'; echo 'mail / '; echo htmlspecialchars($_POST['username']).''; echo ''; // New Message button if($_POST['command'] !== 'Send') { echo ''; } // Delete Message button if(isset($_POST['command']) && $_POST['command'] == 'Message') { echo ''; } echo '

'; echo ''; echo '

'; if(isset($_POST['username'])) { $name = $_POST['username']; // Save name in cookie if ($setcookies==true) { setcookie("mail_name",stripslashes($name),time()+(3600*24*90),"/"); } } else { if ($setcookies) { if ((isset($_COOKIE["mail_name"])) && (!isset($name))) { $name=$_COOKIE["mail_name"]; } else { $name = ''; } } } if($logged_in !== true) { echo ''; echo ''; //echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Please Login
Username:
Password:

'; exit(0); } $user = strtolower($_POST['username']); if(isset($_POST['command']) && $_POST['command'] == 'Delete') { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute(['id' => $_POST['id']]); while (($row = $query->fetch()) !== false) { if(($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) { continue; } $istrue = 'true'; if($row['mail_from'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET from_hide=:from_hide WHERE id=:row_id'); $sql_update->execute(array(':from_hide' => $istrue, ':row_id' => $row['id'])); } if($row['rcpt_to'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET to_hide=:to_hide WHERE id=:row_id'); $sql_update->execute(array(':to_hide' => $istrue, ':row_id' => $row['id'])); } } $dbh = null; } if(isset($_POST['command']) && $_POST['command'] == 'Message') { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute(['id' => $_POST['id']]); while (($row = $query->fetch()) !== false) { $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); $ts->add(DateInterval::createFromDateString($offset.' minutes')); if($offset != 0) { $newdate = $ts->format('D, j M Y H:i'); } else { $newdate = $ts->format('D, j M Y H:i T'); } unset($ts); if(($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) { continue; } $body = rtrim(nl2br($row['message'])).'
'; echo '

'; echo 'Subject: '.$row['subject'].'
'; echo 'From: '.$row['mail_from'].'
'; echo 'To: '.$row['rcpt_to'].'
'; echo 'Date: '.$newdate.'
'; echo '

'; echo '

'; echo $body; echo ''; echo '

'; if($row['mail_from'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET mail_viewed=? WHERE msgid=?'); $sql_update->execute(array('true', $row['msgid'])); } if($row['rcpt_to'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET rcpt_viewed=? WHERE msgid=?'); $sql_update->execute(array('true', $row['msgid'])); } } $dbh = null; } if (isset($_POST['sendMessage'])) { if (isset($_POST['to']) && $_POST['to'] != '' && isset($_POST['from']) && $_POST['from'] != '' && isset($_POST['message']) && $_POST['message'] != '') { if(($to = get_config_value('aliases.conf', strtolower($_POST['to']))) == false) { $to = strtolower($_POST['to']); } $userlist = scandir($config_dir.'/users/'); $found = 0; foreach($userlist as $user) { if(trim($to) == trim($user)) { $found = 1; } } // Handle unknown domains here also (no pgp key for domain) if(strpos($to, '@') !== false) { $found = 1; } if($found == 0) { echo 'User not found: '.$to; } else { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $from = $_POST['from']; $subject = $_POST['subject']; $message = $_POST['message']; $date = time(); $message = $_POST['message']; $msgid = '<'.md5(strtolower($to).strtolower($from).strtolower($subject).strtolower($message)).'>'; $sql = 'INSERT OR IGNORE INTO messages(msgid, mail_from, rcpt_to, rcpt_target, date, subject, message, from_hide, to_hide, mail_viewed, rcpt_viewed) VALUES(?,?,?,?,?,?,?,?,?,?,?)'; $stmt = $dbh->prepare($sql); // For possible future use $target = "local"; $mail_viewed = "true"; $rcpt_viewed = null; $q = $stmt->execute([$msgid, $from, $to, $target, $date, $subject, $message, null, null, $mail_viewed, $rcpt_viewed]); send_external_mail($from, $to, $date, $subject, $message); if ($q) { echo 'Message sent.'; }else echo 'Failed to send message.'; } $dbh = null; } } if(isset($_POST['command']) && $_POST['command'] == 'Send') { if(isset($_POST['id'])) { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute(['id' => $_POST['id']]); while (($row = $query->fetch()) !== false) { $mail_to = $row['mail_from']; if(strpos($row['subject'], 'Re: ') !== 0) { $subject = 'Re: '.$row['subject']; } else { $subject = $row['subject']; } $body=explode("\n",$row['message']); $message = $row['mail_from']." wrote:\n\n"; foreach($body as $line) { if(trim($line) !== '') { $line = '>'.$line; } $message.=$line; } } $dbh = null; } echo '

Send Message:

'; echo "'; } // Show My Messages $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); echo '

My Messages:

'; echo ''; $query = $dbh->prepare('SELECT * FROM messages WHERE mail_from=:mail_from OR rcpt_to=:mail_from ORDER BY date DESC'); $query->execute(['mail_from' => $user]); echo ''; $i=1; while (($row = $query->fetch()) !== false) { if(($row['mail_from'] == $user) && ($row['from_hide'] == 'true')) { continue; } if(($row['rcpt_to'] == $user) && ($row['to_hide'] == 'true')) { continue; } if(($i % 2) != 0){ echo ''; $i++; } echo '

Subject	From	To	Date
'; } else { echo '
'; } $button_link = 'np_mail_button_link';; if(($row['mail_from'] == $user) && ($row['mail_viewed'] == 'true')) { $button_link = 'np_mail_button_read'; } elseif(($row['rcpt_to'] == $user) && ($row['rcpt_viewed'] == 'true')) { $button_link = 'np_mail_button_read'; } // Use local timezone if possible $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); $ts->add(DateInterval::createFromDateString($offset.' minutes')); if($offset != 0) { $newdate = $ts->format('D, j M Y H:i'); } else { $newdate = $ts->format('D, j M Y H:i T'); } unset($ts); echo ' '; echo ''; echo ""; echo ""; echo ''; echo ' '; echo '	'.$row["mail_from"].'	'.$row["rcpt_to"].'	'.$newdate.'

'; include "tail.inc"; function send_external_mail($sender, $recipient, $date, $subject, $message) { global $rslight_gpg, $config_name, $spooldir, $rslight_version; putenv("GNUPGHOME=".$rslight_gpg['gnupghome']); $res = gnupg_init(); $cwd = getcwd(); $keydir = preg_replace('/spoolnews/','pubkey/',$cwd); $key_location = "/pubkey/server_pubkey.txt"; $signing_key = trim(file_get_contents($keydir.'/server_fingerprint.txt')); $fingerprint_clean = preg_replace('/\ /', '', $signing_key); gnupg_addsignkey($res,$fingerprint_clean); gnupg_adddecryptkey($res,$fingerprint_clean, ''); // Get target domain $info = preg_split('/@/', $recipient, 2); $target['domain'] = $info[1]; $keyinfo = gnupg_keyinfo($res, $target['domain']); $target['fingerprint'] = $keyinfo[0]['subkeys'][0]['fingerprint']; $encrypt_to_key = $target['fingerprint']; gnupg_addencryptkey($res,$encrypt_to_key); $mydate = gmdate("D, d M Y H:i:s \U\T\C",$date); $outgoing_dir = $spooldir.'/'.$config_name.'/outgoing'; if(!is_dir($outgoing_dir)) { mkdir($outgoing_dir, 0700, true); } $domain = $rslight_gpg['domain_name']; $organization = $CONFIG['organization']; $from = $rslight_gpg['from_email']; $contact = $rslight_gpg['contact']; $outgoing_file = tempnam($outgoing_dir, 'bbsmail-'); $start="@@BEGIN BBSMAIL HEADERS"; $begin="@@BEGIN BBSMAIL BODY"; $end="@@END BBSMAIL BODY"; $body=''; $body.="You may use this to import MAIL for $domain.\n\n"; $body.="This message was signed using the following key:\n"; $body.="$signing_key\n\n"; $body.="The GPG key needed to verify the signature of messages\n"; $body.="issued by $from is available at:\n"; $body.="$domain$key_location\n\n"; $body.="For information contact $contact.\n\n"; $body.=$start."\n"; $body.=' Version: '.$rslight_version."\n"; $body.=' From: '.$from."\n"; $hashtail = hash('crc32', $domain.$organization.$sender.$rslight_gpg['nntp_group']); $thishash = hash('crc32', $message.$hashtail).hash('crc32', $signing_key); $body.=" Notice-ID: ".$thishash."\n"; $body.=" Key: ".$signing_key."\n"; $body.=" Location: ".$domain.$key_location."\n"; $body.=" Domain: ".$domain."\n"; $body.=$begin."\n"; $body.=" Sender: ".$sender."\n"; $body.=" Recipient: ".$recipient."\n"; $body.=" Date: ".$mydate."\n"; $body.=" Subject: ".$subject."\n"; $body.=" Body: ".$message."\n"; $body.=$end."\n"; $header=''; $header.="From: $from\n"; $header.="Newsgroups: ".$rslight_gpg['nntp_group']."\n"; $header.="Subject: @@RSL BBSMAIL notice ".$thishash."\n"; $header.="Date: ".$mydate."\n"; $header.="Message-ID: <$thishash@$domain>\n"; $header.="Content-Type: text/plain; charset=utf-8; format=flowed\n"; $header.="Content-Transfer-Encoding: 8bit\n"; $header.="Organization: $organization\n\n"; $encrypted_text = gnupg_encryptsign($res, $body); file_put_contents($outgoing_file, $header.$encrypted_text); echo "Posted <".$thishash."@".$domain.">\n\n"; } ?>