$id = 0; } if ($GLOBALS["require_login"] && !isSuperUser()) { $access = accessLevel("editlist"); switch ($access) { case "owner": $subselect = " where owner = " . $_SESSION["logindetails"]["id"]; $subselect_and = " and owner = " . $_SESSION["logindetails"]["id"]; if ($id) { Sql_Query("select id from " . $GLOBALS['tables']["list"] . $subselect . " and id = {$id}"); if (!Sql_Affected_Rows()) { Error($GLOBALS['I18N']->get('You do not have enough privileges to view this page')); return; } } else { $numlists = Sql_Fetch_Row_query("select count(*) from {$GLOBALS['tables']['list']} {$subselect}"); if (!($numlists[0] < MAXLIST)) { Error($GLOBALS['I18N']->get('You cannot create a new list because you have reached maximum number of lists.')); return; } } break; case "all": $subselect = ""; $subselect_and = ""; break; case "none": default: $subselect_and = " and owner = -1"; if ($id) { Fatal_Error($GLOBALS['I18N']->get('You do not have enough privileges to view this page'));
#print "$track<br/>"; #print "User $userid, Mess $messageid, Link $linkid"; $ml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $messageid, $fwdid)); if (empty($ml['firstclick'])) { Sql_query(sprintf('update %s set firstclick = now(),latestclick = now(),clicked = clicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); } else { Sql_query(sprintf('update %s set clicked = clicked + 1, latestclick = now() where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); } if ($msgtype == 'H') { Sql_query(sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); $trackingcode = 'utm_source=phplist' . $messageid . '&utm_medium=email&utm_content=HTML&utm_campaign=' . urlencode($messagedata['subject']); } elseif ($msgtype == 'T') { Sql_query(sprintf('update %s set textclicked = textclicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); $trackingcode = 'utm_source=phplist' . $messageid . '&utm_medium=email&utm_content=text&utm_campaign=' . urlencode($messagedata['subject']); } $viewed = Sql_Fetch_Row_query(sprintf('select viewed from %s where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid)); if (!$viewed[0]) { Sql_Query(sprintf('update %s set viewed = now() where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid)); Sql_Query(sprintf('update %s set viewed = viewed + 1 where id = %d', $GLOBALS['tables']['message'], $messageid)); } $uml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $messageid, $fwdid, $userid)); if (empty($uml['firstclick'])) { Sql_query(sprintf('insert into %s set firstclick = now(), forwardid = %d, messageid = %d, userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); } Sql_query(sprintf('update %s set clicked = clicked + 1, latestclick = now() where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); if ($msgtype == 'H') { Sql_query(sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); } elseif ($msgtype == 'T') { Sql_query(sprintf('update %s set textclicked = textclicked + 1 where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); } $url = $linkdata['url'];
$ls = new WebblerListing($GLOBALS['I18N']->get('URL Click Statistics')); $urldata = Sql_Fetch_Array_Query(sprintf('select url from %s where id = %d', $GLOBALS['tables']['linktrack_forward'], $id)); print '<h3>' . $GLOBALS['I18N']->get('Click details for a URL') . ' <b>' . $urldata['url'] . '</b></h3><br/>'; print PageLinkButton('userclicks&fwdid=' . $id, s('View subscribers')); if ($download) { header('Content-disposition: attachment; filename="phpList URL click statistics for ' . $urldata['url'] . '.csv"'); } $req = Sql_Query(sprintf('select messageid,firstclick,date_format(latestclick, "%%e %%b %%Y %%H:%%i") as latestclick,total,clicked from %s where forwardid = %d and firstclick is not null order by firstclick desc ', $GLOBALS['tables']['linktrack_ml'], $id)); $summary = array(); $summary['totalsent'] = 0; $summary['totalclicks'] = 0; $summary['uniqueclicks'] = 0; while ($row = Sql_Fetch_Array($req)) { $msgsubj = Sql_Fetch_Row_query(sprintf('select subject from %s where id = %d', $GLOBALS['tables']['message'], $row['messageid'])); if (!$download) { $element = '<!-- ' . $row['messageid'] . '-->' . shortenTextDisplay($msgsubj[0], 30); } else { $element = '<!-- ' . $row['messageid'] . '-->' . $msgsubj[0]; } # $element = $GLOBALS['I18N']->get('msg').' '.$row['messageid'].': '.substr($msgsubj[0],0,25). '...'; # $element = sprintf('<a href="%s" target="_blank" class="url" title="%s">%s</a>',$row['url'],$row['url'],substr(str_replace('http://','',$row['url']),0,50)); # $total = Sql_Verbose_Query(sprintf('select count(*) as total from %s where messageid = %d and url = "%s"', # $GLOBALS['tables']['linktrack'],$id,$row['url'])); # if (CLICKTRACK_SHOWDETAIL) { $uniqueclicks = Sql_Fetch_Array_Query(sprintf('select count(distinct userid) as users from %s where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_uml_click'], $row['messageid'], $id)); # } $ls->addElement($element, PageUrl2('mclicks&id=' . $row['messageid'])); $ls->setClass($element, 'row1');
} else { print "<p>User has been added and confirmed</p>"; } } print "<P>".$PoweredBy.'</p>'; print $subscribepagedata["footer"]; exit; } elseif ($_POST["update"] && is_email($_POST["email"]) && $allthere) { $email = trim($_POST["email"]); if ($_GET["uid"]) { $req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $tables["user"],$_GET["uid"])); $userid = $req[0]; } else { $req = Sql_Fetch_Row_query("select * from {$tables["user"]} where email = \"".$_REQUEST["email"]."\""); $userid = $req[0]; } if (!$userid) Fatal_Error("Error, no such user"); # update the existing record, check whether the email has changed $req = Sql_Query("select * from {$tables["user"]} where id = $userid"); $data = Sql_fetch_array($req); # check whether they are changing to an email that already exists, should not be possible $req = Sql_Query("select uniqid from {$tables["user"]} where email = \"$email\""); if (Sql_Affected_Rows()) { $row = Sql_Fetch_Row($req); if ($row[0] != $_GET["uid"]) { Fatal_Error("Cannot change to that email address. <br/>This email already exists. <br/>Please use the preferences URL for this email to make updates.
<?php require_once dirname(__FILE__) . '/accesscheck.php'; ob_end_flush(); $limit = ' limit 100'; $numperrun = 500; $bouncerules = loadBounceRules(); $req = Sql_Fetch_Row_query(sprintf('select count(*) from %s where comment != "not processed"', $GLOBALS['tables']['bounce'])); $total = $req[0]; if (isset($_GET['s'])) { $s = sprintf('%d', $_GET['s']); $e = $s + $numperrun; } else { $s = 0; $e = $numperrun; } $limit = ' limit ' . $s . ', ' . $numperrun; if ($total > $numperrun && $e < $total) { $next = '<p>' . PageLink2('checkbouncerules&s=' . $e, sprintf($GLOBALS['I18N']->get('Process Next %d'), $numperrun)) . '</p>'; } else { $next = ''; } $unmatched = 0; $matched = 0; $req = Sql_Query(sprintf('select * from %s where comment != "not processed" %s', $GLOBALS['tables']['bounce'], $limit)); while ($row = Sql_Fetch_Array($req)) { $action = matchBounceRules($row['data'], $bouncerules); if ($action) { # print $row['comment']. " Match: $action<br/>"; $matched++; } else {
$count = 0; $notmatched = 0; $existmatch = 0; $rules = array(); function output($message) { print $message . "<br/>\n"; flush(); } # lets not do this unless we do some locking first $abort = ignore_user_abort(1); $process_id = getPageLock(); if (empty($process_id)) { return; } $req = Sql_Fetch_Row_query(sprintf('select count(*) from %s ', $GLOBALS['tables']['bounce'])); $total = $req[0]; if (isset($_GET['s'])) { $s = sprintf('%d', $_GET['s']); $e = $s + $numperrun; } else { $s = 0; $e = $numperrun; } $limit = ' limit ' . $s . ', ' . $numperrun; if ($total > $numperrun && $e < $total) { $next = '<p class="button">' . PageLink2('generatebouncerules&s=' . $e, $GLOBALS['I18N']->get('Process Next Batch')) . '</p>'; } else { $next = ''; } $req = Sql_query(sprintf('select * from %s %s ', $GLOBALS['tables']['bounce'], $limit));
output($GLOBALS['I18N']->get('Processed') . ' ' . $processed . ' ' . $GLOBALS['I18N']->get('out of') . ' ' . $num_users . ' ' . $GLOBALS['I18N']->get('users')); if ($num_users - $sent <= 0) { # this message is done if (!$someusers) { output($GLOBALS['I18N']->get('Hmmm, No users found to send to')); } if (!$failed_sent) { repeatMessage($messageid); $status = Sql_query(sprintf('update %s set status = "sent",sent = now() where id = %d', $GLOBALS['tables']['message'], $messageid)); if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) { $notifications = explode(',', $msgdata['notify_end']); foreach ($notifications as $notification) { sendMail($notification, $GLOBALS['I18N']->get('Message Sending has finished'), sprintf($GLOBALS['I18N']->get('phplist has finished sending the message with subject %s'), $message['subject'])); } Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,now())', $GLOBALS['tables']['messagedata'], $messageid)); } $timetaken = Sql_Fetch_Row_query("select sent,sendstart from {$tables['message']} where id = \"{$messageid}\""); output($GLOBALS['I18N']->get('It took') . ' ' . timeDiff($timetaken[0], $timetaken[1]) . ' ' . $GLOBALS['I18N']->get('to send this message')); sendMessageStats($messageid); } } else { if ($script_stage < 5) { $script_stage = 5; } } } if (!$num_messages) { $script_stage = 6; } # we are done # shutdown will take care of reporting
break; case 'all': $subselect = ''; $subselect_and = ''; break; case 'none': default: $subselect = ' where id = 0'; $subselect_and = ' and id = 0'; break; } print '<div class="actions">'; print PageLinkButton('catlists', $I18N->get('Categorise lists')); $canaddlist = false; if ($GLOBALS['require_login'] && !isSuperUser()) { $numlists = Sql_Fetch_Row_query("select count(*) from {$tables['list']} where owner = " . $_SESSION['logindetails']['id']); if ($numlists[0] < MAXLIST) { print PageLinkButton("editlist", $GLOBALS['I18N']->get('Add a list')); $canaddlist = true; } } else { print PageLinkButton('editlist', $GLOBALS['I18N']->get('Add a list')); $canaddlist = true; } print '</div>'; if (isset($_GET['delete'])) { $delete = sprintf('%d', $_GET['delete']); # delete the index in delete $actionresult = $GLOBALS['I18N']->get('Deleting') . ' ' . $GLOBALS['I18N']->get('list') . " {$delete} ..\n"; $result = Sql_query(sprintf('delete from ' . $tables['list'] . ' where id = %d %s', $delete, $subselect_and)); $done = Sql_Affected_Rows();
$desc = sprintf('RSS source: <a href="%s" target="_blank">%s</a><br/> ', $row["rssfeed"], $feed) . PageLink2("viewrss&id=" . $row["id"], "(View Items)") . '<br/>' . $desc; } $html .= sprintf('<tr><td valign=top>%d</td><td valign=top><b> %s</b><br/>%d members</td><td valign=top><input type=text name="listorder[%d]" value="%d" size=5></td> <td valign=top>%s | %s | <a href="javascript:deleteRec(\'%s\');">delete</a></td> <td valign=top><input type=checkbox name="active[%d]" value="1" %s></td> <td valign=top>%s</td></tr><tr><td> </td><td colspan=5>%s</td></tr><tr><td colspan=6><hr width=50%% size=4></td></tr>', $row["id"], $row["name"], $count[0], $row["id"], $row["listorder"], PageLink2("editlist", "edit", "id=" . $row["id"]), PageLink2("members", "view members", "id=" . $row["id"]), PageURL2("list", "", "delete=" . $row["id"]), $row["id"], $row["active"] ? "checked" : "", $GLOBALS["require_login"] ? adminName($row["owner"]) : "n/a", $desc); $some = 1; } if (!$some) { echo "No lists available, use Add to add one"; } else { echo '<table border=0><tr><td>No</td><td>Name</td><td>Order</td><td>Functions</td><td> Active</td><td>Owner</td><td>' . $html . '<tr><td colspan=6 align=center><input type=submit name="update" value="Save Changes"></td></tr></table>'; } ?> </ul> </form> <p><? if ($GLOBALS["require_login"] && !isSuperUser()) { $numlists = Sql_Fetch_Row_query("select count(*) from {$tables["list"]} where owner = ".$_SESSION["logindetails"]["id"]); if ($numlists[0] < MAXLIST) { print PageLink2("editlist","Add a list"); } } else { print PageLink2("editlist","Add a list"); }
print $subscribepagedata['footer']; // exit; // Instead of exiting here, we return 2. So in lists/index.php // We can decide, whether to show subscribe page or not. ## issue 6508 return 2; } elseif (isset($_POST['update']) && $_POST['update'] && is_email($_POST['email']) && $allthere) { $email = trim($_POST['email']); if (preg_match("/(.*)\n/U", $email, $regs)) { $email = $regs[1]; } if ($_GET['uid']) { $req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $GLOBALS['tables']['user'], $_GET['uid'])); $userid = $req[0]; } else { $req = Sql_Fetch_Row_query("select id from {$GLOBALS['tables']['user']} where email = \"" . sql_escape($_GET['email']) . '"'); $userid = $req[0]; } if (!$userid) { Fatal_Error('Error, no such user'); } # update the existing record, check whether the email has changed $req = Sql_Query("select * from {$GLOBALS['tables']['user']} where id = {$userid}"); $data = Sql_fetch_array($req); # check that the password was provided if required # we only require a password if there is one, otherwise people are blocked out # when switching to requiring passwords if (ASKFORPASSWORD && $data['password']) { # they need to be "logged in" for this if (empty($_SESSION['userloggedin'])) { Fatal_Error('Access Denied');
Sql_Query(sprintf('update %s set htmlemail = 0 where id = %d', $tables["user"], $userid)); print sprintf($GLOBALS['I18N']->get('MadeUserRText'), $userid); } if ($userid && $deleteuser) { deleteUser($userid); print sprintf($GLOBALS['I18N']->get('DelUser') . '\\n', $userid); } if ($deletebounce) { print sprintf($GLOBALS['I18N']->get('DeletingB') . '\\n', $id); Sql_query("delete from {$tables["bounce"]} where id = {$id}"); print $GLOBALS['I18N']->get('DoneAndLoading') . "<br /><hr><br />\n"; print PageLink2("bounces", $GLOBALS['I18N']->get('BackToBList')); $next = Sql_Fetch_Row_query(sprintf('select id from %s where id > %d', $tables["bounce"], $id)); $id = $next[0]; if (!$id) { $next = Sql_Fetch_Row_query(sprintf('select id from %s order by id desc limit 0,5', $tables["bounce"], $id)); $id = $next[0]; } } } $guessedemail = ''; if ($id) { $result = Sql_query("SELECT * FROM {$tables["bounce"]} where id = {$id}"); if (!Sql_Affected_Rows()) { Fatal_Error($GLOBALS['I18N']->get('NoSRecord')); } $bounce = sql_fetch_array($result); #printf( "<br /><li><a href=\"javascript:deleteRec('%s');\">Delete</a>\n",PageURL2("bounce","","delete=$id")); if (preg_match("#([\\d]+) bouncecount increased#", $bounce["comment"], $regs)) { $guessedid = $regs[1]; $emailreq = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $tables["user"], $guessedid));
function deleteItem($table, $attributeid, $delete) { global $tables, $replace; # delete the index in delete $valreq = Sql_Fetch_Row_query("select name from {$table} where id = {$delete}"); $val = $valreq[0]; # check dependencies $dependencies = array(); $result = Sql_query("select distinct userid from {$tables['user_attribute']} where\n attributeid = {$attributeid} and value = {$delete}"); while ($row = Sql_fetch_array($result)) { array_push($dependencies, $row["userid"]); } if (sizeof($dependencies) == 0) { $result = Sql_query("delete from {$table} where id = {$delete}"); } else { if ($replace) { $result = Sql_Query("update {$tables['user_attribute']} set value = {$replace} where value = {$delete}"); $result = Sql_query("delete from {$table} where id = {$delete}"); } else { print $GLOBALS["I18N"]->get("cannotdelete"); print " <b>{$val}</b><br />"; print $GLOBALS["I18N"]->get("dependentrecords") . '<p></p>'; for ($i = 0; $i < sizeof($dependencies); $i++) { print PageLink2("user", $GLOBALS["I18N"]->get("user") . " " . $dependencies[$i], "id={$dependencies[$i]}") . "<br />\n"; if ($i > 10) { print $GLOBALS['I18N']->get('TooManyToList') . "\n " . sizeof($dependencies) . "<br /><br />"; giveAlternative($table, $delete, $attributeid); return 0; } } print "</p><br />"; giveAlternative($table, $delete, $attributeid); } } return 1; }
$linkid = sprintf('%d', $linkid); $messageid = sprintf('%d', $messageid); $linkdata = Sql_Fetch_array_query(sprintf('select * from %s where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $linkid, $userid, $messageid)); if (!$linkid || $linkdata['linkid'] != $linkid || !$userid || !$messageid) { FileNotFound(); # echo 'Invalid Request'; # maybe some logging? exit; } #print "$track<br/>"; #print "User $userid, Mess $messageid, Link $linkid"; if (!isset($linkdata['firstclick'])) { Sql_query(sprintf('update %s set firstclick = now() where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $linkid, $userid, $messageid)); } Sql_query(sprintf('update %s set clicked = clicked + 1 where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $linkid, $userid, $messageid)); $viewed = Sql_Fetch_Row_query(sprintf('SELECT viewed FROM %s WHERE messageid = %d AND userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid)); if (!$viewed[0]) { Sql_Query(sprintf('update %s set viewed = now() where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid)); Sql_Query(sprintf('update %s set viewed = (viewed + 1) where id = %d', $GLOBALS['tables']['message'], $messageid)); } switch ($msgtype) { case 'H': Sql_Query(sprintf('insert into %s (linkid,userid,messageid,name,data,date) values(%d,%d,%d,"Message Type","HTML",now())', $GLOBALS['tables']['linktrack_userclick'], $linkid, $userid, $messageid)); break; case 'T': Sql_Query(sprintf('insert into %s (linkid,userid,messageid,name,data,date) values(%d,%d,%d,"Message Type","Text",now())', $GLOBALS['tables']['linktrack_userclick'], $linkid, $userid, $messageid)); break; default: Sql_Query(sprintf('insert into %s (linkid,userid,messageid,name,data,date)
function deleteItem($table, $attributeid, $delete) { global $tables; if (isset($_REQUEST['replace'])) { $replace = sprintf('%d', $_REQUEST['replace']); } else { $replace = 0; } # delete the index in delete $valreq = Sql_Fetch_Row_query("select name from {$table} where id = {$delete}"); $val = $valreq[0]; # check dependencies $dependencies = array(); $result = Sql_query("select distinct userid from {$tables['user_attribute']} where\n attributeid = {$attributeid} and value = {$delete}"); while ($row = Sql_fetch_array($result)) { array_push($dependencies, $row["userid"]); } if (sizeof($dependencies) == 0) { $result = Sql_query("delete from {$table} where id = {$delete}"); } else { if ($replace) { $result = Sql_Query("update {$tables['user_attribute']} set value = {$replace} where value = {$delete}"); $result = Sql_query("delete from {$table} where id = {$delete}"); } else { print $GLOBALS["I18N"]->get("Cannot delete"); print " <b>{$val}</b><br />"; print $GLOBALS["I18N"]->get("The following subscriber(s) are dependent on this value<br />Update the subscriber profiles to not use this attribute value and try again"); for ($i = 0; $i < sizeof($dependencies); $i++) { print PageLink2("user", $GLOBALS["I18N"]->get("user") . " " . $dependencies[$i], "id={$dependencies[$i]}") . "<br />\n"; if ($i > 10) { print $GLOBALS['I18N']->get('* Too many to list, total dependencies:') . "\n " . sizeof($dependencies) . "<br /><br />"; giveAlternative($table, $delete, $attributeid); return 0; } } print "<br />"; giveAlternative($table, $delete, $attributeid); } } return 1; }
function deleteItem($table, $attributeid, $delete) { global $tables, $replace; # delete the index in delete $valreq = Sql_Fetch_Row_query("select name from {$table} where id = {$delete}"); $val = $valreq[0]; # check dependencies $dependencies = array(); $result = Sql_query("select distinct userid from {$tables['user_attribute']} where\n attributeid = {$attributeid} and value = {$delete}"); while ($row = Sql_fetch_array($result)) { array_push($dependencies, $row["userid"]); } if (sizeof($dependencies) == 0) { $result = Sql_query("delete from {$table} where id = {$delete}"); } else { if ($replace) { $result = Sql_Query("update {$tables['user_attribute']} set value = {$replace} where value = {$delete}"); $result = Sql_query("delete from {$table} where id = {$delete}"); } else { ?> Cannot delete <b><?php echo $val; ?> </b><br /> The Following record(s) are dependent on this value<br /> Update the record(s) to not use this attribute value and try again<p> <?php for ($i = 0; $i < sizeof($dependencies); $i++) { print PageLink2("user", "User " . $dependencies[$i], "id={$dependencies[$i]}") . "<br />\n"; if ($i > 10) { print "* Too many to list, total dependencies:\n " . sizeof($dependencies) . "<br /><br />"; giveAlternative($table, $delete, $attributeid); return 0; } } print "</p><br />"; giveAlternative($table, $delete, $attributeid); } } return 1; }
print $subscribepagedata["footer"]; // exit; // Instead of exiting here, we return 2. So in lists/index.php // We can decide, whether to show subcribe page or not. ## issue 6508 return 2; } elseif (isset($_POST["update"]) && $_POST["update"] && is_email($_POST["email"]) && $allthere) { $email = trim($_POST["email"]); if (preg_match("/(.*)\n/U", $email, $regs)) { $email = $regs[1]; } if ($_GET["uid"]) { $req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', $GLOBALS["tables"]["user"], $_GET["uid"])); $userid = $req[0]; } else { $req = Sql_Fetch_Row_query("select id from {$GLOBALS["tables"]["user"]} where email = \"" . $_GET["email"] . "\""); $userid = $req[0]; } if (!$userid) { Fatal_Error("Error, no such user"); } # update the existing record, check whether the email has changed $req = Sql_Query("select * from {$GLOBALS["tables"]["user"]} where id = {$userid}"); $data = Sql_fetch_array($req); # check that the password was provided if required # we only require a password if there is one, otherwise people are blocked out # when switching to requiring passwords if (ASKFORPASSWORD && $data['password']) { # they need to be "logged in" for this if (empty($_SESSION['userloggedin'])) { Fatal_Error("Access Denied");
} else { $id = 0; } if (isset($_GET['start'])) { $start = sprintf('%d', $_GET['start']); } else { $start = 0; } $addcomparison = 0; $access = accessLevel('mviews'); #print "Access level: $access"; switch ($access) { case 'owner': $subselect = ' and owner = ' . $_SESSION["logindetails"]["id"]; if ($id) { $allow = Sql_Fetch_Row_query(sprintf('select owner from %s where id = %d %s', $GLOBALS['tables']['message'], $id, $subselect)); if ($allow[0] != $_SESSION["logindetails"]["id"]) { print $GLOBALS['I18N']->get('You do not have access to this page'); return; } } $addcomparison = 1; break; case 'all': $subselect = ''; break; case 'none': default: $subselect = ' where id = 0'; print $GLOBALS['I18N']->get('You do not have access to this page'); return;
$id = 0; } if ($GLOBALS["require_login"] && !isSuperUser()) { $access = accessLevel("list"); switch ($access) { case "owner": $subselect = " where owner = " . $_SESSION["logindetails"]["id"]; $subselect_and = " and owner = " . $_SESSION["logindetails"]["id"]; if ($id) { Sql_Query("select id from " . $tables["list"] . $subselect . " and id = {$id}"); if (!Sql_Affected_Rows()) { Fatal_Error($GLOBALS['I18N']->get('You do not have enough priviliges to view this page')); return; } } else { $numlists = Sql_Fetch_Row_query("select count(*) from {$tables['list']} {$subselect}"); if (!($numlists[0] < MAXLIST)) { Fatal_Error($GLOBALS['I18N']->get('You cannot create a new list because you have reached maximum number of lists.')); return; } } ## if the admin doesn't have full permissions, we don't allow HTML in the description if (isset($_POST["description"])) { $_POST["description"] = strip_tags($_POST["description"]); } break; case "all": $subselect = ""; $subselect_and = ""; break; case "none":