<?
# Slashster: Open Source Friend of a Friend Software
# Copyright 2004 Mark El-Wakil
# Contact: hide@address.com
# http://seventhcycle.net
#
# This file is part of Slashster.
#
# Slashster is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Slashster is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Slashster; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
import_request_variables("gPc");
require_once("PageClass.php");
$mpage = new PageClass("authonly");
$mpage->MembersOnly();
if (($_SERVER[SERVER_PORT] != 443) && $mpage->sys[securenbl])
{
$url = $mpage->sys[secureurl];
$url .= $_SERVER[SCRIPT_NAME];
$url .= "?" . $_SERVER[QUERY_STRING] . "&" . sid;
header("Location: $url");
exit;
}
$mpage->Initialize("authremainder");
if ($movemultok && sizeof($mid))
{
$sql = "select * from PrivateFolders where Owner=$mpage->IdNum AND Id = \"$movemult\" ";
$mm = $mpage->DoQuery($sql,1);
if (sizeof($mm))
{
if ($movemult == $mpage->user[DefMailTrash])
$newtt = ", New=0";
foreach ($mid as $md)
{
$sql = "update PrivateMessage set Folder=\"$movemult\" $newtt where Id = \"$md\"
AND Owner = $mpage->IdNum ";
$mpage->DoQuery($sql);
}
$f = $movemult;
UpdateNewCount();
}
}
if ($delmult && sizeof($mid))
{
if ($f == $mpage->user[DefMailTrash])
{
foreach ($mid as $md)
{
$sql = "delete from PrivateMessage where Owner=$mpage->IdNum AND
Id = \"$md\" ";
$mpage->DoQuery($sql);
}
UpdateNewCount();
}
else
{
foreach ($mid as $md)
{
$sql = "update PrivateMessage set Folder = ".$mpage->user[DefMailTrash].",
New = 0
where Owner=$mpage->IdNum AND
Id = \"$md\" ";
$mpage->DoQuery($sql);
}
UpdateNewCount();
}
}
if ($delete)
{
$sql = "select * from PrivateMessage where Id = \"$r\" AND Owner = $mpage->IdNum";
$rp = $mpage->DoQuery($sql,1);
if (sizeof($rp))
{
$fld = $rp[0][Folder];
if ($fld == $mpage->user[DefMailTrash])
{
$sql = "delete from PrivateMessage where Id = \"$r\" AND Owner = $mpage->IdNum";
$mpage->DoQuery($sql);
$f = $fld;
$r = "";
}
else
{
$move = $mpage->user[DefMailTrash];
}
}
}
if ($move)
{
$sql = "select * from PrivateFolders where Id = \"$move\" AND Owner = $mpage->IdNum";
$rp = $mpage->DoQuery($sql,1);
if (sizeof($rp))
{
$sql = "update PrivateMessage set Folder=\"$move\" where Id = \"$r\" AND
Owner = \"$mpage->IdNum\" ";
$mpage->DoQuery($sql);
$f = $move;
$r = "";
}
}
$f = (floor($f)) ? floor($f) : $mpage->user[DefMailInbox];
?>
<table height=500px border=1 class="stdtable" width=100% cellspacing=0
cellpadding=0>
<tr>
<td width=560 class="stdfilling">
<div style="height:500px; width=100%; overflow:auto;" align=center>
<?
if ($r)
{
ReadMsg($r);
}
else
{
MessageList($f);
}
?>
</div>
</td>
<td width=200 class="stdfilling">
<div style="height:500px; width=100%; overflow:auto;">
<?
Folders($f);
echo "<BR>";
ComposeFriend();
?>
</div>
</td>
</tr>
</table>
<?
$mpage->ClosePage();
function ComposeFriend()
{
global $mpage;
$sql = "select UserTable.* from FriendTable
left join UserTable on UserTable.Id = FriendTable.End
where FriendTable.Start= $mpage->IdNum order by UserTable.Fname asc, UserTable.Lname asc";
$r = $mpage->DoQuery($sql,1);
if (!sizeof($r)) return;
?>
<table border=1 cellspacing=0 width=100%>
<tr><td align=center class="stdtable">
<B>Compose to Friend</b>
</td></tr>
<tr><td align=center class="stdaltfilling">
<form method=get action="composemessage.php">
<select name="id">
<? foreach ($r as $s) { ?>
<option value="<?= $s[Id] ?>"> <?= $s[Fname] ?> <?= substr($s[Lname],0,1) ?>.
<? } ?>
</select><BR><input type="submit" value="Compose" class="submit">
</td></tr>
</table>
<?
}
function ReadMsg($rd)
{
global $mpage,$f;
$sql = "select PrivateMessage.*,
UserTable1.Fname as LoginA, UserTable2.Fname as LoginB,
UserTable1.PicDefault as Pic1, UserTable2.PicDefault as Pic2,
UNIX_TIMESTAMP(DateSent) as UT
from PrivateMessage
left join UserTable as UserTable1 on PrivateMessage.Start = UserTable1.Id
left join UserTable as UserTable2 on PrivateMessage.End = UserTable2.Id
where Owner=$mpage->IdNum AND PrivateMessage.Id = \"$rd\" ";
$r = $mpage->DoQuery($sql,1);
if (!count($r))
{
echo "No such message";
return;
}
$r = $r[0];
$f = $r[Folder];
if ($r["New"])
{
$sql = "update PrivateMessage set New=0 where Id = \"$rd\" ";
$mpage->DoQuery($sql);
$sql = "update UserTable set NewMsgs = greatest(NewMsgs-1,0) where Id = $mpage->IdNum";
$mpage->DoQuery($sql);
}
$ln = ($f == $mpage->user[DefMailOutg]) ? "LoginB" : "LoginA";
$lns = ($f == $mpage->user[DefMailOutg]) ? "End" : "Start" ;
$sql = "select * from PrivateFolders
where Owner = $mpage->IdNum AND Id != '$f' order by Special desc, Name";
$fl = $mpage->DoQuery($sql,1);
if ($r[Encrypted] && ($_POST[pass] || $_SESSION[AES]))
{
if ($_SESSION[AES])
{
$aes = $_SESSION[AES];
}
else
{
$aes = base64_decode($mpage->user[AES]);
$sql = "select *, AES_DECRYPT(\"".mysql_escape_string($aes)."\", \"$_POST[pass]\") as AES1 from UserTable
where Id = $mpage->IdNum";
$enc = $mpage->DoQuery($sql,1);
$enc = $enc[0];
$aes = $enc[AES1];
}
$prikey = base64_decode($mpage->user[PrivateKey]);
$valid = "VALIDAESKEY";
$vd = ( strpos ($aes , $valid) === FALSE ) ? 0 : 1;
if ($vd)
{
if ($mpage->user[SessionAES]) $_SESSION[AES] = $aes;
$sql = "select AES_DECRYPT(\"".mysql_escape_string($prikey)."\", \"$aes\") as AS1";
$pk = $mpage->DoQuery($sql);
$pk = $pk[0][0];
$valid = "-----BEGIN RSA PRIVATE KEY-----";
$vd = ( strpos ($pk , $valid) === FALSE ) ? 0 : 1;
}
if ($vd)
{
$r[Body] = base64_decode($r[Body]);
openssl_private_decrypt($r[Body], $r[Body], $pk);
$decrypted=1;
}
}
?>
<BR>
<table width=95% class="stdtable">
<form method=post action="composemessage.php">
<tr><td>
<input name="replyid" value="<?= $r[Id] ?>" type=hidden>
<input class="submit" name="reply" type="submit" value="Reply">
</td>
</form>
<form method=post>
<td align=right>
<input class="submit" name="delete" type="submit" value="Delete">
<select name=move>
<option value="">Move to Folder
<? foreach ($fl as $fd) { ?>
<option value="<?= $fd[Id] ?>"> <?= $fd[Name] ?>
<? } ?>
</select>
<input type="submit" class="submit" value="Ok">
</td></tr>
</form>
</table>
<hr color=black width=95%>
<table width=95% cellspacing=0>
<tr><td width=75 class="stdtable">Date:</td>
<td class="stdtable"><?= date("F d, Y h:i:a", $r[UT]) ?></td>
<td class="stdtable" rowspan=3 width=90>
<img src="userpics/<?=
($f == $mpage->user[DefMailOutg]) ? $mpage->PicPr($r[Pic2], $r[End])
: $mpage->PicPr($r[Pic1], $r[Start]) ?>-b.jpg">
</td>
</tr>
<tr><td width=75 class="stdtable">
<?= ($r[Folder] == $mpage->user[DefMailOutg]) ? "To" : "From" ?>:
</td><td class="stdtable"><a
class="stdtxt" href="user.php?id=<?= $r[$lns] ?>"><?= ucfirst($r[$ln])
?></a></td>
</tr>
<tr><td class="stdtable" width=75>Subject:</td>
<td class="stdtable"><?= $r[Subject] ?></td>
</tr>
<? if ($r[Encrypted]) { ?>
<tr><td class="stdtable" width=75> </td>
<td class="stdtable" colspan=2>
<img src="images/padlock.gif"> This is an Encrypted Message
</td>
</tr>
<? } ?>
</table>
<BR>
<? if ($r[Encrypted] && !$decrypted) { ?>
<table width=95%><tr><td class="stdaltfilling">
The following message has been encrypted. In order to decrypt it, please
enter your account password:
<form method=post>
<input name="pass" type="password">
<input type="submit" value="Decrypt Message" class="submit">
</form>
</td></tr>
</table>
<BR>
<? } ?>
<table width=95%><tr><td class="stdaltfilling">
<?
if ($r[Encrypted] && !$decrypted)
{
$bd = preg_replace("/(\S{60})/", "$1<BR>", $r[Body]);
echo "<pre>$bd</pre>";
}
else
{
echo $r[Body];
}
?>
</td></tr></table>
<?
}
function MessageList($f)
{
global $mpage;
$sql = "select PrivateMessage.*,
UserTable1.Fname as LoginA, UserTable2.Fname as LoginB,
UNIX_TIMESTAMP(DateSent) as UT
from PrivateMessage
left join UserTable as UserTable1 on PrivateMessage.Start = UserTable1.Id
left join UserTable as UserTable2 on PrivateMessage.End = UserTable2.Id
where Owner=$mpage->IdNum AND Folder=\"$f\" order by PrivateMessage.Id desc";
$r = $mpage->DoQuery($sql,1);
$ln = ($f == $mpage->user[DefMailOutg]) ? "LoginB" : "LoginA";
$lns = ($f == $mpage->user[DefMailOutg]) ? "End" : "Start";
$sql = "select * from PrivateFolders
where Owner = $mpage->IdNum AND Id != '$f' order by Special desc, Name";
$fl = $mpage->DoQuery($sql,1);
$sql = "select * from PrivateFolders where Id = \"$f\" ";
$fdr = $mpage->DoQuery($sql,1);
if (!sizeof($fdr))
{
echo "No such folder";
return;
}
$fdr = $fdr[0];
?>
<BR>
<form method=post>
<table width=95%>
<tr><td align=left>
<input name=delmult class="submit" type="submit" value="Delete"></td>
</td><td align=right>
<select name=movemult>
<option value="">Move to Folder
<? foreach ($fl as $fg) { ?>
<option value="<?= $fg[Id] ?>"> <?= $fg[Name] ?>
<? } ?>
</select>
<input name="movemultok" class="submit" type="submit" value="Ok">
</td></tr>
</table>
<script>
function selallf()
{
f=document.forms[0];
for(i=0;i<f.elements.length;i++)
{
if(f.elements[i].name=="mid[]")
{
if (f.selall.checked)
{
if(!f.elements[i].checked) f.elements[i].click();
}
else
{
if(f.elements[i].checked) f.elements[i].click();
}
}
}
return false;
}
</script>
<table width=95% cellspacing=0 cellpadding=2px border=1>
<tr>
<td class="stdtable"><input name = "selall" type="checkbox" onclick="selallf()"></td>
<td class="stdtable" colspan=2><?= ($f == $mpage->user[DefMailOutg]) ? "To" : "From" ?></td>
<td class="stdtable">Subject</td>
<td class="stdtable">Date</td>
</tr>
<? foreach ($r as $s) { ?>
<tr><td width=30 class="stdaltfilling">
<input name="mid[]" value="<?= $s[Id] ?>" type="checkbox">
</td>
<td class="stdaltfilling" width=80><a href="user.php?id=<?= $s[$lns] ?>"><?= ucfirst($s[$ln]) ?></a></td>
<td class="stdaltfilling" width=18 align=center>
<? if ($s[Answered]) { ?>
<img alt="Replied<?=
($s[Encrypted]) ? " To Encrypted Message" : ""
?>" src="/images/replied<?=
($s[Encrypted]) ? "l" : "" ?>-<?= $mpage->CSS ?>.gif" width=13 height=15>
<? } elseif ($s[Encrypted]) { ?>
<img alt="Encrypted Message" src="/images/padlock.gif" width=13 height=15>
<? } else { ?>
<? } ?>
<td class="stdaltfilling" width=*><a href="messages.php?r=<?= $s[Id] ?>"<?
if ($s["New"]) { ?>
class="newmsg"
<? }
?>><?= $s[Subject]
?></a></td>
<td class="stdaltfilling" width=45><?= date("M d", $s[UT])?></td>
<? } ?>
</table>
</form>
<?
}
function Folders($f)
{
global $mpage;
$sql = "select PrivateFolders.*, count(PrivateMessage.Folder) as cnt from PrivateFolders
left join PrivateMessage on PrivateMessage.Folder = PrivateFolders.Id
where PrivateFolders.Owner=$mpage->IdNum group by Folder
order by Special desc, Name";
$r = $mpage->DoQuery($sql,1);
$sql = "select * from PrivateFolders where Owner = $mpage->IdNum AND
Id = \"$f\" ";
$fd = $mpage->DoQuery($sql,1);
$fd = $fd[0];
?>
<? if ($fd[Name]) { ?>
<BR>
<table border=1 cellspacing=0 width=100%>
<tr><td align=center class="stdtable">
<span style="font: 16px arial;">
You are in<BR><B><?= $fd[Name] ?></b>
</span>
</td></tr>
</table>
<BR>
<? } ?>
<table border=1 cellspacing=0 width=100%>
<tr><td align=center class="stdtable">
<B>Mailbox Folders</b>
</td></tr>
<tr><td align=center class="stdaltfilling">
<table width=80%>
<? foreach ($r as $s) { ?>
<tr><td>
<?= ($f == $s[Id]) ? "*" : " " ?>
</td><td>
<a href="messages.php?f=<?= $s[Id] ?>"><?= $s[Name] ?></a>
</td><td align=right>
<?= $s[cnt] ?> msgs
</td></tr>
<? } ?>
</table>
</td></tr>
</table>
<?
}
function UpdateNewCount()
{
global $mpage;
$sql = "select count(*) from PrivateMessage where Owner=$mpage->IdNum AND New=1";
$r = $mpage->DoQuery($sql);
$r = $r[0][0];
$sql = "update UserTable set NewMsgs = $r where Id = $mpage->IdNum";
$mpage->DoQuery($sql);
}