You forgot to enter a valid email address'; } else if(substr_count($Email,'@')!=1 || substr_count($Email,'.')==0) { $Error = '

You entered an invalid email address

'; } if($Format!=1 && $Format!=2) { $Errors[] = '

You forgot to specify a newsletter format

'; } foreach($ListsToUse as $ListID) { $fl['ListID']=$ListID; $listinfo=stripslashes_array(mysql_fetch_array(mysql_query("SELECT * FROM " . $TABLEPREFIX . "lists WHERE ListID='".addslashes($ListID)."'"))); //check the email is not being replicated and it not banned if(Banned($Email,$fl['ListID'])) { $Errors[] = "

Your email address is banned from joining '" . $listinfo["ListName"] . "'

"; continue; } $rest_query = "SELECT * FROM " . $TABLEPREFIX . "members WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"; // if we're modifying a member, it'll be a hidden post field... $MemberID = (!empty($_POST['MemberID'])) ? $_POST['MemberID'] : 0; $rest = mysql_query($rest_query); if(mysql_num_rows($rest)>0) { $rest=mysql_fetch_array($rest); $rest = stripslashes_array($rest); if ($form['FormType'] != 'modify') { if($rest['Confirmed']==0 || $rest['Status']==0) { mysql_query("DELETE FROM " . $TABLEPREFIX . "members WHERE MemberID='".addslashes($rest['MemberID'])."' AND ListID='".addslashes($ListID)."'"); mysql_query("DELETE FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($rest['MemberID']) . "' AND ListID='" . addslashes($ListID) . "'"); } else { $Errors[] = "

You are already subscribed to '" . $listinfo['ListName'] . "'

"; } } if ($form['FormType'] == 'modify' && $Email != $_POST['OldEmail']) { $Errors[] = "

This email address is already subscribed to '" . $listinfo['ListName'] . "'

"; } } else { if ($form['FormType'] == 'modify') { $SubscribeToList[] = $ListID; } } // we need the distinct because otherwise we'll get duplicates if there are multiple 'Manager' users.... $list_fields=mysql_query("SELECT DISTINCT ff.FieldID, ff.FormID, lf.FieldName, lf.FieldType, lf.DefaultValue, lf.AllValues, lf.Required FROM " . $TABLEPREFIX . "list_fields lf, ".$TABLEPREFIX."form_fields ff WHERE ff.FormID='".addslashes($FormID)."' AND ff.FieldID=lf.FieldID"); while($lf=mysql_fetch_array($list_fields)) { //if its a drop down check the value fits! if($lf['FieldType']=='dropdown') { $FieldGood=0; $valpa=explode(';', $lf['AllValues']); foreach($valpa as $pair) { if($pair != '') { list($val,$name) = explode('->',$pair); if($val == $Fields[$lf['FieldID']]) $FieldGood=1; } } if($FieldGood!=1) { $Errors[] = "

The field '" . $lf['FieldName'] . "' has an invalid value

"; } } //check if its required! if($lf['Required']==1) { if(empty($Fields[$lf['FieldID']]) || $Fields[$lf['FieldID']]==$lf['DefaultValue']) { $Errors[] = "

The field '" . $lf['FieldName'] . "' is a required field

"; } } } } if(sizeof($Errors)==0) { //we are safe to add the user! reset($ListsToUse); if($form['RequireConfirm']==1) { $Conf=0; } else { $Conf=1; } $ConfirmCode=md5(uniqid(rand())); foreach($ListsToUse as $ListID) { $listinfo=mysql_fetch_array(mysql_query("SELECT * FROM " . $TABLEPREFIX . "lists WHERE ListID='".addslashes($ListID)."'")); $listinfo = stripslashes_array($listinfo); $member_query = "INSERT INTO " . $TABLEPREFIX . "members SET Format='".addslashes($Format)."', FormID='".addslashes($FormID)."', ConfirmCode='".addslashes($ConfirmCode)."', Email='".addslashes($Email)."', ListID='".addslashes($ListID)."', Status='1', Confirmed='".addslashes($Conf)."', SubscribeDate='".addslashes($SYSTEMTIME)."'"; if ($form['FormType'] == 'modify') { if (!in_array($ListID, $SubscribeToList)) { $member_query = "UPDATE " . $TABLEPREFIX . "members SET Format='" . addslashes($Format) . "', FormID='" . addslashes($FormID) . "', ConfirmCode='" . addslashes($ConfirmCode) . "', Email='".addslashes($Email)."', Status='1', Confirmed='".addslashes($Conf)."' WHERE MemberID='" . addslashes($MemberID) . "' AND ListID='" . addslashes($ListID) . "'"; } } mysql_query($member_query); if ($form['FormType'] == 'modify') { if (!in_array($ListID, $SubscribeToList)) { $UserID = $MemberID; } else { $UserID = mysql_insert_id(); } } else { $UserID = mysql_insert_id(); } $fields=mysql_query("SELECT DISTINCT ff.FieldID, ff.FormID, ff.FieldOrder, lf.FieldName, lf.FieldType, lf.DefaultValue, lf.AllValues, lf.Required FROM " . $TABLEPREFIX . "list_fields lf, ".$TABLEPREFIX."form_fields ff WHERE ff.FormID='".addslashes($FormID)."' AND ff.FieldID=lf.FieldID ORDER BY lf.FieldName"); $extra_mail_msg = ''; while($f=mysql_fetch_array($fields)) { if ($form['FormType'] == 'modify') { // clear out old value first. mysql_query("DELETE FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($UserID) . "' AND ListID='" . addslashes($ListID) . "' AND FieldID='" . addslashes($f['FieldID']) . "'"); } $val = (!empty($Fields[$f['FieldID']])) ? $Fields[$f['FieldID']] : ''; // if it's the datebox, we want the format the same all the time! if ($f['FieldType'] == 'datebox') { $val = $val['dd'] . ':' . $val['mm'] . ':' . $val['yy']; } else { if (is_array($val)) $val = implode(':', $val); } $qry = "INSERT INTO " . $TABLEPREFIX . "list_field_values SET UserID='".addslashes($UserID)."', ListID='".addslashes($ListID)."', FieldID='".addslashes($f['FieldID'])."', Value='" . addslashes($val) . "'"; mysql_query($qry); $extra_mail_msg .= stripslashes($f['FieldName']) . ": " . stripslashes($val) . "\n"; } $ListsList.=$listinfo["ListName"]."\n"; if ($form['RequireConfirm']!=1 && $listinfo['NotifyOwner'] == 1) { $mail_msg = "A person with the following details has joined your mailing list '" . stripslashes($listinfo['ListName']) . "'.\n\n"; $mail_msg .= "Email address: " . $Email . "\n"; $form_action = "joined"; if ($form['FormType'] == 'modify') { $form_action = "modified their details for"; $mail_msg = "They have modified their details to be the following.\n\n"; if ($_POST['OldEmail'] != $Email) { $mail_msg .= "Changed Email address from : " . $_POST['OldEmail'] . ' to ' . $Email . "\n"; } } $mail_msg .= $extra_mail_msg . "\n"; $mail_msg .= "You can just hit 'reply' if you would like to send this person a message.\n"; $subject = "Subscriber has " . $form_action . " " . stripslashes($listinfo['ListName']); if (SAFE_MODE) { mail($WebmasterEmail, $subject, $mail_msg, "From: " . $Email); } else { mail($WebmasterEmail, $subject, $mail_msg, "From: " . $Email, "-f" . $Email); } } } if($Fields) { foreach($Fields as $FieldID=>$Val) { $Tags['FIELD:'.$FieldID]=$Val; } } $Tags['EMAIL']=$Email; $Tags['LISTS']=trim($ListsList); if (!empty($ListsToUnsubscribeFrom)) { foreach($ListsToUnsubscribeFrom as $ListID) { if (UNSUBSCRIBE_DELETE_USER) { $qry = "SELECT MemberID FROM " . $TABLEPREFIX . "members WHERE Email='" . addslashes($Email) . "' AND ListID='" . addslashes($ListID) . "'"; $result = mysql_query($qry); if (mysql_num_rows($result) > 0) { $memberid = mysql_result($result, 0, 0); } else { $memberid = 0; } if ($memberid > 0) { mysql_query("DELETE FROM " . $TABLEPREFIX . "members WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"); mysql_query("DELETE FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($memberid) . "' AND ListID='" . addslashes($ListID) . "'"); } } else { mysql_query("UPDATE " . $TABLEPREFIX . "members Set Status=0 WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"); } } } if($form['RequireConfirm']==1) { $Tags["CONFIRMLINK"] = $ROOTURL . "users/confirm.php?Email=$Email&ConfirmCode=$ConfirmCode"; $ConfSubject = ParsePage('ConfirmSubject', $Tags, $FormID); $ConfEmail = ParsePage('ConfirmEmail', $Tags, $FormID); $send_from_name = $form['SendName']; $send_from_email = $form['SendEmail']; if (empty($send_from_name)) $send_from_name = $WebmasterName; if (empty($send_from_email)) $send_from_email = $WebmasterEmail; if (SAFE_MODE) { mail($Email, $ConfSubject, $ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">"); } else { mail($Email, $ConfSubject, $ConfEmail , "From: " . $send_from_name . " <" . $send_from_email . ">", "-f".$send_from_email); } $pURL = ''; $result = mysql_query("SELECT ResponseData FROM " . $TABLEPREFIX . "form_responses WHERE FormID = '" . addslashes($FormID) . "' and ResponseName='ConfirmURL'"); if (mysql_num_rows($result) > 0) { $pURL = mysql_result($result, 0, 0); } $pURL = stripslashes_array($pURL); if($pURL != '' && $pURL != 'http://') { header('location: ' . $pURL); die(); } else { echo ParsePage('ConfirmPage', $Tags, $FormID); } } else if($form['SendThankyou']==1) { $ConfSubject = ParsePage('ThanksSubject', $Tags, $FormID); $ConfEmail = ParsePage('ThanksEmail', $Tags, $FormID); $send_from_name = $form['SendName']; $send_from_email = $form['SendEmail']; if (empty($send_from_name)) $send_from_name = $WebmasterName; if (empty($send_from_email)) $send_from_email = $WebmasterEmail; if (SAFE_MODE) { mail($Email,$ConfSubject,$ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">"); } else { mail($Email,$ConfSubject,$ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">", "-f".$send_from_email); } // Should we output the thankyou page, or redirect to a page they have specified? $tURL = ''; $result = mysql_query("SELECT ResponseData FROM " . $TABLEPREFIX . "form_responses where FormID = '" . addslashes($FormID) . "' and ResponseName='ThanksURL'"); if (mysql_num_rows($result) > 0) { $tURL = mysql_result($result, 0, 0); } $tURL = stripslashes_array($tURL); if($tURL != '' && $tURL != 'http://') { header('location: ' . $tURL); die(); } else { echo ParsePage('ThanksPage', $Tags, $FormID); } } else { // Default thank you page // Should we output the thankyou page, or redirect to a page they have specified? $tURL = ''; $result = mysql_query("SELECT ResponseData FROM " . $TABLEPREFIX . "form_responses where FormID = '" . addslashes($FormID) . "' and ResponseName='ThanksURL'"); if (mysql_num_rows($result) > 0) { $tURL = mysql_result($result, 0, 0); } $tURL = stripslashes_array($tURL); if($tURL != '' && $tURL != 'http://') { header('location: ' . $tURL); die(); } else { echo ParsePage('ThanksPage', $Tags, $FormID); } } } else { $aller = implode('\n',$Errors); if($Fields) { foreach($Fields as $FieldID=>$Val) { $Tags['FIELD:'.$FieldID]=$Val; } } $aller = str_replace('\n', '', '

' . $aller . '

'); $Tags['ERRORLIST']=$aller; $eURL = ''; $result = mysql_query("select ResponseData from " . $TABLEPREFIX . "form_responses where FormID = '" . addslashes($FormID) . "' and ResponseName='ErrorURL'"); if (mysql_num_rows($result) > 0) { // Should we output the error page, or redirect to a page they have specified? $eURL = mysql_result($result, 0, 0); } $eURL = stripslashes_array($eURL); if($eURL != '' && $eURL != 'http://') { header('location: ' . $eURL . '?error=' . urlencode($aller)); die(); } else { echo ParsePage('ErrorPage',$Tags,$FormID); } } break; case 'unsub': //find user in lists! $Good=0; //decide which lists! $form_lists=mysql_query("SELECT * FROM " . $TABLEPREFIX . "form_lists WHERE FormID='".addslashes($FormID)."'"); $ListsToUse = array(); while($fl=mysql_fetch_array($form_lists)) { $fl = stripslashes_array($fl); if($form['SelectLists']==1) { if(isset($SelectLists[$fl['ListID']]) && $SelectLists[$fl['ListID']]=='YES') { $ListsToUse[]=$fl['ListID']; } } else { $ListsToUse[]=$fl['ListID']; } } $ConfirmCode=md5(uniqid(rand())); $ListsList = ''; if($form['RequireConfirm']==1) { $Good = 0; $temp_memid = 0; foreach($ListsToUse as $ListID) { //search for member in list! $result = mysql_query("SELECT * FROM " . $TABLEPREFIX . "members WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."' AND Confirmed='1' AND Status='1'"); if(mysql_num_rows($result)) { $temp = mysql_fetch_assoc($result); $temp_memid = $temp['MemberID']; mysql_query("UPDATE " . $TABLEPREFIX . "members SET FormID='".addslashes($FormID)."', ConfirmCode='".addslashes($ConfirmCode)."' WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"); $Good=1; $listname = mysql_result(mysql_query("SELECT ListName FROM " . $TABLEPREFIX . "lists WHERE ListID='" . addslashes($ListID) . "'"), 0, 0); $ListsList .= stripslashes($listname) . "\n"; $qry = "SELECT FieldID, Value FROM " . $TABLEPREFIX . "list_field_values WHERE ListID='" . addslashes($ListID) . "' AND UserID='" . addslashes($temp_memid) . "'"; $custom_fields_result = mysql_query($qry); while($custom_fields_row = mysql_fetch_assoc($custom_fields_result)) { $Tags['FIELD:' . $custom_fields_row['FieldID']] = stripslashes($custom_fields_row['Value']); } } } if($Good!=1) { $Tags["ERRORLIST"] = "

• Your email was not found in any of the selected mailing lists

"; // Should we output the error page, or redirect to a page they have specified? $eURL = ''; $result = mysql_query("select ResponseData from " . $TABLEPREFIX . "form_responses where FormID = " . addslashes($FormID) . " and ResponseName='ErrorURL'"); if (mysql_num_rows($result) > 0) { // Should we output the error page, or redirect to a page they have specified? $eURL = mysql_result($result, 0, 0); } $eURL = stripslashes_array($eURL); if($eURL != '' && $eURL != 'http://') { header('location: ' . $eURL . '?error=' . urlencode($Tags['ERRORLIST'])); die(); } else { echo ParsePage('ErrorPage',$Tags,$FormID); } } else { //send confirmation request email. $Tags["CONFIRMLINK"] = $ROOTURL . "users/unsub.php?Email=$Email&ConfirmCode=$ConfirmCode&Confirm=1"; $Tags['LISTS']=trim($ListsList); $ConfSubject = ParsePage('ConfirmSubject', $Tags, $FormID); $ConfEmail=ParsePage('ConfirmEmail', $Tags, $FormID); $send_from_name = $form['SendName']; $send_from_email = $form['SendEmail']; if (empty($send_from_name)) $send_from_name = $WebmasterName; if (empty($send_from_email)) $send_from_email = $WebmasterEmail; if (SAFE_MODE) { mail($Email,$ConfSubject,$ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">"); } else { mail($Email,$ConfSubject,$ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">", "-f".$send_from_email); } // Should we output the confirmation page, or redirect to a page they have specified? $pURL = ''; $result = mysql_query("SELECT ResponseData FROM " . $TABLEPREFIX . "form_responses WHERE FormID = '" . addslashes($FormID) . "' and ResponseName='ConfirmURL'"); if (mysql_num_rows($result) > 0) { $pURL = mysql_result($result, 0, 0); } if($pURL != '' && $pURL != 'http://') { header('location: ' . $pURL); die(); } else { echo ParsePage('ConfirmPage', $Tags, $FormID); } } } else { foreach($ListsToUse as $ListID) { //search for member in list! $list_check_result = mysql_query("SELECT MemberID FROM " . $TABLEPREFIX . "members WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"); if(mysql_num_rows($list_check_result)) { $memberid = mysql_result($list_check_result, 0, 0); if (UNSUBSCRIBE_DELETE_USER) { mysql_query("DELETE FROM " . $TABLEPREFIX . "members WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"); } else { mysql_query("UPDATE " . $TABLEPREFIX . "members Set Status=0 WHERE Email = '".addslashes($Email)."' AND ListID='".addslashes($ListID)."'"); } $qry = "SELECT FieldID, Value FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($memberid) . "' AND ListID='" . addslashes($ListID) . "'"; $result = mysql_query($qry); while($row = mysql_fetch_assoc($result)) { $Tags['FIELD:' . $row['FieldID']] = stripslashes($row['Value']); } if (UNSUBSCRIBE_DELETE_USER) { mysql_query("DELETE FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($memberid) . "' AND ListID='" . addslashes($ListID) . "'"); } $Good=1; } $list_result = mysql_fetch_assoc($list_check_result); } if($Good!=1) { $Tags['ERRORLIST'] = '

• Your email was not found in any of the selected mailing lists
'; // Should we output the error page, or redirect to a page they have specified? $eURL = ''; $result = mysql_query("select ResponseData from " . $TABLEPREFIX . "form_responses where FormID = " . addslashes($FormID) . " and ResponseName='ErrorURL'"); if (mysql_num_rows($result) > 0) { // Should we output the error page, or redirect to a page they have specified? $eURL = mysql_result($result, 0, 0); } if($eURL != '' && $eURL != 'http://') { header('location: ' . $eURL . '?error=' . urlencode($Tags['ERRORLIST'])); die(); } else { echo ParsePage('ErrorPage',$Tags,$FormID); } } else { $Tags['EMAIL']=$Email; $Tags['LISTS']=trim($ListsList); if($form['SendThankyou']==1) { $ConfSubject = ParsePage('ThanksSubject', $Tags, $FormID); $ConfEmail=ParsePage('ThanksEmail', $Tags, $FormID); $send_from_name = $form['SendName']; $send_from_email = $form['SendEmail']; if (empty($send_from_name)) $send_from_name = $WebmasterName; if (empty($send_from_email)) $send_from_email = $WebmasterEmail; if (SAFE_MODE) { mail($Email,$ConfSubject,$ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">"); } else { mail($Email,$ConfSubject,$ConfEmail, "From: " . $send_from_name . " <" . $send_from_email . ">", "-f".$send_from_email); } } if (isset($list_result['NotifyOwner']) && $list_result['NotifyOwner']) { // notify the list administrator. if ($list_result['WebmasterEmail']) { $emailmsg = "Someone has unsubscribed from your mailing list ('" . stripslashes($list_result['ListName']) . "')\n"; $emailmsg .= "Their email address is '" . $Email . "'\n\n"; if (SAFE_MODE) { mail($list_result['WebmasterEmail'], 'Unsubscribe notification', $emailmsg, "From: " . $Email); } else { mail($list_result['WebmasterEmail'], 'Unsubscribe notification', $emailmsg, "From: " . $Email, "-f" . $Email); } } } // Should we output the thankyou page, or redirect to a page they have specified? $tURL = ''; $result = mysql_query("select ResponseData from " . $TABLEPREFIX . "form_responses where FormID = " . addslashes($FormID) . " and ResponseName='ThanksURL'"); if (mysql_num_rows($result) > 0) { $tURL = mysql_result($result, 0, 0); } if($tURL != "" && $tURL != "http://") { header("location: " . $tURL); die(); } else { echo ParsePage("ThanksPage", $Tags, $FormID); } } } break; } # end switch($form['FormType']) } else { // This form isn't accepting subscriptions/unsubscriptions $type = ''; if($form['FormType'] == 'sub') $type = 'subscriptions'; else $type = 'unsubscriptions'; echo "This mailing list is currently not accepting " . $type . ".

Try Again..."; } } function ParsePage($PageID, $Tags, $FormID) { global $TABLEPREFIX; $page=mysql_fetch_array(mysql_query("SELECT * FROM " . $TABLEPREFIX . "form_responses WHERE FormID='".addslashes($FormID)."' AND ResponseName='".addslashes($PageID)."'")); $Page=stripslashes($page['ResponseData']); // outlook displays two new-lines so get rid of one of them. $Page = str_replace("\r\n", "\n", $Page); if (is_array($Tags) && !empty($Tags)) { foreach($Tags as $Tag=>$Value) { if (is_array($Value)) $Value = implode(',', $Value); $Page=str_replace("%$Tag%",$Value,$Page); } } $Page = stripslashes_array($Page); return $Page; } ?>