lukasdotcom/website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove mail

Browse Source 
Signed-off-by: Lukas Schaefer <lukas@lschaefer.xyz>
This commit is contained in:
Lukas Schaefer
2026-01-11 22:41:26 -05:00
parent 337007ae38
commit 436e206277
8 changed files with 1 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -15,6 +15,5 @@ error.log
/python/update.sh /python/update.sh
!/html/composer.json !/html/composer.json
/html/composer.lock /html/composer.lock
/html/vendor/
.DS_STORE .DS_STORE
.env .env

47
html/api/mail.php
View File

@@ -1,47 +0,0 @@
<?php
require_once "api.php";
if (! $PRIVILEGE["mail"]) { // Makes sure that the person has the right privilege
missingPrivilege($USERNAME);
exit();
}
use PHPMailer\PHPMailer\PHPMailer;
if (array_key_exists("mail", $OGPOST) and array_key_exists("sender", $OGPOST) and array_key_exists("subject", $OGPOST) and array_key_exists("body", $OGPOST)) {
$mail = new PHPMailer(true);
try {
// Server Settings
$mail->SMTPDebug = 0; // Prevents debugging
$mail->isSMTP(); // Enables SMTP
// Gets the smtp server data
$jsonInfo = file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/config.json");
$jsonData = json_decode($jsonInfo, true);
$mail->Host = $jsonData["mail"]["server"]; // Specify SMTP server
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = $jsonData["mail"]["username"]; // SMTP username
$mail->Password = $jsonData["mail"]["password"]; // SMTP password
$mail->SMTPSecure = 'tls';//PHPMailer::ENCRYPTION_STARTTLS; Enable TLS encryption, `PHPMailer::ENCRYPTION_SMTPS` also accepted
$mail->Port = $jsonData["mail"]["port"]; // TCP port to connect to
// Message content
$mail->isHTML(true); // Set email format to HTML
$mail->Subject = $OGPOST["subject"]; // The subject
$mail->Body = $OGPOST["body"]; // The body of the email
// Recipients
if (array_key_exists("senderName", $OGPOST)) { // Who to send it from. This will check if a short name was given
$mail->setFrom($OGPOST["sender"], $OGPOST["senderName"]);
} else {
$mail->setFrom($OGPOST["sender"]);
}
$mail->addAddress($OGPOST["mail"]); // Add a recipient
$mail->send();
echo "sent email";
$sender = $_POST["sender"];
$reciever = $_POST["mail"];
writeLog(29, "Sent email from $sender to $reciever with user $USERNAME and ip $address");
} catch (Exception $e) { // Used to make sure errors are reported
http_response_code(500);
echo $e->errorMessage();
}
} else {
http_response_code(400);
echo "Invalid command";
}

5
html/composer.json
View File

@@ -1,5 +0,0 @@
{
"require": {
"phpmailer/phpmailer": "6.8.*"
}
}

47
html/email/index.js
View File

@@ -1,47 +0,0 @@
function render() {
// Explanation of how this securly renders the untrusted html input.
// https://making.close.com/posts/rendering-untrusted-html-email-safely
$("#render").attr("srcdoc", `
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Roboto&display=swap" rel="stylesheet">
<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
<base target="_blank">
<style>
body {
background-color: black;
color: white;
font-family:'Roboto', sans-serif;
}
</style>
</head>
<body>${$("#body").val()}</body>
</html>`);
}
$(document).ready(function() {
$("#send").button()
render();
$("#renderButton").click(render);
$("#send").click(function() { // Used to send an email.
const ajax = new XMLHttpRequest;
$("#send").text("Sending");
$("#send").button("disable");
ajax.onload = function() {
if (ajax.status != 200) {
JQerror(this.responseText);
$("#send").text("Failed To Send");
} else {
$("#send").text("Sent");
}
setTimeout(function() {$("#send").text("Send");$("#send").button("enable");}, 1000)
}
ajax.open("POST", `/api/mail.php`);
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
ajax.send(`mail=${encodeURI($("#reciever").val())}&senderName=${encodeURI($("#senderName").val())}&sender=${encodeURI($("#sender").val())}&subject=${encodeURI($("#subject").val())}&body=${encodeURI($("#body").val())}&key='${getCookie('user')}'`);
});
});

57
html/email/index.php
View File

@@ -1,57 +0,0 @@
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<title>
Email
</title>
<?php
$DESCRIPTION = "A way to easily send emails through an SMTP server.";
require_once '../include/all.php';
?>
</head>
<body>
<?php
include '../include/menu.php';
echo "<div class='main'>";
if (! $USERNAME) {
echo "<h2>You are not logged in redirecting...</h2>";
header("Refresh:3; url=/login.php", true);
http_response_code(401);
} else if (! $PRIVILEGE["mail"]) {
http_response_code(403);
header("Refresh:3; url=/index.php", true);
echo "<h2>Forbidden redirecting...</h2>";
} else {
?>
<script type="text/javascript" src="index.js"></script>
<h1>Send Emails</h1>
<label for="sender">Sending Email: </label>
<input name="sender" id="sender">
<label for="senderName">Short Name: </label>
<input name="senderName" id="senderName">
<br>
<label for="reciever">Recipient's Email: </label>
<input name="reciever" id="reciever">
<br>
<label for="subject">Subject: </label>
<input name="subject" id="subject">
<br>
<p style="color: red;">Warning do not paste unsafe input into the textbox below</p>
<label for="body">Body: </label>
<br>
<textarea name="body" id="body" style="width: 100%;" rows="10"></textarea>
<button id="renderButton">Render Preview</button>
<h3>HTML Render of Email</h3>
<iframe id="render" width="100%" height="300px" srcdoc="" sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin"></iframe>
<br>
<button id="send">Send</button>
<?php
}
?>
</div>
</body>
</html>

1
html/include/functions.php
View File

@@ -1,5 +1,4 @@
<?php <?php
require __DIR__ . '/../vendor/autoload.php'; # Loads all composer files
$jsonInfo = file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/config.json"); $jsonInfo = file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/config.json");
$jsonData = json_decode($jsonInfo, true); $jsonData = json_decode($jsonInfo, true);

1
html/include/menu.php
View File

@@ -18,7 +18,6 @@
["Electricity Log", "/electricity.php"], ["Electricity Log", "/electricity.php"],
["privilege", "viewLog", "/log/index.php", "Server Log"], ["privilege", "viewLog", "/log/index.php", "Server Log"],
["privilege", "viewBackup", "/backup/index.php", "Backups"], ["privilege", "viewBackup", "/backup/index.php", "Backups"],
["privilege", "mail", "/email/index.php", "Email"],
["user", "/usermenu/index.php", "User Menu"], ["user", "/usermenu/index.php", "User Menu"],
["user", "/usermenu/key.php", "Session Manager"], ["user", "/usermenu/key.php", "Session Manager"],
["notUser", "/login.php", "Login/Signup"], ["notUser", "/login.php", "Login/Signup"],

16
python/restart.py
View File

@@ -59,16 +59,12 @@ try:
os.system("chown -R root:root " + configFilePath) os.system("chown -R root:root " + configFilePath)
configFilePath = configFilePath + "config.json" configFilePath = configFilePath + "config.json"
# Will find the location where the config should be located. # Will find the location where the config should be located.
location = __file__[: __file__.rindex("/python/restart.py") + 1] + "html" location = __file__[: __file__.rindex("/python/restart.py") + 1] + "html/"
# Creates config with the enviromental variables # Creates config with the enviromental variables
developmentMachine = os.getenv("WEBSITE_DEVELOPER", "false") == "true" developmentMachine = os.getenv("WEBSITE_DEVELOPER", "false") == "true"
# This stores a list for the default config # This stores a list for the default config
envConfiguration = [ envConfiguration = [
[["passwordOptions", "cost"], int(os.getenv("PASSWORD_ROUNDS", "10"))], [["passwordOptions", "cost"], int(os.getenv("PASSWORD_ROUNDS", "10"))],
[["mail", "server"], os.getenv("MAIL_SMTP_SERVER", "smtp.sendgrid.net")],
[["mail", "username"], os.getenv("MAIL_USERNAME", "apikey")],
[["mail", "password"], os.getenv("MAIL_PASSWORD", "none")],
[["mail", "port"], int(os.getenv("MAIL_SMTP_PORT", "587"))],
[["database", "username"], os.getenv("DATABASE_USERNAME", "admin")], [["database", "username"], os.getenv("DATABASE_USERNAME", "admin")],
[["database", "name"], os.getenv("DATABASE_NAME", "website")], [["database", "name"], os.getenv("DATABASE_NAME", "website")],
[["database", "password"], os.getenv("DATABASE_PASSWORD", "password")], [["database", "password"], os.getenv("DATABASE_PASSWORD", "password")],
@@ -280,16 +276,6 @@ try:
f"DELETE FROM cookieClicker WHERE lastUpdate<{(time.time()-86400*30)*1000}" f"DELETE FROM cookieClicker WHERE lastUpdate<{(time.time()-86400*30)*1000}"
) # Removes cookie clicker data that has not been touched for a month ) # Removes cookie clicker data that has not been touched for a month
writeLog("Server maintenance ran succesfully.", 12) writeLog("Server maintenance ran succesfully.", 12)
# Makes sure that the vendor folder is blocked
try:
os.remove(location + "vendor/.htaccess")
except:
1
with open(location + "vendor/.htaccess", "w") as f:
f.write(
"""Order allow,deny
Deny from all"""
)
# Waits until the database is ready # Waits until the database is ready
while True: while True: