API tools faq
paste
Guest User

mailbox.php

a guest
May 2nd, 2014
558
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 12.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3.  * MCCodes Mailbox (V2)
  4.  * Copyright (C) MCCodes
  5.  * All rights reserved.
  6.  * Author: Markku
  7.  * File: mailbox.php
  8.  */
  9.  
  10. include 'globals.php';
  11.  
  12. if ($ir['mailban']) {
  13.     error('<span style="font-size:16px;font-weight:bold;color:red;">Error!</span><hr />
  14.     You are currently banned from the mailbox for ' . $ir['mailban'] . ' days.<br />
  15.     <strong>Reason:</strong> ' . $ir['mb_reason'] . ' ');
  16.     $h->endpage();
  17.     exit;
  18. }
  19.  
  20. $_GET['ID'] = (isset($_GET['ID']) && is_numeric($_GET['ID'])) ? abs(intval($_GET['ID'])) : '';
  21.  
  22. echo '<hr />';
  23. echo '<table width="60%" cellspacing="1">';
  24. echo '<tr>';
  25. echo '<td style="width:25%;text-align:center;"><a href="mailbox.php?action=inbox">Inbox</a></td>';
  26. echo '<td style="width:25%;text-align:center;"><a href="mailbox.php?action=outbox">Outbox</a></td>';
  27. echo '<td style="width:25%;text-align:center;"><a href="mailbox.php?action=compose">Compose</a></td>';
  28. echo '<td style="width:25%;text-align:center;"><a href="mailbox.php?action=archive">Archive</a></td>';
  29. echo '</tr>';
  30. echo '</table>';
  31. echo '<hr />';
  32.  
  33. if (!isset($_GET['action'])) {
  34.     $_GET['action'] = 'inbox';
  35. }
  36. switch ($_GET['action']) {
  37.     case 'inbox': inbox(); break;
  38.     case 'outbox': outbox(); break;
  39.     case 'compose': compose(); break;
  40.     case 'delete': delete(); break;
  41.     case 'send': send(); break;
  42.     case 'clear_inbox': clear_inbox(); break;
  43.     case 'clear_inbox_result': clear_inbox_result(); break;
  44.     case 'archive': archive(); break;
  45.     default: inbox(); break;
  46. }
  47.  
  48. function inbox()
  49. {
  50.     global $db, $ir, $c, $userid, $h;
  51.     echo '<h3>Mailbox - Inbox</h3>';
  52.     echo '<p>&gt; <a href="mailbox.php?action=clear_inbox">Clear Inbox</a></p>';
  53.     echo '<p>Only the last 25 messages you have received will be visible below.</p>';
  54.     echo '<hr />';
  55.     echo '<table width="95%" class="table" cellspacing="0">';
  56.     echo '<tr>';
  57.     echo '<th width="30%">Details</td>';
  58.     echo '<th width="70%">Message</td>';
  59.     echo '</tr>';
  60.    
  61.     $q = $db->query("SELECT `m`.*, `userid`, `username` FROM `mail` AS `m` LEFT JOIN `users` AS `u` ON `m`.`mail_from` = `u`.`userid` WHERE `m`.`mail_to` = $userid ORDER BY `mail_time` DESC  LIMIT 25");
  62.    
  63.     while ($r = $db->fetch_row($q)) {
  64.         $sent   = date('F j, Y, g:i:s a', $r['mail_time']);
  65.         $reply  = '<a href="mailbox.php?action=compose&ID=' . $r['userid'] . '"><img src="icons/comment_add.png" alt="[Reply]" title="Reply to message" /></a>';
  66.         $delete = '<a href="mailbox.php?action=delete&ID=' . $r['mail_id'] . '"><img src="icons/comment_delete.png" alt="[Delete]" title="Delete this message" /></a>';
  67.         $report = '<a href="preport.php?ID=' . $r['userid'] . '&amp;report=Fraudulent mail: ' . $fm . '"><img src="icons/bullet_error.png" alt="[Report]" title="Report this message" /></a>';
  68.         echo '<tr><td style="border-right:1px solid #999;"><strong>From:</strong> ';
  69.         if ($r['userid']) {
  70.             echo "<a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]";
  71.         } else {
  72.             echo "SYSTEM";
  73.         }
  74.         $fm = urlencode($r['mail_text']);
  75.        
  76.         echo '<br />';
  77.         echo '<strong>Subject:</strong> ' . $r['mail_subject'] . '<br />';
  78.         echo '<strong>Time:</strong> ' . $sent . '<br />';
  79.         echo '' . $reply . ' ';
  80.         echo '' . $delete . ' ';
  81.         echo '' . $report . ' ';
  82.         echo '</td>';
  83.         echo '<td valign="top">' . $r['mail_text'] . '</td>';
  84.         echo '</tr>';
  85.     }
  86.    
  87.     $db->free_result($q);
  88.     if ($ir['new_mail'] > 0) {
  89.         $db->query("UPDATE `mail` SET `mail_read` = 1 WHERE `mail_to` = $userid");
  90.         $db->query("UPDATE `users` SET `new_mail` = 0 WHERE `userid` = $userid");
  91.     }
  92.     echo '</table>';
  93. }
  94.  
  95. function outbox()
  96. {
  97.     global $db, $ir, $c, $userid, $h;
  98.     echo '<h3>Mailbox - Outbox</h3>';
  99.     echo '<p>Only the last 25 messages you have sent will be visible below.</p>';
  100.     echo '<hr />';
  101.     echo '<table width="95%" class="table" cellspacing="0">';
  102.     echo '<tr>';
  103.     echo '<th width="30%">Details</td>';
  104.     echo '<th width="70%">Message</td>';
  105.     echo '</tr>';
  106.    
  107.     $q = $db->query("SELECT `m`.*, `userid`, `username` FROM `mail` AS `m` LEFT JOIN `users` AS `u` ON `m`.`mail_to` = `u`.`userid` WHERE `m`.`mail_from` = $userid ORDER BY `mail_time` DESC LIMIT 25");
  108.    
  109.     while ($r = $db->fetch_row($q)) {
  110.         $sent = date('F j, Y, g:i:s a', $r['mail_time']);
  111.         echo '<tr>';
  112.         echo '<td style="border-right:1px solid #999;">';
  113.         echo '<strong>User:</strong> <a href="viewuser.php?u=' . $r['userid'] . '">' . $r['username'] . '</a> [' . $r['userid'] . '] <br />';
  114.         echo '<strong>Subject:</strong> ' . $r['mail_subject'] . ' <br />';
  115.         echo '<strong>Time:</strong> ' . $sent . ' <br />';
  116.         echo '</td>';
  117.         echo '<td valign="top">' . $r['mail_text'] . '</td>';
  118.         echo '</tr>';
  119.     }
  120.     $db->free_result($q);
  121.     echo '</table>';
  122. }
  123.  
  124. function compose()
  125. {
  126.     global $db, $ir, $c, $userid, $h;
  127.     echo '<h3>Mailbox - Compose</h3>';
  128.     echo '<form action="mailbox.php?action=send" method="post">
  129.             <table width="55%" class="table" cellspacing="0">
  130.                 <tr><th style="text-align:center;">Select Contact</th></tr>
  131.                 <tr><td style="text-align:center;">';
  132.    
  133.     $q = $db->query("SELECT `c`.*, `username` FROM `contactlist` AS `c` INNER JOIN `users` AS `u` ON `c`.`cl_ADDED` = `u`.`userid` WHERE `c`.`cl_ADDER` = {$userid} ORDER BY u.`username` ASC");
  134.    
  135.     if ($db->num_rows($q) == 0) {
  136.         echo 'You do not have any contacts!';
  137.     } else {
  138.         echo '<select name="user1" type="dropdown"><option value="">&lt;select a contact...&gt;</option>';
  139.         while ($r = $db->fetch_row($q)) {
  140.             $esc_part = addslashes($r['username']);
  141.             echo '<option value="' . $esc_part . '">' . $r['username'] . '</option>';
  142.         }
  143.         echo '</select>';
  144.     }
  145.     $db->free_result($q);
  146.     $_GET['ID']  = (isset($_GET['ID']) && is_numeric($_GET['ID'])) ? abs(intval($_GET['ID'])) : '';
  147.     $user_exists = false;
  148.     if ($_GET['ID']) {
  149.         $un_query = $db->query("SELECT `username` FROM `users` WHERE `userid` = {$_GET['ID']}");
  150.         if ($db->num_rows($un_query) > 0) {
  151.             $user_exists = true;
  152.             $user        = $db->fetch_single($un_query);
  153.         } else {
  154.             $user = '';
  155.         }
  156.         $db->free_result($un_query);
  157.     } else {
  158.         $user = '';
  159.     }
  160.     $esc_user = addslashes($user);
  161.     echo '</td>';
  162.     echo '</tr>';
  163.    
  164.     echo '<tr><th style="border-top:1px solid #999;text-align:center;">Enter a Username</th></tr>';
  165.     echo '<tr><td style="text-align:center;"><input type="text" name="user2" value="' . $esc_user . '" /></td></tr>';
  166.    
  167.     echo '<tr><th style="border-top:1px solid #999;text-align:center;">Enter a Subject</th></tr>';
  168.     echo '<tr><td style="text-align:center;"><input type="text" name="subject" /></td></tr>';
  169.    
  170.     echo '<tr><th style="border-top:1px solid #999;text-align:center;">Enter a Message</th></tr>';
  171.     echo '<tr><td style="text-align:center;"><textarea rows="4" cols="67" name="message"></textarea></td></tr>';
  172.    
  173.     echo '<tr><td style="text-align:center;"><input type="submit" value="Send Message" /></td></tr>';
  174.     echo '</table></form>';
  175.     if ($user_exists) {
  176.         echo '<br />';
  177.         echo '<table width="95%" class="table" cellspacing="0">';
  178.         echo '<tr><th>Your last 5 mails to/from this person</th></tr>';
  179.        
  180.         $q = $db->query("SELECT `mail_time`, `mail_text`, `mail_from` FROM `mail` WHERE (`mail_from` = $userid AND `mail_to` = {$_GET['ID']}) OR (`mail_to` = $userid AND `mail_from` = {$_GET['ID']}) ORDER BY `mail_time` DESC LIMIT 5");
  181.        
  182.         while ($r = $db->fetch_row($q)) {
  183.             $sender = ($_GET['ID'] == $r['mail_from']) ? $user : $ir['username'];
  184.             echo '<tr>
  185.                     <td><strong>' . $sender . ':</strong> ' . $r['mail_text'] . '</td>
  186.                   </tr>';
  187.         }
  188.         $db->free_result($q);
  189.         echo '</table>';
  190.         echo '<hr />';
  191.         echo '&gt; <a href="mailbox.php">Go Back</a>';
  192.     }
  193. }
  194.  
  195. function send()
  196. {
  197.     global $db, $ir, $c, $userid, $h;
  198.     $subj = $db->escape(str_replace("\n", "<br />", strip_tags(stripslashes($_POST['subject']))));
  199.     $msg  = $db->escape(str_replace("\n", "<br />", strip_tags(stripslashes($_POST['message']))));
  200.     if (empty($subj) || empty($msg)) {
  201.         error('You must enter a subject and a message.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  202.         $h->endpage();
  203.         exit;
  204.     } elseif ((strlen($msg) > 300) || (strlen($subj) > 50)) {
  205.         error('Messages/Subjects are limited to 300/50 characters per time.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  206.         $h->endpage();
  207.         exit;
  208.     }
  209.     $_POST['user1'] = (isset($_POST['user1']) && preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['user1']) && ((strlen($_POST['user1']) < 32) && (strlen($_POST['user1']) >= 3))) ? $_POST['user1'] : '';
  210.     $_POST['user2'] = (isset($_POST['user2']) && preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['user2']) && ((strlen($_POST['user2']) < 32) && (strlen($_POST['user2']) >= 3))) ? $_POST['user2'] : '';
  211.     if ($_POST['user1'] && $_POST['user2']) {
  212.         error('Please do not select a contact AND enter a username, only do one.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  213.         $h->endpage();
  214.         exit;
  215.     }
  216.     if (empty($_POST['user1']) && empty($_POST['user2'])) {
  217.         error('You must select a contact or enter a username.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  218.         $h->endpage();
  219.         exit;
  220.     }
  221.     $sendto = ($_POST['user1']) ? $_POST['user1'] : $_POST['user2'];
  222.     $q      = $db->query("SELECT `userid` FROM `users` WHERE `username` = '{$sendto}'");
  223.    
  224.     if ($db->num_rows($q) == 0) {
  225.         $db->free_result($q);
  226.         error('Sorry, that user does not exist.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  227.         $h->endpage();
  228.         exit;
  229.     }
  230.     $to = $db->fetch_single($q);
  231.     $db->free_result($q);
  232.     $db->query("INSERT INTO `mail` VALUES (NULL, 0, $userid, $to, " . time() . ", '$subj', '$msg')");
  233.     $db->query("UPDATE `users` SET `new_mail` = `new_mail` + 1 WHERE `userid` = {$to}");
  234.     success('Your message has been successfully sent!<br /> &gt; <a href="mailbox.php">Go Back</a>');
  235. }
  236.  
  237. function delete()
  238. {
  239.     global $db, $ir, $c, $userid, $h;
  240.     $_GET['ID'] = (isset($_GET['ID']) && is_numeric($_GET['ID'])) ? abs(intval($_GET['ID'])) : '';
  241.     if (empty($_GET['ID'])) {
  242.         error('Sorry something went wrong there, Please go back and try again.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  243.         $h->endpage();
  244.         exit;
  245.     }
  246.     $q = $db->query("SELECT COUNT(`mail_id`) FROM `mail` WHERE `mail_id` = {$_GET['ID']} AND `mail_to` = {$userid}");
  247.     if ($db->fetch_single($q) == 0) {
  248.         $db->free_result($q);
  249.         error('Sorry something went wrong there, Please go back and try again.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  250.         $h->endpage();
  251.         exit;
  252.     }
  253.     $db->free_result($q);
  254.     $db->query("DELETE FROM `mail` WHERE `mail_id` = {$_GET['ID']} AND `mail_to` = $userid");
  255.     success('Your message has been deleted!<br /> &gt; <a href="mailbox.php">Go Back</a>');
  256. }
  257.  
  258. function clear_inbox()
  259. {
  260.     global $ir, $c, $userid, $h;
  261.     $delall_verf = request_csrf_code('clear_inbox');
  262.     echo '<h3>Mailbox - Clear Inbox</h3>';
  263.     general('This will clear all messages in your inbox, This cannot be undone, Are you sure you want to clear all?<hr />
  264.             [<a href="mailbox.php?action=clear_inbox_result&amp;verf=' . $delall_verf . '">Yes</a>] &nbsp; [<a href="mailbox.php">No</a>]');
  265.     $h->endpage();
  266.     exit;
  267. }
  268.  
  269. function clear_inbox_result()
  270. {
  271.     global $db, $ir, $c, $userid, $h;
  272.     if (!isset($_GET['verf']) || !verify_csrf_code('clear_inbox', stripslashes($_GET['verf']))) {
  273.         error('This action has been blocked for your security.<br />
  274.                You should submit this action fast, to ensure that it is really you doing it.<br />
  275.                &gt; <a href="mailbox.php">Go Back</a>');
  276.         $h->endpage();
  277.         exit;
  278.     }
  279.    
  280.     $m_c = $db->query("SELECT COUNT(`mail_id`) FROM `mail` WHERE `mail_to` = {$userid}");
  281.    
  282.     if ($db->fetch_single($m_c) == 0) {
  283.         error('You have no mails in your inbox to delete.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  284.     } else {
  285.         $db->query("DELETE FROM `mail` WHERE `mail_to` = $userid");
  286.         success(' ' . $db->affected_rows() . ' messages in your inbox have been deleted.<br /> &gt; <a href="mailbox.php">Go Back</a>');
  287.     }
  288.     $db->free_result($m_c);
  289. }
  290.  
  291. function archive()
  292. {
  293.     global $ir, $c, $userid, $h;
  294.     echo '<h3>Mailbox - Archive</h3>';
  295.     general('This tool will allow you too download a history of your inbox/outbox.<hr />
  296.             [<a href="dlarchive.php?a=inbox">Download Inbox</a>] &nbsp; [<a href="dlarchive.php?a=outbox">Download Outbox</a>]');
  297.     $h->endpage();
  298.     exit;
  299. }
  300. $h->endpage();
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!