1<?php 2 3require_once dirname(__FILE__).'/accesscheck.php'; 4 5if (empty($id) && isset($_GET['id'])) { 6 $id = sprintf('%d', $_GET['id']); 7} elseif (!isset($id)) { 8 $id = 0; 9} 10 11if (!$id && $_GET['page'] != 'import1') { 12 Fatal_Error('Invalid call'); 13 exit; 14} 15require_once dirname(__FILE__).'/date.php'; 16$date = new Date(); 17 18//# Check if input is complete 19$allthere = 1; 20$subscribepagedata = PageData($id); 21if (isset($subscribepagedata['language_file']) && is_file(dirname(__FILE__).'/../texts/'.basename($subscribepagedata['language_file']))) { 22 @include_once dirname(__FILE__).'/../texts/'.basename($subscribepagedata['language_file']); 23} 24// Allow customisation per installation 25if (is_file($_SERVER['DOCUMENT_ROOT'].'/'.basename($GLOBALS['language_module']))) { 26 include_once $_SERVER['DOCUMENT_ROOT'].'/'.basename($GLOBALS['language_module']); 27} 28if (!empty($data['language_file']) && is_file($_SERVER['DOCUMENT_ROOT'].'/'.basename($data['language_file']))) { 29 include_once $_SERVER['DOCUMENT_ROOT'].'/'.basename($data['language_file']); 30} 31 32$required = array(); // id's of missing attribbutes ' 33if (count($subscribepagedata)) { 34 $attributes = explode('+', $subscribepagedata['attributes']); 35 foreach ($attributes as $attribute) { 36 if (isset($subscribepagedata[sprintf('attribute%03d', 37 $attribute)]) && $subscribepagedata[sprintf('attribute%03d', $attribute)] 38 ) { 39 list($dummy, $dummy2, $dummy3, $req) = explode('###', 40 $subscribepagedata[sprintf('attribute%03d', $attribute)]); 41 if ($req) { 42 array_push($required, $attribute); 43 } 44 } 45 } 46} else { 47 $req = Sql_Query(sprintf('select * from %s', $GLOBALS['tables']['attribute'])); 48 while ($row = Sql_Fetch_Array($req)) { 49 if ($row['required']) { 50 array_push($required, $row['id']); 51 } 52 } 53} 54 55if (count($required)) { 56 $required_ids = implode(',', $required); 57 // check if all required attributes have been entered; 58 if ($required_ids) { 59 $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ($required_ids)"); 60 $allthere = 1; 61 $missing = ''; 62 while ($row = Sql_Fetch_Array($res)) { 63 $fieldname = 'attribute'.$row['id']; 64 $thisonemissing = 0; 65 if ($row['type'] != 'hidden') { 66 $thisonemissing = empty($_POST[$fieldname]); 67 if ($thisonemissing) { 68 $missing .= $row['name'].', '; 69 } 70 $allthere = $allthere && !$thisonemissing; 71 } 72 } 73 $missing = substr($missing, 0, -2); 74 if ($allthere) { 75 $missing = ''; 76 } 77 } 78} else { 79 $missing = ''; 80} 81 82// If need to check for double entry of email address 83 84if (isset($subscribepagedata['emaildoubleentry']) && $subscribepagedata['emaildoubleentry'] == 'yes') { 85 if (!(isset($_POST['email']) && isset($_POST['emailconfirm']) && $_POST['email'] == $_POST['emailconfirm'])) { 86 $allthere = 0; 87 $missing = $GLOBALS['strEmailsNoMatch']; 88 } 89} 90 91// check if the lists should be displayed by category 92if (isset($subscribepagedata['showcategories']) && $subscribepagedata['showcategories'] == 'yes') { 93 $GLOBALS['showCat'] = true; 94} 95 96// anti spambot check 97if (!empty($_POST['VerificationCodeX'])) { 98 if (NOTIFY_SPAM) { 99 $msg = $GLOBALS['I18N']->get(' 100-------------------------------------------------------------------------------- 101 This is a notification of a possible spam attack to your phplist subscribe page. 102 The data submitted has been copied below, so you can check whether this was actually the case. 103 The submitted data has been converted into non-html characters, for security reasons. 104 If you want to stop receiving this message, set 105 106 define("NOTIFY_SPAM",0); 107 108 in your phplist config file. 109 110 This subscriber has NOT been added to the database. 111 If there is an error, you will need to add them manually. 112-------------------------------------------------------------------------------- '); 113 foreach ($_REQUEST as $key => $val) { 114 $msg .= "\n".'Form field: '.htmlentities($key)."\n".'================='."\nSubmitted value: ".htmlentities($val)."\n".'=============='."\n\n"; 115 } 116 foreach ($_SERVER as $key => $val) { 117 $msg .= "\n".'HTTP Server Data: '.htmlentities($key)."\n".'================='."\nValue: ".htmlentities($val)."\n".'=============='."\n\n"; 118 } 119 sendAdminCopy(s('phplist Spam blocked'), "\n".$msg); 120 } 121 unset($msg); 122 123 return; 124} 125$pluginErrors = array(); 126 127foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { 128 $pluginResult = $plugin->validateSubscriptionPage($subscribepagedata); 129 if (!empty($pluginResult)) { 130 $pluginErrors[] = $pluginResult; 131 $allthere = 0; 132 } 133} 134 135if (!isset($_POST['passwordreq'])) { 136 $_POST['passwordreq'] = ''; 137} 138if (!isset($_POST['password'])) { 139 $_POST['password'] = ''; 140} 141 142if ($allthere && ASKFORPASSWORD && ($_POST['passwordreq'] || $_POST['password'])) { 143 if (empty($_POST['password']) || $_POST['password'] !== $_POST['password_check']) { 144 $allthere = 0; 145 $missing = $GLOBALS['strPasswordsNoMatch']; 146 } 147 if ($_POST['email']) { 148 $curpwd = Sql_Fetch_Row_Query(sprintf('select password from %s where email = "%s"', 149 $GLOBALS['tables']['user'], sql_escape($_POST['email']))); 150 151 if ($curpwd[0] && $_POST['password'] !== $curpwd[0]) { 152 $missing = $GLOBALS['strInvalidPassword']; 153 } 154 } 155} 156 157if (isset($_POST['email']) && !empty($GLOBALS['check_for_host'])) { 158 list($username, $domaincheck) = explode('@', $_POST['email']); 159// $mxhosts = array(); 160// $validhost = getmxrr ($domaincheck,$mxhosts); 161 $validhost = checkdnsrr($domaincheck, 'MX') || checkdnsrr($domaincheck, 'A'); 162} else { 163 $validhost = 1; 164} 165 166$listsok = ((!ALLOW_NON_LIST_SUBSCRIBE && isset($_POST['list']) && is_array($_POST['list'])) || ALLOW_NON_LIST_SUBSCRIBE); 167 168if (isset($_POST['subscribe']) && is_email($_POST['email']) && $listsok && $allthere && $validhost) { 169 $history_entry = ''; 170 // make sure to save the correct data 171 if ($subscribepagedata['htmlchoice'] == 'checkfortext' && empty($_POST['textemail'])) { 172 $htmlemail = 1; 173 } else { 174 $htmlemail = !empty($_POST['htmlemail']); 175 } 176 177 // now check whether this user already exists. 178 $email = $_POST['email']; 179 if (preg_match("/(.*)\n/U", $email, $regs)) { 180 $email = $regs[1]; 181 } 182 $result = Sql_query(sprintf('select * from %s where email = "%s"', $GLOBALS['tables']['user'], sql_escape($email))); 183 if (!Sql_affected_rows()) { 184 // they do not exist, so add them 185 $query = sprintf('insert into %s (email,entered,uniqid,confirmed,htmlemail,subscribepage,uuid) values("%s",now(),"%s",0,%d,%d,"%s")', 186 $GLOBALS['tables']['user'], sql_escape($email), getUniqid(), $htmlemail, $id, (string) uuid::generate(4)); 187 $result = Sql_query($query); 188 $userid = Sql_Insert_Id(); 189 addSubscriberStatistics('total users', 1); 190 } else { 191 // they do exist, so update the existing record 192 // read the current values to compare changes 193 $old_data = Sql_fetch_array($result); 194 if (ASKFORPASSWORD && $old_data['password']) { 195 $encP = encryptPass($_POST['password']); 196 $canlogin = !empty($encP) && !empty($_POST['password']) && $encP == $old_data['password']; 197 // print $canlogin.' '.$_POST['password'].' '.$encP.' '. $old_data["password"]; 198 if (!$canlogin) { 199 $msg = '<p class="error">'.$GLOBALS['strUserExists'].'</p>'; 200 $msg .= '<p class="information">'.$GLOBALS['strUserExistsExplanationStart']. 201 sprintf('<a href="%s&email=%s">%s</a>', getConfig('preferencesurl'), $email, 202 $GLOBALS['strUserExistsExplanationLink']). 203 $GLOBALS['strUserExistsExplanationEnd'].'</p>'; 204 205 return; 206 } 207 } 208 209 // https://mantis.phplist.com/view.php?id=15557, disallow re-subscribing existing subscribers 210 if (!SILENT_RESUBSCRIBE) { 211 $msg = '<div class="error missing"><h4>'.$GLOBALS['strUserExistsResubscribe'].'</h4>'; 212 $msg .= '<p>'; 213 $msg .= sprintf($GLOBALS['strUserExistsResubscribeExplanation'], getConfig('preferencesurl')); 214 $msg .= '</p></div>'; 215 216 return; 217 } 218 219 $userid = $old_data['id']; 220 $old_data = array_merge($old_data, getUserAttributeValues('', $userid)); 221 $history_entry = ''; //http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&id='.$userid."\n\n"; 222 223 $query = sprintf('update %s set email = "%s",htmlemail = %d,subscribepage = %d where id = %d', 224 $GLOBALS['tables']['user'], addslashes($email), $htmlemail, $id, $userid); 225 $result = Sql_query($query); 226 } 227 228 if (ASKFORPASSWORD && $_POST['password']) { 229 $newpassword = encryptPass($_POST['password']); 230 // see whether is has changed 231 $curpwd = Sql_Fetch_Row_Query("select password from {$GLOBALS['tables']['user']} where id = $userid"); 232 if ($newpassword != $curpwd[0]) { 233 $storepassword = 'password = "'.$newpassword.'"'; 234 Sql_query("update {$GLOBALS['tables']['user']} set passwordchanged = now(),$storepassword where id = $userid"); 235 } else { 236 $storepassword = ''; 237 } 238 } else { 239 $storepassword = ''; 240 } 241 242 // subscribe to the lists 243 $lists = ''; 244 $subscriptions = array(); //# used to keep track of which admins to alert 245 246 if (isset($_POST['list']) && is_array($_POST['list'])) { 247 foreach ($_POST['list'] as $key => $val) { 248 if ($val == 'signup' && !isPrivateList($key)) { // make sure that the list is not private 249 $key = sprintf('%d', $key); 250 if (!empty($key)) { 251 $result = Sql_query(sprintf('replace into %s (userid,listid,entered) values(%d,%d,now())', 252 $GLOBALS['tables']['listuser'], $userid, $key)); 253 $lists .= "\n * ".listname($key); 254 $subscriptions[] = $key; 255 256 addSubscriberStatistics('subscribe', 1, $key); 257 } else { 258 //# hack attempt... 259 exit; 260 } 261 } 262 } 263 } 264 265 // remember the users attributes 266 // make sure to only remember the ones from this subscribe page 267 $history_entry .= 'Subscribe page: '.$id; 268 array_push($attributes, 0); 269 $attids = join_clean(',', $attributes); 270 if ($attids && $attids != '') { 271 $res = Sql_Query('select * from '.$GLOBALS['tables']['attribute']." where id in ($attids)"); 272 while ($row = Sql_Fetch_Array($res)) { 273 $fieldname = 'attribute'.$row['id']; 274 if (!array_key_exists($fieldname, $_POST)) { 275 continue; 276 } 277 $value = $_POST[$fieldname]; 278 // if ($value != "") { 279 if ($row['type'] == 'date') { 280 $value = $date->getDate($fieldname); 281 } elseif (is_array($value)) { 282 $newval = array(); 283 foreach ($value as $val) { 284 array_push($newval, sprintf('%0'.$checkboxgroup_storesize.'d', $val)); 285 } 286 $value = implode(',', $newval); 287 } elseif ($row['type'] != 'textarea') { 288 if (preg_match("/(.*)\n/U", $value, $regs)) { 289 $value = $regs[1]; 290 } 291 } 292 Sql_Query(sprintf('replace into %s (attributeid,userid,value) values("%s","%s","%s")', 293 $GLOBALS['tables']['user_attribute'], $row['id'], $userid, $value)); 294 $history_entry .= "\n".$row['name'].' = '.UserAttributeValue($userid, $row['id']); 295 // } 296 } 297 } 298 $information_changed = 0; 299 if (isset($old_data) && is_array($old_data)) { 300 $history_subject = 'Re-Subscription'; 301 // when they submit a new subscribe 302 $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], 303 $userid)); 304 $current_data = array_merge($current_data, getUserAttributeValues('', $userid)); 305 foreach ($current_data as $key => $val) { 306 if (!is_numeric($key)) { 307 if ($old_data[$key] != $val && $key != 'password' && $key != 'modified') { 308 $information_changed = 1; 309 $history_entry .= "\n$key = $val\n*changed* from $old_data[$key]"; 310 } 311 } 312 } 313 if (!$information_changed) { 314 $history_entry .= "\nNo user details changed"; 315 } 316 } else { 317 $history_subject = 'Subscription'; 318 } 319 320 $history_entry .= "\n\nList Membership: \n$lists\n"; 321 322 $subscribemessage = str_ireplace('[LISTS]', $lists, getUserConfig("subscribemessage:$id", $userid)); 323 324 $blacklisted = isBlackListed($email); 325 326 echo '<title>'.$GLOBALS['strSubscribeTitle'].'</title>'; 327 echo $subscribepagedata['header']; 328 329 if (isset($_SESSION['adminloggedin']) && $_SESSION['adminloggedin'] && !(isset($_GET['p']) && $_GET['p'] == 'asubscribe')) { 330 echo '<p class="information"><b>You are logged in as '.$_SESSION['logindetails']['adminname'].'</b></p>'; 331 echo '<p><a href="'.$adminpages.'" class="button">Back to the main admin page</a></p>'; 332 333 if ($_POST['makeconfirmed'] && !$blacklisted) { 334 $sendrequest = 0; 335 Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $GLOBALS['tables']['user'], $email)); 336 addUserHistory($email, $history_subject.' by '.$_SESSION['logindetails']['adminname'], $history_entry); 337 } elseif ($_POST['makeconfirmed']) { 338 echo '<p class="information">'.$GLOBALS['I18N']->get('Email is blacklisted, so request for confirmation has been sent.').'<br/>'; 339 echo $GLOBALS['I18N']->get('If user confirms subscription, they will be removed from the blacklist.').'</p>'; 340 341 $sendrequest = 1; 342 } else { 343 $sendrequest = 1; 344 } 345 } else { 346 $sendrequest = 1; 347 } 348 349 // personalise the thank you page 350 if ($subscribepagedata['thankyoupage']) { 351 $thankyoupage = $subscribepagedata['thankyoupage']; 352 } else { 353 $thankyoupage = '<h3>'.$strThanks.'</h3>'.'<p class="information">'.$strEmailConfirmation.'</p>'; 354 } 355 356 $thankyoupage = str_ireplace('[email]', $email, $thankyoupage); 357 358 $user_att = getUserAttributeValues($email); 359 360 if (count($user_att)) { 361 foreach ($user_att as $att_name => $att_value) { 362 $thankyoupage = str_ireplace('['.$att_name.']', $att_value, $thankyoupage); 363 } 364 } 365 366 if (is_array($GLOBALS['plugins'])) { 367 reset($GLOBALS['plugins']); 368 foreach ($GLOBALS['plugins'] as $name => $plugin) { 369 $thankyoupage = $plugin->parseThankyou($id, $userid, $thankyoupage); 370 } 371 } 372 373 if ($sendrequest && $listsok) { //is_array($_POST["list"])) { 374 if (RFC_DIRECT_DELIVERY) { 375 $ok = sendMailDirect($email, getConfig("subscribesubject:$id"), $subscribemessage, 376 system_messageheaders($email), $envelope, 1); 377 if (!$ok) { 378 echo '<h3>'.$strEmailFailed.'</h3>'; 379 echo '<p>'.$GLOBALS['smtpError'].'</p>'; 380 } else { 381 sendAdminCopy('Lists subscription', "\n".$email." has subscribed\n\n$history_entry", 382 $subscriptions); 383 addUserHistory($email, $history_subject, $history_entry); 384 echo $thankyoupage; 385 } 386 } elseif (sendMail($email, getConfig("subscribesubject:$id"), $subscribemessage, system_messageheaders($email), 387 $envelope, 1)) { 388 sendAdminCopy('Lists subscription', "\n".$email." has subscribed\n\n$history_entry", $subscriptions); 389 addUserHistory($email, $history_subject, $history_entry); 390 echo $thankyoupage; 391 } else { 392 echo '<h3>'.$strEmailFailed.'</h3>'; 393 if ($blacklisted) { 394 echo '<p class="information">'.$GLOBALS['strYouAreBlacklisted'].'</p>'; 395 } 396 } 397 } else { 398 echo $thankyoupage; 399 if ($_SESSION['adminloggedin']) { 400 echo '<p class="information">User has been added and confirmed</p>'; 401 } 402 } 403 404 echo '<p class="information">'.$PoweredBy.'</p>'; 405 echo $subscribepagedata['footer']; 406 // exit; 407 // Instead of exiting here, we return 2. So in lists/index.php 408 // We can decide, whether to show subscribe page or not. 409 //# issue 6508 410 return 2; 411} elseif (isset($_POST['update']) && $_POST['update'] && is_email($_POST['email']) && $allthere) { 412 $email = trim($_POST['email']); 413 if (preg_match("/(.*)\n/U", $email, $regs)) { 414 $email = $regs[1]; 415 } 416 if ($_GET['uid']) { 417 $req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"', 418 $GLOBALS['tables']['user'], $_GET['uid'])); 419 $userid = $req[0]; 420 } else { 421 // This could be abused and is not required 422 // $req = Sql_Fetch_Row_query("select id from {$GLOBALS['tables']['user']} where email = \"".sql_escape($_GET['email']).'"'); 423 // $userid = $req[0]; 424 $userid = false; 425 } 426 if (!$userid) { 427 Fatal_Error('Error, no such user'); 428 } 429 // update the existing record, check whether the email has changed 430 $req = Sql_Query("select * from {$GLOBALS['tables']['user']} where id = $userid"); 431 $data = Sql_fetch_array($req); 432 433 // check that the password was provided if required 434 // we only require a password if there is one, otherwise people are blocked out 435 // when switching to requiring passwords 436 if (ASKFORPASSWORD && $data['password']) { 437 // they need to be "logged in" for this 438 if (empty($_SESSION['userloggedin'])) { 439 Fatal_Error('Access Denied'); 440 exit; 441 } 442 $checkpassword = ''; 443 $allow = 0; 444 // either they have to give the current password, or given two new ones 445 if (ENCRYPTPASSWORD) { 446 $checkpassword = encryptPass($_POST['password']); 447 } else { 448 $checkpassword = sprintf('%s', $_POST['password']); 449 } 450 if (!empty($_POST['password_check'])) { 451 $allow = $_POST['password_check'] == $_POST['password'] && !empty($_POST['password']); 452 } else { 453 $allow = (!empty($_POST['password']) && $data['password'] == $checkpassword) || empty($_POST['password']); 454 } 455 456 if (!$allow) { 457 // @@@ this check should be done above, so the error can be embedded in the template 458 echo $GLOBALS['strPasswordsNoMatch']; 459 exit; 460 } 461 } 462 463 // check whether they are changing to an email that already exists, should not be possible 464 $req = Sql_Query("select uniqid from {$GLOBALS['tables']['user']} where email = \"$email\""); 465 if (Sql_Affected_Rows()) { 466 $row = Sql_Fetch_Row($req); 467 if ($row[0] != $_GET['uid']) { 468 Fatal_Error('Cannot change to that email address. 469 <br/>This email already exists. 470 <br/>Please use the preferences URL for this email to make updates. 471 <br/>Click <a href="' .getConfig('preferencesurl')."&email=$email\">here</a> to request your personal location"); 472 exit; 473 } 474 } 475 // read the current values to compare changes 476 $old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], $userid)); 477 $old_data = array_merge($old_data, getUserAttributeValues('', $userid)); 478 $history_entry = ''; //'http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&id='.$userid."\n\n"; 479 480 if (ASKFORPASSWORD && $_POST['password']) { 481 if (ENCRYPTPASSWORD) { 482 $newpassword = encryptPass($_POST['password']); 483 } else { 484 $newpassword = sprintf('%s', $_POST['password']); 485 } 486 // see whether is has changed 487 $curpwd = Sql_Fetch_Row_Query("select password from {$GLOBALS['tables']['user']} where id = $userid"); 488 if ($_POST['password'] != $curpwd[0]) { 489 $storepassword = 'password = "'.$newpassword.'",'; 490 Sql_query("update {$GLOBALS['tables']['user']} set passwordchanged = now() where id = $userid"); 491 $history_entry .= "\nUser has changed their password\n"; 492 addSubscriberStatistics('password change', 1); 493 } else { 494 $storepassword = ''; 495 } 496 } else { 497 $storepassword = ''; 498 } 499 500 // We want all these to be set, albeit to empty string 501 foreach (array('htmlemail') as $sUnsubscribeFormVar) { 502 if (!isset($_POST[$sUnsubscribeFormVar])) { 503 $_POST[$sUnsubscribeFormVar] = ''; 504 } 505 } 506 507 $query = sprintf('update %s set email = "%s", %s htmlemail = %d where id = %d', 508 $GLOBALS['tables']['user'], sql_escape($_POST['email']), $storepassword, $_POST['htmlemail'], $userid); 509 //print $query; 510 $result = Sql_query($query); 511 if (strtolower($data['email']) != strtolower($email)) { 512 $emailchanged = 1; 513 Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $GLOBALS['tables']['user'], $userid)); 514 } 515 516 // subscribe to the lists 517 // first take them off the ones, then re-subscribe 518 if ($subscribepagedata['lists']) { 519 $subscribepagedata['lists'] = preg_replace("/^\,/", '', $subscribepagedata['lists']); 520 Sql_query(sprintf('delete from %s where userid = %d and listid in (%s)', $GLOBALS['tables']['listuser'], 521 $userid, $subscribepagedata['lists'])); 522 $liststat = explode(',', $subscribepagedata['lists']); 523 } else { 524 Sql_query(sprintf('delete from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid)); 525 } 526 527 $lists = ''; 528 if (is_array($_POST['list'])) { 529 foreach ($_POST['list'] as $key => $val) { 530 if ($val == 'signup' && !isPrivateList($key)) { 531 $result = Sql_query(sprintf('replace into %s (userid,listid,entered) values(%d,%d,now())',$GLOBALS['tables']['listuser'],$userid,$key)); 532// $lists .= " * ".$_POST["listname"][$key]."\n"; 533 } 534 } 535 } 536 // check list membership 537 $subscriptions = array(); 538 $req = Sql_Query(sprintf('select * from %s listuser,%s list where listuser.userid = %d and listuser.listid = list.id and list.active', 539 $GLOBALS['tables']['listuser'], $GLOBALS['tables']['list'], $userid)); 540 while ($row = Sql_Fetch_Array($req)) { 541 $lists .= ' * '.listName($row['listid'])."\n"; 542 array_push($subscriptions, $row['listid']); 543 } 544 545 if ($lists == '') { 546 $lists = 'No Lists'; 547 } 548 if ($lists == '') { 549 $lists = 'No Lists'; 550 } 551 552 // We want all these to be set, albeit to empty string 553 foreach (array('datachange', 'htmlemail', 'information_changed', 'emailchanged') as $sUnsubscribeVar) { 554 if (!isset(${$sUnsubscribeVar})) { 555 ${$sUnsubscribeVar} = ''; 556 } 557 } 558 559 $datachange .= "$strEmail : ".$email."\n"; 560 if ($subscribepagedata['htmlchoice'] != 'textonly' 561 && $subscribepagedata['htmlchoice'] != 'htmlonly' 562 ) { 563 $datachange .= "$strSendHTML : "; 564 $datachange .= $_POST['htmlemail'] ? "$strYes\n" : "$strNo\n"; 565 } 566 567 // remember the users attributes 568 $attids = join_clean(',', $attributes); 569 if ($attids && $attids != '') { 570 $res = Sql_Query('select * from '.$GLOBALS['tables']['attribute']." where id in ($attids)"); 571 while ($attribute = Sql_Fetch_Array($res)) { 572 $fieldname = 'attribute'.$attribute['id']; 573 if (isset($_POST[$fieldname])) { 574 $value = $_POST[$fieldname]; //# is being sanitised below, depending on attribute type 575 } else { 576 $value = ''; 577 } 578 $replace = 1; //isset($_POST[$fieldname]); 579 if ($attribute['type'] == 'date') { 580 $value = $date->getDate($fieldname); 581 } elseif (is_array($value)) { 582 $values = array(); 583 foreach ($value as $val) { 584 array_push($values, sprintf('%0'.$checkboxgroup_storesize.'d', $val)); 585 } 586 $value = implode(',', $values); 587 } elseif ($attribute['type'] != 'textarea') { 588 if (preg_match("/(.*)\n/U", $value, $regs)) { 589 $value = $regs[1]; 590 } 591 } 592 if ($replace) { 593 Sql_query(sprintf('replace into %s (attributeid,userid,value) values("%s","%s","%s")', 594 $GLOBALS['tables']['user_attribute'], $attribute['id'], $userid, $value)); 595 if ($attribute['type'] != 'hidden') { 596 $datachange .= strip_tags($attribute['name']).' : '; 597 if ($attribute['type'] == 'checkbox') { 598 $datachange .= $value ? $strYes : $strNo; 599 } elseif ($attribute['type'] != 'date' && $attribute['type'] != 'textline' && $attribute['type'] != 'textarea') { 600 $datachange .= AttributeValue($attribute['tablename'], $value); 601 } else { 602 $datachange .= stripslashes($value); 603 } 604 $datachange .= "\n"; 605 } 606 } 607 } 608 } 609 $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], 610 $userid)); 611 $current_data = array_merge($current_data, getUserAttributeValues('', $userid)); 612 foreach ($current_data as $key => $val) { 613 if (!is_numeric($key)) { 614 if ($old_data[$key] != $val && $key != 'password' && $key != 'modified') { 615 $information_changed = 1; 616 $history_entry .= "$key = $val\n*changed* from $old_data[$key]\n"; 617 } 618 } 619 } 620 if (!$information_changed) { 621 $history_entry .= "\nNo user system details changed"; 622 } 623 $history_entry .= "\n\nList Membership: \n$lists\n"; 624 625 $message = str_replace('[LISTS]', $lists, getUserConfig('updatemessage', $userid)); 626 $message = str_replace('[USERDATA]', $datachange, $message); 627 if ($emailchanged) { 628 $newaddressmessage = str_replace('[CONFIRMATIONINFO]', getUserConfig('emailchanged_text', $userid), $message); 629 $oldaddressmessage = str_replace('[CONFIRMATIONINFO]', getUserConfig('emailchanged_text_oldaddress', $userid), 630 $message); 631 } else { 632 $message = str_replace('[CONFIRMATIONINFO]', '', $message); 633 } 634 635 echo '<title>'.$GLOBALS['strPreferencesTitle'].'</title>'; 636 echo $subscribepagedata['header']; 637 if (!TEST) { 638 if ($emailchanged) { 639 if (sendMail($data['email'], getConfig('updatesubject'), $oldaddressmessage, system_messageheaders($email), 640 $envelope) && 641 sendMail($email, getConfig('updatesubject'), $newaddressmessage, system_messageheaders($email), 642 $envelope) 643 ) { 644 $ok = 1; 645 sendAdminCopy('Lists information changed', 646 "\n".$data['email']." has changed their information.\n\nThe email has changed to $email.\n\n$history_entry", 647 $subscriptions); 648 addUserHistory($email, 'Change', $history_entry); 649 } else { 650 $ok = 0; 651 } 652 } else { 653 if (sendMail($email, getConfig('updatesubject'), $message, system_messageheaders($email), $envelope)) { 654 $ok = 1; 655 sendAdminCopy('Lists information changed', 656 "\n".$data['email']." has changed their information\n\n$history_entry", $subscriptions); 657 addUserHistory($email, 'Change', $history_entry); 658 } else { 659 $ok = 0; 660 } 661 } 662 } else { 663 $ok = 1; 664 } 665 if ($ok) { 666 echo '<h3>'.$GLOBALS['strPreferencesUpdated'].'</h3>'; 667 if ($emailchanged) { 668 echo $strPreferencesEmailChanged; 669 } 670 echo '<br/>'; 671 if ($_GET['p'] == 'preferences') { 672 //0013134: turn off the confirmation email when an existing subscriber changes preference. 673 $ok = 1; 674 } else { 675 echo $strPreferencesNotificationSent; 676 } 677 } else { 678 $isThisBlacklisted = isBlackListed($email); 679 if ($isThisBlacklisted) { 680 echo '<p class="information">'.$GLOBALS['strYouAreBlacklisted'].'</p>'; 681 } else { 682 echo '<h3>'.$strEmailFailed.'</h3>'; 683 } 684 685 } 686 echo '<p class="information">'.$PoweredBy.'</p>'; 687 echo $subscribepagedata['footer']; 688 // exit; 689 // Instead of exiting here, we return 3. So in lists/index.php 690 // We can decide, whether to show preferences page or not. 691 //# mantis issue 6508 692 return 3; 693} 694 695if (isset($_POST['subscribe']) || isset($_POST['update'])) { 696 $format = '<div class="error missing">%s</div>'."\n"; 697 $msg = ''; 698 699 if (!is_email($_POST['email'])) { 700 $msg .= sprintf($format, $strEnterEmail); 701 } 702 if (!$validhost) { 703 $msg .= sprintf($format, $strInvalidHostInEmail); 704 } 705 if ($missing) { 706 $msg .= sprintf($format, "$strValuesMissing: $missing"); 707 } 708 if (!isset($_POST['list']) && !ALLOW_NON_LIST_SUBSCRIBE) { 709 $msg .= sprintf($format, $strEnterList); 710 } 711 foreach ($pluginErrors as $pluginError) { 712 $msg .= sprintf($format, $pluginError); 713 } 714} 715 716/** 717 * @param int $userid 718 * @param string $lists_to_show 719 * @return string 720 */ 721function ListAvailableLists($userid = 0, $lists_to_show = '') 722{ 723 global $tables; 724 if (isset($_POST['list'])) { 725 $list = $_POST['list']; 726 } elseif (!isset($_POST["subscribe"]) && isset($_GET['list']) && preg_match("/^(\d+,)*\d+$/", $_GET['list'])) { 727 $list_value = "signup"; 728 $list_values = explode(",", $_GET["list"]); 729 $list = array_fill_keys($list_values, $list_value); 730 } else { 731 $list = ''; 732 } 733 $subselect = ''; 734 $listset = array(); 735 $subscribed = array(); 736 737 $showlists = explode(',', $lists_to_show); 738 if (PREFERENCEPAGE_SHOW_PRIVATE_LISTS && !empty($userid)) { 739 //# merge with the subscribed lists, regardless of public state 740 $req = Sql_Query(sprintf('select listid from %s where userid = %d', $tables['listuser'], $userid)); 741 while ($row = Sql_Fetch_Row($req)) { 742 $subscribed[] = $row[0]; 743 } 744 $showlists = array_unique(array_merge($showlists, $subscribed)); 745 } 746 747 748 foreach ($showlists as $listid) { 749 if (preg_match("/^\d+$/", $listid) && !isPrivateList($listid)) { 750 array_push($listset, $listid); 751 } 752 } 753 if (count($listset) >= 1) { 754 $subselect = 'where id in ('.implode(',', $listset).') '; 755 } 756 757 $some = 0; 758 759 760 if (isset($GLOBALS['showCat'])&& $GLOBALS['showCat']===true){ 761 $listspercategory = array(); 762 $categories = array(); 763 $catresult = Sql_query(sprintf('select * from %s %s order by category, listorder, name', 764 $GLOBALS['tables']['list'], $subselect)); 765 766 767 while ($row = Sql_fetch_array($catresult)) { 768 769 $listspercategory[] = array('id' => $row ['id'], 'name' => $row ['name'], 'description' => $row ['description'], 'active' => $row ['active'], 'category' => $row ['category']); 770 771 } 772 773 foreach ($listspercategory as $key => $value) { 774 775 if($value['active']) { 776 $categories[] = $value['category']; 777 } 778 } 779 $uniqueCat = array_unique($categories); 780 781 $html = '<div class="accordion allexpanded" >'; 782 foreach ($uniqueCat as $key) { 783 784 if ($key !== '') { 785 $displayedCat = $key; 786 } else $displayedCat = s('General'); 787 788 $html .= '<h3 ><a name="general" >' . $displayedCat . '</a></h3>'; 789 $html .= '<div>'; 790 $html .= '<ul class="list" id="listcategory">'; 791 $count = 0; 792 foreach ($listspercategory as $listelement) 793 if ($listelement['category'] === $key) { 794 if ($listelement['active'] || in_array($listelement['id'], $subscribed) ) { 795 796 $html .= '<li ><input type="checkbox" name="list[' . $listelement['id'] . ']" value="signup" '; 797 if (isset($list[$listelement['id']]) && $list[$listelement['id']] === 'signup') { 798 $html .= 'checked="checked"'; 799 } 800 if ($userid) { 801 $req = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and listid = %d', 802 $GLOBALS['tables']['listuser'], $userid, $listelement['id'])); 803 if (Sql_Affected_Rows()) { 804 $html .= 'checked="checked"'; 805 } 806 } 807 808 809 $html .= ' /><b>' . stripslashes($listelement['name']) . '</b><div class="listdescription">'; 810 $desc = nl2br(disableJavascript(stripslashes($listelement['description']))); 811 // $html .= '<input type="hidden" name="listname['.$row["id"] . ']" value="'.htmlspecialchars(stripslashes($row["name"])).'"/>'; 812 $html .= $desc . '</div></li>'; 813 ++$some; 814 if ($some == 1) { 815 $singlelisthtml = sprintf('<input type="hidden" name="list[%d]" value="signup" />', $listelement['id']); 816 $singlelisthtml .= '<input type="hidden" name="listname[' . $listelement['id'] . ']" value="' . htmlspecialchars(stripslashes($listelement['name'])) . '"/>'; 817 } 818 819 } 820 821 } $html .= '</ul>'; 822 823 $html .= '</div>'; 824 } 825 826 // end of row active 827 828 $html .= '</div>'; 829 830 } else { 831 832 $html = '<ul class="list">'; 833 $result = Sql_query("SELECT * FROM {$GLOBALS['tables']['list']} $subselect order by listorder, name"); 834 while ($row = Sql_fetch_array($result)) { 835 if ($row['active'] || in_array($row['id'], $subscribed)) { 836 // id required for label 837 $html .= '<li class="list"><input type="checkbox" name="list[' . $row['id'] . ']" id="list'.$row['id'].'" value="signup" '; 838 if (isset($list[$row['id']]) && $list[$row['id']] == 'signup') { 839 $html .= 'checked="checked"'; 840 } 841 if ($userid) { 842 $req = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and listid = %d', 843 $GLOBALS['tables']['listuser'], $userid, $row['id'])); 844 if (Sql_Affected_Rows()) { 845 $html .= 'checked="checked"'; 846 } 847 } 848 $html .= " /> <label for=\"list$row[id]\"><b>".stripslashes($row['name']).'</b></label><div class="listdescription">'; 849 $desc = nl2br(disableJavascript(stripslashes($row['description']))); 850 // $html .= '<input type="hidden" name="listname['.$row["id"] . ']" value="'.htmlspecialchars(stripslashes($row["name"])).'"/>'; 851 $html .= $desc.'</div></li>'; 852 ++$some; 853 if ($some == 1) { 854 $singlelisthtml = sprintf('<input type="hidden" name="list[%d]" value="signup" />', $row['id']); 855 $singlelisthtml .= '<input type="hidden" name="listname['.$row['id'].']" value="'.htmlspecialchars(stripslashes($row['name'])).'"/>'; 856 } 857 858 } 859 } 860 $html .= '</ul>'; 861 862 } 863 864 $hidesinglelist = getConfig('hide_single_list'); 865 if (!$some) { 866 global $strNotAvailable; 867 868 return '<p class="information">'.$strNotAvailable.'</p>'; 869 } elseif ($some == 1 && ($hidesinglelist == 'true' || $hidesinglelist === true || $hidesinglelist === '1')) { 870 return $singlelisthtml; 871 } else { 872 global $strPleaseSelect; 873 874 return '<p class="information">'.$strPleaseSelect.':</p>'.$html; 875 } 876} 877 878function ListAttributes($attributes, $attributedata, $htmlchoice = 0, $userid = 0, $emaildoubleentry = 'no') 879{ 880 global $strPreferHTMLEmail, $strPreferTextEmail, 881 $strEmail, $tables, $table_prefix, $strPreferredFormat, $strText, $strHTML; 882 /* if (!sizeof($attributes)) { 883 return "No attributes have been defined for this page"; 884 } 885 */ 886 if ($userid) { 887 $data = array(); 888 $current = Sql_Fetch_array_Query("select * from {$GLOBALS['tables']['user']} where id = $userid"); 889 $datareq = Sql_Query("select * from {$GLOBALS['tables']['user_attribute']} where userid = $userid"); 890 while ($row = Sql_Fetch_Array($datareq)) { 891 $data[$row['attributeid']] = $row['value']; 892 } 893 894 $email = obfuscateEmailAddress($current['email']); 895 $htmlemail = $current['htmlemail']; 896 // override with posted info 897 foreach ($current as $key => $val) { 898 if (isset($_POST[$key]) && $key != 'password') { 899 $current[$key] = $val; 900 } 901 } 902 } else { 903 if (isset($_REQUEST['email'])) { 904 $email = stripslashes($_REQUEST['email']); 905 } else { 906 $email = ''; 907 } 908 if (isset($_POST['htmlemail'])) { 909 $htmlemail = $_POST['htmlemail']; 910 } elseif (!isset($_POST["subscribe"]) && isset($_GET['htmlemail']) && in_array($_GET['htmlemail'], [1,0])) { 911 $htmlemail = $_GET["htmlemail"]; 912 } 913 $data = array(); 914 $current = array(); 915 } 916 917 $textlinewidth = sprintf('%d', getConfig('textline_width')); 918 if (!$textlinewidth) { 919 $textlinewidth = 40; 920 } 921 list($textarearows, $textareacols) = explode(',', getConfig('textarea_dimensions')); 922 if (!$textarearows) { 923 $textarearows = 10; 924 } 925 if (!$textareacols) { 926 $textareacols = 40; 927 } 928 929 $html = ''; 930 if (!isset($_GET['page']) || (isset($_GET['page']) && $_GET['page'] != 'import1')) { 931 $html = sprintf(' 932 <tr><td><div class="required"><label for="email">%s *</label></div></td> 933 <td class="attributeinput"><input type=text name=email required="required" placeholder="%s" size="%d" id="email" /> 934 <script language="Javascript" type="text/javascript">addFieldToCheck("email","%s");</script></td></tr>', 935 $GLOBALS['strEmail'], htmlspecialchars($email), $textlinewidth, $GLOBALS['strEmail']); 936 } 937 938// BPM 12 May 2004 - Begin 939 if ($emaildoubleentry == 'yes') { 940 if (!isset($_REQUEST['emailconfirm'])) { 941 $_REQUEST['emailconfirm'] = ''; 942 } 943 $html .= sprintf(' 944 <tr><td><div class="required"><label for="confirm">%s *</label></div></td> 945 <td class="attributeinput"><input type=text name=emailconfirm required="required" value="%s" size="%d" id="confirm" /> 946 <script language="Javascript" type="text/javascript">addFieldToCheck("emailconfirm","%s");</script></td></tr>', 947 $GLOBALS['strConfirmEmail'], htmlspecialchars(stripslashes($_REQUEST['emailconfirm'])), $textlinewidth, 948 $GLOBALS['strConfirmEmail']); 949 } 950// BPM 12 May 2004 - Finish 951 952 if ((isset($_GET['page']) && $_GET['page'] != 'import1') || !isset($_GET['page'])) { 953 if (ASKFORPASSWORD) { 954 // we only require a password if there isnt one, so they can set it 955 // otherwise they can keep the existing, if they do not enter anything 956 if (!isset($current['password']) || !$current['password']) { 957 $pwdclass = 'required'; 958 $js = sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("password","%s");</script>', 959 $GLOBALS['strPassword']); 960 $js2 = sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("password_check","%s");</script>', 961 $GLOBALS['strPassword2']); 962 $html .= '<input type="hidden" name="passwordreq" value="1" />'; 963 } else { 964 $pwdclass = 'attributename'; 965 $html .= '<input type="hidden" name="passwordreq" value="0" />'; 966 } 967 968 $html .= sprintf(' 969 <tr><td><div class="%s"><label for="pwd">%s</label></div></td> 970 <td class="attributeinput"><input type=password name=password value="" size="%d" id="pwd" />%s</td></tr>', 971 $pwdclass, $GLOBALS['strPassword'], $textlinewidth, $js); 972 $html .= sprintf(' 973 <tr><td><div class="%s"><label for="pwd2">%s</label></div></td> 974 <td class="attributeinput"><input type="password" name="password_check" value="" size="%d" id="pwd2" />%s</td></tr>', 975 $pwdclass, $GLOBALS['strPassword2'], $textlinewidth, $js2); 976 } 977 } 978 979//# Write attribute fields 980 switch ($htmlchoice) { 981 case 'textonly': 982 if (!isset($htmlemail)) { 983 $htmlemail = 0; 984 } 985 $html .= sprintf('<input type="hidden" name="htmlemail" value="0" />'); 986 break; 987 case 'htmlonly': 988 if (!isset($htmlemail)) { 989 $htmlemail = 1; 990 } 991 $html .= sprintf('<input type="hidden" name="htmlemail" value="1" />'); 992 break; 993 case 'checkfortext': 994 if (!isset($htmlemail)) { 995 $htmlemail = 1; 996 } 997 $html .= sprintf('<tr><td colspan="2"> 998 <span class="attributeinput"> 999 <input type="checkbox" name="textemail" value="1" %s id="textemail" /></span> 1000 <span class="attributename"><label for="textemail">%s</label></span> 1001 </td></tr>', !$htmlemail ? 'checked="checked"' : '', $strPreferTextEmail); 1002 break; 1003 case 'radiotext': 1004 if (!isset($htmlemail)) { 1005 $htmlemail = 0; 1006 } 1007 $html .= sprintf('<tr><td colspan="2"> 1008 <span class="attributename">%s<br/> 1009 <span class="attributeinput"><input type=radio name="htmlemail" value="0" %s id="htmlemail0" /></span> 1010 <span class="attributename"><label for="htmlemail0">%s</label></span> 1011 <span class="attributeinput"><input type=radio name="htmlemail" value="1" %s id="htmlemail1" /></span> 1012 <span class="attributename"><label for="htmlemail1">%s</label></span></td></tr>', 1013 $strPreferredFormat, 1014 !$htmlemail ? 'checked="checked"' : '', $strText, 1015 $htmlemail ? 'checked="checked"' : '', $strHTML); 1016 break; 1017 case 'radiohtml': 1018 if (!isset($htmlemail)) { 1019 $htmlemail = 1; 1020 } 1021 $html .= sprintf('<tr><td colspan="2"> 1022 <span class="attributename">%s</span><br/> 1023 <span class="attributeinput"><input type="radio" name="htmlemail" value="0" %s id="htmlemail0" /></span> 1024 <span class="attributename"><label for="htmlemail0">%s</label></span> 1025 <span class="attributeinput"><input type="radio" name="htmlemail" value="1" %s id="htmlemail1" /></span> 1026 <span class="attributename"><label for="htmlemail1">%s</label></span></td></tr>', 1027 $strPreferredFormat, 1028 !$htmlemail ? 'checked="checked"' : '', $strText, 1029 $htmlemail ? 'checked="checked"' : '', $strHTML); 1030 break; 1031 case 'checkforhtml': 1032 default: 1033 if (!isset($htmlemail)) { 1034 $htmlemail = 1; 1035 } 1036 $html .= sprintf('<tr><td colspan="2"> 1037 <span class="attributeinput"><input type="checkbox" name="htmlemail" value="1" %s id="htmlemail" /></span> 1038 <span class="attributename"><label for="htmlemail">%s</label></span></td></tr>', $htmlemail ? 'checked="checked"' : '', $strPreferHTMLEmail); 1039 break; 1040 } 1041 $html .= "\n"; 1042 1043 $attids = implode(',', array_keys($attributes)); 1044 $output = array(); 1045 if ($attids) { 1046 $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ($attids)"); 1047 while ($attr = Sql_Fetch_Array($res)) { 1048 $output[$attr['id']] = ''; 1049 if (!isset($data[$attr['id']])) { 1050 $data[$attr['id']] = ''; 1051 } 1052 $attr['required'] = $attributedata[$attr['id']]['required']; 1053 $attr['default_value'] = $attributedata[$attr['id']]['default_value']; 1054 $fieldname = 'attribute'.$attr['id']; 1055 // print "<tr><td>".$attr["id"]."</td></tr>"; 1056 if ($userid && !isset($_POST[$fieldname])) { 1057 // post values take precedence 1058 $val = Sql_Fetch_Row_Query(sprintf('select value from %s where 1059 attributeid = %d and userid = %d', $GLOBALS['tables']['user_attribute'], $attr['id'], $userid)); 1060 $_POST[$fieldname] = $val[0]; 1061 } elseif (!isset($_POST[$fieldname])) { 1062 $_POST[$fieldname] = 0; 1063 } 1064 switch ($attr['type']) { 1065 case 'checkbox': 1066 $output[$attr['id']] = '<tr><td colspan="2">'; 1067 // what they post takes precedence over the database information 1068 if ($_POST[$fieldname]) { 1069 $checked = $_POST[$fieldname] ? 'checked="checked"' : ''; 1070 } else { 1071 $checked = $data[$attr['id']] ? 'checked="checked"' : ''; 1072 } 1073 $output[$attr['id']] .= sprintf("\n".'<input type="checkbox" name="%s" value="on" %s class="attributeinput" id="'.$fieldname.'" />', 1074 $fieldname, $checked); 1075 $output[$attr['id']] .= sprintf("\n".'<span class="%s"><label for="'.$fieldname.'">%s</label></span>', 1076 $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name'])); 1077 if ($attr['required']) { 1078 $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>', 1079 $fieldname, $attr['name']); 1080 } 1081 break; 1082 case 'radio': 1083 $output[$attr['id']] .= sprintf("\n".'<tr><td colspan="2"><div class="%s">%s</div>', 1084 $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name'])); 1085 $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name'); 1086 while ($value = Sql_Fetch_array($values_request)) { 1087 if (!empty($_POST[$fieldname])) { 1088 $checked = $_POST[$fieldname] == $value['id'] ? 'checked="checked"' : ''; 1089 } elseif ($data[$attr['id']]) { 1090 $checked = $data[$attr['id']] == $value['id'] ? 'checked="checked"' : ''; 1091 } else { 1092 $checked = $attr['default_value'] == $value['name'] ? 'checked="checked"' : ''; 1093 } 1094 $output[$attr['id']] .= sprintf('<input type="radio" class="attributeinput" name="%s" id="'.$fieldname.$value['id'].'" value="%s" %s /> %s ', 1095 $fieldname, $value['id'], $checked, '<label for="'.$fieldname.$value['id'].'">'.$value['name'].'</label>'); 1096 } 1097 if ($attr['required']) { 1098 $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addGroupToCheck("%s","%s");</script>', 1099 $fieldname, $attr['name']); 1100 } 1101 break; 1102 case 'select': 1103 $output[$attr['id']] .= sprintf("\n".'<tr><td><div class="%s"><label for="'.$fieldname.'">%s</label></div>', 1104 $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name'])); 1105 $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name'); 1106 $output[$attr['id']] .= sprintf('</td><td class="attributeinput"><!--%d--><select name="%s" class="attributeinput" id="'.$fieldname.'">', 1107 $data[$attr['id']], $fieldname); 1108 while ($value = Sql_Fetch_array($values_request)) { 1109 if (!empty($_POST[$fieldname])) { 1110 $selected = $_POST[$fieldname] == $value['id'] ? 'selected="selected"' : ''; 1111 } elseif ($data[$attr['id']]) { 1112 $selected = $data[$attr['id']] == $value['id'] ? 'selected="selected"' : ''; 1113 } elseif (!empty($attr['default_value'])) { 1114 $selected = strtolower($attr['default_value']) == strtolower($value['name']) ? 'selected="selected"' : ''; 1115 } elseif (strtolower($attr['name']) == 'country' && !empty($_SERVER['GEOIP_COUNTRY_NAME'])) { 1116 $selected = strtolower($_SERVER['GEOIP_COUNTRY_NAME']) == strtolower($value['name']) ? 'selected="selected"' : ''; 1117 } else { 1118 $selected = ''; 1119 } 1120 if (preg_match('/^'.preg_quote(EMPTY_VALUE_PREFIX).'/i', $value['name'])) { 1121 $value['id'] = ''; 1122 } 1123 $output[$attr['id']] .= sprintf('<option value="%s" %s>%s', $value['id'], $selected, 1124 stripslashes($value['name'])); 1125 } 1126 $output[$attr['id']] .= '</select>'; 1127 break; 1128 case 'checkboxgroup': 1129 $output[$attr['id']] .= sprintf("\n".'<tr><td><div class="%s">%s</div>', 1130 $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name'])); 1131 $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name'); 1132 $output[$attr['id']] .= sprintf('</td>'); 1133 $first_td = 0; 1134 while ($value = Sql_Fetch_array($values_request)) { 1135 $selected = ''; 1136 if (is_array($_POST[$fieldname])) { 1137 $selected = in_array($value['id'], $_POST[$fieldname]) ? 'checked' : ''; 1138 } elseif ($data[$attr['id']]) { 1139 $selection = explode(',', $data[$attr['id']]); 1140 $selected = in_array($value['id'], $selection) ? 'checked="checked"' : ''; 1141 } 1142 if ($first_td == 0) { 1143 $output[$attr['id']] .= sprintf('<td class="attributeinput"><input type="checkbox" name="%s[]" class="attributeinput" value="%s" %s id="'.$fieldname.$value['id'].'" /> <label for="'.$fieldname.$value['id'].'">%s</label></td>', 1144 $fieldname, $value['id'], $selected, stripslashes($value['name'])); 1145 $output[$attr['id']] .= sprintf('</tr>'); 1146 } else { 1147 $output[$attr['id']] .= sprintf('<tr><td><div></div></td><td class="attributeinput"><input type="checkbox" name="%s[]" class="attributeinput" value="%s" %s id="'.$fieldname.$value['id'].'" /> <label for="'.$fieldname.$value['id'].'">%s</label></td></tr>', 1148 $fieldname, $value['id'], $selected, stripslashes($value['name'])); 1149 } 1150 ++$first_td; 1151 } 1152 $first_td = 0; 1153 break; 1154 case 'textline': 1155 $output[$attr['id']] .= sprintf("\n".'<tr><td><div class="%s"><label for="'.$fieldname.'">%s</label></div>', 1156 $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'].' *' : $attr['name']); 1157 $output[$attr['id']] .= sprintf('</td><td class="attributeinput"> 1158 <input type="text" name="%s" class="attributeinput" size="%d" value="%s" id="'.$fieldname.'" />', $fieldname, 1159 $textlinewidth, 1160 $_POST[$fieldname] ? str_replace('"', '"', stripslashes($_POST[$fieldname])) : ($data[$attr['id']] ? $data[$attr['id']] : $attr['default_value'])); 1161 if ($attr['required']) { 1162 $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>', 1163 $fieldname, $attr['name']); 1164 } 1165 break; 1166 case 'textarea': 1167 $output[$attr['id']] .= sprintf("\n".'<tr><td colspan="2"> 1168 <div class="%s"><label for="'.$fieldname.'">%s</label></div></td></tr>', $attr['required'] ? 'required' : 'attributename', 1169 $attr['required'] ? $attr['name'].' *' : $attr['name']); 1170 $output[$attr['id']] .= sprintf('<tr><td class="attributeinput" colspan="2"> 1171 <textarea name="%s" rows="%d" class="attributeinput" cols="%d" wrap="virtual" id="'.$fieldname.'">%s</textarea>', 1172 $fieldname, $textarearows, $textareacols, 1173 $_POST[$fieldname] ? str_replace(array('>', '<'), array('>', '<'),stripslashes($_POST[$fieldname])) : ($data[$attr['id']] ? str_replace(array('>', '<'), array('>', '<'),stripslashes($data[$attr['id']])) : $attr['default_value'])); 1174 if ($attr['required']) { 1175 $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>', 1176 $fieldname, $attr['name']); 1177 } 1178 break; 1179 case 'hidden': 1180 $output[$attr['id']] .= sprintf('<input type="hidden" name="%s" size="40" value="%s" />', 1181 $fieldname, $data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']); 1182 break; 1183 case 'date': 1184 require_once dirname(__FILE__).'/date.php'; 1185 $date = new Date(); 1186 $postval = $date->getDate($fieldname); 1187 if ($data[$attr['id']]) { 1188 $val = $data[$attr['id']]; 1189 } else { 1190 $val = $postval; 1191 } 1192 1193 $output[$attr['id']] = sprintf("\n".'<tr><td><div class="%s">%s</div>', 1194 $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'].' *' : $attr['name']); 1195 $output[$attr['id']] .= sprintf('</td><td class="attributeinput"> 1196 %s</td></tr>', $date->showInput($fieldname, '', $val)); 1197 break; 1198 default: 1199 print '<!-- error: huh, invalid attribute type -->'; 1200 } 1201 $output[$attr['id']] .= "</td></tr>\n"; 1202 } 1203 } 1204 1205 // make sure the order is correct 1206 foreach ($attributes as $attribute => $listorder) { 1207 if (isset($output[$attribute])) { 1208 $html .= $output[$attribute]; 1209 } 1210 } 1211 1212 return $html; 1213} 1214 1215/* same as the above, with minimal markup and no JS */ 1216function ListAttributes2011($attributes, $attributedata, $htmlchoice = 0, $userid = 0, $emaildoubleentry = 'no') 1217{ 1218 global $strPreferHTMLEmail, $strPreferTextEmail, 1219 $strEmail, $tables, $table_prefix, $strPreferredFormat, $strText, $strHTML; 1220 1221 if ($userid) { 1222 $data = array(); 1223 $current = Sql_Fetch_array_Query("select * from {$GLOBALS['tables']['user']} where id = $userid"); 1224 $datareq = Sql_Query("select * from {$GLOBALS['tables']['user_attribute']} where userid = $userid"); 1225 while ($row = Sql_Fetch_Array($datareq)) { 1226 $data[$row['attributeid']] = $row['value']; 1227 } 1228 1229 $email = $current['email']; 1230 $htmlemail = $current['htmlemail']; 1231 // override with posted info 1232 foreach ($current as $key => $val) { 1233 if (isset($_POST[$key]) && $key != 'password') { 1234 $current[$key] = $val; 1235 } 1236 } 1237 } else { 1238 if (isset($_REQUEST['email'])) { 1239 $email = stripslashes($_REQUEST['email']); 1240 } else { 1241 $email = ''; 1242 } 1243 if (isset($_POST['htmlemail'])) { 1244 $htmlemail = $_POST['htmlemail']; 1245 } 1246 $data = array(); 1247 $current = array(); 1248 } 1249 1250 $textlinewidth = sprintf('%d', getConfig('textline_width')); 1251 if (!$textlinewidth) { 1252 $textlinewidth = 40; 1253 } 1254 list($textarearows, $textareacols) = explode(',', getConfig('textarea_dimensions')); 1255 if (!$textarearows) { 1256 $textarearows = 10; 1257 } 1258 if (!$textareacols) { 1259 $textareacols = 40; 1260 } 1261 1262 $html = ''; 1263 $html .= '<fieldset class="subscriberdetails">'; 1264 $html .= sprintf('<div class="required"><label for="email">%s *</label> 1265 <input type="text" name="email" value="%s" class="input email required" />', $GLOBALS['strEmail'], 1266 htmlspecialchars($email)); 1267 1268 if ($emaildoubleentry == 'yes') { 1269 if (!isset($_REQUEST['emailconfirm'])) { 1270 $_REQUEST['emailconfirm'] = ''; 1271 } 1272 $html .= sprintf('<label for="emailconfirm">%s</label> 1273 <input type="text" name="emailconfirm" value="%s" class="input emailconfirm required" />', 1274 $GLOBALS['strConfirmEmail'], htmlspecialchars(stripslashes($_REQUEST['emailconfirm'])), 1275 $GLOBALS['strConfirmEmail']); 1276 } 1277 1278 if (ASKFORPASSWORD) { 1279 // we only require a password if there isnt one, so they can set it 1280 // otherwise they can keep the existing, if they do not enter anything 1281 if (!isset($current['password']) || !$current['password']) { 1282 $pwdclass = 'required'; 1283 // $html .= '<input type="hidden" name="passwordreq" value="1" />'; 1284 } else { 1285 $pwdclass = 'attributename'; 1286 // $html .= '<input type="hidden" name="passwordreq" value="0" />'; 1287 } 1288 1289 $html .= sprintf(' 1290 <label for="password">%s</label><input type="password" id="password" name="password" value="" class="input password required" />', 1291 $GLOBALS['strPassword']); 1292 $html .= sprintf(' 1293 <label for="password_check">%s</label><input type="password" name="password_check" id="password_check" value="" class="input password required" />', 1294 $GLOBALS['strPassword2']); 1295 } 1296 $html .= '</div>'; //# class=required 1297 1298 $htmlchoice = 'checkforhtml'; 1299//# Write attribute fields 1300 switch ($htmlchoice) { 1301 case 'textonly': 1302 if (!isset($htmlemail)) { 1303 $htmlemail = 0; 1304 } 1305 $html .= sprintf('<input type="hidden" name="htmlemail" value="0" />'); 1306 break; 1307 case 'htmlonly': 1308 if (!isset($htmlemail)) { 1309 $htmlemail = 1; 1310 } 1311 $html .= sprintf('<input type="hidden" name="htmlemail" value="1" />'); 1312 break; 1313 case 'checkfortext': 1314 if (!isset($htmlemail)) { 1315 $htmlemail = 0; 1316 } 1317 $html .= sprintf('<fieldset class="htmlchoice"><div><input type="checkbox" name="textemail" id="textemail" value="1" %s /><label for="textemail">%s</label></div></fieldset>', 1318 empty($htmlemail) ? 'checked="checked"' : '', $GLOBALS['strPreferTextEmail']); 1319 break; 1320 case 'radiotext': 1321 if (!isset($htmlemail)) { 1322 $htmlemail = 0; 1323 } 1324 case 'radiohtml': 1325 if (!isset($htmlemail)) { 1326 $htmlemail = 1; 1327 } 1328 $html .= sprintf('<fieldset class="htmlchoice"> 1329 <legend>%s</legend> 1330 <div><input type="radio" id="choicetext" name="htmlemail" value="0" %s /><label for="choicetext" class="htmlchoice">%s</label></div> 1331 <div><input type="radio" id="choicehtml" name="htmlemail" value="1" %s /><label for="choicehtml" class="htmlchoice">%s</label></div> 1332 </fieldset>', 1333 $GLOBALS['strPreferredFormat'], 1334 empty($htmlemail) ? 'checked="checked"' : '', $GLOBALS['strText'], 1335 !empty($htmlemail) ? 'checked="checked"' : '', $GLOBALS['strHTML']); 1336 break; 1337 case 'checkforhtml': 1338 default: 1339 if (!isset($htmlemail)) { 1340 $htmlemail = 0; 1341 } 1342 $html .= sprintf('<fieldset class="htmlchoice"><div><input type="checkbox" name="htmlemail" id="htmlemail" value="1" %s /> 1343 <label for="htmlemail">%s</label></div></fieldset>', !empty($htmlemail) ? 'checked="checked"' : '', 1344 $GLOBALS['strPreferHTMLEmail']); 1345 break; 1346 } 1347 $html .= "</fieldset>\n"; 1348 1349 $html .= '<fieldset class="attributes">'."\n"; 1350 1351 $attids = implode(',', array_keys($attributes)); 1352 $output = array(); 1353 if ($attids) { 1354 $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ($attids)"); 1355 while ($attr = Sql_Fetch_Array($res)) { 1356 $output[$attr['id']] = ''; 1357 if (!isset($data[$attr['id']])) { 1358 $data[$attr['id']] = ''; 1359 } 1360 $attr['required'] = $attributedata[$attr['id']]['required']; 1361 $attr['default_value'] = $attributedata[$attr['id']]['default_value']; 1362 $fieldname = 'attribute'.$attr['id']; 1363 // print "<tr><td>".$attr["id"]."</td></tr>"; 1364 if ($userid && !isset($_POST[$fieldname])) { 1365 // post values take precedence 1366 $val = Sql_Fetch_Row_Query(sprintf('select value from %s where 1367 attributeid = %d and userid = %d', $GLOBALS['tables']['user_attribute'], $attr['id'], $userid)); 1368 $_POST[$fieldname] = $val[0]; 1369 } elseif (!isset($_POST[$fieldname])) { 1370 $_POST[$fieldname] = 0; 1371 } 1372 switch ($attr['type']) { 1373 case 'checkbox': 1374 $output[$attr['id']] = ''; 1375 // what they post takes precedence over the database information 1376 if (isset($_POST[$fieldname])) { 1377 $checked = !empty($_POST[$fieldname]) ? 'checked="checked"' : ''; 1378 } else { 1379 $checked = !empty($data[$attr['id']]) ? 'checked="checked"' : ''; 1380 } 1381 $output[$attr['id']] .= sprintf("\n".'<input type="checkbox" name="%s" value="on" %s class="input%s" />', 1382 $fieldname, $checked, $attr['required'] ? ' required' : ''); 1383 $output[$attr['id']] .= sprintf("\n".'<label for="%s" class="%s">%s</label>', $fieldname, 1384 $attr['required'] ? 'required' : '', stripslashes($attr['name'])); 1385 break; 1386 case 'radio': 1387 $output[$attr['id']] .= sprintf("\n".'<fieldset class="radiogroup %s"><legend>%s</legend>', 1388 $attr['required'] ? 'required' : '', stripslashes($attr['name'])); 1389 $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name'); 1390 while ($value = Sql_Fetch_array($values_request)) { 1391 if (!empty($_POST[$fieldname])) { 1392 $checked = $_POST[$fieldname] == $value['id'] ? 'checked="checked"' : ''; 1393 } elseif ($data[$attr['id']]) { 1394 $checked = $data[$attr['id']] == $value['id'] ? 'checked="checked"' : ''; 1395 } else { 1396 $checked = $attr['default_value'] == $value['name'] ? 'checked="checked"' : ''; 1397 } 1398 $output[$attr['id']] .= sprintf('<input type="radio" class="input%s" name="%s" value="%s" %s /><label for="%s">%s</label>', 1399 $attr['required'] ? ' required' : '', $fieldname, $value['id'], $checked, $fieldname, 1400 $value['name']); 1401 } 1402 $output[$attr['id']].'</fieldset>'; 1403 break; 1404 case 'select': 1405 $output[$attr['id']] .= sprintf("\n".'<fieldset class="selectgroup %s"><label for="%s">%s</label>', 1406 $attr['required'] ? 'required' : '', $fieldname, stripslashes($attr['name'])); 1407 $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name'); 1408 $output[$attr['id']] .= sprintf('<select name="%s" class="input%s">', $fieldname, 1409 $attr['required'] ? 'required' : ''); 1410 while ($value = Sql_Fetch_array($values_request)) { 1411 if (!empty($_POST[$fieldname])) { 1412 $selected = $_POST[$fieldname] == $value['id'] ? 'selected="selected"' : ''; 1413 } elseif ($data[$attr['id']]) { 1414 $selected = $data[$attr['id']] == $value['id'] ? 'selected="selected"' : ''; 1415 } else { 1416 $selected = $attr['default_value'] == $value['name'] ? 'selected="selected"' : ''; 1417 } 1418 if (preg_match('/^'.preg_quote(EMPTY_VALUE_PREFIX).'/i', $value['name'])) { 1419 $value['id'] = ''; 1420 } 1421 $output[$attr['id']] .= sprintf('<option value="%s" %s>%s</option>', $value['id'], $selected, 1422 stripslashes($value['name'])); 1423 } 1424 $output[$attr['id']] .= '</select>'; 1425 $output[$attr['id']] .= '</fieldset>'; 1426 break; 1427 case 'checkboxgroup': 1428 $output[$attr['id']] .= sprintf("\n".'<fieldset class="checkboxgroup %s"><label for="%s">%s</label>', 1429 $attr['required'] ? 'required' : '', $fieldname, stripslashes($attr['name'])); 1430 $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name'); 1431 $cbCounter = 0; 1432 while ($value = Sql_Fetch_array($values_request)) { 1433 ++$cbCounter; 1434 $selected = ''; 1435 if (is_array($_POST[$fieldname])) { 1436 $selected = in_array($value['id'], $_POST[$fieldname]) ? 'checked="checked"' : ''; 1437 } elseif ($data[$attr['id']]) { 1438 $selection = explode(',', $data[$attr['id']]); 1439 $selected = in_array($value['id'], $selection) ? 'checked="checked"' : ''; 1440 } 1441 $output[$attr['id']] .= sprintf('<input type="checkbox" name="%s[]" id="%s%d" class="input%s" value="%s" %s /><label for="%s%d">%s</label>', 1442 $fieldname, $fieldname, $cbCounter, $attr['required'] ? ' required' : '', $value['id'], 1443 $selected, $fieldname, $cbCounter, stripslashes($value['name'])); 1444 } 1445 $output[$attr['id']] .= '</fieldset>'; 1446 break; 1447 case 'textline': 1448 $output[$attr['id']] .= sprintf("\n".'<label for="%s" class="input %s">%s</label>', $fieldname, 1449 $attr['required'] ? ' required' : '', $attr['name']); 1450 $output[$attr['id']] .= sprintf('<input type="text" name="%s" class="input%s" value="%s" />', 1451 $fieldname, $attr['required'] ? ' required' : '', 1452 isset($_POST[$fieldname]) ? htmlspecialchars(stripslashes($_POST[$fieldname])) : (isset($data[$attr['id']]) ? $data[$attr['id']] : $attr['default_value'])); 1453 break; 1454 case 'textarea': 1455 $output[$attr['id']] .= sprintf("\n".'<label for="%s" class="input %s">%s</label>', $fieldname, 1456 $attr['required'] ? ' required' : '', $attr['name']); 1457 $output[$attr['id']] .= sprintf('<textarea name="%s" rows="%d" cols="%d" class="input%s" wrap="virtual">%s</textarea>', 1458 $fieldname, $textarearows, $textareacols, $attr['required'] ? ' required' : '', 1459 isset($_POST[$fieldname]) ? htmlspecialchars(stripslashes($_POST[$fieldname])) : (isset($data[$attr['id']]) ? htmlspecialchars(stripslashes($data[$attr['id']])) : $attr['default_value'])); 1460 break; 1461 case 'hidden': 1462 $output[$attr['id']] .= sprintf('<input type="hidden" name="%s" value="%s" />', $fieldname, 1463 $data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']); 1464 break; 1465 case 'date': 1466 require_once dirname(__FILE__).'/date.php'; 1467 $date = new Date(); 1468 $postval = $date->getDate($fieldname); 1469 if ($data[$attr['id']]) { 1470 $val = $data[$attr['id']]; 1471 } else { 1472 $val = $postval; 1473 } 1474 1475 $output[$attr['id']] = sprintf("\n".'<fieldset class="date%s"><label for="%s">%s</label>', 1476 $attr['required'] ? ' required' : '', $fieldname, $attr['name']); 1477 $output[$attr['id']] .= sprintf('%s', $date->showInput($fieldname, '', $val)); 1478 $output[$attr['id']] .= '</fieldset>'; 1479 break; 1480 default: 1481 print '<!-- error: huh, invalid attribute type -->'; 1482 } 1483 $output[$attr['id']] .= "\n"; 1484 } 1485 } 1486 1487 // make sure the order is correct 1488 foreach ($attributes as $attribute => $listorder) { 1489 if (isset($output[$attribute])) { 1490 $html .= $output[$attribute]; 1491 } 1492 } 1493 1494 $html .= '</fieldset>'."\n"; //# class=attributes 1495 1496// print htmlspecialchars( '<fieldset class="phplist">'.$html.'</fieldset>');exit; 1497 return $html; 1498} 1499 1500function ListAllAttributes() 1501{ 1502 global $tables; 1503 $attributes = array(); 1504 $attributedata = array(); 1505 $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} order by listorder"); 1506 while ($row = Sql_Fetch_Array($res)) { 1507 // print $row["id"]. " ".$row["name"]; 1508 $attributes[$row['id']] = $row['listorder']; 1509 $attributedata[$row['id']]['id'] = $row['id']; 1510 $attributedata[$row['id']]['default_value'] = $row['default_value']; 1511 $attributedata[$row['id']]['listorder'] = $row['listorder']; 1512 $attributedata[$row['id']]['required'] = $row['required']; 1513 $attributedata[$row['id']]['default_value'] = $row['default_value']; 1514 } 1515 1516 return ListAttributes($attributes, $attributedata, 'checkforhtml'); 1517} 1518