<?php

include('../includes/config.inc.php');
require_once('../admin/functions/general.php');

$Email = $_REQUEST['Email'];
$ConfirmCode = $_REQUEST['ConfirmCode'];

$res = mysql_query("SELECT * FROM " . $TABLEPREFIX . "members WHERE Confirmed = 0 AND Email = '".addslashes($Email)."' AND ConfirmCode = '".addslashes($ConfirmCode)."'");

$ListsList = '';

if(mysql_num_rows($res) > 0)
{
	$extra_mail_msg = '';

	$GLOBALS['NOTIFY_EMAIL_MESSAGE'] = '';

	while($c=mysql_fetch_array($res))
	{
		$FormID = stripslashes($c['FormID']);
		$memberid = stripslashes($c['MemberID']);

		$Tags = array();
		$Tags['EMAIL'] = $Email;

		$form=mysql_fetch_array(mysql_query("SELECT * FROM " . $TABLEPREFIX . "forms WHERE FormID='".addslashes($FormID)."'"));

		$newcode = md5(uniqid(rand(), true));
		mysql_query("UPDATE " . $TABLEPREFIX . "members SET ConfirmCode='" . addslashes($newcode) . "', Confirmed='1' WHERE MemberID='".addslashes($memberid)."'");

		$list_result = mysql_query("SELECT l.ListID, ListName, NotifyOwner, WebMasterEmail, WebMasterName FROM " . $TABLEPREFIX . "members m, " . $TABLEPREFIX . "lists l WHERE l.ListID=m.ListID AND m.MemberID='" . $memberid . "'");

		if (mysql_num_rows($list_result) > 0) {
			while($row = mysql_fetch_array($list_result)) {
				$WebMasterEmail = stripslashes($row['WebMasterEmail']);
				$WebMasterName = stripslashes($row['WebMasterName']);
				$ListID = (int)$row['ListID'];

				$ListsList .= stripslashes($row['ListName']) . "\n";

				if ($row['NotifyOwner'] == 1) {
					$mail_msg = "A person with the following details has joined your mailing list '" . stripslashes($row['ListName']) . "'.\n\n";

					// fields across the lists are all the same so we only need to fetch this information once.
					if ($GLOBALS['NOTIFY_EMAIL_MESSAGE'] == '') {
						$email_msg =  "Email address: " . $Email . "\n";

						$extra_mail_msg = '';
						
						// we use distinct here so it doesn't fetch the same value for each list.
						// and also because the lists could be owned by different admins
						// so we can't join on that field to eliminate the extra field(s)...
						$fields=mysql_query("SELECT DISTINCT lf.FieldID, lf.FieldName, lfv.Value FROM " . $TABLEPREFIX . "list_fields lf, ".$TABLEPREFIX."form_fields ff, " . $TABLEPREFIX . "list_field_values lfv WHERE ff.FieldID=lf.FieldID AND lfv.FieldID=ff.FieldID AND ff.FormID='".addslashes($FormID)."' AND lfv.ListID='" . addslashes($ListID)."' AND lfv.UserID='".addslashes($memberid)."' ORDER BY lf.FieldName");

						while($f=mysql_fetch_array($fields)) {
							$Tags['FIELD:'.$f['FieldID']]=$f['Value'];
							$extra_mail_msg .= stripslashes($f['FieldName']) . ": " . stripslashes($f['Value']) . "\n";
						}
						$email_msg .= $extra_mail_msg . "\n";
						$email_msg .= "You can just hit 'reply' if you would like to send this person a message.\n";

						$GLOBALS['NOTIFY_EMAIL_MESSAGE'] = $email_msg;
					}
					if (SAFE_MODE) {
						mail($WebMasterEmail, "Subscriber has joined " . stripslashes($row['ListName']), $mail_msg . $GLOBALS['NOTIFY_EMAIL_MESSAGE'], "From: " . $Email);
					} else {
						mail($WebMasterEmail, "Subscriber has joined " . stripslashes($row['ListName']), $mail_msg . $GLOBALS['NOTIFY_EMAIL_MESSAGE'], "From: " . $Email, "-f" . $Email);
					}
				}
			}
		} else {
			$ListID = 0;
		}
	}

	// we use distinct here so it doesn't fetch the same value for each list.
	// and also because the lists could be owned by different admins
	// so we can't join on that field to eliminate the extra field(s)...
	$fields=mysql_query("SELECT DISTINCT lf.FieldID, lf.FieldName, lfv.Value FROM " . $TABLEPREFIX . "list_fields lf, ".$TABLEPREFIX."form_fields ff, " . $TABLEPREFIX . "list_field_values lfv WHERE ff.FieldID=lf.FieldID AND lfv.FieldID=ff.FieldID AND ff.FormID='".addslashes($FormID)."' AND lfv.ListID='" . addslashes($ListID)."' AND lfv.UserID='".addslashes($memberid)."'");

	while($f=mysql_fetch_assoc($fields)) {
		$Tags['FIELD:'.$f['FieldID']]=stripslashes($f['Value']);
	}

	$Tags['LISTS']=trim($ListsList);

	if($form['SendThankyou']==1)
	{
		$Name = stripslashes($form['SendName']);
		$FromEmail = stripslashes($form['SendEmail']);
		if (empty($Name)) $Name = $WebMasterName;
		if (empty($FromEmail)) $FromEmail = $WebMasterEmail;

		$ConfSubject = ParsePage('ThanksSubject', $Tags, $FormID);
		$ConfEmail = ParsePage('ThanksEmail', $Tags, $FormID);

		if (SAFE_MODE) {
			mail($Email,$ConfSubject,$ConfEmail,"From: $Name <$FromEmail>");
		} else {
			mail($Email,$ConfSubject,$ConfEmail,"From: $Name <$FromEmail>", "-f" . $FromEmail);
		}
	}

	$tURL = '';

	$result = mysql_query("SELECT ResponseData FROM " . $TABLEPREFIX . "form_responses WHERE FormID = '" . addslashes($FormID) . "' and ResponseName='ThanksURL'");

	if (mysql_num_rows($result) > 0) {
		$tURL = mysql_result($result, 0, 0);
	}

	$tURL = stripslashes_array($tURL);

	if($tURL != '' && $tURL != 'http://') {
		header('location: ' . $tURL);
		die();
	} else {
		echo ParsePage('ThanksPage', $Tags, $FormID);
	}
}
else
{
	echo "<font face=Verdana size=2>You have already confirmed your subscription to this mailing list.</font>";
}

function ParsePage($PageID, $Tags, $FormID)
{
	global $TABLEPREFIX;

	$page = mysql_fetch_array(mysql_query("SELECT * FROM " . $TABLEPREFIX . "form_responses WHERE FormID='".addslashes($FormID)."' AND ResponseName='".addslashes($PageID)."'"));
	$Page = $page['ResponseData'];

	// outlook displays two new-lines so get rid of one of them.
	$Page = str_replace("\r\n", "\n", $Page);

	foreach($Tags as $Tag=>$Value)
	{
		$Page = str_replace("%$Tag%",$Value,$Page);
	}

	return stripslashes_array($Page);
}

?>