} if (empty($maillist)) { continue; } $one_recipient = $maillist[0]['to']; for ($i = 1; $i < count($maillist); ++$i) { if ($maillist[$i]['to'] != $one_recipient) { $one_recipient = null; break; } } /* * start printing email below this line. * $one_recipient contains an email if all messages were only to one recipient */ $smarty = new Smarty(); $smarty->compile_dir = '/tmp/'; $smarty->template_dir = dirname(__FILE__) . '/../templates/'; if ($one_recipient !== null) { $smarty->assign('recipient', $one_recipient); } $smarty->assign('mails', $maillist); $smarty->assign('quarantine_url', $settings->getPublicURL() . '/?source=quarantine'); echo "Digest to {$email} with " . count($maillist) . " messages\n"; $headers = array(); $headers[] = 'Content-Type: text/html; charset=UTF-8'; $headers[] = 'Content-Transfer-Encoding: base64'; $body = $smarty->fetch('digestday.mail.tpl'); $subject = $smarty->getTemplateVars('subject'); mail2($email, $subject, chunk_split(base64_encode($body)), $headers); }
$statement->execute(array(':username' => $recipient, 'password' => $password, 'token' => $token)); $statement = $dbh->prepare("INSERT INTO users_relations (username, type, access) VALUES (:username, 'mail', :username);"); $statement->execute(array(':username' => $recipient)); if (!$dbh->commit()) { panic('Database INSERT failed'); } $smarty_no_assign = true; require BASE . '/inc/smarty.php'; $smarty->assign('email', $recipient); $smarty->assign('register_url', $settings->getPublicURL() . "/?page=forgot&reset={$recipient}&type=create&token={$publictoken}"); $headers = array(); $headers[] = 'Content-Type: text/html; charset=UTF-8'; $headers[] = 'Content-Transfer-Encoding: base64'; $body = $smarty->fetch('newuser.mail.tpl'); $subject = $smarty->getTemplateVars('subject'); mail2($recipient, $subject, chunk_split(base64_encode($body)), $headers); } // 'ok' response is checked by deprecated Quarantine implementaton success_text('ok'); } // add message to local (SQL) history log if ($_GET['type'] == 'log') { $dbh = $settings->getDatabase(); $statement = $dbh->prepare('INSERT INTO messagelog (owner, owner_domain, msgts, msgid, msgactionid, msgaction, msglistener, msgtransport, msgsasl, msgfromserver, msgfrom, msgfrom_domain, msgto, msgto_domain, msgsubject, score_rpd, score_sa, scores, msgdescription, serialno) VALUES (:owner, :ownerdomain, :msgts, :msgid, :msgactionid, :msgaction, :msglistener, :msgtransport, :msgsasl, :msgfromserver, :msgfrom, :msgfromdomain, :msgto, :msgtodomain, :msgsubject, :score_rpd, :score_sa, :scores, :msgdescription, :serialno);'); $statement->bindValue(':owner', $_POST['owner']); $statement->bindValue(':ownerdomain', array_pop(explode('@', $_POST['owner']))); $statement->bindValue(':msgts', $_POST['msgts']); $statement->bindValue(':msgid', $_POST['msgid']); $statement->bindValue(':msgactionid', $_POST['msgactionid']); $statement->bindValue(':msgaction', $_POST['msgaction']); $statement->bindValue(':msglistener', $_POST['msglistener']);
$publictoken = hash_hmac('sha256', $row['password'], $token); $statement = $dbh->prepare("UPDATE users SET reset_password_token = :token, reset_password_timestamp = :timestamp WHERE username = :username;"); $statement->execute(array(':username' => $_GET['reset'], ':token' => $token, ':timestamp' => time())); $smarty_no_assign = true; require BASE . '/inc/smarty.php'; $smarty->assign('ipaddress', $_SERVER['REMOTE_ADDR']); $smarty->assign('publictoken', $publictoken); $smarty->assign('email', $_GET['reset']); $smarty->assign('public_url', $settings->getPublicURL()); $smarty->assign('reset_url', $settings->getPublicURL() . "/?page=forgot&reset={$_GET['reset']}&token={$publictoken}"); $headers = array(); $headers[] = 'Content-Type: text/html; charset=UTF-8'; $headers[] = 'Content-Transfer-Encoding: base64'; $body = $smarty->fetch('forgot.mail.tpl'); $subject = $smarty->getTemplateVars('subject'); mail2($_GET['reset'], $subject, chunk_split(base64_encode($body)), $headers); } } if (isset($_POST['reset']) && isset($_POST['token']) && isset($_POST['password'])) { $dbh = $settings->getDatabase(); $statement = $dbh->prepare("SELECT * FROM users WHERE username = :username;"); $statement->execute(array(':username' => $_POST['reset'])); if (!($row = $statement->fetch(PDO::FETCH_ASSOC))) { $error = 'Unknown user'; } else { if ($row['reset_password_timestamp'] !== NULL && abs($row['reset_password_timestamp'] - time()) > 3600) { $error = 'The token is only valid for one hour'; } else { if ($row['reset_password_token'] === NULL || hash_hmac('sha256', $row['password'], $row['reset_password_token']) !== $_POST['token']) { $error = 'Invalid token'; } else {