[12560] | 1 | <?php |
---|
| 2 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 3 | |
---|
| 4 | global $template, $conf; |
---|
| 5 | |
---|
| 6 | $infos = $errors = array(); |
---|
| 7 | |
---|
| 8 | // check input parameters |
---|
[12600] | 9 | $_GET['verif_key'] = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null); |
---|
[12560] | 10 | if ( |
---|
| 11 | empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key']) |
---|
[12600] | 12 | or decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET['verif_key'] |
---|
[12560] | 13 | ) |
---|
| 14 | { |
---|
[12600] | 15 | $_GET['action'] = 'hacker'; |
---|
[12560] | 16 | } |
---|
[12600] | 17 | else |
---|
| 18 | { |
---|
| 19 | // sanitize inputs |
---|
| 20 | if (isset($_GET['id'])) $_GET['id'] = pwg_db_real_escape_string($_GET['id']); |
---|
| 21 | $_GET['email'] = pwg_db_real_escape_string($_GET['email']); |
---|
[12560] | 22 | |
---|
[12600] | 23 | // unsubscribe |
---|
| 24 | if (isset($_POST['unsubscribe'])) |
---|
[12560] | 25 | { |
---|
[12600] | 26 | if (un_subscribe_to_comments(!empty($_GET['id'])?$_GET['id']:'N/A', $_GET['email'], $_POST['unsubscribe'])) |
---|
| 27 | { |
---|
| 28 | array_push($infos, l10n('Successfully unsubscribed your email address from receiving notifications.')); |
---|
| 29 | } |
---|
| 30 | else |
---|
| 31 | { |
---|
| 32 | array_push($errors, l10n('Invalid email adress.')); |
---|
| 33 | } |
---|
| 34 | |
---|
| 35 | $_GET['action'] = 'manage'; |
---|
| 36 | } |
---|
| 37 | if (isset($_GET['unsubscribe'])) |
---|
| 38 | { |
---|
[12560] | 39 | $query = ' |
---|
[12600] | 40 | DELETE FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 41 | WHERE |
---|
| 42 | id = '.pwg_db_real_escape_string($_GET['unsubscribe']).' |
---|
| 43 | AND email = "'.$_GET['email'].'" |
---|
| 44 | ;'; |
---|
[12560] | 45 | pwg_query($query); |
---|
| 46 | |
---|
[12600] | 47 | if (pwg_db_changes(null) != 0) |
---|
| 48 | { |
---|
| 49 | array_push($infos, l10n('Successfully unsubscribed your email address from receiving notifications.')); |
---|
| 50 | } |
---|
| 51 | else |
---|
| 52 | { |
---|
| 53 | array_push($errors, l10n('Invalid email adress.')); |
---|
| 54 | } |
---|
[12560] | 55 | } |
---|
| 56 | |
---|
[12600] | 57 | $template->assign('MANAGE_LINK', make_stc_url('manage', $_GET['email'])); |
---|
| 58 | } |
---|
| 59 | |
---|
| 60 | switch ($_GET['action']) |
---|
| 61 | { |
---|
[12560] | 62 | /* validate */ |
---|
| 63 | case 'validate-image' : |
---|
[12600] | 64 | { |
---|
| 65 | if (validate_subscriptions($_GET['id'], $_GET['email'], 'image')) |
---|
| 66 | { |
---|
| 67 | array_push($infos, l10n('Your subscribtion has been validated, thanks you.')); |
---|
| 68 | } |
---|
| 69 | else |
---|
| 70 | { |
---|
| 71 | array_push($errors, l10n('Nothing to validate.')); |
---|
| 72 | } |
---|
| 73 | |
---|
| 74 | $element = get_picture_infos($_GET['id']); |
---|
| 75 | |
---|
| 76 | $template->assign(array( |
---|
| 77 | 'validate' => 'image', |
---|
| 78 | 'element' => $element, |
---|
| 79 | )); |
---|
| 80 | |
---|
| 81 | break; |
---|
| 82 | } |
---|
[12560] | 83 | case 'validate-category': |
---|
| 84 | { |
---|
[12600] | 85 | if (validate_subscriptions($_GET['id'], $_GET['email'], 'category')) |
---|
| 86 | { |
---|
| 87 | array_push($infos, l10n('Your subscribtion has been validated, thanks you.')); |
---|
| 88 | } |
---|
| 89 | else |
---|
| 90 | { |
---|
| 91 | array_push($errors, l10n('Nothing to validate.')); |
---|
| 92 | } |
---|
[12560] | 93 | |
---|
[12600] | 94 | $element = get_category_infos($_GET['id']); |
---|
| 95 | |
---|
| 96 | $template->assign(array( |
---|
| 97 | 'validate' => 'category', |
---|
| 98 | 'element' => $element, |
---|
| 99 | )); |
---|
[12560] | 100 | break; |
---|
| 101 | } |
---|
| 102 | |
---|
[12600] | 103 | /* unsubscribe */ |
---|
| 104 | case 'unsubscribe-image' : |
---|
| 105 | { |
---|
| 106 | $element = get_picture_infos($_GET['id']); |
---|
| 107 | |
---|
| 108 | $template->assign(array( |
---|
| 109 | 'unsubscribe_form' => 'image', |
---|
| 110 | 'element' => $element, |
---|
| 111 | )); |
---|
| 112 | |
---|
| 113 | break; |
---|
| 114 | } |
---|
| 115 | case 'unsubscribe-category': |
---|
| 116 | { |
---|
| 117 | $element = get_category_infos($_GET['id']); |
---|
| 118 | |
---|
| 119 | $template->assign(array( |
---|
| 120 | 'unsubscribe_form' => 'category', |
---|
| 121 | 'element' => $element, |
---|
| 122 | )); |
---|
| 123 | |
---|
| 124 | break; |
---|
| 125 | } |
---|
| 126 | |
---|
[12560] | 127 | /* manage */ |
---|
| 128 | case 'manage' : |
---|
| 129 | { |
---|
[12600] | 130 | $query = ' |
---|
| 131 | SELECT * |
---|
| 132 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 133 | WHERE |
---|
| 134 | email = "'.$_GET['email'].'" |
---|
| 135 | AND validated = "true" |
---|
| 136 | ORDER BY registration_date DESC |
---|
| 137 | ;'; |
---|
| 138 | $result = pwg_query($query); |
---|
| 139 | |
---|
| 140 | if (pwg_db_num_rows($result) !== 0) |
---|
| 141 | { |
---|
| 142 | while ($subscription = pwg_db_fetch_assoc($result)) |
---|
| 143 | { |
---|
| 144 | if (!empty($subscription['image_id'])) |
---|
| 145 | { |
---|
| 146 | $subscription['infos'] = get_picture_infos($subscription['image_id']); |
---|
| 147 | $subscription['type'] = 'image'; |
---|
| 148 | } |
---|
| 149 | else if (!empty($subscription['category_id'])) |
---|
| 150 | { |
---|
| 151 | $subscription['infos'] = get_category_infos($subscription['category_id']); |
---|
| 152 | $subscription['type'] = 'category'; |
---|
| 153 | } |
---|
| 154 | $subscription['registration_date'] = format_date($subscription['registration_date'], true); |
---|
| 155 | $template->append('subscriptions', $subscription); |
---|
| 156 | } |
---|
| 157 | } |
---|
| 158 | else |
---|
| 159 | { |
---|
| 160 | $template->assign('subscriptions', 'none'); |
---|
| 161 | } |
---|
[12560] | 162 | break; |
---|
| 163 | } |
---|
| 164 | |
---|
[12600] | 165 | case 'hacker' : |
---|
[12560] | 166 | { |
---|
| 167 | set_status_header(403); |
---|
| 168 | array_push($errors, l10n('Bad query')); |
---|
| 169 | } |
---|
| 170 | } |
---|
| 171 | |
---|
| 172 | $template->assign(array( |
---|
[12600] | 173 | 'EMAIL' => $_GET['email'], |
---|
| 174 | 'SUBSCRIBE_TO_PATH' => SUBSCRIBE_TO_PATH, |
---|
| 175 | )); |
---|
| 176 | |
---|
| 177 | $template->assign(array( |
---|
[12560] | 178 | 'infos' => $infos, |
---|
| 179 | 'errors' => $errors, |
---|
| 180 | )); |
---|
| 181 | |
---|
| 182 | $template->set_filenames(array('index'=> dirname(__FILE__).'/../template/subscribtions_page.tpl')); |
---|
| 183 | ?> |
---|