/** * Standard modular run function for snippet hooks. Generates XHTML to insert into a page using AJAX. * * @return tempcode The snippet */ function run() { if (get_option('is_on_comments') == '0') { warn_exit(do_lang_tempcode('INTERNAL_ERROR')); } $serialized_options = get_param('serialized_options', false, true); $hash = get_param('hash'); if (best_hash($serialized_options, get_site_salt()) != $hash) { warn_exit(do_lang_tempcode('INTERNAL_ERROR')); } secure_serialized_data($serialized_options); list($topic_id, $num_to_show_limit, $allow_comments, $invisible_if_no_comments, $forum, $reverse, $may_reply, $highlight_by_user, $allow_reviews) = unserialize($serialized_options); $posts = array_map('intval', explode(',', get_param('ids', false, true))); $_parent_id = get_param('id', ''); $parent_id = $_parent_id == '' ? mixed() : intval($_parent_id); require_code('topics'); $renderer = new OCP_Topic(); return $renderer->render_posts_from_topic($topic_id, $num_to_show_limit, $allow_comments, $invisible_if_no_comments, $forum, NULL, $reverse, $may_reply, $highlight_by_user, $allow_reviews, $posts, $parent_id); }
/** * Render a topic. * * @param ?integer Number of posts to show initially (NULL: no limit) * @param integer Maximum thread depth * @param boolean Whether the current user may reply to the topic (influences what buttons show) * @param ?MEMBER User to highlight the posts of (NULL: none) * @param array Review ratings rows * @param AUTO_LINK ID of forum this topic in in * @param ?AUTO_LINK Only show posts under here (NULL: show posts from root) * @param boolean Whether to just render everything as flat (used when doing AJAX post loading). NOT actually used since we wrote better post-orphaning-fixing code. * @return array Tuple: Rendered topic, serialized options to render more posts, secure hash of serialized options to prevent tampering */ function render_posts($num_to_show_limit, $max_thread_depth, $may_reply, $highlight_by_user, $all_individual_review_ratings, $forum_id, $parent_post_id = NULL, $maybe_missing_links = false) { require_code('feedback'); if (get_forum_type() == 'ocf' && !addon_installed('ocf_forum')) { return array(); } $posts = array(); $queue = $this->all_posts_ordered; if (!is_null($parent_post_id) && !$maybe_missing_links) { $queue = $this->_grab_at_and_underneath($parent_post_id, $queue); } if (is_null($this->is_threaded)) { $this->is_threaded = false; } if (is_null($num_to_show_limit) || !$this->is_threaded) { $posts = $queue; $queue = array(); } else { $posts = $this->_decide_what_to_render($num_to_show_limit, $queue); } require_javascript('javascript_ajax'); require_javascript('javascript_more'); require_javascript('javascript_thumbnails'); // Precache member/group details in one fell swoop if (get_forum_type() == 'ocf') { require_code('ocf_topicview'); $members = array(); foreach ($posts as $_postdetails) { $members[$_postdetails['p_poster']] = 1; } ocf_cache_member_details(array_keys($members)); } if (!is_null($this->topic_id)) { // If FALSE then Posts will have been passed in manually as full already anyway $posts = $this->_grab_full_post_details($posts); } if ($this->is_threaded) { $tree = $this->_arrange_posts_in_tree($parent_post_id, $posts, $queue, $max_thread_depth); if (count($posts) != 0) { global $M_SORT_KEY; $M_SORT_KEY = 'date'; usort($posts, 'multi_sort'); while (count($posts) != 0) { $orphaned_post = array_shift($posts); $tree2 = $this->_arrange_posts_in_tree($orphaned_post['id'], $posts, $queue, $max_thread_depth); $orphaned_post['parent_id'] = NULL; $orphaned_post['children'] = $tree2; $tree[0][] = $orphaned_post; } } } else { $tree = array($posts); } $ret = $this->_render_post_tree($num_to_show_limit, $tree, $may_reply, $highlight_by_user, $all_individual_review_ratings, $forum_id); $other_ids = mixed(); if ($this->is_threaded) { $other_ids = array(); foreach ($tree[1] as $u) { $other_ids[] = strval($u['id']); } } $ret->attach(do_template('POST_CHILD_LOAD_LINK', array('NUM_TO_SHOW_LIMIT' => strval($num_to_show_limit), 'OTHER_IDS' => $other_ids, 'ID' => '', 'CHILDREN' => count($other_ids) == 0 ? '' : '1'))); if (!is_null($this->topic_id)) { $serialized_options = serialize(array($this->topic_id, $num_to_show_limit, true, false, strval($forum_id), $this->reverse, $may_reply, $highlight_by_user, count($all_individual_review_ratings) != 0)); $hash = best_hash($serialized_options, get_site_salt()); } else { $serialized_options = mixed(); $hash = mixed(); } return array($ret, $serialized_options, $hash); }
/** * The UI to view subscribers on the newsletter. * * @return tempcode The UI */ function view_subscribers() { $title = get_page_title('VIEW_NEWSLETTER_SUBSCRIBERS'); $lang = choose_language($title); if (is_object($lang)) { return $lang; } $id = either_param('id', NULL); $level = get_param_integer('level', NULL); require_lang('ocf'); // Select newsletter if (is_null($id)) { $fields = new ocp_tempcode(); require_code('form_templates'); // Selection $newsletters = new ocp_tempcode(); $rows = $GLOBALS['SITE_DB']->query_select('newsletters', array('id', 'title')); foreach ($rows as $newsletter) { $newsletters->attach(form_input_list_entry(strval($newsletter['id']), false, get_translated_text($newsletter['title']))); } if (get_forum_type() == 'ocf') { $newsletters->attach(form_input_list_entry('-1', false, do_lang_tempcode('NEWSLETTER_OCF'))); $groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(); foreach ($groups as $group_id => $group) { if ($group_id != db_get_first_id()) { $map = array(); $map['g' . strval($group_id)] = 1; $_c = newsletter_who_send_to($map, $lang, 0, 0); $c6 = $_c[6]['g' . strval($group_id)]; if ($c6 != 0) { $newsletters->attach(form_input_list_entry('g' . strval($group_id), false, do_lang_tempcode('THIS_WITH', do_lang_tempcode('GROUP'), make_string_tempcode(escape_html($group))))); } } } } if ($newsletters->is_empty()) { inform_exit(do_lang_tempcode('NO_CATEGORIES')); } $fields->attach(form_input_list(do_lang_tempcode('NEWSLETTER'), '', 'id', $newsletters)); // CSV option $fields->attach(form_input_tick(do_lang_tempcode('DOWNLOAD_AS_CSV'), do_lang_tempcode('DESCRIPTION_DOWNLOAD_AS_CSV'), 'csv', false)); $submit_name = do_lang_tempcode('VIEW_SUBSCRIBERS'); $post_url = get_self_url(); $prune_url = build_url(array('page' => '_SELF', 'type' => 'bounce_filter_a'), '_SELF'); return do_template('FORM_SCREEN', array('GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'TITLE' => $title, 'TEXT' => do_lang_tempcode('NEWSLETTER_SUBSCRIBERS_FORM', escape_html($prune_url->evaluate())), 'FIELDS' => $fields, 'SUBMIT_NAME' => $submit_name, 'URL' => $post_url)); } // Send to CSV file? $csv = either_param_integer('csv', 0); if ($csv == 1) { $filename = 'subscribers_' . $id . '.csv'; header('Content-type: text/csv'); if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) { header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($filename))) . '"'); } else { header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($filename))) . '"'); } @ini_set('ocproducts.xss_detect', '0'); } // Show subscribers $levels = is_null($level) ? $id == '-1' || substr($id, 0, 1) == 'g' ? array(4) : array(1, 2, 3, 4) : array($level); $outs = array(); foreach ($levels as $level) { $max = get_param_integer('max_' . (is_null($level) ? '' : strval($level)), 100); $start = get_param_integer('start_' . (is_null($level) ? '' : strval($level)), 0); $max_rows = 0; if (is_null($level)) { $map[$id] = 1; // $id will be -1 $_c = newsletter_who_send_to($map, $lang, 0, 0, true); if (isset($_c[6][$id])) { $max_rows = $_c[6][$id]; } } else { $map[$id] = $level; // We're requesting that we probe subscribers of $id on $level $_c = newsletter_who_send_to($map, $lang, 0, 0, true); if (isset($_c[6][$id])) { $max_rows = $_c[6][$id]; } } $num = 0; $start2 = 0; do { $map = array(); if (is_null($level)) { $map[$id] = 1; // $id will be -1 $_c = newsletter_who_send_to($map, $lang, $start + $start2, $max, true); } else { $map[$id] = $level; // We're requesting that we probe subscribers of $id on $level $_c = newsletter_who_send_to($map, $lang, $start + $start2, $max, true); } $rows = $_c[7]; if ($csv == 1) { if ($start2 == 0) { if (!is_null($level)) { echo '"LEVEL ' . do_lang('NEWSLETTER_' . strval($level)) . '"' . chr(10); } echo '"' . str_replace('"', '""', do_lang('EMAIL_ADDRESS')) . '",' . '"' . str_replace('"', '""', do_lang('FORENAME')) . '",' . '"' . str_replace('"', '""', do_lang('SURNAME')) . '",' . '"' . str_replace('"', '""', do_lang('NAME')) . '",' . '"' . str_replace('"', '""', do_lang('NEWSLETTER_SEND_ID')) . '",' . '"' . str_replace('"', '""', do_lang('NEWSLETTER_HASH')) . '",' . '"' . str_replace('"', '""', do_lang('PASSWORD_HASH')) . '",' . '"' . str_replace('"', '""', do_lang('SALT')) . '",' . '"' . str_replace('"', '""', do_lang('LANGUAGE')) . '",' . '"' . str_replace('"', '""', do_lang('CONFIRM_CODE')) . '",' . '"' . str_replace('"', '""', do_lang('JOIN_DATE')) . '"' . chr(10); } } else { $out = ''; } foreach ($rows as $r) { $email = array_key_exists('email', $r) ? $r['email'] : $r['m_email_address']; $forename = array_key_exists('n_forename', $r) ? $r['n_forename'] : ''; $surname = array_key_exists('n_surname', $r) ? $r['n_surname'] : ''; $name = array_key_exists('m_username', $r) ? $r['m_username'] : ''; $salt = array_key_exists('pass_salt', $r) ? $r['pass_salt'] : ''; $_lang = array_key_exists('language', $r) ? $r['language'] : ''; $confirm_code = array_key_exists('confirm_code', $r) ? $r['confirm_code'] : 0; $join_time = array_key_exists('join_time', $r) ? $r['join_time'] : time(); $send_id = (array_key_exists('m_username', $r) ? 'm' : 'n') . (array_key_exists('id', $r) ? strval($r['id']) : $email); $hash = array_key_exists('the_password', $r) ? $r['the_password'] : ''; $unsub = array_key_exists('the_password', $r) ? best_hash($r['the_password'], 'xunsub') : ''; if ($csv == 1) { echo '"' . str_replace('"', '""', $email) . '",' . '"' . str_replace('"', '""', $forename) . '",' . '"' . str_replace('"', '""', $surname) . '",' . '"' . str_replace('"', '""', $name) . '",' . '"' . str_replace('"', '""', $send_id) . '",' . '"' . str_replace('"', '""', $unsub) . '",' . '"' . str_replace('"', '""', $hash) . '",' . '"' . str_replace('"', '""', $salt) . '",' . '"' . str_replace('"', '""', $_lang) . '",' . '"' . str_replace('"', '""', strval($confirm_code)) . '",' . '"' . str_replace('"', '""', date('Y-m-d h:i:s', $join_time)) . '"' . chr(10); } else { $tpl = do_template('NEWSLETTER_SUBSCRIBER', array('EMAIL' => $email, 'FORENAME' => $forename, 'SURNAME' => $surname, 'NAME' => $name, 'NEWSLETTER_SEND_ID' => $send_id, 'NEWSLETTER_HASH' => $hash)); $out .= $tpl->evaluate(); } } $start2 += $max; } while ($csv == 1 && array_key_exists(0, $rows)); if (count($rows) == 0 && $start2 == 0) { if ($csv == 1) { echo '"(' . do_lang('NONE') . ')"' . chr(10); } else { } } $text = do_lang_tempcode('NEWSLETTER_PEOPLE_ON_LEVEL', is_numeric($level) && intval($level) > 0 ? make_string_tempcode(escape_html(do_lang('NEWSLETTER_' . strval($level)))) : do_lang_tempcode('NA_EM')); if ($csv == 1) { } else { require_code('templates_results_browser'); $results_browser = results_browser(do_lang_tempcode('VIEW_NEWSLETTER_SUBSCRIBERS'), NULL, $start, 'start_' . (is_null($level) ? '' : strval($level)), $max, 'max_' . (is_null($level) ? '' : strval($level)), $max_rows, NULL, 'subscribers', true); $outs[] = array('RESULTS_BROWSER' => $results_browser, 'SUB' => $out, 'TEXT' => $text); } } if ($csv == 1) { $GLOBALS['SCREEN_TEMPLATE_CALLED'] = ''; exit; } // Work out stats of what domains are used $domains = array(); $start = 0; do { if (strpos(get_db_type(), 'mysql') !== false) { $rows = $GLOBALS['SITE_DB']->query_select('newsletter', array('email', 'COUNT(*) as cnt'), NULL, 'GROUP BY SUBSTRING_INDEX(email,\'@\',-1)'); // Far less PHP processing } else { $rows = $GLOBALS['SITE_DB']->query_select('newsletter', array('email'), NULL, 500, $start); } foreach ($rows as $row) { $email = $row['email']; if (strpos($email, '@') === false) { continue; } $domain = substr($email, strpos($email, '@') + 1); if (!is_string($domain)) { continue; } $cnt = array_key_exists('cnt', $row) ? $row['cnt'] : 1; if (!array_key_exists($domain, $domains)) { $domains[$domain] = 0; } $domains[$domain] += $cnt; } $start += 500; } while (array_key_exists(0, $rows) && strpos(get_db_type(), 'mysql') === false); arsort($domains); foreach ($domains as $key => $val) { $domains[$key] = strval($val); if (count($domains) > 100) { if ($val == 1) { unset($domains[$key]); } } } return do_template('NEWSLETTER_SUBSCRIBERS_SCREEN', array('_GUID' => '52e5d97d451b622d59f87f021a5b8f01', 'DOMAINS' => $domains, 'SUBSCRIBERS' => $outs, 'TITLE' => $title)); }
/** * Do an AJAX comment post */ function post_comment_script() { header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past // Read in context of what we're doing $options = post_param('options'); secure_serialized_data($options); list($page_name, $content_id, $allow_comments, $submitter, $content_url, $content_title, $forum) = unserialize($options); // Check security $hash = post_param('hash'); if (best_hash($options, get_site_salt()) != $hash) { header('Content-Type: text/plain; charset=' . get_charset()); exit; } // Post comment actualise_post_comment($allow_comments >= 1, $page_name, $content_id, $content_url, $content_title, $forum); // Get new comments state $comment_details = get_comments($page_name, $allow_comments == 1, $content_id, false, $forum, NULL, NULL, false, false, $submitter, $allow_comments == 2); // And output as text header('Content-Type: text/plain; charset=' . get_charset()); $comment_details->evaluate_echo(); }
/** * Standard modular run function for CRON hooks. Searches for tasks to perform. */ function run() { //if (!running_script('execute_temp')) return; $time_now = time(); //$time_now=1335726076; $last_cron_time = intval(get_value('last_welcome_mail_time')); if ($last_cron_time == 0) { $last_cron_time = $time_now - 24 * 60 * 60 * 7; } set_value('last_welcome_mail_time', strval($time_now)); //$last_cron_time=$time_now-60*60*1; require_code('mail'); $GLOBALS['NO_DB_SCOPE_CHECK'] = true; $mails = $GLOBALS['SITE_DB']->query_select('f_welcome_emails', array('*')); $GLOBALS['NO_DB_SCOPE_CHECK'] = false; foreach ($mails as $mail) { $send_seconds_after_joining = $mail['w_send_time'] * 60 * 60; $newsletter_style = get_value('welcome_nw_choice') === '1' && !is_null($mail['w_newsletter']) || get_value('welcome_nw_choice') !== '1' && ($mail['w_newsletter'] == 1 || get_forum_type() != 'ocf'); if ($newsletter_style) { if (addon_installed('newsletter')) { // Think of it like this, m_join_time (members join time) must between $last_cron_time and $time_now, but offset back by $send_seconds_after_joining $where = ' WHERE join_time>' . strval($last_cron_time - $send_seconds_after_joining) . ' AND join_time<=' . strval($time_now - $send_seconds_after_joining) . ' AND (the_level=3 OR the_level=4)'; if (get_value('welcome_nw_choice') === '1') { $where .= ' AND newsletter_id=' . strval($mail['w_newsletter']); } $members = $GLOBALS['SITE_DB']->query('SELECT s.email AS m_email_address,the_password,n_forename,n_surname,n.id,join_time AS m_join_time FROM ' . get_table_prefix() . 'newsletter_subscribe s JOIN ' . get_table_prefix() . 'newsletter n ON n.email=s.email ' . $where . ' GROUP BY s.email'); } else { $members = array(); } } else { // Think of it like this, m_join_time (members join time) must between $last_cron_time and $time_now, but offset back by $send_seconds_after_joining $where = ' WHERE m_join_time>' . strval($last_cron_time - $send_seconds_after_joining) . ' AND m_join_time<=' . strval($time_now - $send_seconds_after_joining); if (get_option('allow_email_from_staff_disable') == '1') { $where .= ' AND m_allow_emails=1'; } $query = 'SELECT m_email_address,m_username,id,m_join_time FROM ' . get_table_prefix() . 'f_members' . $where; $members = $GLOBALS['FORUM_DB']->query($query); } //var_dump($members);exit(); foreach ($members as $member) { $subject = get_translated_text($mail['w_subject'], NULL, get_lang($member['id'])); $text = get_translated_text($mail['w_text'], NULL, get_lang($member['id'])); $_text = do_template('NEWSLETTER_DEFAULT', array('CONTENT' => $text, 'LANG' => get_site_default_lang())); for ($i = 0; $i < 100; $i++) { if (strpos($text, '{{' . strval($i) . '}}') !== false) { $text = str_replace('{{' . strval($i) . '}}', get_timezoned_date($time_now + $i * 60 * 60 * 24), $text); } } if ($member['m_email_address'] != '') { $message = $_text->evaluate(get_lang($member['id'])); if ($newsletter_style) { $forename = $member['n_forename']; $surname = $member['n_surname']; $name = trim($forename . ' ' . $surname); require_lang('newsletter'); if ($name == '') { $name = do_lang('NEWSLETTER_SUBSCRIBER', get_site_name()); } } else { $forename = ''; $surname = ''; $name = $member['m_username']; } if (addon_installed('newsletter')) { if ($newsletter_style) { $sendid = 'n' . strval($member['id']); $hash = best_hash($member['the_password'], 'xunsub'); } else { $sendid = 'w' . strval('id'); $hash = ''; } require_code('newsletter'); $message = newsletter_variable_substitution($message, $subject, $forename, $surname, $name, $member['m_email_address'], $sendid, $hash); } if ($is_html) { require_code('tempcode_compiler'); $temp = template_to_tempcode($message); $message = $temp->evaluate(get_lang($member['id'])); } if (get_value('notification_safety_testing') === '1') { $test = $GLOBALS['SITE_DB']->query_value_null_ok('logged_mail_messages', 'm_date_and_time', array('m_subject' => $subject, 'm_to_email' => serialize(array($member['m_email_address'])))); if (!is_null($test)) { if ($test > $member['m_join_time']) { fatal_exit(do_lang('INTERNAL_ERROR') . ' [' . $member['m_email_address'] . ']'); } // otherwise they probably just resubscribed and hence bumped their time } } mail_wrap($subject, $message, array($member['m_email_address']), $name, '', '', 3, NULL, false, NULL, true, $is_html); } } } }
/** * Find a group of members the newsletter will go to. * * @param array A map describing what newsletters and newsletter levels the newsletter is being sent to * @param LANGUAGE_NAME The language * @param integer Start position in result set (results are returned in parallel for each category of result) * @param integer Maximum records to return from each category * @param boolean Whether to get raw rows rather than mailer-ready correspondance lists * @param string Serialized CSV data to also consider * @return array Returns a tuple of corresponding detail lists, emails,hashes,usernames,forenames,surnames,ids, and a record count for levels (depending on requests: csv, 1, <newsletterID>, g<groupID>) [record counts not returned if $start is not zero, for performance reasons] */ function newsletter_who_send_to($send_details, $lang, $start, $max, $get_raw_rows = false, $csv_data = '') { // Find who to send to $level = 0; $usernames = array(); $forenames = array(); $surnames = array(); $emails = array(); $ids = array(); $hashes = array(); $total = array(); $raw_rows = array(); // Standard newsletter subscribers $newsletters = $GLOBALS['SITE_DB']->query_select('newsletters', array('*')); foreach ($newsletters as $newsletter) { $this_level = array_key_exists(strval($newsletter['id']), $send_details) ? $send_details[strval($newsletter['id'])] : 0; if ($this_level != 0) { $where_lang = multi_lang() ? db_string_equal_to('language', $lang) . ' AND ' : ''; $query = ' FROM ' . get_table_prefix() . 'newsletter_subscribe s LEFT JOIN ' . get_table_prefix() . 'newsletter n ON n.email=s.email WHERE ' . $where_lang . 'code_confirm=0 AND s.newsletter_id=' . strval($newsletter['id']) . ' AND the_level>=' . strval((int) $this_level); $temp = $GLOBALS['SITE_DB']->query('SELECT n.id,n.email,the_password,n_forename,n_surname' . $query, $max, $start); if ($start == 0) { $test = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'newsletter_subscribe WHERE newsletter_id=' . strval($newsletter['id']) . ' AND the_level>=' . strval((int) $this_level)); if ($test > 10000) { $total[strval($newsletter['id'])] = $test; } else { $total[strval($newsletter['id'])] = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*)' . $query); } } foreach ($temp as $_temp) { if (!in_array($_temp['email'], $emails)) { if (!$get_raw_rows) { $emails[] = $_temp['email']; $forenames[] = $_temp['n_forename']; $surnames[] = $_temp['n_surname']; $username = trim($_temp['n_forename'] . ' ' . $_temp['n_surname']); if ($username == '') { $username = do_lang('NEWSLETTER_SUBSCRIBER', get_site_name()); } $usernames[] = $username; $ids[] = 'n' . strval($_temp['id']); $hashes[] = best_hash($_temp['the_password'], 'xunsub'); } else { $raw_rows[] = $_temp; } } } } $level = max($level, $this_level); } // OCF imports if (get_forum_type() == 'ocf') { $where_lang = multi_lang() ? '(' . db_string_equal_to('m_language', $lang) . ' OR ' . db_string_equal_to('m_language', '') . ') AND ' : ''; // Usergroups $groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(); foreach ($send_details as $_id => $is_on) { if (is_string($_id) && substr($_id, 0, 1) == 'g' && $is_on == 1) { $id = intval(substr($_id, 1)); global $SITE_INFO; if (isset($SITE_INFO['mysql_old']) && $SITE_INFO['mysql_old'] == '1' || !isset($SITE_INFO['mysql_old']) && is_file(get_file_base() . '/mysql_old')) { $query = 'SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_group_members g ON m.id=g.gm_member_id AND g.gm_validated=1 WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND (gm_group_id=' . strval($id) . ' OR m_primary_group=' . strval($id) . ')'; if (get_option('allow_email_from_staff_disable') == '1') { $query .= ' AND m_allow_emails=1'; } $query .= ' AND m_is_perm_banned=0'; } else { $query = 'SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_group_members g ON m.id=g.gm_member_id AND g.gm_validated=1 WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND gm_group_id=' . strval($id); if (get_option('allow_email_from_staff_disable') == '1') { $query .= ' AND m_allow_emails=1'; } $query .= ' AND m_is_perm_banned=0'; $query .= ' UNION SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND m_primary_group=' . strval($id); if (get_option('allow_email_from_staff_disable') == '1') { $query .= ' AND m_allow_emails=1'; } $query .= ' AND m_is_perm_banned=0'; } $_rows = $GLOBALS['FORUM_DB']->query(str_replace('xxxxx', 'm.id,m.m_email_address,m.m_username', $query), $max, $start, false, true); if ($start == 0) { $total['g' . strval($id)] = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT (' . str_replace(' UNION ', ') + (', str_replace('xxxxx', 'COUNT(*)', $query)) . ')', false, true); } foreach ($_rows as $row) { if (!in_array($row['m_email_address'], $emails)) { if (!$get_raw_rows) { $emails[] = $row['m_email_address']; $forenames[] = ''; $surnames[] = ''; $usernames[] = $row['m_username']; $ids[] = 'm' . strval($row['id']); $hashes[] = ''; } else { $raw_rows[] = $row; } } } } } // *All* OCF members (we could have chosen all usergroups, but for legacy reasons we still have this option) if (array_key_exists('-1', $send_details) ? $send_details['-1'] : 0 == 1) { $query = ' FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1'; if (get_option('allow_email_from_staff_disable') == '1') { $query .= ' AND m_allow_emails=1'; } $query .= ' AND m_is_perm_banned=0'; $_rows = $GLOBALS['FORUM_DB']->query('SELECT id,m_email_address,m_username' . $query, $max, $start); if ($start == 0) { $total['-1'] = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT COUNT(*)' . $query); } foreach ($_rows as $_temp) { if (!in_array($_temp['m_email_address'], $emails)) { if (!$get_raw_rows) { $emails[] = $_temp['m_email_address']; $forenames[] = ''; $surnames[] = ''; $usernames[] = $_temp['m_username']; $ids[] = 'm' . strval($_temp['id']); $hashes[] = ''; } else { $raw_rows[] = $_temp; } } } } } // From CSV if ($csv_data != '') { secure_serialized_data($csv_data, array()); $_csv_data = unserialize($csv_data); $email_index = 0; $forename_index = 1; $surname_index = 2; $username_index = 3; $id_index = 4; $hash_index = 5; if ($start == 0) { $total['csv'] = 0; } $pos = 0; foreach ($_csv_data as $i => $csv_line) { if ($i <= 1 && count($csv_line) >= 1 && isset($csv_line[0]) && strpos($csv_line[0], '@') === false && isset($csv_line[1]) && strpos($csv_line[1], '@') === false) { foreach ($csv_line as $j => $val) { if (in_array(strtolower($val), array('e-mail', 'email', 'email address', 'e-mail address'))) { $email_index = $j; } if (in_array(strtolower($val), array('forename', 'forenames', 'first name'))) { $forename_index = $j; } if (in_array(strtolower($val), array('surname', 'surnames', 'last name'))) { $surname_index = $j; } if (in_array(strtolower($val), array('username'))) { $username_index = $j; } if (in_array(strtolower($val), array('id', 'identifier'))) { $id_index = $j; } if (in_array(strtolower($val), array('hash', 'password', 'pass', 'code', 'secret'))) { $hash_index = $j; } } continue; } if (count($csv_line) >= 1 && !is_null($csv_line[$email_index]) && strpos($csv_line[$email_index], '@') !== false) { if ($pos >= $start && $pos - $start < $max) { if (!$get_raw_rows) { $emails[] = $csv_line[$email_index]; $forenames[] = array_key_exists($forename_index, $csv_line) ? $csv_line[$forename_index] : ''; $surnames[] = array_key_exists($surname_index, $csv_line) ? $csv_line[$surname_index] : ''; $usernames[] = array_key_exists($username_index, $csv_line) ? $csv_line[$username_index] : ''; $ids[] = array_key_exists($id_index, $csv_line) ? $csv_line[$id_index] : ''; $hashes[] = array_key_exists($hash_index, $csv_line) ? $csv_line[$hash_index] : ''; } else { $raw_rows[] = $csv_line; } } if ($start == 0) { $total['csv']++; } $pos++; } } } return array($emails, $hashes, $usernames, $forenames, $surnames, $ids, $total, $raw_rows); }
/** * The actualiser for unsubscribing from the newsletter. * * @return tempcode The UI */ function newsletter_unsubscribe() { $id = get_param_integer('id'); $hash = get_param('hash'); $_subscriber = $GLOBALS['SITE_DB']->query_select('newsletter', array('*'), array('id' => $id), '', 1); if (!array_key_exists(0, $_subscriber)) { fatal_exit(do_lang_tempcode('INTERNAL_ERROR')); } $subscriber = $_subscriber[0]; $needed_hash = best_hash($subscriber['the_password'], 'xunsub'); if ($hash != $needed_hash) { warn_exit(do_lang_tempcode('COULD_NOT_UNSUBSCRIBE')); } $title = get_page_title('NEWSLETTER_UNSUBSCRIBED'); $GLOBALS['SITE_DB']->query_delete('newsletter_subscribe', array('email' => $subscriber['email'])); return inform_screen($title, do_lang_tempcode('FULL_NEWSLETTER_UNSUBSCRIBED', escape_html(get_site_name()))); }