<?php

//E-mail Mailer Script 0.1 by Juan Karlo de Guzman
//FOR TRAP17 ONLY... DEMO VERSION... DO NOT DISTRIBUTE

header("Content-type: text/html; CHARSET=UTF-8");

$int_rand=mt_rand(1,20);

if($int_rand>10) {
$random_numbers=sha1(mt_rand(11111,99999));
}else {
$random_numbers=md5(mt_rand(11111,99999));
}

$rand_array="hello you can add as many words as you want and this is another way to make a wonderful email address randomly".$random_numbers;

$rand_email=strtolower(metaphone($rand_array));

//Adjust the variables below

$password="password"; //enter your password here

$adminemail="youremail@email.com"; //enter your e-mail address here

$mysql=array("localhost","username","password","karlo_scripts"); //server, username, password, database (change to whatever you like)

$serveremail=$rand_email."@".str_replace("www.",null,$_SERVER[SERVER_NAME]); // do not change this

//If this is your first time, set the $showpassword to true

$showpassword=false;

$pass=sha1($password);

if($showpassword===true) {

die("<div align=\"center\" style=\"font-family: Verdana; font-size: 12px; font-weight: bold;\">Your password is $pass</div>");
}

if($_GET[act]==="reply") {
if(empty($_SERVER[HTTP_REFERER]) || strlen($_SERVER[HTTP_REFERER])<10) {
 die('<span style="font-family: Verdana; font-size: 12px; font-weight: bold; color: red;">You are not allowed to access the message list.</span>');
 exit;
}
if($_GET[admin]==="1") {
 if($_GET[pass]!==sha1($password)) {
  die("<div align=\"center\" style=\"font-family: Verdana; font-size: 12px; font-weight: bold;\">You are not an Admin</div>");
 }
 $isadmin=0;
}else {
 $isadmin=1;
}
doReply();
exit;
}

if(!empty($_GET[msgid])) {
if(empty($_SERVER[HTTP_REFERER]) || strlen($_SERVER[HTTP_REFERER])<10) {
 die('<span style="font-family: Verdana; font-size: 12px; font-weight: bold; color: red;">You are not allowed to access the message list.</span>');
 exit;
}
doList();
exit;
}

$template=<<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>{title}</title>
<style type="text/css">
<!--
body {
font-family: Verdana;
font-size: 11px;
color: white;
background-color: black;
cursor: default;
}

input {
border: 1px solid #D4D4D4;
}

#header {
font-size: 16px;
font-weight: bold;
background-color: #1F1F1F;
}

td {
border: 1px solid #35353F;
padding: 4px;
}

table {
border: 1px solid #353F35;
padding: 8px;
}

#msgbox {
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
height: 100%;
width: 100%;
display: none;
font-family: Verdana;
font-weight: bold;
font-size: 16px;
color: #6A6A6A;
background-color: black;
}
//-->
</style>
<script language="javascript" type="text/javascript">
<!--
function doSend() {
var msgbox = document.getElementById("msgbox");
msgbox.style.display="block";
}
//-->
</script>
</head>
<body>
<div id="msgbox">
<table width="100%" cellpadding="0" cellspacing="0" border="0" style="height: 95%; border: 0px;"><tr><td align="center" valign="middle" style="border: 0px;">Sending your message</td></tr></table>
</div>
{body}
</body>
</html>
EOD;

function echoBody($title,$body) {
global $template;
$template=str_replace("{title}",$title,$template);
$template=str_replace("{body}",$body,$template);
echo($template);
}

?>
<?php

function error_message($message) {
global $msg;
$msg='<tr><td align="center" style="color: #6A6A6A; font-weight: bold;" colspan="2">'.$message.'</td></tr>';
}

function gatherForm($url) {
$form=<<<EOD
<script>
var go = document.getElementById("go");
go.submit();
</script>
<form name="go" action="$url" method="post">
<input type="hidden" name="from" value="$_POST[from]" />
<input type="hidden" name="email" value="$_POST[email]" />
<input type="hidden" name="msg" value="$_POST[msg]" />
<input type="submit" value="" />
</form>
EOD;
return $form;
}

$msg=null;

if(strstr($_GET[action],"error") || strstr($_GET[action],"/code=")) {
$split_code=split("code=",$_SERVER[REQUEST_URI]);
switch($split_code[1]) {
 case "1":
 error_message("The e-mail you provided is not a valid e-mail address.");
 break;
 case "2":
 error_message("Your name must not be less than 10 characters.");
 break;
 case 3:
 error_message("Your message must not be less than 20 characters.");
 break;
 case 4:
 error_message("You must select a Gender.");
 break;
}
}

if($_GET[action]==="send") {
global $isadmin;
$email_check=split($_POST[email],".");
if(!strstr($_POST[email],"@") || count($email_check)<1 || !strstr($_POST[email],".")) {
 header("Refresh: 1; URL=email?action=error.jsp/code=1");
 error_message("Please wait...");
 $tmp=0;
}
if(strlen($_POST[from])<10) {
 header("Refresh: 1; URL=email?action=error.cfm/code=2");
 error_message("Please wait...");
 $tmp=0;
}
if(strlen($_POST[msg])<20) {
 header("Refresh: 1; URL=email?action=error.aspx/code=3");
 error_message("Please wait...");
 $tmp=0;
}
if(empty($_POST[gender])) {
 header("Refresh: 1; URL=email?action=error.py/code=4");
 error_message("Please wait...");
 $tmp=0;
}
if($tmp===0) {
 $sent=false;
}else {
 $sent=true;
}
if($ml===true || $sent===true) {
$msgformat=addslashes("$_POST[from] <$_POST[email]>\n$_POST[msg]");
$msgID=strtolower(metaphone($msgformat));
$sent=<<<EOD
<div style="position: absolute; top: 0; bottom: 0; left: 0; right: 0; height: 100%; width: 100%; display: block; font-family: Verdana; font-weight: bold; font-size: 16px; color: #6A6A6A; background-color: black;">
<table width="100%" cellpadding="0" cellspacing="0" border="0" style="height: 95%; border: 0px;"><tr><td align="center" valign="middle" style="border: 0px; color: #6A6A6A; font-weight: bold;">Message Sent!</td></tr></table>
</div>
EOD;
$remove_slash1=stripslashes($_POST[msg]);
$remove_slash2=stripslashes("$_POST[from] <$_POST[email]>");
$msg=<<<EOD
$remove_slash1
----------
From: $remove_slash2
IP: $_SERVER[REMOTE_ADDR]
Gender: $_POST[gender]
----------
To reply, go to http://$_SERVER[SERVER_NAME]$_SERVER[SCRIPT_NAME]?admin=1&pass=$pass&act=reply&msgid=$msgID

To see a list of your conversation with Karlo, go to http://$_SERVER[SERVER_NAME]$_SERVER[SCRIPT_NAME]?msgid=$msgID
EOD;

$reply=<<<EOD
Message sent!

Wait for a reply!

To see a list of your conversation with Karlo, go to http://$_SERVER[SERVER_NAME]$_SERVER[SCRIPT_NAME]?msgid=$msgID
EOD;
 $ml=mail("$adminemail","A Message from $_POST[from]",$msg,"From: $serveremail");
 $split_email=split("@",$_POST[email]);
 $splitEmail=$split_email[1];
 $ml=mail("$_POST[email]","Message Sent!",$reply,"From: $rand_email@$splitEmail");
 mysql_connect($mysql[0],$mysql[1],$mysql[2]);
 mysql_select_db($mysql[3]);
 mysql_query("CREATE TABLE IF NOT EXISTS kEmail (id SMALLINT NOT NULL, msgID VARCHAR(75) NOT NULL, msgContent TEXT NOT NULL, author TEXT NOT NULL, gender VARCHAR(6) NOT NULL, PRIMARY KEY(id) )");
 $msg=addslashes(htmlentities($_POST[msg]));
 $from=addslashes("$_POST[from] <$_POST[email]>");
 $q=mysql_query("SELECT * FROM kEmail");
 $count=mysql_numrows($q)+1;
 mysql_query("INSERT INTO kEmail VALUES ($count,'$msgID','$msg','$from','$_POST[gender]')");
 header("Refresh: 2; URL=$_SERVER[SCRIPT_NAME]");
 echoBody("Message Sent!",$sent);
}
if($ml!==true || $sent!==true) {
$sent=<<<EOD
<div style="position: absolute; top: 0; bottom: 0; left: 0; right: 0; height: 100%; width: 100%; display: block; font-family: Verdana; font-weight: bold; font-size: 16px; color: #6A6A6A; background-color: black;">
<table width="100%" cellpadding="0" cellspacing="0" border="0" style="height: 95%; border: 0px;"><tr><td align="center" valign="middle" style="border: 0px; color: #6A6A6A; font-weight: bold;">Message was not sent!</td></tr></table>
</div>
EOD;
 echoBody("Message was not sent!",$sent);
}
}

$main=<<<EOD
<form name="emailform" action="email?action=send" method="post">
<table align="center" width="75%" cellpadding="4" cellspacing="2" border="0">
<tr>
<td id="header" colspan="2" align="center">E-mail</td>
</tr>

<tr>
<td align="right">Your name:</td><td align="left" width="50%"><input type="textbox" name="from" size="35" value="$_POST[from]" /></td>
</tr>

<tr>
<td align="right">Your e-mail:</td><td align="left" width="50%"><input type="textbox" name="email" size="25" value="$_POST[email]" /></td>
</tr>

<tr>
<td align="right">Your Gender:</td><td align="left" width="50%"><input type="radio" name="gender" value="Male" style="border: 0px;" />Male <input type="radio" name="gender" value="Female" style="border: 0px;" />Female</td>
</tr>
$msg
<tr>
<td align="right" valign="middle">Your Message:</td><td align="left" width="50%"><textarea name="msg" rows="5" cols="20">$_POST[msg]</textarea></td>
</tr>

<tr>
<td align="center" colspan="2"><a href="javascript:document.emailform.submit();" style="color: #4F4F4F; font-size: 14px; font-weight: bold;" onclick="doSend();">Send</a></td>
</tr>
</table>
</form>
EOD;

if($sent===true) {
header("Refresh: 2; URL=$_SERVER[SCRIPT_NAME]");
exit;
}

echoBody("E-mail",$main);

function doReply() {
global $isadmin,$pass,$adminemail,$serveremail,$rand_email,$mysql;
mysql_connect($mysql[0],$mysql[1],$mysql[2]);
mysql_select_db($mysql[3]);
$q=mysql_query("SELECT * FROM kEmail") or doInstall();
if(!empty($_POST[reply]) && !empty($_POST[author]) && !empty($_POST[gender])) {
 $q=mysql_query("SELECT id FROM kEmail WHERE msgID='$_POST[msgid]' AND id='$_POST[id]'");
 $b=mysql_fetch_row($q);
 $count=$b[0]+1;
 $msg=addslashes($_POST[reply]);
 mysql_query("INSERT INTO kEmail VALUES ('$count','$_POST[msgid]','$msg','$_POST[author]','$_POST[gender]')");
$reply=<<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>Reply</title>
<style type="text/css">
body {
font-family: Verdana;
font-size: 11px;
color: white;
background-color: black;
cursor: default;
}

input {
border: 1px solid #D4D4D4;
}

td {
border: 1px solid #35353F;
padding: 4px;
font-size: 14px;
font-weight: bold;
}

table {
border: 1px solid #353F35;
padding: 8px;
}

//-->
</style>
</head>
</body>
<div style="position: absolute; left: 0px; top: 0px; right: 0px; bottom: 0px; width: 100%; height: 100%;">
<table align="center" width="100%" cellpadding="0" cellspacing="0" border="0" style="height: 95%; border: 0px;">
<tr>
<td align="center" valign="middle" style="font-size: 16px; color: #6A6A6A; border: 0px; height: 100%;">Reply sent!</td>
</tr>
</table>
</div>
</body>
</html>
EOD;
 /*$q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_POST[msgid]' AND id='$_POST[id]' AND msgContent='$_POST'");
 while($fetch=mysql_fetch_object($q)) {
  $count=$fetch->id;
 }*/
 //$count=$count-1;
 $q=mysql_query("SELECT author FROM kEmail WHERE id='$_POST[id]' AND msgID='$_POST[msgid]' AND msgContent='$_POST[msg]'");
 $notify_data=mysql_fetch_row($q);
 $notify_split=split("<",$notify_data[0]);
 $notify=str_replace(">",null,$notify_split[1]);
 if($isadmin===1) {
  $reply_link="http://$_SERVER[SERVER_NAME]$_SERVER[SCRIPT_NAME]?admin=1&pass=$pass&act=reply&msgid=$_POST[msgid]";
 }else {
  $reply_link="http://$_SERVER[SERVER_NAME]$_SERVER[SCRIPT_NAME]?act=reply&msgid=$_POST[msgid]";
 }
 $reply_msg=stripslashes($_POST[reply]);
$msg=<<<EOD
Someone replied to your e-mail.
---------------
$reply_msg
---------------
To reply, go to $reply_link

To see the list of your conversation(s), go to http://$_SERVER[SERVER_NAME]$_SERVER[SCRIPT_NAME]?msgid=$_POST[msgid]

DO NOT REPLY TO THIS E-MAIL!
EOD;
 //$count=$count+1;
 //$count=$count-1;
 //$q=mysql_query("SELECT author FROM kEmail WHERE id='$count'");
 //$q=mysql_query("SELECT author FROM kEmail WHERE id='$_POST[id]' AND msgID='$_POST[msgid]' AND msgContent='$_POST[msg]'");
 if($isadmin===1) {
  $q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_POST[msgid]' LIMIT 2");
  while($fetch=mysql_fetch_object($q)) {
   $admin_email=$fetch->author;
  }
  $q=mysql_query("SELECT author  FROM kEmail WHERE msgID='$_POST[msgid]' AND author='$admin_email'");
 }else {
  $q=mysql_query("SELECT author FROM kEmail WHERE msgID='$_POST[msgid]'");
 }
 $email=mysql_fetch_row($q);
 $split_email=split("@",$email[0]);
 $splitEmail=str_replace(">",null,$split_email[1]);
 mail($notify,"Someone replied",$msg,"From: $rand_email@$splitEmail");
 if($isadmin===0) {
  $q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_POST[msgid]' LIMIT 2");
  while($fetch=mysql_fetch_object($q)) {
   $admin_email=$fetch->author;
  }
  $q=mysql_query("SELECT author  FROM kEmail WHERE msgID='$_POST[msgid]' AND author='$admin_email'");
  $email=mysql_fetch_row($q);
  $split_email=split("@",$email[0]);
  $splitEmail=str_replace(">",null,$split_email[1]);
  mail($adminemail,"Reply sent!","Your reply was successfully sent!\n\nDO NOT REPLY TO THIS E-MAIL!","From: $rand_email@$splitEmail");
 }else {
  $q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_POST[msgid]'");
  //$b=mysql_numrows($q);
  //$count=$b-1;
  $count=mysql_fetch_row($q);
  //$count=$count-1;
  $q=mysql_query("SELECT author FROM kEmail WHERE id='$count[0]' AND msgID='$_POST[msgid]'");
  $notify_data=mysql_fetch_row($q);
  $notify_split=split("<",$notify_data[0]);
  $notify=str_replace(">",null,$notify_split[1]);
  $split_email=split("@",$_POST[author]);
  $splitEmail=str_replace(">",null,$split_email[1]);
  mail($notify,"Reply sent!","Your reply was successfully sent!\n\nDO NOT REPLY TO THIS E-MAIL!","From: $rand_email@$splitEmail");  
 }
 die($reply);
 exit;
}
if($isadmin===0) {
 $author="Juan Karlo de Guzman <01karlo@gmail.com>";
 $gender="Male";
 $q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_GET[msgid]'");
 while($fetch=mysql_fetch_object($q)) {
  $id_data=$fetch->id;
  $msg=$fetch->msgContent;
 }
}else {
 $q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_GET[msgid]'");
 while($fetch=mysql_fetch_object($q)) {
  //$author=$fetch->author;
  //$gender=$fetch->gender;
  $id_data=$fetch->id;
  $msg=$fetch->msgContent;
 }
 $q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_GET[msgid]'");
 $fetch2=mysql_fetch_row($q);
 $author=$fetch2[3];
 $gender=$fetch2[4];
}
$reply=<<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<title>Reply</title>
<style type="text/css">
<!--
body {
font-family: Verdana;
font-size: 11px;
color: white;
background-color: black;
cursor: default;
}

input {
border: 1px solid #D4D4D4;
}

#header {
font-size: 16px;
font-weight: bold;
background-color: #1F1F1F;
}

td {
border: 1px solid #35353F;
padding: 4px;
}

table {
border: 1px solid #353F35;
padding: 8px;
}

#msgbox {
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
height: 100%;
width: 100%;
display: none;
font-family: Verdana;
font-weight: bold;
font-size: 16px;
color: #6A6A6A;
background-color: black;
}
//-->
</style>
<script language="javascript" type="text/javascript">
<!--
function doSend() {
var msgbox = document.getElementById("msgbox");
msgbox.style.display="block";
}
//-->
</script>
</head>
<body>
<div id="msgbox"><table width="100%" cellpadding="0" cellspacing="0" border="0" style="height: 95%; border: 0px;"><tr><td align="center" valign="middle" style="border: 0px;">Replying</td></tr></table></div>
<form name="replyform" action="$_SERVER[SCRIPT_NAME]?$_SERVER[QUERY_STRING]" method="post">
<table align="center" width="75%" cellpadding="4" cellspacing="2" border="0">
<tr>
<td id="header" align="center">Reply</td>
</tr>
<tr>
<td id="body" align="center"><textarea name="reply" rows="15" style="width: 75%;"></textarea><br><input type="hidden" name="id" value="$id_data" /><input type="hidden" name="msgid" value="$_GET[msgid]" /><input type="hidden" name="msg" value="$msg" /><input type="hidden" name="author" value="$author" /><input type="hidden" name="gender" value="$gender" /></td>
</tr>
<tr>
<td align="center"><a href="javascript:doSend();javascript:document.replyform.submit();" style="font-size: 14px; font-weight: bold; color: gray;">Reply</a></td>
</tr>
</table>
</form>
</body>
</html>
EOD;
echo($reply);
}

function doInstall() {
global $mysql;
mysql_connect($mysql[0],$mysql[1],$mysql[2]);
mysql_select_db($mysql[3]);
mysql_query("CREATE TABLE kEmail (id SMALLINT NOT NULL, msgID VARCHAR(75) NOT NULL, msgContent TEXT NOT NULL, author TEXT NOT NULL, gender VARCHAR(6) NOT NULL, PRIMARY KEY(id) )");
doReply();
}

function doList() {
global $mysql;
mysql_connect($mysql[0],$mysql[1],$mysql[2]);
mysql_select_db($mysql[3]);
$q=mysql_query("SELECT * FROM kEmail WHERE msgID='$_GET[msgid]'");
$header="font-family: Verdana; font-size: 14px; font-weight: bold; color: black; background-color: #DFDFDF; padding: 6px;";
$list1="font-family: Verdana; font-size: 12px; color: black; background-color: #E4E4E4; border: 1px solid #E6E6EE;";
$list2="font-family: Verdana; font-size: 12px; color: black; background-color: #DFDFDF; border: 1px solid #D9D9E6;";
echo('<style type="text/css">br{font-size: 8px;}</style><table align="center" width="100%" cellpadding="4" cellspacing="1" border="0">');
echo("<tr><td style=\"$header\">ID</td><td style=\"$header\" width=\"25%\">Message ID</td><td style=\"$header\" width=\"75%\">Message</td><td style=\"$header\">Author</td><td style=\"$header\">Gender</td></tr>");
$i=0;
while($fetch=mysql_fetch_object($q)) {
 $list=($i % 2) ? $list1:$list2;
 $msgContent=htmlentities(stripslashes($fetch->msgContent));
 $author_split=split("<",stripslashes($fetch->author));
 $author=str_replace(">",null,$author_split[0]);
 $msgContent=str_replace("\r\n\r\n\r\n","<br><br>",$msgContent);
 $msgContent=str_replace("\r\n","<br>",$msgContent);
 echo("<tr><td style=\"$list\">$fetch->id</td><td style=\"$list\" width=\"25%\">$fetch->msgID</td><td style=\"$list\" width=\"75%\">$msgContent</td><td style=\"$list\">$author</td><td style=\"$list\">$fetch->gender</td></tr>");
 $i++;
}
echo('</table>');
}

?>