admin/*, users/* - code refactoring

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@67 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago · cf5b117aa5
parent 68511080ff
commit cf5b117aa5
27 changed files with 334 additions and 360 deletions
--- a/admin/backup.php
+++ b/admin/backup.php
@ -17,12 +17,11 @@
 //
 // -none-
 //
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');
+
 (($CONF['backup'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');

 // TODO: make backup supported for postgres
--- a/admin/broadcast-message.php
+++ b/admin/broadcast-message.php
@ -20,13 +20,12 @@
 // b_message
 //
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');
+
+$SESSID_USERNAME = authentication_get_username();

 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
--- a/admin/create-admin.php
+++ b/admin/create-admin.php
@ -23,13 +23,10 @@
 // fPassword2
 // fDomains
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 $list_domains = list_domains ();
 $tDomains = array();
--- a/admin/create-alias.php
+++ b/admin/create-alias.php
@ -23,7 +23,6 @@
 // fDomain
 //

-$incpath = '..';
 require ("../create-alias.php");

 ?>
--- a/admin/create-domain.php
+++ b/admin/create-domain.php
@ -28,13 +28,11 @@
 // fMaxquota
 // fDefaultaliases
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');
+

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
--- a/admin/create-mailbox.php
+++ b/admin/create-mailbox.php
@ -29,7 +29,6 @@
 // fMail
 //

-$incpath = '..';
 require ("../create-mailbox.php");

 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
--- a/admin/delete.php
+++ b/admin/delete.php
@ -20,13 +20,10 @@
 // fDelete
 // fDomain
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
--- a/admin/edit-active-admin.php
+++ b/admin/edit-active-admin.php
@ -17,13 +17,10 @@
 //
 // fUsername
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
--- a/admin/edit-active-domain.php
+++ b/admin/edit-active-domain.php
@ -17,13 +17,10 @@
 //
 // fDomain
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
--- a/admin/edit-active.php
+++ b/admin/edit-active.php
@ -19,7 +19,6 @@
 // fDomain
 //

-$incpath = "..";
 require("../edit-active.php");

 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
--- a/admin/edit-admin.php
+++ b/admin/edit-admin.php
@ -25,13 +25,10 @@
 // fMaxquota
 // fActive
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
--- a/admin/edit-alias.php
+++ b/admin/edit-alias.php
@ -21,7 +21,6 @@
 // fGoto
 //

-$incpath = "..";
 require("../edit-alias.php");

 ?>
--- a/admin/edit-domain.php
+++ b/admin/edit-domain.php
@ -25,13 +25,10 @@
 // fMaxquota
 // fActive
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
--- a/admin/edit-mailbox.php
+++ b/admin/edit-mailbox.php
@ -26,7 +26,6 @@
 // fActive
 //

-$incpath = "..";
 require("../edit-mailbox.php");

 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
--- a/admin/edit-vacation.php
+++ b/admin/edit-vacation.php
@ -27,7 +27,6 @@
 //
 //

-$incpath = '..';
 require ("../edit-vacation.php");

 ?>
--- a/admin/index.php
+++ b/admin/index.php
@ -18,5 +18,5 @@
 // -none-
 //
 header ("Location: list-admin.php");
-exit;
+exit(0);
 ?>
--- a/admin/list-admin.php
+++ b/admin/list-admin.php
@ -17,13 +17,10 @@
 //
 // -none-
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once("../common.php");
+
+authentication_require_role('global-admin');

 $list_admins = list_admins ();
 if ((is_array ($list_admins) and sizeof ($list_admins) > 0))
--- a/admin/list-domain.php
+++ b/admin/list-domain.php
@ -17,13 +17,10 @@
 //
 // fUsername
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 $list_admins = list_admins ();

--- a/admin/list-virtual.php
+++ b/admin/list-virtual.php
@ -20,13 +20,10 @@
 // fDomain
 // fDisplay
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 $list_domains = list_domains ();

@ -79,7 +76,6 @@ if ($CONF['vacation_control_admin'] == 'YES')
   $query = ("SELECT $table_mailbox.*, $table_vacation.active AS v_active FROM $table_mailbox LEFT JOIN $table_vacation ON $table_mailbox.username=$table_vacation.email WHERE $table_mailbox.domain='$fDomain' ORDER BY $table_mailbox.username LIMIT $fDisplay, $page_size");
   if ('pgsql'==$CONF['database_type'])
   {
-      //FIXME: postgres query needs to be rewrited
      $query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $page_size OFFSET $fDisplay";
   }
 }
--- a/admin/search.php
+++ b/admin/search.php
@ -20,13 +20,10 @@
 // fDomain
 // fGo
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('global-admin');

 $tAlias = array();
 $tMailbox = array();
--- a/admin/viewlog.php
+++ b/admin/viewlog.php
@ -19,7 +19,6 @@
 // fDomain
 //

-$incpath = "..";
 require("../viewlog.php");

 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
--- a/users/edit-alias.php
+++ b/users/edit-alias.php
@ -20,15 +20,18 @@
 // fDomain
 // fGoto
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
+
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
 $tmp = preg_split ('/@/', $USERID_USERNAME);
 $USERID_DOMAIN = $tmp[1];

+$vacation_domain = $CONF['vacation_domain'];
+$vacation_goto = preg_replace('/@/', '#', $USERID_USERNAME) . '@' . $vacation_domain;
+
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
    $vacation_domain = $CONF['vacation_domain'];
@ -52,7 +55,11 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")

 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
-   $vacation_domain = $CONF['vacation_domain'];
+    // user clicked on cancel button
+    if(isset($_POST['fCancel'])) {
+        header("Location: main.php");
+        exit(0);
+    }

    $pEdit_alias_goto = $PALANG['pEdit_alias_goto'];

@ -95,13 +102,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
        {
            $goto = $USERID_USERNAME;
        }
-/*      else
-      {
-         $goto = $USERID_USERNAME . "," . $goto;
-      }*/
+
        if ($fVacation == "YES")
        {
-         $goto .= "," . $USERID_USERNAME . "@" . $vacation_domain;
+            $goto .= "," . $vacation_goto;
        }

        $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
--- a/users/login.php
+++ b/users/login.php
@ -19,10 +19,9 @@
 //  fUsername
 //  fPassword
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");
+
+require_once("../common.php");
+

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
@ -68,10 +67,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")

   if ($error != 1)
   {
-      session_start();
-      session_register("userid");
-      $_SESSION['userid']['username'] = $fUsername;
-
+      session_regenerate_id();
+      $_SESSION['sessid'] = array();
+      $_SESSION['sessid']['roles'] = array();
+      $_SESSION['sessid']['roles'][] = 'user';
+      $_SESSION['sessid']['username'] = $fUsername;
      header("Location: main.php");
      exit;
   }
--- a/users/logout.php
+++ b/users/logout.php
@ -17,10 +17,8 @@
 //
 // -none-
 //
-require ("../config.inc.php");
-require ("../functions.inc.php");

-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');

 session_unset ();
 session_destroy ();
--- a/users/main.php
+++ b/users/main.php
@ -17,11 +17,11 @@
 //
 // -none-
 //
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
 $result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'");
 if ($result['rows'] == 1)
 {
--- a/users/password.php
+++ b/users/password.php
@ -19,12 +19,12 @@
 // fPassword
 // fPassword2
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$USERID_USERNAME = check_user_session ();
+require_once('../common.php');
+
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
 $tmp = preg_split ('/@/', $USERID_USERNAME);     
 $USERID_DOMAIN = $tmp[1];

--- a/users/vacation.php
+++ b/users/vacation.php
@ -22,19 +22,23 @@
 // fAway
 // fBack
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$USERID_USERNAME = check_user_session ();
-(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php") && exit : '1');
+require_once('../common.php');
+
+authentication_require_role('user');
+$USERID_USERNAME = authentication_get_username();
+
+// is vacation support enabled in $CONF ?
+if($CONF['vacation'] == 'NO') {
+    header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php");
+    exit(0);
+}
+
 $tmp = preg_split ('/@/', $USERID_USERNAME);     
 $USERID_DOMAIN = $tmp[1];

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
-
    $result = db_query("SELECT * FROM $table_vacation WHERE email='$USERID_USERNAME'");
    if ($result['rows'] == 1)
    {
@ -42,7 +46,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
        $tMessage = $PALANG['pUsersVacation_welcome_text'];
        $tSubject = $row['subject'];
        $tBody = $row['body'];
-
    }

    if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
@ -58,7 +61,15 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")

 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
+    if(isset($_POST['fCancel'])) {
+        header("Location: main.php");
+        exit(0);
+    }
+
+    // We store goto addresses in the form of roger#example.com@autoreply.example.com
    $vacation_domain = $CONF['vacation_domain'];
+    $vacation_goto = preg_replace('/@/', '#', $USERID_USERNAME);
+    $vacation_goto = "{$vacation_goto}@{$vacation_domain}";

    if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
    if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
@ -69,6 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
    if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
    if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }

+    // if they've set themselves away OR back, delete any record of vacation emails etc
    if (!empty ($fBack) || !empty ($fAway))
    {
        $result = db_query ("DELETE FROM $table_vacation WHERE email='$USERID_USERNAME'");
@ -89,8 +101,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
            $tGoto = $row['goto'];

            //only one of these will do something, first handles address at beginning and middle, second at end
-         $goto= preg_replace ( "/$USERID_USERNAME@$vacation_domain,/", '', $tGoto);
-         $goto= preg_replace ( "/,$USERID_USERNAME@$vacation_domain/", '', $goto);
+            $goto= preg_replace ( "/$vacation_goto,/", '', $tGoto);
+            $goto= preg_replace ( "/,$vacation_goto/", '', $tGoto);

        }

@ -107,8 +119,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")

    }

+    // the user is going away - set the goto alias and vacation table as necessary.
    if (!empty ($fAway))
    {
+        // Can we ever have no alias records for a user?
        $result = db_query ("SELECT * FROM $table_alias WHERE address='$USERID_USERNAME'");
        if ($result['rows'] == 1)
        {
@ -123,8 +137,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
            $error = 1;
            $tMessage = $PALANG['pUsersVacation_result_error'];
        }
-
-      $goto = $tGoto . "," . "$USERID_USERNAME@$vacation_domain";
+        // add the goto record back in...
+        $goto = $tGoto . "," . $vacation_goto;

        $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'");
        if ($result['rows'] != 1)