function add_guest()
{
global $db, $config, $t;
settype($vars, 'array');
$errors = array();
$vars = get_input_vars();
//check member
if (!$vars['e'] && $vars['s']) {
$member_code = split(":", $vars['s']);
$member_code = intval($member_code[0]);
$q = $db->query($s = "\n SELECT guest_email\n FROM {$db->config[prefix]}newsletter_guest\n WHERE guest_id='" . $member_code . "'\n ");
$row = mysql_fetch_assoc($q);
if ($row['guest_email']) {
$vars['e'] = $row['guest_email'];
}
}
$is_member = $db->users_find_by_string($vars['e'], 'email', 1) ? true : false;
if ($vars['e'] && $is_member) {
$t->display('add_guest_failed_email.html');
exit;
} else {
$security_code = '';
$securitycode_expire = '';
if (!$config['dont_confirm_guests'] && $vars['s'] == '') {
//generate a security code
$acceptedChars = 'azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789';
$max = strlen($acceptedChars) - 1;
$security_code = "";
for ($i = 0; $i < 16; $i++) {
$security_code .= $acceptedChars[mt_rand(0, $max)];
}
$security_code = $security_code . time();
$security_code = md5($security_code);
$security_code = substr($security_code, 0, 16);
$hours = 48;
$securitycode_expire = date("Y-m-d H:i:s", time() + $hours * 60 * 60);
}
if (!$config['dont_confirm_guests'] && $vars['s'] != '') {
//check security_code
$security_code = $vars['s'];
$member_code = split(":", $security_code);
$security_code = $member_code[1];
$member_code = intval($member_code[0]);
$unix_timestamp = time();
$q = $db->query($s = "\n SELECT guest_id, security_code, UNIX_TIMESTAMP(securitycode_expire)\n FROM {$db->config[prefix]}newsletter_guest\n WHERE guest_id='" . $member_code . "'\n ");
list($guest_id, $guest_code, $guest_expire) = mysql_fetch_row($q);
if (!$guest_id || $guest_code != '' && $guest_code != $security_code || $guest_expire > 0 && $guest_expire - $unix_timestamp < 0) {
//if wrong security code
$t->assign('guest_page', 'newsletter.php');
$t->display('add_guest_failed.html');
exit;
} else {
$q = $db->query("\n UPDATE {$db->config[prefix]}newsletter_guest\n SET security_code='', securitycode_expire=''\n WHERE guest_id='" . $guest_id . "'\n ");
}
$q = $db->query("\n SELECT COUNT(*)\n FROM {$db->config[prefix]}newsletter_guest_subscriptions\n WHERE guest_id='" . $member_code . "'\n AND security_code='" . $db->escape($security_code) . "'\n AND (UNIX_TIMESTAMP(securitycode_expire) - {$unix_timestamp}) > 0\n ");
$r = mysql_fetch_row($q);
if ($r[0] > 0) {
//delete old (confirmed) subscriptions
$q = $db->query("\n DELETE FROM {$db->config[prefix]}newsletter_guest_subscriptions\n WHERE guest_id='" . $member_code . "'\n AND (security_code='' OR security_code IS NULL)\n ");
//activate new subscriptions
$q = $db->query("\n UPDATE {$db->config[prefix]}newsletter_guest_subscriptions\n SET security_code='', securitycode_expire=''\n WHERE guest_id='" . $member_code . "'\n AND security_code='" . $db->escape($security_code) . "'\n AND (UNIX_TIMESTAMP(securitycode_expire) - {$unix_timestamp}) > 0\n ");
}
$t->display('add_guest_complete.html');
//html_redirect("newsletter.php", false, _TPL_NEWSLETTER_INFO_SAVED, _TPL_NEWSLETTER_INFO_UPDATED);
exit;
}
//check guest
$guest = $db->get_guest_by_email($vars['e']);
if (count($guest) == 0 || !$guest['guest_id']) {
//check required input vars
if (count($vars['tr']) == 0) {
$errors[] = _TPL_NEWSLETTER_REQUIRED_THREAD;
}
if (!strlen($vars['n'])) {
$errors[] = _TPL_NEWSLETTER_REQUIRED_NAME;
}
if (!strlen($vars['e']) || !check_email($vars['e'])) {
$errors[] = _TPL_NEWSLETTER_REQUIRED_EMAIL;
}
if ($errors) {
$t->assign('error', $errors);
show_guest_form($vars);
return;
}
//add guest
$q = $db->query($s = "\n INSERT INTO {$db->config['prefix']}newsletter_guest\n (guest_id,guest_name,guest_email,security_code,securitycode_expire)\n VALUES (null, '" . $db->escape($vars['n']) . "', '" . $db->escape($vars['e']) . "', '" . $db->escape($security_code) . "', '{$securitycode_expire}')\n ");
$guest_id = mysql_insert_id($db->conn);
} else {
$guest_id = $guest['guest_id'];
if ($security_code) {
$db->query($s = "\n UPDATE {$db->config['prefix']}newsletter_guest\n set guest_name='" . $db->escape($vars['n']) . "',security_code='" . $db->escape($security_code) . "',securitycode_expire='{$securitycode_expire}'\n WHERE\n guest_id='{$guest_id}'");
}
}
if (count($vars['tr']) > 0) {
if ($config['dont_confirm_guests']) {
$db->delete_guest_threads($guest_id);
}
$db->add_guest_threads($guest_id, $vars['tr'], $security_code, $securitycode_expire);
}
if (!$config['dont_confirm_guests'] && $vars['s'] == '') {
//send a confirmation email
$t->assign('name', htmlentities($vars['n']));
$t->assign('link', "{$config['root_url']}/newsletter.php?a=add_guest&s=" . $guest_id . ":" . $security_code);
$et =& new aMemberEmailTemplate();
$et->name = "verify_guest";
$t->assign('config', $config);
$et->lang = guess_language();
// load and find templated
if (!$et->find_applicable()) {
trigger_error("Cannot find applicable e-mail template for [{$et->name},{$et->lang},{$et->product_id},{$et->day}]", E_USER_WARNING);
exit;
}
global $_AMEMBER_TEMPLATE;
$_AMEMBER_TEMPLATE['text'] = $et->get_smarty_template();
$parsed_mail = $t->fetch('memory:text');
unset($_AMEMBER_TEMPLATE['text']);
mail_customer($vars['e'], $parsed_mail, null, null, null, false, $vars['n']);
$t->display('add_guest_ok.html');
exit;
}
}
$t->display('add_guest_complete.html');
//html_redirect("newsletter.php", false, _TPL_NEWSLETTER_INFO_SAVED, _TPL_NEWSLETTER_INFO_UPDATED);
exit;
}
function display_lang_choice()
{
global $config, $in_fatal_error;
if ($in_fatal_error) {
return "";
}
if (function_exists('admin_auth') && function_exists('admin_login_form')) {
return "";
}
$in_fatal_error++;
$url = htmlspecialchars($_SERVER['PHP_SELF']);
$ret = "<form method='get' action='{$url}'>";
$ret .= _COMMON_LANGUAGE . ": <select name='lang' size=\"1\" onchange='this.form.submit()'>\n";
$selected = guess_language();
foreach ($config['lang']['list'] as $s) {
list($l, $t) = split(':', $s);
$sel = $selected == $l ? 'selected="selected" ' : '';
$ret .= "<option value='{$l}' {$sel}>{$t}</option>\n";
}
$ret .= "</select>\n";
foreach ($_GET as $k => $v) {
if ($k == 'lang' || is_array($k) || is_array($v)) {
continue;
}
$ret .= "<input type=\"hidden\" name='" . htmlspecialchars($k) . "' value='" . htmlspecialchars($v) . "' />\n";
}
$ret .= "</form>\n";
return $ret;
}