2007-03-24 08:27:00 +01:00
< ? php
2017-03-21 17:43:27 +01:00
/**
* Postfix Admin
*
* LICENSE
* This source file is subject to the GPL license that is bundled with
* this package in the file LICENSE . TXT .
*
* Further details on the project are available at http :// postfixadmin . sf . net
*
* @ version $Id $
* @ license GNU GPL v2 or later .
*
2007-09-30 17:53:54 +02:00
* File : functions . inc . php
* Contains re - usable code .
*/
2007-03-24 08:27:00 +01:00
2020-08-18 21:52:19 +02:00
$version = '3.2.4' ;
2018-05-02 22:25:36 +02:00
$min_db_version = 1840 ; # update (at least) before a release with the latest function numbrer in upgrade.php
2007-09-22 12:59:24 +02:00
/**
* check_session
* Action : Check if a session already exists , if not redirect to login . php
* Call : check_session ()
* @ return String username ( e . g . foo @ example . com )
*/
2011-06-02 22:51:12 +02:00
function authentication_get_username () {
2011-02-15 22:59:03 +01:00
if ( defined ( 'POSTFIXADMIN_CLI' )) {
return 'CLI' ;
}
2011-12-20 02:06:49 +01:00
if ( defined ( 'POSTFIXADMIN_SETUP' )) {
return 'SETUP.PHP' ;
}
2009-01-15 13:24:36 +01:00
if ( ! isset ( $_SESSION [ 'sessid' ])) {
2018-01-26 15:45:57 +01:00
header ( " Location: login.php " );
2009-01-15 13:24:36 +01:00
exit ( 0 );
}
$SESSID_USERNAME = $_SESSION [ 'sessid' ][ 'username' ];
return $SESSID_USERNAME ;
2007-03-24 08:27:00 +01:00
}
2007-09-22 12:59:24 +02:00
/**
2017-03-21 17:43:27 +01:00
* Returns the type of user - either 'user' or 'admin'
2007-09-22 12:59:24 +02:00
* Returns false if neither ( E . g . if not logged in )
* @ return String admin or user or ( boolean ) false .
*/
function authentication_get_usertype () {
2018-01-26 15:45:57 +01:00
if ( isset ( $_SESSION [ 'sessid' ])) {
if ( isset ( $_SESSION [ 'sessid' ][ 'type' ])) {
2009-01-15 13:24:36 +01:00
return $_SESSION [ 'sessid' ][ 'type' ];
}
}
return false ;
2007-03-24 08:27:00 +01:00
}
2007-09-22 12:59:24 +02:00
/**
*
* Used to determine whether a user has a particular role .
* @ param String role - name . ( E . g . admin , global - admin or user )
* @ return boolean True if they have the requested role in their session .
* Note , user < admin < global - admin
*/
function authentication_has_role ( $role ) {
2018-01-26 15:45:57 +01:00
if ( isset ( $_SESSION [ 'sessid' ])) {
if ( isset ( $_SESSION [ 'sessid' ][ 'roles' ])) {
if ( in_array ( $role , $_SESSION [ 'sessid' ][ 'roles' ])) {
2009-01-15 13:24:36 +01:00
return true ;
}
}
}
return false ;
2007-03-24 08:27:00 +01:00
}
2007-09-22 12:59:24 +02:00
/**
2017-03-21 17:43:27 +01:00
* Used to enforce that $user has a particular role when
2007-09-22 12:59:24 +02:00
* viewing a page .
2012-05-28 20:07:33 +02:00
* If they are lacking a role , redirect them to login . php
2007-09-22 12:59:24 +02:00
*
* Note , user < admin < global - admin
*/
function authentication_require_role ( $role ) {
2009-01-15 13:24:36 +01:00
// redirect to appropriate page?
2018-01-26 15:45:57 +01:00
if ( authentication_has_role ( $role )) {
return true ;
2009-01-15 13:24:36 +01:00
}
2012-05-28 19:43:39 +02:00
2012-05-28 20:07:33 +02:00
header ( " Location: login.php " );
2009-01-15 13:24:36 +01:00
exit ( 0 );
2007-09-22 12:59:24 +02:00
}
2007-03-24 08:27:00 +01:00
2016-10-19 13:06:10 +02:00
/**
* Initialize a user or admin session
*
* @ param String $username the user or admin name
* @ param boolean $is_admin true if the user is an admin , false otherwise
* @ return boolean true on success
*/
function init_session ( $username , $is_admin = false ) {
$status = session_regenerate_id ( true );
$_SESSION [ 'sessid' ] = array ();
$_SESSION [ 'sessid' ][ 'roles' ] = array ();
$_SESSION [ 'sessid' ][ 'roles' ][] = $is_admin ? 'admin' : 'user' ;
$_SESSION [ 'sessid' ][ 'username' ] = $username ;
$_SESSION [ 'PFA_token' ] = md5 ( uniqid ( rand (), true ));
return $status ;
}
2007-03-24 08:27:00 +01:00
2007-09-28 21:27:51 +02:00
/**
* Add an error message for display on the next page that is rendered .
2017-03-21 17:43:27 +01:00
* @ param String / Array message ( s ) to show .
2007-09-28 21:27:51 +02:00
*
* Stores string in session . Flushed through header template .
* @ see _flash_string ()
*/
function flash_error ( $string ) {
2009-01-15 13:24:36 +01:00
_flash_string ( 'error' , $string );
2007-09-28 21:27:51 +02:00
}
/**
* Used to display an info message on successful update .
2017-03-21 17:43:27 +01:00
* @ param String / Array message ( s ) to show .
2012-04-29 16:39:41 +02:00
* Stores data in session .
2007-09-28 21:27:51 +02:00
* @ see _flash_string ()
*/
function flash_info ( $string ) {
2009-01-15 13:24:36 +01:00
_flash_string ( 'info' , $string );
2007-09-28 21:27:51 +02:00
}
/**
* 'Private' method used for flash_info () and flash_error () .
*/
function _flash_string ( $type , $string ) {
2012-04-29 16:39:41 +02:00
if ( is_array ( $string )) {
foreach ( $string as $singlestring ) {
_flash_string ( $type , $singlestring );
}
2013-02-19 23:22:59 +01:00
return ;
2012-04-29 16:39:41 +02:00
}
2018-01-26 15:45:57 +01:00
if ( ! isset ( $_SESSION [ 'flash' ])) {
2009-01-15 13:24:36 +01:00
$_SESSION [ 'flash' ] = array ();
}
2018-01-26 15:45:57 +01:00
if ( ! isset ( $_SESSION [ 'flash' ][ $type ])) {
2009-01-15 13:24:36 +01:00
$_SESSION [ 'flash' ][ $type ] = array ();
}
$_SESSION [ 'flash' ][ $type ][] = $string ;
2007-09-28 21:27:51 +02:00
}
2007-03-24 08:27:00 +01:00
//
// check_language
// Action: checks what language the browser uses
// Call: check_language
2007-12-30 21:16:07 +01:00
// Parameter: $use_post - set to 0 if $_POST should NOT be read
2007-03-24 08:27:00 +01:00
//
2018-01-26 15:45:57 +01:00
function check_language ( $use_post = 1 ) {
2009-01-15 13:24:36 +01:00
global $supported_languages ; # from languages/languages.php
2013-04-01 23:59:56 +02:00
$lang = Config :: read ( 'default_language' );
2009-01-15 13:24:36 +01:00
2018-01-26 15:45:57 +01:00
if ( isset ( $_SERVER [ 'HTTP_ACCEPT_LANGUAGE' ])) {
$lang_array = preg_split ( '/(\s*,\s*)/' , $_SERVER [ 'HTTP_ACCEPT_LANGUAGE' ]);
2009-01-15 13:24:36 +01:00
if ( safecookie ( 'lang' )) {
array_unshift ( $lang_array , safecookie ( 'lang' )); # prefer language from cookie
}
2018-01-26 15:45:57 +01:00
if ( $use_post && safepost ( 'lang' )) {
2009-01-15 13:24:36 +01:00
array_unshift ( $lang_array , safepost ( 'lang' )); # but prefer $_POST['lang'] even more
}
2018-01-26 15:45:57 +01:00
for ( $i = 0 ; $i < count ( $lang_array ); $i ++ ) {
2009-01-15 13:24:36 +01:00
$lang_next = $lang_array [ $i ];
$lang_next = strtolower ( trim ( $lang_next ));
2013-10-31 21:38:14 +01:00
$lang_next = preg_replace ( '/;.*$/' , '' , $lang_next ); # remove things like ";q=0.8"
2018-01-26 15:45:57 +01:00
if ( array_key_exists ( $lang_next , $supported_languages )) {
2009-01-15 13:24:36 +01:00
$lang = $lang_next ;
break ;
}
}
}
return $lang ;
2007-03-24 08:27:00 +01:00
}
2007-12-30 02:32:33 +01:00
//
// language_selector
// Action: returns a language selector dropdown with the browser (or cookie) language preselected
// Call: language_selector()
//
2011-06-02 22:51:12 +02:00
function language_selector () {
2009-01-15 13:24:36 +01:00
global $supported_languages ; # from languages/languages.php
2008-07-29 21:32:32 +02:00
2009-01-15 13:24:36 +01:00
$current_lang = check_language ();
2007-12-30 02:32:33 +01:00
2009-01-15 13:24:36 +01:00
$selector = '<select name="lang" xml:lang="en" dir="ltr">' ;
2007-03-24 08:27:00 +01:00
2018-01-26 15:45:57 +01:00
foreach ( $supported_languages as $lang => $lang_name ) {
2009-01-15 13:24:36 +01:00
if ( $lang == $current_lang ) {
$selected = ' selected="selected"' ;
} else {
$selected = '' ;
}
$selector .= " <option value=' $lang ' $selected > $lang_name </option> " ;
}
$selector .= " </select> " ;
return $selector ;
2007-12-30 02:32:33 +01:00
}
2007-03-24 08:27:00 +01:00
2013-04-01 23:22:30 +02:00
/**
2017-03-21 17:43:27 +01:00
* Checks if a domain is valid
2013-04-01 23:22:30 +02:00
* @ param string $domain
* @ return empty string if the domain is valid , otherwise string with the errormessage
*
* TODO : make check_domain able to handle as example . local domains
* TODO : skip DNS check if the domain exists in PostfixAdmin ?
*/
2018-01-26 15:45:57 +01:00
function check_domain ( $domain ) {
if ( ! preg_match ( '/^([-0-9A-Z]+\.)+' . '([-0-9A-Z]){2,13}$/i' , ( $domain ))) {
2013-10-13 20:11:18 +02:00
return sprintf ( Config :: lang ( 'pInvalidDomainRegex' ), htmlentities ( $domain ));
2009-01-15 13:24:36 +01:00
}
2008-07-30 01:18:40 +02:00
2013-06-06 22:53:37 +02:00
if ( Config :: bool ( 'emailcheck_resolve_domain' ) && 'WINDOWS' != ( strtoupper ( substr ( php_uname ( 's' ), 0 , 7 )))) {
2008-07-30 01:18:40 +02:00
2009-01-15 13:24:36 +01:00
// Look for an AAAA, A, or MX record for the domain
2008-07-30 01:18:40 +02:00
2018-01-26 15:45:57 +01:00
if ( function_exists ( 'checkdnsrr' )) {
2015-06-13 21:56:26 +02:00
$start = microtime ( true ); # check for slow nameservers, part 1
2009-01-15 13:24:36 +01:00
// AAAA (IPv6) is only available in PHP v. >= 5
2018-01-26 15:45:57 +01:00
if ( version_compare ( phpversion (), " 5.0.0 " , " >= " ) && checkdnsrr ( $domain , 'AAAA' )) {
2015-06-13 21:56:26 +02:00
$retval = '' ;
2018-01-26 15:45:57 +01:00
} elseif ( checkdnsrr ( $domain , 'A' )) {
2015-06-13 21:56:26 +02:00
$retval = '' ;
2018-01-26 15:45:57 +01:00
} elseif ( checkdnsrr ( $domain , 'MX' )) {
2015-06-13 21:56:26 +02:00
$retval = '' ;
} else {
$retval = sprintf ( Config :: lang ( 'pInvalidDomainDNS' ), htmlentities ( $domain ));
}
$end = microtime ( true ); # check for slow nameservers, part 2
$time_needed = $end - $start ;
if ( $time_needed > 2 ) {
error_log ( " Warning: slow nameserver - lookup for $domain took $time_needed seconds " );
2009-01-15 13:24:36 +01:00
}
2015-06-13 21:56:26 +02:00
return $retval ;
2011-06-02 22:51:12 +02:00
} else {
2013-04-01 23:22:30 +02:00
return 'emailcheck_resolve_domain is enabled, but function (checkdnsrr) missing!' ;
2009-01-15 13:24:36 +01:00
}
}
2015-06-13 21:56:26 +02:00
2013-04-01 23:22:30 +02:00
return '' ;
2007-03-24 08:27:00 +01:00
}
2007-10-25 14:29:38 +02:00
/**
* check_email
* Checks if an email is valid - if it is , return true , else false .
* @ param String $email - a string that may be an email address .
2013-04-01 23:22:30 +02:00
* @ return empty string if it ' s a valid email address , otherwise string with the errormessage
2007-10-25 14:29:38 +02:00
* TODO : make check_email able to handle already added domains
*/
2018-01-26 15:45:57 +01:00
function check_email ( $email ) {
2009-01-15 13:24:36 +01:00
$ce_email = $email ;
2007-08-17 17:10:59 +02:00
2009-01-15 13:24:36 +01:00
//strip the vacation domain out if we are using it
//and change from blah#foo.com@autoreply.foo.com to blah@foo.com
2017-03-21 17:43:27 +01:00
if ( Config :: bool ( 'vacation' )) {
2013-04-01 23:51:29 +02:00
$vacation_domain = Config :: read ( 'vacation_domain' );
2011-09-24 13:49:14 +02:00
$ce_email = preg_replace ( " /@ $vacation_domain\ $ / " , '' , $ce_email );
2009-01-15 13:24:36 +01:00
$ce_email = preg_replace ( " /#/ " , '@' , $ce_email );
}
2007-06-20 03:48:44 +02:00
2009-01-15 13:24:36 +01:00
// Perform non-domain-part sanity checks
2018-01-26 15:45:57 +01:00
if ( ! preg_match ( '/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '[^@]+$/i' , $ce_email )) {
2013-10-13 20:11:18 +02:00
return Config :: lang_f ( 'pInvalidMailRegex' , $email );
2009-01-15 13:24:36 +01:00
}
2007-03-24 08:27:00 +01:00
2018-02-18 20:59:37 +01:00
if ( function_exists ( 'filter_var' )) {
2018-02-10 21:56:56 +01:00
$check = filter_var ( $email , FILTER_VALIDATE_EMAIL );
2018-02-18 20:59:37 +01:00
if ( ! $check ) {
2018-02-10 21:56:56 +01:00
return Config :: lang_f ( 'pInvalidMailRegex' , $email );
}
}
2009-01-15 13:24:36 +01:00
// Determine domain name
$matches = array ();
2018-01-26 15:45:57 +01:00
if ( ! preg_match ( '|@(.+)$|' , $ce_email , $matches )) {
2013-10-13 20:11:18 +02:00
return Config :: lang_f ( 'pInvalidMailRegex' , $email );
2009-01-15 13:24:36 +01:00
}
$domain = $matches [ 1 ];
2008-07-30 01:18:40 +02:00
2009-01-15 13:24:36 +01:00
# check domain name
return check_domain ( $domain );
2007-03-24 08:27:00 +01:00
}
2007-09-28 21:27:51 +02:00
/**
* Clean a string , escaping any meta characters that could be
* used to disrupt an SQL string . i . e . " ' " => " \ ' " etc .
*
2018-02-10 22:00:58 +01:00
* @ param string | array parameters to escape
* @ return string | array of cleaned data , suitable for use within an SQL statement .
2007-09-28 21:27:51 +02:00
*/
2018-01-26 15:45:57 +01:00
function escape_string ( $string ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
// if the string is actually an array, do a recursive cleaning.
// Note, the array keys are not cleaned.
2018-01-26 15:45:57 +01:00
if ( is_array ( $string )) {
2009-01-15 13:24:36 +01:00
$clean = array ();
2018-02-18 20:59:37 +01:00
foreach ( $string as $k => $v ) {
2018-02-10 22:02:09 +01:00
$clean [ $k ] = escape_string ( $v );
2009-01-15 13:24:36 +01:00
}
return $clean ;
}
2020-09-23 22:18:11 +02:00
// @ due to https://github.com/postfixadmin/postfixadmin/issues/385
if ( function_exists ( 'get_magic_quotes_gpc' ) && @ get_magic_quotes_gpc ()) {
2009-01-15 13:24:36 +01:00
$string = stripslashes ( $string );
}
2011-06-02 22:51:12 +02:00
if ( ! is_numeric ( $string )) {
2017-04-17 12:39:04 +02:00
$link = db_connect ();
2017-02-24 11:59:45 +01:00
2011-06-02 22:51:12 +02:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
2017-04-17 12:39:04 +02:00
$escaped_string = mysql_real_escape_string ( $string , $link );
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
if ( $CONF [ 'database_type' ] == " mysqli " ) {
2017-04-17 12:39:04 +02:00
$escaped_string = mysqli_real_escape_string ( $link , $string );
2009-01-15 13:24:36 +01:00
}
2016-02-04 23:30:06 +01:00
if ( db_sqlite ()) {
$escaped_string = SQLite3 :: escapeString ( $string );
}
2013-11-16 01:00:53 +01:00
if ( db_pgsql ()) {
2009-01-15 13:24:36 +01:00
// php 5.2+ allows for $link to be specified.
2011-06-02 22:51:12 +02:00
if ( version_compare ( phpversion (), " 5.2.0 " , " >= " )) {
2017-04-17 12:39:04 +02:00
$escaped_string = pg_escape_string ( $link , $string );
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$escaped_string = pg_escape_string ( $string );
}
}
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$escaped_string = $string ;
}
return $escaped_string ;
2007-03-24 08:27:00 +01:00
}
2007-10-25 14:29:38 +02:00
/**
* safeget
* Action : get value from $_GET [ $param ], or $default if $_GET [ $param ] is not set
* Call : $param = safeget ( 'param' ) # replaces $param = $_GET['param']
* - or -
* $param = safeget ( 'param' , 'default' )
*
2018-02-10 22:00:58 +01:00
* @ param string $param parameter name .
* @ param string $default ( optional ) - default value if key is not set .
* @ return string
2007-10-25 14:29:38 +02:00
*/
2018-01-26 15:45:57 +01:00
function safeget ( $param , $default = " " ) {
2009-01-15 13:24:36 +01:00
$retval = $default ;
2018-01-26 15:45:57 +01:00
if ( isset ( $_GET [ $param ])) {
$retval = $_GET [ $param ];
}
2009-01-15 13:24:36 +01:00
return $retval ;
2007-10-23 01:49:10 +02:00
}
2007-10-25 14:29:38 +02:00
/**
2018-02-10 22:00:58 +01:00
* safepost - similar to safeget () but for $_POST
2007-10-25 14:29:38 +02:00
* @ see safeget ()
2018-02-10 22:00:58 +01:00
* @ param string $param parameter name
* @ param string $default ( optional ) default value ( defaults to " " )
* @ return string - value in $_POST [ $param ] or $default
2007-10-25 14:29:38 +02:00
*/
2018-01-26 15:45:57 +01:00
function safepost ( $param , $default = " " ) {
2009-01-15 13:24:36 +01:00
$retval = $default ;
2018-01-26 15:45:57 +01:00
if ( isset ( $_POST [ $param ])) {
$retval = $_POST [ $param ];
}
2009-01-15 13:24:36 +01:00
return $retval ;
2007-10-23 01:49:10 +02:00
}
2007-10-25 14:29:38 +02:00
/**
* safeserver
* @ see safeget ()
2018-02-10 22:00:58 +01:00
* @ param string $param
* @ param string $default ( optional )
* @ return string value from $_SERVER [ $param ] or $default
2007-10-25 14:29:38 +02:00
*/
2018-01-26 15:45:57 +01:00
function safeserver ( $param , $default = " " ) {
2009-01-15 13:24:36 +01:00
$retval = $default ;
2018-01-26 15:45:57 +01:00
if ( isset ( $_SERVER [ $param ])) {
$retval = $_SERVER [ $param ];
}
2009-01-15 13:24:36 +01:00
return $retval ;
2007-10-23 01:49:10 +02:00
}
2007-12-30 02:32:33 +01:00
/**
* safecookie
* @ see safeget ()
2018-02-10 22:00:58 +01:00
* @ param string $param
* @ param string $default ( optional )
* @ return string value from $_COOKIE [ $param ] or $default
2007-12-30 02:32:33 +01:00
*/
2018-01-26 15:45:57 +01:00
function safecookie ( $param , $default = " " ) {
2009-01-15 13:24:36 +01:00
$retval = $default ;
2018-01-26 15:45:57 +01:00
if ( isset ( $_COOKIE [ $param ])) {
$retval = $_COOKIE [ $param ];
}
2009-01-15 13:24:36 +01:00
return $retval ;
2007-12-30 02:32:33 +01:00
}
2013-12-01 20:05:14 +01:00
/**
* safesession
* @ see safeget ()
2018-02-10 22:00:58 +01:00
* @ param string $param
* @ param string $default ( optional )
* @ return string value from $_SESSION [ $param ] or $default
2013-12-01 20:05:14 +01:00
*/
2018-01-26 15:45:57 +01:00
function safesession ( $param , $default = " " ) {
2013-12-01 20:05:14 +01:00
$retval = $default ;
2018-01-26 15:45:57 +01:00
if ( isset ( $_SESSION [ $param ])) {
$retval = $_SESSION [ $param ];
}
2013-12-01 20:05:14 +01:00
return $retval ;
}
2011-07-30 00:06:52 +02:00
/**
* pacol
* @ param int $allow_editing
* @ param int $display_in_form
* @ param int display_in_list
2018-02-10 22:00:58 +01:00
* @ param string $type
* @ param string PALANG_label
* @ param string PALANG_desc
2011-07-30 00:06:52 +02:00
* @ param any optional $default
2018-02-10 22:00:58 +01:00
* @ param array $options optional options
2018-04-22 20:09:13 +02:00
* @ param int or $not_in_db - if array , can contain the remaining parameters as associated array . Otherwise counts as $not_in_db
2014-11-01 22:11:33 +01:00
* @ param ...
2011-07-30 00:06:52 +02:00
* @ return array for $struct
*/
2014-11-01 22:11:33 +01:00
function pacol ( $allow_editing , $display_in_form , $display_in_list , $type , $PALANG_label , $PALANG_desc , $default = " " , $options = array (), $multiopt = 0 , $dont_write_to_db = 0 , $select = " " , $extrafrom = " " , $linkto = " " ) {
2018-01-26 15:45:57 +01:00
if ( $PALANG_label != '' ) {
$PALANG_label = Config :: lang ( $PALANG_label );
}
if ( $PALANG_desc != '' ) {
$PALANG_desc = Config :: lang ( $PALANG_desc );
}
2011-07-30 00:06:52 +02:00
2014-11-01 22:11:33 +01:00
if ( is_array ( $multiopt )) { # remaining parameters provided in named array
$not_in_db = 0 ; # keep default value
foreach ( $multiopt as $key => $value ) {
$$key = $value ; # extract everything to the matching variable
}
} else {
$not_in_db = $multiopt ;
}
2011-07-30 00:06:52 +02:00
return array (
'editable' => $allow_editing ,
'display_in_form' => $display_in_form ,
'display_in_list' => $display_in_list ,
'type' => $type ,
'label' => $PALANG_label , # $PALANG field label
'desc' => $PALANG_desc , # $PALANG field description
'default' => $default ,
'options' => $options ,
'not_in_db' => $not_in_db ,
2011-10-25 23:28:55 +02:00
'dont_write_to_db' => $dont_write_to_db ,
2011-10-23 00:49:01 +02:00
'select' => $select , # replaces the field name after SELECT
'extrafrom' => $extrafrom , # added after FROM xy - useful for JOINs etc.
2014-11-01 22:11:33 +01:00
'linkto' => $linkto , # make the value a link - %s will be replaced with the ID
2011-07-30 00:06:52 +02:00
);
}
2007-03-24 08:27:00 +01:00
//
// get_domain_properties
// Action: Get all the properties of a domain.
// Call: get_domain_properties (string domain)
//
2018-01-26 15:45:57 +01:00
function get_domain_properties ( $domain ) {
2011-10-30 00:58:08 +02:00
$handler = new DomainHandler ();
if ( ! $handler -> init ( $domain )) {
die ( " Error: " . join ( " \n " , $handler -> errormsg ));
2009-01-15 13:24:36 +01:00
}
2011-10-30 00:58:08 +02:00
if ( ! $handler -> view ()) {
die ( " Error: " . join ( " \n " , $handler -> errormsg ));
2009-01-15 13:24:36 +01:00
}
2013-10-13 18:11:15 +02:00
$result = $handler -> result ();
2011-10-30 00:58:08 +02:00
return $result ;
2007-03-24 08:27:00 +01:00
}
2011-04-10 00:37:11 +02:00
/**
* create_page_browser
* Action : Get page browser for a long list of mailboxes , aliases etc .
* Call : $pagebrowser = create_page_browser ( 'table.field' , 'query' , 50 ) # replaces $param = $_GET['param']
*
* @ param String idxfield - database field name to use as title
* @ param String query - core part of the query ( starting at " FROM " )
2017-03-21 17:43:27 +01:00
* @ return String
2011-04-10 00:37:11 +02:00
*/
2011-04-10 18:30:49 +02:00
function create_page_browser ( $idxfield , $querypart ) {
2011-04-10 00:37:11 +02:00
global $CONF ;
2011-04-10 18:30:49 +02:00
$page_size = ( int ) $CONF [ 'page_size' ];
2011-04-10 00:37:11 +02:00
$label_len = 2 ;
$pagebrowser = array ();
2011-04-10 18:30:49 +02:00
if ( $page_size < 2 ) { # will break the page browser
die ( '$CONF[\'page_size\'] must be 2 or more!' );
}
# get number of rows
2012-05-28 19:27:17 +02:00
$query = " SELECT count(*) as counter FROM (SELECT $idxfield $querypart ) AS tmp " ;
2018-01-26 15:45:57 +01:00
$result = db_query ( $query );
2011-04-10 18:30:49 +02:00
if ( $result [ 'rows' ] > 0 ) {
2018-02-10 22:02:52 +01:00
$row = db_assoc ( $result [ 'result' ]);
2011-04-10 18:30:49 +02:00
$count_results = $row [ 'counter' ] - 1 ; # we start counting at 0, not 1
}
2018-01-26 15:45:57 +01:00
# echo "<p>rows: " . ($count_results +1) . " --- $query";
2011-04-10 18:30:49 +02:00
if ( $count_results < $page_size ) {
return array (); # only one page - no pagebrowser required
}
2011-04-10 00:37:11 +02:00
2011-04-10 18:30:49 +02:00
# init row counter
2019-01-08 19:33:14 +01:00
$initcount = " SET @r=-1 " ;
2013-11-16 01:00:53 +01:00
if ( db_pgsql ()) {
2011-04-10 21:20:31 +02:00
$initcount = " CREATE TEMPORARY SEQUENCE rowcount MINVALUE 0 " ;
}
2016-02-04 23:30:06 +01:00
if ( ! db_sqlite ()) {
$result = db_query ( $initcount );
}
2011-04-10 00:37:11 +02:00
2011-04-10 18:30:49 +02:00
# get labels for relevant rows (first and last of each page)
$page_size_zerobase = $page_size - 1 ;
$query = "
2012-05-13 23:09:03 +02:00
SELECT * FROM (
2019-01-08 19:33:14 +01:00
SELECT $idxfield AS label , @ r := @ r + 1 AS 'r' $querypart
) idx WHERE MOD ( idx . r , $page_size ) IN ( 0 , $page_size_zerobase ) OR idx . r = $count_results
2017-03-21 17:43:27 +01:00
" ;
2012-05-13 23:09:03 +02:00
2013-11-16 01:00:53 +01:00
if ( db_pgsql ()) {
2011-04-10 21:20:31 +02:00
$query = "
SELECT * FROM (
2019-12-08 17:23:49 +01:00
SELECT $idxfield AS label , nextval ( 'rowcount' ) AS r $querypart
) idx WHERE MOD ( idx . r , $page_size ) IN ( 0 , $page_size_zerobase ) OR idx . r = $count_results
2017-03-21 17:43:27 +01:00
" ;
2011-04-10 21:20:31 +02:00
}
2016-02-04 23:30:06 +01:00
if ( db_sqlite ()) {
2019-09-17 21:46:32 +02:00
$bits = explode ( '.' , $idxfield );
$end = $bits [ 1 ];
2016-02-04 23:30:06 +01:00
$query = "
WITH idx AS ( SELECT * $querypart )
2019-12-08 17:23:49 +01:00
SELECT $end AS label , ( SELECT ( COUNT ( * ) - 1 ) FROM idx t1 WHERE t1 . $end <= t2 . $end ) AS r
2016-02-04 23:30:06 +01:00
FROM idx t2
2019-12-08 17:23:49 +01:00
WHERE ( r % $page_size ) IN ( 0 , $page_size_zerobase ) OR r = $count_results " ;
2016-02-04 23:30:06 +01:00
}
2018-01-26 15:45:57 +01:00
# TODO: $query is MySQL-specific
2011-04-10 00:37:11 +02:00
2018-01-26 15:45:57 +01:00
# PostgreSQL:
# http://www.postgresql.org/docs/8.1/static/sql-createsequence.html
# http://www.postgresonline.com/journal/archives/79-Simulating-Row-Number-in-PostgreSQL-Pre-8.4.html
# http://www.pg-forum.de/sql/1518-nummerierung-der-abfrageergebnisse.html
# CREATE TEMPORARY SEQUENCE foo MINVALUE 0 MAXVALUE $page_size_zerobase CYCLE
# afterwards: DROP SEQUENCE foo
2011-04-10 00:37:11 +02:00
2018-01-26 15:45:57 +01:00
$result = db_query ( $query );
2011-04-10 00:37:11 +02:00
if ( $result [ 'rows' ] > 0 ) {
2018-02-10 22:02:52 +01:00
while ( $row = db_assoc ( $result [ 'result' ])) {
if ( $row2 = db_assoc ( $result [ 'result' ])) {
2018-01-26 15:45:57 +01:00
$label = substr ( $row [ 'label' ], 0 , $label_len ) . '-' . substr ( $row2 [ 'label' ], 0 , $label_len );
2011-04-10 00:37:11 +02:00
$pagebrowser [] = $label ;
2011-04-10 18:30:49 +02:00
} else { # only one row remaining
2018-01-26 15:45:57 +01:00
$label = substr ( $row [ 'label' ], 0 , $label_len );
2011-04-10 00:37:11 +02:00
$pagebrowser [] = $label ;
}
}
}
2013-11-16 01:00:53 +01:00
if ( db_pgsql ()) {
2018-01-26 15:45:57 +01:00
db_query ( " DROP SEQUENCE rowcount " );
2011-04-10 21:20:31 +02:00
}
2011-04-10 00:37:11 +02:00
return $pagebrowser ;
}
2007-03-24 08:27:00 +01:00
//
// divide_quota
// Action: Recalculates the quota from MBs to bytes (divide, /)
// Call: divide_quota (string $quota)
//
2018-01-26 15:45:57 +01:00
function divide_quota ( $quota ) {
if ( $quota == - 1 ) {
return $quota ;
}
$value = round ( $quota / Config :: read ( 'quota_multiplier' ), 2 );
2009-01-15 13:24:36 +01:00
return $value ;
2007-03-24 08:27:00 +01:00
}
//
// check_owner
2007-11-04 01:50:09 +01:00
// Action: Checks if the admin is the owner of the domain (or global-admin)
2007-03-24 08:27:00 +01:00
// Call: check_owner (string admin, string domain)
//
2018-01-26 15:45:57 +01:00
function check_owner ( $username , $domain ) {
2013-12-08 20:41:01 +01:00
$table_domain_admins = table_by_key ( 'domain_admins' );
2011-08-21 22:58:20 +02:00
$E_username = escape_string ( $username );
$E_domain = escape_string ( $domain );
2018-01-26 15:45:57 +01:00
$result = db_query ( " SELECT 1 FROM $table_domain_admins WHERE username=' $E_username ' AND (domain=' $E_domain ' OR domain='ALL') AND active='1' " );
2012-06-03 00:13:27 +02:00
if ( $result [ 'rows' ] == 1 || $result [ 'rows' ] == 2 ) { # "ALL" + specific domain permissions is possible
# TODO: if superadmin, check if given domain exists in the database
return true ;
} else {
if ( $result [ 'rows' ] > 2 ) { # more than 2 results means something really strange happened...
flash_error ( " Permission check returned multiple results. Please go to 'edit admin' for your username and press the save "
2009-11-30 13:48:25 +01:00
. " button once to fix the database. If this doesn't help, open a bugreport. " );
2012-06-03 00:13:27 +02:00
}
2009-01-15 13:24:36 +01:00
return false ;
}
2007-03-24 08:27:00 +01:00
}
2007-09-28 21:27:51 +02:00
/**
2017-03-21 17:43:27 +01:00
* List domains for an admin user .
2007-09-28 21:27:51 +02:00
* @ param String $username
* @ return array of domain names .
*/
2018-01-26 15:45:57 +01:00
function list_domains_for_admin ( $username ) {
2013-12-08 20:41:01 +01:00
$table_domain = table_by_key ( 'domain' );
$table_domain_admins = table_by_key ( 'domain_admins' );
2009-01-15 13:24:36 +01:00
2011-11-12 21:44:35 +01:00
$E_username = escape_string ( $username );
$query = " SELECT $table_domain .domain FROM $table_domain " ;
$condition [] = " $table_domain .domain != 'ALL' " ;
2018-01-26 15:45:57 +01:00
$result = db_query ( " SELECT username FROM $table_domain_admins WHERE username=' $E_username ' AND domain='ALL' " );
2011-11-12 21:44:35 +01:00
if ( $result [ 'rows' ] < 1 ) { # not a superadmin
$query .= " LEFT JOIN $table_domain_admins ON $table_domain .domain= $table_domain_admins .domain " ;
$condition [] = " $table_domain_admins .username=' $E_username ' " ;
$condition [] = " $table_domain .active=' " . db_get_boolean ( true ) . " ' " ; # TODO: does it really make sense to exclude inactive...
2018-01-26 15:45:57 +01:00
$condition [] = " $table_domain .backupmx=' " . db_get_boolean ( false ) . " ' " ; # TODO: ... and backupmx domains for non-superadmins?
2011-11-12 21:44:35 +01:00
}
$query .= " WHERE " . join ( ' AND ' , $condition );
$query .= " ORDER BY $table_domain .domain " ;
2018-01-26 15:45:57 +01:00
$list = array ();
$result = db_query ( $query );
2011-06-02 22:51:12 +02:00
if ( $result [ 'rows' ] > 0 ) {
2009-01-15 13:24:36 +01:00
$i = 0 ;
2018-02-10 22:02:52 +01:00
while ( $row = db_assoc ( $result [ 'result' ])) {
2009-01-15 13:24:36 +01:00
$list [ $i ] = $row [ 'domain' ];
$i ++ ;
}
}
return $list ;
2007-03-24 08:27:00 +01:00
}
//
// list_domains
// Action: List all available domains.
// Call: list_domains ()
//
2018-01-26 15:45:57 +01:00
function list_domains () {
2009-01-15 13:24:36 +01:00
$list = array ();
2007-03-24 08:27:00 +01:00
2013-12-08 20:41:01 +01:00
$table_domain = table_by_key ( 'domain' );
2018-01-26 15:45:57 +01:00
$result = db_query ( " SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain " );
2011-06-02 22:51:12 +02:00
if ( $result [ 'rows' ] > 0 ) {
2009-01-15 13:24:36 +01:00
$i = 0 ;
2018-02-10 22:02:52 +01:00
while ( $row = db_assoc ( $result [ 'result' ])) {
2009-01-15 13:24:36 +01:00
$list [ $i ] = $row [ 'domain' ];
$i ++ ;
}
}
return $list ;
2007-03-24 08:27:00 +01:00
}
//
// list_admins
// Action: Lists all the admins
// Call: list_admins ()
//
// was admin_list_admins
//
2018-01-26 15:45:57 +01:00
function list_admins () {
2012-05-08 00:53:04 +02:00
$handler = new AdminHandler ();
2007-03-24 08:27:00 +01:00
2013-10-13 18:11:15 +02:00
$handler -> getList ( '' );
return $handler -> result ();
2007-03-24 08:27:00 +01:00
}
//
// encode_header
// Action: Encode a string according to RFC 1522 for use in headers if it contains 8-bit characters.
// Call: encode_header (string header, string charset)
//
2018-01-26 15:45:57 +01:00
function encode_header ( $string , $default_charset = " utf-8 " ) {
if ( strtolower ( $default_charset ) == 'iso-8859-1' ) {
$string = str_replace ( " \240 " , ' ' , $string );
2009-01-15 13:24:36 +01:00
}
2018-01-26 15:45:57 +01:00
$j = strlen ( $string );
$max_l = 75 - strlen ( $default_charset ) - 7 ;
$aRet = array ();
2009-01-15 13:24:36 +01:00
$ret = '' ;
$iEncStart = $enc_init = false ;
$cur_l = $iOffset = 0 ;
2011-06-02 22:51:12 +02:00
for ( $i = 0 ; $i < $j ; ++ $i ) {
switch ( $string { $i }) {
case '=' :
case '<' :
case '>' :
case ',' :
case '?' :
case '_' :
if ( $iEncStart === false ) {
$iEncStart = $i ;
}
$cur_l += 3 ;
if ( $cur_l > ( $max_l - 2 )) {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset , $iEncStart - $iOffset );
2009-01-15 13:24:36 +01:00
$aRet [] = " =? $default_charset ?Q? $ret ?= " ;
$iOffset = $i ;
$cur_l = 0 ;
$ret = '' ;
$iEncStart = false ;
2011-06-02 22:51:12 +02:00
} else {
2018-01-26 15:45:57 +01:00
$ret .= sprintf ( " =%02X " , ord ( $string { $i }));
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
break ;
case '(' :
case ')' :
if ( $iEncStart !== false ) {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset , $iEncStart - $iOffset );
2011-06-02 22:51:12 +02:00
$aRet [] = " =? $default_charset ?Q? $ret ?= " ;
2009-01-15 13:24:36 +01:00
$iOffset = $i ;
2011-06-02 22:51:12 +02:00
$cur_l = 0 ;
$ret = '' ;
$iEncStart = false ;
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
break ;
case ' ' :
if ( $iEncStart !== false ) {
2009-01-15 13:24:36 +01:00
$cur_l ++ ;
2011-06-02 22:51:12 +02:00
if ( $cur_l > $max_l ) {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset , $iEncStart - $iOffset );
2009-01-15 13:24:36 +01:00
$aRet [] = " =? $default_charset ?Q? $ret ?= " ;
$iOffset = $i ;
$cur_l = 0 ;
$ret = '' ;
2011-06-02 22:51:12 +02:00
$iEncStart = false ;
} else {
$ret .= '_' ;
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
}
break ;
default :
2018-01-26 15:45:57 +01:00
$k = ord ( $string { $i });
2011-06-02 22:51:12 +02:00
if ( $k > 126 ) {
if ( $iEncStart === false ) {
// do not start encoding in the middle of a string, also take the rest of the word.
2018-01-26 15:45:57 +01:00
$sLeadString = substr ( $string , 0 , $i );
$aLeadString = explode ( ' ' , $sLeadString );
$sToBeEncoded = array_pop ( $aLeadString );
$iEncStart = $i - strlen ( $sToBeEncoded );
2011-06-02 22:51:12 +02:00
$ret .= $sToBeEncoded ;
2018-01-26 15:45:57 +01:00
$cur_l += strlen ( $sToBeEncoded );
2011-06-02 22:51:12 +02:00
}
$cur_l += 3 ;
// first we add the encoded string that reached it's max size
if ( $cur_l > ( $max_l - 2 )) {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset , $iEncStart - $iOffset );
2011-06-02 22:51:12 +02:00
$aRet [] = " =? $default_charset ?Q? $ret ?= " ;
$cur_l = 3 ;
$ret = '' ;
$iOffset = $i ;
$iEncStart = $i ;
}
$enc_init = true ;
2018-01-26 15:45:57 +01:00
$ret .= sprintf ( " =%02X " , $k );
2011-06-02 22:51:12 +02:00
} else {
if ( $iEncStart !== false ) {
$cur_l ++ ;
if ( $cur_l > $max_l ) {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset , $iEncStart - $iOffset );
2011-06-02 22:51:12 +02:00
$aRet [] = " =? $default_charset ?Q? $ret ?= " ;
$iEncStart = false ;
$iOffset = $i ;
$cur_l = 0 ;
$ret = '' ;
} else {
$ret .= $string { $i };
}
2009-01-15 13:24:36 +01:00
}
}
2011-06-02 22:51:12 +02:00
break ;
# end switch
2009-01-15 13:24:36 +01:00
}
}
2011-06-02 22:51:12 +02:00
if ( $enc_init ) {
if ( $iEncStart !== false ) {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset , $iEncStart - $iOffset );
2009-01-15 13:24:36 +01:00
$aRet [] = " =? $default_charset ?Q? $ret ?= " ;
2011-06-02 22:51:12 +02:00
} else {
2018-01-26 15:45:57 +01:00
$aRet [] = substr ( $string , $iOffset );
2009-01-15 13:24:36 +01:00
}
2018-01-26 15:45:57 +01:00
$string = implode ( '' , $aRet );
2009-01-15 13:24:36 +01:00
}
return $string ;
2007-03-24 08:27:00 +01:00
}
2018-05-04 22:36:05 +02:00
/**/ if ( ! function_exists ( 'random_int' )) { # random_int() is available since PHP 7, compat wrapper for PHP 5.x
function random_int ( $min , $max ) {
return mt_rand ( $min , $max );
}
2020-04-18 20:24:07 +02:00
/**/
}
2018-05-04 22:36:05 +02:00
2018-05-02 22:10:06 +02:00
/**
* Generate a random password of $length characters .
* @ param int $length ( optional , default : 12 )
* @ return string
*
*/
function generate_password ( $length = 12 ) {
2011-04-10 16:16:17 +02:00
// define possible characters
$possible = " 2345678923456789abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ " ; # skip 0 and 1 to avoid confusion with O and l
// add random characters to $password until $length is reached
$password = " " ;
while ( strlen ( $password ) < $length ) {
2018-05-04 22:36:05 +02:00
$random = random_int ( 0 , strlen ( $possible ) - 1 );
2018-04-29 22:53:38 +02:00
$char = substr ( $possible , $random , 1 );
2011-04-10 16:16:17 +02:00
// we don't want this character if it's already in the password
if ( ! strstr ( $password , $char )) {
$password .= $char ;
}
}
2009-01-15 13:24:36 +01:00
return $password ;
2007-03-24 08:27:00 +01:00
}
2011-09-25 20:39:20 +02:00
/**
* Check if a password is strong enough based on the conditions in $CONF [ 'password_validation' ]
2018-04-29 22:53:38 +02:00
* @ param string $password
2011-09-25 20:39:20 +02:00
* @ return array of error messages , or empty array if the password is ok
*/
function validate_password ( $password ) {
2013-03-03 01:34:53 +01:00
$val_conf = Config :: read ( 'password_validation' );
2011-09-25 20:39:20 +02:00
$result = array ();
2020-03-10 15:32:58 +01:00
if ( ! is_array ( $val_conf )) {
$val_conf = [];
}
2013-03-03 01:34:53 +01:00
$minlen = ( int ) Config :: read ( 'min_password_length' ); # used up to 2.3.x - check it for backward compatibility
if ( $minlen > 0 ) {
$val_conf [ '/.{' . $minlen . '}/' ] = " password_too_short $minlen " ;
2011-09-25 20:39:20 +02:00
}
2013-03-03 01:34:53 +01:00
foreach ( $val_conf as $regex => $message ) {
2011-09-25 20:39:20 +02:00
if ( ! preg_match ( $regex , $password )) {
$msgparts = preg_split ( " / / " , $message , 2 );
if ( count ( $msgparts ) == 1 ) {
2013-10-13 20:11:18 +02:00
$result [] = Config :: lang ( $msgparts [ 0 ]);
2011-09-25 20:39:20 +02:00
} else {
2013-10-13 20:11:18 +02:00
$result [] = sprintf ( Config :: lang ( $msgparts [ 0 ]), $msgparts [ 1 ]);
2011-09-25 20:39:20 +02:00
}
}
}
2013-03-03 01:34:53 +01:00
2011-09-25 20:39:20 +02:00
return $result ;
}
2018-02-19 21:59:52 +01:00
function _pacrypt_md5crypt ( $pw , $pw_db ) {
2018-02-19 22:01:23 +01:00
$split_salt = preg_split ( '/\$/' , $pw_db );
if ( isset ( $split_salt [ 2 ])) {
$salt = $split_salt [ 2 ];
return md5crypt ( $pw , $salt );
}
2018-02-19 21:59:52 +01:00
2018-02-19 22:01:23 +01:00
return md5crypt ( $pw );
2018-02-19 21:59:52 +01:00
}
function _pacrypt_crypt ( $pw , $pw_db ) {
2018-02-19 22:01:23 +01:00
if ( $pw_db ) {
return crypt ( $pw , $pw_db );
}
return crypt ( $pw );
2018-02-19 21:59:52 +01:00
}
function _pacrypt_mysql_encrypt ( $pw , $pw_db ) {
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
// this is apparently useful for pam_mysql etc.
2018-02-19 22:01:23 +01:00
$pw = escape_string ( $pw );
if ( $pw_db != " " ) {
$salt = escape_string ( substr ( $pw_db , 0 , 2 ));
$res = db_query ( " SELECT ENCRYPT(' " . $pw . " ',' " . $salt . " '); " );
} else {
$res = db_query ( " SELECT ENCRYPT(' " . $pw . " '); " );
}
$l = db_row ( $res [ " result " ]);
$password = $l [ 0 ];
return $password ;
2018-02-19 21:59:52 +01:00
}
function _pacrypt_authlib ( $pw , $pw_db ) {
global $CONF ;
$flavor = $CONF [ 'authlib_default_flavor' ];
2018-02-19 22:01:23 +01:00
$salt = substr ( create_salt (), 0 , 2 ); # courier-authlib supports only two-character salts
if ( preg_match ( '/^{.*}/' , $pw_db )) {
// we have a flavor in the db -> use it instead of default flavor
$result = preg_split ( '/[{}]/' , $pw_db , 3 ); # split at { and/or }
$flavor = $result [ 1 ];
$salt = substr ( $result [ 2 ], 0 , 2 );
}
if ( stripos ( $flavor , 'md5raw' ) === 0 ) {
$password = '{' . $flavor . '}' . md5 ( $pw );
} elseif ( stripos ( $flavor , 'md5' ) === 0 ) {
$password = '{' . $flavor . '}' . base64_encode ( md5 ( $pw , true ));
} elseif ( stripos ( $flavor , 'crypt' ) === 0 ) {
$password = '{' . $flavor . '}' . crypt ( $pw , $salt );
} elseif ( stripos ( $flavor , 'SHA' ) === 0 ) {
$password = '{' . $flavor . '}' . base64_encode ( sha1 ( $pw , true ));
} else {
die ( " authlib_default_flavor ' " . $flavor . " ' unknown. Valid flavors are 'md5raw', 'md5', 'SHA' and 'crypt' " );
}
return $password ;
2018-02-19 21:59:52 +01:00
}
2018-04-29 22:53:38 +02:00
/**
* @ param string $pw - plain text password
* @ param string $pw_db - encrypted password , or '' for generation .
* @ return string
*/
2018-02-19 21:59:52 +01:00
function _pacrypt_dovecot ( $pw , $pw_db ) {
global $CONF ;
2018-02-19 22:01:23 +01:00
$split_method = preg_split ( '/:/' , $CONF [ 'encrypt' ]);
$method = strtoupper ( $split_method [ 1 ]);
# If $pw_db starts with {method}, change $method accordingly
if ( ! empty ( $pw_db ) && preg_match ( '/^\{([A-Z0-9.-]+)\}.+/' , $pw_db , $method_matches )) {
$method = $method_matches [ 1 ];
}
if ( ! preg_match ( " /^[A-Z0-9.-]+ $ / " , $method )) {
die ( " invalid dovecot encryption method " );
}
# TODO: check against a fixed list?
# if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead.");
# $crypt_method = preg_match ("/.*-CRYPT$/", $method);
# digest-md5 and SCRAM-SHA-1 hashes include the username - until someone implements it, let's declare it as unsupported
if ( strtolower ( $method ) == 'digest-md5' ) {
die ( " Sorry, \$ CONF['encrypt'] = 'dovecot:digest-md5' is not supported by PostfixAdmin. " );
}
if ( strtoupper ( $method ) == 'SCRAM-SHA-1' ) {
die ( " Sorry, \$ CONF['encrypt'] = 'dovecot:scram-sha-1' is not supported by PostfixAdmin. " );
}
# TODO: add -u option for those hashes, or for everything that is salted (-u was available before dovecot 2.1 -> no problem with backward compability)
$dovecotpw = " doveadm pw " ;
if ( ! empty ( $CONF [ 'dovecotpw' ])) {
$dovecotpw = $CONF [ 'dovecotpw' ];
}
# Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
$spec = array (
0 => array ( " pipe " , " r " ), // stdin
1 => array ( " pipe " , " w " ), // stdout
2 => array ( " pipe " , " w " ), // stderr
);
$nonsaltedtypes = " SHA|SHA1|SHA256|SHA512|CLEAR|CLEARTEXT|PLAIN|PLAIN-TRUNC|CRAM-MD5|HMAC-MD5|PLAIN-MD4|PLAIN-MD5|LDAP-MD5|LANMAN|NTLM|RPA " ;
$salted = ! preg_match ( " /^( $nonsaltedtypes )( \ .B64| \ .BASE64| \ .HEX)? $ / " , strtoupper ( $method ));
$dovepasstest = '' ;
if ( $salted && ( ! empty ( $pw_db ))) {
# only use -t for salted passwords to be backward compatible with dovecot < 2.1
$dovepasstest = " -t " . escapeshellarg ( $pw_db );
}
$pipe = proc_open ( " $dovecotpw '-s' $method $dovepasstest " , $spec , $pipes );
if ( ! $pipe ) {
die ( " can't proc_open $dovecotpw " );
}
// use dovecot's stdin, it uses getpass() twice (except when using -t)
// Write pass in pipe stdin
if ( empty ( $dovepasstest )) {
fwrite ( $pipes [ 0 ], $pw . " \n " , 1 + strlen ( $pw ));
usleep ( 1000 );
}
fwrite ( $pipes [ 0 ], $pw . " \n " , 1 + strlen ( $pw ));
fclose ( $pipes [ 0 ]);
// Read hash from pipe stdout
$password = fread ( $pipes [ 1 ], " 200 " );
if ( empty ( $dovepasstest )) {
if ( ! preg_match ( '/^\{' . $method . '\}/' , $password )) {
$stderr_output = stream_get_contents ( $pipes [ 2 ]);
2018-04-29 22:53:38 +02:00
error_log ( 'dovecotpw password encryption failed. STDERR output: ' . $stderr_output );
2018-02-19 22:01:23 +01:00
die ( " can't encrypt password with dovecotpw, see error log for details " );
}
} else {
if ( ! preg_match ( '(verified)' , $password )) {
$password = " Thepasswordcannotbeverified " ;
} else {
$password = rtrim ( str_replace ( '(verified)' , '' , $password ));
}
}
fclose ( $pipes [ 1 ]);
fclose ( $pipes [ 2 ]);
proc_close ( $pipe );
if (( ! empty ( $pw_db )) && ( substr ( $pw_db , 0 , 1 ) != '{' )) {
# for backward compability with "old" dovecot passwords that don't have the {method} prefix
$password = str_replace ( '{' . $method . '}' , '' , $password );
}
return rtrim ( $password );
2018-02-19 21:59:52 +01:00
}
2018-05-02 22:18:38 +02:00
/**
* @ param string $pw
* @ param string $pw_db ( can be empty if setting a new password )
* @ return string
*/
2018-04-29 15:39:58 +02:00
function _pacrypt_php_crypt ( $pw , $pw_db ) {
global $CONF ;
// use PHPs crypt(), which uses the system's crypt()
// same algorithms as used in /etc/shadow
// you can have mixed hash types in the database for authentication, changed passwords get specified hash type
// the algorithm for a new hash is chosen by feeding a salt with correct magic to crypt()
2018-05-02 22:18:38 +02:00
// set $CONF['encrypt'] to 'php_crypt' to use the default SHA512 crypt method
2018-04-29 15:39:58 +02:00
// set $CONF['encrypt'] to 'php_crypt:METHOD' to use another method; methods supported: DES, MD5, BLOWFISH, SHA256, SHA512
// tested on linux
if ( strlen ( $pw_db ) > 0 ) {
// existing pw provided. send entire password hash as salt for crypt() to figure out
$salt = $pw_db ;
} else {
2018-05-02 22:18:38 +02:00
$salt_method = 'SHA512' ; // hopefully a reasonable default (better than MD5)
2018-04-29 15:39:58 +02:00
// no pw provided. create new password hash
2018-05-02 13:54:17 +02:00
if ( strpos ( $CONF [ 'encrypt' ], ':' ) !== false ) {
2018-04-29 15:39:58 +02:00
// use specified hash method
$split_method = explode ( ':' , $CONF [ 'encrypt' ]);
$salt_method = $split_method [ 1 ];
}
// create appropriate salt for selected hash method
$salt = _php_crypt_generate_crypt_salt ( $salt_method );
}
// send it to PHPs crypt()
$password = crypt ( $pw , $salt );
return $password ;
}
2018-05-02 22:18:38 +02:00
/**
* @ param string $hash_type must be one of : MD5 , DES , BLOWFISH , SHA256 or SHA512 ( default )
* @ return string
*/
2018-05-02 22:18:24 +02:00
function _php_crypt_generate_crypt_salt ( $hash_type = 'SHA512' ) {
2018-04-29 15:39:58 +02:00
// generate a salt (with magic matching chosen hash algorithm) for the PHP crypt() function
// most commonly used alphabet
$alphabet = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' ;
switch ( $hash_type ) {
case 'DES' :
$alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' ;
$length = 2 ;
$salt = _php_crypt_random_string ( $alphabet , $length );
return $salt ;
case 'MD5' :
$length = 12 ;
$algorithm = '1' ;
$salt = _php_crypt_random_string ( $alphabet , $length );
return sprintf ( '$%s$%s' , $algorithm , $salt );
case 'BLOWFISH' :
$length = 22 ;
$cost = 10 ;
if ( version_compare ( PHP_VERSION , '5.3.7' ) >= 0 ) {
$algorithm = '2y' ; // bcrypt, with fixed unicode problem
} else {
$algorithm = '2a' ; // bcrypt
}
$salt = _php_crypt_random_string ( $alphabet , $length );
return sprintf ( '$%s$%02d$%s' , $algorithm , $cost , $salt );
2018-05-02 22:18:24 +02:00
2018-04-29 15:39:58 +02:00
case 'SHA256' :
$length = 16 ;
$algorithm = '5' ;
$salt = _php_crypt_random_string ( $alphabet , $length );
return sprintf ( '$%s$%s' , $algorithm , $salt );
2018-05-02 22:18:24 +02:00
2018-04-29 15:39:58 +02:00
case 'SHA512' :
$length = 16 ;
$algorithm = '6' ;
$salt = _php_crypt_random_string ( $alphabet , $length );
return sprintf ( '$%s$%s' , $algorithm , $salt );
2018-05-02 22:18:24 +02:00
2018-04-29 15:39:58 +02:00
default :
die ( " unknown hash type: ' $hash_type ' " );
}
}
2018-05-02 22:18:38 +02:00
/**
* Generates a random string of specified $length from $characters .
* @ param string $characters
* @ param int $length
* @ return string of given $length
*/
2018-04-29 15:39:58 +02:00
function _php_crypt_random_string ( $characters , $length ) {
$string = '' ;
for ( $p = 0 ; $p < $length ; $p ++ ) {
2018-05-04 22:36:05 +02:00
$string .= $characters [ random_int ( 0 , strlen ( $characters ) - 1 )];
2018-04-29 15:39:58 +02:00
}
return $string ;
}
2011-09-25 20:39:20 +02:00
2009-03-08 22:16:41 +01:00
/**
2017-03-21 17:43:27 +01:00
* Encrypt a password , using the apparopriate hashing mechanism as defined in
* config . inc . php ( $CONF [ 'encrypt' ]) .
2009-03-08 22:16:41 +01:00
* When wanting to compare one pw to another , it ' s necessary to provide the salt used - hence
* the second parameter ( $pw_db ), which is the existing hash from the DB .
*
* @ param string $pw
2018-02-18 21:32:34 +01:00
* @ param string $pw_db optional encrypted password
2009-03-08 22:16:41 +01:00
* @ return string encrypted password .
*/
2018-01-26 15:45:57 +01:00
function pacrypt ( $pw , $pw_db = " " ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
2018-02-19 21:59:52 +01:00
switch ( $CONF [ 'encrypt' ]) {
case 'md5crypt' :
return _pacrypt_md5crypt ( $pw , $pw_db );
2018-02-19 22:01:23 +01:00
case 'md5' :
2018-02-19 21:59:52 +01:00
return md5 ( $pw );
2018-02-19 22:01:23 +01:00
case 'system' :
2018-02-19 21:59:52 +01:00
return _pacrypt_crypt ( $pw , $pw_db );
2018-02-19 22:01:23 +01:00
case 'cleartext' :
2018-02-19 21:59:52 +01:00
return $pw ;
2018-02-19 22:01:23 +01:00
case 'mysql_encrypt' :
2018-02-19 21:59:52 +01:00
return _pacrypt_mysql_encrypt ( $pw , $pw_db );
2018-02-19 22:01:23 +01:00
case 'authlib' :
return _pacrypt_authlib ( $pw , $pw_db );
2009-01-15 13:24:36 +01:00
}
2009-01-15 15:32:43 +01:00
2018-02-19 21:59:52 +01:00
if ( preg_match ( " /^dovecot:/ " , $CONF [ 'encrypt' ])) {
2018-02-19 22:01:23 +01:00
return _pacrypt_dovecot ( $pw , $pw_db );
}
2009-03-14 00:32:20 +01:00
2018-04-29 15:39:58 +02:00
if ( substr ( $CONF [ 'encrypt' ], 0 , 9 ) === 'php_crypt' ) {
return _pacrypt_php_crypt ( $pw , $pw_db );
}
2018-02-19 21:59:52 +01:00
die ( 'unknown/invalid $CONF["encrypt"] setting: ' . $CONF [ 'encrypt' ]);
2007-03-24 08:27:00 +01:00
}
//
// md5crypt
// Action: Creates MD5 encrypted password
// Call: md5crypt (string cleartextpassword)
//
2018-01-26 15:45:57 +01:00
function md5crypt ( $pw , $salt = " " , $magic = " " ) {
2009-01-15 13:24:36 +01:00
$MAGIC = " $ 1 $ " ;
2018-01-26 15:45:57 +01:00
if ( $magic == " " ) {
$magic = $MAGIC ;
}
if ( $salt == " " ) {
$salt = create_salt ();
}
$slist = explode ( " $ " , $salt );
if ( $slist [ 0 ] == " 1 " ) {
$salt = $slist [ 1 ];
}
2009-01-15 13:24:36 +01:00
2018-01-26 15:45:57 +01:00
$salt = substr ( $salt , 0 , 8 );
2009-01-15 13:24:36 +01:00
$ctx = $pw . $magic . $salt ;
2018-01-26 15:45:57 +01:00
$final = hex2bin ( md5 ( $pw . $salt . $pw ));
2009-01-15 13:24:36 +01:00
2018-01-26 15:45:57 +01:00
for ( $i = strlen ( $pw ); $i > 0 ; $i -= 16 ) {
2011-06-02 22:51:12 +02:00
if ( $i > 16 ) {
2018-01-26 15:45:57 +01:00
$ctx .= substr ( $final , 0 , 16 );
2011-06-02 22:51:12 +02:00
} else {
2018-01-26 15:45:57 +01:00
$ctx .= substr ( $final , 0 , $i );
2009-01-15 13:24:36 +01:00
}
}
2018-01-26 15:45:57 +01:00
$i = strlen ( $pw );
2009-01-15 13:24:36 +01:00
2011-06-02 22:51:12 +02:00
while ( $i > 0 ) {
2018-01-26 15:45:57 +01:00
if ( $i & 1 ) {
$ctx .= chr ( 0 );
} else {
$ctx .= $pw [ 0 ];
}
2009-01-15 13:24:36 +01:00
$i = $i >> 1 ;
}
2018-01-26 15:45:57 +01:00
$final = hex2bin ( md5 ( $ctx ));
2009-01-15 13:24:36 +01:00
2011-06-02 22:51:12 +02:00
for ( $i = 0 ; $i < 1000 ; $i ++ ) {
2009-01-15 13:24:36 +01:00
$ctx1 = " " ;
2011-06-02 22:51:12 +02:00
if ( $i & 1 ) {
2009-01-15 13:24:36 +01:00
$ctx1 .= $pw ;
2011-06-02 22:51:12 +02:00
} else {
2018-01-26 15:45:57 +01:00
$ctx1 .= substr ( $final , 0 , 16 );
}
if ( $i % 3 ) {
$ctx1 .= $salt ;
}
if ( $i % 7 ) {
$ctx1 .= $pw ;
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
if ( $i & 1 ) {
2018-01-26 15:45:57 +01:00
$ctx1 .= substr ( $final , 0 , 16 );
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$ctx1 .= $pw ;
}
2018-01-26 15:45:57 +01:00
$final = hex2bin ( md5 ( $ctx1 ));
2009-01-15 13:24:36 +01:00
}
$passwd = " " ;
2018-01-26 15:45:57 +01:00
$passwd .= to64 ((( ord ( $final [ 0 ]) << 16 ) | ( ord ( $final [ 6 ]) << 8 ) | ( ord ( $final [ 12 ]))), 4 );
$passwd .= to64 ((( ord ( $final [ 1 ]) << 16 ) | ( ord ( $final [ 7 ]) << 8 ) | ( ord ( $final [ 13 ]))), 4 );
$passwd .= to64 ((( ord ( $final [ 2 ]) << 16 ) | ( ord ( $final [ 8 ]) << 8 ) | ( ord ( $final [ 14 ]))), 4 );
$passwd .= to64 ((( ord ( $final [ 3 ]) << 16 ) | ( ord ( $final [ 9 ]) << 8 ) | ( ord ( $final [ 15 ]))), 4 );
$passwd .= to64 ((( ord ( $final [ 4 ]) << 16 ) | ( ord ( $final [ 10 ]) << 8 ) | ( ord ( $final [ 5 ]))), 4 );
$passwd .= to64 ( ord ( $final [ 11 ]), 2 );
2009-01-15 13:24:36 +01:00
return " $magic $salt\ $ $passwd " ;
2007-03-24 08:27:00 +01:00
}
2018-01-26 15:45:57 +01:00
function create_salt () {
srand (( double ) microtime () * 1000000 );
$salt = substr ( md5 ( rand ( 0 , 9999999 )), 0 , 8 );
2009-01-15 13:24:36 +01:00
return $salt ;
2007-03-24 08:27:00 +01:00
}
2012-01-11 19:40:58 +01:00
/**/ if ( ! function_exists ( 'hex2bin' )) { # PHP around 5.3.8 includes hex2bin as native function - http://php.net/hex2bin
2018-01-26 15:45:57 +01:00
function hex2bin ( $str ) {
$len = strlen ( $str );
$nstr = " " ;
for ( $i = 0 ; $i < $len ; $i += 2 ) {
$num = sscanf ( substr ( $str , $i , 2 ), " %x " );
$nstr .= chr ( $num [ 0 ]);
}
return $nstr ;
2009-01-15 13:24:36 +01:00
}
2018-01-26 15:45:57 +01:00
/**/
2007-03-24 08:27:00 +01:00
}
2012-02-04 00:43:45 +01:00
/*
* remove item $item from array $array
*/
function remove_from_array ( $array , $item ) {
# array_diff might be faster, but doesn't provide an easy way to know if the value was found or not
# return array_diff($array, array($item));
$ret = array_search ( $item , $array );
if ( $ret === false ) {
$found = 0 ;
} else {
$found = 1 ;
2018-01-26 15:45:57 +01:00
unset ( $array [ $ret ]);
2012-02-04 00:43:45 +01:00
}
return array ( $found , $array );
}
2018-01-26 15:45:57 +01:00
function to64 ( $v , $n ) {
2009-01-15 13:24:36 +01:00
$ITOA64 = " ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz " ;
$ret = " " ;
2011-06-02 22:51:12 +02:00
while (( $n - 1 ) >= 0 ) {
2009-01-15 13:24:36 +01:00
$n -- ;
$ret .= $ITOA64 [ $v & 0x3f ];
$v = $v >> 6 ;
}
return $ret ;
2007-03-24 08:27:00 +01:00
}
2010-12-25 23:04:16 +01:00
/**
* smtp_mail
* Action : Send email
* Call : smtp_mail ( string to , string from , string subject , string body ]) - or -
* Call : smtp_mail ( string to , string from , string data ) - DEPRECATED
* @ param String - To :
* @ param String - From :
* @ param String - Subject : ( if called with 4 parameters ) or full mail body ( if called with 3 parameters )
* @ param String ( optional , but recommended ) - mail body
* @ return bool - true on success , otherwise false
* TODO : Replace this with something decent like PEAR :: Mail or Zend_Mail .
*/
2018-01-26 15:45:57 +01:00
function smtp_mail ( $to , $from , $data , $body = " " ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
$smtpd_server = $CONF [ 'smtp_server' ];
$smtpd_port = $CONF [ 'smtp_port' ];
2010-09-27 01:14:42 +02:00
//$smtp_server = $_SERVER["SERVER_NAME"];
2016-03-28 20:28:40 +02:00
$smtp_server = php_uname ( 'n' );
2018-01-26 15:45:57 +01:00
if ( ! empty ( $CONF [ 'smtp_client' ])) {
2016-03-28 20:28:40 +02:00
$smtp_server = $CONF [ 'smtp_client' ];
}
2009-01-15 13:24:36 +01:00
$errno = " 0 " ;
$errstr = " 0 " ;
$timeout = " 30 " ;
2010-12-25 23:04:16 +01:00
if ( $body != " " ) {
2017-03-21 17:43:27 +01:00
$maildata =
2010-12-25 23:04:16 +01:00
" To: " . $to . " \n "
. " From: " . $from . " \n "
2018-01-26 15:45:57 +01:00
. " Subject: " . encode_header ( $data ) . " \n "
2010-12-25 23:04:16 +01:00
. " MIME-Version: 1.0 \n "
2018-09-21 22:56:35 +02:00
. " Date: " . date ( 'r' ) . " \n "
2010-12-25 23:04:16 +01:00
. " Content-Type: text/plain; charset=utf-8 \n "
. " Content-Transfer-Encoding: 8bit \n "
. " \n "
. $body
;
} else {
$maildata = $data ;
}
2018-01-26 15:45:57 +01:00
$fh = @ fsockopen ( $smtpd_server , $smtpd_port , $errno , $errstr , $timeout );
2009-01-15 13:24:36 +01:00
2011-06-02 22:51:12 +02:00
if ( ! $fh ) {
2011-10-20 14:13:39 +02:00
error_log ( " fsockopen failed - errno: $errno - errstr: $errstr " );
2009-01-15 13:24:36 +01:00
return false ;
2011-06-02 22:51:12 +02:00
} else {
2009-02-16 13:40:15 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fputs ( $fh , " EHLO $smtp_server\r\n " );
2009-01-15 13:24:36 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fputs ( $fh , " MAIL FROM:< $from > \r \n " );
2009-01-15 13:24:36 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fputs ( $fh , " RCPT TO:< $to > \r \n " );
2009-01-15 13:24:36 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fputs ( $fh , " DATA \r \n " );
2009-01-15 13:24:36 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fputs ( $fh , " $maildata\r\n . \r \n " );
2009-01-15 13:24:36 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fputs ( $fh , " QUIT \r \n " );
2009-01-15 13:24:36 +01:00
$res = smtp_get_response ( $fh );
2018-01-26 15:45:57 +01:00
fclose ( $fh );
2009-01-15 13:24:36 +01:00
}
return true ;
2007-03-24 08:27:00 +01:00
}
2011-07-19 23:12:25 +02:00
/**
* smtp_get_admin_email
* Action : Get configured email address or current user if nothing configured
* Call : smtp_get_admin_email
* @ return String - username / mail address
*/
function smtp_get_admin_email () {
2013-10-08 21:30:28 +02:00
$admin_email = Config :: read ( 'admin_email' );
2018-01-26 15:45:57 +01:00
if ( ! empty ( $admin_email )) {
return $admin_email ;
} else {
return authentication_get_username ();
}
2011-07-19 23:12:25 +02:00
}
2007-03-24 08:27:00 +01:00
//
// smtp_get_response
// Action: Get response from mail server
// Call: smtp_get_response (string FileHandle)
//
2018-01-26 15:45:57 +01:00
function smtp_get_response ( $fh ) {
2009-01-15 13:24:36 +01:00
$res = '' ;
2011-06-02 22:51:12 +02:00
do {
2013-10-08 21:30:28 +02:00
$line = fgets ( $fh , 256 );
$res .= $line ;
2018-01-26 15:45:57 +01:00
} while ( preg_match ( " /^ \ d \ d \ d \ -/ " , $line ));
2013-10-08 21:30:28 +02:00
return $res ;
2007-03-24 08:27:00 +01:00
}
$DEBUG_TEXT = " \n
2009-01-15 13:24:36 +01:00
< p /> \n
Please check the documentation and website for more information . \n
< p /> \n
< a href = \ " http://postfixadmin.sf.net/ \" >Postfix Admin</a><br /> \n
2013-11-18 23:57:37 +01:00
< a href = 'https://sourceforge.net/p/postfixadmin/discussion/676076' > Forums </ a >
2009-01-15 13:24:36 +01:00
" ;
2007-03-24 08:27:00 +01:00
2007-10-07 19:23:29 +02:00
/**
* db_connect
* Action : Makes a connection to the database if it doesn ' t exist
* Call : db_connect ()
2007-11-02 00:58:12 +01:00
* Optional parameter : $ignore_errors = TRUE , used by setup . php
2007-10-07 19:23:29 +02:00
*
* Return value :
2007-11-02 00:58:12 +01:00
* a ) without $ignore_errors or $ignore_errors == 0
2007-10-07 19:23:29 +02:00
* - $link - the database connection - OR -
* - call die () in case of connection problems
2007-11-02 00:58:12 +01:00
* b ) with $ignore_errors == TRUE
2007-10-07 19:23:29 +02:00
* array ( $link , $error_text );
2017-02-24 11:59:45 +01:00
*
* @ return resource connection to db ( normally )
2007-10-07 19:23:29 +02:00
*/
2018-01-26 15:45:57 +01:00
function db_connect ( $ignore_errors = false ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
global $DEBUG_TEXT ;
2018-01-26 15:45:57 +01:00
if ( $ignore_errors != 0 ) {
$DEBUG_TEXT = '' ;
}
2009-01-15 13:24:36 +01:00
$error_text = '' ;
2017-03-21 17:44:26 +01:00
static $link ;
if ( isset ( $link ) && $link ) {
if ( $ignore_errors ) {
return array ( $link , $error_text );
}
return $link ;
}
$link = 0 ;
2011-06-02 22:51:12 +02:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
2018-01-26 15:45:57 +01:00
if ( function_exists ( " mysql_connect " )) {
$link = @ mysql_connect ( $CONF [ 'database_host' ], $CONF [ 'database_user' ], $CONF [ 'database_password' ]) or $error_text .= ( " <p />DEBUG INFORMATION:<br />Connect: " . mysql_error () . " $DEBUG_TEXT " );
2009-01-15 13:24:36 +01:00
if ( $link ) {
2018-01-26 15:45:57 +01:00
@ mysql_query ( " SET CHARACTER SET utf8 " , $link );
@ mysql_query ( " SET COLLATION_CONNECTION='utf8_general_ci' " , $link );
@ mysql_select_db ( $CONF [ 'database_name' ], $link ) or $error_text .= ( " <p />DEBUG INFORMATION:<br />MySQL Select Database: " . mysql_error () . " $DEBUG_TEXT " );
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
} else {
2010-12-16 00:17:08 +01:00
$error_text .= " <p />DEBUG INFORMATION:<br />MySQL 3.x / 4.0 functions not available! (php5-mysql installed?)<br />database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT " ;
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
} elseif ( $CONF [ 'database_type' ] == " mysqli " ) {
2017-11-15 01:53:59 +01:00
$is_connected = false ;
if ( $CONF [ 'database_use_ssl' ]) {
2018-01-26 15:45:57 +01:00
if ( function_exists ( " mysqli_real_connect " )) {
2017-11-15 01:53:59 +01:00
$link = mysqli_init ();
$link -> ssl_set ( $CONF [ 'database_ssl_key' ], $CONF [ 'database_ssl_cert' ], $CONF [ 'database_ssl_ca' ], $CONF [ 'database_ssl_ca_path' ], $CONF [ 'database_ssl_cipher' ]);
2019-02-08 19:29:02 +01:00
$connected = mysqli_real_connect ( $link , $CONF [ 'database_host' ], $CONF [ 'database_user' ], $CONF [ 'database_password' ], $CONF [ 'database_name' ], $CONF [ 'database_port' ], null , constant ( 'MYSQLI_CLIENT_SSL' ));
2017-11-15 01:53:59 +01:00
$is_connected = $connected ;
} else {
$error_text .= " <p />DEBUG INFORMATION:<br />MySQLi 5 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT " ;
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
} else {
2018-01-26 15:45:57 +01:00
if ( function_exists ( " mysqli_connect " )) {
2017-11-15 01:53:59 +01:00
$link = @ mysqli_connect ( $CONF [ 'database_host' ], $CONF [ 'database_user' ], $CONF [ 'database_password' ], $CONF [ 'database_name' ], $CONF [ 'database_port' ], $CONF [ 'database_socket' ]) or $error_text .= ( " <p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error () . " $DEBUG_TEXT " );
$is_connected = $link ;
} else {
$error_text .= " <p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT " ;
}
}
if ( $is_connected ) {
2018-01-26 15:45:57 +01:00
@ mysqli_query ( $link , " SET CHARACTER SET utf8 " );
@ mysqli_query ( $link , " SET COLLATION_CONNECTION='utf8_general_ci' " );
2009-01-15 13:24:36 +01:00
}
2016-02-04 23:30:06 +01:00
} elseif ( db_sqlite ()) {
2018-01-26 15:45:57 +01:00
if ( class_exists ( " SQLite3 " )) {
2016-02-04 23:30:06 +01:00
if ( $CONF [ 'database_name' ] == '' || ! is_dir ( dirname ( $CONF [ 'database_name' ])) || ! is_writable ( dirname ( $CONF [ 'database_name' ]))) {
$error_text .= ( " <p />DEBUG INFORMATION<br />Connect: given database path does not exist, is not writable, or \$ CONF['database_name'] is empty. " );
} else {
$link = new SQLite3 ( $CONF [ 'database_name' ]) or $error_text .= ( " <p />DEBUG INFORMATION<br />Connect: failed to connect to database. $DEBUG_TEXT " );
$link -> createFunction ( 'base64_decode' , 'base64_decode' );
}
} else {
$error_text .= " <p />DEBUG INFORMATION:<br />SQLite functions not available! (php5-sqlite installed?)<br />database_type = 'sqlite' in config.inc.php, are you using a different database? $DEBUG_TEXT " ;
}
2013-11-16 01:00:53 +01:00
} elseif ( db_pgsql ()) {
2018-01-26 15:45:57 +01:00
if ( function_exists ( " pg_pconnect " )) {
if ( ! isset ( $CONF [ 'database_port' ])) {
$CONF [ 'database_port' ] = '5432' ;
}
2009-09-01 16:01:44 +02:00
$connect_string = " host= " . $CONF [ 'database_host' ] . " port= " . $CONF [ 'database_port' ] . " dbname= " . $CONF [ 'database_name' ] . " user= " . $CONF [ 'database_user' ] . " password= " . $CONF [ 'database_password' ];
2018-01-26 15:45:57 +01:00
$link = @ pg_pconnect ( $connect_string ) or $error_text .= ( " <p />DEBUG INFORMATION:<br />Connect: failed to connect to database. $DEBUG_TEXT " );
if ( $link ) {
pg_set_client_encoding ( $link , 'UNICODE' );
}
2011-06-02 22:51:12 +02:00
} else {
2010-12-16 00:17:08 +01:00
$error_text .= " <p />DEBUG INFORMATION:<br />PostgreSQL functions not available! (php5-pgsql installed?)<br />database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT " ;
2009-01-15 13:24:36 +01:00
}
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$error_text = " <p />DEBUG INFORMATION:<br />Invalid \$ CONF['database_type']! Please fix your config.inc.php! $DEBUG_TEXT " ;
}
2011-06-02 22:51:12 +02:00
if ( $ignore_errors ) {
2009-01-15 13:24:36 +01:00
return array ( $link , $error_text );
2011-06-02 22:51:12 +02:00
} elseif ( $error_text != " " ) {
2009-01-15 13:24:36 +01:00
print $error_text ;
die ();
2011-06-02 22:51:12 +02:00
} elseif ( $link ) {
2009-01-15 13:24:36 +01:00
return $link ;
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
print " DEBUG INFORMATION:<br /> \n " ;
print " Connect: Unable to connect to database<br /> \n " ;
print " <br /> \n " ;
print " Make sure that you have set the correct database type in the config.inc.php file<br /> \n " ;
print $DEBUG_TEXT ;
die ();
}
2007-03-24 08:27:00 +01:00
}
2007-09-23 15:33:50 +02:00
/**
* Returns the appropriate boolean value for the database .
* @ param boolean $bool ( REQUIRED )
2018-12-31 23:19:13 +01:00
* @ return string | int as appropriate for underlying db platform
2007-09-23 15:33:50 +02:00
*/
function db_get_boolean ( $bool ) {
2018-01-26 15:45:57 +01:00
if ( ! ( is_bool ( $bool ) || $bool == '0' || $bool == '1' )) {
2014-05-12 01:09:18 +02:00
error_log ( " Invalid usage of 'db_get_boolean( $bool )' " );
2009-01-15 13:24:36 +01:00
die ( " Invalid usage of 'db_get_boolean( $bool )' " );
}
2018-01-26 15:45:57 +01:00
if ( db_pgsql ()) {
2009-01-15 13:24:36 +01:00
// return either true or false (unquoted strings)
2018-01-26 15:45:57 +01:00
if ( $bool ) {
2009-08-04 22:41:24 +02:00
return 't' ;
2017-03-21 17:43:27 +01:00
}
2009-08-04 22:41:24 +02:00
return 'f' ;
2018-01-26 15:45:57 +01:00
} elseif ( Config :: Read ( 'database_type' ) == 'mysql' || Config :: Read ( 'database_type' ) == 'mysqli' || db_sqlite ()) {
if ( $bool ) {
2017-03-21 17:43:27 +01:00
return 1 ;
}
2009-01-15 13:24:36 +01:00
return 0 ;
2011-10-17 00:19:55 +02:00
} else {
die ( 'Unknown value in $CONF[database_type]' );
}
}
2014-11-01 20:19:00 +01:00
/**
* Returns a query that reports the used quota ( " x / y " )
* @ param string column containing used quota
* @ param string column containing allowed quota
* @ param string column that will contain " x / y "
* @ return string
*/
function db_quota_text ( $count , $quota , $fieldname ) {
2016-04-25 13:23:35 +02:00
if ( db_pgsql () || db_sqlite ()) {
// SQLite and PostgreSQL use || to concatenate strings
2016-02-04 23:30:06 +01:00
return " CASE $quota
WHEN '-1' THEN ( coalesce ( $count , 0 ) || ' / -' )
WHEN '0' THEN ( coalesce ( $count , 0 ) || ' / " . escape_string(html_entity_decode(' & infin ; ')) . "' )
ELSE ( coalesce ( $count , 0 ) || ' / ' || $quota )
END AS $fieldname " ;
2018-01-26 15:45:57 +01:00
} else {
2016-02-04 23:30:06 +01:00
return " CASE $quota
WHEN '-1' THEN CONCAT ( coalesce ( $count , 0 ), ' / -' )
WHEN '0' THEN CONCAT ( coalesce ( $count , 0 ), ' / ' , '" . escape_string(html_entity_decode(' & infin ; ')) . "' )
ELSE CONCAT ( coalesce ( $count , 0 ), ' / ' , $quota )
END AS $fieldname " ;
}
2014-11-01 20:19:00 +01:00
}
/**
* Returns a query that reports the used quota ( " x / y " )
* @ param string column containing used quota
* @ param string column containing allowed quota
* @ param string column that will contain " x / y "
* @ return string
*/
function db_quota_percent ( $count , $quota , $fieldname ) {
2015-02-28 23:30:21 +01:00
return " CASE $quota
2014-11-01 20:19:00 +01:00
WHEN '-1' THEN - 1
2015-02-28 23:30:21 +01:00
WHEN '0' THEN - 1
2014-11-01 20:19:00 +01:00
ELSE round ( 100 * coalesce ( $count , 0 ) / $quota )
END AS $fieldname " ;
}
2018-01-03 17:05:46 +01:00
/**
* @ return boolean true if it ' s a MySQL database variant .
*/
function db_mysql () {
$type = Config :: Read ( 'database_type' );
2018-01-26 15:45:57 +01:00
if ( $type == 'mysql' || $type == 'mysqli' ) {
2018-01-03 17:05:46 +01:00
return true ;
}
return false ;
}
2013-11-16 01:00:53 +01:00
/**
* returns true if PostgreSQL is used , false otherwise
*/
function db_pgsql () {
2018-01-26 15:45:57 +01:00
if ( Config :: Read ( 'database_type' ) == 'pgsql' ) {
2013-11-16 01:00:53 +01:00
return true ;
}
2018-01-03 17:05:46 +01:00
return false ;
2013-11-16 01:00:53 +01:00
}
2016-02-04 23:30:06 +01:00
/**
* returns true if SQLite is used , false otherwise
*/
function db_sqlite () {
2018-01-26 15:45:57 +01:00
if ( Config :: Read ( 'database_type' ) == 'sqlite' ) {
2016-02-04 23:30:06 +01:00
return true ;
} else {
return false ;
}
}
2018-02-10 22:00:58 +01:00
/**
* @ param string $query SQL to execute
* @ param int $ignore_errors ( default 0 aka do not ignore errors )
* @ return array [ 'result' => resource , 'rows' => int , 'error' => string ]
*/
2018-01-26 15:45:57 +01:00
function db_query ( $query , $ignore_errors = 0 ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
global $DEBUG_TEXT ;
$result = " " ;
$number_rows = " " ;
2018-01-26 15:45:57 +01:00
$link = db_connect ();
2009-01-15 13:24:36 +01:00
$error_text = " " ;
2018-01-26 15:45:57 +01:00
if ( $ignore_errors ) {
$DEBUG_TEXT = " " ;
}
2009-01-15 13:24:36 +01:00
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
$result = @ mysql_query ( $query , $link )
2013-11-18 23:57:37 +01:00
or $error_text = " Invalid query: " . mysql_error ( $link );
2018-01-26 15:45:57 +01:00
}
if ( $CONF [ 'database_type' ] == " mysqli " ) {
$result = @ mysqli_query ( $link , $query )
2013-11-18 23:57:37 +01:00
or $error_text = " Invalid query: " . mysqli_error ( $link );
2018-01-26 15:45:57 +01:00
}
if ( db_sqlite ()) {
$result = @ $link -> query ( $query )
2016-02-04 23:30:06 +01:00
or $error_text = " Invalid query: " . $link -> lastErrorMsg ();
2018-01-26 15:45:57 +01:00
}
2013-11-16 01:00:53 +01:00
if ( db_pgsql ()) {
2018-01-26 15:45:57 +01:00
$result = @ pg_query ( $link , $query )
2013-11-18 23:57:37 +01:00
or $error_text = " Invalid query: " . pg_last_error ();
}
if ( $error_text != " " && $ignore_errors == 0 ) {
error_log ( $error_text );
error_log ( " caused by query: $query " );
die ( " <p />DEBUG INFORMATION:<br /> $error_text <p>Check your error_log for the failed query. $DEBUG_TEXT " );
2009-01-15 13:24:36 +01:00
}
if ( $error_text == " " ) {
2016-02-04 23:30:06 +01:00
if ( db_sqlite ()) {
2018-01-26 15:45:57 +01:00
if ( $result -> numColumns ()) {
2016-02-04 23:30:06 +01:00
// Query returned something
$num_rows = 0 ;
2018-01-26 15:45:57 +01:00
while ( @ $result -> fetchArray ( SQLITE3_ASSOC )) {
$num_rows ++ ;
}
2016-02-04 23:30:06 +01:00
$result -> reset ();
$number_rows = $num_rows ;
} else {
// Query was UPDATE, DELETE or INSERT
$number_rows = $link -> changes ();
}
} elseif ( preg_match ( " /^SELECT/i " , trim ( $query ))) {
2009-01-15 13:24:36 +01:00
// if $query was a SELECT statement check the number of rows with [database_type]_num_rows ().
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
$number_rows = mysql_num_rows ( $result );
}
if ( $CONF [ 'database_type' ] == " mysqli " ) {
$number_rows = mysqli_num_rows ( $result );
}
if ( db_pgsql ()) {
$number_rows = pg_num_rows ( $result );
}
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
// [database_type]_affected_rows ().
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
$number_rows = mysql_affected_rows ( $link );
}
if ( $CONF [ 'database_type' ] == " mysqli " ) {
$number_rows = mysqli_affected_rows ( $link );
}
if ( db_pgsql ()) {
$number_rows = pg_affected_rows ( $result );
}
2009-01-15 13:24:36 +01:00
}
}
2018-01-26 15:45:57 +01:00
$return = array (
2009-01-15 13:24:36 +01:00
" result " => $result ,
" rows " => $number_rows ,
" error " => $error_text
);
return $return ;
2007-03-24 08:27:00 +01:00
}
// db_row
// Action: Returns a row from a table
// Call: db_row (int result)
2014-03-16 22:52:26 +01:00
2018-01-26 15:45:57 +01:00
function db_row ( $result ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
$row = " " ;
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
$row = mysql_fetch_row ( $result );
}
if ( $CONF [ 'database_type' ] == " mysqli " ) {
$row = mysqli_fetch_row ( $result );
}
if ( db_sqlite ()) {
$row = $result -> fetchArray ( SQLITE3_NUM );
}
if ( db_pgsql ()) {
$row = pg_fetch_row ( $result );
}
2009-01-15 13:24:36 +01:00
return $row ;
2007-03-24 08:27:00 +01:00
}
2018-02-10 22:00:58 +01:00
/**
* Return array from a db resource ( presumably not associative ) .
* @ param resource $result
* @ return array | null | string
*/
2018-01-26 15:45:57 +01:00
function db_array ( $result ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
$row = " " ;
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
$row = mysql_fetch_array ( $result );
}
if ( $CONF [ 'database_type' ] == " mysqli " ) {
$row = mysqli_fetch_array ( $result );
}
if ( db_sqlite ()) {
$row = $result -> fetchArray ();
}
if ( db_pgsql ()) {
$row = pg_fetch_array ( $result );
}
2009-01-15 13:24:36 +01:00
return $row ;
2007-03-24 08:27:00 +01:00
}
2018-02-10 22:00:58 +01:00
/**
* Get an associative array from a DB query resource .
*
* @ param resource $result
* @ return array | null | string
*/
2018-01-26 15:45:57 +01:00
function db_assoc ( $result ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
$row = " " ;
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'database_type' ] == " mysql " ) {
$row = mysql_fetch_assoc ( $result );
}
if ( $CONF [ 'database_type' ] == " mysqli " ) {
$row = mysqli_fetch_assoc ( $result );
}
if ( db_sqlite ()) {
$row = $result -> fetchArray ( SQLITE3_ASSOC );
}
if ( db_pgsql ()) {
$row = pg_fetch_assoc ( $result );
}
2009-01-15 13:24:36 +01:00
return $row ;
2007-03-24 08:27:00 +01:00
}
2018-02-10 22:00:58 +01:00
/**
* Delete a row from the specified table .
*
* DELETE FROM $table WHERE $where = $delete $aditionalWhere
*
* @ param string $table
* @ param string $where - should never be a user supplied value
* @ param string $delete
* @ param string $additionalwhere ( default '' ) .
* @ return int | mixed rows deleted .
*/
2018-01-26 15:45:57 +01:00
function db_delete ( $table , $where , $delete , $additionalwhere = '' ) {
2010-12-25 23:04:16 +01:00
$table = table_by_key ( $table );
2018-02-10 22:04:29 +01:00
$query = " DELETE FROM $table WHERE $where =' " . escape_string ( $delete ) . " ' " . $additionalwhere ;
2018-01-26 15:45:57 +01:00
$result = db_query ( $query );
2011-04-11 00:12:56 +02:00
if ( $result [ 'rows' ] >= 1 ) {
2009-01-15 13:24:36 +01:00
return $result [ 'rows' ];
2011-04-11 00:12:56 +02:00
} else {
return 0 ;
2009-01-15 13:24:36 +01:00
}
2007-03-24 08:27:00 +01:00
}
2007-11-03 20:03:43 +01:00
/**
* db_insert
* Action : Inserts a row from a specified table
2010-12-25 23:04:16 +01:00
* Call : db_insert ( string table , array values [, array timestamp ])
2018-02-10 22:00:58 +01:00
*
* @ param string - table name
2010-12-25 23:04:16 +01:00
* @ param array - key / value map of data to insert into the table .
* @ param array ( optional ) - array of fields to set to now () - default : array ( 'created' , 'modified' )
2007-11-04 01:50:09 +01:00
* @ return int - number of inserted rows
2007-11-03 20:03:43 +01:00
*/
2018-01-26 15:45:57 +01:00
function db_insert ( $table , $values , $timestamp = array ( 'created' , 'modified' )) {
$table = table_by_key ( $table );
2007-11-04 01:54:09 +01:00
2018-01-26 15:45:57 +01:00
foreach ( array_keys ( $values ) as $key ) {
2009-01-15 13:24:36 +01:00
$values [ $key ] = " ' " . escape_string ( $values [ $key ]) . " ' " ;
}
2007-11-04 01:50:09 +01:00
2018-01-26 15:45:57 +01:00
foreach ( $timestamp as $key ) {
2016-02-04 23:30:06 +01:00
if ( db_sqlite ()) {
$values [ $key ] = " datetime('now') " ;
} else {
$values [ $key ] = " now() " ;
}
2009-01-15 13:24:36 +01:00
}
2008-07-29 21:32:32 +02:00
2018-01-26 15:45:57 +01:00
$sql_values = " ( " . implode ( " , " , escape_string ( array_keys ( $values ))) . " ) VALUES ( " . implode ( " , " , $values ) . " ) " ;
2007-11-02 00:58:12 +01:00
2018-01-26 15:45:57 +01:00
$result = db_query ( " INSERT INTO $table $sql_values " );
2009-01-15 13:24:36 +01:00
return $result [ 'rows' ];
2007-11-04 01:50:09 +01:00
}
/**
* db_update
* Action : Updates a specified table
2010-12-31 21:13:53 +01:00
* Call : db_update ( string table , string where_col , string where_value , array values [, array timestamp ])
2018-02-10 22:00:58 +01:00
* @ param string $table - table name
* @ param string $where_col - column of WHERE condition
* @ param string $where_value - value of WHERE condition
* @ param array $values - key / value map of data to insert into the table .
* @ param array $timestamp ( optional ) - array of fields to set to now () - default : array ( 'modified' )
2007-11-04 01:50:09 +01:00
* @ return int - number of updated rows
*/
2018-01-26 15:45:57 +01:00
function db_update ( $table , $where_col , $where_value , $values , $timestamp = array ( 'modified' )) {
2010-12-31 21:13:53 +01:00
$where = $where_col . " = ' " . escape_string ( $where_value ) . " ' " ;
2018-01-26 15:45:57 +01:00
return db_update_q ( $table , $where , $values , $timestamp );
2010-12-31 21:13:53 +01:00
}
/**
* db_update_q
* Action : Updates a specified table
* Call : db_update_q ( string table , string where , array values [, array timestamp ])
2018-02-10 22:00:58 +01:00
* @ param string $table - table name
* @ param string $where - WHERE condition ( as SQL )
* @ param array $values - key / value map of data to insert into the table .
* @ param array $timestamp ( optional ) - array of fields to set to now () - default : array ( 'modified' )
2010-12-31 21:13:53 +01:00
* @ return int - number of updated rows
*/
2018-01-26 15:45:57 +01:00
function db_update_q ( $table , $where , $values , $timestamp = array ( 'modified' )) {
$table = table_by_key ( $table );
2007-11-04 01:50:09 +01:00
2018-02-10 22:02:09 +01:00
foreach ( $values as $key => $value ) {
2018-02-22 02:50:02 +01:00
$sql_values [ $key ] = $key . " =' " . escape_string ( $value ) . " ' " ;
2009-01-15 13:24:36 +01:00
}
2007-11-04 01:50:09 +01:00
2018-01-26 15:45:57 +01:00
foreach ( $timestamp as $key ) {
2016-02-04 23:30:06 +01:00
if ( db_sqlite ()) {
$sql_values [ $key ] = escape_string ( $key ) . " =datetime('now') " ;
} else {
$sql_values [ $key ] = escape_string ( $key ) . " =now() " ;
}
2009-01-15 13:24:36 +01:00
}
2007-11-04 01:50:09 +01:00
2018-02-10 22:05:57 +01:00
$sql = " UPDATE $table SET " . implode ( " , " , $sql_values ) . " WHERE $where " ;
2007-11-04 01:50:09 +01:00
2018-01-26 15:45:57 +01:00
$result = db_query ( $sql );
2009-01-15 13:24:36 +01:00
return $result [ 'rows' ];
2007-11-02 00:58:12 +01:00
}
2007-03-24 08:27:00 +01:00
2007-11-03 20:03:43 +01:00
/**
* db_log
* Action : Logs actions from admin
2011-02-15 23:20:27 +01:00
* Call : db_log ( string domain , string action , string data )
2014-03-16 22:52:26 +01:00
* Possible actions are defined in $LANG [ " pViewlog_action_ $action " ]
2007-09-28 22:28:18 +02:00
*/
2018-01-26 15:45:57 +01:00
function db_log ( $domain , $action , $data ) {
2018-02-10 22:07:10 +01:00
if ( ! Config :: bool ( 'logging' )) {
return true ;
}
2010-09-27 01:14:42 +02:00
$REMOTE_ADDR = getRemoteAddr ();
2009-01-15 13:24:36 +01:00
2011-02-15 22:59:03 +01:00
$username = authentication_get_username ();
2014-03-16 22:52:26 +01:00
if ( Config :: Lang ( " pViewlog_action_ $action " ) == '' ) {
2009-01-15 13:24:36 +01:00
die ( " Invalid log action : $action " ); // could do with something better?
}
2018-02-10 22:07:10 +01:00
$logdata = array (
'username' => " $username ( $REMOTE_ADDR ) " ,
'domain' => $domain ,
'action' => $action ,
'data' => $data ,
);
$result = db_insert ( 'log' , $logdata , array ( 'timestamp' ));
if ( $result != 1 ) {
return false ;
} else {
return true ;
2009-01-15 13:24:36 +01:00
}
2007-03-24 08:27:00 +01:00
}
2009-11-02 01:24:40 +01:00
/**
* db_in_clause
* Action : builds and returns the " field in(x, y) " clause for database queries
* Call : db_in_clause ( string field , array values )
2018-02-10 22:00:58 +01:00
* @ param string $field
* @ param array $values
2009-11-02 01:24:40 +01:00
*/
function db_in_clause ( $field , $values ) {
2018-01-26 15:45:57 +01:00
return " $field IN (' "
. implode ( " ',' " , escape_string ( array_values ( $values )))
. " ') " ;
2009-11-02 01:24:40 +01:00
}
2007-03-24 08:27:00 +01:00
2011-10-22 13:12:03 +02:00
/**
* db_where_clause
* Action : builds and returns a WHERE clause for database queries . All given conditions will be AND ' ed .
* Call : db_where_clause ( array $conditions , array $struct )
2018-02-10 22:00:58 +01:00
* @ param array $condition - array ( 'field' => 'value' , 'field2' => ' value2 , ... )
* @ param array $struct - field structure , used for automatic bool conversion
* @ param string $additional_raw_where - raw sniplet to include in the WHERE part - typically needs to start with AND
* @ param array $searchmode - operators to use ( = , < , > etc . ) - defaults to = if not specified for a field ( see
2014-11-02 23:45:22 +01:00
* $allowed_operators for available operators )
2016-11-01 16:45:45 +01:00
* Note : the $searchmode operator will only be used if a $condition for that field is set .
* This also means you ' ll need to set a ( dummy ) condition for NULL and NOTNULL .
2011-10-22 13:12:03 +02:00
*/
2014-11-02 23:45:22 +01:00
function db_where_clause ( $condition , $struct , $additional_raw_where = '' , $searchmode = array ()) {
2011-10-22 13:12:03 +02:00
if ( ! is_array ( $condition )) {
die ( 'db_where_cond: parameter $cond is not an array!' );
2018-01-26 15:45:57 +01:00
} elseif ( ! is_array ( $searchmode )) {
2014-11-02 23:45:22 +01:00
die ( 'db_where_cond: parameter $searchmode is not an array!' );
2015-04-06 15:39:21 +02:00
} elseif ( count ( $condition ) == 0 && trim ( $additional_raw_where ) == '' ) {
2017-03-21 17:43:27 +01:00
die ( " db_where_cond: parameter is an empty array! " ); # die() might sound harsh, but can prevent information leaks
2018-01-26 15:45:57 +01:00
} elseif ( ! is_array ( $struct )) {
2011-10-22 13:12:03 +02:00
die ( 'db_where_cond: parameter $struct is not an array!' );
}
2018-02-21 20:47:57 +01:00
$allowed_operators = array ( '<' , '>' , '>=' , '<=' , '=' , '!=' , '<>' , 'CONT' , 'LIKE' , 'NULL' , 'NOTNULL' );
2014-11-02 23:45:22 +01:00
$where_parts = array ();
$having_parts = array ();
2018-01-26 15:45:57 +01:00
foreach ( $condition as $field => $value ) {
if ( isset ( $struct [ $field ]) && $struct [ $field ][ 'type' ] == 'bool' ) {
$value = db_get_boolean ( $value );
}
2014-11-02 23:45:22 +01:00
$operator = '=' ;
if ( isset ( $searchmode [ $field ])) {
if ( in_array ( $searchmode [ $field ], $allowed_operators )) {
$operator = $searchmode [ $field ];
if ( $operator == 'CONT' ) { # CONT - as in "contains"
$operator = ' LIKE ' ; # add spaces
$value = '%' . $value . '%' ;
} elseif ( $operator == 'LIKE' ) { # LIKE -without adding % wildcards (the search value can contain %)
$operator = ' LIKE ' ; # add spaces
}
} else {
die ( 'db_where_clause: Invalid searchmode for ' . $field );
}
}
2016-11-01 16:45:45 +01:00
if ( $operator == " NULL " ) {
$querypart = $field . ' IS NULL' ;
} elseif ( $operator == " NOTNULL " ) {
$querypart = $field . ' IS NOT NULL' ;
} else {
$querypart = $field . $operator . " ' " . escape_string ( $value ) . " ' " ;
2018-09-07 12:04:19 +02:00
// might need other types adding here.
2018-12-31 23:19:13 +01:00
if ( db_pgsql () && isset ( $struct [ $field ]) && in_array ( $struct [ $field ][ 'type' ], array ( 'ts' , 'num' )) && $value === '' ) {
$querypart = $field . $operator . " NULL " ;
2018-09-07 12:04:19 +02:00
}
2016-11-01 16:45:45 +01:00
}
2018-01-26 15:45:57 +01:00
if ( ! empty ( $struct [ $field ][ 'select' ])) {
2014-11-02 23:45:22 +01:00
$having_parts [ $field ] = $querypart ;
} else {
$where_parts [ $field ] = $querypart ;
}
2011-10-22 13:12:03 +02:00
}
2014-11-02 23:45:22 +01:00
$query = ' WHERE 1=1 ' ;
$query .= " $additional_raw_where " ;
2018-01-26 15:45:57 +01:00
if ( count ( $where_parts ) > 0 ) {
$query .= " AND ( " . join ( " AND " , $where_parts ) . " ) " ;
}
if ( count ( $having_parts ) > 0 ) {
$query .= " HAVING ( " . join ( " AND " , $having_parts ) . " ) " ;
}
2014-11-02 23:45:22 +01:00
2018-01-26 15:45:57 +01:00
return $query ;
2011-10-22 13:12:03 +02:00
}
2018-01-03 17:05:46 +01:00
/**
2018-01-26 15:45:57 +01:00
* Convert a programmatic db table name into what may be the actual name .
2018-01-03 17:05:46 +01:00
*
* Takes into consideration any CONF database_prefix or database_tables map
*
* If it ' s a MySQL database , then we return the name with backticks around it ( ` ) .
*
* @ param string database table name .
2018-02-10 22:00:58 +01:00
* @ return string - database table name with appropriate prefix ( and quoting if MySQL )
2018-01-03 17:05:46 +01:00
*/
2018-01-26 15:45:57 +01:00
function table_by_key ( $table_key ) {
2009-01-15 13:24:36 +01:00
global $CONF ;
2018-01-03 17:05:46 +01:00
$table = $table_key ;
if ( ! empty ( $CONF [ 'database_tables' ][ $table_key ])) {
2010-09-27 01:14:42 +02:00
$table = $CONF [ 'database_tables' ][ $table_key ];
}
2018-01-03 17:05:46 +01:00
$table = $CONF [ 'database_prefix' ] . $table ;
2018-01-26 15:45:57 +01:00
if ( db_mysql ()) {
2018-01-03 17:05:46 +01:00
return " ` " . $table . " ` " ;
}
return $table ;
2007-03-24 08:27:00 +01:00
}
2018-01-03 17:05:46 +01:00
2016-05-22 21:58:54 +02:00
/*
* check if the database layout is up to date
* returns the current 'version' value from the config table
* if $error_out is True ( default ), die () with a message that recommends to run setup . php .
*/
2018-01-26 15:45:57 +01:00
function check_db_version ( $error_out = true ) {
2016-05-22 21:58:54 +02:00
global $min_db_version ;
$table = table_by_key ( 'config' );
$sql = " SELECT value FROM $table WHERE name = 'version' " ;
$r = db_query ( $sql );
2018-01-26 15:45:57 +01:00
if ( $r [ 'rows' ] == 1 ) {
2016-05-22 21:58:54 +02:00
$row = db_assoc ( $r [ 'result' ]);
$dbversion = $row [ 'value' ];
} else {
$dbversion = 0 ;
db_query ( " INSERT INTO $table (name, value) VALUES ('version', '0') " , 0 , '' );
}
2007-03-24 08:27:00 +01:00
2018-01-26 15:45:57 +01:00
if (( $dbversion < $min_db_version ) && $error_out == true ) {
2016-05-22 21:58:54 +02:00
echo " ERROR: The PostfixAdmin database layout is outdated (you have r $dbversion , but r $min_db_version is expected). \n Please run setup.php to upgrade the database. \n " ;
exit ( 1 );
}
return $dbversion ;
}
2007-03-24 08:27:00 +01:00
2007-08-31 02:31:35 +02:00
//
// gen_show_status
2017-03-21 17:43:27 +01:00
// Action: Return a string of colored 's that indicate
2007-08-31 02:31:35 +02:00
// the if an alias goto has an error or is sent to
2017-03-21 17:43:27 +01:00
// addresses list in show_custom_domains
2007-08-31 02:31:35 +02:00
// Call: gen_show_status (string alias_address)
//
2018-01-26 15:45:57 +01:00
function gen_show_status ( $show_alias ) {
2013-12-08 20:41:01 +01:00
global $CONF ;
$table_alias = table_by_key ( 'alias' );
2009-01-15 13:24:36 +01:00
$stat_string = " " ;
2014-02-17 14:43:47 +01:00
$show_alias = escape_string ( $show_alias );
2009-01-15 13:24:36 +01:00
$stat_goto = " " ;
2018-01-26 15:45:57 +01:00
$stat_result = db_query ( " SELECT goto FROM $table_alias WHERE address=' $show_alias ' " );
2011-06-02 22:51:12 +02:00
if ( $stat_result [ 'rows' ] > 0 ) {
2018-01-26 15:45:57 +01:00
$row = db_row ( $stat_result [ 'result' ]);
2009-01-15 13:24:36 +01:00
$stat_goto = $row [ 0 ];
}
2011-06-03 00:53:40 +02:00
if ( ! empty ( $CONF [ 'recipient_delimiter' ])) {
$delimiter = preg_quote ( $CONF [ 'recipient_delimiter' ], " / " );
$delimiter_regex = '/' . $delimiter . '[^' . $delimiter . '@]*@/' ;
}
2009-01-15 13:24:36 +01:00
// UNDELIVERABLE CHECK
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'show_undeliverable' ] == 'YES' ) {
2009-01-15 13:24:36 +01:00
$gotos = array ();
2018-01-26 15:45:57 +01:00
$gotos = explode ( ',' , $stat_goto );
2009-01-15 13:24:36 +01:00
$undel_string = " " ;
//make sure this alias goes somewhere known
$stat_ok = 1 ;
2018-02-18 20:59:37 +01:00
foreach ( $gotos as $g ) {
if ( ! $stat_ok ) {
2018-02-09 22:19:45 +01:00
break ;
}
2018-02-18 20:59:37 +01:00
if ( strpos ( $g , '@' ) === false ) {
2018-02-09 22:19:45 +01:00
continue ;
}
list ( $local_part , $stat_domain ) = explode ( '@' , $g );
2009-05-03 19:23:48 +02:00
$stat_delimiter = " " ;
2018-01-26 15:45:57 +01:00
if ( ! empty ( $CONF [ 'recipient_delimiter' ])) {
$stat_delimiter = " OR address = ' " . escape_string ( preg_replace ( $delimiter_regex , " @ " , $g )) . " ' " ;
}
$stat_result = db_query ( " SELECT address FROM $table_alias WHERE address = ' " . escape_string ( $g ) . " ' OR address = '@ " . escape_string ( $stat_domain ) . " ' $stat_delimiter " );
2011-06-02 22:51:12 +02:00
if ( $stat_result [ 'rows' ] == 0 ) {
2009-01-15 13:24:36 +01:00
$stat_ok = 0 ;
2007-09-21 14:33:14 +02:00
}
2018-01-26 15:45:57 +01:00
if ( $stat_ok == 0 ) {
if ( $stat_domain == $CONF [ 'vacation_domain' ] || in_array ( $stat_domain , $CONF [ 'show_undeliverable_exceptions' ])) {
2009-01-15 13:24:36 +01:00
$stat_ok = 1 ;
}
2007-09-21 14:33:14 +02:00
}
2009-01-15 13:24:36 +01:00
} // while
2018-01-26 15:45:57 +01:00
if ( $stat_ok == 0 ) {
2018-02-09 22:19:45 +01:00
$stat_string .= " <span style='background-color: " . $CONF [ 'show_undeliverable_color' ] . " '> " . $CONF [ 'show_status_text' ] . " </span> " ;
2011-06-02 22:51:12 +02:00
} else {
2007-09-21 14:33:14 +02:00
$stat_string .= $CONF [ 'show_status_text' ] . " " ;
2017-03-21 17:43:27 +01:00
}
2011-06-03 01:13:34 +02:00
}
2009-01-15 13:24:36 +01:00
2018-12-31 23:19:13 +01:00
// Vacation CHECK
2019-01-23 10:06:12 +01:00
if ( isset ( $CONF [ 'show_vacation' ]) && $CONF [ 'show_vacation' ] == 'YES' ) {
2018-12-31 23:19:13 +01:00
$stat_result = db_query ( " SELECT * FROM " . $CONF [ 'database_tables' ][ 'vacation' ] . " WHERE email = ' " . $show_alias . " ' AND active = ' " . db_get_boolean ( true ) . " ' " ) ;
if ( $stat_result [ 'rows' ] == 1 ) {
$stat_string .= " <span style='background-color: " . $CONF [ 'show_vacation_color' ] . " '> " . $CONF [ 'show_status_text' ] . " </span> " ;
} else {
$stat_string .= $CONF [ 'show_status_text' ] . " " ;
}
}
// Disabled CHECK
2019-01-23 10:06:12 +01:00
if ( isset ( $CONF [ 'show_disabled' ]) && $CONF [ 'show_disabled' ] == 'YES' ) {
2018-12-31 23:19:13 +01:00
$stat_result = db_query ( " SELECT * FROM " . $CONF [ 'database_tables' ][ 'mailbox' ] . " WHERE username = ' " . $show_alias . " ' AND active = ' " . db_get_boolean ( false ) . " ' " );
if ( $stat_result [ 'rows' ] == 1 ) {
$stat_string .= " <span style='background-color: " . $CONF [ 'show_disabled_color' ] . " '> " . $CONF [ 'show_status_text' ] . " </span> " ;
} else {
$stat_string .= $CONF [ 'show_status_text' ] . " " ;
}
}
2009-01-15 13:24:36 +01:00
// POP/IMAP CHECK
2018-01-26 15:45:57 +01:00
if ( $CONF [ 'show_popimap' ] == 'YES' ) {
$stat_delimiter = " " ;
if ( ! empty ( $CONF [ 'recipient_delimiter' ])) {
$stat_delimiter = ',' . preg_replace ( $delimiter_regex , " @ " , $stat_goto );
}
2009-05-14 21:16:00 +02:00
2009-01-15 13:24:36 +01:00
//if the address passed in appears in its own goto field, its POP/IMAP
2011-06-03 00:53:40 +02:00
# TODO: or not (might also be an alias loop) -> check mailbox table!
2018-01-26 15:45:57 +01:00
if ( preg_match ( '/,' . $show_alias . ',/' , ',' . $stat_goto . $stat_delimiter . ',' )) {
2009-01-15 13:24:36 +01:00
$stat_string .= " <span style='background-color: " . $CONF [ 'show_popimap_color' ] .
" '> " . $CONF [ 'show_status_text' ] . " </span> " ;
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$stat_string .= $CONF [ 'show_status_text' ] . " " ;
2017-03-21 17:43:27 +01:00
}
2009-01-15 13:24:36 +01:00
}
// CUSTOM DESTINATION CHECK
2018-01-26 15:45:57 +01:00
if ( count ( $CONF [ 'show_custom_domains' ]) > 0 ) {
for ( $i = 0 ; $i < sizeof ( $CONF [ 'show_custom_domains' ]); $i ++ ) {
if ( preg_match ( '/^.*' . $CONF [ 'show_custom_domains' ][ $i ] . '.*$/' , $stat_goto )) {
2009-01-15 13:24:36 +01:00
$stat_string .= " <span style='background-color: " . $CONF [ 'show_custom_colors' ][ $i ] .
" '> " . $CONF [ 'show_status_text' ] . " </span> " ;
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$stat_string .= $CONF [ 'show_status_text' ] . " " ;
2017-03-21 17:43:27 +01:00
}
}
2011-06-02 22:51:12 +02:00
} else {
2009-01-15 13:24:36 +01:00
$stat_string .= " ; " ;
2017-03-21 17:43:27 +01:00
}
2007-08-31 02:31:35 +02:00
2009-01-15 13:24:36 +01:00
// $stat_string .= "<span style='background-color:green'> </span> " .
// "<span style='background-color:blue'> </span> ";
return $stat_string ;
2007-08-31 02:31:35 +02:00
}
2018-02-10 22:00:58 +01:00
/**
* @ return string
*/
2010-09-27 01:14:42 +02:00
function getRemoteAddr () {
$REMOTE_ADDR = 'localhost' ;
2018-01-26 15:45:57 +01:00
if ( isset ( $_SERVER [ 'REMOTE_ADDR' ])) {
2010-09-27 01:14:42 +02:00
$REMOTE_ADDR = $_SERVER [ 'REMOTE_ADDR' ];
2018-01-26 15:45:57 +01:00
}
2018-02-10 22:00:58 +01:00
2010-09-27 01:14:42 +02:00
return $REMOTE_ADDR ;
}
2007-10-07 19:23:29 +02:00
2009-02-09 20:11:43 +01:00
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */