@ -1,4 +1,6 @@
<?php
<?php
// XXX TODO - Remove the code duplication between this file (for admins) and users/vacation.php
// - too much of the code is identical for there not to be some refactoring possible.
//
//
// Postfix Admin
// Postfix Admin
// by Mischa Peters < mischa at high5 dot net >
// by Mischa Peters < mischa at high5 dot net >
@ -11,6 +13,7 @@
//
//
// Template Variables:
// Template Variables:
//
//
// tUseremail
// tMessage
// tMessage
// tSubject
// tSubject
// tBody
// tBody
@ -25,38 +28,27 @@
// fQuota
// fQuota
// fActive
// fActive
//
//
// This is a copy of the superadmin edit-vacation.php with
// template references changed
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
require ("$incpath/variables.inc.php");
if($CONF['vacation'] == 'NO') {
require ("$incpath/config.inc.php");
header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
require ("$incpath/functions.inc.php");
exit(0);
include ("$incpath/languages/" . check_language () . ".lang");
}
$vacation_domain = $CONF['vacation_domain'];
$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
$SESSID_USERNAME = check_session ();
(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") & & exit : '1');
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1];
$USERID_DOMAIN = $tmp[1];
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_admin($SESSID_USERNAME))
$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain";
}
else
{
if (check_owner ($SESSID_USERNAME, $fDomain))
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain";
}
//unauthorized, exit
else { exit; }
}
if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
{
@ -74,27 +66,34 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
{
$vacation_domain = $CONF['vacation_domain'];
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['domain'])) {
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
$fDomain = escape_string ($_GET['domain']);
}
else {
$fDomain = $USERID_DOMAIN;
}
if (isset ($_GET['username'])) {
$fUsername = escape_string ($_GET['username']);
}
else {
$fUsername = authentication_get_username();
}
$tUseremail = $fUsername;
$tUseremail = $fUsername;
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
//if change, remove old one, then set new one
//if change, remove old one, then perhaps set new one
if (!empty ($fBack) || !empty ($fChange))
if (!empty ($fBack) || !empty ($fChange))
{
{
//if we find an existing vacation entry, delete it
//if we find an existing vacation entry, delete it
@ -105,12 +104,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($result['rows'] != 1)
if ($result['rows'] != 1)
{
{
$error = 1;
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
$tMessage = "cannot remove $fUsername from $table_vacation";
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
}
}
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
@ -120,26 +113,23 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$goto = $row['goto'];
$goto = $row['goto'];
//only one of these will do something, first handles address at beginning and middle, second at end
//only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$fUsername@$vacation_domain ,/", '', $goto);
$goto= preg_replace ( "/$vacation_goto ,/", '', $goto);
$goto= preg_replace ( "/,$fUsername@$vacation_domain /", '', $goto);
$goto= preg_replace ( "/,$vacation_goto /", '', $goto);
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
if ($result['rows'] != 1)
{
{
$error = 1;
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
}
}
}
}
}
}
}
}
//Set the vacation data for $fUsername
//Set the vacation data for $fUsername
if (!empty ($fChange))
if (!empty ($fChange))
{
{
$goto = '';
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
if ($result['rows'] == 1)
{
{
@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
if ($result['rows'] != 1)
if ($result['rows'] != 1)
{
{
$error = 1;
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
}
$goto = $goto . "," . "$fUsername@$vacation_domain" ;
$goto = $goto . "," . $vacation_goto ;
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
if ($result['rows'] != 1)
{
{
$error = 1;
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
}
else
{
header ("Location: $fCanceltarget");
exit;
}
}
}
}
if($error == 0) {
if(!empty ($fBack)) {
$tMessage = $PALANG['pVacation_result_removed'];
}
if(!empty($fChange)) {
$tMessage= $PALANG['pVacation_result_added'];
}
}
else {
$tMessage = $PALANG['pVacation_result_error'];
}
}
$tUseremail = $SESSID_USERNAME;
include ("$incpath/templates/header.tpl");
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin' )) {
include ("$incpath/templates/admin_menu.tpl");
include ("$incpath/templates/admin_menu.tpl");
} else {
} else {
include ("$incpath/templates/menu.tpl");
include ("$incpath/templates/menu.tpl");