admin/*, users/* - code refactoring

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@67 a1433add-5e2c-0410-b055-b7f2511e0802

admin/backup.php

@@ -17,12 +17,11 @@
 //
 // -none-
 //
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
+
 (($CONF['backup'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
 
 // TODO: make backup supported for postgres

admin/broadcast-message.php

@@ -20,13 +20,12 @@
 // b_message
 //
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
+
+$SESSID_USERNAME = authentication_get_username();
 
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {

admin/create-admin.php

@@ -23,13 +23,10 @@
 // fPassword2
 // fDomains
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 $list_domains = list_domains ();
 $tDomains = array();

admin/create-alias.php

@@ -23,7 +23,6 @@
 // fDomain
 //
 
-$incpath = '..';
 require ("../create-alias.php");
 
 ?>

admin/create-domain.php

@@ -28,13 +28,11 @@
 // fMaxquota
 // fDefaultaliases
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
+
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {

admin/create-mailbox.php

@@ -29,7 +29,6 @@
 // fMail
 //
 
-$incpath = '..';
 require ("../create-mailbox.php");
 
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

admin/delete.php

@@ -20,13 +20,10 @@
 // fDelete
 // fDomain
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {

admin/edit-active-admin.php

@@ -17,13 +17,10 @@
 //
 // fUsername
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {

admin/edit-active-domain.php

@@ -17,13 +17,10 @@
 //
 // fDomain
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {

admin/edit-active.php

@@ -19,7 +19,6 @@
 // fDomain
 //
 
-$incpath = "..";
 require("../edit-active.php");
 
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

admin/edit-admin.php

@@ -25,13 +25,10 @@
 // fMaxquota
 // fActive
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {

admin/edit-alias.php

@@ -21,7 +21,6 @@
 // fGoto
 //
 
-$incpath = "..";
 require("../edit-alias.php");
 
 ?>

admin/edit-domain.php

@@ -25,13 +25,10 @@
 // fMaxquota
 // fActive
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {

admin/edit-mailbox.php

@@ -26,7 +26,6 @@
 // fActive
 //
 
-$incpath = "..";
 require("../edit-mailbox.php");
 
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

admin/edit-vacation.php

@@ -27,7 +27,6 @@
 //
 //
 
-$incpath = '..';
 require ("../edit-vacation.php");
 
 ?>

admin/index.php

@@ -18,5 +18,5 @@
 // -none-
 //
 header ("Location: list-admin.php");
-exit;
+exit(0);
 ?>

admin/list-admin.php

@@ -17,13 +17,10 @@
 //
 // -none-
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once("../common.php");
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 $list_admins = list_admins ();
 if ((is_array ($list_admins) and sizeof ($list_admins) > 0))

admin/list-domain.php

@@ -17,13 +17,10 @@
 //
 // fUsername
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 $list_admins = list_admins ();
 

admin/list-virtual.php

@@ -20,13 +20,10 @@
 // fDomain
 // fDisplay
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 $list_domains = list_domains ();
 
@@ -79,7 +76,6 @@ if ($CONF['vacation_control_admin'] == 'YES')
    $query = ("SELECT $table_mailbox.*, $table_vacation.active AS v_active FROM $table_mailbox LEFT JOIN $table_vacation ON $table_mailbox.username=$table_vacation.email WHERE $table_mailbox.domain='$fDomain' ORDER BY $table_mailbox.username LIMIT $fDisplay, $page_size");
    if ('pgsql'==$CONF['database_type'])
    {
-      //FIXME: postgres query needs to be rewrited
       $query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $page_size OFFSET $fDisplay";
    }
 }

admin/search.php

@@ -20,13 +20,10 @@
 // fDomain
 // fGo
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$SESSID_USERNAME = check_session ();
+require_once('../common.php');
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+
+authentication_require_role('global-admin');
 
 $tAlias = array();
 $tMailbox = array();

admin/viewlog.php

@@ -19,7 +19,6 @@
 // fDomain
 //
 
-$incpath = "..";
 require("../viewlog.php");
 
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

users/edit-alias.php

@@ -20,15 +20,18 @@
 // fDomain
 // fGoto
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
+
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
 $tmp = preg_split ('/@/', $USERID_USERNAME);
 $USERID_DOMAIN = $tmp[1];
 
+$vacation_domain = $CONF['vacation_domain'];
+$vacation_goto = preg_replace('/@/', '#', $USERID_USERNAME) . '@' . $vacation_domain;
+
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
     $vacation_domain = $CONF['vacation_domain'];
@@ -52,7 +55,11 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
 
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
-   $vacation_domain = $CONF['vacation_domain'];
+    // user clicked on cancel button
+    if(isset($_POST['fCancel'])) {
+        header("Location: main.php");
+        exit(0);
+    }
 
     $pEdit_alias_goto = $PALANG['pEdit_alias_goto'];
 
@@ -95,13 +102,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
         {
             $goto = $USERID_USERNAME;
         }
-/*      else
+
-      {
-         $goto = $USERID_USERNAME . "," . $goto;
-      }*/
         if ($fVacation == "YES")
         {
-         $goto .= "," . $USERID_USERNAME . "@" . $vacation_domain;
+            $goto .= "," . $vacation_goto;
         }
 
         $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");

users/login.php

@@ -19,10 +19,9 @@
 //  fUsername
 //  fPassword
 //
-require ("../variables.inc.php");
+
-require ("../config.inc.php");
+require_once("../common.php");
-require ("../functions.inc.php");
+
-include ("../languages/" . check_language () . ".lang");
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
@@ -68,10 +67,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
 
    if ($error != 1)
    {
-      session_start();
+      session_regenerate_id();
-      session_register("userid");
+      $_SESSION['sessid'] = array();
-      $_SESSION['userid']['username'] = $fUsername;
+      $_SESSION['sessid']['roles'] = array();
-
+      $_SESSION['sessid']['roles'][] = 'user';
+      $_SESSION['sessid']['username'] = $fUsername;
       header("Location: main.php");
       exit;
    }

users/logout.php

@@ -17,10 +17,8 @@
 //
 // -none-
 //
-require ("../config.inc.php");
-require ("../functions.inc.php");
 
-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
 
 session_unset ();
 session_destroy ();

users/main.php

@@ -17,11 +17,11 @@
 //
 // -none-
 //
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
 $result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'");
 if ($result['rows'] == 1)
 {

users/password.php

@@ -19,12 +19,12 @@
 // fPassword
 // fPassword2
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
+
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
 $tmp = preg_split ('/@/', $USERID_USERNAME);     
 $USERID_DOMAIN = $tmp[1];
 

users/vacation.php

@@ -22,19 +22,23 @@
 // fAway
 // fBack
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
 
-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
-(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php") && exit : '1');
+
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
+// is vacation support enabled in $CONF ?
+if($CONF['vacation'] == 'NO') {
+    header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php");
+    exit(0);
+}
+
 $tmp = preg_split ('/@/', $USERID_USERNAME);     
 $USERID_DOMAIN = $tmp[1];
 
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
-
     $result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'");
     if ($result['rows'] == 1)
     {
@@ -42,7 +46,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
         $tMessage = $PALANG['pUsersVacation_welcome_text'];
         $tSubject = $row['subject'];
         $tBody = $row['body'];
-
     }
 
     if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
@@ -58,7 +61,15 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
 
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
+    if(isset($_POST['fCancel'])) {
+        header("Location: main.php");
+        exit(0);
+    }
+
+    // We store goto addresses in the form of roger#example.com@autoreply.example.com
     $vacation_domain = $CONF['vacation_domain'];
+    $vacation_goto = preg_replace('/@/', '#', $USERID_USERNAME);
+    $vacation_goto = "{$vacation_goto}@{$vacation_domain}";
 
     if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
     if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
@@ -69,6 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
     if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
     if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
 
+    // if they've set themselves away OR back, delete any record of vacation emails etc
     if (!empty ($fBack) || !empty ($fAway))
     {
         $result = db_query ("DELETE FROM $table_vacation WHERE email='$USERID_USERNAME'");
@@ -89,8 +101,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
             $tGoto = $row['goto'];
 
             //only one of these will do something, first handles address at beginning and middle, second at end
-         $goto= preg_replace ( "/$USERID_USERNAME@$vacation_domain,/", '', $tGoto);
+            $goto= preg_replace ( "/$vacation_goto,/", '', $tGoto);
-         $goto= preg_replace ( "/,$USERID_USERNAME@$vacation_domain/", '', $goto);
+            $goto= preg_replace ( "/,$vacation_goto/", '', $tGoto);
 
         }
 
@@ -107,8 +119,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
 
     }
 
+    // the user is going away - set the goto alias and vacation table as necessary.
     if (!empty ($fAway))
     {
+        // Can we ever have no alias records for a user?
         $result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'");
         if ($result['rows'] == 1)
         {
@@ -123,8 +137,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
             $error = 1;
             $tMessage = $PALANG['pUsersVacation_result_error'];
         }
-
+        // add the goto record back in...
-      $goto = $tGoto . "," . "$USERID_USERNAME@$vacation_domain";
+        $goto = $tGoto . "," . $vacation_goto;
 
         $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
         if ($result['rows'] != 1)