} if ($func != 'searchhelp') { // Print the error screen if the account has auth errors, or session timeout. if ($atmail->status == 1) { $atmail->auth_error(); } if ($atmail->status == 2) { $atmail->session_error(); } } if (!$atmail->Langage && !$atmail->LoginType) { $atmail->Language = $settings['Language']; $atmail->LoginType = 'xp'; } $var['newfolder'] = $_REQUEST['NewFolder']; $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-form.css"); $var['mailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-mail.css"); // Make a new mail object, used to search and list the users folders $mail = new GetMail(array('Username' => $atmail->username, 'Pop3host' => $atmail->pop3host, 'Password' => $auth->password, 'Type' => $atmail->MailType, 'Mode' => $atmail->Mode)); // Load an array of msgs selected to be moved $msgs = $_REQUEST['id']; // If a value exists in the array, start to move the messages. if ($msgs[0]) { $mail->login(); // Loop through the selected msgs to move, the new folder to move to // is seperated by :: . e.g 56::Trash , msg 56 from the Trash folder foreach ($msgs as $id) { if (preg_match('/::(.*)/', $id, $m)) { $folder = $m[1]; }
$atmail->auth_error(); } if ($atmail->status == 2) { $atmail->session_error(); } // Which function $var['func'] = $_REQUEST['func']; // Check for an attachment upload that has gone over post_max_size // Set func to 'attachment' as $_POST will be empty. if (isset($_GET['sending_attachment']) && !count($_POST) && !count($_FILES)) { $var['func'] = 'attachment'; } // Load the account preferences $atmail->loadprefs(); // Parse the users custom stylesheet $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); // Load the time to display in the compose window $var['localtime'] = strftime("%c"); // Create a unique number - Each compose screen is unique. Used to // reference which attachments are for what window. Based on the // PID and a random number. $var['unique'] = $atmail->param_escape('unique'); $var['delete'] = $_REQUEST['delete']; if (!$var['unique']) { $var['unique'] = getmypid() + rand(0, 1000); } // Avoid any fake/malformed unique ID, e.g ../ in pathname $var['unique'] = basename($var['unique']); // see if something is cached if (file_exists($atmail->tmpdir . ".ht{$auth->SessionID}")) { $var['PgpPass'] = 1;
} else { $atmail->httpheaders(); } $atmail->status = $auth->getuser($atmail->SessionID); $atmail->username = $auth->username; $atmail->pop3host = $auth->pop3host; // Print the error screen if the account has auth errors if ($atmail->status == 1) { $atmail->auth_error(); } elseif ($atmail->status == 2) { $atmail->session_error(); } // Load the account preferences $atmail->loadprefs(); // Parse the users custom stylesheet $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); // Create a new log object if (!$_REQUEST['Draft']) { $log = new Log(array('Account' => "{$atmail->username}@{$atmail->pop3host}")); $num = $log->logcheck('SendMail', $_SERVER['REMOTE_ADDR'], "{$atmail->username}@{$atmail->pop3host}"); if ($num > $pref['filter_max_msgs'] && $pref['filter_max_msgs'] > 1) { print $atmail->parse("html/{$atmail->Language}/auth_spammer.html"); $log->write_log('Error', "Spam Detected from {$_SERVER['REMOTE_ADDR']} : {$num} msgs sent"); $atmail->end(); } } // Calculate the height of the menubar ( if the Webadmin user toggles off certain features ) $h = $atmail->calcmenu_height(); foreach ($h as $k => $v) { $var[$k] = $v; }
// check for language version if (!isset($atmail->Language) && strlen($atmail->Language) > 0) { $atmail->Language = $pref['Language']; } // Print the error screen if the account has auth errors, or session timeout. if ($atmail->status == 1) { $atmail->auth_error(); } if ($atmail->status == 2) { $atmail->session_error(); } $atmail->httpheaders(); // Load the account preferences $atmail->loadprefs(); // Parse the users custom stylesheet $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); $var['mailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-mail.css"); $var['folder'] = $atmail->escape_html($_REQUEST['Folder'], false); $var['newfolder'] = $atmail->escape_html(urldecode($_REQUEST['NewFolder']), false); $var['acc'] = $acc; if ($_REQUEST['sort']) { $var['sort'] = $_REQUEST['sort']; } elseif ($atmail->MboxOrder) { $var['sort'] = $atmail->MboxOrder; } else { $var['sort'] = 'id'; } $var['order'] = $_REQUEST['order'] ? $_REQUEST['order'] : ''; $var['order'] = Filter::stringMatch($var['order'], array('desc', 'asc')); $var['flag'] = $_REQUEST['Flag']; $var['XML'] = $_REQUEST['XML'];
} // If the user if logging off, print a cookie header with // a blank SessionID. Delete the Session for the DB too if ($var['func'] == "logout") { require_once 'Session.php'; session_start(); $auth =& $atmail->getAuthObj(); // Find the users current settings, if to delete the trash on logout //$atmail->cookie_read($auth); //$auth->getuser(); $atmail->username = $auth->username; $atmail->pop3host = $auth->pop3host; $atmail->SessionID = $auth->SessionID; //$atmail->cookie_header_delete(); if (!$pref['opensource']) { $var['ErrorHead'] = $atmail->parse("html/{$atmail->Language}/msg/logoff.html"); $var['ErrorHead'] .= "<script language='Javascript'>window.focus();</script>"; } $atmail->clean_tmp(); // clear tmp directory if ($handle = opendir($pref['install_dir'] . '/tmp/')) { while (false !== ($file_name = readdir($handle))) { if ($file_name != "." && $file_name != ".." && $file_name != '.htaccess' && is_file($file_name)) { if (strtotime("+ 180 seconds") > fileatime($file_name)) { unlink($file_name); } } } closedir($handle); } // If we have expunge on logout ( e.g PDMF IMAP server)
if ($_REQUEST['ignore'] || $_REQUEST['change'] && $_REQUEST['wordreplace']) { // Ignore the word $spellChecker->ignoreWord($_REQUEST['wordreplace']); } // spell check the email $_REQUEST['emailmessage'] = str_replace(array('<br>', '<BR>', '<br/>', '<BR/>', '</p>', '</P>'), "\n", $_REQUEST['emailmessage']); // Remove any html entities and tags $_REQUEST['emailmessage'] = preg_replace('/&\\w+;/', '', $_REQUEST['emailmessage']); $_REQUEST['emailmessage'] = strip_tags($_REQUEST['emailmessage']); // Remove punctuation such as , ; : //$_REQUEST['emailmessage'] = preg_replace('/[^a-zA-Z\-]+/', ' ', $_REQUEST['emailmessage']); foreach (explode("\n", $_REQUEST['emailmessage']) as $line) { $words = array_unique(preg_split('/\\s+/', $line)); foreach ($words as $word) { if (preg_match('/[a-zA-Z]+/', $word)) { $spellChecker->check($word); } } } if ($spellChecker->haveErrors()) { $result = $spellChecker->getSuggestions(); if (is_array($result)) { $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/simple/atmailstyle.css"); echo $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/spellcheck.html", $result, $var); } else { header("Content-type: text/xml; charset: utf-8"); echo $result; } } $spellChecker->close(); $atmail->end();
$var = array(); $atmail->httpheaders(); $atmail->status = $auth->getuser($atmail->SessionID); $atmail->username = $auth->username; $atmail->pop3host = $auth->pop3host; // Print the error screen if the account has auth errors, or session timeout. if ($atmail->status == 1) { $atmail->auth_error(); } if ($atmail->status == 2) { $atmail->session_error(); } // Load the account preferences $atmail->loadprefs(); // Parse the users custom stylesheet $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-form.css"); $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-mail.css"); include 'snippets/quota_bar.php'; if (!$_REQUEST['func']) { $var['search'] = $_REQUEST['search']; echo $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/ldap.html", $var); $atmail->end(); } // apend '_ldap_' to the function name passed via $_REQUEST so that // user cannot call some arbitrary function such as 'phpinfo()' $func = '_ldap_' . $_REQUEST['func']; // check that the requested function exists then call it if (function_exists($func)) { $func(); } else {
$atmail->pop3host = $auth->pop3host; // check for language version if (!$atmail->Language) { $atmail->Language = $pref['Language']; } // Print the error screen if the account has auth errors, or session timeout. if ($atmail->status == 1) { $atmail->auth_error(); } if ($atmail->status == 2) { $atmail->session_error(); } // Load the account preferences $atmail->loadprefs(); // Parse the users custom stylesheet $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-form.css"); // Which email to read $var['id'] = $_REQUEST['id']; $var['folder'] = urldecode($_REQUEST['folder']); $var['print'] = $_REQUEST['print']; $var['cache'] = $_REQUEST['cache']; $var['head'] = $_REQUEST['head']; $var['rawemail'] = $_REQUEST['rawemail']; if (file_exists($atmail->tmpdir . ".ht." . $auth->SessionID) || $_REQUEST['pgppass']) { $var['PgpPass'] = 1; } // LeaveMsgs = 0 is not spported as yet $atmail->LeaveMsgs = 1; // Specify to open mail messages in new window, or parent location $type = $atmail->LoginType == "simple" ? 1 : 0;
if ($atmail->status == 1) { $atmail->auth_error(); } if ($atmail->status == 2) { $atmail->session_error(); } // Load the account preferences $atmail->loadprefs(1); if ($var['func'] != 'rename' && $var['func'] != 'delfolderxp') { $atmail->httpheaders(); } $var['languagebox'] = $atmail->languages(2); $var['languagebox'] = str_replace("value='{$atmail->Language}'", "value='{$atmail->Language}' selected", $var['languagebox']); $var['languagebox'] = str_replace("<select", "<select class=\"select\"", $var['languagebox']); $mail = new GetMail(array('Username' => $atmail->username, 'Pop3host' => $atmail->pop3host, 'Password' => $auth->password, 'Mode' => $atmail->Mode, 'Type' => $atmail->MailType)); $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-form.css"); include 'snippets/quota_bar.php'; // now call the requested function $func(); $atmail->end(); function util_info() { global $mail, $atmail, $var, $domains; $mail->login(); $reload = false; // We keep the folder info in session to speed up page loading as // when we have large folders this can take a while. Data stays valid // for 15 minutes //if (isset($_SESSION['folderinfo']) && ($_SESSION['folderinfo']['created'] < (time() - 900))) { // unset($_SESSION['folderinfo']);
// | http://opensource.org/licenses/apache2.0.php | // +----------------------------------------------------------------+ require_once 'header.php'; require_once 'GetMail.php'; require_once 'Session.php'; require_once 'Global.php'; session_start(); $type = $var = array(); $atmail = new AtmailGlobal(); $auth =& $atmail->getAuthObj(); $filename = preg_replace("/[^a-z0-9\\-\\/._\$>]/i", "", $_REQUEST['file']); $redirect = $_REQUEST['redirect']; $_REQUEST['func'] = preg_replace("/[^a-z0-9]/i", "", $_REQUEST['func']); // No auth necessary to display login page if ($filename == 'html/login-light.html') { echo $atmail->parse('html/login-light.html'); $atmail->end(); } $atmail->status = $auth->getuser(); // Print the error screen if the account has auth errors, or session timeout. // Ignore if user not authenticated, but wants to view the help documentation if (preg_match('/html\\/(.*?)\\/help\\/(.*?\\.html)/', $filename)) { } elseif ($atmail->status == 1) { $atmail->auth_error(); } elseif ($atmail->status == 2) { $atmail->session_error(); } if ($redirect) { $redirect = str_replace('&', '&', $redirect); $redirect = str_replace('$', '/', $redirect); // Unsure why this is implemented, might be used, verify
$var['UserInfo'] = strip_tags($var['UserInfo']); // Take away any HTML characters $var['UserPgpKey'] = htmlentities($_REQUEST['UserPgpKey']); $var['WriteSelectedGroups'] = htmlentities($_REQUEST['WriteSelectedGroups']); $var['WriteSelectedUsers'] = htmlentities($_REQUEST['WriteSelectedUsers']); $var['ReadSelectedGroups'] = htmlentities($_REQUEST['ReadSelectedGroups']); $var['ReadSelectedUsers'] = htmlentities($_REQUEST['ReadSelectedUsers']); $var['abookview'] = $_REQUEST['type'] ? $_REQUEST['type'] : $_REQUEST['abookview']; $var['abookview'] = Filter::stringMatch(strtolower($var['abookview']), array('global', 'shared', 'personal')); $var['order'] = htmlentities($_REQUEST['order']); include 'snippets/quota_bar.php'; $abook = new Abook(array('Account' => "{$atmail->username}@{$atmail->pop3host}")); // Decide the amount of entries to display $amount = '50'; $abook->limit = $amount; $var['atmailstyle'] = $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle.css"); $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-mail.css"); // Append the form/input/select stylesheet $var['atmailstyle'] .= $atmail->parse("html/{$atmail->Language}/{$atmail->LoginType}/atmailstyle-form.css"); // Delete any users if ($_REQUEST['del'] && (!$atmail->XUL && !$_REQUEST['delmulti'])) { $var['user'] = $_REQUEST['email']; $abook->delete($var['user'], $var['id']); // Delete the group if specified if ($_REQUEST['group']) { $abook->deletegroup($var['user']); } $var['status'] = "Deleted {$var['user']} - "; } // delete group(s)/user(s) from address books if (($_REQUEST['del'] || $_REQUEST['delgroup']) && ($atmail->XUL || $_REQUEST['delmulti'])) {