$id = 0;
}
if ($GLOBALS["require_login"] && !isSuperUser()) {
$access = accessLevel("editlist");
switch ($access) {
case "owner":
$subselect = " where owner = " . $_SESSION["logindetails"]["id"];
$subselect_and = " and owner = " . $_SESSION["logindetails"]["id"];
if ($id) {
Sql_Query("select id from " . $GLOBALS['tables']["list"] . $subselect . " and id = {$id}");
if (!Sql_Affected_Rows()) {
Error($GLOBALS['I18N']->get('You do not have enough privileges to view this page'));
return;
}
} else {
$numlists = Sql_Fetch_Row_query("select count(*) from {$GLOBALS['tables']['list']} {$subselect}");
if (!($numlists[0] < MAXLIST)) {
Error($GLOBALS['I18N']->get('You cannot create a new list because you have reached maximum number of lists.'));
return;
}
}
break;
case "all":
$subselect = "";
$subselect_and = "";
break;
case "none":
default:
$subselect_and = " and owner = -1";
if ($id) {
Fatal_Error($GLOBALS['I18N']->get('You do not have enough privileges to view this page'));
#print "$track<br/>";
#print "User $userid, Mess $messageid, Link $linkid";
$ml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $messageid, $fwdid));
if (empty($ml['firstclick'])) {
Sql_query(sprintf('update %s set firstclick = now(),latestclick = now(),clicked = clicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid));
} else {
Sql_query(sprintf('update %s set clicked = clicked + 1, latestclick = now() where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid));
}
if ($msgtype == 'H') {
Sql_query(sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid));
$trackingcode = 'utm_source=phplist' . $messageid . '&utm_medium=email&utm_content=HTML&utm_campaign=' . urlencode($messagedata['subject']);
} elseif ($msgtype == 'T') {
Sql_query(sprintf('update %s set textclicked = textclicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid));
$trackingcode = 'utm_source=phplist' . $messageid . '&utm_medium=email&utm_content=text&utm_campaign=' . urlencode($messagedata['subject']);
}
$viewed = Sql_Fetch_Row_query(sprintf('select viewed from %s where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid));
if (!$viewed[0]) {
Sql_Query(sprintf('update %s set viewed = now() where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid));
Sql_Query(sprintf('update %s set viewed = viewed + 1 where id = %d', $GLOBALS['tables']['message'], $messageid));
}
$uml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $messageid, $fwdid, $userid));
if (empty($uml['firstclick'])) {
Sql_query(sprintf('insert into %s set firstclick = now(), forwardid = %d, messageid = %d, userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid));
}
Sql_query(sprintf('update %s set clicked = clicked + 1, latestclick = now() where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid));
if ($msgtype == 'H') {
Sql_query(sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid));
} elseif ($msgtype == 'T') {
Sql_query(sprintf('update %s set textclicked = textclicked + 1 where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid));
}
$url = $linkdata['url'];
$ls = new WebblerListing($GLOBALS['I18N']->get('URL Click Statistics'));
$urldata = Sql_Fetch_Array_Query(sprintf('select url from %s where id = %d', $GLOBALS['tables']['linktrack_forward'], $id));
print '<h3>' . $GLOBALS['I18N']->get('Click details for a URL') . ' <b>' . $urldata['url'] . '</b></h3><br/>';
print PageLinkButton('userclicks&fwdid=' . $id, s('View subscribers'));
if ($download) {
header('Content-disposition: attachment; filename="phpList URL click statistics for ' . $urldata['url'] . '.csv"');
}
$req = Sql_Query(sprintf('select messageid,firstclick,date_format(latestclick,
"%%e %%b %%Y %%H:%%i") as latestclick,total,clicked from %s where forwardid = %d and firstclick is not null order by firstclick desc
', $GLOBALS['tables']['linktrack_ml'], $id));
$summary = array();
$summary['totalsent'] = 0;
$summary['totalclicks'] = 0;
$summary['uniqueclicks'] = 0;
while ($row = Sql_Fetch_Array($req)) {
$msgsubj = Sql_Fetch_Row_query(sprintf('select subject from %s where id = %d', $GLOBALS['tables']['message'], $row['messageid']));
if (!$download) {
$element = '<!-- ' . $row['messageid'] . '-->' . shortenTextDisplay($msgsubj[0], 30);
} else {
$element = '<!-- ' . $row['messageid'] . '-->' . $msgsubj[0];
}
# $element = $GLOBALS['I18N']->get('msg').' '.$row['messageid'].': '.substr($msgsubj[0],0,25). '...';
# $element = sprintf('<a href="%s" target="_blank" class="url" title="%s">%s</a>',$row['url'],$row['url'],substr(str_replace('http://','',$row['url']),0,50));
# $total = Sql_Verbose_Query(sprintf('select count(*) as total from %s where messageid = %d and url = "%s"',
# $GLOBALS['tables']['linktrack'],$id,$row['url']));
# if (CLICKTRACK_SHOWDETAIL) {
$uniqueclicks = Sql_Fetch_Array_Query(sprintf('select count(distinct userid) as users from %s
where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_uml_click'], $row['messageid'], $id));
# }
$ls->addElement($element, PageUrl2('mclicks&id=' . $row['messageid']));
$ls->setClass($element, 'row1');
} else {
print "<p>User has been added and confirmed</p>";
}
}
print "<P>".$PoweredBy.'</p>';
print $subscribepagedata["footer"];
exit;
} elseif ($_POST["update"] && is_email($_POST["email"]) && $allthere) {
$email = trim($_POST["email"]);
if ($_GET["uid"]) {
$req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"',
$tables["user"],$_GET["uid"]));
$userid = $req[0];
} else {
$req = Sql_Fetch_Row_query("select * from {$tables["user"]} where email = \"".$_REQUEST["email"]."\"");
$userid = $req[0];
}
if (!$userid)
Fatal_Error("Error, no such user");
# update the existing record, check whether the email has changed
$req = Sql_Query("select * from {$tables["user"]} where id = $userid");
$data = Sql_fetch_array($req);
# check whether they are changing to an email that already exists, should not be possible
$req = Sql_Query("select uniqid from {$tables["user"]} where email = \"$email\"");
if (Sql_Affected_Rows()) {
$row = Sql_Fetch_Row($req);
if ($row[0] != $_GET["uid"]) {
Fatal_Error("Cannot change to that email address.
<br/>This email already exists.
<br/>Please use the preferences URL for this email to make updates.
<?php
require_once dirname(__FILE__) . '/accesscheck.php';
ob_end_flush();
$limit = ' limit 100';
$numperrun = 500;
$bouncerules = loadBounceRules();
$req = Sql_Fetch_Row_query(sprintf('select count(*) from %s where comment != "not processed"', $GLOBALS['tables']['bounce']));
$total = $req[0];
if (isset($_GET['s'])) {
$s = sprintf('%d', $_GET['s']);
$e = $s + $numperrun;
} else {
$s = 0;
$e = $numperrun;
}
$limit = ' limit ' . $s . ', ' . $numperrun;
if ($total > $numperrun && $e < $total) {
$next = '<p>' . PageLink2('checkbouncerules&s=' . $e, sprintf($GLOBALS['I18N']->get('Process Next %d'), $numperrun)) . '</p>';
} else {
$next = '';
}
$unmatched = 0;
$matched = 0;
$req = Sql_Query(sprintf('select * from %s where comment != "not processed" %s', $GLOBALS['tables']['bounce'], $limit));
while ($row = Sql_Fetch_Array($req)) {
$action = matchBounceRules($row['data'], $bouncerules);
if ($action) {
# print $row['comment']. " Match: $action<br/>";
$matched++;
} else {
$count = 0;
$notmatched = 0;
$existmatch = 0;
$rules = array();
function output($message)
{
print $message . "<br/>\n";
flush();
}
# lets not do this unless we do some locking first
$abort = ignore_user_abort(1);
$process_id = getPageLock();
if (empty($process_id)) {
return;
}
$req = Sql_Fetch_Row_query(sprintf('select count(*) from %s ', $GLOBALS['tables']['bounce']));
$total = $req[0];
if (isset($_GET['s'])) {
$s = sprintf('%d', $_GET['s']);
$e = $s + $numperrun;
} else {
$s = 0;
$e = $numperrun;
}
$limit = ' limit ' . $s . ', ' . $numperrun;
if ($total > $numperrun && $e < $total) {
$next = '<p class="button">' . PageLink2('generatebouncerules&s=' . $e, $GLOBALS['I18N']->get('Process Next Batch')) . '</p>';
} else {
$next = '';
}
$req = Sql_query(sprintf('select * from %s %s ', $GLOBALS['tables']['bounce'], $limit));
output($GLOBALS['I18N']->get('Processed') . ' ' . $processed . ' ' . $GLOBALS['I18N']->get('out of') . ' ' . $num_users . ' ' . $GLOBALS['I18N']->get('users'));
if ($num_users - $sent <= 0) {
# this message is done
if (!$someusers) {
output($GLOBALS['I18N']->get('Hmmm, No users found to send to'));
}
if (!$failed_sent) {
repeatMessage($messageid);
$status = Sql_query(sprintf('update %s set status = "sent",sent = now() where id = %d', $GLOBALS['tables']['message'], $messageid));
if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) {
$notifications = explode(',', $msgdata['notify_end']);
foreach ($notifications as $notification) {
sendMail($notification, $GLOBALS['I18N']->get('Message Sending has finished'), sprintf($GLOBALS['I18N']->get('phplist has finished sending the message with subject %s'), $message['subject']));
}
Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,now())', $GLOBALS['tables']['messagedata'], $messageid));
}
$timetaken = Sql_Fetch_Row_query("select sent,sendstart from {$tables['message']} where id = \"{$messageid}\"");
output($GLOBALS['I18N']->get('It took') . ' ' . timeDiff($timetaken[0], $timetaken[1]) . ' ' . $GLOBALS['I18N']->get('to send this message'));
sendMessageStats($messageid);
}
} else {
if ($script_stage < 5) {
$script_stage = 5;
}
}
}
if (!$num_messages) {
$script_stage = 6;
}
# we are done
# shutdown will take care of reporting
break;
case 'all':
$subselect = '';
$subselect_and = '';
break;
case 'none':
default:
$subselect = ' where id = 0';
$subselect_and = ' and id = 0';
break;
}
print '<div class="actions">';
print PageLinkButton('catlists', $I18N->get('Categorise lists'));
$canaddlist = false;
if ($GLOBALS['require_login'] && !isSuperUser()) {
$numlists = Sql_Fetch_Row_query("select count(*) from {$tables['list']} where owner = " . $_SESSION['logindetails']['id']);
if ($numlists[0] < MAXLIST) {
print PageLinkButton("editlist", $GLOBALS['I18N']->get('Add a list'));
$canaddlist = true;
}
} else {
print PageLinkButton('editlist', $GLOBALS['I18N']->get('Add a list'));
$canaddlist = true;
}
print '</div>';
if (isset($_GET['delete'])) {
$delete = sprintf('%d', $_GET['delete']);
# delete the index in delete
$actionresult = $GLOBALS['I18N']->get('Deleting') . ' ' . $GLOBALS['I18N']->get('list') . " {$delete} ..\n";
$result = Sql_query(sprintf('delete from ' . $tables['list'] . ' where id = %d %s', $delete, $subselect_and));
$done = Sql_Affected_Rows();
$desc = sprintf('RSS source: <a href="%s" target="_blank">%s</a><br/> ', $row["rssfeed"], $feed) . PageLink2("viewrss&id=" . $row["id"], "(View Items)") . '<br/>' . $desc;
}
$html .= sprintf('<tr><td valign=top>%d</td><td valign=top><b>
%s</b><br/>%d members</td><td valign=top><input type=text name="listorder[%d]" value="%d" size=5></td>
<td valign=top>%s | %s | <a href="javascript:deleteRec(\'%s\');">delete</a></td>
<td valign=top><input type=checkbox name="active[%d]" value="1" %s></td>
<td valign=top>%s</td></tr><tr><td> </td><td colspan=5>%s</td></tr><tr><td colspan=6><hr width=50%% size=4></td></tr>', $row["id"], $row["name"], $count[0], $row["id"], $row["listorder"], PageLink2("editlist", "edit", "id=" . $row["id"]), PageLink2("members", "view members", "id=" . $row["id"]), PageURL2("list", "", "delete=" . $row["id"]), $row["id"], $row["active"] ? "checked" : "", $GLOBALS["require_login"] ? adminName($row["owner"]) : "n/a", $desc);
$some = 1;
}
if (!$some) {
echo "No lists available, use Add to add one";
} else {
echo '<table border=0><tr><td>No</td><td>Name</td><td>Order</td><td>Functions</td><td>
Active</td><td>Owner</td><td>' . $html . '<tr><td colspan=6 align=center><input type=submit name="update" value="Save Changes"></td></tr></table>';
}
?>
</ul>
</form>
<p><?
if ($GLOBALS["require_login"] && !isSuperUser()) {
$numlists = Sql_Fetch_Row_query("select count(*) from {$tables["list"]} where owner = ".$_SESSION["logindetails"]["id"]);
if ($numlists[0] < MAXLIST) {
print PageLink2("editlist","Add a list");
}
} else {
print PageLink2("editlist","Add a list");
}
print $subscribepagedata['footer'];
// exit;
// Instead of exiting here, we return 2. So in lists/index.php
// We can decide, whether to show subscribe page or not.
## issue 6508
return 2;
} elseif (isset($_POST['update']) && $_POST['update'] && is_email($_POST['email']) && $allthere) {
$email = trim($_POST['email']);
if (preg_match("/(.*)\n/U", $email, $regs)) {
$email = $regs[1];
}
if ($_GET['uid']) {
$req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $GLOBALS['tables']['user'], $_GET['uid']));
$userid = $req[0];
} else {
$req = Sql_Fetch_Row_query("select id from {$GLOBALS['tables']['user']} where email = \"" . sql_escape($_GET['email']) . '"');
$userid = $req[0];
}
if (!$userid) {
Fatal_Error('Error, no such user');
}
# update the existing record, check whether the email has changed
$req = Sql_Query("select * from {$GLOBALS['tables']['user']} where id = {$userid}");
$data = Sql_fetch_array($req);
# check that the password was provided if required
# we only require a password if there is one, otherwise people are blocked out
# when switching to requiring passwords
if (ASKFORPASSWORD && $data['password']) {
# they need to be "logged in" for this
if (empty($_SESSION['userloggedin'])) {
Fatal_Error('Access Denied');
Sql_Query(sprintf('update %s set htmlemail = 0 where id = %d', $tables["user"], $userid));
print sprintf($GLOBALS['I18N']->get('MadeUserRText'), $userid);
}
if ($userid && $deleteuser) {
deleteUser($userid);
print sprintf($GLOBALS['I18N']->get('DelUser') . '\\n', $userid);
}
if ($deletebounce) {
print sprintf($GLOBALS['I18N']->get('DeletingB') . '\\n', $id);
Sql_query("delete from {$tables["bounce"]} where id = {$id}");
print $GLOBALS['I18N']->get('DoneAndLoading') . "<br /><hr><br />\n";
print PageLink2("bounces", $GLOBALS['I18N']->get('BackToBList'));
$next = Sql_Fetch_Row_query(sprintf('select id from %s where id > %d', $tables["bounce"], $id));
$id = $next[0];
if (!$id) {
$next = Sql_Fetch_Row_query(sprintf('select id from %s order by id desc limit 0,5', $tables["bounce"], $id));
$id = $next[0];
}
}
}
$guessedemail = '';
if ($id) {
$result = Sql_query("SELECT * FROM {$tables["bounce"]} where id = {$id}");
if (!Sql_Affected_Rows()) {
Fatal_Error($GLOBALS['I18N']->get('NoSRecord'));
}
$bounce = sql_fetch_array($result);
#printf( "<br /><li><a href=\"javascript:deleteRec('%s');\">Delete</a>\n",PageURL2("bounce","","delete=$id"));
if (preg_match("#([\\d]+) bouncecount increased#", $bounce["comment"], $regs)) {
$guessedid = $regs[1];
$emailreq = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $tables["user"], $guessedid));
function deleteItem($table, $attributeid, $delete)
{
global $tables, $replace;
# delete the index in delete
$valreq = Sql_Fetch_Row_query("select name from {$table} where id = {$delete}");
$val = $valreq[0];
# check dependencies
$dependencies = array();
$result = Sql_query("select distinct userid from {$tables['user_attribute']} where\n attributeid = {$attributeid} and value = {$delete}");
while ($row = Sql_fetch_array($result)) {
array_push($dependencies, $row["userid"]);
}
if (sizeof($dependencies) == 0) {
$result = Sql_query("delete from {$table} where id = {$delete}");
} else {
if ($replace) {
$result = Sql_Query("update {$tables['user_attribute']} set value = {$replace} where value = {$delete}");
$result = Sql_query("delete from {$table} where id = {$delete}");
} else {
print $GLOBALS["I18N"]->get("cannotdelete");
print " <b>{$val}</b><br />";
print $GLOBALS["I18N"]->get("dependentrecords") . '<p></p>';
for ($i = 0; $i < sizeof($dependencies); $i++) {
print PageLink2("user", $GLOBALS["I18N"]->get("user") . " " . $dependencies[$i], "id={$dependencies[$i]}") . "<br />\n";
if ($i > 10) {
print $GLOBALS['I18N']->get('TooManyToList') . "\n " . sizeof($dependencies) . "<br /><br />";
giveAlternative($table, $delete, $attributeid);
return 0;
}
}
print "</p><br />";
giveAlternative($table, $delete, $attributeid);
}
}
return 1;
}
$linkid = sprintf('%d', $linkid);
$messageid = sprintf('%d', $messageid);
$linkdata = Sql_Fetch_array_query(sprintf('select * from %s where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $linkid, $userid, $messageid));
if (!$linkid || $linkdata['linkid'] != $linkid || !$userid || !$messageid) {
FileNotFound();
# echo 'Invalid Request';
# maybe some logging?
exit;
}
#print "$track<br/>";
#print "User $userid, Mess $messageid, Link $linkid";
if (!isset($linkdata['firstclick'])) {
Sql_query(sprintf('update %s set firstclick = now() where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $linkid, $userid, $messageid));
}
Sql_query(sprintf('update %s set clicked = clicked + 1 where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $linkid, $userid, $messageid));
$viewed = Sql_Fetch_Row_query(sprintf('SELECT viewed FROM %s WHERE messageid = %d AND userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid));
if (!$viewed[0]) {
Sql_Query(sprintf('update %s set viewed = now() where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid));
Sql_Query(sprintf('update %s set viewed = (viewed + 1) where id = %d', $GLOBALS['tables']['message'], $messageid));
}
switch ($msgtype) {
case 'H':
Sql_Query(sprintf('insert into %s (linkid,userid,messageid,name,data,date)
values(%d,%d,%d,"Message Type","HTML",now())', $GLOBALS['tables']['linktrack_userclick'], $linkid, $userid, $messageid));
break;
case 'T':
Sql_Query(sprintf('insert into %s (linkid,userid,messageid,name,data,date)
values(%d,%d,%d,"Message Type","Text",now())', $GLOBALS['tables']['linktrack_userclick'], $linkid, $userid, $messageid));
break;
default:
Sql_Query(sprintf('insert into %s (linkid,userid,messageid,name,data,date)
function deleteItem($table, $attributeid, $delete)
{
global $tables;
if (isset($_REQUEST['replace'])) {
$replace = sprintf('%d', $_REQUEST['replace']);
} else {
$replace = 0;
}
# delete the index in delete
$valreq = Sql_Fetch_Row_query("select name from {$table} where id = {$delete}");
$val = $valreq[0];
# check dependencies
$dependencies = array();
$result = Sql_query("select distinct userid from {$tables['user_attribute']} where\n attributeid = {$attributeid} and value = {$delete}");
while ($row = Sql_fetch_array($result)) {
array_push($dependencies, $row["userid"]);
}
if (sizeof($dependencies) == 0) {
$result = Sql_query("delete from {$table} where id = {$delete}");
} else {
if ($replace) {
$result = Sql_Query("update {$tables['user_attribute']} set value = {$replace} where value = {$delete}");
$result = Sql_query("delete from {$table} where id = {$delete}");
} else {
print $GLOBALS["I18N"]->get("Cannot delete");
print " <b>{$val}</b><br />";
print $GLOBALS["I18N"]->get("The following subscriber(s) are dependent on this value<br />Update the subscriber profiles to not use this attribute value and try again");
for ($i = 0; $i < sizeof($dependencies); $i++) {
print PageLink2("user", $GLOBALS["I18N"]->get("user") . " " . $dependencies[$i], "id={$dependencies[$i]}") . "<br />\n";
if ($i > 10) {
print $GLOBALS['I18N']->get('* Too many to list, total dependencies:') . "\n " . sizeof($dependencies) . "<br /><br />";
giveAlternative($table, $delete, $attributeid);
return 0;
}
}
print "<br />";
giveAlternative($table, $delete, $attributeid);
}
}
return 1;
}
function deleteItem($table, $attributeid, $delete)
{
global $tables, $replace;
# delete the index in delete
$valreq = Sql_Fetch_Row_query("select name from {$table} where id = {$delete}");
$val = $valreq[0];
# check dependencies
$dependencies = array();
$result = Sql_query("select distinct userid from {$tables['user_attribute']} where\n attributeid = {$attributeid} and value = {$delete}");
while ($row = Sql_fetch_array($result)) {
array_push($dependencies, $row["userid"]);
}
if (sizeof($dependencies) == 0) {
$result = Sql_query("delete from {$table} where id = {$delete}");
} else {
if ($replace) {
$result = Sql_Query("update {$tables['user_attribute']} set value = {$replace} where value = {$delete}");
$result = Sql_query("delete from {$table} where id = {$delete}");
} else {
?>
Cannot delete <b><?php
echo $val;
?>
</b><br />
The Following record(s) are dependent on this value<br />
Update the record(s) to not use this attribute value and try again<p>
<?php
for ($i = 0; $i < sizeof($dependencies); $i++) {
print PageLink2("user", "User " . $dependencies[$i], "id={$dependencies[$i]}") . "<br />\n";
if ($i > 10) {
print "* Too many to list, total dependencies:\n " . sizeof($dependencies) . "<br /><br />";
giveAlternative($table, $delete, $attributeid);
return 0;
}
}
print "</p><br />";
giveAlternative($table, $delete, $attributeid);
}
}
return 1;
}
print $subscribepagedata["footer"];
// exit;
// Instead of exiting here, we return 2. So in lists/index.php
// We can decide, whether to show subcribe page or not.
## issue 6508
return 2;
} elseif (isset($_POST["update"]) && $_POST["update"] && is_email($_POST["email"]) && $allthere) {
$email = trim($_POST["email"]);
if (preg_match("/(.*)\n/U", $email, $regs)) {
$email = $regs[1];
}
if ($_GET["uid"]) {
$req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $GLOBALS["tables"]["user"], $_GET["uid"]));
$userid = $req[0];
} else {
$req = Sql_Fetch_Row_query("select id from {$GLOBALS["tables"]["user"]} where email = \"" . $_GET["email"] . "\"");
$userid = $req[0];
}
if (!$userid) {
Fatal_Error("Error, no such user");
}
# update the existing record, check whether the email has changed
$req = Sql_Query("select * from {$GLOBALS["tables"]["user"]} where id = {$userid}");
$data = Sql_fetch_array($req);
# check that the password was provided if required
# we only require a password if there is one, otherwise people are blocked out
# when switching to requiring passwords
if (ASKFORPASSWORD && $data['password']) {
# they need to be "logged in" for this
if (empty($_SESSION['userloggedin'])) {
Fatal_Error("Access Denied");
} else {
$id = 0;
}
if (isset($_GET['start'])) {
$start = sprintf('%d', $_GET['start']);
} else {
$start = 0;
}
$addcomparison = 0;
$access = accessLevel('mviews');
#print "Access level: $access";
switch ($access) {
case 'owner':
$subselect = ' and owner = ' . $_SESSION["logindetails"]["id"];
if ($id) {
$allow = Sql_Fetch_Row_query(sprintf('select owner from %s where id = %d %s', $GLOBALS['tables']['message'], $id, $subselect));
if ($allow[0] != $_SESSION["logindetails"]["id"]) {
print $GLOBALS['I18N']->get('You do not have access to this page');
return;
}
}
$addcomparison = 1;
break;
case 'all':
$subselect = '';
break;
case 'none':
default:
$subselect = ' where id = 0';
print $GLOBALS['I18N']->get('You do not have access to this page');
return;
$id = 0;
}
if ($GLOBALS["require_login"] && !isSuperUser()) {
$access = accessLevel("list");
switch ($access) {
case "owner":
$subselect = " where owner = " . $_SESSION["logindetails"]["id"];
$subselect_and = " and owner = " . $_SESSION["logindetails"]["id"];
if ($id) {
Sql_Query("select id from " . $tables["list"] . $subselect . " and id = {$id}");
if (!Sql_Affected_Rows()) {
Fatal_Error($GLOBALS['I18N']->get('You do not have enough priviliges to view this page'));
return;
}
} else {
$numlists = Sql_Fetch_Row_query("select count(*) from {$tables['list']} {$subselect}");
if (!($numlists[0] < MAXLIST)) {
Fatal_Error($GLOBALS['I18N']->get('You cannot create a new list because you have reached maximum number of lists.'));
return;
}
}
## if the admin doesn't have full permissions, we don't allow HTML in the description
if (isset($_POST["description"])) {
$_POST["description"] = strip_tags($_POST["description"]);
}
break;
case "all":
$subselect = "";
$subselect_and = "";
break;
case "none":
