<?php//////////////////////////////////////////////////////////////////// phPOP3clean() by James Heinrich <info@silisoftware.com>    ////  available at http://phpop3clean.sourceforge.net            /////////////////////////////////////////////////////////////////////include( '../debug/mydebug.inc');require_once('phPOP3clean.functions.php');require_once('phPOP3.class.php');define('PHPOP3CLEAN_NONFORCEDLOGIN', true);require_once('phPOP3clean.login.php');if (!mysql_table_exists(PHPOP3CLEAN_TABLE_PREFIX.'accounts')) {	WarningEmail('FAILURE! Failed to select `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts`', 'Failed to select SQL database `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts` '.@$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."\n".mysql_error());	die('Table `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts` does not exist. Please run <a href="'.PHPOP3CLEAN_DIRECTORY.'phPOP3clean.install.php">phPOP3clean.install.php</a> first.');}///////////////////////////////////////////////////////////////////////////////// HERE YOU SHOULD VALIDATE ALL REQUEST VARIABLES YOU USE$_GET['onlyid']    = (isset($_GET['onlyid']) ? intval($_GET['onlyid']) : false);$_GET['nocache']   = (bool) @$_GET['nocache'];$_GET['show']      = (bool) ((@$_GET['show'] === '0') ? false : IsAuthenticatedUser());$_GET['onlyemail'] = SanitizeEmailAddress(@$_GET['onlyemail']);///////////////////////////////////////////////////////////////////////////////$starttime = getmicrotime();$BadEmailsFound     = 0;$GoodEmailsFound    = 0;$GoodEmailsSkipped  = 0;$LargeEmailsSkipped = 0;$WhiteEmailsSkipped = 0;$nowtime            = time();$NewMessagesScanned = array();$Timing				= array();///////////////////////////////////////////////////////////////////////////////// Prune recent messages table$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'messages_recent`';$SQLquery .= ' WHERE (`date` < '.($nowtime - PHPOP3CLEAN_KEEP_RECENT).')';mysql_query($SQLquery);if (mysql_affected_rows() > 0) {	$SQLquery  = 'OPTIMIZE TABLE `'.PHPOP3CLEAN_TABLE_PREFIX.'messages_recent`';	mysql_query($SQLquery);}unset($SQLquery);// Prune recent IPs table$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_recent`';$SQLquery .= ' WHERE (`date` < '.($nowtime - PHPOP3CLEAN_KEEP_RECENT_DOM).')';mysql_query($SQLquery);if (mysql_affected_rows() > 0) {	$SQLquery  = 'OPTIMIZE TABLE `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_recent`';	mysql_query($SQLquery);}unset($SQLquery);// Prune recent Blacklisted IPs table$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'ips`';$SQLquery .= ' WHERE (`added` < '.($nowtime - PHPOP3CLEAN_KEEP_IPS).')';$SQLquery .= ' AND (`whitelist` = "0")';mysql_query($SQLquery);if (mysql_affected_rows() > 0) {	$SQLquery  = 'OPTIMIZE TABLE `'.PHPOP3CLEAN_TABLE_PREFIX.'ips`';	mysql_query($SQLquery);}unset($SQLquery);// Prune Auto-ban domains table$SQLquery  = 'DELETE FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_autoban`';$SQLquery .= ' WHERE (`added` < '.($nowtime - PHPOP3CLEAN_KEEP_IPS).')';mysql_query($SQLquery);if (mysql_affected_rows() > 0) {	$SQLquery  = 'OPTIMIZE TABLE `'.PHPOP3CLEAN_TABLE_PREFIX.'domains_autoban`';	mysql_query($SQLquery);}unset($SQLquery);// Prune recent Blacklisted Words tables$WordTypes = array('clean', 'obfuscated', 'code');foreach ($WordTypes as $key => $value) {	$cutofftime = $nowtime - constant('PHPOP3CLEAN_KEEP_WORDS_'.strtoupper($value));	$tablename = PHPOP3CLEAN_TABLE_PREFIX.'words_'.$value;	$SQLquery  = 'DELETE FROM `'.$tablename.'`';	$SQLquery .= ' WHERE (`added` < '.$cutofftime.')';	$SQLquery .= ' AND (`lasthit` < '.$cutofftime.')';	mysql_query($SQLquery);	if (mysql_affected_rows() > 0) {		$SQLquery  = 'OPTIMIZE TABLE `'.$tablename.'`';		mysql_query($SQLquery);	}	unset($SQLquery, $cutofftime, $tablename);}unset($WordTypes, $key, $value);///////////////////////////////////////////////////////////////////////////////$SQLquery  = 'SELECT * FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts`';$SQLquery .= ' WHERE (`active` = 1)';if (!$_GET['nocache'] && !$_GET['onlyid'] && !$_GET['onlyemail']) {	$SQLquery .= ' AND ((`last_scanned` + ('.PHPOP3CLEAN_INTERSCAN_WAIT_PERIOD.' * `scan_interval`)) < '.mysql_escape_string(time()).')';}$result = mysql_query($SQLquery);unset($SQLquery);$LoginInfo = array();while ($row = mysql_fetch_array($result)) {	$LoginInfo[] = array(						'email'      => $row['account'],						'username'   => substr($row['account'], 0, strpos($row['account'], '@')),						'hostname'   => $row['hostname'],						'password'   => $row['password'],						'port'       => $row['port'],						'full_login' => $row['full_login'],						'use_retr'   => $row['use_retr'],	);}@mysql_free_result($result);if (!is_array($LoginInfo) || count($LoginInfo) === 0) {	die('ERROR: There are no active accounts in `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts` (that have not already been scanned in the last '.PHPOP3CLEAN_INTERSCAN_WAIT_PERIOD.' seconds)');}$required_login_keys = array('hostname', 'username', 'email');foreach ($LoginInfo as $LoginInfoArray) {	if ($_GET['onlyemail'] && ($LoginInfoArray['email'] != $_GET['onlyemail'])) {		continue;	}	foreach ($required_login_keys as $required_login_key) {		if (!isset($LoginInfoArray[$required_login_key]) || ($LoginInfoArray[$required_login_key] === '')) {			EchoToScreen('ERROR: $LoginInfoArray['.$required_login_key.'] is blank! skipping account ('.@$LoginInfoArray['email'].')...'."\n\n");			continue;		}	}	EchoToScreen('Connecting to '.$LoginInfoArray['email'].' ('.gethostbyname($LoginInfoArray['hostname']).':'.$LoginInfoArray['port'].')...'."\n\n");	$SQLquery  = 'UPDATE `'.PHPOP3CLEAN_TABLE_PREFIX.'accounts`';	$SQLquery .= ' SET `last_scanned` = '.mysql_escape_string(time()).'';	$SQLquery .= ' WHERE (`account` = "'.mysql_escape_string($LoginInfoArray['email']).'")';	mysql_query($SQLquery);	unset($SQLquery);	$errno  = '';	$errstr = '';	$timingstart = getmicrotime();	$phPOP3 = new phPOP3($LoginInfoArray['hostname'], $LoginInfoArray['port'], $errno, $errstr, 5, $_GET['show']);	@$Timing['new_phPOP3'] += (getmicrotime() - $timingstart);	if (is_resource($phPOP3->fp)) {		$phPOP3->full_login = (bool) $LoginInfoArray['full_login'];		$timingstart = getmicrotime();		$POP3login = $phPOP3->POP3login($LoginInfoArray['email'], $LoginInfoArray['password'], PHPOP3CLEAN_HIDE_PASSWORDS);		@$Timing['POP3login'] += (getmicrotime() - $timingstart);		if ($POP3login === false) {			WarningEmail('Login failed for '.$LoginInfoArray['email'], 'phPOP3clean - Login failed for '.$LoginInfoArray['username'].':'.$LoginInfoArray['password'].'@'.$LoginInfoArray['hostname'].':'.$LoginInfoArray['port'].' at '.date('F j Y g:i:sa')."\n\n".wordwrap('The most common cause of this is that someone is already logged in to this account, probably the user themselves. If it happens only rarely, ignore this message. If it happens continually then maybe the wrong password is set.'));			$phPOP3->OutputToScreen('<font color="red">Login failed for '.$LoginInfoArray['username'].':'.$LoginInfoArray['password'].'@'.$LoginInfoArray['hostname'].':'.$LoginInfoArray['port'].'</font>'."\n");		} elseif ($POP3login === null) {			// login timed out?			$phPOP3->OutputToScreen('<font color="red">Login failed for '.$LoginInfoArray['username'].':'.$LoginInfoArray['password'].'@'.$LoginInfoArray['hostname'].':'.$LoginInfoArray['port'].'</font>'."\n");		} else {			$unprocessed_deletions = MessageDeleteQueueCount($LoginInfoArray['email']);			$phPOP3->OutputToScreen('<font color="blue">There are '.$unprocessed_deletions.' messages queued for deletion</font>'."\n");			if ($unprocessed_deletions > 0) {				// some messages left in the delete queue from a failed previous scan				MessageDeleteQueueProcess($LoginInfoArray['email']);				unset($phPOP3);				$phPOP3 = new phPOP3($LoginInfoArray['hostname'], $LoginInfoArray['port'], $errno, $errstr, 5, $_GET['show']);				$phPOP3->full_login = (bool) $LoginInfoArray['full_login'];				$timingstart = getmicrotime();				$POP3login = $phPOP3->POP3login($LoginInfoArray['email'], $LoginInfoArray['password'], PHPOP3CLEAN_HIDE_PASSWORDS);				@$Timing['POP3login'] += (getmicrotime() - $timingstart);				if (($POP3login === null) || ($POP3login === false)) {					// failed to log back in, sleep until next scan					continue;				}			}			unset($unprocessed_deletions);			$timingstart = getmicrotime();			$STAT = $phPOP3->POP3stat();			@$Timing['POP3stat'] += (getmicrotime() - $timingstart);			if (is_array($STAT) && (count($STAT) === 2)) {				$phPOP3->OutputToScreen('<font color="blue">There are '.$STAT[0].' messages</font>'."\n\n");				$phPOP3->POP3getMessageNumFromUID(null); // initialize $phPOP3->UIDcache				for ($i = 1; $i <= $STAT[0]; $i++) {					if (is_int($_GET['onlyid']) && ($i != $_GET['onlyid'])) {						continue;					}					// skip previously scanned					$timingstart = getmicrotime();					if (!$_GET['nocache'] && is_array($phPOP3->UIDcache)) {						$cached_MessageID = array_search($i, $phPOP3->UIDcache);						if ($cached_MessageID !== false) {							$SQLquery  = 'SELECT `messageid` FROM `'.PHPOP3CLEAN_TABLE_PREFIX.'messages_scanned`';							$SQLquery .= ' WHERE (`messageid` = "'.mysql_escape_string($cached_MessageID).'")';							$SQLquery .= ' AND (`account` = "'.mysql_escape_string($LoginInfoArray['email']).'")';							$result = mysql_query($SQLquery);							unset($SQLquery);							if (mysql_num_rows($result) > 0) {								// this email has already been scanned, skip it								$GoodEmailsSkipped++;								$DebugMessages[] = '['.basename(__FILE__).'.'.__LINE__.'] Skipping message ID "'.$cached_MessageID.'" because is in `'.PHPOP3CLEAN_TABLE_PREFIX.'messages_scanned` cache';								$phPOP3->OutputToScreen('<font color="blue">skipping message #'.$i.' (id "'.$cached_MessageID.'") - previously scanned</font><br><br>');								unset($cached_MessageID, $messageSize);								@mysql_free_result($result);								@$Timing['SkipOld'] += (getmicrotime() - $timingstart);								continue;							}							@mysql_free_result($result);						}					}					@$Timing['SkipOld'] += (getmicrotime() - $timingstart);					set_time_limit(PHPOP3CLEAN_TIMEOUT);					$DebugMessages = array();					$ThisIsBad = false;					$timingstart = getmicrotime();					$MessageID = $phPOP3->POP3getMessageID($i);					@$Timing['POP3getMessageID'] += (getmicrotime() - $timingstart);					$DebugMessages[] = '['.basename(__FILE__).'.'.__LINE__.'] Message #'.$i.' for account '.$LoginInfoArray['email'].' has message ID "'.$MessageID.'"';					$timingstart = getmicrotime();					$messageSize = $phPOP3->POP3getMessageSize($i);					@$Timing['POP3getMessageSize'] += (getmicrotime() - $timingstart);					// skip oversize messages					$timingstart = getmicrotime();					if ($messageSize > PHPOP3CLEAN_MAX_MESSAGE_SIZE) {						// this email is too large to scan, skip it						$LargeEmailsSkipped++;						$DebugMessages[] = '['.basename(__FILE__).'.'.__LINE__.'] Skipping message ID "'.$MessageID.'" because is larger ('.number_format($messageSize).' bytes) than PHPOP3CLEAN_MAX_MESSAGE_SIZE ('.number_format(PHPOP3CLEAN_MAX_MESSAGE_SIZE).' bytes)';						$phPOP3->OutputToScreen('<font color="blue">skipping message #'.$i.' (id "'.$MessageID.'") - too large ('.number_format($messageSize / 1024).'kB vs '.number_format(PHPOP3CLEAN_MAX_MESSAGE_SIZE / 1024).'kB)</font><br><br>');						unset($MessageID, $messageSize);						@$Timing['SkipLarge'] += (getmicrotime() - $timingstart);						continue;					}					@$Timing['SkipLarge'] += (getmicrotime() - $timingstart);					$timingstart = getmicrotime();					$header = $phPOP3->POP3getMessageHeader($i);					@$Timing['POP3getMessageHeader'] += (getmicrotime() - $timingstart);					$DebugMessages[] = '['.basename(__FILE__).'.'.__LINE__.'] $phPOP3->POP3getMessageHeader() returned '.strlen($header).' byte header';					$ParsedHeader = POP3parseheader($header);					$phPOP3->OutputToScreen('<font color="blue">Header[From]:</font>        [<font color="navy">'.htmlentities(@$ParsedHeader['from'][0]).'</font>]'."\n");					$phPOP3->OutputToScreen('<font color="blue">Header[Subject]:</font>     [<font color="navy">'.htmlentities(@$ParsedHeader['subject'][0]).'</font>]'."\n");