1<?php
2
3require_once 'accesscheck.php';
4
5if (!empty($_GET['id'])) {
6    $id = sprintf('%d', $_GET['id']);
7} else {
8    $id = 0;
9}
10
11if ( !isSuperUser()) {
12    $access = accessLevel('editlist');
13    switch ($access) {
14        case 'owner':
15            $subselect = ' where owner = '.$_SESSION['logindetails']['id'];
16            $subselect_and = ' and owner = '.$_SESSION['logindetails']['id'];
17            if ($id) {
18                Sql_Query('select id from '.$GLOBALS['tables']['list'].$subselect." and id = $id");
19                if (!Sql_Affected_Rows()) {
20                    Error(s('You do not have enough privileges to view this page'));
21
22                    return;
23                }
24            } else {
25                $numlists = Sql_Fetch_Row_query("select count(*) from {$GLOBALS['tables']['list']} $subselect");
26                if (!($numlists[0] < MAXLIST)) {
27                    Error(s('You cannot create a new list because you have reached maximum number of lists.'));
28
29                    return;
30                }
31            }
32            break;
33        case 'all':
34            $subselect = '';
35            $subselect_and = '';
36            break;
37        case 'none':
38        default:
39            $subselect_and = ' and owner = -1';
40            if ($id) {
41                Fatal_Error(s('You do not have enough privileges to view this page'));
42
43                return;
44            }
45            $subselect = ' where id = 0';
46            break;
47    }
48}
49
50if ($id) {
51    echo '<br />'.PageLinkButton('members', s('Members of this list'), "id=$id");
52}
53
54if (!empty($_POST['addnewlist']) && !empty($_POST['listname'])) {
55    if (!isSuperUser()) {
56        $owner = $_SESSION['logindetails']['id'];
57    }
58    if (!isset($_POST['active'])) {
59        $_POST['active'] = listUsedInSubscribePage($id);
60    }
61    //# prefix isn't used any more
62    $_POST['prefix'] = '';
63
64    $categories = listCategories();
65    if (isset($_POST['category']) && in_array($_POST['category'], $categories)) {
66        $category = $_POST['category'];
67    } else {
68        $category = '';
69    }
70
71    if ($id) {
72        $query = sprintf('update %s set name="%s",description="%s",category="%s",
73    active=%d,listorder=%d,prefix = "%s", owner = %d
74    where id=%d', $GLOBALS['tables']['list'], sql_escape(cleanListName($_POST['listname'])),
75            sql_escape($_POST['description']), sql_escape($category), $_POST['active'], $_POST['listorder'],
76            $_POST['prefix'], $_POST['owner'], $id);
77    } else {
78        $query = sprintf('insert into %s
79      (name,description,entered,listorder,owner,prefix,active,category)
80      values("%s","%s",now(),%d,%d,"%s",%d,"%s")',
81            $GLOBALS['tables']['list'], sql_escape(cleanListName($_POST['listname'])), sql_escape($_POST['description']),
82            $_POST['listorder'], $_POST['owner'], sql_escape($_POST['prefix']), $_POST['active'],
83            sql_escape($category));
84    }
85//  print $query;
86    $result = Sql_Query($query);
87    if (!$id) {
88        $id = sql_insert_id();
89
90        $_SESSION['action_result'] = s('New list added').": $id";
91        $_SESSION['newlistid'] = $id;
92    } else {
93        $_SESSION['action_result'] = s('Changes saved');
94    }
95    //# allow plugins to save their fields
96    foreach ($GLOBALS['plugins'] as $plugin) {
97        $result = $result && $plugin->processEditList($id);
98    }
99    echo '<div class="actionresult">'.$_SESSION['action_result'].'</div>';
100    if ($_GET['page'] == 'editlist') {
101        echo '<div class="actions">'.PageLinkButton('importsimple&amp;list='.$id,
102                s('Add some subscribers')).' '.PageLinkButton('editlist', s('Add another list')).'</div>';
103    }
104    unset($_SESSION['action_result']);
105
106    return;
107    //# doing this, the action result disappears, which we don't want
108    Redirect('list');
109}
110
111if (!empty($id)) {
112    $result = Sql_Query('SELECT * FROM '.$GLOBALS['tables']['list']." where id = $id");
113    $list = Sql_Fetch_Array($result);
114} else {
115    $list = array(
116        'name' => '',
117//    'rssfeed' => '',  //Obsolete by rssmanager plugin
118        'active'      => 0,
119        'listorder'   => 0,
120        'description' => '',
121    );
122}
123
124
125
126$deletebutton = new ConfirmButton(
127    s('Are you sure you want to delete this list?').'\n'.s('This will NOT remove the subscribers that are on this list.').'\n'.s('You can reconnect subscribers to lists on the Reconcile Subscribers page.'),
128    PageURL2('list&delete='.$id),
129    s('delete this list'));
130if (empty($list['category'])) {
131    $list['category'] = '';
132}
133@ob_end_flush();
134
135?>
136
137<?php echo formStart(' class="editlistSave" ') ?>
138<?php if ($id): ?>
139    <div class="label"><label><?php echo s('List ID'); ?>:</label><?php echo $id ?></div>
140<?php endif;?>
141<div class="label"><label for="listname"><?php echo s('List name'); ?>:</label></div>
142<div class="field"><input type="text" name="listname"
143                          value="<?php echo htmlspecialchars(stripslashes($list['name'])) ?>"/></div>
144
145<div class="field"><input type="checkbox" name="active" value="1"
146        <?php
147
148        echo !empty($list['active']) ? 'checked="checked"' : '';
149        if (listUsedInSubscribePage($id)) {
150            echo ' disabled="disabled" ';
151        }
152
153        ?> /><label for="active"><?php echo s('Public list (listed on the frontend)'); ?></label>
154</div>
155<div class="label"><label for="listorder"><?php echo s('Order for listing'); ?></label></div>
156<div class="field"><input type="text" name="listorder" value="<?php echo $list['listorder'] ?>" class="listorder"/>
157</div>
158<?php if (accessLevel('editlist') == 'all') {
159    if (empty($list['owner'])) {
160        $list['owner'] = $_SESSION['logindetails']['id'];
161    }
162    $admins = $GLOBALS['admin_auth']->listAdmins();
163    if (count($admins) > 1) {
164        echo '<div class="label"><label for="owner">'.s('Owner').'</label></div><div class="field"><select name="owner">';
165        foreach ($admins as $adminid => $adminname) {
166            printf('    <option value="%d" %s>%s</option>', $adminid,
167                $adminid == $list['owner'] ? 'selected="selected"' : '', htmlentities($adminname));
168        }
169        echo '</select></div>';
170    } else {
171        echo '<input type="hidden" name="owner" value="'.$_SESSION['logindetails']['id'].'" />';
172    }
173} else {
174    echo '<input type="hidden" name="owner" value="'.$_SESSION['logindetails']['id'].'" />';
175}
176
177$aListCategories = listCategories();
178if (count($aListCategories)) {
179    echo '<div class="label"><label for="category">'.s('Category').'</label></div>';
180    echo '<div class="field"><select name="category">';
181    echo '<option value="">-- '.s('choose category').'</option>';
182    foreach ($aListCategories as $category) {
183        $category = trim($category);
184        printf('<option value="%s" %s>%s</option>', $category,
185            $category == $list['category'] ? 'selected="selected"' : '', $category);
186    }
187    echo '</select></div>';
188}
189
190//## allow plugins to add rows
191foreach ($GLOBALS['plugins'] as $plugin) {
192    echo $plugin->displayEditList($list);
193}
194
195?>
196    <label for="description"><?php echo s('List Description'); ?></label>
197    <div class="field"><textarea name="description" cols="35" rows="5">
198<?php echo htmlspecialchars(stripslashes($list['description'])) ?></textarea></div>
199    <input class="submit" type="submit" name="addnewlist" value="<?php echo s('Save'); ?>"/>
200    <?php echo PageLinkClass('list', s('Cancel'), '', 'button cancel',
201        s('Do not save, and go back to the lists'));
202    if($id!==0){
203        echo '<span class="delete">'.$deletebutton->show().'</span>';} ?>
204</form>
205