From 90479d970b13bb670bb45c31cfaf38f0aedd1234 Mon Sep 17 00:00:00 2001
From: Henoch Einbier <axcessor@hotmail.com>
Date: Fri, 29 Dec 2023 04:52:42 +0000
Subject: [PATCH] =?UTF-8?q?DSGVO=20Fix:=20Kein=20Newsletter=20mehr=20an=20?=
 =?UTF-8?q?gesperrte=20User,=20die=20durch=20die=20Sperrung=20keine=20M?=
 =?UTF-8?q?=C3=B6glichkeit=20der=20Abmeldung=20mehr=20haben?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminforce/content/newssystem/news.php | 32 ++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/adminforce/content/newssystem/news.php b/adminforce/content/newssystem/news.php
index b603efd..9529c5e 100644
--- a/adminforce/content/newssystem/news.php
+++ b/adminforce/content/newssystem/news.php
@@ -16,13 +16,35 @@ if ($_POST['news2'] == 'Newsletter und seite') {
     db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
     if ($_POST['id'] == 0) db_query("INSERT INTO " . $db_prefix . "_news (zeit,titel,news) VALUES ('" . time() . "','" . $_POST['titel'] . "','" . $_POST['news'] . "')");
     if ($_POST['id'] >= 1) db_query("UPDATE " . $db_prefix . "_news SET titel='" . $_POST['titel'] . "',news='" . $_POST['news'] . "' WHERE id='" . $_POST['id'] . "'");
-    $empfaenger = db_query('SELECT emailadresse FROM ' . $db_prefix . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
-    while ($user = mysql_fetch_assoc($empfaenger)) usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
+    $empfaenger = db_query('
+		SELECT e.emailadresse, k.status
+		FROM ' . $db_prefix . '_emaildaten e
+		LEFT JOIN ' . $db_prefix . '_kontodaten k ON e.uid = k.uid
+		WHERE e.freigabe_fuer IN (1, 3)
+		GROUP BY e.emailadresse
+	');
+
+	while ($row = mysql_fetch_assoc($empfaenger)) {
+		if ($row['status'] == 1) {
+			usermail($row['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $system['seitenname'] . '" <' . $system['betreibermail'] . '>');
+		}
+	}
 }
 if ($_POST['news3'] == 'Newsletter') {
     db_query("UPDATE " . $db_prefix . "_kontodaten SET news='1' WHERE 1");
-    $empfaenger = db_query('SELECT emailadresse FROM ' . $db_prefix . '_emaildaten WHERE freigabe_fuer = 1 OR freigabe_fuer = 3 GROUP BY emailadresse');
-    while ($user = mysql_fetch_assoc($empfaenger)) usermail ($user['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $seitenname . '" <' . $betreibermail . '>');
+    $empfaenger = db_query('
+		SELECT e.emailadresse, k.status
+		FROM ' . $db_prefix . '_emaildaten e
+		LEFT JOIN ' . $db_prefix . '_kontodaten k ON e.uid = k.uid
+		WHERE e.freigabe_fuer IN (1, 3)
+		GROUP BY e.emailadresse
+	');
+
+	while ($row = mysql_fetch_assoc($empfaenger)) {
+		if ($row['status'] == 1) {
+			usermail($row['emailadresse'], $_POST['titel'], $_POST['news'], '"' . $system['seitenname'] . '" <' . $system['betreibermail'] . '>');
+		}
+	}
 }
 
 if ($_POST['load'] == 'Editieren') {
@@ -74,4 +96,4 @@ head("News schreiben (html erlaubt!)");
 <input type="Hidden" name="id" value="<?php echo $id;?>">
 </form>
 </div>
-<?php foot();?>
\ No newline at end of file
+<?php foot();?>
-- 
GitLab