86 lines
2.6 KiB
PHP
86 lines
2.6 KiB
PHP
<?php
|
||
|
||
$webroot = $_SERVER['DOCUMENT_ROOT'];
|
||
require($webroot . '/functions.php');
|
||
|
||
$successURL = '/success.html';
|
||
$errorURL = '/error.html';
|
||
$err = "Abmeldung fehlgeschlagen";
|
||
|
||
// contents of notification email
|
||
$mailContents = [
|
||
'subject' => 'Ein Newsletter-Abonnent weniger',
|
||
'bodyText' => "Jemand hat sich vom Newsletter abgemeldet:\n\n%Placeholder%",
|
||
'fromAddress' => '***REMOVED***', // 'newsletter@tobias-radloff.de'
|
||
'fromName' => 'Tobias Radloff'
|
||
];
|
||
|
||
|
||
function RemoveSubscriberFromDB($subscriberAddress) {
|
||
$pdo = getPDO();
|
||
|
||
// make sure record exists
|
||
$check = NotYetSubscribed($subscriberAddress, $pdo);
|
||
if ( gettype($check) == 'boolean' ) {
|
||
return "Emailadresse {$subscriberAddress} ist unbekannt";
|
||
} elseif ( gettype($check) == 'string' and $check != "Emailadresse {$subscriberAddress} ist bereits eingetragen") {
|
||
return $check;
|
||
}
|
||
|
||
// delete record
|
||
global $general;
|
||
$query = $pdo->prepare($general['sql']['delete_record']);
|
||
if ( ! $query->execute([':e' => $subscriberAddress])) {
|
||
return "Fehler beim Löschen des Datenbankeintrags für {$subscriberAddress}.";
|
||
}
|
||
return TRUE;
|
||
}
|
||
|
||
|
||
// check request method – unsubscribe forms use POST but links use GET
|
||
$method = $_SERVER['REQUEST_METHOD'];
|
||
|
||
// check and sanitize email address
|
||
if ( $method == 'GET' ) {
|
||
if ( ! isset($_GET['e']) ) {
|
||
GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
|
||
} else {
|
||
$e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
|
||
}
|
||
} elseif ( $method == 'POST' ) {
|
||
if ( ! isset($_POST['e']) ) {
|
||
GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
|
||
} else {
|
||
$e = filter_var($_POST['e'], FILTER_SANITIZE_STRING);
|
||
}
|
||
} else {
|
||
GracefulExit($errorURL, "{$err}: Fehlerhafter HTTP-Request");
|
||
}
|
||
|
||
// check, sanitize and validate hash (only required for GET requests)
|
||
if ($method == 'GET') {
|
||
if ( ! isset($_GET['c']) ) {
|
||
GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
|
||
} else {
|
||
$c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
|
||
if ( ! GetConfirmationHash($e) === $c ) {
|
||
GracefulExit($errorURL, "{$err}: Fehlerhafter Hash");
|
||
}
|
||
}
|
||
}
|
||
|
||
// remove email from database
|
||
try {
|
||
$result = RemoveSubscriberFromDB($e);
|
||
if (gettype($result) == 'string') {
|
||
GracefulExit($errorURL, "{$err}: {$result}");
|
||
}
|
||
} catch(\PDOException $e) {
|
||
GracefulExit($error, "{$err}: {$e->getMessage()}");
|
||
}
|
||
|
||
// success
|
||
$mailContents['bodyText'] = str_replace('%Placeholder%', $e, $mailContents['bodyText']);
|
||
SendEmail($general['notificationAddress'], $mailContents);
|
||
GracefulExit($successURL, 'Abmeldung erfolgt: Emailadresse ist aus dem Newsletter ausgetragen');
|
||
?>
|