You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
postfixadmin/edit-vacation.php

207 lines
6.3 KiB
PHP

<?php
/**
* Postfix Admin
*
* LICENSE
* This source file is subject to the GPL license that is bundled with
* this package in the file LICENSE.TXT.
*
* Further details on the project are available at :
* http://www.postfixadmin.com or http://postfixadmin.sf.net
*
* @version $Id$
* @license GNU GPL v2 or later.
*
* File: edit-vacation.php
* Responsible for allowing users to update their vacation status.
*
* Template File: edit-vacation.php
*
* Template Variables:
*
* tUseremail
* tMessage
* tSubject
* tBody
*
* Form POST \ GET Variables:
*
* fUsername
* fDomain
* fCanceltarget
* fChange
* fBack
* fQuota
* fActive
*/
require_once('common.php');
if($CONF['vacation'] == 'NO') {
header("Location: " . $CONF['postfix_admin_url'] . "/list-virtual.php");
exit(0);
}
$SESSID_USERNAME = authentication_get_username();
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1];
// only allow admins to change someone else's 'stuff'
if(authentication_has_role('admin')) {
if (isset($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
}
else {
$fUsername = $SESSID_USERNAME;
$fDomain = $USERID_DOMAIN;
}
$vacation_domain = $CONF['vacation_domain'];
$vacation_goto = preg_replace('/@/', '#', $fUsername);
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
$fCanceltarget = $CONF['postfix_admin_url'] . "/list-virtual.php?domain=$fDomain";
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
$result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] == 1)
{
$row = db_array($result['result']);
$tMessage = '';
$tSubject = $row['subject'];
$tBody = $row['body'];
}
$tUseremail = $fUsername;
$tDomain = $fDomain;
if ($tSubject == '') { $tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8'); }
if ($tBody == '') { $tBody = html_entity_decode($PALANG['pUsersVacation_body_text'], ENT_QUOTES, 'UTF-8'); }
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$tSubject = safepost('fSubject');
$fSubject = escape_string ($tSubject);
$tBody = safepost('fBody');
$fBody = escape_string ($tBody);
$fChange = escape_string (safepost('fChange'));
$fBack = escape_string (safepost('fBack'));
if(authentication_has_role('admin') && isset($_GET['domain'])) {
$fDomain = escape_string ($_GET['domain']);
}
else {
$fDomain = $USERID_DOMAIN;
}
if(authentication_has_role('admin') && isset ($_GET['username'])) {
$fUsername = escape_string($_GET['username']);
}
else {
$fUsername = authentication_get_username();
}
$tUseremail = $fUsername;
if ($tSubject == '') { $tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8'); }
if ($tBody == '') { $tBody = html_entity_decode($PALANG['pUsersVacation_body_text'], ENT_QUOTES, 'UTF-8'); }
//if change, remove old one, then perhaps set new one
if (!empty ($fBack) || !empty ($fChange))
{
//if we find an existing vacation entry, disable it
$result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] == 1)
{
$db_false = db_get_boolean(false);
// retain vacation message if possible - i.e disable vacation away-ness.
$result = db_query ("UPDATE $table_vacation SET active = $db_false WHERE email='$fUsername'");
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$goto = $row['goto'];
//only one of these will do something, first handles address at beginning and middle, second at end
$goto= preg_replace ( "/$vacation_goto,/", '', $goto);
$goto= preg_replace ( "/,$vacation_goto/", '', $goto);
$goto= preg_replace ( "/$vacation_goto/", '', $goto);
if($goto == '') {
$sql = "DELETE FROM $table_alias WHERE address = '$fUsername'";
}
else {
$sql = "UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'";
}
$result = db_query($sql);
if ($result['rows'] != 1)
{
$error = 1;
}
}
}
}
//Set the vacation data for $fUsername
if (!empty ($fChange))
{
$goto = '';
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$goto = $row['goto'];
}
$Active = db_get_boolean(True);
$notActive = db_get_boolean(False);
// I don't think we need to care if the vacation entry is inactive or active.. as long as we don't try and
// insert a duplicate
$result = db_query("SELECT * FROM $table_vacation WHERE email = '$fUsername'");
if($result['rows'] == 1) {
$result = db_query("UPDATE $table_vacation SET active = $Active, created = NOW() WHERE email = '$fUsername'");
}
else {
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
}
if ($result['rows'] != 1)
{
$error = 1;
}
if($goto == '') {
$goto = $vacation_goto;
$sql = "INSERT INTO $table_alias (goto, address, domain, modified) VALUES ('$goto', '$fUsername', '$fDomain', NOW())";
}
else {
$goto = $goto . "," . $vacation_goto;
$sql = "UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'";
}
$result = db_query ($sql);
if ($result['rows'] != 1)
{
$error = 1;
}
}
}
if($error == 0) {
if(!empty ($fBack)) {
$tMessage = $PALANG['pVacation_result_removed'];
}
if(!empty($fChange)) {
$tMessage= $PALANG['pVacation_result_added'];
}
}
else {
$tMessage = $PALANG['pVacation_result_error'];
}
include ("templates/header.php");
include ("templates/menu.php");
include ("templates/edit-vacation.php");
include ("templates/footer.php");
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
?>