diff --git a/common.php b/common.php
new file mode 100644
index 00000000..0eb61980
--- /dev/null
+++ b/common.php
@@ -0,0 +1,28 @@
+
+// Copyright (c) 2002 - 2005 High5!
+// Licensed under GPL for more info check GPL-LICENSE.TXT
+//
+// File: common.php.php
+//
+// Template File: -none-
+//
+// Template Variables: -none-
+//
+// Form POST \ GET Variables: -none-
+//
+
+$incpath = dirname(__FILE__);
+
+require_once("$incpath/variables.inc.php");
+if(!is_file("$incpath/config.inc.php")) {
+ // incorrectly setup...
+ header("Location: setup.php");
+ exit(0);
+}
+require_once("$incpath/config.inc.php");
+require_once("$incpath/functions.inc.php");
+require_once("$incpath/languages/" . check_language () . ".lang");
+
+session_start();
diff --git a/create-alias.php b/create-alias.php
index 3154d130..486de662 100644
--- a/create-alias.php
+++ b/create-alias.php
@@ -23,21 +23,16 @@
// fDomain
//
-if (!isset($incpath)) $incpath = '.';
+require_once('common.php');
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
-
-$SESSID_USERNAME = check_session ();
-if (!check_admin($SESSID_USERNAME))
-{
- $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+authentication_require_role('admin');
+$username = authentication_get_username();
+$SESSID_USERNAME = $username;
+if(authentication_has_role('global-admin')) {
+ $list_domains = list_domains ();
}
-else
-{
- $list_domains = list_domains ();
+else {
+ $list_domains = list_domains_for_admin ($username);
}
$pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text'];
@@ -64,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']);
}
- if (! (check_admin($SESSID_USERNAME) || check_owner ($SESSID_USERNAME, $fDomain) ))
+ if (! (authentication_has_role('global-admin') || check_owner ($SESSID_USERNAME, $fDomain) ))
{
$error = 1;
$tAddress = escape_string ($_POST['fAddress']);
@@ -149,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
diff --git a/create-mailbox.php b/create-mailbox.php
index 6840890c..492f3219 100644
--- a/create-mailbox.php
+++ b/create-mailbox.php
@@ -29,26 +29,21 @@
// fMail
//
-if (!isset($incpath)) $incpath = '.';
+require_once('common.php');
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
-
-$SESSID_USERNAME = check_session ();
-if (!check_admin($SESSID_USERNAME))
-{
- $list_domains = list_domains_for_admin ($SESSID_USERNAME);
-}
-else
-{
+authentication_require_role('admin');
+$SESSID_USERNAME = authentication_get_username();
+if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
+else {
+ $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+}
- $pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
- $pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
- $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
+
+$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
+$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
+$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@@ -61,8 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$tQuota = $row['maxquota'];
}
-
-
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
@@ -79,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
- if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!check_admin($SESSID_USERNAME)) )
+ if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) )
{
$error = 1;
$tUsername = escape_string ($_POST['fUsername']);
@@ -98,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$tDomain = $fDomain;
$pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3'];
}
-
+
if (empty ($fUsername) or !check_email ($fUsername))
{
$error = 1;
@@ -113,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES")
{
- $fPassword = generate_password ();
+ $fPassword = generate_password ();
}
else
{
@@ -138,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text_error'];
}
}
-
+
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
@@ -153,7 +146,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($error != 1)
{
$password = pacrypt ($fPassword);
-
+
if ($CONF['domain_path'] == "YES")
{
if ($CONF['domain_in_mailbox'] == "YES")
@@ -169,7 +162,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$maildir = $fUsername . "/";
}
-
+
if (!empty ($fQuota))
{
$quota = multiply_quota ($fQuota);
@@ -178,7 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$quota = 0;
}
-
+
if ($fActive == "on")
{
$fActive = 1;
@@ -214,7 +207,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
}
else
{
-
+
$error=TRUE; // Being pessimistic
if (mailbox_postcreation($fUsername,$fDomain,$maildir))
{
@@ -222,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$result=db_query("COMMIT");
- /* should really not be possible: */
+/* should really not be possible: */
/*
if (!$result) die('COMMIT-query failed.');
}
@@ -233,14 +226,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$result=db_query("ROLLBACK");
- /* should really not be possible: */
+/* should really not be possible: */
/*
if (!$result) die('ROLLBACK-query failed.');
} else {
/*
When we cannot count on transactions, we need to move forward, despite
the problems.
- */
+ */
/*
$error=FALSE;
}
@@ -250,14 +243,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (!$error)
{
db_log ($CONF['admin_email'], $fDomain, "create mailbox", $fUsername);
-
-*/
+
+ */
/*
TODO: this is the start of /create-mailbox code segment that was originally used in /create-mailbox.php instead
of the above from admin/create-mailbox.php.
To be compared / merged.
-*/
+ */
$result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir))
@@ -272,71 +265,71 @@ TODO: this is the start of /create-mailbox code segment that was originally used
db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername");
/*
TODO: this is the end of /create-mailbox.php code segment
-*/
- $tDomain = $fDomain;
+ */
+ $tDomain = $fDomain;
- if (create_mailbox_subfolders($fUsername,$fPassword))
- {
- $tMessage = $PALANG['pCreate_mailbox_result_succes'] . "
($fUsername";
- } else {
- $tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "
($fUsername";
- }
+ if (create_mailbox_subfolders($fUsername,$fPassword))
+ {
+ $tMessage = $PALANG['pCreate_mailbox_result_succes'] . "
($fUsername";
+ } else {
+ $tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "
($fUsername";
+ }
- if ($CONF['generate_password'] == "YES")
+ if ($CONF['generate_password'] == "YES")
+ {
+ $tMessage .= " / $fPassword)";
+ }
+ else
+ {
+ if ($CONF['show_password'] == "YES")
{
$tMessage .= " / $fPassword)";
}
else
{
- if ($CONF['show_password'] == "YES")
- {
- $tMessage .= " / $fPassword)";
- }
- else
- {
- $tMessage .= ")";
- }
+ $tMessage .= ")";
}
-
- $tQuota = $CONF['maxquota'];
+ }
- if ($fMail == "on")
+ $tQuota = $CONF['maxquota'];
+
+ if ($fMail == "on")
+ {
+ $fTo = $fUsername;
+ $fFrom = $SESSID_USERNAME;
+ $fHeaders = "To: " . $fTo . "\n";
+ $fHeaders .= "From: " . $fFrom . "\n";
+
+ if (!empty ($PALANG['charset']))
{
- $fTo = $fUsername;
- $fFrom = $SESSID_USERNAME;
- $fHeaders = "To: " . $fTo . "\n";
- $fHeaders .= "From: " . $fFrom . "\n";
-
- if (!empty ($PALANG['charset']))
- {
- $fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n";
- $fHeaders .= "MIME-Version: 1.0\n";
- $fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n";
- $fHeaders .= "Content-Transfer-Encoding: 8bit\n";
- }
- else
- {
- $fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n";
- }
-
- $fHeaders .= $CONF['welcome_text'];
-
- if (!smtp_mail ($fTo, $fFrom, $fHeaders))
- {
- $tMessage .= "
" . $PALANG['pSendmail_result_error'] . "
";
- }
- else
- {
- $tMessage .= "
" . $PALANG['pSendmail_result_succes'] . "
";
- }
+ $fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n";
+ $fHeaders .= "MIME-Version: 1.0\n";
+ $fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n";
+ $fHeaders .= "Content-Transfer-Encoding: 8bit\n";
}
+ else
+ {
+ $fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n";
+ }
+
+ $fHeaders .= $CONF['welcome_text'];
+
+ if (!smtp_mail ($fTo, $fFrom, $fHeaders))
+ {
+ $tMessage .= "
" . $PALANG['pSendmail_result_error'] . "
";
+ }
+ else
+ {
+ $tMessage .= "
" . $PALANG['pSendmail_result_succes'] . "
";
+ }
+ }
}
}
}
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
diff --git a/delete.php b/delete.php
index 971de074..68fc96be 100644
--- a/delete.php
+++ b/delete.php
@@ -18,12 +18,12 @@
// fDelete
// fDomain
//
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
-$SESSID_USERNAME = check_session();
+require_once('common.php');
+
+authentication_require_role('admin');
+
+$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@@ -43,6 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
else
{
if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
+
$result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
if ($result['rows'] != 1)
{
diff --git a/edit-active.php b/edit-active.php
index b7a3a172..df37678a 100644
--- a/edit-active.php
+++ b/edit-active.php
@@ -20,14 +20,10 @@
// fReturn
//
-if (!isset($incpath)) $incpath = '.';
+require_once('common.php');
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
-
-$SESSID_USERNAME = check_session ();
+authentication_require_role('admin');
+$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@@ -36,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
- if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) )
+ if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin') ) )
{
$error = 1;
$tMessage = $PALANG['pEdit_mailbox_domain_error'] . "$fDomain!";
@@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
}
else
{
- if (check_admin($SESSID_USERNAME)) {
+ if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@@ -95,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
diff --git a/edit-alias.php b/edit-alias.php
index dde57c1c..623011cd 100644
--- a/edit-alias.php
+++ b/edit-alias.php
@@ -21,21 +21,17 @@
// fGoto
//
-if (!isset($incpath)) $incpath = '.';
+require_once('common.php');
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
-
-$SESSID_USERNAME = check_session ();
+authentication_require_role('admin');
+$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
- if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
+ if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
if ($result['rows'] == 1)
@@ -60,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
$fGoto = strtolower ($fGoto);
- if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
+ if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{
$error = 1;
$tGoto = $_POST['fGoto'];
@@ -114,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto");
- if (check_admin($SESSID_USERNAME)) {
+ if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@@ -126,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
diff --git a/edit-mailbox.php b/edit-mailbox.php
index 3c85b522..eda91eaa 100644
--- a/edit-mailbox.php
+++ b/edit-mailbox.php
@@ -26,14 +26,10 @@
// fActive
//
-if (!isset($incpath)) $incpath = '.';
+require_once('common.php');
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
-
-$SESSID_USERNAME = check_session ();
+authentication_require_role('admin');
+$SESSID_USERNAME = authentication_get_username();
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
$fUsername = strtolower ($fUsername);
@@ -44,7 +40,7 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
- if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
+ if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
{
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'");
if ($result['rows'] == 1)
@@ -79,7 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']);
if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']);
- if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
+ if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
{
$error = 1;
$tName = $fName;
@@ -153,7 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
{
db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername);
- if (check_admin($SESSID_USERNAME)) {
+ if (authentication_has_role('global-admin')) {
header ("Location: list-virtual.php?domain=$fDomain");
} else {
header ("Location: overview.php?domain=$fDomain");
@@ -165,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
diff --git a/edit-vacation.php b/edit-vacation.php
index baf9b7fb..c08c4359 100644
--- a/edit-vacation.php
+++ b/edit-vacation.php
@@ -1,4 +1,6 @@
@@ -11,6 +13,7 @@
//
// Template Variables:
//
+// tUseremail
// tMessage
// tSubject
// tBody
@@ -25,38 +28,27 @@
// fQuota
// fActive
//
-// This is a copy of the superadmin edit-vacation.php with
-// template references changed
-//
-if (!isset($incpath)) $incpath = '.';
+require_once('common.php');
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
+$SESSID_USERNAME = authentication_get_username();
+
+if($CONF['vacation'] == 'NO') {
+ header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
+ exit(0);
+}
+
+$vacation_domain = $CONF['vacation_domain'];
+$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
+$vacation_goto = $vacation_goto . '@' . $vacation_domain;
-$SESSID_USERNAME = check_session ();
-(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
$tmp = preg_split ('/@/', $SESSID_USERNAME);
$USERID_DOMAIN = $tmp[1];
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
-if (check_admin($SESSID_USERNAME))
-{
- $fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain";
-}
-else
-{
- if (check_owner ($SESSID_USERNAME, $fDomain))
- {
- $fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain";
- }
- //unauthorized, exit
- else { exit; }
-}
+$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@@ -74,72 +66,70 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
-
-
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
- $vacation_domain = $CONF['vacation_domain'];
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
- if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
- if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
+ if (isset ($_GET['domain'])) {
+ $fDomain = escape_string ($_GET['domain']);
+ }
+ else {
+ $fDomain = $USERID_DOMAIN;
+ }
+ if (isset ($_GET['username'])) {
+ $fUsername = escape_string ($_GET['username']);
+ }
+ else {
+ $fUsername = authentication_get_username();
+ }
$tUseremail = $fUsername;
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
- //if change, remove old one, then set new one
+ //if change, remove old one, then perhaps set new one
if (!empty ($fBack) || !empty ($fChange))
{
- //if we find an existing vacation entry, delete it
- $result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
- if ($result['rows'] == 1)
- {
- $result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'");
- if ($result['rows'] != 1)
- {
- $error = 1;
- $tMessage = $PALANG['pVacation_result_error'];
- $tMessage = "cannot remove $fUsername from $table_vacation";
- }
- else
- {
- $tMessage = $PALANG['pVacation_result_success'];
- }
-
- $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
+ //if we find an existing vacation entry, delete it
+ $result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] == 1)
{
- $row = db_array ($result['result']);
- $goto = $row['goto'];
-
- //only one of these will do something, first handles address at beginning and middle, second at end
- $goto= preg_replace ( "/$fUsername@$vacation_domain,/", '', $goto);
- $goto= preg_replace ( "/,$fUsername@$vacation_domain/", '', $goto);
-
- $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
+ $result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
- $tMessage = $PALANG['pVacation_result_error'];
}
- else
+
+ $result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
+ if ($result['rows'] == 1)
{
- $tMessage = $PALANG['pVacation_result_success'];
+ $row = db_array ($result['result']);
+ $goto = $row['goto'];
+
+ //only one of these will do something, first handles address at beginning and middle, second at end
+ $goto= preg_replace ( "/$vacation_goto,/", '', $goto);
+ $goto= preg_replace ( "/,$vacation_goto/", '', $goto);
+
+ $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
+ if ($result['rows'] != 1)
+ {
+ $error = 1;
+ }
}
}
- }
}
+
//Set the vacation data for $fUsername
if (!empty ($fChange))
{
+ $goto = '';
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
if ($result['rows'] == 1)
{
@@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
+
if ($result['rows'] != 1)
{
$error = 1;
- $tMessage = $PALANG['pVacation_result_error'];
}
- $goto = $goto . "," . "$fUsername@$vacation_domain";
+ $goto = $goto . "," . $vacation_goto;
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
if ($result['rows'] != 1)
{
$error = 1;
- $tMessage = $PALANG['pVacation_result_error'];
- }
- else
- {
- header ("Location: $fCanceltarget");
- exit;
}
}
}
+if($error == 0) {
+ if(!empty ($fBack)) {
+ $tMessage = $PALANG['pVacation_result_removed'];
+ }
+ if(!empty($fChange)) {
+ $tMessage= $PALANG['pVacation_result_added'];
+ }
+}
+else {
+ $tMessage = $PALANG['pVacation_result_error'];
+}
+
+$tUseremail = $SESSID_USERNAME;
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
diff --git a/index.php b/index.php
index 66ed3eb3..9b2f756c 100644
--- a/index.php
+++ b/index.php
@@ -19,36 +19,30 @@
//
if (!file_exists (realpath ("./setup.php")))
{
- header ("Location: login.php");
- exit;
+ header ("Location: login.php");
+ exit;
}
else
{
- print <<< EOF
+ print <<< EOF
-
-Welcome to Postfix Admin
-
-
-
-
-Welcome to Postfix Admin
-It seems that you are running this version of Postfix Admin for the first time.
-
-You can now run setup to make sure that all the functions are available for Postfix Admin to run.
-
-If you still encounter any problems please check the documentation and website for more information.
-
-Your donations keep this project running...
-
-
-Postfix Admin
-Knowledge Base
-
+
+ Welcome to Postfix Admin
+
+
+
+
+ Welcome to Postfix Admin
+ It seems that you are running this version of Postfix Admin for the first time.
+
+ You can now run setup to make sure that all the functions are available for Postfix Admin to run.
+
+ If you still encounter any problems, please check the documentation and website for more information.
+
+
+ Postfix Admin web site
+ Knowledge Base
+
EOF;
}
diff --git a/login.php b/login.php
index b1cbd90a..bd3d74e1 100644
--- a/login.php
+++ b/login.php
@@ -19,65 +19,63 @@
// fUsername
// fPassword
//
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
+require_once('common.php');
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
- include ("./templates/header.tpl");
- include ("./templates/login.tpl");
- include ("./templates/footer.tpl");
+ include ("./templates/header.tpl");
+ include ("./templates/login.tpl");
+ include ("./templates/footer.tpl");
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
- if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
- if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
+ $fUsername = '';
+ $fPassword = '';
+ if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
+ if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
- $result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
- if ($result['rows'] == 1)
- {
- $row = db_array ($result['result']);
- $password = pacrypt ($fPassword, $row['password']);
+ $result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
+ if ($result['rows'] == 1)
+ {
+ $row = db_array ($result['result']);
+ $password = pacrypt ($fPassword, $row['password']);
+ $result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
+ if ($result['rows'] != 1)
+ {
+ $error = 1;
+ $tMessage = $PALANG['pLogin_password_incorrect'];
+ $tUsername = $fUsername;
+ }
+ }
+ else
+ {
+ $error = 1;
+ $tMessage = $PALANG['pLogin_username_incorrect'];
+ }
- $result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
- if ($result['rows'] != 1)
- {
- $error = 1;
- $tMessage = $PALANG['pLogin_password_incorrect'];
- $tUsername = $fUsername;
- }
- }
- else
- {
- $error = 1;
- $tMessage = $PALANG['pLogin_username_incorrect'];
- }
+ if ($error != 1)
+ {
+ session_regenerate_id();
+ $_SESSION['sessid'] = array();
+ $_SESSION['sessid']['username'] = $fUsername;
+ $_SESSION['sessid']['roles'] = array();
+ $_SESSION['sessid']['roles'][] = 'admin';
- if ($error != 1)
- {
- session_start();
- session_register("sessid");
- $_SESSION['sessid']['username'] = $fUsername;
+ // they've logged in, so see if they are a domain admin, as well.
+ $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
+ if ($result['rows'] == 1)
+ {
+ $_SESSION['sessid']['roles'][] = 'global-admin';
+ header("Location: admin/list-admin.php");
+ exit(0);
+ }
+ header("Location: main.php");
+ exit(0);
+ }
- $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
- if ($result['rows'] == 1)
- {
- $row = db_array ($result['result']);
- if ($fUsername == $row['username'])
- {
- header("Location: admin/index.php");
- exit;
- }
- }
- header("Location: main.php");
- exit;
- }
-
- include ("./templates/header.tpl");
- include ("./templates/login.tpl");
- include ("./templates/footer.tpl");
+ include ("./templates/header.tpl");
+ include ("./templates/login.tpl");
+ include ("./templates/footer.tpl");
}
?>
diff --git a/logout.php b/logout.php
index a5af8ec4..73d81583 100644
--- a/logout.php
+++ b/logout.php
@@ -17,10 +17,8 @@
//
// -none-
//
-require ("./config.inc.php");
-require ("./functions.inc.php");
-$SESSID_USERNAME = check_session ();
+require_once('common.php');
session_unset ();
session_destroy ();
diff --git a/main.php b/main.php
index d68eafe5..acba53c2 100644
--- a/main.php
+++ b/main.php
@@ -17,11 +17,12 @@
//
// -none-
//
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
-$SESSID_USERNAME = check_session ();
+require_once('common.php');
+
+$SESSID_USERNAME = authentication_get_username();
+
+authentication_require_role('admin');
if ($_SERVER["REQUEST_METHOD"] == "GET")
{
diff --git a/overview.php b/overview.php
index 698212db..dd8b14f9 100644
--- a/overview.php
+++ b/overview.php
@@ -23,20 +23,19 @@
// fDomain
// limit
//
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
-$SESSID_USERNAME = check_session();
-if (!check_admin($SESSID_USERNAME))
-{
- $list_domains = list_domains_for_admin ($SESSID_USERNAME);
-}
-else
-{
+require_once('common.php');
+
+authentication_require_role('admin');
+
+$SESSID_USERNAME = authentication_get_username();
+
+if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
+else {
+ $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+}
$tAlias = array();
$tMailbox = array();
@@ -103,7 +102,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
$row['created']=gmstrftime('%c %Z',$row['uts_created']);
$row['modified']=gmstrftime('%c %Z',$row['uts_modified']);
$row['active']=('t'==$row['active']) ? 1 : 0;
- $row['v_active']=('t'==$row['v_active']) ? 1 : 0;
+ if(isset($row['v_active'])) {
+ $row['v_active']=('t'==$row['v_active']) ? 1 : 0;
+ }
+ else {
+ $row['v_active'] = -1 ; //unknown; broken query above..
+ }
unset($row['uts_created']);
unset($row['uts_modified']);
}
diff --git a/password.php b/password.php
index c8c61120..ca5f1b7b 100644
--- a/password.php
+++ b/password.php
@@ -19,71 +19,71 @@
// fPassword
// fPassword2
//
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
-$SESSID_USERNAME = check_session ();
+require_once('common.php');
+
+authentication_require_role('admin');
+
+$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
- include ("./templates/header.tpl");
- include ("./templates/menu.tpl");
- include ("./templates/password.tpl");
- include ("./templates/footer.tpl");
+ include ("./templates/header.tpl");
+ include ("./templates/menu.tpl");
+ include ("./templates/password.tpl");
+ include ("./templates/footer.tpl");
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
- if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
- if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
- if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
+ if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
+ if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
+ if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
- $username = $SESSID_USERNAME;
+ $username = $SESSID_USERNAME;
- $result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
- if ($result['rows'] == 1)
- {
- $row = db_array ($result['result']);
- $checked_password = pacrypt ($fPassword_current, $row['password']);
+ $result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
+ if ($result['rows'] == 1)
+ {
+ $row = db_array ($result['result']);
+ $checked_password = pacrypt ($fPassword_current, $row['password']);
- $result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
- if ($result['rows'] != 1)
- {
- $error = 1;
- $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
- }
- }
- else
- {
- $error = 1;
- $pPassword_email_text = $PALANG['pPassword_email_text_error'];
- }
+ $result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
+ if ($result['rows'] != 1)
+ {
+ $error = 1;
+ $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
+ }
+ }
+ else
+ {
+ $error = 1;
+ $pPassword_email_text = $PALANG['pPassword_email_text_error'];
+ }
- if (empty ($fPassword) or ($fPassword != $fPassword2))
- {
- $error = 1;
- $pPassword_password_text = $PALANG['pPassword_password_text_error'];
- }
+ if (empty ($fPassword) or ($fPassword != $fPassword2))
+ {
+ $error = 1;
+ $pPassword_password_text = $PALANG['pPassword_password_text_error'];
+ }
- if ($error != 1)
- {
- $password = pacrypt ($fPassword);
- $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
- if ($result['rows'] == 1)
- {
- $tMessage = $PALANG['pPassword_result_succes'];
- }
- else
- {
- $tMessage = $PALANG['pPassword_result_error'];
- }
- }
+ if ($error != 1)
+ {
+ $password = pacrypt ($fPassword);
+ $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
+ if ($result['rows'] == 1)
+ {
+ $tMessage = $PALANG['pPassword_result_succes'];
+ }
+ else
+ {
+ $tMessage = $PALANG['pPassword_result_error'];
+ }
+ }
- include ("./templates/header.tpl");
- include ("./templates/menu.tpl");
- include ("./templates/password.tpl");
- include ("./templates/footer.tpl");
+ include ("./templates/header.tpl");
+ include ("./templates/menu.tpl");
+ include ("./templates/password.tpl");
+ include ("./templates/footer.tpl");
}
?>
diff --git a/search.php b/search.php
index db846987..bf0aa1cf 100644
--- a/search.php
+++ b/search.php
@@ -20,20 +20,17 @@
// fGo
// fDomain
//
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
-$SESSID_USERNAME = check_session();
-if (!check_admin($SESSID_USERNAME))
-{
- $list_domains = list_domains_for_admin ($SESSID_USERNAME);
-}
-else
-{
+require_once('common.php');
+
+authentication_require_role('admin');
+$SESSID_USERNAME = authentication_get_username();
+if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
+else {
+ $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+}
$tAlias = array();
@@ -109,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if (empty ($fSearch) && !empty ($fGo))
{
- if (check_admin($SESSID_USERNAME))
+ if (authentication_has_role('global-admin'))
{
header("Location: list-virtual.php?domain=" . $fDomain ) && exit;
}
diff --git a/sendmail.php b/sendmail.php
index f6ed790b..eb763b83 100644
--- a/sendmail.php
+++ b/sendmail.php
@@ -22,14 +22,14 @@
// fSubject
// fBody
//
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");
-$SESSID_USERNAME = check_session ();
+require_once('common.php');
+
+authentication_require_role('admin');
+
(($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
include ("./templates/header.tpl");
diff --git a/viewlog.php b/viewlog.php
index 163e511a..b64a80de 100644
--- a/viewlog.php
+++ b/viewlog.php
@@ -19,22 +19,17 @@
// fDomain
//
-if (!isset($incpath)) $incpath = '.';
-require ("$incpath/variables.inc.php");
-require ("$incpath/config.inc.php");
-require ("$incpath/functions.inc.php");
-include ("$incpath/languages/" . check_language () . ".lang");
+require_once('common.php');
-$SESSID_USERNAME = check_session();
-if (!check_admin($SESSID_USERNAME))
-{
- $list_domains = list_domains_for_admin ($SESSID_USERNAME);
-}
-else
-{
+authentication_require_role('admin');
+$SESSID_USERNAME = authentication_get_username();
+if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
+else {
+ $list_domains = list_domains_for_admin ($SESSID_USERNAME);
+}
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
@@ -45,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
die('Unknown request method');
}
-if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
+if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')))
{
$error = 1;
$tMessage = $PALANG['pViewlog_result_error'];
@@ -74,7 +69,7 @@ if ($error != 1)
include ("$incpath/templates/header.tpl");
-if (check_admin($SESSID_USERNAME)) {
+if (authentication_has_role('global-admin')) {
include ("$incpath/templates/admin_menu.tpl");
} else {
include ("$incpath/templates/menu.tpl");
-
-