#!/usr/bin/perl -wT
# pop-send.cgi

use strict;
use CGI qw(:standard);
use MIME::Parser;
use Net::SMTP;
use Untaint;
use CGI::Carp qw(fatalsToBrowser);

my $cookie = cookie('WebMail') || 0;

my ($user, $pass, $server);

if (!$cookie) {
	print redirect("pop-login.html"); exit;
}else{
	($user, $pass, $server) = split(" ",$cookie);
}

$server = untaint(qr(.*), $server);
$user = untaint(qr(^\w{1,8}$), $user);
$pass = untaint(qr(^\w{1,8}$), $pass);

my @to = split(/;\s+/,param('to'));
my @cc = split(/;\s+/,param('cc'));
my $subject = param('subject');
my @body = split(/\n/,param('body'));
my $top = build MIME::Entity ('X-Mailer' => 'WebMail',
				  -From => "$user\@$server",
				  -To => \@to,
				  -Cc => \@cc,
				  -Subject => $subject,
				  Data => \@body
				 );

my $smtp = new Net::SMTP ('smtp.host.com');

$smtp->mail("$user\@$server");
$smtp->to(@to, @cc);
$smtp->data();
$smtp->datasend($top->stringify);
$smtp->dataend();
$smtp->quit;

print redirect('index.cgi');

exit;