function cmtx_add_subscriber($name, $email, $page_id)
{
//adds new subscriber
global $cmtx_mysql_table_prefix, $cmtx_path;
//globalise variables
$ip_address = cmtx_get_ip_address();
$is_unique = false;
//initialise flag as false
while (!$is_unique) {
//while the token is not unique
$token = cmtx_get_random_key(20);
//create new token
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'")) == 0) {
//if the token does not already exist
$is_unique = true;
//the created token is unique
}
}
//insert subscriber into 'subscribers' database table
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "subscribers` (`name`, `email`, `page_id`, `token`, `to_all`, `to_admin`, `to_reply`, `is_confirmed`, `ip_address`, `dated`) VALUES ('{$name}', '{$email}', '{$page_id}', '{$token}', '1', '1', '1', '0', '{$ip_address}', NOW())");
$name = cmtx_prepare_name_for_email($name);
//prepare name for email
$email = cmtx_prepare_email_for_email($email);
//prepare email address for email
if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_confirmation.txt')) {
$subscriber_confirmation_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_confirmation.txt';
//build path to custom subscriber confirmation email file
} else {
$subscriber_confirmation_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/user/subscriber_confirmation.txt';
//build path to subscriber confirmation email file
}
$body = file_get_contents($subscriber_confirmation_email_file);
//get the file's contents
$confirmation_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url')) . "subscribers.php" . "?id=" . $token . "&confirm=1";
//build confirmation link
$page_reference = cmtx_decode(cmtx_get_page_reference());
//get the reference of the current page
$page_url = cmtx_decode(cmtx_get_page_url());
//get the URL of the current page
//convert email variables with actual variables
$body = str_ireplace('[name]', $name, $body);
$body = str_ireplace('[page reference]', $page_reference, $body);
$body = str_ireplace('[page url]', $page_url, $body);
$body = str_ireplace('[confirmation link]', $confirmation_link, $body);
$body = str_ireplace('[signature]', cmtx_setting('signature'), $body);
//send email
cmtx_email($email, $name, cmtx_setting('subscriber_confirmation_subject'), $body, cmtx_setting('subscriber_confirmation_from_email'), cmtx_setting('subscriber_confirmation_from_name'), cmtx_setting('subscriber_confirmation_reply_to'));
}
?>
<div class="warning"><?php
echo CMTX_MSG_DEMO;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if (isset($_POST['submit'])) {
cmtx_check_csrf_form_key();
$username = $_POST['username'];
$password = md5($_POST['password_1']);
$email = $_POST['email'];
$is_unique = false;
while (!$is_unique) {
$cookie_key = cmtx_get_random_key(20);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `cookie_key` = '{$cookie_key}'")) == 0) {
$is_unique = true;
}
}
$username = cmtx_sanitize($username);
$password = cmtx_sanitize($password);
$email = cmtx_sanitize($email);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username}'"))) {
?>
<div class="error"><?php
echo CMTX_MSG_ADMIN_EXISTS;
?>
</div>
<div style="clear: left;"></div>
<?php
if (isset($_POST['email'])) {
if (cmtx_setting('is_demo')) {
echo '<span class="negative">' . CMTX_RESET_DEMO . '</span><p />';
} else {
$email = cmtx_sanitize($_POST['email']);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'"))) {
$admin_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'");
$admin_result = cmtx_db_fetch_assoc($admin_query);
$resets = $admin_result['resets'];
if ($resets >= 5) {
echo '<span class="negative">' . CMTX_RESET_LIMIT . '</span><p />';
} else {
$resets++;
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `resets` = '{$resets}' WHERE `email` = '{$email}'");
$username = $admin_result['username'];
$password = cmtx_get_random_key(10);
if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt')) {
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt';
//build path to custom reset password email file
} else {
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/reset_password.txt';
//build path to reset password email file
}
$body = file_get_contents($reset_password_email_file);
//get the file's contents
$admin_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url') . cmtx_setting('admin_folder')) . '/';
//build admin panel link
//convert email variables with actual variables
$body = str_ireplace('[username]', $username, $body);
$body = str_ireplace('[password]', $password, $body);
$body = str_ireplace('[admin link]', $admin_link, $body);
}
?>
<?php
//get the security key and add to form as hidden input
?>
<input type="hidden" name="cmtx_security_key" value="<?php
echo cmtx_setting('security_key');
?>
"/>
<?php
//add a random token to help prevent refresh and back-button submission
?>
<input type="hidden" name="cmtx_resubmit_key" value="<?php
echo cmtx_get_random_key(20);
?>
"/>
<?php
if (cmtx_setting('check_honeypot')) {
//a normal input, hidden by CSS, which should never contain a value
?>
<input type="text" name="cmtx_honeypot" value="" style="display:none;" autocomplete="off"/>
<?php
}
?>
<?php
if (cmtx_setting('check_time')) {
//get the time and add to form as hidden input
?>
<div class="warning"><?php
echo CMTX_MSG_DEMO;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if (isset($_POST['submit'])) {
cmtx_check_csrf_form_key();
$name = $_POST['name'];
$email = $_POST['email'];
$page_id = $_POST['page_id'];
$is_unique = FALSE;
while (!$is_unique) {
$token = cmtx_get_random_key(20);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'")) == 0) {
$is_unique = TRUE;
}
}
$name = cmtx_sanitize($name);
$email = cmtx_sanitize($email);
$page_id = cmtx_sanitize($page_id);
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "subscribers` (`name`, `email`, `page_id`, `token`, `to_all`, `to_admin`, `to_reply`, `is_confirmed`, `dated`) VALUES ('{$name}', '{$email}', '{$page_id}', '{$token}', '1', '1', '1', '1', NOW());");
?>
<div class="success"><?php
echo CMTX_MSG_SUB_ADDED;
?>
</div>
<div style="clear: left;"></div>
<?php
if (function_exists('system') && is_callable('system')) {
?>
<?php
if (isset($_POST['submit']) && cmtx_setting('is_demo')) {
?>
<div class="warning"><?php
echo CMTX_MSG_DEMO;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if (isset($_POST['submit'])) {
cmtx_check_csrf_form_key();
$backup_file = "backups/" . cmtx_get_random_key(20) . ".sql";
if (!empty($cmtx_mysql_port)) {
$cmtx_mysql_host .= ":" . $cmtx_mysql_port;
}
$command = cmtx_setting('mysqldump_path') . "mysqldump --host={$cmtx_mysql_host} --user={$cmtx_mysql_username} --password={$cmtx_mysql_password} {$cmtx_mysql_database} > {$backup_file}";
system($command);
?>
<div class="success"><?php
echo CMTX_MSG_BACKUP_CREATED;
?>
</div>
<div style="clear: left;"></div>
<?php
}
}
?>
