# fix the true/false issue
if ($id == 'true') {
$id = 1;
}
if ($id == 'false') {
$id = 0;
}
if (!$id) {
# pick a first
$req = Sql_Fetch_row_Query(sprintf('select ID from %s where active', $tables['subscribepage']));
$id = $req[0];
}
}
$pagedata = array();
if ($id) {
$GLOBALS['pagedata'] = PageData($id);
if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . basename($pagedata['language_file']))) {
@(include dirname(__FILE__) . '/texts/' . basename($pagedata['language_file']));
# Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'] . '/' . basename($pagedata['language_file']))) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/' . basename($pagedata['language_file']);
}
}
}
/*
We request you retain the inclusion of pagetop below. This will add invisible
additional information to your public pages.
This not only gives respect to the large amount of time given freely
by the developers but also helps build interest, traffic and use of
phpList, which is beneficial to it's future development.
mt_srand((double) microtime() * 1000000);
$randval = mt_rand();
if (empty($id) && isset($_GET['id'])) {
$id = sprintf('%d', $_GET["id"]);
} elseif (!isset($id)) {
$id = 0;
}
if (!$id && $_GET["page"] != "import1") {
Fatal_Error("Invalid call");
exit;
}
require_once dirname(__FILE__) . "/date.php";
$date = new Date();
## Check if input is complete
$allthere = 1;
$subscribepagedata = PageData($id);
if (isset($subscribepagedata['language_file']) && is_file(dirname(__FILE__) . '/../texts/' . basename($subscribepagedata['language_file']))) {
@(include_once dirname(__FILE__) . '/../texts/' . basename($subscribepagedata['language_file']));
}
# Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'] . '/' . basename($GLOBALS["language_module"]))) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/' . basename($GLOBALS["language_module"]);
}
if (!empty($data['language_file']) && is_file($_SERVER['DOCUMENT_ROOT'] . '/' . basename($data['language_file']))) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/' . basename($data['language_file']);
}
$required = array();
# id's of missing attribbutes
if (sizeof($subscribepagedata)) {
$attributes = explode('+', $subscribepagedata["attributes"]);
foreach ($attributes as $attribute) {
function forwardPage($id)
{
global $data, $tables, $envelope;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
## Check requirements
# user
if (!isset($_REQUEST["uid"]) || !$_REQUEST['uid']) {
FileNotFound();
}
$firstpage = 1;
## is this the initial page or a followup
# forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ', $tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
#0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
$emailCount++;
} else {
$info .= sprintf('<BR />' . $GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<BR />' . $GLOBALS["strForwardCountReached"];
$ok = false;
}
} else {
$ok = false;
}
# message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$req = Sql_Query(sprintf('select * from %s where id = %d', $tables["message"], $mid));
$messagedata = Sql_Fetch_Array($req);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
#mid set
## get userdata
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_REQUEST["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
$req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user"], $forwardemail));
$forwarduserdata = Sql_Fetch_Array($req);
#0011996: forward to friend - personal message
# text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />' . $GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata["id"] && $mid) {
if ($ok && count($emails)) {
## All is well, send it
require 'admin/sendemaillib.php';
#0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = getAttributeIDbyName(FORWARD_FRIEND_COUNT_ATTRIBUTE);
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
#0011860: forward to friend, multiple emails
foreach ($emails as $index => $email) {
#0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $email, $mid));
$info .= '<BR />' . $email . ': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
# forward the message
# sendEmail will take care of blacklisting
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS["strForwardSuccessInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " has forwarded a message {$mid} to {$email}");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
$nFriends++;
}
} else {
$info .= $GLOBALS["strForwardFailInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " tried forwarding a message {$mid} to {$email} but failed");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
}
# foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends, array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
}
#ok & emails
} else {
# no valid sender
logEvent("Forward request from invalid user ID: " . substr($_REQUEST["uid"], 0, 150));
$info .= '<BR />' . $GLOBALS["strForwardFailInfo"];
$ok = false;
}
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . basename($data['language_file']))) {
@(include dirname(__FILE__) . '/texts/' . basename($data['language_file']));
}
## BAS Multiple Forward
## build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
#0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$form .= '<BR /><H2>' . $GLOBALS['strForwardEnterEmail'] . '</H2>';
$form .= sprintf('<input type=text name="email" value="%s" size=50 class="attributeinput">', $forwardemail);
} else {
$form .= '<BR /><H2>' . sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT) . '</H2>';
$form .= sprintf('<textarea name="email" rows=10 cols=50 class="attributeinput">%s</textarea>', $forwardemail);
}
#0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$form .= sprintf('<h2>' . $GLOBALS['strForwardPersonalNote'] . '</H2>', FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$form .= sprintf('<BR/><textarea type=text name="personalNote" rows=%d cols=%d class="attributeinput">%s</textarea>', $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type=submit value="%s"></form>', $GLOBALS['strContinue']);
}
### END BAS
### Michiel, remote response page
$remote_content = '';
if (preg_match("/\\[URL:([^\\s]+)\\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://' . $url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\\[FORWARDFORM\\]/', $remote_content, $regs)) {
if ($firstpage) {
## this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info . $form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>' . $GLOBALS["strForwardTitle"] . '</title>';
$res .= $data["header"];
$res .= '<h1>' . $subtitle . '</h1>';
if ($ok) {
$res .= '<h2>' . $info . '</h2>';
} else {
$res .= '<div class="missing">' . $info . '</div>';
}
$res .= $form;
$res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $data["footer"];
}
### END MICHIEL
return $res;
}
function forwardPage($id)
{
global $tables, $envelope;
$html = '';
$subtitle = '';
if (!isset($_GET["uid"]) || !$_GET['uid']) {
FileNotFound();
}
$forwardemail = '';
if (isset($_GET['email'])) {
$forwardemail = $_GET['email'];
}
$mid = 0;
if (isset($_GET['mid'])) {
$mid = sprintf('%d', $_GET['mid']);
$req = Sql_Query(sprintf('select * from %s where id = %d', $tables["message"], $mid));
$messagedata = Sql_Fetch_Array($req);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'] . ' ' . stripslashes($messagedata['subject']);
}
}
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"" . $_GET["uid"] . "\"");
$userdata = Sql_Fetch_Array($req);
$req = Sql_Query(sprintf('select * from %s where email = "%s"', $tables["user"], $forwardemail));
$forwarduserdata = Sql_Fetch_Array($req);
if ($userdata["id"] && $mid) {
if (!is_email($forwardemail)) {
$info = $GLOBALS['strForwardEnterEmail'];
$html .= '<form method="get">';
$html .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$html .= sprintf('<input type=hidden name="id" value="%d">', $id);
$html .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$html .= sprintf('<input type=hidden name="p" value="forward">');
$html .= sprintf('<input type=text name="email" value="%s" size=35 class="attributeinput">', $forwardemail);
$html .= sprintf('<input type=submit value="%s"></form>', $GLOBALS['strContinue']);
} else {
# check whether the email to forward exists and whether they have received the message
if ($forwarduserdata['id']) {
$sent = Sql_Fetch_Row_Query(sprintf('select entered from %s where userid = %d and messageid = %d', $tables['usermessage'], $forwarduserdata['id'], $mid));
# however even if that's the case, we don't want to reveal this information
}
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'], $forwardemail, $mid));
if ($done['status'] === 'sent') {
$info = $GLOBALS['strForwardAlreadyDone'];
} else {
if (!TEST) {
# forward the message
require 'admin/sendemaillib.php';
# sendEmail will take care of blacklisting
if (sendEmail($mid, $forwardemail, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info = $GLOBALS["strForwardSuccessInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " has forwarded a message {$mid} to {$forwardemail}");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","sent",now())', $tables['user_message_forward'], $userdata['id'], $mid, $forwardemail));
} else {
$info = $GLOBALS["strForwardFailInfo"];
sendAdminCopy("Message Forwarded", $userdata["email"] . " tried forwarding a message {$mid} to {$forwardemail} but failed");
Sql_Query(sprintf('insert into %s (user,message,forward,status,time)
values(%d,%d,"%s","failed",now())', $tables['user_message_forward'], $userdata['id'], $mid, $forwardemail));
}
}
}
}
} else {
logEvent("Forward request from invalid user ID: " . substr($_GET["uid"], 0, 150));
$info = $GLOBALS["strForwardFailInfo"];
}
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $data['language_file'])) {
@(include dirname(__FILE__) . '/texts/' . $data['language_file']);
}
$res = '<title>' . $GLOBALS["strForwardTitle"] . '</title>';
$res .= $data["header"];
$res .= '<h1>' . $subtitle . '</h1>';
$res .= '<h2>' . $info . '</h2>';
$res .= $html;
$res .= "<P>" . $GLOBALS["PoweredBy"] . '</p>';
$res .= $data["footer"];
return $res;
}
function confirmPage($id) {
global $tables,$envelope;
if (!$_GET["uid"])
FileNotFound();
$req = Sql_Query("select * from {$tables["user"]} where uniqid = \"".$_GET["uid"]."\"");
$userdata = Sql_Fetch_Array($req);
if ($userdata["id"]) {
$html = '<ul>';
Sql_Query("update {$tables["user"]} set confirmed = 1 where id = ".$userdata["id"]);
$req = Sql_Query("select name,description from $tables[list],$tables[listuser] where $tables[listuser].userid = ".$userdata["id"] ." and $tables[listuser].listid = $tables[list].id");
if (!Sql_Affected_Rows()) {
$lists = "\n * ".$GLOBALS["strNoLists"];
$html .= '<li>'.$GLOBALS["strNoLists"];
}
while ($row = Sql_fetch_array($req)) {
$lists .= "\n *".$row["name"];
$html .= '<li class="list">'.$row["name"].'<div class="listdescription">'.stripslashes($row["description"]).'</div></li>';
}
$html .= '</ul>';
$spage = $userdata["subscribepage"];
$confirmationmessage = ereg_replace('\[LISTS\]', $lists, getUserConfig("confirmationmessage:$spage",$userdata["id"]));
if (!TEST) {
sendMail($userdata["email"], getConfig("confirmationsubject:$spage"), $confirmationmessage,system_messageheaders(),$envelope);
sendAdminCopy("List confirmation",$userdata["email"] . " has confirmed their subscription");
}
$info = $GLOBALS["strConfirmInfo"];
} else {
$html .= 'Error: '.$GLOBALS["strUserNotFound"];
$info = $GLOBALS["strConfirmFailInfo"];
}
$data = PageData($id);
$res = '<title>'.$GLOBALS["strConfirmTitle"].'</title>';
$res .= $data["header"];
$res .= '<h1>'.$info.'</h1>';
$res .= $html;
$res .= "<P>".$GLOBALS["PoweredBy"].'</p>';
$res .= $data["footer"];
return $res;
}
