function resendConfirm($id)
{
global $tables, $envelope;
$userdata = Sql_Fetch_Array_Query("select * from {$tables['user']} where id = {$id}");
$lists_req = Sql_Query(sprintf('select %s.name from %s,%s where
%s.listid = %s.id and %s.userid = %d', $tables['list'], $tables['list'], $tables['listuser'], $tables['listuser'], $tables['list'], $tables['listuser'], $id));
while ($row = Sql_Fetch_Row($lists_req)) {
$lists .= ' * ' . $row[0] . "\n";
}
if ($userdata['subscribepage']) {
$subscribemessage = str_replace('[LISTS]', $lists, getUserConfig('subscribemessage:' . $userdata['subscribepage'], $id));
$subject = getConfig('subscribesubject:' . $userdata['subscribepage']);
} else {
$subscribemessage = str_replace('[LISTS]', $lists, getUserConfig('subscribemessage', $id));
$subject = getConfig('subscribesubject');
}
logEvent($GLOBALS['I18N']->get('Resending confirmation request to') . ' ' . $userdata['email']);
if (!TEST) {
return sendMail($userdata['email'], $subject, $_REQUEST['prepend'] . $subscribemessage, system_messageheaders($userdata['email']), $envelope);
}
}
function resendConfirm($id)
{
global $tables, $envelope, $prepend;
$userdata = Sql_Fetch_Array_Query("select * from {$tables["user"]} where id = {$id}");
$lists_req = Sql_Query(sprintf('select %s.name from %s,%s where
%s.listid = %s.id and %s.userid = %d', $tables["list"], $tables["list"], $tables["listuser"], $tables["listuser"], $tables["list"], $tables["listuser"], $id));
while ($row = Sql_Fetch_Row($lists_req)) {
$lists .= ' * ' . $row[0] . "\n";
}
if ($userdata["subscribepage"]) {
$subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage:" . $userdata["subscribepage"], $id));
$subject = getConfig("subscribesubject:" . $userdata["subscribepage"]);
} else {
$subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage", $id));
$subject = getConfig("subscribesubject");
}
logEvent("Resending confirmation request to " . $userdata["email"]);
if (!TEST) {
return sendMail($userdata["email"], $subject, $prepend . $subscribemessage, system_messageheaders($userdata["email"]), $envelope);
}
}
function sendAdminCopy($subject, $message)
{
$sendcopy = getConfig("send_admin_copies");
if ($sendcopy == "true") {
$admin_mail = getConfig("admin_address");
$mails = explode(",", getConfig("admin_addresses"));
array_push($mails, $admin_mail);
$sent = array();
foreach ($mails as $admin_mail) {
$admin_mail = trim($admin_mail);
if (!$sent[$admin_mail] && $admin_mail) {
sendMail($admin_mail, $subject, $message, system_messageheaders($admin_mail));
$sent[$admin_mail] = 1;
}
}
}
}
reset($lists);
$addition = 0;
$listoflists = "";
while (list($key, $listid) = each($lists)) {
$query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},current_timestamp)";
$result = Sql_query($query);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= " * " . $available_lists[$listid] . "\n";
}
if ($addition) {
$additional_emails++;
}
if (!TEST && $_POST["notify"] == "yes" && $addition) {
$subscribemessage = str_replace('[LISTS]', $listoflists, getUserConfig("subscribemessage", $userid));
sendMail($email, getConfig("subscribesubject"), $subscribemessage, system_messageheaders(), $envelope);
}
}
// end if
}
// end foreach
$num_lists = sizeof($lists);
# be grammatically correct :-)
$displists = $num_lists == 1 ? $GLOBALS['I18N']->get('list') : $GLOBALS['I18N']->get('lists');
$dispemail = $count_email_add == 1 ? $GLOBALS['I18N']->get('new email was') . " " : $GLOBALS['I18N']->get('new emails were') . " ";
$dispemail2 = $additional_emails == 1 ? $GLOBALS['I18N']->get('email was') . " " : $GLOBALS['I18N']->get('emails were') . " ";
if (!$some && !$additional_emails) {
print "<br/>" . $GLOBALS['I18N']->get("All the emails already exist in the database and are members of the") . " {$displists}.";
} else {
print "{$count_email_add} {$dispemail} " . $GLOBALS['I18N']->get("succesfully imported to the database and added to") . " {$num_lists} {$displists}.<br/>{$additional_emails} {$dispemail2} " . $GLOBALS['I18N']->get("subscribed to the") . " {$displists}";
if ($count_exist) {
function unsubscribePage($id)
{
global $tables;
$email = '';
$userid = 0;
$msg = '';
## for unsubscribe, don't validate host
$GLOBALS['check_for_host'] = 0;
$res = '<title>' . $GLOBALS['strUnsubscribeTitle'] . '</title>' . "\n";
$res .= $GLOBALS['pagedata']['header'];
if (isset($_GET['uid'])) {
$userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid'])));
$email = $userdata['email'];
$userid = $userdata['id'];
$isBlackListed = $userdata['blacklisted'] != '0';
$blacklistRequest = false;
} else {
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
}
if (!validateEmail($email)) {
$email = '';
}
#0013076: Blacklisting posibility for unknown users
# Set flag for blacklisting
$blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend';
# only proceed when user has confirm the form
if ($blacklistRequest && is_email($email)) {
$_POST['unsubscribe'] = 1;
$_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist');
}
}
if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) {
$_POST['unsubscribe'] = 1;
$_REQUEST['email'] = $email;
if (!empty($_GET['jo'])) {
$blacklistRequest = true;
$_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested');
} else {
$_POST['unsubscribereason'] = s('"Jump off" set, reason not requested');
}
}
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
# print $pluginname.'<br/>';
if ($plugin->unsubscribePage($email)) {
return;
}
}
if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) {
## all conditions met, do the unsubscribe
#0013076: Blacklisting posibility for unknown users
// It would be better to do this above, where the email is set for the other cases.
// But to prevent vulnerabilities let's keep it here for now. [bas]
if (!$blacklistRequest) {
$query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"', $tables['user'], sql_escape($email)));
$userid = $query[0];
$email = $query[1];
$isBlackListed = !empty($query[2]);
}
if (!$userid) {
#0013076: Blacklisting posibility for unknown users
if ($blacklistRequest && !empty($email)) {
addUserToBlacklist($email, $_POST['unsubscribereason']);
addSubscriberStatistics('blacklist', 1);
$res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>';
} else {
$res .= $GLOBALS['strNoListsFound'];
#'Error: '.$GLOBALS["strUserNotFound"];
logEvent('Request to unsubscribe non-existent user: '******'select listid from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid));
while ($row = Sql_Fetch_Row($listsreq)) {
array_push($subscriptions, $row[0]);
}
## 17753 - do not actually remove the list-membership when unsubscribing
# $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid));
$lists = ' * ' . $GLOBALS['strAllMailinglists'] . "\n";
if (empty($isBlackListed)) {
// only process when not already marked as blacklisted
# add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
addUserHistory($email, 'Unsubscription', "Unsubscribed from {$lists}");
$unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:{$id}", $userid));
sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true);
$reason = $_POST['unsubscribereason'] ? "Reason given:\n" . stripslashes($_POST['unsubscribereason']) : 'No Reason given';
sendAdminCopy('List unsubscription', $email . " has unsubscribed\n{$reason}", $subscriptions);
addSubscriberStatistics('unsubscription', 1);
}
}
if ($userid) {
$res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>';
}
#0013076: Blacklisting posibility for unknown users
//if ($blacklistRequest) {
//$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>";
//}
$res .= $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
} elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) {
$msg = '<span class="error">' . $GLOBALS['strEnterEmail'] . '</span><br>';
}
$res .= '<h3>' . $GLOBALS['strUnsubscribeInfo'] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />';
if (!isset($_POST['email']) || empty($email)) {
$res .= '<p>' . $GLOBALS['strEnterEmail'] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>';
} else {
$res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS['strEmail'] . ': ' . $email . '</p>';
}
if (!$email) {
$res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>';
$res .= $GLOBALS['PoweredBy'];
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
$current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password
from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"', $tables['list'], $tables['listuser'], $tables['user'], sql_escape($email)));
$some = $current['listid'];
if (ASKFORPASSWORD && !empty($user['password'])) {
# it is safe to link to the preferences page, because it will still ask for
# a password
$hash = $current['userhash'];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
# they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS['strUnsubscribeFinalInfo'];
$pref_url = getConfig('preferencesurl');
$sep = strpos($pref_url, '?') !== false ? '&' : '?';
$finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext);
if (!$some) {
#0013076: Blacklisting posibility for unknown users
if (!$blacklistRequest) {
$res .= '<b>' . $GLOBALS['strNoListsFound'] . '</b></ul>';
}
$res .= '<p><input type=submit value="' . $GLOBALS['strUnsubscribe'] . '">';
} else {
if ($blacklistRequest) {
$res .= $GLOBALS['strExplainBlacklist'];
} elseif (!UNSUBSCRIBE_JUMPOFF) {
list($r, $c) = explode(',', getConfig('textarea_dimensions'));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS['strUnsubscribeRequestForReason'];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext;
}
$res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS['strUnsubscribe'] . '"></p>';
}
$res .= '</form>';
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
$message = ereg_replace('\[CONFIRMATIONINFO\]', "", $message);
}
print '<title>'.$GLOBALS["strPreferencesTitle"].'</title>';
print $subscribepagedata["header"];
if (!TEST) {
if ($emailchanged) {
if (sendMail($data["email"],getConfig("updatesubject"),$oldaddressmessage, system_messageheaders($email),$envelope) &&
sendMail($email,getConfig("updatesubject"),$newaddressmessage, system_messageheaders($email),$envelope)) {
$ok = 1;
sendAdminCopy("Lists information changed",$data["email"] . " has changed their information.\nThe email has changed to $email.");
} else {
$ok = 0;
}
} else {
if (sendMail($email, getConfig("updatesubject"), $message, system_messageheaders($email),$envelope)) {
$ok = 1;
sendAdminCopy("Lists information changed",$data["email"] . " has changed their information");
} else {
$ok = 0;
}
}
} else {
$ok = 1;
}
if ($ok) {
print '<h3>'.$GLOBALS["strPreferencesUpdated"].'</h3>';
if ($emailchanged)
echo $strPreferencesEmailChanged;
print "<br/>";
echo $strPreferencesNotificationSent;
function sendAdminCopy($subject, $message, $lists = array())
{
$sendcopy = getConfig('send_admin_copies');
if ($sendcopy) {
$lists = cleanArray($lists);
$mails = array();
if (count($lists) && SEND_LISTADMIN_COPY) {
$mailsreq = Sql_Query(sprintf('select email from %s admin, %s list where admin.id = list.owner and list.id in (%s)', $GLOBALS['tables']['admin'], $GLOBALS['tables']['list'], implode(',', $lists)));
while ($row = Sql_Fetch_Array($mailsreq)) {
array_push($mails, $row['email']);
}
}
## hmm, do we want to be exclusive? Either listadmin or main ones
## could do all instead
if (!count($mails)) {
$admin_mail = getConfig('admin_address');
if ($c = getConfig('admin_addresses')) {
$mails = explode(',', $c);
}
array_push($mails, $admin_mail);
}
$sent = array();
foreach ($mails as $admin_mail) {
$admin_mail = trim($admin_mail);
if (!isset($sent[$admin_mail]) && !empty($admin_mail)) {
sendMail($admin_mail, $subject, $message, system_messageheaders($admin_mail));
// logEvent(s('Sending admin copy to').' '.$admin_mail);
$sent[$admin_mail] = 1;
}
}
}
}
$listoflists = "";
while (list($key, $listid) = each($_SESSION["lists"])) {
$query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query, 1);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= " * " . listName($key) . "\n";
# $_SESSION["listname"][$key] . "\n";
}
if ($addition) {
$count["list_add"]++;
}
if (!TEST && $_SESSION["notify"] == "yes" && $addition) {
$subscribemessage = str_replace('[LISTS]', $listoflists, getUserConfig("subscribemessage", $userid));
if (function_exists('sendmail')) {
sendMail($user["systemvalues"]["email"], getConfig("subscribesubject"), $subscribemessage, system_messageheaders(), $envelope);
if (isset($_SESSION["throttle_import"])) {
sleep($_SESSION["throttle_import"]);
}
}
}
} elseif ($isBlackListed) {
$count['foundblacklisted']++;
}
if (!is_array($_SESSION["groups"])) {
$groups = array();
} else {
$groups = $_SESSION["groups"];
}
if (isset($everyone_groupid) && !in_array($everyone_groupid, $groups)) {
array_push($groups, $everyone_groupid);
function unsubscribePage($id)
{
$pagedata = pageData($id);
if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $pagedata['language_file'])) {
@(include dirname(__FILE__) . '/texts/' . $pagedata['language_file']);
}
global $tables;
$res .= '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>';
$res = $pagedata["header"];
if (isset($_GET["uid"])) {
$req = Sql_Query("select * from {$tables['user']} where uniqid = \"" . $_GET["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
$email = $userdata["email"];
if (UNSUBSCRIBE_JUMPOFF) {
$_POST["unsubscribe"] = 1;
$_POST["email"] = $email;
$_POST["unsubscribereason"] = '"Jump off" set, reason not requested';
}
}
if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) {
if (isset($_POST["email"])) {
$email = trim($_POST["email"]);
} else {
$email = $_POST["unsubscribeemail"];
}
$query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"{$email}\"");
$userid = $query[0];
$email = $query[1];
if (!$userid) {
$res .= 'Error: ' . $GLOBALS["strUserNotFound"];
logEvent("Request to unsubscribe non-existent user: "******"email"], 0, 150));
} else {
$result = Sql_query("delete from {$tables["listuser"]} where userid = \"{$userid}\"");
$lists = " * " . $GLOBALS["strAllMailinglists"] . "\n";
# add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}");
$unsubscribemessage = ereg_replace("\\[LISTS\\]", $lists, getUserConfig("unsubscribemessage", $userid));
sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email));
$reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given";
sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}");
addSubscriberStatistics('unsubscription', 1);
}
if ($userid) {
$res .= '<h1>' . $GLOBALS["strUnsubscribeDone"] . "</h1><P>";
}
$res .= $GLOBALS["PoweredBy"] . '</p>';
$res .= $pagedata["footer"];
return $res;
} elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) {
$msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>";
} elseif (!empty($_GET["email"])) {
$email = trim($_GET["email"]);
} else {
if (isset($_REQUEST["email"])) {
$email = $_REQUEST["email"];
} elseif (isset($_REQUEST['unsubscribeemail'])) {
$email = $_REQUEST['unsubscribeemail'];
} elseif (!isset($email)) {
$email = '';
}
}
if (!isset($msg)) {
$msg = '';
}
$res .= '<b>' . $GLOBALS["strUnsubscribeInfo"] . '</b><br>' . $msg . formStart();
$res .= '<table>
<tr><td>' . $GLOBALS["strEnterEmail"] . ':</td><td colspan=3><input type=text name="unsubscribeemail" value="' . $email . '" size=40></td></tr>
</table>';
if (!$email) {
$res .= "<input type=submit name=unsubscribe value=\"{$GLOBALS['strContinue']}\"></form>\n";
$res .= $GLOBALS["PoweredBy"];
$res .= $pagedata["footer"];
return $res;
}
$current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash, user.password as password FROM {$tables['list']} as list,{$tables['listuser']} as listuser,{$tables['user']} as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"{$email}\"");
$some = $current["listid"];
if (ASKFORPASSWORD && !empty($user['password'])) {
# it is safe to link to the preferences page, because it will still ask for
# a password
$hash = $current["userhash"];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
# they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS["strUnsubscribeFinalInfo"];
$pref_url = getConfig("preferencesurl");
$sep = ereg('\\?', $pref_url) ? '&' : '?';
$finaltext = eregi_replace('\\[preferencesurl\\]', $pref_url . $sep . 'uid=' . $hash, $finaltext);
if (!$some) {
$res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>";
$res .= '<p><input type=submit value="' . $GLOBALS["strResubmit"] . '">';
} else {
list($r, $c) = explode(",", getConfig("textarea_dimensions"));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS["strUnsubscribeRequestForReason"];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . '
' . $finaltext . '
<p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>';
}
$res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>';
$res .= $pagedata["footer"];
return $res;
}
$listoflists = '';
while (list($key, $listid) = each($_SESSION['lists'])) {
$query = 'replace INTO ' . $tables['listuser'] . " (userid,listid,entered) values({$userid},{$listid},now())";
$result = Sql_query($query, 1);
# if the affected rows is 2, the user was already subscribed
$addition = $addition || Sql_Affected_Rows() == 1;
$listoflists .= ' * ' . listName($key) . "\n";
# $_SESSION["listname"][$key] . "\n";
}
if ($addition) {
++$count['list_add'];
}
if (!TEST && $_SESSION['notify'] == 'yes' && $addition) {
$subscribemessage = str_replace('[LISTS]', $listoflists, getUserConfig('subscribemessage', $userid));
if (function_exists('sendmail')) {
sendMail($user['systemvalues']['email'], getConfig('subscribesubject'), $subscribemessage, system_messageheaders(), $envelope);
if (isset($_SESSION['throttle_import'])) {
sleep($_SESSION['throttle_import']);
}
}
}
} elseif ($isBlackListed) {
## mark blacklisted, just in case ##17288
Sql_Query(sprintf('update %s set blacklisted = 1 where id = %d', $tables['user'], $userid));
++$count['foundblacklisted'];
}
if (!is_array($_SESSION['groups'])) {
$groups = array();
} else {
$groups = $_SESSION['groups'];
}
function unsubscribePage($id) {
$pagedata = pageData($id);
global $tables;
$res = $pagedata["header"];
$res .= '<title>'.$GLOBALS["strUnsubscribeTitle"].'</title>';
if ($_POST["unsubscribe"] && eregi(".+\@.+\..+",$_POST["email"]) && $_POST["list"]) {
$email = trim($_POST["email"]);
$result = Sql_query("SELECT * FROM $tables[list]");
while ($row = Sql_fetch_array($result)) {
if ($row["active"])
$availlists[$row["id"]] = $row["name"];
}
$query = Sql_Fetch_Row_Query("select id from {$tables["user"]} where email = \"$email\"");
$userid = $query[0];
if ($_POST["list"] && !$_POST["list"]["none"]) {
if ($_POST["list"]["all"]) {
$result = Sql_query("delete from {$tables["listuser"]} where userid = \"$userid\"");
$lists = " * $strAllMailinglists\n";
} else {
while(list($key,$val)= each($_POST["list"])) {
if ($val == "signoff") {
$result = Sql_query("delete from $tables[listuser] where userid = \"$userid\" and listid = \"$key\"");
$lists .= " * ".$availlists[$key] . "\n";
}
}
}
$unsubscribemessage = ereg_replace("\[LISTS\]", $lists,getUserConfig("unsubscribemessage",$userid));
sendMail($email, getConfig("unsubscribesubject"), $unsubscribemessage, system_messageheaders($email));
sendAdminCopy("List unsubscription",$email . " has unsubscribed from\n $lists");
}
$res .= '<h1>'.$GLOBALS["strUnsubscribeDone"] ."</h1><P>";
$res .= $GLOBALS["PoweredBy"].'</p>';
$res .= $pagedata["footer"];
return $res;
} elseif ($_POST["unsubscribe"] && !$_POST["email"]) {
$msg = '<span class="error">'.$GLOBALS["strEnterEmail"]."</span><br>";
} elseif ($_GET["uid"]) {
$req = Sql_Query("select * from $tables[user] where uniqid = \"".$_GET["uid"]."\"");
$userdata = Sql_Fetch_Array($req);
$email = $userdata["email"];
} elseif ($_GET["email"]) {
$email = trim($_GET["email"]);
} else {
$email = $_POST["email"];
}
$res .= '<b>'. $GLOBALS["strUnsubscribeInfo"].'</b><br>'.
$msg.formStart();
$res .= '<table>
<tr><td>'.$GLOBALS["strEnterEmail"].':</td><td colspan=3><input type=text name=email value="'.$email.'" size=40></td></tr>
</table>';
if (!$email) {
$res .= "<input type=submit name=unsubscribe value=\"$GLOBALS[strContinue]\"></form>\n";
$res .= $GLOBALS["PoweredBy"];
$res .= $pagedata["footer"];
return $res;
}
$res .= $GLOBALS["strUnsubscribeSelect"].':';
$res .= '<ul>';
$result = Sql_query("SELECT $tables[list].id as id, $tables[list].name as name, $tables[list].description as description FROM $tables[list],$tables[listuser],$tables[user] where $tables[list].id = $tables[listuser].listid and $tables[user].id = $tables[listuser].userid and $tables[user].email = \"$email\"");
$num = Sql_Affected_Rows();
$hidesinglelist = getConfig("hide_single_list");
$hide = $num == 1 && $hidesinglelist == "true";
if (!$hide) {
$out = ' <li><input type=checkbox name=list[all] value=signoff>'.$GLOBALS["strAllLists"].'
<li><input type=checkbox name=list[none] value=signoff>'.$GLOBALS["strNoLists"];
}
while ($row = Sql_fetch_array($result)) {
if (!$hide) {
$out .= "<li><input type=checkbox name=list[".$row["id"] . "] value=signoff>".$row["name"] ." \n";
$desc = nl2br(StripSlashes($row["description"]));
$out .= "<dd>$desc\n";
} else {
$out .= "<input type=hidden name=list[".$row["id"] . "] value=signoff>";
}
$some = 1;
}
if (!$some) {
$res .= "<b>".$GLOBALS["strNoListsFound"]."</b>";
$res .= '<p><input type=submit value="'.$GLOBALS["strResubmit"].'">';
} else {
$res .= $out;
$res .= '</ul>
<p><input type=submit name=unsubscribe value="'.$GLOBALS["strUnsubscribeSubmit"].'">';
}
$res .= '<p>'.$GLOBALS["PoweredBy"].'</p>';
$res .= $pagedata["footer"];
return $res;
}
# assigning to $_SESSION this is broken in 4.2.3
$_SESSION["logindetails"] = array("adminname" => $_REQUEST["login"], "id" => $userdata[2]);
if ($_POST["page"] && $_POST["page"] != "") {
$page = $_POST["page"];
}
} else {
$_SESSION["adminloggedin"] = "";
$_SESSION["logindetails"] = "";
$msg = "invalid password";
$page = "login";
}
} elseif ($_REQUEST["forgotpassword"]) {
$req = Sql_Query('select email,password,loginname from ' . $tables["admin"] . ' where email = "' . $_REQUEST["forgotpassword"] . '"');
if (Sql_Affected_Rows()) {
$row = Sql_Fetch_Row($req);
sendMail($row[0], "Your password for PHPlist", "\n\nYour loginname is {$row['2']}\nYour password is {$row['1']}", system_messageheaders(), $envelope_from);
$msg = "Your password has been sent by email";
}
$page = "login";
} elseif (!session_is_registered("adminloggedin")) {
$page = "login";
} elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != getenv("REMOTE_ADDR")) {
$msg = "Your IP address has changed. For security reasons, please login again";
$_SESSION["adminloggedin"] = "";
$_SESSION["logindetails"] = "";
$page = "login";
} elseif ($_SESSION["logindetails"]) {
$noaccess_req = Sql_Fetch_Row_Query(sprintf('select id,disabled from %s where id = "%s"', $tables["admin"], $_SESSION["logindetails"]["id"]));
if (!$noaccess_req[0]) {
session_unregister("adminloggedin");
session_unregister("logindetails");
