function isSuperUser() { ## for now mark webbler admins superuser if (defined('WEBBLER') || defined('IN_WEBBLER')) { return 1; } global $tables; $issuperuser = 0; # if (!isset($_SESSION["adminloggedin"])) return 0; # if (!is_array($_SESSION["logindetails"])) return 0; if (isset($_SESSION["logindetails"]["superuser"])) { return $_SESSION["logindetails"]["superuser"]; } if (isset($_SESSION["logindetails"]["id"])) { if (is_object($GLOBALS["admin_auth"])) { $issuperuser = $GLOBALS["admin_auth"]->isSuperUser($_SESSION["logindetails"]["id"]); } else { $query = ' select superuser ' . ' from %s' . ' where id = ?'; $query = sprintf($query, $tables['admin']); $req = Sql_Query_Params($query, array($_SESSION['logindetails']['id'])); $req = Sql_Fetch_Row($req); $issuperuser = $req[0]; } $_SESSION["logindetails"]["superuser"] = $issuperuser; } return $issuperuser; }
function get_template_image($templateid, $filename) { if (basename($filename) == 'powerphplist.png') { $templateid = 0; } $query = ' select data' . ' from ' . $GLOBALS['tables']['templateimage'] . ' where template = ?' . ' and (filename = ? or filename= ?)'; $rs = Sql_Query_Params($query, array($templateid, $filename, basename($filename))); $req = Sql_Fetch_Row($rs); return $req[0]; }
# this message is done if (!$someusers) { output($GLOBALS['I18N']->get('Hmmm, No users found to send to'), 1, 'progress'); } if (!$failed_sent) { repeatMessage($messageid); $status = Sql_query(sprintf('update %s set status = "sent",sent = current_timestamp where id = %d', $GLOBALS['tables']['message'], $messageid)); if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) { $notifications = explode(',', $msgdata['notify_end']); foreach ($notifications as $notification) { sendMail($notification, $GLOBALS['I18N']->get('Message campaign finished'), sprintf($GLOBALS['I18N']->get('phpList has finished sending the campaign with subject %s'), $msgdata['subject']) . "\n\n" . sprintf($GLOBALS['I18N']->get('to view the results of this campaign, go to http://%s'), getConfig('website') . $GLOBALS['adminpages'] . '/?page=statsoverview&id=' . $messageid)); } Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,current_timestamp)', $GLOBALS['tables']['messagedata'], $messageid)); } $query = " select sent, sendstart" . " from {$tables['message']}" . " where id = ?"; $rs = Sql_Query_Params($query, array($messageid)); $timetaken = Sql_Fetch_Row($rs); output($GLOBALS['I18N']->get('It took') . ' ' . timeDiff($timetaken[0], $timetaken[1]) . ' ' . $GLOBALS['I18N']->get('to send this message')); sendMessageStats($messageid); } ## flush cached message track stats to the DB if (isset($GLOBALS['cached']['linktracksent'])) { flushClicktrackCache(); # we're done with $messageid, so get rid of the cache unset($GLOBALS['cached']['linktracksent'][$messageid]); } } else { if ($script_stage < 5) { $script_stage = 5; } }
if (isset($_GET['start'])) { $start = sprintf('%d', $_GET['start']); } else { $start = 0; } $offset = $start; $baseurl = "bounces&start={$start}"; if ($total > MAX_USER_PP) { $limit = MAX_USER_PP; $paging = simplePaging("bounces", $start, $total, MAX_USER_PP, $status . ' ' . $GLOBALS['I18N']->get('bounces')); $query = sprintf("select * from %s where status {$status_compare} ? order by date desc limit {$limit} offset {$offset}", $tables['bounce']); $result = Sql_Query_Params($query, array('unidentified bounce')); } else { $paging = ''; $query = sprintf('select * from %s where status ' . $status_compare . ' ? order by date desc', $tables['bounce']); $result = Sql_Query_Params($query, array('unidentified bounce')); } print '<div class="actions">'; print PageLinkButton('listbounces', $GLOBALS['I18N']->get('view bounces by list')); $buttons = new ButtonGroup(new Button(PageURL2("bounces"), 'delete')); $buttons->addButton(new ConfirmButton($GLOBALS['I18N']->get('are you sure you want to delete all unidentified bounces older than 2 months') . "?", PageURL2("{$baseurl}&action=deleteunidentified"), $GLOBALS['I18N']->get('delete all unidentified (> 2 months old)'))); $buttons->addButton(new ConfirmButton($GLOBALS['I18N']->get('are you sure you want to delete all bounces older than 2 months') . "?", PageURL2("{$baseurl}&action=deleteprocessed"), $GLOBALS['I18N']->get('delete all processed (> 2 months old)'))); $buttons->addButton(new ConfirmButton($GLOBALS['I18N']->get('are you sure you want to delete all bounces') . "?", PageURL2("{$baseurl}&action=deleteall"), $GLOBALS['I18N']->get('Delete all'))); if (ALLOW_DELETEBOUNCE) { print $buttons->show(); } print $tabs->display(); print '</div>'; if (!Sql_Num_Rows($result)) { switch ($status) { case 'unidentified':
function unsubscribePage($id) { global $tables; $email = ''; $userid = 0; $msg = ''; ## for unsubscribe, don't validate host $GLOBALS["check_for_host"] = 0; $res = '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>' . "\n"; $res .= $GLOBALS['pagedata']["header"]; if (isset($_GET["uid"])) { $query = sprintf('select id,email,blacklisted from %s where uniqid = ?', $tables['user']); $req = Sql_Query_Params($query, array($_GET['uid'])); $userdata = Sql_Fetch_Array($req); $email = $userdata["email"]; $userid = $userdata['id']; $isBlackListed = $userdata['blacklisted'] != "0"; $blacklistRequest = false; //invariant } else { if (isset($_REQUEST['email'])) { $email = $_REQUEST['email']; } if (!validateEmail($email)) { $email = ''; } #0013076: Blacklisting posibility for unknown users # Set flag for blacklisting $blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend'; # only proceed when user has confirm the form if ($blacklistRequest && is_email($email)) { $_POST["unsubscribe"] = 1; $_POST["unsubscribereason"] = s('Forwarded receiver requested blacklist'); } } if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) { $_POST["unsubscribe"] = 1; $_REQUEST["email"] = $email; if (!empty($_GET['jo'])) { $blacklistRequest = true; $_POST["unsubscribereason"] = s('"Jump off" used by subscriber, reason not requested'); } else { $_POST["unsubscribereason"] = s('"Jump off" set, reason not requested'); } } foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { # print $pluginname.'<br/>'; if ($plugin->unsubscribePage($email)) { return; } } if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) { ## all conditions met, do the unsubscribe #0013076: Blacklisting posibility for unknown users // It would be better to do this above, where the email is set for the other cases. // But to prevent vulnerabilities let's keep it here for now. [bas] if (!$blacklistRequest) { $query = ' select id, email' . ' from ' . $tables['user'] . ' where email = ?'; $rs = Sql_Query_Params($query, array($email)); $query = Sql_Fetch_Row($rs); $userid = $query[0]; $email = $query[1]; } if (!$userid) { #0013076: Blacklisting posibility for unknown users if ($blacklistRequest && !empty($email)) { addUserToBlacklist($email, $_POST['unsubscribereason']); addSubscriberStatistics('blacklist', 1); $res .= '<h3>' . $GLOBALS["strUnsubscribedNoConfirm"] . "</h3>"; } else { $res .= $GLOBALS["strNoListsFound"]; #'Error: '.$GLOBALS["strUserNotFound"]; logEvent("Request to unsubscribe non-existent user: "******" * " . $GLOBALS["strAllMailinglists"] . "\n"; # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}"); $unsubscribemessage = str_replace("[LISTS]", $lists, getUserConfig("unsubscribemessage:{$id}", $userid)); sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true); $reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given"; sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}", $subscriptions); addSubscriberStatistics('unsubscription', 1); } if ($userid) { $res .= '<h3>' . $GLOBALS["strUnsubscribeDone"] . "</h3>"; } #0013076: Blacklisting posibility for unknown users //if ($blacklistRequest) { //$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>"; //} $res .= $GLOBALS["PoweredBy"] . '</p>'; $res .= $GLOBALS['pagedata']["footer"]; return $res; } elseif (isset($_POST["unsubscribe"]) && !is_email($email) && !empty($email)) { $msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>"; } $res .= '<h3>' . $GLOBALS["strUnsubscribeInfo"] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />'; if (!isset($_POST['email']) || empty($email)) { $res .= '<p>' . $GLOBALS["strEnterEmail"] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>'; } else { $res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS["strEmail"] . ': ' . $email . '</p>'; } if (!$email) { $res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>'; $res .= $GLOBALS["PoweredBy"]; $res .= $GLOBALS['pagedata']["footer"]; return $res; } $query = ' select l.id as listid, u.uniqid as userhash, u.password as password' . ' from %s as l, %s as lu, %s as u' . ' where l.id = lu.listid' . ' and u.id = lu.userid' . ' and u.email = ?'; $query = sprintf($query, $tables['list'], $tables['listuser'], $tables['user']); $rs = Sql_Query_Params($query, array($email)); $current = Sql_Fetch_Array($rs); $some = $current["listid"]; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current["userhash"]; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS["strUnsubscribeFinalInfo"]; $pref_url = getConfig("preferencesurl"); $sep = strpos($pref_url, '?') !== false ? '&' : '?'; $finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { #0013076: Blacklisting posibility for unknown users if (!$blacklistRequest) { $res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>"; } $res .= '<p><input type=submit value="' . $GLOBALS["strUnsubscribe"] . '">'; } else { if ($blacklistRequest) { $res .= $GLOBALS["strExplainBlacklist"]; } elseif (!UNSUBSCRIBE_JUMPOFF) { list($r, $c) = explode(",", getConfig("textarea_dimensions")); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS["strUnsubscribeRequestForReason"]; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext; } $res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>'; } $res .= '</form>'; $res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>'; $res .= $GLOBALS['pagedata']["footer"]; return $res; }
$_POST['prefix'] = ''; $categories = listCategories(); if (isset($_POST['category']) && in_array($_POST['category'], $categories)) { $category = $_POST['category']; } else { $category = ''; } if ($id) { $query = ' update %s' . ' set name = ?, description = ?, active = ?,' . ' listorder = ?, prefix = ?, owner = ?, category = ?' . ' where id = ?'; $query = sprintf($query, $GLOBALS['tables']['list']); $result = Sql_Query_Params($query, array($_POST['listname'], $_POST['description'], $_POST['active'], $_POST['listorder'], $_POST['prefix'], $_POST['owner'], $category, $id)); } else { $query = ' insert into %s' . ' (name, description, entered, listorder, owner, prefix, active, category)' . ' values' . ' (?, ?, current_timestamp, ?, ?, ?, ?, ?)'; $query = sprintf($query, $GLOBALS['tables']['list']); # print $query; $result = Sql_Query_Params($query, array($_POST['listname'], $_POST['description'], $_POST['listorder'], $_POST['owner'], $_POST['prefix'], $_POST['active'], $category)); } if (!$id) { $id = Sql_Insert_Id($GLOBALS['tables']['list'], 'id'); $_SESSION['action_result'] = s('New list added') . ": {$id}"; $_SESSION['newlistid'] = $id; } else { $_SESSION['action_result'] = s('Changes saved'); } ## allow plugins to save their fields foreach ($GLOBALS['plugins'] as $plugin) { $result = $result && $plugin->processEditList($id); } print '<div class="actionresult">' . $_SESSION['action_result'] . '</div>'; if ($_GET['page'] == 'editlist') { print '<div class="actions">' . PageLinkButton('importsimple&list=' . $id, s('Add some subscribers')) . '</div>';
function getUserConfig($item, $userid = 0) { global $default_config, $tables, $domain, $website; $hasconf = Sql_Table_Exists($tables["config"]); $value = ''; if ($hasconf) { $query = 'select value,editable from ' . $tables['config'] . ' where item = ?'; $req = Sql_Query_Params($query, array($item)); if (!Sql_Num_Rows($req)) { if (array_key_exists($item, $default_config)) { $value = $default_config[$item]['value']; } } else { $row = Sql_fetch_Row($req); $value = $row[0]; if ($row[1] == 0) { $GLOBALS['noteditableconfig'][] = $item; } } } # if this is a subpage item, and no value was found get the global one if (!$value && strpos($item, ":") !== false) { list($a, $b) = explode(":", $item); $value = getUserConfig($a, $userid); } if ($userid) { $query = 'select uniqid, email from ' . $tables['user'] . ' where id = ?'; $rs = Sql_Query_Params($query, array($userid)); $user_req = Sql_Fetch_Row($rs); $uniqid = $user_req[0]; $email = $user_req[1]; # parse for placeholders # do some backwards compatibility: # hmm, reverted back to old system $url = getConfig("unsubscribeurl"); $sep = strpos($url, '?') !== false ? '&' : '?'; $value = str_ireplace('[UNSUBSCRIBEURL]', $url . $sep . 'uid=' . $uniqid, $value); $url = getConfig("confirmationurl"); $sep = strpos($url, '?') !== false ? '&' : '?'; $value = str_ireplace('[CONFIRMATIONURL]', $url . $sep . 'uid=' . $uniqid, $value); $url = getConfig("preferencesurl"); $sep = strpos($url, '?') !== false ? '&' : '?'; $value = str_ireplace('[PREFERENCESURL]', $url . $sep . 'uid=' . $uniqid, $value); $value = str_ireplace('[EMAIL]', $email, $value); $value = parsePlaceHolders($value, getUserAttributeValues($email)); } $value = str_ireplace('[SUBSCRIBEURL]', getConfig("subscribeurl"), $value); $value = preg_replace('/\\[DOMAIN\\]/i', $domain, $value); #@ID Should be done only in one place. Combine getConfig and this one? $value = preg_replace('/\\[WEBSITE\\]/i', $website, $value); if ($value == "0") { $value = "false"; } elseif ($value == "1") { $value = "true"; } return $value; }
= ' select *' . ' from ' . $tables['list'] . $subselect . ' order by listorder '.$limit; $result = Sql_query($query); */ } while ($row = Sql_fetch_array($result)) { ## we only consider confirmed and not blacklisted subscribers members of a list ## we assume "confirmed" to be 1 or 0, so that the sum gives the total confirmed ## could be incorrect, as 1000 is also "true" but will be ok (saves a few queries) ## same with blacklisted, but we're disregarding that for now, because blacklisted subscribers should not ## be on the list at all. ## @@TODO increase accuracy, without adding loads of queries. $query = ' select count(u.id) as total,' . ' sum(u.confirmed) as confirmed, ' . ' sum(u.blacklisted) as blacklisted ' . ' from ' . $tables['listuser'] . ' lu, ' . $tables['user'] . ' u where u.id = lu.userid and listid = ? '; $req = Sql_Query_Params($query, array($row["id"])); $membercount = Sql_Fetch_Assoc($req); $members = $membercount['confirmed']; $unconfirmedMembers = (int) ($membercount['total'] - $members); $desc = stripslashes($row['description']); if ($unconfirmedMembers > 0) { $membersDisplay = '<span class="memberCount">' . $members . '</span> <span class="unconfirmedCount">(' . $unconfirmedMembers . ')</span>'; } else { $membersDisplay = '<span class="memberCount">' . $members . '</span>'; } //## allow plugins to add columns // @@@ TODO review this //foreach ($GLOBALS['plugins'] as $plugin) { //$desc = $plugin->displayLists($row) . $desc; //} $element = '<!-- ' . $row['id'] . '-->' . stripslashes($row['name']);
while ($list = Sql_Fetch_Assoc($lists)) { $selectOtherlist->addButton(new Button(PageUrl2('listbounces') . '&id=' . $list['id'], htmlspecialchars($list['name']))); } print $selectOtherlist->show(); if ($total) { print PageLinkButton('listbounces&type=dl&id=' . $listid, 'Download emails'); } print '<p>' . s('%d bounces to list %s', $total, listName($listid)) . "</p>"; $start = empty($_GET['start']) ? 0 : sprintf('%d', $_GET['start']); if ($total > $numpp && !$download) { # print Paging2('listbounces&id='.$listid,$total,$numpp,'Page'); # $listing = sprintf($GLOBALS['I18N']->get("Listing %s to %s"),$s,$s+$numpp); $limit = "limit {$start}," . $numpp; print simplePaging('listbounces&id=' . $listid, $start, $total, $numpp); $query .= $limit; $req = Sql_Query_Params($query, array($listid)); } if ($download) { ob_end_clean(); Header("Content-type: text/plain"); $filename = 'Bounces on ' . listName($listid); header("Content-disposition: attachment; filename=\"{$filename}\""); } $ls = new WebblerListing($GLOBALS['I18N']->get('Bounces on') . ' ' . listName($listid)); $ls->noShader(); while ($row = Sql_Fetch_Array($req)) { $userdata = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], $row['userid'])); if ($download) { print $userdata['email'] . "\n"; } $ls->addElement($row['userid'], PageUrl2('user&id=' . $row['userid']));
reset($import_attribute); foreach ($import_attribute as $item) { if (!empty($data['values'][$item["index"]])) { $attribute_index = $item["record"]; $value = $data['values'][$item["index"]]; # check whether this is a textline or a selectable item $att = Sql_Fetch_Row_Query("select type,tablename,name from " . $tables["adminattribute"] . " where id = {$attribute_index}"); switch ($att[0]) { case "select": case "radio": $query = "select id from {$table_prefix}adminattr_{$att['1']} where name = ?"; $val = Sql_Query_Params($query, array($value)); # if we don't have this value add it ' if (!Sql_Num_Rows($val)) { $tn = $table_prefix . 'adminattr_' . $att[1]; Sql_Query_Params("insert into {$tn} (name) values (?)", array($value)); Warn($GLOBALS['I18N']->get("Value") . " {$value} " . $GLOBALS['I18N']->get("added to attribute") . " {$att['2']}"); $att_value = Sql_Insert_Id($tn, 'id'); } else { $d = Sql_Fetch_Row($val); $att_value = $d[0]; } break; case "checkbox": if ($value) { $val = Sql_Fetch_Row_Query("select id from {$table_prefix}" . "adminattr_{$att['1']} where name = \"Checked\""); } else { $val = Sql_Fetch_Row_Query("select id from {$table_prefix}" . "adminattr_{$att['1']} where name = \"Unchecked\""); } $att_value = $val[0]; break;
# add public newsletter list $info = s("Sign up to our newsletter"); $stmt = ' insert into ' . $tables['list'] . ' (name, description, entered, active, owner)' . ' values' . ' (?, ?, current_timestamp, ?, ?)'; $result = Sql_Query_Params($stmt, array('newsletter', $info, '1', '1')); ## add the admin to the lists Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 1, $userid)); Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 2, $userid)); $uri = $_SERVER['REQUEST_URI']; $uri = str_replace('?' . $_SERVER['QUERY_STRING'], '', $uri); $body = ' Version: ' . VERSION . "\r\n" . ' Url: ' . $_SERVER['SERVER_NAME'] . $uri . "\r\n"; printf('<p class="information">' . $GLOBALS['I18N']->get('Success') . ': <a class="button" href="mailto:info@phplist.com?subject=Successful installation of phplist&body=%s">' . $GLOBALS['I18N']->get('Tell us about it') . '</a>. </p>', $body); printf('<p class="information"> ' . $GLOBALS['I18N']->get("Please make sure to read the file README.security that can be found in the zip file.") . '</p>'); printf('<p class="information">' . $GLOBALS['I18N']->get("Please make sure to") . '<a href="http://announce.hosted.phplist.com"> ' . $GLOBALS['I18N']->get("subscribe to the announcements list") . "</a> " . $GLOBALS['I18N']->get("to make sure you are updated when new versions come out. Sometimes security bugs are found which make it important to upgrade. Traffic on the list is very low.") . ' </p>'); if (ENCRYPT_ADMIN_PASSWORDS && !empty($adminid)) { print sendAdminPasswordToken($adminid); } # make sure the 0 template has the powered by image $query = ' insert into %s' . ' (template, mimetype, filename, data, width, height)' . ' values (0, ?, ?, ?, ?, ?)'; $query = sprintf($query, $GLOBALS["tables"]["templateimage"]); Sql_Query_Params($query, array('image/png', 'powerphplist.png', $newpoweredimage, 70, 30)); print '<p>' . $GLOBALS['I18N']->get("Continue with") . " " . PageLinkButton("setup", $GLOBALS['I18N']->get("phpList Setup")) . "</p>"; unset($_SESSION['hasI18Ntable']); ## load language files # this is too slow $GLOBALS['I18N']->initFSTranslations(); } else { print '<div class="initialiseOptions"><ul><li>' . s("Maybe you want to") . " " . PageLinkButton("upgrade", s("Upgrade")) . ' ' . s("instead?") . '</li> <li>' . PageLinkButton("initialise", s("Force Initialisation"), "force=yes") . ' ' . s("(will erase all data!)") . ' ' . "</li></ul></div>\n"; }
$query = ' insert into ' . $GLOBALS['tables']['linktrack_uml_click'] . ' (firstclick, forwardid, messageid, userid)' . ' values' . ' (current_timestamp, ?, ?, ?)'; Sql_Query_Params($query, array($fwdid, $messageid, $userid)); } $query = sprintf('update %s set clicked = clicked + 1, latestclick = current_timestamp where forwardid = ? and messageid = ? and userid = ?', $GLOBALS['tables']['linktrack_uml_click']); Sql_Query_Params($query, array($fwdid, $messageid, $userid)); if ($msgtype == 'H') { $query = sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = ? and messageid = ? and userid = ?', $GLOBALS['tables']['linktrack_uml_click']); Sql_Query_Params($query, array($fwdid, $messageid, $userid)); } elseif ($msgtype == 'T') { $query = sprintf('update %s set textclicked = textclicked + 1 where forwardid = ? and messageid = ? and userid = ?', $GLOBALS['tables']['linktrack_uml_click']); Sql_Query_Params($query, array($fwdid, $messageid, $userid)); } $url = $linkdata['url']; if ($linkdata['personalise']) { $query = sprintf('select uniqid from %s where id = ?', $GLOBALS['tables']['user']); $rs = Sql_Query_Params($query, array($userid)); $uid = Sql_Fetch_Row($rs); if ($uid[0]) { if (strpos($url, '?')) { $url .= '&uid=' . $uid[0]; } else { $url .= '?uid=' . $uid[0]; } } } #print "$url<br/>"; if (!isset($_SESSION['entrypoint'])) { $_SESSION['entrypoint'] = $url; } if (!empty($messagedata['google_track'])) { ## take off existing tracking code, if found
# check for latest version $checkinterval = sprintf('%d', getConfig("check_new_version")); if (!isset($checkinterval)) { $checkinterval = 7; } $showUpdateAvail = !empty($_GET['showupdate']); ## just to check the design $thisversion = VERSION; $thisversion = preg_replace("/[^\\.\\d]/", "", $thisversion); $latestversion = getConfig('updateavailable'); $showUpdateAvail = $showUpdateAvail || !empty($latestversion) && !versionCompare($thisversion, $latestversion); if (!$showUpdateAvail && $checkinterval) { $query = ' select date_add(value, interval %d day) < current_timestamp as needscheck' . ' from %s' . ' where item = ?'; ##https://mantis.phplist.com/view.php?id=16815 $query = sprintf($query, $checkinterval, $tables["config"]); $req = Sql_Query_Params($query, array('updatelastcheck')); $needscheck = Sql_Fetch_Row($req); if ($needscheck[0] != "0") { @ini_set("user_agent", NAME . " (phplist version " . VERSION . ")"); @ini_set("default_socket_timeout", 5); if ($fp = @fopen("https://www.phplist.com/files/LATESTVERSION", "r")) { $latestversion = fgets($fp); $latestversion = preg_replace("/[^\\.\\d]/", "", $latestversion); @fclose($fp); if (!versionCompare($thisversion, $latestversion)) { ## remember this, so we can remind about the update, without the need to check the phplist site $values = array('item' => "updateavailable", 'value' => $latestversion, 'editable' => '0'); Sql_Replace($tables['config'], $values, 'item', false); $showUpdateAvail = true; } }
case 550: $action = 'blacklistuseranddeletebounce'; break; default: $action = 'unconfirmuseranddeletebounce'; break; } $query = ' insert into %s' . ' (regex, action, comment, status)' . ' values' . ' (?, ?, ?, ?)'; $query = sprintf($query, $GLOBALS['tables']['bounceregex']); Sql_Query_Params($query, array(trim($rule), $action, 'Auto Created from bounce ' . $row['id'] . "\n line: " . $line, 'candidate')); $regexid = Sql_Insert_Id($GLOBALS['tables']['bounceregex'], 'id'); if ($regexid) { # most likely duplicate entry if no value $query = ' insert into %s' . ' (regex, bounce)' . ' values' . ' (?, ?)'; $query = sprintf($query, $GLOBALS['tables']['bounceregex_bounce']); Sql_Query_Params($query, array($regexid, $row['id'])); } else { # print matchedBounceRule($row['data']); print $GLOBALS['I18N']->get('Hmm, duplicate entry, ') . ' ' . $row['id'] . " {$code} {$rule}<br/>"; } } } } } if (!$bouncematched) { $notmatched++; } } print '<ul>'; print '<li>' . sizeof($rules) . ' ' . $GLOBALS['I18N']->get('new rules found') . '</li>'; print '<li>' . $notmatched . ' ' . $GLOBALS['I18N']->get('bounces not matched') . '</li>';
$plugin->processError('Send test capped from ' . sizeof($emailaddresses) . ' to ' . SENDTEST_MAX); } $limited = array_chunk($emailaddresses, SENDTEST_MAX); $emailaddresses = $limited[0]; $sendtestresult .= s("There is a maximum of %d test emails allowed", SENDTEST_MAX) . "<br/>"; } } # var_dump($emailaddresses);#exit; foreach ($emailaddresses as $address) { $address = trim($address); if (empty($address)) { continue; } $query = ' select id, email, uniqid, htmlemail, confirmed' . ' from %s' . ' where email = ?'; $query = sprintf($query, $tables['user']); $result = Sql_Query_Params($query, array($address)); //Leftover from the preplugin era if ($user = Sql_fetch_array($result)) { if (FORWARD_ALTERNATIVE_CONTENT && $_GET['tab'] == 'Forward') { if (SEND_ONE_TESTMAIL) { $success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail'], array(), array($address)); } else { $success = sendEmail($id, $address, $user["uniqid"], 1, array(), array($address)) && sendEmail($id, $address, $user["uniqid"], 0, array(), array($address)); } } else { if (SEND_ONE_TESTMAIL) { $success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail']); } else { $success = sendEmail($id, $address, $user["uniqid"], 1) && sendEmail($id, $address, $user["uniqid"], 0); } }
if ($minor < 11 || $minor == 11 && $sub < 5) { Sql_Query(sprintf('alter table %s add column category varchar(255) default ""', $tables['list'])); Sql_Query(sprintf('alter table %s add column requeueinterval integer default 0', $tables['message'])); Sql_Query(sprintf('alter table %s add column requeueuntil datetime', $tables['message'])); } if ($minor < 11 || $minor == 11 && $sub < 7) { Sql_Create_Table($tables["admin_password_request"], $DBstruct["admin_password_request"], 1); Sql_Create_Table($tables["admintoken"], $DBstruct["admintoken"], 1); Sql_Create_Table($tables["i18n"], $DBstruct["i18n"], 1); unset($_SESSION['hasI18Ntable']); $req = Sql_Query(sprintf('select loginname,password from %s where length(password) < %d', $GLOBALS['tables']['admin'], $GLOBALS['hash_length'])); while ($row = Sql_Fetch_Assoc($req)) { $encryptedPassDB = hash(ENCRYPTION_ALGO, $row['password']); $query = "update %s set password = '******' where loginname = ?"; $query = sprintf($query, $GLOBALS['tables']['admin'], $encryptedPassDB); Sql_Query_Params($query, array($row['loginname'])); } # Sql_Create_Table($tables["gchartcache"],$DBstruct["gchartcache"],1); ## really need this? } break; } ## add index on bounces, but ignore the error Sql_Query("create index statusindex on {$tables["user_attribute"]} (status(10))", 1); Sql_Query("create index message_lookup using btree on {$tables["user_message_bounce"]} (message)", 1); ## add index to i18n to avoid duplicate translations ## alter ignore doesn't seem to work on InnoDB: http://bugs.mysql.com/bug.php?id=40344 # convert to MyIsam first @@Mysql Specific code ! Sql_Query('alter table ' . $tables["i18n"] . ' engine MyIsam', 1); Sql_Query('alter ignore table ' . $tables["i18n"] . ' add unique lanorigunq (lan(10),original(200))', 1); ## mantis issue 9001, make sure that the "repeat" column in the messages table is renamed to repeatinterval # to avoid a name clash with Mysql 5.
if (isset($_GET['start'])) { $start = sprintf('%d', $_GET['start']); $limit = ' limit ' . $start . ', 10'; } $addcomparison = 0; $access = accessLevel('statsoverview'); $ownership = ''; $subselect = ''; $paging = ''; #print "Access Level: $access"; switch ($access) { case 'owner': $ownership = sprintf(' and owner = %d ', $_SESSION['logindetails']['id']); if ($id) { $query = sprintf('select owner from %s where id = ? and owner = ?', $GLOBALS['tables']['message']); $rs = Sql_Query_Params($query, array($id, $_SESSION['logindetails']['id'])); $allow = Sql_Fetch_Row($rs); if ($allow[0] != $_SESSION["logindetails"]["id"]) { print $GLOBALS['I18N']->get('You do not have access to this page'); return; } } $addcomparison = 1; break; case 'all': break; case 'none': default: $ownership = ' and msg.id = 0'; print $GLOBALS['I18N']->get('You do not have access to this page'); return;
} else { $att["value"] = $valueid[0]; } break; case "checkboxgroup": $vals = explode(",", $att["displayvalue"]); array_pop($vals); $att["value"] = ""; foreach ($vals as $val) { $query = sprintf('select id from %slistattr_%s where name = ?', $table_prefix, $tname[0]); $rs = Sql_Query_Params($query, array($val)); $valueid = Sql_Fetch_Row($rs); if (!$valueid[0]) { $tn = $table_prefix . 'listattr_' . $tname[0]; $query = sprintf('insert into %s set name = ?', $tn); Sql_Query_Params($query, array($val)); $att["value"] .= Sql_Insert_Id($tn, 'id') . ','; } else { $att["value"] .= $valueid[0] . ","; } } $att["value"] = substr($att["value"], 0, -1); break; } if ($att["value"]) { Sql_Replace($tables["user_attribute"], array('attributeid' => $localattid, 'userid' => $userid, 'value' => $att['value']), array('attributeid', 'userid')); } } } } if (is_array($userlists)) {
function addSubscriberStatistics($item = '', $amount, $list = 0) { switch (STATS_INTERVAL) { case 'monthly': # mark everything as the first day of the month $time = mktime(0, 0, 0, date('m'), 1, date('Y')); break; case 'weekly': # mark everything for the first sunday of the week $time = mktime(0, 0, 0, date('m'), date('d') - date('w'), date('Y')); break; case 'daily': $time = mktime(0, 0, 0, date('m'), date('d'), date('Y')); break; } $query = ' update ' . $GLOBALS['tables']['userstats'] . ' set value = value + ?' . ' where unixdate = ?' . ' and item = ?' . ' and listid = ?'; Sql_Query_Params($query, array($amount, $time, $item, $list)); $done = Sql_Affected_Rows(); if (!$done) { $query = ' insert into ' . $GLOBALS['tables']['userstats'] . ' (value, unixdate, item, listid)' . ' values' . ' (?, ?, ?, ?)'; Sql_Query_Params($query, array($amount, $time, $item, $list)); } }
$offset = $start; $paging = ''; if ($total > MAX_USER_PP) { if ($start > 0) { $listing = sprintf(s("Listing subscriber %d to %d", $start, $start + MAX_USER_PP)); $limit = "limit {$start}," . MAX_USER_PP; } else { $listing = s("Listing subscriber 1 to 50"); $limit = "limit 0,50"; } $paging = simplePaging("members&{$pagingKeep}&id=" . $id, $start, $total, MAX_USER_PP, $GLOBALS['I18N']->get('subscribers')); } $query = ' select u.*' . " from %s lu" . " join %s u" . ' on lu.userid = u.id' . ' where lu.listid = ?' . ' and ' . $confirmedSelection . ' order by confirmed desc, email' . ' limit ' . MAX_USER_PP . ' offset ' . $offset; // TODO Consider using a subselect. select user where uid in select uid from list $query = sprintf($query, $tables['listuser'], $tables['user']); $result = Sql_Query_Params($query, array($id)); $tabs = new WebblerTabs(); $tabs->addTab(s("confirmed"), PageUrl2("members&id=" . $id), 'confirmed'); $tabs->addTab(s("unconfirmed"), PageUrl2("members&tab=unconfirmed&id=" . $id), 'unconfirmed'); if (!empty($_GET['tab'])) { $tabs->setCurrent($_GET["tab"]); } else { $_GET['tab'] = 'confirmed'; $tabs->setCurrent('confirmed'); } print $tabs->display(); print "<p>" . s('%d subscribers', $total) . '</p>'; print formStart(' name="users" class="membersProcess" '); printf('<input type="hidden" name="id" value="%d" />', $id); ?>
function clickTrackLinkId($messageid, $userid, $url, $link) { global $cached; if (!isset($cached['linktrack']) || !is_array($cached['linktrack'])) { $cached['linktrack'] = array(); } if (!isset($cached['linktracksent']) || !is_array($cached['linktracksent'])) { $cached['linktracksent'] = array(); } if (!isset($cached['linktrack'][$link])) { $query = ' select id' . ' from ' . $GLOBALS['tables']['linktrack_forward'] . ' where url = ?'; $rs = Sql_Query_Params($query, array($url)); $exists = Sql_Fetch_Row($rs); if (!$exists[0]) { $personalise = preg_match('/uid=/', $link); $query = ' insert into ' . $GLOBALS['tables']['linktrack_forward'] . ' (url, personalise)' . ' values' . ' (?, ?)'; Sql_Query_Params($query, array($url, $personalise)); $fwdid = Sql_Insert_Id($GLOBALS['tables']['linktrack_forward'], 'id'); } else { $fwdid = $exists[0]; } $cached['linktrack'][$link] = $fwdid; } else { $fwdid = $cached['linktrack'][$link]; } if (!isset($cached['linktracksent'][$messageid]) || !is_array($cached['linktracksent'][$messageid])) { $cached['linktracksent'][$messageid] = array(); } if (!isset($cached['linktracksent'][$messageid][$fwdid])) { $query = ' select total' . ' from ' . $GLOBALS['tables']['linktrack_ml'] . ' where messageid = ?' . ' and forwardid = ?'; $rs = Sql_Query_Params($query, array($messageid, $fwdid)); if (!Sql_Num_Rows($rs)) { $total = 1; ## first time for this link/message # BCD: Isn't this just an insert? Sql_Replace($GLOBALS['tables']['linktrack_ml'], array('total' => $total, 'messageid' => $messageid, 'forwardid' => $fwdid), array('messageid', 'forwardid')); } else { $tot = Sql_Fetch_Row($rs); $total = $tot[0] + 1; Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $total, $messageid, $fwdid)); } $cached['linktracksent'][$messageid][$fwdid] = $total; } else { $cached['linktracksent'][$messageid][$fwdid]++; ## write every so often, to make sure it's saved when interrupted if ($cached['linktracksent'][$messageid][$fwdid] % 100 == 0) { Sql_Query(sprintf('update %s set total = %d where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $cached['linktracksent'][$messageid][$fwdid], $messageid, $fwdid)); } } /* $req = Sql_Query(sprintf('insert ignore into %s (messageid,userid,forwardid) values(%d,%d,"%s","%s")',$GLOBALS['tables']['linktrack'],$messageid,$userdata['id'],$url,addslashes($link))); $req = Sql_Fetch_Row_Query(sprintf('select linkid from %s where messageid = %s and userid = %d and forwardid = %d ',$GLOBALS['tables']['linktrack'],$messageid,$userid,$fwdid));*/ return $fwdid; }
<?php @ob_end_clean(); $id = sprintf('%d', $_GET['id']); if (!$id) { return ''; } /* $message = Sql_Fetch_Assoc_Query(sprintf('select * from %s where id = %d',$GLOBALS['tables']['message'],$id)); if ($message['id'] != $id) return ''; $messagedata = loadMessageData($id); $totalsent = $message['astext'] + $message['ashtml'] + $message['astextandhtml'] + $message['aspdf'] + $message['astextandpdf']; */ $status = ''; #$status = 'select count(userid) as num,status from '.$GLOBALS['tables']['usermessage'].' where messageid = '.$id.' group by status<br/>'; $req = Sql_Query_Params('select count(userid) as num,status from ' . $GLOBALS['tables']['usermessage'] . ' where messageid = ? group by status', array($id)); while ($row = Sql_Fetch_Assoc($req)) { if (!empty($row['num'])) { $status .= $row['status'] . ' ' . $row['num'] . '<br/>'; } } #$status = $totalsent;