Handle ip behind proxies

VERSION

@@ -1,4 +1,4 @@
 # file that keeps track of the latest tag in cvs and the corresponding version
 # this automates publishing a new version, when it's tagged
 # if you don't understand this, don't worry. You don't need this file
-VERSION=3.6.13
+VERSION=3.6.14-dev

public_html/lists/admin/actions/import2.php

@@ -278,7 +278,7 @@
                     $some = 1;
                 }
 
-                $history_entry = $GLOBALS['admin_scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$userid."\n\n";
+                $history_entry = $GLOBALS['adminBaseUrl'].'/?page=user&id='.$userid."\n\n";
                 reset($_SESSION['import_attribute']);
                 //   var_dump($_SESSION);exit;
                 if ($new || (!$new && $_SESSION['overwrite'] == 'yes')) {

public_html/lists/admin/actions/processqueue.php

@@ -382,8 +382,8 @@ function finish($flag, $message, $script_stage)
 
         // If plugins have not sent the report, send it the default way
         if (!$reportSent) {
-            $messageWithIntro = s('The following events occured while processing the message queue:')."\n".$message;
-            $messageWithIntroAndFooter = $messageWithIntro."\n\n".s('To stop receiving these reports read:').' https://resources.phplist.com/system/config/send_queue_processing_report'."\n\n";
+            $messageWithIntro = '<br/>'.s('The following events occured while processing the message queue:')."<br/>\n".$message;
+            $messageWithIntroAndFooter = $messageWithIntro."<br/>\n<br/>\n".s('To stop receiving these reports read:').' https://resources.phplist.com/system/config/send_queue_processing_report'."\n\n";
             sendReport($subject, $messageWithIntroAndFooter);
         }
     }
@@ -458,7 +458,7 @@ function processQueueOutput($message, $logit = 1, $target = 'summary')
         flush();
     }
 
-    $report .= "\n$infostring $message";
+    $report .= "<br/>\n$infostring $message";
     if ($logit) {
         logEvent($message);
     }
@@ -715,10 +715,10 @@ function sendEmailTest($messageid, $email)
     if (!empty($msgdata['notify_start']) && !isset($msgdata['start_notified'])) {
         $notifications = explode(',', $msgdata['notify_start']);
         foreach ($notifications as $notification) {
+            $progressUrl = $GLOBALS['adminBaseUrl'].'/?page=messages&amp;tab=active';
             sendMail($notification, s('Campaign started'),
                 s('phplist has started sending the campaign with subject %s', $msgdata['subject'])."\n\n".
-                s('to view the progress of this campaign, go to %s://%s', $GLOBALS['admin_scheme'],
-                    hostName().$GLOBALS['adminpages'].'/?page=messages&amp;tab=active'));
+                s('to view the progress of this campaign, go to %s',$progressUrl));
         }
         Sql_Query(sprintf('insert ignore into %s (name,id,data) values("start_notified",%d,now())',
             $GLOBALS['tables']['messagedata'], $messageid));
@@ -1369,10 +1369,11 @@ function sendEmailTest($messageid, $email)
             if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) {
                 $notifications = explode(',', $msgdata['notify_end']);
                 foreach ($notifications as $notification) {
+                    $resultsUrl = $GLOBALS['adminBaseUrl'].'/?page=statsoverview&id='.$messageid;
                     sendMail($notification, s('Message campaign finished'),
+
                         s('phpList has finished sending the campaign with subject %s', $msgdata['subject'])."\n\n".
-                        s('to view the statistics of this campaign, go to %s://%s', $GLOBALS['admin_scheme'],
-                            getConfig('website').$GLOBALS['adminpages'].'/?page=statsoverview&id='.$messageid)
+                        s('to view the statistics of this campaign, go to %s',$resultsUrl )
                     );
                 }
                 Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,now())',

public_html/lists/admin/connect.php

@@ -23,6 +23,19 @@
 if (empty($organisation_name)) {
     $organisation_name = $_SERVER['SERVER_NAME'];
 }
+if (defined('USER_WWWROOT')) {
+  $publicBaseUrl = USER_WWWROOT;
+  $domainParts = parse_url($publicBaseUrl);
+  $GLOBALS['public_scheme'] = $domainParts['scheme'];
+  $GLOBALS['website'] = $domainParts['host'];
+} else {
+  $publicBaseUrl = $GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot'];
+}
+if (defined('ADMIN_WWWROOT')) {
+  $adminBaseUrl = ADMIN_WWWROOT;
+} else {
+  $adminBaseUrl = $GLOBALS['admin_scheme'].'://'.$website.$GLOBALS['pageroot'].'/admin';
+}
 
 $xormask = getConfig('xormask');
 if (empty($xormask)) {
@@ -1496,6 +1509,8 @@ function hostName()
 {
     if (HTTP_HOST) {
         return HTTP_HOST;
+    } elseif (!empty($_SERVER['X_FORWARDED_FOR'])) {
+        return $_SERVER['X_FORWARDED_FOR'];
     } elseif (!empty($_SERVER['HTTP_HOST'])) {
         return $_SERVER['HTTP_HOST'];
     } else {
@@ -1506,8 +1521,7 @@ function hostName()
 
 function Redirect($page)
 {
-    $website = hostName();
-    header('Location: '.$GLOBALS['admin_scheme'].'://'.$website.$GLOBALS['adminpages']."/?page=$page");
+    header('Location: '.$GLOBALS['adminBaseUrl']."/?page=$page");
     exit;
 }
 

public_html/lists/admin/defaultconfig.php

@@ -41,7 +41,9 @@
 if (preg_match("#^www\.(.*)#i", $D_domain, $regs)) {
     $D_domain = $regs[1];
 }
-
+if (preg_match("#(.*):(\d+)#i", $D_domain, $regs)) {
+    $D_domain = $regs[1];
+}
 // for starters, you want to leave this line as it is.
 $default_config = array(
 
@@ -299,7 +301,7 @@
 
     // the location of your subscribe script
     'subscribeurl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=subscribe",
+        'value'       => $publicConfigBaseUrl."/?p=subscribe",
         'description' => s('URL where subscribers can sign up'),
         'type'        => 'url',
         'allowempty'  => 0,
@@ -308,7 +310,7 @@
 
     // the location of your unsubscribe script:
     'unsubscribeurl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=unsubscribe",
+        'value'       => $publicConfigBaseUrl."/?p=unsubscribe",
         'description' => s('URL where subscribers can unsubscribe'),
         'type'        => 'url',
         'allowempty'  => 0,
@@ -318,7 +320,7 @@
     //0013076: Blacklisting posibility for unknown users
     // the location of your blacklist script:
     'blacklisturl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=donotsend",
+        'value'       => $publicConfigBaseUrl."/?p=donotsend",
         'description' => s('URL where unknown users can unsubscribe (do-not-send-list)'),
         'type'        => 'url',
         'allowempty'  => 0,
@@ -327,7 +329,7 @@
 
 // the location of your confirm script:
     'confirmationurl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=confirm",
+        'value'       => $publicConfigBaseUrl."/?p=confirm",
         'description' => s('URL where subscribers have to confirm their subscription'),
         'type'        => 'text',
         'allowempty'  => 0,
@@ -336,7 +338,7 @@
 
     // url to change their preferences
     'preferencesurl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=preferences",
+        'value'       => $publicConfigBaseUrl."/?p=preferences",
         'description' => s('URL where subscribers can update their details'),
         'type'        => 'text',
         'allowempty'  => 0,
@@ -345,7 +347,7 @@
 
     // url to change their preferences
     'forwardurl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=forward",
+        'value'       => $publicConfigBaseUrl."/?p=forward",
         'description' => s('URL for forwarding messages'),
         'type'        => 'text',
         'allowempty'  => 0,
@@ -354,7 +356,7 @@
 
     // url to download vcf card
     'vcardurl' => array(
-        'value'       => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=vcard",
+        'value'       => $publicConfigBaseUrl."/?p=vcard",
         'description' => s('URL for downloading vcf card'),
         'type'        => 'text',
         'allowempty'  => 0,
@@ -369,10 +371,6 @@
         'category'    => 'subscription',
     ),
 
-    // the location of your subscribe script
-    //"subscribe_baseurl" => array("http://[WEBSITE]$pageroot/",
-    //  "Base URL for public pages","text"),
-
     // the subject of the message
     'subscribesubject' => array(
         'value'       => s('Request for confirmation'),
@@ -740,6 +738,18 @@ function getConfig($item)
             $hasconf = $_SESSION['hasconf'];
         }
 
+        if (defined('USER_WWWROOT')) {
+          switch ($item) {
+            case 'subscribeurl': return USER_WWWROOT.'/?p=subscribe';
+            case 'unsubscribeurl': return USER_WWWROOT.'/?p=unsubscribe';
+            case 'blacklisturl': return USER_WWWROOT.'/?p=donotsend';
+            case 'confirmationurl': return USER_WWWROOT.'/?p=confirm';
+            case 'preferencesurl': return USER_WWWROOT.'/?p=preferences';
+            case 'forwardurl': return USER_WWWROOT.'/?p=forward';
+            case 'vcardurl': return USER_WWWROOT.'/?p=vcard';
+          }  
+        }
+
         $value = '';
         if (!empty($hasconf)) {
             $req = Sql_Query(sprintf('select value,editable from %s where item = "%s"', $tables['config'],

public_html/lists/admin/index.php

@@ -602,14 +602,6 @@ function mb_strtolower($string)
     }
 }
 
-/*
-if (USEFCK) {
-  $imgdir = getenv("DOCUMENT_ROOT").$GLOBALS["pageroot"].'/'.FCKIMAGES_DIR.'/';
-  if (!is_dir($imgdir) || !is_writeable ($imgdir)) {
-    Warn("The FCK image directory does not exist, or is not writable");
-  }
-}
-*/
 
 /*
  *
@@ -708,7 +700,7 @@ function mb_strtolower($string)
 }
 
 if (WARN_ABOUT_PHP_SETTINGS && !$GLOBALS['commandline']) {
-    if (strpos(getenv('REQUEST_URI'), $pageroot.'/admin') !== 0) {
+    if (!defined('USER_WWWROOT') && strpos(getenv('REQUEST_URI'), $pageroot.'/admin') !== 0) {
         Warn(s(
             'The pageroot in your config "%s" does not match the current location "%s". Check your config file.',
             $pageroot,

public_html/lists/admin/init.php

@@ -516,7 +516,7 @@
     define('NOTIFY_SPAM', 1);
 }
 if (!defined('CLICKTRACK_LINKMAP')) {
-    define('CLICKTRACK_LINKMAP', 0);
+    define('CLICKTRACK_LINKMAP', false);
 }
 if (!defined('SIGN_WITH_HMAC')) {
     define('SIGN_WITH_HMAC', false);
@@ -713,13 +713,22 @@
     $attachment_repository = $tmpdir;
 }
 
-if (isset($pageroot)) {
-    if ($pageroot == '/') {
-        $pageroot = '';
+if (defined('USER_WWWROOT')) {
+    if (!isset($pageroot)) {
+        $pageroot = parse_url(USER_WWWROOT, PHP_URL_PATH);
     }
+    $publicConfigBaseUrl = USER_WWWROOT;
 } else {
-    $pageroot = '/lists';
+    if (isset($pageroot)) {
+        if ($pageroot == '/') {
+            $pageroot = '';
+        }
+    } else {
+        $pageroot = '/lists';
+    }
+    $publicConfigBaseUrl = "http://[WEBSITE]$pageroot";
 }
+
 // as the "admin" in adminpages is hardcoded, don't put it in the config file
 $adminpages = $GLOBALS['pageroot'].'/admin';
 

public_html/lists/admin/lib.php

@@ -398,12 +398,11 @@ function sendAdminPasswordToken($adminId)
     $adminName = $row[0];
     $email = $row[1];
 
-    $urlroot = getConfig('website').$GLOBALS['adminpages'];
     //Build the email body to be sent, and finally send it.
     $emailBody = $GLOBALS['I18N']->get('Hello').' '.$adminName."\n\n";
     $emailBody .= $GLOBALS['I18N']->get('You have requested a new password for phpList.')."\n\n";
     $emailBody .= $GLOBALS['I18N']->get('To enter a new one, please visit the following link:')."\n\n";
-    $emailBody .= sprintf('%s://%s/?page=login&token=%s', $GLOBALS['admin_scheme'], $urlroot, $key)."\n\n";
+    $emailBody .= sprintf('%s/?page=login&token=%s',$GLOBALS['adminBaseUrl'], $key)."\n\n";
     $emailBody .= $GLOBALS['I18N']->get('You have 24 hours left to change your password. After that, your token won\'t be valid.');
 
     if (sendMail($email, $GLOBALS['I18N']->get('New password'), "\n\n".$emailBody, '', '', true)) {

public_html/lists/admin/processbounces.php

@@ -580,7 +580,7 @@ function processMessages($link, $max = 3000)
                 if ($row['user']) {
                     $userdata = Sql_Fetch_Array_Query("select * from {$tables['user']} where id = ".$row['user']);
                 }
-                $report_linkroot = $GLOBALS['admin_scheme'].'://'.$GLOBALS['website'].$GLOBALS['adminpages'];
+                $report_linkroot = $GLOBALS['adminBaseUrl'];
 
                 Sql_Query(sprintf('update %s set count = count + 1 where id = %d',
                     $GLOBALS['tables']['bounceregex'], $rule['id']));
@@ -797,7 +797,8 @@ function processMessages($link, $max = 3000)
                         Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $tables['user'], $user[0]));
                         $email_req = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $tables['user'],
                             $user[0]));
-                        $unsubscribed_users .= $email_req[0]."\t\t($cnt)\t\t".$GLOBALS['scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$user[0].PHP_EOL;
+                        $unsubscribed_users .= $email_req[0]."\t\t($cnt)\t\t";
+                        $unsubscribed_users .= $GLOBALS['adminBaseUrl'].'/?page=user&id='.$user[0].PHP_EOL;
                         $unsubscribed = 1;
                     }
                     if (BLACKLIST_EMAIL_ON_BOUNCE && $cnt >= BLACKLIST_EMAIL_ON_BOUNCE) {

public_html/lists/admin/sendemaillib.php

@@ -259,7 +259,7 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array()
       You can configure how the credits are added to your pages and emails in your
       config file.
 
-      Michiel Dethmers, phpList Ltd 2003 - 2013
+      Michiel Dethmers, phpList Ltd 2003 - 2023
     */
     if (!EMAILTEXTCREDITS) {
         $html['signature'] = $PoweredByImage; //'<div align="center" id="signature"><a href="https://www.phplist.com"><img src="powerphplist.png" width=88 height=31 title="Powered by PHPlist" alt="Powered by PHPlist" border="0" /></a></div>';
@@ -427,15 +427,15 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array()
     if (ALWAYS_ADD_USERTRACK) {
         if (stripos($htmlmessage, '</body>')) {
             $htmlmessage = str_replace('</body>',
-                '<img src="'.$GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot'].'/ut.php?u='.$hash.'&amp;m='.$messageid.'" width="1" height="1" border="0" alt="" /></body>',
+                '<img src="'.$GLOBALS['publicBaseUrl'].'/ut.php?u='.$hash.'&amp;m='.$messageid.'" width="1" height="1" border="0" alt="" /></body>',
                 $htmlmessage);
         } else {
-            $htmlmessage .= '<img src="'.$GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot'].'/ut.php?u='.$hash.'&amp;m='.$messageid.'" width="1" height="1" border="0" alt="" />';
+            $htmlmessage .= '<img src="'.$GLOBALS['publicBaseUrl'].'/ut.php?u='.$hash.'&amp;m='.$messageid.'" width="1" height="1" border="0" alt="" />';
         }
     } else {
         //# can't use str_replace or str_ireplace, because those replace all, and we only want to replace one
         $htmlmessage = preg_replace('/\[USERTRACK\]/i',
-            '<img src="'.$GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot'].'/ut.php?u='.$hash.'&amp;m='.$messageid.'" width="1" height="1" border="0" alt="" />',
+            '<img src="'.$GLOBALS['publicBaseUrl'].'/ut.php?u='.$hash.'&amp;m='.$messageid.'" width="1" height="1" border="0" alt="" />',
             $htmlmessage, 1);
     }
     // make sure to only include usertrack once, otherwise the stats would go silly
@@ -512,7 +512,7 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array()
     if (CLICKTRACK && $hash != 'forwarded' && !empty($userdata['id'])) {
         // convert html message
         preg_match_all('/<a (.*)href=(["\'])(.*)\2([^>]*)>(.*)<\/a>/Umis', $htmlmessage, $links);
-        $clicktrack_root = sprintf('%s://%s/lt.php', $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot']);
+        $clicktrack_root = sprintf('%s/lt.php', $GLOBALS['publicBaseUrl']);
 
         for ($i = 0; $i < count($links[3]); ++$i) {
             $link = cleanUrl(trim($links[3][$i]));
@@ -544,16 +544,16 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array()
                 $masked = preg_replace('/=$/', '', $masked);
                 $masked = urlencode($masked);
                 if (SIGN_WITH_HMAC) {
-                    $masked .= '&amp;hm='.hash_hmac(HASH_ALGO, sprintf('%s://%s/lt.php?tid=%s', $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot'], $masked), HMACKEY);
+                    $masked .= '&amp;hm='.hash_hmac(HASH_ALGO, sprintf('%s/lt.php?tid=%s', $GLOBALS['publicBaseUrl'], $masked), HMACKEY);
                 }
 
+                ## this may need removing, CLICKTRACK_LINKMAP is badly documented, so slightly unclear how this works
                 if (!CLICKTRACK_LINKMAP) {
-                    $newlink = sprintf('<a %shref="%s://%s/lt.php?tid=%s" %s>%s</a>', $links[1][$i],
-                        $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot'], $masked, $links[4][$i],
+                    $newlink = sprintf('<a %shref="%s/lt.php?tid=%s" %s>%s</a>', $links[1][$i],
+                        $GLOBALS['publicBaseUrl'], $masked, $links[4][$i],
                         $links[5][$i]);
                 } else {
-                    $newlink = sprintf('<a %shref="%s://%s%s" %s>%s</a>', $links[1][$i], $GLOBALS['public_scheme'],
-                        $website.CLICKTRACK_LINKMAP, $masked, $links[4][$i], $links[5][$i]);
+                    $newlink = sprintf('<a %shref="%s%s" %s>%s</a>', $links[1][$i], $GLOBALS['publicBaseUrl'].CLICKTRACK_LINKMAP, $masked, $links[4][$i], $links[5][$i]);
                 }
                 $htmlmessage = str_replace($links[0][$i], $newlink, $htmlmessage);
             }
@@ -584,17 +584,15 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array()
                 $masked = str_replace('=', '', base64_encode(hex2bin(str_replace('-', '', $masked))));
 
                 if (SIGN_WITH_HMAC) {
-                    $masked .= '&hm='.hash_hmac(HASH_ALGO, sprintf('%s://%s/lt.php?tid=%s', $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot'], $masked), HMACKEY);
+                    $masked .= '&hm='.hash_hmac(HASH_ALGO, sprintf('/lt.php?tid=%s',  $GLOBALS['publicBaseUrl'], $masked), HMACKEY);
                 }
 
                 if (!CLICKTRACK_LINKMAP) {
-                    $newlinks[$linkUUID] = sprintf('%s://%s/lt.php?tid=%s', $GLOBALS['public_scheme'],
-                        $website.$GLOBALS['pageroot'], $masked);
+                    $newlinks[$linkUUID] = sprintf('%s/lt.php?tid=%s', $GLOBALS['publicBaseUrl'], $masked);
                 } else {
-                    $newlinks[$linkUUID] = sprintf('%s://%s%s', $GLOBALS['public_scheme'], $website.CLICKTRACK_LINKMAP,
+                    $newlinks[$linkUUID] = sprintf('%s%s', $GLOBALS['publicBaseUrl'].CLICKTRACK_LINKMAP,
                         $masked);
                 }
-
                 $textmessage = str_replace($links[1][$i], '[%%%'.$linkUUID.'%%%]', $textmessage);
             }
         }
@@ -1064,7 +1062,7 @@ function addAttachments($msgid, &$mail, $type,$hash = '')
                         break;
 
                     case 'text':
-                        $viewurl = $GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot'].'/dl.php?id='.$att['id'];
+                        $viewurl = $GLOBALS['publicBaseUrl'].'/dl.php?id='.$att['id'];
                         if (!empty($hash)) {
                             $viewurl .= '&uid='.$hash;
                         }