*/
define('hcAdmin', true);
include '../loader.php';
admin_logged_in();
action_headers();
$token = isset($_GET['tkn']) ? cIn(strip_tags($_GET['tkn'])) : '';
if (!check_form_token($token)) {
go_home();
}
include HCLANG . '/admin/settings.php';
$e = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $_GET['e']) == 1 ? cIn(strip_tags($_GET['e'])) : '';
echo '
<link rel="stylesheet" type="text/css" href="' . AdminRoot . '/css/admin.css">
<style>
html, body {background:#FFFFFF;padding:5px;}
</style>';
if ($e != '') {
if (!$hc_cfg[71] == 1) {
echo '
<p>' . $hc_lang_settings['EmailTestMail'] . '</p>';
}
reMail('', $e, CalName . ' ' . $hc_lang_settings['TestSubj'], $hc_lang_settings['TestMsg'], $hc_cfg[79], $hc_cfg[78], NULL, true);
} else {
echo '
' . $hc_lang_settings['EmailTestError'] . '
<script>
//<!--
setTimeout(\'self.close()\', 3000);
//-->
</script>';
}
doQuery("DELETE FROM " . HC_TblPrefix . "subscribersgroups WHERE UserID = '" . $uID . "'");
doQuery("DELETE FROM " . HC_TblPrefix . "subscriberscategories WHERE UserID = '" . $uID . "'");
foreach ($grpID as $val) {
doQuery("INSERT INTO " . HC_TblPrefix . "subscribersgroups(UserID,GroupID) Values('" . $uID . "', '" . $val . "')");
}
foreach ($catID as $val) {
doQuery("INSERT INTO " . HC_TblPrefix . "subscriberscategories(UserID,CategoryID) Values('" . $uID . "', '" . $val . "')");
}
$result = doQuery("SELECT FirstName, GUID FROM " . HC_TblPrefix . "subscribers WHERE PkID = '" . $uID . "'");
if (hasRows($result) && $optin == 1) {
include HCLANG . '/public/news.php';
$subject = $hc_lang_news['Subject'] . ' - ' . CalName;
$message = '<p>' . $hc_lang_news['RegEmailA'] . ' <a href="' . CalRoot . '/a.php?a=' . mysql_result($result, 0, 1) . '">' . CalRoot . '/a.php?a=' . mysql_result($result, 0, 1) . '</a></p>';
$message .= '<p>' . mysql_result($result, 0, 0) . $hc_lang_news['RegEmailB'] . '</p>';
$message .= '<p>' . $hc_lang_news['RegEmailC'] . ' ' . $hc_cfg[78] . '</p>';
reMail(trim($firstname . ' ' . $lastname), $email, $subject, $message, $hc_cfg[79], $hc_cfg[78]);
}
$target = $optin == 1 ? 'submngt&msg=2' : 'subedit&uID=' . $uID . '&msg=2';
header('Location: ' . AdminRoot . '/index.php?com=' . $target);
}
}
} else {
if (isset($_GET['a']) && ($_GET['a'] = 1)) {
doQuery("DELETE sg FROM " . HC_TblPrefix . "subscribersgroups sg LEFT JOIN " . HC_TblPrefix . "subscribers s ON (s.PkID = sg.UserID) WHERE s.IsConfirm = 0");
doQuery("DELETE sc FROM " . HC_TblPrefix . "subscriberscategories sc LEFT JOIN " . HC_TblPrefix . "subscribers s ON (s.PkID = sc.UserID) WHERE s.IsConfirm = 0");
doQuery("DELETE FROM " . HC_TblPrefix . "subscribers WHERE IsConfirm = 0");
} elseif (isset($_GET['dID'])) {
$dID = cIn(strip_tags($_GET['dID']));
$result = doQuery("SELECT NewsletterID FROM " . HC_TblPrefix . "newssubscribers WHERE SubscriberID = '" . $dID . "'");
if (hasRows($result)) {
while ($row = mysql_fetch_row($result)) {
}
if (hasRows($result) && $myName != '' && $myEmail != '' && $friendName != '' && $friendEmail != '') {
$message = '<p>' . cOut($sendMsg) . '</p>';
$message .= '<p><b>' . mysql_result($result, 0, 0) . '</b><br />';
if ($tID == 0) {
$where = '/index.php?com=send&eID=';
$subject = CalName . " " . $hc_lang_sendtofriend['SubjectE'] . " " . $myName;
$message .= stampToDate(mysql_result($result, 0, 1), $hc_cfg[14]) . ' - ';
if (mysql_result($result, 0, 3) == 0) {
$message .= stampToDate("1980-01-01 " . mysql_result($result, 0, 2), $hc_cfg[23]);
} elseif (mysql_result($result, 0, 3) == 1) {
$message .= $hc_lang_sendtofriend['AllDay'];
} elseif (mysql_result($result, 0, 3) == 2) {
$message .= $hc_lang_sendtofriend['TBA'];
}
$message .= '<br /><a href="' . CalRoot . '/index.php?eID=' . $eID . '">' . CalRoot . '/index.php?eID=' . $eID . '</a></p>';
} else {
$where = '/index.php?com=send&lID=';
$subject = CalName . " " . $hc_lang_sendtofriend['SubjectL'] . " " . $myName;
$message .= buildAddress(mysql_result($result, 0, 1), mysql_result($result, 0, 2), mysql_result($result, 0, 3), mysql_result($result, 0, 4), mysql_result($result, 0, 5), mysql_result($result, 0, 6), $hc_lang_config['AddressType']);
$message .= '<br /><a href="' . CalRoot . '/index.php?com=location&lID=' . $eID . '">' . CalRoot . '/index.php?com=location&lID=' . $eID . '</a></p>';
}
$message .= '<p>' . $hc_lang_sendtofriend['From'] . '<br />' . $myName . ' (' . $myEmail . ')</p>';
$message .= '<p>' . $hc_lang_sendtofriend['AutoNotice'] . ' ' . $hc_cfg[78];
reMail($friendName, $friendEmail, $subject, $message, $myName, $myEmail);
doQuery("INSERT INTO " . HC_TblPrefix . "sendtofriend(MyName, MyEmail, RecipientName, RecipientEmail, Message, EntityID, IPAddress, SendDate, TypeID)\r\n\t\t\t\tValues('" . $myName . "', '" . $myEmail . "', '" . $friendName . "', '" . $friendEmail . "', '" . cleanSpecialChars(str_replace('<br>', '\\n', $message)) . "', '" . $eID . "',\r\n\t\t\t\t'" . cIn(strip_tags($_SERVER["REMOTE_ADDR"])) . "', '" . date("Y-m-d") . "', '" . $tID . "')");
doQuery("UPDATE " . HC_TblPrefix . "events SET EmailToFriend = EmailToFriend + 1 WHERE PkID = '" . $eID . "'");
header("Location: " . CalRoot . $where . $eID . "&msg=1");
} else {
header("Location: " . CalRoot . "/");
}
$eOver = $eLimit = 0;
if (mysql_result($result, 0, 0) > mysql_result($result, 0, 1) && mysql_result($result, 0, 1) != 0) {
$eOver = 1;
} elseif (mysql_result($result, 0, 0) == mysql_result($result, 0, 1) && mysql_result($result, 0, 1) != 0) {
$eLimit = 1;
}
$rMsg = '<p><b>' . cOut($hc_lang_rsvp['PartySize']) . " " . cOut($partySize) . '</b>';
$rMsg .= '<br />' . cOut($regName) . '<br />' . cOut($regEmail);
$rMsg .= $phone != '' ? '<br />' . $phone : '';
$rMsg .= $address != '' ? '<br />' . strip_tags(buildAddress($address, $address2, $city, $state, $zip, $country, $hc_lang_config['AddressType']), '<br>') : '';
$rMsg .= '</p>';
// RSVP User Email
$regSubj = cOut($hc_lang_rsvp['regSubject']) . $eventTitle;
$regMsg = '<p>' . cOut($hc_lang_rsvp['regMsg']) . '</p>';
$regMsg .= $eMsg . $rMsg;
$regMsg .= $eOver == 1 ? " " . cOut($hc_lang_rsvp['regOverflow']) : '';
$regMsg .= '<p>' . cOut($hc_lang_rsvp['ThankYou']) . '<br />' . $hc_cfg[79] . '</p>';
$regMsg .= '<p>' . cOut($hc_lang_rsvp['regDisclaimer']) . '</p>';
// Event Contact Email
$conSubj = cOut($hc_lang_rsvp['conSubject']) . $eventTitle;
$conMsg = '<p>' . cOut($hc_lang_rsvp['conMsg']) . '</p>';
$conMsg .= $eMsg;
$conMsg .= $eOver == 1 ? '<p>' . cOut($hc_lang_rsvp['conOverflow']) . '</p>' : '';
$conMsg .= $eLimit == 1 ? '<p>' . cOut($hc_lang_rsvp['conLimit']) . '</p>' : '';
$conMsg .= $rMsg;
$conMsg .= '<p>' . cOut($hc_lang_rsvp['ThankYou']) . '<br />' . $hc_cfg[79] . '</p>';
$conMsg .= '<p>' . cOut($hc_lang_rsvp['conDisclaimer']) . '</p>';
reMail($regName, $regEmail, $regSubj, $regMsg, $hc_cfg[79], $hc_cfg[78]);
reMail('', $conEmail, $conSubj, $conMsg, $hc_cfg[79], $hc_cfg[78]);
header("Location: " . CalRoot . "/index.php?com=rsvp&eID=" . $eID . "&msg=2");
}
$do = isset($_POST['hc_fy']) ? cIn($_POST['hc_fy']) : '';
$stop = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $email) == 1 ? 0 : 1;
$stop = is_numeric($do) ? 0 : 1;
if ($stop == 0) {
$result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "' && IsConfirm = 1");
if (hasRows($result)) {
doQuery("UPDATE " . HC_TblPrefix . "subscribers SET GUID = MD5(CONCAT(rand(UNIX_TIMESTAMP()) * (RAND()*1000000),'" . $email . "')) WHERE email = '" . $email . "'");
$result = doQuery("SELECT FirstName, LastName, GUID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "'");
$GUID = hasRows($result) ? mysql_result($result, 0, 2) : '';
if ($GUID != '') {
$link = $do == 0 ? CalRoot . '/index.php?com=signup&u=' . $GUID : CalRoot . '/index.php?com=signup&d=' . $GUID;
$doMsg = $do == 0 ? 'Edit' : 'Delete';
$subject = $hc_lang_news[$doMsg . 'Subject'] . ' - ' . CalName;
$message = '<p>' . $hc_lang_news[$doMsg . 'EmailA'] . ' <a href="' . $link . '">' . $link . '</a></p>';
$message .= '<p>' . mysql_result($result, 0, 0) . $hc_lang_news[$doMsg . 'EmailB'] . ' ' . $hc_lang_news[$doMsg . 'EmailC'] . ' ' . $hc_cfg[78] . '</p>';
reMail(trim(mysql_result($result, 0, 0) . ' ' . mysql_result($result, 0, 1)), $email, $subject, $message, $hc_cfg[79], $hc_cfg[78]);
$target = '/index.php?com=edit&msg=1';
}
}
}
header('Location: ' . CalRoot . $target);
} else {
$dID = cIn(strip_tags($_POST['dID']));
$result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE GUID = '" . $dID . "'");
if (hasRows($result)) {
$dID = mysql_result($result, 0, 0);
doQuery("DELETE FROM " . HC_TblPrefix . "subscribersgroups WHERE UserID = '" . $dID . "'");
doQuery("DELETE FROM " . HC_TblPrefix . "subscriberscategories WHERE UserID = '" . $dID . "'");
doQuery("DELETE FROM " . HC_TblPrefix . "subscribers WHERE PkID = '" . $dID . "'");
doQuery("DELETE FROM " . HC_TblPrefix . "newssubscribers WHERE SubscriberID = '" . $dID . "'");
}
if (isset($_POST['doFacebook']) && isset($_POST['facebookStatus'])) {
$fbStatusID = '';
$fbStatus = cleanQuotes($_POST['fbThis']);
$fbLink = CalRoot . "/index.php?eID=" . $eID;
include HCPATH . HCINC . '/api/facebook/StatusPost.php';
if ($fbStatusID != '') {
doQuery("INSERT INTO " . HC_TblPrefix . "eventnetwork(EventID,NetworkID,NetworkType,IsActive)\r\n\t\t\t\t\tVALUES('" . $eID . "','" . cIn($fbStatusID) . "',4,1);");
}
}
if ($sendmsg > 0 && $eventStatus != 2) {
$subject = $eventStatus == 0 ? CalName . ' ' . $hc_lang_event['EmailSubjectD'] : CalName . ' ' . $hc_lang_event['EmailSubjectA'];
$message = cOut($message);
if ($eventStatus == 1) {
$link = $sID == '' ? CalRoot . '/index.php?eID=' . $eID : CalRoot . '/index.php?com=series&sID=' . $sID;
$message = str_replace('[event]', '<a href="' . $link . '" target="_blank">' . cOut($eventTitle) . '</a>', $message);
$message = str_replace('[facebook]', '<a href="http://www.facebook.com/sharer.php?u=' . urlencode($link) . '" target="_blank"><img src="' . CalRoot . '/img/buttons/facebook.png" style="border:0px;" /></a>', $message);
$message = str_replace('[twitter]', '<a href="http://twitter.com/share?url=' . urlencode($link) . '" target="_blank"><img src="' . CalRoot . '/img/buttons/twitter.png" style="border:0px;" /></a>', $message);
} else {
$message = str_replace('[event]', '', $message);
$message = str_replace('[facebook]', '', $message);
$message = str_replace('[twitter]', '', $message);
}
reMail($subname, $subemail, $subject, $message, $hc_cfg[79], $hc_cfg[78]);
}
clearCache();
if ($apiFail == false) {
header("Location: " . AdminRoot . "/index.php?com=eventpending&msg=" . $msgID);
} else {
echo '<br /><br />' . $hc_lang_event['APIError'] . '<br /><br />';
echo '<a href="' . AdminRoot . "/index.php?com=eventpending&msg=" . $msgID . '">' . $hc_lang_event['APIErrorLink'] . '</a>';
}
/**
* Generate and send new/updated public event submission notice email to subscribed admin users.
* @since 2.2.0
* @version 2.2.0
* @param string $subName Name of event submitter
* @param string $subEmail Email address of event submitter
* @param string $adminMessage Message to admin user from event submitter
* @param integer $locID Location ID
* @param string $locName Location Name
* @param string $locAddress Location Address
* @param string $locAddress2 Location Address Extra Line
* @param string $locCity Location City
* @param string $locState Location State
* @param string $locCountry Location Country
* @param string $locZip Location Zip
* @param string $eventTitle Submitted Event Title
* @param string $eventDesc Submitted Event Description
* @param string $eventDates String describing date range
* @param integer $occurs Number of event occurrences
* @return void
*/
function notice_public_event($subName, $subEmail, $adminMessage, $locID, $locName, $locAddress, $locAddress2, $locCity, $locState, $locCountry, $locZip, $eventTitle, $eventDesc, $eventDates, $occurs)
{
global $hc_cfg, $hc_lang_config, $hc_lang_submit;
$resultE = doQuery("SELECT a.FirstName, a.LastName, a.Email\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "adminnotices n\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "admin a ON (n.AdminID = a.PkID)\r\n\t\t\t\t\t\tWHERE a.IsActive = 1 AND n.IsActive = 1 AND n.TypeID = 0");
if (hasRows($resultE)) {
$toNotice = array();
while ($row = mysql_fetch_row($resultE)) {
$toNotice[trim($row[0] . ' ' . $row[1])] = $row[2];
}
$user_level = isset($_SESSION['UserLevel']) ? cIn($_SESSION['UserLevel']) : 0;
$subject = $hc_lang_submit['NoticeSubject'] . ' - ' . CalName;
$message = '<p>' . $hc_lang_submit['NoticeEmail1'] . '</p>
<p>
<b>' . $hc_lang_submit['NoticeEmail2'] . '</b> ' . $subName . ' - ' . $subEmail . '<br />
<b>' . $hc_lang_submit['NoticeEmail5'] . '</b> ' . $hc_lang_submit['NoticeEmail5' . $user_level] . '<br />
<b>' . $hc_lang_submit['NoticeEmail3'] . '</b> ' . strip_tags($_SERVER['REMOTE_ADDR']) . '
</p>
';
$message .= $adminMessage != '' ? '<p><b>' . $hc_lang_submit['NoticeEmail4'] . '</b> ' . cOut(str_replace('<br />', ' ', strip_tags(cleanBreaks($adminMessage), '<br>'))) . '</p>' : '';
$message .= '
<p>
';
if ($locID == 0) {
$message .= $locName . ', ';
$message .= str_replace('<br />', ' ', strip_tags(buildAddress($locAddress, $locAddress2, $locCity, $locState, $locZip, $locCountry, $hc_lang_config['AddressType']), '<br>'));
} else {
$result = doQuery("SELECT Name, Address, Address2, City, State, Country, Zip FROM " . HC_TblPrefix . "locations WHERE PkID = '" . cIn($locID) . "'");
$message .= mysql_result($result, 0, 0) . ', ';
$message .= str_replace('<br />', ' ', strip_tags(buildAddress(mysql_result($result, 0, 1), mysql_result($result, 0, 2), mysql_result($result, 0, 3), mysql_result($result, 0, 4), mysql_result($result, 0, 5), mysql_result($result, 0, 6), $hc_lang_config['AddressType']), '<br>'));
}
$message .= '
</p>
<p>
<b>' . $hc_lang_submit['EventTitle'] . '</b> ' . cOut($eventTitle) . '<br />
' . ($occurs > 0 ? '<b>' . $hc_lang_submit['Occurs'] . '</b> ' . cOut($eventDates) . ' (x' . $occurs . ')<br />' : '') . '
</p>
<p>' . cOut(strip_tags($eventDesc)) . '</p>
<p><a href="' . AdminRoot . '">' . AdminRoot . '</a></p>';
reMail('', $toNotice, $subject, $message);
}
}
$eName = mysql_result($result, 0, 4);
$eEmail = mysql_result($result, 0, 5);
$filename = clean_filename(cleanQuotes(strip_tags(mysql_result($result, 0, 0))));
if (mysql_result($result, 0, 3) == 0) {
$eventTime = stampToDate("1980-01-01 " . mysql_result($result, 0, 2), $hc_cfg[23]);
} elseif (mysql_result($result, 0, 3) == 1) {
$eventTime = $hc_lang_register['AllDay'];
} elseif (mysql_result($result, 0, 3) == 2) {
$eventTime = $hc_lang_register['TBA'];
}
$rsvps = array(fetch_event_rsvp($eID, $hc_lang_register['CSVHeader']), cIn($filename) . ".csv", 'text/csv');
if (hasRows($result)) {
$subject = $hc_lang_register['RosterSubject'] . ' - ' . CalName;
$message = '<p>
' . $hc_lang_register['RosterEmailA'] . '
</p>
<p>
' . $hc_lang_register['RosterEmailC'] . ' ' . strftime($hc_cfg[24] . ' ' . $hc_cfg[23], strtotime(SYSDATE . ' ' . SYSTIME)) . '
</p>
<p>
<b>' . mysql_result($result, 0, 0) . '</b><br />' . stampToDate(mysql_result($result, 0, 1), $hc_cfg[14]) . ' - ' . $eventTime . '
<br /><a href="' . CalRoot . '/index.php?eID=' . $eID . '">' . CalRoot . '/index.php?eID=' . $eID . '</a>
</p>
<p>
<b>' . $hc_lang_register['SpacesRequested'] . '</b> ' . mysql_result($result, 0, 7) . ' ' . $hc_lang_register['Of'] . ' ' . mysql_result($result, 0, 6) . '
</p>';
reMail($eName, $eEmail, $subject, $message, $hc_cfg[79], $hc_cfg[78], $rsvps);
$target = AdminRoot . '/index.php?com=eventedit&eID=' . $eID . "&msg=6";
}
}
header("Location: " . $target);
// Moxiemanager Session Variables
$_SESSION['moxman_isauth'] = $_SESSION['AdminLoggedIn'];
$_SESSION['moxman.filesystem.rootpath'] = CalName . ' Images=../../../../uploads';
$_SESSION['moxman.filesystem.local.urlprefix'] = CalRoot;
$_SESSION['moxman.storage.path'] = '../../../../uploads';
}
doQuery("UPDATE " . HC_TblPrefix . "admin SET LoginCnt = LoginCnt + 1, PCKey = NULL, Access = '" . cIn(md5(session_id())) . "', LastLogin = NOW() WHERE PkID = '" . cIn($_SESSION['AdminPkID']) . "'");
doQuery("INSERT INTO " . HC_TblPrefix . "adminloginhistory(AdminID, IP, Client, LoginTime) Values('" . $_SESSION['AdminPkID'] . "', '" . cIn(strip_tags($_SERVER["REMOTE_ADDR"])) . "', '" . cIn(strip_tags($_SERVER["HTTP_USER_AGENT"])) . "', NOW())");
startNewSession();
header('Location: ' . AdminRoot . '/index.php?com=' . $com);
exit;
}
} else {
doQuery("INSERT INTO " . HC_TblPrefix . "adminloginhistory(AdminID,IP,Client,LoginTime,IsFail) Values('" . cIn(mysql_result($result, 0, 0)) . "','" . cIn(strip_tags($_SERVER["REMOTE_ADDR"])) . "','" . cIn(strip_tags($_SERVER["HTTP_USER_AGENT"])) . "',NOW(),1)");
}
$resultE = doQuery("SELECT a.FirstName, a.LastName, a.Email\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "adminnotices n\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "admin a ON (n.AdminID = a.PkID)\r\n\t\t\t\t\t\t\tWHERE a.IsActive = 1 AND n.IsActive = 1 AND n.TypeID = 2");
if (hasRows($resultE)) {
$toNotice = array();
while ($row = mysql_fetch_row($resultE)) {
$toNotice[trim($row[0] . ' ' . $row[1])] = $row[2];
}
$subject = $hc_lang_login['FailedSubject'];
$message = '<p>' . $hc_lang_login['FailedMsg'] . '</p>';
$message .= '<p><b>' . $hc_lang_login['Username'] . '</b> ' . $_POST['username'] . '<br /><b>' . $hc_lang_login['IP'] . '</b> ' . strip_tags($_SERVER["REMOTE_ADDR"]) . '<br /><b>' . $hc_lang_login['Time'] . '</b> ' . date("Y-m-d H:i:s ") . '<br /><b>' . $hc_lang_login['UserAgent'] . '</b> ' . strip_tags($_SERVER["HTTP_USER_AGENT"]);
$message .= $unlocked == 0 ? '<p>' . $hc_lang_login['LockNotice'] . '</p>' : '';
$message .= '<p><a href="' . AdminRoot . '/">' . AdminRoot . '/</a></p>';
reMail('', $toNotice, $subject, $message);
}
}
}
header('Location: ' . AdminRoot . '/index.php?lmsg=' . $msg);
