# experiment, see whether we can correct the magic quotes centrally
function addSlashesArray($array) {
foreach ($array as $key =>
$val) { if (is_array($val)) { $array[$key] = addSlashesArray($val); } else { $array[$key] = addslashes($val); } } return $array; } if (!ini_get("magic_quotes_gpc") || ini_get("magic_quotes_gpc") == "off") { $_POST = addSlashesArray($_POST); $_GET = addSlashesArray($_GET); $_REQUEST = addSlashesArray($_REQUEST); $_COOKIE = addSlashesArray($_COOKIE); } /* foreach ($_POST as $key => $val) { print "POST: $key = $val
"; } foreach ($_GET as $key => $val) { print "GET: $key = $val
"; } foreach ($_REQUEST as $key => $val) { print "REQ: $key = $val
"; } foreach ($_REQUEST as $key => $val) { print "COOKIE: $key = $val
"; } */ ?>
require_once dirname(__FILE__).'/accesscheck.php';
# library with user functions
# this file is shared between the webbler and PHPlist via commonlib
function initialiseUserSession() {
if (!is_array($_SESSION["userdata"])) {
$_SESSION["userdata"] = array();
}
$_SESSION["session"] = $GLOBALS["PHPSESSID"];
}
function getEveryoneGroupID() {
$ev_req = Sql_Fetch_Row_Query("select id from groups where name = \"Everyone\"");
$everyone_groupid = $ev_req[0];
if (!$everyone_groupid) {
Sql_Query("insert into groups (name) values(\"Everyone\")");
$everyone_groupid = Sql_Insert_Id();
}
return $everyone_groupid;
}
function getUniqid($table = "") {
global $tables;
if (!$table) {
if ($tables["user"])
$table = $tables["user"];
else
$table = "user";
}
# make sure it is really unique
$id = md5(uniqid(mt_rand()));
$req = Sql_Query("select id from $table where uniqid = \"$id\"");
while (Sql_Affected_rows()) {
$id = md5(uniqid(mt_rand()));
$req = Sql_Query("select id from $table where uniqid = \"$id\"");
}
return $id;
}
function deleteUser($id) {
global $tables;
Sql_Query(sprintf('delete from %s where userid = %d',$tables["listuser"],$id));
Sql_Query(sprintf('delete from %s where userid = %d',$tables["user_attribute"],$id));
Sql_Query(sprintf('delete from %s where userid = %d',$tables["usermessage"],$id));
Sql_Query(sprintf('delete from %s where user = %d',$tables["user_message_bounce"],$id));
Sql_Query(sprintf('delete from %s where id = %d',$tables["user"],$id));
Sql_Query(sprintf('delete from %s where userid = %d',$tables["user_history"],$id));
Sql_Query(sprintf('delete from %s where userid = %d',$tables["user_rss"],$id));
}
function addNewUser($email,$password = "") {
/*
"id" =>
array("integer not null primary key auto_increment","sys:ID"), "email" => array("varchar(255) not null","Email"), "confirmed" => array("tinyint default 0","sys:Is the email of this user confirmed"), "entered" => array("datetime","sys:Time Created"), "modified" => array("timestamp","sys:Time modified"), "uniqid" => array("varchar(255)","sys:Unique ID for User"), "unique" => array("(email)","sys:unique"), "htmlemail" => array("tinyint default 0","Send this user HTML emails"), "subscribepage" => array("integer","sys:Which page was used to subscribe"), "rssfrequency" => array("varchar(100)","RSS Frequency"), "password" => array("varchar(255)","Password"), "passwordchanged" => array("datetime","sys:Last time password was changed"), "disabled" => array("tinyint default 0","Is this account disabled?"), "extradata" => array("text","Additional data"), */ // insert into user db Sql_Query(sprintf('insert into %s set email = "%s", entered = now(),modified = now(),password = "%s", passwordchanged = now(),disabled = 0, uniqid = "%s",htmlemail = 1 ',$GLOBALS['tables']['user'],$email,$password,getUniqid())); $ar = Sql_Affected_Rows(); if ($ar > 0) { $id = Sql_Insert_Id(); } else { $id = 0; } return $id; } function AttributeValue($table,$value) { global $table_prefix; # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; if (ereg(",",$value)) { $result = ""; $res = Sql_Query(sprintf('select name from %slistattr_%s where id in (%s)', $table_prefix,$table,$value)); while ($row = Sql_Fetch_row($res)) { $result .= $row[0]."; "; } return substr($result,0,-2); } elseif ($value) { $res = Sql_Query(sprintf('select name from %slistattr_%s where id = %d', $table_prefix,$table,$value)); $row = Sql_Fetch_row($res); } else { # return "Invalid Attribute Index"; } return $row[0]; } function getUserAttributeValues($email = '', $id = 0) { global $table_prefix,$tables; if (!$email && !$id) return; # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; if (isset($tables["attribute"])) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; $usertable = $tables["user"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; $usertable = "user"; } $result = array(); if ($email && !$id) { $userid = Sql_Fetch_Row_Query("select id from {$usertable} where email = \"$email\""); $id = $userid[0]; } if (!$id) return; $att_req = Sql_Query(sprintf('select %s.name,%s.id from %s,%s where %s.userid = %s and %s.id = %s.attributeid', $att_table, $att_table, $user_att_table, $att_table, $user_att_table, $id, $att_table, $user_att_table )); while ($att = Sql_fetch_array($att_req)) { $result[$att["name"]] = UserAttributeValue($id,$att["id"]); } return $result; } function UserAttributeValue($user = 0,$attribute = 0) { # workaround for integration webbler/phplist global $table_prefix,$tables; if (!isset($table_prefix)) $table_prefix = "phplist_"; # if (!$user || !$attribute) return; if (isset($tables["attribute"])) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; } $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute"); switch ($att["type"]) { case "checkboxgroup": $val_ids = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute"); if ($val_ids[0]) { $res = Sql_Query("select $table_prefix"."listattr_".$att["tablename"].".name from $user_att_table,$table_prefix"."listattr_".$att["tablename"]." where $user_att_table".".userid = ".$user." and $table_prefix"."listattr_".$att["tablename"].".id in ($val_ids[0]) and $user_att_table".".attributeid = ".$attribute); while ($row = Sql_Fetch_row($res)) $value .= $row[0]."; "; $value = substr($value,0,-2); } else { $value = ""; } break; case "select": case "radio": $res = Sql_Query("select $table_prefix"."listattr_".$att["tablename"].".name from $user_att_table,$table_prefix"."listattr_".$att["tablename"]." where $user_att_table".".userid = ".$user." and $table_prefix"."listattr_".$att["tablename"].".id = $user_att_table".".value and $user_att_table".".attributeid = ".$attribute); $row = Sql_Fetch_row($res); $value = $row[0]; break; default: $res = Sql_Query("select value from $user_att_table where $user_att_table".".userid = ".$user." and attributeid = ".$attribute); $row = Sql_Fetch_row($res); $value = $row[0]; } return $value; } function userName() { global $config; if (!is_array($config["nameattributes"])) return ""; $res = ""; foreach ($config["nameattributes"] as $att) { $res .= $_SESSION["userdata"][$att]["displayvalue"].' '; } return rtrim($res); } function isBlackListed($email = "") { if (!$email) return 0; if (!Sql_Table_exists($GLOBALS["tables"]["user_blacklist"])) return 0; $gracetime = sprintf('%d',$GLOBALS["blacklist_gracetime"]); if (!$gracetime || $gracetime > 15 || $gracetime < 0) { $gracetime = 5; } # allow 5 minutes to send the last message acknowledging unsubscription $req = Sql_Query(sprintf('select * from %s where email = "%s" and date_add(added,interval %d minute) < now()', $GLOBALS["tables"]["user_blacklist"],$email,$gracetime)); return Sql_Affected_Rows(); } function isBlackListedID($userid = 0) { if (!$userid) return 0; $email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = $userid"); return isBlackListed($email[0]); } function unBlackList($userid = 0) { if (!$userid) return; $email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = $userid"); Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist"],$email[0])); Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist_data"],$email[0])); Sql_Query(sprintf('update %s set blacklisted = 0 where id = %d',$GLOBALS["tables"]["user"],$userid)); if (isset($_SESSION["logindetails"]["adminname"])) { $msg = "Removed from blacklist by ".$_SESSION["logindetails"]["adminname"]; addUserHistory($email[0],$msg,""); } } function addUserToBlackList($email,$reason = '') { Sql_Query(sprintf('insert ignore into %s (email,added) values("%s",now())', $GLOBALS['tables']["user_blacklist"],addslashes($email))); Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']["user"],addslashes($email))); # save the reason, and other data Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"],addslashes($email), "reason",addslashes($reason))); foreach (array("REMOTE_ADDR") as $item ) { # @@@do we want to know more? if (isset($_SERVER[$item])) { Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"],addslashes($email), $item,addslashes($_SERVER[$item]))); } } } function UserAttributeValueSelect($user = 0,$attribute = 0) { # if (!$user || !$attribute) return; global $table_prefix,$tables; # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; if ($tables["attribute"]) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; } if (!Sql_Table_exists($att_table)) { return "broken attribute $attribute"; } $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute"); # $value = UserAttributeValue($att["tablename"],$attribute); $value = UserAttributeValue($user,$attribute); $html .= 'Value: '.$value; $html = sprintf(''; } function UserAttributeValueCbGroup($user = 0,$attribute = 0) { # if (!$user || !$attribute) return; global $table_prefix,$tables; if ($tables["attribute"]) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; } # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute"); $values_req = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute"); $values = split(",",$values_req[0]); $html = sprintf('