From e042c25c008f89363bd941a37bc69ce5864218b7 Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Thu, 3 Jun 2021 05:25:59 +0000
Subject: [PATCH] Add private messaging in mail.php. NOT COMPLETE

---
 Rocksolid_Light/common/rsusers.php  |  24 ++-
 Rocksolid_Light/common/style.css    |  36 +++++
 Rocksolid_Light/rocksolid/files.php |   2 +-
 Rocksolid_Light/rocksolid/mail.php  | 234 ++++++++++++++++++++++++++++
 4 files changed, 294 insertions(+), 2 deletions(-)
 create mode 100644 Rocksolid_Light/rocksolid/mail.php
diff --git a/Rocksolid_Light/common/rsusers.php b/Rocksolid_Light/common/rsusers.php
index a78ba23..3007534 100644
--- a/Rocksolid_Light/common/rsusers.php
+++ b/Rocksolid_Light/common/rsusers.php
@@ -94,7 +94,7 @@ if (!preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{
 }
 
 # Does user file already exist?
-if ($userFileHandle = @fopen($userFilename, 'r'))
+if (($userFileHandle = @fopen($userFilename, 'r')) || (get_config_value('aliases.conf', strtolower($thisusername)) !== false)) 
 {
     if ($command == "Create")
     {
@@ -206,6 +206,28 @@ function create_code($username) {
   file_put_contents($userfile, $code);
   return $code;
 }
+
+function get_config_value($configfile,$request) {
+  global $config_dir;
+ 
+  if ($configFileHandle = @fopen($config_dir.'/'.$configfile, 'r'))
+  {
+    while (!feof($configFileHandle))
+    {
+      $buffer = fgets($configFileHandle);
+      if(strpos($buffer, $request.':') !== FALSE) {
+        $dataline=$buffer;
+        fclose($configFileHandle);
+        $datafound = explode(':',$dataline);
+        return $datafound[1];
+      }
+    } 
+    fclose($configFileHandle);
+    return FALSE;
+  } else {
+    return FALSE;
+  }
+}
 ?>
 </body>
 </html> 
diff --git a/Rocksolid_Light/common/style.css b/Rocksolid_Light/common/style.css
index 02baedc..2549a29 100644
--- a/Rocksolid_Light/common/style.css
+++ b/Rocksolid_Light/common/style.css
@@ -140,6 +140,42 @@
   font-size: 1.8em;
 }
 
+/* Mail buttons */
+.np_mail_button_link {
+  padding-left: 5px;
+  padding-right: 5px;
+  border: none;
+  color: var(--color-text-alt);
+  white-space: nowrap;
+  font-family: Arial, Helvetica, sans-serif;
+  background: var(--color-dark);
+  border-radius: 5px;
+  font-size: 1.2em;
+}
+ 
+.np_mail_button_link:hover {
+  color: var(--color-dark);
+  background: var(--color-text-alt);
+}
+
+/* Filename buttons */
+.np_filename_button_link {
+  padding-left: 5px;
+  padding-right: 5px;
+  border: none;
+  color: var(--color-text-alt);
+  white-space: nowrap;
+  font-family: Arial, Helvetica, sans-serif;
+  background: var(--color-dark);
+  border-radius: 5px;
+  font-size: 0.8em;
+}
+
+.np_filename_button_link:hover {
+  color: var(--color-dark);
+  background: var(--color-text-alt);
+}
+
 /* Username buttons */
 .np_username_button_link {
   padding-left: 5px;
diff --git a/Rocksolid_Light/rocksolid/files.php b/Rocksolid_Light/rocksolid/files.php
index 84334d6..57c60d3 100644
--- a/Rocksolid_Light/rocksolid/files.php
+++ b/Rocksolid_Light/rocksolid/files.php
@@ -95,7 +95,7 @@ function display_user_files($user, $offset) {
 // Link 
     echo '<td class="'.$lineclass.'">';
     echo '<form action="files.php" method="post" target="rslight_view">';
-    echo '<button class="np_button_link" type="submit">'.$file.'</button>';
+    echo '<button class="np_filename_button_link" type="submit">'.$file.'</button>';
     echo '<input type="hidden" name="showfile" value="'.$user.'/'.$file.'"/>';
     echo '<input type="hidden" name="showfilename" value="'.$file.'"/>';
     echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT).'">';
diff --git a/Rocksolid_Light/rocksolid/mail.php b/Rocksolid_Light/rocksolid/mail.php
new file mode 100644
index 0000000..6b71a97
--- /dev/null
+++ b/Rocksolid_Light/rocksolid/mail.php
@@ -0,0 +1,234 @@
+<?php
+session_start();
+
+include "config.inc.php";
+include "newsportal.php";
+
+  if(isset($_COOKIE['tzo'])) {
+    $offset=$_COOKIE['tzo'];
+  } else {
+    $offset=$CONFIG['timezone'];
+  }
+
+include "head.inc";
+
+echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';
+// New Message button
+    echo '<td>';
+    echo '<form target="'.$frame['content'].'" method="post" action="mail.php">';
+    echo '<input name="command" type="hidden" id="command" value="Send" readonly="readonly">';
+    echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+    echo "<input type='hidden' name='password' value='".$_POST['password']."' />";
+    echo '<button class="np_button_link" type="submit">New Message</button>';
+    echo '</form>';
+    echo '</td>';
+    echo '<td width=100%></td></tr></table>';
+
+if(isset($_POST['username'])) {
+  $name = $_POST['username'];
+// Save name in cookie
+  if ($setcookies==true) {
+    setcookie("cookie_name",stripslashes($name),time()+(3600*24*90));
+  }
+} else {
+  if ($setcookies) {
+    if ((isset($_COOKIE["cookie_name"])) && (!isset($name))) {
+      $name=$_COOKIE["cookie_name"];
+    } else {
+      $name = '';
+    }
+  }
+}
+        if(!check_bbs_auth($_POST['username'], $_POST['password'])) {
+echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
+echo '<form name="form1" method="post" action="mail.php" enctype="multipart/form-data">';
+echo '<tr><td><strong>Please Login<br /></strong></td></tr>';
+echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>';
+echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
+echo '<td><input name="command" type="hidden" id="command" value="Login" readonly="readonly"></td>';
+echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'].$name, PASSWORD_DEFAULT).'">';
+echo '<td>&nbsp;</td>';
+echo '<td><input type="submit" name="Submit" value="Login"></td>';
+echo '</tr>';
+echo '</form>';
+echo '</table>';
+	exit(0);
+      	}
+  if(isset($_POST['command']) && $_POST['command'] == 'Message') {
+    $database = $spooldir.'/mail.db3';
+    $dbh = mail_db_open($database);
+    $query = $dbh->prepare('SELECT * FROM messages where id=:id');
+    $query->execute(['id' => $_POST['id']]);
+    while (($row = $query->fetch()) !== false) {
+      $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC'));
+      $ts->add(DateInterval::createFromDateString($offset.' minutes'));
+     
+      if($offset != 0) {
+        $newdate = $ts->format('D, j M Y H:i');
+      } else {
+        $newdate = $ts->format('D, j M Y H:i T');
+      }
+      unset($ts);
+      $body = rtrim(nl2br($row['message'])).'<br />'; 
+      echo '<div class="np_article_header">';
+      echo '<b>Subject:</b> '.$row['subject'].'<br />';  
+      echo '<b>From:</b> '.$row['mail_from'].'<br />';
+      echo '<b>To:</b> '.$row['rcpt_to'].'<br />';
+      echo '<b>Date:</b> '.$newdate.'<br />';
+      echo '</div>';
+
+      echo '<div class="np_article_body">';
+      echo $body;
+    echo '<form action="mail.php" method="post">';
+    echo '<button class="np_button_link" type="submit">Reply</button>';
+    echo "<input type='hidden' name='id' value='".$row['id']."' />";
+    echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+    echo "<input type='hidden' name='password' value='".$_POST['password']."' />";
+    echo '<input name="command" type="hidden" id="command" value="Send" readonly="readonly">';
+    echo '</form>';
+      echo '</div>';
+    }
+    $dbh = null;
+ 
+  }
+        if (isSet($_POST['sendMessage'])) {
+                if (isSet($_POST['to']) && $_POST['to'] != '' && isSet($_POST['from']) && $_POST['from'] != '' && isSet($_POST['message']) && $_POST['message'] != '') {
+            if(($to = get_config_value('aliases.conf', strtolower($_POST['to']))) == false) {
+              $to = $_POST['to'];
+            }
+	    $userlist = scandir($config_dir.'/users/');
+	    $found = 0;
+	    foreach($userlist as $user) {
+	      if(trim($to) == trim($user)) {
+		$found = 1;
+		break;
+	      }
+	    }
+	 if($found == 0) {
+	    echo 'User not found: '.$to;
+	 } else { 
+            $database = $spooldir.'/mail.db3';
+            $dbh = mail_db_open($database);
+            $from = $_POST['from'];
+	    $subject = $_POST['subject'];
+	    $message = $_POST['message'];
+            $date = time();
+	    $message = $_POST['message'];
+	    $msgid = '<'.md5(strtolower($to).strtolower($from).strtolower($subject).strtolower($message)).'>';
+	    $sql = 'INSERT INTO messages(msgid, mail_from, rcpt_to, rcpt_target, date, subject, message, from_hide, to_hide, mail_viewed, rcpt_viewed) VALUES(?,?,?,?,?,?,?,?,?,?,?)';
+	    $stmt = $dbh->prepare($sql);
+// For possible future use
+	    $target = "local";
+	    $mail_viewed = "1";
+	    $rcpt_viewed = null;
+	    $q = $stmt->execute([$msgid, $from, $to, $target, $date, $subject, $message, null, null, $mail_viewed, $rcpt_viewed]);
+            if ($q) {
+              echo 'Message sent.';
+            }else
+              echo 'Failed to send message.';
+            }
+	    $dbh = null;
+	  }
+        }
+  $user = strtolower($_POST['username']);
+  if(isset($_POST['command']) && $_POST['command'] == 'Send') {
+	if(isset($_POST['id'])) {
+	  $database = $spooldir.'/mail.db3';
+          $dbh = mail_db_open($database);
+          $query = $dbh->prepare('SELECT * FROM messages where id=:id');
+          $query->execute(['id' => $_POST['id']]);
+          while (($row = $query->fetch()) !== false) {
+	    $mail_to = $row['mail_from'];
+	    if(strpos($row['subject'], 'Re: ') !== 0) {
+	      $subject = 'Re: '.$row['subject'];
+	    } else {
+	      $subject = $row['subject'];
+	    }
+	    $body=explode("\n",$row['message']);
+	    $message = $row['mail_from']." wrote:\n\n";
+	    foreach($body as $line) {
+	        if(trim($line) !== '') {
+		  $line = '>'.$line;
+	        } 
+		$message.=$line;
+	    }
+          }
+	  $dbh = null;
+	}
+                echo '<h3>Send Message:</h3>';
+                echo "<form action='mail.php' method='POST'>";
+                echo '<table><tbody><tr>';
+                echo "<td>To: </td><td><input type='text' name='to' value='".$mail_to."'/></td>";
+                echo '</tr><tr>';
+                echo "<td>Subject: </td><td><input type='text' name='subject' value='".$subject."'/></td>";
+                echo '</tr><tr>';
+		echo "<td></td><td><textarea class='postbody' id='message' name='message'>$message</textarea></td>";
+		echo '</tr><tr>';
+		echo "<input type='hidden' name='from' value='".$user."' />";
+	        echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+	        echo "<input type='hidden' name='password' value='".$_POST['password']."' />";
+                echo "<td></td><td><input type='submit' value='Send Mail' name='sendMessage' /></td>";
+		echo '</tr></tbody></table></form>';
+  }
+// Show My Messages
+            $database = $spooldir.'/mail.db3';
+            $dbh = mail_db_open($database);
+    echo '<hr><h1 class="np_thread_headline">My Messages:</h1>';
+    echo '<table cellspacing="0" width="100%" class="np_results_table">';
+    $query = $dbh->prepare('SELECT * FROM messages WHERE mail_from=:mail_from OR rcpt_to=:mail_from ORDER BY date DESC');
+    $query->execute(['mail_from' => $user]);
+    echo '<tr class="np_thread_head"><td class="np_thread_head">Subject</td><td class="np_thread_head">From</td><td class="np_thread_head">To</td><td class="np_thread_head">Date</td></tr>';
+    $i=1;
+    while (($row = $query->fetch()) !== false) { 
+      if(($i % 2) != 0){
+        echo '<tr class="np_result_line1"><td class="np_result_line1" style="word-wrap:break-word";>';
+      } else {
+        echo '<tr class="np_result_line2"><td class="np_result_line2" style="word-wrap:break-word";>';
+      }
+
+// Use local timezone if possible
+    $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC'));
+    $ts->add(DateInterval::createFromDateString($offset.' minutes'));
+    
+    if($offset != 0) {
+      $newdate = $ts->format('D, j M Y H:i');
+    } else {
+      $newdate = $ts->format('D, j M Y H:i T');
+    }
+    unset($ts);
+    echo '<form action="mail.php" method="post">';
+    echo '<button class="np_mail_button_link" type="submit">'.$row["subject"].'</button>';
+    echo "<input type='hidden' name='id' value='".$row['id']."' />";
+    echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+    echo "<input type='hidden' name='password' value='".$_POST['password']."' />"; 
+    echo '<input name="command" type="hidden" id="command" value="Message" readonly="readonly">';
+    echo '</form>';
+    echo '</td><td>'.$row["mail_from"].'</td><td>'.$row["rcpt_to"].'</td><td>'.$newdate.'</td></tr>';
+    $i++;
+    }
+    echo '</tbody></table><br />';
+    include "tail.inc";
+
+function mail_db_open($database, $table='messages') {
+  try {
+    $dbh = new PDO('sqlite:'.$database);
+  } catch (PDOExeption $e) {
+    echo 'Connection failed: '.$e->getMessage();
+    exit;
+  }
+  $dbh->exec("CREATE TABLE IF NOT EXISTS messages(
+     id INTEGER PRIMARY KEY,
+     msgid TEXT UNIQUE,
+     mail_from TEXT,
+     mail_viewed TEXT,
+     rcpt_to TEXT,
+     rcpt_viewed TEXT,
+     rcpt_target TEXT,
+     date TEXT,
+     subject TEXT,
+     message TEXT,
+     from_hide TEXT,
+     to_hide TEXT)");
+  return($dbh);
+}
+?>

Subject	From	To	Date
'; + } else { + echo '
'; + } + +// Use local timezone if possible + $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); + $ts->add(DateInterval::createFromDateString($offset.' minutes')); + + if($offset != 0) { + $newdate = $ts->format('D, j M Y H:i'); + } else { + $newdate = $ts->format('D, j M Y H:i T'); + } + unset($ts); + echo ' '; + echo ''; + echo ""; + echo ""; + echo ""; + echo ''; + echo ' '; + echo '	'.$row["mail_from"].'	'.$row["rcpt_to"].'	'.$newdate.'