*/ define('hcAdmin', true); include '../loader.php'; admin_logged_in(); action_headers(); $token = isset($_GET['tkn']) ? cIn(strip_tags($_GET['tkn'])) : ''; if (!check_form_token($token)) { go_home(); } include HCLANG . '/admin/settings.php'; $e = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $_GET['e']) == 1 ? cIn(strip_tags($_GET['e'])) : ''; echo ' <link rel="stylesheet" type="text/css" href="' . AdminRoot . '/css/admin.css"> <style> html, body {background:#FFFFFF;padding:5px;} </style>'; if ($e != '') { if (!$hc_cfg[71] == 1) { echo ' <p>' . $hc_lang_settings['EmailTestMail'] . '</p>'; } reMail('', $e, CalName . ' ' . $hc_lang_settings['TestSubj'], $hc_lang_settings['TestMsg'], $hc_cfg[79], $hc_cfg[78], NULL, true); } else { echo ' ' . $hc_lang_settings['EmailTestError'] . ' <script> //<!-- setTimeout(\'self.close()\', 3000); //--> </script>'; }
doQuery("DELETE FROM " . HC_TblPrefix . "subscribersgroups WHERE UserID = '" . $uID . "'"); doQuery("DELETE FROM " . HC_TblPrefix . "subscriberscategories WHERE UserID = '" . $uID . "'"); foreach ($grpID as $val) { doQuery("INSERT INTO " . HC_TblPrefix . "subscribersgroups(UserID,GroupID) Values('" . $uID . "', '" . $val . "')"); } foreach ($catID as $val) { doQuery("INSERT INTO " . HC_TblPrefix . "subscriberscategories(UserID,CategoryID) Values('" . $uID . "', '" . $val . "')"); } $result = doQuery("SELECT FirstName, GUID FROM " . HC_TblPrefix . "subscribers WHERE PkID = '" . $uID . "'"); if (hasRows($result) && $optin == 1) { include HCLANG . '/public/news.php'; $subject = $hc_lang_news['Subject'] . ' - ' . CalName; $message = '<p>' . $hc_lang_news['RegEmailA'] . ' <a href="' . CalRoot . '/a.php?a=' . mysql_result($result, 0, 1) . '">' . CalRoot . '/a.php?a=' . mysql_result($result, 0, 1) . '</a></p>'; $message .= '<p>' . mysql_result($result, 0, 0) . $hc_lang_news['RegEmailB'] . '</p>'; $message .= '<p>' . $hc_lang_news['RegEmailC'] . ' ' . $hc_cfg[78] . '</p>'; reMail(trim($firstname . ' ' . $lastname), $email, $subject, $message, $hc_cfg[79], $hc_cfg[78]); } $target = $optin == 1 ? 'submngt&msg=2' : 'subedit&uID=' . $uID . '&msg=2'; header('Location: ' . AdminRoot . '/index.php?com=' . $target); } } } else { if (isset($_GET['a']) && ($_GET['a'] = 1)) { doQuery("DELETE sg FROM " . HC_TblPrefix . "subscribersgroups sg LEFT JOIN " . HC_TblPrefix . "subscribers s ON (s.PkID = sg.UserID) WHERE s.IsConfirm = 0"); doQuery("DELETE sc FROM " . HC_TblPrefix . "subscriberscategories sc LEFT JOIN " . HC_TblPrefix . "subscribers s ON (s.PkID = sc.UserID) WHERE s.IsConfirm = 0"); doQuery("DELETE FROM " . HC_TblPrefix . "subscribers WHERE IsConfirm = 0"); } elseif (isset($_GET['dID'])) { $dID = cIn(strip_tags($_GET['dID'])); $result = doQuery("SELECT NewsletterID FROM " . HC_TblPrefix . "newssubscribers WHERE SubscriberID = '" . $dID . "'"); if (hasRows($result)) { while ($row = mysql_fetch_row($result)) {
} if (hasRows($result) && $myName != '' && $myEmail != '' && $friendName != '' && $friendEmail != '') { $message = '<p>' . cOut($sendMsg) . '</p>'; $message .= '<p><b>' . mysql_result($result, 0, 0) . '</b><br />'; if ($tID == 0) { $where = '/index.php?com=send&eID='; $subject = CalName . " " . $hc_lang_sendtofriend['SubjectE'] . " " . $myName; $message .= stampToDate(mysql_result($result, 0, 1), $hc_cfg[14]) . ' - '; if (mysql_result($result, 0, 3) == 0) { $message .= stampToDate("1980-01-01 " . mysql_result($result, 0, 2), $hc_cfg[23]); } elseif (mysql_result($result, 0, 3) == 1) { $message .= $hc_lang_sendtofriend['AllDay']; } elseif (mysql_result($result, 0, 3) == 2) { $message .= $hc_lang_sendtofriend['TBA']; } $message .= '<br /><a href="' . CalRoot . '/index.php?eID=' . $eID . '">' . CalRoot . '/index.php?eID=' . $eID . '</a></p>'; } else { $where = '/index.php?com=send&lID='; $subject = CalName . " " . $hc_lang_sendtofriend['SubjectL'] . " " . $myName; $message .= buildAddress(mysql_result($result, 0, 1), mysql_result($result, 0, 2), mysql_result($result, 0, 3), mysql_result($result, 0, 4), mysql_result($result, 0, 5), mysql_result($result, 0, 6), $hc_lang_config['AddressType']); $message .= '<br /><a href="' . CalRoot . '/index.php?com=location&lID=' . $eID . '">' . CalRoot . '/index.php?com=location&lID=' . $eID . '</a></p>'; } $message .= '<p>' . $hc_lang_sendtofriend['From'] . '<br />' . $myName . ' (' . $myEmail . ')</p>'; $message .= '<p>' . $hc_lang_sendtofriend['AutoNotice'] . ' ' . $hc_cfg[78]; reMail($friendName, $friendEmail, $subject, $message, $myName, $myEmail); doQuery("INSERT INTO " . HC_TblPrefix . "sendtofriend(MyName, MyEmail, RecipientName, RecipientEmail, Message, EntityID, IPAddress, SendDate, TypeID)\r\n\t\t\t\tValues('" . $myName . "', '" . $myEmail . "', '" . $friendName . "', '" . $friendEmail . "', '" . cleanSpecialChars(str_replace('<br>', '\\n', $message)) . "', '" . $eID . "',\r\n\t\t\t\t'" . cIn(strip_tags($_SERVER["REMOTE_ADDR"])) . "', '" . date("Y-m-d") . "', '" . $tID . "')"); doQuery("UPDATE " . HC_TblPrefix . "events SET EmailToFriend = EmailToFriend + 1 WHERE PkID = '" . $eID . "'"); header("Location: " . CalRoot . $where . $eID . "&msg=1"); } else { header("Location: " . CalRoot . "/"); }
$eOver = $eLimit = 0; if (mysql_result($result, 0, 0) > mysql_result($result, 0, 1) && mysql_result($result, 0, 1) != 0) { $eOver = 1; } elseif (mysql_result($result, 0, 0) == mysql_result($result, 0, 1) && mysql_result($result, 0, 1) != 0) { $eLimit = 1; } $rMsg = '<p><b>' . cOut($hc_lang_rsvp['PartySize']) . " " . cOut($partySize) . '</b>'; $rMsg .= '<br />' . cOut($regName) . '<br />' . cOut($regEmail); $rMsg .= $phone != '' ? '<br />' . $phone : ''; $rMsg .= $address != '' ? '<br />' . strip_tags(buildAddress($address, $address2, $city, $state, $zip, $country, $hc_lang_config['AddressType']), '<br>') : ''; $rMsg .= '</p>'; // RSVP User Email $regSubj = cOut($hc_lang_rsvp['regSubject']) . $eventTitle; $regMsg = '<p>' . cOut($hc_lang_rsvp['regMsg']) . '</p>'; $regMsg .= $eMsg . $rMsg; $regMsg .= $eOver == 1 ? " " . cOut($hc_lang_rsvp['regOverflow']) : ''; $regMsg .= '<p>' . cOut($hc_lang_rsvp['ThankYou']) . '<br />' . $hc_cfg[79] . '</p>'; $regMsg .= '<p>' . cOut($hc_lang_rsvp['regDisclaimer']) . '</p>'; // Event Contact Email $conSubj = cOut($hc_lang_rsvp['conSubject']) . $eventTitle; $conMsg = '<p>' . cOut($hc_lang_rsvp['conMsg']) . '</p>'; $conMsg .= $eMsg; $conMsg .= $eOver == 1 ? '<p>' . cOut($hc_lang_rsvp['conOverflow']) . '</p>' : ''; $conMsg .= $eLimit == 1 ? '<p>' . cOut($hc_lang_rsvp['conLimit']) . '</p>' : ''; $conMsg .= $rMsg; $conMsg .= '<p>' . cOut($hc_lang_rsvp['ThankYou']) . '<br />' . $hc_cfg[79] . '</p>'; $conMsg .= '<p>' . cOut($hc_lang_rsvp['conDisclaimer']) . '</p>'; reMail($regName, $regEmail, $regSubj, $regMsg, $hc_cfg[79], $hc_cfg[78]); reMail('', $conEmail, $conSubj, $conMsg, $hc_cfg[79], $hc_cfg[78]); header("Location: " . CalRoot . "/index.php?com=rsvp&eID=" . $eID . "&msg=2"); }
$do = isset($_POST['hc_fy']) ? cIn($_POST['hc_fy']) : ''; $stop = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $email) == 1 ? 0 : 1; $stop = is_numeric($do) ? 0 : 1; if ($stop == 0) { $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "' && IsConfirm = 1"); if (hasRows($result)) { doQuery("UPDATE " . HC_TblPrefix . "subscribers SET GUID = MD5(CONCAT(rand(UNIX_TIMESTAMP()) * (RAND()*1000000),'" . $email . "')) WHERE email = '" . $email . "'"); $result = doQuery("SELECT FirstName, LastName, GUID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "'"); $GUID = hasRows($result) ? mysql_result($result, 0, 2) : ''; if ($GUID != '') { $link = $do == 0 ? CalRoot . '/index.php?com=signup&u=' . $GUID : CalRoot . '/index.php?com=signup&d=' . $GUID; $doMsg = $do == 0 ? 'Edit' : 'Delete'; $subject = $hc_lang_news[$doMsg . 'Subject'] . ' - ' . CalName; $message = '<p>' . $hc_lang_news[$doMsg . 'EmailA'] . ' <a href="' . $link . '">' . $link . '</a></p>'; $message .= '<p>' . mysql_result($result, 0, 0) . $hc_lang_news[$doMsg . 'EmailB'] . ' ' . $hc_lang_news[$doMsg . 'EmailC'] . ' ' . $hc_cfg[78] . '</p>'; reMail(trim(mysql_result($result, 0, 0) . ' ' . mysql_result($result, 0, 1)), $email, $subject, $message, $hc_cfg[79], $hc_cfg[78]); $target = '/index.php?com=edit&msg=1'; } } } header('Location: ' . CalRoot . $target); } else { $dID = cIn(strip_tags($_POST['dID'])); $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE GUID = '" . $dID . "'"); if (hasRows($result)) { $dID = mysql_result($result, 0, 0); doQuery("DELETE FROM " . HC_TblPrefix . "subscribersgroups WHERE UserID = '" . $dID . "'"); doQuery("DELETE FROM " . HC_TblPrefix . "subscriberscategories WHERE UserID = '" . $dID . "'"); doQuery("DELETE FROM " . HC_TblPrefix . "subscribers WHERE PkID = '" . $dID . "'"); doQuery("DELETE FROM " . HC_TblPrefix . "newssubscribers WHERE SubscriberID = '" . $dID . "'"); }
if (isset($_POST['doFacebook']) && isset($_POST['facebookStatus'])) { $fbStatusID = ''; $fbStatus = cleanQuotes($_POST['fbThis']); $fbLink = CalRoot . "/index.php?eID=" . $eID; include HCPATH . HCINC . '/api/facebook/StatusPost.php'; if ($fbStatusID != '') { doQuery("INSERT INTO " . HC_TblPrefix . "eventnetwork(EventID,NetworkID,NetworkType,IsActive)\r\n\t\t\t\t\tVALUES('" . $eID . "','" . cIn($fbStatusID) . "',4,1);"); } } if ($sendmsg > 0 && $eventStatus != 2) { $subject = $eventStatus == 0 ? CalName . ' ' . $hc_lang_event['EmailSubjectD'] : CalName . ' ' . $hc_lang_event['EmailSubjectA']; $message = cOut($message); if ($eventStatus == 1) { $link = $sID == '' ? CalRoot . '/index.php?eID=' . $eID : CalRoot . '/index.php?com=series&sID=' . $sID; $message = str_replace('[event]', '<a href="' . $link . '" target="_blank">' . cOut($eventTitle) . '</a>', $message); $message = str_replace('[facebook]', '<a href="http://www.facebook.com/sharer.php?u=' . urlencode($link) . '" target="_blank"><img src="' . CalRoot . '/img/buttons/facebook.png" style="border:0px;" /></a>', $message); $message = str_replace('[twitter]', '<a href="http://twitter.com/share?url=' . urlencode($link) . '" target="_blank"><img src="' . CalRoot . '/img/buttons/twitter.png" style="border:0px;" /></a>', $message); } else { $message = str_replace('[event]', '', $message); $message = str_replace('[facebook]', '', $message); $message = str_replace('[twitter]', '', $message); } reMail($subname, $subemail, $subject, $message, $hc_cfg[79], $hc_cfg[78]); } clearCache(); if ($apiFail == false) { header("Location: " . AdminRoot . "/index.php?com=eventpending&msg=" . $msgID); } else { echo '<br /><br />' . $hc_lang_event['APIError'] . '<br /><br />'; echo '<a href="' . AdminRoot . "/index.php?com=eventpending&msg=" . $msgID . '">' . $hc_lang_event['APIErrorLink'] . '</a>'; }
/** * Generate and send new/updated public event submission notice email to subscribed admin users. * @since 2.2.0 * @version 2.2.0 * @param string $subName Name of event submitter * @param string $subEmail Email address of event submitter * @param string $adminMessage Message to admin user from event submitter * @param integer $locID Location ID * @param string $locName Location Name * @param string $locAddress Location Address * @param string $locAddress2 Location Address Extra Line * @param string $locCity Location City * @param string $locState Location State * @param string $locCountry Location Country * @param string $locZip Location Zip * @param string $eventTitle Submitted Event Title * @param string $eventDesc Submitted Event Description * @param string $eventDates String describing date range * @param integer $occurs Number of event occurrences * @return void */ function notice_public_event($subName, $subEmail, $adminMessage, $locID, $locName, $locAddress, $locAddress2, $locCity, $locState, $locCountry, $locZip, $eventTitle, $eventDesc, $eventDates, $occurs) { global $hc_cfg, $hc_lang_config, $hc_lang_submit; $resultE = doQuery("SELECT a.FirstName, a.LastName, a.Email\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "adminnotices n\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "admin a ON (n.AdminID = a.PkID)\r\n\t\t\t\t\t\tWHERE a.IsActive = 1 AND n.IsActive = 1 AND n.TypeID = 0"); if (hasRows($resultE)) { $toNotice = array(); while ($row = mysql_fetch_row($resultE)) { $toNotice[trim($row[0] . ' ' . $row[1])] = $row[2]; } $user_level = isset($_SESSION['UserLevel']) ? cIn($_SESSION['UserLevel']) : 0; $subject = $hc_lang_submit['NoticeSubject'] . ' - ' . CalName; $message = '<p>' . $hc_lang_submit['NoticeEmail1'] . '</p> <p> <b>' . $hc_lang_submit['NoticeEmail2'] . '</b> ' . $subName . ' - ' . $subEmail . '<br /> <b>' . $hc_lang_submit['NoticeEmail5'] . '</b> ' . $hc_lang_submit['NoticeEmail5' . $user_level] . '<br /> <b>' . $hc_lang_submit['NoticeEmail3'] . '</b> ' . strip_tags($_SERVER['REMOTE_ADDR']) . ' </p> '; $message .= $adminMessage != '' ? '<p><b>' . $hc_lang_submit['NoticeEmail4'] . '</b> ' . cOut(str_replace('<br />', ' ', strip_tags(cleanBreaks($adminMessage), '<br>'))) . '</p>' : ''; $message .= ' <p> '; if ($locID == 0) { $message .= $locName . ', '; $message .= str_replace('<br />', ' ', strip_tags(buildAddress($locAddress, $locAddress2, $locCity, $locState, $locZip, $locCountry, $hc_lang_config['AddressType']), '<br>')); } else { $result = doQuery("SELECT Name, Address, Address2, City, State, Country, Zip FROM " . HC_TblPrefix . "locations WHERE PkID = '" . cIn($locID) . "'"); $message .= mysql_result($result, 0, 0) . ', '; $message .= str_replace('<br />', ' ', strip_tags(buildAddress(mysql_result($result, 0, 1), mysql_result($result, 0, 2), mysql_result($result, 0, 3), mysql_result($result, 0, 4), mysql_result($result, 0, 5), mysql_result($result, 0, 6), $hc_lang_config['AddressType']), '<br>')); } $message .= ' </p> <p> <b>' . $hc_lang_submit['EventTitle'] . '</b> ' . cOut($eventTitle) . '<br /> ' . ($occurs > 0 ? '<b>' . $hc_lang_submit['Occurs'] . '</b> ' . cOut($eventDates) . ' (x' . $occurs . ')<br />' : '') . ' </p> <p>' . cOut(strip_tags($eventDesc)) . '</p> <p><a href="' . AdminRoot . '">' . AdminRoot . '</a></p>'; reMail('', $toNotice, $subject, $message); } }
$eName = mysql_result($result, 0, 4); $eEmail = mysql_result($result, 0, 5); $filename = clean_filename(cleanQuotes(strip_tags(mysql_result($result, 0, 0)))); if (mysql_result($result, 0, 3) == 0) { $eventTime = stampToDate("1980-01-01 " . mysql_result($result, 0, 2), $hc_cfg[23]); } elseif (mysql_result($result, 0, 3) == 1) { $eventTime = $hc_lang_register['AllDay']; } elseif (mysql_result($result, 0, 3) == 2) { $eventTime = $hc_lang_register['TBA']; } $rsvps = array(fetch_event_rsvp($eID, $hc_lang_register['CSVHeader']), cIn($filename) . ".csv", 'text/csv'); if (hasRows($result)) { $subject = $hc_lang_register['RosterSubject'] . ' - ' . CalName; $message = '<p> ' . $hc_lang_register['RosterEmailA'] . ' </p> <p> ' . $hc_lang_register['RosterEmailC'] . ' ' . strftime($hc_cfg[24] . ' ' . $hc_cfg[23], strtotime(SYSDATE . ' ' . SYSTIME)) . ' </p> <p> <b>' . mysql_result($result, 0, 0) . '</b><br />' . stampToDate(mysql_result($result, 0, 1), $hc_cfg[14]) . ' - ' . $eventTime . ' <br /><a href="' . CalRoot . '/index.php?eID=' . $eID . '">' . CalRoot . '/index.php?eID=' . $eID . '</a> </p> <p> <b>' . $hc_lang_register['SpacesRequested'] . '</b> ' . mysql_result($result, 0, 7) . ' ' . $hc_lang_register['Of'] . ' ' . mysql_result($result, 0, 6) . ' </p>'; reMail($eName, $eEmail, $subject, $message, $hc_cfg[79], $hc_cfg[78], $rsvps); $target = AdminRoot . '/index.php?com=eventedit&eID=' . $eID . "&msg=6"; } } header("Location: " . $target);
// Moxiemanager Session Variables $_SESSION['moxman_isauth'] = $_SESSION['AdminLoggedIn']; $_SESSION['moxman.filesystem.rootpath'] = CalName . ' Images=../../../../uploads'; $_SESSION['moxman.filesystem.local.urlprefix'] = CalRoot; $_SESSION['moxman.storage.path'] = '../../../../uploads'; } doQuery("UPDATE " . HC_TblPrefix . "admin SET LoginCnt = LoginCnt + 1, PCKey = NULL, Access = '" . cIn(md5(session_id())) . "', LastLogin = NOW() WHERE PkID = '" . cIn($_SESSION['AdminPkID']) . "'"); doQuery("INSERT INTO " . HC_TblPrefix . "adminloginhistory(AdminID, IP, Client, LoginTime) Values('" . $_SESSION['AdminPkID'] . "', '" . cIn(strip_tags($_SERVER["REMOTE_ADDR"])) . "', '" . cIn(strip_tags($_SERVER["HTTP_USER_AGENT"])) . "', NOW())"); startNewSession(); header('Location: ' . AdminRoot . '/index.php?com=' . $com); exit; } } else { doQuery("INSERT INTO " . HC_TblPrefix . "adminloginhistory(AdminID,IP,Client,LoginTime,IsFail) Values('" . cIn(mysql_result($result, 0, 0)) . "','" . cIn(strip_tags($_SERVER["REMOTE_ADDR"])) . "','" . cIn(strip_tags($_SERVER["HTTP_USER_AGENT"])) . "',NOW(),1)"); } $resultE = doQuery("SELECT a.FirstName, a.LastName, a.Email\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "adminnotices n\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "admin a ON (n.AdminID = a.PkID)\r\n\t\t\t\t\t\t\tWHERE a.IsActive = 1 AND n.IsActive = 1 AND n.TypeID = 2"); if (hasRows($resultE)) { $toNotice = array(); while ($row = mysql_fetch_row($resultE)) { $toNotice[trim($row[0] . ' ' . $row[1])] = $row[2]; } $subject = $hc_lang_login['FailedSubject']; $message = '<p>' . $hc_lang_login['FailedMsg'] . '</p>'; $message .= '<p><b>' . $hc_lang_login['Username'] . '</b> ' . $_POST['username'] . '<br /><b>' . $hc_lang_login['IP'] . '</b> ' . strip_tags($_SERVER["REMOTE_ADDR"]) . '<br /><b>' . $hc_lang_login['Time'] . '</b> ' . date("Y-m-d H:i:s ") . '<br /><b>' . $hc_lang_login['UserAgent'] . '</b> ' . strip_tags($_SERVER["HTTP_USER_AGENT"]); $message .= $unlocked == 0 ? '<p>' . $hc_lang_login['LockNotice'] . '</p>' : ''; $message .= '<p><a href="' . AdminRoot . '/">' . AdminRoot . '/</a></p>'; reMail('', $toNotice, $subject, $message); } } } header('Location: ' . AdminRoot . '/index.php?lmsg=' . $msg);