Verify logged in user before displaying a message in mail.php

This commit is contained in:
Retro_Guy 2021-06-04 03:25:31 +00:00
parent e042c25c00
commit 4096ff8d18
1 changed files with 5 additions and 1 deletions

View File

@ -54,6 +54,8 @@ echo '</form>';
echo '</table>'; echo '</table>';
exit(0); exit(0);
} }
$user = strtolower($_POST['username']);
if(isset($_POST['command']) && $_POST['command'] == 'Message') { if(isset($_POST['command']) && $_POST['command'] == 'Message') {
$database = $spooldir.'/mail.db3'; $database = $spooldir.'/mail.db3';
$dbh = mail_db_open($database); $dbh = mail_db_open($database);
@ -69,6 +71,9 @@ echo '</table>';
$newdate = $ts->format('D, j M Y H:i T'); $newdate = $ts->format('D, j M Y H:i T');
} }
unset($ts); unset($ts);
if(($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) {
continue;
}
$body = rtrim(nl2br($row['message'])).'<br />'; $body = rtrim(nl2br($row['message'])).'<br />';
echo '<div class="np_article_header">'; echo '<div class="np_article_header">';
echo '<b>Subject:</b> '.$row['subject'].'<br />'; echo '<b>Subject:</b> '.$row['subject'].'<br />';
@ -130,7 +135,6 @@ echo '</table>';
$dbh = null; $dbh = null;
} }
} }
$user = strtolower($_POST['username']);
if(isset($_POST['command']) && $_POST['command'] == 'Send') { if(isset($_POST['command']) && $_POST['command'] == 'Send') {
if(isset($_POST['id'])) { if(isset($_POST['id'])) {
$database = $spooldir.'/mail.db3'; $database = $spooldir.'/mail.db3';