-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmail.php
118 lines (104 loc) · 3.57 KB
/
mail.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
$cache_time = 10;
$OJ_CACHE_SHARE = false;
require_once('./include/cache_start.php');
require_once('./include/db_info.inc.php');
require_once('./include/my_func.inc.php');
require_once('./include/setlang.php');
if (
(isset($OJ_EXAM_CONTEST_ID) && $OJ_EXAM_CONTEST_ID > 0) ||
(isset($OJ_ON_SITE_CONTEST_ID) && $OJ_ON_SITE_CONTEST_ID > 0) ||
(isset($OJ_MAIL) && !$OJ_MAIL)
) {
header("Content-type: text/html; charset=utf-8");
$view_errors = $MSG_MAIL_NOT_ALLOWED_FOR_EXAM;
require "template/$OJ_TEMPLATE/error.php";
exit ();
}
$view_title = $MSG_MAIL;
$to_user = "";
$title = "";
if (isset($_GET['to_user'])) {
$to_user = htmlentities($_GET['to_user'], ENT_QUOTES, "UTF-8");
}
if (isset($_GET['title'])) {
$title = htmlentities($_GET['title'], ENT_QUOTES, "UTF-8");
}
if (!isset($_SESSION[$OJ_NAME . '_' . 'user_id'])) {
$view_errors = "<a href=loginpage.php>$MSG_Login</a>";
require "template/$OJ_TEMPLATE/error.php";
exit ();
}
require_once("./include/db_info.inc.php");
require_once("./include/const.inc.php");
if (isset($OJ_LANG)) {
require_once("./lang/$OJ_LANG.php");
if (file_exists("./faqs.$OJ_LANG.php")) {
$OJ_FAQ_LINK = "faqs.$OJ_LANG.php";
}
}
echo "<title>$MSG_MAIL</title>";
//view mail
$view_content = false;
if (isset($_GET['vid'])) {
$vid = intval($_GET['vid']);
$sql = "SELECT * FROM `mail` WHERE `mail_id`=?
and (to_user=? or from_user=?)";
$result = pdo_query($sql, $vid, $_SESSION[$OJ_NAME . '_' . 'user_id'], $_SESSION[$OJ_NAME . '_' . 'user_id']);
$row = $result[0];
$from_user = $row['from_user'];
$to_user = $row['to_user'];
$view_title = $row['title'];
$view_content = $row['content'];
$sql = "update `mail` set new_mail=0 WHERE `mail_id`=?";
pdo_query($sql, $vid);
}
//send mail page
//send mail
if (isset($_POST['to_user'])) {
$to_user = $_POST ['to_user'];
$title = $_POST ['title'];
$content = $_POST ['content'];
$from_user = $_SESSION[$OJ_NAME . '_' . 'user_id'];
if (get_magic_quotes_gpc()) {
$to_user = stripslashes($to_user);
$title = stripslashes($title);
$content = stripslashes($content);
}
$title = RemoveXSS($title);
$sql = "select 1 from privilege where (rightstr='source_browser' or rightstr='administrator') and (user_id=? or user_id=? )";
$res = pdo_query($sql, $from_user, $to_user);
if ($res && count($res) < 1) {
$view_title = "Mail can only send to or from a Code Reviewer!";
} else {
if ($res)
$sql = "insert into mail(to_user,from_user,title,content,in_date)
values(?,?,?,?,now())";
if (!pdo_query($sql, $to_user, $from_user, $title, $content)) {
$view_title = "Not Mailed!";
} else {
$view_title = "Mailed!";
}
}
}
//list mail
$sql = "SELECT * FROM `mail` WHERE to_user=? or from_user=?
order by mail_id desc";
$result = pdo_query($sql, $_SESSION[$OJ_NAME . '_' . 'user_id'], $_SESSION[$OJ_NAME . '_' . 'user_id']);
$view_mail = Array();
$i = 0;
foreach ($result as $row) {
$view_mail[$i][0] = $row['mail_id'];
if ($row['new_mail']) $view_mail[$i][0] .= "<span class=red>New</span>";
$view_mail[$i][1] = "<a href='mail.php?vid=" . $row['mail_id'] . "'>" .
$row['from_user'] . ":" . $row['title'] . "</a>";
$view_mail[$i][2] = $row['in_date'];
$i++;
}
/////////////////////////Template
require "template/$OJ_TEMPLATE/mail.php";
require "oj-footer.php";
/////////////////////////Common foot
if (file_exists('./include/cache_end.php'))
require_once('./include/cache_end.php');
?>