break;
case "view":
$subselect = "";
if (sizeof($_POST) || $_GET["unblacklist"]) {
print Error($GLOBALS['I18N']->get('you only have privileges to view this page, not change any of the information'));
return;
}
break;
case "none":
default:
$subselect = " and " . $tables["list"] . ".id = 0";
break;
}
if (isset($_GET["unblacklist"])) {
$unblacklist = sprintf('%d', $_GET["unblacklist"]);
unBlackList($unblacklist);
Redirect("userhistory&id=" . $unblacklist);
}
$result = Sql_query("SELECT * FROM {$tables["user"]} where id = {$id}");
if (!Sql_Affected_Rows()) {
Fatal_Error($GLOBALS['I18N']->get('no such User'));
return;
}
$user = sql_fetch_array($result);
print '<h3>' . $GLOBALS['I18N']->get('user') . ' ' . PageLink2("user&id=" . $user["id"], $user["email"]) . '</h3>';
print '<div class="actions">';
//printf('<a href="%s" class="button">%s</a>',getConfig("preferencesurl").
//'&uid='.$user["uniqid"],$GLOBALS['I18N']->get('update page'));
//printf('<a href="%s" class="button">%s</a>',getConfig("unsubscribeurl").'&uid='.$user["uniqid"],$GLOBALS['I18N']->get('unsubscribe page'));
print PageLinkButton("user&id={$id}", $GLOBALS['I18N']->get('Details'));
if ($access != "view") {
<?php
if (!defined('PHPLISTINIT')) {
die;
}
verifyCsrfGetToken();
if (isset($_GET['id'])) {
$userid = sprintf('%d', $_GET['id']);
}
if (empty($userid)) {
return;
}
if (!empty($_GET['blacklist'])) {
$email = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['user'], $userid));
if (!empty($email[0])) {
addUserToBlackList($email[0], s('Manually blacklisted by %s', $_SESSION['logindetails']['adminname']));
$status = 'OK';
}
} elseif (!empty($_GET['unblacklist'])) {
$email = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['user'], $userid));
if (!empty($email[0])) {
unBlackList($userid);
$status = 'OK';
}
}
function confirmPage($id)
{
global $tables, $envelope;
if (!$_GET["uid"]) {
FileNotFound();
}
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables["user"], sql_escape($_GET["uid"])));
$userdata = Sql_Fetch_Array($req);
if ($userdata["id"]) {
$blacklisted = isBlackListed($userdata["email"]);
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
$plugin->subscriberConfirmation($id, $userdata);
}
$html = '<ul>';
$lists = '';
Sql_Query("update {$tables["user"]} set confirmed = 1,blacklisted = 0 where id = " . $userdata["id"]);
# just in case the DB is not updated, should be merged with the above later
Sql_Query("update {$tables["user"]} set optedin = 1 where id = " . $userdata["id"], 1);
$subscriptions = array();
$req = Sql_Query(sprintf('select list.id,name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id']));
if (!Sql_Affected_Rows()) {
$lists = "\n * " . $GLOBALS["strNoLists"];
$html .= '<li>' . $GLOBALS["strNoLists"] . '</li>';
}
while ($row = Sql_fetch_array($req)) {
array_push($subscriptions, $row['id']);
$lists .= "\n *" . stripslashes($row["name"]);
$html .= '<li class="list">' . stripslashes($row["name"]) . '<div class="listdescription">' . stripslashes($row["description"]) . '</div></li>';
}
$html .= '</ul>';
if ($blacklisted) {
unBlackList($userdata['id']);
addUserHistory($userdata["email"], "Confirmation", s("Subscriber removed from Blacklist for manual confirmation of subscription"));
}
if (empty($_SESSION['subscriberConfirmed'])) {
addUserHistory($userdata["email"], "Confirmation", "Lists: {$lists}");
$confirmationmessage = str_ireplace('[LISTS]', $lists, getUserConfig("confirmationmessage:{$id}", $userdata["id"]));
if (!TEST) {
sendMail($userdata["email"], getConfig("confirmationsubject:{$id}"), $confirmationmessage, system_messageheaders(), $envelope);
$adminmessage = $userdata["email"] . " has confirmed their subscription";
if ($blacklisted) {
$adminmessage .= "\n\n" . s("Subscriber has been removed from blacklist");
}
sendAdminCopy("List confirmation", $adminmessage, $subscriptions);
addSubscriberStatistics('confirmation', 1);
}
}
$_SESSION['subscriberConfirmed'] = time();
$info = $GLOBALS["strConfirmInfo"];
} else {
logEvent("Request for confirmation for invalid user ID: " . substr($_GET["uid"], 0, 150));
$html .= 'Error: ' . $GLOBALS["strUserNotFound"];
$info = $GLOBALS["strConfirmFailInfo"];
}
$res = '<title>' . $GLOBALS["strConfirmTitle"] . '</title>';
$res .= $GLOBALS['pagedata']["header"];
$res .= '<h3>' . $info . '</h3>';
$res .= $html;
$res .= "<p>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $GLOBALS['pagedata']["footer"];
return $res;
}
function confirmPage($id)
{
global $tables, $envelope;
if (!$_GET['uid']) {
FileNotFound();
}
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid'])));
$userdata = Sql_Fetch_Array($req);
if ($userdata['id']) {
$html = '<ul>';
$lists = '';
$currently = Sql_Fetch_Assoc_Query("select confirmed from {$tables['user']} where id = " . $userdata['id']);
$blacklisted = isBlackListed($userdata['email']);
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
$plugin->subscriberConfirmation($id, $userdata);
}
Sql_Query("update {$tables['user']} set confirmed = 1,blacklisted = 0, optedin = 1 where id = " . $userdata['id']);
$subscriptions = array();
$req = Sql_Query(sprintf('select list.id,name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id']));
if (!Sql_Affected_Rows()) {
$lists = "\n * " . $GLOBALS['strNoLists'];
$html .= '<li>' . $GLOBALS['strNoLists'] . '</li>';
}
while ($row = Sql_fetch_array($req)) {
array_push($subscriptions, $row['id']);
$lists .= "\n *" . stripslashes($row['name']);
$html .= '<li class="list">' . stripslashes($row['name']) . '<div class="listdescription">' . stripslashes($row['description']) . '</div></li>';
}
$html .= '</ul>';
if ($blacklisted) {
unBlackList($userdata['id']);
addUserHistory($userdata['email'], 'Confirmation', s('Subscriber removed from Blacklist for manual confirmation of subscription'));
}
if (empty($_SESSION['subscriberConfirmed'])) {
$_SESSION['subscriberConfirmed'] = array();
}
## 17513 - don't process confirmation if the subscriber is already confirmed
if (empty($currently['confirmed']) && empty($_SESSION['subscriberConfirmed'][$userdata['email']])) {
addUserHistory($userdata['email'], 'Confirmation', "Lists: {$lists}");
$confirmationmessage = str_ireplace('[LISTS]', $lists, getUserConfig("confirmationmessage:{$id}", $userdata['id']));
if (!TEST) {
sendMail($userdata['email'], getConfig("confirmationsubject:{$id}"), $confirmationmessage, system_messageheaders(), $envelope);
$adminmessage = $userdata['email'] . ' has confirmed their subscription';
if ($blacklisted) {
$adminmessage .= "\n\n" . s('Subscriber has been removed from blacklist');
}
sendAdminCopy('List confirmation', $adminmessage, $subscriptions);
addSubscriberStatistics('confirmation', 1);
}
} else {
$html = $GLOBALS['strAlreadyConfirmed'];
}
$_SESSION['subscriberConfirmed'][$userdata['email']] = time();
$info = $GLOBALS['strConfirmInfo'];
} else {
logEvent('Request for confirmation for invalid user ID: ' . substr($_GET['uid'], 0, 150));
$html = 'Error: ' . $GLOBALS['strUserNotFound'];
$info = $GLOBALS['strConfirmFailInfo'];
}
$res = '<title>' . $GLOBALS['strConfirmTitle'] . '</title>';
$res .= $GLOBALS['pagedata']['header'];
$res .= '<h3>' . $info . '</h3>';
$res .= $html;
$res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
function confirmPage($id)
{
global $tables, $envelope;
if (!$_GET["uid"]) {
FileNotFound();
}
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_GET["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
if ($userdata["id"]) {
$blacklisted = isBlackListed($userdata["email"]);
$html = '<ul>';
$lists = '';
Sql_Query("update {$tables["user"]} set confirmed = 1,blacklisted = 0 where id = " . $userdata["id"]);
$req = Sql_Query(sprintf('select name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active', $tables['list'], $tables['listuser'], $userdata['id']));
if (!Sql_Affected_Rows()) {
$lists = "\n * " . $GLOBALS["strNoLists"];
$html .= '<li>' . $GLOBALS["strNoLists"] . '</li>';
}
while ($row = Sql_fetch_array($req)) {
$lists .= "\n *" . stripslashes($row["name"]);
$html .= '<li class="list">' . stripslashes($row["name"]) . '<div class="listdescription">' . stripslashes($row["description"]) . '</div></li>';
}
$html .= '</ul>';
if ($blacklisted) {
unBlackList($userdata['id']);
addUserHistory($userdata["email"], "Confirmation", "User removed from Blacklist for manual confirmation of subscription");
}
addUserHistory($userdata["email"], "Confirmation", "Lists: {$lists}");
$spage = $userdata["subscribepage"];
$confirmationmessage = ereg_replace('\\[LISTS\\]', $lists, getUserConfig("confirmationmessage:{$spage}", $userdata["id"]));
if (!TEST) {
sendMail($userdata["email"], getConfig("confirmationsubject:{$spage}"), $confirmationmessage, system_messageheaders(), $envelope);
$adminmessage = $userdata["email"] . " has confirmed their subscription";
if ($blacklisted) {
$adminmessage .= "\nUser has been removed from blacklist";
}
sendAdminCopy("List confirmation", $adminmessage);
addSubscriberStatistics('confirmation', 1);
}
$info = $GLOBALS["strConfirmInfo"];
} else {
logEvent("Request for confirmation for invalid user ID: " . substr($_GET["uid"], 0, 150));
$html .= 'Error: ' . $GLOBALS["strUserNotFound"];
$info = $GLOBALS["strConfirmFailInfo"];
}
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $data['language_file'])) {
@(include dirname(__FILE__) . '/texts/' . $data['language_file']);
}
$res = '<title>' . $GLOBALS["strConfirmTitle"] . '</title>';
$res .= $data["header"];
$res .= '<h1>' . $info . '</h1>';
$res .= $html;
$res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $data["footer"];
return $res;
}
