<?php
//////////////////////////////////////////////////////////////////
// OrbitFAQ //
// --------- //
// //
// Orbit FAQ was solely written and developed by Orbit Services //
// http://www.orbitservices.net //
// //
// Access the Forum here: //
// http://forums.orbitservices.net/index.php?c=4 //
// //
// OrbitFAQ utilises the following opensource projects/classes; //
// + Fckeditor - http://www.fckeditor.net //
// + Smarty Template Engine - http://smarty.php.net //
// + Swift Email Class - http://www.swiftmailer.org/ //
// + OWASP PHP Filter Project - http://www.owasp.org //
// + MySQL Search Class by Stephen Bartholomew //
// //
//////////////////////////////////////////////////////////////////
// Get our emails - this should be done through cron or scheduled tasks too
require_once("../incs/receivemail.class.php");
require_once("../incs/getemail.inc.php");
$smarty->assign("OrbitFAQTitle","Support Mailbox");
if($action != '')
{
$smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod ."_". $action .".tpl";
if($action == 'markasqn')
{
$msg = sanitize_paranoid_string($_GET['msg']);
if($msg)
{
$query_msg = "SELECT * from orbitfaq_mailbox WHERE id = '$msg' ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
$question = $msg_subject . "<br />" . $msg_message;
if(!$msg_from_name)
{
$msg_from_name = $msg_from_email;
}
}
$query_add = "INSERT INTO `orbitfaq_questions` (
`f_id`,
`c_id`,
`a_id`,
`desc`,
`posted_time`,
`posted_by`,
`posted_email`,
`status`,
`ip`
)VALUES(
'0',
'0',
'0',
'$question',
'$msg_downloaded',
'$msg_from_name',
'$msg_from_email',
'1',
'0.0.0.0'
);
";
$result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
$q_id = $faqsql_insertid();
// Message Status Change
$query_status = "UPDATE `orbitfaq_mailbox` SET status = '1' WHERE `id` = '$msg';";
$result_status = $faqsql_query ($query_status)OR DIE( "$sql_query_error $query_status");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "Message was Successfully Converted to a Question!";
header("Location: index.php?mod=questions&action=modify&qn=$q_id&message=$message");
exit;
}
} // End Create
elseif($action == 'preview')
{
if($msg != '')
{
$query_msg = "SELECT * from orbitfaq_mailbox WHERE id = '$msg' ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
$msg_subject = "RE: " . $msg_subject;
$msg_message = html_entity_decode($msg_message);
$actual_length = strlen($msg_message);
$stripped_length = strlen(strip_tags($msg_message));
if($actual_length == $stripped_length) {
$msg_message = nl2br($msg_message);
}
$msg_message = preg_replace( "/\n/", "", $msg_message);
$msg_message = preg_replace( "/\r/", "", $msg_message);
// Assign our smarty details
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$msg_id");
$smarty->assign("posted_downloaded","$msg_downloaded");
$smarty->assign("posted_from_name","$msg_from_name");
$smarty->assign("posted_from_email","$msg_from_email");
$smarty->assign("posted_subject","$msg_subject");
$smarty->assign("posted_message","$msg_message");
$smarty->assign("posted_archive_question","1");
$smarty->assign("posted_update_question","1");
}
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter a Valid Message Id!";
header("Location: index.php?mod=$mod&message=$message");
}
} // End Preview
elseif($action == 'reply')
{
if($msg != '')
{
if($posted == 'yes')
{
$posted_id = sanitize_paranoid_string($_POST['posted_id']);
$posted_subject = $_POST['posted_subject'];
$posted_message = $_POST['posted_message'];
$posted_archive_question = sanitize_paranoid_string($_POST['posted_archive_question']);
$posted_update_question = sanitize_paranoid_string($_POST['posted_update_question']);
$posted_from_email = fsanitize_email($_POST['posted_from_email']);
if($posted_from_email == '0'){ $error .= " » You did not enter a valid <u>Email Address</u><br />"; }
if(!$error)
{
// Lets check that they are using swift
// if version is ok then use swift
if(($phpv == '4')OR($phpv == '5'))
{
$swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));
//Create the message
$message =& new Swift_Message("$posted_subject", "$posted_message", "text/html");
//Now check if Swift actually sends it
!$swift->send($message, $posted_from_email, $default_email);
}
// if not then we will just use PHP mail functions.
else
{
$headers = "From: $default_email\r\n";
$OurTxtMessage = br2nl($posted_message);
$OurTxtMessage = strip_tags($OurTxtMessage);
mail( $posted_from_email, $posted_subject, $OurTxtMessage, $headers );
}
if($posted_archive_question == '1')
{
// Message Status Change
$query_status = "UPDATE `orbitfaq_mailbox` SET status = '1' WHERE `id` = '$msg';";
$result_status = $faqsql_query ($query_status)OR DIE( "$sql_query_error $query_status");
}
if($posted_update_question == '1')
{
// Convert of Message and get rid of unwanted tags etc
$posted_message = str_replace("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">", "", $posted_message);
$posted_message = str_replace("<HTML>", "", $posted_message);
$posted_message = str_replace("</HTML>", "", $posted_message);
$posted_message = str_replace("<BODY>", "", $posted_message);
$posted_message = str_replace("</BODY>", "", $posted_message);
$posted_message = preg_replace("@<HEAD[^>]*?>.*?</HEAD>@siu", "", $posted_message);
$posted_message = preg_replace("@<head[^>]*?>.*?</head>@siu", "", $posted_message);
$posted_message = htmlentities($posted_message, ENT_QUOTES);
// Message Status Change
$query_message = "UPDATE `orbitfaq_mailbox` SET message = '$posted_message' WHERE `id` = '$msg';";
$result_message = $faqsql_query ($query_message)OR DIE( "$sql_query_error $query_message");
}
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "Email was Successfully Sent!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
else
{
$actual_length = strlen($posted_message);
$stripped_length = strlen(strip_tags($posted_message));
if($actual_length == $stripped_length) {
$posted_message = nl2br($posted_message);
}
$posted_message = preg_replace( "/\n/", "", $posted_message);
$posted_message = preg_replace( "/\r/", "", $posted_message);
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$posted_id");
//$smarty->assign("posted_downloaded","$posted_downloaded");
//$smarty->assign("posted_from_name","$posted_from_name");
$smarty->assign("posted_from_email","$posted_from_email");
$smarty->assign("posted_subject","$posted_subject");
$smarty->assign("posted_message","$posted_message");
$smarty->assign("posted_archive_question","$posted_archive_question");
$smarty->assign("posted_update_question","$posted_update_question");
}
}
else
{
$query_msg = "SELECT * from orbitfaq_mailbox WHERE id = '$msg' ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
$msg_message = html_entity_decode($msg_message);
$actual_length = strlen($msg_message);
$stripped_length = strlen(strip_tags($msg_message));
if($actual_length == $stripped_length) {
$msg_message = nl2br($msg_message);
}
$msg_message = preg_replace( "/\n/", "", $msg_message);
$msg_message = preg_replace( "/\r/", "", $msg_message);
$msg_message = "<br /><br /><br /><br /><br /><br /><hr>From: $msg_from_name [mailto:$msg_from_email]<br />Sent: $msg_downloaded<br />Subject: $msg_subject<br /><br />$msg_message";
$msg_subject = "RE: " . $msg_subject;
// Assign our smarty details
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$msg_id");
$smarty->assign("posted_downloaded","$msg_downloaded");
$smarty->assign("posted_from_name","$msg_from_name");
$smarty->assign("posted_from_email","$msg_from_email");
$smarty->assign("posted_subject","$msg_subject");
$smarty->assign("posted_message","$msg_message");
$smarty->assign("posted_archive_question","1");
$smarty->assign("posted_update_question","1");
}
}
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter a Valid Message Id!";
header("Location: index.php?mod=$mod&message=$message");
}
} // End Reply
elseif($action == 'forward')
{
if($msg != '')
{
if($posted == 'yes')
{
$posted_id = sanitize_paranoid_string($_POST['posted_id']);
$posted_subject = $_POST['posted_subject'];
$posted_message = $_POST['posted_message'];
$posted_archive_question = sanitize_paranoid_string($_POST['posted_archive_question']);
$posted_update_question = sanitize_paranoid_string($_POST['posted_update_question']);
$posted_to_email = fsanitize_email($_POST['posted_to_email']);
if($posted_to_email == '0'){ $error .= " » You did not enter a valid <u>Email Address</u><br />"; }
if(!$error)
{
// Lets check that they are using swift
// if version is ok then use swift
if(($phpv == '4')OR($phpv == '5'))
{
$swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));
//Create the message
$message =& new Swift_Message("$posted_subject", "$posted_message", "text/html");
//Now check if Swift actually sends it
!$swift->send($message, $posted_to_email, $default_email);
}
// if not then we will just use PHP mail functions.
else
{
$headers = "From: $default_email\r\n";
$OurTxtMessage = br2nl($posted_message);
$OurTxtMessage = strip_tags($OurTxtMessage);
mail( $posted_to_email, $posted_subject, $OurTxtMessage, $headers );
}
if($posted_archive_question == '1')
{
// Message Status Change
$query_status = "UPDATE `orbitfaq_mailbox` SET status = '1' WHERE `id` = '$msg';";
$result_status = $faqsql_query ($query_status)OR DIE( "$sql_query_error $query_status");
}
if($posted_update_question == '1')
{
// Convert of Message and get rid of unwanted tags etc
$posted_message = str_replace("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">", "", $posted_message);
$posted_message = str_replace("<HTML>", "", $posted_message);
$posted_message = str_replace("</HTML>", "", $posted_message);
$posted_message = str_replace("<BODY>", "", $posted_message);
$posted_message = str_replace("</BODY>", "", $posted_message);
$posted_message = preg_replace("@<HEAD[^>]*?>.*?</HEAD>@siu", "", $posted_message);
$posted_message = preg_replace("@<head[^>]*?>.*?</head>@siu", "", $posted_message);
$posted_message = htmlentities($posted_message, ENT_QUOTES);
// Message Status Change
$query_message = "UPDATE `orbitfaq_mailbox` SET message = '$posted_message' WHERE `id` = '$msg';";
$result_message = $faqsql_query ($query_message)OR DIE( "$sql_query_error $query_message");
}
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "Email was Successfully Sent!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
else
{
$actual_length = strlen($posted_message);
$stripped_length = strlen(strip_tags($posted_message));
if($actual_length == $stripped_length) {
$posted_message = nl2br($posted_message);
}
$posted_message = preg_replace( "/\n/", "", $posted_message);
$posted_message = preg_replace( "/\r/", "", $posted_message);
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$posted_id");
//$smarty->assign("posted_downloaded","$posted_downloaded");
//$smarty->assign("posted_from_name","$posted_from_name");
$smarty->assign("posted_from_email","$posted_from_email");
$smarty->assign("posted_subject","$posted_subject");
$smarty->assign("posted_message","$posted_message");
$smarty->assign("posted_archive_question","$posted_archive_question");
$smarty->assign("posted_update_question","$posted_update_question");
}
}
else
{
$query_msg = "SELECT * from orbitfaq_mailbox WHERE id = '$msg' ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
$msg_message = html_entity_decode($msg_message);
$actual_length = strlen($msg_message);
$stripped_length = strlen(strip_tags($msg_message));
if($actual_length == $stripped_length) {
$msg_message = nl2br($msg_message);
}
$msg_message = preg_replace( "/\n/", "", $msg_message);
$msg_message = preg_replace( "/\r/", "", $msg_message);
$msg_message = "<br /><br /><br /><br /><br /><br /><hr>From: $msg_from_name [mailto:$msg_from_email]<br />Sent: $msg_downloaded<br />Subject: $msg_subject<br /><br />$msg_message";
$msg_subject = "FW: " . $msg_subject;
// Assign our smarty details
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$msg_id");
$smarty->assign("posted_downloaded","$msg_downloaded");
$smarty->assign("posted_from_name","$msg_from_name");
$smarty->assign("posted_from_email","$msg_from_email");
$smarty->assign("posted_subject","$msg_subject");
$smarty->assign("posted_message","$msg_message");
$smarty->assign("posted_archive_question","1");
$smarty->assign("posted_update_question","0");
}
}
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter a Valid Message Id!";
header("Location: index.php?mod=$mod&message=$message");
}
} // End Forward
elseif($action == 'archive')
{
if($msg != '')
{
if($posted == 'yes')
{
$posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);
$posted_msg = sanitize_paranoid_string($_POST['posted_msg']);
$smarty->assign("posted_msg","$posted_msg");
if(($posted_confirmation == '0')AND(!$posted_msg)){ $error .= " » You did not select an appropriate <u>Confirmation</u><br />"; }
if(!$error)
{
// Message Status Change
$query_status = "UPDATE `orbitfaq_mailbox` SET status = '1' WHERE `id` = '$msg';";
$result_status = $faqsql_query ($query_status)OR DIE( "$sql_query_error $query_status");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "Message was Successfully Archived!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
}
$query_msg = "SELECT * from orbitfaq_mailbox WHERE status = '0' AND id = '$msg' ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
// Assign our smarty details
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$msg_id");
$smarty->assign("posted_title","$msg_subject");
}
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter a Valid Message Id!";
header("Location: index.php?mod=$mod&message=$message");
}
} // End Delete
elseif($action == 'delete')
{
if($msg != '')
{
if($posted == 'yes')
{
$posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);
$posted_msg = sanitize_paranoid_string($_POST['posted_msg']);
$smarty->assign("posted_msg","$posted_msg");
if(($posted_confirmation == '0')AND(!$posted_msg)){ $error .= " » You did not select an appropriate <u>Confirmation</u><br />"; }
if(!$error)
{
// Delete Our Msg
$query_delete = "DELETE FROM `orbitfaq_mailbox` WHERE `id` = '$msg';";
$result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "Message was Successfully Deleted!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
}
$query_msg = "SELECT * from orbitfaq_mailbox WHERE status = '0' AND id = '$msg' ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
// Assign our smarty details
$smarty->assign("Errors","$error");
$smarty->assign("posted_id","$msg_id");
$smarty->assign("posted_title","$msg_subject");
}
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter a Valid Message Id!";
header("Location: index.php?mod=$mod&message=$message");
}
} // End Delete
elseif($action == 'clear')
{
if($posted == 'yes')
{
$posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);
if($posted_confirmation == '0'){ $error .= " » You did not select an appropriate <u>Confirmation</u><br />"; }
if(!$error)
{
// Delete Our Msg
$query_delete = "DELETE FROM `orbitfaq_mailbox` WHERE `status` = '0';";
$result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "Mailbox was Successfully Cleared!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
$smarty->assign('Errors',$error);
}
} // End Clear
elseif($action == 'ban')
{
if(($posted != '')AND(($type != 'email')OR($type != 'ip')))
{
$query_add = "INSERT INTO `orbitfaq_banlist` (
`ban_type`,
`detail`
)VALUES(
'$type',
'$posted'
);
";
$result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Have Successfully added $posted to the Banlist!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter Valid Ban Details!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
} // End Status
elseif($action == 'chstatus')
{
if($faq != '')
{
// Lets check that this user has access to this faq
$SuperAdmin = CheckAdminAccess($faq, $ca, $qn, $accesslvl, $orbitfaq_userid);
if($SuperAdmin == '0')
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You do not have access to change the status of this FAQ!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
if($posted != '')
{
$query_update_order = "UPDATE `orbitfaq` SET status = $posted WHERE `id` = '$faq';";
$result_update_order = $faqsql_query ($query_update_order)OR DIE( "$sql_query_error $query_update_order");
}
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Have Successfully Changed the FAQ Status!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
else
{
clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
$message = "You Did Not Enter a Valid FAQ Id!";
header("Location: index.php?mod=$mod&message=$message");
exit;
}
} // End Move
}
else
{
$smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod .".tpl";
if($show != 'all')
{
$show_sql = "WHERE status = '0'";
}
$query_msg = "SELECT * from orbitfaq_mailbox $show_sql ORDER BY downloaded DESC";
$result_msg = $faqsql_query ($query_msg)OR DIE( "$sql_query_error $query_msg");
while ($row_msg = $faqsql_fetch_array ($result_msg)){
$msg_id = $row_msg[0];
$msg_downloaded = $row_msg[1];
$msg_from_name = $row_msg[2];
$msg_from_email = $row_msg[3];
$msg_subject = $row_msg[4];
$msg_message = $row_msg[5];
$msg_status = $row_msg[6];
$msg_subject = html_entity_decode($msg_subject);
$msg_subject = preg_replace('#<img [^>]*alt="([^"]*)"[^>]*>#i', '[ IMAGE REMOVED ]', $msg_subject);
$msg_subject = strip_tags($msg_subject);
$msg_message = html_entity_decode($msg_message);
$msg_message = preg_replace('#<img [^>]*alt="([^"]*)"[^>]*>#i', '[ IMAGE REMOVED ]', $msg_message);
$msg_message = strip_tags($msg_message);
if($msg_row == '1')
{
$msg_row = '0';
}
else
{
$msg_row = '1';
}
// Build Smarty Content Array
$smarty_msgs_array[] = array(
"msg_id" => "$msg_id",
"msg_downloaded" => "$msg_downloaded",
"msg_from_name" => "$msg_from_name",
"msg_from_email" => "$msg_from_email",
"msg_subject" => "$msg_subject",
"msg_message" => "$msg_message",
"msg_status" => "$msg_status",
"msg_row" => "$msg_row"
);
}
// Send our Smarty Data
$smarty->assign('MsgListing',$smarty_msgs_array);
}
?>