Add files via upload

Author: savetz

db_config.php

@@ -0,0 +1,15 @@
+<?
+$conn_hostname="localhost"; //mysql hostname
+$conn_username=''; // mysql username
+$conn_password=''; //mysql password
+$conn_database=''; // mysql database
+$from_email=''; // email address to use for notifications and reports. It should be the same email address that pipes to tasks_me.php so user can simply reply to the emails to enter their tasks.
+$main_reminder_subject='What did you do today?'; //email subject for the daily reminder.
+$group_name="Example Group Name"; // name of the group. Used in email
+$html2text_loc='html2text/'; // The location of html2text.php
+date_default_timezone_set('America/Los_Angeles'); //Sets the timezone used for scheduling reports
+$time_to_act=15; // Emails are to be sent once when the script is run within $time_to_act minutes past the designated time. Default value is 15
+				//The cron job should be run at a smaller interval than this value
+
+$cool_down_time=5; // Timestamps for the previous email are deleted after the $cool_down_time minutes after the timestamp. This is to prevent accidental spam
+?>

html2text/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Jevon Wright
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

html2text/html2text.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * This file is available if you still want to use functions rather than
+ * autoloading classes.
+ */
+
+require_once(__DIR__ . "/src/Html2Text.php");
+require_once(__DIR__ . "/src/Html2TextException.php");
+
+function convert_html_to_text($html, $ignore_error = false) {
+	return Soundasleep\Html2Text::convert($html, $ignore_error);
+}
+
+function fix_newlines($text) {
+	return Soundasleep\Html2Text::fixNewlines($text);
+}
+?>

html2text/src/Html2Text.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace Soundasleep;
+
+class Html2TextException extends \Exception {
+
+	var $more_info;
+
+	public function __construct($message = "", $more_info = "") {
+		parent::__construct($message);
+		$this->more_info = $more_info;
+	}
+
+}

html2text/src/Html2TextException.php

@@ -0,0 +1,31 @@
+Introduction: 
+This project contains two main components.
+
+tasks_me.php: A program to process emails sent by registered user and record the content as tasks. The program presumes 1 tasks per line in the email.
+A email forwarder must be setup to pipe to it.
+
+task_reports.php: A program meant to run as a cron script, to sort the recorded tasks by time and user, and sends out a report to all appropriate users at the specified time of day. It also sends out reminders and extra reminders each day at specified time.
+The assumption to not send out reports is currently hardcoded into the program.
+
+Third party requirement: 
+PHP 5.6+
+Included a copy of html2text from https://github.com/soundasleep/html2text per MIT License.
+
+Installation steps.
+
+1. tasks_me.php needs to be set to 0755 permission so it's executable.
+2. The top of tasks_me.php needs to point to the correct php path
+3. tasks_me.php must have Unix EOL or the piping will not work
+4. html2text must be installed, and its path specified in db_config.php. A copy is included since it is MIT License
+5. db_config.php must be filled in with mysql user credential with all privileges.
+6. Run setup.php.
+7. Copy the tasks_admin folder to a web accessible location. It is a dashboard for modifying settings and add users.
+8. The db_config.php file in the admin folder must correctly include the real db_config.php in the same folder as setup.php 
+9. Access the dashboard in /tasks_admin/index.php. Register users and configure the report schedule.
+User types
+Normal: Gets regular, extra reminder, and reports. Can input complete tasks.
+Super: Like Normal user, but does not get extra reminder.
+Script: Is an automated emailing script. Can input complete task, but does not receive any email.
+
+10. Add task_reports to cron. 5 minutes intervals recommended.
+

read_me.txt

@@ -0,0 +1,106 @@
+<?
+/*
+Checks if settings in db_config can connect to the database.
+Checks if tasks_me.php has preferred permissions set
+Checks if html2text.php exists in specified location
+Validates email address contained in $from_email
+Create tables if doesn't exist.
+Will also set and reset the admin password.
+*/
+if (file_exists('db_config.php'))
+{
+	require_once('db_config.php');
+}
+else
+{
+	die ('Error: cannot find db_config.php');
+}
+if (!filter_var($from_email, FILTER_VALIDATE_EMAIL)) 
+{
+	die ('Error: $from_email variable in db_config must contain a valid email address from your domain.');
+}
+
+if (!file_exists($html2text_loc.'html2text.php'))
+{
+
+	echo 'Error: html2text.php cannot be found in the location specified in db_config.php'."\n";
+}
+$tasks_me_permission = substr(sprintf('%o',fileperms('tasks_me.php')), -4);
+
+if ($tasks_me_permission!='0755')
+{
+	echo 'Permissibon for tasks_me.php is currently set to '.$tasks_me_permission.". It is highly recommended that the permission is set to 0755.\n";
+}
+
+$dbh = mysqli_connect($conn_hostname, $conn_username, $conn_password,$conn_database);
+if (!$dbh)
+{
+	echo 'Error: Cannot connect to database. Please check settings in db_config.php'."\n";
+}
+
+//Create config table
+
+$SQL="CREATE TABLE IF NOT EXISTS `config` (
+  `config_id` int(11) NOT NULL AUTO_INCREMENT,
+  `admin_pw` blob NOT NULL,
+  `daily_report_time` time NOT NULL,
+  `reminder_time` int(11) NOT NULL,
+  `daily_reminder_time` time NOT NULL,
+  PRIMARY KEY (config_id)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;";
+mysqli_query($dbh, $SQL) or die (mysqli_error($dbh));
+
+// Create email_history table
+$SQL="CREATE TABLE IF NOT EXISTS `email_history` (
+  `email_type` varchar(200) NOT NULL,
+  `prev_email_unix_time` int(13) NOT NULL DEFAULT '0',
+  PRIMARY KEY (email_type)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;";
+mysqli_query($dbh, $SQL) or die (mysqli_error($dbh));
+
+
+$SQL="CREATE TABLE IF NOT EXISTS tasks (`task_id` int(11) NOT NULL AUTO_INCREMENT,`user_id` int(11) NOT NULL ,`body` text COLLATE utf8_unicode_ci NOT NULL,`occurred_on` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (task_id)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;";
+mysqli_query($dbh, $SQL) or die (mysqli_error($dbh));
+
+$SQL="CREATE TABLE IF NOT EXISTS `users` (
+  `user_id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_email_address` varchar(200) NOT NULL,
+  `user_name` varchar(200) NOT NULL,
+  `status` varchar(30) DEFAULT NULL,
+  `user_type` varchar(100) DEFAULT NULL,
+  PRIMARY KEY (user_id)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;";
+mysqli_query($dbh, $SQL) or die (mysqli_error($dbh));
+
+$done=false;
+while ($done==false)
+{
+	echo "Set Admin password (8 characters minimum): ";
+	$handle = fopen ("php://stdin","r");
+	$password = trim(fgets($handle));
+	if (strlen($password)>=8)
+	{
+		echo "Please confirm password again: ";
+		$handle = fopen ("php://stdin","r");
+		$password_cc = trim(fgets($handle));
+		if ($password==$password_cc)
+		{
+			$done=true;	
+		}
+		else
+		{
+			echo "Passwords do not match\n";
+		}
+	}
+}
+	$options = ['cost' => 11];
+$hash=password_hash($password, PASSWORD_BCRYPT, $options);
+
+$hash = base64_encode($hash);
+$hash = mysqli_real_escape_string($dbh,$hash);
+$SQL="INSERT INTO config (config_id,admin_pw,daily_report_time,reminder_time,daily_reminder_time) VALUES (1,'$hash','12:00:00',1,'19:00:00') ON DUPLICATE KEY UPDATE admin_pw = '$hash'";
+
+mysqli_query($dbh,$SQL);
+echo mysqli_error($dbh);
+echo "Admin password set.\nPlease complete the configuration using the admin dashboard.";
+?>

setup.php

@@ -0,0 +1,4 @@
+<?
+include '/var/www/sites/fpincludes/tasks/db_config.php';
+
+?>

task_reports.php

@@ -0,0 +1,61 @@
+<?
+
+require_once('db_config.php');
+session_start();
+if (isset($_SESSION['authenticated']) && $_SESSION['authenticated']==1 && isset($_SESSION['login_expiration']) && $_SESSION['login_expiration'] >=time() && $_SESSION['login_expiration'] <=time()+10*60)
+{
+//file_put_contents('/var/www/sites/savetzpublishing.com/tasks_admin/post_log.txt', print_r($_POST, true).print_r($_SESSION,true),FILE_APPEND);
+$dbh = mysqli_connect($conn_hostname, $conn_username, $conn_password,$conn_database);
+$error=mysqli_error($dbh);
+if ($error)
+{
+	die ($error);
+}
+$user_email_address=trim($_POST['user_email_address']);
+$user_name=trim($_POST['user_name']);
+$valid_status_array=array('active','inactive');
+$valid_user_type_array=array('normal','super','inactive','script');
+$user_type=trim($_POST['user_type']);
+$status=trim($_POST['status']);
+if (!in_array($status,$valid_status_array))
+{
+	die('Error: Invalid user status.');
+}
+if (!in_array($user_type,$valid_user_type_array))
+{
+	die('Error: Invalid user type.');
+}
+if ($user_name=='')
+{
+	die ('Error: Empty user name.');
+}
+if (!filter_var($user_email_address, FILTER_VALIDATE_EMAIL)) 
+{
+	die ('Invalid user email');
+}
+// check email duplicate
+$user_id=intval(trim($_POST['user_id']));
+
+$user_email_address=mysqli_real_escape_string($dbh, $user_email_address);
+
+$check_duplicate_email="SELECT * FROM users WHERE user_id != $user_id AND user_email_address LIKE '$user_email_address' LIMIT 1";
+$result=mysqli_query($dbh, $check_duplicate_email);
+if (mysqli_num_rows($result)==1)
+{
+	die('Error: Email address already used by another user.');
+}
+	
+
+$user_name=mysqli_real_escape_string($dbh, trim($_POST['user_name']));
+
+$SQL="UPDATE users SET user_email_address='$user_email_address', user_name='$user_name', status='$status', user_type='$user_type' WHERE user_id=$user_id LIMIT 1";
+mysqli_query($dbh,$SQL);
+
+echo 'Changes to '.$_POST['user_email_address'].' updated.';
+	
+}
+else
+{
+echo 'Authentication expired. Please reload the page to relogin.';
+}
+?>

tasks_admin/db_config.php

@@ -0,0 +1,5 @@
+input[type="time"] 
+{
+	
+	min-width:110px;
+}

tasks_admin/index.php

@@ -0,0 +1,177 @@
+#!/usr/local/bin/php -q
+<?
+/*
+
+This script processes incoming email from registered accounts line by line into task entries in the database.
+
+Requires https://github.com/soundasleep/html2text
+
+If more robust reply parsing is needed, check 
+  https://github.com/willdurand/EmailReplyParser
+  https://pastebin.com/J0R5aCR1
+*/
+
+
+require_once('db_config.php');
+$dbh = mysqli_connect($conn_hostname, $conn_username, $conn_password,$conn_database);
+mysqli_set_charset($dbh,'utf8'); //sets connection charset to utf8 so smart quotes and other chars are stored correctly
+
+
+// read from stdin
+
+$fd = fopen("php://stdin", "r");
+$email = "";
+
+
+while (!feof($fd)) {
+    $email .= fread($fd, 1024);
+}
+
+
+fclose($fd);
+
+
+function is_registered_email($email)
+{
+	/* 
+	
+	looks for registered email address in user table
+	
+	*/
+
+	global $dbh;
+	$email=mysqli_real_escape_string($dbh,$email);
+	
+
+	$SQL="SELECT * FROM users where user_email_address='$email' AND status='active' LIMIT 1";
+	$result=mysqli_query($dbh,$SQL);
+
+	if ($result)
+	{
+
+		return mysqli_fetch_assoc($result);
+	}
+	return false;
+	
+}
+$hit = preg_match('/\AFrom (?P<email_addr>[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})\b/i',$email,$matches); //find incoming email address
+$hit = true;
+if(!$hit) {
+
+    die();
+}
+$email_addr=trim($matches['email_addr']);
+
+if (!filter_var($email_addr, FILTER_VALIDATE_EMAIL,FILTER_NULL_ON_FAILURE)) //validate email address
+{
+	die();
+}
+$user_match=is_registered_email($email_addr); // checks if it's from a registered email address
+if (!$user_match)
+{
+	die();
+}
+
+
+	$hit = preg_match('/boundary=(?P<boundary>.+)/i',$email,$matches);
+if (!$hit) // cannot find boundary. Might be pure plain text?
+{
+	//if ($user_match['user_type']=='script') // removed this condition because iPhone will send text-only non-multipart mail
+
+	// Remove all lines that starts with html keywords
+	$text_content_array=preg_split('/^Date\:.*/mi',$email);
+	
+	$text_content=$text_content_array[1];
+	$text_content=quoted_printable_decode($text_content); // decode quoted printable content
+	$email_keyword_pattern='/^[\w\-]+:.*?(\r\n|\n|\r){2,}/mis';
+	$text_content=preg_replace($email_keyword_pattern,'',$text_content,1);
+	
+	if (stristr($text_content_array[0], "Content-Type: text/html") !== false)
+	{
+		require_once($html2text_loc.'html2text.php');
+		$text_content= trim(convert_html_to_text($text_content));
+	}
+	  
+	$text_content= preg_replace('/(^\w.+:\n)?(^>.*(\n|$)){2,}/mi', '', $text_content); // strip out replies
+
+	$quoted_email=preg_quote($from_email,'/');	
+	$text_content= preg_replace('/(\r\n|\n|\r){1}[^\n\r]*' . $quoted_email. '(.|\r\n|\n|\r)*/is', '', $text_content,1); // strip out auto inserted reply text from reminder email
+	$quoted_email=preg_quote(trim($email_addr),'/');
+	$text_content= preg_replace('/(\r\n|\n|\r){1}[^\n\r]*' . $quoted_email. '(.|\r\n|\n|\r)*/is', '', $text_content,1); // strip out auto inserted reply text from sender email
+
+
+}
+else
+{
+	$matches['boundary']=trim($matches['boundary'],'"');
+	$boundary_str='/'.preg_quote('--'.$matches['boundary']).'/';
+	$content_array=preg_split($boundary_str,$email);
+	array_shift($content_array);
+
+	$text_content=false;
+
+	foreach ($content_array as $segment)
+	{
+		
+		if (stristr($segment, "Content-Type: text/html") !== false)
+		{
+			$text_content = trim(preg_replace('/Content-Type:[^;]+;(\s*charset=.*)?/i', "", $segment));
+			$text_content = trim(preg_replace('/Content-(Type|ID|Disposition|Transfer-Encoding):.*?(\r\n|\n|\r)/is', "", $text_content));
+			$text_content=quoted_printable_decode($text_content); // decode quoted printable content
+			require_once($html2text_loc.'html2text.php');
+
+			$text_content= trim(convert_html_to_text($text_content));
+		  
+			$text_content= preg_replace('/(^\w.+:\n)?(^>.*(\n|$)){2,}/mi', '', $text_content); // strip out replies
+
+			$quoted_email=preg_quote($from_email,'/');	
+			$text_content= preg_replace('/(\r\n|\n|\r){1}[^\n\r]*' . $quoted_email. '(.|\r\n|\n|\r)*/is', '', $text_content,1); // strip out auto inserted reply text from reminder email 
+			$quoted_email=preg_quote(trim($email_addr),'/');
+			$text_content= preg_replace('/(\r\n|\n|\r){1}[^\n\r]*' . $quoted_email. '(.|\r\n|\n|\r)*/is', '', $text_content,1); // strip out auto inserted reply text from sender email
+
+
+			break;
+		}
+		
+	}
+
+
+	if (!$text_content) // can't find html. Try to look for plain text
+	{
+		foreach ($content_array as $segment)
+		{
+			 if (stristr($segment, "Content-Type: text/plain") !== false)
+			{
+				$text_content = trim(preg_replace('/Content-Type:[^;]+;(\s*charset=.*)?/i', "", $segment));
+				$text_content = trim(preg_replace('/Content-(Type|ID|Disposition|Transfer-Encoding):.*?(\r\n|\n|\r)/is', "", $text_content));
+				$text_content=quoted_printable_decode($text_content);
+
+				$text_content= preg_replace('/(^\w.+:\n)?(^>.*(\n|$)){2,}/mi', '', $text_content); // strip out replies
+
+				 // need to remove auto inserted texts in reply
+				$quoted_email=preg_quote('tasks@savetzpublishing.com','/');	
+				$text_content= preg_replace('/(\r\n|\n|\r){1}[^\n\r]*' . $quoted_email. '(.|\r\n|\n|\r)*/is', '', $text_content,1); // strip out auto inserted reply text
+				$quoted_email=preg_quote(trim($email_addr),'/');
+				$text_content= preg_replace('/(\r\n|\n|\r){1}[^\n\r]*' . $quoted_email. '(.|\r\n|\n|\r)*/is', '', $text_content,1); // strip out auto inserted reply text
+
+				break;
+			}
+		}
+		
+	}
+}
+$tasks_array=preg_split("/\r\n|\n|\r/", $text_content); // split lines into tasks and record each task
+
+ 
+foreach ($tasks_array as $task)
+{
+	if (trim($task)!='')
+	{
+		$task=mysqli_real_escape_string($dbh,$task);
+		$user_id=$user_match['user_id'];
+		$SQL="INSERT INTO tasks (user_id, body) VALUES ($user_id, '$task')";
+
+		mysqli_query($dbh,$SQL);
+	}
+}
+?>