function addEmail($email, $password = "")
{
Sql_Query(sprintf('insert into user set email = "%s",
entered = now(),password = "******",
passwordchanged = now(),disabled = 0,
uniqid = "%s",htmlemail = 1
', $email, $password, getUniqid()), 1);
$id = Sql_Insert_Id();
if (is_array($_SESSION["userdata"])) {
saveUserByID($id, $_SESSION["userdata"]);
}
$_SESSION["userid"] = $id;
return $id;
}
function runtest()
{
if (empty($this->userdata['email'])) {
print $GLOBALS['I18N']->get('Test email not set ');
return 0;
}
## insert an HTML page as a message
Sql_Query(sprintf('insert into %s
(subject,fromfield,message,footer,entered,status,sendformat)
values("phplist test sendpage","test","[URL:http://www.phplist.com]","Unsubscribe link: [UNSUBSCRIBE]",current_timestamp,"test","text and HTML")', $GLOBALS['tables']['message']));
require_once dirname(__FILE__) . '/../sendemaillib2.php';
$testmsg = Sql_Insert_Id($GLOBALS['tables']['message'], 'id');
print $GLOBALS['I18N']->get('Sending HTML version to ') . $this->userdata['email'];
$suc6 = 0;
$suc6 = sendEmail($testmsg, $this->userdata['email'], $this->userdata['uniqid'], 1);
if ($suc6) {
print ' ... ' . $GLOBALS['I18N']->get('OK');
} else {
print ' ... ' . $GLOBALS['I18N']->get('Failed');
}
print '<br/>';
print $GLOBALS['I18N']->get('Sending Text version to ') . $this->userdata['email'];
$suc6 = $suc6 && sendEmail($testmsg, $this->userdata['email'], $this->userdata['uniqid'], 0);
if ($suc6) {
print ' ... ' . $GLOBALS['I18N']->get('OK');
} else {
print ' ... ' . $GLOBALS['I18N']->get('Failed');
}
print '<br/>';
if (CLICKTRACK) {
print $GLOBALS['I18N']->get('Note: Links in emails will not work, because this is a test message, which is deleted after sending') . '<br/>';
}
print $GLOBALS['I18N']->get('Check your INBOX to see if all worked ok') . '<br/>';
#deleteMessage($testmsg);
print "Message ID: {$testmsg}<br/>";
return $suc6;
}
function getPageLock() {
global $tables;
$thispage = $GLOBALS["page"];
$running_req = Sql_query("select now() - modified,id from ".$tables["sendprocess"]." where page = \"$thispage\" and alive order by started desc");
$running_res = Sql_Fetch_row($running_req);
$waited = 0;
while ($running_res[1]) { # a process is already running
output ("A process for this page is already running and it was still alive $running_res[0] seconds ago");
output ("Sleeping for 20 seconds, aborting will now quit");
$abort = ignore_user_abort(0);
sleep(20);
$waited++;
if ($waited > 10) {
# we have waited 10 cycles, abort and quit script
output("We've been waiting too long, I guess the other script is still going ok");
exit;
}
$running_req = Sql_query("select now() - modified,id from ".$tables["sendprocess"]." where page = \"$thispage\" and alive order by started desc");
$running_res = Sql_Fetch_row($running_req);
if ($running_res[0] > 1200) # some sql queries can take quite a while
# process has been inactive for too long, kill it
Sql_query("update {$tables["sendprocess"]} set alive = 0 where id = $running_res[1]");
}
$res = Sql_query('insert into '.$tables["sendprocess"].' (started,page,alive,ipaddress) values(now(),"'.$thispage.'",1,"'.getenv("REMOTE_ADDR").'")');
$send_process_id = Sql_Insert_Id();
$abort = ignore_user_abort(1);
return $send_process_id;
}
function saveUserAttribute($userid,$attid,$data) {
if ($data["nodbsave"]) {
dbg("Not saving $attid");
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving $attid");
return;
}
if (!$data["type"])
$data["type"] = "textline";
if ($data["type"] == "static" || $data["type"] == "password") {
Sql_Query(sprintf('update user set %s = "%s" where id = %d',
$attid,$data["value"],$userid));
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from attribute where id = %d',$attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from attribute where name = "%s"',$data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: ".$data["name"]);
sendError("creating new attribute ".$data["name"]);
$atttable= getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into attribute (name,type,tablename) values("%s","%s","%s")',$data["name"],$data["type"],$atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: ".$data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update attribute set tablename ="%s" where id = %d',
$atttable,$attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d',
$attid,$data["value"],$userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"',$atttable,$data["displayvalue"]),1);
if (!$curval[0]) {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")',$atttable,
$data["displayvalue"]));
sendError("Added ".$data["displayvalue"]." to $atttable");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
values(%d,%d,"%s")',$userid,$attid,$valid));
break;
default:
Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
values(%d,%d,"%s")',$userid,$attid,$data["value"]));
break;
}
return 1;
}
$count_exist++;
$user = Sql_fetch_array($result);
$userid = $user["id"];
$uniqid = $user["uniqid"];
Sql_Query(sprintf('update %s set htmlemail = %d where id = %d', $tables["user"], $_POST["markhtml"] ? "1" : "0", $userid));
} else {
// Email does not exist
$new = 1;
// Create unique number
mt_srand((double) microtime() * 1000000);
$randval = mt_rand();
$uniqid = getUniqid();
$query = sprintf('INSERT INTO %s (email,entered,confirmed,uniqid,htmlemail)
values("%s",current_timestamp,%d,"%s",%d)', $tables["user"], $importuser["email"], $_POST["notify"] != "yes", $uniqid, $_POST["markhtml"] ? "1" : "0");
$result = Sql_query($query);
$userid = Sql_Insert_Id($tables['user'], 'id');
$count_email_add++;
$some = 1;
}
if ($_POST["overwrite"] == "yes") {
if ($usetwo) {
Sql_query(sprintf('replace into %s (attributeid,userid,value) values(%d,%d,"%s")', $tables["user_attribute"], $firstname_att_id, $userid, $importuser["firstname"]));
Sql_query(sprintf('replace into %s (attributeid,userid,value) values(%d,%d,"%s")', $tables["user_attribute"], $lastname_att_id, $userid, $importuser["lastname"]));
} else {
Sql_query(sprintf('replace into %s (attributeid,userid,value) values(%d,%d,"%s")', $tables["user_attribute"], $name_att_id, $userid, $importuser["personal"]));
}
}
#add this user to the lists identified
reset($lists);
$addition = 0;
$listoflists = "";
function clickTrackLinkId($messageid, $userid, $url, $link)
{
global $cached;
if (!isset($cached['linktrack']) || !is_array($cached['linktrack'])) {
$cached['linktrack'] = array();
}
if (!isset($cached['linktracksent']) || !is_array($cached['linktracksent'])) {
$cached['linktracksent'] = array();
}
if (!isset($cached['linktrack'][$link])) {
$query = ' select id' . ' from ' . $GLOBALS['tables']['linktrack_forward'] . ' where url = ?';
$rs = Sql_Query_Params($query, array($url));
$exists = Sql_Fetch_Row($rs);
if (!$exists[0]) {
$personalise = preg_match('/uid=/', $link);
$query = ' insert into ' . $GLOBALS['tables']['linktrack_forward'] . ' (url, personalise)' . ' values' . ' (?, ?)';
Sql_Query_Params($query, array($url, $personalise));
$fwdid = Sql_Insert_Id($GLOBALS['tables']['linktrack_forward'], 'id');
} else {
$fwdid = $exists[0];
}
$cached['linktrack'][$link] = $fwdid;
} else {
$fwdid = $cached['linktrack'][$link];
}
if (!isset($cached['linktracksent'][$messageid]) || !is_array($cached['linktracksent'][$messageid])) {
$cached['linktracksent'][$messageid] = array();
}
if (!isset($cached['linktracksent'][$messageid][$fwdid])) {
$query = ' select total' . ' from ' . $GLOBALS['tables']['linktrack_ml'] . ' where messageid = ?' . ' and forwardid = ?';
$rs = Sql_Query_Params($query, array($messageid, $fwdid));
if (!Sql_Num_Rows($rs)) {
$total = 1;
## first time for this link/message
# BCD: Isn't this just an insert?
Sql_Replace($GLOBALS['tables']['linktrack_ml'], array('total' => $total, 'messageid' => $messageid, 'forwardid' => $fwdid), array('messageid', 'forwardid'));
} else {
$tot = Sql_Fetch_Row($rs);
$total = $tot[0] + 1;
Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $total, $messageid, $fwdid));
}
$cached['linktracksent'][$messageid][$fwdid] = $total;
} else {
$cached['linktracksent'][$messageid][$fwdid]++;
## write every so often, to make sure it's saved when interrupted
if ($cached['linktracksent'][$messageid][$fwdid] % 100 == 0) {
Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $cached['linktracksent'][$messageid][$fwdid], $messageid, $fwdid));
}
}
/* $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,forwardid)
values(%d,%d,"%s","%s")',$GLOBALS['tables']['linktrack'],$messageid,$userdata['id'],$url,addslashes($link)));
$req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forwardid = %d
',$GLOBALS['tables']['linktrack'],$messageid,$userid,$fwdid));*/
return $fwdid;
}
if (preg_match("/(.*)\n/U", $email, $regs)) {
$email = $regs[1];
}
$result = Sql_query("select * from {$GLOBALS["tables"]["user"]} where email = \"{$email}\"");
#"
if (isset($_POST['rssfrequency'])) {
$rssfrequency = validateRssFrequency($_POST['rssfrequency']);
} else {
$rssfrequency = '';
}
if (!Sql_affected_rows()) {
# they do not exist, so add them
$query = sprintf('insert into %s (email,entered,uniqid,confirmed,
htmlemail,subscribepage,rssfrequency) values("%s",now(),"%s",0,%d,%d,"%s")', $GLOBALS["tables"]["user"], addslashes($email), getUniqid(), $htmlemail, $id, $rssfrequency);
$result = Sql_query($query);
$userid = Sql_Insert_Id();
addSubscriberStatistics('total users', 1);
} else {
# they do exist, so update the existing record
# read the current values to compare changes
$old_data = Sql_fetch_array($result);
if (ASKFORPASSWORD && $old_data["password"]) {
if (ENCRYPTPASSWORD) {
$canlogin = md5($_POST["password"]) == $old_data["password"];
} else {
$canlogin = $_POST["password"] == $old_data["password"];
}
if (!$canlogin) {
$msg = $GLOBALS["strUserExists"];
$msg .= '<p>' . $GLOBALS["strUserExistsExplanationStart"] . sprintf('<a href="%s&email=%s">%s</a>', getConfig("preferencesurl"), $email, $GLOBALS["strUserExistsExplanationLink"]) . $GLOBALS["strUserExistsExplanationEnd"];
return;
while (list($key, $val) = each($selected)) {
$entry = readentry("data/{$val}");
list($name, $desc) = explode(":", $entry);
print "<br/><br/>" . $GLOBALS['I18N']->get('Loading') . " {$desc}<br/>\n";
$lc_name = str_replace(" ", "", strtolower(str_replace(".txt", "", $val)));
$lc_name = preg_replace("/[\\W]/", "", $lc_name);
if ($lc_name == "") {
Fatal_Error($GLOBALS['I18N']->get('Name cannot be empty:') . " {$lc_name}");
}
Sql_Query("select * from {$tables['attribute']} where tablename = \"{$lc_name}\"");
if (Sql_Affected_Rows()) {
Fatal_Error($GLOBALS['I18N']->get('Name is not unique enough'));
}
$query = sprintf('insert into %s (name,type,required,tablename) values("%s","%s",%d,"%s")', $tables["attribute"], addslashes($name), "select", 1, $lc_name);
Sql_Query($query);
$insertid = Sql_Insert_Id($tables['attribute'], 'id');
$query = "create table {$table_prefix}" . "listattr_{$lc_name} (id integer not null primary key auto_increment, name varchar(255) unique,listorder integer default 0)";
Sql_Query($query);
$fp = fopen("data/{$val}", "r");
$header = "";
while (!feof($fp)) {
$buffer = fgets($fp, 4096);
if (strpos($buffer, "#") === false) {
if (!$header) {
$header = $buffer;
} else {
if (trim($buffer) != "") {
Sql_Query(sprintf('insert into %slistattr_%s (name) values("%s")', $table_prefix, $lc_name, trim($buffer)));
}
}
}
function getPageLock($force = 0)
{
global $tables;
$thispage = $GLOBALS["page"];
if ($thispage == 'pageaction') {
$thispage = $_GET['action'];
}
# cl_output('getting pagelock '.$thispage);
# ob_end_flush();
if ($GLOBALS["commandline"] && $thispage == 'processqueue') {
if (is_object($GLOBALS['MC'])) {
## multi-send requires a valid memcached setup
$max = MAX_SENDPROCESSES;
} else {
$max = 1;
}
} else {
$max = 1;
}
## allow killing other processes
if ($force) {
Sql_Query_Params("delete from " . $tables['sendprocess'] . " where page = ?", array($thispage));
}
$query = ' select current_timestamp - modified as age, id' . ' from ' . $tables['sendprocess'] . ' where page = ?' . ' and alive > 0' . ' order by age desc';
$running_req = Sql_Query_Params($query, array($thispage));
$running_res = Sql_Fetch_Assoc($running_req);
$count = Sql_Num_Rows($running_req);
if (VERBOSE) {
cl_output($count . ' out of ' . $max . ' active processes');
}
$waited = 0;
# while ($running_res['age'] && $count >= $max) { # a process is already running
while ($count >= $max) {
# don't check age, as it may be 0
# cl_output('running process: '.$running_res['age'].' '.$max);
if ($running_res['age'] > 600) {
# some sql queries can take quite a while
#cl_output($running_res['id'].' is old '.$running_res['age']);
# process has been inactive for too long, kill it
Sql_query("update {$tables["sendprocess"]} set alive = 0 where id = " . $running_res['id']);
} elseif ((int) $count >= (int) $max) {
# cl_output (sprintf($GLOBALS['I18N']->get('A process for this page is already running and it was still alive %s seconds ago'),$running_res['age']));
output(sprintf($GLOBALS['I18N']->get('A process for this page is already running and it was still alive %s seconds ago'), $running_res['age']), 0);
sleep(1);
# to log the messages in the correct order
if ($GLOBALS["commandline"]) {
cl_output($GLOBALS['I18N']->get('Running commandline, quitting. We\'ll find out what to do in the next run.'));
exit;
}
output($GLOBALS['I18N']->get('Sleeping for 20 seconds, aborting will quit'), 0);
flush();
$abort = ignore_user_abort(0);
sleep(20);
}
$waited++;
if ($waited > 10) {
# we have waited 10 cycles, abort and quit script
output($GLOBALS['I18N']->get('We have been waiting too long, I guess the other process is still going ok'), 0);
return false;
}
$query = ' select current_timestamp - modified as age, id' . ' from ' . $tables['sendprocess'] . ' where page = ?' . ' and alive > 0' . ' order by age desc';
$running_req = Sql_Query_Params($query, array($thispage));
$running_res = Sql_Fetch_Assoc($running_req);
$count = Sql_Num_Rows($running_req);
}
$query = ' insert into ' . $tables['sendprocess'] . ' (started, page, alive, ipaddress)' . ' values' . ' (current_timestamp, ?, 1, ?)';
if (!empty($GLOBALS['commandline'])) {
$processIdentifier = SENDPROCESS_SERVERNAME . ':' . getmypid();
} else {
$processIdentifier = $_SERVER['REMOTE_ADDR'];
}
$res = Sql_Query_Params($query, array($thispage, $processIdentifier));
$send_process_id = Sql_Insert_Id($tables['sendprocess'], 'id');
$abort = ignore_user_abort(1);
# cl_output('Got pagelock '.$send_process_id );
return $send_process_id;
}
while ($item = $rss->getNextItem()) {
set_time_limit(60);
$alive = checkLock($process_id);
if ($alive)
keepLock($process_id);
else
ProcessError("Process Killed by other process");
$itemcount++;
Sql_Query(sprintf('select * from %s where title = "%s" and link = "%s"',
$tables["rssitem"],addslashes(substr($item["title"],0,100)),addslashes(substr($item["link"],0,100))));
if (!Sql_Affected_Rows()) {
$newitemcount++;
Sql_Query(sprintf('insert into %s (title,link,source,list,added)
values("%s","%s","%s",%d,now())',
$tables["rssitem"],addslashes($item["title"]),addslashes($item["link"]),addslashes($feed[0]),$feed[1]));
$itemid = Sql_Insert_Id();
foreach ($item as $key => $val) {
if ($item != "title" && $item != "link") {
Sql_Query(sprintf('insert into %s (itemid,tag,data)
values("%s","%s","%s")',
$tables["rssitem_data"],$itemid,$key,addslashes($val)));
}
}
}
}
printf('<br/>%d items, %d new items',$itemcount,$newitemcount);
$report .= sprintf('%d items, %d new items'."\n",$itemcount,$newitemcount);
$mailreport .= sprintf('-> %d items, %d new items'."\n",$itemcount,$newitemcount);
}
flush();
Sql_Query(sprintf('insert into %s (listid,type,entered,info) values(%d,"retrieval",now(),"%s")',
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!empty($tables["attribute"])) {
$att_table = $usertable_prefix . $tables["attribute"];
$user_att_table = $usertable_prefix . $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if ($data["nodbsave"]) {
dbg("Not saving {$attid}");
return;
}
if (strtolower($data) == 'invalid attribute index') {
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving {$attid}");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now() where id = %d', $userid));
}
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: " . $data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: " . $data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
case 'avatar':
if (is_array($_FILES)) {
## only avatars are files
$formfield = 'attribute' . $attid . '_file';
## the name of the fileupload element
if (!empty($_FILES[$formfield]['name'])) {
$tmpnam = $_FILES[$formfield]['tmp_name'];
move_uploaded_file($tmpnam, '/tmp/avatar' . $userid . '.jpg');
if (function_exists('resizeImageFile')) {
resizeImageFile('/tmp/avatar' . $userid . '.jpg', 250, 1);
}
$size = filesize('/tmp/avatar' . $userid . '.jpg');
# dbg('New size: '.$size);
if ($size < MAX_AVATAR_SIZE) {
$avatar = file_get_contents('/tmp/avatar' . $userid . '.jpg');
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, base64_encode($avatar)));
unlink('/tmp/avatar' . $userid . '.jpg');
}
}
}
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
<?php
## add default system template
## this should be part of the "UI theme"
print '<h2>Default system template</h2>';
$template = '<div style="margin:0; text-align:center; width:100%; background:#EEE;min-width:240px;height:100%;"><br />
<div style="width:96%;margin:0 auto; border-top:6px solid #369;border-bottom: 6px solid #369;background:#DEF;" >
<h3 style="margin-top:5px;background-color:#69C; font-weight:normal; color:#FFF; text-align:center; margin-bottom:5px; padding:10px; line-height:1.2; font-size:21px; text-transform:capitalize;">[SUBJECT]</h3>
<div style="text-align:justify;background:#FFF;padding:20px; border-top:2px solid #369;min-height:200px;font-size:13px; border-bottom:2px solid #369;">[CONTENT]<div style="clear:both"></div></div>
<div style="clear:both;background:#69C;font-weight:normal; padding:10px;color:#FFF;text-align:center;font-size:11px;margin:5px 0px">[FOOTER]<br/>[SIGNATURE]</div>
</div>
<br /></div>';
$exists = Sql_Fetch_Row_Query(sprintf('select * from %s where title = "System Template"', $GLOBALS['tables']['template']));
if ($exists[0]) {
print '<p>' . $GLOBALS['I18N']->get('The default system template already exists') . '</p>';
print '<p>' . PageLinkButton('templates', $GLOBALS['I18N']->get('Go back to templates')) . '</p>';
} else {
Sql_Query(sprintf('insert into %s (title,template,listorder) values("System Template","%s",0)', $GLOBALS['tables']['template'], addslashes($template)));
$newid = Sql_Insert_Id();
saveConfig('systemmessagetemplate', $newid);
print '<p>' . $GLOBALS['I18N']->get('The default system template has been added as template with ID') . ' ' . $newid . ' </p>';
print '<p>' . PageLinkButton('templates', $GLOBALS['I18N']->get('Go back to templates')) . '</p>';
print '<p>' . PageLinkButton('template&id=' . $newid, $GLOBALS['I18N']->get('Edit template')) . '</p>';
}
$att["value"] = $valueid[0];
}
break;
case "checkboxgroup":
$vals = explode(",", $att["displayvalue"]);
array_pop($vals);
$att["value"] = "";
foreach ($vals as $val) {
$query = sprintf('select id from %slistattr_%s where name = ?', $table_prefix, $tname[0]);
$rs = Sql_Query_Params($query, array($val));
$valueid = Sql_Fetch_Row($rs);
if (!$valueid[0]) {
$tn = $table_prefix . 'listattr_' . $tname[0];
$query = sprintf('insert into %s set name = ?', $tn);
Sql_Query_Params($query, array($val));
$att["value"] .= Sql_Insert_Id($tn, 'id') . ',';
} else {
$att["value"] .= $valueid[0] . ",";
}
}
$att["value"] = substr($att["value"], 0, -1);
break;
}
if ($att["value"]) {
Sql_Replace($tables["user_attribute"], array('attributeid' => $localattid, 'userid' => $userid, 'value' => $att['value']), array('attributeid', 'userid'));
}
}
}
}
if (is_array($userlists)) {
foreach ($userlists as $list) {
if (!empty($data['values'][$item["index"]])) {
$attribute_index = $item["record"];
$value = $data['values'][$item["index"]];
# check whether this is a textline or a selectable item
$att = Sql_Fetch_Row_Query("select type,tablename,name from " . $tables["adminattribute"] . " where id = {$attribute_index}");
switch ($att[0]) {
case "select":
case "radio":
$query = "select id from {$table_prefix}adminattr_{$att['1']} where name = ?";
$val = Sql_Query_Params($query, array($value));
# if we don't have this value add it '
if (!Sql_Num_Rows($val)) {
$tn = $table_prefix . 'adminattr_' . $att[1];
Sql_Query_Params("insert into {$tn} (name) values (?)", array($value));
Warn($GLOBALS['I18N']->get("Value") . " {$value} " . $GLOBALS['I18N']->get("added to attribute") . " {$att['2']}");
$att_value = Sql_Insert_Id($tn, 'id');
} else {
$d = Sql_Fetch_Row($val);
$att_value = $d[0];
}
break;
case "checkbox":
if ($value) {
$val = Sql_Fetch_Row_Query("select id from {$table_prefix}" . "adminattr_{$att['1']} where name = \"Checked\"");
} else {
$val = Sql_Fetch_Row_Query("select id from {$table_prefix}" . "adminattr_{$att['1']} where name = \"Unchecked\"");
}
$att_value = $val[0];
break;
default:
$att_value = $value;
$templateok = 0;
}
}
}
} else {
if (!$title) {
$actionresult .= $GLOBALS['I18N']->get('No Title') . "<br/>";
} else {
$actionresult .= $GLOBALS['I18N']->get('Template does not contain the [CONTENT] placeholder') . "<br/>";
}
$templateok = 0;
}
if ($templateok) {
if (!$id) {
Sql_Query("insert into {$tables["template"]} (title) values(\"{$title}\")");
$id = Sql_Insert_Id($tables['template'], 'id');
}
Sql_Query(sprintf('update %s set title = "%s",template = "%s" where id = %d', $tables["template"], $title, sql_escape($content), $id));
Sql_Query(sprintf('select * from %s where filename = "%s" and template = %d', $tables["templateimage"], "powerphplist.png", $id));
if (!Sql_Affected_Rows()) {
Sql_Query(sprintf('insert into %s (template,mimetype,filename,data,width,height)
values(%d,"%s","%s","%s",%d,%d)', $tables["templateimage"], $id, "image/png", "powerphplist.png", $newpoweredimage, 70, 30));
}
$actionresult .= '<p class="information">' . s('Template saved') . '</p>';
## ##17419 don't prompt for remote images that exist
$missingImages = array();
while (list($key, $val) = each($images)) {
$key = trim($key);
if (preg_match('~^https?://~i', $key)) {
$imageFound = testUrl($key);
if (!$imageFound) {
function addList($listname)
{
Sql_Query(sprintf('insert into %s (id,name,modified) values (NULL,"%s",now())', $this->tables["list"], $listname));
return Sql_Insert_Id();
}
function processImapBounce($link, $num, $header)
{
global $tables;
$headerinfo = imap_headerinfo($link, $num);
$bounceDate = @strtotime($headerinfo->date);
$body = imap_body($link, $num);
$body = decodeBody($header, $body);
$msgid = findMessageId($body);
$userid = findUserID($body);
if (VERBOSE) {
outputProcessBounce("UID" . $userid . " MSGID" . $msgid);
}
## @TODO add call to plugins to determine what to do.
# for now, quick hack to zap MsExchange Delayed messages
if (preg_match('/Action: delayed\\s+Status: 4\\.4\\.7/im', $body)) {
## just say we did something, when actually we didn't
return true;
}
Sql_Query(sprintf('insert into %s (date,header,data)
values("%s","%s","%s")', $tables["bounce"], date("Y-m-d H:i", $bounceDate), addslashes($header), addslashes($body)));
$bounceid = Sql_Insert_Id();
return processBounceData($bounceid, $msgid, $userid);
}
function repeatMessage($msgid)
{
# if (!USE_REPETITION && !USE_rss) return;
$data = loadMessageData($msgid);
## do not repeat when it has already been done
if (!empty($data['repeatedid'])) {
return;
}
# get the future embargo, either "repeat" minutes after the old embargo
# or "repeat" after this very moment to make sure that we're not sending the
# message every time running the queue when there's no embargo set.
$msgdata = Sql_Fetch_Array_Query(sprintf('select *,date_add(embargo,interval repeatinterval minute) as newembargo,
date_add(now(),interval repeatinterval minute) as newembargo2, date_add(embargo,interval repeatinterval minute) > now() as isfuture
from %s where id = %d and repeatuntil > now()', $GLOBALS["tables"]["message"], $msgid));
if (!$msgdata["id"] || !$msgdata["repeatinterval"]) {
return;
}
# copy the new message
$query = ' insert into ' . $GLOBALS['tables']['message'] . ' (entered)' . ' values' . ' (current_timestamp)';
Sql_Query($query);
$newid = Sql_Insert_Id($GLOBALS['tables']['message'], 'id');
require dirname(__FILE__) . '/structure.php';
if (!is_array($DBstruct["message"])) {
logEvent("Error including structure when trying to duplicate message {$msgid}");
return;
}
foreach ($DBstruct["message"] as $column => $rec) {
if ($column != "id" && $column != "entered" && $column != "sendstart") {
Sql_Query(sprintf('update %s set %s = "%s" where id = %d', $GLOBALS["tables"]["message"], $column, addslashes($msgdata[$column]), $newid));
}
}
$req = Sql_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['messagedata'], $msgid));
while ($row = Sql_Fetch_Array($req)) {
setMessageData($newid, $row['name'], $row['data']);
}
# check whether the new embargo is not on an exclusion
if (isset($GLOBALS["repeat_exclude"]) && is_array($GLOBALS["repeat_exclude"])) {
$repeatinterval = $msgdata["repeatinterval"];
$loopcnt = 0;
while (excludedDateForRepetition($msgdata["newembargo"])) {
$repeat += $msgdata["repeatinterval"];
$loopcnt++;
$msgdata = Sql_Fetch_Array_Query(sprintf('select *,date_add(embargo,interval %d minute) as newembargo,
date_add(current_timestamp,interval %d minute) as newembargo2, date_add(embargo,interval %d minute) > current_timestamp as isfuture
from %s where id = %d and repeatuntil > current_timestamp', $repeatinterval, $repeatinterval, $repeatinterval, $GLOBALS["tables"]["message"], $msgid));
if ($loopcnt > 15) {
logEvent("Unable to find new embargo date too many exclusions? for message {$msgid}");
return;
}
}
}
# correct some values
if (!$msgdata["isfuture"]) {
$msgdata["newembargo"] = $msgdata["newembargo2"];
}
Sql_Query(sprintf('update %s set embargo = "%s",status = "submitted",sent = "" where id = %d', $GLOBALS["tables"]["message"], $msgdata["newembargo"], $newid));
list($e['year'], $e['month'], $e['day'], $e['hour'], $e['minute'], $e['second']) = sscanf($msgdata["newembargo"], '%04d-%02d-%02d %02d:%02d:%02d');
unset($e['second']);
setMessageData($newid, 'embargo', $e);
foreach (array("processed", "astext", "ashtml", "astextandhtml", "aspdf", "astextandpdf", "viewed", "bouncecount") as $item) {
Sql_Query(sprintf('update %s set %s = 0 where id = %d', $GLOBALS["tables"]["message"], $item, $newid));
}
# lists
$req = Sql_Query(sprintf('select listid from %s where messageid = %d', $GLOBALS["tables"]["listmessage"], $msgid));
while ($row = Sql_Fetch_Row($req)) {
Sql_Query(sprintf('insert into %s (messageid,listid,entered) values(%d,%d,current_timestamp)', $GLOBALS["tables"]["listmessage"], $newid, $row[0]));
}
# attachments
$req = Sql_Query(sprintf('select * from %s,%s where %s.messageid = %d and %s.attachmentid = %s.id', $GLOBALS["tables"]["message_attachment"], $GLOBALS["tables"]["attachment"], $GLOBALS["tables"]["message_attachment"], $msgid, $GLOBALS["tables"]["message_attachment"], $GLOBALS["tables"]["attachment"]));
while ($row = Sql_Fetch_Array($req)) {
if (is_file($row["remotefile"])) {
# if the "remote file" is actually local, we want to refresh the attachment, so we set
# filename to nothing
$row["filename"] = "";
}
Sql_Query(sprintf('insert into %s (filename,remotefile,mimetype,description,size)
values("%s","%s","%s","%s",%d)', $GLOBALS["tables"]["attachment"], addslashes($row["filename"]), addslashes($row["remotefile"]), addslashes($row["mimetype"]), addslashes($row["description"]), $row["size"]));
$attid = Sql_Insert_Id($GLOBALS['tables']['attachment'], 'id');
Sql_Query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)', $GLOBALS["tables"]["message_attachment"], $newid, $attid));
}
logEvent("Message {$msgid} was successfully rescheduled as message {$newid}");
## remember we duplicated, in order to avoid doing it again (eg when requeuing)
setMessageData($msgid, 'repeatedid', $newid);
}
}
}
foreach ($lists as $list) {
$owner = listOwner($list);
if (!is_array($listowners[$owner])) {
$listowners[$owner] = array();
}
array_push($listowners[$owner], $list);
}
while (list($owner, $lists) = each($listowners)) {
$query = sprintf('insert into %s
(subject,fromfield,tofield,replyto,message,footer,status,
entered,userselection,htmlformatted,sendformat,template,owner)
values("%s","%s","%s","%s","%s","%s","submitted",now(),"%s",%d,"%s",%d,%d)', $tables["message"], addslashes($msg["subject"]), addslashes($msg["fromfield"]), addslashes($msg["tofield"]), addslashes($msg["replyto"]), addslashes($msg["message"] . "\n##LISTOWNER=" . $owner), addslashes($msg["footer"]), $msg["userselection"], $msg["htmlformatted"], $msg["sendformat"], $msg["template"], $owner);
Sql_Query($query);
$messageid = Sql_Insert_Id();
foreach ($lists as $list) {
$result = Sql_query("insert into {$tables["listmessage"]} (messageid,listid,entered) values({$messageid},{$list},now())");
}
}
$done = 1;
?>
<h3>Message Queued for sending</h3>
<?php
#echo $num
?>
<!--users apply (at the moment, independent of list membership)<p class="x">-->
<?php
} elseif ($send && !$message) {
?>
Please select a message<br/>
}
if (isset($_POST["save"])) {
if (!verifyToken()) {
print Error(s('Invalid security token, please reload the page and try again'));
return;
}
$owner = $_POST["owner"];
$title = removeXss($_POST['title']);
if (!$owner) {
$owner = $_SESSION['logindetails']['id'];
}
if ($id) {
Sql_Query(sprintf('update %s set title = "%s",owner = %d where id = %d', $tables["subscribepage"], $title, $owner, $id));
} else {
Sql_Query(sprintf('insert into %s (title,owner) values("%s",%d)', $tables["subscribepage"], $title, $owner));
$id = Sql_Insert_Id($tables['subscribepage'], 'id');
}
Sql_Query(sprintf('delete from %s where id = %d', $tables["subscribepage_data"], $id));
foreach (array("title", "language_file", "intro", "header", "footer", "thankyoupage", "button", "htmlchoice", "emaildoubleentry") as $item) {
Sql_Query(sprintf('insert into %s (name,id,data) values("%s",%d,"%s")', $tables["subscribepage_data"], $item, $id, $_POST[$item]));
}
foreach (array("subscribesubject", "subscribemessage", "confirmationsubject", "confirmationmessage", "unsubscribesubject", "unsubscribemessage") as $item) {
SaveConfig("{$item}:{$id}", stripslashes($_POST[$item]), 0);
}
## rewrite attributes
Sql_Query(sprintf('delete from %s where id = %d and name like "attribute___"', $tables["subscribepage_data"], $id));
$attributes = "";
if (isset($_POST['attr_use']) && is_array($_POST['attr_use'])) {
$cnt = 0;
while (list($att, $val) = each($_POST['attr_use'])) {
//BUGFIX 15285 - note 50677 (part 1: Attribute order) - by tipichris - mantis.phplist.com/view.php?id=15285
$before[$row["userid"]] = $row["value"];
}
$req = Sql_Query(sprintf('select * from %s where attributeid = %d',$tables["user_attribute"],$attid));
while ($row = Sql_Fetch_Array($req)) {
$second[$row["userid"]] = $row["value"];
}
*/
$valuestable = sprintf('%slistattr_%s', $table_prefix, $firstdata['tablename']);
if ($firstdata['type'] == 'checkbox' && !$cbg_initiated) {
# checkboxes are merged into a checkbox group
# set that up first
Sql_query(sprintf('create table %s
(id integer not null primary key auto_increment, name varchar(255) unique,
listorder integer default 0)', $valuestable), 1);
Sql_query(sprintf('insert into %s (name) values("%s")', $valuestable, $firstdata['name']));
$val = Sql_Insert_Id();
Sql_query(sprintf('update %s set value="%s" where attributeid = %d', $tables['user_attribute'], $val, $first));
Sql_query(sprintf('update %s set type="checkboxgroup" where id = %d', $tables['attribute'], $first));
$cbg_initiated = 1;
}
switch ($firstdata['type']) {
case 'textline':
case 'hidden':
case 'textarea':
case 'date':
Sql_query(sprintf('delete from %s where attributeid = %d and value = ""', $tables['user_attribute'], $first));
# we can just keep the data and mark it as the first attribute
Sql_query(sprintf('update ignore %s set attributeid = %d where attributeid = %d', $tables['user_attribute'], $first, $attid), 1);
# delete the ones that didn't copy across, because there was a value already
Sql_query(sprintf('delete from %s where id = %d', $tables['attribute'], $attid));
# mark forms to use the merged attribute
}
foreach ($_SESSION["import_attribute"] as $item) {
if (isset($user[$item["index"]]) && $item['record'] != 'skip') {
$attribute_index = $item["record"];
$uservalue = $user[$item["index"]];
# check whether this is a textline or a selectable item
$att = Sql_Fetch_Row_Query("select type,tablename,name from " . $tables["attribute"] . " where id = {$attribute_index}");
switch ($att[0]) {
case "select":
case "radio":
$val = Sql_Query("select id from {$table_prefix}" . "listattr_{$att['1']} where name = \"{$uservalue}\"");
# if we do not have this value add it
if (!Sql_Affected_Rows()) {
Sql_Query("insert into {$table_prefix}" . "listattr_{$att['1']} (name) values(\"{$uservalue}\")");
Warn("Value {$uservalue} added to attribute {$att['2']}");
$user_att_value = Sql_Insert_Id();
} else {
$d = Sql_Fetch_Row($val);
$user_att_value = $d[0];
}
break;
case "checkbox":
if ($uservalue && $uservalue != "off") {
$user_att_value = "on";
} else {
$user_att_value = "off";
}
break;
case "date":
$user_att_value = parseDate($uservalue);
break;
function getPageLock($force = 0)
{
global $tables;
$thispage = $GLOBALS['page'];
if ($thispage == 'pageaction') {
$thispage = $_GET['action'];
}
$thispage = preg_replace('/\\W/', '', $thispage);
# cl_output('getting pagelock '.$thispage);
# ob_end_flush();
if ($GLOBALS['commandline'] && $thispage == 'processqueue') {
if (is_object($GLOBALS['MC'])) {
## multi-send requires a valid memcached setup
$max = MAX_SENDPROCESSES;
} else {
$max = 1;
}
} else {
$max = 1;
}
## allow killing other processes
if ($force) {
Sql_query('delete from ' . $tables['sendprocess'] . ' where page = "' . sql_escape($thispage) . '"');
}
$running_req = Sql_query(sprintf('select now() - modified as age,id from %s where page = "%s" and alive order by started desc', $tables['sendprocess'], sql_escape($thispage)));
$count = Sql_Num_Rows($running_req);
$running_res = Sql_Fetch_Assoc($running_req);
$waited = 0;
# while ($running_res['age'] && $count >= $max) { # a process is already running
while ($count >= $max) {
# don't check age, as it may be 0
# cl_output('running process: '.$running_res['age'].' '.$max);
if ($running_res['age'] > 600) {
# some sql queries can take quite a while
#cl_output($running_res['id'].' is old '.$running_res['age']);
# process has been inactive for too long, kill it
Sql_query("update {$tables['sendprocess']} set alive = 0 where id = " . $running_res['id']);
} elseif ((int) $count >= (int) $max) {
# cl_output (sprintf($GLOBALS['I18N']->get('A process for this page is already running and it was still alive %s seconds ago'),$running_res['age']));
output(s('A process for this page is already running and it was still alive %d seconds ago', $running_res['age']), 0);
sleep(1);
# to log the messages in the correct order
if ($GLOBALS['commandline']) {
cl_output(s('A process for this page is already running and it was still alive %d seconds ago', $running_res['age']), 0);
cl_output($GLOBALS['I18N']->get('Running commandline, quitting. We\'ll find out what to do in the next run.'));
exit;
}
output($GLOBALS['I18N']->get('Sleeping for 20 seconds, aborting will quit'), 0);
flush();
$abort = ignore_user_abort(0);
sleep(20);
}
++$waited;
if ($waited > 10) {
# we have waited 10 cycles, abort and quit script
output($GLOBALS['I18N']->get('We have been waiting too long, I guess the other process is still going ok'), 0);
return false;
}
$running_req = Sql_query('select now() - modified,id from ' . $tables['sendprocess'] . " where page = \"{$thispage}\" and alive order by started desc");
$count = Sql_Num_Rows($running_req);
$running_res = Sql_Fetch_row($running_req);
}
if (!empty($GLOBALS['commandline'])) {
$processIdentifier = SENDPROCESS_SERVERNAME . ':' . getmypid();
} else {
$processIdentifier = $_SERVER['REMOTE_ADDR'];
}
$res = Sql_query('insert into ' . $tables['sendprocess'] . ' (started,page,alive,ipaddress) values(now(),"' . $thispage . '",1,"' . $processIdentifier . '")');
$send_process_id = Sql_Insert_Id();
$abort = ignore_user_abort(1);
# cl_output('Got pagelock '.$send_process_id );
return $send_process_id;
}
$user_att_value = Sql_Insert_Id();
} else {
$d = Sql_Fetch_Row($val);
$user_att_value = $d[0];
}
break;
case "checkboxgroup":
$values = explode(',', $uservalue);
$valueIds = array();
foreach ($values as $importValue) {
$val = Sql_Query("select id from {$table_prefix}" . "listattr_{$att['1']} where name = \"{$importValue}\"");
# if we do not have this value add it
if (!Sql_Affected_Rows()) {
Sql_Query("insert into {$table_prefix}" . "listattr_{$att['1']} (name) values(\"{$importValue}\")");
Warn("Value {$importValue} added to attribute {$att['2']}");
$valueIds[] = Sql_Insert_Id();
} else {
$d = Sql_Fetch_Row($val);
$valueIds[] = $d[0];
}
}
$user_att_value = join(',', $valueIds);
break;
case "checkbox":
$uservalue = trim($uservalue);
#print $uservalue;exit;
if (!empty($uservalue) && $uservalue != "off") {
$user_att_value = "on";
} else {
$user_att_value = "";
}
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $table_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!isset($table_prefix)) {
$table_prefix = 'phplist_';
}
if (!empty($tables["attribute"])) {
$att_table = $usertable_prefix . $tables["attribute"];
$user_att_table = $usertable_prefix . $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if (!is_array($data)) {
$tmp = $data;
$data = Sql_Fetch_Assoc_Query(sprintf('select * from %s where id = %d', $att_table, $attid));
$data['value'] = $tmp;
$data['displayvalue'] = $tmp;
}
# dbg($data,'$data to store for '.$userid.' '.$attid);
if ($data["nodbsave"]) {
# dbg($attid, "Not saving, nodbsave");
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
# dbg($attid, "Not saving, emailcheck/passwordcheck");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
if (!empty($GLOBALS['config']['dontsave_userpassword']) && $data['type'] == 'password') {
$data["value"] = 'not authoritative';
}
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
dbg('Saving', $data['value'], DBG_TRACE);
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now(),password="******" where id = %d', hash('sha256', $data['value']), $userid));
}
return 1;
}
$attributetype = $data['type'];
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if (!empty($data["name"]) && $GLOBALS["config"]["autocreate_attributes"]) {
# Dbg("Creating new Attribute: ".$data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
# dbg("Not creating new Attribute: ".$data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
if (empty($attributetype)) {
$attributetype = $attid_req[1];
}
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
if (empty($attributetype)) {
$attributetype = $attid_req[1];
}
$atttable = $attid_req[2];
}
if (!$atttable && !empty($data['name'])) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($attributetype) {
case "static":
case "password":
# dbg('SAVING STATIC OR PASSWORD');
if (!empty($GLOBALS['config']['dontsave_userpassword']) && $data['type'] == 'password') {
$data["value"] = 'not authoritative';
}
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from ' . $table_prefix . 'listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into ' . $table_prefix . 'listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
case 'avatar':
if (is_array($_FILES)) {
## only avatars are files, for now
if (!defined('MAX_AVATAR_SIZE')) {
define('MAX_AVATAR_SIZE', 100000);
}
$formfield = 'attribute' . $attid . '_file';
## the name of the fileupload element
if (!empty($_FILES[$formfield]['name']) && !empty($_FILES[$formfield]['tmp_name'])) {
$tmpnam = $_FILES[$formfield]['tmp_name'];
move_uploaded_file($tmpnam, '/tmp/avatar' . $userid . '.jpg');
$size = filesize('/tmp/avatar' . $userid . '.jpg');
# dbg('New size: '.$size);
if ($size < MAX_AVATAR_SIZE) {
$avatar = file_get_contents('/tmp/avatar' . $userid . '.jpg');
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, base64_encode($avatar)));
unlink('/tmp/avatar' . $userid . '.jpg');
}
}
}
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
if (is_file($tmpfile)) {
unlink($tmpfile);
}
# do a final check
if (filesize($GLOBALS["attachment_repository"] . "/" . $newfile)) {
print Info(s('Attachment %d succesfully added', $att_cnt));
} else {
print Info(s('Adding attachment %d failed', $att_cnt));
}
} else {
print Warn($GLOBALS['I18N']->get("Uploaded file not properly received, empty file"));
}
} elseif (!empty($_POST["localattachment" . $att_cnt])) {
$type = findMime(basename($_POST["localattachment" . $att_cnt]));
Sql_query(sprintf('insert into %s (remotefile,mimetype,description,size) values("%s","%s","%s",%d)', $tables["attachment"], $_POST["localattachment" . $att_cnt], $type, $description, filesize($_POST["localattachment" . $att_cnt])));
$attachmentid = Sql_Insert_Id($tables['attachment'], 'id');
Sql_query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)', $tables["message_attachment"], $id, $attachmentid));
print Info(s("Adding attachment") . " " . $att_cnt . " mime: {$type}");
}
}
}
## when followupto is set, go there
if (!empty($_POST['followupto']) && isValidRedirect($_POST['followupto'])) {
Header('Location: ' . $_POST['followupto']);
exit;
}
if (!empty($id) && !$send) {
if ($savedraft) {
$_SESSION['action_result'] = s("Campaign saved as draft");
Header('Location: ./?page=messages&tab=draft');
exit;
function getPageLock()
{
global $tables;
$thispage = $GLOBALS["page"];
$running_req = Sql_query("select now() - modified,id from " . $tables["sendprocess"] . " where page = \"{$thispage}\" and alive order by started desc");
$running_res = Sql_Fetch_row($running_req);
$waited = 0;
while ($running_res[1]) {
# a process is already running
if ($running_res[0] > 600) {
# some sql queries can take quite a while
# process has been inactive for too long, kill it
Sql_query("update {$tables["sendprocess"]} set alive = 0 where id = {$running_res['1']}");
} else {
output($GLOBALS['I18N']->get('A process for this page is already running and it was still alive') . ' ' . $running_res[0] . ' ' . $GLOBALS['I18N']->get('seconds ago'));
sleep(1);
# to log the messages in the correct order
if ($GLOBALS["commandline"]) {
output("Running commandline, quitting. We'll find out what to do in the next run.");
exit;
}
output($GLOBALS['I18N']->get('Sleeping for 20 seconds, aborting will quit'));
flush();
$abort = ignore_user_abort(0);
sleep(20);
}
$waited++;
if ($waited > 10) {
# we have waited 10 cycles, abort and quit script
output($GLOBALS['I18N']->get('We have been waiting too long, I guess the other process is still going ok'));
exit;
}
$running_req = Sql_query("select now() - modified,id from " . $tables["sendprocess"] . " where page = \"{$thispage}\" and alive order by started desc");
$running_res = Sql_Fetch_row($running_req);
}
$res = Sql_query('insert into ' . $tables["sendprocess"] . ' (started,page,alive,ipaddress) values(now(),"' . $thispage . '",1,"' . getenv("REMOTE_ADDR") . '")');
$send_process_id = Sql_Insert_Id();
$abort = ignore_user_abort(1);
return $send_process_id;
}
$htmlemail = 1;
} else {
$htmlemail = !empty($_POST["htmlemail"]);
}
# now check whether this user already exists.
$email = $_POST["email"];
if (preg_match("/(.*)\n/U", $email, $regs)) {
$email = $regs[1];
}
$result = Sql_query(sprintf('select * from %s where email = "%s"', $GLOBALS["tables"]["user"], sql_escape($email)));
if (!Sql_affected_rows()) {
# they do not exist, so add them
$query = sprintf('insert into %s (email,entered,uniqid,confirmed,
htmlemail,subscribepage) values("%s",current_timestamp,"%s",0,%d,%d)', $GLOBALS["tables"]["user"], sql_escape($email), getUniqid(), $htmlemail, $id);
$result = Sql_query($query);
$userid = Sql_Insert_Id($GLOBALS['tables']['user'], 'id');
addSubscriberStatistics('total users', 1);
} else {
# they do exist, so update the existing record
# read the current values to compare changes
$old_data = Sql_fetch_array($result);
if (ASKFORPASSWORD && $old_data["password"]) {
$encP = encryptPass($_POST["password"]);
$canlogin = !empty($encP) && !empty($_POST['password']) && $encP == $old_data["password"];
# print $canlogin.' '.$_POST['password'].' '.$encP.' '. $old_data["password"];
if (!$canlogin) {
$msg = '<p class="error">' . $GLOBALS["strUserExists"] . '</p>';
$msg .= '<p class="information">' . $GLOBALS["strUserExistsExplanationStart"] . sprintf('<a href="%s&email=%s">%s</a>', getConfig("preferencesurl"), $email, $GLOBALS["strUserExistsExplanationLink"]) . $GLOBALS["strUserExistsExplanationEnd"] . '</p>';
return;
}
}
$sendtest = !empty($_POST['sendtest']);
$baseurl = PageURL2($_GET['page'] . '&id=' . $id);
if (!isset($_GET['tab'])) {
$_GET['tab'] = '';
}
$_GET['tab'] = strip_tags($_GET['tab']);
if (!empty($_GET['tab'])) {
$baseurl .= '&tab=' . $_GET['tab'];
}
### if we're not working on an existing message, create one and redirect to edit it
if (!$id) {
$defaulttemplate = getConfig('defaultmessagetemplate');
$defaultfooter = getConfig('messagefooter');
Sql_Query(sprintf('insert into %s (subject, status, entered, sendformat, embargo, repeatuntil, owner, template, tofield, replyto,footer)
values("(no title)", "draft", now(), "HTML", now(), now(), %d, %d, "", "", "%s" )', $GLOBALS['tables']['message'], $_SESSION['logindetails']['id'], $defaulttemplate, sql_escape($defaultfooter)));
$id = Sql_Insert_Id();
if (isset($_GET['list'])) {
if ($_GET['list'] == 'all') {
$req = Sql_Query('select id from ' . $tables['list']);
while ($row = Sql_Fetch_Row($req)) {
$addlists[] = $row[0];
}
} else {
$addlists = explode(',', $_GET['list']);
}
$addlists = cleanArray($addlists);
foreach ($addlists as $listid) {
$query = sprintf('replace into %s (messageid,listid,entered) values(%d,%d,now())', $GLOBALS['tables']['listmessage'], $id, $listid);
Sql_Query($query);
}
}
if (!verifyToken()) {
## csrf check, should be added in more places
print Error($GLOBALS['I18N']->get('No Access'));
return;
}
if (empty($_POST["id"])) {
# Check if fields login name and email are present
if (!is_null($_POST["loginname"]) && $_POST["loginname"] !== '' && !is_null($_POST["email"]) && $_POST["email"] !== '') {
if (validateEmail($_POST["email"])) {
# new one
$result = Sql_query(sprintf('SELECT count(*) FROM %s WHERE namelc="%s" OR email="%s"', $tables["admin"], strtolower(normalize($_POST["loginname"])), strtolower(normalize($_POST["email"]))));
$totalres = Sql_fetch_Row($result);
$total = $totalres[0];
if (!$total) {
Sql_Query(sprintf('insert into %s (loginname,namelc,password,created) values("%s","%s","%s",current_timestamp)', $tables["admin"], strtolower(normalize($_POST["loginname"])), strtolower(normalize($_POST["loginname"])), encryptPass(md5(rand(0, 1000)))));
$id = Sql_Insert_Id($tables['admin'], 'id');
} else {
$id = 0;
}
} else {
## email doesn't validate
$id = 0;
}
} else {
$id = 0;
}
} else {
$id = sprintf('%d', $_POST["id"]);
}
if ($id) {
print '<div class="actionresult">';