X-Git-Url: http://git.datanom.net/qtadmin.git/blobdiff_plain/6df4b8055a0e63b554ed211760ab1aa5cb431306..c6e155714d4facf6297b5159057c1483a59609c8:/message_view.php?ds=sidebyside

diff --git a/message_view.php b/message_view.php
index 03cced9..93cc339 100644
--- a/message_view.php
+++ b/message_view.php
@@ -1,96 +1,101 @@
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
-	require_once 'Mail/mimeDecode.php';
-	require_once 'config.php';
-	require_once $CFG->root . 'lib/db_factory.php';
-	require_once $CFG->root . 'lib/utils.inc.php';
+    require_once 'Mail/mimeDecode.php';
+    require_once 'config.php';
+    require_once $CFG->root . 'lib/db_factory.php';
+    require_once $CFG->root . 'lib/utils.inc.php';
 
-	$util = Utils::getInstance();
-	$loggedIn = $util->isLoggedIn();
-	if ($loggedIn && isset($_GET['id'])) {
+    $util = new Utils;
+    $loggedIn = $util->isLoggedIn();
+    if ($loggedIn && isset($_GET['id'])) {
         $id = $_GET['id'];
         $id = urldecode($id);
 
-		$util->setHeading("Message ID : $id");
-		echo $util->getHeader();
-		echo $util->getHeading();
+        $mail = unserialize($_SESSION['mailInfo'][$id]);
 
-		$mail = unserialize($_SESSION['mailInfo'][$id]);
+        if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
+            header('Location: qtadmin.php');
+            exit;
+        }
 
-		$row = $DB->getMail($id);
-		$string = $row->mail_text;
-		$sa_tests = null;
-		$params['include_bodies'] = true;
-		$params['decode_bodies']  = true;
-		$params['decode_headers'] = true;
-		$params['input']          = $string;
-		$params['crlf']           = "\r\n";
-		
-		$structure = Mail_mimeDecode::decode($params);
-		$headers = $structure->headers;
+        $util->setHeading("Message ID : $id");
+        echo $util->getHeader();
+        echo $util->getHeading();
+
+        $row = $DB->getMail($id);
+        $string = $row->mail_text;
+        $sa_tests = null;
+        $params['include_bodies'] = true;
+        $params['decode_bodies']  = true;
+        $params['decode_headers'] = true;
+        $params['input']          = $string;
+        $params['crlf']           = "\r\n";
+
+        $structure = Mail_mimeDecode::decode($params);
+        $headers = $structure->headers;
 
         echo '<table class="button-menu">';
         echo '<tr class="button-row">';
-        echo '<td class="button"><input class="btn-input" type="button" value="Return" 
+        echo '<td class="button"><input class="btn-input" type="button" value="Return"
               onclick="javascript: history.back();"/></td>';
         echo '</tr></table>';
 
-		echo '<table><tr>';
-		$from = $headers['from'];
-		$from = str_replace("<", "&lt;", $from);
-		$from = str_replace(">", "&gt;", $from);
-		echo "<tr><td class=\"label\">From</td><td class=\"value\">$from</td></tr>";
-		$to = $headers['to'];
-		$to = str_replace("<", "&lt;", $to);
-		$to = str_replace(">", "&gt;", $to);
-		echo "<tr><td class=\"label\">To</td><td class=\"value\">$to</td></tr>";
-		$date = $headers['date'];
-		$date = str_replace("<", "&lt;", $date);
-		$date = str_replace(">", "&gt;", $date);
-		echo "<tr><td class=\"label\">Date</td><td class=\"value\">$date</td></tr>";
-		echo "<tr><td class=\"label\">Subject</td><td class=\"value\">".$headers['subject']."</td></tr>";
-		echo '<tr><td class="label">Body</td><td class="value">';
-		if (isset($structure->parts)) {
-			foreach ($structure->parts as $part) {
-				if ($_GET['format'] == 'html') {
-					if ($part->ctype_primary=="text" and $part->ctype_secondary=="html") {
-						$bodytext = str_replace("\n", " ",$part->body);
-						$bodytext = str_replace("<body>", "", $bodytext);
-						$bodytext = str_replace("</body>", "", $bodytext);
-                                                $bodytext = str_replace("<head>", "", $bodytext);
-                                                $bodytext = str_replace("</head>", "", $bodytext);
-						$bodytext = str_replace("<html>", "", $bodytext);
-						$bodytext = str_replace("</html>", "", $bodytext);
-						echo $bodytext;
-					}
-				} else {
-					if ($part->ctype_primary=="text" and $part->ctype_secondary=="plain") {
-						$bodytext = str_replace("\n", "<br />",$part->body);
-						echo $bodytext;
-					}
-				}
-			}
-		} else {
-			if ($_GET['format'] == 'html') {
-				$bodytext = str_replace("\n", " ",$structure->body);
-				$bodytext = str_replace("<body>", "", $bodytext);
-				$bodytext = str_replace("</body>", "", $bodytext);
-                                $bodytext = str_replace("<head>", "", $bodytext);
-                                $bodytext = str_replace("</head>", "", $bodytext);
+        echo '<table>';
+        $from = $headers['from'];
+        $from = str_replace("<", "&lt;", $from);
+        $from = str_replace(">", "&gt;", $from);
+        echo "<tr><td class=\"label\">From</td><td class=\"value\">$from</td></tr>";
+        $to = $headers['to'];
+        $to = str_replace("<", "&lt;", $to);
+        $to = str_replace(">", "&gt;", $to);
+        echo "<tr><td class=\"label\">To</td><td class=\"value\">$to</td></tr>";
+        $date = $headers['date'];
+        $date = str_replace("<", "&lt;", $date);
+        $date = str_replace(">", "&gt;", $date);
+        echo "<tr><td class=\"label\">Date</td><td class=\"value\">$date</td></tr>";
+        echo "<tr><td class=\"label\">Subject</td><td class=\"value\">".$headers['subject']."</td></tr>";
+        echo '<tr><td class="label">Body</td><td class="value">';
+        if (isset($structure->parts)) {
+            foreach ($structure->parts as $part) {
+                if ($_GET['format'] == 'html') {
+                    if ($part->ctype_primary=="text" and $part->ctype_secondary=="html") {
+                        $bodytext = str_replace("\n", " ",$part->body);
+                        $bodytext = str_replace("<body>", "", $bodytext);
+                        $bodytext = str_replace("</body>", "", $bodytext);
+                        $bodytext = str_replace("<head>", "", $bodytext);
+                        $bodytext = str_replace("</head>", "", $bodytext);
+                        $bodytext = str_replace("<html>", "", $bodytext);
+                        $bodytext = str_replace("</html>", "", $bodytext);
+                        echo $bodytext;
+                    }
+                } else {
+                    if ($part->ctype_primary=="text" and $part->ctype_secondary=="plain") {
+                        $bodytext = str_replace("\n", "<br />",$part->body);
+                        echo $bodytext;
+                    }
+                }
+            }
+        } else {
+            if ($_GET['format'] == 'html') {
+                $bodytext = str_replace("\n", " ",$structure->body);
+                $bodytext = str_replace("<body>", "", $bodytext);
+                $bodytext = str_replace("</body>", "", $bodytext);
+                $bodytext = str_replace("<head>", "", $bodytext);
+                $bodytext = str_replace("</head>", "", $bodytext);
 
-				$bodytext = str_replace("<html>", "", $bodytext);
-				$bodytext = str_replace("</html>", "", $bodytext);
-				echo $bodytext;
-			} else {
-				$bodytext = $structure->body;		
-				$bodytext = wordwrap($bodytext, 90, "<br/>");
-				echo $bodytext;
-			}
-		}
-		echo '</td></tr></table>';
-		echo $util->getFooter();
+                $bodytext = str_replace("<html>", "", $bodytext);
+                $bodytext = str_replace("</html>", "", $bodytext);
+                echo $bodytext;
+            } else {
+                $bodytext = $structure->body;
+                $bodytext = wordwrap($bodytext, 90, "<br/>");
+                echo $bodytext;
+            }
+        }
+        echo '</td></tr></table>';
+        echo $util->getFooter();
     } else if ($loggedIn) {
-        header('Location: index.php');
+        header('Location: qtadmin.php');
     } else {
         header('Location: auth.php');
     }