}
if (empty($maillist)) {
continue;
}
$one_recipient = $maillist[0]['to'];
for ($i = 1; $i < count($maillist); ++$i) {
if ($maillist[$i]['to'] != $one_recipient) {
$one_recipient = null;
break;
}
}
/*
* start printing email below this line.
* $one_recipient contains an email if all messages were only to one recipient
*/
$smarty = new Smarty();
$smarty->compile_dir = '/tmp/';
$smarty->template_dir = dirname(__FILE__) . '/../templates/';
if ($one_recipient !== null) {
$smarty->assign('recipient', $one_recipient);
}
$smarty->assign('mails', $maillist);
$smarty->assign('quarantine_url', $settings->getPublicURL() . '/?source=quarantine');
echo "Digest to {$email} with " . count($maillist) . " messages\n";
$headers = array();
$headers[] = 'Content-Type: text/html; charset=UTF-8';
$headers[] = 'Content-Transfer-Encoding: base64';
$body = $smarty->fetch('digestday.mail.tpl');
$subject = $smarty->getTemplateVars('subject');
mail2($email, $subject, chunk_split(base64_encode($body)), $headers);
}
$statement->execute(array(':username' => $recipient, 'password' => $password, 'token' => $token));
$statement = $dbh->prepare("INSERT INTO users_relations (username, type, access) VALUES (:username, 'mail', :username);");
$statement->execute(array(':username' => $recipient));
if (!$dbh->commit()) {
panic('Database INSERT failed');
}
$smarty_no_assign = true;
require BASE . '/inc/smarty.php';
$smarty->assign('email', $recipient);
$smarty->assign('register_url', $settings->getPublicURL() . "/?page=forgot&reset={$recipient}&type=create&token={$publictoken}");
$headers = array();
$headers[] = 'Content-Type: text/html; charset=UTF-8';
$headers[] = 'Content-Transfer-Encoding: base64';
$body = $smarty->fetch('newuser.mail.tpl');
$subject = $smarty->getTemplateVars('subject');
mail2($recipient, $subject, chunk_split(base64_encode($body)), $headers);
}
// 'ok' response is checked by deprecated Quarantine implementaton
success_text('ok');
}
// add message to local (SQL) history log
if ($_GET['type'] == 'log') {
$dbh = $settings->getDatabase();
$statement = $dbh->prepare('INSERT INTO messagelog (owner, owner_domain, msgts, msgid, msgactionid, msgaction, msglistener, msgtransport, msgsasl, msgfromserver, msgfrom, msgfrom_domain, msgto, msgto_domain, msgsubject, score_rpd, score_sa, scores, msgdescription, serialno) VALUES (:owner, :ownerdomain, :msgts, :msgid, :msgactionid, :msgaction, :msglistener, :msgtransport, :msgsasl, :msgfromserver, :msgfrom, :msgfromdomain, :msgto, :msgtodomain, :msgsubject, :score_rpd, :score_sa, :scores, :msgdescription, :serialno);');
$statement->bindValue(':owner', $_POST['owner']);
$statement->bindValue(':ownerdomain', array_pop(explode('@', $_POST['owner'])));
$statement->bindValue(':msgts', $_POST['msgts']);
$statement->bindValue(':msgid', $_POST['msgid']);
$statement->bindValue(':msgactionid', $_POST['msgactionid']);
$statement->bindValue(':msgaction', $_POST['msgaction']);
$statement->bindValue(':msglistener', $_POST['msglistener']);
$publictoken = hash_hmac('sha256', $row['password'], $token);
$statement = $dbh->prepare("UPDATE users SET reset_password_token = :token, reset_password_timestamp = :timestamp WHERE username = :username;");
$statement->execute(array(':username' => $_GET['reset'], ':token' => $token, ':timestamp' => time()));
$smarty_no_assign = true;
require BASE . '/inc/smarty.php';
$smarty->assign('ipaddress', $_SERVER['REMOTE_ADDR']);
$smarty->assign('publictoken', $publictoken);
$smarty->assign('email', $_GET['reset']);
$smarty->assign('public_url', $settings->getPublicURL());
$smarty->assign('reset_url', $settings->getPublicURL() . "/?page=forgot&reset={$_GET['reset']}&token={$publictoken}");
$headers = array();
$headers[] = 'Content-Type: text/html; charset=UTF-8';
$headers[] = 'Content-Transfer-Encoding: base64';
$body = $smarty->fetch('forgot.mail.tpl');
$subject = $smarty->getTemplateVars('subject');
mail2($_GET['reset'], $subject, chunk_split(base64_encode($body)), $headers);
}
}
if (isset($_POST['reset']) && isset($_POST['token']) && isset($_POST['password'])) {
$dbh = $settings->getDatabase();
$statement = $dbh->prepare("SELECT * FROM users WHERE username = :username;");
$statement->execute(array(':username' => $_POST['reset']));
if (!($row = $statement->fetch(PDO::FETCH_ASSOC))) {
$error = 'Unknown user';
} else {
if ($row['reset_password_timestamp'] !== NULL && abs($row['reset_password_timestamp'] - time()) > 3600) {
$error = 'The token is only valid for one hour';
} else {
if ($row['reset_password_token'] === NULL || hash_hmac('sha256', $row['password'], $row['reset_password_token']) !== $_POST['token']) {
$error = 'Invalid token';
} else {
