<?php

ini_set('display_errors', true);

	include('../includes/config.inc.php');

	require_once('../admin/functions/general.php');

	if (!defined('UNSUBSCRIBE_DELETE_USER')) {
		define('UNSUBSCRIBE_DELETE_USER', true);
	}

	$MemberID = isset($_GET['Mem']) ? $_GET['Mem'] : 0;
	$Email = isset($_GET['Email']) ? $_GET['Email'] : '';
	$ConfirmCode = $_GET['ConfirmCode'];

	if ($MemberID > 0) {
		$qry = "SELECT * FROM " . $TABLEPREFIX . "members WHERE MemberID='".addslashes($MemberID)."' AND ConfirmCode='".addslashes($ConfirmCode)."'";
	} else {
		$qry = "SELECT * FROM " . $TABLEPREFIX . "members WHERE Email='".addslashes($Email)."' AND ConfirmCode='".addslashes($ConfirmCode)."'";
	}

	$res = mysql_query($qry);

	$Tags = array();
	$lists = array();
	$ListsList = '';

	$custom_field_info = array();

	if(mysql_num_rows($res) > 0)
	{
		while($c=mysql_fetch_array($res))
		{
			$lists[] = $c['ListID'];

			$MemberID = $c['MemberID'];
			$Member_Email = $c['Email'];
			if (UNSUBSCRIBE_DELETE_USER) {
				mysql_query("DELETE FROM " . $TABLEPREFIX . "members WHERE MemberID='" . addslashes($MemberID) . "'");
			} else {
				mysql_query("UPDATE " . $TABLEPREFIX . "members SET Status=0 WHERE MemberID='" . addslashes($MemberID) . "'");
			}
			$qry = "SELECT FieldID, Value FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($MemberID) . "' AND ListID='" . addslashes($c['ListID']) . "'";
			$result = mysql_query($qry);
			while($row = mysql_fetch_assoc($result)) {
				$custom_field_name = mysql_result(mysql_query("SELECT FieldName FROM " . $TABLEPREFIX . "list_fields WHERE FieldID='" . addslashes($row['FieldID']) . "'"), 0, 0);

				$custom_field_info[$c['ListID']][] = array('FieldName' => $custom_field_name, 'Value' => stripslashes($row['Value']));

				$Tags['FIELD:' . $row['FieldID']] = stripslashes($row['Value']);
			}

			if (UNSUBSCRIBE_DELETE_USER) {
				mysql_query("DELETE FROM " . $TABLEPREFIX . "list_field_values WHERE UserID='" . addslashes($MemberID) . "' AND ListID='" . addslashes($c['ListID']) . "'");
			}

			$form = mysql_fetch_assoc(mysql_query("SELECT * FROM " . $TABLEPREFIX . "forms f, " . $TABLEPREFIX . "form_lists fl WHERE f.FormType='unsub' AND f.FormID=fl.FormID AND fl.ListID='" . addslashes($c['ListID']) . "'"));
		}

		$FormID = $form['FormID'];

		$Tags['EMAIL'] = $Member_Email;

		foreach($lists as $ListID) {
			// Workout the webmaster name and email
			$wResult = mysql_query("SELECT ListName, NotifyOwner, WebmasterEmail, WebMasterName FROM " . $TABLEPREFIX . "lists WHERE ListID='".addslashes($ListID)."'");

			$NotifyOwner = false;

			$ListName = $WebmasterEmail = '';

			if($wRow = mysql_fetch_array($wResult)) {
				$ListName = $wRow['ListName'];
				$ListsList .= $ListName . "\n";

				$NotifyOwner = ($wRow['NotifyOwner'] == 1) ? true : false;
				$WebmasterEmail = $wRow['WebmasterEmail'];
				$WebMasterName = $wRow['WebMasterName'];
			}

			// notify the list administrator.
			if ($NotifyOwner && $WebmasterEmail) {
				$emailmsg = "Someone has unsubscribed from your mailing list ('" . $ListName . "')\n";
				$emailmsg .= "Their email address is '" . $Member_Email . "'\n\n";
				$custom_field_msg = '';
				if (isset($custom_field_info[$ListID]) && is_array($custom_field_info[$ListID]) && !empty($custom_field_info[$ListID])) {
					foreach($custom_field_info[$ListID] as $key => $data) {
						$custom_field_msg .= $data['FieldName'] . ': ' . $data['Value'] . "\n";
					}
				}
				if ($custom_field_msg) $emailmsg .= "Custom Field Information:\n" . $custom_field_msg . "\n";
				if (SAFE_MODE) {
					mail($WebmasterEmail, 'Unsubscribe notification', $emailmsg, "From: " . $Member_Email);
				} else {
					mail($WebmasterEmail, 'Unsubscribe notification', $emailmsg, "From: " . $Member_Email, "-f" . $Member_Email);
				}
			}
		}

		$Tags['LISTS'] = trim($ListsList);

		$Name = stripslashes($form['SendName']);
		$FromEmail = stripslashes($form['SendEmail']);
		if (empty($Name)) $Name = $WebMasterName;
		if (empty($FromEmail)) $FromEmail = $WebmasterEmail;

		if($form['SendThankyou'] == 1) {
			$ConfSubject = ParsePage('ThanksSubject', $Tags, $FormID);
			$ConfEmail = ParsePage('ThanksEmail', $Tags, $FormID);

			if ($WebmasterEmail == '' || SAFE_MODE) {
				mail($Member_Email,$ConfSubject,$ConfEmail,"From: $Name <$FromEmail>");
			} else {
				mail($Member_Email,$ConfSubject,$ConfEmail,"From: $Name <$FromEmail>", "-f" . $FromEmail);
			}
		}


		$tURL = '';

		$result = mysql_query("SELECT ResponseData FROM " . $TABLEPREFIX . "form_responses where FormID = '" . addslashes($FormID) . "' and ResponseName='ThanksURL'");

		if (mysql_num_rows($result) > 0) {
			$tURL = mysql_result($result, 0, 0);
		}

		$tURL = stripslashes_array($tURL);

		if($tURL != '' && $tURL != 'http://') {
			header('location: ' . $tURL);
			die();
		} else {
			if($FormID != 0)
				echo ParsePage('ThanksPage', $Tags, $FormID);
			else
				echo "<font face=Verdana size=2>You have successfully unsubscribed from our mailing list.</font>";
		}

	} else {
		echo "<font face=Verdana size=2>Your email address was not found in our database.</font>";
	}

	function ParsePage($PageID, $Tags, $FormID)
	{
		global $TABLEPREFIX;

		$page=mysql_fetch_array(mysql_query("SELECT * FROM " . $TABLEPREFIX . "form_responses WHERE FormID='".addslashes($FormID)."' AND ResponseName='".addslashes($PageID)."'"));
		$Page=$page['ResponseData'];

		// outlook displays two new-lines so get rid of one of them.
		$Page = str_replace("\r\n", "\n", $Page);

		foreach($Tags as $Tag=>$Value)
		{
			$Page = str_replace("%$Tag%",$Value,$Page);
		}

		return stripslashes_array($Page);
	}

?>