final set of refactoring patches (and the rest)

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
David Goodwin 17 years ago
parent 4eb83c4bdc
commit 3e70f276c2

@ -0,0 +1,28 @@
<?php
// Postfix Admin
// by Mischa Peters <mischa at high5 dot net>
// Copyright (c) 2002 - 2005 High5!
// Licensed under GPL for more info check GPL-LICENSE.TXT
//
// File: common.php.php
//
// Template File: -none-
//
// Template Variables: -none-
//
// Form POST \ GET Variables: -none-
//
$incpath = dirname(__FILE__);
require_once("$incpath/variables.inc.php");
if(!is_file("$incpath/config.inc.php")) {
// incorrectly setup...
header("Location: setup.php");
exit(0);
}
require_once("$incpath/config.inc.php");
require_once("$incpath/functions.inc.php");
require_once("$incpath/languages/" . check_language () . ".lang");
session_start();

@ -23,22 +23,17 @@
// fDomain // fDomain
// //
if (!isset($incpath)) $incpath = '.'; require_once('common.php');
require ("$incpath/variables.inc.php"); authentication_require_role('admin');
require ("$incpath/config.inc.php"); $username = authentication_get_username();
require ("$incpath/functions.inc.php"); $SESSID_USERNAME = $username;
include ("$incpath/languages/" . check_language () . ".lang"); if(authentication_has_role('global-admin')) {
$SESSID_USERNAME = check_session ();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
$list_domains = list_domains (); $list_domains = list_domains ();
} }
else {
$list_domains = list_domains_for_admin ($username);
}
$pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text']; $pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text'];
@ -64,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']); $fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']);
} }
if (! (check_admin($SESSID_USERNAME) || check_owner ($SESSID_USERNAME, $fDomain) )) if (! (authentication_has_role('global-admin') || check_owner ($SESSID_USERNAME, $fDomain) ))
{ {
$error = 1; $error = 1;
$tAddress = escape_string ($_POST['fAddress']); $tAddress = escape_string ($_POST['fAddress']);
@ -149,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

@ -29,22 +29,17 @@
// fMail // fMail
// //
if (!isset($incpath)) $incpath = '.'; require_once('common.php');
require ("$incpath/variables.inc.php"); authentication_require_role('admin');
require ("$incpath/config.inc.php"); $SESSID_USERNAME = authentication_get_username();
require ("$incpath/functions.inc.php"); if(authentication_has_role('global-admin')) {
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
$list_domains = list_domains (); $list_domains = list_domains ();
} }
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text']; $pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text']; $pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
@ -61,8 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$tQuota = $row['maxquota']; $tQuota = $row['maxquota'];
} }
} }
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
@ -79,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']); if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!check_admin($SESSID_USERNAME)) ) if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) )
{ {
$error = 1; $error = 1;
$tUsername = escape_string ($_POST['fUsername']); $tUsername = escape_string ($_POST['fUsername']);
@ -336,7 +329,7 @@ TODO: this is the end of /create-mailbox.php code segment
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

@ -18,12 +18,12 @@
// fDelete // fDelete
// fDomain // fDomain
// //
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session(); require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
@ -43,6 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
else else
{ {
if ($CONF['database_type'] == "pgsql") db_query('BEGIN'); if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
$result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'"); $result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
if ($result['rows'] != 1) if ($result['rows'] != 1)
{ {

@ -20,14 +20,10 @@
// fReturn // fReturn
// //
if (!isset($incpath)) $incpath = '.'; require_once('common.php');
require ("$incpath/variables.inc.php"); authentication_require_role('admin');
require ("$incpath/config.inc.php"); $SESSID_USERNAME = authentication_get_username();
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
@ -36,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']); if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) ) if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin') ) )
{ {
$error = 1; $error = 1;
$tMessage = $PALANG['pEdit_mailbox_domain_error'] . "<b>$fDomain</b>!</font>"; $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "<b>$fDomain</b>!</font>";
@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
} }
else else
{ {
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain"); header ("Location: list-virtual.php?domain=$fDomain");
} else { } else {
header ("Location: overview.php?domain=$fDomain"); header ("Location: overview.php?domain=$fDomain");
@ -95,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

@ -21,21 +21,17 @@
// fGoto // fGoto
// //
if (!isset($incpath)) $incpath = '.'; require_once('common.php');
require ("$incpath/variables.inc.php"); authentication_require_role('admin');
require ("$incpath/config.inc.php"); $SESSID_USERNAME = authentication_get_username();
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']); if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{ {
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'"); $result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
@ -60,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']); if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
$fGoto = strtolower ($fGoto); $fGoto = strtolower ($fGoto);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) ) if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{ {
$error = 1; $error = 1;
$tGoto = $_POST['fGoto']; $tGoto = $_POST['fGoto'];
@ -114,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto"); db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain"); header ("Location: list-virtual.php?domain=$fDomain");
} else { } else {
header ("Location: overview.php?domain=$fDomain"); header ("Location: overview.php?domain=$fDomain");
@ -126,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

@ -26,14 +26,10 @@
// fActive // fActive
// //
if (!isset($incpath)) $incpath = '.'; require_once('common.php');
require ("$incpath/variables.inc.php"); authentication_require_role('admin');
require ("$incpath/config.inc.php"); $SESSID_USERNAME = authentication_get_username();
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
$fUsername = strtolower ($fUsername); $fUsername = strtolower ($fUsername);
@ -44,7 +40,7 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{ {
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'"); $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
@ -79,7 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']); if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']);
if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']); if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) ) if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{ {
$error = 1; $error = 1;
$tName = $fName; $tName = $fName;
@ -153,7 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername); db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername);
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain"); header ("Location: list-virtual.php?domain=$fDomain");
} else { } else {
header ("Location: overview.php?domain=$fDomain"); header ("Location: overview.php?domain=$fDomain");
@ -165,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

@ -1,4 +1,6 @@
<?php <?php
// XXX TODO - Remove the code duplication between this file (for admins) and users/vacation.php
// - too much of the code is identical for there not to be some refactoring possible.
// //
// Postfix Admin // Postfix Admin
// by Mischa Peters <mischa at high5 dot net> // by Mischa Peters <mischa at high5 dot net>
@ -11,6 +13,7 @@
// //
// Template Variables: // Template Variables:
// //
// tUseremail
// tMessage // tMessage
// tSubject // tSubject
// tBody // tBody
@ -25,38 +28,27 @@
// fQuota // fQuota
// fActive // fActive
// //
// This is a copy of the superadmin edit-vacation.php with
// template references changed
//
if (!isset($incpath)) $incpath = '.'; require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
require ("$incpath/variables.inc.php"); if($CONF['vacation'] == 'NO') {
require ("$incpath/config.inc.php"); header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
require ("$incpath/functions.inc.php"); exit(0);
include ("$incpath/languages/" . check_language () . ".lang"); }
$vacation_domain = $CONF['vacation_domain'];
$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
$SESSID_USERNAME = check_session ();
(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$tmp = preg_split ('/@/', $SESSID_USERNAME); $tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1]; $USERID_DOMAIN = $tmp[1];
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_admin($SESSID_USERNAME)) $fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain";
}
else
{
if (check_owner ($SESSID_USERNAME, $fDomain))
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain";
}
//unauthorized, exit
else { exit; }
}
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
@ -74,27 +66,34 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; } if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; } if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
} }
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
$vacation_domain = $CONF['vacation_domain'];
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']); if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']); if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']); if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']); if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); if (isset ($_GET['domain'])) {
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); $fDomain = escape_string ($_GET['domain']);
}
else {
$fDomain = $USERID_DOMAIN;
}
if (isset ($_GET['username'])) {
$fUsername = escape_string ($_GET['username']);
}
else {
$fUsername = authentication_get_username();
}
$tUseremail = $fUsername; $tUseremail = $fUsername;
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; } if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; } if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
//if change, remove old one, then set new one //if change, remove old one, then perhaps set new one
if (!empty ($fBack) || !empty ($fChange)) if (!empty ($fBack) || !empty ($fChange))
{ {
//if we find an existing vacation entry, delete it //if we find an existing vacation entry, delete it
@ -105,12 +104,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($result['rows'] != 1) if ($result['rows'] != 1)
{ {
$error = 1; $error = 1;
$tMessage = $PALANG['pVacation_result_error'];
$tMessage = "cannot remove $fUsername from $table_vacation";
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
} }
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'"); $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
@ -120,26 +113,23 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$goto = $row['goto']; $goto = $row['goto'];
//only one of these will do something, first handles address at beginning and middle, second at end //only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$fUsername@$vacation_domain,/", '', $goto); $goto= preg_replace ( "/$vacation_goto,/", '', $goto);
$goto= preg_replace ( "/,$fUsername@$vacation_domain/", '', $goto); $goto= preg_replace ( "/,$vacation_goto/", '', $goto);
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'"); $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1) if ($result['rows'] != 1)
{ {
$error = 1; $error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
} }
} }
} }
} }
//Set the vacation data for $fUsername //Set the vacation data for $fUsername
if (!empty ($fChange)) if (!empty ($fChange))
{ {
$goto = '';
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'"); $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
{ {
@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1; ($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)"); $result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
if ($result['rows'] != 1) if ($result['rows'] != 1)
{ {
$error = 1; $error = 1;
$tMessage = $PALANG['pVacation_result_error'];
} }
$goto = $goto . "," . "$fUsername@$vacation_domain"; $goto = $goto . "," . $vacation_goto;
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'"); $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1) if ($result['rows'] != 1)
{ {
$error = 1; $error = 1;
$tMessage = $PALANG['pVacation_result_error'];
} }
else
{
header ("Location: $fCanceltarget");
exit;
} }
} }
if($error == 0) {
if(!empty ($fBack)) {
$tMessage = $PALANG['pVacation_result_removed'];
}
if(!empty($fChange)) {
$tMessage= $PALANG['pVacation_result_added'];
}
}
else {
$tMessage = $PALANG['pVacation_result_error'];
} }
$tUseremail = $SESSID_USERNAME;
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

@ -37,17 +37,11 @@ It seems that you are running this version of Postfix Admin for the first time.<
<p /> <p />
You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br /> You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br />
<p /> <p />
If you still encounter any problems please check the documentation and website for more information. If you still encounter any problems, please check the documentation and website for more information.
<p /> <p />
Your donations keep this project running...
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHDgYJKoZIhvcNAQcEoIIG/zCCBvsCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAaWZJT9HWnL5r84t1G3lE63Fs8NGVgfq49mgflefUQOeVfKUG7NXZOkJT/FxH+SLf2c20VGRhol6vr0EqlMbJYkqeAJJIEHDVe8OiiYV1MYDWBRoJ5TRUCVurbFq9DnMokHohXBsdYjtAAxwvw6m9MZucVkZfg83QsgrfqeFpDNTELMAkGBSsOAwIaBQAwgYsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIC0DzenYGQ6SAaKk6zKCl+ULUPl5c4pT4u0dpzFLw3sXBESPspq92l37FQXdxLzp2qaeP2StIXgU828PbJxt5ilucTLmnfkhpoeSdbvrlfiYJQbI1kjtHi0gIO4Hp0iUmaRaOTAEcNYfO84xxce0rJlfdoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQwOTE3MTUwNzEzWjAjBgkqhkiG9w0BCQQxFgQUXsDlCR/SO8MRWqCsrkZ7wbU4RZAwDQYJKoZIhvcNAQEBBQAEgYCPDjlGd7bghDtcCDiPl7DPgV6/vT4vc5bn5ygoqIahQF5Asu9v+Qocb+vMEPq+IZampJ/XlcGzwmzY23IfeVAq4aosqM265rDxyfmnzmiApO/KCJS7pN8dBVeDLEXGNYo1s73Ch0lETohWwYHKNKk+Wwe3+6tFhumthRHbpqQ4dw==-----END PKCS7-----">
</form>
<p /> <p />
<a href="http://high5.net/postfixadmin/">Postfix Admin</a><br /> <a href="http://postfixadmin.org">Postfix Admin</a> web site<br />
<a href="http://forums.high5.net/index.php?showforum=7">Knowledge Base</a> <a href="http://sourceforge.net/forum/forum.php?forum_id=676076">Knowledge Base</a>
</body> </body>
</html> </html>
EOF; EOF;

@ -19,11 +19,8 @@
// fUsername // fUsername
// fPassword // fPassword
// //
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
require_once('common.php');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
include ("./templates/header.tpl"); include ("./templates/header.tpl");
@ -33,6 +30,8 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
$fUsername = '';
$fPassword = '';
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']); if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
@ -41,7 +40,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
$row = db_array ($result['result']); $row = db_array ($result['result']);
$password = pacrypt ($fPassword, $row['password']); $password = pacrypt ($fPassword, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'"); $result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
if ($result['rows'] != 1) if ($result['rows'] != 1)
{ {
@ -58,22 +56,22 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($error != 1) if ($error != 1)
{ {
session_start(); session_regenerate_id();
session_register("sessid"); $_SESSION['sessid'] = array();
$_SESSION['sessid']['username'] = $fUsername; $_SESSION['sessid']['username'] = $fUsername;
$_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'admin';
// they've logged in, so see if they are a domain admin, as well.
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'"); $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
{ {
$row = db_array ($result['result']); $_SESSION['sessid']['roles'][] = 'global-admin';
if ($fUsername == $row['username']) header("Location: admin/list-admin.php");
{ exit(0);
header("Location: admin/index.php");
exit;
}
} }
header("Location: main.php"); header("Location: main.php");
exit; exit(0);
} }
include ("./templates/header.tpl"); include ("./templates/header.tpl");

@ -17,10 +17,8 @@
// //
// -none- // -none-
// //
require ("./config.inc.php");
require ("./functions.inc.php");
$SESSID_USERNAME = check_session (); require_once('common.php');
session_unset (); session_unset ();
session_destroy (); session_destroy ();

@ -17,11 +17,12 @@
// //
// -none- // -none-
// //
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
authentication_require_role('admin');
if ($_SERVER["REQUEST_METHOD"] == "GET") if ($_SERVER["REQUEST_METHOD"] == "GET")
{ {

@ -23,20 +23,19 @@
// fDomain // fDomain
// limit // limit
// //
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session(); require_once('common.php');
if (!check_admin($SESSID_USERNAME))
{ authentication_require_role('admin');
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
} $SESSID_USERNAME = authentication_get_username();
else
{ if(authentication_has_role('global-admin')) {
$list_domains = list_domains (); $list_domains = list_domains ();
} }
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$tAlias = array(); $tAlias = array();
$tMailbox = array(); $tMailbox = array();
@ -103,7 +102,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$row['created']=gmstrftime('%c %Z',$row['uts_created']); $row['created']=gmstrftime('%c %Z',$row['uts_created']);
$row['modified']=gmstrftime('%c %Z',$row['uts_modified']); $row['modified']=gmstrftime('%c %Z',$row['uts_modified']);
$row['active']=('t'==$row['active']) ? 1 : 0; $row['active']=('t'==$row['active']) ? 1 : 0;
if(isset($row['v_active'])) {
$row['v_active']=('t'==$row['v_active']) ? 1 : 0; $row['v_active']=('t'==$row['v_active']) ? 1 : 0;
}
else {
$row['v_active'] = -1 ; //unknown; broken query above..
}
unset($row['uts_created']); unset($row['uts_created']);
unset($row['uts_modified']); unset($row['uts_modified']);
} }

@ -19,12 +19,12 @@
// fPassword // fPassword
// fPassword2 // fPassword2
// //
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

@ -20,20 +20,17 @@
// fGo // fGo
// fDomain // fDomain
// //
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session(); require_once('common.php');
if (!check_admin($SESSID_USERNAME))
{ authentication_require_role('admin');
$list_domains = list_domains_for_admin ($SESSID_USERNAME); $SESSID_USERNAME = authentication_get_username();
} if(authentication_has_role('global-admin')) {
else
{
$list_domains = list_domains (); $list_domains = list_domains ();
} }
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$tAlias = array(); $tAlias = array();
@ -109,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (empty ($fSearch) && !empty ($fGo)) if (empty ($fSearch) && !empty ($fGo))
{ {
if (check_admin($SESSID_USERNAME)) if (authentication_has_role('global-admin'))
{ {
header("Location: list-virtual.php?domain=" . $fDomain ) && exit; header("Location: list-virtual.php?domain=" . $fDomain ) && exit;
} }

@ -22,14 +22,14 @@
// fSubject // fSubject
// fBody // fBody
// //
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('common.php');
authentication_require_role('admin');
(($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1'); (($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
include ("./templates/header.tpl"); include ("./templates/header.tpl");

@ -19,22 +19,17 @@
// fDomain // fDomain
// //
if (!isset($incpath)) $incpath = '.';
require ("$incpath/variables.inc.php"); require_once('common.php');
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session(); authentication_require_role('admin');
if (!check_admin($SESSID_USERNAME)) $SESSID_USERNAME = authentication_get_username();
{ if(authentication_has_role('global-admin')) {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
$list_domains = list_domains (); $list_domains = list_domains ();
} }
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
@ -45,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
die('Unknown request method'); die('Unknown request method');
} }
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) ) if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')))
{ {
$error = 1; $error = 1;
$tMessage = $PALANG['pViewlog_result_error']; $tMessage = $PALANG['pViewlog_result_error'];
@ -74,7 +69,7 @@ if ($error != 1)
include ("$incpath/templates/header.tpl"); include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) { if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl"); include ("$incpath/templates/admin_menu.tpl");
} else { } else {
include ("$incpath/templates/menu.tpl"); include ("$incpath/templates/menu.tpl");

Loading…
Cancel
Save