From e4f2e450399b70fed3d3f5929b8012b63f39ad52 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@palepurple.co.uk>
Date: Tue, 2 Oct 2007 13:37:42 +0000
Subject: [PATCH] edit-mailbox.php; try and make it work properly

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@117 a1433add-5e2c-0410-b055-b7f2511e0802
---
 edit-mailbox.php | 94 +++++++++++++++++++++---------------------------
 1 file changed, 41 insertions(+), 53 deletions(-)

diff --git a/edit-mailbox.php b/edit-mailbox.php
index fca2e315..7ce020b8 100644
--- a/edit-mailbox.php
+++ b/edit-mailbox.php
@@ -38,6 +38,10 @@ require_once('common.php');
 authentication_require_role('admin');
 $SESSID_USERNAME = authentication_get_username();
 
+$fUsername = 'x';
+$fDomain = 'y';
+$error = 0;
+
 if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
 $fUsername = strtolower ($fUsername);
 if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
@@ -45,33 +49,40 @@ if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
 $pEdit_mailbox_name_text = $PALANG['pEdit_mailbox_name_text'];
 $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text'];
 
+$result = db_query("SELECT * FROM $table_mailbox WHERE username = '$fUsername' AND domain = '$fDomain'");
+if($result['rows'] != 1) {
+   die("Invalid username chosen; user does not exist in mailbox table");
+}
+
+if (!(check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
+{
+   $error = 1;
+   $tName = $fName;
+   $tQuota = $fQuota;
+   $tActive = $fActive;
+   $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "$fDomain</font>"; // XXX ergh; why is a closing font tag here?
+}
+
+$user_details = db_array($result['result']);
+
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
-   if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
+   if (check_owner($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
    {
-      $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'");
-      if ($result['rows'] == 1)
-      {
-         $row = db_array ($result['result']);
-         $tName = $row['name'];
-         $tQuota = divide_quota($row['quota']);
-         $tActive = $row['active'];
-         if ('pgsql'==$CONF['database_type']) {
-            $tActive = ('t'==$row['active']) ? 1 : 0;
-         }
+      $tName = $user_details['name'];
+      $tQuota = divide_quota($user_details['quota']);
+      $tActive = $user_details['active'];
+      if ('pgsql'==$CONF['database_type']) {
+         $tActive = ('t'==$user_details['active']) ? 1 : 0;
       }
 
       $result = db_query ("SELECT * FROM $table_domain WHERE domain='$fDomain'");
       if ($result['rows'] == 1)
       {
-			$row = db_array ($result['result']);
-			$tMaxquota = $row['maxquota'];
+         $row = db_array ($result['result']);
+         $tMaxquota = $row['maxquota'];
       }
    }
-   else
-   {
-      $tMessage = $PALANG['pEdit_mailbox_login_error'];
-   }
 }
 
 if ($_SERVER['REQUEST_METHOD'] == "POST")
@@ -82,22 +93,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
    if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']);
    if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']);
 
-   if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
-   {
-      $error = 1;
-      $tName = $fName;
-      $tQuota = $fQuota;
-      $tActive = $fActive;
-      $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "$fDomain</font>";
-   }
 
-   if ($fPassword != $fPassword2)
-   {
-	   $error = 1;
-      $tName = $fName;
-      $tQuota = $fQuota;
-      $tActive = $fActive;
-      $pEdit_mailbox_password_text = $PALANG['pEdit_mailbox_password_text_error'];
+   if($fPassword != $user_details['password']){
+      if($fPassword == $fPassword2) {
+         $fPassword = pacrypt($fPassword);
+      }
+      else {
+         flash_error($PALANG['pEdit_mailbox_password_text_error']);
+         $error = 1;
+      }
    }
 
    if ($CONF['quota'] == "YES")
@@ -111,7 +115,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
          $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text_error'];
       }
    }
-
    if ($error != 1)
    {
       if (!empty ($fQuota))
@@ -125,35 +128,20 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
 
       if ($fActive == "on")
       {
+         $sqlActive = db_get_boolean(True);
          $fActive = 1;
       }
       else
       {
+         $sqlActive = db_get_boolean(False);
          $fActive = 0;
       }
-      $sqlActive=$fActive;
-      if ('pgsql'==$CONF['database_type']) {
-         $sqlActive=($fActive) ? 'true':'false';
-      }
-
-      if (empty ($fPassword) and empty ($fPassword2))
-      {
-         $result = db_query ("UPDATE $table_mailbox SET name='$fName',quota=$quota,modified=NOW(),active=$sqlActive WHERE username='$fUsername' AND domain='$fDomain'");
-         if ($result['rows'] == 1) $result = db_query ("UPDATE $table_alias SET modified=NOW(),active='$sqlActive' WHERE address='$fUsername' AND domain='$fDomain'");
-      }
-      else
-      {
-         $password = pacrypt ($fPassword);
-         $result = db_query ("UPDATE $table_mailbox SET password='$password',name='$fName',quota=$quota,modified=NOW(),active=$sqlActive WHERE username='$fUsername' AND domain='$fDomain'");
-         if ($result['rows'] == 1) $result = db_query ("UPDATE $table_alias SET modified=NOW(),active='$sqlActive' WHERE address='$fUsername' AND domain='$fDomain'");
-      }
 
-      if ($result['rows'] != 1)
-      {
+      $result = db_query ("UPDATE $table_mailbox SET name='$fName',password='$fPassword',quota=$quota,modified=NOW(),active=$sqlActive WHERE username='$fUsername' AND domain='$fDomain'");
+      if ($result['rows'] != 1) {
          $tMessage = $PALANG['pEdit_mailbox_result_error'];
       }
-      else
-      {
+      else {
          db_log ($SESSID_USERNAME, $fDomain, 'edit_mailbox', $fUsername);
 
          if (authentication_has_role('global-admin')) {