function send_mail()
{
global $output, $logon_db, $characters_db, $realm_id, $action_permission, $user_name, $from_mail, $mailer_type, $smtp_cfg, $GMailSender, $sql, $core;
// if we came here from Quest Item Vendor or Ultra Vendor,
// we need to bypass the normal permissions
if ($_SESSION["vendor_permission"]) {
valid_login($action_permission["view"]);
unset($_SESSION["vendor_permission"]);
} else {
valid_login($action_permission["update"]);
}
$type = isset($_GET["type"]) ? $_GET["type"] : "ingame_mail";
if (empty($_GET["body"]) || empty($_GET["subject"]) || empty($_GET["group_sign"]) || empty($_GET["group_send"])) {
redirect("mail.php?error=1");
}
$body = explode("\n", $_GET["body"]);
$subject = $sql["char"]->quote_smart($_GET["subject"]);
if (isset($_GET["to"]) && $_GET["to"] != "") {
$to = $sql["char"]->quote_smart($_GET["to"]);
} else {
$to = 0;
if (!isset($_GET["group_value"]) || $_GET["group_value"] === '') {
redirect("mail.php?error=1");
} else {
$group_value = $sql["char"]->quote_smart($_GET["group_value"]);
$group_sign = $sql["char"]->quote_smart($_GET["group_sign"]);
$group_send = $sql["char"]->quote_smart($_GET["group_send"]);
}
}
//$type = addslashes($type);
$att_gold = $sql["char"]->quote_smart($_GET["money"]);
for ($i = 0; $i < 12; $i++) {
$temp_item = $sql["char"]->quote_smart($_GET["att_item" . ($i + 1)]);
$temp_stack = $sql["char"]->quote_smart($_GET["att_stack" . ($i + 1)]);
if ($temp_item != 0 && $temp_stack == 0) {
$temp_stack = 1;
}
if ($temp_item != "0") {
$att_item[] = $temp_item;
$att_stack[] = $temp_stack;
}
}
switch ($type) {
case "email":
require_once "libs/mailer/class.phpmailer.php";
require_once "libs/mailer/authgMail_lib.php";
$mail = new PHPMailer();
$mail->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mail->Host = $smtp_cfg["host"];
$mail->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mail->SMTPAuth = true;
$mail->Username = $smtp_cfg["user"];
$mail->Password = $smtp_cfg["pass"];
}
}
$value = NULL;
for ($i = 0; $i < count($body); $i++) {
$value .= $body[$i] . "\r\n";
}
$body = $value;
$mail->From = $from_mail;
$mail->FromName = $user_name;
$mail->Subject = $subject;
$mail->IsHTML(true);
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
$body = str_replace(array("\r\n", "\n", "\r"), "<br />", $body);
$body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body);
$body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body);
$mail->Body = $body;
$mail->WordWrap = 50;
if ($to) {
if (!$GMailSender) {
//single Recipient
$mail->AddAddress($to);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
} else {
$mail->ClearAddresses();
redirect("mail.php?error=2");
}
} else {
//single Recipient
$mail_result = authgMail($from_mail, $user_name, $to, $to, $subject, $body, $smtp_cfg);
if ($mail_result["quitcode"] != 221) {
redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
} else {
redirect("mail.php?error=2");
}
}
} elseif (isset($group_value)) {
//group send
$email_array = array();
switch ($group_send) {
case "gm_level":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT email FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
}
while ($user = $sql["logon"]->fetch_row($result)) {
if ($user[0] != "") {
array_push($email_array, $user[0]);
}
}
break;
case "locked":
//this_is_junk: I'm going to pretend that locked is muted
if ($core == 1) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE muted" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE locked" . $group_sign . "'" . $group_value . "'");
}
while ($user = $sql["logon"]->fetch_row($result)) {
if ($user[0] != "") {
array_push($email_array, $user[0]);
}
}
break;
case "banned":
//this_is_junk: sigh...
$que = $sql["logon"]->query("SELECT id FROM account_banned");
while ($banned = $sql->fetch_row($que)) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE acct='" . $banned[0] . "'");
if ($sqlr->result($result, 0, 'email')) {
array_push($email_array, $sql->result($result, 0, "email"));
}
}
break;
default:
redirect("mail.php?error=5");
break;
}
if (!$GMailSender) {
foreach ($email_array as $mail_addr) {
$mail->AddAddress($mail_addr);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
} else {
$mail->ClearAddresses();
}
}
} else {
$mail_to = implode(",", $email_array);
$mail_result = authgMail($from_mail, $user_name, $mail_to, "", $subject, $body, $smtp_cfg);
if ($mail_result["quitcode"] != 221) {
redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
} else {
redirect("mail.php?error=2");
}
}
redirect("mail.php?error=2");
} else {
redirect("mail.php?error=1");
}
break;
case "ingame_mail":
$value = NULL;
for ($i = 0; $i < count($body); $i++) {
$value .= $body[$i] . " ";
}
$body = $value;
$body = str_replace("\r", " ", $body);
$body = $sql["char"]->quote_smart($body);
if ($to) {
//single Recipient
$result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $to . "'");
if ($sql["char"]->num_rows($result) == 1) {
$receiver = $sql["char"]->result($result, 0, 'guid');
$mails = array();
$mail["receiver"] = $receiver;
$mail["subject"] = $subject;
$mail["body"] = $body;
$mail["att_gold"] = $att_gold;
$mail["att_item"] = $att_item;
$mail["att_stack"] = $att_stack;
$mail["receiver_name"] = $to;
//array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
array_push($mails, $mail);
if ($core == 1) {
send_ingame_mail_A($realm_id, $mails);
} else {
send_ingame_mail_MT($realm_id, $mails);
}
} else {
redirect("mail.php?error=4");
}
redirect("mail.php?error=2");
break;
} elseif (isset($group_value)) {
//group send
$char_array = array();
switch ($group_send) {
case "gm_level":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT acct FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT account.id AS acct FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
}
while ($acc = $sql["char"]->fetch_row($result)) {
if ($core == 1) {
$result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE acct='" . $acc[0] . "'");
} else {
$result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE account='" . $acc[0] . "'");
}
while ($char = $sql["char"]->fetch_row($result_2)) {
array_push($char_array, $char[0]);
}
}
break;
case "online":
$result = $sql["char"]->query("SELECT name FROM `characters` WHERE online" . $group_sign . "'" . $group_value . "'");
while ($user = $sql["char"]->fetch_row($result)) {
array_push($char_array, $user[0]);
}
break;
case "char_level":
$result = $sql["char"]->query("SELECT name FROM `characters` WHERE level" . $group_sign . "'" . $group_value . "'");
while ($user = $sql["char"]->fetch_row($result)) {
array_push($char_array, $user[0]);
}
break;
default:
redirect("mail.php?error=5");
}
$mails = array();
if ($sql["char"]->num_rows($result)) {
foreach ($char_array as $receiver) {
$result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $receiver . "'");
$char_guid = $sql["char"]->fetch_row($result);
$mail = array();
$mail["receiver"] = $char_guid[0];
$mail["subject"] = $subject;
$mail["body"] = $body;
$mail["att_gold"] = $att_gold;
$mail["att_item"] = $att_item;
$mail["att_stack"] = $att_stack;
$mail["receiver_name"] = $receiver;
//array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
array_push($mails, $mail);
}
if ($core == 1) {
send_ingame_mail_A($realm_id, $mails);
} else {
send_ingame_mail_MT($realm_id, $mails);
}
redirect("mail.php?error=2");
} else {
redirect("mail.php?error=4");
}
}
break;
default:
redirect("mail.php?error=1");
}
}
function send_invite($resend = false)
{
global $lang, $GMailSender, $smtp_cfg, $title, $format_mail_html, $user_name, $user_id, $url_path, $mailer_type, $sql, $core;
if (!$resend) {
if (empty($_GET["invite_email"])) {
redirect("edit.php?error=1");
}
$invited = $sql["mgr"]->quote_smart($_GET["invite_email"]);
// a little XSS prevention
if ($invited != htmlspecialchars($_GET["invite_email"])) {
redirect("edit.php?error=1");
}
// make sure we're not inviting someone who already has an account here
if ($core == 1) {
$check_mail_query = "SELECT * FROM accounts WHERE email='" . $invited . "'";
} else {
$check_mail_query = "SELECT * FROM account WHERE email='" . $invited . "'";
}
$check_mail_result = $sql["logon"]->query($check_mail_query);
if ($sql["logon"]->num_rows($check_mail_result) > 0) {
redirect("edit.php?error=2");
}
// make sure we're not inviting someone who already has an invitation
$check_mail_query = "SELECT * FROM invitations WHERE invited_email='" . $invited . "'";
$check_mail_result = $sql["mgr"]->query($check_mail_query);
if ($sql["mgr"]->num_rows($check_mail_result) > 0) {
redirect("edit.php?error=2");
}
// generate a private key based on our user name and the target's email
$key = sha1($user_name . ":" . $invited);
// get the name of one of our characters
if ($core == 1) {
$char_query = "SELECT name FROM characters WHERE acct='" . $user_id . "' LIMIT 1";
} else {
$char_query = "SELECT name FROM characters WHERE account='" . $user_id . "' LIMIT 1";
}
$char_result = $sql["char"]->query($char_query);
$char = $sql["char"]->fetch_assoc($char_result);
$char = $char["name"];
// prepare our invitation message
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/invite.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/invite_nohtml.tpl";
}
$fh = fopen($file_name, "r");
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
$mail = $invited;
$subject = str_replace("<title>", $title, $subject);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
}
$body = str_replace("<username>", $user_name, $body);
$body = str_replace("<key>", $key, $body);
$body = str_replace("<title>", $title, $body);
$body = str_replace("<char>", $char, $body);
$body = str_replace("<core>", core_name($core), $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$fromName = $title . " Admin";
authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
} else {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg["host"];
$mailer->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg["user"];
$mailer->Password = $smtp_cfg["pass"];
}
}
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = $title . " Admin";
$mailer->Subject = $subject;
$mailer->IsHTML($format_mail_html);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
// create entry in invitations table
$create_query = "INSERT INTO invitations (issuer_acct_id, invited_email, invitation_key) VALUES ('" . $user_id . "', '" . $invited . "', '" . $key . "')";
$create_result = $sql["mgr"]->query($create_query);
} else {
if (empty($_GET["key"])) {
redirect("edit.php?error=1");
}
$key = $sql["mgr"]->quote_smart($_GET["key"]);
// a little XSS prevention
if ($key != htmlspecialchars($_GET["key"])) {
redirect("edit.php?error=1");
}
// get the invitation we need to resend
$invite_query = "SELECT invited_email FROM invitations WHERE invitation_key='" . $key . "'";
$invite_result = $sql["mgr"]->query($invite_query);
$invite_result = $sql["mgr"]->fetch_assoc($invite_result);
$invited = $invite_result["invited_email"];
// get the name of one of our characters
if ($core == 1) {
$char_query = "SELECT name FROM characters WHERE acct='" . $user_id . "' LIMIT 1";
} else {
$char_query = "SELECT name FROM characters WHERE account='" . $user_id . "' LIMIT 1";
}
$char_result = $sql["char"]->query($char_query);
$char = $sql["char"]->fetch_assoc($char_result);
$char = $char["name"];
// prepare our invitation message
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/invite.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/invite_nohtml.tpl";
}
$fh = fopen($file_name, "r");
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
$mail = $invited;
$subject = str_replace("<title>", $title, $subject);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
}
$body = str_replace("<username>", $user_name, $body);
$body = str_replace("<key>", $key, $body);
$body = str_replace("<title>", $title, $body);
$body = str_replace("<char>", $char, $body);
$body = str_replace("<core>", core_name($core), $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$fromName = $title . " Admin";
authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
} else {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg["host"];
$mailer->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg["user"];
$mailer->Password = $smtp_cfg["pass"];
}
}
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = $title . " Admin";
$mailer->Subject = $subject;
$mailer->IsHTML($format_mail_html);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
}
redirect("edit.php");
}
function do_pass_recovery()
{
global $logon_db, $from_mail, $mailer_type, $smtp_cfg, $title, $GMailSender, $lang, $url_path, $format_mail_html, $sql, $core;
if (empty($_POST["username"]) || empty($_POST["email"])) {
redirect("register.php?action=pass_recovery&err=1");
}
$user_name = $sql["logon"]->quote_smart(trim($_POST["username"]));
$email_addr = $sql["logon"]->quote_smart($_POST["email"]);
// ArcEmu: find out if we're using an encrypted password for this account
// (enrypted passwords cannot be recovered)
if ($core == 1) {
$pass_query = "SELECT * FROM accounts WHERE login='******' AND encrypted_password<>''";
$pass_result = $sql["logon"]->query($pass_query);
$arc_encrypted = $sql["logon"]->num_rows($pass_result);
}
if ($core == 1) {
if ($arc_encrypted) {
$result = $sql["logon"]->query("SELECT login FROM accounts WHERE login='******' AND email='" . $email_addr . "'");
} else {
$result = $sql["logon"]->query("SELECT password FROM accounts WHERE login='******' AND email='" . $email_addr . "'");
}
} else {
$result = $sql["logon"]->query("SELECT *, username AS login FROM account WHERE username='******' AND email='" . $email_addr . "'");
}
if ($sql["logon"]->num_rows($result) == 1) {
$pass = $sql["logon"]->fetch_assoc($result);
// Password recovery is, basically, impossible on MaNGOS and Trinity (and ArcEmu with encrypted passwords)
// so we just generate a new one
if ($core != 1 || $arc_encrypted) {
$pass_gen_list = 'abcdefghijklmnopqrstuvwxyz';
// generate a random, temporary password
$temppass = $pass_gen_list[rand(0, 25)];
$temppass .= $pass_gen_list[rand(0, 25)];
$temppass .= $pass_gen_list[rand(0, 25)];
$temppass .= rand(1, 9);
$temppass .= rand(1, 9);
$temppass .= rand(1, 9);
$temppass .= $pass_gen_list[rand(0, 25)];
$pass["password"] = $temppass;
}
// MaNGOS & Trinity
if ($core != 1) {
$sha = sha1(strtoupper($pass["login"] . ":" . $pass["password"]));
$query = "UPDATE account SET sha_pass_hash='" . $sha . "' WHERE username='******'";
$result = $sql["logon"]->query($query);
}
// ArcEmu (encrypted)
if ($core == 1 && $arc_encrypted) {
$sha = sha1(strtoupper($pass["login"] . ":" . $pass["password"]));
$query = "UPDATE accounts SET encrypted_password='******' WHERE login='******'";
$result = $sql["logon"]->query($query);
}
if ($core == 1 && !$arc_encrypted) {
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/recover_password.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/recover_password_nohtml.tpl";
}
} else {
if ($format_mail_html) {
$file_name = "lang/mail_templates/" . $lang . "/reset_password.tpl";
} else {
$file_name = "lang/mail_templates/" . $lang . "/reset_password_nohtml.tpl";
}
}
$fh = fopen($file_name, 'r');
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
if ($format_mail_html) {
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
}
$body = str_replace("<username>", $user_name, $body);
$body = str_replace("<password>", $pass["password"], $body);
$server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
// if we aren't installed in / then append the path to $server_addr
$server_addr .= $url_path != "" ? $url_path : "";
$body = str_replace("<base_url>", $server_addr, $body);
$body = str_replace("<title>", $title, $body);
if ($GMailSender) {
require_once "libs/mailer/authgMail_lib.php";
$namefrom = $title . " Admin";
$result = authgMail($from_mail, $namefrom, $email_addr, $email_addr, $subject, $body, $smtp_cfg);
if (!($result["quitcode"] = 221)) {
redirect("register.php?action=pass_recovery&err=11&usr="******"quitcode"]);
} else {
redirect("login.php?error=9");
}
} else {
require_once "libs/mailer/class.phpmailer.php";
$mail = new PHPMailer();
$mail->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mail->Host = $smtp_cfg["host"];
$mail->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mail->SMTPAuth = true;
$mail->Username = $smtp_cfg["user"];
$mail->Password = $smtp_cfg["pass"];
}
}
$mail->WordWrap = 50;
$mail->From = $from_mail;
$mail->FromName = $title . " Admin";
$mail->Subject = $subject;
$mail->IsHTML($format_mail_html);
$mail->Body = $body;
$mail->AddAddress($email_addr);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("register.php?action=pass_recovery&err=11&usr="******"login.php?err=9");
}
}
} else {
redirect("register.php?action=pass_recovery&err=10");
}
}
