'; echo 'mail / '; echo htmlspecialchars($_POST['username']) . ''; echo ''; // New Message button if ($_POST['command'] !== 'Send') { echo ''; } // Delete Message button if (isset($_POST['command']) && $_POST['command'] == 'Message') { echo ''; } echo '

'; echo ''; echo '

'; if (isset($_POST['username'])) { $name = $_POST['username']; // Save name in cookie if ($setcookies == true) { setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), "/"); } } else { if ($setcookies) { if ((isset($_COOKIE["mail_name"])) && (! isset($name))) { $name = $_COOKIE["mail_name"]; } else { $name = ''; } } } if ($logged_in !== true) { echo ''; echo ''; // echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Please Login
Username:
Password:

'; exit(0); } $user = strtolower($_POST['username']); if (isset($_POST['command']) && $_POST['command'] == 'Delete') { $database = $spooldir . '/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute([ 'id' => $_POST['id'] ]); while (($row = $query->fetch()) !== false) { if (($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) { continue; } $istrue = 'true'; if ($row['mail_from'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET from_hide=:from_hide WHERE id=:row_id'); $sql_update->execute(array( ':from_hide' => $istrue, ':row_id' => $row['id'] )); } if ($row['rcpt_to'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET to_hide=:to_hide WHERE id=:row_id'); $sql_update->execute(array( ':to_hide' => $istrue, ':row_id' => $row['id'] )); } } $dbh = null; } if (isset($_POST['command']) && $_POST['command'] == 'Message') { $database = $spooldir . '/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute([ 'id' => $_POST['id'] ]); while (($row = $query->fetch()) !== false) { $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); $ts->add(DateInterval::createFromDateString($offset . ' minutes')); if ($offset != 0) { $newdate = $ts->format('D, j M Y H:i'); } else { $newdate = $ts->format('D, j M Y H:i T'); } unset($ts); if (($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) { continue; } $body = rtrim($row['message']) . '

'; echo '

'; echo 'Subject: ' . $row['subject'] . '
'; echo 'From: ' . $row['mail_from'] . '
'; echo 'To: ' . $row['rcpt_to'] . '
'; echo 'Date: ' . $newdate . '
'; echo '

'; echo '

'; echo $body; echo ''; echo '

'; if ($row['mail_from'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET mail_viewed=? WHERE msgid=?'); $sql_update->execute(array( 'true', $row['msgid'] )); } if ($row['rcpt_to'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET rcpt_viewed=? WHERE msgid=?'); $sql_update->execute(array( 'true', $row['msgid'] )); } } $dbh = null; } if (isset($_POST['sendMessage'])) { if (isset($_POST['to']) && $_POST['to'] != '' && isset($_POST['from']) && $_POST['from'] != '' && isset($_POST['message']) && $_POST['message'] != '') { if (($to = get_config_value('aliases.conf', strtolower($_POST['to']))) == false) { $to = strtolower($_POST['to']); } $userlist = scandir($config_dir . '/users/'); $found = 0; foreach ($userlist as $user) { if (trim($to) == trim($user)) { $found = 1; } } // Check if target is remote. If user enters @ our own domain, strip it (it's local) $remote_target = 0; if (strpos($to, '@') !== false) { $info = preg_split('/@/', $to, 2); if ($info[1] == $rslight_gpg['domain_name']) { // domain is our domain $to = $info[0]; foreach ($userlist as $user) { if (($to = get_config_value('aliases.conf', strtolower($info[0]))) == false) { $to = strtolower($info[0]); } if (trim($to) == trim($user)) { $found = 1; } } } else { // domain is remote $found = 1; $remote_target = 1; } } if ($found == 0) { echo 'User not found: ' . $to; } else { $database = $spooldir . '/mail.db3'; $dbh = mail_db_open($database); $from = $_POST['from']; $subject = $_POST['subject']; $message = $_POST['message']; $date = time(); $message = $_POST['message']; $msgid = '<' . md5(strtolower($to) . strtolower($from) . strtolower($subject) . strtolower($message)) . '>'; $sql = 'INSERT OR IGNORE INTO messages(msgid, mail_from, rcpt_to, rcpt_target, date, subject, message, from_hide, to_hide, mail_viewed, rcpt_viewed) VALUES(?,?,?,?,?,?,?,?,?,?,?)'; $stmt = $dbh->prepare($sql); // For possible future use ($target is currently unused) $target = "local"; $mail_viewed = "true"; $rcpt_viewed = null; // $remote_target is handled here if ($q = $stmt->execute([ $msgid, $from, $to, $target, $date, $subject, $message, null, null, $mail_viewed, $rcpt_viewed ])) { if ($remote_target == 1) { $remote_result = send_external_mail($from, $to, $date, $subject, $message); if ($remote_result == true) { $return_val = "Message sent."; } else { $return_val = "Failed to Send. No Key for Destination"; } } $return_val = "Message sent."; } else { $return_val = "Failed to Send. Database Error"; } // Act on return values for response to user echo $return_val; $dbh = null; $user = $from; } } } if (isset($_POST['command']) && $_POST['command'] == 'Send') { if (isset($_POST['id'])) { $database = $spooldir . '/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute([ 'id' => $_POST['id'] ]); while (($row = $query->fetch()) !== false) { $mail_to = $row['mail_from']; if (strpos($row['subject'], 'Re: ') !== 0) { $subject = 'Re: ' . $row['subject']; } else { $subject = $row['subject']; } $body = explode("\n", $row['message']); $message = $row['mail_from'] . " wrote:\n\n"; foreach ($body as $line) { if (trim($line) !== '') { $line = '>' . $line; } $message .= $line; } } $dbh = null; } echo '

Send Message:

'; echo "'; } // Show My Messages $database = $spooldir . '/mail.db3'; $dbh = mail_db_open($database); echo '

My Messages:

'; echo ''; $query = $dbh->prepare('SELECT * FROM messages WHERE mail_from=:mail_from OR rcpt_to=:mail_from ORDER BY date DESC'); $query->execute([ 'mail_from' => $user ]); echo ''; $i = 1; while (($row = $query->fetch()) !== false) { if (($row['mail_from'] == $user) && ($row['from_hide'] == 'true')) { continue; } if (($row['rcpt_to'] == $user) && ($row['to_hide'] == 'true')) { continue; } if (($i % 2) != 0) { echo ''; $i ++; } echo '

Subject	From	To	Date
'; } else { echo '
'; } $button_link = 'np_mail_button_link'; ; if (($row['mail_from'] == $user) && ($row['mail_viewed'] == 'true')) { $button_link = 'np_mail_button_read'; } elseif (($row['rcpt_to'] == $user) && ($row['rcpt_viewed'] == 'true')) { $button_link = 'np_mail_button_read'; } // Use local timezone if possible $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); $ts->add(DateInterval::createFromDateString($offset . ' minutes')); if ($offset != 0) { $newdate = $ts->format('D, j M Y H:i'); } else { $newdate = $ts->format('D, j M Y H:i T'); } unset($ts); echo ' '; echo ''; echo ""; echo ""; echo ''; echo ' '; echo '	' . $row["mail_from"] . '	' . $row["rcpt_to"] . '	' . $newdate . '

'; include "tail.inc"; function send_external_mail($sender, $recipient, $date, $subject, $message) { global $rslight_gpg, $config_name, $spooldir, $rslight_version; putenv("GNUPGHOME=" . $rslight_gpg['gnupghome']); $res = gnupg_init(); // Get target domain (then get key if necessary) $info = preg_split('/@/', $recipient, 2); $target['domain'] = $info[1]; if (gnupg_keyinfo($res, "rslight@" . $target['domain']) == false) { // We don't have the key $retrieve = retrieve_key($res, $target['domain']); if ($retrieve == false) { // We can't get the key return false; } } $cwd = getcwd(); $keydir = preg_replace('/spoolnews/', 'pubkey/', $cwd); $key_location = "/pubkey/server_pubkey.txt"; $signing_key = trim(file_get_contents($keydir . '/server_fingerprint.txt')); $fingerprint_clean = preg_replace('/\ /', '', $signing_key); gnupg_addsignkey($res, $fingerprint_clean); gnupg_adddecryptkey($res, $fingerprint_clean, ''); $keyinfo = gnupg_keyinfo($res, "rslight@" . $target['domain']); $target['fingerprint'] = $keyinfo[0]['subkeys'][0]['fingerprint']; $encrypt_to_key = $target['fingerprint']; gnupg_addencryptkey($res, $encrypt_to_key); $mydate = gmdate("D, d M Y H:i:s \U\T\C", $date); $outgoing_dir = $spooldir . '/' . $config_name . '/outgoing'; if (! is_dir($outgoing_dir)) { mkdir($outgoing_dir, 0700, true); } $domain = $rslight_gpg['domain_name']; $organization = $CONFIG['organization']; $from = $rslight_gpg['from_email']; $contact = $rslight_gpg['contact']; $outgoing_file = tempnam($outgoing_dir, 'bbsmail-'); $start = "@@BEGIN BBSMAIL HEADERS"; $begin = "@@BEGIN BBSMAIL BODY"; $end = "@@END BBSMAIL BODY"; $body = ''; $body .= "You may use this to import MAIL for $domain.\n\n"; $body .= "This message was signed using the following key:\n"; $body .= "$signing_key\n\n"; $body .= "The GPG key needed to verify the signature of messages\n"; $body .= "issued by $from is available at:\n"; $body .= "$domain$key_location\n\n"; $body .= "For information contact $contact.\n\n"; $body .= $start . "\n"; $body .= ' Version: ' . $rslight_version . "\n"; $body .= ' From: ' . $from . "\n"; $hashtail = hash('crc32', $domain . $organization . $sender . $rslight_gpg['nntp_group']); $thishash = hash('crc32', $message . $hashtail) . hash('crc32', $signing_key); $body .= " Notice-ID: " . $thishash . "\n"; $body .= " Key: " . $signing_key . "\n"; $body .= " Location: " . $domain . $key_location . "\n"; $body .= " Domain: " . $domain . "\n"; $body .= $begin . "\n"; $body .= " Sender: " . $sender . "\n"; $body .= " Recipient: " . $recipient . "\n"; $body .= " Date: " . $mydate . "\n"; $body .= " Subject: " . $subject . "\n"; $body .= " Body: " . $message . "\n"; $body .= $end . "\n"; $header = ''; $header .= "From: $from\n"; $header .= "Newsgroups: " . $rslight_gpg['nntp_group'] . "\n"; $header .= "Subject: @@RSL BBSMAIL notice " . $thishash . "\n"; $header .= "Date: " . $mydate . "\n"; $header .= "Message-ID: <$thishash@$domain>\n"; $header .= "Content-Type: text/plain; charset=utf-8; format=flowed\n"; $header .= "Content-Transfer-Encoding: 8bit\n"; $header .= "Organization: $organization\n\n"; $encrypted_text = gnupg_encryptsign($res, $body); file_put_contents($outgoing_file, $header . $encrypted_text); return true; } function retrieve_key($res, $domain) { global $config_name, $logfile; // Let's try to get the key file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " No KEY for posting. Trying to retrieve for " . $domain, FILE_APPEND); $location = "http://" . $domain . '/pubkey/server_pubkey.txt'; $import = gnupg_import($res, file_get_contents($location)); if (isset($import['fingerprint'])) { file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " IMPORTED: " . $import['fingerprint'], FILE_APPEND); // Verify that domain in IMPORTED KEY matches exactly: "Location" and "Domain" in MAILKEY message // If it DOES NOT, then DELETE the new key immediately $keyinfo = gnupg_keyinfo($res, $import['fingerprint']); $imported_domain = preg_replace('/rslight@/', '', $keyinfo[0]['uids'][0]['uid']); if (($imported_domain == $domain)) { file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " Domain Match: " . $imported_domain, FILE_APPEND); file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " New PGP Key added for: " . $imported_domain . " Domain: " . $imported_domain . " Fingerprint: " . $import['fingerprint'], FILE_APPEND); send_admin_message('admin', 'admin', 'New PGP Key added for: ' . $imported_domain, 'Domain: ' . $imported_domain . "\nFingerprint: " . $import['fingerprint'] . "\n"); return true; } else { file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " Domain MIS-MATCH: " . $imported_domain . " DELETING...", FILE_APPEND); if (gnupg_deletekey($res, $import['fingerprint'])) { file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " SUCCESS Deleting " . $import['fingerprint'], FILE_APPEND); } else { file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " WARNING!: FAILED to Delete " . $import['fingerprint'], FILE_APPEND); } return false; } } else { file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " Failed to import key from " . $location, FILE_APPEND); return false; } return false; }