dolibarr/htdocs/public/emailing/mailing-read.php

<?php
/**
 * Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2005-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2012	   Florian Henry  <florian.henry@open-concept.pro>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */


/**
 *      \file       public/emailing/mailing-read.php
 *      \ingroup    mailing
 *      \brief      Script use to update mail status if destinaries read it (if images during mail read are display)
 */

if (! defined('NOLOGIN'))        define("NOLOGIN",1);			// This means this output page does not require to be logged.
if (! defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN','1');
if (! defined('NOCSRFCHECK'))    define('NOCSRFCHECK','1');		// Do not check anti CSRF attack test
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1');	// Do not check anti POST attack test
if (! defined('NOREQUIREMENU'))  define('NOREQUIREMENU','1');	// If there is no need to load and show top and left menu

/**
 * Header empty
 *
 * @return	void
 */
function llxHeader() { }
/**
 * Footer empty
 *
 * @return	void
 */
function llxFooter() { }


require '../../main.inc.php';

$tag=GETPOST('tag');
$securitykey=GETPOST('securitykey');


/*
 * Actions
 */

dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG);

if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY)
{
	print 'Bad security key value.';
	exit;
}

if (! empty($tag))
{
	$statut='2';
	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'";
	dol_syslog("public/emailing/mailing-read.php : Mail read : ".$sql, LOG_DEBUG);

	$resql=$db->query($sql);

	//Update status communication of thirdparty prospect
	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag='".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)";
	dol_syslog("public/emailing/mailing-read.php : Mail read thirdparty : ".$sql, LOG_DEBUG);

	$resql=$db->query($sql);

    //Update status communication of contact prospect
	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.tag = '".$db->escape($tag)."' AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
	dol_syslog("public/emailing/mailing-read.php : Mail read contact : ".$sql, LOG_DEBUG);

	$resql=$db->query($sql);

}

$db->close();
?>
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`<?php`
Doxygen 2012-04-16 12:01:32 +02:00			`/**`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>`
			`* Copyright (C) 2005-2011 Laurent Destailleur <eldy@users.sourceforge.net>`
			`* Copyright (C) 2012 Florian Henry <florian.henry@open-concept.pro>`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
Prepare move to other licence. For the moment all answers for licence upgrade were not yet received. So we prepare for GPL by uniformizing licence text keys to GPL-3+. Will move later to AGPL if all answers are positive. 2013-01-16 15:36:08 +01:00			`* the Free Software Foundation; either version 3 of the License, or`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`


			`/**`
Doxygen 2012-04-16 12:01:32 +02:00			`* \file public/emailing/mailing-read.php`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`* \ingroup mailing`
			`* \brief Script use to update mail status if destinaries read it (if images during mail read are display)`
			`*/`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Qual: More log 2013-04-14 20:43:38 +02:00			`if (! defined('NOLOGIN')) define("NOLOGIN",1); // This means this output page does not require to be logged.`
Fix: EOF 2013-06-05 16:24:32 +02:00			`if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1');`
			`if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test`
			`if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not check anti POST attack test`
			`if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00
Doxygen llxHeader and llxFooter. 2013-04-15 15:43:25 +02:00			`/**`
			`* Header empty`
			`*`
			`* @return void`
			`*/`
			`function llxHeader() { }`
			`/**`
			`* Footer empty`
			`*`
			`* @return void`
			`*/`
			`function llxFooter() { }`


Removed parenthesis from all require and replaced with single quotes 2012-08-22 23:24:21 +02:00			`require '../../main.inc.php';`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00
Fix: A better fix for escaping data: escape for database must be done during sql request forging. Also renamed tag to tag. Merge: Security fix emailing read and unsubscribe unsubscribe can lead to email disclosure Conflicts: htdocs/public/emailing/mailing-unsubscribe.php 2013-01-04 18:08:34 +01:00			`$tag=GETPOST('tag');`
Fix: check read feature 2013-04-14 20:34:31 +02:00			`$securitykey=GETPOST('securitykey');`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
			`/*`
			`* Actions`
			`*/`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00
Fix: EOF 2013-06-05 16:24:32 +02:00			`dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG);`

Fix: Check on correct security key 2013-04-14 20:59:16 +02:00			`if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY)`
			`{`
			`print 'Bad security key value.';`
			`exit;`
Fix: EOF 2013-06-05 16:24:32 +02:00			`}`
Qual: More log 2013-04-14 20:43:38 +02:00
Fix: check read feature 2013-04-14 20:34:31 +02:00			`if (! empty($tag))`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`{`
			`$statut='2';`
Fix: A better fix for escaping data: escape for database must be done during sql request forging. Also renamed tag to tag. Merge: Security fix emailing read and unsubscribe unsubscribe can lead to email disclosure Conflicts: htdocs/public/emailing/mailing-unsubscribe.php 2013-01-04 18:08:34 +01:00			`$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'";`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`dol_syslog("public/emailing/mailing-read.php : Mail read : ".$sql, LOG_DEBUG);`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`$resql=$db->query($sql);`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00
			`//Update status communication of thirdparty prospect`
Fix: A better fix for escaping data: escape for database must be done during sql request forging. Also renamed tag to tag. Merge: Security fix emailing read and unsubscribe unsubscribe can lead to email disclosure Conflicts: htdocs/public/emailing/mailing-unsubscribe.php 2013-01-04 18:08:34 +01:00			`$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag='".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)";`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00			`dol_syslog("public/emailing/mailing-read.php : Mail read thirdparty : ".$sql, LOG_DEBUG);`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00			`$resql=$db->query($sql);`

			`//Update status communication of contact prospect`
Fix: A better fix for escaping data: escape for database must be done during sql request forging. Also renamed tag to tag. Merge: Security fix emailing read and unsubscribe unsubscribe can lead to email disclosure Conflicts: htdocs/public/emailing/mailing-unsubscribe.php 2013-01-04 18:08:34 +01:00			`$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.tag = '".$db->escape($tag)."' AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00			`dol_syslog("public/emailing/mailing-read.php : Mail read contact : ".$sql, LOG_DEBUG);`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`$resql=$db->query($sql);`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`}`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00
			`$db->close();`
Qual: More log 2013-04-14 20:43:38 +02:00			`?>`