$userid = Sql_Insert_Id($tables['user'], 'id');
++$count_email_add;
$some = 1;
$history_entry = $GLOBALS['I18N']->get('Import of new subscriber');
# add the attributes for this user
foreach ($attributes as $attr => $value) {
if (is_array($value)) {
$value = implode(',', $value);
}
Sql_query(sprintf('replace into %s (attributeid,userid,value) values("%s","%s","%s")', $tables['user_attribute'], $attr, $userid, addslashes($value)));
}
}
#add this user to the lists identified, execpt when found in the blacklist
$addition = 0;
$listoflists = '';
$isBlackListed = isBlackListed($email);
if (!$isBlackListed) {
foreach ($importdata['importlists'] as $key => $listid) {
$query = 'replace INTO ' . $tables['listuser'] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
if (!empty($importdata['listname'][$key])) {
$listoflists .= ' * ' . $importdata['listname'][$key] . "\n";
}
}
if ($addition) {
++$additional_emails;
}
} else {
## mark blacklisted, just in case ##17288
}
##$subselect .= ' limit 500'; // just to test the progress meter
if ($list) {
$result = Sql_query(sprintf('select * from
%s where user.id = listuser.userid and listuser.listid = %d and %s >= "%s 00:00:00" and %s <= "%s 23:59:59" %s
', $querytables, $list, $column, $fromdate, $column, $todate, $subselect));
} else {
$result = Sql_query(sprintf('
select * from %s where %s >= "%s 00:00:00" and %s <= "%s 23:59:59" %s', $querytables, $column, $fromdate, $column, $todate, $subselect));
}
$todo = Sql_Affected_Rows();
$done = 0;
fwrite($exportfile, $GLOBALS['I18N']->get('List Membership') . $row_delim);
while ($user = Sql_fetch_array($result)) {
## re-verify the blacklist status
if (empty($user['blacklisted']) && isBlackListed($user['email'])) {
$user['blacklisted'] = 1;
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']['user'], $user['email']));
}
set_time_limit(500);
if ($done % 50 == 0) {
print '<script type="text/javascript">
var parentJQuery = window.parent.jQuery;
parentJQuery("#progressbar").updateProgress("' . $done . ',' . $todo . '");
</script>';
flush();
}
++$done;
reset($_SESSION['export']['cols']);
while (list($key, $val) = each($_SESSION['export']['cols'])) {
fwrite($exportfile, strtr($user[$val], $col_delim, ',') . $col_delim);
$email = $date = $uid = '';
if (isset($cline['e'])) {
$email = $cline['e'];
}
if (isset($cline['u'])) {
$uid = $cline['u'];
}
if (isset($cline['d'])) {
$date = $cline['d'];
}
$emailQ = Sql_Fetch_Row_Query(sprintf('select email from %s where uniqid = "%s" or email = "%s" order by email desc', $GLOBALS['tables']['user'], sql_escape($uid), sql_escape($email)));
$emailDB = $emailQ[0];
if (empty($emailDB) && empty($email)) {
cl_output('FAIL');
exit;
}
if (isBlackListed($emailDB)) {
## do this anyway, just to be sure
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']['user'], $emailDB));
cl_output('OK');
exit;
}
if (!empty($emailDB)) {
## do this immediately
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']['user'], $emailDB));
addEmailToBlackList($emailDB, 'blacklisted due to spam complaints', $date);
} else {
addEmailToBlackList($email, 'blacklisted due to spam complaints', $date);
}
cl_output('OK ' . $emailDB);
exit;
function forwardPage($id)
{
global $tables;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
$personalNote = '';
## Check requirements
# message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$messagedata = loadMessageData($mid);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
#mid set
# user
if (!isset($_REQUEST['uid']) || !$_REQUEST['uid']) {
FileNotFound();
}
## get userdata
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_REQUEST['uid'])));
$userdata = Sql_Fetch_Array($req);
## verify that this subscriber actually received this message to forward, otherwise they're not allowed
$allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d', $GLOBALS['tables']['usermessage'], $userdata['id'], $mid));
if (empty($userdata['id']) || $allowed[0] != $userdata['id']) {
## when sending a test email as an admin, the entry isn't there yet
if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != $_SERVER['REMOTE_ADDR']) {
FileNotFound('<br/><i>' . $GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.') . '</i><br/>');
}
}
$firstpage = 1;
## is this the initial page or a followup
# forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
#0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
++$emailCount;
} else {
$info .= sprintf('<br />' . $GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<br />' . $GLOBALS['strForwardCountReached'];
$ok = false;
}
} else {
$ok = false;
}
#0011996: forward to friend - personal message
# text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata['id'] && $mid) {
if ($ok && count($emails)) {
## All is well, send it
require_once 'admin/sendemaillib.php';
#0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = FORWARD_FRIEND_COUNT_ATTRIBUTE;
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
## remember the lists for this message in order to notify only those admins
## that own them
$messagelists = array();
$messagelistsreq = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS['tables']['listmessage'], $mid));
while ($row = Sql_Fetch_Row($messagelistsreq)) {
array_push($messagelists, $row[0]);
}
foreach ($emails as $index => $email) {
#0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
$info .= '<br />' . $email . ': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
# forward the message
# sendEmail will take care of blacklisting
### CHECK $email vs $forwardemail
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS['strForwardSuccessInfo'];
sendAdminCopy(s('Message Forwarded'), s('%s has forwarded message %d to %s', $userdata['email'], $mid, $email), $messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
++$nFriends;
}
} else {
$info .= $GLOBALS['strForwardFailInfo'];
sendAdminCopy(s('Message Forwarded'), s('%s tried forwarding message %d to %s but failed', $userdata['email'], $mid, $email), $messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
}
# foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
}
#ok & emails
} else {
# no valid sender
logEvent(s('Forward request from invalid user ID: %s', substr($_REQUEST['uid'], 0, 150)));
$info .= '<BR />' . $GLOBALS['strForwardFailInfo'];
$ok = false;
}
/*
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($data['language_file']))) {
@include dirname(__FILE__).'/texts/'.basename($data['language_file']);
}
*/
## BAS Multiple Forward
## build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
#0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$form .= '<br /><h2>' . $GLOBALS['strForwardEnterEmail'] . '</h2>';
$form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
} else {
$form .= '<br /><h2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</h2>';
$form .= sprintf('<textarea name="email" rows="10" cols="50" class="attributeinput">%s</textarea>', $forwardemail);
}
#0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</h2>', FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$form .= sprintf('<br/><textarea type="text" name="personalNote" rows="%d" cols="%d" class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type="submit" value="%s"></form>', $GLOBALS['strContinue']);
}
### END BAS
### Michiel, remote response page
$remote_content = '';
if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://' . $url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
if ($firstpage) {
## this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info . $form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>' . $GLOBALS['strForwardTitle'] . '</title>';
$res .= $GLOBALS['pagedata']['header'];
$res .= '<h3>' . $subtitle . '</h3>';
if ($ok) {
$res .= '<h4>' . $info . '</h4>';
} elseif (!empty($info)) {
$res .= '<div class="error missing">' . $info . '</div>';
}
$res .= $form;
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
}
### END MICHIEL
return $res;
}
$information_changed = 0;
foreach ($current_data as $key => $val) {
if (!is_numeric($key)) {
if (isset($old_data[$key]) && $old_data[$key] != $val && $old_data[$key] && $key != 'password' && $key != 'modified') {
$information_changed = 1;
$history_entry .= "{$key} = {$val}\n*changed* from {$old_data[$key]}\n";
}
}
}
if (!$information_changed) {
$history_entry .= "\nNo user details changed";
}
addUserHistory($user['systemvalues']['email'], 'Import by ' . adminName(), $history_entry);
}
#add this user to the lists identified, except when they are blacklisted
$isBlackListed = isBlackListed($user['systemvalues']['email']);
if (!$isBlackListed && is_array($_SESSION['lists'])) {
reset($_SESSION['lists']);
$addition = 0;
$listoflists = '';
while (list($key, $listid) = each($_SESSION['lists'])) {
$query = 'replace INTO ' . $tables['listuser'] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query, 1);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= ' * ' . listName($key) . "\n";
# $_SESSION["listname"][$key] . "\n";
}
if ($addition) {
++$count['list_add'];
}
if (eregi("\\[email\\]", $thankyoupage, $regs)) {
$thankyoupage = eregi_replace("\\[email\\]", $email, $thankyoupage);
}
$user_att = getUserAttributeValues($email);
while (list($att_name, $att_value) = each($user_att)) {
if (eregi("\\[" . $att_name . "\\]", $thankyoupage, $regs)) {
$thankyoupage = eregi_replace("\\[" . $att_name . "\\]", $att_value, $thankyoupage);
}
}
if (is_array($GLOBALS["plugins"])) {
reset($GLOBALS["plugins"]);
foreach ($GLOBALS["plugins"] as $name => $plugin) {
$thankyoupage = $plugin->parseThankyou($id, $userid, $thankyoupage);
}
}
$blacklisted = isBlackListed($email);
if ($blacklisted) {
$thankyoupage .= '<p>' . $GLOBALS["strYouAreBlacklisted"] . '</p>';
return 1;
}
if ($sendrequest && $listsok) {
#is_array($_POST["list"])) {
if (sendMail($email, getConfig("subscribesubject:{$id}"), $subscribemessage, system_messageheaders($email), '', 1)) {
sendAdminCopy("Lists subscription", "\n" . $email . " has subscribed\n\n{$history_entry}");
addUserHistory($email, $history_subject, $history_entry);
print $thankyoupage;
} else {
print '<h3>' . $strEmailFailed . '</h3>';
if ($blacklisted) {
print '<p>' . $GLOBALS["strYouAreBlacklisted"] . '</p>';
}
function sendMail($to, $subject, $message, $header = "", $parameters = "")
{
# mail($to,$subject,$message);
dbg("mail {$to} {$subject}");
if (!$to) {
logEvent("Error: empty To: in message with subject {$subject} to send");
return 0;
} elseif (!$subject) {
logEvent("Error: empty Subject: in message to send to {$to}");
return 0;
}
if (isBlackListed($to)) {
logEvent("Error, {$to} is blacklisted, not sending");
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $this->tables["user"], $to));
addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
return 0;
}
$v = phpversion();
$v = preg_replace("/\\-.*\$/", "", $v);
$header .= "X-Mailer: webbler/phplist v" . VERSION . ' (http://www.phplist.com)' . "\n";
$from_address = $this->getConfig("message_from_address");
$from_name = $this->getConfig("message_from_name");
if ($from_name) {
$header .= "From: \"{$from_name}\" <{$from_address}>\n";
} else {
$header .= "From: {$from_address}\n";
}
$message_replyto_address = $this->getConfig("message_replyto_address");
if ($message_replyto_address) {
$header .= "Reply-To: {$message_replyto_address}\n";
} else {
$header .= "Reply-To: {$from_address}\n";
}
$v = VERSION;
$v = ereg_replace("-dev", "", $v);
$header .= "X-MessageID: systemmessage\n";
if ($useremail) {
$header .= "X-User: "******"\n";
}
if ($this->message_envelope) {
$header = rtrim($header);
if ($header) {
$header .= "\n";
}
$header .= "Errors-To: " . $this->message_envelope;
if (!$parameters || !ereg("-f" . $this->message_envelope)) {
$parameters = '-f' . $this->message_envelope;
}
}
if (!ereg("dev", VERSION)) {
if (mail($to, $subject, $message, $header, $parameters)) {
return 1;
} else {
return mail($to, $subject, $message, $header);
}
} else {
# send mails to one place when running a test version
$message = "To: {$to}\n" . $message;
if ($this->developer_email) {
return mail($this->developer_email, $subject, $message, $header, $parameters);
} else {
print "Error: Running CVS version, but developer_email not set";
}
}
}
print '<div id="add-user-button">' . PageLinkButton('adduser', $GLOBALS['I18N']->get('Add a User')) . '</div>';
print '</div>';
$some = 0;
$ls = new WebblerListing(s('users'));
$ls->usePanel($paging);
if ($result) {
while ($user = Sql_fetch_array($result)) {
$some = 1;
$ls->addElement($user['email'], PageURL2("user&start={$start}&id=" . $user['id'] . $find_url));
$ls->setClass($user['email'], 'row1');
## we make one column with the subscriber status being "on" or "off"
## two columns are too confusing and really unnecessary
# ON = confirmed && !blacklisted
# $ls->addColumn($user["email"], $GLOBALS['I18N']->get('confirmed'), $user["confirmed"] ? $GLOBALS["img_tick"] : $GLOBALS["img_cross"]);
# if (in_array("blacklist", $columns)) {
$onblacklist = isBlackListed($user['email']);
# $ls->addColumn($user["email"], $GLOBALS['I18N']->get('bl l'), $onblacklist ? $GLOBALS["img_tick"] : $GLOBALS["img_cross"]);
# }
if ($user['confirmed'] && !$onblacklist) {
$ls_confirmed = $GLOBALS['img_tick'];
} else {
$ls_confirmed = $GLOBALS['img_cross'];
}
$ls_del = '';
# $ls->addColumn($user["email"], $GLOBALS['I18N']->get('del'), sprintf('<a href="%s" onclick="return deleteRec(\'%s\');">del</a>',PageUrl2('users'.$find_url), PageURL2("users&start=$start&delete=" .$user["id"])));
if (isSuperUser()) {
$ls_del = sprintf('<a href="javascript:deleteRec(\'%s\');" class="del">del</a>', PageURL2("users&start={$start}&find={$find}&findby={$findby}&delete=" . $user['id']));
}
/* if (isset ($user['foreignkey'])) {
$ls->addColumn($user["email"], $GLOBALS['I18N']->get('key'), $user["foreignkey"]);
}
print '<div class="tabbed">';
print '<ul>';
print '<li><a href="#messages">' . ucfirst($GLOBALS['I18N']->get('Campaigns')) . '</a></li>';
if (count($bounces)) {
print '<li><a href="#bounces">' . ucfirst($GLOBALS['I18N']->get('Bounces')) . '</a></li>';
}
print '<li><a href="#subscription">' . ucfirst($GLOBALS['I18N']->get('Subscription')) . '</a></li>';
print '</ul>';
print '<div id="messages">';
print $ls->display();
print '</div>';
print '<div id="bounces">';
print $bouncels->display();
print '</div>';
print '<div id="subscription">';
if (isBlackListed($user['email'])) {
print '<h3>' . $GLOBALS['I18N']->get('subscriber is blacklisted since') . ' ';
$blacklist_info = Sql_Fetch_Array_Query(sprintf('select * from %s where email = "%s"', $tables['user_blacklist'], $user['email']));
print $blacklist_info['added'] . '</h3><br/>';
print '';
$isSpamReport = false;
$ls = new WebblerListing($GLOBALS['I18N']->get('Blacklist info'));
$req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables['user_blacklist_data'], $user['email']));
while ($row = Sql_Fetch_Array($req)) {
$ls->addElement($row['name']);
$isSpamReport = $isSpamReport || $row['data'] == 'blacklisted due to spam complaints';
$ls->addColumn($row['name'], $GLOBALS['I18N']->get('value'), stripslashes($row['data']));
}
$ls->addElement('<!-- remove -->');
if (!$isSpamReport) {
$button = new ConfirmButton(htmlspecialchars($GLOBALS['I18N']->get('are you sure you want to delete this subscriber from the blacklist')) . '?\\n' . htmlspecialchars($GLOBALS['I18N']->get('it should only be done with explicit permission from this subscriber')), PageURL2("userhistory&unblacklist={$user['id']}&id={$user['id']}", 'button', s('remove subscriber from blacklist')), s('remove subscriber from blacklist'));
$information_changed = 0;
foreach ($current_data as $key => $val) {
if (!is_numeric($key)) {
if (isset($old_data[$key]) && $old_data[$key] != $val && $old_data[$key] && $key != "password" && $key != "modified") {
$information_changed = 1;
$history_entry .= "{$key} = {$val}\n*changed* from {$old_data[$key]}\n";
}
}
}
if (!$information_changed) {
$history_entry .= "\nNo user details changed";
}
addUserHistory($user["systemvalues"]["email"], "Import by " . adminName(), $history_entry);
}
#add this user to the lists identified, except when they are blacklisted
$isBlackListed = isBlackListed($user["systemvalues"]["email"]);
if (!$isBlackListed && is_array($_SESSION["lists"])) {
reset($_SESSION["lists"]);
$addition = 0;
$listoflists = "";
while (list($key, $listid) = each($_SESSION["lists"])) {
$query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query, 1);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= " * " . listName($key) . "\n";
# $_SESSION["listname"][$key] . "\n";
}
if ($addition) {
$count["list_add"]++;
}
<?php
ob_end_clean();
## blacklist an email from commandline
if (!function_exists('cl_output')) {
function cl_output($message)
{
@ob_end_clean();
print strip_tags($message) . "\n";
$infostring = '';
ob_start();
}
}
$email = $cline['e'];
$uid = $cline['u'];
if (!empty($uid) && empty($email)) {
$emailreq = Sql_Fetch_Row_Query(sprintf('select email from %s where uniqid = "%s"', $GLOBALS['tables']['user'], $uid));
$email = $emailreq[0];
}
if (empty($email)) {
cl_output('No email');
exit;
}
if (isBlackListed($email)) {
cl_output('Already blacklisted');
exit;
}
addEmailToBlackList($email, 'blacklisted due to spam complaints');
cl_output($email . ' blacklisted');
exit;
function sendMail($to, $subject, $message, $header = "", $parameters = "")
{
mail($to, $subject, $message);
dbg("mail {$to} {$subject}");
if (TEST) {
return 1;
}
if (!$to) {
logEvent("Error: empty To: in message with subject {$subject} to send");
return 0;
} elseif (!$subject) {
logEvent("Error: empty Subject: in message to send to {$to}");
return 0;
}
if (isBlackListed($to)) {
logEvent("Error, {$to} is blacklisted, not sending");
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS["tables"]["user"], $to));
addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
return 0;
}
$v = phpversion();
$v = preg_replace("/\\-.*\$/", "", $v);
if ($GLOBALS["message_envelope"]) {
$header = rtrim($header);
if ($header) {
$header .= "\n";
}
$header .= "Errors-To: " . $GLOBALS["message_envelope"];
if (!$parameters || !ereg("-f" . $GLOBALS["message_envelope"], $parameters)) {
$parameters = '-f' . $GLOBALS["message_envelope"];
}
}
$header .= "X-Mailer: PHPlist v" . VERSION . ' (http://www.phplist.com)' . "\n";
if (WORKAROUND_OUTLOOK_BUG) {
$header = rtrim($header);
if ($header) {
$header .= "\n";
}
$header .= "X-Outlookbug-fixed: Yes";
$message = preg_replace("/\r?\n/", "\r\n", $message);
}
if (!ereg("dev", VERSION)) {
if ($v > "4.0.5" && !ini_get("safe_mode")) {
if (mail($to, $subject, $message, $header, $parameters)) {
return 1;
} else {
return mail($to, $subject, $message, $header);
}
} else {
return mail($to, $subject, $message, $header);
}
} else {
# send mails to one place when running a test version
$message = "To: {$to}\n" . $message;
if ($GLOBALS["developer_email"]) {
return mail($GLOBALS["developer_email"], $subject, $message, $header, $parameters);
} else {
print "Error: Running CVS version, but developer_email not set";
}
}
}
function confirmPage($id)
{
global $tables, $envelope;
if (!$_GET["uid"]) {
FileNotFound();
}
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_GET["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
if ($userdata["id"]) {
$blacklisted = isBlackListed($userdata["email"]);
$html = '<ul>';
$lists = '';
Sql_Query("update {$tables["user"]} set confirmed = 1,blacklisted = 0 where id = " . $userdata["id"]);
$req = Sql_Query(sprintf('select name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id']));
if (!Sql_Affected_Rows()) {
$lists = "\n * " . $GLOBALS["strNoLists"];
$html .= '<li>' . $GLOBALS["strNoLists"] . '</li>';
}
while ($row = Sql_fetch_array($req)) {
$lists .= "\n *" . stripslashes($row["name"]);
$html .= '<li class="list">' . stripslashes($row["name"]) . '<div class="listdescription">' . stripslashes($row["description"]) . '</div></li>';
}
$html .= '</ul>';
if ($blacklisted) {
unBlackList($userdata['id']);
addUserHistory($userdata["email"], "Confirmation", "User removed from Blacklist for manual confirmation of subscription");
}
addUserHistory($userdata["email"], "Confirmation", "Lists: {$lists}");
$spage = $userdata["subscribepage"];
$confirmationmessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("confirmationmessage:{$spage}", $userdata["id"]));
if (!TEST) {
sendMail($userdata["email"], getConfig("confirmationsubject:{$spage}"), $confirmationmessage, system_messageheaders(), $envelope);
$adminmessage = $userdata["email"] . " has confirmed their subscription";
if ($blacklisted) {
$adminmessage .= "\nUser has been removed from blacklist";
}
sendAdminCopy("List confirmation", $adminmessage);
addSubscriberStatistics('confirmation', 1);
}
$info = $GLOBALS["strConfirmInfo"];
} else {
logEvent("Request for confirmation for invalid user ID: " . substr($_GET["uid"], 0, 150));
$html .= 'Error: ' . $GLOBALS["strUserNotFound"];
$info = $GLOBALS["strConfirmFailInfo"];
}
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $data['language_file'])) {
@(include dirname(__FILE__) . '/texts/' . $data['language_file']);
}
$res = '<title>' . $GLOBALS["strConfirmTitle"] . '</title>';
$res .= $data["header"];
$res .= '<h1>' . $info . '</h1>';
$res .= $html;
$res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $data["footer"];
return $res;
}
function isBlackListedID($userid = 0)
{
if (!$userid) {
return 0;
}
$email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = {$userid}");
return isBlackListed($email[0]);
}
values("%s",now(),1,1,"%s")', $tables["user"], $line, $uniqid);
$result = Sql_query($query, 1);
$userid = Sql_insert_id();
if (empty($userid)) {
$count['duplicate']++;
## mark the subscriber confirmed, don't touch blacklisted
## hmm, maybe not, can be done on the reconcile page
# Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $tables["user"], $line));
$idreq = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $tables["user"], $line));
$userid = $idreq[0];
} else {
$count['imported']++;
addUserHistory($line, $GLOBALS['I18N']->get('import_by') . ' ' . adminName(), '');
}
## do not add them to the list(s) when blacklisted
$isBlackListed = isBlackListed($line);
if (!$isBlackListed) {
$count['addedtolist']++;
foreach ($selected_lists as $k => $listid) {
$query = "replace into " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query);
}
} else {
$count['foundonblacklist']++;
}
} else {
$count['invalid']++;
$rejectReport['invalid'] .= "\n" . $line;
## @TODO hmm, this can blow up
}
$count['processed']++;
function sendMail($to, $subject, $message, $header = "", $parameters = "", $skipblacklistcheck = 0)
{
if (TEST) {
return 1;
}
# do a quick check on mail injection attempt, @@@ needs more work
if (preg_match("/\n/", $to)) {
logEvent("Error: invalid recipient, containing newlines, email blocked");
return 0;
}
if (preg_match("/\n/", $subject)) {
logEvent("Error: invalid subject, containing newlines, email blocked");
return 0;
}
if (!$to) {
logEvent("Error: empty To: in message with subject {$subject} to send");
return 0;
} elseif (!$subject) {
logEvent("Error: empty Subject: in message to send to {$to}");
return 0;
}
if (!$skipblacklistcheck && isBlackListed($to)) {
logEvent("Error, {$to} is blacklisted, not sending");
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS["tables"]["user"], $to));
addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed");
return 0;
}
if ($GLOBALS['usephpmailer']) {
return sendMailPhpMailer($to, $subject, $message);
} else {
return sendMailOriginal($to, $subject, $message, $header, $parameters);
}
return 0;
}
print '<p>' . PageLink2("dlusers", $GLOBALS['I18N']->get('Download all users as CSV file'), "nocache=" . uniqid("")) . ' <br/>';
print PageLink2("user", $GLOBALS['I18N']->get('Add a User')) . '</p>';
?>
</td></tr>
</table>
<?php
$some = 0;
$ls = new WebblerListing("users");
if ($result) {
while ($user = Sql_fetch_array($result)) {
$some = 1;
$ls->addElement($user["email"], PageURL2("user&start={$start}&id=" . $user["id"] . $find_url));
$ls->addColumn($user["email"], $GLOBALS['I18N']->get('confirmed'), $user["confirmed"] ? $GLOBALS["img_tick"] : $GLOBALS["img_cross"]);
if (in_array("blacklist", $columns)) {
$onblacklist = isBlackListed($user["email"]);
$ls->addColumn($user["email"], $GLOBALS['I18N']->get('bl l'), $onblacklist ? $GLOBALS["img_tick"] : $GLOBALS["img_cross"]);
}
$ls->addColumn($user["email"], $GLOBALS['I18N']->get('del'), sprintf("<a href=\"javascript:deleteRec('%s');\">del</a>", PageURL2("users", "delete", "start={$start}&delete=" . $user["id"])));
if (isset($user['foreignkey'])) {
$ls->addColumn($user["email"], $GLOBALS['I18N']->get('key'), $user["foreignkey"]);
}
if (isset($user["display"])) {
$ls->addColumn($user["email"], " ", $user["display"]);
}
if (in_array("lists", $columns)) {
$lists = Sql_query("SELECT count(*) FROM " . $tables["listuser"] . "," . $tables["list"] . " where userid = " . $user["id"] . " and " . $tables["listuser"] . ".listid = " . $tables["list"] . ".id");
$membership = Sql_fetch_row($lists);
$ls->addColumn($user["email"], $GLOBALS['I18N']->get('lists'), $membership[0]);
}
if (in_array("messages", $columns)) {
print '<div class="tabbed">';
print '<ul>';
print '<li><a href="#messages">' . ucfirst($GLOBALS['I18N']->get('Campaigns')) . '</a></li>';
if (count($bounces)) {
print '<li><a href="#bounces">' . ucfirst($GLOBALS['I18N']->get('Bounces')) . '</a></li>';
}
print '<li><a href="#subscription">' . ucfirst($GLOBALS['I18N']->get('Subscription')) . '</a></li>';
print '</ul>';
print '<div id="messages">';
print $ls->display();
print '</div>';
print '<div id="bounces">';
print $bouncels->display();
print '</div>';
print '<div id="subscription">';
if (isBlackListed($user["email"])) {
print "<h3>" . $GLOBALS['I18N']->get('subscriber is blacklisted since') . " ";
$blacklist_info = Sql_Fetch_Array_Query(sprintf('select * from %s where email = "%s"', $tables["user_blacklist"], $user["email"]));
print $blacklist_info["added"] . "</h3><br/>";
print '';
$isSpamReport = false;
$ls = new WebblerListing($GLOBALS['I18N']->get('Blacklist info'));
$req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user_blacklist_data"], $user["email"]));
while ($row = Sql_Fetch_Array($req)) {
$ls->addElement($row["name"]);
$isSpamReport = $isSpamReport || $row['data'] == 'blacklisted due to spam complaints';
$ls->addColumn($row["name"], $GLOBALS['I18N']->get('value'), stripslashes($row["data"]));
}
$ls->addElement('<!-- remove -->');
if (!$isSpamReport) {
$button = new ConfirmButton(htmlspecialchars($GLOBALS['I18N']->get('are you sure you want to delete this subscriber from the blacklist')) . "?\\n" . htmlspecialchars($GLOBALS['I18N']->get('it should only be done with explicit permission from this subscriber')), PageURL2("userhistory&unblacklist={$user["id"]}&id={$user["id"]}", "button", s('remove subscriber from blacklist')), s('remove subscriber from blacklist'));
function forwardPage($id)
{
global $data, $tables, $envelope;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
## Check requirements
# user
if (!isset($_REQUEST["uid"]) || !$_REQUEST['uid']) {
FileNotFound();
}
$firstpage = 1;
## is this the initial page or a followup
# forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
#0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
$emailCount++;
} else {
$info .= sprintf('<BR />' . $GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<BR />' . $GLOBALS["strForwardCountReached"];
$ok = false;
}
} else {
$ok = false;
}
# message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$req = Sql_Query(sprintf('select * from %s where id = %d', $tables["message"], $mid));
$messagedata = Sql_Fetch_Array($req);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
#mid set
## get userdata
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_REQUEST["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
$req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user"], $forwardemail));
$forwarduserdata = Sql_Fetch_Array($req);
#0011996: forward to friend - personal message
# text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata["id"] && $mid) {
if ($ok && count($emails)) {
## All is well, send it
require 'admin/sendemaillib.php';
#0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = getAttributeIDbyName(FORWARD_FRIEND_COUNT_ATTRIBUTE);
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
#0011860: forward to friend, multiple emails
foreach ($emails as $index => $email) {
#0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
$info .= '<BR />' . $email . ': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
# forward the message
# sendEmail will take care of blacklisting
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS["strForwardSuccessInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " has forwarded a message {$mid} to {$email}");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
$nFriends++;
}
} else {
$info .= $GLOBALS["strForwardFailInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " tried forwarding a message {$mid} to {$email} but failed");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
}
# foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
}
#ok & emails
} else {
# no valid sender
logEvent("Forward request from invalid user ID: " . substr($_REQUEST["uid"], 0, 150));
$info .= '<BR />' . $GLOBALS["strForwardFailInfo"];
$ok = false;
}
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . basename($data['language_file']))) {
@(include dirname(__FILE__) . '/texts/' . basename($data['language_file']));
}
## BAS Multiple Forward
## build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
#0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$form .= '<BR /><H2>' . $GLOBALS['strForwardEnterEmail'] . '</H2>';
$form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
} else {
$form .= '<BR /><H2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</H2>';
$form .= sprintf('<textarea name="email" rows=10 cols=50 class="attributeinput">%s</textarea>', $forwardemail);
}
#0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</H2>', FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$form .= sprintf('<BR/><textarea type=text name="personalNote" rows=%d cols=%d class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type=submit value="%s"></form>', $GLOBALS['strContinue']);
}
### END BAS
### Michiel, remote response page
$remote_content = '';
if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://' . $url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
if ($firstpage) {
## this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info . $form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>' . $GLOBALS["strForwardTitle"] . '</title>';
$res .= $data["header"];
$res .= '<h1>' . $subtitle . '</h1>';
if ($ok) {
$res .= '<h2>' . $info . '</h2>';
} else {
$res .= '<div class="missing">' . $info . '</div>';
}
$res .= $form;
$res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $data["footer"];
}
### END MICHIEL
return $res;
}