banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

admin/*, users/* - code refactoring

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@67 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
David Goodwin 17 years ago
parent 68511080ff
commit cf5b117aa5
27 changed files with 334 additions and 360 deletions
Show Stats Download Patch File Download Diff File

9
admin/backup.php
Unescape Escape View File

@ -17,12 +17,11 @@
// //
// -none- // -none-
// //
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
(($CONF['backup'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1'); (($CONF['backup'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
// TODO: make backup supported for postgres // TODO: make backup supported for postgres

11
admin/broadcast-message.php
Unescape Escape View File

@ -20,13 +20,12 @@
// b_message // b_message
// //
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {

9
admin/create-admin.php
Unescape Escape View File

@ -23,13 +23,10 @@
// fPassword2 // fPassword2
// fDomains // fDomains
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
$list_domains = list_domains (); $list_domains = list_domains ();
$tDomains = array(); $tDomains = array();

1
admin/create-alias.php
Unescape Escape View File

@ -23,7 +23,6 @@
// fDomain // fDomain
// //
$incpath = '..';
require ("../create-alias.php"); require ("../create-alias.php");
?> ?>

10
admin/create-domain.php
Unescape Escape View File

@ -28,13 +28,11 @@
// fMaxquota // fMaxquota
// fDefaultaliases // fDefaultaliases
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

1
admin/create-mailbox.php
Unescape Escape View File

@ -29,7 +29,6 @@
// fMail // fMail
// //
$incpath = '..';
require ("../create-mailbox.php"); require ("../create-mailbox.php");
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

9
admin/delete.php
Unescape Escape View File

@ -20,13 +20,10 @@
// fDelete // fDelete
// fDomain // fDomain
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

9
admin/edit-active-admin.php
Unescape Escape View File

@ -17,13 +17,10 @@
// //
// fUsername // fUsername
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

9
admin/edit-active-domain.php
Unescape Escape View File

@ -17,13 +17,10 @@
// //
// fDomain // fDomain
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

1
admin/edit-active.php
Unescape Escape View File

@ -19,7 +19,6 @@
// fDomain // fDomain
// //
$incpath = "..";
require("../edit-active.php"); require("../edit-active.php");
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

9
admin/edit-admin.php
Unescape Escape View File

@ -25,13 +25,10 @@
// fMaxquota // fMaxquota
// fActive // fActive
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

1
admin/edit-alias.php
Unescape Escape View File

@ -21,7 +21,6 @@
// fGoto // fGoto
// //
$incpath = "..";
require("../edit-alias.php"); require("../edit-alias.php");
?> ?>

9
admin/edit-domain.php
Unescape Escape View File

@ -25,13 +25,10 @@
// fMaxquota // fMaxquota
// fActive // fActive
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {

1
admin/edit-mailbox.php
Unescape Escape View File

@ -26,7 +26,6 @@
// fActive // fActive
// //
$incpath = "..";
require("../edit-mailbox.php"); require("../edit-mailbox.php");
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

1
admin/edit-vacation.php
Unescape Escape View File

@ -27,7 +27,6 @@
// //
// //
$incpath = '..';
require ("../edit-vacation.php"); require ("../edit-vacation.php");
?> ?>

2
admin/index.php
Unescape Escape View File

@ -18,5 +18,5 @@
// -none- // -none-
// //
header ("Location: list-admin.php"); header ("Location: list-admin.php");
exit; exit(0);
?> ?>

9
admin/list-admin.php
Unescape Escape View File

@ -17,13 +17,10 @@
// //
// -none- // -none-
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once("../common.php");
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
$list_admins = list_admins (); $list_admins = list_admins ();
if ((is_array ($list_admins) and sizeof ($list_admins) > 0)) if ((is_array ($list_admins) and sizeof ($list_admins) > 0))

9
admin/list-domain.php
Unescape Escape View File

@ -17,13 +17,10 @@
// //
// fUsername // fUsername
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
$list_admins = list_admins (); $list_admins = list_admins ();

10
admin/list-virtual.php
Unescape Escape View File

@ -20,13 +20,10 @@
// fDomain // fDomain
// fDisplay // fDisplay
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
$list_domains = list_domains (); $list_domains = list_domains ();
@ -79,7 +76,6 @@ if ($CONF['vacation_control_admin'] == 'YES')
$query = ("SELECT $table_mailbox.*, $table_vacation.active AS v_active FROM $table_mailbox LEFT JOIN $table_vacation ON $table_mailbox.username=$table_vacation.email WHERE $table_mailbox.domain='$fDomain' ORDER BY $table_mailbox.username LIMIT $fDisplay, $page_size"); $query = ("SELECT $table_mailbox.*, $table_vacation.active AS v_active FROM $table_mailbox LEFT JOIN $table_vacation ON $table_mailbox.username=$table_vacation.email WHERE $table_mailbox.domain='$fDomain' ORDER BY $table_mailbox.username LIMIT $fDisplay, $page_size");
if ('pgsql'==$CONF['database_type']) if ('pgsql'==$CONF['database_type'])
{ {
//FIXME: postgres query needs to be rewrited
$query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $page_size OFFSET $fDisplay"; $query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $page_size OFFSET $fDisplay";
} }
} }

9
admin/search.php
Unescape Escape View File

@ -20,13 +20,10 @@
// fDomain // fDomain
// fGo // fGo
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$SESSID_USERNAME = check_session (); require_once('../common.php');
(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
authentication_require_role('global-admin');
$tAlias = array(); $tAlias = array();
$tMailbox = array(); $tMailbox = array();

1
admin/viewlog.php
Unescape Escape View File

@ -19,7 +19,6 @@
// fDomain // fDomain
// //
$incpath = "..";
require("../viewlog.php"); require("../viewlog.php");
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */

188
users/edit-alias.php
Unescape Escape View File

@ -20,107 +20,111 @@
// fDomain // fDomain
// fGoto // fGoto
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$USERID_USERNAME = check_user_session (); require_once('../common.php');
authentication_require_role('user');
$USERID_USERNAME = authentication_get_username();
$tmp = preg_split ('/@/', $USERID_USERNAME); $tmp = preg_split ('/@/', $USERID_USERNAME);
$USERID_DOMAIN = $tmp[1]; $USERID_DOMAIN = $tmp[1];
$vacation_domain = $CONF['vacation_domain'];
$vacation_goto = preg_replace('/@/', '#', $USERID_USERNAME) . '@' . $vacation_domain;
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
$vacation_domain = $CONF['vacation_domain']; $vacation_domain = $CONF['vacation_domain'];
$result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'"); $result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
{ {
$row = db_array ($result['result']); $row = db_array ($result['result']);
$tGoto = $row['goto']; $tGoto = $row['goto'];
} }
else else
{ {
$tMessage = $PALANG['pEdit_alias_address_error']; $tMessage = $PALANG['pEdit_alias_address_error'];
} }
include ("../templates/header.tpl"); include ("../templates/header.tpl");
include ("../templates/users_menu.tpl"); include ("../templates/users_menu.tpl");
include ("../templates/users_edit-alias.tpl"); include ("../templates/users_edit-alias.tpl");
include ("../templates/footer.tpl"); include ("../templates/footer.tpl");
} }
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
$vacation_domain = $CONF['vacation_domain']; // user clicked on cancel button
if(isset($_POST['fCancel'])) {
$pEdit_alias_goto = $PALANG['pEdit_alias_goto']; header("Location: main.php");
exit(0);
if (isset ($_POST['fVacation'])) $fVacation = $_POST['fVacation']; }
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
if (isset ($_POST['fForward_and_store'])) $fForward_and_store = escape_string ($_POST['fForward_and_store']); $pEdit_alias_goto = $PALANG['pEdit_alias_goto'];
$goto = strtolower ($fGoto); if (isset ($_POST['fVacation'])) $fVacation = $_POST['fVacation'];
$goto = preg_replace ('/\\\r\\\n/', ',', $goto); if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
$goto = preg_replace ('/\r\n/', ',', $goto); if (isset ($_POST['fForward_and_store'])) $fForward_and_store = escape_string ($_POST['fForward_and_store']);
$goto = preg_replace ('/[\s]+/i', '', $goto);
$goto = preg_replace ('/\,*$/', '', $goto); $goto = strtolower ($fGoto);
( $fForward_and_store == "YES" ) ? $goto = $USERID_USERNAME . "," . $goto : ''; $goto = preg_replace ('/\\\r\\\n/', ',', $goto);
$goto = explode(",",$goto); $goto = preg_replace ('/\r\n/', ',', $goto);
$goto = array_merge(array_unique($goto)); $goto = preg_replace ('/[\s]+/i', '', $goto);
$goto = implode(",",$goto); $goto = preg_replace ('/\,*$/', '', $goto);
( $fForward_and_store == "YES" ) ? $goto = $USERID_USERNAME . "," . $goto : '';
$array = preg_split ('/,/', $goto); $goto = explode(",",$goto);
$goto = array_merge(array_unique($goto));
for ($i = 0; $i < sizeof ($array); $i++) { $goto = implode(",",$goto);
if (in_array ("$array[$i]", $CONF['default_aliases'])) continue;
if (empty ($array[$i]) && $fForward_and_store == "NO") $array = preg_split ('/,/', $goto);
{
$error = 1; for ($i = 0; $i < sizeof ($array); $i++) {
$tGoto = $goto; if (in_array ("$array[$i]", $CONF['default_aliases'])) continue;
$tMessage = $PALANG['pEdit_alias_goto_text_error1']; if (empty ($array[$i]) && $fForward_and_store == "NO")
} {
if (empty ($array[$i])) continue; $error = 1;
if (!check_email ($array[$i])) $tGoto = $goto;
{ $tMessage = $PALANG['pEdit_alias_goto_text_error1'];
$error = 1; }
$tGoto = $goto; if (empty ($array[$i])) continue;
$tMessage = $PALANG['pEdit_alias_goto_text_error2'] . "$array[$i]</font>"; if (!check_email ($array[$i]))
} {
} $error = 1;
$tGoto = $goto;
if ($error != 1) $tMessage = $PALANG['pEdit_alias_goto_text_error2'] . "$array[$i]</font>";
{ }
if (empty ($goto)) }
{
$goto = $USERID_USERNAME; if ($error != 1)
} {
/* else if (empty ($goto))
{ {
$goto = $USERID_USERNAME . "," . $goto; $goto = $USERID_USERNAME;
}*/ }
if ($fVacation == "YES")
{ if ($fVacation == "YES")
$goto .= "," . $USERID_USERNAME . "@" . $vacation_domain; {
} $goto .= "," . $vacation_goto;
}
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
if ($result['rows'] != 1) $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
{ if ($result['rows'] != 1)
$tMessage = $PALANG['pEdit_alias_result_error']; {
} $tMessage = $PALANG['pEdit_alias_result_error'];
else }
{ else
db_log ($USERID_USERNAME, $USERID_DOMAIN, "edit alias", "$USERID_USERNAME -> $goto"); {
db_log ($USERID_USERNAME, $USERID_DOMAIN, "edit alias", "$USERID_USERNAME -> $goto");
header ("Location: main.php");
exit; header ("Location: main.php");
} exit;
} }
}
include ("../templates/header.tpl");
include ("../templates/users_menu.tpl"); include ("../templates/header.tpl");
include ("../templates/users_edit-alias.tpl"); include ("../templates/users_menu.tpl");
include ("../templates/footer.tpl"); include ("../templates/users_edit-alias.tpl");
include ("../templates/footer.tpl");
} }
?> ?>

18
users/login.php
Unescape Escape View File

@ -19,11 +19,10 @@
// fUsername // fUsername
// fPassword // fPassword
// //
require ("../variables.inc.php");
require ("../config.inc.php"); require_once("../common.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
include ("../templates/header.tpl"); include ("../templates/header.tpl");
@ -68,10 +67,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($error != 1) if ($error != 1)
{ {
session_start(); session_regenerate_id();
session_register("userid"); $_SESSION['sessid'] = array();
$_SESSION['userid']['username'] = $fUsername; $_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'user';
$_SESSION['sessid']['username'] = $fUsername;
header("Location: main.php"); header("Location: main.php");
exit; exit;
} }

4
users/logout.php
Unescape Escape View File

@ -17,10 +17,8 @@
// //
// -none- // -none-
// //
require ("../config.inc.php");
require ("../functions.inc.php");
$USERID_USERNAME = check_user_session (); require_once('../common.php');
session_unset (); session_unset ();
session_destroy (); session_destroy ();

8
users/main.php
Unescape Escape View File

@ -17,11 +17,11 @@
// //
// -none- // -none-
// //
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$USERID_USERNAME = check_user_session (); require_once('../common.php');
authentication_require_role('user');
$USERID_USERNAME = authentication_get_username();
$result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'"); $result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'");
if ($result['rows'] == 1) if ($result['rows'] == 1)
{ {

110
users/password.php
Unescape Escape View File

@ -19,74 +19,74 @@
// fPassword // fPassword
// fPassword2 // fPassword2
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$USERID_USERNAME = check_user_session (); require_once('../common.php');
authentication_require_role('user');
$USERID_USERNAME = authentication_get_username();
$tmp = preg_split ('/@/', $USERID_USERNAME); $tmp = preg_split ('/@/', $USERID_USERNAME);
$USERID_DOMAIN = $tmp[1]; $USERID_DOMAIN = $tmp[1];
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
include ("../templates/header.tpl"); include ("../templates/header.tpl");
include ("../templates/users_menu.tpl"); include ("../templates/users_menu.tpl");
include ("../templates/users_password.tpl"); include ("../templates/users_password.tpl");
include ("../templates/footer.tpl"); include ("../templates/footer.tpl");
} }
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
$fPassword_current = escape_string ($_POST['fPassword_current']); $fPassword_current = escape_string ($_POST['fPassword_current']);
$fPassword = escape_string ($_POST['fPassword']); $fPassword = escape_string ($_POST['fPassword']);
$fPassword2 = escape_string ($_POST['fPassword2']); $fPassword2 = escape_string ($_POST['fPassword2']);
$username = $USERID_USERNAME;
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$username'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$checked_password = pacrypt ($fPassword_current, $row['password']);
$username = $USERID_USERNAME; $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$username' AND password='$checked_password'");
if ($result['rows'] != 1)
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$username'"); {
if ($result['rows'] == 1) $error = 1;
{ $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
$row = db_array ($result['result']); }
$checked_password = pacrypt ($fPassword_current, $row['password']); }
else
{
$error = 1;
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
}
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$username' AND password='$checked_password'"); if (empty ($fPassword) or ($fPassword != $fPassword2))
if ($result['rows'] != 1) {
{ $error = 1;
$error = 1; $pPassword_password_text = $PALANG['pPassword_password_text_error'];
$pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; }
}
}
else
{
$error = 1;
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
}
if (empty ($fPassword) or ($fPassword != $fPassword2)) if ($error != 1)
{ {
$error = 1; $password = pacrypt ($fPassword);
$pPassword_password_text = $PALANG['pPassword_password_text_error']; $result = db_query ("UPDATE $table_mailbox SET password='$password',modified=NOW() WHERE username='$username'");
} if ($result['rows'] == 1)
{
$tMessage = $PALANG['pPassword_result_succes'];
db_log ($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME");
}
else
{
$tMessage = $PALANG['pPassword_result_error'];
}
}
if ($error != 1) include ("../templates/header.tpl");
{ include ("../templates/users_menu.tpl");
$password = pacrypt ($fPassword); include ("../templates/users_password.tpl");
$result = db_query ("UPDATE $table_mailbox SET password='$password',modified=NOW() WHERE username='$username'"); include ("../templates/footer.tpl");
if ($result['rows'] == 1)
{
$tMessage = $PALANG['pPassword_result_succes'];
db_log ($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME");
}
else
{
$tMessage = $PALANG['pPassword_result_error'];
}
}
include ("../templates/header.tpl");
include ("../templates/users_menu.tpl");
include ("../templates/users_password.tpl");
include ("../templates/footer.tpl");
} }
?> ?>

236
users/vacation.php
Unescape Escape View File

@ -22,126 +22,140 @@
// fAway // fAway
// fBack // fBack
// //
require ("../variables.inc.php");
require ("../config.inc.php");
require ("../functions.inc.php");
include ("../languages/" . check_language () . ".lang");
$USERID_USERNAME = check_user_session (); require_once('../common.php');
(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php") && exit : '1');
authentication_require_role('user');
$USERID_USERNAME = authentication_get_username();
// is vacation support enabled in $CONF ?
if($CONF['vacation'] == 'NO') {
header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php");
exit(0);
}
$tmp = preg_split ('/@/', $USERID_USERNAME); $tmp = preg_split ('/@/', $USERID_USERNAME);
$USERID_DOMAIN = $tmp[1]; $USERID_DOMAIN = $tmp[1];
if ($_SERVER['REQUEST_METHOD'] == "GET") if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
$result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'");
$result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'"); if ($result['rows'] == 1)
if ($result['rows'] == 1) {
{ $row = db_array($result['result']);
$row = db_array($result['result']); $tMessage = $PALANG['pUsersVacation_welcome_text'];
$tMessage = $PALANG['pUsersVacation_welcome_text']; $tSubject = $row['subject'];
$tSubject = $row['subject']; $tBody = $row['body'];
$tBody = $row['body']; }
} if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; } $template = "users_vacation.tpl";
$template = "users_vacation.tpl"; include ("../templates/header.tpl");
include ("../templates/users_menu.tpl");
include ("../templates/header.tpl"); include ("../templates/users_vacation.tpl");
include ("../templates/users_menu.tpl"); include ("../templates/footer.tpl");
include ("../templates/users_vacation.tpl");
include ("../templates/footer.tpl");
} }
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
$vacation_domain = $CONF['vacation_domain']; if(isset($_POST['fCancel'])) {
header("Location: main.php");
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']); exit(0);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']); }
if (isset ($_POST['fAway'])) $fAway = escape_string ($_POST['fAway']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']); // We store goto addresses in the form of roger#example.com@autoreply.example.com
$vacation_domain = $CONF['vacation_domain'];
//set a default, reset fields for coming back selection $vacation_goto = preg_replace('/@/', '#', $USERID_USERNAME);
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; } $vacation_goto = "{$vacation_goto}@{$vacation_domain}";
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (!empty ($fBack) || !empty ($fAway)) if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
{ if (isset ($_POST['fAway'])) $fAway = escape_string ($_POST['fAway']);
$result = db_query ("DELETE FROM $table_vacation WHERE email='$USERID_USERNAME'"); if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
if ($result['rows'] != 1)
{ //set a default, reset fields for coming back selection
$error = 1; if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
$tMessage = $PALANG['pUsersVacation_result_error']; if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
}
else // if they've set themselves away OR back, delete any record of vacation emails etc
{ if (!empty ($fBack) || !empty ($fAway))
$tMessage = $PALANG['pUsersVacation_result_succes']; {
} $result = db_query ("DELETE FROM $table_vacation WHERE email='$USERID_USERNAME'");
if ($result['rows'] != 1)
$result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'"); {
if ($result['rows'] == 1) $error = 1;
{ $tMessage = $PALANG['pUsersVacation_result_error'];
$row = db_array ($result['result']); }
$tGoto = $row['goto']; else
{
//only one of these will do something, first handles address at beginning and middle, second at end $tMessage = $PALANG['pUsersVacation_result_succes'];
$goto= preg_replace ( "/$USERID_USERNAME@$vacation_domain,/", '', $tGoto); }
$goto= preg_replace ( "/,$USERID_USERNAME@$vacation_domain/", '', $goto);
$result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'");
} if ($result['rows'] == 1)
{
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'"); $row = db_array ($result['result']);
if ($result['rows'] != 1) $tGoto = $row['goto'];
{
$error = 1; //only one of these will do something, first handles address at beginning and middle, second at end
$tMessage = $PALANG['pUsersVacation_result_error']; $goto= preg_replace ( "/$vacation_goto,/", '', $tGoto);
} $goto= preg_replace ( "/,$vacation_goto/", '', $tGoto);
else
{ }
$tMessage = $PALANG['pUsersVacation_result_succes'];
} $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
if ($result['rows'] != 1)
} {
$error = 1;
if (!empty ($fAway)) $tMessage = $PALANG['pUsersVacation_result_error'];
{ }
$result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'"); else
if ($result['rows'] == 1) {
{ $tMessage = $PALANG['pUsersVacation_result_succes'];
$row = db_array ($result['result']); }
$tGoto = $row['goto'];
} }
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1; // the user is going away - set the goto alias and vacation table as necessary.
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$USERID_USERNAME','$fSubject','$fBody','$USERID_DOMAIN',NOW(),$Active)"); if (!empty ($fAway))
if ($result['rows'] != 1) {
{ // Can we ever have no alias records for a user?
$error = 1; $result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'");
$tMessage = $PALANG['pUsersVacation_result_error']; if ($result['rows'] == 1)
} {
$row = db_array ($result['result']);
$goto = $tGoto . "," . "$USERID_USERNAME@$vacation_domain"; $tGoto = $row['goto'];
}
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
if ($result['rows'] != 1) ($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
{ $result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$USERID_USERNAME','$fSubject','$fBody','$USERID_DOMAIN',NOW(),$Active)");
$error = 1; if ($result['rows'] != 1)
$tMessage = $PALANG['pUsersVacation_result_error']; {
} $error = 1;
else $tMessage = $PALANG['pUsersVacation_result_error'];
{ }
header ("Location: main.php"); // add the goto record back in...
exit; $goto = $tGoto . "," . $vacation_goto;
}
} $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
if ($result['rows'] != 1)
include ("../templates/header.tpl"); {
include ("../templates/users_menu.tpl"); $error = 1;
include ("../templates/users_vacation.tpl"); $tMessage = $PALANG['pUsersVacation_result_error'];
include ("../templates/footer.tpl"); }
else
{
header ("Location: main.php");
exit;
}
}
include ("../templates/header.tpl");
include ("../templates/users_menu.tpl");
include ("../templates/users_vacation.tpl");
include ("../templates/footer.tpl");
} }
?> ?>

Write Preview
Loading…
Cancel
Save