View Issue Details

IDProjectCategoryView StatusLast Update
0015359phpList 3 applicationAuthentication Systempublic06-05-11 23:21
Reporterrrrrob Assigned To 
Status resolvedResolutionfixed 
Product Version2.10.10 
Fixed in Version2.10.14 
Summary0015359: User Specific Authentication Pages Loose Formatting
Descriptionwhen the phplis driven site directs a user to a user specific login page (one that needs a password) the formatting of the page becomes generic causing the user to think they have left the current site. This is causing some users to think they have been redirected under false pretenses. It happens when ever they are asked for their password.

There is a complete list of what has been found and done to this point at the following link in the forums
Additional InformationHave compared the index files of versions 2.10.9 and 2.10.10 and noticed that most of the changes between the two relate to the unsubscribe function. going to post current findings to the forum as well in more detail.
TagsNo tags attached.


related to 0015320 resolvedmichiel Unsubscription should only be possible by a subscriber himself and not by a third person 



11-11-09 18:56

reporter   ~0050775

The pagedata is not initialised for normal newsletter preferences links, because in this state there is no list known.


--- phplist-2.10.10/public_html/lists/index.php 2009-05-05 15:13:14.000000000 +0200
+++ lists/index.php 2009-11-11 18:05:35.065632639 +0100
@@ -199,6 +199,7 @@
 if ($login_required && empty($_SESSION["userloggedin"]) && !$canlogin) {
+ $data = PageData(0);
   print LoginPage($id,$userid,$emailcheck,$msg);
 } elseif (isset($_GET['p']) && preg_match("/(\w+)/",$_GET["p"],$regs)) {
   if ($id) {

11-11-09 18:56


patch-15359.diff (408 bytes)   
--- phplist-2.10.10.denied/public_html/lists/index.php	2009-05-05 15:13:14.000000000 +0200
+++ lists/index.php	2009-11-11 18:05:35.065632639 +0100
@@ -199,6 +199,7 @@
 if ($login_required && empty($_SESSION["userloggedin"]) && !$canlogin) {
+  $data = PageData(0);
   print LoginPage($id,$userid,$emailcheck,$msg);
 } elseif (isset($_GET['p']) && preg_match("/(\w+)/",$_GET["p"],$regs)) {
   if ($id) {
patch-15359.diff (408 bytes)   


12-11-09 13:52

reporter   ~0050777

In my index.php file this code comes up at line 201. I replaced the current code with this code and gave it a try. I am now getting a completely blank page when the user submits their email address to unsubscribe. Also when the user selects the link to unsubscribe, from the email message sent at signup, they get the same blank page. Could someone please confirm.


14-11-09 02:31

reporter   ~0050780

Noticed another report similar to this one

Our needs for the current situation call for an immediate answer that will work smoothly and look professional for the customer and user. Stepping back and rethinking the process has driven the following.

The individual that wants to unsubscribe is one whom is receiving the messages.
If one is not getting the messages why would one be needing to unsubscribe. These very same messages have a link to the unsubscribe page which passes threw the validation page and works. Thus why have an unsubscribe link on the sign up page. Instead remove the unsubscribe link, which does not work, and simply redirect the user to the unsubscribe link in the messages they are already getting that do work.

index.php approximately line 273

  # printf('


',$strUnsubscribeTitle); # Bug Fix remove unsubscribe link
  print $strUnsubscribeMsg;

language file ( added new line 31

$strUnsubscribeMsg = 'If you would like to unsubscribe from the message system please use the unsubscribe link at the bottom of one of you messages.



14-11-09 02:41

reporter   ~0050781

Code in last not did not look right, see this link for proper code.


06-05-11 23:21

administrator   ~0051288

seems resolved in svn