banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

final set of refactoring patches (and the rest)

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
David Goodwin 17 years ago
parent 4eb83c4bdc
commit 3e70f276c2
17 changed files with 364 additions and 375 deletions
Show Stats Download Patch File Download Diff File

28
common.php
Unescape Escape View File

@ -0,0 +1,28 @@
<?php
// Postfix Admin
// by Mischa Peters <mischa at high5 dot net>
// Copyright (c) 2002 - 2005 High5!
// Licensed under GPL for more info check GPL-LICENSE.TXT
//
// File: common.php.php
//
// Template File: -none-
//
// Template Variables: -none-
//
// Form POST \ GET Variables: -none-
//
$incpath = dirname(__FILE__);
require_once("$incpath/variables.inc.php");
if(!is_file("$incpath/config.inc.php")) {
// incorrectly setup...
header("Location: setup.php");
exit(0);
}
require_once("$incpath/config.inc.php");
require_once("$incpath/functions.inc.php");
require_once("$incpath/languages/" . check_language () . ".lang");
session_start();

25
create-alias.php
Unescape Escape View File

@ -23,21 +23,16 @@
// fDomain
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
authentication_require_role('admin');
$username = authentication_get_username();
$SESSID_USERNAME = $username;
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else
{
$list_domains = list_domains ();
else {
$list_domains = list_domains_for_admin ($username);
}
$pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text'];
@ -64,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']);
}
if (! (check_admin($SESSID_USERNAME) || check_owner ($SESSID_USERNAME, $fDomain) ))
if (! (authentication_has_role('global-admin') || check_owner ($SESSID_USERNAME, $fDomain) ))
{
$error = 1;
$tAddress = escape_string ($_POST['fAddress']);
@ -149,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

151
create-mailbox.php
Unescape Escape View File

@ -29,26 +29,21 @@
// fMail
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -61,8 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$tQuota = $row['maxquota'];
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
@ -79,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!check_admin($SESSID_USERNAME)) )
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) )
{
$error = 1;
$tUsername = escape_string ($_POST['fUsername']);
@ -98,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$tDomain = $fDomain;
$pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3'];
}
if (empty ($fUsername) or !check_email ($fUsername))
{
$error = 1;
@ -113,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES")
{
$fPassword = generate_password ();
$fPassword = generate_password ();
}
else
{
@ -138,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text_error'];
}
}
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
@ -153,7 +146,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($error != 1)
{
$password = pacrypt ($fPassword);
if ($CONF['domain_path'] == "YES")
{
if ($CONF['domain_in_mailbox'] == "YES")
@ -169,7 +162,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$maildir = $fUsername . "/";
}
if (!empty ($fQuota))
{
$quota = multiply_quota ($fQuota);
@ -178,7 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$quota = 0;
}
if ($fActive == "on")
{
$fActive = 1;
@ -214,7 +207,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
}
else
{
$error=TRUE; // Being pessimistic
if (mailbox_postcreation($fUsername,$fDomain,$maildir))
{
@ -222,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$result=db_query("COMMIT");
/* should really not be possible: */
/* should really not be possible: */
/*
if (!$result) die('COMMIT-query failed.');
}
@ -233,14 +226,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$result=db_query("ROLLBACK");
/* should really not be possible: */
/* should really not be possible: */
/*
if (!$result) die('ROLLBACK-query failed.');
} else {
/*
When we cannot count on transactions, we need to move forward, despite
the problems.
*/
*/
/*
$error=FALSE;
}
@ -250,14 +243,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (!$error)
{
db_log ($CONF['admin_email'], $fDomain, "create mailbox", $fUsername);
*/
*/
/*
TODO: this is the start of /create-mailbox code segment that was originally used in /create-mailbox.php instead
of the above from admin/create-mailbox.php.
To be compared / merged.
*/
*/
$result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir))
@ -272,71 +265,71 @@ TODO: this is the start of /create-mailbox code segment that was originally used
db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername");
/*
TODO: this is the end of /create-mailbox.php code segment
*/
$tDomain = $fDomain;
*/
$tDomain = $fDomain;
if (create_mailbox_subfolders($fUsername,$fPassword))
{
$tMessage = $PALANG['pCreate_mailbox_result_succes'] . "<br />($fUsername";
} else {
$tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "<br />($fUsername";
}
if (create_mailbox_subfolders($fUsername,$fPassword))
{
$tMessage = $PALANG['pCreate_mailbox_result_succes'] . "<br />($fUsername";
} else {
$tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "<br />($fUsername";
}
if ($CONF['generate_password'] == "YES")
if ($CONF['generate_password'] == "YES")
{
$tMessage .= " / $fPassword)</br />";
}
else
{
if ($CONF['show_password'] == "YES")
{
$tMessage .= " / $fPassword)</br />";
}
else
{
if ($CONF['show_password'] == "YES")
{
$tMessage .= " / $fPassword)</br />";
}
else
{
$tMessage .= ")</br />";
}
$tMessage .= ")</br />";
}
$tQuota = $CONF['maxquota'];
}
$tQuota = $CONF['maxquota'];
if ($fMail == "on")
{
$fTo = $fUsername;
$fFrom = $SESSID_USERNAME;
$fHeaders = "To: " . $fTo . "\n";
$fHeaders .= "From: " . $fFrom . "\n";
if ($fMail == "on")
if (!empty ($PALANG['charset']))
{
$fTo = $fUsername;
$fFrom = $SESSID_USERNAME;
$fHeaders = "To: " . $fTo . "\n";
$fHeaders .= "From: " . $fFrom . "\n";
if (!empty ($PALANG['charset']))
{
$fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n";
$fHeaders .= "MIME-Version: 1.0\n";
$fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n";
$fHeaders .= "Content-Transfer-Encoding: 8bit\n";
}
else
{
$fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n";
}
$fHeaders .= $CONF['welcome_text'];
$fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n";
$fHeaders .= "MIME-Version: 1.0\n";
$fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n";
$fHeaders .= "Content-Transfer-Encoding: 8bit\n";
}
else
{
$fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n";
}
if (!smtp_mail ($fTo, $fFrom, $fHeaders))
{
$tMessage .= "<br />" . $PALANG['pSendmail_result_error'] . "<br />";
}
else
{
$tMessage .= "<br />" . $PALANG['pSendmail_result_succes'] . "<br />";
}
$fHeaders .= $CONF['welcome_text'];
if (!smtp_mail ($fTo, $fFrom, $fHeaders))
{
$tMessage .= "<br />" . $PALANG['pSendmail_result_error'] . "<br />";
}
else
{
$tMessage .= "<br />" . $PALANG['pSendmail_result_succes'] . "<br />";
}
}
}
}
}
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

11
delete.php
Unescape Escape View File

@ -18,12 +18,12 @@
// fDelete
// fDomain
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session();
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -43,6 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
else
{
if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
$result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
if ($result['rows'] != 1)
{

16
edit-active.php
Unescape Escape View File

@ -20,14 +20,10 @@
// fReturn
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -36,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin') ) )
{
$error = 1;
$tMessage = $PALANG['pEdit_mailbox_domain_error'] . "<b>$fDomain</b>!</font>";
@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
}
else
{
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@ -95,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

18
edit-alias.php
Unescape Escape View File

@ -21,21 +21,17 @@
// fGoto
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
if ($result['rows'] == 1)
@ -60,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
$fGoto = strtolower ($fGoto);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{
$error = 1;
$tGoto = $_POST['fGoto'];
@ -114,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@ -126,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

18
edit-mailbox.php
Unescape Escape View File

@ -26,14 +26,10 @@
// fActive
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
$fUsername = strtolower ($fUsername);
@ -44,7 +40,7 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'");
if ($result['rows'] == 1)
@ -79,7 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']);
if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{
$error = 1;
$tName = $fName;
@ -153,7 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername);
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@ -165,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

131
edit-vacation.php
Unescape Escape View File

@ -1,4 +1,6 @@
<?php
// XXX TODO - Remove the code duplication between this file (for admins) and users/vacation.php
// - too much of the code is identical for there not to be some refactoring possible.
//
// Postfix Admin
// by Mischa Peters <mischa at high5 dot net>
@ -11,6 +13,7 @@
//
// Template Variables:
//
// tUseremail
// tMessage
// tSubject
// tBody
@ -25,38 +28,27 @@
// fQuota
// fActive
//
// This is a copy of the superadmin edit-vacation.php with
// template references changed
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
if($CONF['vacation'] == 'NO') {
header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
exit(0);
}
$vacation_domain = $CONF['vacation_domain'];
$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
$SESSID_USERNAME = check_session ();
(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1];
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_admin($SESSID_USERNAME))
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain";
}
else
{
if (check_owner ($SESSID_USERNAME, $fDomain))
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain";
}
//unauthorized, exit
else { exit; }
}
$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -74,72 +66,70 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$vacation_domain = $CONF['vacation_domain'];
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) {
$fDomain = escape_string ($_GET['domain']);
}
else {
$fDomain = $USERID_DOMAIN;
}
if (isset ($_GET['username'])) {
$fUsername = escape_string ($_GET['username']);
}
else {
$fUsername = authentication_get_username();
}
$tUseremail = $fUsername;
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
//if change, remove old one, then set new one
//if change, remove old one, then perhaps set new one
if (!empty ($fBack) || !empty ($fChange))
{
//if we find an existing vacation entry, delete it
$result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] == 1)
{
$result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
$tMessage = "cannot remove $fUsername from $table_vacation";
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
}
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
//if we find an existing vacation entry, delete it
$result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$goto = $row['goto'];
//only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$fUsername@$vacation_domain,/", '', $goto);
$goto= preg_replace ( "/,$fUsername@$vacation_domain/", '', $goto);
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
$result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
else
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
$tMessage = $PALANG['pVacation_result_success'];
$row = db_array ($result['result']);
$goto = $row['goto'];
//only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$vacation_goto,/", '', $goto);
$goto= preg_replace ( "/,$vacation_goto/", '', $goto);
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
}
}
}
}
}
//Set the vacation data for $fUsername
if (!empty ($fChange))
{
$goto = '';
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
$goto = $goto . "," . "$fUsername@$vacation_domain";
$goto = $goto . "," . $vacation_goto;
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
else
{
header ("Location: $fCanceltarget");
exit;
}
}
}
if($error == 0) {
if(!empty ($fBack)) {
$tMessage = $PALANG['pVacation_result_removed'];
}
if(!empty($fChange)) {
$tMessage= $PALANG['pVacation_result_added'];
}
}
else {
$tMessage = $PALANG['pVacation_result_error'];
}
$tUseremail = $SESSID_USERNAME;
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

46
index.php
Unescape Escape View File

@ -19,36 +19,30 @@
//
if (!file_exists (realpath ("./setup.php")))
{
header ("Location: login.php");
exit;
header ("Location: login.php");
exit;
}
else
{
print <<< EOF
print <<< EOF
<html>
<head>
<title>Welcome to Postfix Admin</title>
</head>
<body>
<img id="login_header_logo" src="images/postbox.png" />
<img id="login_header_logo2" src="images/postfixadmin2.png" />
<h1>Welcome to Postfix Admin</h1>
It seems that you are running this version of Postfix Admin for the first time.<br />
<p />
You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br />
<p />
If you still encounter any problems please check the documentation and website for more information.
<p />
Your donations keep this project running...
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHDgYJKoZIhvcNAQcEoIIG/zCCBvsCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAaWZJT9HWnL5r84t1G3lE63Fs8NGVgfq49mgflefUQOeVfKUG7NXZOkJT/FxH+SLf2c20VGRhol6vr0EqlMbJYkqeAJJIEHDVe8OiiYV1MYDWBRoJ5TRUCVurbFq9DnMokHohXBsdYjtAAxwvw6m9MZucVkZfg83QsgrfqeFpDNTELMAkGBSsOAwIaBQAwgYsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIC0DzenYGQ6SAaKk6zKCl+ULUPl5c4pT4u0dpzFLw3sXBESPspq92l37FQXdxLzp2qaeP2StIXgU828PbJxt5ilucTLmnfkhpoeSdbvrlfiYJQbI1kjtHi0gIO4Hp0iUmaRaOTAEcNYfO84xxce0rJlfdoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQwOTE3MTUwNzEzWjAjBgkqhkiG9w0BCQQxFgQUXsDlCR/SO8MRWqCsrkZ7wbU4RZAwDQYJKoZIhvcNAQEBBQAEgYCPDjlGd7bghDtcCDiPl7DPgV6/vT4vc5bn5ygoqIahQF5Asu9v+Qocb+vMEPq+IZampJ/XlcGzwmzY23IfeVAq4aosqM265rDxyfmnzmiApO/KCJS7pN8dBVeDLEXGNYo1s73Ch0lETohWwYHKNKk+Wwe3+6tFhumthRHbpqQ4dw==-----END PKCS7-----">
</form>
<p />
<a href="http://high5.net/postfixadmin/">Postfix Admin</a><br />
<a href="http://forums.high5.net/index.php?showforum=7">Knowledge Base</a>
</body>
<head>
<title>Welcome to Postfix Admin</title>
</head>
<body>
<img id="login_header_logo" src="images/postbox.png" />
<img id="login_header_logo2" src="images/postfixadmin2.png" />
<h1>Welcome to Postfix Admin</h1>
It seems that you are running this version of Postfix Admin for the first time.<br />
<p />
You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br />
<p />
If you still encounter any problems, please check the documentation and website for more information.
<p />
<p />
<a href="http://postfixadmin.org">Postfix Admin</a> web site<br />
<a href="http://sourceforge.net/forum/forum.php?forum_id=676076">Knowledge Base</a>
</body>
</html>
EOF;
}

96
login.php
Unescape Escape View File

@ -19,65 +19,63 @@
// fUsername
// fPassword
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
require_once('common.php');
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
include ("./templates/header.tpl");
include ("./templates/login.tpl");
include ("./templates/footer.tpl");
include ("./templates/header.tpl");
include ("./templates/login.tpl");
include ("./templates/footer.tpl");
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
$fUsername = '';
$fPassword = '';
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
$result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$password = pacrypt ($fPassword, $row['password']);
$result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$password = pacrypt ($fPassword, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pLogin_password_incorrect'];
$tUsername = $fUsername;
}
}
else
{
$error = 1;
$tMessage = $PALANG['pLogin_username_incorrect'];
}
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pLogin_password_incorrect'];
$tUsername = $fUsername;
}
}
else
{
$error = 1;
$tMessage = $PALANG['pLogin_username_incorrect'];
}
if ($error != 1)
{
session_regenerate_id();
$_SESSION['sessid'] = array();
$_SESSION['sessid']['username'] = $fUsername;
$_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'admin';
if ($error != 1)
{
session_start();
session_register("sessid");
$_SESSION['sessid']['username'] = $fUsername;
// they've logged in, so see if they are a domain admin, as well.
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
if ($result['rows'] == 1)
{
$_SESSION['sessid']['roles'][] = 'global-admin';
header("Location: admin/list-admin.php");
exit(0);
}
header("Location: main.php");
exit(0);
}
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
if ($fUsername == $row['username'])
{
header("Location: admin/index.php");
exit;
}
}
header("Location: main.php");
exit;
}
include ("./templates/header.tpl");
include ("./templates/login.tpl");
include ("./templates/footer.tpl");
include ("./templates/header.tpl");
include ("./templates/login.tpl");
include ("./templates/footer.tpl");
}
?>

4
logout.php
Unescape Escape View File

@ -17,10 +17,8 @@
//
// -none-
//
require ("./config.inc.php");
require ("./functions.inc.php");
$SESSID_USERNAME = check_session ();
require_once('common.php');
session_unset ();
session_destroy ();

9
main.php
Unescape Escape View File

@ -17,11 +17,12 @@
//
// -none-
//
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
authentication_require_role('admin');
if ($_SERVER["REQUEST_METHOD"] == "GET")
{

28
overview.php
Unescape Escape View File

@ -23,20 +23,19 @@
// fDomain
// limit
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$tAlias = array();
$tMailbox = array();
@ -103,7 +102,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$row['created']=gmstrftime('%c %Z',$row['uts_created']);
$row['modified']=gmstrftime('%c %Z',$row['uts_modified']);
$row['active']=('t'==$row['active']) ? 1 : 0;
$row['v_active']=('t'==$row['v_active']) ? 1 : 0;
if(isset($row['v_active'])) {
$row['v_active']=('t'==$row['v_active']) ? 1 : 0;
}
else {
$row['v_active'] = -1 ; //unknown; broken query above..
}
unset($row['uts_created']);
unset($row['uts_modified']);
}

104
password.php
Unescape Escape View File

@ -19,71 +19,71 @@
// fPassword
// fPassword2
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
include ("./templates/header.tpl");
include ("./templates/menu.tpl");
include ("./templates/password.tpl");
include ("./templates/footer.tpl");
include ("./templates/header.tpl");
include ("./templates/menu.tpl");
include ("./templates/password.tpl");
include ("./templates/footer.tpl");
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
$username = $SESSID_USERNAME;
$username = $SESSID_USERNAME;
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$checked_password = pacrypt ($fPassword_current, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$checked_password = pacrypt ($fPassword_current, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
if ($result['rows'] != 1)
{
$error = 1;
$pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
}
}
else
{
$error = 1;
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
}
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
if ($result['rows'] != 1)
{
$error = 1;
$pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
}
}
else
{
$error = 1;
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
}
if (empty ($fPassword) or ($fPassword != $fPassword2))
{
$error = 1;
$pPassword_password_text = $PALANG['pPassword_password_text_error'];
}
if (empty ($fPassword) or ($fPassword != $fPassword2))
{
$error = 1;
$pPassword_password_text = $PALANG['pPassword_password_text_error'];
}
if ($error != 1)
{
$password = pacrypt ($fPassword);
$result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
if ($result['rows'] == 1)
{
$tMessage = $PALANG['pPassword_result_succes'];
}
else
{
$tMessage = $PALANG['pPassword_result_error'];
}
}
if ($error != 1)
{
$password = pacrypt ($fPassword);
$result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
if ($result['rows'] == 1)
{
$tMessage = $PALANG['pPassword_result_succes'];
}
else
{
$tMessage = $PALANG['pPassword_result_error'];
}
}
include ("./templates/header.tpl");
include ("./templates/menu.tpl");
include ("./templates/password.tpl");
include ("./templates/footer.tpl");
include ("./templates/header.tpl");
include ("./templates/menu.tpl");
include ("./templates/password.tpl");
include ("./templates/footer.tpl");
}
?>

21
search.php
Unescape Escape View File

@ -20,20 +20,17 @@
// fGo
// fDomain
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$tAlias = array();
@ -109,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (empty ($fSearch) && !empty ($fGo))
{
if (check_admin($SESSID_USERNAME))
if (authentication_has_role('global-admin'))
{
header("Location: list-virtual.php?domain=" . $fDomain ) && exit;
}

10
sendmail.php
Unescape Escape View File

@ -22,14 +22,14 @@
// fSubject
// fBody
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
require_once('common.php');
authentication_require_role('admin');
(($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
include ("./templates/header.tpl");

23
viewlog.php
Unescape Escape View File

@ -19,22 +19,17 @@
// fDomain
//
if (!isset($incpath)) $incpath = '.';
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
require_once('common.php');
$SESSID_USERNAME = check_session();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -45,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
die('Unknown request method');
}
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')))
{
$error = 1;
$tMessage = $PALANG['pViewlog_result_error'];
@ -74,7 +69,7 @@ if ($error != 1)
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

Write Preview
Loading…
Cancel
Save