From 3e70f276c2bd0dfea4e4adc8850eada642e69ac5 Mon Sep 17 00:00:00 2001 From: David Goodwin Date: Sat, 22 Sep 2007 10:59:41 +0000 Subject: [PATCH] final set of refactoring patches (and the rest) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802 --- common.php | 28 +++++++++ create-alias.php | 25 +++----- create-mailbox.php | 151 +++++++++++++++++++++------------------------ delete.php | 11 ++-- edit-active.php | 16 ++--- edit-alias.php | 18 +++--- edit-mailbox.php | 18 +++--- edit-vacation.php | 131 +++++++++++++++++++-------------------- index.php | 46 ++++++-------- login.php | 96 ++++++++++++++-------------- logout.php | 4 +- main.php | 9 +-- overview.php | 28 +++++---- password.php | 104 +++++++++++++++---------------- search.php | 21 +++---- sendmail.php | 10 +-- viewlog.php | 23 +++---- 17 files changed, 364 insertions(+), 375 deletions(-) create mode 100644 common.php diff --git a/common.php b/common.php new file mode 100644 index 00000000..0eb61980 --- /dev/null +++ b/common.php @@ -0,0 +1,28 @@ + +// Copyright (c) 2002 - 2005 High5! +// Licensed under GPL for more info check GPL-LICENSE.TXT +// +// File: common.php.php +// +// Template File: -none- +// +// Template Variables: -none- +// +// Form POST \ GET Variables: -none- +// + +$incpath = dirname(__FILE__); + +require_once("$incpath/variables.inc.php"); +if(!is_file("$incpath/config.inc.php")) { + // incorrectly setup... + header("Location: setup.php"); + exit(0); +} +require_once("$incpath/config.inc.php"); +require_once("$incpath/functions.inc.php"); +require_once("$incpath/languages/" . check_language () . ".lang"); + +session_start(); diff --git a/create-alias.php b/create-alias.php index 3154d130..486de662 100644 --- a/create-alias.php +++ b/create-alias.php @@ -23,21 +23,16 @@ // fDomain // -if (!isset($incpath)) $incpath = '.'; +require_once('common.php'); -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); - -$SESSID_USERNAME = check_session (); -if (!check_admin($SESSID_USERNAME)) -{ - $list_domains = list_domains_for_admin ($SESSID_USERNAME); +authentication_require_role('admin'); +$username = authentication_get_username(); +$SESSID_USERNAME = $username; +if(authentication_has_role('global-admin')) { + $list_domains = list_domains (); } -else -{ - $list_domains = list_domains (); +else { + $list_domains = list_domains_for_admin ($username); } $pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text']; @@ -64,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") $fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']); } - if (! (check_admin($SESSID_USERNAME) || check_owner ($SESSID_USERNAME, $fDomain) )) + if (! (authentication_has_role('global-admin') || check_owner ($SESSID_USERNAME, $fDomain) )) { $error = 1; $tAddress = escape_string ($_POST['fAddress']); @@ -149,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl"); diff --git a/create-mailbox.php b/create-mailbox.php index 6840890c..492f3219 100644 --- a/create-mailbox.php +++ b/create-mailbox.php @@ -29,26 +29,21 @@ // fMail // -if (!isset($incpath)) $incpath = '.'; +require_once('common.php'); -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); - -$SESSID_USERNAME = check_session (); -if (!check_admin($SESSID_USERNAME)) -{ - $list_domains = list_domains_for_admin ($SESSID_USERNAME); -} -else -{ +authentication_require_role('admin'); +$SESSID_USERNAME = authentication_get_username(); +if(authentication_has_role('global-admin')) { $list_domains = list_domains (); } +else { + $list_domains = list_domains_for_admin ($SESSID_USERNAME); +} - $pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text']; - $pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text']; - $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text']; + +$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text']; +$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text']; +$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text']; if ($_SERVER['REQUEST_METHOD'] == "GET") { @@ -61,8 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") $tQuota = $row['maxquota']; } - - } if ($_SERVER['REQUEST_METHOD'] == "POST") @@ -79,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']); - if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!check_admin($SESSID_USERNAME)) ) + if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) ) { $error = 1; $tUsername = escape_string ($_POST['fUsername']); @@ -98,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") $tDomain = $fDomain; $pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3']; } - + if (empty ($fUsername) or !check_email ($fUsername)) { $error = 1; @@ -113,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES") { - $fPassword = generate_password (); + $fPassword = generate_password (); } else { @@ -138,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text_error']; } } - + $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'"); if ($result['rows'] == 1) { @@ -153,7 +146,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if ($error != 1) { $password = pacrypt ($fPassword); - + if ($CONF['domain_path'] == "YES") { if ($CONF['domain_in_mailbox'] == "YES") @@ -169,7 +162,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $maildir = $fUsername . "/"; } - + if (!empty ($fQuota)) { $quota = multiply_quota ($fQuota); @@ -178,7 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $quota = 0; } - + if ($fActive == "on") { $fActive = 1; @@ -214,7 +207,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") } else { - + $error=TRUE; // Being pessimistic if (mailbox_postcreation($fUsername,$fDomain,$maildir)) { @@ -222,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $result=db_query("COMMIT"); - /* should really not be possible: */ +/* should really not be possible: */ /* if (!$result) die('COMMIT-query failed.'); } @@ -233,14 +226,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $result=db_query("ROLLBACK"); - /* should really not be possible: */ +/* should really not be possible: */ /* if (!$result) die('ROLLBACK-query failed.'); } else { /* When we cannot count on transactions, we need to move forward, despite the problems. - */ + */ /* $error=FALSE; } @@ -250,14 +243,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (!$error) { db_log ($CONF['admin_email'], $fDomain, "create mailbox", $fUsername); - -*/ + + */ /* TODO: this is the start of /create-mailbox code segment that was originally used in /create-mailbox.php instead of the above from admin/create-mailbox.php. To be compared / merged. -*/ + */ $result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$quota','$fDomain',NOW(),NOW(),'$sqlActive')"); if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir)) @@ -272,71 +265,71 @@ TODO: this is the start of /create-mailbox code segment that was originally used db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername"); /* TODO: this is the end of /create-mailbox.php code segment -*/ - $tDomain = $fDomain; + */ + $tDomain = $fDomain; - if (create_mailbox_subfolders($fUsername,$fPassword)) - { - $tMessage = $PALANG['pCreate_mailbox_result_succes'] . "
($fUsername"; - } else { - $tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "
($fUsername"; - } + if (create_mailbox_subfolders($fUsername,$fPassword)) + { + $tMessage = $PALANG['pCreate_mailbox_result_succes'] . "
($fUsername"; + } else { + $tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "
($fUsername"; + } - if ($CONF['generate_password'] == "YES") + if ($CONF['generate_password'] == "YES") + { + $tMessage .= " / $fPassword)
"; + } + else + { + if ($CONF['show_password'] == "YES") { $tMessage .= " / $fPassword)
"; } else { - if ($CONF['show_password'] == "YES") - { - $tMessage .= " / $fPassword)
"; - } - else - { - $tMessage .= ")
"; - } + $tMessage .= ")
"; } - - $tQuota = $CONF['maxquota']; + } + + $tQuota = $CONF['maxquota']; + + if ($fMail == "on") + { + $fTo = $fUsername; + $fFrom = $SESSID_USERNAME; + $fHeaders = "To: " . $fTo . "\n"; + $fHeaders .= "From: " . $fFrom . "\n"; - if ($fMail == "on") + if (!empty ($PALANG['charset'])) { - $fTo = $fUsername; - $fFrom = $SESSID_USERNAME; - $fHeaders = "To: " . $fTo . "\n"; - $fHeaders .= "From: " . $fFrom . "\n"; - - if (!empty ($PALANG['charset'])) - { - $fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n"; - $fHeaders .= "MIME-Version: 1.0\n"; - $fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n"; - $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; - } - else - { - $fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n"; - } - - $fHeaders .= $CONF['welcome_text']; + $fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n"; + $fHeaders .= "MIME-Version: 1.0\n"; + $fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n"; + $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; + } + else + { + $fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n"; + } - if (!smtp_mail ($fTo, $fFrom, $fHeaders)) - { - $tMessage .= "
" . $PALANG['pSendmail_result_error'] . "
"; - } - else - { - $tMessage .= "
" . $PALANG['pSendmail_result_succes'] . "
"; - } + $fHeaders .= $CONF['welcome_text']; + + if (!smtp_mail ($fTo, $fFrom, $fHeaders)) + { + $tMessage .= "
" . $PALANG['pSendmail_result_error'] . "
"; + } + else + { + $tMessage .= "
" . $PALANG['pSendmail_result_succes'] . "
"; } } + } } } include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl"); diff --git a/delete.php b/delete.php index 971de074..68fc96be 100644 --- a/delete.php +++ b/delete.php @@ -18,12 +18,12 @@ // fDelete // fDomain // -require ("./variables.inc.php"); -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); -$SESSID_USERNAME = check_session(); +require_once('common.php'); + +authentication_require_role('admin'); + +$SESSID_USERNAME = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "GET") { @@ -43,6 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") else { if ($CONF['database_type'] == "pgsql") db_query('BEGIN'); + $result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'"); if ($result['rows'] != 1) { diff --git a/edit-active.php b/edit-active.php index b7a3a172..df37678a 100644 --- a/edit-active.php +++ b/edit-active.php @@ -20,14 +20,10 @@ // fReturn // -if (!isset($incpath)) $incpath = '.'; +require_once('common.php'); -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); - -$SESSID_USERNAME = check_session (); +authentication_require_role('admin'); +$SESSID_USERNAME = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "GET") { @@ -36,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']); - if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) ) + if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin') ) ) { $error = 1; $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "$fDomain!"; @@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") } else { - if (check_admin($SESSID_USERNAME)) { + if (authentication_has_role('global-admin')) { header ("Location: list-virtual.php?domain=$fDomain"); } else { header ("Location: overview.php?domain=$fDomain"); @@ -95,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl"); diff --git a/edit-alias.php b/edit-alias.php index dde57c1c..623011cd 100644 --- a/edit-alias.php +++ b/edit-alias.php @@ -21,21 +21,17 @@ // fGoto // -if (!isset($incpath)) $incpath = '.'; +require_once('common.php'); -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); - -$SESSID_USERNAME = check_session (); +authentication_require_role('admin'); +$SESSID_USERNAME = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "GET") { if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); - if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) + if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) { $result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'"); if ($result['rows'] == 1) @@ -60,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']); $fGoto = strtolower ($fGoto); - if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) ) + if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) ) { $error = 1; $tGoto = $_POST['fGoto']; @@ -114,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto"); - if (check_admin($SESSID_USERNAME)) { + if (authentication_has_role('global-admin')) { header ("Location: list-virtual.php?domain=$fDomain"); } else { header ("Location: overview.php?domain=$fDomain"); @@ -126,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl"); diff --git a/edit-mailbox.php b/edit-mailbox.php index 3c85b522..eda91eaa 100644 --- a/edit-mailbox.php +++ b/edit-mailbox.php @@ -26,14 +26,10 @@ // fActive // -if (!isset($incpath)) $incpath = '.'; +require_once('common.php'); -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); - -$SESSID_USERNAME = check_session (); +authentication_require_role('admin'); +$SESSID_USERNAME = authentication_get_username(); if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); $fUsername = strtolower ($fUsername); @@ -44,7 +40,7 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text']; if ($_SERVER['REQUEST_METHOD'] == "GET") { - if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) + if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) { $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'"); if ($result['rows'] == 1) @@ -79,7 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']); if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']); - if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) ) + if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) ) { $error = 1; $tName = $fName; @@ -153,7 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername); - if (check_admin($SESSID_USERNAME)) { + if (authentication_has_role('global-admin')) { header ("Location: list-virtual.php?domain=$fDomain"); } else { header ("Location: overview.php?domain=$fDomain"); @@ -165,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl"); diff --git a/edit-vacation.php b/edit-vacation.php index baf9b7fb..c08c4359 100644 --- a/edit-vacation.php +++ b/edit-vacation.php @@ -1,4 +1,6 @@ @@ -11,6 +13,7 @@ // // Template Variables: // +// tUseremail // tMessage // tSubject // tBody @@ -25,38 +28,27 @@ // fQuota // fActive // -// This is a copy of the superadmin edit-vacation.php with -// template references changed -// -if (!isset($incpath)) $incpath = '.'; +require_once('common.php'); + +$SESSID_USERNAME = authentication_get_username(); -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); +if($CONF['vacation'] == 'NO') { + header("Location: " . $CONF['postfix_admin_url'] . "/main.php"); + exit(0); +} + +$vacation_domain = $CONF['vacation_domain']; +$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME); +$vacation_goto = $vacation_goto . '@' . $vacation_domain; -$SESSID_USERNAME = check_session (); -(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1'); $tmp = preg_split ('/@/', $SESSID_USERNAME); $USERID_DOMAIN = $tmp[1]; if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); -if (check_admin($SESSID_USERNAME)) -{ - $fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain"; -} -else -{ - if (check_owner ($SESSID_USERNAME, $fDomain)) - { - $fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain"; - } - //unauthorized, exit - else { exit; } -} +$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php'; if ($_SERVER['REQUEST_METHOD'] == "GET") { @@ -74,72 +66,70 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; } if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; } - - } if ($_SERVER['REQUEST_METHOD'] == "POST") { - $vacation_domain = $CONF['vacation_domain']; if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']); if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']); if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']); if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']); - if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); - if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); + if (isset ($_GET['domain'])) { + $fDomain = escape_string ($_GET['domain']); + } + else { + $fDomain = $USERID_DOMAIN; + } + if (isset ($_GET['username'])) { + $fUsername = escape_string ($_GET['username']); + } + else { + $fUsername = authentication_get_username(); + } $tUseremail = $fUsername; if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; } if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; } - //if change, remove old one, then set new one + //if change, remove old one, then perhaps set new one if (!empty ($fBack) || !empty ($fChange)) { - //if we find an existing vacation entry, delete it - $result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'"); - if ($result['rows'] == 1) - { - $result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'"); - if ($result['rows'] != 1) - { - $error = 1; - $tMessage = $PALANG['pVacation_result_error']; - $tMessage = "cannot remove $fUsername from $table_vacation"; - } - else - { - $tMessage = $PALANG['pVacation_result_success']; - } - - $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'"); + //if we find an existing vacation entry, delete it + $result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'"); if ($result['rows'] == 1) { - $row = db_array ($result['result']); - $goto = $row['goto']; - - //only one of these will do something, first handles address at beginning and middle, second at end - $goto= preg_replace ( "/$fUsername@$vacation_domain,/", '', $goto); - $goto= preg_replace ( "/,$fUsername@$vacation_domain/", '', $goto); - - $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'"); + $result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'"); if ($result['rows'] != 1) { $error = 1; - $tMessage = $PALANG['pVacation_result_error']; } - else + + $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'"); + if ($result['rows'] == 1) { - $tMessage = $PALANG['pVacation_result_success']; + $row = db_array ($result['result']); + $goto = $row['goto']; + + //only one of these will do something, first handles address at beginning and middle, second at end + $goto= preg_replace ( "/$vacation_goto,/", '', $goto); + $goto= preg_replace ( "/,$vacation_goto/", '', $goto); + + $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'"); + if ($result['rows'] != 1) + { + $error = 1; + } } } - } } + //Set the vacation data for $fUsername if (!empty ($fChange)) { + $goto = ''; $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'"); if ($result['rows'] == 1) { @@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") ($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1; $result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)"); + if ($result['rows'] != 1) { $error = 1; - $tMessage = $PALANG['pVacation_result_error']; } - $goto = $goto . "," . "$fUsername@$vacation_domain"; + $goto = $goto . "," . $vacation_goto; $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'"); if ($result['rows'] != 1) { $error = 1; - $tMessage = $PALANG['pVacation_result_error']; - } - else - { - header ("Location: $fCanceltarget"); - exit; } } } +if($error == 0) { + if(!empty ($fBack)) { + $tMessage = $PALANG['pVacation_result_removed']; + } + if(!empty($fChange)) { + $tMessage= $PALANG['pVacation_result_added']; + } +} +else { + $tMessage = $PALANG['pVacation_result_error']; +} + +$tUseremail = $SESSID_USERNAME; include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl"); diff --git a/index.php b/index.php index 66ed3eb3..9b2f756c 100644 --- a/index.php +++ b/index.php @@ -19,36 +19,30 @@ // if (!file_exists (realpath ("./setup.php"))) { - header ("Location: login.php"); - exit; + header ("Location: login.php"); + exit; } else { - print <<< EOF + print <<< EOF - -Welcome to Postfix Admin - - - - -

Welcome to Postfix Admin

-It seems that you are running this version of Postfix Admin for the first time.
-

-You can now run setup to make sure that all the functions are available for Postfix Admin to run.
-

-If you still encounter any problems please check the documentation and website for more information. -

-Your donations keep this project running... -

- - - -
-

-Postfix Admin
-Knowledge Base - + + Welcome to Postfix Admin + + + + +

Welcome to Postfix Admin

+ It seems that you are running this version of Postfix Admin for the first time.
+

+ You can now run setup to make sure that all the functions are available for Postfix Admin to run.
+

+ If you still encounter any problems, please check the documentation and website for more information. +

+

+ Postfix Admin web site
+ Knowledge Base + EOF; } diff --git a/login.php b/login.php index b1cbd90a..bd3d74e1 100644 --- a/login.php +++ b/login.php @@ -19,65 +19,63 @@ // fUsername // fPassword // -require ("./variables.inc.php"); -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); +require_once('common.php'); if ($_SERVER['REQUEST_METHOD'] == "GET") { - include ("./templates/header.tpl"); - include ("./templates/login.tpl"); - include ("./templates/footer.tpl"); + include ("./templates/header.tpl"); + include ("./templates/login.tpl"); + include ("./templates/footer.tpl"); } if ($_SERVER['REQUEST_METHOD'] == "POST") { - if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']); - if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); + $fUsername = ''; + $fPassword = ''; + if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']); + if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); - $result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'"); - if ($result['rows'] == 1) - { - $row = db_array ($result['result']); - $password = pacrypt ($fPassword, $row['password']); + $result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'"); + if ($result['rows'] == 1) + { + $row = db_array ($result['result']); + $password = pacrypt ($fPassword, $row['password']); + $result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'"); + if ($result['rows'] != 1) + { + $error = 1; + $tMessage = $PALANG['pLogin_password_incorrect']; + $tUsername = $fUsername; + } + } + else + { + $error = 1; + $tMessage = $PALANG['pLogin_username_incorrect']; + } - $result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'"); - if ($result['rows'] != 1) - { - $error = 1; - $tMessage = $PALANG['pLogin_password_incorrect']; - $tUsername = $fUsername; - } - } - else - { - $error = 1; - $tMessage = $PALANG['pLogin_username_incorrect']; - } + if ($error != 1) + { + session_regenerate_id(); + $_SESSION['sessid'] = array(); + $_SESSION['sessid']['username'] = $fUsername; + $_SESSION['sessid']['roles'] = array(); + $_SESSION['sessid']['roles'][] = 'admin'; - if ($error != 1) - { - session_start(); - session_register("sessid"); - $_SESSION['sessid']['username'] = $fUsername; + // they've logged in, so see if they are a domain admin, as well. + $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'"); + if ($result['rows'] == 1) + { + $_SESSION['sessid']['roles'][] = 'global-admin'; + header("Location: admin/list-admin.php"); + exit(0); + } + header("Location: main.php"); + exit(0); + } - $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'"); - if ($result['rows'] == 1) - { - $row = db_array ($result['result']); - if ($fUsername == $row['username']) - { - header("Location: admin/index.php"); - exit; - } - } - header("Location: main.php"); - exit; - } - - include ("./templates/header.tpl"); - include ("./templates/login.tpl"); - include ("./templates/footer.tpl"); + include ("./templates/header.tpl"); + include ("./templates/login.tpl"); + include ("./templates/footer.tpl"); } ?> diff --git a/logout.php b/logout.php index a5af8ec4..73d81583 100644 --- a/logout.php +++ b/logout.php @@ -17,10 +17,8 @@ // // -none- // -require ("./config.inc.php"); -require ("./functions.inc.php"); -$SESSID_USERNAME = check_session (); +require_once('common.php'); session_unset (); session_destroy (); diff --git a/main.php b/main.php index d68eafe5..acba53c2 100644 --- a/main.php +++ b/main.php @@ -17,11 +17,12 @@ // // -none- // -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); -$SESSID_USERNAME = check_session (); +require_once('common.php'); + +$SESSID_USERNAME = authentication_get_username(); + +authentication_require_role('admin'); if ($_SERVER["REQUEST_METHOD"] == "GET") { diff --git a/overview.php b/overview.php index 698212db..dd8b14f9 100644 --- a/overview.php +++ b/overview.php @@ -23,20 +23,19 @@ // fDomain // limit // -require ("./variables.inc.php"); -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); -$SESSID_USERNAME = check_session(); -if (!check_admin($SESSID_USERNAME)) -{ - $list_domains = list_domains_for_admin ($SESSID_USERNAME); -} -else -{ +require_once('common.php'); + +authentication_require_role('admin'); + +$SESSID_USERNAME = authentication_get_username(); + +if(authentication_has_role('global-admin')) { $list_domains = list_domains (); } +else { + $list_domains = list_domains_for_admin ($SESSID_USERNAME); +} $tAlias = array(); $tMailbox = array(); @@ -103,7 +102,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") $row['created']=gmstrftime('%c %Z',$row['uts_created']); $row['modified']=gmstrftime('%c %Z',$row['uts_modified']); $row['active']=('t'==$row['active']) ? 1 : 0; - $row['v_active']=('t'==$row['v_active']) ? 1 : 0; + if(isset($row['v_active'])) { + $row['v_active']=('t'==$row['v_active']) ? 1 : 0; + } + else { + $row['v_active'] = -1 ; //unknown; broken query above.. + } unset($row['uts_created']); unset($row['uts_modified']); } diff --git a/password.php b/password.php index c8c61120..ca5f1b7b 100644 --- a/password.php +++ b/password.php @@ -19,71 +19,71 @@ // fPassword // fPassword2 // -require ("./variables.inc.php"); -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); -$SESSID_USERNAME = check_session (); +require_once('common.php'); + +authentication_require_role('admin'); + +$SESSID_USERNAME = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "GET") { - include ("./templates/header.tpl"); - include ("./templates/menu.tpl"); - include ("./templates/password.tpl"); - include ("./templates/footer.tpl"); + include ("./templates/header.tpl"); + include ("./templates/menu.tpl"); + include ("./templates/password.tpl"); + include ("./templates/footer.tpl"); } if ($_SERVER['REQUEST_METHOD'] == "POST") { - if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']); - if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); - if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']); + if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']); + if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); + if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']); - $username = $SESSID_USERNAME; + $username = $SESSID_USERNAME; - $result = db_query ("SELECT * FROM $table_admin WHERE username='$username'"); - if ($result['rows'] == 1) - { - $row = db_array ($result['result']); - $checked_password = pacrypt ($fPassword_current, $row['password']); + $result = db_query ("SELECT * FROM $table_admin WHERE username='$username'"); + if ($result['rows'] == 1) + { + $row = db_array ($result['result']); + $checked_password = pacrypt ($fPassword_current, $row['password']); - $result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'"); - if ($result['rows'] != 1) - { - $error = 1; - $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; - } - } - else - { - $error = 1; - $pPassword_email_text = $PALANG['pPassword_email_text_error']; - } + $result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'"); + if ($result['rows'] != 1) + { + $error = 1; + $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; + } + } + else + { + $error = 1; + $pPassword_email_text = $PALANG['pPassword_email_text_error']; + } - if (empty ($fPassword) or ($fPassword != $fPassword2)) - { - $error = 1; - $pPassword_password_text = $PALANG['pPassword_password_text_error']; - } + if (empty ($fPassword) or ($fPassword != $fPassword2)) + { + $error = 1; + $pPassword_password_text = $PALANG['pPassword_password_text_error']; + } - if ($error != 1) - { - $password = pacrypt ($fPassword); - $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'"); - if ($result['rows'] == 1) - { - $tMessage = $PALANG['pPassword_result_succes']; - } - else - { - $tMessage = $PALANG['pPassword_result_error']; - } - } + if ($error != 1) + { + $password = pacrypt ($fPassword); + $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'"); + if ($result['rows'] == 1) + { + $tMessage = $PALANG['pPassword_result_succes']; + } + else + { + $tMessage = $PALANG['pPassword_result_error']; + } + } - include ("./templates/header.tpl"); - include ("./templates/menu.tpl"); - include ("./templates/password.tpl"); - include ("./templates/footer.tpl"); + include ("./templates/header.tpl"); + include ("./templates/menu.tpl"); + include ("./templates/password.tpl"); + include ("./templates/footer.tpl"); } ?> diff --git a/search.php b/search.php index db846987..bf0aa1cf 100644 --- a/search.php +++ b/search.php @@ -20,20 +20,17 @@ // fGo // fDomain // -require ("./variables.inc.php"); -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); -$SESSID_USERNAME = check_session(); -if (!check_admin($SESSID_USERNAME)) -{ - $list_domains = list_domains_for_admin ($SESSID_USERNAME); -} -else -{ +require_once('common.php'); + +authentication_require_role('admin'); +$SESSID_USERNAME = authentication_get_username(); +if(authentication_has_role('global-admin')) { $list_domains = list_domains (); } +else { + $list_domains = list_domains_for_admin ($SESSID_USERNAME); +} $tAlias = array(); @@ -109,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (empty ($fSearch) && !empty ($fGo)) { - if (check_admin($SESSID_USERNAME)) + if (authentication_has_role('global-admin')) { header("Location: list-virtual.php?domain=" . $fDomain ) && exit; } diff --git a/sendmail.php b/sendmail.php index f6ed790b..eb763b83 100644 --- a/sendmail.php +++ b/sendmail.php @@ -22,14 +22,14 @@ // fSubject // fBody // -require ("./variables.inc.php"); -require ("./config.inc.php"); -require ("./functions.inc.php"); -include ("./languages/" . check_language () . ".lang"); -$SESSID_USERNAME = check_session (); +require_once('common.php'); + +authentication_require_role('admin'); + (($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1'); +$SESSID_USERNAME = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "GET") { include ("./templates/header.tpl"); diff --git a/viewlog.php b/viewlog.php index 163e511a..b64a80de 100644 --- a/viewlog.php +++ b/viewlog.php @@ -19,22 +19,17 @@ // fDomain // -if (!isset($incpath)) $incpath = '.'; -require ("$incpath/variables.inc.php"); -require ("$incpath/config.inc.php"); -require ("$incpath/functions.inc.php"); -include ("$incpath/languages/" . check_language () . ".lang"); +require_once('common.php'); -$SESSID_USERNAME = check_session(); -if (!check_admin($SESSID_USERNAME)) -{ - $list_domains = list_domains_for_admin ($SESSID_USERNAME); -} -else -{ +authentication_require_role('admin'); +$SESSID_USERNAME = authentication_get_username(); +if(authentication_has_role('global-admin')) { $list_domains = list_domains (); } +else { + $list_domains = list_domains_for_admin ($SESSID_USERNAME); +} if ($_SERVER['REQUEST_METHOD'] == "GET") { @@ -45,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") die('Unknown request method'); } -if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) ) +if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))) { $error = 1; $tMessage = $PALANG['pViewlog_result_error']; @@ -74,7 +69,7 @@ if ($error != 1) include ("$incpath/templates/header.tpl"); -if (check_admin($SESSID_USERNAME)) { +if (authentication_has_role('global-admin')) { include ("$incpath/templates/admin_menu.tpl"); } else { include ("$incpath/templates/menu.tpl");