<?php//////////////////////////////////////////////////////////////////// phPOP3clean() by James Heinrich <info@silisoftware.com>    ////  available at http://phpop3clean.sourceforge.net            ///////////////////////////////////////////////////////////////////// THIS IS THE ONLY LINE IN THIS FILE YOU MAY NEED TO MODIFY:define('PHPOP3CLEAN_DIRECTORY', '/phPOP3clean/');  // webroot-relative, must have trailing slash. If you modify this value, please modify PHPOP3CLEAN_DIRECTORY in phPOP3clean.config.php to the same value///////////////////////////////////////////////////////////////////////////////// VARIABLE VALIDATION:$_GET['pixel'] = ((isset($_GET['pixel']) && eregi('^[0-9a-f]{6}$', $_GET['pixel'])) ? $_GET['pixel'] : null);///////////////////////////////////////////////////////////////////////////////require_once($_SERVER['DOCUMENT_ROOT'].PHPOP3CLEAN_DIRECTORY.'phPOP3clean.login.php');//include( '../debug/mydebug.inc');if (isset($_GET['pixel']) && eregi('^([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})$', @$_GET['pixel'], $matches)) {	// output a single-pixel, 2-color GIF	header('Content-type: image/gif');	echo "\x47\x49\x46\x38\x39\x61";                                                 // version (GIF89a)	echo "\x01\x00";                                                                 // width (1px)	echo "\x01\x00";                                                                 // height (1px)	echo "\x80";                                                                     // flags	echo "\x00";                                                                     // background color index	echo "\x00";                                                                     // aspect ratio	echo chr(hexdec($matches[1])).chr(hexdec($matches[2])).chr(hexdec($matches[3])); // Color-0	echo "\xFF\xFF\xFF";                                                             // Color-1	echo "\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x01\x44\x00\x3B";             //	exit;} elseif (isset($_GET['imagepassthru']) && eregi('^([0-9a-f]{32})\.([a-z]{3,4})$', $_GET['imagepassthru'], $matches)) {	header('Last-Modified: '.gmdate('D, d M Y H:i:s', 987654321).' GMT'); // date in the past
	if (@file_exists(PHPOP3CLEAN_MD5_IMAGE_CACHE.$_GET['imagepassthru'])) {		header('Content-type: image/'.$matches[2]);		readfile(PHPOP3CLEAN_MD5_IMAGE_CACHE.$_GET['imagepassthru']);	} else {		$errorPNG = 'iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAYAAABw4pVUAAAALHRFWHRDcmVhdGlvbiBUaW1lAFRodSAzMCBOb3YgMjAwNiAwNjoyNTo0NSAtMDUwMNMZGTEAAAAHdElNRQfWCx4LHCLw57d3AAAACXBIWXMAAAsSAAALEgHS3X78AAAABGdBTUEAALGPC/xhBQAABs5JREFUeNrtXU1oXUUUHn8wYMAssqigULCLgBVcqHRhIUIXWURwEUHcmEgWAasUURCpEiGFLgKmNCq6CviDSJVKi6S4UEFFXamIoviTWNu0NRH/Sk1rY53DvVdvvje/987cN++988GhvZkz587Md2fuzLwz9wjBSAqXGdIueegyAuHydheAsRlMSGJgQhIDE5IYmJDEwIQkhrqEXAIZkLJfymrpb/9IOSllr5S+PB/pPS3l55LehpTjUh6WcoXlvlvy+yxLOQ9l2Mjv/6qUmx3qQGWZkbKS5y3s/C1lScq0op4mW6T/o5SLJf2L+d+mc50gje2ic0bxt7J8IOVGKacsescMpIxLuWDJX5ZZQx1vl/Kbhy1TW4xK+d0hL+mMNEUI9YZzUp4Q2VO8Q2RPcVnnQq63LuWpXO8WkT2NZb1xTQOWnzx6op+Vsj1PJ1sPKRr5LoWtHXlZC51yeUgeUJRd1xYjinK9IGVrLgfF5t5HuruaIOR7KUOgM1pR713F/Y6Czm5NuXaB3iKk90FjUwMNa2zttbQF2Tot7A/TPaBzQvw/hEcjZJtCZ0ChN+Sgt6rQ+RN0+jXlstkah/SXarTFbmF/kAocBt3J2ITUseWjV7f82DCjNWwtQtq4wc4Y6B4OVaFYDe2qRz3jPpG9/GlmRu+CDUV+na2fIG1LjbbACcqQwc4g6H7rwUeShBARB0Q2Ja0zM/LtiT62QszYOoIQIuNLSD8r5Q0p90u5QWyeKjMhkQmZg7SPhHmRZbK1CmmDNdoCh6x+EQmpEeIzVttsvQ9pwzVsLXraMqKT9rKuhetvDLq2p/QYXN9t0LVtv7wO1xMGXXypn/JpgNR6yBKk6Va610n5xGKLZlXrpTT6/3aFLdpBWLPYwkUmyZimbDOgN9fJhDwCabRIfCwngHrEHVJehoY23XOPwt6DInsvETkvCv1UGoHbMJTvNSm3Sbk6L9s7YIP2/WzvrqQJoRnU85oGqjqbmRb29csZR1vUm447luUrYX8HJk9IAXppvi1at1HO5w3yXF5Z13vSO4Kmzr+CPu1P0RAz4GGLhi/aDvlUtPZU6kEfS7lX2H9eYBhA75vKawdfdNIsq124Hq5Px7wZE2LHrXD9Xcyb9TIhuB+m+23iTrh+r90F71bgal21dhgBHSJxa7sL3q3AxqZZ0aMiW9fQ+uBJ0TpT2t/uQnc7aIrq6jDxjODpaiOgaS25JJEbUNlRgYScJd4SmXMFg8FgMBgMBoPhAJzXz9bMz6gJbFCa8/vM75mQwFCtfpeFu9sMExIYui2J+Yr521HmroJpn8jFl4kJiVy5snvNsrAPXUxI5Mqha75t6GJCGqjcIfjbiGd+HejXvykpn4vW3zTW879PCf2vhFXdijoKqgrRD0HloYtO6w545FeBnNZWhFujruT6tnv1DCEEHLoWPPOXgR6EJEdE5kF4Vf7vEUg/J9SkuN6zY2Gq3AKkjXrmJ9DwcwJ09mjKgm6kugOYPUsIDVMnS2mqocvWOFOQftRSHjzRO+VZ5o6HrXJ4LHrBMz+e09B5oBfAoXJRodPThBBw6BrzyI8HemwHOdFFVHVWo+cJwaGLZmCDjvmrNF4Mmx0D18qhv9Qhx/xMiCd8KjcPumMO+XnI8oRP5Whfa7mkaztWRuCXuid8KzesyMPT3oCoUrl54U5IjIXhX6BX+eNjKaIKITh0Nb118gXoPi7lGhHx4wBNomr3x4+W2fKH2FwsMCPce2jHoU6FZj3z191+L0De7vuk/AI2vA78MxgMBoPBYDAYDAaDwWAwGAwGo9egit4ZYq+fo4KagW38X3v18gfMksSVDjr8tDcI7iGJgQlJDExIYmBCEkPThITwBvHxPvF1pqb70kf/l8Tmb8KTwxwFkLEFDyPoIodS/T4U6piKtSpRFaH8pWIS4vIxfVOIiZCRQ6MSEtKjMCYhJEWoCYp2UESDOws6qp4SMnKotZB1mA7tcxuTkLWcCMQk6MWMHBqdkNBe6TEJ0cX0wFBFMSOH1lN2QOhzGzEJqWorZOTQesoOCH2yKUVCgkUOddntrbuXVcWeKY+PPZtuKFu+ddTq88IwMTRBCEakcRmyTPlTxBpce0VfK6MJQj6D650W/Z2W/Cnia7i+qaqhJgh5E64nLPoTlvyuT6N3WLoaCBk5tAWhZ1mhF4Y4jZ5U2KHAkBiAOOYsK2Tk0FqFdEXIrRP8SM0fItve6M8bgYJP6uKtxyKEEDJyaHRCClJCHcacc7DxQ8OEEKaFPXLohqOt6IQQQh3GJFBPoS3x8llyquySyLbQ+9pACEEXOZR2gV+Rsi1yGzMYXYx/AQ4EtreX/Z9MAAAAAElFTkSuQmCC';		header('Content-type: image/png');		echo base64_decode($errorPNG);	}	exit;}if (isset($matches)) {	unset($matches);}require_once($_SERVER['DOCUMENT_ROOT'].PHPOP3CLEAN_DIRECTORY.'phPOP3clean.functions.php');session_start();//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////if (IsAdminUser() && (@$_GET['imgadmin'] == 'file') && eregi('^[0-9a-f]{32}$', @$_GET['md5'])) {	$SQLquery  = 'SELECT `image_data`, `ext` FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'image`';	$SQLquery .= ' WHERE (`md5` = "'.mysql_escape_string($_GET['md5']).'")';	$result = mysql_query_safe($SQLquery);	if ($row = mysql_fetch_array($result)) {		header('Content-type: application/octet-stream');		header('Content-Disposition: attachment; filename='.$_REQUEST['md5'].'.'.($row['ext'] ? $row['ext'] : 'jpg'));		echo $row['image_data'];		exit;	} else {		die('MD5['.htmlentities(@$_GET['md5']).'] not found in database');	}} elseif (IsAdminUser() && (@$_GET['exeadmin'] == 'file')) {	$SQLquery  = 'SELECT `virus_data`, `pattern` FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'exe`';	$SQLquery .= ' WHERE (`md5` = "'.mysql_escape_string($_REQUEST['md5']).'")';	$result = mysql_query_safe($SQLquery);	if ($row = mysql_fetch_array($result)) {		//ob_end_clean();		header('Content-type: application/octet-stream');		if (@$_GET['filtered']) {			$filtered = FilteredBinaryData($row['virus_data'], $row['pattern']);			header('Content-Disposition: attachment; filename='.md5($filtered).'.dat');			echo $filtered;		} else {			header('Content-Disposition: attachment; filename='.$_REQUEST['md5'].'.dat');			echo $row['virus_data'];		}		exit;	}}//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////if (!mysql_table_exists(PHPOP3CLEAN_TABLE_PREFIX.'accounts')) {	die('Table `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts` does not exist. Please run <a href="'.PHPOP3CLEAN_DIRECTORY.'phPOP3clean.install.php">phPOP3clean.install.php</a> first.');}if (@$_REQUEST['DateRangeMinYear']) {	$DateRangeMin = mktime($_REQUEST['DateRangeMinHour'], $_REQUEST['DateRangeMinMinute'], 0, $_REQUEST['DateRangeMinMonth'], $_REQUEST['DateRangeMinDay'], $_REQUEST['DateRangeMinYear']);	$DateRangeMax = mktime($_REQUEST['DateRangeMaxHour'], $_REQUEST['DateRangeMaxMinute'], 0, $_REQUEST['DateRangeMaxMonth'], $_REQUEST['DateRangeMaxDay'], $_REQUEST['DateRangeMaxYear']);} elseif (empty($_REQUEST['daterange'])) {	$DateRangeMin = time() - 86400; // last day	$DateRangeMax = time();} else {	list($DateRangeMin, $DateRangeMax) = explode('|', $_REQUEST['daterange']);}///////////////////////////////////////////////////////////if (@$_GET['messages_recent']) {	$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'messages_recent`';	$SQLquery .= ' WHERE (`id` = "'.mysql_escape_string($_REQUEST['messages_recent']).'")';	if (!IsAdminUser()) {		$SQLquery .= ' AND (`account` = "'.mysql_escape_string($_COOKIE['phPOP3cleanUSER']).'")';	}	$result = mysql_query_safe($SQLquery);	if ($row = mysql_fetch_array($result)) {		$ParsedHeader = POP3parseheader($row['headers']);		echo '<html><head><style type="text/css">body,td,th { font-family: sans-serif; font-size: 9pt; }</style></head><body>';		echo '<table border="0">';		echo '<tr><td><b>Account</b></td><td>'.htmlentities($row['account']).'</td></tr>';		echo '<tr><td><b>Scanned</b></td><td>'.date('j M Y g:i:sa', $row['date']).'</td></tr>';		echo '<tr><td><b>Message ID</b></td><td>'.htmlentities($row['id']).'</td></tr>';		echo '<tr><td><b>From</b></td><td>'.htmlentities(@$ParsedHeader['from'][0]).'</td></tr>';		echo '<tr><td><b>Subject</b></td><td>'.htmlentities(@$ParsedHeader['subject'][0]).'</td></tr>';		echo '<tr><td valign="top"><b>Domains</b></td><td><ul>';		$noHTMLtext = strip_tags(QuotedEntityDecode($row['body']));		$ResolvedDomains = ExtractDomainsFromText($row['body'], $noHTMLtext);		foreach ($ResolvedDomains as $domain => $IPs) {			$iplist = '';			foreach ($IPs as $ip) {				$iplist .= ($iplist ? ';' : '').'<span style="background-color: #'.(IPisBanned($ip) ? PHPOP3CLEAN_COL_BLIST : (IPisWhitelisted($ip) ? PHPOP3CLEAN_COL_WLIST : PHPOP3CLEAN_COL_OK)).';">'.$ip.'</span>';			}			echo '<li>'.htmlentities($domain).' ['.$iplist.']</li>';		}		echo '</ul></td></tr>';		echo '<tr><td><b>Debug</b></td><td>'.nl2br(htmlentities($row['debug'])).'</td></tr>';		echo '</table><br>';		echo '<textarea cols="100" rows="10" wrap="off">'.htmlentities($row['headers']).'</textarea>';		echo '<textarea cols="100" rows="30" wrap="off">'.htmlentities($row['body']).'</textarea>';		echo '</body></html>';	} else {		echo 'failed to select message (`id` = "'.htmlentities(@$_GET['messages_recent']).'")';	}	exit;}///////////////////////////////////////////////////////////echo '<html><head><title>phPOP3clean :: admin</title><style type="text/css">BODY, TH, TD { font-family: sans-serif; font-size: 8pt; }</style></head><body>';echo '<div style="float: right;">Logged in as: <b>'.htmlentities(IsAdminUser() ? 'ADMIN' : $_COOKIE['phPOP3cleanUSER']).'</b> <a href="'.$_SERVER['PHP_SELF'].'?logout">logout</a></div>';echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?'), ENT_QUOTES).'"><b>Filter summary</b></a><br>';echo 'Edit:<ul style="margin-top: 0px; margin-bottom: 0px;">';if (IsAdminUser()) {	echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?exeadmin='.__LINE__.'&orderby=lasthit'), ENT_QUOTES).'">Infected Attachments (worms/viruses)</a></li>';	echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?imgadmin='.__LINE__.'&orderby=lasthit'), ENT_QUOTES).'">Attached Images</a></li>';	echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?ipadmin='.__LINE__.'&bulkadd='.__LINE__), ENT_QUOTES).'">IPs Blacklist</a></li>';	echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?autobandomains='.__LINE__), ENT_QUOTES).'">Auto-ban Domains</a></li>';	echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?receivedadmin='.__LINE__), ENT_QUOTES).'">"Received" header domain blacklist</a></li>';}echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.__LINE__), ENT_QUOTES).'">Words/Phrases</a> (<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.__LINE__.'&action=list&db=phpop3clean_words_clean&orderby=lasthit'), ENT_QUOTES).'">clean</a>, <a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.__LINE__.'&action=list&db=phpop3clean_words_obfuscated&orderby=lasthit'), ENT_QUOTES).'">obfuscated</a>, <a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.__LINE__.'&action=list&db=phpop3clean_words_code&orderby=lasthit'), ENT_QUOTES).'">source</a>)</li>';echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?emailwhitelistadmin='.__LINE__), ENT_QUOTES).'">"From" email whitelist</a></li>';echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?subjectwhitelistadmin='.__LINE__), ENT_QUOTES).'">Subject whitelist</a></li>';echo '</ul>';echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?useradmin='.__LINE__), ENT_QUOTES).'">User admin</a><br>';if (IsAdminUser()) {	echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?recentdomains='.__LINE__), ENT_QUOTES).'">List recently-seen domains</a><br>';	echo '<a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?databaseupdate='.__LINE__), ENT_QUOTES).'">Update Database</a><br>';	echo '<a href="'.PHPOP3CLEAN_DIRECTORY.'phPOP3clean.emptycache.php">Purge/Backup quarantined emails</a><br>';	echo '<a href="'.PHPOP3CLEAN_DIRECTORY.'phPOP3clean.datadump.php">Export Database</a><br>';}echo '<hr clear="all">';///////////////////////////////////////////////////////////////////////////////if (@$_REQUEST['wordadmin']) {	if (@$_REQUEST['db']) {		echo '<b>'.ucfirst(str_replace(PHPOP3CLEAN_TABLE_PREFIX.'words_', '', htmlentities($_REQUEST['db']))).' Words Admin</b><br>';		echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';		$hiddenvars = array('wordadmin', 'action', 'db', 'orderby');		foreach ($hiddenvars as $var) {			echo '<input type="hidden" name="'.$var.'" value="'.htmlentities(@$_REQUEST[$var], ENT_QUOTES).'">';		}		echo 'Banned Phrase test: <textarea cols="40" rows="2" name="testword">'.htmlentities(@$_REQUEST['testword'], ENT_QUOTES).'</textarea> ';		echo '<input type="submit" value="Test Phrase">';		echo '</form>';		if (@$_REQUEST['testword']) {			echo '<div style="background-color: #EEEEEE; border: 2px #000000 inset;" align="center">';			if ($badword = BlackListedWordsFound($_REQUEST['testword'])) {				list($matchedword, $cleanword) = $badword;				echo '<font color="red">Banned phrase:<br><b>'.htmlentities($matchedword).'</b><br>matches:<br>'.htmlentities($cleanword).'</font>';			} elseif ($badword = BlackListedWordsFoundCode($_REQUEST['testword'])) {				list($matchedword, $cleanword) = $badword;				echo '<font color="red">Banned phrase (code):<br><b>'.htmlentities($matchedword).'</b><br>matches:<br>'.htmlentities($cleanword).'</font>';			} else {				echo '<font color="darkgreen">Phrase is OK:<br><b>'.htmlentities($_REQUEST['testword']).'</b></font>';			}			echo '</div><br>';		}		echo '<br>';	} else {		echo '<b>Blacklisted Words admin</b><ul>';		echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.$_REQUEST['wordadmin'].'&action=list&db='.PHPOP3CLEAN_TABLE_PREFIX.'words_clean&orderby=lasthit'), ENT_QUOTES).'">"Clean" Words admin</a></li>';		echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.$_REQUEST['wordadmin'].'&action=list&db='.PHPOP3CLEAN_TABLE_PREFIX.'words_obfuscated&orderby=lasthit'), ENT_QUOTES).'">Obfuscated Words admin</a></li>';		echo '<li><a href="'.htmlspecialchars(linkencode($_SERVER['PHP_SELF'].'?wordadmin='.$_REQUEST['wordadmin'].'&action=list&db='.PHPOP3CLEAN_TABLE_PREFIX.'words_code&orderby=lasthit'), ENT_QUOTES).'">Source Code Words admin</a></li>';		echo '</ul>';	}	switch (@$_REQUEST['action']) {		case 'delete':			$word = @$_REQUEST['word'];			$nr_of_matches = preg_match_all('/(http%3A%2F%2F.* ?)/', $word, $matches);			if (($nr_of_matches !== false) && ($nr_of_matches > 0)) {				foreach ($matches[1] as $match) {					$word = str_replace($match, urldecode($match), $word);				}			}			unset($nr_of_matches, $matches, $match);			$SQLquery  = 'DELETE FROM `'.mysql_escape_string($_REQUEST['db']).'`';			$SQLquery .= ' WHERE `word` = "'.mysql_escape_string($word).'"';