This blob has been accessed 413 times via Git panel.
- <?php
- /* modify the values of $db_host, $db_name, $db_user, $db_pass, and $mail_root for basic configuration */
- $db_host = "localhost";
- $db_name = "kartero";
- $db_user = "kartero";
- $db_pass = "fr1ng3!";
- $mail_root = "/kartero/mail";
- $mail_home = "/kartero/home";
- /* feel free to hack the succeeding code to suit your needs (basic php and mysql skills required) */
- require_once("core.php");
- function rmdirr($recurse_dirname) {
- if (!file_exists($recurse_dirname)) {
- return false;
- }
- if (is_file($recurse_dirname)) {
- return unlink($recurse_dirname);
- }
- $recurse_dir = dir($recurse_dirname);
- while (false !== $recurse_entry = $recurse_dir->read()) {
- if ($recurse_entry == '.' || $recurse_entry == '..') {
- continue;
- }
- rmdirr("$recurse_dirname/$recurse_entry");
- }
- $recurse_dir->close();
- return rmdir($recurse_dirname);
- }
- function ack($ack_string) {
- echo "<table width=\"100%\"><tr></td><div class=\"ack\">$ack_string</div></td></tr></table>";
- }
- function nak($nak_string) {
- echo "<table width=\"100%\"><tr></td><div class=\"nak\">$nak_string</div></td></tr></table>";
- }
- if (file_exists("css.php")) {
- $css = file_get_contents("css.php");
- $css = str_replace("<style>","",$css);
- $css = str_replace("</style>","",$css);
- echo "<style>\r\n$css</style>\r\n\r\n";
- }
- if (!file_exists("$mail_root")) {
- $mail_dirs = explode("/",$mail_root);
- foreach ($mail_dirs as $mail_dir) {
- if (!empty($mail_dir)) {
- $mail_mkdir = $mail_mkdir . "/" . $mail_dir;
- mkdir("$mail_mkdir");
- }
- }
- if (!file_exists("$mail_root")) {
- nak("Can't create '$mail_root' (check filesystem permissions or change '$mail_root' and try again)");
- }
- }
- $db_link = mysql_pconnect($db_host, $db_user, $db_pass);
- if (!$db_link) {
- nak(mysql_error());
- exit;
- }
- $db_query = mysql_query("use $db_name");
- if (!$db_query) {
- $pw_crypt = crypt($db_pass);
- $db_query = mysql_query("create database $db_name");
- $db_query = mysql_query("use $db_name");
- $db_query = mysql_query("create table admins (id varchar(16) not null, pw varchar(64) not null, primary key (id), unique key (id))");
- $db_query = mysql_query("create table domains (id varchar(128) not null, pw varchar(64) not null, max int(6) default '0', mode int(1) default '1', primary key (id), unique key (id))");
- $db_query = mysql_query("create table users (id varchar(255) not null, pw varchar(64) not null, maildir varchar(255) not null, name varchar(128), domain varchar(128), mode int(1) default '1', quota varchar(16), primary key (id), unique key(id))");
- $db_query = mysql_query("create table aliases (id varchar(255) not null, alias varchar(255) not null, domain varchar(128), mode int(1) default '1', primary key (domain))");
- $db_query = mysql_query("insert into admins values('$db_user','$pw_crypt')");
- }
- $id_put = strip_tags($_POST['id']);
- $id_put = trim($id_put);
- $id_put = strtolower($id_put);
- if (get_magic_quotes_gpc()) {
- $id_put = stripslashes($id_put);
- }
- if (!is_int($id_put)) {
- $id_put = mysql_real_escape_string($id_put);
- }
- $lvl_put = strip_tags($_POST['lvl']);
- if ($lvl_put == "subscriber") {
- if (!strpos($id_put,"@")) {
- $id_put = $id_put . "@" . trim(str_replace("mail.","",$_SERVER['SERVER_NAME']));
- }
- $pw_get = mysql_query("select pw from users where id='$id_put'");
- }
- if ($lvl_put == "postmaster") {
- $pw_get = mysql_query("select pw from domains where id='$id_put'");
- }
- if ($lvl_put == "administrator") {
- $pw_get = mysql_query("select pw from admins where id='$id_put'");
- }
- $pw_get = mysql_fetch_row($pw_get);
- $pw_get = $pw_get[0];
- $pw_put = $_POST['pw'];
- if (get_magic_quotes_gpc()) {
- $pw_put = stripslashes($pw_put);
- }
- if (!is_int($pw_put)) {
- $pw_put = mysql_real_escape_string($pw_put);
- }
- $pw_put = strip_tags($pw_put);
- $pw_mbox = $pw_put;
- $pw_put = crypt($pw_put,$pw_get);
- if ($pw_put == $pw_get) {
- $_SESSION['logged_uid'] = $id_put;
- $_SESSION['logged_lvl'] = $lvl_put;
- if ($_SESSION['logged_lvl'] == "subscriber") {
- $_SESSION['logged_key'] = $pw_mbox;
- }
- }
- unset($pw_mbox);
- if ($_SESSION['logged_lvl'] == "subscriber") {
- $filedrop_box = sha1(microtime(true));
- $_SESSION['filedrop_dir'] = $filedrop_box;
- if (isset($_SESSION['clean_up_i']) and file_exists("attach/i/$fileUsr/{$_SESSION['clean_up_i']}") and (!isset($_POST['filedrop_box']) or empty($_POST['filedrop_box']))) {
- rmdirr("attach/i/$fileUsr/{$_SESSION['clean_up_i']}");
- unset($_SESSION['clean_up_i']);
- if (count(glob("attach/i/$fileUsr/*")) == 0) {
- rmdirr("attach/i/$fileUsr");
- }
- }
- if (isset($_SESSION['clean_up_o']) and file_exists("attach/o/$fileUsr/{$_SESSION['clean_up_o']}")) {
- if ($_POST['rep'] == 2) {
- if (!file_exists("attach/i/$fileUsr")) {
- mkdir("attach/i/$fileUsr",0700,1);
- }
- }
- else {
- rmdirr("attach/o/$fileUsr/{$_SESSION['clean_up_o']}");
- }
- unset($_SESSION['clean_up_o']);
- if (count(glob("attach/o/$fileUsr/*")) == 0) {
- rmdirr("attach/o/$fileUsr");
- }
- }
- }
- if (isset($_GET['do']) and ($_GET['do'] == "logout")) {
- if ($mbox) {
- imap_close($mbox, CL_EXPUNGE);
- }
- $_SESSION = array();
- session_destroy();
- header("Location: .");
- exit;
- }
- if (!isset($_SESSION['logged_uid']) and (($pw_put != $pw_get) or !isset($_POST['id']) or !isset($_POST['pw']) or empty($_POST['id']) or empty($_POST['pw']))) {
- echo "<title>Kartero</title>";
- echo "<div class=\"login\"><center>";
- if (file_exists("images/{$_SERVER['SERVER_NAME']}.png")) {
- $logo_info = getimagesize("images/{$_SERVER['SERVER_NAME']}.png");
- if (($logo_info[mime] == "image/png") and ($logo_info[0] > 0) and ($logo_info[1] > 0)) {
- echo "<img src=\"images/{$_SERVER['SERVER_NAME']}.png\" border=\"0\" width=\"{$logo_info[0]}\" height=\"{$logo_info[1]}\">";
- }
- else {
- echo "<img src=\"images/logo.png\" border=\"0\" width=\"100\" height=\"100\">";
- }
- }
- else {
- echo "<img src=\"images/logo.png\" border=\"0\" width=\"100\" height=\"100\">";
- }
- echo "<br>kartero v1.0 at {$_SERVER['SERVER_NAME']}<br><br>";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\">";
- echo "<form method=\"post\">";
- echo "<tr bgcolor=\"#ffffff\"><td><select class=\"input\" name=\"lvl\"><option value=\"subscriber\">subscriber</option><option value=\"postmaster\">postmaster</option><option value=\"administrator\">administrator</option></select></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input required autofocus class=\"input\" type=\"text\" name=\"id\" autocomplete=\"off\" maxlength=\"128\"></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input required class=\"input\" type=\"password\" name=\"pw\" autocomplete=\"off\" maxlength=\"64\"></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input class=\"button\" type=\"submit\" value=\"login\"></td></tr>";
- echo "</form>";
- echo "</table>";
- echo "</center></div>";
- echo "<iframe name=\"preload\" src=\"preload.php\" frameborder=\"0\" scrolling=\"0\" width=\"0\" height=\"0\"></iframe>";
- exit;
- }
- if (isset($_SESSION['logged_uid'])) {
- echo "<nobr>You are currently logged in to your {$_SESSION['logged_uid']} {$_SESSION['logged_lvl']} account. Click <a href=\"?do=logout\">here</a> to logout.</nobr><br><br>";
- echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
- echo "<tr><td colspan=\"3\" valign=\"top\">";
- if ($_SESSION['logged_lvl'] == "subscriber") {
- $usr_query = mysql_query("select * from users where id='{$_SESSION['logged_uid']}'");
- $usr_data = mysql_fetch_row($usr_query);
- $dom_query = mysql_query("select mode from domains where id='{$usr_data[4]}'");
- $dom_data = mysql_fetch_row($dom_query);
- if ($dom_data[0] == 0) {
- nak("{$usr_data[4]} disabled by admin");
- }
- if ($usr_data[5] == 0) {
- nak("{$_SESSION['logged_uid']} disabled by postmaster");
- }
- $usr_name = $usr_data[3];
- $usr_name = trim($_POST['usr_name']);
- $usr_name = ucwords($usr_name);
- if ($usr_name != $usr_data[3]) {
- $usr_query = mysql_query("update users set name='$usr_name' where id='{$_SESSION['logged_uid']}'");
- if (!usr_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("name changed");
- }
- }
- else {
- $usr_name = $usr_data[3];
- }
- }
- $usr_pw0 = $usr_data[1];
- if (isset($_POST['usr_pw1']) and !empty($_POST['usr_pw1']) and isset($_POST['usr_pw2']) and !empty($_POST['usr_pw2']) and isset($_POST['usr_pw3']) and !empty($_POST['usr_pw3']) and (strlen($_POST['usr_pw2']) <= 64) and (strlen($_POST['usr_pw3']) <= 64) and (strlen($_POST['usr_pw2']) >= 8) and (strlen($_POST['usr_pw3']) >= 8)) {
- $usr_pw1 = trim($_POST['usr_pw1']);
- $usr_pw2 = trim($_POST['usr_pw2']);
- $usr_pw3 = trim($_POST['usr_pw3']);
- if ($usr_pw0 == crypt($usr_pw1,$usr_pw0)) {
- if ($usr_pw2 == $usr_pw3) {
- $usr_pw = crypt($usr_pw2);
- $usr_query = mysql_query("update users set pw='$usr_pw' where id='{$_SESSION['logged_uid']}'");
- if (!usr_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("password changed");
- $_SESSION['logged_key'] = $usr_pw2;
- }
- }
- else {
- nak("new passwords do not match");
- }
- }
- else {
- nak("current password entered is incorrect");
- }
- }
- }
- if (isset($_POST['a_email']) and !empty($_POST['a_email']) and isset($_POST['a_fname']) and !empty($_POST['a_fname']) and isset($_POST['a_lname']) and !empty($_POST['a_lname'])) {
- $a_email = strtolower(trim(strip_tags($_POST['a_email'])));
- if (preg_match("/@/",$a_email) and preg_match("/\./",$a_email)) {
- $a_fname = ucwords(trim(strip_tags($_POST['a_fname'])));
- $a_lname = ucwords(trim(strip_tags($_POST['a_lname'])));
- $addr_query = mysql_query("create table if not exists contacts (id varchar(255) not null, lname varchar(64) not null, fname varchar(64) not null, email varchar(255) not null);");
- $addr_query = mysql_query("select * from contacts where id='{$_SESSION['logged_uid']}' and email='$a_email';");
- if (mysql_num_rows($addr_query) > 0) {
- nak("$a_email exists");
- }
- else {
- $addr_query = mysql_query("insert into contacts values('{$_SESSION['logged_uid']}','$a_lname','$a_fname','$a_email');");
- if (isset($_FILES['a_photo']) and !empty($_FILES['a_photo'])) {
- if (is_uploaded_file($_FILES['a_photo']['tmp_name'])) {
- if (($_FILES['a_photo']['type']=="image/gif") || ($_FILES['a_photo']['type']=="image/pjpeg") || ($_FILES['a_photo']['type']=="image/jpeg") || ($_FILES['a_photo']['type']=="image/png")) {
- $a_path = sha1($_SESSION['logged_uid']);
- $a_file = sha1($a_email);
- if (file_exists("images/contacts/$a_path/{$a_file}.gif")) {
- unlink("images/contacts/$a_path/{$a_file}.gif");
- }
- if (file_exists("images/contacts/$a_path/{$a_file}.jpg")) {
- unlink("images/contacts/$a_path/{$a_file}.jpg");
- }
- if (file_exists("images/contacts/$a_path/{$a_file}.png")) {
- unlink("images/contacts/$a_path/{$a_file}.png");
- }
- if (!file_exists("images/contacts/$a_path")) {
- mkdir("images/contacts/$a_path",0700,true);
- }
- if ($_FILES['a_photo']['type']=="image/gif") {
- $res = copy($_FILES['a_photo']['tmp_name'], "images/contacts/$a_path/{$a_file}.gif");
- kartero_resize_image("images/contacts/$a_path/{$a_file}.gif");
- unlink($_FILES['a_photo']['tmp_name']);
- }
- if (($_FILES['a_photo']['type']=="image/jpeg") or ($_FILES['a_photo']['type']=="image/pjpeg")) {
- $res = copy($_FILES['a_photo']['tmp_name'], "images/contacts/$a_path/{$a_file}.jpg");
- kartero_resize_image("images/contacts/$a_path/{$a_file}.jpg");
- unlink($_FILES['a_photo']['tmp_name']);
- }
- if ($_FILES['a_photo']['type']=="image/png") {
- $res = copy($_FILES['a_photo']['tmp_name'], "images/contacts/$a_path/{$a_file}.png");
- kartero_resize_image("images/contacts/$a_path/{$a_file}.png");
- unlink($_FILES['a_photo']['tmp_name']);
- }
- }
- else {
- unlink($_FILES['a_photo']['tmp_name']);
- }
- }
- else {
- unlink($_FILES['a_photo']['tmp_name']);
- }
- }
- ack("$a_email added to contacts");
- }
- }
- else {
- nak("invalid email");
- }
- }
- if (isset($_POST['a_del']) and !empty($_POST['a_del'])) {
- $a_del = strtolower(trim(strip_tags($_POST['a_del'])));
- $a_del_query = mysql_query("delete from contacts where id='{$_SESSION['logged_uid']}' and email='$a_del';");
- if (!$a_del_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- $a_path = sha1($_SESSION['logged_uid']);
- $a_file = sha1($a_del);
- if (file_exists("images/contacts/$a_path/{$a_file}.gif")) {
- unlink("images/contacts/$a_path/{$a_file}.gif");
- }
- if (file_exists("images/contacts/$a_path/{$a_file}.jpg")) {
- unlink("images/contacts/$a_path/{$a_file}.jpg");
- }
- if (file_exists("images/contacts/$a_path/{$a_file}.png")) {
- unlink("images/contacts/$a_path/{$a_file}.png");
- }
- ack("$a_del removed from contacts");
- }
- }
- if ($_SESSION['logged_lvl'] == "postmaster") {
- $dom_query = mysql_query("select mode from domains where id='{$_SESSION['logged_uid']}'");
- $dom_query = mysql_fetch_row($dom_query);
- if ($dom_query[0] == "0") {
- nak("{$_SESSION['logged_uid']} disabled by admin - new settings will take effect once it is re-enabled");
- }
- $max_get = mysql_query("select max from domains where id='{$_SESSION['logged_uid']}'");
- $pm_max = mysql_fetch_row($max_get);
- $pm_get = mysql_query("select * from users where domain='{$_SESSION['logged_uid']}' order by id");
- $pm_now = mysql_num_rows($pm_get);
- if (isset($_POST['pm_id']) and isset($_POST['pm_name']) and isset($_POST['pm_pw']) and !empty($_POST['pm_id']) and !empty($_POST['pm_name']) and !empty($_POST['pm_pw'])) {
- if (($pm_now >= $pm_max[0]) and ($pm_max[0] != 0)) {
- nak("{$_SESSION['logged_uid']} limit exceeded");
- }
- else {
- $pm_id = trim($_POST['pm_id']);
- $pm_id = strtolower($pm_id);
- if (preg_match("/@/",$pm_id)) {
- $pm_id = substr($pm_id,0,strpos($pm_id,"@"));
- }
- $pm_addr = $pm_id . "@" . $_SESSION['logged_uid'];
- $alias_query = mysql_query("select id from aliases where id='$pm_addr'");
- if (mysql_fetch_row($alias_query) > 0) {
- nak("$pm_addr alias exists");
- }
- else {
- $pm_name = trim($_POST['pm_name']);
- $pm_name = ucwords($pm_name);
- $pm_pw = trim($_POST['pm_pw']);
- $pm_pw = crypt($pm_pw);
- $pm_init = substr($pm_id,0,1);
- $pm_maildir = "{$_SESSION['logged_uid']}/$pm_init/$pm_id";
- $pm_quota = kartero_dovecot_quota($_POST['pm_quota']);
- if ($pm_quota == "") {
- $pm_query = mysql_query("insert into users values('$pm_addr','$pm_pw','$pm_maildir/','$pm_name','{$_SESSION['logged_uid']}','1',NULL)");
- }
- else {
- $pm_query = mysql_query("insert into users values('$pm_addr','$pm_pw','$pm_maildir/','$pm_name','{$_SESSION['logged_uid']}','1','$pm_quota')");
- }
- if (!$pm_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- if (!file_exists("$mail_root/{$_SESSION['logged_uid']}")) {
- mkdir("$mail_root/{$_SESSION['logged_uid']}");
- }
- if (!file_exists("$mail_root/{$_SESSION['logged_uid']}/$pm_init")) {
- mkdir("$mail_root/{$_SESSION['logged_uid']}/$pm_init");
- }
- if (!file_exists("$mail_root/$pm_maildir")) {
- mkdir("$mail_root/$pm_maildir");
- }
- if (!file_exists("$mail_root/$pm_maildir/cur")) {
- mkdir("$mail_root/$pm_maildir/cur");
- }
- if (!file_exists("$mail_root/$pm_maildir/new")) {
- mkdir("$mail_root/$pm_maildir/new");
- }
- if (!file_exists("$mail_root/$pm_maildir/tmp")) {
- mkdir("$mail_root/$pm_maildir/tmp");
- }
- ack("$pm_addr added");
- }
- }
- }
- }
- if (isset($_POST['pm_mod']) and !empty($_POST['pm_mod'])) {
- $pm_mod = trim($_POST['pm_mod']);
- if (isset($_POST['pm_name']) and !empty($_POST['pm_name'])) {
- $pm_name = trim($_POST['pm_name']);
- $pm_name = ucwords($pm_name);
- $pm_query = mysql_query("select name from users where id='$pm_mod'");
- $name_get = mysql_fetch_row($pm_query);
- if ($name_get[0] != $pm_name) {
- $pm_query = mysql_query("update users set name='$pm_name' where id='$pm_mod'");
- if (!$pm_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$pm_mod complete name updated");
- }
- }
- }
- if (isset($_POST['pm_pass']) and !empty($_POST['pm_pass'])) {
- $pm_pass = $_POST['pm_pass'];
- $pm_pass = crypt($pm_pass);
- $pm_query = mysql_query("update users set pw='$pm_pass' where id='$pm_mod'");
- if (!$pm_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$pm_mod password updated");
- }
- }
- if (isset($_POST['pm_quota'])) {
- $pm_quota = kartero_dovecot_quota($_POST['pm_quota']);
- $pm_query = mysql_query("select quota from users where id='$pm_mod'");
- $quota_get = mysql_fetch_row($pm_query);
- if ($quota_get[0] != $pm_quota) {
- if ($pm_quota == "") {
- $pm_query = mysql_query("update users set quota=NULL where id='$pm_mod'");
- }
- else {
- $pm_query = mysql_query("update users set quota='$pm_quota' where id='$pm_mod'");
- }
- if (!$pm_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$pm_mod quota updated");
- }
- }
- }
- }
- if (isset($_POST['pm_set']) and !empty($_POST['pm_set']) and isset($_POST['pm_do']) and !empty($_POST['pm_do'])) {
- $pm_set = trim($_POST['pm_set']);
- $pm_do = trim($_POST['pm_do']);
- if ($pm_do == "disable") {
- $pm_do = "0";
- }
- if ($pm_do == "enable") {
- $pm_do = "1";
- }
- $pm_query = mysql_query("update aliases set mode='$pm_do' where alias='$pm_set'");
- $pm_query = mysql_query("update users set mode='$pm_do' where id='$pm_set'");
- if (!$pm_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- $pm_query = mysql_query("select alias from aliases where alias='$pm_set'");
- $pm_aka = mysql_num_rows($pm_query);
- if ($pm_do == "0") {
- if ($pm_aka > 0) {
- if ($pm_aka < 2) {
- ack("$pm_set account and 1 alias disabled");
- }
- else {
- ack("$pm_set account and $pm_aka aliases disabled");
- }
- }
- else {
- ack("$pm_set account disabled");
- }
- }
- if ($pm_do == "1") {
- if (mysql_fetch_row($pm_query) > 0) {
- if ($pm_aka < 2) {
- ack("$pm_set account and 1 alias enabled");
- }
- else {
- ack("$pm_set account and $pm_aka aliases enabled");
- }
- }
- else {
- ack("$pm_set account enabled");
- }
- }
- }
- }
- if (isset($_POST['pm_del']) and !empty($_POST['pm_del'])) {
- $pm_del = trim($_POST['pm_del']);
- $pm_query = mysql_query("delete from aliases where alias='$pm_del'");
- $pm_query = mysql_query("delete from users where id='$pm_del'");
- if (!$pm_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- $pm_init = substr($pm_del,0,1);
- $pm_box = substr($pm_del,0,strpos($pm_del,"@"));
- if (file_exists("$mail_root/{$_SESSION['logged_uid']}/$pm_init/$pm_box")) {
- rmdirr("$mail_root/{$_SESSION['logged_uid']}/$pm_init/$pm_box");
- }
- if (count(glob("$mail_root/{$_SESSION['logged_uid']}/$pm_init/*")) < 1) {
- rmdir("$mail_root/{$_SESSION['logged_uid']}/$pm_init");
- }
- ack("$pm_del deleted");
- }
- }
- if (isset($_POST['alias_add']) and !empty($_POST['alias_add']) and isset($_POST['alias_to']) and !empty($_POST['alias_to'])) {
- $alias_add = trim($_POST['alias_add']);
- if (preg_match("/@/",$alias_add)) {
- $alias_add = substr($alias_add,0,strpos($alias_add,"@"));
- }
- $alias_add = "$alias_add@{$_SESSION['logged_uid']}";
- $alias_to = trim($_POST['alias_to']);
- $alias_query = mysql_query("select id from users where id='$alias_add'");
- if (mysql_num_rows($alias_query) > 0) {
- nak("$alias_add account exists");
- }
- else {
- if (!preg_match("/@/",$alias_to) or preg_match("/@{$_SESSION['logged_uid']}/",$alias_to)) {
- if (preg_match("/@{$_SESSION['logged_uid']}/",$alias_to)) {
- $alias_to = substr($alias_to,0,strpos($alias_to,"@"));
- }
- $alias_to = "$alias_to@{$_SESSION['logged_uid']}";
- $alias_query = mysql_query("select id from users where id='$alias_to'");
- if (mysql_num_rows($alias_query) < 1) {
- nak("$alias_to does not exist");
- }
- else {
- $alias_query = mysql_query("insert into aliases values('$alias_add','$alias_to','{$_SESSION['logged_uid']}','1')");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_add added");
- }
- }
- }
- else {
- $alias_query = mysql_query("insert into aliases values('$alias_add','$alias_to','{$_SESSION['logged_uid']}','1')");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_add added");
- }
- }
- }
- }
- if (isset($_POST['alias_mod']) and !empty($_POST['alias_mod']) and isset($_POST['alias_old']) and !empty($_POST['alias_old']) and isset($_POST['alias_to']) and !empty($_POST['alias_to'])) {
- $alias_mod = trim($_POST['alias_mod']);
- $alias_old = trim($_POST['alias_old']);
- $alias_to = trim($_POST['alias_to']);
- if (!preg_match("/@/",$alias_to) or preg_match("/@{$_SESSION['logged_uid']}/",$alias_to)) {
- if (preg_match("/@{$_SESSION['logged_uid']}/",$alias_to)) {
- $alias_to = substr($alias_to,0,strpos($alias_to,"@"));
- }
- $alias_to = "$alias_to@{$_SESSION['logged_uid']}";
- $alias_query = mysql_query("select id from users where id='$alias_to'");
- if (mysql_num_rows($alias_query) < 1) {
- nak("$alias_to does not exist");
- }
- else {
- $alias_query = mysql_query("update aliases set alias='$alias_to' where id='$alias_mod' and alias='$alias_old'");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_mod updated");
- }
- }
- }
- else {
- $alias_query = mysql_query("update aliases set alias='$alias_to' where id='$alias_mod' and alias='$alias_old'");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_mod updated");
- }
- }
- }
- if (isset($_POST['alias_set']) and !empty($_POST['alias_set']) and isset($_POST['alias_usr']) and !empty($_POST['alias_usr']) and isset($_POST['alias_do']) and !empty($_POST['alias_do'])) {
- $alias_set = trim($_POST['alias_set']);
- $alias_usr = trim($_POST['alias_usr']);
- $alias_do = trim($_POST['alias_do']);
- if ($alias_do == "disable") {
- $alias_do = "0";
- $alias_query = mysql_query("update aliases set mode='$alias_do' where id='$alias_set' and alias='$alias_usr'");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_set alias of $alias_usr disabled");
- }
- }
- if ($alias_do == "enable") {
- $alias_query = mysql_query("select alias from aliases where id='$alias_set'");
- $alias_recipient = mysql_fetch_row($alias_query);
- $alias_recipient = $alias_recipient[0];
- $usr_query = mysql_query("select mode from users where id='$alias_recipient'");
- $alias_recipient_mode = mysql_fetch_row($usr_query);
- $alias_recipient_mode = $alias_recipient_mode[0];
- if ($alias_recipient_mode == "0") {
- nak("cannot enable $alias_set alias while $alias_recipient recipient account is disabled");
- }
- else {
- $alias_do = "1";
- $alias_query = mysql_query("update aliases set mode='$alias_do' where id='$alias_set' and alias='$alias_usr'");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_set alias of $alias_usr enabled");
- }
- }
- }
- }
- if (isset($_POST['alias_del']) and !empty($_POST['alias_del']) and isset($_POST['alias_usr']) and !empty($_POST['alias_usr'])) {
- $alias_del = trim($_POST['alias_del']);
- $alias_usr = trim($_POST['alias_usr']);
- $alias_query = mysql_query("delete from aliases where id='$alias_del' and alias='$alias_usr'");
- if (!$alias_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$alias_del alias of $alias_usr deleted");
- }
- }
- }
- if ($_SESSION['logged_lvl'] == "administrator") {
- if (isset($_POST['dom_name']) and isset($_POST['dom_pass']) and isset($_POST['dom_max']) and !empty($_POST['dom_name']) and !empty($_POST['dom_pass']) and is_numeric($_POST['dom_max'])) {
- $dom_name = trim($_POST['dom_name']);
- $dom_pass = trim($_POST['dom_pass']);
- $dom_pass = crypt($dom_pass);
- $dom_max = trim($_POST['dom_max']);
- $dom_query = mysql_query("insert into domains values('$dom_name','$dom_pass','$dom_max','1')");
- if (!$dom_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- if (!file_exists("$mail_root/$dom_name")) {
- mkdir("$mail_root/$dom_name");
- }
- ack("$dom_name added");
- }
- }
- if (isset($_POST['dom_mod']) and !empty($_POST['dom_mod'])) {
- $dom_mod = trim($_POST['dom_mod']);
- if (isset($_POST['dom_pass']) and !empty($_POST['dom_pass'])) {
- $dom_pass = $_POST['dom_pass'];
- $dom_pass = crypt($dom_pass);
- $dom_query = mysql_query("update domains set pw='$dom_pass' where id='$dom_mod'");
- if (!$dom_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$dom_mod postmaster password updated");
- }
- }
- if (isset($_POST['dom_max']) and is_numeric($_POST['dom_max'])) {
- $dom_max = $_POST['dom_max'];
- $dom_query = mysql_query("select max from domains where id='$dom_mod'");
- $max_get = mysql_fetch_row($dom_query);
- if ($max_get[0] != $dom_max) {
- $dom_query = mysql_query("update domains set max='$dom_max' where id='$dom_mod'");
- if (!$dom_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- ack("$dom_mod account limit updated");
- }
- }
- }
- }
- if (isset($_POST['dom_set']) and !empty($_POST['dom_set']) and isset($_POST['dom_do']) and !empty($_POST['dom_do'])) {
- $dom_set = trim($_POST['dom_set']);
- $dom_do = trim($_POST['dom_do']);
- if ($dom_do == "disable") {
- $dom_do = "0";
- }
- if ($dom_do == "enable") {
- $dom_do = "1";
- }
- $dom_query = mysql_query("update domains set mode='$dom_do' where id='$dom_set'");
- if (!$dom_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- if ($dom_do == "0") {
- ack("$dom_set disabled");
- }
- if ($dom_do == "1") {
- ack("$dom_set enabled");
- }
- }
- }
- if (isset($_POST['dom_del']) and !empty($_POST['dom_del'])) {
- $dom_del = trim($_POST['dom_del']);
- $dom_query = mysql_query("delete from aliases where domain='$dom_del'");
- $dom_query = mysql_query("delete from users where domain='$dom_del'");
- $dom_query = mysql_query("delete from domains where id='$dom_del'");
- if (!$dom_query) {
- nak(strtolower(mysql_error()));
- }
- else {
- if (file_exists("$mail_root/$dom_del")) {
- rmdirr("$mail_root/$dom_del");
- }
- ack("$dom_del deleted");
- }
- }
- }
- echo "</td></tr>";
- echo "<tr><td valign=\"top\">";
- if ($_SESSION['logged_lvl'] == "subscriber") {
- $host = "{127.0.0.1:143/imap/notls/norsh}";
- if (!isset($_POST['box']) or empty($_POST['box'])) {
- $folder = "INBOX";
- }
- else {
- $folder = trim(strip_tags($_POST['box']));
- }
- $mbox = @imap_open("{$host}$folder", $_SESSION['logged_uid'], $_SESSION['logged_key'], CL_EXPUNGE) or die(imap_last_error());
- if (isset($_POST['move_msg']) and !empty($_POST['move_msg']) and isset($_POST['move_box']) and !empty($_POST['move_box'])) {
- $move_msg = trim(strip_tags($_POST['move_msg']));
- $move_box = imap_utf7_encode(ucwords(trim(preg_replace("/[^a-z0-9 ]/i","",strip_tags($_POST['move_box'])))));
- if (($move_box != "Sent") and ($move_box != "Trash")) {
- imap_mail_move($mbox,$move_msg,$move_box,CP_UID);
- imap_expunge($mbox);
- }
- }
- if (isset($_POST['new_box']) and !empty($_POST['new_box'])) {
- $new_box = imap_utf7_encode(ucwords(trim(preg_replace("/[^a-z0-9 ]/i","",strip_tags($_POST['new_box'])))));
- imap_createmailbox($mbox,"{$host}$new_box");
- }
- if (isset($_POST['del_box']) and !empty($_POST['del_box'])) {
- $del_box = imap_utf7_encode(ucwords(trim(preg_replace("/[^a-z0-9 ]/i","",strip_tags($_POST['del_box'])))));
- $del_siv = $del_box;
- if (($del_box != "INBOX") and ($del_box != "Sent") and ($del_box != "Trash")) {
- imap_deletemailbox($mbox,"{$host}$del_box");
- }
- }
- echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
- if (isset($_POST['reply_from']) and isset($_POST['reply_to']) and isset($_POST['reply_subj']) and isset($_POST['reply_body']) and !empty($_POST['reply_from']) and !empty($_POST['reply_to']) and !empty($_POST['reply_subj']) and !empty($_POST['reply_body'])) {
- $reply_from = trim($_POST['reply_from']);
- $reply_to = trim($_POST['reply_to']);
- $reply_subj = trim($_POST['reply_subj']);
- $reply_body = trim($_POST['reply_body']);
- $reply_headers = "From: $reply_from\nX-Mailer: Kartero/1.0 (PHP/" . phpversion() . ")\n";
- if (isset($_POST['reply_cc']) and !empty($_POST['reply_cc'])) {
- $reply_cc = trim($_POST['reply_cc']);
- $reply_headers = $reply_headers . "Cc: $reply_cc\n";
- }
- if (isset($_POST['reply_bcc']) and !empty($_POST['reply_bcc'])) {
- $reply_bcc = trim($_POST['reply_bcc']);
- $reply_headers = $reply_headers . "Bcc: $reply_bcc\n";
- }
- if (isset($_POST['filedrop_box']) and !empty($_POST['filedrop_box'])) {
- $do_filedrop_box = $_POST['filedrop_box'];
- if (file_exists("attach/i/$fileUsr/$do_filedrop_box") and (count(glob("attach/i/$fileUsr/$do_filedrop_box/*")) > 0)) {
- $mime_boundary = md5(microtime(true));
- $reply_headers .= "MIME-Version: 1.0\n";
- $reply_headers .= "Content-Type: multipart/mixed; boundary=\"{$mime_boundary}\"\n";
- $reply_body = "\nThis is a multi-part message in MIME format.\n\n--{$mime_boundary}\nContent-type: text/plain; charset=UTF-8\nContent-Transfer-Encoding: 8bit\n\n{$reply_body}";
- $do_reply_from = extract_emails_from($reply_from);
- $do_reply_to = extract_emails_from($reply_to);
- $do_filedrop_msg = glob("attach/i/$fileUsr/$do_filedrop_box/*");
- sort($do_filedrop_msg);
- reset($do_filedrop_msg);
- foreach ($do_filedrop_msg as $do_filedrop_put) {
- $do_filedrop_nom = str_replace("attach/i/$fileUsr/$do_filedrop_box/","",$do_filedrop_put);
- $reply_body = $reply_body . "\n\n--{$mime_boundary}\nContent-Type: application/octet-stream; name=\"$do_filedrop_nom\"\nContent-Disposition: attachment; filename=\"$do_filedrop_nom\"\nContent-Transfer-Encoding: base64\n\n" . chunk_split(base64_encode(file_get_contents($do_filedrop_put)));
- }
- $reply_body = $reply_body . "--{$mime_boundary}--";
- rmdirr("attach/i/$fileUsr/$do_filedrop_box");
- if (count(glob("attach/i/$fileUsr/*")) == 0) {
- rmdirr("attach/i/$fileUsr");
- }
- }
- }
- if ($_POST['redirect'] == 1) {
- $redirect_date = date("D, j M Y H:i:s O (T)");
- $reply_headers = "Resent-Date: $redirect_date\nResent-To: $reply_to\n";
- if (isset($_POST['reply_cc']) and !empty($_POST['reply_cc'])) {
- $reply_cc = trim($_POST['reply_cc']);
- $reply_headers = $reply_headers . "Resent-Cc: $reply_cc\n";
- }
- if (isset($_POST['reply_bcc']) and !empty($_POST['reply_bcc'])) {
- $reply_bcc = trim($_POST['reply_bcc']);
- $reply_headers = $reply_headers . "Resent-Bcc: $reply_bcc\n";
- }
- $reply_headers = $reply_headers . imap_fetchheader($mbox,$_POST['msg'],FT_UID|FT_PREFETCHTEXT) . "\n";
- $reply_body = imap_body($mbox,$_POST['msg'],FT_UID);
- }
- $reply_fenv = extract_emails_from($reply_from);
- if ($_POST['reply_hi'] == "on") {
- $reply_headers = $reply_headers . "X-Priority: 1 (Highest)\nImportance: High\n";
- }
- if ($_POST['reply_rr'] == "on") {
- $reply_headers = $reply_headers . "X-Confirm-Reading-To: {$reply_fenv[0]}\nDisposition-Notification-To: {$reply_fenv[0]}\n";
- }
- if ($_POST['reply_dr'] == "on") {
- $reply_headers = $reply_headers . "Return-Receipt-To: {$reply_fenv[0]}\n";
- }
- imap_createmailbox($mbox,"{$host}Sent");
- $reply_date = date ("d-M-Y H:i:s O");
- $reply_body = preg_replace("#(?<!\r)\n#si", "\n", $reply_body);
- $reply_headers = preg_replace('#(?<!\r)\n#si', "\n", $reply_headers);
- $reply_headers = str_replace("\n\n","\n",$reply_headers);
- imap_append($mbox,"{$host}Sent","To: $reply_to\nSubject: $reply_subj\nDate: $reply_date\n$reply_headers\n\n$reply_body\n");
- mail($reply_to, $reply_subj, $reply_body, $reply_headers, "-f {$reply_fenv[0]}");
- if ($_POST['ack'] == 1) {
- imap_setflag_full($mbox, $_POST['msg'], '\\Answered',ST_UID);
- }
- }
- if (isset($_POST['not']) and !empty($_POST['not']) and is_numeric($_POST['not'])) {
- imap_clearflag_full($mbox, $_POST['msg'], '\\Seen',ST_UID);
- imap_expunge($mbox);
- }
- if (isset($_POST['emt']) and !empty($_POST['emt']) and is_numeric($_POST['emt'])) {
- imap_delete($mbox,'1:*');
- imap_expunge($mbox);
- }
- echo "<tr><td valign=\"top\" width=\"800\"><div id=\"main\" class=\"main\">";
- if (isset($_POST['get']) and !empty($_POST['get'])) {
- include("read.php");
- }
- elseif (isset($_POST['rep']) and !empty($_POST['rep'])) {
- include("send.php");
- }
- elseif (isset($_POST['new']) and !empty($_POST['new'])) {
- include("post.php");
- }
- elseif (isset($_POST['dig']) and !empty($_POST['dig'])) {
- include("search.php");
- }
- elseif (isset($_POST['addr']) and !empty($_POST['addr'])) {
- echo "<title>Kartero - Contacts</title>";
- echo "<div class=\"message\">";
- echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\"><tr><td>";
- echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
- echo "<tr>";
- echo "<td class=\"label\"><img src=\"images/mail-contacts.png\" border=\"0\" width=\"32\" height=\"32\" onclick=\"document.getElementById('list').className ='';document.getElementById('add').className='hide'\"></td>";
- echo "<td class=\"label\"><img src=\"images/mail-contacts.png\" border=\"0\" width=\"32\" height=\"32\" onclick=\"document.getElementById('list').className ='hide';document.getElementById('add').className=''\"></td>";
- echo "</tr>";
- echo "<tr><td class=\"label\">list</td><td class=\"label\">add</td></tr>";
- echo "</table>";
- echo "</td></tr></table>";
- echo "</div>";
- $addr_query = mysql_query("select * from contacts where id='{$_SESSION['logged_uid']}' order by lname, fname, email;");
- if (($_POST['addr'] == "add") or (mysql_num_rows($addr_query) < 1)) {
- echo "<div id=\"add\">";
- }
- else {
- echo "<div id=\"add\" class=\"hide\">";
- }
- echo "<div class=\"spacer\"></div>";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"1\" width=\400\">";
- echo "<form method=\"post\" enctype=\"multipart/form-data\">";
- echo "<input type=\"hidden\" name=\"addr\" value=\"add\">";
- echo "<tr><td><input class=\"input\" type=\"text\" name=\"a_email\" maxlength=\"255\" autocomplete=\"off\" required autofocus></td><td>email address</td></tr>";
- echo "<tr><td><input class=\"input\" type=\"text\" name=\"a_fname\" maxlength=\"64\" autocomplete=\"off\" required></td><td>first name</td></tr>";
- echo "<tr><td><input class=\"input\" type=\"text\" name=\"a_lname\" maxlength=\"64\" autocomplete=\"off\" required></td><td>last name</td></tr>";
- echo "<tr><td><input type=\"file\" name=\"a_photo\"></td><td>optional photo</td></tr>";
- echo "<tr><td><input class=\"button\" type=\"submit\" value=\"add contact\"></td><td></td></tr>";
- echo "</form>";
- echo "</table>";
- echo "</div>";
- if ($_POST['addr'] == "list") {
- echo "<div id=\"list\">";
- }
- else {
- echo "<div id=\"list\" class=\"hide\">";
- }
- if (mysql_num_rows($addr_query) > 0) {
- echo "<div class=\"spacer\"></div>";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\">";
- while ($addr_row = mysql_fetch_array($addr_query)) {
- if ($bgColor == "#ffffff") {
- $bgColor = "#fdfdfd";
- }
- else {
- $bgColor = "#ffffff";
- }
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"addr\" value=\"list\">";
- echo "<input type=\"hidden\" name=\"a_del\" value=\"{$addr_row[email]}\">";
- echo "<tr bgcolor=\"$bgColor\">";
- echo "<td valign=\"bottom\" width=\"24\"><input type=\"image\" src=\"images/sieve-del.png\"></td>";
- echo "<td>{$addr_row[fname]} {$addr_row[lname]}</td><td>{$addr_row[email]}</td>";
- echo "</tr>";
- echo "</form>";
- }
- echo "</table>";
- echo "</div>";
- unset($bgColor);
- }
- }
- elseif (isset($_POST['set']) and !empty($_POST['set'])) {
- echo "<title>Kartero - Settings</title>";
- echo "<div class=\"message\">";
- echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\"><tr><td>";
- echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
- echo "<tr>";
- echo "<td class=\"label\"><img src=\"images/mail-settings.png\" border=\"0\" width=\"32\" height=\"32\" onclick=\"document.getElementById('account').className ='';document.getElementById('folders').className='hide';document.getElementById('filters').className='hide'\"></td>";
- echo "<td class=\"label\"><img src=\"images/mail-settings.png\" border=\"0\" width=\"32\" height=\"32\" onclick=\"document.getElementById('account').className ='hide';document.getElementById('folders').className='';document.getElementById('filters').className='hide'\"></td>";
- echo "<td class=\"label\"><img src=\"images/mail-settings.png\" border=\"0\" width=\"32\" height=\"32\" onclick=\"document.getElementById('account').className ='hide';document.getElementById('folders').className='hide';document.getElementById('filters').className=''\"></td>";
- echo "</tr>";
- echo "<tr><td class=\"label\">account</td><td class=\"label\">folders</td><td class=\"label\">filters</td></tr>";
- echo "</table>";
- echo "</td></tr></table>";
- echo "</div>";
- echo "<script type=\"text/javascript\" src=\"kartero-zxcvbn.js\"></script>";
- echo "<style> @-webkit-keyframes strength { 0% { width: 0; } } @-moz-keyframes strength { 0% { width: 0; height: 11px; } } #mtr { width: 0; height: 11px; padding: 0; margin: 0; -webkit-animation-name: strength; -moz-animation-name: strength; -webkit-animation-duration: 1s; -moz-animation-duration: 1s; -webkit-animation-iteration-count: 1; -moz-animation-iteration-count: 1; -webkit-animation-timing-function: ease; -moz-animation-timing-function: ease; } </style>";
- if ($_POST['set'] == "account") {
- echo "<div id=\"account\">";
- }
- else {
- echo "<div id=\"account\" class=\"hide\">";
- }
- echo "<div class=\"spacer\"></div>";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"1\">";
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"set\" value=\"account\">";
- echo "<tr bgcolor=\"#ffffff\"><td width=\"400\"><input class=\"input\" type=\"text\" name=\"usr_name\" value=\"$usr_name\" autocomplete=\"off\" maxlength=\"128\" required autofocus></td><td>name</td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input class=\"input\" type=\"password\" name=\"usr_pw1\" autocomplete=\"off\" maxlength=\"64\"></td><td><nobr>current password</nobr></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\" width=\"100%\"><tr bgcolor=\"#ffffff\"><td height=\"17\"><div id=\"mtr\" style=\"display: none;\"></div></td></tr></table></td><td id=\"ctd\"></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input class=\"input\" type=\"password\" name=\"usr_pw2\" autocomplete=\"off\" maxlength=\"64\" onkeyup=\"eval(this.value)\"></td><td><nobr>new password";
- if (isset($_POST['usr_pw1']) and !empty($_POST['usr_pw1']) and isset($_POST['usr_pw2']) and (strlen($_POST['usr_pw2']) < 8)) {
- echo " <font color=\"red\">too short</font>";
- }
- echo "</nobr></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input class=\"input\" type=\"password\" name=\"usr_pw3\" autocomplete=\"off\" maxlength=\"64\"></td><td><nobr>new password";
- if (isset($_POST['usr_pw1']) and !empty($_POST['usr_pw1']) and isset($_POST['usr_pw3']) and (strlen($_POST['usr_pw3']) < 8)) {
- echo " <font color=\"red\">too short</font>";
- }
- echo "</nobr></td></tr>";
- echo "<tr bgcolor=\"#ffffff\"><td><input class=\"button\" type=\"submit\" value=\"update\"></td><td></td></tr>";
- echo "</form></table>";
- echo "</div>";
- if ($_POST['set'] == "folders") {
- echo "<div id=\"folders\">";
- }
- else {
- echo "<div id=\"folders\" class=\"hide\">";
- }
- echo "<div class=\"spacer\"></div>";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"1\">";
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"set\" value=\"folders\">";
- echo "<tr bgcolor=\"#ffffff\"><td width=\"200\"><input class=\"input\" type=\"text\" name=\"new_box\" autocomplete=\"off\" maxlength=\"200\" required autofocus></td>";
- echo "<td width=\"197\"><input class=\"button\" type=\"submit\" value=\"create folder\"></td><td></td></tr>";
- echo "</form>";
- $usr_box = imap_list($mbox,$host,"*");
- $usr_box = array_diff($usr_box,array("{$host}INBOX","{$host}Sent","{$host}Trash"));
- if (count($usr_box) > 0) {
- sort($usr_box);
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"set\" value=\"folders\">";
- echo "<tr bgcolor=\"#ffffff\"><td width=\"200\"><select class=\"input\" name=\"del_box\">";
- foreach ($usr_box as $del_box) {
- $del_box = imap_utf7_decode(str_replace($host,"",$del_box));
- echo "<option value=\"$del_box\">$del_box</option>";
- }
- echo "</select></td><td width=\"197\"><input class=\"button\" type=\"submit\" value=\"delete folder\" onclick=\"if (confirm('Delete folder and all messages in it?')) {return true;} else {return false;}\"></td><td></td></tr>";
- echo "</form>";
- }
- echo "</table>";
- echo "</div>";
- if (isset($mail_home) and !empty($mail_home)) {
- $sivU = explode("@",$_SESSION['logged_uid']);
- $sivN = $sivU[0];
- $sivD = $sivU[1];
- $sivP = "$mail_home/$sivD/{$sivN[0]}/$sivN";
- $sivR = glob("$sivP/*.sieve",GLOB_NOSORT);
- if ($del_siv) {
- foreach ($sivR as $sivI) {
- if (stripos(file_get_contents($sivI),"fileinto \"$del_siv\";")) {
- unlink($sivI);
- }
- }
- }
- if (isset($_POST['sieveT']) and !empty($_POST['sieveT']) and isset($_POST['sieveV']) and !empty($_POST['sieveV']) and isset($_POST['sieveF']) and !empty($_POST['sieveF'])) {
- $sieveT = strtolower(trim(strip_tags($_POST['sieveT'])));
- $sieveV = trim($_POST['sieveV']);
- $sieveF = imap_utf7_encode(trim(strip_tags($_POST['sieveF'])));
- if ($sieveT == "subject") {
- $sieveV = strip_tags($sieveV);
- }
- if ($sieveV != "") {
- if ($sieveT == "body") {
- $sieveW = "require [\"fileinto\", \"body\"]; if body :contains \"$sieveV\" { fileinto \"$sieveF\"; }";
- }
- else {
- $sieveW = "require \"fileinto\"; if header :contains \"$sieveT\" \"$sieveV\" { fileinto \"$sieveF\"; }";
- }
- }
- if ($sieveW != ""){
- if (count($sivR) > 0) {
- foreach ($sivR as $sieveR) {
- if (strtolower(trim(file_get_contents($sieveR))) != strtolower($sieveW)) {
- continue;
- }
- unlink($sieveR);
- }
- }
- $sieveP = "$sivP/" . date("YmdHis") . ".sieve";
- if (!file_exists($sivP)) {
- mkdir($sivP,0700,true);
- }
- $sieveC = "$sieveT \"$sieveV\"";
- $sieveO = (imap_search($mbox,$sieveC,SE_UID));
- foreach ($sieveO as $sivO) {
- imap_mail_move($mbox,$sivO,$sieveF,CP_UID);
- imap_expunge($mbox);
- }
- }
- }
- if (isset($_POST['sieve']) and !empty($_POST['sieve'])) {
- $sieve = strtolower(trim(strip_tags($_POST['sieve'])));
- if (isset($_POST['sivM']) and !empty($_POST['sivM'])) {
- $sivM = trim(strip_tags($_POST['sivM']));
- if (file_exists("$sivP/$sivM") and ($_POST['set'] == "sivM")) {
- $sivMs = file_get_contents("$sivP/$sieve");
- $sivMt = file_get_contents("$sivP/$sivM");
- }
- }
- if (file_exists("$sivP/$sieve") and ($_POST['set'] == "sivD")) {
- unlink("$sivP/$sieve");
- }
- }
- if (($_POST['set'] == "filters") or ($_POST['set'] == "sivD") or ($_POST['set'] == "sivM")) {
- echo "<div id=\"filters\">";
- }
- else {
- echo "<div id=\"filters\" class=\"hide\">";
- }
- echo "<div class=\"spacer\"></div>";
- echo "<div class=\"message\" style=\"padding: 0;\">";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"1\" width=\"100%\">";
- echo "<form method=\"post\"><input type=\"hidden\" name=\"set\" value=\"filters\"><tr>";
- echo "<td width=\"200\"><select class=\"input\" name=\"sieveT\">";
- echo "<option value=\"subject\">If message subject contains</option>";
- echo "<option value=\"from\">If message from contains</option>";
- echo "<option value=\"to\">If message to contains</option>";
- echo "<option value=\"cc\">If message cc contains</option>";
- echo "<option value=\"body\">If message body contains</option>";
- echo "</td>";
- echo "<td><input class=\"input\" type=\"text\" name=\"sieveV\" autocomplete=\"off\" required></td>";
- echo "<td><select class=\"input\" name=\"sieveF\"><option value=\"Trash\" selected>then move to Trash</option>";
- foreach ($usr_box as $sieveF) {
- $sieveF = str_replace($host,"",$sieveF);
- echo "<option value=\"$sieveF\">then move to $sieveF</option>";
- }
- echo "</select></td>";
- echo "<td><input class=\"button\" type=\"submit\" value=\"add filter\"></td>";
- echo "</tr></form>";
- echo "</table>";
- echo "</div>";
- echo "<div class=\"spacer\"></div>";
- $sivR = glob("$sivP/*.sieve");
- if (count($sivR) > 0) {
- $sivW = 'require "include";';
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\">";
- foreach ($sivR as $sivK => $sivS) {
- if ($bgColor == "#ffffff") {
- $bgColor = "#fdfdfd";
- }
- else {
- $bgColor = "#ffffff";
- }
- if ($sivK > 0) {
- $sivKp = $sivK - 1;
- if (array_key_exists($sivKp,$sivR)) {
- $sivKp = basename($sivR[$sivKp]);
- }
- else {
- unset($sivKp);
- }
- }
- if ($sivK < count($sivR)) {
- $sivKn = $sivK + 1;
- if (array_key_exists($sivKn,$sivR)) {
- $sivKn = basename($sivR[$sivKn]);
- }
- else {
- unset($sivKn);
- }
- }
- $sivC = (explode('"',file_get_contents($sivS)));
- $sivF = basename($sivS);
- $sivW = $sivW . "\r\ninclude \"" . str_replace(".sieve","",$sivF) . '";';
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"set\" value=\"sivD\">";
- echo "<input type=\"hidden\" name=\"sieve\" value=\"$sivF\">";
- echo "<tr bgcolor=\"$bgColor\">";
- echo "<td valign=\"bottom\" width=\"24\"><input type=\"image\" src=\"images/sieve-del.png\"></td>";
- echo "</form>";
- if ($sivKp) {
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"set\" value=\"sivM\">";
- echo "<input type=\"hidden\" name=\"sieve\" value=\"$sivF\">";
- echo "<input type=\"hidden\" name=\"sivM\" value=\"$sivKp\">";
- echo "<td valign=\"bottom\" width=\"24\"><input type=\"image\" src=\"images/sieve-up.png\"></td>";
- echo "</form>";
- }
- else {
- if (count($sivR) > 1) {
- echo "<td></td>";
- }
- }
- if ($sivKn) {
- echo "<form method=\"post\">";
- echo "<input type=\"hidden\" name=\"set\" value=\"sivM\">";
- echo "<input type=\"hidden\" name=\"sieve\" value=\"$sivF\">";
- echo "<input type=\"hidden\" name=\"sivM\" value=\"$sivKn\">";
- echo "<td valign=\"bottom\" width=\"24\"><input type=\"image\" src=\"images/sieve-down.png\"></td>";
- echo "</form>";
- }
- else {
- if (count($sivR) > 1) {
- echo "<td></td>";
- }
- }
- echo "<td>If message {$sivC[3]} contains {$sivC[5]} then move to {$sivC[7]}</td>";
- echo "</tr>";
- }
- echo "</table>";
- echo "</div>";
- if ($sivW != file_get_contents("$sivP/.dovecot.sieve")) {
- }
- }
- else {
- if (file_exists("$sivP/.dovecot.sieve")) {
- unlink("$sivP/.dovecot.sieve");
- }
- if (file_exists("$sivP/.dovecot.svbin")) {
- unlink("$sivP/.dovecot.svbin");
- }
- }
- }
- }
- else {
- // imap_ping() should be doing this, but it's not working:
- $mbox = @imap_open("{$host}$folder", $_SESSION['logged_uid'], $_SESSION['logged_key'], CL_EXPUNGE) or die(imap_last_error());
- include("inbox.php");
- //echo "<script type=\"text/javascript\" src=\"jquery-1.3.2.min.js\"></script>";
- //echo "<script type=\"text/javascript\"> $(document).ready(function() { setInterval(function() { $('#main').fadeOut(\"fast\").load('inbox.php').fadeIn(\"slow\"); }, 5000); }); </script>";
- }
- echo "</div></td>";
- echo "<td width=\"10\"></td>";
- echo "<td valign=\"top\" width=\"100\">";
- // imap_ping() should be doing this, but it's not working:
- $mbox = @imap_open("{$host}$folder", $_SESSION['logged_uid'], $_SESSION['logged_key'], CL_EXPUNGE) or die(imap_last_error());
- include("folders.php");
- echo "</td>";
- echo "</tr></table>";
- }
- if ($_SESSION['logged_lvl'] == "postmaster") {
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\">";
- echo "<tr bgcolor=\"#eeeeee\"><td colspan=\"4\" align=\"center\">status</td><td align=\"center\">username</td><td align=\"center\">complete name</td><td align=\"center\">password</td><td align=\"center\">quota</td><td align=\"center\" colspan=\"2\">action</td></tr>";
- echo "<form method=\"post\">";
- echo "<tr bgcolor=\"#ffffff\"><td align=\"center\">new</td><td align=\"center\">cur</td><td align=\"center\">aka</td><td align=\"center\">rcv</td><td><input class=\"input\" type=\"text\" name=\"pm_id\" autocomplete=\"off\" maxlength=\"255\"></td><td><input class=\"input\" type=\"text\" name=\"pm_name\" autocomplete=\"off\" maxlength=\"128\"></td><td><input class=\"input\" type=\"text\" name=\"pm_pw\" autocomplete=\"off\" maxlength=\"64\"></td><td width=\"64\"><input class=\"input\" type=\"text\" name=\"pm_quota\" autocomplete=\"off\" maxlength=\"16\" style=\"text-align: right;\"></td><td colspan=\"2\"><input class=\"button\" type=\"submit\" value=\"add\"></td></tr>";
- echo "</form>";
- $pm_get = mysql_query("select * from users where domain='{$_SESSION['logged_uid']}' order by id");
- while ($pm_row = mysql_fetch_array($pm_get)) {
- if ($pm_row[5] == "1") {
- $pm_do = "disable";
- $pm_bg = "#ffffff";
- }
- if ($pm_row[5] == "0") {
- $pm_do = "enable";
- $pm_bg = "#eeeeee";
- }
- $msg_new = "$mail_root/{$_SESSION['logged_uid']}/" . substr($pm_row[0],0,1) . "/" . substr($pm_row[0],0,strpos($pm_row[0],"@")) . "/new/*";
- $msg_new = count(glob($msg_new));
- $msg_cur = "$mail_root/{$_SESSION['logged_uid']}/" . substr($pm_row[0],0,1) . "/" . substr($pm_row[0],0,strpos($pm_row[0],"@")) . "/cur/*";
- $msg_cur = count(glob($msg_cur));
- $pm_aka = mysql_query("select * from aliases where alias='{$pm_row[0]}'");
- $pm_aka = mysql_num_rows($pm_aka);
- echo "<tr bgcolor=\"$pm_bg\"><td align=\"right\">$msg_new</td><td align=\"right\">$msg_cur</td><td align=\"right\">$pm_aka</td><form method=\"post\"><input type=\"hidden\" name=\"pm_set\" value=\"{$pm_row[0]}\"><input type=\"hidden\" name=\"pm_do\" value=\"$pm_do\"><td align=\"center\" valign=\"middle\" width=\"10\"><input type=\"image\" src=\"images/{$pm_do}.png\"></td></form><form method=\"post\"><input type=\"hidden\" name=\"pm_mod\" value=\"{$pm_row[0]}\"><td>{$pm_row[0]}</td><td><input class=\"input\" type=\"text\" name=\"pm_name\" maxlength=\"128\" autocomplete=\"off\" value=\"{$pm_row[3]}\"></td><td><input class=\"input\" type=\"text\" name=\"pm_pass\" maxlength=\"64\" autocomplete=\"off\"></td><td><input class=\"input\" type=\"text\" name=\"pm_quota\" maxlength=\"16\" autocomplete=\"off\" value=\"{$pm_row[6]}\" style=\"text-align: right;\"></td><td><input class=\"button\" type=\"submit\" value=\"mod\"></td></form><form method=\"post\"><input type=\"hidden\" name=\"pm_del\" value=\"{$pm_row[0]}\"><td><input class=\"button\" type=\"submit\" value=\"del\" onclick=\"if (confirm('Do you really want to delete {$pm_row[0]} plus all messages and aliases associated with this account?')) {return true;} else {return false;}\"></td></form></tr>";
- }
- echo "</table>";
- }
- if ($_SESSION['logged_lvl'] == "administrator") {
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\">";
- echo "<tr bgcolor=\"#eeeeee\"><td colspan=\"2\" align=\"center\">status</td><td align=\"center\"><nobr>domain name</nobr></td><td align=\"center\"><nobr>account limit</nobr></td><td align=\"center\"><nobr>postmaster password</nobr></td><td align=\"center\" colspan=\"2\">action</td></tr>";
- echo "<form method=\"post\"><tr bgcolor=\"#ffffff\"><td align=\"center\">usr</td><td align=\"center\">rcv</td><td align=\"center\"><input class=\"input\" type=\"text\" name=\"dom_name\" maxlength=\"128\" autocomplete=\"off\"></td><td align=\"center\"><input class=\"input\" style=\"text-align: right;\" type=\"text\" name=\"dom_max\" maxlength=\"6\" autocomplete=\"off\" value=\"0\"></td><td align=\"center\"><input class=\"input\" type=\"text\" name=\"dom_pass\" maxlength=\"64\" autocomplete=\"off\"></td><td align=\"center\" colspan=\"2\"><input class=\"button\" type=\"submit\" value=\"add\"></td></tr></form>";
- $dom_get = mysql_query("select * from domains order by id");
- while ($dom_row = mysql_fetch_array($dom_get)) {
- $dom_usr = mysql_query("select * from users where domain='{$dom_row[0]}'");
- $dom_usr = mysql_num_rows($dom_usr);
- if ($dom_row[3] == "1") {
- $dom_do = "disable";
- $dom_bg = "#ffffff";
- }
- if ($dom_row[3] == "0") {
- $dom_do = "enable";
- $dom_bg = "#eeeeee";
- }
- echo "<tr bgcolor=\"$dom_bg\"><td align=\"right\">$dom_usr</td><form method=\"post\"><input type=\"hidden\" name=\"dom_set\" value=\"{$dom_row[0]}\"><input type=\"hidden\" name=\"dom_do\" value=\"$dom_do\"><td align=\"center\" valign=\"middle\" width=\"10\"><input type=\"image\" src=\"images/{$dom_do}.png\"></td></form><form method=\"post\"><input type=\"hidden\" name=\"dom_mod\" value=\"{$dom_row[0]}\"><td>{$dom_row[0]}</td><td><input class=\"input\" style=\"text-align: right;\" type=\"text\" name=\"dom_max\" maxlength=\"6\" autocomplete=\"off\" value=\"{$dom_row[2]}\"></td><td><input class=\"input\" type=\"text\" name=\"dom_pass\" maxlength=\"64\" autocomplete=\"off\"></td><td><input class=\"button\" type=\"submit\" value=\"mod\"></td></form><form method=\"post\"><input type=\"hidden\" name=\"dom_del\" value=\"{$dom_row[0]}\"><td><input class=\"button\" type=\"submit\" value=\"del\" onclick=\"if (confirm('Do you really want to delete {$dom_row[0]} plus all accounts and messages associated with this domain?')) {return true;} else {return false;}\"></td></form></tr>";
- }
- echo "</table>";
- }
- echo "</td>";
- if ($_SESSION['logged_lvl'] == "postmaster") {
- echo "<td width=\"10\"></td><td valign=\"top\">";
- echo "<table border=\"0\" cellspacing=\"1\" cellpadding=\"2\" bgcolor=\"#cccccc\">";
- echo "<tr bgcolor=\"#eeeeee\"><td align=\"center\">alias</td><td align=\"center\">recipient</td><td align=\"center\" colspan=\"3\">action</td></tr>";
- echo "<form method=\"post\">";
- echo "<tr bgcolor=\"#ffffff\"><td><input class=\"input\" type=\"text\" name=\"alias_add\" autocomplete=\"off\" maxlength=\"255\"></td><td><input class=\"input\" type=\"text\" name=\"alias_to\" autocomplete=\"off\" maxlength=\"128\"></td><td colspan=\"3\"><input class=\"button\" type=\"submit\" value=\"add\"></td></tr>";
- echo "</form>";
- $get_aliases = mysql_query("select * from aliases where domain='{$_SESSION['logged_uid']}' order by id, alias");
- while ($aliases_row = mysql_fetch_array($get_aliases)) {
- if ($aliases_row[3] == "1") {
- $alias_do = "disable";
- $alias_bg = "#ffffff";
- }
- if ($aliases_row[3] == "0") {
- $alias_do = "enable";
- $alias_bg = "#eeeeee";
- }
- echo "<tr bgcolor=\"$alias_bg\"><form method=\"post\"><input type=\"hidden\" name=\"alias_mod\" value=\"{$aliases_row[0]}\"><input type=\"hidden\" name=\"alias_old\" value=\"{$aliases_row[1]}\"><td>{$aliases_row[0]}</td><td><input class=\"input\" type=\"text\" name=\"alias_to\" maxlength=\"255\" autocomplete=\"off\" value=\"{$aliases_row[1]}\"></td><td><input class=\"button\" type=\"submit\" value=\"mod\"></td></form><form method=\"post\"><input type=\"hidden\" name=\"alias_set\" value=\"{$aliases_row[0]}\"><input type=\"hidden\" name=\"alias_do\" value=\"$alias_do\"><input type=\"hidden\" name=\"alias_usr\" value=\"{$aliases_row[1]}\"><td align=\"center\" valign=\"middle\" width=\"10\"><input type=\"image\" src=\"images/{$alias_do}.png\"></td></form><form method=\"post\"><input type=\"hidden\" name=\"alias_del\" value=\"{$aliases_row[0]}\"><input type=\"hidden\" name=\"alias_usr\" value=\"{$aliases_row[1]}\"><td><input class=\"button\" type=\"submit\" value=\"del\" onclick=\"if (confirm('Do you really want to delete the {$aliases_row[0]} alias of {$aliases_row[1]}?')) {return true;} else {return false;}\"></td></form></tr>";
- }
- echo "</table>";
- }
- echo "</td></tr>";
- echo "</table>";
- }
- mysql_close($db_link);
- ?>