function mergeUser($userid)
{
$duplicate = Sql_Fetch_Array_Query("select * from {$GLOBALS["tables"]["user"]} where id = {$userid}");
printf('<br/>%s', $duplicate["email"]);
if (preg_match("/^duplicate[^ ]* (.*)/", $duplicate["email"], $regs)) {
print "-> " . $regs[1];
$email = $regs[1];
} elseif (preg_match("/^([^ ]+@[^ ]+) \\(\\d+\\)/", $duplicate["email"], $regs)) {
print "-> " . $regs[1];
$email = $regs[1];
} else {
$email = "";
}
if ($email) {
$orig = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $GLOBALS["tables"]["user"], $email));
if ($orig[0]) {
print " " . $GLOBALS['I18N']->get("user found");
$umreq = Sql_Query("select * from {$GLOBALS["tables"]["usermessage"]} where userid = " . $duplicate["id"]);
while ($um = Sql_Fetch_Array($umreq)) {
Sql_Query(sprintf('update %s set userid = %d, entered = "%s" where userid = %d and entered = "%s"', $GLOBALS["tables"]["usermessage"], $orig[0], $um["entered"], $duplicate["id"], $um["entered"]));
}
$bncreq = Sql_Query("select * from {$GLOBALS["tables"]["user_message_bounce"]} where user = "******"id"]);
while ($bnc = Sql_Fetch_Array($bncreq)) {
Sql_Query(sprintf('update %s set user = %d, time = "%s" where user = %d and time = "%s"', $GLOBALS["tables"]["user_message_bounce"], $orig[0], $bnc["time"], $duplicate["id"], $bnc["time"]));
}
Sql_Query("delete from {$GLOBALS["tables"]["listuser"]} where userid = " . $duplicate["id"]);
} else {
print " " . $GLOBALS['I18N']->get("no user found");
}
flush();
} else {
print "-> " . $GLOBALS['I18N']->get("unable to find original email");
}
}
function mergeUser($userid)
{
$duplicate = Sql_Fetch_Array_Query("select * from {$GLOBALS['tables']['user']} where id = {$userid}");
printf('<br/>%s', $duplicate['email']);
if (preg_match('/^duplicate[^ ]* (.*)/', $duplicate['email'], $regs)) {
print '-> ' . $regs[1];
$email = $regs[1];
} elseif (preg_match("/^([^ ]+@[^ ]+) \\(\\d+\\)/", $duplicate['email'], $regs)) {
print '-> ' . $regs[1];
$email = $regs[1];
} else {
$email = '';
}
if ($email) {
$orig = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $GLOBALS['tables']['user'], $email));
if ($orig[0]) {
print ' ' . $GLOBALS['I18N']->get('user found');
$umreq = Sql_Query("select * from {$GLOBALS['tables']['usermessage']} where userid = " . $duplicate['id']);
while ($um = Sql_Fetch_Array($umreq)) {
Sql_Query(sprintf('update %s set userid = %d, entered = "%s" where userid = %d and entered = "%s"', $GLOBALS['tables']['usermessage'], $orig[0], $um['entered'], $duplicate['id'], $um['entered']), 1);
}
$bncreq = Sql_Query("select * from {$GLOBALS['tables']['user_message_bounce']} where user = "******"%s" where user = %d and time = "%s"', $GLOBALS['tables']['user_message_bounce'], $orig[0], $bnc['time'], $duplicate['id'], $bnc['time']), 1);
}
Sql_Query("delete from {$GLOBALS['tables']['listuser']} where userid = " . $duplicate['id']);
Sql_Query("delete from {$GLOBALS['tables']['user_message_bounce']} where user = "******"delete from {$GLOBALS['tables']['usermessage']} where userid = " . $duplicate['id']);
if (MERGE_DUPLICATES_DELETE_DUPLICATE) {
deleteUser($duplicate['id']);
}
} else {
print ' ' . $GLOBALS['I18N']->get('no user found');
# so it must be save to rename the original to the actual email
Sql_Query(sprintf('update %s set email = "%s" where id = %d', $GLOBALS['tables']['user'], $email, $userid));
}
flush();
} else {
print '-> ' . $GLOBALS['I18N']->get('unable to find original email');
}
}
function isSuperUser()
{
## for now mark webbler admins superuser
if (defined('WEBBLER') || defined('IN_WEBBLER')) {
return 1;
}
global $tables;
$issuperuser = 0;
# if (!isset($_SESSION["adminloggedin"])) return 0;
# if (!is_array($_SESSION["logindetails"])) return 0;
if (isset($_SESSION["logindetails"]["superuser"])) {
return $_SESSION["logindetails"]["superuser"];
}
if (isset($_SESSION["logindetails"]["id"])) {
if (is_object($GLOBALS["admin_auth"])) {
$issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]);
} else {
$req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d', $tables["admin"], $_SESSION["logindetails"]["id"]));
$issuperuser = $req[0];
}
$_SESSION["logindetails"]["superuser"] = $issuperuser;
}
return $issuperuser;
}
$lists = array();
while ($row = Sql_Fetch_Row($req)) {
if ($allactive && $row[1] || $all) {
$lists[$row[0]] = $row[0];
}
}
}
unset($lists['all']);
unset($lists['allactive']);
if (isset($messagedata['excludelist']) && is_array($messagedata['excludelist']) && count($messagedata['excludelist'])) {
$exclude = sprintf(' and listuser.listid not in (%s)', implode(',', $messagedata['excludelist']));
} else {
$exclude = '';
}
$htmlcnt = Sql_Fetch_Row_Query(sprintf('select count(distinct userid) from %s listuser,%s user where user.htmlemail and user.id = listuser.userid and listuser.listid in (%s) %s', $GLOBALS['tables']['listuser'], $GLOBALS['tables']['user'], implode(',', array_keys($lists)), $exclude), 1);
$textcnt = Sql_Fetch_Row_Query(sprintf('select count(distinct userid) from %s listuser,%s user where !user.htmlemail and user.id = listuser.userid and listuser.listid in (%s) %s', $GLOBALS['tables']['listuser'], $GLOBALS['tables']['user'], implode(',', array_keys($lists)), $exclude), 1);
if ($htmlcnt[0] || $textcnt[0]) {
if (!isset($messagedata['textsize'])) {
$messagedata['textsize'] = 0;
}
if (!isset($messagedata['htmlsize'])) {
$messagedata['htmlsize'] = 0;
}
$send_content .= $GLOBALS['I18N']->get('Estimated size of mailout') . ': ' . formatBytes($htmlcnt[0] * $messagedata['htmlsize'] + $textcnt[0] * $messagedata['textsize']) . '<br/>';
## remember this to see how well the estimate was
Sql_Query(sprintf('replace into %s set name = "estimatedsize",id=%d,data = "%s"', $GLOBALS['tables']['messagedata'], $id, $htmlcnt[0] * $messagedata['htmlsize'] + $textcnt[0] * $messagedata['textsize']));
$send_content .= sprintf($GLOBALS['I18N']->get('About %d users to receive HTML and %s users to receive text version of email'), $htmlcnt[0], $textcnt[0]) . '<br/>';
Sql_Query(sprintf('replace into %s set name = "estimatedhtmlusers",id=%d,data = "%s"', $GLOBALS['tables']['messagedata'], $id, $htmlcnt[0]));
Sql_Query(sprintf('replace into %s set name = "estimatedtextusers",id=%d,data = "%s"', $GLOBALS['tables']['messagedata'], $id, $textcnt[0]));
}
}
function saveUser($loginname,$data) {
# saves user to database
$id_req = Sql_Fetch_Row_Query("select id from user where email = \"$loginname\"");
if ($id_req[0]) {
$userid = $id_req[0];
while (list($key,$val) = each($data)) {
if (ereg("^attribute(\d+)",$key,$regs)) {
$attid = $regs[1];
}
dbg("Saving attribute $key, $attid, $val for $loginname, $userid");
if ($userid && $attid)
saveUserAttribute($userid,$key,$val);
}
}
return 1;
}
$crit_data = parseDelimitedData($messagedata[sprintf('criterion%d', $i)]);
if ($crit_data["attribute"]) {
array_push($used_attributes, $crit_data["attribute"]);
$ls->addElement('<!--' . $crit_data["attribute"] . '-->' . $crit_data["attribute_name"]);
$ls->addColumn('<!--' . $crit_data["attribute"] . '-->' . $crit_data["attribute_name"], $GLOBALS['I18N']->get('operator'), $GLOBALS['I18N']->get($crit_data["operator"]));
$ls->addColumn('<!--' . $crit_data["attribute"] . '-->' . $crit_data["attribute_name"], $GLOBALS['I18N']->get('values'), $crit_data["values"]);
$ls->addColumn('<!--' . $crit_data["attribute"] . '-->' . $crit_data["attribute_name"], $GLOBALS['I18N']->get('remove'), PageLink2($delete_base . "&deleterule=" . $i, $GLOBALS['I18N']->get("remove")));
if (isset($_POST["criteria"][$i])) {
$attribute = $_POST["criteria"][$i];
} else {
$attribute = '';
}
## fix 6063
$crit_data["values"] = str_replace(" ", "", $crit_data["values"]);
# hmm, rather get is some other way, this is a bit unnecessary
$type = Sql_Fetch_Row_Query("select type from {$tables["attribute"]} where id = " . $crit_data["attribute"]);
$operator = $where_clause = $select_clause = "";
switch ($type[0]) {
case "checkboxgroup":
$or_clause = '';
if ($tc) {
$where_clause .= " {$mainoperator} ";
$select_clause .= " left join {$tables['user_attribute']} as table{$tc} on table0.userid = table{$tc}.userid ";
} else {
$select_clause = "table{$tc}.userid from {$tables['user_attribute']} as table{$tc} ";
}
$where_clause .= " ( table{$tc}.attributeid = " . $crit_data["attribute"] . " and (";
if ($crit_data["operator"] == "is") {
$operator = ' or ';
$compare = ' > ';
} else {
function isSuperUser()
{
global $tables;
if (!isset($_SESSION["adminloggedin"])) {
return 0;
}
if (!is_array($_SESSION["logindetails"])) {
return 0;
}
if (isset($_SESSION["logindetails"]["superuser"])) {
return $_SESSION["logindetails"]["superuser"];
}
if ($GLOBALS["require_login"]) {
if (is_object($GLOBALS["admin_auth"])) {
$issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]);
} else {
$req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d', $tables["admin"], $_SESSION["logindetails"]["id"]));
$issuperuser = $req[0];
}
$_SESSION["logindetails"]["superuser"] = $issuperuser;
return $issuperuser;
}
}
} elseif (is_file('config/config.php')) {
include 'config/config.php';
} else {
print "Error, cannot find config file\n";
exit;
}
require_once dirname(__FILE__) . '/admin/init.php';
$GLOBALS['database_module'] = basename($GLOBALS['database_module']);
$GLOBALS['language_module'] = basename($GLOBALS['language_module']);
require_once dirname(__FILE__) . '/admin/' . $GLOBALS['database_module'];
# load default english and language
include_once dirname(__FILE__) . '/texts/english.inc';
# Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'] . '/' . $GLOBALS['language_module'])) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/' . $GLOBALS['language_module'];
}
include_once dirname(__FILE__) . '/admin/languages.php';
require_once dirname(__FILE__) . '/admin/defaultconfig.php';
require_once dirname(__FILE__) . '/admin/connect.php';
include_once dirname(__FILE__) . '/admin/lib.php';
if (!empty($_GET['u']) && !empty($_GET['m'])) {
$_GET['u'] = preg_replace('/\\W/', '', $_GET['u']);
$userid = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $GLOBALS['tables']['user'], $_GET['u']));
if ($userid[0]) {
Sql_Query(sprintf('update %s set viewed = now() where messageid = %d and userid = %d and viewed is null', $GLOBALS['tables']['usermessage'], $_GET['m'], $userid[0]));
Sql_Query(sprintf('update %s set viewed = viewed + 1 where id = %d', $GLOBALS['tables']['message'], $_GET['m']));
}
}
@ob_end_clean();
header('Content-Type: image/png');
print base64_decode('iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAABGdBTUEAALGPC/xhBQAAAAZQTFRF////AAAAVcLTfgAAAAF0Uk5TAEDm2GYAAAABYktHRACIBR1IAAAACXBIWXMAAAsSAAALEgHS3X78AAAAB3RJTUUH0gQCEx05cqKA8gAAAApJREFUeJxjYAAAAAIAAUivpHEAAAAASUVORK5CYII=');
function saveUser($loginname, $data)
{
dbg("Saving user {$loginname}");
# saves user to database
$id_req = Sql_Fetch_Row_Query("select id from user where email = \"{$loginname}\"");
if ($id_req[0]) {
$userid = $id_req[0];
while (list($key, $val) = each($data)) {
if (preg_match("/^attribute(\\d+)/", $key, $regs)) {
$attid = $regs[1];
}
# dbg("Saving attribute $key, $attid, $val for $loginname, $userid");
if ($userid && $attid) {
saveUserAttribute($userid, $key, $val);
}
}
}
return 1;
}
## blacklist an email from commandline
if (!$GLOBALS['commandline']) {
print 'Error, this can only be called from commandline' . "\n";
exit;
}
$email = $date = $uid = '';
if (isset($cline['e'])) {
$email = $cline['e'];
}
if (isset($cline['u'])) {
$uid = $cline['u'];
}
if (isset($cline['d'])) {
$date = $cline['d'];
}
$emailQ = Sql_Fetch_Row_Query(sprintf('select email from %s where uniqid = "%s" or email = "%s" order by email desc', $GLOBALS['tables']['user'], sql_escape($uid), sql_escape($email)));
$emailDB = $emailQ[0];
if (empty($emailDB) && empty($email)) {
cl_output('FAIL');
exit;
}
if (isBlackListed($emailDB)) {
## do this anyway, just to be sure
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']['user'], $emailDB));
cl_output('OK');
exit;
}
if (!empty($emailDB)) {
## do this immediately
Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']['user'], $emailDB));
addEmailToBlackList($emailDB, 'blacklisted due to spam complaints', $date);
function RSSOptions($data,$userid = 0) {
global $rssfrequencies,$tables;
if ($userid) {
$current = Sql_Fetch_Row_Query("select rssfrequency from {$tables["user"]} where id = $userid");
$default = $current[0];
}
if (!$default || !in_array($default,array_keys($rssfrequencies))) {
$default = $data["rssdefault"];
}
$html = "\n<table>";
$html .= '<tr><td>'.$data["rssintro"].'</td></tr>';
$html .= '<tr><td>';
$options = explode(",",$data["rss"]);
if (!in_array($data["rssdefault"],$options)) {
array_push($options,$data["rssdefault"]);
}
foreach ($options as $freq) {
$html .= sprintf('<input type=radio name="rssfrequency" value="%s" %s> %s ',
$freq,$freq == $default ? "checked":"",$rssfrequencies[$freq]);
}
$html .= '</td></tr></table>';
if ($data["rssintro"])
return $html;
}
} else {
output($GLOBALS['I18N']->get('Warning, disabling exclusion of done users, too many found'));
logEvent($GLOBALS['I18N']->get('Warning, disabling exclusion of done users, too many found'));
}
# also exclude unconfirmed users, otherwise they'll block the process
# will give quite different statistics than when used web based
# $req = Sql_Query("select id from {$tables["user"]} where !confirmed");
# while ($row = Sql_Fetch_Row($req)) {
# array_push($doneusers,$row[0]);
# }
if (sizeof($doneusers))
$exclusion = " and listuser.userid not in (".join(",",$doneusers).")";
*/
if (USE_LIST_EXCLUDE) {
$excluded_lists = Sql_Fetch_Row_Query(sprintf('select data from %s where name = "excludelist" and id = %d', $GLOBALS["tables"]["messagedata"], $messageid));
if (strlen($excluded_lists[0])) {
$req = Sql_Query(sprintf('select listuser.userid from %s as listuser where listid in (%s)', $GLOBALS["tables"]["listuser"], $excluded_lists[0]));
while ($row = Sql_Fetch_Row($req)) {
array_push($skipusers, $row[0]);
}
$query .= sprintf(' and listuser.listid not in (%s)', $excluded_lists[0]);
}
if (sizeof($skipusers)) {
$exclusion .= " and listuser.userid not in (" . join(",", $skipusers) . ")";
}
}
$userconfirmed = ' and user.confirmed and !user.blacklisted ';
/*
## 8478
$query = sprintf('select distinct user.id from
$safemode = 0;
if (ini_get('safe_mode')) {
# keep an eye on timeouts
$safemode = 1;
$counters['num_per_batch'] = min(100, $counters['num_per_batch']);
print $GLOBALS['I18N']->get('Running in safe mode') . '<br/>';
}
$original_num_per_batch = $counters['num_per_batch'];
if ($counters['num_per_batch'] && $batch_period) {
# check how many were sent in the last batch period and take off that
# amount from this batch
/*
processQueueOutput(sprintf('select count(*) from %s where entered > date_sub(now(),interval %d second) and status = "sent"',
$tables["usermessage"],$batch_period));
*/
$recently_sent = Sql_Fetch_Row_Query(sprintf('select count(*) from %s where entered > date_sub(now(),interval %d second) and status = "sent"', $tables['usermessage'], $batch_period));
cl_output('Recently sent : ' . $recently_sent[0]);
$counters['num_per_batch'] -= $recently_sent[0];
# if this ends up being 0 or less, don't send anything at all
if ($counters['num_per_batch'] == 0) {
$counters['num_per_batch'] = -1;
}
}
# output some stuff to make sure it's not buffered in the browser
for ($i = 0; $i < 10000; ++$i) {
print ' ';
if ($i % 100 == 0) {
print "\n";
}
}
print '<style type="text/css" src="css/app.css"></style>';
function verifyToken()
{
if (empty($_POST['formtoken'])) {
return false;
}
## @@@TODO for now ignore the error. This will cause a block on editing admins if the table doesn't exist.
$req = Sql_Fetch_Row_Query(sprintf('select id from %s where adminid = %d and value = "%s" and expires > now()', $GLOBALS['tables']['admintoken'], $_SESSION['logindetails']['id'], sql_escape($_POST['formtoken'])), 1);
if (empty($req[0])) {
return false;
}
Sql_Query(sprintf('delete from %s where id = %d', $GLOBALS['tables']['admintoken'], $req[0]), 1);
Sql_Query(sprintf('delete from %s where expires < now()', $GLOBALS['tables']['admintoken']), 1);
return true;
}
}
} elseif (isset($_POST['tagaction']) && is_array($_POST['tag'])) {
ksort($_POST['tag']);
if (isset($_POST['tagaction']['delete'])) {
while (list($k, $id) = each($_POST['tag'])) {
# check for dependencies
$id = sprintf('%d', $id);
if ($formtable_exists) {
$req = Sql_Query("select * from formfield where attribute = {$id}");
$candelete = !Sql_Affected_Rows();
} else {
$candelete = 1;
}
if ($candelete) {
print s('deleting') . " {$id}<br/>";
$row = Sql_Fetch_Row_Query("select tablename,type from {$tables['attribute']} where id = {$id}");
Sql_Query("drop table if exists {$table_prefix}" . "listattr_{$row['0']}");
Sql_Query("delete from {$tables['attribute']} where id = {$id}");
# delete all user attributes as well
Sql_Query("delete from {$tables['user_attribute']} where attributeid = {$id}");
} else {
print Error($GLOBALS['I18N']->get('Cannot delete attribute, it is being used by the following forms:') . '<br/>');
while ($row = Sql_Fetch_Array($req)) {
print PageLink2('editelements&id=' . $row['form'] . '&option="edit_elements"&pi="formbuilder"', 'form ' . $row['form'] . '') . "<br/>\n";
}
}
}
} elseif (isset($_POST['tagaction']['merge'])) {
$first = array_shift($_POST['tag']);
$firstdata = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $tables['attribute'], $first));
$first = $firstdata['id'];
if (version_compare(PHP_VERSION, '5.1.2', '<') && WARN_ABOUT_PHP_SETTINGS) {
Error($GLOBALS['I18N']->get('phpList requires PHP version 5.1.2 or higher'));
}
if (defined("ENABLE_RSS") && ENABLE_RSS && !function_exists("xml_parse") && WARN_ABOUT_PHP_SETTINGS) {
Warn($GLOBALS['I18N']->get('You are trying to use RSS, but XML is not included in your PHP'));
}
if (ALLOW_ATTACHMENTS && WARN_ABOUT_PHP_SETTINGS && (!is_dir($GLOBALS["attachment_repository"]) || !is_writable($GLOBALS["attachment_repository"]))) {
if (ini_get("open_basedir")) {
Warn($GLOBALS['I18N']->get('open_basedir restrictions are in effect, which may be the cause of the next warning'));
}
Warn($GLOBALS['I18N']->get('The attachment repository does not exist or is not writable'));
}
if (MANUALLY_PROCESS_QUEUE && isSuperUser() && empty($_GET['pi']) && (!isset($_GET['page']) || $_GET['page'] != 'processqueue' && $_GET['page'] != 'messages' && $_GET['page'] != 'upgrade')) {
## avoid error on uninitialised DB
if (Sql_Table_exists($tables['message'])) {
$queued_count = Sql_Fetch_Row_Query(sprintf('select count(id) from %s where status in ("submitted","inprocess") and embargo < now()', $tables['message']));
if ($queued_count[0]) {
$link = PageLinkButton('processqueue', s('Process the queue'));
$link2 = PageLinkButton('messages&tab=active', s('View the queue'));
if ($link || $link2) {
print Info(sprintf(s('You have %s message(s) waiting to be sent'), $queued_count[0]) . '<br/>' . $link . ' ' . $link2);
}
}
}
}
}
# always allow access to the about page
if (isset($_GET['page']) && $_GET['page'] == 'about') {
$page = 'about';
$include = 'about.php';
}
while ($msg = Sql_fetch_array($result)) {
$editlink = '';
$messagedata = loadMessageData($msg['id']);
if ($messagedata['subject'] != $messagedata['campaigntitle']) {
$listingelement = '<!--' . $msg['id'] . '-->' . stripslashes($messagedata['campaigntitle']) . '<br/><strong>' . stripslashes($messagedata['subject']) . '</strong>';
} else {
$listingelement = '<!--' . $msg['id'] . '-->' . stripslashes($messagedata['subject']);
}
# $listingelement = '<!--'.$msg['id'].'-->'.stripslashes($messagedata["campaigntitle"]);
if ($msg['status'] == 'draft') {
$editlink = PageUrl2('send&id=' . $msg['id']);
}
$ls->addElement($listingelement, $editlink);
$ls->setClass($listingelement, 'row1');
$uniqueviews = Sql_Fetch_Row_Query("select count(userid) from {$tables['usermessage']} where viewed is not null and status = 'sent' and messageid = " . $msg['id']);
$clicks = Sql_Fetch_Row_Query("select sum(clicked) from {$tables['linktrack_ml']} where messageid = " . $msg['id']);
# $clicks = array(0);
/*
foreach ($messagedata as $key => $val) {
$ls->addColumn($listingelement,$key,$val);
}
*/
$ls->addColumn($listingelement, $GLOBALS['I18N']->get('Entered'), formatDateTime($msg['entered']));
$_GET['id'] = $msg['id'];
$statusdiv = '<div id="messagestatus' . $msg['id'] . '">';
include 'actions/msgstatus.php';
$statusdiv .= $status;
$statusdiv .= '</div>';
$GLOBALS['pagefooter']['statusupdate' . $msg['id']] = '<script type="text/javascript">
updateMessages.push(' . $msg['id'] . ');</script>';
$GLOBALS['pagefooter']['statusupdate'] = '<script type="text/javascript">window.setInterval("messagesStatusUpdate()",5000);</script>';
function forwardPage($id)
{
global $tables;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
$personalNote = '';
## Check requirements
# message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$messagedata = loadMessageData($mid);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
#mid set
# user
if (!isset($_REQUEST['uid']) || !$_REQUEST['uid']) {
FileNotFound();
}
## get userdata
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_REQUEST['uid'])));
$userdata = Sql_Fetch_Array($req);
## verify that this subscriber actually received this message to forward, otherwise they're not allowed
$allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d', $GLOBALS['tables']['usermessage'], $userdata['id'], $mid));
if (empty($userdata['id']) || $allowed[0] != $userdata['id']) {
## when sending a test email as an admin, the entry isn't there yet
if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != $_SERVER['REMOTE_ADDR']) {
FileNotFound('<br/><i>' . $GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.') . '</i><br/>');
}
}
$firstpage = 1;
## is this the initial page or a followup
# forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
#0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
++$emailCount;
} else {
$info .= sprintf('<br />' . $GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<br />' . $GLOBALS['strForwardCountReached'];
$ok = false;
}
} else {
$ok = false;
}
#0011996: forward to friend - personal message
# text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata['id'] && $mid) {
if ($ok && count($emails)) {
## All is well, send it
require_once 'admin/sendemaillib.php';
#0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = FORWARD_FRIEND_COUNT_ATTRIBUTE;
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
## remember the lists for this message in order to notify only those admins
## that own them
$messagelists = array();
$messagelistsreq = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS['tables']['listmessage'], $mid));
while ($row = Sql_Fetch_Row($messagelistsreq)) {
array_push($messagelists, $row[0]);
}
foreach ($emails as $index => $email) {
#0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
$info .= '<br />' . $email . ': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
# forward the message
# sendEmail will take care of blacklisting
### CHECK $email vs $forwardemail
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS['strForwardSuccessInfo'];
sendAdminCopy(s('Message Forwarded'), s('%s has forwarded message %d to %s', $userdata['email'], $mid, $email), $messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
++$nFriends;
}
} else {
$info .= $GLOBALS['strForwardFailInfo'];
sendAdminCopy(s('Message Forwarded'), s('%s tried forwarding message %d to %s but failed', $userdata['email'], $mid, $email), $messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
}
# foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
}
#ok & emails
} else {
# no valid sender
logEvent(s('Forward request from invalid user ID: %s', substr($_REQUEST['uid'], 0, 150)));
$info .= '<BR />' . $GLOBALS['strForwardFailInfo'];
$ok = false;
}
/*
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($data['language_file']))) {
@include dirname(__FILE__).'/texts/'.basename($data['language_file']);
}
*/
## BAS Multiple Forward
## build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
#0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$form .= '<br /><h2>' . $GLOBALS['strForwardEnterEmail'] . '</h2>';
$form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
} else {
$form .= '<br /><h2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</h2>';
$form .= sprintf('<textarea name="email" rows="10" cols="50" class="attributeinput">%s</textarea>', $forwardemail);
}
#0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</h2>', FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$form .= sprintf('<br/><textarea type="text" name="personalNote" rows="%d" cols="%d" class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type="submit" value="%s"></form>', $GLOBALS['strContinue']);
}
### END BAS
### Michiel, remote response page
$remote_content = '';
if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://' . $url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
if ($firstpage) {
## this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info . $form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>' . $GLOBALS['strForwardTitle'] . '</title>';
$res .= $GLOBALS['pagedata']['header'];
$res .= '<h3>' . $subtitle . '</h3>';
if ($ok) {
$res .= '<h4>' . $info . '</h4>';
} elseif (!empty($info)) {
$res .= '<div class="error missing">' . $info . '</div>';
}
$res .= $form;
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
}
### END MICHIEL
return $res;
}
function adminName($id = 0)
{
if (!$id) {
$id = $_SESSION["logindetails"]["id"];
}
if (is_object($GLOBALS["admin_auth"])) {
return $GLOBALS["admin_auth"]->adminName($id);
}
$req = Sql_Fetch_Row_Query(sprintf('select loginname from %s where id = %d', $GLOBALS["tables"]["admin"], $id));
return $req[0] ? $req[0] : "<font color=red>Nobody</font>";
}
function excludedDateForRepetition($date)
{
if (!is_array($GLOBALS['repeat_exclude'])) {
return 0;
}
foreach ($GLOBALS['repeat_exclude'] as $exclusion) {
$formatted_value = Sql_Fetch_Row_Query(sprintf('select date_format("%s","%s")', $date, $exclusion['format']));
foreach ($exclusion['values'] as $disallowed) {
if ($formatted_value[0] == $disallowed) {
return 1;
}
}
}
return 0;
}
<?php
require_once dirname(__FILE__) . '/accesscheck.php';
$spb = '<div>';
$spe = '</div>';
print $spb . PageLink2('bouncerules', $GLOBALS['I18N']->get('List Bounce Rules')) . $spe;
print $spb . PageLink2('bounces', $GLOBALS['I18N']->get('View Bounces')) . $spe;
print $spb . PageLink2('listbounces', $GLOBALS['I18N']->get('View Bounces per list')) . $spe;
print $spb . PageLink2('checkbouncerules', $GLOBALS['I18N']->get('Check Current Bounce Rules')) . $spe;
print $spb . PageLink2('processbounces', $GLOBALS['I18N']->get('Process Bounces')) . $spe;
$numrules = Sql_Fetch_Row_Query(sprintf('select count(*) from %s', $GLOBALS['tables']['bounceregex']));
if (!$numrules[0]) {
print '<p class="information">' . $GLOBALS['I18N']->get('You currently have no rules defined. You can click "Generate Bounce Rules" in order to auto-generate rules from your existing bounces. This will results in a lot of rules which you will need to review and activate. It will however, not catch every single bounce, so it will be necessary to add new rules over time when new bounces come in.') . '</p>';
} else {
print '<p class="information">' . $GLOBALS['I18N']->get('You have already defined bounce rules in your system. Be careful with generating new ones, because these may interfere with the ones that exist.') . '</p>';
}
print '<p class="button">' . PageLink2('generatebouncerules', $GLOBALS['I18N']->get('Generate Bounce Rules')) . '</p>';
}
function getTemplateLinks($content)
{
preg_match_all('/href="([^"]+)"/Ui', stripslashes($content), $links);
return $links[1];
}
$msg = '';
$checkfullimages = !empty($_POST['checkfullimages']) ? 1 : 0;
$checkimagesexist = !empty($_POST['checkimagesexist']) ? 1 : 0;
$checkfulllinks = !empty($_POST['checkfulllinks']) ? 1 : 0;
$baseurl = '';
if (!empty($_POST['action']) && $_POST['action'] == "addimages") {
if (!$id) {
$msg = $GLOBALS['I18N']->get('No such template');
} else {
$content_req = Sql_Fetch_Row_Query("select template from {$tables["template"]} where id = {$id}");
$images = getTemplateImages($content_req[0]);
if (sizeof($images)) {
include "class.image.inc";
$image = new imageUpload();
while (list($key, $val) = each($images)) {
# printf('Image name: <b>%s</b> (%d times used)<br />',$key,$val);
$image->uploadImage($key, $id);
}
$msg = $GLOBALS['I18N']->get('Images stored');
} else {
$msg = $GLOBALS['I18N']->get('No images found');
}
}
$_SESSION['action_result'] = $msg . '<br/>' . s('Template saved and ready for use in campaigns');
Redirect('templates');
<?php
require_once dirname(__FILE__) . '/accesscheck.php';
print '<ul class="dashboard_button">';
print "<li class='statistics'>" . PageLink2("statsoverview", $GLOBALS['I18N']->get('Overview')) . "</li>";
print "<li class='statistics'>" . PageLink2("uclicks", $GLOBALS['I18N']->get('View Clicks by URL')) . "</li>";
print "<li class='statistics'>" . PageLink2("mclicks", $GLOBALS['I18N']->get('View Clicks by Message')) . "</li>";
print "<li class='statistics'>" . PageLink2("mviews", $GLOBALS['I18N']->get('View Opens by Message')) . "</li>";
print "<li class='statistics'>" . PageLink2("domainstats", $GLOBALS['I18N']->get('Domain Statistics')) . "</li>";
print '</ul>';
$num = Sql_Fetch_Row_Query(sprintf('select count(*) from %s', $GLOBALS['tables']['linktrack']));
if ($num[0] > 0) {
print '<p class="information">' . $GLOBALS['I18N']->get('The clicktracking system has changed') . '</p>';
printf($GLOBALS['I18N']->get('You have %s entries in the old statistics table'), $num[0]);
print "<div class='clear'></div><div class='button'>" . PageLink2("convertstats", $GLOBALS['I18N']->get('Convert Old data to new')) . "</div>";
print '<p class="information">' . $GLOBALS['I18N']->get('To avoid overloading the system, this will convert 10000 records at a time') . '</p>';
}
<?php
if (!defined('PHPLISTINIT')) {
die;
}
verifyCsrfGetToken();
if (isset($_GET['id'])) {
$userid = sprintf('%d', $_GET['id']);
}
if (empty($userid)) {
return;
}
if (!empty($_GET['blacklist'])) {
$email = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['user'], $userid));
if (!empty($email[0])) {
addUserToBlackList($email[0], s('Manually blacklisted by %s', $_SESSION['logindetails']['adminname']));
$status = 'OK';
}
} elseif (!empty($_GET['unblacklist'])) {
$email = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['user'], $userid));
if (!empty($email[0])) {
unBlackList($userid);
$status = 'OK';
}
}
$alldone = 0;
$html .= $GLOBALS['img_cross'];
}
$html .= '</td></tr>';
$html .= '<tr><td>' . s('Create a subscribe page') . '</td>
<td>' . PageLink2('spage', s('Go there')) . '</td><td>';
$req = Sql_Query("select * from {$tables['subscribepage']}");
if (Sql_Affected_Rows()) {
$html .= $GLOBALS['img_tick'];
} else {
$alldone = 0;
$html .= $GLOBALS['img_cross'];
}
$html .= '</td></tr>';
$html .= '<tr><td>' . s('Add some subscribers') . '</td>
<td>' . PageLink2('import', s('Go there')) . '</td><td>';
$req = Sql_Fetch_Row_Query("select count(*) from {$tables['user']}");
if ($req[0] > 2) {
$html .= $GLOBALS['img_tick'];
} else {
$alldone = 0;
$html .= $GLOBALS['img_cross'];
}
$html .= '</td></tr>';
$html .= '</table>';
if ($alldone) {
$html .= Info($GLOBALS['I18N']->get('Congratulations, phpList is set up, you are ready to start mailing'), 1) . '<br/>' . PageLinkActionButton('send', s('Start a message campaign'));
unset($_SESSION['firstinstall']);
}
$panel = new UIPanel($GLOBALS['I18N']->get('configuration steps'), $html);
print $panel->display();
function precacheMessage($messageid, $forwardContent = 0)
{
global $cached;
$domain = getConfig('domain');
# $message = Sql_query("select * from {$GLOBALS["tables"]["message"]} where id = $messageid");
# $cached[$messageid] = array();
# $message = Sql_fetch_array($message);
$message = loadMessageData($messageid);
## the reply to is actually not in use
if (preg_match("/([^ ]+@[^ ]+)/", $message["replyto"], $regs)) {
# if there is an email in the from, rewrite it as "name <email>"
$message["replyto"] = str_replace($regs[0], "", $message["replyto"]);
$cached[$messageid]["replytoemail"] = $regs[0];
# if the email has < and > take them out here
$cached[$messageid]["replytoemail"] = str_replace("<", "", $cached[$messageid]["replytoemail"]);
$cached[$messageid]["replytoemail"] = str_replace(">", "", $cached[$messageid]["replytoemail"]);
# make sure there are no quotes around the name
$cached[$messageid]["replytoname"] = str_replace('"', "", ltrim(rtrim($message["replyto"])));
} elseif (strpos($message["replyto"], " ")) {
# if there is a space, we need to add the email
$cached[$messageid]["replytoname"] = $message["replyto"];
$cached[$messageid]["replytoemail"] = "listmaster@{$domain}";
} else {
if (!empty($message["replyto"])) {
$cached[$messageid]["replytoemail"] = $message["replyto"] . "@{$domain}";
## makes more sense not to add the domain to the word, but the help says it does
## so let's keep it for now
$cached[$messageid]["replytoname"] = $message["replyto"] . "@{$domain}";
}
}
$cached[$messageid]["fromname"] = $message["fromname"];
$cached[$messageid]["fromemail"] = $message["fromemail"];
$cached[$messageid]["to"] = $message["tofield"];
#0013076: different content when forwarding 'to a friend'
$cached[$messageid]["subject"] = $forwardContent ? stripslashes($message["forwardsubject"]) : $message["subject"];
#0013076: different content when forwarding 'to a friend'
$cached[$messageid]["content"] = $forwardContent ? stripslashes($message["forwardmessage"]) : $message["message"];
if (USE_MANUAL_TEXT_PART && !$forwardContent) {
$cached[$messageid]["textcontent"] = $message["textmessage"];
} else {
$cached[$messageid]["textcontent"] = '';
}
# var_dump($cached);exit;
#0013076: different content when forwarding 'to a friend'
$cached[$messageid]["footer"] = $forwardContent ? stripslashes($message["forwardfooter"]) : $message["footer"];
if (strip_tags($cached[$messageid]["footer"]) != $cached[$messageid]["footer"]) {
$cached[$messageid]["textfooter"] = HTML2Text($cached[$messageid]["footer"]);
$cached[$messageid]["htmlfooter"] = $cached[$messageid]["footer"];
} else {
$cached[$messageid]["textfooter"] = $cached[$messageid]["footer"];
$cached[$messageid]["htmlfooter"] = parseText($cached[$messageid]["footer"]);
}
$cached[$messageid]["htmlformatted"] = strip_tags($cached[$messageid]["content"]) != $cached[$messageid]["content"];
$cached[$messageid]["sendformat"] = $message["sendformat"];
if ($message["template"]) {
$req = Sql_Fetch_Row_Query("select template from {$GLOBALS["tables"]["template"]} where id = {$message["template"]}");
$cached[$messageid]["template"] = stripslashes($req[0]);
$cached[$messageid]["templateid"] = $message["template"];
# dbg("TEMPLATE: ".$req[0]);
} else {
$cached[$messageid]["template"] = '';
$cached[$messageid]["templateid"] = 0;
}
## @@ put this here, so it can become editable per email sent out at a later stage
$cached[$messageid]["html_charset"] = 'UTF-8';
#getConfig("html_charset");
## @@ need to check on validity of charset
if (!$cached[$messageid]["html_charset"]) {
$cached[$messageid]["html_charset"] = 'UTF-8';
#'iso-8859-1';
}
$cached[$messageid]["text_charset"] = 'UTF-8';
#getConfig("text_charset");
if (!$cached[$messageid]["text_charset"]) {
$cached[$messageid]["text_charset"] = 'UTF-8';
#'iso-8859-1';
}
## if we are sending a URL that contains user attributes, we cannot pre-parse the message here
## but that has quite some impact on speed. So check if that's the case and apply
$cached[$messageid]['userspecific_url'] = preg_match('/\\[.+\\]/', $message['sendurl']);
if (!$cached[$messageid]['userspecific_url']) {
## Fetch external content here, because URL does not contain placeholders
if ($GLOBALS["can_fetchUrl"] && preg_match("/\\[URL:([^\\s]+)\\]/i", $cached[$messageid]["content"], $regs)) {
$remote_content = fetchUrl($regs[1], array());
# $remote_content = fetchUrl($message['sendurl'],array());
# @@ don't use this
# $remote_content = includeStyles($remote_content);
if ($remote_content) {
$cached[$messageid]['content'] = str_replace($regs[0], $remote_content, $cached[$messageid]['content']);
# $cached[$messageid]['content'] = $remote_content;
$cached[$messageid]["htmlformatted"] = strip_tags($remote_content) != $remote_content;
## 17086 - disregard any template settings when we have a valid remote URL
$cached[$messageid]["template"] = NULL;
$cached[$messageid]["templateid"] = NULL;
} else {
#print Error(s('unable to fetch web page for sending'));
logEvent("Error fetching URL: " . $message['sendurl'] . ' cannot proceed');
return false;
}
}
if (VERBOSE && !empty($GLOBALS['getspeedstats'])) {
output('fetch URL end');
}
/*
print $message['sendurl'];
print $remote_content;exit;
*/
}
// end if not userspecific url
if ($cached[$messageid]["htmlformatted"]) {
# $cached[$messageid]["content"] = compressContent($cached[$messageid]["content"]);
}
$cached[$messageid]['google_track'] = $message['google_track'];
/*
else {
print $message['sendurl'];
exit;
}
*/
if (VERBOSE && !empty($GLOBALS['getspeedstats'])) {
output('parse config start');
}
/*
* this is not a good idea, as it'll replace eg "unsubscribeurl" with a general one instead of personalised
* if (is_array($GLOBALS["default_config"])) {
foreach($GLOBALS["default_config"] as $key => $val) {
if (is_array($val)) {
$cached[$messageid]['content'] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]['content']);
$cached[$messageid]["textcontent"] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]["textcontent"]);
$cached[$messageid]["textfooter"] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]['textfooter']);
$cached[$messageid]["htmlfooter"] = str_ireplace("[$key]",getConfig($key),$cached[$messageid]['htmlfooter']);
}
}
}
*/
if (VERBOSE && !empty($GLOBALS['getspeedstats'])) {
output('parse config end');
}
## ##17233 not that many fields are actually useful, so don't blatantly use all
# foreach($message as $key => $val) {
foreach (array('subject', 'id', 'fromname', 'fromemail') as $key) {
$val = $message[$key];
if (!is_array($val)) {
$cached[$messageid]['content'] = str_ireplace("[{$key}]", $val, $cached[$messageid]['content']);
$cached[$messageid]["textcontent"] = str_ireplace("[{$key}]", $val, $cached[$messageid]["textcontent"]);
$cached[$messageid]["textfooter"] = str_ireplace("[{$key}]", $val, $cached[$messageid]['textfooter']);
$cached[$messageid]["htmlfooter"] = str_ireplace("[{$key}]", $val, $cached[$messageid]['htmlfooter']);
}
}
if (preg_match("/##LISTOWNER=(.*)/", $cached[$messageid]['content'], $regs)) {
$cached[$messageid]['listowner'] = $regs[1];
$cached[$messageid]['content'] = str_replace($regs[0], "", $cached[$messageid]['content']);
} else {
$cached[$messageid]['listowner'] = 0;
}
if (!empty($cached[$messageid]['listowner'])) {
$att_req = Sql_Query("select name,value from {$GLOBALS["tables"]["adminattribute"]},{$GLOBALS["tables"]["admin_attribute"]} where {$GLOBALS["tables"]["adminattribute"]}.id = {$GLOBALS["tables"]["admin_attribute"]}.adminattributeid and {$GLOBALS["tables"]["admin_attribute"]}.adminid = " . $cached[$messageid]['listowner']);
while ($att = Sql_Fetch_Array($att_req)) {
$cached[$messageid]['content'] = preg_replace("#\\[LISTOWNER." . strtoupper(preg_quote($att["name"])) . "\\]#", $att["value"], $cached[$messageid]['content']);
}
}
$baseurl = $GLOBALS['website'];
if (defined('UPLOADIMAGES_DIR') && UPLOADIMAGES_DIR) {
## escape subdirectories, otherwise this renders empty
$dir = str_replace('/', '\\/', UPLOADIMAGES_DIR);
$cached[$messageid]['content'] = preg_replace('/<img(.*)src="\\/' . $dir . '(.*)>/iU', '<img\\1src="' . $GLOBALS['public_scheme'] . '://' . $baseurl . '/' . UPLOADIMAGES_DIR . '\\2>', $cached[$messageid]['content']);
}
//if (defined('FCKIMAGES_DIR') && FCKIMAGES_DIR) {
//$cached[$messageid]['content'] = preg_replace('/<img(.*)src="\/lists\/'.FCKIMAGES_DIR.'(.*)>/iU','<img\\1src="'.$GLOBALS['public_scheme'].'://'.$baseurl.'/lists/'.FCKIMAGES_DIR.'\\2>',$cached[$messageid]['content']);
//}
return 1;
}
$ls = new WebblerListing($GLOBALS['I18N']->get('Messages'));
if (Sql_Table_Exists($tables["usermessage"])) {
$msgs = Sql_Query(sprintf('select messageid,entered,viewed,(viewed = 0 or viewed is null) as notviewed,
abs(unix_timestamp(entered) - unix_timestamp(viewed)) as responsetime from %s where userid = %d and status = "sent"', $tables["usermessage"], $user["id"]));
$num = Sql_Affected_Rows();
} else {
$num = 0;
}
printf('%d ' . $GLOBALS['I18N']->get('messages sent to this user') . '<br/>', $num);
if ($num) {
$resptime = 0;
$totalresp = 0;
while ($msg = Sql_Fetch_Array($msgs)) {
$ls->addElement($msg["messageid"], PageURL2("message", $GLOBALS['I18N']->get('view'), "id=" . $msg["messageid"]));
if (defined('CLICKTRACK') && CLICKTRACK) {
$clicksreq = Sql_Fetch_Row_Query(sprintf('select sum(clicked) as numclicks from %s where userid = %s and messageid = %s', $GLOBALS['tables']['linktrack_uml_click'], $user['id'], $msg['messageid']));
$clicks = sprintf('%d', $clicksreq[0]);
if ($clicks) {
$ls->addColumn($msg["messageid"], $GLOBALS['I18N']->get('clicks'), PageLink2('userclicks&userid=' . $user['id'] . '&msgid=' . $msg['messageid'], $clicks));
} else {
$ls->addColumn($msg["messageid"], $GLOBALS['I18N']->get('clicks'), 0);
}
}
$ls->addColumn($msg["messageid"], $GLOBALS['I18N']->get('sent'), formatDateTime($msg["entered"], 1));
if (!$msg['notviewed']) {
$ls->addColumn($msg["messageid"], $GLOBALS['I18N']->get('viewed'), formatDateTime($msg["viewed"], 1));
$ls->addColumn($msg["messageid"], $GLOBALS['I18N']->get('responsetime'), $msg['responsetime']);
$resptime += $msg['responsetime'];
$totalresp += 1;
}
if (!empty($bounces[$msg["messageid"]])) {
Sql_Query(sprintf('update %s set active = 1 where id = %d', $tables["subscribepage"], $id));
Redirect("spage");
exit;
} elseif ($deactivate) {
Sql_Query(sprintf('update %s set active = 0 where id = %d', $tables["subscribepage"], $id));
Redirect("spage");
exit;
}
}
ob_end_flush();
if ($id) {
$req = Sql_Query(sprintf('select * from %s where id = %d', $tables["subscribepage_data"], $id));
while ($row = Sql_Fetch_Array($req)) {
$data[$row["name"]] = $row["data"];
}
$ownerreq = Sql_Fetch_Row_Query(sprintf('select owner from %s where id = %d', $GLOBALS['tables']['subscribepage'], $id));
$data['owner'] = $ownerreq[0];
$attributes = explode('+', $data["attributes"]);
$rss = explode(",", $data["rss"]);
foreach ($attributes as $attribute) {
if ($data[sprintf('attribute%03d', $attribute)]) {
list($attributedata[$attribute]["id"], $attributedata[$attribute]["default_value"], $attributedata[$attribute]["listorder"], $attributedata[$attribute]["required"]) = explode('###', $data[sprintf('attribute%03d', $attribute)]);
}
}
$selected_lists = explode(',', $data["lists"]);
printf('<input type=hidden name="id" value="%d">', $id);
$data["subscribemessage"] = getConfig("subscribemessage:{$id}");
$data["subscribesubject"] = getConfig("subscribesubject:{$id}");
$data["confirmationmessage"] = getConfig("confirmationmessage:{$id}");
$data["confirmationsubject"] = getConfig("confirmationsubject:{$id}");
} else {
if ($p1 == $p2 && !empty($admin)) {
#Database update.
$SQLquery = sprintf("update %s set password='******', passwordchanged=now() where loginname = '%s';", $GLOBALS['tables']['admin'], encryptPass($p1), $admin);
## print $SQLquery;
$query = Sql_Query($SQLquery);
print $GLOBALS['I18N']->get('Your password was changed succesfully') . '<br/>';
print '<p><a href="./" class="action-button">' . $GLOBALS['I18N']->get('Continue') . '</a></p>';
#Token deletion.
$SQLquery = sprintf('delete from %s where admin = %d;', $GLOBALS['tables']['admin_password_request'], $adminId);
$query = Sql_Query($SQLquery);
} else {
print $GLOBALS['I18N']->get('The passwords you entered are not the same.');
}
} elseif (isset($_GET['token'])) {
$SQLquery = sprintf("select date, admin from %s where key_value = '" . sql_escape($_GET['token']) . "';", $GLOBALS['tables']['admin_password_request']);
$row = Sql_Fetch_Row_Query($SQLquery);
$tokenDate = date('U', strtotime($row[0]));
$actualDate = date('U');
$time_exceeded = ($actualDate - $tokenDate) / (60 * 60) > 24;
if ($row && !$time_exceeded) {
$date = strtotime($row[0]);
$adminId = $row[1];
$final_date = date('U', strtotime($row[0]));
print '<p>' . $GLOBALS['I18N']->get('You have requested a password update') . '</p>';
echo "<form method=\"post\" id=\"login-form\" action=\"\">\n";
# echo " <input type=\"hidden\" name=\"page\" value=\"$page\" />\n";
echo ' <input type="hidden" name="admin" value="' . sprintf('%d', $adminId) . "\" />\n";
echo " <table class=\"loginPassUpdate\" width=\"100%\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n";
# echo " <tr><td><span class=\"general\">".$GLOBALS['I18N']->get('Name').":</span></td></tr>\n";
# echo " <tr><td>".$row[0]."</td></tr>";
echo ' <tr><td><span class="general">' . $GLOBALS['I18N']->get('New password') . ":</span></td></tr>\n";
case 'none':
default:
$querytables = $GLOBALS['tables']['user'] . ' user';
$subselect = ' and user.id = 0';
$listselect_and = ' and owner = 0';
break;
}
$exportfileName = tempnam($GLOBALS['tmpdir'], $GLOBALS['installation_name'] . '-export' . time());
$exportfile = fopen($exportfileName, 'w');
if ($_SESSION['export']['column'] == 'nodate') {
## fetch dates as min and max from user table
if ($list) {
$dates = Sql_Fetch_Row_Query(sprintf('select date(min(user.modified)),date(max(user.modified)) from %s where listid = %d %s', $querytables, $list, $subselect));
} else {
## this takes begin and end of all users, regardless of whether they are on the list of this admin @TODO
$dates = Sql_Fetch_Row_Query(sprintf('select date(min(user.modified)),date(max(user.modified)) from %s ', $querytables));
}
$fromdate = $dates[0];
$todate = $dates[1];
} else {
$fromdate = $_SESSION['export']['fromdate'];
$todate = $_SESSION['export']['todate'];
}
if ($list) {
$filename = s('phpList Export on %s from %s to %s (%s).csv', ListName($list), $fromdate, $todate, date('Y-M-d'));
} else {
$filename = s('phpList Export from %s to %s (%s).csv', $fromdate, $todate, date('Y-M-d'));
}
ob_end_clean();
$filename = trim(strip_tags($filename));
if (!empty($_SESSION['export']['fileready']) && is_file($_SESSION['export']['fileready'])) {
