<?
	include('maillist/config.inc.php');

	$connection = mysql_connect($db_server, $db_user, $db_password) or die("Could not connect : " . mysql_error());

	mysql_select_db($db_name) or die("Could not select database");

	/*

	check address for basic validity. if ok proceed, if not, return message and exit

	if valid, insert in db with random md5 key of something (time?) and send email to address with link back to confirm.php

	*/

	$headers = "From: $owner_email\r\nReply-To: $owner_email";

	function validate_email($email) {

	  // First, we check that there's one @ symbol, and that the lengths are right

	  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {

	    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.

	    return false;

          }

          // Split it into sections to make life easier

	  $email_array = explode("@", $email);

	  $local_array = explode(".", $email_array[0]);

	  for ($i = 0; $i < sizeof($local_array); $i++) {

	    if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_{|}~-][A-Za-z0-9!#$%&'*+/=?^_{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {

	      return false;

            }

          }

	  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name

	    $domain_array = explode(".", $email_array[1]);

	    if (sizeof($domain_array) < 2) {

	      return false; // Not enough parts to domain

            }

	    for ($i = 0; $i < sizeof($domain_array); $i++) {

	      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {

	        return false;

	      }

            }

          }

        return true;

      }

if ($_POST[address]) {// Submitting sub/unsub request from web page

	$email = $_POST[address];

	$blacklisted = false;

	$blacklist_query = "SELECT * FROM mailinglist_blacklist";

	$blacklist_result = mysql_query($blacklist_query) or die("Query5 failed : " . mysql_error());

	while ($blacklist_row = mysql_fetch_assoc($blacklist_result))

	{

		$pos = strpos($email, $blacklist_row[rule]);

		if ($pos !== false)

		{

			$blacklisted = true;

		}

	}

	if (validate_email($email) And !$blacklisted)

	{

		// Email is potentially valid

		// See if in db, if so, send unsub email

		// if not in db, insert record and send sub email

		$key = md5(time());

		$auth_link = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "?address=$email&key=$key";

		$req_time = time();

		$query = "SELECT * FROM mailinglist_subscribers WHERE address = '".addslashes($email)."'";

		$result = mysql_query($query) or die("Query1 failed : " . mysql_error());

		$num_rows = mysql_num_rows($result);

		if ($num_rows == 1) // Record exists in db, send unsub email

		{

			$row = mysql_fetch_assoc($result);

			if ($row[confirmed] == 1)

			{

				$subject = "Please confirm your unsubscribe request from $list_name";

				$action = "unsubscribe from";

				$auth_link = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "?address=$email&key=$row[userkey]&c=0";

			}

			else

			{

				$subject = "Please confirm your subscribe request from $list_name";

				$action = "subscribe to";

				$auth_link .= "&c=1";

				$query = "UPDATE mailinglist_subscribers SET userkey='$key', last_sub_req_date='$req_time' WHERE address = '".addslashes($email)."'";

				$result = mysql_query($query) or die("Query2 failed : " . mysql_error());

			}

		}

		else // no record in db, insert record and send sub email

		{

			$query = "INSERT INTO mailinglist_subscribers VALUES ('".addslashes($email)."', '$key', '0', '$req_time', '0')";

			$result = mysql_query($query) or die("Query3 failed : " . mysql_error());

			$subject = "Please confirm your subscribe request to $list_name";

			$action = "subscribe to";

			$auth_link .= "&c=1";

		}

		$message = "To confirm the request to $action the list: $list_name, ";

		$message .= "we ask that you follow this link:\n\n$auth_link\n\nIf you are unable to click ";

		$message .= "the link, please copy and paste it into your web browser.\n\n";

		$message .= "$owner_email\n";

		mail($email, $subject, $message, $headers);

		$status_message = "A confirmation email has been sent to $email.";

	}

	else

	{

		// Email is invalid

		$status_message = "We're sorry, this email address seems to be invalid or it's not allowed to sign up for this list. 

					Please check the address and try again or email $owner_email for assitance.";

	}

	#echo $status_message;

}

elseif($_GET)	// Confirming a sub/unsub request from a link

{

	$email = trim($_GET[address]);

	$key = trim($_GET[key]);

	$confirm = trim($_GET[c]);

	$query = "SELECT * FROM mailinglist_subscribers WHERE address = '".addslashes($email)."' AND userkey = '$key'";

	$result = mysql_query($query) or die("Query4 failed : " . mysql_error());

	if(mysql_num_rows($result)) // The address and key match a record in the db. Proceed to verify request.

	{

		// if db has 0 and user has 0, that's an attempt to unsubscribe an unconfirmed address - denied

		// if db has 0 and user has 1, that's an attempt to confirm an unconfirmed address - allowed

		// if db has 1 and user has 0, that's an attempt to unsubscribe a confirmed address - allowed

		// if db has 1 and user has 1, that's an attempt to subscribe a confirmed address - denied

		$row = mysql_fetch_assoc($result);

		if($row[confirmed] == 0 And $confirm == 1)

		{

			// user is in db, email and key are correct, they have not confirmed so this is a confirmation,

			// update confirm and present message

			$query = "UPDATE mailinglist_subscribers SET confirmed = '1' WHERE address = '".addslashes($email)."' AND userkey = '$key'";

			$result = mysql_query($query) or die("Query6 failed : " . mysql_error());

			$confirm_message = "Thank you, your subscription to $list_name has been confirmed. To unsubscribe at any time ";

			$confirm_message .= "just enter your email address below.\n";

			if($notify_on_confirm)

			{

				// Count subscribers for admin email

				$count_query = "SELECT COUNT(*) FROM mailinglist_subscribers WHERE confirmed = '1'";

				$count_result = mysql_query($count_query) or die("Query failed : " . mysql_error());

				$count_confirmed = mysql_fetch_row($count_result);

				$admin_note = "$email has joined $list_name. There are now $count_confirmed[0] members subscribing to this list.";

				mail($owner_email, "$list_name Subscription Confirmation", "$admin_note", $headers);

			}

			if($notify_user_on_confirm)

			{

				$user_note = "Thank you for joining the $list_name list.";

				mail($email, "$list_name Subscription Confirmation", "$user_note", $headers);

			}

		}

		elseif($row[confirmed] == 1 And $confirm == 0)

		{

			// user is in db, email and key are correct, they were already confirmed so this is an unsubscribe req

			// remove user from db and present message

			$query = "DELETE FROM mailinglist_subscribers WHERE address = '".addslashes($email)."' AND userkey = '$key'";

			$result = mysql_query($query) or die("Query failed : " . mysql_error());

			$confirm_message = "Thank you, you have been unsubscribed from $list_name.";

			if($notify_on_unsub)

			{

				// Count subscribers for admin email

				$count_query = "SELECT COUNT(*) FROM mailinglist_subscribers WHERE confirmed = '1'";

				$count_result = mysql_query($count_query) or die("Query failed : " . mysql_error());

				$count_confirmed = mysql_fetch_row($count_result);

				$admin_note = "$email has unsubscribed from $list_name. There are now $count_confirmed[0] members subscribing to this list.";

				mail($owner_email, "$list_name Unsubscription", "$admin_note", $headers);

			}

			if($notify_user_on_unsub)

			{

				$user_note = "You have been successfully unsubsribed from the $list_name list.";

				mail($email, "$list_name Unsubscription Confirmation", "$user_note", $headers);

			}

		}

		else

		{

			// one of the two denied conditions above occurred.

			$confirm_message = "Error processing request. Please contact $owner_email for assistance.\n";

		}

	}

	else

	{

		// No record found to confirm or unsubscribe in db

		$confirm_message = "Error processing request. Please contact $owner_email for assistance.\n";

	}

	#echo $confirm_message;

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><!-- InstanceBegin template="Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="Description" content="Official site for Fish: writer, actor and vocalist. Extensive information covering his 30 years in the entertainment industry from his very first gigs to the latest news. Also includes on-line shopping, emails from Fish, up-coming gigs, discography and lyrics, photos, biographies, interviews, artwork and video clips." />
<meta name="Keywords" content="fish, music, The Perception of Fish, 13th star, arc of the curve, arch of the curve, thirteenth star, bouillabaisse, field of crows, fellini nights, fools company, mixed company, fellini days, raingods with zippos, kettle of fish, vigil in a wilderness of mirrors, songs from the mirror, guddler, sushi, toiling in the reeperbahn, pigpen's birthday, for whom the bells toll, internal exile, yin, yang, suits, fish head curry, krakow, derek dick and his amazing electric bear, sunsets on empire, uncle fish and the crypt creepers, company scotland, scottish, haddington, lothian, dick bros, marillion, marilion, marrillion, marrilion" />
<link rel="meta" href="http://www.fish-thecompany.com/labels.xml" type="application/rdf+xml" title="ICRA labels" />
<meta http-equiv="PICS-Label" content='(pics-1.1 &quot;http://www.icra.org/pics/vocabularyv03/&quot; l gen true for &quot;http://fish-thecompany.com&quot; r (n 0 s 0 v 0 l 2 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) gen true for &quot;http://www.fish-thecompany.com&quot; r (n 0 s 0 v 0 l 2 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))' />
<link href="http://www.fish-thecompany.com/p3p.xml" rel="P3Pv1" type="text/xml" />
<meta content='policyref=&quot;http://www.fish-thecompany.com/p3p.xml&quot;' http-equiv="P3P" />
<meta http-equiv="imagetoolbar" content="no" />
<!-- InstanceBeginEditable name="doctitle" --><title>Official Fish site: </title><!-- InstanceEndEditable -->
<link rel="stylesheet" type="text/css" href="fish2.css" />
<script src="fish2.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script>
<script src="js.js" type="text/javascript"></script>
<script type="text/javascript" src="jquery.DOMWindow.js"></script>
<link rel="stylesheet" type="text/css" href="yoxview/yoxview.css" />
<script type="text/javascript" src="yoxview/jquery.jsonp-1.0.4.min.js"></script>
<script type="text/javascript" src="yoxview/jquery.timers-1.2.min.js"></script>
<script type="text/javascript" src="yoxview/yox.min.js"></script>
<script type="text/javascript" src="yoxview/jquery.yoxthumbs.min.js"></script>
<script type="text/javascript" src="yoxview/jquery.yoxview-1.9.min.js"></script>
<script language="javascript" type="text/javascript">
$(document).ready(function()
{$(".yoxview").yoxview(); });
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_uacct = "UA-201867-4";
urchinTracker();
</script>
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
<link rel="SHORTCUT ICON" href="images/favicon.ico" />
</head>
<body>
<a name="pagetop" id="pagetop"></a>
<div class="wrapper">
<div class="banner"></div>
<div class="main">
<!-- InstanceBeginEditable name="PageTitle" --><div class="headerw">Mailing lists</div><!-- InstanceEndEditable --><br />
<div class="sdmenu">
<div class="submenu">
<a href="lemail.php" title="Fish's FaceBook updates">Fish's FaceBook</a>
<a href="shop.htm" title="On-line Shop">Online Fish Shop</a>
<a href="gigs.htm" title="New gigs">New Fish Gigs</a>
<a href="latest.htm" title="Latest news">Latest Fish News</a>
<a href="http://www.fish-thecompany.com/forum/" title="Forum">Fish Forum</a>
<a href="journal.htm" title="Site journal">Site Journal</a>
<a href="tourhist.htm" title="Tour history">Fish Tour History</a>
<a href="sitemap.php" title="Site map">Site Map</a>
<a href="disco.htm" title="Discography">Fish Discography</a>
<a href="bio.htm" title="Biographies">Biographies</a>
<a href="email.htm" title="Fish old Emails">Fish's Blog</a>
<a href="lyrics.htm" title="Lyrics">Fish Lyrics A-Z</a>
<a href="photos.htm" title="Photographs">Fish Photographs</a>
<a href="promo.htm" title="Press room">Press Room</a>
<a href="company.htm" title="Fan clubs">Fish Fan Clubs</a>
<a href="lists.php" title="Mailing lists">Fish Mailing Lists</a>
<a href="javascript:fish('webeditor','fish-thecompany','com')">Email web editor</a>
<a href="javascript:fish('sales','fish-thecompany','com')">Email Fish office</a>
<a href="terms.htm" title="Terms &amp; conditions">Ts &amp; Cs</a>
</div>
<div class="ads">
<a href="http://shop.fish-thecompany.com/acatalog/">Support Fish:<br />Buy directly from his online shop</a><br />
<script type="text/javascript">
google_ad_client = "pub-8229787312605884";
google_ad_width = 120;
google_ad_height = 600;
google_ad_format = "120x600_as";
google_ad_type = "text";
google_ad_channel ="";
google_color_border = "37436F";
google_color_bg = "37436F";
google_color_link = "6F78AF";
google_color_text = "8F9FCF";
google_color_url = "8F9FCF";
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<a href="#pagetop"><br />^ Top of page ^</a></div>
</div>
<div class="content"><!-- InstanceBeginEditable name="content" --><a href="http://www.egroups.com/subscribe/FishFans">Subscribe to FishFans</a> - an open e-mail list for all Fish fans who want a natter!<br />
<br />
<a href="http://groups.google.com/group/freakslist?lnk=srg">Join the Freaks list</a> - the original Marillion and Fish (and associated bands) discussion list. Now reborn!
<hr />
FishHeads mailing list<br />
<br />
<? if(isset($status_message)){
	echo "<p style=\"color:white;\">$status_message</p>";
}?>
<? if(isset($confirm_message)){
	echo "<p style=\"color:white;\">$confirm_message</p>";
}?>
FishHeads is a way for Fish to send messages to everyone who is subscribed. The quantity of e-mail is not as high as a mailing list. The list of subscribers is private and will never be distributed to any other source.
To join, simply enter your email in the following form.<br /><br />
<form method="post" action="">
<input type="text" name="address" size="40" />
<input type="submit" value="Submit" name="submit" />
</form>
<br />
<br />
All subscribe/unsubscribe requests must be confirmed via email.<br />
To unsubscribe, simply fill in the form using the same email address that you subscribed with.<br /><br />
If your email address is going to change and you want to keep receiving the FishHeads posts, you should unsubscribe your original email address, and subscribe with your new email address.<!-- InstanceEndEditable --></div>
</div></div>
<div class="clr">&nbsp;</div>
<div class="sdmenuft"><hr />
Site content &copy;1981-2011 Derek W. Dick/Fish. Artwork &copy;1983-2011 <a href="http://www.the-masque.com/">Mark Wilkinson</a>. Site design, code and images &copy;1998-2011 <a href="http://www.grafixation.co.uk/">Grafixation</a> and <a href="http://johnreid.it/">John Reid</a> including PHPBB design<br />
Text, images, sound clips and code may not be copied without permission. All rights reserved. <a href="terms.htm">Terms and conditions apply</a><br />Chocolate Frog Record Company Ltd. registered office: 6th Floor, New Baltic House, 65 Fenchurch St., London EC3M 4BE. Company No. 04007392</div>
</body><!-- InstanceEnd --></html>