'; // print $fwduuid . '
'; // print $messageuuid . '
'; // print $useruuid . '
'; $linkdata = Sql_Fetch_Assoc_query(sprintf('select * from %s where uuid = "%s"', $GLOBALS['tables']['linktrack_forward'], $fwduuid)); if (empty($linkdata)) { FileNotFound(); } $fwdid = $linkdata['id']; $userdata = Sql_Fetch_array_query(sprintf('select id from %s where uuid = "%s"', $GLOBALS['tables']['user'], $useruuid)); if (empty($userdata)) { FileNotFound(); } $userid = $userdata['id']; $messagedata = Sql_Fetch_array_query(sprintf('select id from %s where uuid = "%s"', $GLOBALS['tables']['message'], $messageuuid)); if (empty($messagedata)) { FileNotFound(); } $messageid = $messagedata['id']; $allowPersonalised = true; } elseif (isset($_GET['id'])) { if (!is_string($_GET['id'])) { echo 'Invalid Request'; exit; } $id = $_GET['id']; $track = base64_decode($id); $track = $track ^ XORmask; if (!preg_match('/^(H|T)\|([1-9]\d*)\|([1-9]\d*)\|([1-9]\d*)$/', $track, $matches)) { FileNotFound(); } $msgtype = $matches[1]; $fwdid = $matches[2]; $messageid = $matches[3]; $userid = $matches[4]; $linkdata = Sql_Fetch_array_query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['linktrack_forward'], $fwdid)); if (!$linkdata) { //# try the old table to avoid breaking links $linkdata = Sql_Fetch_array_query(sprintf('select * from %s where linkid = %d and userid = %d and messageid = %d', $GLOBALS['tables']['linktrack'], $fwdid, $userid, $messageid)); if (!empty($linkdata['forward'])) { //# we're not recording clicks, but at least links from older phpList versions won't break. header('Location: '.$linkdata['forward'], true, 303); exit; } // echo 'Invalid Request'; // maybe some logging? FileNotFound(); } //# verify that this subscriber actually received this message, otherwise they're allowed //# normal URLS on test messages, but not personalised ones $allowed = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and messageid = %d', $GLOBALS['tables']['usermessage'], $userid, $messageid)); $allowPersonalised = empty($allowed[0]) ? !empty($_SESSION['adminloggedin']) : true; } else { echo 'Invalid Request'; exit; } //# hmm a bit heavy to use here @@@optimise $messagedata = loadMessageData($messageid); //print "$track
"; //print "User $userid, Mess $messageid, Link $linkid"; $ml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d', $GLOBALS['tables']['linktrack_ml'], $messageid, $fwdid)); if (empty($ml['firstclick'])) { Sql_query(sprintf('update %s set firstclick = now(),latestclick = now(),clicked = clicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); } else { Sql_query(sprintf('update %s set clicked = clicked + 1, latestclick = now() where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); } if ($msgtype == 'H') { Sql_query(sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); } else { Sql_query(sprintf('update %s set textclicked = textclicked + 1 where forwardid = %d and messageid = %d', $GLOBALS['tables']['linktrack_ml'], $fwdid, $messageid)); } $viewed = Sql_Fetch_Row_query(sprintf('select viewed from %s where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid)); if (!$viewed[0]) { Sql_Query(sprintf('update %s set viewed = now() where messageid = %d and userid = %d', $GLOBALS['tables']['usermessage'], $messageid, $userid)); Sql_Query(sprintf('update %s set viewed = viewed + 1 where id = %d', $GLOBALS['tables']['message'], $messageid)); $metaData = array(); foreach (array('HTTP_USER_AGENT', 'HTTP_REFERER') as $key) { if (isset($_SERVER[$key])) { $metaData[$key] = htmlspecialchars(strip_tags($_SERVER[$key])); } } Sql_Query(sprintf('insert into %s (messageid,userid,viewed,ip,data) values(%d,%d,now(),"%s","%s")', $GLOBALS['tables']['user_message_view'], $messageid, $userid, getClientIP(), sql_escape(serialize($metaData)))); } $uml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $messageid, $fwdid, $userid)); if (empty($uml['firstclick'])) { Sql_query(sprintf('insert into %s set firstclick = now(), forwardid = %d, messageid = %d, userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); } Sql_query(sprintf('update %s set clicked = clicked + 1, latestclick = now() where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); if ($msgtype == 'H') { Sql_query(sprintf('update %s set htmlclicked = htmlclicked + 1 where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); } elseif ($msgtype == 'T') { Sql_query(sprintf('update %s set textclicked = textclicked + 1 where forwardid = %d and messageid = %d and userid = %d', $GLOBALS['tables']['linktrack_uml_click'], $fwdid, $messageid, $userid)); } $url = $linkdata['url']; if ($linkdata['personalise']) { if (!$allowPersonalised) { FileNotFound('
'.s('Profile links in test campaigns only work when you are logged in as an administrator.').'
'); } $uid = Sql_Fetch_Row_Query(sprintf('select uniqid from %s where id = %d', $GLOBALS['tables']['user'], $userid)); if ($uid[0]) { if (strpos($url, '?')) { $url .= '&uid='.$uid[0]; } else { $url .= '?uid='.$uid[0]; } } } //print "$url
"; if (!isset($_SESSION['entrypoint'])) { $_SESSION['entrypoint'] = $url; } // Add analytics tracking parameters only to http and https URLs if (!empty($messagedata['google_track']) && preg_match('/^http/i', $url)) { require __DIR__ . '/admin/analytics.php'; $analytics = getAnalyticsQuery(); $format = $msgtype == 'H' ? 'HTML' : 'text'; $trackingParameters = $analytics->trackingParameters($format, loadMessageData($messageid)); $prefix = $analytics->prefix(); $url = addAnalyticsTracking($url, $trackingParameters, $prefix); } foreach ($plugins as $pi) { $pi->linkClick($msgtype, $fwdid, $messageid, $userid, $url); } //print "Location $url"; exit; header('Location: '.$url, true, 303); //# use 303, because Location only uses 302, which gets indexed exit;