Файл: mail_admin.php
Строк: 176
<?php
###############################################################################
# 452 Productions Internet Group (http://www.452productions.com)
# 452 Multi-MAIL v1.5 BETA
# This script is freeware and is realeased under the GPL
# Copyright (C) 2000, 2001 452 Productions
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# Or just download it http://www.fsf.org/
###############################################################################
# Required files, if you move or re-name them be sure to change
require("config.inc.php");
require("default_lang.inc.php");
require("functions.php");
###############################################################################
# Quick security check, nothing that can't be very easily beaten
# If your concered about securty, this little if statment would be the thing
# to beef up. The rest of the script is pretty tight
# Due to the utter inefficies of this if statment we've disabled it
# You can't do anything too evil by calling the script from an outside
# source. Once we get some of the other bugs worked out we'll impliment
# a real securty check. The rest of the script filters bad stuff, so
# issues here aren't all that big. Moving on...
# $is_local = eregi("$base", $HTTP_REFERER);
# if (($is_local == "1") || ($HTTP_REFERER == "")) {
# Authorize the admin
if (!isset($PHP_AUTH_USER)) {
header('WWW-Authenticate: Basic realm="Mailing list"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
# If its the admin they get everything
}else {
if($header_path != "") {
include($header_path);
}
if (($PHP_AUTH_USER == "$admin_user") && ($PHP_AUTH_PW == "$admin_pass")) {
echo"<h3>$msg_mail_admin</h3>";
# See if we have any special actions to do
if ($update_privs) {
set_list_privs();
}elseif($submit_mail){
popCheckAndRemove($pop_server, $pop_user, $pop_pass);
archive_mail();
}elseif($add_new_list) {
add_new_list();
}elseif($reml) {
remove_list();
}elseif($submit_config){
write_config();
}elseif ($delete) {
delete_item();
}elseif($remu) {
delete_user();
}elseif($submit_user) {
add_user();
}elseif($delete_email) {
if(delete_email($id)) { echo"$delete_query_success<br><br>"; } else { echo "$delete_query_failure<br><br>"; }
}elseif($update_list){
write_new_list_info($id);
}
# if we have an action print that section
switch($action) {
case("new_mail"):
fill_mail();
break;
case("user"):
user_pan();
break;
case("mail_sub"):
print_mail_list();
break;
case("archive_browse"):
browse_archive();
break;
case("edit_privs"):
print_privs();
break;
case("config"):
configure_script();
break;
case("list_man"):
print_current_lists();
echo"<b>$msg_add</b><br><br><br>";
echo"<form action="$PHP_SELF" method="post"><table><tr><td>Name:</td><td><input type="text" name="list_name"></td></tr><tr><td>Brief Description (<255 chars):</td><td><input type="text" name="description"></td></tr><tr><td>Welcome message</td><td><textarea name="welcome" cols="40" rows="7"></textarea></td></tr><tr><td>Footer message</td><td><textarea name="newFooter" cols="40" rows="7"></textarea></td></tr><tr><td colspan="2"><input type="submit" value="Add!" name="add_new_list"></td></tr></td></table><br></form>";
echo"<br><a href="$PHP_SELF">$return_to_main</a>";
break;
case("edit_list_info"):
edit_list_info($id);
break;
case("pop_removals"):
popCheckAndRemove($pop_server, $pop_user, $pop_pass);
break;
default:
# Otherwise, print the main list
echo"<table align="left" cellspacing="1" cellpadding="2" border="0">";
echo"<tr><td>$msg_welcome</td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=new_mail">$msg_send</a></td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=user">$msg_user_edit</a></td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=archive_browse">$msg_browse</a></td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=list_man">$msg_delete</a></td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=config">$msg_configure</a></td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=mail_sub">$msg_view</a></td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=pop_removals&return_link=true">$msg_pop</a> May take up to 40 seconds for page to load.</td></tr>";
echo"<tr><td>";
print_total_email();
echo"</td></tr><tr><td>";
print_total_sends();
echo"</td></tr></table>";
}
# If not the admin, see if it's some one we want to allow
}elseif(auth_user() == 1){
echo"<h3>$msg_mail_admin</h3>";
# Non-admins can only send mail
if($submit_mail) {
popCheckAndRemove($pop_server, $pop_user, $pop_pass);
archive_mail();
}
if($action == "new_mail"){
fill_mail();
}else{
# Print the mail memnu
echo"<table align="left" cellspacing="1" cellpadding="2" border="0">";
echo"<tr><td>$msg_welcome_non</td></tr>";
echo"<tr><td><a href="$PHP_SELF?action=new_mail">$msg_send</a></td></tr></table>";
}
}else{
# Bad person entered wrong username and/or pass
# Already been logged bu auth_user()
echo"Wrong<br><br>";
}
}
#}else{
# Tried to call script with wrong arguments
#echo"Sorry but this script has determined that is is being called from an outside source. To prevent abuse we're gonna have to ask you to leave. Door's thata way.<br><br>";
#}
if($footer_path != "" ) {
include($footer_path);
}
?>