'."\n"; include $_SERVER["ConfigFile"]; } elseif (isset($_ENV["CONFIG"]) && is_file($_ENV["CONFIG"])) { # print ''."\n"; include $_ENV["CONFIG"]; } elseif (is_file("config/config.php")) { # print ''."\n"; include "config/config.php"; } else { print "Error, cannot find config file\n"; exit; } if (isset($GLOBALS["developer_email"])) { error_reporting(E_ALL); } else { error_reporting(0); } require_once dirname(__FILE__) .'/admin/commonlib/lib/magic_quotes.php'; require_once dirname(__FILE__).'/admin/init.php'; require_once dirname(__FILE__).'/admin/'.$GLOBALS["database_module"]; require_once dirname(__FILE__)."/texts/english.inc"; include_once dirname(__FILE__)."/texts/".$GLOBALS["language_module"]; require_once dirname(__FILE__)."/admin/defaultconfig.inc"; require_once dirname(__FILE__).'/admin/connect.php'; include_once dirname(__FILE__)."/admin/languages.php"; include_once dirname(__FILE__)."/admin/lib.php"; $I18N= new phplist_I18N(); if ($require_login || ASKFORPASSWORD) { # we need session info if an admin subscribes a user if (!empty($GLOBALS["SessionTableName"])) { require_once dirname(__FILE__).'/admin/sessionlib.php'; } @session_start(); # it may have been started already in languages } if (!isset($_POST) && isset($HTTP_POST_VARS)) { require "admin/commonlib/lib/oldphp_vars.php"; } /* We request you retain the inclusion of pagetop below. This will add invisible additional information to your public pages. This not only gives respect to the large amount of time given freely by the developers but also helps build interest, traffic and use of PHPlist, which is beneficial to it's future development. Michiel Dethmers, Tincan Ltd 2000,2004 */ include "admin/pagetop.php"; if (isset($_GET['id'])) { $id = sprintf('%d',$_GET['id']); } else { $id = 0; } if (isset($_GET['uid']) && $_GET["uid"]) { $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where uniqid = "%s"', $tables["user"],$_GET["uid"])); $id = $req[0]; $userid = $req[1]; $userpassword = $req[2]; $emailcheck = $req[3]; } elseif (isset($_GET["email"])) { $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where email = "%s"', $tables["user"],$_GET["email"])); $id = $req[0]; $userid = $req[1]; $userpassword = $req[2]; $emailcheck = $req[3]; } elseif (isset($_REQUEST["unsubscribeemail"])) { $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where email = "%s"', $tables["user"],$_REQUEST["unsubscribeemail"])); $id = $req[0]; $userid = $req[1]; $userpassword = $req[2]; $emailcheck = $req[3]; /* } elseif ($_SESSION["userloggedin"] && $_SESSION["userid"]) { $req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where id = %d', $tables["user"],$_SESSION["userid"])); $id = $req[0]; $userid = $req[1]; $userpassword = $req[2]; $emailcheck = $req[3]; */ } else { $userid = ""; $userpassword = ""; $emailcheck = ""; } if (isset($_REQUEST['id']) && $_REQUEST["id"]){ $id = sprintf('%d',$_REQUEST["id"]); } # make sure the subscribe page still exists $req = Sql_fetch_row_query(sprintf('select id from %s where id = %d',$tables["subscribepage"],$id)); $id = $req[0]; $msg = ""; if (!empty($_POST["sendpersonallocation"])) { if (isset($_POST['email']) && $_POST["email"]) { $uid = Sql_Fetch_Row_Query(sprintf('select uniqid,email,id from %s where email = "%s"', $tables["user"],$_POST["email"])); if ($uid[0]) { sendMail ($uid[1],getConfig("personallocation_subject"),getUserConfig("personallocation_message",$uid[2]),system_messageheaders(),$GLOBALS["envelope"]); $msg = $GLOBALS["strPersonalLocationSent"]; addSubscriberStatistics('personal location sent',1); } else { $msg = $GLOBALS["strUserNotFound"]; } } } if (isset($_GET['p']) && $_GET["p"] == "subscribe") { $_SESSION["userloggedin"] = 0; $_SESSION["userdata"] = array(); } $login_required = (ASKFORPASSWORD && $userpassword && $_GET["p"] == "preferences") || (ASKFORPASSWORD && UNSUBSCRIBE_REQUIRES_PASSWORD && $userpassword && $_GET["p"] == "unsubscribe"); if ($login_required && empty($_SESSION["userloggedin"])) { $canlogin = 0; if (!empty($_POST["login"])) { if (empty($_POST["email"])) { $msg = $strEnterEmail; } elseif (empty($_POST["password"])) { $msg = $strEnterPassword; } else { if (ENCRYPTPASSWORD) { $canlogin = md5($_POST["password"]) == $userpassword && $_POST["email"] == $emailcheck; } else { $canlogin = $_POST["password"] == $userpassword && $_POST["email"] == $emailcheck; } } if (!$canlogin) { $msg = $strInvalidPassword; } else { loadUser($emailcheck); $_SESSION["userloggedin"] = $_SERVER["REMOTE_ADDR"]; } } elseif (!empty($_POST["forgotpassword"])) { if (!empty($_POST["email"]) && $_POST["email"] == $emailcheck) { sendMail ($emailcheck,$GLOBALS["strPasswordRemindSubject"],$GLOBALS["strPasswordRemindMessage"]." ".$userpassword,system_messageheaders()); $msg = $GLOBALS["strPasswordSent"]; } else { $msg = $strPasswordRemindInfo; } } elseif (isset($_SESSION["userdata"]["email"]["value"]) && $_SESSION["userdata"]["email"]["value"] == $emailcheck) { $canlogin = $_SESSION["userloggedin"]; $msg = $strEnterPassword; } } else { $canlogin = 1; } if (!$id) { # find the default one: $id = getConfig("defaultsubscribepage"); # fix the true/false issue if ($id == "true") $id = 1; if ($id == "false") $id = 0; if (!$id) { # pick a first $req = Sql_Fetch_row_Query(sprintf('select ID from %s where active',$tables["subscribepage"])); $id = $req[0]; } } if ($login_required && empty($_SESSION["userloggedin"]) && !$canlogin) { print LoginPage($id,$userid,$emailcheck,$msg); } elseif (isset($_GET['p']) && preg_match("/(\w+)/",$_GET["p"],$regs)) { if ($id) { switch ($_GET["p"]) { case "subscribe": require "admin/subscribelib2.php"; print SubscribePage($id); break; case "preferences": if (!isset($_GET["id"]) || !$_GET['id']) $_GET["id"] = $id; require "admin/subscribelib2.php"; if (!$userid) { # print "Userid not set".$_SESSION["userid"]; print sendPersonalLocationPage($id); } elseif (ASKFORPASSWORD && $userpassword && !$canlogin) { print LoginPage($id,$userid,$emailcheck); } else { print PreferencesPage($id,$userid); } break; case "forward": print ForwardPage($id); break; case "confirm": print ConfirmPage($id); break; case "unsubscribe": print UnsubscribePage($id); break; default: FileNotFound(); } } else { FileNotFound(); } } else { if ($id) $data = PageData($id); print ''.$GLOBALS["strSubscribeTitle"].''; print $data["header"]; $req = Sql_Query(sprintf('select * from %s where active',$tables["subscribepage"])); if (Sql_Affected_Rows()) { while ($row = Sql_Fetch_Array($req)) { $intro = Sql_Fetch_Row_Query(sprintf('select data from %s where id = %d and name = "intro"',$tables["subscribepage_data"],$row["id"])); print $intro[0]; printf('

%s

',$row["id"],$row["title"]); } } else { printf('

%s

',$strSubscribeTitle); } printf('

%s

',$strUnsubscribeTitle); print $PoweredBy; print $data["footer"]; } function LoginPage($id,$userid,$email = "",$msg = "") { $data = PageData($id); list($attributes,$attributedata) = PageAttributes($data); $html = ''.$GLOBALS["strLoginTitle"].''; $html .= $data["header"]; $html .= ''.$GLOBALS["strLoginInfo"].'
'; $html .= $msg; if (isset($_REQUEST["email"])) { $email = $_REQUEST["email"]; } if (!isset($_POST["password"])) { $_POST["password"] = ''; } $html .= formStart('name="loginform"'); $html .= ''; $html .= ''; $html .= ''; $html .= '
'.$GLOBALS["strEmail"].'
'.$GLOBALS["strPassword"].'
'; $html .= '

'; if (ENCRYPTPASSWORD) { $html .= sprintf('%s',getConfig("admin_address"),$GLOBALS["strForgotPassword"],$GLOBALS["strForgotPassword"]); } else { $html .= ''; } $html .= '

'.$GLOBALS["strUnsubscribe"].'

'; $html .= ''.$GLOBALS["PoweredBy"]; $html .= $data["footer"]; return $html; } function sendPersonalLocationPage($id) { $data = PageData($id); list($attributes,$attributedata) = PageAttributes($data); $html = ''.$GLOBALS["strPreferencesTitle"].''; $html .= $data["header"]; $html .= ''.$GLOBALS["strPreferencesTitle"].'
'; $html .= $GLOBALS["msg"]; if ($_REQUEST["email"]) { $email = $_REQUEST["email"]; } elseif ($_SESSION["userdata"]["email"]["value"]) { $email = $_SESSION["userdata"]["email"]["value"]; } $html .= $GLOBALS["strPersonalLocationInfo"]; $html .= formStart('name="form"'); $html .= ''; $html .= ''; $html .= '
'.$GLOBALS["strEmail"].'
'; $html .= '

'; $html .= '

'.$GLOBALS["strUnsubscribe"].'

'; $html .= ''.$GLOBALS["PoweredBy"]; $html .= $data["footer"]; return $html; } function preferencesPage($id,$userid) { $data = PageData($id); list($attributes,$attributedata) = PageAttributes($data); $selected_lists = explode(',',$data["lists"]); $html = ''.$GLOBALS["strPreferencesTitle"].''; $html .= $data["header"]; $html .= ''.$GLOBALS["strPreferencesInfo"].''; $html .= '
'.$GLOBALS["strRequired"].'
'.$GLOBALS["msg"].' '; $html .= formStart('name="subscribeform"'); $html .= ''; $html .= ListAttributes($attributes,$attributedata,$data["htmlchoice"],$userid,$data['emaildoubleentry']); $html .= '
'; if (ENABLE_RSS) { $html .= RssOptions($data,$userid); } $html .= ListAvailableLists($userid,$data["lists"]); if (isBlackListedID($userid)) { $html .= $GLOBALS["strYouAreBlacklisted"]; } $html .= '



'.$GLOBALS["strUnsubscribe"].'

'.$GLOBALS["PoweredBy"]; $html .= $data["footer"]; return $html; } function subscribePage($id) { $data = PageData($id); list($attributes,$attributedata) = PageAttributes($data); $selected_lists = explode(',',$data["lists"]); $html = ''.$GLOBALS["strSubscribeTitle"].''; $html .= $data["header"]; $html .= $data["intro"]; $html .= '
'.$GLOBALS["strRequired"].'
'.$GLOBALS["msg"].' '; $html .= formStart('name="subscribeform"'); # @@@ update if (isset($_SESSION["adminloggedin"]) && $_SESSION["adminloggedin"]) { $html .= ''; $html .= '

You are logged in as administrator ('.$_SESSION["logindetails"]["adminname"].') of this phplist system

'; $html .= '

You are therefore offered the following choice, which your users will not see when they load this page.

'; $html .= '

Please choose:
Make this user confirmed immediately
Send this user a request for confirmation email

'; } $html .= ''; $html .= ListAttributes($attributes,$attributedata,$data["htmlchoice"],0,$data['emaildoubleentry']); $html .= '
'; if (ENABLE_RSS) { $html .= RssOptions($data); } $html .= ListAvailableLists("",$data["lists"]); $html .= '



'.$GLOBALS["strUnsubscribe"].'

'.$GLOBALS["PoweredBy"]; $html .= $data["footer"]; return $html; } function confirmPage($id) { global $tables,$envelope; if (!$_GET["uid"]) { FileNotFound(); } $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"".$_GET["uid"]."\""); $userdata = Sql_Fetch_Array($req); if ($userdata["id"]) { $blacklisted = isBlackListed($userdata["email"]); $html = ''; if ($blacklisted) { unBlackList($userdata['id']); addUserHistory($userdata["email"],"Confirmation","User removed from Blacklist for manual confirmation of subscription"); } addUserHistory($userdata["email"],"Confirmation","Lists: $lists"); $spage = $userdata["subscribepage"]; $confirmationmessage = ereg_replace('\[LISTS\]', $lists, getUserConfig("confirmationmessage:$spage",$userdata["id"])); if (!TEST) { sendMail($userdata["email"], getConfig("confirmationsubject:$spage"), $confirmationmessage,system_messageheaders(),$envelope); $adminmessage = $userdata["email"] . " has confirmed their subscription"; if ($blacklisted) { $adminmessage .= "\nUser has been removed from blacklist"; } sendAdminCopy("List confirmation",$adminmessage); addSubscriberStatistics('confirmation',1); } $info = $GLOBALS["strConfirmInfo"]; } else { logEvent("Request for confirmation for invalid user ID: ".substr($_GET["uid"],0,150)); $html .= 'Error: '.$GLOBALS["strUserNotFound"]; $info = $GLOBALS["strConfirmFailInfo"]; } $data = PageData($id); $res = ''.$GLOBALS["strConfirmTitle"].''; $res .= $data["header"]; $res .= '

'.$info.'

'; $res .= $html; $res .= "

".$GLOBALS["PoweredBy"].'

'; $res .= $data["footer"]; return $res; } function unsubscribePage($id) { $pagedata = pageData($id); global $tables; $res = $pagedata["header"]; $res .= ''.$GLOBALS["strUnsubscribeTitle"].''; if (isset($_GET["uid"])) { $req = Sql_Query("select * from $tables[user] where uniqid = \"".$_GET["uid"]."\""); $userdata = Sql_Fetch_Array($req); $email = $userdata["email"]; if (UNSUBSCRIBE_JUMPOFF) { $_POST["unsubscribe"] = 1; $_POST["email"] = $email; $_POST["unsubscribereason"] = '"Jump off" set, reason not requested'; } } if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) { if (isset($_POST["email"])) { $email = trim($_POST["email"]); } else { $email = $_POST["unsubscribeemail"]; } $query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"$email\""); $userid = $query[0]; $email = $query[1]; if (!$userid) { $res .= 'Error: '.$GLOBALS["strUserNotFound"]; logEvent("Request to unsubscribe non-existent user: ".substr($_POST["email"],0,150)); } else { $result = Sql_query("delete from {$tables["listuser"]} where userid = \"$userid\""); $lists = " * ".$GLOBALS["strAllMailinglists"]."\n"; # add user to blacklist addUserToBlacklist($email,$_POST['unsubscribereason']); addUserHistory($email,"Unsubscription","Unsubscribed from $lists"); $unsubscribemessage = ereg_replace("\[LISTS\]", $lists,getUserConfig("unsubscribemessage",$userid)); sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email)); $reason = $_POST["unsubscribereason"] ? "Reason given:\n".stripslashes($_POST["unsubscribereason"]):"No Reason given"; sendAdminCopy("List unsubscription",$email . " has unsubscribed\n$reason"); addSubscriberStatistics('unsubscription',1); } if ($userid) $res .= '

'.$GLOBALS["strUnsubscribeDone"] ."

"; $res .= $GLOBALS["PoweredBy"].'

'; $res .= $pagedata["footer"]; return $res; } elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) { $msg = ''.$GLOBALS["strEnterEmail"]."
"; } elseif (!empty($_GET["email"])) { $email = trim($_GET["email"]); } else { if (isset($_REQUEST["email"])) { $email = $_REQUEST["email"]; } elseif (isset($_REQUEST['unsubscribeemail'])) { $email = $_REQUEST['unsubscribeemail']; } elseif (!isset($email)) { $email = ''; } } if (!isset($msg)) { $msg = ''; } $res .= ''. $GLOBALS["strUnsubscribeInfo"].'
'. $msg.formStart(); $res .= '
'.$GLOBALS["strEnterEmail"].':
'; if (!$email) { $res .= "\n"; $res .= $GLOBALS["PoweredBy"]; $res .= $pagedata["footer"]; return $res; } $current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash, user.password as password FROM $tables[list] as list,$tables[listuser] as listuser,$tables[user] as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"$email\""); $some = $current["listid"]; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current["userhash"]; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS["strUnsubscribeFinalInfo"]; $pref_url = getConfig("preferencesurl"); $sep = ereg('\?',$pref_url)?'&':'?'; $finaltext = eregi_replace('\[preferencesurl\]',$pref_url.$sep.'uid='.$hash,$finaltext); if (!$some) { $res .= "".$GLOBALS["strNoListsFound"].""; $res .= '

'; } else { list($r,$c) = explode(",",getConfig("textarea_dimensions")); if (!$r) $r = 5; if (!$c) $c = 65; $res .= $GLOBALS["strUnsubscribeRequestForReason"]; $res .= sprintf('
',$c,$r).' '.$finaltext.'

'; } $res .= '

'.$GLOBALS["PoweredBy"].'

'; $res .= $pagedata["footer"]; return $res; } function forwardPage($id) { global $tables,$envelope; $html = ''; $subtitle = ''; if (!isset($_GET["uid"]) || !$_GET['uid']) FileNotFound(); $forwardemail = ''; if (isset($_GET['email'])) { $forwardemail = $_GET['email']; } $mid = 0; if (isset($_GET['mid'])) { $mid = sprintf('%d',$_GET['mid']); $req = Sql_Query(sprintf('select * from %s where id = %d',$tables["message"],$mid)); $messagedata = Sql_Fetch_Array($req); $mid = $messagedata['id']; if ($mid) { $subtitle = $GLOBALS['strForwardSubtitle'].' '.stripslashes($messagedata['subject']); } } $req = Sql_Query("select * from {$tables["user"]} where uniqid = \"".$_GET["uid"]."\""); $userdata = Sql_Fetch_Array($req); $req = Sql_Query(sprintf('select * from %s where email = "%s"',$tables["user"],$forwardemail)); $forwarduserdata = Sql_Fetch_Array($req); if ($userdata["id"] && $mid) { if (!is_email($forwardemail)) { $info = $GLOBALS['strForwardEnterEmail']; $html .= '
'; $html .= sprintf('',$mid); $html .= sprintf('',$id); $html .= sprintf('',$userdata['uniqid']); $html .= sprintf(''); $html .= sprintf('',$forwardemail); $html .= sprintf('
',$GLOBALS['strContinue']); } else { # check whether the email to forward exists and whether they have received the message if ($forwarduserdata['id']) { $sent = Sql_Fetch_Row_Query(sprintf('select entered from %s where userid = %d and messageid = %d', $tables['usermessage'],$forwarduserdata['id'],$mid)); # however even if that's the case, we don't want to reveal this information } $done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d', $tables['user_message_forward'],$forwardemail,$mid)); if ($done['status'] === 'sent') { $info = $GLOBALS['strForwardAlreadyDone']; } else { if (!TEST) { # forward the message require 'admin/sendemaillib.php'; # sendEmail will take care of blacklisting if (sendEmail($mid,$forwardemail,'forwarded',$userdata['htmlemail'],array(),$userdata)) { $info = $GLOBALS["strForwardSuccessInfo"]; sendAdminCopy("Message Forwarded",$userdata["email"] . " has forwarded a message $mid to $forwardemail"); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","sent",now())', $tables['user_message_forward'],$userdata['id'],$mid,$forwardemail)); } else { $info = $GLOBALS["strForwardFailInfo"]; sendAdminCopy("Message Forwarded",$userdata["email"] . " tried forwarding a message $mid to $forwardemail but failed"); Sql_Query(sprintf('insert into %s (user,message,forward,status,time) values(%d,%d,"%s","failed",now())', $tables['user_message_forward'],$userdata['id'],$mid,$forwardemail)); } } } } } else { logEvent("Forward request from invalid user ID: ".substr($_GET["uid"],0,150)); $info = $GLOBALS["strForwardFailInfo"]; } $data = PageData($id); $res = ''.$GLOBALS["strForwardTitle"].''; $res .= $data["header"]; $res .= '

'.$subtitle.'

'; $res .= '

'.$info.'

'; $res .= $html; $res .= "

".$GLOBALS["PoweredBy"].'

'; $res .= $data["footer"]; return $res; } ?>