banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

final set of refactoring patches (and the rest)

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
David Goodwin 17 years ago
parent 4eb83c4bdc
commit 3e70f276c2
17 changed files with 364 additions and 375 deletions
Show Stats Download Patch File Download Diff File

28
common.php
Unescape Escape View File

@ -0,0 +1,28 @@
<?php
// Postfix Admin
// by Mischa Peters <mischa at high5 dot net>
// Copyright (c) 2002 - 2005 High5!
// Licensed under GPL for more info check GPL-LICENSE.TXT
//
// File: common.php.php
//
// Template File: -none-
//
// Template Variables: -none-
//
// Form POST \ GET Variables: -none-
//
$incpath = dirname(__FILE__);
require_once("$incpath/variables.inc.php");
if(!is_file("$incpath/config.inc.php")) {
// incorrectly setup...
header("Location: setup.php");
exit(0);
}
require_once("$incpath/config.inc.php");
require_once("$incpath/functions.inc.php");
require_once("$incpath/languages/" . check_language () . ".lang");
session_start();

25
create-alias.php
Unescape Escape View File

@ -23,22 +23,17 @@
// fDomain
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
authentication_require_role('admin');
$username = authentication_get_username();
$SESSID_USERNAME = $username;
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($username);
}
$pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text'];
@ -64,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']);
}
if (! (check_admin($SESSID_USERNAME) || check_owner ($SESSID_USERNAME, $fDomain) ))
if (! (authentication_has_role('global-admin') || check_owner ($SESSID_USERNAME, $fDomain) ))
{
$error = 1;
$tAddress = escape_string ($_POST['fAddress']);
@ -149,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

27
create-mailbox.php
Unescape Escape View File

@ -29,22 +29,17 @@
// fMail
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
@ -61,8 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$tQuota = $row['maxquota'];
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
@ -79,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!check_admin($SESSID_USERNAME)) )
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) )
{
$error = 1;
$tUsername = escape_string ($_POST['fUsername']);
@ -336,7 +329,7 @@ TODO: this is the end of /create-mailbox.php code segment
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

11
delete.php
Unescape Escape View File

@ -18,12 +18,12 @@
// fDelete
// fDomain
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session();
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -43,6 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
else
{
if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
$result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
if ($result['rows'] != 1)
{

16
edit-active.php
Unescape Escape View File

@ -20,14 +20,10 @@
// fReturn
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -36,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin') ) )
{
$error = 1;
$tMessage = $PALANG['pEdit_mailbox_domain_error'] . "<b>$fDomain</b>!</font>";
@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
}
else
{
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@ -95,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

18
edit-alias.php
Unescape Escape View File

@ -21,21 +21,17 @@
// fGoto
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
if ($result['rows'] == 1)
@ -60,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
$fGoto = strtolower ($fGoto);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{
$error = 1;
$tGoto = $_POST['fGoto'];
@ -114,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@ -126,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

18
edit-mailbox.php
Unescape Escape View File

@ -26,14 +26,10 @@
// fActive
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
$fUsername = strtolower ($fUsername);
@ -44,7 +40,7 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'");
if ($result['rows'] == 1)
@ -79,7 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']);
if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']);
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{
$error = 1;
$tName = $fName;
@ -153,7 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername);
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@ -165,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

97
edit-vacation.php
Unescape Escape View File

@ -1,4 +1,6 @@
<?php
// XXX TODO - Remove the code duplication between this file (for admins) and users/vacation.php
// - too much of the code is identical for there not to be some refactoring possible.
//
// Postfix Admin
// by Mischa Peters <mischa at high5 dot net>
@ -11,6 +13,7 @@
//
// Template Variables:
//
// tUseremail
// tMessage
// tSubject
// tBody
@ -25,38 +28,27 @@
// fQuota
// fActive
//
// This is a copy of the superadmin edit-vacation.php with
// template references changed
//
if (!isset($incpath)) $incpath = '.';
require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
if($CONF['vacation'] == 'NO') {
header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
exit(0);
}
$vacation_domain = $CONF['vacation_domain'];
$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
$SESSID_USERNAME = check_session ();
(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1];
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (check_admin($SESSID_USERNAME))
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain";
}
else
{
if (check_owner ($SESSID_USERNAME, $fDomain))
{
$fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain";
}
//unauthorized, exit
else { exit; }
}
$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -74,27 +66,34 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$vacation_domain = $CONF['vacation_domain'];
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) {
$fDomain = escape_string ($_GET['domain']);
}
else {
$fDomain = $USERID_DOMAIN;
}
if (isset ($_GET['username'])) {
$fUsername = escape_string ($_GET['username']);
}
else {
$fUsername = authentication_get_username();
}
$tUseremail = $fUsername;
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
//if change, remove old one, then set new one
//if change, remove old one, then perhaps set new one
if (!empty ($fBack) || !empty ($fChange))
{
//if we find an existing vacation entry, delete it
@ -105,12 +104,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
$tMessage = "cannot remove $fUsername from $table_vacation";
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
}
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
@ -120,26 +113,23 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$goto = $row['goto'];
//only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$fUsername@$vacation_domain,/", '', $goto);
$goto= preg_replace ( "/,$fUsername@$vacation_domain/", '', $goto);
$goto= preg_replace ( "/$vacation_goto,/", '', $goto);
$goto= preg_replace ( "/,$vacation_goto/", '', $goto);
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
else
{
$tMessage = $PALANG['pVacation_result_success'];
}
}
}
}
//Set the vacation data for $fUsername
if (!empty ($fChange))
{
$goto = '';
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
$goto = $goto . "," . "$fUsername@$vacation_domain";
$goto = $goto . "," . $vacation_goto;
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
$tMessage = $PALANG['pVacation_result_error'];
}
else
{
header ("Location: $fCanceltarget");
exit;
}
}
if($error == 0) {
if(!empty ($fBack)) {
$tMessage = $PALANG['pVacation_result_removed'];
}
if(!empty($fChange)) {
$tMessage= $PALANG['pVacation_result_added'];
}
}
else {
$tMessage = $PALANG['pVacation_result_error'];
}
$tUseremail = $SESSID_USERNAME;
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

12
index.php
Unescape Escape View File

@ -37,17 +37,11 @@ It seems that you are running this version of Postfix Admin for the first time.<
<p />
You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br />
<p />
If you still encounter any problems please check the documentation and website for more information.
If you still encounter any problems, please check the documentation and website for more information.
<p />
Your donations keep this project running...
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHDgYJKoZIhvcNAQcEoIIG/zCCBvsCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAaWZJT9HWnL5r84t1G3lE63Fs8NGVgfq49mgflefUQOeVfKUG7NXZOkJT/FxH+SLf2c20VGRhol6vr0EqlMbJYkqeAJJIEHDVe8OiiYV1MYDWBRoJ5TRUCVurbFq9DnMokHohXBsdYjtAAxwvw6m9MZucVkZfg83QsgrfqeFpDNTELMAkGBSsOAwIaBQAwgYsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIC0DzenYGQ6SAaKk6zKCl+ULUPl5c4pT4u0dpzFLw3sXBESPspq92l37FQXdxLzp2qaeP2StIXgU828PbJxt5ilucTLmnfkhpoeSdbvrlfiYJQbI1kjtHi0gIO4Hp0iUmaRaOTAEcNYfO84xxce0rJlfdoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQwOTE3MTUwNzEzWjAjBgkqhkiG9w0BCQQxFgQUXsDlCR/SO8MRWqCsrkZ7wbU4RZAwDQYJKoZIhvcNAQEBBQAEgYCPDjlGd7bghDtcCDiPl7DPgV6/vT4vc5bn5ygoqIahQF5Asu9v+Qocb+vMEPq+IZampJ/XlcGzwmzY23IfeVAq4aosqM265rDxyfmnzmiApO/KCJS7pN8dBVeDLEXGNYo1s73Ch0lETohWwYHKNKk+Wwe3+6tFhumthRHbpqQ4dw==-----END PKCS7-----">
</form>
<p />
<a href="http://high5.net/postfixadmin/">Postfix Admin</a><br />
<a href="http://forums.high5.net/index.php?showforum=7">Knowledge Base</a>
<a href="http://postfixadmin.org">Postfix Admin</a> web site<br />
<a href="http://sourceforge.net/forum/forum.php?forum_id=676076">Knowledge Base</a>
</body>
</html>
EOF;

26
login.php
Unescape Escape View File

@ -19,11 +19,8 @@
// fUsername
// fPassword
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
require_once('common.php');
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
include ("./templates/header.tpl");
@ -33,6 +30,8 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$fUsername = '';
$fPassword = '';
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
@ -41,7 +40,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$row = db_array ($result['result']);
$password = pacrypt ($fPassword, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
if ($result['rows'] != 1)
{
@ -58,22 +56,22 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($error != 1)
{
session_start();
session_register("sessid");
session_regenerate_id();
$_SESSION['sessid'] = array();
$_SESSION['sessid']['username'] = $fUsername;
$_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'admin';
// they've logged in, so see if they are a domain admin, as well.
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
if ($fUsername == $row['username'])
{
header("Location: admin/index.php");
exit;
}
$_SESSION['sessid']['roles'][] = 'global-admin';
header("Location: admin/list-admin.php");
exit(0);
}
header("Location: main.php");
exit;
exit(0);
}
include ("./templates/header.tpl");

4
logout.php
Unescape Escape View File

@ -17,10 +17,8 @@
//
// -none-
//
require ("./config.inc.php");
require ("./functions.inc.php");
$SESSID_USERNAME = check_session ();
require_once('common.php');
session_unset ();
session_destroy ();

9
main.php
Unescape Escape View File

@ -17,11 +17,12 @@
//
// -none-
//
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
require_once('common.php');
$SESSID_USERNAME = authentication_get_username();
authentication_require_role('admin');
if ($_SERVER["REQUEST_METHOD"] == "GET")
{

26
overview.php
Unescape Escape View File

@ -23,20 +23,19 @@
// fDomain
// limit
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$tAlias = array();
$tMailbox = array();
@ -103,7 +102,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$row['created']=gmstrftime('%c %Z',$row['uts_created']);
$row['modified']=gmstrftime('%c %Z',$row['uts_modified']);
$row['active']=('t'==$row['active']) ? 1 : 0;
if(isset($row['v_active'])) {
$row['v_active']=('t'==$row['v_active']) ? 1 : 0;
}
else {
$row['v_active'] = -1 ; //unknown; broken query above..
}
unset($row['uts_created']);
unset($row['uts_modified']);
}

10
password.php
Unescape Escape View File

@ -19,12 +19,12 @@
// fPassword
// fPassword2
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{

21
search.php
Unescape Escape View File

@ -20,20 +20,17 @@
// fGo
// fDomain
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
$tAlias = array();
@ -109,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (empty ($fSearch) && !empty ($fGo))
{
if (check_admin($SESSID_USERNAME))
if (authentication_has_role('global-admin'))
{
header("Location: list-virtual.php?domain=" . $fDomain ) && exit;
}

10
sendmail.php
Unescape Escape View File

@ -22,14 +22,14 @@
// fSubject
// fBody
//
require ("./variables.inc.php");
require ("./config.inc.php");
require ("./functions.inc.php");
include ("./languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session ();
require_once('common.php');
authentication_require_role('admin');
(($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
include ("./templates/header.tpl");

23
viewlog.php
Unescape Escape View File

@ -19,22 +19,17 @@
// fDomain
//
if (!isset($incpath)) $incpath = '.';
require ("$incpath/variables.inc.php");
require ("$incpath/config.inc.php");
require ("$incpath/functions.inc.php");
include ("$incpath/languages/" . check_language () . ".lang");
require_once('common.php');
$SESSID_USERNAME = check_session();
if (!check_admin($SESSID_USERNAME))
{
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
else
{
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
}
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@ -45,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
die('Unknown request method');
}
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')))
{
$error = 1;
$tMessage = $PALANG['pViewlog_result_error'];
@ -74,7 +69,7 @@ if ($error != 1)
include ("$incpath/templates/header.tpl");
if (check_admin($SESSID_USERNAME)) {
if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");

Write Preview
Loading…
Cancel
Save