From 20a60fa4a3dbe81078aaa1f9b21181a8e128de1d Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Tue, 26 Oct 2021 05:06:37 +0000
Subject: [PATCH] Add X-Face and signature support for outgoing messages

---
 Rocksolid_Light/common/header.php          |   6 +-
 Rocksolid_Light/common/style.css           |   7 +
 Rocksolid_Light/rocksolid/lib/post.inc.php |  40 +++++-
 Rocksolid_Light/rocksolid/post.php         |   4 +-
 Rocksolid_Light/spoolnews/user.php         | 157 +++++++++++++++++++++
 5 files changed, 204 insertions(+), 10 deletions(-)
 create mode 100644 Rocksolid_Light/spoolnews/user.php

diff --git a/Rocksolid_Light/common/header.php b/Rocksolid_Light/common/header.php
index b334428..8ae7e84 100644
--- a/Rocksolid_Light/common/header.php
+++ b/Rocksolid_Light/common/header.php
@@ -71,9 +71,13 @@ if (file_exists($rootdir.'common/mods/images/rocksolidlight.png')) {
 				  echo '<a href="'.trim($linkitem[1]).'">'.trim($linkitem[0]).'</a>&nbsp;&nbsp';
 				}
 			}
+			echo '<a href="../spoolnews/user.php">';
                         if(isset($_COOKIE['mail_name'])) {
                                 echo '('.$_COOKIE['mail_name'].')';
-                        }
+                        } else {
+				echo 'login';
+			}
+			echo '</a>';
 ?>
 		</td>
 	</tr>
diff --git a/Rocksolid_Light/common/style.css b/Rocksolid_Light/common/style.css
index 945f17e..d771ab1 100644
--- a/Rocksolid_Light/common/style.css
+++ b/Rocksolid_Light/common/style.css
@@ -281,6 +281,13 @@ textarea.postbody {
   width: calc(1em * 1.5 * 40);
 }
 
+textarea.configuration {
+  background-color: var(--color-medium);
+  border: none;
+  color: var(--color-title);
+  resize: none;
+}
+
 /* Mobile Styles */
 @media only screen and (max-device-width: 480px) {
   body {
diff --git a/Rocksolid_Light/rocksolid/lib/post.inc.php b/Rocksolid_Light/rocksolid/lib/post.inc.php
index f6e24a8..1ac470c 100644
--- a/Rocksolid_Light/rocksolid/lib/post.inc.php
+++ b/Rocksolid_Light/rocksolid/lib/post.inc.php
@@ -194,11 +194,14 @@ function check_rate_limit($name,$set=0,$gettime=0) {
  * $ref: The references of the article
  * $body: The article itself
  */
-function message_post($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryptto) {
+function message_post($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryptto,$authname) {
   global $server,$port,$send_poster_host,$text_error,$CONFIG;
   global $www_charset,$config_dir,$spooldir;
   global $msgid_generate,$msgid_fqdn;
   flush();
+  if(file_exists($config_dir.'/userconfig/'.$authname.'.config')) {
+    $userconfig = unserialize(file_get_contents($config_dir.'/userconfig/'.$authname.'.config'));  
+  }
   if(isset($encryptthis)) {
     $workpath = $config_dir."users/";
     $username = trim(strtolower($encryptto));
@@ -281,11 +284,18 @@ function message_post($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryp
     if (isset($CONFIG['organization']))
       fputs($ns,'Organization: '.quoted_printable_encode($CONFIG['organization'])."\r\n");
     $body=trim($body);
-    if ((isset($CONFIG['postfooter'])) && ($CONFIG['postfooter']!="")) {
-      $postfooter = preg_replace('/\{DOMAIN\}/', "\n".$_SERVER['HTTP_HOST'], $CONFIG['postfooter']);
-      $body.="\n-- \n".$postfooter; 
+    if ($userconfig['signature'] !== '') {
+      $body.="\n-- \n".$userconfig['signature'];
+    } else { 
+      if ((isset($CONFIG['postfooter'])) && ($CONFIG['postfooter']!="")) {
+        $postfooter = preg_replace('/\{DOMAIN\}/', "\n".$_SERVER['HTTP_HOST'], $CONFIG['postfooter']);
+        $body.="\n-- \n".$postfooter; 
+      }
     }
     fputs($ns,'Message-ID: '.$msgid."\r\n");
+    if ($userconfig['xface'] !== '') {
+      fputs($ns,'X-Face: '.$userconfig[xface]."\r\n");
+    }
     $body=str_replace("\n.\r","\n..\r",$body);
     $body=str_replace("\r",'',$body);
     $body=stripSlashes($body);
@@ -312,12 +322,15 @@ function message_post($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryp
   }
   return $message;
 }
-function message_post_with_attachment($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryptto) {
+function message_post_with_attachment($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryptto,$authname) {
   global $server,$port,$send_poster_host,$CONFIG,$text_error;
-  global $file_footer,$www_charset,$spooldir;
+  global $config_dir,$www_charset,$spooldir;
   global $msgid_generate,$msgid_fqdn;
   global $CONFIG;
   flush();
+  if(file_exists($config_dir.'/userconfig/'.$authname.'.config')) {
+    $userconfig = unserialize(file_get_contents($config_dir.'/userconfig/'.$authname.'.config')); 
+  }
   $msgid=generate_msgid($subject.",".$from.",".$newsgroups.",".$ref.",".$body);
 /*
  * SPAM CHECK
@@ -370,14 +383,27 @@ function message_post_with_attachment($subject,$from,$newsgroups,$ref,$body,$enc
     }
     if (isset($CONFIG['organization']))
       fputs($ns,'Organization: '.quoted_printable_encode($CONFIG['organization'])."\r\n");
+    if ($userconfig['signature'] !== '') {
+      $body.="\n-- \n".$userconfig['signature'];
+    } else {
+      if ((isset($CONFIG['postfooter'])) && ($CONFIG['postfooter']!="")) {
+        $postfooter = preg_replace('/\{DOMAIN\}/', "\n".$_SERVER['HTTP_HOST'], $CONFIG['postfooter']);
+        $body.="\n-- \n".$postfooter;
+      }
+    }
+/*
     if ((isset($file_footer)) && ($file_footer!="")) {
       $footerfile=fopen($file_footer,"r");
       $body.="\n".fread($footerfile,filesize($file_footer));
       fclose($footerfile);
-	}
+        }
+*/
 	$boundary=uniqid('', true);
 	$body.="\r\n--------------".$boundary."\r\n";
     fputs($ns,'Message-ID: '.$msgid."\r\n");
+    if ($userconfig['xface'] !== '') {
+      fputs($ns,'X-Face: '.$userconfig[xface]."\r\n");
+    }
     fputs($ns,'Content-Type: multipart/mixed;boundary="------------'.$boundary.'"');
     fputs($ns,"\r\n");
     $contenttype = shell_exec('file -b --mime-type '.$spooldir.'/upload/'.$_FILES[photo][name]);
diff --git a/Rocksolid_Light/rocksolid/post.php b/Rocksolid_Light/rocksolid/post.php
index d207c62..687c859 100644
--- a/Rocksolid_Light/rocksolid/post.php
+++ b/Rocksolid_Light/rocksolid/post.php
@@ -234,11 +234,11 @@ if ($type=="post") {
 // There is an attachment to handle 
 		$message=message_post_with_attachment(quoted_printable_encode($subject),
                  $nemail." (".quoted_printable_encode($name).")",
-                 $newsgroups,$references_array,addslashes($body),$_POST['encryptthis'],$_POST['encryptto']);
+                 $newsgroups,$references_array,addslashes($body),$_POST['encryptthis'],$_POST['encryptto'],strtolower($name));
 	} else {
 	  $message=message_post(quoted_printable_encode($subject),
                  $nemail." (".quoted_printable_encode($name).")",
-                 $newsgroups,$references_array,addslashes($body),$_POST['encryptthis'],$_POST['encryptto']);
+                 $newsgroups,$references_array,addslashes($body),$_POST['encryptthis'],$_POST['encryptto'],strtolower($name));
 	}
 	  // Article sent without errors, or duplicate?
       if ((substr($message,0,3)=="240") ||
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
new file mode 100644
index 0000000..7435067
--- /dev/null
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -0,0 +1,157 @@
+<?php
+session_start();
+
+include "config.inc.php";
+include "newsportal.php";
+
+  if(isset($_COOKIE['tzo'])) {
+    $offset=$_COOKIE['tzo'];
+  } else {
+    $offset=$CONFIG['timezone'];
+  }
+
+$keyfile = $spooldir.'/keys.dat';
+$keys = unserialize(file_get_contents($keyfile));
+
+if($_POST['command'] == 'Logout') {
+  unset($_COOKIE['mail_name']); 
+  setcookie('mail_name', null, -1, '/');
+  unset($_COOKIE['mail_auth']);
+  setcookie('mail_auth', null, -1, '/');
+  unset($_COOKIE['cookie_name']);
+  setcookie('cookie_name', null, -1, '/');
+  unset($_POST['username']);
+  include "head.inc";
+  echo 'You have been logged out';
+  exit(0);
+}
+include "head.inc";
+
+// How long should cookie allow user to stay logged in?
+// 14400 = 4 hours
+  $auth_expire = 14400;
+  $logged_in = false;
+  if(!isset($_POST['username'])) {
+    $_POST['username'] = $_COOKIE['mail_name'];
+  }
+  $name = $_POST['username'];
+  if((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
+    $logged_in = true;
+  } else {
+    if(check_bbs_auth($_POST['username'], $_POST['password'])) {
+      $authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
+?>
+      <script type="text/javascript">
+       if (navigator.cookieEnabled)
+         var authcookie = "<?php echo $authkey; ?>";
+         var savename = "<?php echo stripslashes($name); ?>";
+	 var auth_expire = "<?php echo $auth_expire; ?>";
+	 var name_expire = "7776000";
+         document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
+         document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
+      </script>
+<?php
+      $logged_in = true;
+    }
+  }
+  echo '<h1 class="np_thread_headline">';
+    
+  echo '<a href="user.php" target='.$frame['menu'].'>Configuration</a> / ';
+  echo htmlspecialchars($_POST['username']).'</h1>';
+
+echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';
+// Mail button
+    if($logged_in == true) {
+      echo '<td>';
+      echo '<form target="'.$frame['content'].'" method="post" action="mail.php">';
+      echo '<input name="command" type="hidden" id="command" value="Message" readonly="readonly">';
+      echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+      echo "<input type='hidden' name='password' value='".$_POST['password']."' />";
+      echo '<button class="np_button_link" type="submit">Mail</button>';
+      echo '</form>';
+      echo '</td>';
+// Logout button
+      echo '<td>';
+      echo '<form target="'.$frame['content'].'" method="post" action="user.php">';
+      echo '<input name="command" type="hidden" id="command" value="Logout" readonly="readonly">';
+      echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+      echo "<input type='hidden' name='password' value='".$_POST['password']."' />";
+      echo "<input type='hidden' name='id' value='".$_POST['id']."' />";
+      echo '<button class="np_button_link" type="submit">Logout</button>';
+      echo '</form>';
+      echo '</td>';
+    }
+    echo '<td width=100%></td></tr></table>';
+
+if(isset($_POST['username'])) {
+  $name = $_POST['username'];
+// Save name in cookie
+  if ($setcookies==true) {
+    setcookie("mail_name",stripslashes($name),time()+(3600*24*90));
+  }
+} else {
+  if ($setcookies) {
+    if ((isset($_COOKIE["mail_name"])) && (!isset($name))) {
+      $name=$_COOKIE["mail_name"];
+    } else {
+      $name = '';
+    }
+  }
+}
+        if($logged_in !== true) {
+echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
+echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
+echo '<tr><td><strong>Please Login<br /></strong></td></tr>';
+echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>';
+echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
+echo '<td><input name="command" type="hidden" id="command" value="Login" readonly="readonly"></td>';
+echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'].$name, PASSWORD_DEFAULT).'">';
+echo '<td>&nbsp;</td>';
+echo '<td><input type="submit" name="Submit" value="Login"></td>';
+echo '</tr>';
+echo '</form>';
+echo '</table>';
+	exit(0);
+      	}
+
+  $user = strtolower($_POST['username']);
+  unset($user_config);
+
+// Apply Config
+    if(isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
+	$user_config['signature'] = $_POST['signature'];
+        $user_config['xface'] = $_POST['xface'];
+        $user_config['timezone'] = $_POST['timezone'];
+	file_put_contents($config_dir.'/userconfig/'.$user.'.config', serialize($user_config));
+	echo 'Configuration Saved for '.$_POST[username];
+    } else {
+	$user_config = unserialize(file_get_contents($config_dir.'/userconfig/'.$user.'.config'));
+    }
+
+// Show Config 
+    echo '<hr><h1 class="np_thread_headline">Configuration:</h1>';
+    echo '<table cellspacing="0" width="100%" class="np_results_table">';
+    echo '<tr class="np_thread_head"><td class="np_thread_head">Settings for '.$_POST[username].' (leave blank for none):</td></tr>';
+    echo '<form method="post" action="user.php">';
+    echo '<tr class="np_result_line1">';
+      echo '<td class="np_result_line1" style="word-wrap:break-word";>Signature:</td>';
+        echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><textarea class="configuration" id="signature" name="signature" rows="6" cols="70">'.$user_config[signature];
+	echo '</textarea></td>'; 
+	echo '</tr>';
+      echo '<td class="np_result_line1" style="word-wrap:break-word";>X-Face:</td>';
+        echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><textarea class="configuration" id="xface" name="xface" rows="4" cols="80">'.$user_config[xface];
+        echo '</textarea></td>';	
+        echo '</tr>';
+/*
+      echo '<td class="np_result_line1" style="word-wrap:break-word";>Timezone offset (+/- hours from UTC):</td>';
+	echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><input type="text" name="timezone" value="'.$user_config[timezone].'"></td>';
+        echo '</tr>';
+*/
+      echo '<td class="np_result_line2" style="word-wrap:break-word";>';
+	echo '<button class="np_button_link" type="submit">Save Configuration</button>';
+      echo '</td></tr>';
+      echo '<input name="command" type="hidden" id="command" value="SaveConfig" readonly="readonly">';
+    echo '</form>';
+    echo '</tbody></table><br />';
+    include "tail.inc";
+?>