|
|
|
@ -38,53 +38,67 @@ if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admi
|
|
|
|
|
die("Check config.inc.php - domain administrators do not have the ability to edit user's aliases (alias_control_admin)");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
|
|
|
|
/* retrieve existing alias record for the user first... may be via GET or POST */
|
|
|
|
|
|
|
|
|
|
if(isset($_GET['address']) && isset($_GET['domain'])) {
|
|
|
|
|
$fAddress = escape_string($_GET['address']);
|
|
|
|
|
$fDomain = escape_string($_GET['domain']);
|
|
|
|
|
}
|
|
|
|
|
elseif(isset($_POST['address']) && isset($_POST['domain'])) {
|
|
|
|
|
$fAddress = escape_string($_POST['address']);
|
|
|
|
|
$fDomain = escape_string($_POST['domain']);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
die("Required parameters not present");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check the user is able to edit the domain's aliases */
|
|
|
|
|
if(!check_owner($SESSID_USERNAME, $fDomain) && !authentication_has_role('global-admin'))
|
|
|
|
|
{
|
|
|
|
|
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
|
|
|
|
|
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
|
|
|
|
die("You lack permission to do this. yes.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
|
|
|
|
|
{
|
|
|
|
|
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
|
|
|
|
|
$table_alias = table_by_key('alias');
|
|
|
|
|
$alias_list = array();
|
|
|
|
|
$orig_alias_list = array();
|
|
|
|
|
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
|
|
|
|
|
if ($result['rows'] == 1)
|
|
|
|
|
{
|
|
|
|
|
$row = db_array ($result['result']);
|
|
|
|
|
$tGoto = $row['goto'];
|
|
|
|
|
|
|
|
|
|
$orig_alias_list = explode(',', $tGoto);
|
|
|
|
|
$alias_list = $orig_alias_list;
|
|
|
|
|
//. if we are not a global admin, and special_alias_control is NO, hide the alias that's the mailbox name.
|
|
|
|
|
if($CONF['special_alias_control'] == 'NO' && !authentication_has_role('global-admin')) {
|
|
|
|
|
/* Has a mailbox as well? Remove the address from $tGoto in order to edit just the real aliases */
|
|
|
|
|
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
|
|
|
|
|
if ($result['rows'] == 1)
|
|
|
|
|
{
|
|
|
|
|
$row = db_array ($result['result']);
|
|
|
|
|
$tGoto = $row['goto'];
|
|
|
|
|
|
|
|
|
|
//. if we are not a global admin, and special_alias_control is NO, hide the alias that's the mailbox name.
|
|
|
|
|
if($CONF['special_alias_control'] == 'NO' && !authentication_has_role('global-admin')) {
|
|
|
|
|
/* Has a mailbox as well? Remove the address from $tGoto in order to edit just the real aliases */
|
|
|
|
|
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
|
|
|
|
|
if ($result['rows'] == 1)
|
|
|
|
|
{
|
|
|
|
|
$tGoto = preg_replace ('/\s*,*\s*' . $fAddress . '\s*,*\s*/', '', $tGoto);
|
|
|
|
|
$alias_list = array(); // empty it, repopulated again below
|
|
|
|
|
foreach($orig_alias_list as $alias) {
|
|
|
|
|
if(strtolower($alias) == strtolower($fAddress)) {
|
|
|
|
|
// mailbox address is dropped if they don't have special_alias_control enabled, and/or not a global-admin
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$alias_list[] = $alias;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$tMessage = $PALANG['pEdit_alias_address_error'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
die("Invalid alias / domain combination");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
|
|
|
|
{
|
|
|
|
|
$pEdit_alias_goto = $PALANG['pEdit_alias_goto'];
|
|
|
|
|
|
|
|
|
|
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
|
|
|
|
|
$fAddress = strtolower ($fAddress);
|
|
|
|
|
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
|
|
|
|
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
|
|
|
|
|
$fGoto = strtolower ($fGoto);
|
|
|
|
|
|
|
|
|
|
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
|
|
|
|
|
{
|
|
|
|
|
$error = 1;
|
|
|
|
|
$tGoto = $_POST['fGoto'];
|
|
|
|
|
$tMessage = $PALANG['pEdit_alias_domain_error'] . "$fDomain</span>";
|
|
|
|
|
}
|
|
|
|
|
elseif (!check_alias_owner ($SESSID_USERNAME, $fAddress))
|
|
|
|
|
if (!check_alias_owner ($SESSID_USERNAME, $fAddress))
|
|
|
|
|
{
|
|
|
|
|
$error = 1;
|
|
|
|
|
$tGoto = $fGoto;
|
|
|
|
@ -104,39 +118,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
|
|
|
|
$tMessage = $PALANG['pEdit_alias_goto_text_error1'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$new_aliases = array();
|
|
|
|
|
if ($error != 1)
|
|
|
|
|
{
|
|
|
|
|
$array = preg_split ('/,/', $goto);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$array = array();
|
|
|
|
|
$new_aliases = explode(',', $goto);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for ($i = 0; $i < sizeof ($array); $i++) {
|
|
|
|
|
if (in_array ("$array[$i]", $CONF['default_aliases'])) continue;
|
|
|
|
|
if (empty ($array[$i])) continue; # TODO: should never happen - remove after 2.2 release
|
|
|
|
|
if (!check_email ($array[$i]))
|
|
|
|
|
foreach($new_aliases as $address) {
|
|
|
|
|
if (in_array($address, $CONF['default_aliases'])) continue;
|
|
|
|
|
if (empty($address)) continue; # TODO: should never happen - remove after 2.2 release
|
|
|
|
|
if (!check_email($address))
|
|
|
|
|
{
|
|
|
|
|
$error = 1;
|
|
|
|
|
$tGoto = $goto;
|
|
|
|
|
$tMessage = $PALANG['pEdit_alias_goto_text_error2'] . "$array[$i]</span>";
|
|
|
|
|
$tMessage = $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
|
|
|
|
|
/* The alias has a real mailbox as well, prepend $goto with it */
|
|
|
|
|
if ($result['rows'] == 1)
|
|
|
|
|
{
|
|
|
|
|
// ensure mailbox alias exists... if they're a domain admin, and they're not allowed to...
|
|
|
|
|
if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
|
|
|
|
|
$array[] = $fAddress;
|
|
|
|
|
// if original record had a mailbox alias, so ensure the updated one does too.
|
|
|
|
|
if(in_array($orig_alias_list, $fAddress)) {
|
|
|
|
|
$new_aliases[] = $fAddress;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// duplicates suck, mmkay..
|
|
|
|
|
$array = array_unique($array);
|
|
|
|
|
$new_aliases = array_unique($new_aliases);
|
|
|
|
|
|
|
|
|
|
$goto = implode(',', $array);
|
|
|
|
|
$goto = implode(',', $new_aliases);
|
|
|
|
|
|
|
|
|
|
if ($error != 1)
|
|
|
|
|
{
|
|
|
|
|