#!/usr/bin/perl
# -----------------------------------------------------------------------
# mail.mp: handle the internail mail system. functions necessary are:
#
# deleteMessage: delete a mail message
# readMessage: display a mail message
# showMailbox: display a mail folder (inbox or sent)
# writeMessage: displays the send-mail form
# sendMessage: delivers the mail to the recipient.
# reportSpam: mark a message as spam
# unreportSpam: no, it's not really spam.
#
# copyright 2004 and beyond, deadbunny enterprises, inc.
# all rights reserved.
#
# $RCSfile: mail.mp,v $
# $Id: mail.mp,v 1.17 2007/09/09 08:43:57 ravyn Exp $
# -----------------------------------------------------------------------
$| = 1;
use strict;
no strict 'refs';
do "../../perl-bin/dbugsite.rc";
do "../../perl-bin/initialize.rc";
my ($query, $dbh, $dbInfo, $dConfig, %dH) = member_init();
my $szRoutine = "doDisplay";
if ($dH{'szAction'} =~ /Delete|Read|Write|Print|Reply|Preview|Send|ReportSpam|UnreportSpam|Forward/) {
$szRoutine = "do" . $dH{'szAction'};
}
%dH = &$szRoutine($dbh, $query, $dbInfo, %dH);
my $data = dbAccess::parseDBPage($dbh, $dbInfo, %dH);
print $query->header (-type=>'text/html');
$dbh->commit;
$dbh->disconnect;
print $data;
exit;
# ------------
# doReportSpam: mark a message as spam. notify admin of spam report.
#
sub doReportSpam {
my ($dbh, $query, $dbInfo, %dH) = @_;
$dH{'iMessageID'} += 0;
if ($dH{'szSpamReason'} eq '') {
$dH{'szErrorMessage'} = 'Please tell us why you think this is spam.';
} else {
$dH{'szSpamReason'} =~ s/\'/\`/gi;
$dbh->do ("UPDATE tblMail SET iIsSpam=1, szSpamReason='$dH{'szSpamReason'}'
WHERE iMessageID=$dH{'iMessageID'} AND iToID=$dH{'iMyUserID'}");
my %dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText, a.dtSent, b.szUsername AS szTheirUsername,
b.iUserID AS iTheirID, a.iHasPhoto FROM tblMail AS a, tblUser AS b WHERE
a.iFromID=b.iUserID AND a.iMessageID=$dH{'iMessageID'} AND
a.iToID=$dH{'iMyUserID'}")};
$dQ{'szSpamReason'} = $dH{'szSpamReason'};
$dQ{'szFileName'} = 'spam-report-template.txt';
$dQ{'szUsername'} = $dH{'szUsername'};
$dQ{'szFromUsername'} = $dQ{'szTheirUsername'};
my $data = dbAccess::parseDBPage ($dbh, $dbInfo, %dQ);
cgiUtil::sendMail ($site::szMailHost, $site::szFromMail, $site::szAdminMail,
'Dunebuggy.com: BuggyMail Spam Complaint Received', $data);
return (doRead ($dbh, $query, $dbInfo, %dH));
}
}
# doUnreportSpam: mark a message as non-spam.
#
sub doUnreportSpam {
my ($dbh, $query, $dbInfo, %dH) = @_;
$dH{'iMessageID'} += 0;
$dbh->do ("UPDATE tblMail SET iIsSpam=0, szSpamReason='' WHERE
iMessageID=$dH{'iMessageID'} AND iToID=$dH{'iMyUserID'}");
$dH{'szErrorMessage'} = 'Message is no longer flagged as spam.';
return (doRead($dbh, $query, $dbInfo, %dH));
}
# doDisplay: display a user's inbox or sent-mail folder.
#
sub doDisplay {
my ($dbh, $query, $dbInfo, %dH) = @_;
my $sth;
if ($dH{'szFolderName'} ne 'sent') {
$dH{'szFolderName'} = 'inbox';
$sth = $dbh->prepare ("SELECT a.iMessageID, a.iFromID, a.iToID,
a.szSubject, a.dtSent, a.iStatus, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblMail AS a, tblUser AS b
WHERE a.iFromID=b.iUserID AND a.iToID=$dH{'iMyUserID'}
ORDER BY a.iMessageID DESC");
} else {
$sth = $dbh->prepare ("SELECT a.iMessageID, a.iFromID, a.iToID,
a.szSubject, a.dtSent, a.iStatus, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID
FROM tblSentMail AS a, tblUser AS b WHERE a.iToID=b.iUserID
AND a.iFromID=$dH{'iMyUserID'} ORDER BY a.iMessageID DESC");
}
$sth->execute;
if ($sth->rows == 0) {
$dH{'szResults'} = '
This folder is currently
empty.
';
} else {
while (my %dQ = %{$sth->fetchrow_hashref}) {
$dQ{'szMyUsername'} = $dH{'szUsername'};
if ($dQ{'iStatus'} == 0) { $dQ{'szStatus'} = '››'; }
elsif ($dQ{'iStatus'} == 1) { $dQ{'szStatus'} = '--'; }
elsif ($dQ{'iStatus'} == 2) { $dQ{'szStatus'} = '^'; }
if ($dH{'szFolderName'} eq 'inbox') {
$dQ{'szFileName'} = 'elements/mail-inbox-row.html';
} else {
$dQ{'szFileName'} = 'elements/mail-sent-row.html';
}
$dQ{'szFolderName'} = $dH{'szFolderName'};
$dH{'szResults'} .= dbAccess::parseDBPage ($dbh, $dbInfo, %dQ);
}
}
if ($dH{'szFolderName'} eq 'inbox') {
$dH{'szFileName'} = 'mail-inbox-template.html';
} else {
$dH{'szFileName'} = 'mail-sent-template.html';
}
$sth->finish;
return (%dH);
}
# doDelete: delete a message or messages, and return to the folder index.
#
sub doDelete {
my ($dbh, $query, $dbInfo, %dH) = @_;
my @deletes = $query->param("iDeleteMessageID");
if ($deletes[0]+0 == 0) {
$dH{'szErrorMessage'} = 'You must specify which message(s) to delete.';
} else {
foreach (@deletes) {
my $foo = $_;
if ($dH{'szFolderName'} eq 'inbox') {
$dbh->do ("DELETE FROM tblMail WHERE iMessageID=$foo AND
iToID=$dH{'iMyUserID'}");
} else {
$dbh->do ("DELETE FROM tblSentMail WHERE iMessageID=$foo AND
iFromID=$dH{'iMyUserID'}");
}
}
$dH{'szErrorMessage'} = 'Message(s) successfully deleted.';
}
return (&doDisplay ($dbh, $query, $dbInfo, %dH));
}
# doPrint: display the print-message screen.
#
sub doPrint {
my ($dbh, $query, $dbInfo, %dH) = @_;
my %dQ;
$dH{'iMessageID'} += 0;
if ($dH{'szFolderName'} eq 'inbox') {
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText, a.dtSent, b.szUsername AS szTheirUsername,
b.iUserID AS iTheirID, NOW() AS dtNow FROM tblMail AS a, tblUser AS b WHERE
a.iFromID=b.iUserID AND a.iMessageID=$dH{'iMessageID'} AND
a.iToID=$dH{'iMyUserID'}")};
} else {
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText, a.dtSent, b.szUsername AS szTheirUsername,
b.iUserID AS iTheirID, NOW() AS dtNow FROM tblSentMail AS a, tblUser AS b
WHERE a.iToID=b.iUserID AND a.iMessageID=$dH{'iMessageID'} AND
a.iFromID=$dH{'iMyUserID'}")};
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'szFileName'} = 'mail-print-template.html';
return (%dH);
}
# doRead: display the view-message screen.
#
sub doRead {
my ($dbh, $query, $dbInfo, %dH) = @_;
my %dQ;
$dH{'iMessageID'} += 0;
if ($dH{'szFolderName'} eq 'inbox') {
$dH{'szTable'} = 'tblMail';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText, a.dtSent, b.szUsername AS szTheirUsername,
b.iUserID AS iTheirID, a.iHasPhoto, a.iIsSpam FROM tblMail AS a, tblUser AS b WHERE
a.iFromID=b.iUserID AND a.iMessageID=$dH{'iMessageID'} AND
a.iToID=$dH{'iMyUserID'}")};
$dH{'szFileName'} = 'mail-inbox-read-template.html';
my @dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblMail
WHERE iToID=$dH{'iMyUserID'} AND iMessageID < $dQ{'iMessageID'}
ORDER BY iMessageID DESC LIMIT 0, 1");
if ($dR[0]+0 == 0) { $dH{'szPrev'} = 'Prev'; }
else { $dH{'szPrev'} = "Prev"; }
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblMail
WHERE iToID=$dH{'iMyUserID'} AND iMessageID > $dQ{'iMessageID'}
ORDER BY iMessageID LIMIT 0, 1");
if ($dR[0]+0 == 0) { $dH{'szNext'} = 'Next'; }
else { $dH{'szNext'} = "Next"; }
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblMail
WHERE iToID=$dH{'iMyUserID'} ORDER BY iMessageID LIMIT 0, 1");
$dH{'szFirst'} = "<< First";
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblMail
WHERE iToID=$dH{'iMyUserID'} ORDER BY iMessageID DESC LIMIT 0, 1");
$dH{'szLast'} = "Last >>";
@dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblMail
WHERE iToID=$dH{'iMyUserID'} AND iMessageID < $dQ{'iMessageID'}");
$dH{'iMessageIndex'} = $dR[0]+1;
@dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblMail
WHERE iToID=$dH{'iMyUserID'}");
$dH{'iMessageCount'} = $dR[0];
if ($dQ{'iHasPhoto'} == 1) {
$dH{'szMessagePhoto'} = "";
}
} else {
$dH{'szTable'} = 'tblSentMail';
$dH{'szFolderName'} = 'sent';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText, a.dtSent, b.szUsername AS szTheirUsername,
b.iUserID AS iTheirID, a.iHasPhoto FROM tblSentMail AS a, tblUser AS b
WHERE a.iToID=b.iUserID AND a.iMessageID=$dH{'iMessageID'} AND
a.iFromID=$dH{'iMyUserID'}")};
$dH{'szFileName'} = 'mail-sent-read-template.html';
$dQ{'iMessageID'} += 0;
my @dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} AND iMessageID < $dQ{'iMessageID'}
ORDER BY iMessageID DESC LIMIT 0, 1");
if ($dR[0]+0 == 0) { $dH{'szPrev'} = 'Prev'; }
else { $dH{'szPrev'} = "Prev"; }
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} AND iMessageID > $dQ{'iMessageID'}
ORDER BY iMessageID LIMIT 0, 1");
if ($dR[0]+0 == 0) { $dH{'szNext'} = 'Next'; }
else { $dH{'szNext'} = "Next"; }
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} ORDER BY iMessageID LIMIT 0, 1");
$dH{'szFirst'} = "<< First";
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} ORDER BY iMessageID DESC LIMIT 0, 1");
$dH{'szLast'} = "Last >>";
@dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} AND iMessageID < $dQ{'iMessageID'}");
$dH{'iMessageIndex'} = $dR[0]+1;
@dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'}");
$dH{'iMessageCount'} = $dR[0];
if ($dQ{'iHasPhoto'} == 1) {
$dH{'szMessagePhoto'} = "";
}
}
if ($dQ{'iMessageID'}+0 == 0) {
$dH{'szErrorMessage'} = 'That is an invalid message ID.';
$dH{'szFileName'} = 'error-template.html';
} else {
$dbh->do ("UPDATE $dH{'szTable'} SET iStatus=1 WHERE
(iMessageID=$dH{'iMessageID'}) AND (iStatus <> 2)");
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
}
return (%dH);
}
# doSend: deliver a mail message. if delivery is successful, we'll
# either show the success-template or go back to the index.
#
sub doSend {
my ($dbh, $query, $dbInfo, %dH) = @_;
# check to see how many emails the user has sent within the
# last 30 minutes. if it's more than 10, send a notification.
#
my $countMail = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblMail
WHERE iFromID=$dH{'iMyUserID'} AND UNIX_TIMESTAMP(NOW())-
UNIX_TIMESTAMP(dtSent) <= 1800");
if ($countMail > 10) {
cgiUtil::sendMail ($site::szMailHost, $site::szFromMail, $site::szAdminMail,
'Dunebuggy.com: Possible Scam Alert',
"User $dH{'szUsername'} has sent more than 10 BuggyMails in the\n".
"last 30 minutes. This may be something that needs further attention.");
}
my @dIm = $dbh->selectrow_array ("SELECT szAuthCodeImage, szAuthCode
FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}
AND iFromID=$dH{'iMyUserID'}");
if ($dIm[0] ne '') { system ("rm -f $dIm[0]"); }
if ($dH{'szNext'} eq 'Cancel Message') {
$dbh->do ("DELETE FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}
AND iFromID=$dH{'iMyUserID'}");
$dH{'szErrorMessage'} = 'Your message has been cancelled.';
} elsif ($dH{'szNext'} eq 'Edit Message') {
my $messagepix = $site::tempMailDir . $dH{'iTempMailID'} . ".jpg";
system ("rm -f $messagepix");
return (&doWrite($dbh, $query, $dbInfo, %dH));
} else {
if ($dH{'szAuthCode'} ne $dIm[1]) {
$dH{'szErrorMessage'} = 'You have entered an incorrect security code.';
$dH{'iFlag'} = 1;
return (&doPreview($dbh, $query, $dbInfo, %dH));
} else {
$dH{'iTempMailID'} += 0;
my %dQ = %{$dbh->selectrow_hashref ("SELECT * FROM tblTempMail WHERE
iTempMailID=$dH{'iTempMailID'} AND iFromID=$dH{'iMyUserID'}")};
if ($dQ{'iTempMailID'} != 0) {
$dbh->do ("INSERT INTO tblMail VALUES (0, $dQ{'iFromID'}, $dQ{'iToID'},
'$dQ{'szSubject'}', '$dQ{'szMessageText'}', NOW(), 0, $dQ{'iHasPhoto'},
0, '')");
$dH{'iMessageID'} = $dbh->{'mysql_insertid'};
if ($dQ{'iHasPhoto'} == 1) {
my $frompix = $site::tempMailDir . $dH{'iTempMailID'} . ".jpg";
my $topix = $site::mailpixDir . $dH{'iMessageID'} . ".jpg";
system ("mv -f $frompix $topix");
}
if ($dH{'iSaveCopy'} == 1) {
my @dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblSentMail
WHERE iFromID=$dQ{'iFromID'}");
if ($dR[0] < $site::maxMail) {
$dbh->do ("INSERT INTO tblSentMail VALUES ($dH{'iMessageID'},
$dQ{'iFromID'}, $dQ{'iToID'}, '$dQ{'szSubject'}',
'$dQ{'szMessageText'}', NOW(), 0, $dQ{'iHasPhoto'})");
if ($dQ{'iHasPhoto'} == 1) {
my $frompix = $site::mailpixDir . $dH{'iMessageID'} . ".jpg";
my $topix = $site::sentmailpixDir . $dH{'iMessageID'} . ".jpg";
system ("cp -f $frompix $topix");
}
} else {
$dH{'szErr2'} = 'Your sent-items folder is full, however,
and a copy of this message was not saved.';
}
}
$dbh->do ("DELETE FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}");
}
$dH{'szErrorMessage'} = "Your message was successfully delivered. $dH{'szErr2'}";
my @dR = $dbh->selectrow_array ("SELECT szUsername, szEmailAddress,
iEmailNotify FROM tblUser WHERE iUserID=$dQ{'iToID'}");
if ($dR[2]+0 == 1) {
$dH{'szFileName'} = 'mail-notify.txt';
$dH{'szTheirUsername'} = $dR[0];
my $data = dbAccess::parseDBPage ($dbh, $dbInfo, %dH);
cgiUtil::sendMail ($site::szMailHost, $site::szFromMail, $dR[1],
'Dunebuggy.com: You have new BuggyMail', $data);
}
if ($dH{'iReplyToID'} > 0) {
if ($dH{'szFolderName'} eq 'sent') {
$dbh->do ("UPDATE tblSentMail SET iStatus=2 WHERE iMessageID=$dH{'iReplyToID'}");
} else {
$dbh->do ("UPDATE tblMail SET iStatus=2 WHERE iMessageID=$dH{'iReplyToID'}");
}
}
}
if ($dH{'szReturnLink'} ne '') {
$dH{'szErrorMessage'} .= qq| Click here to continue
browsing the $dH{'szReturnSection'} from where you left off.|;
}
}
return (&doDisplay ($dbh, $query, $dbInfo, %dH));
}
# doWrite: display the send-message screen.
#
sub doWrite {
my ($dbh, $query, $dbInfo, %dH) = @_;
if ($dH{'iReplyToID'} != 0) {
return (doReply($dbh, $query, $dbInfo, %dH));
}
my $sth = $dbh->prepare ("SELECT a.szUsername AS szTheirUsername,
b.iTheirID FROM tblUser AS a,
tblHotlist AS b WHERE a.iUserID=b.iTheirID
AND b.iMyID=$dH{'iMyUserID'} AND
(a.iAccessLevel > 0) ORDER BY szUsername");
$sth->execute;
$dH{'szBuddyList'} = "\n";
if ($dH{'iTempMailID'} > 0) {
my %dQ = %{$dbh->selectrow_hashref("SELECT a.szUsername AS szRecipient,
b.* FROM tblUser AS a, tblTempMail AS b WHERE a.iUserID=b.iToID
AND b.iFromID=$dH{'iMyUserID'} AND b.iTempMailID=$dH{'iTempMailID'}")};
if ($dQ{'iFromID'} != 0) { %dH = cgiUtil::mergeHash({%dQ}, {%dH}); }
else { $dH{'iTempMailID'} = 0; }
}
$dH{'szFileName'} = ($dH{'iForward'} == 1) ? 'mail-forward-template.html' :
'mail-write-template.html';
return (%dH);
}
# doPreview: display the message-preview
#
sub doPreview {
my ($dbh, $query, $dbInfo, %dH) = @_;
$dH{'szSubject'} =~ s/\'/\`/gi;
$dH{'szMessageText'} =~ s/\'/\`/gi;
if ($dH{'iFlag'} == 1) {
my %dQ = %{$dbh->selectrow_hashref ("SELECT szAuthCodeImage, iToID, szSubject,
iHasPhoto, szMessageText FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}
AND iFromID=$dH{'iMyUserID'}")};
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
system ("rm -f $dQ{'szAuthCodeImage'}");
}
if ($dH{'iToID'} != 0) {
my @dR = $dbh->selectrow_array ("SELECT szUsername FROM tblUser WHERE
iUserID=$dH{'iToID'}");
$dH{'szRecipient'} = $dR[0];
}
(my $secCode, $dH{'szAuthCodeImage'}) = site::generateAuthCodeImage();
my $pName = $site::viewNumbersDir . $dH{'szAuthCodeImage'};
if ( ($dH{'szRecipient'} eq '') || ($dH{'szSubject'} eq '') || ($dH{'szMessageText'} eq '')) {
$dH{'szErrorMessage'} = 'Please fill in all the required fields.';
} else {
if ($dH{'iToID'} == 0) {
my @dR = $dbh->selectrow_array ("SELECT iUserID FROM tblUser WHERE
szUsername='$dH{'szRecipient'}'");
$dH{'iToID'} = $dR[0]+0;
}
if ($dH{'iToID'} == 0) {
$dH{'szErrorMessage'} = 'That username that does not exist.';
} else {
my @dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblMail
WHERE iToID=$dH{'iToID'}");
if ($dR[0] >= $site::maxMail) {
$dH{'szErrorMessage'} = "Sorry, $dH{'szRecipient'}'s inbox is full.";
}
}
$dH{'iTempMailID'} += 0; $dH{'iHasPhoto'} +=0;
my $rc = $dbh->do ("REPLACE INTO tblTempMail VALUES ($dH{'iTempMailID'},
$dH{'iMyUserID'}, $dH{'iToID'}, '$dH{'szSubject'}', '$dH{'szMessageText'}',
NOW(), $dH{'iHasPhoto'}, $secCode, '$pName')");
if ($rc <= 0) {
$dH{'szErrorMessage'} = 'A database error has occurred.';
} else {
if ($dH{'iTempMailID'} == 0) { $dH{'iTempMailID'} = $dbh->{'mysql_insertid'}; }
}
if ($dH{'iFlag'} != 1) { $dH{'iHasPhoto'} = &processUpload($query, $dbh, %dH); }
if ($dH{'iHasPhoto'} == 1) {
$dH{'szMessagePhoto'} = "\n";
} elsif ($dH{'iHasPhoto'} == -1) {
$dH{'szMessagePhoto'} = "Unable to process your photo upload. Check that it is
less than 2,000,000 bytes in size and in a valid graphic file format.";
}
}
if (($dH{'iFlag'} != 1) && ($dH{'szErrorMessage'} ne '')) {
return (&doWrite ($dbh, $query, $dbInfo, %dH));
} else {
$dH{'szFileName'} = 'mail-preview-template.html';
return (%dH);
}
}
# doReply: display the reply-to-message screen.
#
sub doReply {
my ($dbh, $query, $dbInfo, %dH) = @_;
my %dQ;
if ($dH{'szFolderName'} ne 'sent') {
$dH{'szFolderName'} = 'inbox';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblMail AS a,
tblUser AS b WHERE a.iFromID=b.iUserID AND a.iMessageID=
$dH{'iReplyToID'} AND a.iToID=$dH{'iMyUserID'}")};
} else {
$dH{'szFolderName'} = 'sent';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblSentMail AS a,
tblUser AS b WHERE a.iToID=b.iUserID AND a.iMessageID=
$dH{'iReplyToID'} AND a.iFromID=$dH{'iMyUserID'}")};
}
if ($dQ{'iMessageID'} == 0) {
$dH{'iReplyToID'} = 0;
return (&doWrite ($dbh, $query, $dbInfo, %dH));
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'iToID'} = $dH{'iTheirID'};
$dH{'szRecipient'} = $dH{'szTheirUsername'};
$dH{'szMessageText'} = "In reply to:\n$dQ{'szReplyText'}\n----------------------\n\n";
if ($dH{'iTempMailID'} > 0) {
my %dQ = %{$dbh->selectrow_hashref("SELECT a.szUsername AS szRecipient,
b.* FROM tblUser AS a, tblTempMail AS b WHERE a.iUserID=b.iToID
AND b.iFromID=$dH{'iMyUserID'} AND b.iTempMailID=$dH{'iTempMailID'}")};
if ($dQ{'iFromID'} != 0) { %dH = cgiUtil::mergeHash({%dQ}, {%dH}); }
else { $dH{'iTempMailID'} = 0; }
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'szFileName'} = 'mail-reply-template.html';
return (%dH);
}
# doForward: display the forward-a-message screen.
#
sub doForward {
my ($dbh, $query, $dbInfo, %dH) = @_;
my %dQ;
if ($dH{'szFolderName'} ne 'sent') {
$dH{'szFolderName'} = 'inbox';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblMail AS a,
tblUser AS b WHERE a.iFromID=b.iUserID AND a.iMessageID=
$dH{'iMessageID'} AND a.iToID=$dH{'iMyUserID'}")};
} else {
$dH{'szFolderName'} = 'sent';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblSentMail AS a,
tblUser AS b WHERE a.iToID=b.iUserID AND a.iMessageID=
$dH{'iMessageID'} AND a.iFromID=$dH{'iMyUserID'}")};
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'szMessageText'} = "Forwarded Message:\n".
"Originally from: $dQ{'szTheirUsername'}, sent on $dQ{'dtSent'}\n\n".
"$dQ{'szReplyText'}\n----------------------------------------\n\n";
$dH{'szSubject'} = "Fwd: $dQ{'szSubject'}";
$dH{'iForward'} = 1;
return (doWrite ($dbh, $query, $dbInfo, %dH));
}
# ---------------------------------------------------------------------- #
# -- processUpload() : check the upload data and try to put the file in
# the proper directory with a thumbnail. return 1 if ok, 0 if not.
#
sub processUpload {
my ($query, $dbh, %dH) = @_;
if (! defined $dH{'szUploadFile'}) { return 0; }
my $szFileData = $query->upload('szUploadFile');
my $szExt = &getFileInfo(%dH);
if ($szExt eq '') { return 0; }
else {
my $szFileKey = cgiUtil::generateTempKey();
my $szTempFile = "/tmp/$szFileKey.$szExt";
open (OUTFILE, ">$szTempFile");
my ($iBytesRead, $iBuffer, $iTotalBytes);
while ($iBytesRead = read($szFileData, $iBuffer, 1024)) {
$iTotalBytes += $iBytesRead;
binmode OUTFILE;
print OUTFILE $iBuffer;
}
close($szFileData);
close(OUTFILE);
if (($iTotalBytes == 0) || ($iTotalBytes > 2000000)) {
system ("rm -f $szTempFile");
return '-1';
} else {
my $szFileStore = $site::tempMailDir . $dH{'iTempMailID'} . '.jpg';
chmod (0666, "$szFileStore");
chown ($dH{'iUID'}, $dH{'iGID'}, "$szFileStore");
my $image = new Image::Magick;
$image->Read($szTempFile);
$image->Resize(geometry=>'300x225');
$image->Write($szFileStore);
system ("rm -f $szTempFile");
undef $image;
$dbh->do ("UPDATE tblTempMail SET iHasPhoto=1 WHERE
iTempMailID=$dH{'iTempMailID'}");
return 1;
}
}
}
# ---------------------------------------------------------------------- #
# -- getFileInfo()
# Just a helper routine to determine if this is a JPG or GIF, and to
# return the extension. Photos are stored numerically, so we don't
# really care what it's called.
#
sub getFileInfo {
my (%dH) = @_;
my $szRealname;
if ($dH{'szUploadFile'} =~ /\//) {
my @myArray = split(/\//, $dH{'szUploadFile'});
$szRealname = pop(@myArray);
} elsif ($dH{'szUploadFile'} =~ /\\/) {
my @myArray = split(/\\/, $dH{'szUploadFile'});
$szRealname = pop(@myArray);
} else { $szRealname = $dH{'szUploadFile'}; }
my @szFoo = split (/\./, $szRealname);
my $szExt = $szFoo[$#szFoo];
$szExt =~ tr/A-Z/a-z/;
if ($szExt =~ /bmp|png|jpg|jpeg|gif/i) { return ($szExt); }
else { return ''; }
}
#
$site::szFromMail = $site::szMailHost = $site::sentmailpixDir;
![](\"/assets/mailpix/$dQ{'iMessageID'}\.jpg\")
";
}
} else {
$dH{'szTable'} = 'tblSentMail';
$dH{'szFolderName'} = 'sent';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText, a.dtSent, b.szUsername AS szTheirUsername,
b.iUserID AS iTheirID, a.iHasPhoto FROM tblSentMail AS a, tblUser AS b
WHERE a.iToID=b.iUserID AND a.iMessageID=$dH{'iMessageID'} AND
a.iFromID=$dH{'iMyUserID'}")};
$dH{'szFileName'} = 'mail-sent-read-template.html';
$dQ{'iMessageID'} += 0;
my @dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} AND iMessageID < $dQ{'iMessageID'}
ORDER BY iMessageID DESC LIMIT 0, 1");
if ($dR[0]+0 == 0) { $dH{'szPrev'} = 'Prev'; }
else { $dH{'szPrev'} = "Prev"; }
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} AND iMessageID > $dQ{'iMessageID'}
ORDER BY iMessageID LIMIT 0, 1");
if ($dR[0]+0 == 0) { $dH{'szNext'} = 'Next'; }
else { $dH{'szNext'} = "Next"; }
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} ORDER BY iMessageID LIMIT 0, 1");
$dH{'szFirst'} = "<< First";
@dR = $dbh->selectrow_array ("SELECT iMessageID FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} ORDER BY iMessageID DESC LIMIT 0, 1");
$dH{'szLast'} = "Last >>";
@dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'} AND iMessageID < $dQ{'iMessageID'}");
$dH{'iMessageIndex'} = $dR[0]+1;
@dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblSentMail
WHERE iFromID=$dH{'iMyUserID'}");
$dH{'iMessageCount'} = $dR[0];
if ($dQ{'iHasPhoto'} == 1) {
$dH{'szMessagePhoto'} = "![](\"/assets/sentmailpix/$dQ{'iMessageID'}\.jpg\")
";
}
}
if ($dQ{'iMessageID'}+0 == 0) {
$dH{'szErrorMessage'} = 'That is an invalid message ID.';
$dH{'szFileName'} = 'error-template.html';
} else {
$dbh->do ("UPDATE $dH{'szTable'} SET iStatus=1 WHERE
(iMessageID=$dH{'iMessageID'}) AND (iStatus <> 2)");
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
}
return (%dH);
}
# doSend: deliver a mail message. if delivery is successful, we'll
# either show the success-template or go back to the index.
#
sub doSend {
my ($dbh, $query, $dbInfo, %dH) = @_;
# check to see how many emails the user has sent within the
# last 30 minutes. if it's more than 10, send a notification.
#
my $countMail = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblMail
WHERE iFromID=$dH{'iMyUserID'} AND UNIX_TIMESTAMP(NOW())-
UNIX_TIMESTAMP(dtSent) <= 1800");
if ($countMail > 10) {
cgiUtil::sendMail ($site::szMailHost, $site::szFromMail, $site::szAdminMail,
'Dunebuggy.com: Possible Scam Alert',
"User $dH{'szUsername'} has sent more than 10 BuggyMails in the\n".
"last 30 minutes. This may be something that needs further attention.");
}
my @dIm = $dbh->selectrow_array ("SELECT szAuthCodeImage, szAuthCode
FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}
AND iFromID=$dH{'iMyUserID'}");
if ($dIm[0] ne '') { system ("rm -f $dIm[0]"); }
if ($dH{'szNext'} eq 'Cancel Message') {
$dbh->do ("DELETE FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}
AND iFromID=$dH{'iMyUserID'}");
$dH{'szErrorMessage'} = 'Your message has been cancelled.';
} elsif ($dH{'szNext'} eq 'Edit Message') {
my $messagepix = $site::tempMailDir . $dH{'iTempMailID'} . ".jpg";
system ("rm -f $messagepix");
return (&doWrite($dbh, $query, $dbInfo, %dH));
} else {
if ($dH{'szAuthCode'} ne $dIm[1]) {
$dH{'szErrorMessage'} = 'You have entered an incorrect security code.';
$dH{'iFlag'} = 1;
return (&doPreview($dbh, $query, $dbInfo, %dH));
} else {
$dH{'iTempMailID'} += 0;
my %dQ = %{$dbh->selectrow_hashref ("SELECT * FROM tblTempMail WHERE
iTempMailID=$dH{'iTempMailID'} AND iFromID=$dH{'iMyUserID'}")};
if ($dQ{'iTempMailID'} != 0) {
$dbh->do ("INSERT INTO tblMail VALUES (0, $dQ{'iFromID'}, $dQ{'iToID'},
'$dQ{'szSubject'}', '$dQ{'szMessageText'}', NOW(), 0, $dQ{'iHasPhoto'},
0, '')");
$dH{'iMessageID'} = $dbh->{'mysql_insertid'};
if ($dQ{'iHasPhoto'} == 1) {
my $frompix = $site::tempMailDir . $dH{'iTempMailID'} . ".jpg";
my $topix = $site::mailpixDir . $dH{'iMessageID'} . ".jpg";
system ("mv -f $frompix $topix");
}
if ($dH{'iSaveCopy'} == 1) {
my @dR = $dbh->selectrow_array ("SELECT COUNT(*) FROM tblSentMail
WHERE iFromID=$dQ{'iFromID'}");
if ($dR[0] < $site::maxMail) {
$dbh->do ("INSERT INTO tblSentMail VALUES ($dH{'iMessageID'},
$dQ{'iFromID'}, $dQ{'iToID'}, '$dQ{'szSubject'}',
'$dQ{'szMessageText'}', NOW(), 0, $dQ{'iHasPhoto'})");
if ($dQ{'iHasPhoto'} == 1) {
my $frompix = $site::mailpixDir . $dH{'iMessageID'} . ".jpg";
my $topix = $site::sentmailpixDir . $dH{'iMessageID'} . ".jpg";
system ("cp -f $frompix $topix");
}
} else {
$dH{'szErr2'} = 'Your sent-items folder is full, however,
and a copy of this message was not saved.';
}
}
$dbh->do ("DELETE FROM tblTempMail WHERE iTempMailID=$dH{'iTempMailID'}");
}
$dH{'szErrorMessage'} = "Your message was successfully delivered. $dH{'szErr2'}";
my @dR = $dbh->selectrow_array ("SELECT szUsername, szEmailAddress,
iEmailNotify FROM tblUser WHERE iUserID=$dQ{'iToID'}");
if ($dR[2]+0 == 1) {
$dH{'szFileName'} = 'mail-notify.txt';
$dH{'szTheirUsername'} = $dR[0];
my $data = dbAccess::parseDBPage ($dbh, $dbInfo, %dH);
cgiUtil::sendMail ($site::szMailHost, $site::szFromMail, $dR[1],
'Dunebuggy.com: You have new BuggyMail', $data);
}
if ($dH{'iReplyToID'} > 0) {
if ($dH{'szFolderName'} eq 'sent') {
$dbh->do ("UPDATE tblSentMail SET iStatus=2 WHERE iMessageID=$dH{'iReplyToID'}");
} else {
$dbh->do ("UPDATE tblMail SET iStatus=2 WHERE iMessageID=$dH{'iReplyToID'}");
}
}
}
if ($dH{'szReturnLink'} ne '') {
$dH{'szErrorMessage'} .= qq|![](\"/assets/tempmailpix/$dH{'iTempMailID'}.jpg\")
\n";
} elsif ($dH{'iHasPhoto'} == -1) {
$dH{'szMessagePhoto'} = "Unable to process your photo upload. Check that it is
less than 2,000,000 bytes in size and in a valid graphic file format.";
}
}
if (($dH{'iFlag'} != 1) && ($dH{'szErrorMessage'} ne '')) {
return (&doWrite ($dbh, $query, $dbInfo, %dH));
} else {
$dH{'szFileName'} = 'mail-preview-template.html';
return (%dH);
}
}
# doReply: display the reply-to-message screen.
#
sub doReply {
my ($dbh, $query, $dbInfo, %dH) = @_;
my %dQ;
if ($dH{'szFolderName'} ne 'sent') {
$dH{'szFolderName'} = 'inbox';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblMail AS a,
tblUser AS b WHERE a.iFromID=b.iUserID AND a.iMessageID=
$dH{'iReplyToID'} AND a.iToID=$dH{'iMyUserID'}")};
} else {
$dH{'szFolderName'} = 'sent';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblSentMail AS a,
tblUser AS b WHERE a.iToID=b.iUserID AND a.iMessageID=
$dH{'iReplyToID'} AND a.iFromID=$dH{'iMyUserID'}")};
}
if ($dQ{'iMessageID'} == 0) {
$dH{'iReplyToID'} = 0;
return (&doWrite ($dbh, $query, $dbInfo, %dH));
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'iToID'} = $dH{'iTheirID'};
$dH{'szRecipient'} = $dH{'szTheirUsername'};
$dH{'szMessageText'} = "In reply to:\n$dQ{'szReplyText'}\n----------------------\n\n";
if ($dH{'iTempMailID'} > 0) {
my %dQ = %{$dbh->selectrow_hashref("SELECT a.szUsername AS szRecipient,
b.* FROM tblUser AS a, tblTempMail AS b WHERE a.iUserID=b.iToID
AND b.iFromID=$dH{'iMyUserID'} AND b.iTempMailID=$dH{'iTempMailID'}")};
if ($dQ{'iFromID'} != 0) { %dH = cgiUtil::mergeHash({%dQ}, {%dH}); }
else { $dH{'iTempMailID'} = 0; }
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'szFileName'} = 'mail-reply-template.html';
return (%dH);
}
# doForward: display the forward-a-message screen.
#
sub doForward {
my ($dbh, $query, $dbInfo, %dH) = @_;
my %dQ;
if ($dH{'szFolderName'} ne 'sent') {
$dH{'szFolderName'} = 'inbox';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblMail AS a,
tblUser AS b WHERE a.iFromID=b.iUserID AND a.iMessageID=
$dH{'iMessageID'} AND a.iToID=$dH{'iMyUserID'}")};
} else {
$dH{'szFolderName'} = 'sent';
%dQ = %{$dbh->selectrow_hashref ("SELECT a.iMessageID, a.szSubject,
a.szMessageText AS szReplyText, a.dtSent, b.szUsername AS
szTheirUsername, b.iUserID AS iTheirID FROM tblSentMail AS a,
tblUser AS b WHERE a.iToID=b.iUserID AND a.iMessageID=
$dH{'iMessageID'} AND a.iFromID=$dH{'iMyUserID'}")};
}
%dH = cgiUtil::mergeHash({%dQ}, {%dH});
$dH{'szMessageText'} = "Forwarded Message:\n".
"Originally from: $dQ{'szTheirUsername'}, sent on $dQ{'dtSent'}\n\n".
"$dQ{'szReplyText'}\n----------------------------------------\n\n";
$dH{'szSubject'} = "Fwd: $dQ{'szSubject'}";
$dH{'iForward'} = 1;
return (doWrite ($dbh, $query, $dbInfo, %dH));
}
# ---------------------------------------------------------------------- #
# -- processUpload() : check the upload data and try to put the file in
# the proper directory with a thumbnail. return 1 if ok, 0 if not.
#
sub processUpload {
my ($query, $dbh, %dH) = @_;
if (! defined $dH{'szUploadFile'}) { return 0; }
my $szFileData = $query->upload('szUploadFile');
my $szExt = &getFileInfo(%dH);
if ($szExt eq '') { return 0; }
else {
my $szFileKey = cgiUtil::generateTempKey();
my $szTempFile = "/tmp/$szFileKey.$szExt";
open (OUTFILE, ">$szTempFile");
my ($iBytesRead, $iBuffer, $iTotalBytes);
while ($iBytesRead = read($szFileData, $iBuffer, 1024)) {
$iTotalBytes += $iBytesRead;
binmode OUTFILE;
print OUTFILE $iBuffer;
}
close($szFileData);
close(OUTFILE);
if (($iTotalBytes == 0) || ($iTotalBytes > 2000000)) {
system ("rm -f $szTempFile");
return '-1';
} else {
my $szFileStore = $site::tempMailDir . $dH{'iTempMailID'} . '.jpg';
chmod (0666, "$szFileStore");
chown ($dH{'iUID'}, $dH{'iGID'}, "$szFileStore");
my $image = new Image::Magick;
$image->Read($szTempFile);
$image->Resize(geometry=>'300x225');
$image->Write($szFileStore);
system ("rm -f $szTempFile");
undef $image;
$dbh->do ("UPDATE tblTempMail SET iHasPhoto=1 WHERE
iTempMailID=$dH{'iTempMailID'}");
return 1;
}
}
}
# ---------------------------------------------------------------------- #
# -- getFileInfo()
# Just a helper routine to determine if this is a JPG or GIF, and to
# return the extension. Photos are stored numerically, so we don't
# really care what it's called.
#
sub getFileInfo {
my (%dH) = @_;
my $szRealname;
if ($dH{'szUploadFile'} =~ /\//) {
my @myArray = split(/\//, $dH{'szUploadFile'});
$szRealname = pop(@myArray);
} elsif ($dH{'szUploadFile'} =~ /\\/) {
my @myArray = split(/\\/, $dH{'szUploadFile'});
$szRealname = pop(@myArray);
} else { $szRealname = $dH{'szUploadFile'}; }
my @szFoo = split (/\./, $szRealname);
my $szExt = $szFoo[$#szFoo];
$szExt =~ tr/A-Z/a-z/;
if ($szExt =~ /bmp|png|jpg|jpeg|gif/i) { return ($szExt); }
else { return ''; }
}
#
$site::szFromMail = $site::szMailHost = $site::sentmailpixDir;