phpop3clean.admin.php

一个基于页面实现的pop客户端程序

				$SQLquery .= ', `account` = "'.mysql_escape_string($_POST['account']).'"';
			}
			$SQLquery .= ' WHERE (`email` = "'.mysql_escape_string($_POST['oldemail']).'")';
			$SQLquery .= ' AND (`account` LIKE "'.mysql_escape_string(IsAdminUser() ? '%' : $_COOKIE['phPOP3cleanUSER']).'")';
			mysql_query_safe($SQLquery);
			echo 'Updated.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		case 'delete':
			$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'whitelist_email`';
			$SQLquery .= ' WHERE (`email` = "'.mysql_escape_string($_REQUEST['email']).'")';
			$SQLquery .= ' AND (`account` LIKE "'.mysql_escape_string(IsAdminUser() ? '%' : $_COOKIE['phPOP3cleanUSER']).'")';
			mysql_query_safe($SQLquery);
			echo 'Deleted.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		default:
			$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'whitelist_email`';
			$SQLquery .= ' WHERE (`account` LIKE "'.mysql_escape_string(IsAdminUser() ? '%' : $_COOKIE['phPOP3cleanUSER']).'")';
			$result = mysql_query_safe($SQLquery);
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__.'&action=add'), ENT_QUOTES).'">Add new</a><br>';
			echo '<table border="1" cellspacing="0" cellpadding="3">';

			$fields = array('email', 'hitcount', 'lasthit', 'added');
			$invAscDesc = array(''=>'ASC', 'ASC'=>'DESC', 'ASC'=>'');
			echo '<tr><th>&nbsp;</th><th>Account</th>';
			foreach ($fields as $field) {
				echo '<th><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.$_REQUEST['emailwhitelistadmin'].'&orderby='.$field.((@$_REQUEST['orderby'] == $field) ? '&orderorder='.@$invAscDesc[@$_REQUEST['orderorder']] : '')), ENT_QUOTES).'">'.htmlspecialchars($field, ENT_QUOTES).'</a></th>';
			}
			echo '<th>&nbsp;</th></tr>';

			while ($row = mysql_fetch_array($result)) {
				echo '<tr>';
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__.'&action=edit&email='.$row['email'].'&account='.$row['account']), ENT_QUOTES).'">edit</a></td>';
				echo '<td>'.htmlentities($row['account'] ? $row['account'] : '*ALL*').'</td>';
				echo '<td>'.htmlentities($row['email']).'</td>';
				echo '<td align="right">'.number_format($row['hitcount']).'</td>';
				if ($row['lasthit']) {
					echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['lasthit']).'">'.date('M-d-Y', $row['lasthit']).'</td>';
					echo '<td align="right">'.($row['added'] ? date('M-d-Y', $row['added']) : '-').'</td>';
				} else {
					echo '<td align="center">-</td>';
					echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['added']).'">'.($row['added'] ? date('M-d-Y', $row['added']) : '-').'</td>';
				}
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__.'&action=delete&email='.$row['email']), ENT_QUOTES).'" onClick="return confirm(\'Are you sure you want to delete this?\');">delete</a></td>';
				echo '</tr>';
			}
			echo '</table>';
			break;
	}

} elseif (@$_REQUEST['subjectwhitelistadmin']) {

	echo '<h3>Whitelist admin - Subject</h3>';

	switch (@$_REQUEST['action']) {
		case 'add':
		case 'edit':
			echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
			echo 'word: <input type="text" name="word" value="'.htmlentities(@$_REQUEST['word'], ENT_QUOTES).'">';
			echo '<input type="hidden" name="oldword" value="'.htmlentities(@$_REQUEST['word'], ENT_QUOTES).'">';
			echo '<input type="hidden" name="subjectwhitelistadmin" value="1">';
			echo '<input type="hidden" name="action" value="'.(($_REQUEST['action'] == 'add') ? 'insert' : 'update').'">';
			echo '<input type="submit" value="'.(($_REQUEST['action'] == 'add') ? 'Insert' : 'Update').'">';
			echo '</form>';
			break;

		case 'insert':
			$SQLquery  = 'INSERT IGNORE INTO `'.PHPOP3CLEAN_TABLE_PREFIX.'whitelist_subject` (`word`, `account`, `added`) VALUES (';
			$SQLquery .= '"'.mysql_escape_string($_REQUEST['word']).'", ';
			$SQLquery .= '"'.mysql_escape_string(IsAdminUser() ? '' : $_COOKIE['phPOP3cleanUSER']).'", ';
			$SQLquery .= '"'.mysql_escape_string(time()).'")';
			mysql_query_safe($SQLquery);
			echo 'Inserted.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		case 'update':
			$SQLquery  = 'UPDATE `'.PHPOP3CLEAN_TABLE_PREFIX.'whitelist_subject` SET ';
			$SQLquery .= '`word` = "'.mysql_escape_string($_REQUEST['word']).'"';
			$SQLquery .= ' WHERE (`word` = "'.mysql_escape_string($_REQUEST['oldword']).'")';
			$SQLquery .= ' AND (`account` LIKE "'.mysql_escape_string(IsAdminUser() ? '%' : $_COOKIE['phPOP3cleanUSER']).'")';
			mysql_query_safe($SQLquery);
			echo 'Updated.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		case 'delete':
			$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'whitelist_subject`';
			$SQLquery .= ' WHERE (`word` = "'.mysql_escape_string($_REQUEST['word']).'")';
			$SQLquery .= ' AND (`account` LIKE "'.mysql_escape_string(IsAdminUser() ? '%' : $_COOKIE['phPOP3cleanUSER']).'")';
			mysql_query_safe($SQLquery);
			echo 'Deleted.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		default:
			$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'whitelist_subject`';
			$SQLquery .= ' WHERE (`account` LIKE "'.mysql_escape_string(IsAdminUser() ? '%' : $_COOKIE['phPOP3cleanUSER']).'")';
			$result = mysql_query_safe($SQLquery);
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__.'&action=add'), ENT_QUOTES).'">Add new</a><br>';
			echo '<table border="1" cellspacing="0" cellpadding="3">';

			$fields = array('word', 'hitcount', 'lasthit', 'added');
			$invAscDesc = array(''=>'ASC', 'ASC'=>'DESC', 'ASC'=>'');
			echo '<tr><th>&nbsp;</th>';
			foreach ($fields as $field) {
				echo '<th><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.$_REQUEST['subjectwhitelistadmin'].'&orderby='.$field.((@$_REQUEST['orderby'] == $field) ? '&orderorder='.@$invAscDesc[@$_REQUEST['orderorder']] : '')), ENT_QUOTES).'">'.htmlspecialchars($field, ENT_QUOTES).'</a></th>';
			}
			echo '<th>&nbsp;</th></tr>';

			while ($row = mysql_fetch_array($result)) {
				echo '<tr>';
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__.'&action=edit&word='.$row['word']), ENT_QUOTES).'">edit</a></td>';
				echo '<td>'.htmlentities($row['word']).'</td>';
				echo '<td align="right">'.number_format($row['hitcount']).'</td>';
				if ($row['lasthit']) {
					echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['lasthit']).'">'.date('M-d-Y', $row['lasthit']).'</td>';
					echo '<td align="right">'.($row['added'] ? date('M-d-Y', $row['added']) : '-').'</td>';
				} else {
					echo '<td align="center">-</td>';
					echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['added']).'">'.($row['added'] ? date('M-d-Y', $row['added']) : '-').'</td>';
				}
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__.'&action=delete&word='.$row['word']), ENT_QUOTES).'" onClick="return confirm(\'Are you sure you want to delete this?\');">delete</a></td>';
				echo '</tr>';
			}
			echo '</table>';
			break;
	}

} elseif (IsAdminUser() && @$_REQUEST['receivedadmin']) {

	switch (@$_REQUEST['action']) {
		case 'add':
		case 'edit':
			echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
			echo 'Domain: <input type="text" name="domain" value="'.htmlentities(@$_REQUEST['domain'], ENT_QUOTES).'">';
			echo '<input type="hidden" name="olddomain" value="'.htmlentities(@$_REQUEST['domain'], ENT_QUOTES).'">';
			echo '<input type="hidden" name="receivedadmin" value="1">';
			echo '<input type="hidden" name="action" value="'.(($_REQUEST['action'] == 'add') ? 'insert' : 'update').'">';
			echo '<input type="submit" value="'.(($_REQUEST['action'] == 'add') ? 'Insert' : 'Update').'">';
			echo '</form>';
			break;

		case 'insert':
			$SQLquery  = 'INSERT IGNORE INTO `'.PHPOP3CLEAN_TABLE_PREFIX.'received_domains` (`domain`, `added`) VALUES (';
			$SQLquery .= '"'.mysql_escape_string($_REQUEST['domain']).'", ';
			$SQLquery .= '"'.mysql_escape_string(time()).'")';
			mysql_query_safe($SQLquery);
			echo 'Inserted.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		case 'update':
			$SQLquery  = 'UPDATE `'.PHPOP3CLEAN_TABLE_PREFIX.'received_domains` SET ';
			$SQLquery .= '`domain` = "'.mysql_escape_string($_REQUEST['domain']).'"';
			$SQLquery .= ' WHERE (`domain` = "'.mysql_escape_string($_REQUEST['olddomain']).'")';
			mysql_query_safe($SQLquery);
			echo 'Updated.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		case 'delete':
			$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'received_domains`';
			$SQLquery .= ' WHERE (`domain` = "'.mysql_escape_string($_REQUEST['domain']).'")';
			mysql_query_safe($SQLquery);
			echo 'Deleted.<br><br>';
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__), ENT_QUOTES).'">continue</a><br>';
			echo '<script>location = "'.$_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__.'&orderby='.urlencode(@$_REQUEST['orderby']).'";</script>';
			exit;
			break;

		default:
			$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'received_domains`';
			$result = mysql_query_safe($SQLquery);
			echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__.'&action=add'), ENT_QUOTES).'">Add new</a><br>';
			echo '<table border="1" cellspacing="0" cellpadding="3">';

			$fields = array('domain', 'hitcount', 'lasthit', 'added');
			$invAscDesc = array(''=>'ASC', 'ASC'=>'DESC', 'ASC'=>'');
			echo '<tr><th>&nbsp;</th>';
			foreach ($fields as $field) {
				echo '<th><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.$_REQUEST['receivedadmin'].'&orderby='.$field.((@$_REQUEST['orderby'] == $field) ? '&orderorder='.@$invAscDesc[@$_REQUEST['orderorder']] : '')), ENT_QUOTES).'">'.$field.'</a></th>';
			}
			echo '<th>&nbsp;</th></tr>';

			while ($row = mysql_fetch_array($result)) {
				echo '<tr>';
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__.'&action=edit&domain='.$row['domain']), ENT_QUOTES).'">edit</a></td>';
				echo '<td>'.htmlentities($row['domain']).'</td>';
				echo '<td align="right">'.number_format($row['hitcount']).'</td>';
				if ($row['lasthit']) {
					echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['lasthit']).'">'.date('M-d-Y', $row['lasthit']).'</td>';
					echo '<td align="right">'.($row['added'] ? date('M-d-Y', $row['added']) : '-').'</td>';
				} else {
					echo '<td align="center">-</td>';
					echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['added']).'">'.date('M-d-Y', $row['added']).'</td>';
				}
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__.'&action=delete&domain='.$row['domain']), ENT_QUOTES).'" onClick="return confirm(\'Are you sure you want to delete this?\');">delete</a></td>';
				echo '</tr>';
			}
			echo '</table>';
			break;
	}

} elseif (IsAdminUser() && @$_REQUEST['autobandomains']) {

	if (@$_REQUEST['add']) {
		$SQLquery  = 'INSERT IGNORE INTO `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_autoban` (`domain`, `added`) VALUES (';
		$SQLquery .= ' "'.mysql_escape_string($_REQUEST['add']).'",';
		$SQLquery .= ' "'.mysql_escape_string(time()).'")';
		mysql_query_safe($SQLquery);
	} elseif (@$_REQUEST['delete']) {
		$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_autoban`';
		$SQLquery .= ' WHERE (`domain` = "'.mysql_escape_string($_REQUEST['delete']).'")';
		mysql_query_safe($SQLquery);
	}