function subscribe($lang) { global $sitekey, $system_languages; $with_locale = count($system_languages) > 1; // true, false $with_captcha = true; $action = 'init'; if (isset($_POST['subscribe_send'])) { $action = 'subscribe'; } $confirmed = $code = $token = false; $user_mail = user_profile('mail'); $user_locale = user_profile('locale'); if (!$user_locale) { $user_locale = $lang; } $unsubscribe_page = false; switch ($action) { case 'init': if ($sitekey) { $unsubscribe_page = url('newsletterunsubscribe', $lang); } break; case 'subscribe': if (isset($_POST['subscribe_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['subscribe_mail']))); } if ($with_locale) { if (isset($_POST['subscribe_locale'])) { $user_locale = readarg($_POST['subscribe_locale']); } } if (isset($_POST['subscribe_confirmed'])) { $confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false; } if (isset($_POST['subscribe_code'])) { $code = readarg($_POST['subscribe_code']); } if (isset($_POST['subscribe_token'])) { $token = readarg($_POST['subscribe_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $missing_locale = false; $bad_locale = false; $missing_confirmation = false; $email_registered = false; $internal_error = false; $contact_page = false; switch ($action) { case 'subscribe': if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) { $bad_mail = true; } else { if (newsletter_get_user($user_mail)) { $duplicated_mail = true; } } } if ($with_locale) { if (!$user_locale) { $missing_locale = true; } else { if (!validate_locale($user_locale)) { $bad_locale = true; } } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'subscribe': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) { break; } $r = newsletter_create_user($user_mail, $user_locale); if (!$r) { $internal_error = true; break; } require_once 'serveripaddress.php'; require_once 'emailme.php'; global $sitename; $ip = server_ip_address(); $timestamp = strftime('%Y-%m-%d %H:%M:%S', time()); $subject = 'subscribe' . '@' . $sitename; $msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail; @emailme($subject, $msg); $email_registered = true; $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['subscribe_token'] = $token = token_id(); $errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_registered'); $output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos')); return $output; }
function remindme($lang) { $with_name = true; $with_captcha = true; $action = 'init'; if (isset($_POST['remindme_send'])) { $action = 'remindme'; } $login = $confirmed = $code = $token = false; if (!empty($_SESSION['login'])) { $login = $_SESSION['login']; } else { if (!empty($_SESSION['user']['name'])) { $login = $_SESSION['user']['name']; } else { if (!empty($_SESSION['user']['mail'])) { $login = $_SESSION['user']['mail']; } } } switch ($action) { case 'remindme': if (isset($_POST['remindme_login'])) { $login = strtolower(strflat(readarg($_POST['remindme_login']))); } if (isset($_POST['remindme_confirmed'])) { $confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false; } if (isset($_POST['remindme_code'])) { $code = readarg($_POST['remindme_code']); } if (isset($_POST['remindme_token'])) { $token = readarg($_POST['remindme_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_login = false; $bad_login = false; $missing_confirmation = false; $email_sent = false; $user_page = false; $internal_error = false; $contact_page = false; switch ($action) { case 'remindme': if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$login) { $missing_login = true; } else { if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) { $bad_login = true; } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'remindme': if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) { break; } require_once 'models/user.inc'; $user_id = user_find($login); if (!$user_id) { $bad_login = true; require_once 'log.php'; write_log('password.err', substr($login, 0, 40)); break; } $user = user_get($user_id); if (!$user) { $internal_error = true; break; } if (!$user['user_active'] or $user['user_banned']) { $bad_login = true; break; } require_once 'newpassword.php'; $newpassword = newpassword(); if (!user_set_newpassword($user_id, $newpassword)) { $internal_error = true; break; } require_once 'emailcrypto.php'; global $sitename, $webmaster; $to = $user['user_mail']; $subject = translate('email:new_password_subject', $lang); $msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang); if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) { $internal_error = true; } else { $email_sent = $to; } $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } else { if ($email_sent) { $user_page = url('user', $lang); } } $_SESSION['remindme_token'] = $token = token_id(); $errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_sent', 'user_page'); $output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos')); return $output; }
function unsubscribe($lang) { $with_captcha = true; $action = 'init'; if (isset($_POST['unsubscribe_send'])) { $action = 'unsubscribe'; } $confirmed = $code = $token = false; $user_mail = user_profile('mail'); $subscribe_page = false; switch ($action) { case 'init': $subscribe_page = url('newslettersubscribe', $lang); break; case 'unsubscribe': if (isset($_POST['unsubscribe_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail']))); } if (isset($_POST['unsubscribe_confirmed'])) { $confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false; } if (isset($_POST['unsubscribe_code'])) { $code = readarg($_POST['unsubscribe_code']); } if (isset($_POST['unsubscribe_token'])) { $token = readarg($_POST['unsubscribe_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $unknown_mail = false; $missing_confirmation = false; $mail_unsubscribed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'unsubscribe': if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) { $bad_mail = true; } else { if (!newsletter_get_user($user_mail)) { $unknown_mail = true; } } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'unsubscribe': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) { break; } require_once 'urlencodeaction.php'; $id = 1; // confirmnewsletterunsubscribe, see saction $param = $user_mail; $s64 = urlencodeaction($id, $param); if (!$s64) { $internal_error = true; break; } $saction_page = url('saction', $lang); if (!$saction_page) { $internal_error = true; break; } global $base_url; $url = $base_url . $saction_page . '/' . $s64; require_once 'emailtext.php'; $to = $user_mail; $subject = translate('newsletter:unregister_subject', $lang); $f = translate('newsletter:unregister_text', $lang); $s = sprintf($f, $url); $msg = $s . "\n\n" . translate('email:salutations', $lang); emailtext($msg, $to, $subject, false); $mail_unsubscribed = $user_mail; $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['unsubscribe_token'] = $token = token_id(); $errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('mail_unsubscribed'); $output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos')); return $output; }