break; case "view": $subselect = ""; if (sizeof($_POST) || $_GET["unblacklist"]) { print Error($GLOBALS['I18N']->get('you only have privileges to view this page, not change any of the information')); return; } break; case "none": default: $subselect = " and " . $tables["list"] . ".id = 0"; break; } if (isset($_GET["unblacklist"])) { $unblacklist = sprintf('%d', $_GET["unblacklist"]); unBlackList($unblacklist); Redirect("userhistory&id=" . $unblacklist); } $result = Sql_query("SELECT * FROM {$tables["user"]} where id = {$id}"); if (!Sql_Affected_Rows()) { Fatal_Error($GLOBALS['I18N']->get('no such User')); return; } $user = sql_fetch_array($result); print '<h3>' . $GLOBALS['I18N']->get('user') . ' ' . PageLink2("user&id=" . $user["id"], $user["email"]) . '</h3>'; print '<div class="actions">'; //printf('<a href="%s" class="button">%s</a>',getConfig("preferencesurl"). //'&uid='.$user["uniqid"],$GLOBALS['I18N']->get('update page')); //printf('<a href="%s" class="button">%s</a>',getConfig("unsubscribeurl").'&uid='.$user["uniqid"],$GLOBALS['I18N']->get('unsubscribe page')); print PageLinkButton("user&id={$id}", $GLOBALS['I18N']->get('Details')); if ($access != "view") {
<?php if (!defined('PHPLISTINIT')) { die; } verifyCsrfGetToken(); if (isset($_GET['id'])) { $userid = sprintf('%d', $_GET['id']); } if (empty($userid)) { return; } if (!empty($_GET['blacklist'])) { $email = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['user'], $userid)); if (!empty($email[0])) { addUserToBlackList($email[0], s('Manually blacklisted by %s', $_SESSION['logindetails']['adminname'])); $status = 'OK'; } } elseif (!empty($_GET['unblacklist'])) { $email = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['user'], $userid)); if (!empty($email[0])) { unBlackList($userid); $status = 'OK'; } }
function confirmPage($id) { global $tables, $envelope; if (!$_GET["uid"]) { FileNotFound(); } $req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables["user"], sql_escape($_GET["uid"]))); $userdata = Sql_Fetch_Array($req); if ($userdata["id"]) { $blacklisted = isBlackListed($userdata["email"]); foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { $plugin->subscriberConfirmation($id, $userdata); } $html = '<ul>'; $lists = ''; Sql_Query("update {$tables["user"]} set confirmed = 1,blacklisted = 0 where id = " . $userdata["id"]); # just in case the DB is not updated, should be merged with the above later Sql_Query("update {$tables["user"]} set optedin = 1 where id = " . $userdata["id"], 1); $subscriptions = array(); $req = Sql_Query(sprintf('select list.id,name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id'])); if (!Sql_Affected_Rows()) { $lists = "\n * " . $GLOBALS["strNoLists"]; $html .= '<li>' . $GLOBALS["strNoLists"] . '</li>'; } while ($row = Sql_fetch_array($req)) { array_push($subscriptions, $row['id']); $lists .= "\n *" . stripslashes($row["name"]); $html .= '<li class="list">' . stripslashes($row["name"]) . '<div class="listdescription">' . stripslashes($row["description"]) . '</div></li>'; } $html .= '</ul>'; if ($blacklisted) { unBlackList($userdata['id']); addUserHistory($userdata["email"], "Confirmation", s("Subscriber removed from Blacklist for manual confirmation of subscription")); } if (empty($_SESSION['subscriberConfirmed'])) { addUserHistory($userdata["email"], "Confirmation", "Lists: {$lists}"); $confirmationmessage = str_ireplace('[LISTS]', $lists, getUserConfig("confirmationmessage:{$id}", $userdata["id"])); if (!TEST) { sendMail($userdata["email"], getConfig("confirmationsubject:{$id}"), $confirmationmessage, system_messageheaders(), $envelope); $adminmessage = $userdata["email"] . " has confirmed their subscription"; if ($blacklisted) { $adminmessage .= "\n\n" . s("Subscriber has been removed from blacklist"); } sendAdminCopy("List confirmation", $adminmessage, $subscriptions); addSubscriberStatistics('confirmation', 1); } } $_SESSION['subscriberConfirmed'] = time(); $info = $GLOBALS["strConfirmInfo"]; } else { logEvent("Request for confirmation for invalid user ID: " . substr($_GET["uid"], 0, 150)); $html .= 'Error: ' . $GLOBALS["strUserNotFound"]; $info = $GLOBALS["strConfirmFailInfo"]; } $res = '<title>' . $GLOBALS["strConfirmTitle"] . '</title>'; $res .= $GLOBALS['pagedata']["header"]; $res .= '<h3>' . $info . '</h3>'; $res .= $html; $res .= "<p>" . $GLOBALS["PoweredBy"] . '</p>'; $res .= $GLOBALS['pagedata']["footer"]; return $res; }
function confirmPage($id) { global $tables, $envelope; if (!$_GET['uid']) { FileNotFound(); } $req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid']))); $userdata = Sql_Fetch_Array($req); if ($userdata['id']) { $html = '<ul>'; $lists = ''; $currently = Sql_Fetch_Assoc_Query("select confirmed from {$tables['user']} where id = " . $userdata['id']); $blacklisted = isBlackListed($userdata['email']); foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { $plugin->subscriberConfirmation($id, $userdata); } Sql_Query("update {$tables['user']} set confirmed = 1,blacklisted = 0, optedin = 1 where id = " . $userdata['id']); $subscriptions = array(); $req = Sql_Query(sprintf('select list.id,name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id'])); if (!Sql_Affected_Rows()) { $lists = "\n * " . $GLOBALS['strNoLists']; $html .= '<li>' . $GLOBALS['strNoLists'] . '</li>'; } while ($row = Sql_fetch_array($req)) { array_push($subscriptions, $row['id']); $lists .= "\n *" . stripslashes($row['name']); $html .= '<li class="list">' . stripslashes($row['name']) . '<div class="listdescription">' . stripslashes($row['description']) . '</div></li>'; } $html .= '</ul>'; if ($blacklisted) { unBlackList($userdata['id']); addUserHistory($userdata['email'], 'Confirmation', s('Subscriber removed from Blacklist for manual confirmation of subscription')); } if (empty($_SESSION['subscriberConfirmed'])) { $_SESSION['subscriberConfirmed'] = array(); } ## 17513 - don't process confirmation if the subscriber is already confirmed if (empty($currently['confirmed']) && empty($_SESSION['subscriberConfirmed'][$userdata['email']])) { addUserHistory($userdata['email'], 'Confirmation', "Lists: {$lists}"); $confirmationmessage = str_ireplace('[LISTS]', $lists, getUserConfig("confirmationmessage:{$id}", $userdata['id'])); if (!TEST) { sendMail($userdata['email'], getConfig("confirmationsubject:{$id}"), $confirmationmessage, system_messageheaders(), $envelope); $adminmessage = $userdata['email'] . ' has confirmed their subscription'; if ($blacklisted) { $adminmessage .= "\n\n" . s('Subscriber has been removed from blacklist'); } sendAdminCopy('List confirmation', $adminmessage, $subscriptions); addSubscriberStatistics('confirmation', 1); } } else { $html = $GLOBALS['strAlreadyConfirmed']; } $_SESSION['subscriberConfirmed'][$userdata['email']] = time(); $info = $GLOBALS['strConfirmInfo']; } else { logEvent('Request for confirmation for invalid user ID: ' . substr($_GET['uid'], 0, 150)); $html = 'Error: ' . $GLOBALS['strUserNotFound']; $info = $GLOBALS['strConfirmFailInfo']; } $res = '<title>' . $GLOBALS['strConfirmTitle'] . '</title>'; $res .= $GLOBALS['pagedata']['header']; $res .= '<h3>' . $info . '</h3>'; $res .= $html; $res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; }
function confirmPage($id) { global $tables, $envelope; if (!$_GET["uid"]) { FileNotFound(); } $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_GET["uid"] . "\""); $userdata = Sql_Fetch_Array($req); if ($userdata["id"]) { $blacklisted = isBlackListed($userdata["email"]); $html = '<ul>'; $lists = ''; Sql_Query("update {$tables["user"]} set confirmed = 1,blacklisted = 0 where id = " . $userdata["id"]); $req = Sql_Query(sprintf('select name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id'])); if (!Sql_Affected_Rows()) { $lists = "\n * " . $GLOBALS["strNoLists"]; $html .= '<li>' . $GLOBALS["strNoLists"] . '</li>'; } while ($row = Sql_fetch_array($req)) { $lists .= "\n *" . stripslashes($row["name"]); $html .= '<li class="list">' . stripslashes($row["name"]) . '<div class="listdescription">' . stripslashes($row["description"]) . '</div></li>'; } $html .= '</ul>'; if ($blacklisted) { unBlackList($userdata['id']); addUserHistory($userdata["email"], "Confirmation", "User removed from Blacklist for manual confirmation of subscription"); } addUserHistory($userdata["email"], "Confirmation", "Lists: {$lists}"); $spage = $userdata["subscribepage"]; $confirmationmessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("confirmationmessage:{$spage}", $userdata["id"])); if (!TEST) { sendMail($userdata["email"], getConfig("confirmationsubject:{$spage}"), $confirmationmessage, system_messageheaders(), $envelope); $adminmessage = $userdata["email"] . " has confirmed their subscription"; if ($blacklisted) { $adminmessage .= "\nUser has been removed from blacklist"; } sendAdminCopy("List confirmation", $adminmessage); addSubscriberStatistics('confirmation', 1); } $info = $GLOBALS["strConfirmInfo"]; } else { logEvent("Request for confirmation for invalid user ID: " . substr($_GET["uid"], 0, 150)); $html .= 'Error: ' . $GLOBALS["strUserNotFound"]; $info = $GLOBALS["strConfirmFailInfo"]; } $data = PageData($id); if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $data['language_file'])) { @(include dirname(__FILE__) . '/texts/' . $data['language_file']); } $res = '<title>' . $GLOBALS["strConfirmTitle"] . '</title>'; $res .= $data["header"]; $res .= '<h1>' . $info . '</h1>'; $res .= $html; $res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>'; $res .= $data["footer"]; return $res; }