phpop3clean.admin.php

一个基于页面实现的pop客户端程序

	echo '<b>Auto-ban IP Admin</b><br><br>';
	echo '<blockquote>The Auto-Ban feature automatically bans IPs that entered domains resolve to. This is designed to be used for domains that resolve to (typically) 5 different IPs (presumably zombie machines) every lookup.  Use with caution.</blockquote>';
	echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
	echo '<input type="hidden" name="autobandomains" value="'.htmlentities(@$_REQUEST['autobandomains'], ENT_QUOTES).'">';
	echo 'Add auto-ban domain: <input type="text" name="add" value="" size="20">';
	echo '<input type="submit" value="Add">';
	echo '</form>';

	$sortkeys = array('domain'=>0, 'lasthit'=>1, 'added'=>1, 'hitcount'=>1);
	$_REQUEST['orderby'] = ((isset($_REQUEST['orderby']) && isset($sortkeys[$_REQUEST['orderby']])) ? $_REQUEST['orderby'] : 'domain');
	$_REQUEST['order']   = ((isset($_REQUEST['order']) && $_REQUEST['order']) ? 1 : 0);
	$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_autoban`';
	$SQLquery .= ' ORDER BY `'.mysql_escape_string($_REQUEST['orderby']).'` '.($_REQUEST['order'] ? 'DESC' : 'ASC');
	$result = mysql_query_safe($SQLquery);
	echo '<table border="1" cellspacing="0" cellpadding="3"><tr>';
	foreach ($sortkeys as $sortkey => $defaultsortdirection) {
		echo '<th'.(($sortkey === $_REQUEST['orderby']) ? ' bgcolor="yellow"' : '').'><a href="'.$_SERVER['PHP_SELF'].'?autobandomains=1&orderby='.urlencode($sortkey).'&order=';
		if ($sortkey === $_REQUEST['orderby']) {
			echo (@$_REQUEST['order'] ? '0"><span style="font-size: 18pt;">&#8679;</span>' : '1"><span style="font-size: 18pt;">&#8681;</span>');
		} else {
			echo $defaultsortdirection.'"><span style="font-size: 18pt;">&#8681;</span>';
		}
		echo $sortkey.'</a></th>';
	}
	echo '<th>&nbsp;</th></tr>';
	while ($row = mysql_fetch_array($result)) {
		echo '<tr>';
		echo '<td align="right"><tt>'.htmlentities($row['domain']).'</tt></td>';
			if ($row['lasthit']) {
				echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['lasthit']).'">'.date('M-d-Y', $row['lasthit']).'</td>';
				echo '<td align="right">'.($row['added'] ? date('M-d-Y', $row['added']) : '-').'</td>';
			} else {
				echo '<td align="center">-</td>';
				echo '<td align="right" bgcolor="#'.LastHit2bgcolor($row['added']).'">'.date('M-d-Y', $row['added']).'</td>';
			}
		echo '<td align="right"><tt>'.number_format($row['hitcount']).'</tt></td>';
		echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?autobandomains=1&delete='.$row['domain']), ENT_QUOTES).'" onClick="return confirm(\'Are you SURE you want to delete this?\');">delete</a></td>';
		echo '</tr>';
	}
	echo '</table>';

} elseif (IsAdminUser() && @$_REQUEST['databaseupdate']) {

	echo '<b>Database update</b><br><br>';
	echo '<a href="http://sourceforge.net/project/showfiles.php?group_id=131372&package_id=146813"><b>Download the latest SQL updates</a></b><br><br>';

	if (is_uploaded_file(@$_FILES['uploaded_sql']['tmp_name'])) {
		$lines = file($_FILES['uploaded_sql']['tmp_name']);

		$ignoredlines   = 0;
		$processedlines = 0;
		foreach ($lines as $line) {
			$line = trim($line);
			if (preg_match('/^REPLACE INTO `phpop3clean_([a-z_]+)` \([a-z0-9_`, ]+\) VALUES \(.*\);$/i', $line, $matches)) {
				$SQLquery = str_replace('REPLACE INTO `phpop3clean_', 'REPLACE INTO `'.PHPOP3CLEAN_TABLE_PREFIX, $line);
				$result = mysql_query_safe($SQLquery);
				$processedlines++;
			} elseif ($line) {
				$ignoredlines++;
			}
		}
		echo 'Ignored <b>'.number_format($ignoredlines).'</b> lines (they did not appear to be REPLACE INTO queries)<br>';
		echo 'Processed <b>'.number_format($processedlines).'</b> lines<br>';

	} else {

		echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post" enctype="multipart/form-data">';
		echo '<input type="hidden" name="databaseupdate" value="insert">';
		echo 'Upload the "REPLACE INTO" SQL file here (one statement per line):<br>';
		if (PHPOP3CLEAN_TABLE_PREFIX != 'phpop3clean_') {
			echo '<i>Note: The table name prefix can be left as "phpop3clean_", it will be auto-replaced with "'.PHPOP3CLEAN_TABLE_PREFIX.'"</i><br>';
		}
		echo '<input type="file" name="uploaded_sql"><br>';
		echo '<input type="submit" value="Upload &amp; Process">';
		echo '</form>';

	}

} elseif (@$_REQUEST['useradmin']) {

	if ($_REQUEST['useradmin'] == 'edit') {

		if (IsAdminUser() && ($_REQUEST['account'] == 'new')) {
			$row = array(
				'account'       => 'user@example.com',
				'password'      => '',
				'hostname'      => '',
				'port'          => 110,
				'active'        => 0,
				'full_login'    => 1,
				'use_retr'      => 0,
				'scan_interval' => 5,
				'last_scanned'  => 0,
			);
		} else {
			$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts`';
			$SQLquery .= ' WHERE (`account` = "'.mysql_escape_string(IsAdminUser() ? $_REQUEST['account'] : $_COOKIE['phPOP3cleanUSER']).'")';
			$result = mysql_query_safe($SQLquery);
			$row = mysql_fetch_array($result);
		}

		echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
		echo '<table border="0">';
		if (IsAdminUser()) {
			echo '<tr><td>Email:</td><td><input type="text" name="account" value="'.htmlentities($row['account'], ENT_QUOTES).'" size="40"></td></tr>';
		} else {
			echo '<tr><td>Email:</td><td><b>'.htmlentities($row['account'], ENT_QUOTES).'</b></td></tr>';
		}
		echo '<tr><td>Password:</td><td><input type="text" name="password" value="'.htmlentities($row['password'], ENT_QUOTES).'" size="10"></td></tr>';
		echo '<tr><td>Hostname:</td><td><input type="text" name="hostname" value="'.htmlentities($row['hostname'], ENT_QUOTES).'" size="30"></td></tr>';
		echo '<tr><td>Port:</td><td><input type="text" name="port" value="'.htmlentities($row['port'], ENT_QUOTES).'" size="4"> (default: <b>110</b>)</td></tr>';

		$ActiveStates = array(0=>'disabled', 1=>'active');
		echo '<tr><td>Status:</td><td><select name="active">';
		echo '<option value="0"'.(($row['active'] == '0') ? ' selected' : '').' style="color: red;">disabled</option>';
		echo '<option value="1"'.(($row['active'] == '1') ? ' selected' : '').' style="color: green;">active</option>';
		echo '</select></td></tr>';

		list($user, $domain) = explode('@', $row['account']);
		$LoginStates = array(0=>$user, 1=>$row['account']);
		echo '<tr><td>Login:</td><td><select name="full_login">';
		foreach ($LoginStates as $key => $value) {
			echo '<option value="'.$key.'"';
			if ($row['full_login'] == $key) {
				echo ' selected';
			}
			echo '>'.$value.'</option>';
		}
		echo '</select></td></tr>';

		echo '<tr><td>Use:</td><td><select name="use_retr">';
		$UseRETR = array(0=>'TOP x 99999', 1=>'RETR x');
		foreach ($UseRETR as $key => $value) {
			echo '<option value="'.$key.'"';
			if ($row['use_retr'] == $key) {
				echo ' selected';
			}
			echo '>'.$value.'</option>';
		}
		echo '</select> to retrieve messages (compatability setting)</td></tr>';

		echo '<tr><td>Scan Interval:</td><td><select name="scan_interval">';
		for ($i = 1; $i <= 180; $i++) {
			echo '<option value="'.$i.'"';
			if ($row['scan_interval'] == $i) {
				echo ' selected';
			}
			echo '>'.$i.'</option>';
		}
		echo '</select> minutes</td></tr>';
		echo '<tr><td>Last scanned:</td><td>'.htmlentities(date('M j Y, g:i:sa', $row['last_scanned'])).'</td></tr>';

		echo '</table>';
		echo '<input type="hidden" name="oldaccount" value="'.htmlentities($row['account'], ENT_QUOTES).'">';
		echo '<input type="hidden" name="useradmin" value="update">';
		echo '<input type="submit" value="save">';
		echo '</form>';


	} elseif (@$_POST['useradmin'] == 'update') {

		if (IsAdminUser() && ($_POST['oldaccount'] == 'user@example.com')) {
			$SQLquery  = 'INSERT IGNORE INTO `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts` (`account`, `password`, `hostname`, `port`, `active`, `full_login`, `use_retr`, `scan_interval`) VALUES (';
			$SQLquery .= '"'.mysql_escape_string($_POST['account']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['password']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['hostname']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['port']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['active']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['full_login']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['use_retr']).'"';
			$SQLquery .= ', "'.mysql_escape_string($_POST['scan_interval']).'")';
		} else {
			$SQLquery  = 'UPDATE `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts` SET';
			$SQLquery .= ' `password` = "'.mysql_escape_string($_POST['password']).'"';
			if (IsAdminUser()) {
				$SQLquery .= ', `account` = "'.mysql_escape_string($_POST['account']).'"';
			}
			$SQLquery .= ', `hostname` = "'.mysql_escape_string($_POST['hostname']).'"';
			$SQLquery .= ', `port` = "'.mysql_escape_string($_POST['port']).'"';
			$SQLquery .= ', `active` = "'.mysql_escape_string($_POST['active']).'"';
			$SQLquery .= ', `full_login` = "'.mysql_escape_string($_POST['full_login']).'"';
			$SQLquery .= ', `use_retr` = "'.mysql_escape_string($_POST['use_retr']).'"';
			$SQLquery .= ', `scan_interval` = "'.mysql_escape_string($_POST['scan_interval']).'"';
			$SQLquery .= ' WHERE (`account` = "'.mysql_escape_string(IsAdminUser() ? $_POST['oldaccount'] : $_COOKIE['phPOP3cleanUSER']).'")';
		}
		mysql_query_safe($SQLquery);
		echo 'Record updated<br>';
		echo '<script>location = "'.$_SERVER['PHP_SELF'].'?useradmin='.__LINE__.'&orderby='.urlencode(@$_POST['orderby']).'";</script>';

	} elseif (IsAdminUser() && ($_REQUEST['useradmin'] == 'delete')) {

		$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts`';
		$SQLquery .= ' WHERE (`account` = "'.mysql_escape_string($_REQUEST['account']).'")';
		mysql_query_safe($SQLquery);
		echo 'Record deleted<br>';
		echo '<script>location = "'.$_SERVER['PHP_SELF'].'?useradmin='.__LINE__.'&orderby='.urlencode(@$_GET['orderby']).'";</script>';

	} else {

		$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts`';
		if (!IsAdminUser()) {
			$SQLquery .= ' WHERE (`account` = "'.mysql_escape_string($_COOKIE['phPOP3cleanUSER']).'")';
		}
		$SQLquery .= ' ORDER BY (`active` = "1") DESC';
		$SQLquery .= ', `account` ASC';
		$result = mysql_query_safe($SQLquery);
		echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?useradmin=edit&account=new'), ENT_QUOTES).'">Create new</a><br>';
		echo '<table border="1" cellspacing="0" cellpadding="3">';
		echo '<tr><th>&nbsp;</th><th>Account</th><th>Password</th><th>Full Login</th><th>RETR / TOP</th><th>Interval</th><th>Status</th><th>Last Scan</th>'.(IsAdminUser() ? '<th>&nbsp;</th>' : '').'</tr>';
		while ($row = mysql_fetch_array($result)) {
			echo '<tr>';
			echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?useradmin=edit&account='.$row['account']), ENT_QUOTES).'">edit</td>';
			echo '<td>'.htmlentities($row['account']).'</td>';
			echo '<td>'.htmlentities($row['password']).'</td>';
			echo '<td '.($row['full_login'] ? 'align="left">full' : 'align="right">simple').'</td>';
			echo '<td>'.($row['use_retr'] ? 'RETR x' : 'TOP x 99999').'</td>';
			echo '<td>'.$row['scan_interval'].'</td>';
			if ($row['active'] == 1) {
				echo '<td bgcolor="#00FF00">active</td>';
			} else {
				echo '<td bgcolor="#FF0000">disabled</td>';
			}
			echo '<td><a href="#" title="'.FormatTimeInterval(time() - $row['last_scanned']).' ago" style="text-decoration: none; cursor: help; border-bottom: 1px dashed green;">'.htmlentities(date('M j Y g:i:sa', $row['last_scanned'])).'</a></td>';
			if (IsAdminUser()) {
				echo '<td><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?useradmin=delete&account='.$row['account']), ENT_QUOTES).'" onClick="return confirm(\'Are you SURE you want to delete this account?\');">delete</td>';
			}
			echo '</tr>';
		}
		echo '</table>';

	}