationId',\n\tinvitations.folderRoleId AS 'folderRoleId',\n\tinvitations.email AS 'email',\n\tinvitations.listRoleId AS 'listRoleId',\n\tDATE_FORMAT(invitations.sentDate, '%b %e, %Y %l:%i %p') AS 'sentDate',\n\tDATE_FORMAT(invitations.responded, '%b %e, %Y %l:%i %p') AS 'responded',\n\tlists.listName AS 'listName'\nFROM\n\tinvitations\nLEFT JOIN\n\tlists ON lists.listId = invitations.listId\nJOIN\n\tfolders ON folders.folderId = invitations.folderId AND\n\tinvitations.senderId = '" . $_SESSION['userId'] . "'\nORDER BY\n\t(SELECT userSiteSettings.folderLinksOrderBy FROM userSiteSettings WHERE userSiteSettings.userId = '" . $_SESSION['userId'] . "')";
if ($result = mysql_query($getInvitationsQuery)) {
if (mysql_affected_rows() == 0) {
$message .= 'You haven\'t sent any invitations.';
pdoError(__LINE__, $getInvitationsQuery, '$getInvitationsQuery', 1);
} else {
$output .= ' <div class="break relative" style="width:100%">
<div class="rowTitle" style="width:140px; padding-left:5px"><br>
Email</div>
<div class="rowTitle" style="width:120px">Invited to Folder</div>
<div class="rowTitle" style="width:80px">Folder Role</div>
<div class="rowTitle" style="width:130px"><br>
Invited to ADR List</div>
<div class="rowTitle" style="width:80px">List Role</div>
<div class="rowTitle" style="width:110px"><br>
Sent</div>
<div class="rowTitle" style="width:110px"><br>
Responded</div>
</div>';
while ($row = mysql_fetch_assoc($result)) {
if ($class == 'rowWhite') {
$class = 'rowAlt';
} else {
$class = 'rowWhite';
}
$responded = empty($row['responded']) ? 'No response' : $row['responded'];
$listName = empty($row['listName']) ? ' ' : $row['listName'];
$output .= ' <div class="break relative ' . $class . '">
<div class="row" style="width:140px; padding-left:5px"><img alt="" class="left" height="16" id="deleteInvitation' . $row['invitationId'] . '" onClick="" src="' . LINKIMAGES . '/xRed.png" width="16"> ' . breakEmail($row['email'], 16) . '</div>
<div class="row" style="width:120px">' . $row['folderName'] . '</div>
<div class="row" style="width:80px;">' . roles($row['folderRoleId']) . '</div>
<div class="row" style="width:130px">' . $listName . '</div>
<div class="row" style="width:80px">' . roles($row['listRoleId']) . '</div>
<div class="row textSmall" style="width:110px">' . $row['sentDate'] . '</div>
<div class="row textSmall" style="width:110px">' . $responded . '</div>
</div>
';
}
$output .= ' </table>
</div>';
$success = true;
$returnThis['returnViewInvitations'] = $output;
}
} else {
error(__LINE__);
pdoError(__LINE__, $getInvitationsQuery, '$getInvitationsQuery');
}
if (MODE == 'viewInvitations') {
returnData();
} else {
return $output;
}
}
if (isset($spamlist)) {
foreach ($spamlist as $spamword) {
if (preg_match("/(" . trim($spamword) . ")/i", $val)) {
$error_msg .= "Your updated info contains words in the spam list, please go back and remove references to obvious 'spam' material.\r\n";
}
}
}
if (preg_match($exploits, $val)) {
$error_msg .= "No meta injection, please.\r\n";
}
if (preg_match("/(<.*>)/i", $val)) {
$error_msg .= "No HTML, please.\r\n";
}
$clean[$key] = cleanUp($val);
}
if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail(strtolower($clean['email'])), "email") === true || filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail(strtolower($clean['email'])), "email") === true) {
// set default values for empty/unset fields
if (empty($clean['dispemail'])) {
$clean['dispemail'] = "no";
}
if (!isset($favefield) || $favefield == "no" || !isset($clean['fave'])) {
$clean['fave'] = NULL;
}
// let's do some security and spam checks
if (empty($clean['name']) || empty($clean['email']) || empty($clean['country'])) {
$error_msg .= "Name, e-mail and country are required fields. \r\n";
}
if (!preg_match("/^[a-zA-Z-'\\s]*\$/", $clean['name'])) {
$error_msg .= "That name is not valid. Your name must contain letters only, and must be less than 15 characters. \r\n";
}
if ($clean['dispemail'] != "yes" && $clean['dispemail'] != "no") {
if (filesize(IPBLOCKLST) > 0 && checkTXTfile(IPBLOCKLST, $_SERVER['REMOTE_ADDR'], "ip") === true) {
echo "<p>Your IP is in the block list, that means you're not allowed to join at this time. \r\n</p>";
exit(include 'footer.php');
}
if (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($clean['email']), "email") === true) {
echo "<p>You're already in the pending queue, you can't join twice!</p> \n";
exit(include 'footer.php');
}
if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($clean['email']), "email") === true) {
echo "<p>You're already a member of the fanlisting, you can't join twice!</p> \n";
exit(include 'footer.php');
}
if ($error_msg == NULL) {
$show_form = false;
// attempt to break email to piss off spammers :p
$clean['email'] = breakEmail(strtolower($clean['email']));
// send off some emails
if ($emailnewbies == "yes") {
$subject = "Thank you for joining {$title}";
$message = $thanksjoinMsg;
$message .= "Name: {$clean['name']} \n";
$message .= "Email: " . fixEmail($clean['email']) . " \n";
$message .= "URL: {$clean['url']} \n";
$message .= "Country: {$clean['country']} \n";
if (isset($favefield) && $favefield == "yes") {
$message .= "{$favetext}: {$clean['fave']} \n";
}
$message .= "Comments: {$clean['comments']} \n\n";
if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: {$admin_email} \n";
$headers .= "Reply-To: {$admin_email}";
if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($_POST['email']), "email") === true) {
$file = MEMBERS;
} elseif (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($_POST['email']), "email") === true) {
$file = NEWBIES;
}
if (!isset($file)) {
echo "<p>Something went horribly, drastically wrong! Run for your life!</p>";
echo "<p>...</p>";
echo "<p>Just kidding — that member does <strong>not</strong> exist.</p>";
echo "<p><a href='admin.php'>Back to admin panel?</a></p>";
include 'footer.php';
exit;
}
$members = file($file);
foreach ($members as $key => $value) {
if (preg_match("/(" . breakEmail($_POST['email']) . ")/i", $value)) {
list($name, $email, $dispemail, $url, $country, $fave) = preg_split("/,(?! )/", $value);
if (empty($url) || $url == "http://" || $url == "") {
$url = "(none)";
} else {
$url = "<a href='{$url}'>website</a>";
}
?>
<p>Search results:</p>
<table>
<tr> <th>Name</th> <th>E-mail</th> <th>Website</th> <th>Country</th> <?php
if (isset($favefield) && $favefield == "yes") {
echo "<th>Fave</th>";
}
?>
function buildListUsers()
{
//Build the users of the selected list.
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (empty($_POST['listId'])) {
throw new Adrlist_CustomException('', '$_POST[\'listId\'] is empty.');
} elseif (!is_numeric($_POST['listId'])) {
throw new Adrlist_CustomException('', '$_POST[\'listId\'] is not numeric.');
}
//Get the user's list role.
$listInfo = getListInfo($_SESSION['userId'], $_POST['listId']);
if ($listInfo === false || $listInfo['listRoleId'] < 3) {
//The user must be a Manager (3) or higher to view list users.
throw new Adrlist_CustomException("Your role does not allow you to edit this list.", '');
}
//Select the existing users.
$listUsersCountStmt = "SELECT\n\tCOUNT(users.userId) AS 'count'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?\nWHERE\n\tusers.userId != ?";
$listUsersStmt = "SELECT\n\tusers.userId AS 'userId',\n\tCONCAT_WS(' ',users.firstName,users.lastName) AS 'name',\n\tusers.primaryEmail AS 'primaryEmail',\n\tuserListSettings.listRoleId AS 'listRoleId',\n\tuserListSettings.dateAdded AS 'dateAdded'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?\nWHERE\n\tusers.userId != ?";
/*GROUP BY
users.primaryEmail*/
$listUsersEndStmt = "\nORDER BY\n\tCONCAT_WS(' ',users.firstName,users.lastName), users.primaryEmail";
//Select the users with pending invitations.
$pendingUsersCountStmt = "SELECT\n\tCOUNT(email) AS 'count'\nFROM\n\tinvitations\nWHERE\n\tlistId = ? AND\n\trespondDate IS NULL AND\n\temail NOT IN (SELECT users.primaryEmail FROM users)";
$pendingUsersStmt = "SELECT\n\tinvitationId AS 'invitationId',\n\temail AS 'email',\n\tlistRoleId AS 'listRoleId',\n\tsentDate AS 'sentDate',\n\tsenderId AS 'senderId'\nFROM\n\tinvitations\nWHERE\n\tlistId = ? AND\n\trespondDate IS NULL AND\n\temail NOT IN (SELECT users.primaryEmail FROM users)";
$pendingUsersEndStmt = "\nORDER BY\n\temail";
if (!empty($_POST['searchVal']) && !empty($_POST['searchFor']) && $_POST['searchFor'] == 'listUsers') {
$searchListUsers = true;
$searchVal = '%' . trim($_POST['searchVal']) . '%';
$listUsersSearchQuery = " AND\n\t(users.firstName LIKE ? || users.lastName LIKE ? || users.primaryEmail LIKE ?)";
$listUsersStmt = $listUsersStmt . $listUsersSearchQuery . $listUsersEndStmt;
$listUsersParams = array($_POST['listId'], $_SESSION['userId'], $searchVal, $searchVal, $searchVal);
$listUsersCountStmt .= $listUsersSearchQuery;
} else {
$searchListUsers = false;
$listUsersStmt .= $listUsersEndStmt;
$listUsersParams = array($_POST['listId'], $_SESSION['userId']);
}
if (!empty($_POST['searchVal']) && !empty($_POST['searchFor']) && $_POST['searchFor'] == 'pendingListUsers') {
$searchPendingListUsers = true;
$searchVal = '%' . trim($_POST['searchVal']) . '%';
$pendingUsersSearchQuery = " AND\nemail LIKE ?";
$pendingUsersStmt = $pendingUsersStmt . $pendingUsersSearchQuery . $pendingUsersEndStmt;
$pendingUsersParams = array($_POST['listId'], $searchVal);
$pendingUsersCountStmt .= $pendingUsersSearchQuery;
} else {
$searchPendingListUsers = false;
$pendingUsersStmt = $pendingUsersStmt . $pendingUsersEndStmt;
$pendingUsersParams = array($_POST['listId']);
}
$listUsersCountStmt = $Dbc->prepare($listUsersCountStmt);
$listUsersCountStmt->execute($listUsersParams);
$row = $listUsersCountStmt->fetch(PDO::FETCH_ASSOC);
$itemCount = $row['count'];
$pagination = new Adrlist_Pagination('buildListUsers', 'listUsers', $itemCount, 'Search Users', $searchListUsers);
$pagination->addSearchParameters(array('listId' => $_POST['listId'], 'searchFor' => 'listUsers'));
list($offset, $limit) = $pagination->offsetLimit();
$listUsersStmt = $Dbc->prepare($listUsersStmt . " LIMIT {$offset}, {$limit}");
$listUsersStmt->execute($listUsersParams);
$pendingUsersCountStmt = $Dbc->prepare($pendingUsersCountStmt);
$pendingUsersCountStmt->execute($pendingUsersParams);
$row = $pendingUsersCountStmt->fetch(PDO::FETCH_ASSOC);
$itemCount = $row['count'];
$pendingPagination = new Adrlist_Pagination('buildListUsers', 'pendingListUsers', $itemCount, 'Search Pending Users', $searchPendingListUsers);
$pendingPagination->addSearchParameters(array('listId' => $_POST['listId'], 'searchFor' => 'pendingListUsers'));
list($pendingOffset, $pendingLimit) = $pendingPagination->offsetLimit();
$pendingUsersStmt = $Dbc->prepare($pendingUsersStmt . " LIMIT {$pendingOffset}, {$pendingLimit}");
$pendingUsersStmt->execute($pendingUsersParams);
$listInfo = getListInfo($_SESSION['userId'], $_POST['listId']);
$listUsersCount = 0;
$listUsersArray = array();
$listUsersHiddenRow = array();
while ($row = $listUsersStmt->fetch(PDO::FETCH_ASSOC)) {
$listUsersCount++;
$name = '<button class="ui-btn ui-mini ui-btn-icon-right ui-icon-carat-r ui-btn-inline ui-corner-all" toggle="existingUser' . $row['userId'] . '">' . $row['name'] . '</button>';
$email = '<a href="mailto:' . $row['primaryEmail'] . '">' . breakEmail($row['primaryEmail'], 30) . '</a>';
$date = $row['dateAdded'] != '0000-00-00 00:00:00' ? Adrlist_Time::utcToLocal($row['dateAdded']) : 'n/a';
$listUsersArray[$row['userId']] = array($name, $date);
//The user rowActions.
$userActions = '';
if ($listInfo['listRoleId'] <= 3 && $row['listRoleId'] >= 3) {
//List managers cannot change the role of managers or owners.
$role = role($row['listRoleId']);
} else {
$additionalAttributes = array('class' => 'changeListRole', 'userId' => $row['userId'], 'listId' => $_POST['listId']);
$role = buildRoles('changeListRole' . $row['userId'], $row['listRoleId'], array(0, 1, 2, 3), $additionalAttributes);
}
if ($listInfo['listRoleId'] >= 3) {
$userActions .= '<div class="ui-field-contain"><label for="existingRole' . $row['userId'] . '">List Role ' . faqLink(24) . '</label>' . $role . '</div>';
$userActions .= $row['listRoleId'] < 3 || $listInfo['listRoleId'] == 4 ? '<button class="removeUserFromList ui-btn ui-btn-inline ui-corner-all ui-mini" listId="' . $_POST['listId'] . '" userId="' . $row['userId'] . '" listName="' . $listInfo['listName'] . '"><i class="fa fa-times" ></i>Remove User</button>' : '';
}
$listUsersHiddenRow[$row['userId']] = array('existingUser' . $row['userId'], $userActions);
}
//Build pending list users.
$pendingListUsersCount = 0;
$pendingUsersArray = array();
$pendingUsersHiddenRow = array();
while ($pendingRow = $pendingUsersStmt->fetch(PDO::FETCH_ASSOC)) {
$pendingListUsersCount++;
$name = '<button class="ui-btn ui-mini ui-btn-icon-right ui-icon-carat-r ui-btn-inline ui-corner-all" toggle="pendingUser' . $pendingRow['invitationId'] . '">' . $pendingRow['email'] . '</button>';
$email = '<a href="mailto:' . $pendingRow['email'] . '">' . breakEmail($pendingRow['email'], 40) . '</a>';
$sentDate = $pendingRow['sentDate'] != '0000-00-00 00:00:00' ? Adrlist_Time::utcToLocal($pendingRow['sentDate']) : 'n/a';
$pendingUsersArray[$pendingRow['invitationId']] = array($name, $sentDate);
//The pending list user rowActions.
$userActions = '';
if ($listInfo['listRoleId'] == 3 && $pendingRow['listRoleId'] >= 3) {
//Managers cannot change the role of other managers.
$role = role($pendingRow['listRoleId']);
} else {
$additionalAttributes = array('class' => 'changePendingRole', 'invitationId' => $pendingRow['invitationId'], 'adrtype' => 'list', 'typeid' => $_POST['listId']);
$role = buildRoles('', $pendingRow['listRoleId'], array(0, 1, 2, 3), $additionalAttributes);
}
if ($listInfo['listRoleId'] >= 3) {
$userActions .= '<div class="ui-field-contain"><label for="pendingRole' . $pendingRow['invitationId'] . '">List Role ' . faqLink(24) . '</label>' . $role . '</div>
<button adrType="list" class="removeInvitation ui-btn ui-btn-inline ui-corner-all ui-mini" invitationId="' . $pendingRow['invitationId'] . '" typeId="' . $_POST['listId'] . '"><i class="fa fa-times" ></i>Remove User</button>';
}
$pendingUsersHiddenRow[$pendingRow['invitationId']] = array('pendingUser' . $pendingRow['invitationId'], $userActions);
}
//Build list users.
$output .= '<div class="textCenter textLarge">
<i class="fa fa-file-o" ></i><span class="bold">' . $listInfo['listName'] . '</span> Users
</div>';
if (empty($listUsersCount)) {
pdoError(__LINE__, $listUsersStmt, $listUsersParams, true);
$output .= '<div class="break red" style="padding:5px 0px 10px 0px;">
There are no users.
</div>';
}
if ($searchListUsers) {
$results = intThis($listUsersCount);
$output .= '<div class="break red">';
$output .= $results == 1 ? $results . ' result' : $results . ' results';
$output .= ' for "' . $_POST['searchVal'] . '".</div>';
}
$listUsersTitleArray = array(array('Name'), array('Shared On', 1));
$buildListUsers = new Adrlist_BuildRows('existingListUsers', $listUsersTitleArray, $listUsersArray);
$buildListUsers->addHiddenRows($listUsersHiddenRow);
$output .= $pagination->output('listUsersViewOptions') . $buildListUsers->output();
$output .= '<div class="hr3" style="margin:2em 0;"></div>';
//Build pending users.
$output .= '<div class="break textCenter textLarge" style="margin:1em 0 0 0">
Pending Users
</div>';
if (empty($pendingListUsersCount)) {
pdoError(__LINE__, $pendingUsersStmt, $pendingUsersParams, true);
$output .= '<div class="break red" style="padding:5px 0px 10px 0px;">
There are no pending users.
</div>';
}
if ($searchPendingListUsers) {
$results = intThis($pendingListUsersCount);
$output .= '<div class="break red">';
$output .= $results == 1 ? $results . ' result' : $results . ' results';
$output .= ' for "' . $_POST['searchVal'] . '".</div>';
}
$pendingUsersTitleArray = array(array('Pending User'), array('Shared On', 1));
$buildPendingUsers = new Adrlist_BuildRows('pendingListUsers', $pendingUsersTitleArray, $pendingUsersArray);
$buildPendingUsers->addHiddenRows($pendingUsersHiddenRow);
$output .= $pendingPagination->output('pendingListUsersViewOptions') . $buildPendingUsers->output();
if (MODE == 'buildListUsers') {
$success = true;
$returnThis['output'] = $output;
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'buildListUsers') {
returnData();
} else {
return $output;
}
}
function buildUserInfo()
{
global $debug, $message, $success, $Dbc;
$output = ' <div class="break" style="line-height:2em">
Last Name: <span class="bold link" id="userLettersA-H" style="padding:0px 20px 0px 20px; letter-spacing:.2em">A–H</span> <span class="bold link" id="userLettersI-Q" style="padding:0px 20px 0px 20px; letter-spacing:.2em"">I–Q</span> <span class="bold link" id="userLettersR-Z" style="padding:0px 20px 0px 20px; letter-spacing:.2em"">R–Z</span>
</div>';
try {
$userInfoStmt = "SELECT\n\tusers.userId AS 'userId',\n\tusers.firstName AS 'firstName',\n\tusers.lastName AS 'lastName',\n\tusers.primaryEmail AS 'primaryEmail',\n\tDATE_FORMAT(users.joinDate, '%M %D, %Y') AS 'joinDate'\nFROM\n\tusers";
$userInfoStmt .= "ORDER BY\n\tusers.lastName";
if (empty($_POST['searchVal']) && !empty($_POST['letters'])) {
$letters = "'^[" . trim($_POST['letters'] . "]'");
$userInfoStmt .= "\nWHERE\n\tusers.lastName RLIKE ?";
$userInfoStmt = $Dbc->prepare($userInfoStmt);
$userInfoParams = array($letters);
$userInfoStmt->execute($userInfoParams);
} elseif (empty($_POST['searchVal']) && empty($_POST['letters'])) {
$search = false;
$userInfoStmt = $Dbc->prepare($userInfoStmt);
$userInfoParams = array();
$userInfoStmt->execute($userInfoParams);
} else {
$search = true;
$searchVal = '%' . trim($_POST['searchVal']) . '%';
$debug->add('$searchval: ' . $searchVal);
$userInfoStmt .= "\nWHERE\n\t(users.firstName LIKE ? || users.lastName LIKE ?' || users.primaryEmail LIKE ?)\n";
$userInfoParams = array($searchVal, $searchVal, $searchVal);
$userInfoStmt->execute($userInfoParams);
pdoError(__LINE__, $userInfoStmt, $userInfoParams);
}
$output .= ' <div class="overflowauto" style="height:300px;">
<div class="break relative">
<div class="rowTitle" style="width:120px">Name</div>
<div class="rowTitle" style="width:120px">Email</div>
<div class="rowTitle" style="width:120px">Join Date</div>
<div class="rowTitle" style="width:350px">Actions</div>
</div>
';
$class = 'rowAlt';
while ($row = $listStmt->fetch(PDO::FETCH_ASSOC)) {
$userId = $row['userId'];
if ($class == 'rowWhite') {
$class = 'rowAlt';
} else {
$class = 'rowWhite';
}
$output .= '
<div class="break ' . $class . '"">
<div class="right textXsmall">Id: ' . $userId . '</div>
<div class="row" style="width:120px">' . $row['firstName'] . ' ' . $row['lastName'] . '</div>
<div class="row" style="width:120px"><a href="mailto:' . $row['primaryEmail'] . '">' . breakEmail($row['primaryEmail'], 20) . '</a></div>
<div class="row textSmall" style="width:120px">' . $row['joinDate'] . '</div>
<div class="row" style="width:330px"><span class="link" id="viewUserInfo' . $userId . '">Edit Info</span> <span class="link" id="viewUserRole' . $row['userId'] . '">View Role</span> <span class="link" id="deleteUserStep1' . $userId . '">Delete User</span></div>
<div class="red row" style="width:70px"><span class="red row" id="message' . $userId . '"></span> </div>
<div class="break" id="userInfoHolder' . $userId . '" style="display:none; line-height:2em; padding:0px 0px 0px 5px">
First Name: <input id="editUserFirstName' . $userId . '" size="12" type="text" value="' . $row['firstName'] . '"> <span class="red" id="firstNameResponse' . $userId . '" style="padding:0px 0px 0px 5px"></span><br>
Last Name: <input id="editUserLastName' . $userId . '" size="12" type="text" value="' . $row['lastName'] . '"><span class="red" id="lastNameResponse' . $userId . '" style="padding:0px 0px 0px 5px"></span><br>
Email: <input id="editUserEmail' . $userId . '" size="20" type="text" value="' . $row['primaryEmail'] . '"><span class="red" id="emailResponse' . $userId . '" style="padding:0px 0px 0px 5px"></span><br>
<span class="link" id="updateUserInfo' . $userId . '">Update</span>
</div>
<div class="break" id="viewUserRoleHolder' . $userId . '" style="display:none"></div>
</div>';
$foundRows = true;
}
$output .= empty($foundRows) ? '<div class="break textCenter">No users found.</div>' : '';
$output .= ' </div>
';
$success = true;
$returnThis['buildUserInfo'] = $output;
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'buildUserInfo') {
returnData();
} else {
return $output;
}
}
