PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE=>PDO::FETCH_ASSOC] ); // ensure reset tokens table exists for older installs $p->exec("CREATE TABLE IF NOT EXISTS mn_reset_tokens( id INT AUTO_INCREMENT PRIMARY KEY, user_id INT NOT NULL, token VARCHAR(100) NOT NULL UNIQUE, expires_at BIGINT NOT NULL, used TINYINT DEFAULT 0, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, FOREIGN KEY(user_id) REFERENCES mn_users(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); return $p; } // ── HELPERS ─────────────────────────────────────────────────────── function h($s) { return htmlspecialchars((string)$s, ENT_QUOTES); } function me() { return $_SESSION['u'] ?? null; } function authed() { return !empty($_SESSION['u']); } function isadmin() { return (me()['role'] ?? '') === 'admin'; } function url($q='') { $s = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; return $s . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . ($q ? '?' . $q : ''); } function tok() { if (empty($_SESSION['t'])) $_SESSION['t'] = bin2hex(random_bytes(24)); return $_SESSION['t']; } function chktok() { if (!hash_equals($_SESSION['t'] ?? '', $_POST['t'] ?? '')) { http_response_code(403); die('Invalid token'); } } function flash($t,$m){ $_SESSION['fl'] = [$t, $m]; } function popflash() { if (empty($_SESSION['fl'])) return ''; [$t, $m] = $_SESSION['fl']; unset($_SESSION['fl']); $c = $t === 'ok' ? 'background:#ecfdf5;color:#065f46;border:1px solid #6ee7b7' : 'background:#fef2f2;color:#991b1b;border:1px solid #fca5a5'; return "
" . h($m) . "
"; } function imap_ok() { return function_exists('imap_open'); } function imap_conn($email, $pass, $folder = 'INBOX') { if (!imap_ok()) return false; $enc = IMAP_ENC; return @imap_open('{' . IMAP_HOST . ':' . IMAP_PORT . '/imap/' . $enc . '/novalidate-cert}' . $folder, $email, $pass); } // ── SMTP ────────────────────────────────────────────────────────── function smtp_io($sock, $cmd = null) { if ($cmd !== null) fputs($sock, $cmd . "\r\n"); $r = ''; while ($l = fgets($sock, 512)) { $r .= $l; if (substr($l, 3, 1) === ' ') break; } return $r; } function smtp_send($host, $port, $enc, $fe, $fp, $fn, $recipients, $subj, $html, $domain) { $mid = '<' . uniqid() . '@' . $domain . '>'; $hdrs = "From: =?UTF-8?B?" . base64_encode($fn) . "?= <$fe>\r\n" . "To: " . implode(', ', $recipients) . "\r\n" . "Subject: =?UTF-8?B?" . base64_encode($subj) . "?=\r\n" . "Date: " . date('r') . "\r\nMessage-ID: $mid\r\n" . "MIME-Version: 1.0\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Transfer-Encoding: base64\r\n"; $msg = $hdrs . "\r\n" . chunk_split(base64_encode($html)); $ctx = stream_context_create(['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]); $sock = $enc === 'ssl' ? @stream_socket_client("ssl://$host:$port", $en, $es, 15, STREAM_CLIENT_CONNECT, $ctx) : @stream_socket_client("tcp://$host:$port", $en, $es, 15); if (!$sock) return ['ok' => false, 'e' => "Cannot connect to $host:$port — $es"]; smtp_io($sock); smtp_io($sock, "EHLO $domain"); if ($enc === 'tls') { smtp_io($sock, 'STARTTLS'); stream_socket_enable_crypto($sock, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); smtp_io($sock, "EHLO $domain"); } smtp_io($sock, 'AUTH LOGIN'); smtp_io($sock, base64_encode($fe)); $ar = smtp_io($sock, base64_encode($fp)); if (strpos($ar, '235') === false) { fclose($sock); return ['ok' => false, 'e' => "Auth failed: $ar"]; } smtp_io($sock, "MAIL FROM:<$fe>"); foreach ($recipients as $r) smtp_io($sock, "RCPT TO:<$r>"); smtp_io($sock, 'DATA'); fputs($sock, $msg . "\r\n.\r\n"); smtp_io($sock); smtp_io($sock, 'QUIT'); fclose($sock); return ['ok' => true]; } function send_mail($fe, $fp, $fn, $to, $subj, $html, $cc = '', $bcc = '') { $arr = array_filter(array_map('trim', [$to])); if ($cc) $arr = array_merge($arr, array_filter(array_map('trim', explode(',', $cc)))); if ($bcc) $arr = array_merge($arr, array_filter(array_map('trim', explode(',', $bcc)))); return smtp_send(SMTP_HOST, SMTP_PORT, SMTP_ENC, $fe, $fp, $fn, $arr, $subj, $html, MAIL_DOMAIN); } function sys_mail($to, $name, $subj, $body) { return smtp_send('mail.aquilainnovations.in', 465, 'ssl', 'no-reply@aquilainnovations.in', 'N!k!@!~O4M%7sz#R', 'MailNest', [$to], $subj, $body, 'aquilainnovations.in'); } // ── ACTIONS ─────────────────────────────────────────────────────── $pg = $_GET['pg'] ?? 'login'; $ax = $_POST['ax'] ?? ''; if ($ax === 'login') { chktok(); $email = trim($_POST['email'] ?? ''); $pass = $_POST['pw'] ?? ''; $u = db()->prepare("SELECT * FROM mn_users WHERE email=?"); $u->execute([$email]); $u = $u->fetch(); if ($u && password_verify($pass, $u['password'])) { $_SESSION['u'] = $u; $_SESSION['ip'] = base64_decode($u['imap_pass']); ob_end_clean(); header('Location: ' . url('pg=inbox')); exit; } flash('err', 'Wrong email or password.'); ob_end_clean(); header('Location: ' . url('pg=login')); exit; } if ($ax === 'logout') { session_destroy(); ob_end_clean(); header('Location: ' . url('pg=login')); exit; } if ($ax === 'forgot') { $email = trim($_POST['email'] ?? ''); $u = db()->prepare("SELECT * FROM mn_users WHERE email=?"); $u->execute([$email]); $u = $u->fetch(); if ($u) { db()->prepare("DELETE FROM mn_reset_tokens WHERE user_id=?")->execute([$u['id']]); $tok = bin2hex(random_bytes(24)); db()->prepare("INSERT INTO mn_reset_tokens(user_id,token,expires_at) VALUES(?,?,?)") ->execute([$u['id'], $tok, time() + 3600]); $link = url('pg=reset&token=' . $tok); sys_mail($u['email'], $u['name'], 'Reset your MailNest password', '
✉ MailNest — Password Reset

Hi ' . h($u['name']) . ',


Click the button below to reset your password. This link expires in 1 hour.


Reset Password →

Or copy: ' . h($link) . '

'); } flash('ok', 'If that email exists, a reset link has been sent.'); ob_end_clean(); header('Location: ' . url('pg=forgot')); exit; } if ($ax === 'doreset') { $tok = trim($_POST['token'] ?? ''); $np = $_POST['np'] ?? ''; $cp = $_POST['cp'] ?? ''; $r = db()->prepare("SELECT r.*,u.email FROM mn_reset_tokens r JOIN mn_users u ON u.id=r.user_id WHERE r.token=? AND r.used=0 AND r.expires_at>?"); $r->execute([$tok, time()]); $r = $r->fetch(); if (!$r) { flash('err', 'Link invalid or expired.'); ob_end_clean(); header('Location: ' . url('pg=forgot')); exit; } if (strlen($np) < 8) { flash('err', 'Min 8 chars.'); ob_end_clean(); header('Location: ' . url('pg=reset&token=' . urlencode($tok))); exit; } if ($np !== $cp) { flash('err', 'Passwords do not match.'); ob_end_clean(); header('Location: ' . url('pg=reset&token=' . urlencode($tok))); exit; } db()->prepare("UPDATE mn_users SET password=?,imap_pass=? WHERE id=?")->execute([password_hash($np, PASSWORD_BCRYPT), base64_encode($np), $r['user_id']]); db()->prepare("UPDATE mn_reset_tokens SET used=1 WHERE token=?")->execute([$tok]); flash('ok', 'Password updated. Please log in.'); ob_end_clean(); header('Location: ' . url('pg=login')); exit; } if ($ax === 'send') { if (!authed()) { ob_end_clean(); header('Location: ' . url('pg=login')); exit; } chktok(); $u = me(); $ip = $_SESSION['ip'] ?? base64_decode($u['imap_pass']); $r = send_mail($u['email'], $ip, $u['name'], trim($_POST['to'] ?? ''), trim($_POST['subj'] ?? ''), $_POST['body'] ?? '', trim($_POST['cc'] ?? ''), trim($_POST['bcc'] ?? '')); flash($r['ok'] ? 'ok' : 'err', $r['ok'] ? 'Sent!' : 'Failed: ' . ($r['e'] ?? '')); ob_end_clean(); header('Location: ' . url('pg=sent')); exit; } if ($ax === 'save_contact') { if (!authed()) { ob_end_clean(); header('Location: ' . url('pg=login')); exit; } chktok(); $u = me(); $id = intval($_POST['cid'] ?? 0); $n = trim($_POST['name'] ?? ''); $e = trim($_POST['email'] ?? ''); $ph = trim($_POST['phone'] ?? ''); $no = trim($_POST['notes'] ?? ''); if ($id) db()->prepare("UPDATE mn_contacts SET name=?,email=?,phone=?,notes=? WHERE id=? AND user_id=?")->execute([$n,$e,$ph,$no,$id,$u['id']]); else db()->prepare("INSERT INTO mn_contacts(user_id,name,email,phone,notes) VALUES(?,?,?,?,?)")->execute([$u['id'],$n,$e,$ph,$no]); flash('ok', 'Contact saved.'); ob_end_clean(); header('Location: ' . url('pg=contacts')); exit; } if ($ax === 'del_contact') { if (!authed()) { ob_end_clean(); header('Location: ' . url('pg=login')); exit; } chktok(); db()->prepare("DELETE FROM mn_contacts WHERE id=? AND user_id=?")->execute([intval($_POST['cid'] ?? 0), me()['id']]); ob_end_clean(); header('Location: ' . url('pg=contacts')); exit; } if ($ax === 'adduser') { if (!isadmin()) { ob_end_clean(); header('Location: ' . url('pg=inbox')); exit; } chktok(); $n = trim($_POST['name'] ?? ''); $e = trim($_POST['email'] ?? ''); $p = $_POST['pw'] ?? ''; $role = ($_POST['role'] ?? '') === 'admin' ? 'admin' : 'user'; $sw = !empty($_POST['sw']); if (strlen($p) < 6) { flash('err', 'Password min 6 chars.'); ob_end_clean(); header('Location: ' . url('pg=admin')); exit; } try { db()->prepare("INSERT INTO mn_users(name,email,password,role,imap_pass) VALUES(?,?,?,?,?)") ->execute([$n, $e, password_hash($p, PASSWORD_BCRYPT), $role, base64_encode($p)]); if ($sw) { $lurl = url('pg=login'); sys_mail($e, $n, 'Your MailNest account is ready', '
✉ MailNest — Account Created

Hi ' . h($n) . ',


Login URL: ' . h($lurl) . '
Email: ' . h($e) . '
Password: ' . h($p) . '
Login Now →

Please change your password after first login.

'); } flash('ok', 'User created' . ($sw ? ' — welcome email sent' : '') . '!'); } catch (Exception $ex) { flash('err', $ex->getMessage()); } ob_end_clean(); header('Location: ' . url('pg=admin')); exit; } if ($ax === 'deluser') { if (!isadmin()) { ob_end_clean(); header('Location: ' . url('pg=inbox')); exit; } chktok(); $id = intval($_POST['uid'] ?? 0); if ($id !== me()['id']) db()->prepare("DELETE FROM mn_users WHERE id=?")->execute([$id]); flash('ok', 'User deleted.'); ob_end_clean(); header('Location: ' . url('pg=admin')); exit; } if ($ax === 'resetpw') { if (!isadmin()) { ob_end_clean(); header('Location: ' . url('pg=inbox')); exit; } chktok(); $id = intval($_POST['uid'] ?? 0); $p = $_POST['pw'] ?? ''; if (strlen($p) < 6) { flash('err', 'Min 6 chars.'); ob_end_clean(); header('Location: ' . url('pg=admin')); exit; } db()->prepare("UPDATE mn_users SET password=?,imap_pass=? WHERE id=?")->execute([password_hash($p, PASSWORD_BCRYPT), base64_encode($p), $id]); flash('ok', 'Password reset.'); ob_end_clean(); header('Location: ' . url('pg=admin')); exit; } // ── PAGE GUARD ──────────────────────────────────────────────────── if (!authed() && !in_array($pg, ['login', 'forgot', 'reset'])) { ob_end_clean(); header('Location: ' . url('pg=login')); exit; } if ($pg === 'admin' && !isadmin()) { ob_end_clean(); header('Location: ' . url('pg=inbox')); exit; } // ── PAGES ───────────────────────────────────────────────────────── switch ($pg) { case 'login': pg_login(); break; case 'forgot': pg_forgot(); break; case 'reset': pg_reset(); break; case 'inbox': pg_inbox('INBOX'); break; case 'sent': pg_inbox('Sent'); break; case 'drafts': pg_inbox('Drafts'); break; case 'trash': pg_inbox('Trash'); break; case 'view': pg_view(); break; case 'compose': pg_compose(); break; case 'contacts': pg_contacts(); break; case 'admin': pg_admin(); break; default: ob_end_clean(); header('Location: ' . url('pg=login')); exit; } ob_end_flush(); exit; // ════════════════════════════════════════════════════════════════════ // SHARED LAYOUT // ════════════════════════════════════════════════════════════════════ function head($t = 'MailNest') { ?> <?=h($t)?> — MailNest
✏ Compose
Mail
📥 Inbox 📤 Sent 📝 Drafts 🗑 Trash
Manage
👤 Contacts 🛡 Admin
MAILNEST
Forgot password?
← Back to Login
prepare("SELECT r.*,u.email FROM mn_reset_tokens r JOIN mn_users u ON u.id=r.user_id WHERE r.token=? AND r.used=0 AND r.expires_at>?"); $r->execute([$tok, time()]); $row = $r->fetch(); } head('Reset Password'); auth_wrap('Set a new password.'); echo popflash(); if (!$row) { ?>
Link is invalid or expired.
Request New Link →
For:
← Back to Login
0) { $ov = imap_fetch_overview($imap, max(1, $n - 49) . ":$n", 0); foreach (array_reverse($ov) as $m) { $from = ''; if (!empty($m->from)) { if (preg_match('/^(.*?)\s*<[^>]+>$/', $m->from, $mx)) $from = trim($mx[1], ' "\''); if (!$from) $from = $m->from; if (function_exists('imap_utf8')) $from = @imap_utf8($from); } $subj = !empty($m->subject) ? (function_exists('imap_utf8') ? @imap_utf8($m->subject) : $m->subject) : '(no subject)'; $emails[] = ['uid' => $m->uid, 'from' => $from ?: 'Unknown', 'subj' => $subj, 'date' => !empty($m->date) ? date('M j', strtotime($m->date)) : '', 'unread' => !$m->seen]; } } imap_close($imap); } } $map = ['INBOX' => 'inbox', 'Sent' => 'sent', 'Drafts' => 'drafts', 'Trash' => 'trash']; $on = $map[$folder] ?? 'inbox'; $cols = ['#ff4d1a', '#3b82f6', '#059669', '#7c3aed', '#ea580c', '#0284c7']; head($folder); sidebar($on); ?>
🔍
✏ Compose
⚠️ " . h($err) . "
"; ?>
type === 1 && !empty($st->parts)) { $html = ''; $txt = ''; foreach ($st->parts as $i => $p) { $r = parse_email_body($imap, $mn, $p, $pn ? $pn . '.' . ($i + 1) : ($i + 1)); $html .= $r['html']; $txt .= $r['txt']; } return ['html' => $html, 'txt' => $txt]; } $d = $pn ? imap_fetchbody($imap, $mn, $pn) : imap_body($imap, $mn); $enc = $st->encoding ?? 0; if ($enc == 3) $d = base64_decode($d); elseif ($enc == 4) $d = quoted_printable_decode($d); $cs = 'UTF-8'; if (!empty($st->parameters)) foreach ($st->parameters as $pm) if (strtolower($pm->attribute) === 'charset') { $cs = strtoupper($pm->value); break; } if ($cs !== 'UTF-8' && $cs !== '' && function_exists('mb_convert_encoding')) $d = @mb_convert_encoding($d, 'UTF-8', $cs) ?: $d; $sub = strtolower($st->subtype ?? ''); if ($sub === 'html') { $d = preg_replace(['/]*>/i','/<\/html>/i','/]*>.*?<\/head>/is','/]*>/i','/<\/body>/i'], '', $d); return ['html' => $d, 'txt' => '']; } return ['html' => '', 'txt' => '
' . htmlspecialchars($d) . '
']; } function pg_view() { $u = me(); $ip = $_SESSION['ip'] ?? base64_decode($u['imap_pass']); $folder = $_GET['folder'] ?? 'INBOX'; $uid = intval($_GET['uid'] ?? 0); $from = $subj = $date = $body = $faddr = ''; $err = ''; if (!imap_ok()) { $err = 'PHP IMAP extension not enabled.'; } elseif (!$uid) { $err = 'No message selected.'; } else { $imap = imap_conn($u['email'], $ip, $folder); if (!$imap) { $err = 'Cannot connect to mail server.'; } else { $mn = imap_msgno($imap, $uid); if (!$mn) { $err = 'Message not found.'; } else { @imap_setflag_full($imap, (string)$uid, '\\Seen', ST_UID); $hdr = imap_headerinfo($imap, $mn); if (!empty($hdr->from[0])) { $per = $hdr->from[0]->personal ?? ''; $mb = $hdr->from[0]->mailbox ?? ''; $ho = $hdr->from[0]->host ?? ''; $from = $per ? @imap_utf8($per) : "$mb@$ho"; $faddr = "$mb@$ho"; } $subj = !empty($hdr->subject) ? @imap_utf8($hdr->subject) : '(no subject)'; $date = !empty($hdr->date) ? date('D, M j Y g:i A', strtotime($hdr->date)) : ''; $r = parse_email_body($imap, $mn, imap_fetchstructure($imap, $mn)); $body = $r['html'] ?: $r['txt']; if (trim($body) === '') { $raw = imap_body($imap, $mn); if ($hdr->encoding ?? 0 == 3) $raw = base64_decode($raw); $body = '
' . htmlspecialchars($raw) . '
'; } } imap_close($imap); } } $back = strtolower($folder) === 'inbox' ? 'inbox' : 'sent'; head($subj ?: 'Email'); sidebar($back); ?>
← Back
⚠️
<' . h($faddr) . '>'; ?>
' . '' . $body . ''; $iframe_src = htmlspecialchars($iframe_html, ENT_QUOTES); ?>
prepare("SELECT name,email FROM mn_contacts WHERE user_id=? ORDER BY name"); $cs->execute([$u['id']]); $cs = $cs->fetchAll(); head('Compose'); sidebar(); ?>
NEW MESSAGE
Cancel
prepare("SELECT * FROM mn_contacts WHERE user_id=? ORDER BY name"); $cs->execute([$u['id']]); $cs = $cs->fetchAll(); $cols = ['#ff4d1a', '#3b82f6', '#059669', '#7c3aed', '#ea580c', '#0284c7']; head('Contacts'); sidebar('contacts'); ?>
CONTACTS
👤 No contacts yet
📞
query("SELECT id,name,email,role,created_at FROM mn_users ORDER BY created_at DESC")->fetchAll(); $me = me(); $domain = defined('MAIL_DOMAIN') ? MAIL_DOMAIN : ''; head('Admin'); sidebar('admin'); ?>
ADMIN PANEL
⚠️ PHP IMAP not enabled. cPanel → Select PHP Version → Extensions → tick imap → Save.
How to add users under @:
1. Create mailbox
cPanel → Email Accounts → create the mailbox with a password.
2. Add here
Click "+ Add User" with the same email & password from cPanel.
3. User logs in
Total Users
$u['role'] === 'admin'))?>
Admins
Mail Domain
Mail Server
USERS ()
NameEmailRoleAddedActions
trim($_POST['db_host'] ?? 'localhost'), 'name' => trim($_POST['db_name'] ?? ''), 'user' => trim($_POST['db_user'] ?? ''), 'pass' => $_POST['db_pass'] ?? '', // raw from input field ]; if (!$v['name'] || !$v['user']) { $err = 'Database name and username are required.'; } else { try { $p = new PDO('mysql:host=' . $v['host'] . ';charset=utf8mb4', $v['user'], $v['pass'], [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); $s = preg_replace('/[^a-zA-Z0-9_]/', '', $v['name']); $p->exec("CREATE DATABASE IF NOT EXISTS `$s` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci"); $p->exec("USE `$s`"); $step = 2; } catch (Exception $e) { $err = 'DB Error: ' . $e->getMessage(); } } } elseif ($step === 2) { // pass comes as base64 from hidden field db_pass_enc $v = [ 'host' => trim($_POST['db_host'] ?? ''), 'name' => trim($_POST['db_name'] ?? ''), 'user' => trim($_POST['db_user'] ?? ''), 'pass' => base64_decode($_POST['db_pass_enc'] ?? ''), 'domain' => trim($_POST['mail_domain'] ?? ''), 'ihost' => trim($_POST['imap_host'] ?? ''), 'iport' => intval($_POST['imap_port'] ?? 993), 'ienc' => $_POST['imap_enc'] ?? 'ssl', 'shost' => trim($_POST['smtp_host'] ?? ''), 'sport' => intval($_POST['smtp_port'] ?? 587), 'senc' => $_POST['smtp_enc'] ?? 'tls', ]; if (!$v['domain'] || !$v['ihost'] || !$v['shost']) { $err = 'Mail domain, IMAP host and SMTP host are required.'; } else { $step = 3; } } elseif ($step === 3) { // pass comes as base64 from hidden field db_pass_enc $v = [ 'host' => trim($_POST['db_host'] ?? ''), 'name' => trim($_POST['db_name'] ?? ''), 'user' => trim($_POST['db_user'] ?? ''), 'pass' => base64_decode($_POST['db_pass_enc'] ?? ''), 'domain' => $_POST['mail_domain'] ?? '', 'ihost' => $_POST['imap_host'] ?? '', 'iport' => intval($_POST['imap_port'] ?? 993), 'ienc' => $_POST['imap_enc'] ?? 'ssl', 'shost' => $_POST['smtp_host'] ?? '', 'sport' => intval($_POST['smtp_port'] ?? 587), 'senc' => $_POST['smtp_enc'] ?? 'tls', 'aname' => trim($_POST['admin_name'] ?? ''), 'aemail' => trim($_POST['admin_email'] ?? ''), ]; $apw = $_POST['admin_pass'] ?? ''; if (!$v['aname'] || !$v['aemail']) { $err = 'Admin name and email required.'; } elseif (strlen($apw) < 8) { $err = 'Password must be at least 8 characters.'; } elseif (!$v['host'] || !$v['name'] || !$v['user']) { $err = 'Database details missing — please go back to Step 1.'; $step = 1; $v = []; } else { try { $p = new PDO('mysql:host=' . $v['host'] . ';dbname=' . $v['name'] . ';charset=utf8mb4', $v['user'], $v['pass'], [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); $p->exec("CREATE TABLE IF NOT EXISTS mn_users(id INT AUTO_INCREMENT PRIMARY KEY,name VARCHAR(100) NOT NULL,email VARCHAR(200) NOT NULL UNIQUE,password VARCHAR(255) NOT NULL,role ENUM('admin','user') DEFAULT 'user',imap_pass VARCHAR(255),created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); $p->exec("CREATE TABLE IF NOT EXISTS mn_contacts(id INT AUTO_INCREMENT PRIMARY KEY,user_id INT NOT NULL,name VARCHAR(100),email VARCHAR(200) NOT NULL,phone VARCHAR(50),notes TEXT,created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,FOREIGN KEY(user_id)REFERENCES mn_users(id)ON DELETE CASCADE)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); $p->exec("CREATE TABLE IF NOT EXISTS mn_reset_tokens(id INT AUTO_INCREMENT PRIMARY KEY,user_id INT NOT NULL,token VARCHAR(100) NOT NULL UNIQUE,expires_at BIGINT NOT NULL,used TINYINT DEFAULT 0,created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,FOREIGN KEY(user_id)REFERENCES mn_users(id)ON DELETE CASCADE)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); $ex = $p->prepare("SELECT id FROM mn_users WHERE email=?"); $ex->execute([$v['aemail']]); $hash = password_hash($apw, PASSWORD_BCRYPT); $enc = base64_encode($apw); if ($ex->fetch()) $p->prepare("UPDATE mn_users SET name=?,password=?,imap_pass=?,role='admin' WHERE email=?")->execute([$v['aname'], $hash, $enc, $v['aemail']]); else $p->prepare("INSERT INTO mn_users(name,email,password,role,imap_pass)VALUES(?,?,?,'admin',?)")->execute([$v['aname'], $v['aemail'], $hash, $enc]); $cfg = "getMessage(); } } } } $hf = function($k) use ($v) { // Map internal key to the HTML field name $names = ['host'=>'db_host','name'=>'db_name','user'=>'db_user','pass'=>'db_pass_enc']; $field = $names[$k] ?? $k; $val = $v[$k] ?? ''; if ($k === 'pass') $val = base64_encode($val); // encode password echo ''; }; $fv = function($k, $d = '') use ($v) { return htmlspecialchars($v[$k] ?? $d, ENT_QUOTES); }; $sel = function($k, $val) use ($v) { return ($v[$k] ?? '') === $val ? 'selected' : ''; }; $base = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']; $s = $step; ?> MailNest Setup
MAILNEST SETUP
v · Self-hosted webmail installer
$l): $n = $i + 1; $c = $ok && $n === 4 ? 'a' : ($ok ? 'd' : ($n === $s ? 'a' : ($n < $s ? 'd' : ''))); ?>
⚠️
🎉
SETUP COMPLETE!

Your MailNest webmail is live and ready.

✅ Database & tables ready
✅ Mail server configured
✅ Admin account created
✅ Config saved
📧 Enable IMAP: cPanel → Select PHP Version → Extensions → tick imap → Save
🔒 Tip: Bookmark — that's your webmail URL.
Open MailNest →
STEP 1 — DATABASE

Enter your MySQL credentials. The database will be created automatically.

💡 cPanel users — read this first:
cPanel prefixes all names with your account username.
Go to cPanel → MySQL Databases → create DB + user → add user to DB with ALL PRIVILEGES → enter the full prefixed names below (e.g. user_mailnest not just mailnest).
Almost always localhost
Full prefixed name
Full prefixed name
Set in cPanel MySQL Users
STEP 2 — MAIL SERVER

Same IMAP & SMTP settings you'd enter in Outlook or Thunderbird.

The domain part of your email addresses
📥 IMAP — Incoming Mail
📤 SMTP — Outgoing Mail
STEP 3 — ADMIN ACCOUNT

Create the administrator account to manage users and settings.

Must be a real mailbox on your mail server