[26139] | 1 | <?php |
---|
| 2 | defined('SUBSCRIBE_TO_PATH') or die('Hacking attempt!'); |
---|
[12560] | 3 | |
---|
[21441] | 4 | global $template, $conf, $page, $user; |
---|
[12560] | 5 | |
---|
| 6 | // check input parameters |
---|
[26139] | 7 | if (empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key'])) |
---|
[12560] | 8 | { |
---|
[15641] | 9 | $_GET['action'] = null; |
---|
[12560] | 10 | } |
---|
[12600] | 11 | else |
---|
| 12 | { |
---|
[26139] | 13 | $verif_key = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null); |
---|
[21340] | 14 | |
---|
[26139] | 15 | if (decrypt_value($_GET['key'], $conf['secret_key']) !== $verif_key) |
---|
[21340] | 16 | { |
---|
| 17 | $_GET['action'] = null; |
---|
| 18 | } |
---|
| 19 | } |
---|
| 20 | |
---|
| 21 | |
---|
| 22 | |
---|
[26139] | 23 | if (!empty($_GET['action'])) |
---|
[21340] | 24 | { |
---|
[15641] | 25 | // unsubscribe all |
---|
[26139] | 26 | if (isset($_POST['unsubscribe_all']) and isset($_POST['unsubscribe_all_check'])) |
---|
[12560] | 27 | { |
---|
[15641] | 28 | $query = ' |
---|
| 29 | DELETE FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 30 | WHERE email = "'.$_GET['email'].'" |
---|
| 31 | ;'; |
---|
| 32 | pwg_query($query); |
---|
| 33 | } |
---|
[26139] | 34 | |
---|
[15641] | 35 | // bulk action |
---|
[21439] | 36 | else if (isset($_POST['apply_bulk']) and !empty($_POST['selected'])) |
---|
[15641] | 37 | { |
---|
[26139] | 38 | switch ($_POST['action']) |
---|
[12600] | 39 | { |
---|
[26139] | 40 | case 'unsubscribe': |
---|
| 41 | un_subscribe_to_comments($_GET['email'], $_POST['selected']); |
---|
| 42 | break; |
---|
| 43 | case 'validate': |
---|
| 44 | validate_subscriptions($_GET['email'], $_POST['selected']); |
---|
| 45 | break; |
---|
[12600] | 46 | } |
---|
[15641] | 47 | } |
---|
[26139] | 48 | |
---|
[15641] | 49 | // unsubscribe from manage page |
---|
[21340] | 50 | else if (isset($_GET['unsubscribe'])) |
---|
[15641] | 51 | { |
---|
| 52 | if (un_subscribe_to_comments($_GET['email'], $_GET['unsubscribe'])) |
---|
| 53 | { |
---|
[26139] | 54 | $page['infos'][] = l10n('Successfully unsubscribed your email address from receiving notifications.'); |
---|
[15641] | 55 | } |
---|
[12600] | 56 | else |
---|
| 57 | { |
---|
[26139] | 58 | $page['errors'][] = l10n('Not found.'); |
---|
[12600] | 59 | } |
---|
| 60 | } |
---|
[26139] | 61 | |
---|
[15641] | 62 | // validate from manage page |
---|
[21340] | 63 | else if (isset($_GET['validate'])) |
---|
[12600] | 64 | { |
---|
[15641] | 65 | if (validate_subscriptions($_GET['email'], $_GET['validate'])) |
---|
[12600] | 66 | { |
---|
[26139] | 67 | $page['infos'][] = l10n('Your subscribtion has been validated, thanks you.'); |
---|
[12600] | 68 | } |
---|
| 69 | else |
---|
| 70 | { |
---|
[26139] | 71 | $page['infos'][] = l10n('Already validated.'); |
---|
[12600] | 72 | } |
---|
[12560] | 73 | } |
---|
[26139] | 74 | |
---|
[12600] | 75 | $template->assign('MANAGE_LINK', make_stc_url('manage', $_GET['email'])); |
---|
| 76 | } |
---|
| 77 | |
---|
[15641] | 78 | |
---|
[12600] | 79 | switch ($_GET['action']) |
---|
| 80 | { |
---|
[12560] | 81 | /* validate */ |
---|
[15641] | 82 | case 'validate': |
---|
[12600] | 83 | { |
---|
[21340] | 84 | // don't need to sanitize inputs, already checked with the unique key |
---|
[15641] | 85 | $query = ' |
---|
[21340] | 86 | SELECT type, element_id |
---|
[15641] | 87 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
[26139] | 88 | WHERE |
---|
[15641] | 89 | email = "'.$_GET['email'].'" |
---|
| 90 | AND id = '.$_GET['id'].' |
---|
| 91 | ;'; |
---|
| 92 | $result = pwg_query($query); |
---|
[26139] | 93 | |
---|
[15641] | 94 | if (!pwg_db_num_rows($result)) |
---|
[12600] | 95 | { |
---|
[26139] | 96 | $page['errors'][] = l10n('Not found.'); |
---|
[12600] | 97 | } |
---|
| 98 | else |
---|
| 99 | { |
---|
[15641] | 100 | if (validate_subscriptions($_GET['email'], $_GET['id'])) |
---|
| 101 | { |
---|
[26139] | 102 | $page['infos'][] = l10n('Your subscription has been validated, thanks you.'); |
---|
[15641] | 103 | } |
---|
| 104 | else |
---|
| 105 | { |
---|
[26139] | 106 | $page['infos'][] = l10n('Already validated.'); |
---|
[15641] | 107 | } |
---|
[26139] | 108 | |
---|
[15641] | 109 | list($type, $element_id) = pwg_db_fetch_row($result); |
---|
[26139] | 110 | |
---|
[15641] | 111 | switch ($type) |
---|
| 112 | { |
---|
| 113 | case 'image': |
---|
| 114 | $element = get_picture_infos($element_id, false); |
---|
| 115 | break; |
---|
| 116 | case 'album-images': |
---|
| 117 | case 'album': |
---|
| 118 | $element = get_category_infos($element_id, false); |
---|
| 119 | break; |
---|
| 120 | default: |
---|
| 121 | $element = null; |
---|
| 122 | } |
---|
[26139] | 123 | |
---|
[15641] | 124 | $template->assign(array( |
---|
| 125 | 'type' => $type, |
---|
| 126 | 'element' => $element, |
---|
| 127 | )); |
---|
[12600] | 128 | } |
---|
[26139] | 129 | |
---|
[15641] | 130 | $template->assign('IN_VALIDATE', true); |
---|
[12600] | 131 | break; |
---|
| 132 | } |
---|
[26139] | 133 | |
---|
[15641] | 134 | /* unsubscribe */ |
---|
| 135 | case 'unsubscribe': |
---|
[12560] | 136 | { |
---|
[15641] | 137 | $query = ' |
---|
| 138 | SELECT |
---|
| 139 | type, |
---|
| 140 | element_id |
---|
| 141 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
[26139] | 142 | WHERE |
---|
[15641] | 143 | email = "'.$_GET['email'].'" |
---|
| 144 | AND id = '.$_GET['id'].' |
---|
| 145 | ;'; |
---|
| 146 | $result = pwg_query($query); |
---|
[26139] | 147 | |
---|
[15641] | 148 | if (!pwg_db_num_rows($result)) |
---|
[12600] | 149 | { |
---|
[26139] | 150 | $page['errors'][] = l10n('Not found.'); |
---|
[12600] | 151 | } |
---|
| 152 | else |
---|
| 153 | { |
---|
[15641] | 154 | if (un_subscribe_to_comments($_GET['email'], $_GET['id'])) |
---|
| 155 | { |
---|
[26139] | 156 | $page['infos'][] = l10n('Successfully unsubscribed your email address from receiving notifications.'); |
---|
[15641] | 157 | } |
---|
| 158 | else |
---|
| 159 | { |
---|
[26139] | 160 | $page['errors'][] = l10n('Not found.'); |
---|
[15641] | 161 | } |
---|
[26139] | 162 | |
---|
[15641] | 163 | list($type, $element_id) = pwg_db_fetch_row($result); |
---|
[26139] | 164 | |
---|
[15641] | 165 | switch ($type) |
---|
| 166 | { |
---|
| 167 | case 'image': |
---|
| 168 | $element = get_picture_infos($element_id); |
---|
| 169 | break; |
---|
| 170 | case 'album-images': |
---|
| 171 | case 'album': |
---|
| 172 | $element = get_category_infos($element_id); |
---|
| 173 | break; |
---|
| 174 | default: |
---|
| 175 | $element = null; |
---|
| 176 | } |
---|
[26139] | 177 | |
---|
[15641] | 178 | $template->assign(array( |
---|
| 179 | 'type' => $type, |
---|
| 180 | 'element' => $element, |
---|
| 181 | )); |
---|
[12600] | 182 | } |
---|
[26139] | 183 | |
---|
[15641] | 184 | $template->assign('IN_UNSUBSCRIBE', true); |
---|
[12560] | 185 | break; |
---|
| 186 | } |
---|
[26139] | 187 | |
---|
[12560] | 188 | /* manage */ |
---|
[15641] | 189 | case 'manage': |
---|
[12560] | 190 | { |
---|
[12600] | 191 | $query = ' |
---|
| 192 | SELECT * |
---|
| 193 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
[15641] | 194 | WHERE email = "'.$_GET['email'].'" |
---|
[12600] | 195 | ORDER BY registration_date DESC |
---|
| 196 | ;'; |
---|
| 197 | $result = pwg_query($query); |
---|
[26139] | 198 | |
---|
[15641] | 199 | if (pwg_db_num_rows($result)) |
---|
[12600] | 200 | { |
---|
| 201 | while ($subscription = pwg_db_fetch_assoc($result)) |
---|
| 202 | { |
---|
[15641] | 203 | $subscription['registration_date'] = format_date($subscription['registration_date'], true); |
---|
[26139] | 204 | |
---|
[15641] | 205 | switch ($subscription['type']) |
---|
[12600] | 206 | { |
---|
[15641] | 207 | case 'image': |
---|
| 208 | $subscription['infos'] = get_picture_infos($subscription['element_id']); |
---|
| 209 | break; |
---|
| 210 | case 'album-images': |
---|
| 211 | case 'album': |
---|
[21441] | 212 | $subscription['infos'] = get_category_infos($subscription['element_id'], true, $user['id']); |
---|
[15641] | 213 | break; |
---|
| 214 | default: |
---|
| 215 | $subscription['infos'] = null; |
---|
| 216 | $template->append('global_subscriptions', $subscription); |
---|
| 217 | continue(2); |
---|
[12600] | 218 | } |
---|
[26139] | 219 | |
---|
[12600] | 220 | $template->append('subscriptions', $subscription); |
---|
| 221 | } |
---|
| 222 | } |
---|
| 223 | else |
---|
| 224 | { |
---|
[26139] | 225 | $page['infos'][] = l10n('You are not subscribed to any comment.'); |
---|
[12600] | 226 | } |
---|
[12560] | 227 | break; |
---|
| 228 | } |
---|
[26139] | 229 | |
---|
[15641] | 230 | default: |
---|
[12560] | 231 | { |
---|
| 232 | set_status_header(403); |
---|
[26139] | 233 | $page['errors'][] = l10n('Bad query'); |
---|
[12560] | 234 | } |
---|
| 235 | } |
---|
| 236 | |
---|
[15641] | 237 | |
---|
[12560] | 238 | $template->assign(array( |
---|
[12600] | 239 | 'SUBSCRIBE_TO_PATH' => SUBSCRIBE_TO_PATH, |
---|
[17494] | 240 | 'SUBSCRIBE_TO_ABS_PATH' => realpath(SUBSCRIBE_TO_PATH).'/', |
---|
[21441] | 241 | 'COA_ACTIVATED' => defined('COA_ID'), |
---|
[12600] | 242 | )); |
---|
[26139] | 243 | |
---|
[21340] | 244 | if (!empty($_GET['email'])) |
---|
| 245 | { |
---|
[26139] | 246 | $template->concat('TITLE', $conf['level_separator'] . l10n('Subscriptions of %s', '<i>'.$_GET['email'].'</i>')); |
---|
[21340] | 247 | } |
---|
[12600] | 248 | |
---|
[26139] | 249 | $template->set_filename('subscribe_to_comments', realpath(SUBSCRIBE_TO_PATH . 'template/subscriptions_page.tpl')); |
---|
| 250 | $template->assign_var_from_handle('CONTENT', 'subscribe_to_comments'); |
---|