관리-도구
편집 파일: send_core.php
<?php // 2004-1-7 This function really isn't quite ready for register globals. require_once dirname(__FILE__).'/accesscheck.php'; #initialisation############### // Verify that FCKeditor is available if (USEFCK && file_exists("./FCKeditor/fckeditor.php")) { include("./FCKeditor/fckeditor.php") ; // Create the editor object here so we can check to see if *it* wants us to use it (this // does a browser check, etc. $oFCKeditor = new FCKeditor('message') ; $usefck = $oFCKeditor->IsCompatible(); unset($oFCKeditor); // This object is *very* short-lived. Thankfully, it's also light-weight } else { $usefck = 0; } // Verify that TinyMCE is available $useTinyMCE = 0; if (USETINYMCEMESG && file_exists(TINYMCEPATH)) { $useTinyMCE = 1; } include_once dirname(__FILE__). "/date.php"; $errormsg = ''; $rss_content = ''; $done = 0; $messageid = 0; $duplicate_atribute = 0; # not actually used it seems @@@ check $embargo = new date("embargo"); $embargo->useTime = true; $repeatuntil = new date("repeatuntil"); $repeatuntil->useTime = true; if (empty($_GET['id'])) { $_GET['id'] = ''; } $baseurl = PageURL2($_GET["page"].'&id='.$_GET["id"]); echo '<script language="Javascript" src="js/jslib.js" type="text/javascript"></script><hr><p>'; // load some variables in a register globals-safe fashion if (isset($_POST['send'])) { $send = $_POST["send"]; // Only get this from the POST variable (not session or anywhere else) } else { $send = ''; } if (isset($_POST['prepare'])) { $prepare = $_POST["prepare"]; } else { $prepare = ''; } if (isset($_GET['id'])) { $id = sprintf('%d',$_GET["id"]); // Only get this from the GET variable } else { $id = 0; } if (isset($_POST['save'])) { $save = $_POST["save"]; // Save button pressed? } else { $save = ''; } if (isset($_POST['sendtest'])) { $sendtest = $_POST["sendtest"]; } else { $sendtest = ''; } if (!isset($_GET['tab'])) $_GET['tab'] = ''; if (!$id) { $defaulttemplate = getConfig('defaultmessagetemplate'); Sql_Query(sprintf('insert into %s (subject,status,entered,sendformat,embargo,repeatuntil,owner,template,tofield,replyto) values("(no subject)","draft",now(),"HTML",now(),now(),%d,%d,"","")',$GLOBALS["tables"]["message"],$_SESSION["logindetails"]["id"],$defaulttemplate)); $id = Sql_Insert_id(); # 0008720: Using -p send from the commandline doesn't seem to work if(!$GLOBALS["commandline"]){ Redirect($_GET["page"]."&id=$id"); exit; } } if (isset($_GET['deleterule']) && $_GET["deleterule"]) { Sql_Query(sprintf('delete from %s where name = "criterion%d" and id = %d',$GLOBALS["tables"]["messagedata"],$_GET["deleterule"],$_GET["id"])); Redirect($_GET["page"]."&id=$id&tab=".$_GET["tab"]); } ob_end_flush(); #load database data########################### // If we were passed an ID in the get, and we *weren't* posted a send, then // initialize the variables from the database. #if (((!$send) && (!$save) && (!$sendtest)) && ($id)) { if ($id) { // Load message attributes / values require $GLOBALS["coderoot"] . "structure.php"; // This gets the database structures into DBStruct $result = Sql_query("SELECT * FROM {$tables["message"]} where id = $id $ownership"); if (!Sql_Affected_Rows()) { print $GLOBALS['I18N']->get("noaccess"); $done = 1; return; } while ($msg = Sql_fetch_array($result)) { foreach ($DBstruct["message"] as $field => $rec) { if (!isset($_POST[$field])) { # print "Db: $field = $msg[$field]<br/>"; $_POST[$field] = $msg[$field]; } } } if (!isset($_POST['targetlist']) || !is_array($_POST["targetlist"])) { $_POST["targetlist"] = array(); // Load lists that were targetted with message... $result = Sql_Query("select $tables[list].name,$tables[list].id from $tables[listmessage],$tables[list] where $tables[listmessage].messageid = $id and $tables[listmessage].listid = $tables[list].id"); while ($lst = Sql_fetch_array($result)) { $_POST["targetlist"][$lst["id"]] = 1; } } // A bit of additional cleanup if (!isset($_POST["from"])) $_POST["from"] = $_POST["fromfield"]; // Database field name doesn't match form fieldname... if (!isset($_POST["forwardsubject"])) { $_POST["forwardsubject"] = ""; } else $_POST["forwardsubject"] = sprintf("%s", $_POST["forwardsubject"]); if (!isset($_POST["forwardmessage"])) { $_POST["forwardmessage"] = ""; } else $_POST["forwardmessage"] = sprintf("%s", $_POST["forwardmessage"]); if (!isset($_POST["forwardfooter"])) { $_POST["forwardfooter"] = ""; } else $_POST["forwardfooter"] = sprintf("%s", $_POST["forwardfooter"]); if (!isset($_POST["msgsubject"])) { $_POST["msgsubject"] = sprintf("%s",$_POST["subject"]); } else { $_POST['subject'] = sprintf("%s",$_POST['msgsubject']); } if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["embargo"] && $_POST["embargo"] != "0000-00-00 00:00:00") { $embargo->setDateTime($_POST["embargo"]); } if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["repeatuntil"] && $_POST["repeatuntil"] != "0000-00-00 00:00:00") { $repeatuntil->setDateTime($_POST["repeatuntil"]); } # not sure why this is here, but it breaks things when tables are used in the # message, so for now disable it. if (0) {#$usefck) { $_POST["message"] = nl2br($_POST["message"]); } // Load the criteria settings... } // If we've got magic quotes on, then we need to get rid of the slashes - either // from the database or from the previous $_POST #if (get_magic_quotes_gpc()) { $_POST["msgsubject"] = stripslashes($_POST["msgsubject"]); #0013076: different content when forwarding 'to a friend' $_POST["forwardsubject"] = stripslashes($_POST["forwardsubject"]); $_POST["from"] = stripslashes($_POST["from"]); $_POST["tofield"] = stripslashes($_POST["tofield"]); $_POST["replyto"] = stripslashes($_POST["replyto"]); $_POST["message"] = stripslashes($_POST["message"]); #0013076: different content when forwarding 'to a friend' $_POST["forwardmessage"] = stripslashes($_POST["forwardmessage"]); $_POST["textmessage"] = stripslashes($_POST["textmessage"]); $_POST["footer"] = stripslashes($_POST["footer"]); #0013076: different content when forwarding 'to a friend' $_POST["forwardfooter"] = stripslashes($_POST["forwardfooter"]); #} #input checking####################### $duplicate_attribute = 0; # check the criterias, one attribute can only exist once if ($send) { $used_attributes = array(); for ($i=1;$i<=NUMCRITERIAS;$i++) { if (isset($_POST["use"][$i])) { $attribute = $_POST["criteria"][$i]; if (!in_array($attribute,$used_attributes)) array_push($used_attributes,$attribute); else $duplicate_attribute = 1; } } } if (!isset($id)) { $id = $_POST["id"]; }; // Pull in the id value from the post if it wasnt in the get #if ($_POST["htmlformatted"] == "auto") $htmlformatted = strip_tags($_POST["message"]) != $_POST["message"]; #else # $htmlformatted = $_POST["htmlformatted"]; # sanitise the header fields, what else do we need to check on? if (preg_match("/\n|\r/",$_POST["from"])) { $from = ""; } else { $from = $_POST["from"]; } if (preg_match("/\n|\r/",$_POST["msgsubject"])) { $subject = ""; } else { $subject = $_POST["msgsubject"]; } if (preg_match("/\n|\r/",$_POST["forwardsubject"])) { $forwardsubject = ""; } else { $forwardsubject = $_POST["forwardsubject"]; } if (preg_match("/\n|\r/",$_POST["forwardmessage"])) { $forwardmessage = ""; } else { $forwardmessage = $_POST["forwardmessage"]; } if (preg_match("/\n|\r/",$_POST["forwardfooter"])) { $forwardfooter = ""; } else { $forwardfooter = $_POST["forwardfooter"]; } $message = $_POST["message"]; // If the variable isn't filled in, then the input fields don't default to the // values selected. Need to fill it in so a post will correctly display. if ((isset($_POST['year']) && is_array($_POST["year"])) || $_POST["embargo"] || $_POST["embargo"] == "0000-00-00 00:00:00") { $_POST["embargo"] = $embargo->getDate() ." ".$embargo->getTime().':00'; } if ((isset($_POST['year']) && is_array($_POST["year"])) || !$_POST["repeatuntil"] || $_POST["repeatuntil"] == "0000-00-00 00:00:00") { $_POST["repeatuntil"] = $repeatuntil->getDate() ." ".$repeatuntil->getTime().':00'; } if (!isset($_SESSION["fckeditor_height"])) { $_SESSION["fckeditor_height"] = getConfig("fckeditor_height"); } if (isset($_POST['expand']) && $_POST["expand"]) { // request to expand editor area // $defaultheight = getConfig("fckeditor_height"); // SaveConfig("fckeditor_height",$curheight+100,1); $_SESSION["fckeditor_height"] += 100; } if (isset($_REQUEST['prepare'])) { $prepare = $_REQUEST['prepare']; } else { $prepare = ''; } #actions and store in database####################### if ($send || $sendtest || $prepare || $save) { if ($save || $sendtest) { // We're just saving, not sending. if (!isset($_POST['status']) || $_POST["status"] == "") { // No status - move to draft state $status = "draft"; } else { // Keep the status the same $status = $_POST["status"]; } } elseif ($send) { // We're sending - change state to "send-it" status! if (is_array($_POST["targetlist"]) && sizeof($_POST["targetlist"]) && $subject && $from && $message && !$duplicate_attribute) { $status = "submitted"; } else { if (USE_PREPARE) { $status = "prepared"; } else { $status = "draft"; } } } if (ENABLE_RSS && $_POST["rsstemplate"]) { # mark previous RSS templates with this frequency and owner as sent # this should actually be much more complex than this: # templates should be allowed by list and therefore a subset of lists, but # for now we leave it like this # the trouble is that this may duplicate RSS messages to users, because # it can cause multiple template for lists. The user_rss should handle that, but it is # not guaranteed which message will be used. # Sql_Query(sprintf('update %s set status = "sent" where rsstemplate = "%s" and owner = %d', # $tables["message"],$_POST["rsstemplate"],$_SESSION["logindetails"]["id"])); # with RSS message we enforce repeat switch ($_POST["rsstemplate"]) { case "weekly": $_POST["repeatinterval"] = 10080; break; case "monthly": $_POST["repeatinterval"] = 40320; break; case "daily": default: $_POST["repeatinterval"] = 1440; break; } $_POST["repeatuntil"] = date("Y-m-d H:i:00",mktime(0,0,0,date("m"),date("d"),date("Y")+1)); } if (!$htmlformatted && strip_tags($_POST["message"]) != $_POST["message"]) $errormsg = '<span class="error">'.$GLOBALS['I18N']->get("htmlusedwarning").'</span>'; $query = sprintf('update %s set '. 'subject = "%s", '. 'fromfield = "%s", '. 'tofield = "%s", '. 'replyto = "%s", '. 'embargo = "%s", '. 'repeatinterval = %d, '. 'repeatuntil = "%s", '. 'message = "%s", '. 'textmessage = "%s", '. 'footer = "%s", '. 'status = "%s", '. 'htmlformatted = %d, '. 'sendformat = "%s", '. 'template = %d, '. 'rsstemplate = "%s" '. 'where id = %d', $tables["message"], addslashes($subject), addslashes($from), addslashes($_POST["tofield"]), addslashes($_POST["replyto"]), $_POST["embargo"], $_POST["repeatinterval"], $_POST["repeatuntil"], addslashes($_POST["message"]), addslashes($_POST["textmessage"]), addslashes($_POST["footer"]), $status, $htmlformatted, $_POST["sendformat"], $_POST["template"], $_POST["rsstemplate"], $id); # print $query; $result = Sql_query($query); $messageid = $id; # print "Message ID: $id"; # exit; if (!$GLOBALS["has_pear_http_request"] && preg_match("/\[URL:/i",$_POST["message"])) { print Warn($GLOBALS['I18N']->get('warnnopearhttprequest')); } // More "Insert only" stuff here (no need to change it on an edit!) if (isset($_POST["targetlist"]) && is_array($_POST["targetlist"])) { Sql_query("delete from {$tables["listmessage"]} where messageid = $messageid"); if ( (isset($_POST["targetlist"]["all"]) && $_POST["targetlist"]["all"] == "on") || (isset($_POST["targetlist"]["allactive"]) && $_POST["targetlist"]["allactive"] == "on") ) { $res = Sql_query("select * from $tables[list] $subselect"); while($row = Sql_fetch_array($res)) { $listid = $row["id"]; if ($row["active"] || $_POST["targetlist"]["all"] == "on") { $result = Sql_query("insert ignore into $tables[listmessage] (messageid,listid,entered) values($messageid,$listid,now())"); } } } else { foreach($_POST["targetlist"] as $listid => $val) { $result = Sql_query("insert ignore into $tables[listmessage] (messageid,listid,entered) values($messageid,$listid,now())"); } } } else { # mark this message as listmessage for list 0 $result = Sql_query("insert ignore into $tables[listmessage] (messageid,listid,entered) values($messageid,0,now())"); } if (USE_LIST_EXCLUDE) { if (isset($_POST["excludelist"]) && is_array($_POST["excludelist"])) { $exclude = join(",",$_POST["excludelist"]); Sql_Query(sprintf('replace into %s (name,id,data) values("excludelist",%d,"%s")',$tables["messagedata"],$messageid,$exclude)); } else { Sql_Query(sprintf('replace into %s (name,id,data) values("excludelist",%d,"%s")',$tables["messagedata"],$messageid,0)); } } #0013076: different content when forwarding 'to a friend' if (FORWARD_ALTERNATIVE_CONTENT && $_GET['tab'] == 'Forward') { foreach( array('forwardsubject', 'forwardmessage', 'forwardfooter') as $var) { Sql_Query(sprintf('replace into %s (name,id,data) values("%s",%d,"%s")', $tables["messagedata"], $var, $messageid, addslashes($_REQUEST[$var]))); } } # we want to create a join on tables as follows, in order to find users who have their attributes to the values chosen # (independent of their list membership). # select # table1.userid from user_attribute as table1 # left join user_attribute as table2 on table1.userid = table2.userid # left join user_attribute as table3 on table1.userid = table3.userid # ... # where # table1.attributeid = 2 and table1.value in (1,2,3,4) # and table2.attributeid = 1 and table2.value in (3,15) # and table3.attributeid = 3 and table3.value in (4,5,6) # ... # check the criterias, create the selection query $used_tables = array(); for ($i=1;$i<=NUMCRITERIAS;$i++) { if (isset($_POST["use"][$i])) { $attribute = $_POST["criteria"][$i]; $type = $_POST["attrtype"][$attribute]; switch($type) { case "checkboxgroup": $values = "attr$attribute$i"; $or_clause = ''; if (isset($where_clause)) { $where_clause .= " and "; $select_clause .= " left join $tables[user_attribute] as table$i on table$first.userid = table$i.userid "; } else { $select_clause = "table$i.userid from $tables[user_attribute] as table$i "; $first = $i; } $where_clause .= "table$i.attributeid = $attribute and ("; if (is_array($_POST[$values])) { foreach ($_POST[$values] as $val) { if ($or_clause != '') { $or_clause .= " or "; } $or_clause .= "find_in_set('$val',table$i.value) > 0"; } } $where_clause .= $or_clause . ")"; break; case "checkbox": $values = "attr$attribute$i"; $value = $_POST[$values][0]; if (isset($where_clause)) { $where_clause .= " and "; $select_clause .= " left join $tables[user_attribute] as table$i on table$first.userid = table$i.userid "; } else { $select_clause = "table$i.userid from $tables[user_attribute] as table$i "; $first = $i; } $where_clause .= "table$i.attributeid = $attribute and "; if ($value) { $where_clause .= "( length(table$i.value) and table$i.value != \"off\" and table$i.value != \"0\") "; } else { $where_clause .= "( table$i.value = \"\" or table$i.value = \"0\" or table$i.value = \"off\") "; } break; default: $values = "attr$attribute$i"; if (isset($where_clause)) { $where_clause .= " and "; $select_clause .= " left join $tables[user_attribute] as table$i on table$first.userid = table$i.userid "; } else { $select_clause = "table$i.userid from $tables[user_attribute] as table$i "; $first = $i; } $where_clause .= "table$i.attributeid = $attribute and table$i.value in ("; $list = array(); if (is_array($_POST[$values])) { while (list($key,$val) = each ($_POST[$values])) array_push($list,$val); } $where_clause .= join(", ",$list) . ")"; } } } # if no selection was made, use all if (!isset($where_clause)) { $count_query = ""; # $count_query = addslashes("select distinct userid from $tables[user_attribute]"); } else { $count_query = addslashes("select $select_clause where $where_clause"); Sql_query("update $tables[message] set userselection = \"$count_query\" where id = $messageid"); } # commented, because this could take too long # Sql_Query($count_query); # $num = Sql_Affected_rows(); # new criteria system, add one by one: if (isset($_POST["criteria_attribute"]) && $_POST["criteria_attribute"]) { $operator = $_POST["criteria_operator"]; if (is_array($_POST["criteria_values"])) { $values = join(", ",$_POST["criteria_values"]); $values = cleanCommaList($values); } else { $values = $_POST["criteria_values"]; } foreach ($_POST["attribute_names"] as $key => $val) { $att_names[$key] = $val; } $newcriterion = array( "attribute" => sprintf('%d',$_POST["criteria_attribute"]), "attribute_name" => $att_names[$_POST["criteria_attribute"]], "operator" => $operator, "values" => $values, ); # find out what number we are $numarr = Sql_Fetch_Row_Query(sprintf('select data from %s where id = %d and name = "numcriteria"', $tables["messagedata"],$messageid)); $num = sprintf('%d',$numarr[0]+1); # store this one # print $att_names[$_POST["criteria_attribute"]]; # print $_POST["attribute_names[".$_POST["criteria_attribute"]."]"]; print "<p>".$GLOBALS['I18N']->get("adding")." ".$newcriterion["attribute_name"]." ".$newcriterion["operator"]." ".$newcriterion["values"]."</p>"; Sql_Query(sprintf('insert into %s (name,id,data) values("criterion%d",%d,"%s")', $tables["messagedata"],$num,$messageid,delimited($newcriterion))); # increase number Sql_Query(sprintf('replace into %s (name,id,data) values("numcriteria",%d,"%s")', $tables["messagedata"],$messageid,$num)); # save overall operator } if (isset($_POST["criteria_match"])) { Sql_Query(sprintf('replace into %s (name,id,data) values("criteria_overall_operator",%d,"%s")', $tables["messagedata"],$messageid,$_POST["criteria_match"])); } if (isset($_POST['notify_start']) && $_POST['notify_start']) { Sql_Query(sprintf('replace into %s set name = "notify_start",id = %d,data = "%s"', $GLOBALS['tables']['messagedata'],$id,$_POST['notify_start'])); } if (isset($_POST['notify_end']) && $_POST['notify_end']) { Sql_Query(sprintf('replace into %s set name = "notify_end",id = %d,data = "%s"', $GLOBALS['tables']['messagedata'],$id,$_POST['notify_end'])); } if (ALLOW_ATTACHMENTS && isset($_FILES) && is_array($_FILES) && sizeof($_FILES) > 0) { for ($att_cnt = 1;$att_cnt <= NUMATTACHMENTS;$att_cnt++) { $fieldname = "attachment".$att_cnt; $tmpfile = $_FILES[$fieldname]['tmp_name']; $remotename = $_FILES[$fieldname]["name"]; $type = $_FILES[$fieldname]["type"]; $newtmpfile = $remotename.time(); move_uploaded_file($tmpfile, $GLOBALS['tmpdir'].'/'. $newtmpfile); if (is_file($GLOBALS['tmpdir'].'/'.$newtmpfile) && filesize($GLOBALS['tmpdir'].'/'.$newtmpfile)) { $tmpfile = $GLOBALS['tmpdir'].'/'.$newtmpfile; } if (strlen($_POST[$type]) > 255) print Warn($GLOBALS['I18N']->get("longmimetype")); $description = $_POST[$fieldname."_description"]; if ($tmpfile && filesize($tmpfile) && $tmpfile != "none") { list($name,$ext) = explode(".",basename($remotename)); # create a temporary file to make sure to use a unique file name to store with $newfile = tempnam($GLOBALS["attachment_repository"],$name); $newfile .= ".".$ext; $newfile = basename($newfile); $file_size = filesize($tmpfile); $fd = fopen( $tmpfile, "r" ); $contents = fread( $fd, filesize( $tmpfile ) ); fclose( $fd ); if ($file_size) { # this may seem odd, but it allows for a remote (ftp) repository # also, "copy" does not work across filesystems $fd = fopen($GLOBALS["attachment_repository"]."/".$newfile, "w" ); fwrite( $fd, $contents ); fclose( $fd ); Sql_query(sprintf('insert into %s (filename,remotefile,mimetype,description,size) values("%s","%s","%s","%s",%d)', $tables["attachment"], basename($newfile),$remotename,$type,$description,$file_size) ); $attachmentid = Sql_Insert_id(); Sql_query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)', $tables["message_attachment"],$messageid,$attachmentid)); if (is_file($tmpfile)) { unlink($tmpfile); } # do a final check if (filesize($GLOBALS["attachment_repository"]."/".$newfile)) print Info($GLOBALS['I18N']->get("addingattachment")." ".$att_cnt . " .. ok"); else print Info($GLOBALS['I18N']->get("addingattachment")." ".$att_cnt." .. failed"); } else { print Warn($GLOBALS['I18N']->get("uploadfailed")); } } elseif ($_POST["localattachment".$att_cnt]) { $type = findMime(basename($_POST["localattachment".$att_cnt])); Sql_query(sprintf('insert into %s (remotefile,mimetype,description,size) values("%s","%s","%s",%d)', $tables["attachment"], $_POST["localattachment".$att_cnt],$type,$description,filesize($_POST["localattachment".$att_cnt])) ); $attachmentid = Sql_Insert_id(); Sql_query(sprintf('insert into %s (messageid,attachmentid) values(%d,%d)', $tables["message_attachment"],$messageid,$attachmentid)); print Info($GLOBALS['I18N']->get("addingattachment")." ".$att_cnt. " mime: $type"); } } } if ($_POST["id"]) { print "<h3>".$GLOBALS['I18N']->get("saved")."</H3><br/>"; } else { $id = $messageid; // New ID - need to set it for later use (test email). print "<h3>".$GLOBALS['I18N']->get("added")."</H3><br/>"; } // If we're sending the message, just return now to the calling script # we only need to check that everything is there, once we actually want to send if ($send && $subject && $from && $message && !$duplicate_atribute && sizeof($_POST["targetlist"])) { if ($status == "submitted") { print "<h3>".$GLOBALS['I18N']->get("queued")."</h3>"; print '<p>'.PageLink2("processqueue",$GLOBALS['I18N']->get("processqueue")).'</p>'; } $done = 1; return; } elseif ($send || $sendtest) { $errormessage = ""; if ($subject != stripslashes($_POST["subject"])) { $errormessage = $GLOBALS['I18N']->get("errorsubject"); } elseif ($from != $_POST["from"]) { $errormessage = $GLOBALS['I18N']->get("errorfrom"); } elseif (!$from) { $errormessage = $GLOBALS['I18N']->get("enterfrom"); } elseif (!$message) { $errormessage = $GLOBALS['I18N']->get("entermessage"); } elseif (!$subject) { $errormessage = $GLOBALS['I18N']->get("entersubject"); } elseif ($duplicate_attribute) { $errormessage = $GLOBALS['I18N']->get("duplicateattribute"); } elseif ($send && !is_array($_POST["targetlist"])) { $errormessage = $GLOBALS['I18N']->get("selectlist"); } echo "<font color=red size=+2>$errormessage</font><br>\n"; } // OK, the message has been saved, now check to see if we need to send a test message if ($sendtest) { echo "<HR>"; // Let's send test messages to everyone that was specified in the if ($_POST["testtarget"] == "") { print "<font color=red size=+2>".$GLOBALS['I18N']->get("notargetemail")."</font><br>"; } if (isset($cached)) unset($cached[$id]); include "sendemaillib.php"; // OK, let's get to sending! $emailaddresses = split('[/,,/;]', $_POST["testtarget"]); foreach ($emailaddresses as $address) { $address = trim($address); $result = Sql_query(sprintf('select id,email,uniqid,htmlemail,rssfrequency,confirmed from %s where email = "%s"',$tables["user"],$address)); if ($user = Sql_fetch_array($result)) { if ( FORWARD_ALTERNATIVE_CONTENT && $_GET['tab'] == 'Forward') { if (SEND_ONE_TESTMAIL) { $success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail'], array(), array($address) ); } else { $success = sendEmail($id, $address, $user["uniqid"], 1, array(), array($address) ) && sendEmail($id, $address, $user["uniqid"], 0, array(), array($address)); } } else { if (SEND_ONE_TESTMAIL) { $success = sendEmail($id, $address, $user["uniqid"], $user['htmlemail']); } else { $success = sendEmail($id, $address, $user["uniqid"], 1) && sendEmail($id, $address, $user["uniqid"], 0); } } print $GLOBALS['I18N']->get("sentemailto").": $address "; if (!$success) { print $GLOBALS['I18N']->get('failed'); } else { print $GLOBALS['I18N']->get('success'); } print '<br/>'; } else { print "<font color=red>".$GLOBALS['I18N']->get("emailnotfound").": $address</font><br>"; } } echo "<HR>"; } } elseif (isset($_POST["deleteattachments"]) && is_array($_POST["deleteattachments"]) && $id) { if (ALLOW_ATTACHMENTS) { // Delete Attachment button hit... $deleteattachments = $_POST["deleteattachments"]; foreach($deleteattachments as $attid) { $result = Sql_Query(sprintf("Delete from %s where id = %d and messageid = %d", $tables["message_attachment"], $attid, $id)); print Info($GLOBALS['I18N']->get("removedattachment")." ".$att_cnt); // NOTE THAT THIS DOESN'T ACTUALLY DELETE THE ATTACHMENT FROM THE DATABASE, OR // FROM THE FILE SYSTEM - IT ONLY REMOVES THE MESSAGE / ATTACHMENT LINK. THIS // SHOULD PROBABLY BE CORRECTED, BUT I (Pete Ness) AM NOT SURE WHAT OTHER IMPACTS // THIS MAY HAVE. // (My thoughts on this are to check for any orphaned attachment records and if // there are any, to remove it from the disk and then delete it from the database). } } } # load all message data $messagedata = loadMessageData($id); #0013076: different content when forwarding 'to a friend' if (FORWARD_ALTERNATIVE_CONTENT) { foreach( array('forwardsubject', 'forwardmessage', 'forwardfooter') as $var) { if (isset($_REQUEST[$var])) { ${$var} = stripslashes($_REQUEST[$var]); } else { ${$var} = stripslashes($messagedata[$var]); } } if (!$forwardfooter) $forwardfooter = getConfig("forwardfooter"); } ############################## # Stacked attributes, processing and calculation ############################## if (STACKED_ATTRIBUTE_SELECTION) { # read criteria and parse it into a user query $num = sprintf('%d',isset($messagedata['numcriteria']) ? $messagedata['numcriteria']: 0); # print '<br/>'.$num . " criteria already defined"; $ls = new WebblerListing($GLOBALS['I18N']->get("existingcriteria")); $used_attributes = array(); $delete_base = sprintf('%s&id=%d&tab=%s',$_GET["page"],$_GET["id"],$_GET["tab"]); $tc = 0; # table counter if (!isset($messagedata['criteria_overall_operator'])) { $messagedata['criteria_overall_operator'] = ''; } $mainoperator = $messagedata['criteria_overall_operator'] == "all"? ' and ':' or '; $subqueries = array(); for ($i = 1; $i<=$num;$i++) { $crit_data = parseDelimitedData($messagedata[sprintf('criterion%d',$i)]); if ($crit_data["attribute"]) { array_push($used_attributes,$crit_data["attribute"]); $ls->addElement('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"]); $ls->addColumn('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"],$GLOBALS['I18N']->get('operator'),$GLOBALS['I18N']->get($crit_data["operator"])); $ls->addColumn('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"],$GLOBALS['I18N']->get('values'),$crit_data["values"]); $ls->addColumn('<!--'.$crit_data["attribute"].'-->'.$crit_data["attribute_name"],$GLOBALS['I18N']->get('remove'),PageLink2($delete_base."&deleterule=".$i,$GLOBALS['I18N']->get("remove"))); if (isset($_POST["criteria"][$i])) { $attribute = $_POST["criteria"][$i]; } else { $attribute = ''; } ## fix 6063 $crit_data["values"] = str_replace(" ", "",$crit_data["values"]); # hmm, rather get is some other way, this is a bit unnecessary $type = Sql_Fetch_Row_Query("select type from {$tables["attribute"]} where id = ".$crit_data["attribute"]); $operator = $where_clause = $select_clause = ""; switch($type[0]) { case "checkboxgroup": $or_clause = ''; if ($tc) { $where_clause .= " $mainoperator "; $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid "; } else { $select_clause = "table$tc.userid from $tables[user_attribute] as table$tc "; } $where_clause .= " ( table$tc.attributeid = ".$crit_data["attribute"]." and ("; if ($crit_data["operator"] == "is") { $operator = ' or '; $compare = ' > '; } else { $operator = ' and '; $compare = ' < '; } foreach (explode(",",$crit_data["values"]) as $val) { if ($or_clause != '') { $or_clause .= " $operator "; } $or_clause .= "find_in_set('$val',table$tc.value) $compare 0"; } $where_clause .= $or_clause . ") ) "; $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d and %s',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$or_clause); break; case "checkbox": $value = $crit_data["values"][0]; if ($tc) { $where_clause .= " $mainoperator "; $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid "; } else { $select_clause = "table$tc.userid from $tables[user_attribute] as table$tc"; } $where_clause .= " ( table$tc.attributeid = ".$crit_data["attribute"]." and "; if ($crit_data["operator"] == "isnot") { $where_clause .= ' not '; } $valueselect = ''; if ($value) { $valueselect = " length(table$tc.value) and table$tc.value != \"off\" and table$tc.value != \"0\" "; } else { $valueselect = " table$tc.value = \"\" or table$tc.value = \"0\" or table$tc.value = \"off\" "; } $where_clause .= '( '.$valueselect . ') ) '; $subqueries[$i]['query'] = sprintf('select userid from %s as table%d where attributeid = %d and %s',$GLOBALS['tables']['user_attribute'],$tc,$crit_data['attribute'],$valueselect); break; case "date": $date_value = parseDate($crit_data["values"]); if (!$date_value) { break; } if (isset($where_clause)) { $where_clause .= " $mainoperator "; $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid "; } else { $select_clause = " table$tc.userid from $tables[user_attribute] as table$tc "; } $where_clause .= ' ( table'.$tc.'.attributeid = '.$crit_data["attribute"].' and table'.$tc.'.value != "" and table'.$tc.'.value '; $dateoperator = ''; switch ($crit_data["operator"]) { case "is": $where_clause .= ' = "'.$date_value . '" )';$dateoperator = '=';break; case "isnot": $where_clause .= ' != "'.$date_value . '" )';$dateoperator = '!=';break; case "isbefore": $where_clause .= ' <= "'.$date_value . '" )';$dateoperator = '<=';break; case "isafter": $where_clause .= ' >= "'.$date_value . '" )';$dateoperator = '>=';break; } # $where_clause .= " )"; $subqueries[$i]['query'] = sprintf('select userid from %s where attributeid = %d and value != "" and value %s "%s" ',$GLOBALS['tables']['user_attribute'], $crit_data['attribute'], $dateoperator, $date_value); break; default: if (isset($where_clause)) { $where_clause .= " $mainoperator "; $select_clause .= " left join $tables[user_attribute] as table$tc on table0.userid = table$tc.userid "; } else { $select_clause = " table$tc.userid from $tables[user_attribute] as table$tc "; } $where_clause .= " ( table$tc.attributeid = ".$crit_data["attribute"]." and table$tc.value "; if ($crit_data["operator"] == "isnot") { $where_clause .= ' not in ('; } else { $where_clause .= ' in ('; } $where_clause .= cleanCommaList($crit_data["values"]) . ") )"; $subqueries[$i]['query'] = sprintf('select userid from %s where attributeid = %d and value %s in (%s) ',$GLOBALS['tables']['user_attribute'], $crit_data['attribute'], $crit_data["operator"] == "isnot" ? 'not' :'', $crit_data["values"]); } $tc++; } } $existing_criteria = ''; if (sizeof($subqueries)) { # $count_query = "select distinct $select_clause where $where_clause"; # $count_query = addslashes($count_query); if (!empty($_GET["calculate"])) { ob_end_flush(); # print "<h1>$count_query</h1>"; print "<p>".$GLOBALS['I18N']->get("calculating")." ..."; flush(); } foreach ($subqueries as $qid => $querydetails) { $req = Sql_Query($querydetails['query']); $subqueries[$qid]['results'] = array(); while ($row = Sql_Fetch_Row($req)) { array_push($subqueries[$qid]['results'],$row[0]); } } $first = array_shift($subqueries); $userids = $first['results']; foreach ($subqueries as $subquery) { if ($messagedata['criteria_overall_operator'] == 'all') { $userids = array_intersect($userids,$subquery['results']); } else { $userids = array_merge($userids,$subquery['results']); } } $userids = array_unique($userids); $num_users = sizeof($userids); $count_query = sprintf('select * from %s where id in (%s)',$GLOBALS['tables']['user'],join(', ',$userids)); if (!empty($_GET["calculate"])) { printf('.. '.$GLOBALS['I18N']->get('%d users apply'),$num_users).'</p>'; } if ($messageid) { Sql_query(sprintf('update %s set userselection = "%s" where id = %d', $tables["message"],addslashes($count_query),$messageid)); } if (!isset($_GET['calculate'])) { $ls->addButton($GLOBALS['I18N']->get("calculate"),$baseurl.'&tab='.$_GET["tab"].'&calculate=1'); } else { $ls->addButton($GLOBALS['I18N']->get("reload"),$baseurl.'&tab='.$_GET["tab"]); } $existing_criteria = $ls->display(); } else { if ($messageid) { Sql_query(sprintf('update %s set userselection = "" where id = %d', $tables["message"],$messageid)); } } } // end of define STACKED_ATTRIBUTES ############################## # Stacked attributes, end ############################## // Pull in $footer variable from post if (isset($_POST["footer"])) $footer = $_POST["footer"]; // If $id wasn't passed in (if it was passed, then $_POST should have // the database value in it already, and if it's empty, then we should // leave it empty) and $footer is blank, load the default. if (!$footer) $footer = getConfig("messagefooter"); echo $errormsg; if (!$done) { if (ALLOW_ATTACHMENTS) { $enctype = 'enctype="multipart/form-data"'; } else { $enctype = ''; } #$baseurl = sprintf('./?page=%s&id=%d',$_GET["page"],$_GET["id"]); if ($_GET["id"]) { $tabs = new WebblerTabs(); $tabs->addTab($GLOBALS['I18N']->get("Content"),"$baseurl&tab=Content"); if (FORWARD_ALTERNATIVE_CONTENT) { $tabs->addTab($GLOBALS['I18N']->get("Forward"),"$baseurl&tab=Forward"); } $tabs->addTab($GLOBALS['I18N']->get("Format"),"$baseurl&tab=Format"); if (ALLOW_ATTACHMENTS) { $tabs->addTab($GLOBALS['I18N']->get("Attach"),"$baseurl&tab=Attach"); } $tabs->addTab($GLOBALS['I18N']->get("Scheduling"),"$baseurl&tab=Scheduling"); # if (USE_RSS) { # $tabs->addTab("RSS","$baseurl&tab=RSS"); # } $tabs->addTab($GLOBALS['I18N']->get("Criteria"),"$baseurl&tab=Criteria"); $tabs->addTab($GLOBALS['I18N']->get("Lists"),"$baseurl&tab=Lists"); # $tabs->addTab("Review and Send","$baseurl&tab=Review"); $tabs->addTab($GLOBALS['I18N']->get("Misc"),"$baseurl&tab=Misc"); if ($_GET["tab"]) { $tabs->setCurrent($GLOBALS['I18N']->get($_GET["tab"])); } else { $tabs->setCurrent($GLOBALS['I18N']->get("Content")); } if (defined("WARN_SAVECHANGES")) { $tabs->addLinkCode(' onClick="return savechanges();" '); } print $tabs->display(); } ?> <p></p> <script language="Javascript"> // some debugging stuff to see what happens function checkForm() { return true; for (var i=0;i<document.sendmessageform.elements.length;i++) { alert(document.sendmessageform.elements[i].name+" "+document.sendmessageform.elements[i].value); } return true; } // detection of unsaved changes, var browser = navigator.appName.substring ( 0, 9 ); var changed = 0; function haschanged() {changed = 1; } function savechanges() { if (changed) { if (confirm("<?php echo str_replace('"','"',reverse_htmlentities($GLOBALS['I18N']->get("unsavedchanges")))?>")) return true; else return false; return false;}} //' var event_number = 0;if (browser=="Microsoft") { document.onkeydown=haschanged; document.onchange=haschanged;} else if (browser=="Netscape") { document.captureEvents(Event.KEYDOWN); document.captureEvents(Event.CHANGE); document.onkeydown=haschanged;document.onchange=haschanged;} function submitform() { document.sendmessageform.submit() } </script> <?php print formStart($enctype . ' name="sendmessageform"'); #print '<form method="post" enctype="multipart/form-data" name="sendmessageform" onSubmit="return checkForm()">'; print '<input type=hidden name="workaround_fck_bug" value="1">'; if ($_GET["page"] == "preparemessage") print Help("preparemessage",$GLOBALS['I18N']->get("whatisprepare")); if (!defined("IN_WEBBLER")) { if (!$from && is_object($GLOBALS["admin_auth"]) && $GLOBALS['require_login']) { $adminemail = $GLOBALS["admin_auth"]->adminEmail($_SESSION["logindetails"]["id"]); if ($adminemail && USE_ADMIN_DETAILS_FOR_MESSAGES) { $from = $GLOBALS["admin_auth"]->adminName($_SESSION["logindetails"]["id"]).' '.$adminemail; } else { $from = getConfig("message_from_name") . ' '.getConfig("message_from_address"); } } } $formatting_content = '<table>'; #0013076: different content when forwarding 'to a friend' // value="'.htmlentities($subject,ENT_QUOTES,'UTF-8').'" size=40></td></tr> --> previous code in line 1032 // value="'.htmlentities($from,ENT_QUOTES,'UTF-8').'" size=40></td></tr> --> previous code in line 1038 $tmp = '<table>'; $maincontent = $tmp; $forwardcontent = $tmp; $scheduling_content = '<table>'; $maincontent .= ' <tr><td>'.Help("subject").' '.$GLOBALS['I18N']->get("Subject").':</td> <td><input type=text name="msgsubject" //value="'.htmlentities(iconv('ISO-8859-1','UTF-8',$subject),ENT_QUOTES,'UTF-8').'" size=40></td></tr> <tr> <td colspan=2> </td></tr> <tr><td>'.Help("from").' '.$GLOBALS['I18N']->get("fromline").':</td> <td><input type=text name=from value="'.htmlentities(iconv('ISO-8859-1','UTF-8',$from),ENT_QUOTES,'UTF-8').'" size=40></td></tr> <tr><td colspan=2> </td></tr>'; #0013076: different content when forwarding 'to a friend' $forwardcontent .= $GLOBALS['I18N']->get("When a user forwards to a friend," . " the friend will receive this message instead of the one on the content tab."). '<tr><td>'.Help("subject").' '.$GLOBALS['I18N']->get("Subject").':</td> <td><input type=text name="forwardsubject" value="'.htmlentities($forwardsubject,ENT_QUOTES,'UTF-8').'" size=40></td></tr> <tr> <td colspan=2> </td></tr> <td colspan=2> </td></tr>'; $scheduling_content .= ' <tr><td>'.Help("embargo").' '.$GLOBALS['I18N']->get("embargoeduntil").':</td> <td>'.$embargo->showInput("embargo","",$_POST["embargo"]).'</td></tr> </td></tr>'; if (USE_REPETITION) { $repeatinterval = $_POST["repeatinterval"]; $scheduling_content .= ' <tr><td>'.Help("repetition").' '.$GLOBALS['I18N']->get("repeatevery").':</td><td> <select name="repeatinterval"> <option value="0"'; if ($repeatinterval == 0) { $scheduling_content .= " SELECTED"; } $scheduling_content .= '>-- '.$GLOBALS['I18N']->get("norepetition").'</option> <option value="60"'; if ($repeatinterval == 60) { $scheduling_content .= " SELECTED"; } $scheduling_content .= '>'.$GLOBALS['I18N']->get("hour").'</option> <option value="1440"'; if ($repeatinterval == 1440) { $scheduling_content .= " SELECTED"; } $scheduling_content .= '>'.$GLOBALS['I18N']->get("day").'</option> <option value="10080"'; if ($repeatinterval == 10080) { $scheduling_content .= " SELECTED"; } $scheduling_content .= '>'.$GLOBALS['I18N']->get("week").'</option> </select> </td></tr> </td></tr> <tr><td> '.$GLOBALS['I18N']->get("repeatuntil").':</td><td>'.$repeatuntil->showInput("repeatuntil","",$_POST["repeatuntil"]).'</td></tr> </td></tr>'; } /* $formatting_content .= ' <tr><td colspan=2>'.Help("format").' '.$GLOBALS['I18N']->get("format").': <b>'.$GLOBALS['I18N']->get("autodetect").'</b> <input type=radio name="htmlformatted" value="auto" '; $formatting_content .= !isset($htmlformatted) || $htmlformatted == "auto"?"checked":""; $formatting_content .= '> <b>'.$GLOBALS['I18N']->get("html").'</b> <input type=radio name="htmlformatted" value="1" '; $formatting_content .= $htmlformatted == "1" ?"checked":""; $formatting_content .= '> <b>'.$GLOBALS['I18N']->get("text").'</b> <input type=radio name="htmlformatted" value="0" '; $formatting_content .= $htmlformatted == "0" ?"checked":""; $formatting_content .= '></td></tr>'; */ $formatting_content .= '<input type=hidden name="htmlformatted" value="auto">'; $formatting_content .= ' <tr><td colspan=2>'.Help("sendformat").' '.$GLOBALS['I18N']->get("sendas").': '.$GLOBALS['I18N']->get("html").' <input type=radio name="sendformat" value="HTML" '; $formatting_content .= $_POST["sendformat"]=="HTML"?"checked":""; $formatting_content .= '> '.$GLOBALS['I18N']->get("text").' <input type=radio name="sendformat" value="text" '; $formatting_content .= $_POST["sendformat"]=="text"?"checked":""; $formatting_content .= '> '; if (USE_PDF) { $formatting_content .= $GLOBALS['I18N']->get("pdf").' <input type=radio name="sendformat" value="PDF" '; $formatting_content .= $_POST["sendformat"]=="PDF"?"checked":""; $formatting_content .= '>'; } // 0009687: Confusing use of the word "Both", indicating one email with both text and html and not two emails // $formatting_content .= $GLOBALS['I18N']->get("textandhtml").' <input type=radio name="sendformat" value="text and HTML" '; // $formatting_content .= $_POST["sendformat"]=="text and HTML" || !isset($_POST["sendformat"]) ?"checked":""; // $formatting_content .= '>'; if (USE_PDF) { $formatting_content .= $GLOBALS['I18N']->get("textandpdf").' <input type=radio name="sendformat" value="text and PDF" '; $formatting_content .= $_POST["sendformat"]=="text and PDF" ?"checked":""; $formatting_content .= ' >'; } $formatting_content .= '</td></tr>'; $req = Sql_Query("select id,title from {$tables["template"]} order by listorder"); if (Sql_affected_Rows()) { $formatting_content .= '<tr><td>'.Help("usetemplate").' '.$GLOBALS['I18N']->get("usetemplate").': </td> <td><select name="template"><option value=0>-- '.$GLOBALS['I18N']->get("selectone").'</option>'; $req = Sql_Query("select id,title from {$tables["template"]} order by listorder"); while ($row = Sql_Fetch_Array($req)) { $formatting_content .= sprintf('<option value="%d" %s>%s</option>',$row["id"], $row["id"]==$_POST["template"]?'SELECTED':'',$row["title"]); } $formatting_content .= '</select></td></tr>'; } if (ENABLE_RSS) { $rss_content .= '<tr><td colspan=2>'.$GLOBALS['I18N']->get("rssintro").' </td></tr>'; $rss_content .= '<tr><td colspan=2><input type=radio name="rsstemplate" value="none">'.$GLOBALS['I18N']->get("none").' '; foreach ($rssfrequencies as $key => $val) { $rss_content .= sprintf('<input type=radio name="rsstemplate" value="%s" %s>%s ',$key,$_POST["rsstemplate"] == $key ? "checked":"",$val); } $rss_content .= '</td></tr>'; } #0013076: different content when forwarding 'to a friend' $tmp = '<tr><td colspan=2>'.Help("message").' '.$GLOBALS['I18N']->get("message").'. </td></tr> <tr><td colspan=2>'; $maincontent .= $tmp; $forwardcontent .= $tmp; if ($usefck) { $oFCKeditor = new FCKeditor('message') ; $oFCKeditor->BasePath = './FCKeditor/'; //$oFCKeditor->ToolbarSet = 'Accessibility' ; $oFCKeditor->ToolbarSet = 'Default' ; $oFCKeditor->Value = stripslashes($_POST["message"]); $w = getConfig("fckeditor_width"); $h = getConfig("fckeditor_height"); if ($_SESSION["fckeditor_height"]) { $h = sprintf('%d',$_SESSION["fckeditor_height"]); } # version 1.4 # $maincontent .= $oFCKeditor->ReturnFCKeditor( 'message', $w.'px', $h.'px' ) ; # for version 2.0 if ($h < 400) { $h = 400; } $oFCKeditor->Height = $h; $oFCKeditor->Width = $w; $maincontent .= $oFCKeditor->CreateHtml() ; $maincontent .= '</td></tr>'; $maincontent .= '<script language="Javascript" type="text/javascript"> function expand() { document.sendmessageform.expand.value = 1; document.sendmessageform.save.value = 1 document.sendmessageform.submit(); } </script>'; $maincontent .= '<tr><td colspan=2 align=right><a href="javascript:expand();" class="button">'.$GLOBALS['I18N']->get("expand").'</a></td></tr>'; } elseif ($useTinyMCE) { $tinyMCE_path = TINYMCEPATH; $tinyMCE_lang = TINYMCELANG; $tinyMCE_theme = TINYMCETHEME; $tinyMCE_opts = TINYMCEOPTS; $maincontent .= "<script language='javascript' type='text/javascript' src='{$tinyMCE_path}'></script>\n" ."<script language='javascript' type='text/javascript'>\n" ." tinyMCE.init({\n" ." mode : 'exact',\n" ." elements : 'message',\n" ." language : '{$tinyMCE_lang}',\n" ." theme : '{$tinyMCE_theme}'\n" ." {$tinyMCE_opts}\n" ." });\n" ."</script>\n" ."<textarea name='message' id='message' cols='65' rows='20'>{$_POST['message']}</textarea>"; } else { $maincontent .= '<textarea name=message cols=65 rows=20>'.htmlspecialchars($_POST["message"]).'</textarea>'; } #0013076: different content when forwarding 'to a friend' $forwardcontent .= '<textarea name=forwardmessage cols=65 rows=20>'.htmlspecialchars($forwardmessage).'</textarea>'; #0013076: different content when forwarding 'to a friend' $tmp = ' </td></tr> '; $maincontent .= $tmp; $forwardcontent .= $tmp; if (USE_MANUAL_TEXT_PART) { $maincontent .= '<tr><td colspan=2> '.$GLOBALS['I18N']->get("plaintextversion").' </td></tr> <tr><td colspan=2> <textarea name=textmessage cols=65 rows=20>'.$_POST["textmessage"].'</textarea> </td></tr>'; } #0013076: different content when forwarding 'to a friend' $maincontent .= '<tr><td colspan=2>'.$GLOBALS['I18N']->get("messagefooter").'. <br/> '.$GLOBALS['I18N']->get("messagefooterexplanation").'<br/>'. $GLOBALS['I18N']->get("use [FORWARD] to add a personalised URL to forward the message to someone else."). '.</td></tr> <tr><td colspan=2><textarea name=footer cols=65 rows=5>'.$footer.'</textarea></td></tr> </table>'; $forwardcontent .= '<tr><td colspan=2>'.$GLOBALS['I18N']->get("forwardfooter").'. <br/> '.$GLOBALS['I18N']->get("messageforwardfooterexplanation").'<br/>'. '.</td></tr> <tr><td colspan=2><textarea name=forwardfooter cols=65 rows=5>'.$forwardfooter.'</textarea></td></tr> </table>'; if (ALLOW_ATTACHMENTS) { // If we have a message id saved, we want to query the attachments that are associated with this // message and display that (and allow deletion of!) $att_content = '<table><tr><td colspan=2>'.Help("attachments").' '.$GLOBALS['I18N']->get("addattachments").' </td></tr>'; $att_content .= '<tr><td colspan=2> '.$GLOBALS['I18N']->get("uploadlimits").':<br/> '.$GLOBALS['I18N']->get("maxtotaldata").': '.ini_get("post_max_size").'<br/> '.$GLOBALS['I18N']->get("maxfileupload").': '.ini_get("upload_max_filesize").'</td></tr>'; if ($id) { $result = Sql_Query(sprintf("Select Att.id, Att.filename, Att.remotefile, Att.mimetype, Att.description, Att.size, MsgAtt.id linkid". " from %s Att, %s MsgAtt where Att.id = MsgAtt.attachmentid and MsgAtt.messageid = %d", $tables["attachment"], $tables["message_attachment"], $id)); $tabletext = ""; $ls = new WebblerListing($GLOBALS['I18N']->get('currentattachments')); while ($row = Sql_fetch_array($result)) { # $tabletext .= "<tr><td>".$row["remotefile"]."</td><td>".$row["description"]." </td><td>".$row["size"]."</td>"; $ls->addElement($row["id"]); $ls->addColumn($row["id"],$GLOBALS['I18N']->get('filename'),$row["remotefile"]); $ls->addColumn($row["id"],$GLOBALS['I18N']->get('desc'),$row["description"]); $ls->addColumn($row["id"],$GLOBALS['I18N']->get('size'),$row["size"]); $phys_file = $GLOBALS["attachment_repository"]."/".$row["filename"]; if (is_file($phys_file) && filesize($phys_file)) { $ls->addColumn($row["id"],$GLOBALS['I18N']->get('file'),$GLOBALS["img_tick"]); } else { $ls->addColumn($row["id"],$GLOBALS['I18N']->get('file'),$GLOBALS["img_cross"]); } $ls->addColumn($row["id"],$GLOBALS['I18N']->get('del'),sprintf('<input type=checkbox name="deleteattachments[]" value="%s">',$row["linkid"])); // Probably need to check security rights here... # $tabletext .= "<td><input type=checkbox name=\"deleteattachments[]\" value=\"".$row["linkid"]."\"></td>"; # $tabletext .= "</tr>\n"; } $ls->addButton($GLOBALS['I18N']->get('delchecked'),"javascript:document.sendmessageform.submit()"); $att_content .= '<tr><td colspan=2>'.$ls->display().'</td></tr>'; # if ($tabletext) { # print "<tr><td colspan=2><table border=1><tr><td>Filename</td><td>Description</td><td>Size</td><td> </td></tr>\n"; # print "$tabletext"; # print "<tr><td colspan=4 align=\"center\"><input type=submit name=deleteatt value=\"Delete Checked\"></td></tr>"; # print "</table></td></tr>\n"; # } } for ($att_cnt = 1;$att_cnt <= NUMATTACHMENTS;$att_cnt++) { $att_content .=sprintf ('<tr><td>%s</td><td><input type=file name="attachment%d"> <input type=submit name="save" value="%s"></td></tr>',$GLOBALS['I18N']->get('newattachment'),$att_cnt,$GLOBALS['I18N']->get('addandsave')); if (FILESYSTEM_ATTACHMENTS) { $att_content .= sprintf('<tr><td><b>%s</b> %s:</td><td><input type=text name="localattachment%d" size="50"></td></tr>',$GLOBALS['I18N']->get('or'),$GLOBALS['I18N']->get('pathtofile'),$att_cnt,$att_cnt); } $att_content .= sprintf ('<tr><td colspan=2>%s:</td></tr> <tr><td colspan=2><textarea name="attachment%d_description" cols=65 rows=3 wrap="virtual"></textarea></td></tr>',$GLOBALS['I18N']->get('attachmentdescription'),$att_cnt); } $att_content .= '</table>'; # $shader = new WebblerShader("Attachments"); # $shader->addContent($att_content); # $shader->initialstate = 'closed'; # print $shader->display(); } // Load the email address for the admin user so we can use that as the default value in the testtarget field # @@@ this only works with phplist authentication, needs to be abstracted if (!isset($_POST["testtarget"])) { $res = Sql_Query(sprintf("Select email from %s where id = %d", $tables["admin"], $_SESSION["logindetails"]["id"])); $admin_details = Sql_Fetch_Array($res); $_POST["testtarget"] = $admin_details["email"]; } // if there isn't one, load the developer one, just being lazy here :-) if (!$_POST["testtarget"]) { $_POST["testtarget"] = $GLOBALS["developer_email"]; } // Display the HTML for the "Send Test" button, and the input field for the email addresses $sendtest_content = sprintf('<hr /><table><tr><td valign="top"> <input type=submit name=sendtest value="%s"> %s: </td> <td><input type=text name="testtarget" size=40 value="'.$_POST["testtarget"].'"><br />%s </td></tr></table><hr />', $GLOBALS['I18N']->get('sendtestmessage'),$GLOBALS['I18N']->get('toemailaddresses'), $GLOBALS['I18N']->get('sendtestexplain')); $criteria_content = $GLOBALS['I18N']->get('criteriaexplanation').' <table> '; $any = 0; for ($i=1;$i<=NUMCRITERIAS;$i++) { $criteria_content .= sprintf('<tr><td colspan=2><hr><h3>%s %d</h3></td> <td>%s <input type=checkbox name="use[%d]"></tr>',$GLOBALS['I18N']->get('criterion'),$i, $GLOBALS['I18N']->get('usethisone'),$i); $attributes_request = Sql_Query("select * from $tables[attribute]"); while ($attribute = Sql_Fetch_array($attributes_request)) { $criteria_content .= "\n\n"; $criteria_content .= sprintf('<input type=hidden name="attrtype[%d]" value="%s">', $attribute["id"],$attribute["type"]); switch ($attribute["type"]) { case "checkbox": $any = 1; $criteria_content .= sprintf ('<tr><td><input type="radio" name="criteria[%d]" value="%d"> %s</td><td><b>%s</b></td><td><select name="attr%d%d[]"> <option value="0">Not checked <option value="1">Checked</select></td></tr>', $i,$attribute["id"], $attribute["name"],$GLOBALS['I18N']->get('is'),$attribute["id"],$i); break; case "select": case "radio": case "checkboxgroup": $some = 0; $thisone = ""; $values_request = Sql_Query("select * from $table_prefix"."listattr_".$attribute["tablename"]); $thisone .= sprintf ('<tr><td valign=top><input type="radio" name="criteria[%d]" value="%d"> %s</td> <td valign=top><b>%s</b></td><td><select name="attr%d%d[]" size=4 multiple>', $i,$attribute["id"],strip_tags($attribute["name"]),$GLOBALS['I18N']->get('is'),$attribute["id"],$i); while ($value = Sql_Fetch_array($values_request)) { $some =1; $thisone .= sprintf ('<option value="%d">%s',$value["id"],$value["name"]); } $thisone .= "</select></td></tr>"; if ($some) $criteria_content .= $thisone; $any = $any || $some; break; default: $criteria_content .= "\n<!-- error: huh, unknown type ".$attribute["type"]." -->\n"; } } } if (!$any) { $criteria_content = "<p>".$GLOBALS['I18N']->get('nocriteria')."</p>"; } else { # $shader = new WebblerShader("Message Criteria"); # $shader->addContent($criteria_content.'</table>'); # $shader->hide(); # print $shader->display(); } ############################## # Stacked attributes, display ############################## if (STACKED_ATTRIBUTE_SELECTION) { /* new criteria content system */ # list existing defined ones: # find out how many there are if ($messageid) { $id = $messageid; } $att_js = ' <script language="Javascript" type="text/javascript"> var values = Array(); var operators = Array(); var value_divs = Array(); var value_default = Array(); '; if (sizeof($used_attributes)) { $already_used = ' and id not in ('.join(',',$used_attributes).')'; } else { $already_used = ""; } $att_drop = ''; $attreq = Sql_Query(sprintf('select * from %s where type in ("select","radio","date","checkboxgroup","checkbox") %s',$tables["attribute"],$already_used)); while ($att = Sql_Fetch_array($attreq)) { $att_drop .= sprintf('<option value="%d" %s>%s</option>', $att["id"],"",$att["name"]); $num = Sql_Affected_Rows(); switch ($att["type"]) { case "select":case "radio":case "checkboxgroup": $att_js .= sprintf('value_divs[%d] = "criteria_values_select";'."\n",$att["id"]); $att_js .= sprintf('value_default[%d] = "";'."\n",$att["id"]); $value_req = Sql_Query(sprintf('select * from %s order by listorder,name', $GLOBALS["table_prefix"]."listattr_".$att["tablename"])); $num = Sql_Num_Rows($value_req); $att_js .= sprintf('values[%d] = new Array(%d);'."\n",$att["id"],$num+1); #$att_js .= sprintf('values[%d][0] = new Option("[choose]","0",false,true);'."\n",$att["id"]); $c = 0; while ($value = Sql_Fetch_Array($value_req)) { $att_js .= sprintf('values[%d][%d] = new Option("%s","%d",false,false);'."\n",$att["id"], $c,$value["name"],$value["id"]); $c++; } $att_js .= sprintf('operators[%d] = new Array(2);'."\n",$att["id"]); $att_js .= sprintf('operators[%d][0] = new Option("%s","is",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('is')); $att_js .= sprintf('operators[%d][1] = new Option("%s","isnot",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('isnot')); break; case "checkbox": $att_js .= sprintf('value_divs[%d] = "criteria_values_select";'."\n",$att["id"]); $att_js .= sprintf('value_default[%d] = "";'."\n",$att["id"]); $att_js .= sprintf('values[%d] = new Array(%d);'."\n",$att["id"],2); $att_js .= sprintf('values[%d][0] = new Option("%s",0,false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('unchecked')); $att_js .= sprintf('values[%d][1] = new Option("%s",1,false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('checked')); $att_js .= sprintf('operators[%d] = new Array(2);'."\n",$att["id"]); $att_js .= sprintf('operators[%d][0] = new Option("%s","is",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('is')); $att_js .= sprintf('operators[%d][1] = new Option("%s","isnot",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('isnot')); break; case "date": $att_js .= sprintf('value_divs[%d] = "criteria_values_text";'."\n",$att["id"]); $att_js .= sprintf('value_default[%d] = "%s";'."\n",$att["id"],$GLOBALS['I18N']->get('dd-mm-yyyy')); $att_js .= sprintf('values[%d] = new Array(%d);'."\n",$att["id"],1); $att_js .= sprintf('values[%d][%d] = new Option("%s","%d",false,false);'."\n",$att["id"],$c, "Date","dd-mm-yyyy"); # just to avoid javascript errors, not actually used $att_js .= sprintf('operators[%d] = new Array(4);'."\n",$att["id"]); $att_js .= sprintf('operators[%d][0] = new Option("%s","is",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('is')); $att_js .= sprintf('operators[%d][1] = new Option("%s","isnot",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('isnot')); $att_js .= sprintf('operators[%d][2] = new Option("%s","isbefore",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('isbefore')); $att_js .= sprintf('operators[%d][3] = new Option("%s","isafter",false,true);'."\n",$att["id"],$GLOBALS['I18N']->get('isafter')); } } $att_js .= ' var browser = navigator.appName.substring ( 0, 9 ); var warned = browser != "Microsoft"; function findEl(name) { var div; if (document.getElementById){ div = document.getElementById(name); } else if (document.all){ div = document.all[name]; } return div; } function changeDropDowns() { var choice = document.sendmessageform.criteria_attribute.options[document.sendmessageform.criteria_attribute.selectedIndex].value; if (choice == "") return; if (!warned) { alert("'.$GLOBALS['I18N']->get('buggywithie').'"); warned = 1; } var value_el_select = findEl("criteria_values_select"); var value_el_text = findEl("criteria_values_text"); for (i=0;i<value_el_select.length;) { value_el_select.options[i] = null; } for (i=0;i<values[choice].length;i++) { value_el_select.options[i] = values[choice][i]; } value_el_select.selectedIndex = 0; value_el_text.value = value_default[choice]; for (i=0;i<document.sendmessageform.criteria_operator.length;) { document.sendmessageform.criteria_operator.options[i] = null; } for (i=0;i<operators[choice].length;i++) { document.sendmessageform.criteria_operator.options[i] = operators[choice][i]; } document.sendmessageform.criteria_operator.selectedIndex = 0; var div1 = findEl("criteria_values_select"); var div2 = findEl("criteria_values_text"); var div3 = findEl(value_divs[choice]); div1.style.visibility = "hidden"; div2.style.visibility = "hidden"; div3.style.visibility = "visible"; } </script> '; $att_drop = '<select name="criteria_attribute" onChange="changeDropDowns()" class="criteria_element" >'; $att_drop .= '<option value="">['.$GLOBALS['I18N']->get('selectattribute').']</option>'; $att_names = '';# to remember them later $attreq = Sql_Query(sprintf('select * from %s where type in ("select","radio","date","checkboxgroup","checkbox") %s',$tables["attribute"],$already_used)); while ($att = Sql_Fetch_array($attreq)) { $att_drop .= sprintf('<option value="%d" %s>%s</option>', $att["id"],"",substr(stripslashes($att["name"]),0,30).' ('.$GLOBALS['I18N']->get($att["type"]).')'); $att_names .= sprintf('<input type=hidden name="attribute_names[%d]" value="%s">',$att["id"],stripslashes($att["name"])); } $att_drop .= '</select>'.$att_names; $operator_drop = ' <select name="criteria_operator" class="criteria_element" > <option value="is">'.$GLOBALS['I18N']->get('is').'</option> <option value="isnot">'.$GLOBALS['I18N']->get('isnot').'</option> <option value="isbefore">'.$GLOBALS['I18N']->get('isbefore').'</option> <option value="isafter">'.$GLOBALS['I18N']->get('isafter').'</option> </select> '; $values_drop = ' <style type="text/css"> #criteria_values_select { visibility : hidden; background-color: #ffffff; } #criteria_values_select > option { background-color: #ffffff; } #criteria_values_text { visibility : hidden; } span.values_span { vertical-align: top; display: block; } input.criteria_element { vertical-align: top; } select.criteria_element { vertical-align: top; } </style>'; $values_drop .= '<span id="values_span" class="values_span">'; $values_drop .= '<input class="criteria_element" name="criteria_values[]" id="criteria_values_text" size=15 type=text>'; # $values_drop .= '</span>'; # $values_drop .= '<span id="values_select">'; $values_drop .= '<select class="criteria_element" name="criteria_values[]" id="criteria_values_select" multiple size=10></select>'; $values_drop .= '</span>'; $existing_overall_operator = $messagedata['criteria_overall_operator'] == "any" ? "any":"all"; $criteria_overall_operator = sprintf('%s <input type="radio" name="criteria_match" value="all" %s> %s <input type="radio" name="criteria_match" value="any" %s>', $GLOBALS['I18N']->get('matchallrules'), $existing_overall_operator == "all"? "checked":"", $GLOBALS['I18N']->get('matchanyrules'), $existing_overall_operator == "any"? "checked":""); $criteria_styles = ' <style type="text/css"> div.criteria_container { /*border: 1px solid black; background-color: #ffeeee;*/ width: 100%; z-index: 8; } span.criteria_element { vertical-align: top; display: inline; } </style>'; $criteria_content = $criteria_overall_operator.$existing_criteria.$criteria_styles.$att_js. '<div class="criteria_container">'. '<span class="criteria_element">'.$att_drop.'</span>'. '<span class="criteria_element">'.$operator_drop.'</span>'. '<span class="criteria_element">'.$values_drop.'</span>'. '<span class="criteria_element"><input type=submit name="save" value="'.$GLOBALS['I18N']->get('addcriterion').'"></span>'; '</div>'; } // end of if (STACKED_ATTRIBUTE_SELECTION) ############################## # Stacked attributes, display end ############################## # notification of progress of message sending # defaulting to admin_details['email'] gives the wrong impression that this is the # value in the database, so it's better to leave that empty instead $notify_start = isset($messagedata['notify_start'])?$messagedata['notify_start']:'';#$admin_details['email']; $notify_end = isset($messagedata['notify_end'])?$messagedata['notify_end']:'';#$admin_details['email']; $notification_content = sprintf(' <table> <tr valign="top"><td>%s<br/>%s</td><td><input type=text name="notify_start" value="%s" size="35"></td></tr> <tr valign="top"><td>%s<br/>%s</td><td><input type=text name="notify_end" value="%s" size="35"></td></tr> </table>', $GLOBALS['I18N']->get('email to alert when sending of this message starts'), $GLOBALS['I18N']->get('separate multiple with a comma'),$notify_start, $GLOBALS['I18N']->get('email to alert when sending of this message has finished'), $GLOBALS['I18N']->get('separate multiple with a comma'),$notify_end); $show_lists = 0; switch ($_GET["tab"]) { case "Attach": print $att_content; break; case "Criteria": print $criteria_content; break; case "Format": print $formatting_content;break; case "Scheduling": print $scheduling_content; case "RSS": print $rss_content;break; case "Lists": $show_lists = 1;break; case "Review": print $review_content; break; case "Misc": print $notification_content; break; case "Forward": print $forwardcontent; break; default: print $maincontent; break; } } print $sendtest_content; if (!$_POST["status"]) { $savecaption = $GLOBALS['I18N']->get('saveasdraft'); } else { $savecaption = $GLOBALS['I18N']->get('savechanges');#"Save "".$_POST["status"]."" message edits"; } print "<hr><table><tr><td><input type=submit name=\"save\" value=\"$savecaption\"></td></tr></table>\n<hr>\n"; print "<input type=hidden name=id value=$id>\n"; print "<input type=hidden name=status value=\"".$_POST["status"]."\">\n"; print '<input type=hidden name=expand value="0">'; ?>