'; echo 'mail / '; echo htmlspecialchars($_POST['username']).''; echo ''; // New Message button if($_POST['command'] !== 'Send') { echo ''; } // Delete Message button if(isset($_POST['command']) && $_POST['command'] == 'Message') { echo ''; } echo '

'; echo ''; echo '

'; if(isset($_POST['username'])) { $name = $_POST['username']; // Save name in cookie if ($setcookies==true) { setcookie("mail_name",stripslashes($name),time()+(3600*24*90),"/"); } } else { if ($setcookies) { if ((isset($_COOKIE["mail_name"])) && (!isset($name))) { $name=$_COOKIE["mail_name"]; } else { $name = ''; } } } if($logged_in !== true) { echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Please Login
Username:
Password:

'; exit(0); } $user = strtolower($_POST['username']); if(isset($_POST['command']) && $_POST['command'] == 'Delete') { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute(['id' => $_POST['id']]); while (($row = $query->fetch()) !== false) { if(($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) { continue; } $istrue = 'true'; if($row['mail_from'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET from_hide=:from_hide WHERE id=:row_id'); $sql_update->execute(array(':from_hide' => $istrue, ':row_id' => $row['id'])); } if($row['rcpt_to'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET to_hide=:to_hide WHERE id=:row_id'); $sql_update->execute(array(':to_hide' => $istrue, ':row_id' => $row['id'])); } } $dbh = null; } if(isset($_POST['command']) && $_POST['command'] == 'Message') { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute(['id' => $_POST['id']]); while (($row = $query->fetch()) !== false) { $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); $ts->add(DateInterval::createFromDateString($offset.' minutes')); if($offset != 0) { $newdate = $ts->format('D, j M Y H:i'); } else { $newdate = $ts->format('D, j M Y H:i T'); } unset($ts); if(($row['mail_from'] != $user) && ($row['rcpt_to'] != $user)) { continue; } $body = rtrim(nl2br($row['message'])).'
'; echo '

'; echo 'Subject: '.$row['subject'].'
'; echo 'From: '.$row['mail_from'].'
'; echo 'To: '.$row['rcpt_to'].'
'; echo 'Date: '.$newdate.'
'; echo '

'; echo '

'; echo $body; echo ''; echo '

'; if($row['mail_from'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET mail_viewed=? WHERE msgid=?'); $sql_update->execute(array('true', $row['msgid'])); } if($row['rcpt_to'] == $user) { $sql_update = $dbh->prepare('UPDATE messages SET rcpt_viewed=? WHERE msgid=?'); $sql_update->execute(array('true', $row['msgid'])); } } $dbh = null; } if (isset($_POST['sendMessage'])) { if (isset($_POST['to']) && $_POST['to'] != '' && isset($_POST['from']) && $_POST['from'] != '' && isset($_POST['message']) && $_POST['message'] != '') { if(($to = get_config_value('aliases.conf', strtolower($_POST['to']))) == false) { $to = strtolower($_POST['to']); } $userlist = scandir($config_dir.'/users/'); $found = 0; foreach($userlist as $user) { if(trim($to) == trim($user)) { $found = 1; break; } } if($found == 0) { echo 'User not found: '.$to; } else { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $from = $_POST['from']; $subject = $_POST['subject']; $message = $_POST['message']; $date = time(); $message = $_POST['message']; $msgid = '<'.md5(strtolower($to).strtolower($from).strtolower($subject).strtolower($message)).'>'; $sql = 'INSERT INTO messages(msgid, mail_from, rcpt_to, rcpt_target, date, subject, message, from_hide, to_hide, mail_viewed, rcpt_viewed) VALUES(?,?,?,?,?,?,?,?,?,?,?)'; $stmt = $dbh->prepare($sql); // For possible future use $target = "local"; $mail_viewed = "true"; $rcpt_viewed = null; $q = $stmt->execute([$msgid, $from, $to, $target, $date, $subject, $message, null, null, $mail_viewed, $rcpt_viewed]); if ($q) { echo 'Message sent.'; }else echo 'Failed to send message.'; } $dbh = null; } } if(isset($_POST['command']) && $_POST['command'] == 'Send') { if(isset($_POST['id'])) { $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); $query = $dbh->prepare('SELECT * FROM messages where id=:id'); $query->execute(['id' => $_POST['id']]); while (($row = $query->fetch()) !== false) { $mail_to = $row['mail_from']; if(strpos($row['subject'], 'Re: ') !== 0) { $subject = 'Re: '.$row['subject']; } else { $subject = $row['subject']; } $body=explode("\n",$row['message']); $message = $row['mail_from']." wrote:\n\n"; foreach($body as $line) { if(trim($line) !== '') { $line = '>'.$line; } $message.=$line; } } $dbh = null; } echo '

Send Message:

'; echo "'; } // Show My Messages $database = $spooldir.'/mail.db3'; $dbh = mail_db_open($database); echo '

My Messages:

'; echo ''; $query = $dbh->prepare('SELECT * FROM messages WHERE mail_from=:mail_from OR rcpt_to=:mail_from ORDER BY date DESC'); $query->execute(['mail_from' => $user]); echo ''; $i=1; while (($row = $query->fetch()) !== false) { if(($row['mail_from'] == $user) && ($row['from_hide'] == 'true')) { continue; } if(($row['rcpt_to'] == $user) && ($row['to_hide'] == 'true')) { continue; } if(($i % 2) != 0){ echo ''; $i++; } echo '

Subject	From	To	Date
'; } else { echo '
'; } $button_link = 'np_mail_button_link';; if(($row['mail_from'] == $user) && ($row['mail_viewed'] == 'true')) { $button_link = 'np_mail_button_read'; } elseif(($row['rcpt_to'] == $user) && ($row['rcpt_viewed'] == 'true')) { $button_link = 'np_mail_button_read'; } // Use local timezone if possible $ts = new DateTime(date("D, j M Y H:i T", $row["date"]), new DateTimeZone('UTC')); $ts->add(DateInterval::createFromDateString($offset.' minutes')); if($offset != 0) { $newdate = $ts->format('D, j M Y H:i'); } else { $newdate = $ts->format('D, j M Y H:i T'); } unset($ts); echo ' '; echo ''; echo ""; echo ""; echo ''; echo ' '; echo '	'.$row["mail_from"].'	'.$row["rcpt_to"].'	'.$newdate.'

'; include "tail.inc"; ?>

To:
Subject:
	$message