<?
// Wriiten by Spike^ekipS <spike@spikeekips.net>

include_once "./setting.php";

include_once $global["root"] . "/lib/Site.php";

$Site = new Site;
$Site->init("mail");

extract($_GET); // argument

#-------------------------------------------------------------- include
include_once $global["root"] . "/module/message/function/parseContent.php";

//-------------------------------------------------- sql
$SQL_GET_CONTENT_CID =
	"select SQL_CACHE isCid, cid, headerCid from mail_%s where no = '%d'";
$SQL_GET_CONTENT_PAYLOAD = "select SQL_CACHE isPayload, payload, headerPayload
	 from mail_%s where no = '%s'";
$SQL_GET_CONTENT_HTML =
	"select SQL_CACHE htmlBody, isCid, headerCid from mail_%s where no = '%s'";

//-------------------------------------------------- sql
switch ($method) {

	case ("cid") :
		$a = $Site->DB->fetch_one(
			sprintf($SQL_GET_CONTENT_CID, $_SESSION["config_id"], $no));

		if ($a["isCid"] == 0) exit;

		$b = parseContent($a["headerCid"], "cid");

		$_cid = explode(";", $a["cid"]);

		$__cid_fliename = sprintf("%s/cid/%s/%s",
			$global["data"], $_SESSION["config_id"], $_cid[$n]);

		$fd = fopen($__cid_fliename, "rb");
		//$data = fread($fd, filesize($__cid_fliename));

		$type = $b[$n]["type"];
		$filename = $b[$n]["filename"];

	break;
	case ("payload") :
		$a = $Site->DB->fetch_one(
			sprintf($SQL_GET_CONTENT_PAYLOAD, $_SESSION["config_id"], $no));

		if ($a["isPayload"] == 0) exit;

		$b = parseContent($a["headerPayload"], "payload");

		$_payload = explode(";", $a["payload"]);

		$__payload_fliename = sprintf("%s/payload/%s/%s",
			$global["data"], $_SESSION["config_id"], $_payload[$n]);

		$fd = fopen($__payload_fliename, "rb");

		$type = $b[$n]["type"];
		$filename = $b[$n]["filename"];

	break;
	case ("html") :
		$a = $Site->DB->fetch_one(
			sprintf($SQL_GET_CONTENT_HTML, $_SESSION["config_id"], $no));

		if ($a["isCid"]) {
			$f = parseContent($a["headerCid"], "cid"); // check cid
		}

		$g = $a["htmlBody"];
		$n = count($f);
		for ($i = 0; $i < $n; $i++) {

			$h = $_SESSION["user_www_url"] .
				"/module/message/action/getContent?method=cid&no=" . $no . "&n=" . $i;

			$g = ereg_replace("cid:" . $f[$i]["id"], $h, $g);

			// prevent mugling of "img src script".
			$g = preg_replace("/<img .*src=[a-z0-9\"']*script:[^>]+>/i", "", $g);
		}

		$type = "text/html";

		$g = eregi_replace("<a ", "<a target=awindow ", $g); // altering link.
		$data = eregi_replace("<script", "<span", $g); // preventing script kiddy.
	break;
}

$Site->end();

Header("Content-type: " . $type);

if ($filename) {
	Header("Content-Disposition: inline; filename=\"" . $filename . "\"");
}

//echo $data;
fpassthru($fd);

?>
