<?php
//
// Postfix Admin
// by Mischa Peters < mischa at high5 dot net >
// Copyright (c) 2002 - 2005 High5!
// Licensed under GPL for more info check GPL-LICENSE.TXT
//
// File: functions.inc.php
//
//error_reporting (E_NOTICE | E_ERROR | E_WARNING | E_PARSE);
if (ereg ("functions.inc.php", $_SERVER['PHP_SELF']))
{
header ("Location: login.php");
exit;
}
$version = "2.1.1";
//
// check_session
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session ()
//
function check_session ()
{
global $CONF;
session_start ();
session_fixid ();
if (!session_is_registered ("sessid"))
{
header ("Location: " . $CONF['postfix_admin_url'] . "/login.php");
exit;
}
$SESSID_USERNAME = $_SESSION['sessid']['username'];
return $SESSID_USERNAME;
}
function check_user_session ()
{
global $CONF;
session_start ();
session_fixid ();
if (!session_is_registered ("userid"))
{
header ("Location: " . $CONF['postfix_admin_url'] . "/login.php");
exit;
}
$USERID_USERNAME = $_SESSION['userid']['username'];
return $USERID_USERNAME;
}
//
// session_fixid
// Action: should avoid 'session fixation'
// Call: session_fixid ()
//
function session_fixid ()
{
if (!isset($_SESSION['exist']))
{
if ( !session_regenerate_id() )
{
die("Couldn't regenerate your session id.");
}
$_SESSION['exist'] = true;
}
}
//
// check_language
// Action: checks what language the browser uses
// Call: check_language
//
function check_language ()
{
global $CONF;
$lang = $CONF['default_language'];
$supported_languages = array ('bg', 'ca', 'cn', 'cs', 'da', 'de', 'en', 'es', 'et', 'eu', 'fi', 'fo', 'fr', 'hu', 'is', 'it', 'mk', 'nl', 'nn', 'pl', 'pt-br', 'ru', 'sl', 'sv', 'tr', 'tw');
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
{
$lang_array = preg_split ('/(\s*,\s*)/', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
for($i = 0; $i < count ( $ lang_array ) ; $ i + + )
{
$lang_next = $lang_array[$i];
$lang_next = strtolower(substr(trim($lang_next), 0, 2));
if(in_array($lang_next, $supported_languages))
{
$lang = $lang_next;
break;
}
}
}
return $lang;
}
//
// check_string
// Action: checks if a string is valid and returns TRUE if this is the case.
// Call: check_string (string var)
//
function check_string ($var)
{
if (preg_match ('/^([A-Za-z0-9 ]+)+$/', $var))
{
return true;
}
else
{
return false;
}
}
//
// check_domain
// Action: Checks if domain is valid and returns TRUE if this is the case.
// Call: check_domain (string domain)
//
// TODO: make check_domain able to handle as example .local domains
function check_domain ($domain)
{
if (preg_match ('/([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,4}$/i', trim ($domain)))
{
return true;
}
else
{
return false;
}
}
//
// check_email
// Action: Checks if email is valid and returns TRUE if this is the case.
// Call: check_email (string email)
//
// TODO: make check_email able to handle already added domains
function check_email ($email)
{
global $CONF;
$ce_email=$email;
//strip the vacation domain out if we are using it
if ($CONF['vacation'] == 'YES')
{
$vacation_domain = $CONF['vacation_domain'];
$ce_email = preg_replace("/@$vacation_domain/", '', $ce_email);
}
if (
isset($CONF['emailcheck_resolve_domain'])
& & 'YES'==$CONF['emailcheck_resolve_domain']
& & 'WINDOWS'!=(strtoupper(substr(php_uname('s'), 0, 7)))
) {
// Perform non-domain-part sanity checks
if (!preg_match ('/^[-!#$%& \'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '[^@]+$/i', trim ($ce_email)))
{
return false;
}
// Determine domain name
$matches=array();
if (!preg_match('|@(.+)$|',$ce_email,$matches))
{
return false;
}
$domain=$matches[1];
// Look for an AAAA, A, or MX record for the domain
// AAAA (IPv6) is only available in PHP v. >= 5
if (version_compare(phpversion(), "5.0.0", ">="))
{
if (checkdnsrr($domain,'AAAA')) return true;
}
if (checkdnsrr($domain,'A')) return true;
if (checkdnsrr($domain,'MX')) return true;
return false;
}
if (preg_match ('/^[-!#$%& \'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', trim ($ce_email)))
{
return true;
}
else
{
return false;
}
}
//
// escape_string
// Action: Escape a string
// Call: escape_string (string string)
//
(ini_get('magic_quotes_gpc') ? ini_set('magic_quotes_runtime', '0') : '1');
(ini_get('magic_quotes_gpc') ? ini_set('magic_quotes_sybase', '0') : '1');
function escape_string ($string)
{
global $CONF;
if (get_magic_quotes_gpc ())
{
$string = stripslashes($string);
}
if (!is_numeric($string))
{
$link = db_connect();
if ($CONF['database_type'] == "mysql")
{
$escaped_string = mysql_real_escape_string($string, $link);
}
if ($CONF['database_type'] == "mysqli")
{
$escaped_string = mysqli_real_escape_string($link, $string);
}
if ($CONF['database_type'] == "pgsql")
{
// php 5.2+ allows for $link to be specified.
if (version_compare(phpversion(), "5.2.0", ">="))
{
$escaped_string = pg_escape_string($link, $string);
}
else
{
$escaped_string = pg_escape_string($string);
}
}
}
else
{
$escaped_string = $string;
}
return $escaped_string;
}
//
// get_domain_properties
// Action: Get all the properties of a domain.
// Call: get_domain_properties (string domain)
//
function get_domain_properties ($domain)
{
global $CONF;
global $table_alias, $table_mailbox, $table_domain;
$list = array ();
$result = db_query ("SELECT COUNT(*) FROM $table_alias WHERE domain='$domain'");
$row = db_row ($result['result']);
$list['alias_count'] = $row[0];
$result = db_query ("SELECT COUNT(*) FROM $table_mailbox WHERE domain='$domain'");
$row = db_row ($result['result']);
$list['mailbox_count'] = $row[0];
$result = db_query ("SELECT SUM(quota) FROM $table_mailbox WHERE domain='$domain'");
$row = db_row ($result['result']);
$list['quota_sum'] = $row[0];
$list['alias_count'] = $list['alias_count'] - $list['mailbox_count'];
$list['alias_pgindex']=array ();
$list['mbox_pgindex']=array ();
$list['mbox_pgindex_count'] = 0;
//while loop to figure index names. use page_size and loop of queries
$i=0;
$current=0;
$page_size = $CONF['page_size'];
$tmpstr="";
$idxlabel="";
$list['alias_pgindex_count'] = 0;
if ( $list['alias_count'] > $page_size )
{
while ( $current < $list['alias_count'] )
{
$limitSql=('pgsql'==$CONF['database_type']) ? "1 OFFSET $current" : "$current, 1";
$query = "SELECT $table_alias.address FROM $table_alias LEFT JOIN $table_mailbox ON $table_alias.address=$table_mailbox.username WHERE $table_alias.domain='$domain' AND $table_mailbox.maildir IS NULL ORDER BY $table_alias.address LIMIT $limitSql";
$result = db_query ("$query");
$row = db_array ($result['result']);
$tmpstr = $row['address'];
//get first 2 chars
$idxlabel = $tmpstr[0] . $tmpstr[1] . "-";
($current + $page_size - 1 < = $list['alias_count']) ? $current = $current + $page_size - 1 : $current = $list['alias_count'] - 1;
$limitSql=('pgsql'==$CONF['database_type']) ? "1 OFFSET $current" : "$current, 1";
$query = "SELECT $table_alias.address FROM $table_alias LEFT JOIN $table_mailbox ON $table_alias.address=$table_mailbox.username WHERE $table_alias.domain='$domain' AND $table_mailbox.maildir IS NULL ORDER BY $table_alias.address LIMIT $limitSql";
$result = db_query ("$query");
$row = db_array ($result['result']);
$tmpstr = $row['address'];
$idxlabel = $idxlabel . $tmpstr[0] . $tmpstr[1];
$current = $current + 1;
$list['alias_pgindex'][]=$idxlabel;
$i++;
}
$list['alias_pgindex_count']=$i;
}
$i=0;
$current=0;
$page_size = $CONF['page_size'];
$tmpstr="";
$idxlabel="";
if ( $list['mailbox_count'] > $page_size )
{
while ( $current < $list['mailbox_count'] )
{
$limitSql=('pgsql'==$CONF['database_type']) ? "1 OFFSET $current" : "$current, 1";
$query = "SELECT $table_mailbox.username FROM $table_mailbox WHERE $table_mailbox.domain='$domain' ORDER BY $table_mailbox.username LIMIT $limitSql";
$result = db_query ("$query");
$row = db_array ($result['result']);
$tmpstr = $row['username'];
//get first 2 chars
$idxlabel = $tmpstr[0] . $tmpstr[1] . "-";
($current + $page_size - 1 < = $list['mailbox_count']) ? $current = $current + $page_size - 1 : $current = $list['mailbox_count'] - 1;
$limitSql=('pgsql'==$CONF['database_type']) ? "1 OFFSET $current" : "$current, 1";
$query = "SELECT $table_mailbox.username FROM $table_mailbox WHERE $table_mailbox.domain='$domain' ORDER BY $table_mailbox.username LIMIT $limitSql";
$result = db_query ("$query");
$row = db_array ($result['result']);
$tmpstr = $row['username'];
$idxlabel = $idxlabel . $tmpstr[0] . $tmpstr[1];
$current = $current + 1;
$list['mbox_pgindex'][]=$idxlabel;
$i++;
}
$list['mbox_pgindex_count']=$i;
}
// end mod
$query="SELECT * FROM $table_domain WHERE domain='$domain'";
if ('pgsql'==$CONF['database_type'])
{
$query=" SELECT *, EXTRACT(epoch FROM created) AS uts_created, EXTRACT(epoch FROM modified) AS uts_modified FROM $table_domain WHERE domain='$domain' ";
}
$result = db_query ($query);
$row = db_array ($result['result']);
$list['description'] = $row['description'];
$list['aliases'] = $row['aliases'];
$list['mailboxes'] = $row['mailboxes'];
$list['maxquota'] = $row['maxquota'];
$list['quota'] = $row['quota'];
$list['transport'] = $row['transport'];
$list['backupmx'] = $row['backupmx'];
$list['created'] = $row['created'];
$list['modified'] = $row['modified'];
$list['active'] = $row['active'];
if ($CONF['database_type'] == "pgsql")
{
$list['active']=('t'==$row['active']) ? 1 : 0;
$list['backupmx']=('t'==$row['backupmx']) ? 1 : 0;
$list['created']= gmstrftime('%c %Z',$row['uts_created']);
$list['modified']= gmstrftime('%c %Z',$row['uts_modified']);
}
else
{
$list['active'] = $row['active'];
$list['backupmx'] = $row['backupmx'];
}
return $list;
}
//
// get_mailbox_properties
// Action: Get all the properties of a mailbox.
// Call: get_mailbox_properties (string mailbox)
//
function get_mailbox_properties ($username)
{
global $CONF;
global $table_mailbox;
$query="SELECT * FROM $table_mailbox WHERE username='$username'";
if ('pgsql'==$CONF['database_type'])
{
$query="
SELECT
*,
EXTRACT(epoch FROM created) AS uts_created,
EXTRACT(epoch FROM modified) AS uts_modified
FROM $table_mailbox
WHERE username='$username'
";
}
$result = db_query ($query);
$row = db_array ($result['result']);
$list['name'] = $row['name'];
$list['maildir'] = $row['maildir'];
$list['quota'] = $row['quota'];
$list['domain'] = $row['domain'];
$list['created'] = $row['created'];
$list['modified'] = $row['modified'];
$list['active'] = $row['active'];
if ($CONF['database_type'] == "pgsql")
{
$list['active']=('t'==$row['active']) ? 1 : 0;
$list['created']= gmstrftime('%c %Z',$row['uts_created']);
$list['modified']= gmstrftime('%c %Z',$row['uts_modified']);
}
else
{
$list['active'] = $row['active'];
}
return $list;
}
//
// check_alias
// Action: Checks if the domain is still able to create aliases.
// Call: check_alias (string domain)
//
function check_alias ($domain)
{
$limit = get_domain_properties ($domain);
if ($limit['aliases'] == 0)
{
return true;
}
if ($limit['aliases'] < 0 )
{
return false;
}
if ($limit['alias_count'] >= $limit['aliases'])
{
return false;
}
else
{
return true;
}
}
//
// check_mailbox
// Action: Checks if the domain is still able to create mailboxes.
// Call: check_mailbox (string domain)
//
function check_mailbox ($domain)
{
$limit = get_domain_properties ($domain);
if ($limit['mailboxes'] == 0)
{
return true;
}
if ($limit['mailboxes'] < 0 )
{
return false;
}
if ($limit['mailbox_count'] >= $limit['mailboxes'])
{
return false;
}
else
{
return true;
}
}
//
// check_quota
// Action: Checks if the user is creating a mailbox with the correct quota
// Call: check_quota (string domain)
//
function check_quota ($quota, $domain)
{
$limit = get_domain_properties ($domain);
if ($limit['maxquota'] == 0)
{
return true;
}
if (($limit['maxquota'] < 0 ) and ( $ quota < 0 ) )
{
return true;
}
if (($limit['maxquota'] > 0) and ($quota == 0))
{
return false;
}
if ($quota > $limit['maxquota'])
{
return false;
}
else
{
return true;
}
}
//
// multiply_quota
// Action: Recalculates the quota from bytes to MBs (multiply, *)
// Call: multiply_quota (string $quota)
//
function multiply_quota ($quota)
{
global $CONF;
if ($quota == -1) return $quota;
$value = $quota * $CONF['quota_multiplier'];
return $value;
}
//
// divide_quota
// Action: Recalculates the quota from MBs to bytes (divide, /)
// Call: divide_quota (string $quota)
//
function divide_quota ($quota)
{
global $CONF;
if ($quota == -1) return $quota;
$value = $quota / $CONF['quota_multiplier'];
return $value;
}
//
// check_owner
// Action: Checks if the admin is the owner of the domain.
// Call: check_owner (string admin, string domain)
//
function check_owner ($username, $domain)
{
global $table_domain_admins;
$result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND (domain='$domain' OR domain='ALL') AND active='1'");
if ($result['rows'] != 1)
{
return false;
}
else
{
return true;
}
}
//
// check_alias_owner
// Action: Checks if the admin is the owner of the alias.
// Call: check_alias_owner (string admin, string alias)
//
function check_alias_owner ($username, $alias)
{
global $CONF;
if (check_admin ($username)) return true;
$tmp = preg_split('/\@/', $alias);
if (($CONF['special_alias_control'] == 'NO') & & array_key_exists($tmp[0], $CONF['default_aliases']))
{
return false;
}
else
{
return true;
}
}
//
// list_domains_for_admin
// Action: Lists all the domains for an admin.
// Call: list_domains_for_admin (string admin)
//
function list_domains_for_admin ($username)
{
global $CONF;
global $table_domain, $table_domain_admins;
$list = array ();
$query = "SELECT $table_domain.domain FROM $table_domain LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain WHERE $table_domain_admins.username='$username' AND $table_domain.active='1' AND $table_domain.backupmx='0' ORDER BY $table_domain_admins.domain";
if ('pgsql'==$CONF['database_type'])
{
$query = "SELECT $table_domain.domain FROM $table_domain LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain WHERE $table_domain_admins.username='$username' AND $table_domain.active=true AND $table_domain.backupmx=false ORDER BY $table_domain_admins.domain";
}
$result = db_query ($query);
if ($result['rows'] > 0)
{
$i = 0;
while ($row = db_array ($result['result']))
{
$list[$i] = $row['domain'];
$i++;
}
}
return $list;
}
//
// list_domains
// Action: List all available domains.
// Call: list_domains ()
//
function list_domains ()
{
global $table_domain;
$list = array();
$result = db_query ("SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain");
if ($result['rows'] > 0)
{
$i = 0;
while ($row = db_array ($result['result']))
{
$list[$i] = $row['domain'];
$i++;
}
}
return $list;
}
//
// check_admin
// Action: Checks if the admin is super-admin.
// Call: check_admin (string admin)
//
function check_admin ($username)
{
global $table_domain_admins;
$result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND domain='ALL' AND active='1'");
if ($result['rows'] != 1)
{
return false;
}
else
{
return true;
}
}
//
// admin_exist
// Action: Checks if the admin already exists.
// Call: admin_exist (string admin)
//
// was check_admin
//
function admin_exist ($username)
{
global $table_admin;
$result = db_query ("SELECT 1 FROM $table_admin WHERE username='$username'");
if ($result['rows'] != 1)
{
return false;
}
else
{
return true;
}
}
//
// domain_exist
// Action: Checks if the domain already exists.
// Call: domain_exist (string domain)
//
function domain_exist ($domain)
{
global $table_domain;
$result = db_query ("SELECT 1 FROM $table_domain WHERE domain='$domain'");
if ($result['rows'] != 1)
{
return false;
}
else
{
return true;
}
}
//
// list_admins
// Action: Lists all the admins
// Call: list_admins ()
//
// was admin_list_admins
//
function list_admins ()
{
global $table_admin;
$list = "";
$result = db_query ("SELECT username FROM $table_admin ORDER BY username");
if ($result['rows'] > 0)
{
$i = 0;
while ($row = db_array ($result['result']))
{
$list[$i] = $row['username'];
$i++;
}
}
return $list;
}
//
// get_admin_properties
// Action: Get all the admin properties.
// Call: get_admin_properties (string admin)
//
function get_admin_properties ($username)
{
global $CONF;
global $table_admin, $table_domain_admins;
$list = array ();
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$username' AND domain='ALL'");
if ($result['rows'] == 1)
{
$list['domain_count'] = 'ALL';
}
else
{
$result = db_query ("SELECT COUNT(*) FROM $table_domain_admins WHERE username='$username'");
$row = db_row ($result['result']);
$list['domain_count'] = $row[0];
}
$query = "SELECT * FROM $table_admin WHERE username='$username'";
if ('pgsql'==$CONF['database_type']) {
$query="
SELECT
*,
EXTRACT(epoch FROM created) AS uts_created,
EXTRACT (epoch FROM modified) AS uts_modified
FROM $table_admin
WHERE username='$username'
";
}
$result = db_query ($query);
$row = db_array ($result['result']);
$list['created'] = $row['created'];
$list['modified'] = $row['modified'];
$list['active'] = $row['active'];
if ('pgsql'==$CONF['database_type']) {
$list['active'] = ('t'==$row['active']) ? 1 : 0;
$list['created']= gmstrftime('%c %Z',$row['uts_created']);
$list['modified']= gmstrftime('%c %Z',$row['uts_modified']);
}
return $list;
}
//
// encode_header
// Action: Encode a string according to RFC 1522 for use in headers if it contains 8-bit characters.
// Call: encode_header (string header, string charset)
//
function encode_header ($string, $default_charset)
{
if (strtolower ($default_charset) == 'iso-8859-1')
{
$string = str_replace ("\240",' ',$string);
}
$j = strlen ($string);
$max_l = 75 - strlen ($default_charset) - 7;
$aRet = array ();
$ret = '';
$iEncStart = $enc_init = false;
$cur_l = $iOffset = 0;
for ($i = 0; $i < $j; ++$i)
{
switch ($string{$i})
{
case '=':
case '< ':
case '>':
case ',':
case '?':
case '_':
if ($iEncStart === false)
{
$iEncStart = $i;
}
$cur_l+=3;
if ($cur_l > ($max_l-2))
{
$aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset);
$aRet[] = "=?$default_charset?Q?$ret?=";
$iOffset = $i;
$cur_l = 0;
$ret = '';
$iEncStart = false;
}
else
{
$ret .= sprintf ("=%02X",ord($string{$i}));
}
break;
case '(':
case ')':
if ($iEncStart !== false)
{
$aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset);
$aRet[] = "=?$default_charset?Q?$ret?=";
$iOffset = $i;
$cur_l = 0;
$ret = '';
$iEncStart = false;
}
break;
case ' ':
if ($iEncStart !== false)
{
$cur_l++;
if ($cur_l > $max_l)
{
$aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset);
$aRet[] = "=?$default_charset?Q?$ret?=";
$iOffset = $i;
$cur_l = 0;
$ret = '';
$iEncStart = false;
}
else
{
$ret .= '_';
}
}
break;
default:
$k = ord ($string{$i});
if ($k > 126)
{
if ($iEncStart === false)
{
// do not start encoding in the middle of a string, also take the rest of the word.
$sLeadString = substr ($string,0,$i);
$aLeadString = explode (' ',$sLeadString);
$sToBeEncoded = array_pop ($aLeadString);
$iEncStart = $i - strlen ($sToBeEncoded);
$ret .= $sToBeEncoded;
$cur_l += strlen ($sToBeEncoded);
}
$cur_l += 3;
// first we add the encoded string that reached it's max size
if ($cur_l > ($max_l-2))
{
$aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset);
$aRet[] = "=?$default_charset?Q?$ret?= ";
$cur_l = 3;
$ret = '';
$iOffset = $i;
$iEncStart = $i;
}
$enc_init = true;
$ret .= sprintf ("=%02X", $k);
}
else
{
if ($iEncStart !== false)
{
$cur_l++;
if ($cur_l > $max_l)
{
$aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset);
$aRet[] = "=?$default_charset?Q?$ret?=";
$iEncStart = false;
$iOffset = $i;
$cur_l = 0;
$ret = '';
}
else
{
$ret .= $string{$i};
}
}
}
break;
}
}
if ($enc_init)
{
if ($iEncStart !== false)
{
$aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset);
$aRet[] = "=?$default_charset?Q?$ret?=";
}
else
{
$aRet[] = substr ($string,$iOffset);
}
$string = implode ('',$aRet);
}
return $string;
}
//
// generate_password
// Action: Generates a random password
// Call: generate_password ()
//
function generate_password ()
{
$password = substr (md5 (mt_rand ()), 0, 8);
return $password;
}
//
// pacrypt
// Action: Encrypts password based on config settings
// Call: pacrypt (string cleartextpassword)
//
function pacrypt ($pw, $pw_db="")
{
global $CONF;
$pw = stripslashes($pw);
$password = "";
$salt = "";
if ($CONF['encrypt'] == 'md5crypt') {
$split_salt = preg_split ('/\$/', $pw_db);
if (isset ($split_salt[2])) {
$salt = $split_salt[2];
}
$password = md5crypt ($pw, $salt);
}
if($CONF['encrypt'] == 'md5') {
$password = md5($pw);
}
if ($CONF['encrypt'] == 'system') {
if (ereg ("\$1\$", $pw_db)) {
$split_salt = preg_split ('/\$/', $pw_db);
$salt = $split_salt[2];
}
else {
if (strlen($pw_db) == 0) {
$salt = substr (md5 (mt_rand ()), 0, 2);
}
else {
$salt = substr ($pw_db, 0, 2);
}
}
$password = crypt ($pw, $salt);
}
if ($CONF['encrypt'] == 'cleartext') {
$password = $pw;
}
$password = escape_string ($password);
return $password;
}
//
// md5crypt
// Action: Creates MD5 encrypted password
// Call: md5crypt (string cleartextpassword)
//
$MAGIC = "$1$";
$ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
function md5crypt ($pw, $salt="", $magic="")
{
global $MAGIC;
if ($magic == "") $magic = $MAGIC;
if ($salt == "") $salt = create_salt ();
$slist = explode ("$", $salt);
if ($slist[0] == "1") $salt = $slist[1];
$salt = substr ($salt, 0, 8);
$ctx = $pw . $magic . $salt;
$final = hex2bin (md5 ($pw . $salt . $pw));
for ($i=strlen ($pw); $i>0; $i-=16)
{
if ($i > 16)
{
$ctx .= substr ($final,0,16);
}
else
{
$ctx .= substr ($final,0,$i);
}
}
$i = strlen ($pw);
while ($i > 0)
{
if ($i & 1) $ctx .= chr (0);
else $ctx .= $pw[0];
$i = $i >> 1;
}
$final = hex2bin (md5 ($ctx));
for ($i=0;$i< 1000 ; $ i + + )
{
$ctx1 = "";
if ($i & 1)
{
$ctx1 .= $pw;
}
else
{
$ctx1 .= substr ($final,0,16);
}
if ($i % 3) $ctx1 .= $salt;
if ($i % 7) $ctx1 .= $pw;
if ($i & 1)
{
$ctx1 .= substr ($final,0,16);
}
else
{
$ctx1 .= $pw;
}
$final = hex2bin (md5 ($ctx1));
}
$passwd = "";
$passwd .= to64 (((ord ($final[0]) < < 16 ) | ( ord ( $ final [ 6 ] ) < < 8 ) | ( ord ( $ final [ 12 ] ) ) ) , 4 ) ;
$passwd .= to64 (((ord ($final[1]) < < 16 ) | ( ord ( $ final [ 7 ] ) < < 8 ) | ( ord ( $ final [ 13 ] ) ) ) , 4 ) ;
$passwd .= to64 (((ord ($final[2]) < < 16 ) | ( ord ( $ final [ 8 ] ) < < 8 ) | ( ord ( $ final [ 14 ] ) ) ) , 4 ) ;
$passwd .= to64 (((ord ($final[3]) < < 16 ) | ( ord ( $ final [ 9 ] ) < < 8 ) | ( ord ( $ final [ 15 ] ) ) ) , 4 ) ;
$passwd .= to64 (((ord ($final[4]) < < 16 ) | ( ord ( $ final [ 10 ] ) < < 8 ) | ( ord ( $ final [ 5 ] ) ) ) , 4 ) ;
$passwd .= to64 (ord ($final[11]), 2);
return "$magic$salt\$$passwd";
}
function create_salt ()
{
srand ((double) microtime ()*1000000);
$salt = substr (md5 (rand (0,9999999)), 0, 8);
return $salt;
}
function hex2bin ($str)
{
$len = strlen ($str);
$nstr = "";
for ($i=0;$i< $len;$i+=2)
{
$num = sscanf (substr ($str,$i,2), "%x");
$nstr.=chr ($num[0]);
}
return $nstr;
}
function to64 ($v, $n)
{
global $ITOA64;
$ret = "";
while (($n - 1) >= 0)
{
$n--;
$ret .= $ITOA64[$v & 0x3f];
$v = $v >> 6;
}
return $ret;
}
//
// smtp_mail
// Action: Sends email to new account.
// Call: smtp_mail (string To, string From, string Data)
//
function smtp_mail ($to, $from, $data)
{
global $CONF;
$smtpd_server = $CONF['smtp_server'];
$smtpd_port = $CONF['smtp_port'];
$smtp_server = $_SERVER["SERVER_NAME"];
$errno = "0";
$errstr = "0";
$timeout = "30";
$fh = @fsockopen ($smtpd_server, $smtpd_port, $errno, $errstr, $timeout);
if (!$fh)
{
return false;
}
else
{
fputs ($fh, "EHLO $smtp_server\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "MAIL FROM:< $from>\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "RCPT TO:< $to>\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "DATA\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "$data\r\n.\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "QUIT\r\n");
$res = smtp_get_response($fh);
fclose ($fh);
}
return true;
}
//
// smtp_get_response
// Action: Get response from mail server
// Call: smtp_get_response (string FileHandle)
//
function smtp_get_response ($fh)
{
$res ='';
do
{
$line = fgets($fh, 256);
$res .= $line;
}
while (preg_match("/^\d\d\d\-/", $line));
return $res;
}
$DEBUG_TEXT = "\n
< p / > \n
Please check the documentation and website for more information.\n
< p / > \n
< a href = \"http://high5.net/postfixadmin/\" > Postfix Admin< / a > < br / > \n
< a href = \"http://forums.high5.net/index.php?showforum=7\" > Knowledge Base< / a > \n
";
//
// db_connect
// Action: Makes a connection to the database if it doesn't exist
// Call: db_connect ()
//
function db_connect ()
{
global $CONF;
global $DEBUG_TEXT;
if ($CONF['database_type'] == "mysql")
{
if (function_exists ("mysql_connect"))
{
$link = @mysql_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die ("< p / > DEBUG INFORMATION:< br / > Connect: " . mysql_error () . "$DEBUG_TEXT");
@mysql_query("SET CHARACTER SET utf8",$link);
@mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'",$link);
$succes = @mysql_select_db ($CONF['database_name'], $link) or die ("< p / > DEBUG INFORMATION:< br / > MySQL Select Database: " . mysql_error () . "$DEBUG_TEXT");
}
else
{
print "< p / > DEBUG INFORMATION:< br / > MySQL 3.x / 4.0 functions not available!< br / > database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT";
die();
}
}
if ($CONF['database_type'] == "mysqli")
{
if (function_exists ("mysqli_connect"))
{
$link = @mysqli_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die ("< p / > DEBUG INFORMATION:< br / > Connect: " . mysqli_connect_error () . "$DEBUG_TEXT");
@mysqli_query($link,"SET CHARACTER SET utf8");
@mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'");
$succes = @mysqli_select_db ($link, $CONF['database_name']) or die ("< p / > DEBUG INFORMATION:< br / > MySQLi Select Database: " . mysqli_error () . "$DEBUG_TEXT");
}
else
{
print "< p / > DEBUG INFORMATION:< br / > MySQL 4.1 functions not available!< br / > database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT";
die();
}
}
if ($CONF['database_type'] == "pgsql")
{
if (function_exists ("pg_pconnect"))
{
$connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password'];
$link = @pg_pconnect ($connect_string) or die ("< p / > DEBUG INFORMATION:< br / > Connect: " . pg_last_error () . "$DEBUG_TEXT");
pg_set_client_encoding($link, UNICODE);
}
else
{
print "< p / > DEBUG INFORMATION:< br / > PostgreSQL functions not available!< br / > database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT";
die();
}
}
if ($link)
{
return $link;
}
else
{
print "DEBUG INFORMATION:< br / > \n";
print "Connect: Unable to connect to database< br / > \n";
print "< br / > \n";
print "Make sure that you have set the correct database type in the config.inc.php file< br / > \n";
print $DEBUG_TEXT;
die();
}
}
//
// db_query
// Action: Sends a query to the database and returns query result and number of rows
// Call: db_query (string query)
//
function db_query ($query)
{
global $CONF;
global $DEBUG_TEXT;
$result = "";
$number_rows = "";
static $link;
if (!is_resource($link)) $link = db_connect ();
if ($CONF['database_type'] == "mysql")
{
$result = @mysql_query ($query, $link) or die ("< p / > DEBUG INFORMATION:< br / > Invalid query: " . mysql_error() . "$DEBUG_TEXT");
}
if ($CONF['database_type'] == "mysqli")
{
$result = @mysqli_query ($link, $query) or die ("< p / > DEBUG INFORMATION:< br / > Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
}
if ($CONF['database_type'] == "pgsql")
{
$result = @pg_query ($link, $query) or die ("< p / > DEBUG INFORMATION:< br / > Invalid query: " . pg_last_error() . "$DEBUG_TEXT");
}
if (eregi ("^SELECT", $query))
{
// if $query was a SELECT statement check the number of rows with [database_type]_num_rows ().
if ($CONF['database_type'] == "mysql") $number_rows = mysql_num_rows ($result);
if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_num_rows ($result);
if ($CONF['database_type'] == "pgsql") $number_rows = pg_num_rows ($result);
}
else
{
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
// [database_type]_affected_rows ().
if ($CONF['database_type'] == "mysql") $number_rows = mysql_affected_rows ($link);
if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_affected_rows ($link);
if ($CONF['database_type'] == "pgsql") $number_rows = pg_affected_rows ($result);
}
$return = array (
"result" => $result,
"rows" => $number_rows
);
return $return;
}
// db_row
// Action: Returns a row from a table
// Call: db_row (int result)
//
function db_row ($result)
{
global $CONF;
$row = "";
if ($CONF['database_type'] == "mysql") $row = mysql_fetch_row ($result);
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_row ($result);
if ($CONF['database_type'] == "pgsql") $row = pg_fetch_row ($result);
return $row;
}
// db_array
// Action: Returns a row from a table
// Call: db_array (int result)
//
function db_array ($result)
{
global $CONF;
$row = "";
if ($CONF['database_type'] == "mysql") $row = mysql_fetch_array ($result);
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_array ($result);
if ($CONF['database_type'] == "pgsql") $row = pg_fetch_array ($result);
return $row;
}
// db_assoc
// Action: Returns a row from a table
// Call: db_assoc(int result)
//
function db_assoc ($result)
{
global $CONF;
$row = "";
if ($CONF['database_type'] == "mysql") $row = mysql_fetch_assoc ($result);
if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_assoc ($result);
if ($CONF['database_type'] == "pgsql") $row = pg_fetch_assoc ($result);
return $row;
}
//
// db_delete
// Action: Deletes a row from a specified table
// Call: db_delete (string table, string where, string delete)
//
function db_delete ($table,$where,$delete)
{
$result = db_query ("DELETE FROM $table WHERE $where='$delete'");
if ($result['rows'] >= 1)
{
return $result['rows'];
}
else
{
return true;
}
}
//
// db_log
// Action: Logs actions from admin
// Call: db_log (string username, string domain, string action, string data)
//
function db_log ($username,$domain,$action,$data)
{
global $CONF;
global $table_log;
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if ($CONF['logging'] == 'YES')
{
$result = db_query ("INSERT INTO $table_log (timestamp,username,domain,action,data) VALUES (NOW(),'$username ($REMOTE_ADDR)','$domain','$action','$data')");
if ($result['rows'] != 1)
{
return false;
}
else
{
return true;
}
}
}
//
// table_by_key
// Action: Return table name for given key
// Call: table_by_key (string table_key)
//
function table_by_key ($table_key)
{
global $CONF;
$table = $CONF['database_prefix'].$CONF['database_tables'][$table_key];
return $table;
}
//
// table_by_pos
// Action: Return table name for given position
// Call: table_by_pos (int pos)
//
function table_by_pos ($pos)
{
global $CONF;
$x=0;
foreach($CONF['database_tables'] as $i=>$v)
{
if($pos==$x++) return table_by_key ($i);
}
return false;
}
/*
Called after a mailbox has been created in the DBMS.
Returns: boolean.
*/
function mailbox_postcreation($username,$domain,$maildir)
{
if (empty($username) || empty($domain) || empty($maildir))
{
trigger_error('In '.__FUNCTION__.': empty username, domain and/or maildir parameter',E_USER_ERROR);
return FALSE;
}
global $CONF;
$confpar='mailbox_postcreation_script';
if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) return TRUE;
$cmdarg1=escapeshellarg($username);
$cmdarg2=escapeshellarg($domain);
$cmdarg3=escapeshellarg($maildir);
$command=$CONF[$confpar]." $cmdarg1 $cmdarg2 $cmdarg3";
$retval=0;
$output=array();
$firstline='';
$firstline=exec($command,$output,$retval);
if (0!=$retval)
{
error_log("Running $command yielded return value=$retval, first line of output=$firstline");
print '< p > WARNING: Problems running mailbox postcreation script!< / p > ';
return FALSE;
}
return TRUE;
}
/*
Called after a mailbox has been deleted in the DBMS.
Returns: boolean.
*/
function mailbox_postdeletion($username,$domain)
{
global $CONF;
$confpar='mailbox_postdeletion_script';
if (!isset($CONF[$confpar]) || empty($CONF[$confpar]))
{
return true;
}
if (empty($username) || empty($domain))
{
print '< p > Warning: empty username and/or domain parameter.< / p > ';
return false;
}
$cmdarg1=escapeshellarg($username);
$cmdarg2=escapeshellarg($domain);
$command=$CONF[$confpar]." $cmdarg1 $cmdarg2";
$retval=0;
$output=array();
$firstline='';
$firstline=exec($command,$output,$retval);
if (0!=$retval)
{
error_log("Running $command yielded return value=$retval, first line of output=$firstline");
print '< p > WARNING: Problems running mailbox postdeletion script!< / p > ';
return FALSE;
}
return TRUE;
}
/*
Called after a domain has been deleted in the DBMS.
Returns: boolean.
*/
function domain_postdeletion($domain)
{
global $CONF;
$confpar='domain_postdeletion_script';
if (!isset($CONF[$confpar]) || empty($CONF[$confpar]))
{
return true;
}
if (empty($domain))
{
print '< p > Warning: empty domain parameter.< / p > ';
return false;
}
$cmdarg1=escapeshellarg($domain);
$command=$CONF[$confpar]." $cmdarg1";
$retval=0;
$output=array();
$firstline='';
$firstline=exec($command,$output,$retval);
if (0!=$retval)
{
error_log("Running $command yielded return value=$retval, first line of output=$firstline");
print '< p > WARNING: Problems running domain postdeletion script!< / p > ';
return FALSE;
}
return TRUE;
}
/*
Called by mailbox_postcreation() after a mailbox has been
created. Immediately returns, unless configuration indicates
that one or more sub-folders should be created.
Triggers E_USER_ERROR if configuration error is detected.
If IMAP login fails, the problem is logged to the system log
(such as /var/log/httpd/error_log), and the function returns
FALSE.
Returns FALSE on all other errors, or TRUE if everything
succeeds.
Doesn't clean up, if only some of the folders could be
created.
*/
function create_mailbox_subfolders($login,$cleartext_password)
{
global $CONF;
if (empty($login))
{
trigger_error('In '.__FUNCTION__.': empty $login',E_USER_ERROR);
return FALSE;
}
if (!isset($CONF['create_mailbox_subdirs']) || empty($CONF['create_mailbox_subdirs'])) return TRUE;
if (!is_array($CONF['create_mailbox_subdirs']))
{
trigger_error('create_mailbox_subdirs must be an array',E_USER_ERROR);
return FALSE;
}
if (!isset($CONF['create_mailbox_subdirs_host']) || empty($CONF['create_mailbox_subdirs_host']))
{
trigger_error('An IMAP/POP server host ($CONF["create_mailbox_subdirs_host"]) must be configured, if sub-folders are to be created',E_USER_ERROR);
return FALSE;
}
$s_host=$CONF['create_mailbox_subdirs_host'];
$s_options='';
$s_port='';
if (
isset($CONF['create_mailbox_subdirs_hostoptions'])
& & !empty($CONF['create_mailbox_subdirs_hostoptions'])
) {
if (!is_array($CONF['create_mailbox_subdirs_hostoptions']))
{
trigger_error('The $CONF["create_mailbox_subdirs_hostoptions"] parameter must be an array',E_USER_ERROR);
return FALSE;
}
foreach ($CONF['create_mailbox_subdirs_hostoptions'] as $o)
{
$s_options.='/'.$o;
}
}
if (isset($CONF['create_mailbox_subdirs_hostport']) & & !empty($CONF['create_mailbox_subdirs_hostport']))
{
$s_port=$CONF['create_mailbox_subdirs_hostport'];
if (intval($s_port)!=$s_port)
{
trigger_error('The $CONF["create_mailbox_subdirs_hostport"] parameter must be an integer',E_USER_ERROR);
return FALSE;
}
$s_port=':'.$s_port;
}
$s='{'.$s_host.$s_port.$s_options.'}';
$i=@imap_open($s,$login,$cleartext_password);
if (FALSE==$i)
{
error_log('Could not log into IMAP/POP server: '.imap_last_error());
return FALSE;
}
foreach($CONF['create_mailbox_subdirs'] as $f)
{
$f='{'.$s_host.'}INBOX.'.$f;
$res=imap_createmailbox($i,$f);
if (!$res) {
@imap_close($i);
return FALSE;
}
@imap_subscribe($i,$f);
}
@imap_close($i);
return TRUE;
}
//
// gen_show_status
// Action: Return a string of colored 's that indicate
// the if an alias goto has an error or is sent to
// addresses list in show_custom_domains
// Call: gen_show_status (string alias_address)
//
function gen_show_status ($show_alias)
{
global $CONF, $table_alias;
$stat_string = "";
$stat_goto = "";
$stat_result = db_query ("SELECT goto FROM $table_alias WHERE address='$show_alias'");
if ($stat_result['rows'] > 0)
{
$row = db_row ($stat_result['result']);
$stat_goto = $row[0];
}
// UNDELIVERABLE CHECK
if ( $CONF['show_undeliverable'] == 'YES' )
{
$gotos=array();
$gotos=explode(',',$stat_goto);
$undel_string="";
//make sure this alias goes somewhere known
$stat_ok = 1;
while ( ($g=array_pop($gotos)) & & $stat_ok )
{
$stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g'");
if ($stat_result['rows'] == 0)
{
$stat_ok = 0;
}
if ( $stat_ok == 0 )
{
$stat_domain = substr($g,strpos($g,"@")+1);
$stat_vacdomain = substr($stat_domain,strpos($stat_domain,"@")+1);
if ( $stat_vacdomain == $CONF['vacation_domain'] )
{
$stat_ok = 1;
break;
}
for ($i=0; $i < sizeof ( $ CONF [ ' show_undeliverable_exceptions ' ] ) ; $ i + + )
{
if ( $stat_domain == $CONF['show_undeliverable_exceptions'][$i] )
{
$stat_ok = 1;
break;
}
}
}
} // while
if ( $stat_ok == 0 )
{
$stat_string .= "< span style = 'background-color:" . $CONF[' show_undeliverable_color ' ] .
"'>" . $CONF['show_status_text'] . "< / span > ";
}
else
{
$stat_string .= $CONF['show_status_text'] . " ";
}
}
else
{
$stat_string .= $CONF['show_status_text'] . " ";
}
// POP/IMAP CHECK
if ( $CONF['show_popimap'] == 'YES' )
{
//if the address passed in appears in its own goto field, its POP/IMAP
if (preg_match ('/^' . $show_alias . '$/', $stat_goto) ||
preg_match ('/.*,' . $show_alias . ',.*$/', $stat_goto) ||
preg_match ('/,' . $show_alias . '$/', $stat_goto) )
{
$stat_string .= "< span style = 'background-color:" . $CONF[' show_popimap_color ' ] .
"'>" . $CONF['show_status_text'] . "< / span > ";
}
else
{
$stat_string .= $CONF['show_status_text'] . " ";
}
}
// CUSTOM DESTINATION CHECK
if ( $CONF['show_custom_count'] > 0 )
{
for ($i = 0; $i < sizeof ( $ CONF [ ' show_custom_domains ' ] ) ; $ i + + )
{
if (preg_match ('/^.*' . $CONF['show_custom_domains'][$i] . '.*$/', $stat_goto))
{
$stat_string .= "< span style = 'background-color:" . $CONF[' show_custom_colors ' ] [ $ i ] .
"'>" . $CONF['show_status_text'] . "< / span > ";
}
else
{
$stat_string .= $CONF['show_status_text'] . " ";
}
}
}
else
{
$stat_string .= "; ";
}
// $stat_string .= "< span style = 'background-color:green' > < / span > " .
// "< span style = 'background-color:blue' > < / span > ";
return $stat_string;
}
$table_admin = table_by_key ('admin');
$table_alias = table_by_key ('alias');
$table_domain = table_by_key ('domain');
$table_domain_admins = table_by_key ('domain_admins');
$table_log = table_by_key ('log');
$table_mailbox = table_by_key ('mailbox');
$table_vacation = table_by_key ('vacation');
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */