- Timestamp:
- Nov 11, 2011, 2:56:45 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Subscribe_to_comments/include/subscribtions_page.inc.php
r12560 r12600 7 7 8 8 // check input parameters 9 $_GET['verif_key'] = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null); 9 10 if ( 10 11 empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key']) 11 or decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET[' action'].$_GET['email']12 or decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET['verif_key'] 12 13 ) 13 14 { 14 set_status_header(403); 15 array_push($errors, l10n('Bad query')); 15 $_GET['action'] = 'hacker'; 16 } 17 else 18 { 19 // sanitize inputs 20 if (isset($_GET['id'])) $_GET['id'] = pwg_db_real_escape_string($_GET['id']); 21 $_GET['email'] = pwg_db_real_escape_string($_GET['email']); 22 23 // unsubscribe 24 if (isset($_POST['unsubscribe'])) 25 { 26 if (un_subscribe_to_comments(!empty($_GET['id'])?$_GET['id']:'N/A', $_GET['email'], $_POST['unsubscribe'])) 27 { 28 array_push($infos, l10n('Successfully unsubscribed your email address from receiving notifications.')); 29 } 30 else 31 { 32 array_push($errors, l10n('Invalid email adress.')); 33 } 34 35 $_GET['action'] = 'manage'; 36 } 37 if (isset($_GET['unsubscribe'])) 38 { 39 $query = ' 40 DELETE FROM '.SUBSCRIBE_TO_TABLE.' 41 WHERE 42 id = '.pwg_db_real_escape_string($_GET['unsubscribe']).' 43 AND email = "'.$_GET['email'].'" 44 ;'; 45 pwg_query($query); 46 47 if (pwg_db_changes(null) != 0) 48 { 49 array_push($infos, l10n('Successfully unsubscribed your email address from receiving notifications.')); 50 } 51 else 52 { 53 array_push($errors, l10n('Invalid email adress.')); 54 } 55 } 56 57 $template->assign('MANAGE_LINK', make_stc_url('manage', $_GET['email'])); 16 58 } 17 59 18 60 switch ($_GET['action']) 19 61 { 20 /* unsubscribe */ 21 case 'unsubscribe-image' : 22 if (empty($where_clause)) $where_clause = 'image_id = '.pwg_db_real_escape_string($_GET['param']); 23 case 'unsubscribe-category': 24 if (empty($where_clause)) $where_clause = 'category_id = '.pwg_db_real_escape_string($_GET['param']); 25 case 'unsubcribe-all' : 62 /* validate */ 63 case 'validate-image' : 26 64 { 27 $query = ' 28 DELETE FROM '.SUBSCRIBE_TO_TABLE.' 29 WHERE 30 email = "'.pwg_db_real_escape_string($_GET['email']).'" 31 '.(!empty($where_clause) ? 'AND '.$where_clause : null).' 32 ;'; 33 pwg_query($query); 65 if (validate_subscriptions($_GET['id'], $_GET['email'], 'image')) 66 { 67 array_push($infos, l10n('Your subscribtion has been validated, thanks you.')); 68 } 69 else 70 { 71 array_push($errors, l10n('Nothing to validate.')); 72 } 34 73 35 array_push($infos, l10n('You have been successfully unsubscribed, good bye.')); 74 $element = get_picture_infos($_GET['id']); 75 76 $template->assign(array( 77 'validate' => 'image', 78 'element' => $element, 79 )); 80 81 break; 82 } 83 case 'validate-category': 84 { 85 if (validate_subscriptions($_GET['id'], $_GET['email'], 'category')) 86 { 87 array_push($infos, l10n('Your subscribtion has been validated, thanks you.')); 88 } 89 else 90 { 91 array_push($errors, l10n('Nothing to validate.')); 92 } 93 94 $element = get_category_infos($_GET['id']); 95 96 $template->assign(array( 97 'validate' => 'category', 98 'element' => $element, 99 )); 36 100 break; 37 101 } 38 102 39 /* validate */ 40 case 'validate-image' : 41 if (empty($where_clause)) $where_clause = 'image_id = '.pwg_db_real_escape_string($_GET['param']); 42 case 'validate-category': 43 if (empty($where_clause)) $where_clause = 'category_id = '.pwg_db_real_escape_string($_GET['param']); 44 case 'validate-all' : 45 { 46 $query = ' 47 UPDATE '.SUBSCRIBE_TO_TABLE.' 48 SET validated = "true" 49 WHERE 50 email = "'.pwg_db_real_escape_string($_GET['email']).'" 51 '.(!empty($where_clause) ? 'AND '.$where_clause : null).' 52 ;'; 53 pwg_query($query); 103 /* unsubscribe */ 104 case 'unsubscribe-image' : 105 { 106 $element = get_picture_infos($_GET['id']); 54 107 55 array_push($infos, l10n('Your subscribtion has been validated, thanks you.')); 108 $template->assign(array( 109 'unsubscribe_form' => 'image', 110 'element' => $element, 111 )); 112 113 break; 114 } 115 case 'unsubscribe-category': 116 { 117 $element = get_category_infos($_GET['id']); 118 119 $template->assign(array( 120 'unsubscribe_form' => 'category', 121 'element' => $element, 122 )); 123 56 124 break; 57 125 } … … 60 128 case 'manage' : 61 129 { 130 $query = ' 131 SELECT * 132 FROM '.SUBSCRIBE_TO_TABLE.' 133 WHERE 134 email = "'.$_GET['email'].'" 135 AND validated = "true" 136 ORDER BY registration_date DESC 137 ;'; 138 $result = pwg_query($query); 139 140 if (pwg_db_num_rows($result) !== 0) 141 { 142 while ($subscription = pwg_db_fetch_assoc($result)) 143 { 144 if (!empty($subscription['image_id'])) 145 { 146 $subscription['infos'] = get_picture_infos($subscription['image_id']); 147 $subscription['type'] = 'image'; 148 } 149 else if (!empty($subscription['category_id'])) 150 { 151 $subscription['infos'] = get_category_infos($subscription['category_id']); 152 $subscription['type'] = 'category'; 153 } 154 $subscription['registration_date'] = format_date($subscription['registration_date'], true); 155 $template->append('subscriptions', $subscription); 156 } 157 } 158 else 159 { 160 $template->assign('subscriptions', 'none'); 161 } 62 162 break; 63 163 } 64 164 65 default:165 case 'hacker' : 66 166 { 67 167 set_status_header(403); … … 69 169 } 70 170 } 171 172 $template->assign(array( 173 'EMAIL' => $_GET['email'], 174 'SUBSCRIBE_TO_PATH' => SUBSCRIBE_TO_PATH, 175 )); 71 176 72 177 $template->assign(array(
Note: See TracChangeset
for help on using the changeset viewer.