function receiveMessages()
{
$OUTPUT = "";
// retrieve all accounts this user has access to
$sql = "SELECT account_id, account_name, server_host, server_user, server_pass, leave_msgs\r\n\t\t\tFROM mail_accounts\r\n\t\t\tWHERE ( username = '******' OR \"public\" = '1' ) AND active = '1'\r\n\r\n\t\tUNION\r\n\t\tSELECT mail_accounts.account_id, account_name, server_host, server_user, server_pass, leave_msgs\r\n\t\t\tFROM mail_accounts,mail_priv_accounts\r\n\t\t\tWHERE ( mail_accounts.account_id = mail_priv_accounts.account_id\r\n\t\t\t\tAND priv_owner = '" . USER_NAME . "' ) AND active = '1'";
$rslt = db_exec($sql);
// go through each account and retrieve the messages
$pop =& new clsPOPMail();
$msg =& new clsMailMsg();
if (pg_num_rows($rslt) <= 0) {
$OUTPUT .= "No active accounts found.";
} else {
while ($account = pg_fetch_array($rslt)) {
$accid = $account["account_id"];
$accname = $account["account_name"];
$host = $account["server_host"];
$port = 110;
$user = $account["server_user"];
$pass = $account["server_pass"];
$leave_msgs = $account["leave_msgs"];
// if the retrieveMessages returned true, it means an error has been found.
// Print and continue with next server.
if ($connection = $pop->retrieveMessages($host, $port, $user, $pass, $leave_msgs)) {
$OUTPUT .= "({$accname}) {$connection}<br>";
continue;
}
// get each received message, pass to processor, and store in database
$msgcount = 0;
while ($buf = $pop->enumGetMessage()) {
// get the data to be inserted
if ($msg->processMessage($buf) == FALSE) {
continue;
}
$type_id = getMsgType($msg->type);
// data and header is base64_encoded so weird characters can also be stored
$data = base64_encode($buf);
// insert body into Cubit
if (!pglib_transaction("BEGIN")) {
continue;
}
$rslt = db_exec("INSERT INTO mail_msgbodies (type_id, data)\r\n\t\t\t\t\tVALUES( {$type_id}, '{$data}' )");
if (pg_cmdtuples($rslt) <= 0) {
continue;
}
$msgbody_id = pglib_lastid("mail_msgbodies", "msgbody_id");
if (!pglib_transaction("COMMIT")) {
continue;
}
// get the folder this message should be inserted into
$rslt = db_exec("SELECT fid_inbox FROM mail_account_settings WHERE account_id={$accid}");
if (pg_num_rows($rslt) > 0) {
$infolder = pg_fetch_result($rslt, 0, 0);
} else {
$infolder = 0;
}
// move to no folder, but store, this way all is not lost
// check if the user even MAY add to this folder (account of folder they have
// privileges to, folder.username = their's, they have privileges to this folder
// it is a public folder, public account
$sql = "\r\n\t\t\t\tSELECT 1 FROM mail_folders WHERE folder_id = {$infolder}\r\n\t\t\t\t\tAND (\"public\" = '1' OR username='******')\r\n\t\t\t\tUNION\r\n\t\t\t\tSELECT 1 FROM mail_accounts, mail_folders WHERE folder_id = {$infolder}\r\n\t\t\t\t\tAND mail_accounts.account_id=mail_folders.account_id\r\n\t\t\t\t\tAND (mail_accounts.username = '******' OR mail_accounts.\"public\" = '1')\r\n\t\t\t\tUNION\r\n\t\t\t\tSELECT 1 FROM mail_priv_accounts, mail_folders WHERE folder_id = {$infolder}\r\n\t\t\t\t\tAND mail_priv_accounts.account_id = mail_folders.account_id\r\n\t\t\t\t\tAND priv_owner = '" . USER_NAME . "'\r\n\t\t\t\tUNION\r\n\t\t\t\tSELECT 1 FROM mail_priv_folders WHERE folder_id = {$infolder}\r\n\t\t\t\t\tAND priv_owner = '" . USER_NAME . "'";
$rslt = db_exec($sql);
if (pg_num_rows($rslt) <= 0) {
continue;
}
// you may not add to this folder (inbox folder for account);
// insert the message linked to body
$sql = " INSERT INTO mail_messages ( account_id, folder_id, subject, add_from, add_to, add_cc,\r\n\t\t\t\t\t\t\tadd_bcc, priority, attachments, msgbody_id, flag, date)\r\n\t\t\t\t\t\tVALUES ( '{$accid}', '{$infolder}', '{$msg->subject}', '{$msg->from}', '{$msg->to}',\r\n\t\t\t\t\t\t\t'{$msg->cc}', '{$msg->bcc}', '1', '0', '{$msgbody_id}', '1', CURRENT_TIMESTAMP)";
$rslt = db_exec($sql);
if (pg_cmdtuples($rslt) <= 0) {
continue;
}
$msgcount++;
}
$OUTPUT .= "Received {$msgcount} messages for {$accname}.<br>";
}
}
return $OUTPUT;
}
function sendMsg()
{
global $_GET;
if (isset($_GET["save"])) {
return saveMsg($_GET);
}
$v =& new validate();
$OUTPUT = "";
// restore the variables
extract($_GET);
extract($_FILES);
// check if account is valid
if (isset($_GET["aid"])) {
if (!$v->isOk($_GET["aid"], "num", 0, 9, "")) {
return "Invalid account number specified";
}
// check if you may send mail from here
$sql = "SELECT 1\n\t\t\t FROM mail_accounts WHERE ( username='******' OR \"public\"='1' )\n\t\t\t \tAND enable_smtp = '1' AND account_id='{$aid}'\n\n\t\tUNION\n\t\tSELECT 1\n\t\t\tFROM mail_accounts,mail_priv_accounts\n\t\t\tWHERE mail_accounts.account_id = mail_priv_accounts.account_id AND\n\t\t\tmail_accounts.account_id='{$aid}'\n\t\t\t\tAND priv_owner = '" . USER_NAME . "' AND enable_smtp = '1'";
$rslt = db_exec($sql);
if (pg_num_rows($rslt) <= 0) {
return "You may not send mail from this account<br>";
}
} else {
return "No account specified<br>";
}
if ($lead_id) {
$sql = "SELECT email FROM cubit.cons WHERE id='{$lead_id}'";
$rslt = db_exec($sql) or errDie("Unable to retrieve email address for contact.");
$email = pg_fetch_result($rslt, 0);
$_GET["send_to"] = $email;
}
if (!isset($_GET["send_to"])) {
$send_to = "";
}
if (!isset($_GET["send_bcc"])) {
$send_bcc = "";
}
if (!isset($_GET["send_cc"])) {
$send_cc = "";
}
if (!isset($_GET["subject"])) {
$subject = "";
}
if (!isset($_FILES["attachment"])) {
$attachment = "";
}
if (!isset($_GET["body"])) {
$body = "";
}
$v->resetErrors();
// $v->isOK($send_to, "email", 1, 255, "Invalid recipient.");
//if ( strlen($send_to) <= 0 ) $v->addError("", "Invalid recipient");
// $v->isOK($send_cc, "email", 0, 255, "Invalid cc recipient.");
// $v->isOK($send_bcc, "email", 0, 255, "Invalid bcc recipient.");
//if ( ! $v->isOK($bodydata, "string", 1, 255, "Invalid text in body.") ) {
// $_GET["body"] = htmlspecialchars($body); // makes sure we dont get cross site scripting
//}
// ok now print errors if any
if ($v->isError()) {
$errs = $v->getErrors();
foreach ($errs as $arr => $errval) {
$OUTPUT .= "{$errval['msg']}<br>";
}
$OUTPUT .= writeMsg();
return $OUTPUT;
}
$bodydata = "<html>{$bodydata}</html>";
// get the smtp data
$rslt = db_exec("SELECT smtp_from, smtp_reply, signature, smtp_host, smtp_auth, smtp_user, smtp_pass\n\t\t\t\t\tFROM mail_accounts WHERE account_id={$_GET['aid']}");
$smtp_data = pg_fetch_array($rslt);
// build msg body
$body = "{$body}\n\n{$smtp_data['signature']}";
// determine whether or not here is an attachment
$has_attachment = is_uploaded_file($attachment["tmp_name"]);
// modify message and create content_type header depending on whether or not an attachment was posted
if ($has_attachment == FALSE) {
$msgtype = $content_type = "text/html";
$transfer_encoding = "8bit";
} else {
// has attachment
$msgtype = $content_type = "multipart/mixed";
// create the main body
$body_text = "Content-Type: text/html; charset=US-ASCII\n";
$body_text .= "Content-Transfer-Encoding: base64\n";
$body_text .= "\n" . chunk_split(base64_encode($bodydata));
// get the attachment data
if (($fd = fopen($attachment["tmp_name"], "r")) == TRUE) {
$attachment_data = "";
while (!feof($fd)) {
$attachment_data .= fgets($fd, 4096);
}
fclose($fd);
// delete the temporary file
unlink($attachment["tmp_name"]);
$attachment_data = chunk_split(base64_encode($attachment_data));
$attachment_headers = "Content-Type: {$attachment['type']}; name=\"{$attachment['name']}\"\n";
$attachment_headers .= "Content-Transfer-Encoding: base64\n";
$attachment_headers .= "Content-Disposition: attachment; filename=\"{$attachment['name']}\"\n";
$attachment_data = "{$attachment_headers}\n{$attachment_data}";
} else {
// error opening the attachment file
$attachment_data = "";
}
// generate a unique boundary ( md5 of filename + ":=" + filesize )
$boundary = md5($attachment["name"]) . "=:" . $attachment["size"];
$content_type .= "; boundary=\"{$boundary}\"";
// put together the body
$bodydata = "\n--{$boundary}\n{$body_text}\n\n--{$boundary}\n{$attachment_data}\n\n--{$boundary}--\n";
}
// generate the msg id
list($buf, $domain) = explode("@", $smtp_data["smtp_from"]);
// build headers
$headers[] = "From: {$smtp_data['smtp_from']}";
$headers[] = "To: {$send_to}";
$headers[] = "Date: " . date("Y-m-d");
$headers[] = "Reply-To: {$smtp_data['smtp_reply']}";
$headers[] = "X-Mailer: Cubit Mail";
$headers[] = "Return-Path: {$smtp_data['smtp_reply']}";
$headers[] = "Message-ID: <" . date("YmdHi") . "." . md5($bodydata) . "@{$domain}>";
$headers[] = "MIME-Version: 1.0";
$headers[] = "Content-Type: {$content_type}; charset=US-ASCII";
$headers[] = "cc: {$send_cc}";
$headers[] = "bcc: {$send_bcc}";
// create the header variable (it is done this way, to make management of headers easier, since there
// may be no tabs and unnecesary whitespace in mail headers)
//$headers[] = "\n"; // add another new line to finish the headers
$headers = implode("\n", $headers);
// send the message
$sendmail =& new clsSMTPMail();
$OUTPUT = $sendmail->sendMessages($smtp_data["smtp_host"], 25, $smtp_data["smtp_auth"], $smtp_data["smtp_user"], $smtp_data["smtp_pass"], $send_to, $smtp_data["smtp_from"], $subject, $bodydata, $headers);
if ($sendmail->bool_success) {
$account_id = "{$_GET['aid']}";
$type_id = getMsgType($msgtype);
// data and header is base64_encoded so weird characters can also be stored
$buf = "{$headers}\n\n{$bodydata}";
$data = chunk_split(base64_encode($buf));
db_conn("cubit");
// insert body into Cubit
if (!pglib_transaction("BEGIN")) {
continue;
}
$rslt = db_exec("INSERT INTO mail_msgbodies (type_id, data)\n\t\t\tVALUES( {$type_id}, '{$data}' )");
if (pg_cmdtuples($rslt) <= 0) {
continue;
}
$msgbody_id = pglib_lastid("mail_msgbodies", "msgbody_id");
pglib_transaction("COMMIT");
// get the folder this message should be inserted into
$rslt = db_exec("\n\t\t\tSELECT fid_sent FROM mail_account_settings\n\t\t\tWHERE account_id='{$account_id}'");
if (pg_num_rows($rslt) > 0) {
$infolder = pg_fetch_result($rslt, 0, 0);
} else {
$infolder = 0;
}
// move to no folder, but store, this way all is not lost
// insert the message linked to body
$sql = "\n\t\tINSERT INTO mail_messages (account_id, folder_id, subject,\n\t\t\tadd_from, add_to, add_cc, add_bcc, priority, attachments, msgbody_id,\n\t\t\tflag, date)\n\t\tVALUES ('{$account_id}', '{$infolder}', '{$subject}', '{$smtp_data['smtp_from']}',\n\t\t\t'{$send_to}', '{$send_cc}', '{$send_bcc}', '1',\n\t\t\t'" . ($has_attachment ? "1" : "0") . "', '{$msgbody_id}',\t'1', CURRENT_TIMESTAMP)";
$rslt = db_exec($sql) or errDie("Error saving message in Sent Items.");
$message_id = pglib_lastid("mail_messages", "message_id");
}
/*if ( mail($send_to, $subject, $body, $headers) == TRUE )
$OUTPUT = "Successfully sent mail to $send_to.<br>";
else
$OUTPUT = "Error sending mail.<br>";*/
return writeMsg($OUTPUT);
}
echo $val['uid'];
?>
</a></td>
<td><a href="<?php
echo U('home/log', array('uid' => $val['uid'], 'status' => $status));
?>
"><?php
echo getUser($val['uid']);
?>
</a></td>
<td><?php
echo $val['msg_id'];
?>
</td>
<td><?php
echo getMsgType($val['msg_type']);
?>
</td>
<td><?php
echo $val['content'];
?>
</td>
<td><?php
echo $val['create_time'] ? outTime($val['create_time']) : '';
?>
</td>
<td>
<div class="btn-group">
<button class="btn btn-white btn-xs dropdown-toggle" data-toggle="dropdown">操作<span class="caret"></span></button>
<ul class="dropdown-menu">
<li><a rel="pop" href="<?php