function ListAttributes($attributes, $attributedata, $htmlchoice = 0, $userid = 0, $emaildoubleentry = 'no')
{
global $strPreferHTMLEmail, $strPreferTextEmail, $strEmail, $tables, $table_prefix, $strPreferredFormat, $strText, $strHTML;
/* if (!sizeof($attributes)) {
return "No attributes have been defined for this page";
}
*/
if ($userid) {
$data = array();
$current = Sql_Fetch_array_Query("select * from {$GLOBALS['tables']['user']} where id = {$userid}");
$datareq = Sql_Query("select * from {$GLOBALS['tables']['user_attribute']} where userid = {$userid}");
while ($row = Sql_Fetch_Array($datareq)) {
$data[$row['attributeid']] = $row['value'];
}
$email = obfuscateEmailAddress($current['email']);
$htmlemail = $current['htmlemail'];
# override with posted info
foreach ($current as $key => $val) {
if (isset($_POST[$key]) && $key != 'password') {
$current[$key] = $val;
}
}
} else {
if (isset($_REQUEST['email'])) {
$email = stripslashes($_REQUEST['email']);
} else {
$email = '';
}
if (isset($_POST['htmlemail'])) {
$htmlemail = $_POST['htmlemail'];
}
$data = array();
$current = array();
}
$textlinewidth = sprintf('%d', getConfig('textline_width'));
if (!$textlinewidth) {
$textlinewidth = 40;
}
list($textarearows, $textareacols) = explode(',', getConfig('textarea_dimensions'));
if (!$textarearows) {
$textarearows = 10;
}
if (!$textareacols) {
$textareacols = 40;
}
$html = '';
if (!isset($_GET['page']) || isset($_GET['page']) && $_GET['page'] != 'import1') {
$html = sprintf('
<tr><td><div class="required">%s *</div></td>
<td class="attributeinput"><input type=text name=email value="%s" size="%d" />
<script language="Javascript" type="text/javascript">addFieldToCheck("email","%s");</script></td></tr>', $GLOBALS['strEmail'], htmlspecialchars($email), $textlinewidth, $GLOBALS['strEmail']);
}
// BPM 12 May 2004 - Begin
if ($emaildoubleentry == 'yes') {
if (!isset($_REQUEST['emailconfirm'])) {
$_REQUEST['emailconfirm'] = '';
}
$html .= sprintf('
<tr><td><div class="required">%s *</div></td>
<td class="attributeinput"><input type=text name=emailconfirm value="%s" size="%d" />
<script language="Javascript" type="text/javascript">addFieldToCheck("emailconfirm","%s");</script></td></tr>', $GLOBALS['strConfirmEmail'], htmlspecialchars(stripslashes($_REQUEST['emailconfirm'])), $textlinewidth, $GLOBALS['strConfirmEmail']);
}
// BPM 12 May 2004 - Finish
if (isset($_GET['page']) && $_GET['page'] != 'import1' || !isset($_GET['page'])) {
if (ASKFORPASSWORD) {
# we only require a password if there isnt one, so they can set it
# otherwise they can keep the existing, if they do not enter anything
if (!isset($current['password']) || !$current['password']) {
$pwdclass = 'required';
$js = sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("password","%s");</script>', $GLOBALS['strPassword']);
$js2 = sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("password_check","%s");</script>', $GLOBALS['strPassword2']);
$html .= '<input type="hidden" name="passwordreq" value="1" />';
} else {
$pwdclass = 'attributename';
$html .= '<input type="hidden" name="passwordreq" value="0" />';
}
$html .= sprintf('
<tr><td><div class="%s">%s</div></td>
<td class="attributeinput"><input type=password name=password value="" size="%d" />%s</td></tr>', $pwdclass, $GLOBALS['strPassword'], $textlinewidth, $js);
$html .= sprintf('
<tr><td><div class="%s">%s</div></td>
<td class="attributeinput"><input type="password" name="password_check" value="" size="%d" />%s</td></tr>', $pwdclass, $GLOBALS['strPassword2'], $textlinewidth, $js2);
}
}
## Write attribute fields
switch ($htmlchoice) {
case 'textonly':
if (!isset($htmlemail)) {
$htmlemail = 0;
}
$html .= sprintf('<input type="hidden" name="htmlemail" value="0" />');
break;
case 'htmlonly':
if (!isset($htmlemail)) {
$htmlemail = 1;
}
$html .= sprintf('<input type="hidden" name="htmlemail" value="1" />');
break;
case 'checkfortext':
if (!isset($htmlemail)) {
$htmlemail = 1;
}
$html .= sprintf('<tr><td colspan="2">
<span class="attributeinput">
<input type="checkbox" name="textemail" value="1" %s /></span>
<span class="attributename">%s</span>
</td></tr>', !$htmlemail ? 'checked="checked"' : '', $strPreferTextEmail);
break;
case 'radiotext':
if (!isset($htmlemail)) {
$htmlemail = 0;
}
$html .= sprintf('<tr><td colspan="2">
<span class="attributename">%s<br/>
<span class="attributeinput"><input type=radio name="htmlemail" value="0" %s /></span>
<span class="attributename">%s</span>
<span class="attributeinput"><input type=radio name="htmlemail" value="1" %s /></span>
<span class="attributename">%s</span></td></tr>', $strPreferredFormat, !$htmlemail ? 'checked="checked"' : '', $strText, $htmlemail ? 'checked="checked"' : '', $strHTML);
break;
case 'radiohtml':
if (!isset($htmlemail)) {
$htmlemail = 1;
}
$html .= sprintf('<tr><td colspan="2">
<span class="attributename">%s</span><br/>
<span class="attributeinput"><input type="radio" name="htmlemail" value="0" %s /></span>
<span class="attributename">%s</span>
<span class="attributeinput"><input type="radio" name="htmlemail" value="1" %s /></span>
<span class="attributename">%s</span></td></tr>', $strPreferredFormat, !$htmlemail ? 'checked="checked"' : '', $strText, $htmlemail ? 'checked="checked"' : '', $strHTML);
break;
case 'checkforhtml':
default:
if (!isset($htmlemail)) {
$htmlemail = 1;
}
$html .= sprintf('<tr><td colspan="2">
<span class="attributeinput"><input type="checkbox" name="htmlemail" value="1" %s /></span>
<span class="attributename">%s</span></td></tr>', $htmlemail ? 'checked="checked"' : '', $strPreferHTMLEmail);
break;
}
$html .= "\n";
$attids = implode(',', array_keys($attributes));
$output = array();
if ($attids) {
$res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ({$attids})");
while ($attr = Sql_Fetch_Array($res)) {
$output[$attr['id']] = '';
if (!isset($data[$attr['id']])) {
$data[$attr['id']] = '';
}
$attr['required'] = $attributedata[$attr['id']]['required'];
$attr['default_value'] = $attributedata[$attr['id']]['default_value'];
$fieldname = 'attribute' . $attr['id'];
# print "<tr><td>".$attr["id"]."</td></tr>";
if ($userid && !isset($_POST[$fieldname])) {
# post values take precedence
$val = Sql_Fetch_Row_Query(sprintf('select value from %s where
attributeid = %d and userid = %d', $GLOBALS['tables']['user_attribute'], $attr['id'], $userid));
$_POST[$fieldname] = $val[0];
} elseif (!isset($_POST[$fieldname])) {
$_POST[$fieldname] = 0;
}
switch ($attr['type']) {
case 'checkbox':
$output[$attr['id']] = '<tr><td colspan="2">';
# what they post takes precedence over the database information
if ($_POST[$fieldname]) {
$checked = $_POST[$fieldname] ? 'checked="checked"' : '';
} else {
$checked = $data[$attr['id']] ? 'checked="checked"' : '';
}
$output[$attr['id']] .= sprintf("\n" . '<input type="checkbox" name="%s" value="on" %s class="attributeinput" />', $fieldname, $checked);
$output[$attr['id']] .= sprintf("\n" . '<span class="%s">%s</span>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']) . ' *' : stripslashes($attr['name']));
if ($attr['required']) {
$output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>', $fieldname, $attr['name']);
}
break;
case 'radio':
$output[$attr['id']] .= sprintf("\n" . '<tr><td colspan="2"><div class="%s">%s</div>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']) . ' *' : stripslashes($attr['name']));
$values_request = Sql_Query("select * from {$table_prefix}" . 'listattr_' . $attr['tablename'] . ' order by listorder,name');
while ($value = Sql_Fetch_array($values_request)) {
if (!empty($_POST[$fieldname])) {
$checked = $_POST[$fieldname] == $value['id'] ? 'checked="checked"' : '';
} elseif ($data[$attr['id']]) {
$checked = $data[$attr['id']] == $value['id'] ? 'checked="checked"' : '';
} else {
$checked = $attr['default_value'] == $value['name'] ? 'checked="checked"' : '';
}
$output[$attr['id']] .= sprintf('<input type="radio" class="attributeinput" name="%s" value="%s" %s /> %s ', $fieldname, $value['id'], $checked, $value['name']);
}
if ($attr['required']) {
$output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addGroupToCheck("%s","%s");</script>', $fieldname, $attr['name']);
}
break;
case 'select':
$output[$attr['id']] .= sprintf("\n" . '<tr><td><div class="%s">%s</div>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']) . ' *' : stripslashes($attr['name']));
$values_request = Sql_Query("select * from {$table_prefix}" . 'listattr_' . $attr['tablename'] . ' order by listorder,name');
$output[$attr['id']] .= sprintf('</td><td class="attributeinput"><!--%d--><select name="%s" class="attributeinput">', $data[$attr['id']], $fieldname);
while ($value = Sql_Fetch_array($values_request)) {
if (!empty($_POST[$fieldname])) {
$selected = $_POST[$fieldname] == $value['id'] ? 'selected="selected"' : '';
} elseif ($data[$attr['id']]) {
$selected = $data[$attr['id']] == $value['id'] ? 'selected="selected"' : '';
} elseif (!empty($attr['default_value'])) {
$selected = strtolower($attr['default_value']) == strtolower($value['name']) ? 'selected="selected"' : '';
} elseif (strtolower($attr['name']) == 'country' && !empty($_SERVER['GEOIP_COUNTRY_NAME'])) {
$selected = strtolower($_SERVER['GEOIP_COUNTRY_NAME']) == strtolower($value['name']) ? 'selected="selected"' : '';
} else {
$selected = '';
}
if (preg_match('/^' . preg_quote(EMPTY_VALUE_PREFIX) . '/i', $value['name'])) {
$value['id'] = '';
}
$output[$attr['id']] .= sprintf('<option value="%s" %s>%s', $value['id'], $selected, stripslashes($value['name']));
}
$output[$attr['id']] .= '</select>';
break;
case 'checkboxgroup':
$output[$attr['id']] .= sprintf("\n" . '<tr><td><div class="%s">%s</div>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']) . ' *' : stripslashes($attr['name']));
$values_request = Sql_Query("select * from {$table_prefix}" . 'listattr_' . $attr['tablename'] . ' order by listorder,name');
$output[$attr['id']] .= sprintf('</td>');
$first_td = 0;
while ($value = Sql_Fetch_array($values_request)) {
$selected = '';
if (is_array($_POST[$fieldname])) {
$selected = in_array($value['id'], $_POST[$fieldname]) ? 'checked' : '';
} elseif ($data[$attr['id']]) {
$selection = explode(',', $data[$attr['id']]);
$selected = in_array($value['id'], $selection) ? 'checked="checked"' : '';
}
if ($first_td == 0) {
$output[$attr['id']] .= sprintf('<td class="attributeinput"><input type="checkbox" name="%s[]" class="attributeinput" value="%s" %s /> %s</td>', $fieldname, $value['id'], $selected, stripslashes($value['name']));
$output[$attr['id']] .= sprintf('</tr>');
} else {
$output[$attr['id']] .= sprintf('<tr><td><div></div></td><td class="attributeinput"><input type="checkbox" name="%s[]" class="attributeinput" value="%s" %s /> %s</td></tr>', $fieldname, $value['id'], $selected, stripslashes($value['name']));
}
++$first_td;
}
$first_td = 0;
break;
case 'textline':
$output[$attr['id']] .= sprintf("\n" . '<tr><td><div class="%s">%s</div>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'] . ' *' : $attr['name']);
$output[$attr['id']] .= sprintf('</td><td class="attributeinput">
<input type="text" name="%s" class="attributeinput" size="%d" value="%s" />', $fieldname, $textlinewidth, $_POST[$fieldname] ? htmlspecialchars(stripslashes($_POST[$fieldname])) : ($data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']));
if ($attr['required']) {
$output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>', $fieldname, $attr['name']);
}
break;
case 'textarea':
$output[$attr['id']] .= sprintf("\n" . '<tr><td colspan="2">
<div class="%s">%s</div></td></tr>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'] . ' *' : $attr['name']);
$output[$attr['id']] .= sprintf('<tr><td class="attributeinput" colspan="2">
<textarea name="%s" rows="%d" class="attributeinput" cols="%d" wrap="virtual">%s</textarea>', $fieldname, $textarearows, $textareacols, $_POST[$fieldname] ? htmlspecialchars(stripslashes($_POST[$fieldname])) : ($data[$attr['id']] ? htmlspecialchars(stripslashes($data[$attr['id']])) : $attr['default_value']));
if ($attr['required']) {
$output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>', $fieldname, $attr['name']);
}
break;
case 'hidden':
$output[$attr['id']] .= sprintf('<input type="hidden" name="%s" size="40" value="%s" />', $fieldname, $data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']);
break;
case 'date':
require_once dirname(__FILE__) . '/date.php';
$date = new Date();
$postval = $date->getDate($fieldname);
if ($data[$attr['id']]) {
$val = $data[$attr['id']];
} else {
$val = $postval;
}
$output[$attr['id']] = sprintf("\n" . '<tr><td><div class="%s">%s</div>', $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'] . ' *' : $attr['name']);
$output[$attr['id']] .= sprintf('</td><td class="attributeinput">
%s</td></tr>', $date->showInput($fieldname, '', $val));
break;
default:
print '<!-- error: huh, invalid attribute type -->';
}
$output[$attr['id']] .= "</td></tr>\n";
}
}
# make sure the order is correct
foreach ($attributes as $attribute => $listorder) {
if (isset($output[$attribute])) {
$html .= $output[$attribute];
}
}
return $html;
}
function unsubscribePage($id)
{
global $tables;
$email = '';
$userid = 0;
$msg = '';
## for unsubscribe, don't validate host
$GLOBALS['check_for_host'] = 0;
$res = '<title>' . $GLOBALS['strUnsubscribeTitle'] . '</title>' . "\n";
$res .= $GLOBALS['pagedata']['header'];
if (isset($_GET['uid'])) {
$userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid'])));
$email = $userdata['email'];
$displayEmail = obfuscateEmailAddress($userdata['email']);
$userid = $userdata['id'];
$isBlackListed = $userdata['blacklisted'] != '0';
$blacklistRequest = false;
} else {
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
$displayEmail = obfuscateEmailAddress($email);
}
if (!validateEmail($email)) {
$email = '';
}
#0013076: Blacklisting posibility for unknown users
# Set flag for blacklisting
$blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend';
# only proceed when user has confirm the form
if ($blacklistRequest && is_email($email)) {
$_POST['unsubscribe'] = 1;
$_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist');
}
}
if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) {
$_POST['unsubscribe'] = 1;
$_REQUEST['email'] = $email;
if (!empty($_GET['jo'])) {
$blacklistRequest = true;
$_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested');
} else {
$_POST['unsubscribereason'] = s('"Jump off" set, reason not requested');
}
}
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
# print $pluginname.'<br/>';
if ($plugin->unsubscribePage($email)) {
return;
}
}
if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) {
## all conditions met, do the unsubscribe
#0013076: Blacklisting posibility for unknown users
// It would be better to do this above, where the email is set for the other cases.
// But to prevent vulnerabilities let's keep it here for now. [bas]
if (!$blacklistRequest) {
$query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"', $tables['user'], sql_escape($email)));
$userid = $query[0];
$email = $query[1];
$isBlackListed = !empty($query[2]);
}
if (!$userid) {
#0013076: Blacklisting posibility for unknown users
if ($blacklistRequest && !empty($email)) {
addUserToBlacklist($email, $_POST['unsubscribereason']);
addSubscriberStatistics('blacklist', 1);
$res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>';
} else {
$res .= $GLOBALS['strNoListsFound'];
#'Error: '.$GLOBALS["strUserNotFound"];
logEvent('Request to unsubscribe non-existent user: '******'select listid from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid));
while ($row = Sql_Fetch_Row($listsreq)) {
array_push($subscriptions, $row[0]);
}
## 17753 - do not actually remove the list-membership when unsubscribing
# $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid));
$lists = ' * ' . $GLOBALS['strAllMailinglists'] . "\n";
if (empty($isBlackListed)) {
// only process when not already marked as blacklisted
# add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
addUserHistory($email, 'Unsubscription', "Unsubscribed from {$lists}");
$unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:{$id}", $userid));
sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true);
$reason = $_POST['unsubscribereason'] ? "Reason given:\n" . stripslashes($_POST['unsubscribereason']) : 'No Reason given';
sendAdminCopy('List unsubscription', $email . " has unsubscribed\n{$reason}", $subscriptions);
addSubscriberStatistics('unsubscription', 1);
}
}
if ($userid) {
$res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>';
}
#0013076: Blacklisting posibility for unknown users
//if ($blacklistRequest) {
//$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>";
//}
$res .= $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
} elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) {
$msg = '<span class="error">' . $GLOBALS['strEnterEmail'] . '</span><br>';
}
$res .= '<h3>' . $GLOBALS['strUnsubscribeInfo'] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />';
if (empty($displayEmail) && !isset($_POST['email']) || empty($email)) {
$res .= '<p>' . $GLOBALS['strEnterEmail'] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>';
} else {
$res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS['strEmail'] . ': ' . $displayEmail . '</p>';
}
if (!$email) {
$res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>';
$res .= $GLOBALS['PoweredBy'];
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
$current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password
from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"', $tables['list'], $tables['listuser'], $tables['user'], sql_escape($email)));
$some = $current['listid'];
if (ASKFORPASSWORD && !empty($user['password'])) {
# it is safe to link to the preferences page, because it will still ask for
# a password
$hash = $current['userhash'];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
# they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS['strUnsubscribeFinalInfo'];
$pref_url = getConfig('preferencesurl');
$sep = strpos($pref_url, '?') !== false ? '&' : '?';
$finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext);
if (!$some) {
#0013076: Blacklisting posibility for unknown users
if (!$blacklistRequest) {
$res .= '<b>' . $GLOBALS['strNoListsFound'] . '</b></ul>';
}
$res .= '<p><input type=submit value="' . $GLOBALS['strUnsubscribe'] . '">';
} else {
if ($blacklistRequest) {
$res .= $GLOBALS['strExplainBlacklist'];
} elseif (!UNSUBSCRIBE_JUMPOFF) {
list($r, $c) = explode(',', getConfig('textarea_dimensions'));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS['strUnsubscribeRequestForReason'];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext;
}
$res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS['strUnsubscribe'] . '"></p>';
}
$res .= '</form>';
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}