function viewInvitations() { global $debug, $message, $success; $output = ' <div class="textLeft" id="viewInvitationsReturn">'; $class = 'rowAlt'; $getInvitationsQuery = "SELECT\n\tfolders.folderName AS 'folderName',\n\tinvitations.invitationId AS 'invitationId',\n\tinvitations.folderRoleId AS 'folderRoleId',\n\tinvitations.email AS 'email',\n\tinvitations.listRoleId AS 'listRoleId',\n\tDATE_FORMAT(invitations.sentDate, '%b %e, %Y %l:%i %p') AS 'sentDate',\n\tDATE_FORMAT(invitations.responded, '%b %e, %Y %l:%i %p') AS 'responded',\n\tlists.listName AS 'listName'\nFROM\n\tinvitations\nLEFT JOIN\n\tlists ON lists.listId = invitations.listId\nJOIN\n\tfolders ON folders.folderId = invitations.folderId AND\n\tinvitations.senderId = '" . $_SESSION['userId'] . "'\nORDER BY\n\t(SELECT userSiteSettings.folderLinksOrderBy FROM userSiteSettings WHERE userSiteSettings.userId = '" . $_SESSION['userId'] . "')"; if ($result = mysql_query($getInvitationsQuery)) { if (mysql_affected_rows() == 0) { $message .= 'You haven\'t sent any invitations.'; pdoError(__LINE__, $getInvitationsQuery, '$getInvitationsQuery', 1); } else { $output .= ' <div class="break relative" style="width:100%"> <div class="rowTitle" style="width:140px; padding-left:5px"><br> Email</div> <div class="rowTitle" style="width:120px">Invited to Folder</div> <div class="rowTitle" style="width:80px">Folder Role</div> <div class="rowTitle" style="width:130px"><br> Invited to ADR List</div> <div class="rowTitle" style="width:80px">List Role</div> <div class="rowTitle" style="width:110px"><br> Sent</div> <div class="rowTitle" style="width:110px"><br> Responded</div> </div>'; while ($row = mysql_fetch_assoc($result)) { if ($class == 'rowWhite') { $class = 'rowAlt'; } else { $class = 'rowWhite'; } $responded = empty($row['responded']) ? 'No response' : $row['responded']; $listName = empty($row['listName']) ? ' ' : $row['listName']; $output .= ' <div class="break relative ' . $class . '"> <div class="row" style="width:140px; padding-left:5px"><img alt="" class="left" height="16" id="deleteInvitation' . $row['invitationId'] . '" onClick="" src="' . LINKIMAGES . '/xRed.png" width="16"> ' . breakEmail($row['email'], 16) . '</div> <div class="row" style="width:120px">' . $row['folderName'] . '</div> <div class="row" style="width:80px;">' . roles($row['folderRoleId']) . '</div> <div class="row" style="width:130px">' . $listName . '</div> <div class="row" style="width:80px">' . roles($row['listRoleId']) . '</div> <div class="row textSmall" style="width:110px">' . $row['sentDate'] . '</div> <div class="row textSmall" style="width:110px">' . $responded . '</div> </div> '; } $output .= ' </table> </div>'; $success = true; $returnThis['returnViewInvitations'] = $output; } } else { error(__LINE__); pdoError(__LINE__, $getInvitationsQuery, '$getInvitationsQuery'); } if (MODE == 'viewInvitations') { returnData(); } else { return $output; } }
if (isset($spamlist)) { foreach ($spamlist as $spamword) { if (preg_match("/(" . trim($spamword) . ")/i", $val)) { $error_msg .= "Your updated info contains words in the spam list, please go back and remove references to obvious 'spam' material.\r\n"; } } } if (preg_match($exploits, $val)) { $error_msg .= "No meta injection, please.\r\n"; } if (preg_match("/(<.*>)/i", $val)) { $error_msg .= "No HTML, please.\r\n"; } $clean[$key] = cleanUp($val); } if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail(strtolower($clean['email'])), "email") === true || filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail(strtolower($clean['email'])), "email") === true) { // set default values for empty/unset fields if (empty($clean['dispemail'])) { $clean['dispemail'] = "no"; } if (!isset($favefield) || $favefield == "no" || !isset($clean['fave'])) { $clean['fave'] = NULL; } // let's do some security and spam checks if (empty($clean['name']) || empty($clean['email']) || empty($clean['country'])) { $error_msg .= "Name, e-mail and country are required fields. \r\n"; } if (!preg_match("/^[a-zA-Z-'\\s]*\$/", $clean['name'])) { $error_msg .= "That name is not valid. Your name must contain letters only, and must be less than 15 characters. \r\n"; } if ($clean['dispemail'] != "yes" && $clean['dispemail'] != "no") {
if (filesize(IPBLOCKLST) > 0 && checkTXTfile(IPBLOCKLST, $_SERVER['REMOTE_ADDR'], "ip") === true) { echo "<p>Your IP is in the block list, that means you're not allowed to join at this time. \r\n</p>"; exit(include 'footer.php'); } if (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($clean['email']), "email") === true) { echo "<p>You're already in the pending queue, you can't join twice!</p> \n"; exit(include 'footer.php'); } if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($clean['email']), "email") === true) { echo "<p>You're already a member of the fanlisting, you can't join twice!</p> \n"; exit(include 'footer.php'); } if ($error_msg == NULL) { $show_form = false; // attempt to break email to piss off spammers :p $clean['email'] = breakEmail(strtolower($clean['email'])); // send off some emails if ($emailnewbies == "yes") { $subject = "Thank you for joining {$title}"; $message = $thanksjoinMsg; $message .= "Name: {$clean['name']} \n"; $message .= "Email: " . fixEmail($clean['email']) . " \n"; $message .= "URL: {$clean['url']} \n"; $message .= "Country: {$clean['country']} \n"; if (isset($favefield) && $favefield == "yes") { $message .= "{$favetext}: {$clean['fave']} \n"; } $message .= "Comments: {$clean['comments']} \n\n"; if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { $headers = "From: {$admin_email} \n"; $headers .= "Reply-To: {$admin_email}";
if (filesize(MEMBERS) > 0 && checkTXTfile(MEMBERS, breakEmail($_POST['email']), "email") === true) { $file = MEMBERS; } elseif (filesize(NEWBIES) > 0 && checkTXTfile(NEWBIES, breakEmail($_POST['email']), "email") === true) { $file = NEWBIES; } if (!isset($file)) { echo "<p>Something went horribly, drastically wrong! Run for your life!</p>"; echo "<p>...</p>"; echo "<p>Just kidding — that member does <strong>not</strong> exist.</p>"; echo "<p><a href='admin.php'>Back to admin panel?</a></p>"; include 'footer.php'; exit; } $members = file($file); foreach ($members as $key => $value) { if (preg_match("/(" . breakEmail($_POST['email']) . ")/i", $value)) { list($name, $email, $dispemail, $url, $country, $fave) = preg_split("/,(?! )/", $value); if (empty($url) || $url == "http://" || $url == "") { $url = "(none)"; } else { $url = "<a href='{$url}'>website</a>"; } ?> <p>Search results:</p> <table> <tr> <th>Name</th> <th>E-mail</th> <th>Website</th> <th>Country</th> <?php if (isset($favefield) && $favefield == "yes") { echo "<th>Fave</th>"; } ?>
function buildListUsers() { //Build the users of the selected list. global $debug, $message, $success, $Dbc, $returnThis; $output = ''; try { if (empty($_POST['listId'])) { throw new Adrlist_CustomException('', '$_POST[\'listId\'] is empty.'); } elseif (!is_numeric($_POST['listId'])) { throw new Adrlist_CustomException('', '$_POST[\'listId\'] is not numeric.'); } //Get the user's list role. $listInfo = getListInfo($_SESSION['userId'], $_POST['listId']); if ($listInfo === false || $listInfo['listRoleId'] < 3) { //The user must be a Manager (3) or higher to view list users. throw new Adrlist_CustomException("Your role does not allow you to edit this list.", ''); } //Select the existing users. $listUsersCountStmt = "SELECT\n\tCOUNT(users.userId) AS 'count'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?\nWHERE\n\tusers.userId != ?"; $listUsersStmt = "SELECT\n\tusers.userId AS 'userId',\n\tCONCAT_WS(' ',users.firstName,users.lastName) AS 'name',\n\tusers.primaryEmail AS 'primaryEmail',\n\tuserListSettings.listRoleId AS 'listRoleId',\n\tuserListSettings.dateAdded AS 'dateAdded'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?\nWHERE\n\tusers.userId != ?"; /*GROUP BY users.primaryEmail*/ $listUsersEndStmt = "\nORDER BY\n\tCONCAT_WS(' ',users.firstName,users.lastName), users.primaryEmail"; //Select the users with pending invitations. $pendingUsersCountStmt = "SELECT\n\tCOUNT(email) AS 'count'\nFROM\n\tinvitations\nWHERE\n\tlistId = ? AND\n\trespondDate IS NULL AND\n\temail NOT IN (SELECT users.primaryEmail FROM users)"; $pendingUsersStmt = "SELECT\n\tinvitationId AS 'invitationId',\n\temail AS 'email',\n\tlistRoleId AS 'listRoleId',\n\tsentDate AS 'sentDate',\n\tsenderId AS 'senderId'\nFROM\n\tinvitations\nWHERE\n\tlistId = ? AND\n\trespondDate IS NULL AND\n\temail NOT IN (SELECT users.primaryEmail FROM users)"; $pendingUsersEndStmt = "\nORDER BY\n\temail"; if (!empty($_POST['searchVal']) && !empty($_POST['searchFor']) && $_POST['searchFor'] == 'listUsers') { $searchListUsers = true; $searchVal = '%' . trim($_POST['searchVal']) . '%'; $listUsersSearchQuery = " AND\n\t(users.firstName LIKE ? || users.lastName LIKE ? || users.primaryEmail LIKE ?)"; $listUsersStmt = $listUsersStmt . $listUsersSearchQuery . $listUsersEndStmt; $listUsersParams = array($_POST['listId'], $_SESSION['userId'], $searchVal, $searchVal, $searchVal); $listUsersCountStmt .= $listUsersSearchQuery; } else { $searchListUsers = false; $listUsersStmt .= $listUsersEndStmt; $listUsersParams = array($_POST['listId'], $_SESSION['userId']); } if (!empty($_POST['searchVal']) && !empty($_POST['searchFor']) && $_POST['searchFor'] == 'pendingListUsers') { $searchPendingListUsers = true; $searchVal = '%' . trim($_POST['searchVal']) . '%'; $pendingUsersSearchQuery = " AND\nemail LIKE ?"; $pendingUsersStmt = $pendingUsersStmt . $pendingUsersSearchQuery . $pendingUsersEndStmt; $pendingUsersParams = array($_POST['listId'], $searchVal); $pendingUsersCountStmt .= $pendingUsersSearchQuery; } else { $searchPendingListUsers = false; $pendingUsersStmt = $pendingUsersStmt . $pendingUsersEndStmt; $pendingUsersParams = array($_POST['listId']); } $listUsersCountStmt = $Dbc->prepare($listUsersCountStmt); $listUsersCountStmt->execute($listUsersParams); $row = $listUsersCountStmt->fetch(PDO::FETCH_ASSOC); $itemCount = $row['count']; $pagination = new Adrlist_Pagination('buildListUsers', 'listUsers', $itemCount, 'Search Users', $searchListUsers); $pagination->addSearchParameters(array('listId' => $_POST['listId'], 'searchFor' => 'listUsers')); list($offset, $limit) = $pagination->offsetLimit(); $listUsersStmt = $Dbc->prepare($listUsersStmt . " LIMIT {$offset}, {$limit}"); $listUsersStmt->execute($listUsersParams); $pendingUsersCountStmt = $Dbc->prepare($pendingUsersCountStmt); $pendingUsersCountStmt->execute($pendingUsersParams); $row = $pendingUsersCountStmt->fetch(PDO::FETCH_ASSOC); $itemCount = $row['count']; $pendingPagination = new Adrlist_Pagination('buildListUsers', 'pendingListUsers', $itemCount, 'Search Pending Users', $searchPendingListUsers); $pendingPagination->addSearchParameters(array('listId' => $_POST['listId'], 'searchFor' => 'pendingListUsers')); list($pendingOffset, $pendingLimit) = $pendingPagination->offsetLimit(); $pendingUsersStmt = $Dbc->prepare($pendingUsersStmt . " LIMIT {$pendingOffset}, {$pendingLimit}"); $pendingUsersStmt->execute($pendingUsersParams); $listInfo = getListInfo($_SESSION['userId'], $_POST['listId']); $listUsersCount = 0; $listUsersArray = array(); $listUsersHiddenRow = array(); while ($row = $listUsersStmt->fetch(PDO::FETCH_ASSOC)) { $listUsersCount++; $name = '<button class="ui-btn ui-mini ui-btn-icon-right ui-icon-carat-r ui-btn-inline ui-corner-all" toggle="existingUser' . $row['userId'] . '">' . $row['name'] . '</button>'; $email = '<a href="mailto:' . $row['primaryEmail'] . '">' . breakEmail($row['primaryEmail'], 30) . '</a>'; $date = $row['dateAdded'] != '0000-00-00 00:00:00' ? Adrlist_Time::utcToLocal($row['dateAdded']) : 'n/a'; $listUsersArray[$row['userId']] = array($name, $date); //The user rowActions. $userActions = ''; if ($listInfo['listRoleId'] <= 3 && $row['listRoleId'] >= 3) { //List managers cannot change the role of managers or owners. $role = role($row['listRoleId']); } else { $additionalAttributes = array('class' => 'changeListRole', 'userId' => $row['userId'], 'listId' => $_POST['listId']); $role = buildRoles('changeListRole' . $row['userId'], $row['listRoleId'], array(0, 1, 2, 3), $additionalAttributes); } if ($listInfo['listRoleId'] >= 3) { $userActions .= '<div class="ui-field-contain"><label for="existingRole' . $row['userId'] . '">List Role ' . faqLink(24) . '</label>' . $role . '</div>'; $userActions .= $row['listRoleId'] < 3 || $listInfo['listRoleId'] == 4 ? '<button class="removeUserFromList ui-btn ui-btn-inline ui-corner-all ui-mini" listId="' . $_POST['listId'] . '" userId="' . $row['userId'] . '" listName="' . $listInfo['listName'] . '"><i class="fa fa-times" ></i>Remove User</button>' : ''; } $listUsersHiddenRow[$row['userId']] = array('existingUser' . $row['userId'], $userActions); } //Build pending list users. $pendingListUsersCount = 0; $pendingUsersArray = array(); $pendingUsersHiddenRow = array(); while ($pendingRow = $pendingUsersStmt->fetch(PDO::FETCH_ASSOC)) { $pendingListUsersCount++; $name = '<button class="ui-btn ui-mini ui-btn-icon-right ui-icon-carat-r ui-btn-inline ui-corner-all" toggle="pendingUser' . $pendingRow['invitationId'] . '">' . $pendingRow['email'] . '</button>'; $email = '<a href="mailto:' . $pendingRow['email'] . '">' . breakEmail($pendingRow['email'], 40) . '</a>'; $sentDate = $pendingRow['sentDate'] != '0000-00-00 00:00:00' ? Adrlist_Time::utcToLocal($pendingRow['sentDate']) : 'n/a'; $pendingUsersArray[$pendingRow['invitationId']] = array($name, $sentDate); //The pending list user rowActions. $userActions = ''; if ($listInfo['listRoleId'] == 3 && $pendingRow['listRoleId'] >= 3) { //Managers cannot change the role of other managers. $role = role($pendingRow['listRoleId']); } else { $additionalAttributes = array('class' => 'changePendingRole', 'invitationId' => $pendingRow['invitationId'], 'adrtype' => 'list', 'typeid' => $_POST['listId']); $role = buildRoles('', $pendingRow['listRoleId'], array(0, 1, 2, 3), $additionalAttributes); } if ($listInfo['listRoleId'] >= 3) { $userActions .= '<div class="ui-field-contain"><label for="pendingRole' . $pendingRow['invitationId'] . '">List Role ' . faqLink(24) . '</label>' . $role . '</div> <button adrType="list" class="removeInvitation ui-btn ui-btn-inline ui-corner-all ui-mini" invitationId="' . $pendingRow['invitationId'] . '" typeId="' . $_POST['listId'] . '"><i class="fa fa-times" ></i>Remove User</button>'; } $pendingUsersHiddenRow[$pendingRow['invitationId']] = array('pendingUser' . $pendingRow['invitationId'], $userActions); } //Build list users. $output .= '<div class="textCenter textLarge"> <i class="fa fa-file-o" ></i><span class="bold">' . $listInfo['listName'] . '</span> Users </div>'; if (empty($listUsersCount)) { pdoError(__LINE__, $listUsersStmt, $listUsersParams, true); $output .= '<div class="break red" style="padding:5px 0px 10px 0px;"> There are no users. </div>'; } if ($searchListUsers) { $results = intThis($listUsersCount); $output .= '<div class="break red">'; $output .= $results == 1 ? $results . ' result' : $results . ' results'; $output .= ' for "' . $_POST['searchVal'] . '".</div>'; } $listUsersTitleArray = array(array('Name'), array('Shared On', 1)); $buildListUsers = new Adrlist_BuildRows('existingListUsers', $listUsersTitleArray, $listUsersArray); $buildListUsers->addHiddenRows($listUsersHiddenRow); $output .= $pagination->output('listUsersViewOptions') . $buildListUsers->output(); $output .= '<div class="hr3" style="margin:2em 0;"></div>'; //Build pending users. $output .= '<div class="break textCenter textLarge" style="margin:1em 0 0 0"> Pending Users </div>'; if (empty($pendingListUsersCount)) { pdoError(__LINE__, $pendingUsersStmt, $pendingUsersParams, true); $output .= '<div class="break red" style="padding:5px 0px 10px 0px;"> There are no pending users. </div>'; } if ($searchPendingListUsers) { $results = intThis($pendingListUsersCount); $output .= '<div class="break red">'; $output .= $results == 1 ? $results . ' result' : $results . ' results'; $output .= ' for "' . $_POST['searchVal'] . '".</div>'; } $pendingUsersTitleArray = array(array('Pending User'), array('Shared On', 1)); $buildPendingUsers = new Adrlist_BuildRows('pendingListUsers', $pendingUsersTitleArray, $pendingUsersArray); $buildPendingUsers->addHiddenRows($pendingUsersHiddenRow); $output .= $pendingPagination->output('pendingListUsersViewOptions') . $buildPendingUsers->output(); if (MODE == 'buildListUsers') { $success = true; $returnThis['output'] = $output; } } catch (Adrlist_CustomException $e) { } catch (PDOException $e) { error(__LINE__, '', '<pre>' . $e . '</pre>'); } if (MODE == 'buildListUsers') { returnData(); } else { return $output; } }
function buildUserInfo() { global $debug, $message, $success, $Dbc; $output = ' <div class="break" style="line-height:2em"> Last Name: <span class="bold link" id="userLettersA-H" style="padding:0px 20px 0px 20px; letter-spacing:.2em">A–H</span> <span class="bold link" id="userLettersI-Q" style="padding:0px 20px 0px 20px; letter-spacing:.2em"">I–Q</span> <span class="bold link" id="userLettersR-Z" style="padding:0px 20px 0px 20px; letter-spacing:.2em"">R–Z</span> </div>'; try { $userInfoStmt = "SELECT\n\tusers.userId AS 'userId',\n\tusers.firstName AS 'firstName',\n\tusers.lastName AS 'lastName',\n\tusers.primaryEmail AS 'primaryEmail',\n\tDATE_FORMAT(users.joinDate, '%M %D, %Y') AS 'joinDate'\nFROM\n\tusers"; $userInfoStmt .= "ORDER BY\n\tusers.lastName"; if (empty($_POST['searchVal']) && !empty($_POST['letters'])) { $letters = "'^[" . trim($_POST['letters'] . "]'"); $userInfoStmt .= "\nWHERE\n\tusers.lastName RLIKE ?"; $userInfoStmt = $Dbc->prepare($userInfoStmt); $userInfoParams = array($letters); $userInfoStmt->execute($userInfoParams); } elseif (empty($_POST['searchVal']) && empty($_POST['letters'])) { $search = false; $userInfoStmt = $Dbc->prepare($userInfoStmt); $userInfoParams = array(); $userInfoStmt->execute($userInfoParams); } else { $search = true; $searchVal = '%' . trim($_POST['searchVal']) . '%'; $debug->add('$searchval: ' . $searchVal); $userInfoStmt .= "\nWHERE\n\t(users.firstName LIKE ? || users.lastName LIKE ?' || users.primaryEmail LIKE ?)\n"; $userInfoParams = array($searchVal, $searchVal, $searchVal); $userInfoStmt->execute($userInfoParams); pdoError(__LINE__, $userInfoStmt, $userInfoParams); } $output .= ' <div class="overflowauto" style="height:300px;"> <div class="break relative"> <div class="rowTitle" style="width:120px">Name</div> <div class="rowTitle" style="width:120px">Email</div> <div class="rowTitle" style="width:120px">Join Date</div> <div class="rowTitle" style="width:350px">Actions</div> </div> '; $class = 'rowAlt'; while ($row = $listStmt->fetch(PDO::FETCH_ASSOC)) { $userId = $row['userId']; if ($class == 'rowWhite') { $class = 'rowAlt'; } else { $class = 'rowWhite'; } $output .= ' <div class="break ' . $class . '""> <div class="right textXsmall">Id: ' . $userId . '</div> <div class="row" style="width:120px">' . $row['firstName'] . ' ' . $row['lastName'] . '</div> <div class="row" style="width:120px"><a href="mailto:' . $row['primaryEmail'] . '">' . breakEmail($row['primaryEmail'], 20) . '</a></div> <div class="row textSmall" style="width:120px">' . $row['joinDate'] . '</div> <div class="row" style="width:330px"><span class="link" id="viewUserInfo' . $userId . '">Edit Info</span> <span class="link" id="viewUserRole' . $row['userId'] . '">View Role</span> <span class="link" id="deleteUserStep1' . $userId . '">Delete User</span></div> <div class="red row" style="width:70px"><span class="red row" id="message' . $userId . '"></span> </div> <div class="break" id="userInfoHolder' . $userId . '" style="display:none; line-height:2em; padding:0px 0px 0px 5px"> First Name: <input id="editUserFirstName' . $userId . '" size="12" type="text" value="' . $row['firstName'] . '"> <span class="red" id="firstNameResponse' . $userId . '" style="padding:0px 0px 0px 5px"></span><br> Last Name: <input id="editUserLastName' . $userId . '" size="12" type="text" value="' . $row['lastName'] . '"><span class="red" id="lastNameResponse' . $userId . '" style="padding:0px 0px 0px 5px"></span><br> Email: <input id="editUserEmail' . $userId . '" size="20" type="text" value="' . $row['primaryEmail'] . '"><span class="red" id="emailResponse' . $userId . '" style="padding:0px 0px 0px 5px"></span><br> <span class="link" id="updateUserInfo' . $userId . '">Update</span> </div> <div class="break" id="viewUserRoleHolder' . $userId . '" style="display:none"></div> </div>'; $foundRows = true; } $output .= empty($foundRows) ? '<div class="break textCenter">No users found.</div>' : ''; $output .= ' </div> '; $success = true; $returnThis['buildUserInfo'] = $output; } catch (PDOException $e) { error(__LINE__, '', '<pre>' . $e . '</pre>'); } if (MODE == 'buildUserInfo') { returnData(); } else { return $output; } }