function resendConfirm($id) { global $tables, $envelope; $userdata = Sql_Fetch_Array_Query("select * from {$tables['user']} where id = {$id}"); $lists_req = Sql_Query(sprintf('select %s.name from %s,%s where %s.listid = %s.id and %s.userid = %d', $tables['list'], $tables['list'], $tables['listuser'], $tables['listuser'], $tables['list'], $tables['listuser'], $id)); while ($row = Sql_Fetch_Row($lists_req)) { $lists .= ' * ' . $row[0] . "\n"; } if ($userdata['subscribepage']) { $subscribemessage = str_replace('[LISTS]', $lists, getUserConfig('subscribemessage:' . $userdata['subscribepage'], $id)); $subject = getConfig('subscribesubject:' . $userdata['subscribepage']); } else { $subscribemessage = str_replace('[LISTS]', $lists, getUserConfig('subscribemessage', $id)); $subject = getConfig('subscribesubject'); } logEvent($GLOBALS['I18N']->get('Resending confirmation request to') . ' ' . $userdata['email']); if (!TEST) { return sendMail($userdata['email'], $subject, $_REQUEST['prepend'] . $subscribemessage, system_messageheaders($userdata['email']), $envelope); } }
function resendConfirm($id) { global $tables, $envelope, $prepend; $userdata = Sql_Fetch_Array_Query("select * from {$tables["user"]} where id = {$id}"); $lists_req = Sql_Query(sprintf('select %s.name from %s,%s where %s.listid = %s.id and %s.userid = %d', $tables["list"], $tables["list"], $tables["listuser"], $tables["listuser"], $tables["list"], $tables["listuser"], $id)); while ($row = Sql_Fetch_Row($lists_req)) { $lists .= ' * ' . $row[0] . "\n"; } if ($userdata["subscribepage"]) { $subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage:" . $userdata["subscribepage"], $id)); $subject = getConfig("subscribesubject:" . $userdata["subscribepage"]); } else { $subscribemessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("subscribemessage", $id)); $subject = getConfig("subscribesubject"); } logEvent("Resending confirmation request to " . $userdata["email"]); if (!TEST) { return sendMail($userdata["email"], $subject, $prepend . $subscribemessage, system_messageheaders($userdata["email"]), $envelope); } }
function sendAdminCopy($subject, $message) { $sendcopy = getConfig("send_admin_copies"); if ($sendcopy == "true") { $admin_mail = getConfig("admin_address"); $mails = explode(",", getConfig("admin_addresses")); array_push($mails, $admin_mail); $sent = array(); foreach ($mails as $admin_mail) { $admin_mail = trim($admin_mail); if (!$sent[$admin_mail] && $admin_mail) { sendMail($admin_mail, $subject, $message, system_messageheaders($admin_mail)); $sent[$admin_mail] = 1; } } } }
reset($lists); $addition = 0; $listoflists = ""; while (list($key, $listid) = each($lists)) { $query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},current_timestamp)"; $result = Sql_query($query); # if the affected rows is 2, the user was already subscribed $addition = $addition || Sql_Affected_Rows() == 1; $listoflists .= " * " . $available_lists[$listid] . "\n"; } if ($addition) { $additional_emails++; } if (!TEST && $_POST["notify"] == "yes" && $addition) { $subscribemessage = str_replace('[LISTS]', $listoflists, getUserConfig("subscribemessage", $userid)); sendMail($email, getConfig("subscribesubject"), $subscribemessage, system_messageheaders(), $envelope); } } // end if } // end foreach $num_lists = sizeof($lists); # be grammatically correct :-) $displists = $num_lists == 1 ? $GLOBALS['I18N']->get('list') : $GLOBALS['I18N']->get('lists'); $dispemail = $count_email_add == 1 ? $GLOBALS['I18N']->get('new email was') . " " : $GLOBALS['I18N']->get('new emails were') . " "; $dispemail2 = $additional_emails == 1 ? $GLOBALS['I18N']->get('email was') . " " : $GLOBALS['I18N']->get('emails were') . " "; if (!$some && !$additional_emails) { print "<br/>" . $GLOBALS['I18N']->get("All the emails already exist in the database and are members of the") . " {$displists}."; } else { print "{$count_email_add} {$dispemail} " . $GLOBALS['I18N']->get("succesfully imported to the database and added to") . " {$num_lists} {$displists}.<br/>{$additional_emails} {$dispemail2} " . $GLOBALS['I18N']->get("subscribed to the") . " {$displists}"; if ($count_exist) {
function unsubscribePage($id) { global $tables; $email = ''; $userid = 0; $msg = ''; ## for unsubscribe, don't validate host $GLOBALS['check_for_host'] = 0; $res = '<title>' . $GLOBALS['strUnsubscribeTitle'] . '</title>' . "\n"; $res .= $GLOBALS['pagedata']['header']; if (isset($_GET['uid'])) { $userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid']))); $email = $userdata['email']; $userid = $userdata['id']; $isBlackListed = $userdata['blacklisted'] != '0'; $blacklistRequest = false; } else { if (isset($_REQUEST['email'])) { $email = $_REQUEST['email']; } if (!validateEmail($email)) { $email = ''; } #0013076: Blacklisting posibility for unknown users # Set flag for blacklisting $blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend'; # only proceed when user has confirm the form if ($blacklistRequest && is_email($email)) { $_POST['unsubscribe'] = 1; $_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist'); } } if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) { $_POST['unsubscribe'] = 1; $_REQUEST['email'] = $email; if (!empty($_GET['jo'])) { $blacklistRequest = true; $_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested'); } else { $_POST['unsubscribereason'] = s('"Jump off" set, reason not requested'); } } foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { # print $pluginname.'<br/>'; if ($plugin->unsubscribePage($email)) { return; } } if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) { ## all conditions met, do the unsubscribe #0013076: Blacklisting posibility for unknown users // It would be better to do this above, where the email is set for the other cases. // But to prevent vulnerabilities let's keep it here for now. [bas] if (!$blacklistRequest) { $query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"', $tables['user'], sql_escape($email))); $userid = $query[0]; $email = $query[1]; $isBlackListed = !empty($query[2]); } if (!$userid) { #0013076: Blacklisting posibility for unknown users if ($blacklistRequest && !empty($email)) { addUserToBlacklist($email, $_POST['unsubscribereason']); addSubscriberStatistics('blacklist', 1); $res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>'; } else { $res .= $GLOBALS['strNoListsFound']; #'Error: '.$GLOBALS["strUserNotFound"]; logEvent('Request to unsubscribe non-existent user: '******'select listid from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid)); while ($row = Sql_Fetch_Row($listsreq)) { array_push($subscriptions, $row[0]); } ## 17753 - do not actually remove the list-membership when unsubscribing # $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid)); $lists = ' * ' . $GLOBALS['strAllMailinglists'] . "\n"; if (empty($isBlackListed)) { // only process when not already marked as blacklisted # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, 'Unsubscription', "Unsubscribed from {$lists}"); $unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:{$id}", $userid)); sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true); $reason = $_POST['unsubscribereason'] ? "Reason given:\n" . stripslashes($_POST['unsubscribereason']) : 'No Reason given'; sendAdminCopy('List unsubscription', $email . " has unsubscribed\n{$reason}", $subscriptions); addSubscriberStatistics('unsubscription', 1); } } if ($userid) { $res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>'; } #0013076: Blacklisting posibility for unknown users //if ($blacklistRequest) { //$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>"; //} $res .= $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; } elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) { $msg = '<span class="error">' . $GLOBALS['strEnterEmail'] . '</span><br>'; } $res .= '<h3>' . $GLOBALS['strUnsubscribeInfo'] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />'; if (!isset($_POST['email']) || empty($email)) { $res .= '<p>' . $GLOBALS['strEnterEmail'] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>'; } else { $res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS['strEmail'] . ': ' . $email . '</p>'; } if (!$email) { $res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>'; $res .= $GLOBALS['PoweredBy']; $res .= $GLOBALS['pagedata']['footer']; return $res; } $current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"', $tables['list'], $tables['listuser'], $tables['user'], sql_escape($email))); $some = $current['listid']; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current['userhash']; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS['strUnsubscribeFinalInfo']; $pref_url = getConfig('preferencesurl'); $sep = strpos($pref_url, '?') !== false ? '&' : '?'; $finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { #0013076: Blacklisting posibility for unknown users if (!$blacklistRequest) { $res .= '<b>' . $GLOBALS['strNoListsFound'] . '</b></ul>'; } $res .= '<p><input type=submit value="' . $GLOBALS['strUnsubscribe'] . '">'; } else { if ($blacklistRequest) { $res .= $GLOBALS['strExplainBlacklist']; } elseif (!UNSUBSCRIBE_JUMPOFF) { list($r, $c) = explode(',', getConfig('textarea_dimensions')); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS['strUnsubscribeRequestForReason']; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext; } $res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS['strUnsubscribe'] . '"></p>'; } $res .= '</form>'; $res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; }
$message = ereg_replace('\[CONFIRMATIONINFO\]', "", $message); } print '<title>'.$GLOBALS["strPreferencesTitle"].'</title>'; print $subscribepagedata["header"]; if (!TEST) { if ($emailchanged) { if (sendMail($data["email"],getConfig("updatesubject"),$oldaddressmessage, system_messageheaders($email),$envelope) && sendMail($email,getConfig("updatesubject"),$newaddressmessage, system_messageheaders($email),$envelope)) { $ok = 1; sendAdminCopy("Lists information changed",$data["email"] . " has changed their information.\nThe email has changed to $email."); } else { $ok = 0; } } else { if (sendMail($email, getConfig("updatesubject"), $message, system_messageheaders($email),$envelope)) { $ok = 1; sendAdminCopy("Lists information changed",$data["email"] . " has changed their information"); } else { $ok = 0; } } } else { $ok = 1; } if ($ok) { print '<h3>'.$GLOBALS["strPreferencesUpdated"].'</h3>'; if ($emailchanged) echo $strPreferencesEmailChanged; print "<br/>"; echo $strPreferencesNotificationSent;
function sendAdminCopy($subject, $message, $lists = array()) { $sendcopy = getConfig('send_admin_copies'); if ($sendcopy) { $lists = cleanArray($lists); $mails = array(); if (count($lists) && SEND_LISTADMIN_COPY) { $mailsreq = Sql_Query(sprintf('select email from %s admin, %s list where admin.id = list.owner and list.id in (%s)', $GLOBALS['tables']['admin'], $GLOBALS['tables']['list'], implode(',', $lists))); while ($row = Sql_Fetch_Array($mailsreq)) { array_push($mails, $row['email']); } } ## hmm, do we want to be exclusive? Either listadmin or main ones ## could do all instead if (!count($mails)) { $admin_mail = getConfig('admin_address'); if ($c = getConfig('admin_addresses')) { $mails = explode(',', $c); } array_push($mails, $admin_mail); } $sent = array(); foreach ($mails as $admin_mail) { $admin_mail = trim($admin_mail); if (!isset($sent[$admin_mail]) && !empty($admin_mail)) { sendMail($admin_mail, $subject, $message, system_messageheaders($admin_mail)); // logEvent(s('Sending admin copy to').' '.$admin_mail); $sent[$admin_mail] = 1; } } } }
$listoflists = ""; while (list($key, $listid) = each($_SESSION["lists"])) { $query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())"; $result = Sql_query($query, 1); # if the affected rows is 2, the user was already subscribed $addition = $addition || Sql_Affected_Rows() == 1; $listoflists .= " * " . listName($key) . "\n"; # $_SESSION["listname"][$key] . "\n"; } if ($addition) { $count["list_add"]++; } if (!TEST && $_SESSION["notify"] == "yes" && $addition) { $subscribemessage = str_replace('[LISTS]', $listoflists, getUserConfig("subscribemessage", $userid)); if (function_exists('sendmail')) { sendMail($user["systemvalues"]["email"], getConfig("subscribesubject"), $subscribemessage, system_messageheaders(), $envelope); if (isset($_SESSION["throttle_import"])) { sleep($_SESSION["throttle_import"]); } } } } elseif ($isBlackListed) { $count['foundblacklisted']++; } if (!is_array($_SESSION["groups"])) { $groups = array(); } else { $groups = $_SESSION["groups"]; } if (isset($everyone_groupid) && !in_array($everyone_groupid, $groups)) { array_push($groups, $everyone_groupid);
function unsubscribePage($id) { $pagedata = pageData($id); if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $pagedata['language_file'])) { @(include dirname(__FILE__) . '/texts/' . $pagedata['language_file']); } global $tables; $res .= '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>'; $res = $pagedata["header"]; if (isset($_GET["uid"])) { $req = Sql_Query("select * from {$tables['user']} where uniqid = \"" . $_GET["uid"] . "\""); $userdata = Sql_Fetch_Array($req); $email = $userdata["email"]; if (UNSUBSCRIBE_JUMPOFF) { $_POST["unsubscribe"] = 1; $_POST["email"] = $email; $_POST["unsubscribereason"] = '"Jump off" set, reason not requested'; } } if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) { if (isset($_POST["email"])) { $email = trim($_POST["email"]); } else { $email = $_POST["unsubscribeemail"]; } $query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"{$email}\""); $userid = $query[0]; $email = $query[1]; if (!$userid) { $res .= 'Error: ' . $GLOBALS["strUserNotFound"]; logEvent("Request to unsubscribe non-existent user: "******"email"], 0, 150)); } else { $result = Sql_query("delete from {$tables["listuser"]} where userid = \"{$userid}\""); $lists = " * " . $GLOBALS["strAllMailinglists"] . "\n"; # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}"); $unsubscribemessage = ereg_replace("\\[LISTS\\]", $lists, getUserConfig("unsubscribemessage", $userid)); sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email)); $reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given"; sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}"); addSubscriberStatistics('unsubscription', 1); } if ($userid) { $res .= '<h1>' . $GLOBALS["strUnsubscribeDone"] . "</h1><P>"; } $res .= $GLOBALS["PoweredBy"] . '</p>'; $res .= $pagedata["footer"]; return $res; } elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) { $msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>"; } elseif (!empty($_GET["email"])) { $email = trim($_GET["email"]); } else { if (isset($_REQUEST["email"])) { $email = $_REQUEST["email"]; } elseif (isset($_REQUEST['unsubscribeemail'])) { $email = $_REQUEST['unsubscribeemail']; } elseif (!isset($email)) { $email = ''; } } if (!isset($msg)) { $msg = ''; } $res .= '<b>' . $GLOBALS["strUnsubscribeInfo"] . '</b><br>' . $msg . formStart(); $res .= '<table> <tr><td>' . $GLOBALS["strEnterEmail"] . ':</td><td colspan=3><input type=text name="unsubscribeemail" value="' . $email . '" size=40></td></tr> </table>'; if (!$email) { $res .= "<input type=submit name=unsubscribe value=\"{$GLOBALS['strContinue']}\"></form>\n"; $res .= $GLOBALS["PoweredBy"]; $res .= $pagedata["footer"]; return $res; } $current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash, user.password as password FROM {$tables['list']} as list,{$tables['listuser']} as listuser,{$tables['user']} as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"{$email}\""); $some = $current["listid"]; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current["userhash"]; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS["strUnsubscribeFinalInfo"]; $pref_url = getConfig("preferencesurl"); $sep = ereg('\\?', $pref_url) ? '&' : '?'; $finaltext = eregi_replace('\\[preferencesurl\\]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { $res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>"; $res .= '<p><input type=submit value="' . $GLOBALS["strResubmit"] . '">'; } else { list($r, $c) = explode(",", getConfig("textarea_dimensions")); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS["strUnsubscribeRequestForReason"]; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . ' ' . $finaltext . ' <p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>'; } $res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>'; $res .= $pagedata["footer"]; return $res; }
$listoflists = ''; while (list($key, $listid) = each($_SESSION['lists'])) { $query = 'replace INTO ' . $tables['listuser'] . " (userid,listid,entered) values({$userid},{$listid},now())"; $result = Sql_query($query, 1); # if the affected rows is 2, the user was already subscribed $addition = $addition || Sql_Affected_Rows() == 1; $listoflists .= ' * ' . listName($key) . "\n"; # $_SESSION["listname"][$key] . "\n"; } if ($addition) { ++$count['list_add']; } if (!TEST && $_SESSION['notify'] == 'yes' && $addition) { $subscribemessage = str_replace('[LISTS]', $listoflists, getUserConfig('subscribemessage', $userid)); if (function_exists('sendmail')) { sendMail($user['systemvalues']['email'], getConfig('subscribesubject'), $subscribemessage, system_messageheaders(), $envelope); if (isset($_SESSION['throttle_import'])) { sleep($_SESSION['throttle_import']); } } } } elseif ($isBlackListed) { ## mark blacklisted, just in case ##17288 Sql_Query(sprintf('update %s set blacklisted = 1 where id = %d', $tables['user'], $userid)); ++$count['foundblacklisted']; } if (!is_array($_SESSION['groups'])) { $groups = array(); } else { $groups = $_SESSION['groups']; }
function unsubscribePage($id) { $pagedata = pageData($id); global $tables; $res = $pagedata["header"]; $res .= '<title>'.$GLOBALS["strUnsubscribeTitle"].'</title>'; if ($_POST["unsubscribe"] && eregi(".+\@.+\..+",$_POST["email"]) && $_POST["list"]) { $email = trim($_POST["email"]); $result = Sql_query("SELECT * FROM $tables[list]"); while ($row = Sql_fetch_array($result)) { if ($row["active"]) $availlists[$row["id"]] = $row["name"]; } $query = Sql_Fetch_Row_Query("select id from {$tables["user"]} where email = \"$email\""); $userid = $query[0]; if ($_POST["list"] && !$_POST["list"]["none"]) { if ($_POST["list"]["all"]) { $result = Sql_query("delete from {$tables["listuser"]} where userid = \"$userid\""); $lists = " * $strAllMailinglists\n"; } else { while(list($key,$val)= each($_POST["list"])) { if ($val == "signoff") { $result = Sql_query("delete from $tables[listuser] where userid = \"$userid\" and listid = \"$key\""); $lists .= " * ".$availlists[$key] . "\n"; } } } $unsubscribemessage = ereg_replace("\[LISTS\]", $lists,getUserConfig("unsubscribemessage",$userid)); sendMail($email, getConfig("unsubscribesubject"), $unsubscribemessage, system_messageheaders($email)); sendAdminCopy("List unsubscription",$email . " has unsubscribed from\n $lists"); } $res .= '<h1>'.$GLOBALS["strUnsubscribeDone"] ."</h1><P>"; $res .= $GLOBALS["PoweredBy"].'</p>'; $res .= $pagedata["footer"]; return $res; } elseif ($_POST["unsubscribe"] && !$_POST["email"]) { $msg = '<span class="error">'.$GLOBALS["strEnterEmail"]."</span><br>"; } elseif ($_GET["uid"]) { $req = Sql_Query("select * from $tables[user] where uniqid = \"".$_GET["uid"]."\""); $userdata = Sql_Fetch_Array($req); $email = $userdata["email"]; } elseif ($_GET["email"]) { $email = trim($_GET["email"]); } else { $email = $_POST["email"]; } $res .= '<b>'. $GLOBALS["strUnsubscribeInfo"].'</b><br>'. $msg.formStart(); $res .= '<table> <tr><td>'.$GLOBALS["strEnterEmail"].':</td><td colspan=3><input type=text name=email value="'.$email.'" size=40></td></tr> </table>'; if (!$email) { $res .= "<input type=submit name=unsubscribe value=\"$GLOBALS[strContinue]\"></form>\n"; $res .= $GLOBALS["PoweredBy"]; $res .= $pagedata["footer"]; return $res; } $res .= $GLOBALS["strUnsubscribeSelect"].':'; $res .= '<ul>'; $result = Sql_query("SELECT $tables[list].id as id, $tables[list].name as name, $tables[list].description as description FROM $tables[list],$tables[listuser],$tables[user] where $tables[list].id = $tables[listuser].listid and $tables[user].id = $tables[listuser].userid and $tables[user].email = \"$email\""); $num = Sql_Affected_Rows(); $hidesinglelist = getConfig("hide_single_list"); $hide = $num == 1 && $hidesinglelist == "true"; if (!$hide) { $out = ' <li><input type=checkbox name=list[all] value=signoff>'.$GLOBALS["strAllLists"].' <li><input type=checkbox name=list[none] value=signoff>'.$GLOBALS["strNoLists"]; } while ($row = Sql_fetch_array($result)) { if (!$hide) { $out .= "<li><input type=checkbox name=list[".$row["id"] . "] value=signoff>".$row["name"] ." \n"; $desc = nl2br(StripSlashes($row["description"])); $out .= "<dd>$desc\n"; } else { $out .= "<input type=hidden name=list[".$row["id"] . "] value=signoff>"; } $some = 1; } if (!$some) { $res .= "<b>".$GLOBALS["strNoListsFound"]."</b>"; $res .= '<p><input type=submit value="'.$GLOBALS["strResubmit"].'">'; } else { $res .= $out; $res .= '</ul> <p><input type=submit name=unsubscribe value="'.$GLOBALS["strUnsubscribeSubmit"].'">'; } $res .= '<p>'.$GLOBALS["PoweredBy"].'</p>'; $res .= $pagedata["footer"]; return $res; }
# assigning to $_SESSION this is broken in 4.2.3 $_SESSION["logindetails"] = array("adminname" => $_REQUEST["login"], "id" => $userdata[2]); if ($_POST["page"] && $_POST["page"] != "") { $page = $_POST["page"]; } } else { $_SESSION["adminloggedin"] = ""; $_SESSION["logindetails"] = ""; $msg = "invalid password"; $page = "login"; } } elseif ($_REQUEST["forgotpassword"]) { $req = Sql_Query('select email,password,loginname from ' . $tables["admin"] . ' where email = "' . $_REQUEST["forgotpassword"] . '"'); if (Sql_Affected_Rows()) { $row = Sql_Fetch_Row($req); sendMail($row[0], "Your password for PHPlist", "\n\nYour loginname is {$row['2']}\nYour password is {$row['1']}", system_messageheaders(), $envelope_from); $msg = "Your password has been sent by email"; } $page = "login"; } elseif (!session_is_registered("adminloggedin")) { $page = "login"; } elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != getenv("REMOTE_ADDR")) { $msg = "Your IP address has changed. For security reasons, please login again"; $_SESSION["adminloggedin"] = ""; $_SESSION["logindetails"] = ""; $page = "login"; } elseif ($_SESSION["logindetails"]) { $noaccess_req = Sql_Fetch_Row_Query(sprintf('select id,disabled from %s where id = "%s"', $tables["admin"], $_SESSION["logindetails"]["id"])); if (!$noaccess_req[0]) { session_unregister("adminloggedin"); session_unregister("logindetails");