function send_mail() { global $output, $logon_db, $characters_db, $realm_id, $action_permission, $user_name, $from_mail, $mailer_type, $smtp_cfg, $GMailSender, $sql, $core; // if we came here from Quest Item Vendor or Ultra Vendor, // we need to bypass the normal permissions if ($_SESSION["vendor_permission"]) { valid_login($action_permission["view"]); unset($_SESSION["vendor_permission"]); } else { valid_login($action_permission["update"]); } $type = isset($_GET["type"]) ? $_GET["type"] : "ingame_mail"; if (empty($_GET["body"]) || empty($_GET["subject"]) || empty($_GET["group_sign"]) || empty($_GET["group_send"])) { redirect("mail.php?error=1"); } $body = explode("\n", $_GET["body"]); $subject = $sql["char"]->quote_smart($_GET["subject"]); if (isset($_GET["to"]) && $_GET["to"] != "") { $to = $sql["char"]->quote_smart($_GET["to"]); } else { $to = 0; if (!isset($_GET["group_value"]) || $_GET["group_value"] === '') { redirect("mail.php?error=1"); } else { $group_value = $sql["char"]->quote_smart($_GET["group_value"]); $group_sign = $sql["char"]->quote_smart($_GET["group_sign"]); $group_send = $sql["char"]->quote_smart($_GET["group_send"]); } } //$type = addslashes($type); $att_gold = $sql["char"]->quote_smart($_GET["money"]); for ($i = 0; $i < 12; $i++) { $temp_item = $sql["char"]->quote_smart($_GET["att_item" . ($i + 1)]); $temp_stack = $sql["char"]->quote_smart($_GET["att_stack" . ($i + 1)]); if ($temp_item != 0 && $temp_stack == 0) { $temp_stack = 1; } if ($temp_item != "0") { $att_item[] = $temp_item; $att_stack[] = $temp_stack; } } switch ($type) { case "email": require_once "libs/mailer/class.phpmailer.php"; require_once "libs/mailer/authgMail_lib.php"; $mail = new PHPMailer(); $mail->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mail->Host = $smtp_cfg["host"]; $mail->Port = $smtp_cfg["port"]; if ($smtp_cfg["user"] != "") { $mail->SMTPAuth = true; $mail->Username = $smtp_cfg["user"]; $mail->Password = $smtp_cfg["pass"]; } } $value = NULL; for ($i = 0; $i < count($body); $i++) { $value .= $body[$i] . "\r\n"; } $body = $value; $mail->From = $from_mail; $mail->FromName = $user_name; $mail->Subject = $subject; $mail->IsHTML(true); $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); $body = str_replace(array("\r\n", "\n", "\r"), "<br />", $body); $body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body); $body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body); $mail->Body = $body; $mail->WordWrap = 50; if ($to) { if (!$GMailSender) { //single Recipient $mail->AddAddress($to); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo); } else { $mail->ClearAddresses(); redirect("mail.php?error=2"); } } else { //single Recipient $mail_result = authgMail($from_mail, $user_name, $to, $to, $subject, $body, $smtp_cfg); if ($mail_result["quitcode"] != 221) { redirect("mail.php?error=3&mail_err=" . $mail_result["die"]); } else { redirect("mail.php?error=2"); } } } elseif (isset($group_value)) { //group send $email_array = array(); switch ($group_send) { case "gm_level": if ($core == 1) { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'"); } else { $result = $sql["logon"]->query("SELECT email FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'"); } while ($user = $sql["logon"]->fetch_row($result)) { if ($user[0] != "") { array_push($email_array, $user[0]); } } break; case "locked": //this_is_junk: I'm going to pretend that locked is muted if ($core == 1) { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE muted" . $group_sign . "'" . $group_value . "'"); } else { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE locked" . $group_sign . "'" . $group_value . "'"); } while ($user = $sql["logon"]->fetch_row($result)) { if ($user[0] != "") { array_push($email_array, $user[0]); } } break; case "banned": //this_is_junk: sigh... $que = $sql["logon"]->query("SELECT id FROM account_banned"); while ($banned = $sql->fetch_row($que)) { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE acct='" . $banned[0] . "'"); if ($sqlr->result($result, 0, 'email')) { array_push($email_array, $sql->result($result, 0, "email")); } } break; default: redirect("mail.php?error=5"); break; } if (!$GMailSender) { foreach ($email_array as $mail_addr) { $mail->AddAddress($mail_addr); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo); } else { $mail->ClearAddresses(); } } } else { $mail_to = implode(",", $email_array); $mail_result = authgMail($from_mail, $user_name, $mail_to, "", $subject, $body, $smtp_cfg); if ($mail_result["quitcode"] != 221) { redirect("mail.php?error=3&mail_err=" . $mail_result["die"]); } else { redirect("mail.php?error=2"); } } redirect("mail.php?error=2"); } else { redirect("mail.php?error=1"); } break; case "ingame_mail": $value = NULL; for ($i = 0; $i < count($body); $i++) { $value .= $body[$i] . " "; } $body = $value; $body = str_replace("\r", " ", $body); $body = $sql["char"]->quote_smart($body); if ($to) { //single Recipient $result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $to . "'"); if ($sql["char"]->num_rows($result) == 1) { $receiver = $sql["char"]->result($result, 0, 'guid'); $mails = array(); $mail["receiver"] = $receiver; $mail["subject"] = $subject; $mail["body"] = $body; $mail["att_gold"] = $att_gold; $mail["att_item"] = $att_item; $mail["att_stack"] = $att_stack; $mail["receiver_name"] = $to; //array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack)); array_push($mails, $mail); if ($core == 1) { send_ingame_mail_A($realm_id, $mails); } else { send_ingame_mail_MT($realm_id, $mails); } } else { redirect("mail.php?error=4"); } redirect("mail.php?error=2"); break; } elseif (isset($group_value)) { //group send $char_array = array(); switch ($group_send) { case "gm_level": if ($core == 1) { $result = $sql["logon"]->query("SELECT acct FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'"); } else { $result = $sql["logon"]->query("SELECT account.id AS acct FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'"); } while ($acc = $sql["char"]->fetch_row($result)) { if ($core == 1) { $result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE acct='" . $acc[0] . "'"); } else { $result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE account='" . $acc[0] . "'"); } while ($char = $sql["char"]->fetch_row($result_2)) { array_push($char_array, $char[0]); } } break; case "online": $result = $sql["char"]->query("SELECT name FROM `characters` WHERE online" . $group_sign . "'" . $group_value . "'"); while ($user = $sql["char"]->fetch_row($result)) { array_push($char_array, $user[0]); } break; case "char_level": $result = $sql["char"]->query("SELECT name FROM `characters` WHERE level" . $group_sign . "'" . $group_value . "'"); while ($user = $sql["char"]->fetch_row($result)) { array_push($char_array, $user[0]); } break; default: redirect("mail.php?error=5"); } $mails = array(); if ($sql["char"]->num_rows($result)) { foreach ($char_array as $receiver) { $result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $receiver . "'"); $char_guid = $sql["char"]->fetch_row($result); $mail = array(); $mail["receiver"] = $char_guid[0]; $mail["subject"] = $subject; $mail["body"] = $body; $mail["att_gold"] = $att_gold; $mail["att_item"] = $att_item; $mail["att_stack"] = $att_stack; $mail["receiver_name"] = $receiver; //array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack)); array_push($mails, $mail); } if ($core == 1) { send_ingame_mail_A($realm_id, $mails); } else { send_ingame_mail_MT($realm_id, $mails); } redirect("mail.php?error=2"); } else { redirect("mail.php?error=4"); } } break; default: redirect("mail.php?error=1"); } }
function send_invite($resend = false) { global $lang, $GMailSender, $smtp_cfg, $title, $format_mail_html, $user_name, $user_id, $url_path, $mailer_type, $sql, $core; if (!$resend) { if (empty($_GET["invite_email"])) { redirect("edit.php?error=1"); } $invited = $sql["mgr"]->quote_smart($_GET["invite_email"]); // a little XSS prevention if ($invited != htmlspecialchars($_GET["invite_email"])) { redirect("edit.php?error=1"); } // make sure we're not inviting someone who already has an account here if ($core == 1) { $check_mail_query = "SELECT * FROM accounts WHERE email='" . $invited . "'"; } else { $check_mail_query = "SELECT * FROM account WHERE email='" . $invited . "'"; } $check_mail_result = $sql["logon"]->query($check_mail_query); if ($sql["logon"]->num_rows($check_mail_result) > 0) { redirect("edit.php?error=2"); } // make sure we're not inviting someone who already has an invitation $check_mail_query = "SELECT * FROM invitations WHERE invited_email='" . $invited . "'"; $check_mail_result = $sql["mgr"]->query($check_mail_query); if ($sql["mgr"]->num_rows($check_mail_result) > 0) { redirect("edit.php?error=2"); } // generate a private key based on our user name and the target's email $key = sha1($user_name . ":" . $invited); // get the name of one of our characters if ($core == 1) { $char_query = "SELECT name FROM characters WHERE acct='" . $user_id . "' LIMIT 1"; } else { $char_query = "SELECT name FROM characters WHERE account='" . $user_id . "' LIMIT 1"; } $char_result = $sql["char"]->query($char_query); $char = $sql["char"]->fetch_assoc($char_result); $char = $char["name"]; // prepare our invitation message if ($format_mail_html) { $file_name = "lang/mail_templates/" . $lang . "/invite.tpl"; } else { $file_name = "lang/mail_templates/" . $lang . "/invite_nohtml.tpl"; } $fh = fopen($file_name, "r"); $subject = fgets($fh, 4096); $body = fread($fh, filesize($file_name)); fclose($fh); $mail = $invited; $subject = str_replace("<title>", $title, $subject); if ($format_mail_html) { $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); } $body = str_replace("<username>", $user_name, $body); $body = str_replace("<key>", $key, $body); $body = str_replace("<title>", $title, $body); $body = str_replace("<char>", $char, $body); $body = str_replace("<core>", core_name($core), $body); $server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"]; // if we aren't installed in / then append the path to $server_addr $server_addr .= $url_path != "" ? $url_path : ""; $body = str_replace("<base_url>", $server_addr, $body); if ($GMailSender) { require_once "libs/mailer/authgMail_lib.php"; $fromName = $title . " Admin"; authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg); } else { require_once "libs/mailer/class.phpmailer.php"; $mailer = new PHPMailer(); $mailer->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mailer->Host = $smtp_cfg["host"]; $mailer->Port = $smtp_cfg["port"]; if ($smtp_cfg["user"] != "") { $mailer->SMTPAuth = true; $mailer->Username = $smtp_cfg["user"]; $mailer->Password = $smtp_cfg["pass"]; } } $mailer->WordWrap = 50; $mailer->From = $from_mail; $mailer->FromName = $title . " Admin"; $mailer->Subject = $subject; $mailer->IsHTML($format_mail_html); $mailer->Body = $body; $mailer->AddAddress($mail); $mailer->Send(); $mailer->ClearAddresses(); } // create entry in invitations table $create_query = "INSERT INTO invitations (issuer_acct_id, invited_email, invitation_key) VALUES ('" . $user_id . "', '" . $invited . "', '" . $key . "')"; $create_result = $sql["mgr"]->query($create_query); } else { if (empty($_GET["key"])) { redirect("edit.php?error=1"); } $key = $sql["mgr"]->quote_smart($_GET["key"]); // a little XSS prevention if ($key != htmlspecialchars($_GET["key"])) { redirect("edit.php?error=1"); } // get the invitation we need to resend $invite_query = "SELECT invited_email FROM invitations WHERE invitation_key='" . $key . "'"; $invite_result = $sql["mgr"]->query($invite_query); $invite_result = $sql["mgr"]->fetch_assoc($invite_result); $invited = $invite_result["invited_email"]; // get the name of one of our characters if ($core == 1) { $char_query = "SELECT name FROM characters WHERE acct='" . $user_id . "' LIMIT 1"; } else { $char_query = "SELECT name FROM characters WHERE account='" . $user_id . "' LIMIT 1"; } $char_result = $sql["char"]->query($char_query); $char = $sql["char"]->fetch_assoc($char_result); $char = $char["name"]; // prepare our invitation message if ($format_mail_html) { $file_name = "lang/mail_templates/" . $lang . "/invite.tpl"; } else { $file_name = "lang/mail_templates/" . $lang . "/invite_nohtml.tpl"; } $fh = fopen($file_name, "r"); $subject = fgets($fh, 4096); $body = fread($fh, filesize($file_name)); fclose($fh); $mail = $invited; $subject = str_replace("<title>", $title, $subject); if ($format_mail_html) { $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); } $body = str_replace("<username>", $user_name, $body); $body = str_replace("<key>", $key, $body); $body = str_replace("<title>", $title, $body); $body = str_replace("<char>", $char, $body); $body = str_replace("<core>", core_name($core), $body); $server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"]; // if we aren't installed in / then append the path to $server_addr $server_addr .= $url_path != "" ? $url_path : ""; $body = str_replace("<base_url>", $server_addr, $body); if ($GMailSender) { require_once "libs/mailer/authgMail_lib.php"; $fromName = $title . " Admin"; authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg); } else { require_once "libs/mailer/class.phpmailer.php"; $mailer = new PHPMailer(); $mailer->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mailer->Host = $smtp_cfg["host"]; $mailer->Port = $smtp_cfg["port"]; if ($smtp_cfg["user"] != "") { $mailer->SMTPAuth = true; $mailer->Username = $smtp_cfg["user"]; $mailer->Password = $smtp_cfg["pass"]; } } $mailer->WordWrap = 50; $mailer->From = $from_mail; $mailer->FromName = $title . " Admin"; $mailer->Subject = $subject; $mailer->IsHTML($format_mail_html); $mailer->Body = $body; $mailer->AddAddress($mail); $mailer->Send(); $mailer->ClearAddresses(); } } redirect("edit.php"); }
function do_pass_recovery() { global $logon_db, $from_mail, $mailer_type, $smtp_cfg, $title, $GMailSender, $lang, $url_path, $format_mail_html, $sql, $core; if (empty($_POST["username"]) || empty($_POST["email"])) { redirect("register.php?action=pass_recovery&err=1"); } $user_name = $sql["logon"]->quote_smart(trim($_POST["username"])); $email_addr = $sql["logon"]->quote_smart($_POST["email"]); // ArcEmu: find out if we're using an encrypted password for this account // (enrypted passwords cannot be recovered) if ($core == 1) { $pass_query = "SELECT * FROM accounts WHERE login='******' AND encrypted_password<>''"; $pass_result = $sql["logon"]->query($pass_query); $arc_encrypted = $sql["logon"]->num_rows($pass_result); } if ($core == 1) { if ($arc_encrypted) { $result = $sql["logon"]->query("SELECT login FROM accounts WHERE login='******' AND email='" . $email_addr . "'"); } else { $result = $sql["logon"]->query("SELECT password FROM accounts WHERE login='******' AND email='" . $email_addr . "'"); } } else { $result = $sql["logon"]->query("SELECT *, username AS login FROM account WHERE username='******' AND email='" . $email_addr . "'"); } if ($sql["logon"]->num_rows($result) == 1) { $pass = $sql["logon"]->fetch_assoc($result); // Password recovery is, basically, impossible on MaNGOS and Trinity (and ArcEmu with encrypted passwords) // so we just generate a new one if ($core != 1 || $arc_encrypted) { $pass_gen_list = 'abcdefghijklmnopqrstuvwxyz'; // generate a random, temporary password $temppass = $pass_gen_list[rand(0, 25)]; $temppass .= $pass_gen_list[rand(0, 25)]; $temppass .= $pass_gen_list[rand(0, 25)]; $temppass .= rand(1, 9); $temppass .= rand(1, 9); $temppass .= rand(1, 9); $temppass .= $pass_gen_list[rand(0, 25)]; $pass["password"] = $temppass; } // MaNGOS & Trinity if ($core != 1) { $sha = sha1(strtoupper($pass["login"] . ":" . $pass["password"])); $query = "UPDATE account SET sha_pass_hash='" . $sha . "' WHERE username='******'"; $result = $sql["logon"]->query($query); } // ArcEmu (encrypted) if ($core == 1 && $arc_encrypted) { $sha = sha1(strtoupper($pass["login"] . ":" . $pass["password"])); $query = "UPDATE accounts SET encrypted_password='******' WHERE login='******'"; $result = $sql["logon"]->query($query); } if ($core == 1 && !$arc_encrypted) { if ($format_mail_html) { $file_name = "lang/mail_templates/" . $lang . "/recover_password.tpl"; } else { $file_name = "lang/mail_templates/" . $lang . "/recover_password_nohtml.tpl"; } } else { if ($format_mail_html) { $file_name = "lang/mail_templates/" . $lang . "/reset_password.tpl"; } else { $file_name = "lang/mail_templates/" . $lang . "/reset_password_nohtml.tpl"; } } $fh = fopen($file_name, 'r'); $subject = fgets($fh, 4096); $body = fread($fh, filesize($file_name)); fclose($fh); if ($format_mail_html) { $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); } $body = str_replace("<username>", $user_name, $body); $body = str_replace("<password>", $pass["password"], $body); $server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"]; // if we aren't installed in / then append the path to $server_addr $server_addr .= $url_path != "" ? $url_path : ""; $body = str_replace("<base_url>", $server_addr, $body); $body = str_replace("<title>", $title, $body); if ($GMailSender) { require_once "libs/mailer/authgMail_lib.php"; $namefrom = $title . " Admin"; $result = authgMail($from_mail, $namefrom, $email_addr, $email_addr, $subject, $body, $smtp_cfg); if (!($result["quitcode"] = 221)) { redirect("register.php?action=pass_recovery&err=11&usr="******"quitcode"]); } else { redirect("login.php?error=9"); } } else { require_once "libs/mailer/class.phpmailer.php"; $mail = new PHPMailer(); $mail->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mail->Host = $smtp_cfg["host"]; $mail->Port = $smtp_cfg["port"]; if ($smtp_cfg["user"] != "") { $mail->SMTPAuth = true; $mail->Username = $smtp_cfg["user"]; $mail->Password = $smtp_cfg["pass"]; } } $mail->WordWrap = 50; $mail->From = $from_mail; $mail->FromName = $title . " Admin"; $mail->Subject = $subject; $mail->IsHTML($format_mail_html); $mail->Body = $body; $mail->AddAddress($email_addr); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("register.php?action=pass_recovery&err=11&usr="******"login.php?err=9"); } } } else { redirect("register.php?action=pass_recovery&err=10"); } }