mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
final set of refactoring patches (and the rest)
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@71 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
4eb83c4bdc
commit
3e70f276c2
28
common.php
Normal file
28
common.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
// Postfix Admin
|
||||
// by Mischa Peters <mischa at high5 dot net>
|
||||
// Copyright (c) 2002 - 2005 High5!
|
||||
// Licensed under GPL for more info check GPL-LICENSE.TXT
|
||||
//
|
||||
// File: common.php.php
|
||||
//
|
||||
// Template File: -none-
|
||||
//
|
||||
// Template Variables: -none-
|
||||
//
|
||||
// Form POST \ GET Variables: -none-
|
||||
//
|
||||
|
||||
$incpath = dirname(__FILE__);
|
||||
|
||||
require_once("$incpath/variables.inc.php");
|
||||
if(!is_file("$incpath/config.inc.php")) {
|
||||
// incorrectly setup...
|
||||
header("Location: setup.php");
|
||||
exit(0);
|
||||
}
|
||||
require_once("$incpath/config.inc.php");
|
||||
require_once("$incpath/functions.inc.php");
|
||||
require_once("$incpath/languages/" . check_language () . ".lang");
|
||||
|
||||
session_start();
|
@ -23,21 +23,16 @@
|
||||
// fDomain
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
require_once('common.php');
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
if (!check_admin($SESSID_USERNAME))
|
||||
{
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
authentication_require_role('admin');
|
||||
$username = authentication_get_username();
|
||||
$SESSID_USERNAME = $username;
|
||||
if(authentication_has_role('global-admin')) {
|
||||
$list_domains = list_domains ();
|
||||
}
|
||||
else
|
||||
{
|
||||
$list_domains = list_domains ();
|
||||
else {
|
||||
$list_domains = list_domains_for_admin ($username);
|
||||
}
|
||||
|
||||
$pCreate_alias_goto_text = $PALANG['pCreate_alias_goto_text'];
|
||||
@ -64,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
$fGoto = $fGoto . "@" . escape_string ($_POST['fDomain']);
|
||||
}
|
||||
|
||||
if (! (check_admin($SESSID_USERNAME) || check_owner ($SESSID_USERNAME, $fDomain) ))
|
||||
if (! (authentication_has_role('global-admin') || check_owner ($SESSID_USERNAME, $fDomain) ))
|
||||
{
|
||||
$error = 1;
|
||||
$tAddress = escape_string ($_POST['fAddress']);
|
||||
@ -149,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
|
||||
include ("$incpath/templates/header.tpl");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
@ -29,26 +29,21 @@
|
||||
// fMail
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
require_once('common.php');
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
if (!check_admin($SESSID_USERNAME))
|
||||
{
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
authentication_require_role('admin');
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
if(authentication_has_role('global-admin')) {
|
||||
$list_domains = list_domains ();
|
||||
}
|
||||
else {
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
|
||||
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
|
||||
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
|
||||
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
|
||||
|
||||
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
|
||||
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
|
||||
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
@ -61,8 +56,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
$tQuota = $row['maxquota'];
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
@ -79,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
|
||||
|
||||
|
||||
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!check_admin($SESSID_USERNAME)) )
|
||||
if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) )
|
||||
{
|
||||
$error = 1;
|
||||
$tUsername = escape_string ($_POST['fUsername']);
|
||||
@ -98,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
$tDomain = $fDomain;
|
||||
$pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3'];
|
||||
}
|
||||
|
||||
|
||||
if (empty ($fUsername) or !check_email ($fUsername))
|
||||
{
|
||||
$error = 1;
|
||||
@ -113,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES")
|
||||
{
|
||||
$fPassword = generate_password ();
|
||||
$fPassword = generate_password ();
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -138,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text_error'];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
@ -153,7 +146,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if ($error != 1)
|
||||
{
|
||||
$password = pacrypt ($fPassword);
|
||||
|
||||
|
||||
if ($CONF['domain_path'] == "YES")
|
||||
{
|
||||
if ($CONF['domain_in_mailbox'] == "YES")
|
||||
@ -169,7 +162,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
$maildir = $fUsername . "/";
|
||||
}
|
||||
|
||||
|
||||
if (!empty ($fQuota))
|
||||
{
|
||||
$quota = multiply_quota ($fQuota);
|
||||
@ -178,7 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
$quota = 0;
|
||||
}
|
||||
|
||||
|
||||
if ($fActive == "on")
|
||||
{
|
||||
$fActive = 1;
|
||||
@ -214,7 +207,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
|
||||
$error=TRUE; // Being pessimistic
|
||||
if (mailbox_postcreation($fUsername,$fDomain,$maildir))
|
||||
{
|
||||
@ -222,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
$result=db_query("COMMIT");
|
||||
|
||||
/* should really not be possible: */
|
||||
/* should really not be possible: */
|
||||
/*
|
||||
if (!$result) die('COMMIT-query failed.');
|
||||
}
|
||||
@ -233,14 +226,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
$result=db_query("ROLLBACK");
|
||||
|
||||
/* should really not be possible: */
|
||||
/* should really not be possible: */
|
||||
/*
|
||||
if (!$result) die('ROLLBACK-query failed.');
|
||||
} else {
|
||||
/*
|
||||
When we cannot count on transactions, we need to move forward, despite
|
||||
the problems.
|
||||
*/
|
||||
*/
|
||||
/*
|
||||
$error=FALSE;
|
||||
}
|
||||
@ -250,14 +243,14 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if (!$error)
|
||||
{
|
||||
db_log ($CONF['admin_email'], $fDomain, "create mailbox", $fUsername);
|
||||
|
||||
*/
|
||||
|
||||
*/
|
||||
|
||||
/*
|
||||
TODO: this is the start of /create-mailbox code segment that was originally used in /create-mailbox.php instead
|
||||
of the above from admin/create-mailbox.php.
|
||||
To be compared / merged.
|
||||
*/
|
||||
*/
|
||||
|
||||
$result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
|
||||
if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir))
|
||||
@ -272,71 +265,71 @@ TODO: this is the start of /create-mailbox code segment that was originally used
|
||||
db_log ($SESSID_USERNAME, $fDomain, "create mailbox", "$fUsername");
|
||||
/*
|
||||
TODO: this is the end of /create-mailbox.php code segment
|
||||
*/
|
||||
$tDomain = $fDomain;
|
||||
*/
|
||||
$tDomain = $fDomain;
|
||||
|
||||
if (create_mailbox_subfolders($fUsername,$fPassword))
|
||||
{
|
||||
$tMessage = $PALANG['pCreate_mailbox_result_succes'] . "<br />($fUsername";
|
||||
} else {
|
||||
$tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "<br />($fUsername";
|
||||
}
|
||||
if (create_mailbox_subfolders($fUsername,$fPassword))
|
||||
{
|
||||
$tMessage = $PALANG['pCreate_mailbox_result_succes'] . "<br />($fUsername";
|
||||
} else {
|
||||
$tMessage = $PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "<br />($fUsername";
|
||||
}
|
||||
|
||||
if ($CONF['generate_password'] == "YES")
|
||||
if ($CONF['generate_password'] == "YES")
|
||||
{
|
||||
$tMessage .= " / $fPassword)</br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($CONF['show_password'] == "YES")
|
||||
{
|
||||
$tMessage .= " / $fPassword)</br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($CONF['show_password'] == "YES")
|
||||
{
|
||||
$tMessage .= " / $fPassword)</br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
$tMessage .= ")</br />";
|
||||
}
|
||||
$tMessage .= ")</br />";
|
||||
}
|
||||
|
||||
$tQuota = $CONF['maxquota'];
|
||||
}
|
||||
|
||||
if ($fMail == "on")
|
||||
$tQuota = $CONF['maxquota'];
|
||||
|
||||
if ($fMail == "on")
|
||||
{
|
||||
$fTo = $fUsername;
|
||||
$fFrom = $SESSID_USERNAME;
|
||||
$fHeaders = "To: " . $fTo . "\n";
|
||||
$fHeaders .= "From: " . $fFrom . "\n";
|
||||
|
||||
if (!empty ($PALANG['charset']))
|
||||
{
|
||||
$fTo = $fUsername;
|
||||
$fFrom = $SESSID_USERNAME;
|
||||
$fHeaders = "To: " . $fTo . "\n";
|
||||
$fHeaders .= "From: " . $fFrom . "\n";
|
||||
|
||||
if (!empty ($PALANG['charset']))
|
||||
{
|
||||
$fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n";
|
||||
$fHeaders .= "MIME-Version: 1.0\n";
|
||||
$fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n";
|
||||
$fHeaders .= "Content-Transfer-Encoding: 8bit\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
$fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n";
|
||||
}
|
||||
|
||||
$fHeaders .= $CONF['welcome_text'];
|
||||
|
||||
if (!smtp_mail ($fTo, $fFrom, $fHeaders))
|
||||
{
|
||||
$tMessage .= "<br />" . $PALANG['pSendmail_result_error'] . "<br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
$tMessage .= "<br />" . $PALANG['pSendmail_result_succes'] . "<br />";
|
||||
}
|
||||
$fHeaders .= "Subject: " . encode_header ($PALANG['pSendmail_subject_text'], $PALANG['charset']) . "\n";
|
||||
$fHeaders .= "MIME-Version: 1.0\n";
|
||||
$fHeaders .= "Content-Type: text/plain; charset=" . $PALANG['charset'] . "\n";
|
||||
$fHeaders .= "Content-Transfer-Encoding: 8bit\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
$fHeaders .= "Subject: " . $PALANG['pSendmail_subject_text'] . "\n\n";
|
||||
}
|
||||
|
||||
$fHeaders .= $CONF['welcome_text'];
|
||||
|
||||
if (!smtp_mail ($fTo, $fFrom, $fHeaders))
|
||||
{
|
||||
$tMessage .= "<br />" . $PALANG['pSendmail_result_error'] . "<br />";
|
||||
}
|
||||
else
|
||||
{
|
||||
$tMessage .= "<br />" . $PALANG['pSendmail_result_succes'] . "<br />";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
include ("$incpath/templates/header.tpl");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
11
delete.php
11
delete.php
@ -18,12 +18,12 @@
|
||||
// fDelete
|
||||
// fDomain
|
||||
//
|
||||
require ("./variables.inc.php");
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session();
|
||||
require_once('common.php');
|
||||
|
||||
authentication_require_role('admin');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
@ -43,6 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
else
|
||||
{
|
||||
if ($CONF['database_type'] == "pgsql") db_query('BEGIN');
|
||||
|
||||
$result = db_query ("DELETE FROM $table_alias WHERE address='$fDelete' AND domain='$fDomain'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
|
@ -20,14 +20,10 @@
|
||||
// fReturn
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
require_once('common.php');
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
authentication_require_role('admin');
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
@ -36,7 +32,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
||||
if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
|
||||
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) )
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin') ) )
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pEdit_mailbox_domain_error'] . "<b>$fDomain</b>!</font>";
|
||||
@ -83,7 +79,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
}
|
||||
else
|
||||
{
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
header ("Location: list-virtual.php?domain=$fDomain");
|
||||
} else {
|
||||
header ("Location: overview.php?domain=$fDomain");
|
||||
@ -95,7 +91,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
|
||||
include ("$incpath/templates/header.tpl");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
@ -21,21 +21,17 @@
|
||||
// fGoto
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
require_once('common.php');
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
authentication_require_role('admin');
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
|
||||
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
||||
|
||||
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
|
||||
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
|
||||
{
|
||||
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
|
||||
if ($result['rows'] == 1)
|
||||
@ -60,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
|
||||
$fGoto = strtolower ($fGoto);
|
||||
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
|
||||
{
|
||||
$error = 1;
|
||||
$tGoto = $_POST['fGoto'];
|
||||
@ -114,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
db_log ($SESSID_USERNAME, $fDomain, "edit alias", "$fAddress -> $goto");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
header ("Location: list-virtual.php?domain=$fDomain");
|
||||
} else {
|
||||
header ("Location: overview.php?domain=$fDomain");
|
||||
@ -126,7 +122,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
|
||||
include ("$incpath/templates/header.tpl");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
@ -26,14 +26,10 @@
|
||||
// fActive
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
require_once('common.php');
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
authentication_require_role('admin');
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
|
||||
$fUsername = strtolower ($fUsername);
|
||||
@ -44,7 +40,7 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text'];
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
if (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME))
|
||||
if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin'))
|
||||
{
|
||||
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'");
|
||||
if ($result['rows'] == 1)
|
||||
@ -79,7 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']);
|
||||
if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']);
|
||||
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) )
|
||||
{
|
||||
$error = 1;
|
||||
$tName = $fName;
|
||||
@ -153,7 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
db_log ($SESSID_USERNAME, $fDomain, "edit mailbox", $fUsername);
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
header ("Location: list-virtual.php?domain=$fDomain");
|
||||
} else {
|
||||
header ("Location: overview.php?domain=$fDomain");
|
||||
@ -165,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
|
||||
include ("$incpath/templates/header.tpl");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
@ -1,4 +1,6 @@
|
||||
<?php
|
||||
// XXX TODO - Remove the code duplication between this file (for admins) and users/vacation.php
|
||||
// - too much of the code is identical for there not to be some refactoring possible.
|
||||
//
|
||||
// Postfix Admin
|
||||
// by Mischa Peters <mischa at high5 dot net>
|
||||
@ -11,6 +13,7 @@
|
||||
//
|
||||
// Template Variables:
|
||||
//
|
||||
// tUseremail
|
||||
// tMessage
|
||||
// tSubject
|
||||
// tBody
|
||||
@ -25,38 +28,27 @@
|
||||
// fQuota
|
||||
// fActive
|
||||
//
|
||||
// This is a copy of the superadmin edit-vacation.php with
|
||||
// template references changed
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
require_once('common.php');
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if($CONF['vacation'] == 'NO') {
|
||||
header("Location: " . $CONF['postfix_admin_url'] . "/main.php");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
$vacation_domain = $CONF['vacation_domain'];
|
||||
$vacation_goto = preg_replace('/@/', '#', $SESSID_USERNAME);
|
||||
$vacation_goto = $vacation_goto . '@' . $vacation_domain;
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
(($CONF['vacation'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
|
||||
$tmp = preg_split ('/@/', $SESSID_USERNAME);
|
||||
$USERID_DOMAIN = $tmp[1];
|
||||
|
||||
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
|
||||
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
||||
|
||||
if (check_admin($SESSID_USERNAME))
|
||||
{
|
||||
$fCanceltarget= $CONF['postfix_admin_url'] . "/admin/list-virtual.php?domain=$fDomain";
|
||||
}
|
||||
else
|
||||
{
|
||||
if (check_owner ($SESSID_USERNAME, $fDomain))
|
||||
{
|
||||
$fCanceltarget= $CONF['postfix_admin_url'] . "/overview.php?domain=$fDomain";
|
||||
}
|
||||
//unauthorized, exit
|
||||
else { exit; }
|
||||
}
|
||||
$fCanceltarget = $CONF['postfix_admin_url'] . '/main.php';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
@ -74,72 +66,70 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
|
||||
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
$vacation_domain = $CONF['vacation_domain'];
|
||||
|
||||
if (isset ($_POST['fSubject'])) $fSubject = escape_string ($_POST['fSubject']);
|
||||
if (isset ($_POST['fBody'])) $fBody = escape_string ($_POST['fBody']);
|
||||
if (isset ($_POST['fChange'])) $fChange = escape_string ($_POST['fChange']);
|
||||
if (isset ($_POST['fBack'])) $fBack = escape_string ($_POST['fBack']);
|
||||
|
||||
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
|
||||
if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
|
||||
if (isset ($_GET['domain'])) {
|
||||
$fDomain = escape_string ($_GET['domain']);
|
||||
}
|
||||
else {
|
||||
$fDomain = $USERID_DOMAIN;
|
||||
}
|
||||
if (isset ($_GET['username'])) {
|
||||
$fUsername = escape_string ($_GET['username']);
|
||||
}
|
||||
else {
|
||||
$fUsername = authentication_get_username();
|
||||
}
|
||||
|
||||
$tUseremail = $fUsername;
|
||||
if ($tSubject == '') { $tSubject = $PALANG['pUsersVacation_subject_text']; }
|
||||
if ($tBody == '') { $tBody = $PALANG['pUsersVacation_body_text']; }
|
||||
|
||||
//if change, remove old one, then set new one
|
||||
//if change, remove old one, then perhaps set new one
|
||||
if (!empty ($fBack) || !empty ($fChange))
|
||||
{
|
||||
//if we find an existing vacation entry, delete it
|
||||
$result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pVacation_result_error'];
|
||||
$tMessage = "cannot remove $fUsername from $table_vacation";
|
||||
}
|
||||
else
|
||||
{
|
||||
$tMessage = $PALANG['pVacation_result_success'];
|
||||
}
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
|
||||
//if we find an existing vacation entry, delete it
|
||||
$result = db_query("SELECT * FROM $table_vacation WHERE email='$fUsername'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$goto = $row['goto'];
|
||||
|
||||
//only one of these will do something, first handles address at beginning and middle, second at end
|
||||
$goto= preg_replace ( "/$fUsername@$vacation_domain,/", '', $goto);
|
||||
$goto= preg_replace ( "/,$fUsername@$vacation_domain/", '', $goto);
|
||||
|
||||
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
|
||||
$result = db_query ("DELETE FROM $table_vacation WHERE email='$fUsername'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pVacation_result_error'];
|
||||
}
|
||||
else
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$tMessage = $PALANG['pVacation_result_success'];
|
||||
$row = db_array ($result['result']);
|
||||
$goto = $row['goto'];
|
||||
|
||||
//only one of these will do something, first handles address at beginning and middle, second at end
|
||||
$goto= preg_replace ( "/$vacation_goto,/", '', $goto);
|
||||
$goto= preg_replace ( "/,$vacation_goto/", '', $goto);
|
||||
|
||||
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//Set the vacation data for $fUsername
|
||||
if (!empty ($fChange))
|
||||
{
|
||||
$goto = '';
|
||||
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fUsername'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
@ -149,30 +139,37 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
|
||||
($CONF['database_type']=='pgsql') ? $Active='true' : $Active=1;
|
||||
$result = db_query ("INSERT INTO $table_vacation (email,subject,body,domain,created,active) VALUES ('$fUsername','$fSubject','$fBody','$fDomain',NOW(),$Active)");
|
||||
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pVacation_result_error'];
|
||||
}
|
||||
|
||||
$goto = $goto . "," . "$fUsername@$vacation_domain";
|
||||
$goto = $goto . "," . $vacation_goto;
|
||||
|
||||
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fUsername'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pVacation_result_error'];
|
||||
}
|
||||
else
|
||||
{
|
||||
header ("Location: $fCanceltarget");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($error == 0) {
|
||||
if(!empty ($fBack)) {
|
||||
$tMessage = $PALANG['pVacation_result_removed'];
|
||||
}
|
||||
if(!empty($fChange)) {
|
||||
$tMessage= $PALANG['pVacation_result_added'];
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tMessage = $PALANG['pVacation_result_error'];
|
||||
}
|
||||
|
||||
$tUseremail = $SESSID_USERNAME;
|
||||
include ("$incpath/templates/header.tpl");
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
46
index.php
46
index.php
@ -19,36 +19,30 @@
|
||||
//
|
||||
if (!file_exists (realpath ("./setup.php")))
|
||||
{
|
||||
header ("Location: login.php");
|
||||
exit;
|
||||
header ("Location: login.php");
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
print <<< EOF
|
||||
print <<< EOF
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome to Postfix Admin</title>
|
||||
</head>
|
||||
<body>
|
||||
<img id="login_header_logo" src="images/postbox.png" />
|
||||
<img id="login_header_logo2" src="images/postfixadmin2.png" />
|
||||
<h1>Welcome to Postfix Admin</h1>
|
||||
It seems that you are running this version of Postfix Admin for the first time.<br />
|
||||
<p />
|
||||
You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br />
|
||||
<p />
|
||||
If you still encounter any problems please check the documentation and website for more information.
|
||||
<p />
|
||||
Your donations keep this project running...
|
||||
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
|
||||
<input type="hidden" name="cmd" value="_s-xclick">
|
||||
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
|
||||
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHDgYJKoZIhvcNAQcEoIIG/zCCBvsCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAaWZJT9HWnL5r84t1G3lE63Fs8NGVgfq49mgflefUQOeVfKUG7NXZOkJT/FxH+SLf2c20VGRhol6vr0EqlMbJYkqeAJJIEHDVe8OiiYV1MYDWBRoJ5TRUCVurbFq9DnMokHohXBsdYjtAAxwvw6m9MZucVkZfg83QsgrfqeFpDNTELMAkGBSsOAwIaBQAwgYsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIC0DzenYGQ6SAaKk6zKCl+ULUPl5c4pT4u0dpzFLw3sXBESPspq92l37FQXdxLzp2qaeP2StIXgU828PbJxt5ilucTLmnfkhpoeSdbvrlfiYJQbI1kjtHi0gIO4Hp0iUmaRaOTAEcNYfO84xxce0rJlfdoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQwOTE3MTUwNzEzWjAjBgkqhkiG9w0BCQQxFgQUXsDlCR/SO8MRWqCsrkZ7wbU4RZAwDQYJKoZIhvcNAQEBBQAEgYCPDjlGd7bghDtcCDiPl7DPgV6/vT4vc5bn5ygoqIahQF5Asu9v+Qocb+vMEPq+IZampJ/XlcGzwmzY23IfeVAq4aosqM265rDxyfmnzmiApO/KCJS7pN8dBVeDLEXGNYo1s73Ch0lETohWwYHKNKk+Wwe3+6tFhumthRHbpqQ4dw==-----END PKCS7-----">
|
||||
</form>
|
||||
<p />
|
||||
<a href="http://high5.net/postfixadmin/">Postfix Admin</a><br />
|
||||
<a href="http://forums.high5.net/index.php?showforum=7">Knowledge Base</a>
|
||||
</body>
|
||||
<head>
|
||||
<title>Welcome to Postfix Admin</title>
|
||||
</head>
|
||||
<body>
|
||||
<img id="login_header_logo" src="images/postbox.png" />
|
||||
<img id="login_header_logo2" src="images/postfixadmin2.png" />
|
||||
<h1>Welcome to Postfix Admin</h1>
|
||||
It seems that you are running this version of Postfix Admin for the first time.<br />
|
||||
<p />
|
||||
You can now run <a href="setup.php">setup</a> to make sure that all the functions are available for Postfix Admin to run.<br />
|
||||
<p />
|
||||
If you still encounter any problems, please check the documentation and website for more information.
|
||||
<p />
|
||||
<p />
|
||||
<a href="http://postfixadmin.org">Postfix Admin</a> web site<br />
|
||||
<a href="http://sourceforge.net/forum/forum.php?forum_id=676076">Knowledge Base</a>
|
||||
</body>
|
||||
</html>
|
||||
EOF;
|
||||
}
|
||||
|
96
login.php
96
login.php
@ -19,65 +19,63 @@
|
||||
// fUsername
|
||||
// fPassword
|
||||
//
|
||||
require ("./variables.inc.php");
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
require_once('common.php');
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/login.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/login.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
|
||||
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
|
||||
$fUsername = '';
|
||||
$fPassword = '';
|
||||
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
|
||||
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
|
||||
|
||||
$result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$password = pacrypt ($fPassword, $row['password']);
|
||||
$result = db_query ("SELECT password FROM $table_admin WHERE username='$fUsername' AND active='1'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$password = pacrypt ($fPassword, $row['password']);
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pLogin_password_incorrect'];
|
||||
$tUsername = $fUsername;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pLogin_username_incorrect'];
|
||||
}
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$fUsername' AND password='$password' AND active='1'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pLogin_password_incorrect'];
|
||||
$tUsername = $fUsername;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pLogin_username_incorrect'];
|
||||
}
|
||||
if ($error != 1)
|
||||
{
|
||||
session_regenerate_id();
|
||||
$_SESSION['sessid'] = array();
|
||||
$_SESSION['sessid']['username'] = $fUsername;
|
||||
$_SESSION['sessid']['roles'] = array();
|
||||
$_SESSION['sessid']['roles'][] = 'admin';
|
||||
|
||||
if ($error != 1)
|
||||
{
|
||||
session_start();
|
||||
session_register("sessid");
|
||||
$_SESSION['sessid']['username'] = $fUsername;
|
||||
// they've logged in, so see if they are a domain admin, as well.
|
||||
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$_SESSION['sessid']['roles'][] = 'global-admin';
|
||||
header("Location: admin/list-admin.php");
|
||||
exit(0);
|
||||
}
|
||||
header("Location: main.php");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$fUsername' AND domain='ALL' AND active='1'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
if ($fUsername == $row['username'])
|
||||
{
|
||||
header("Location: admin/index.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
header("Location: main.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/login.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/login.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
}
|
||||
?>
|
||||
|
@ -17,10 +17,8 @@
|
||||
//
|
||||
// -none-
|
||||
//
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
require_once('common.php');
|
||||
|
||||
session_unset ();
|
||||
session_destroy ();
|
||||
|
9
main.php
9
main.php
@ -17,11 +17,12 @@
|
||||
//
|
||||
// -none-
|
||||
//
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
require_once('common.php');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
authentication_require_role('admin');
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "GET")
|
||||
{
|
||||
|
28
overview.php
28
overview.php
@ -23,20 +23,19 @@
|
||||
// fDomain
|
||||
// limit
|
||||
//
|
||||
require ("./variables.inc.php");
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session();
|
||||
if (!check_admin($SESSID_USERNAME))
|
||||
{
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
require_once('common.php');
|
||||
|
||||
authentication_require_role('admin');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if(authentication_has_role('global-admin')) {
|
||||
$list_domains = list_domains ();
|
||||
}
|
||||
else {
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
|
||||
$tAlias = array();
|
||||
$tMailbox = array();
|
||||
@ -103,7 +102,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
$row['created']=gmstrftime('%c %Z',$row['uts_created']);
|
||||
$row['modified']=gmstrftime('%c %Z',$row['uts_modified']);
|
||||
$row['active']=('t'==$row['active']) ? 1 : 0;
|
||||
$row['v_active']=('t'==$row['v_active']) ? 1 : 0;
|
||||
if(isset($row['v_active'])) {
|
||||
$row['v_active']=('t'==$row['v_active']) ? 1 : 0;
|
||||
}
|
||||
else {
|
||||
$row['v_active'] = -1 ; //unknown; broken query above..
|
||||
}
|
||||
unset($row['uts_created']);
|
||||
unset($row['uts_modified']);
|
||||
}
|
||||
|
104
password.php
104
password.php
@ -19,71 +19,71 @@
|
||||
// fPassword
|
||||
// fPassword2
|
||||
//
|
||||
require ("./variables.inc.php");
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
require_once('common.php');
|
||||
|
||||
authentication_require_role('admin');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/menu.tpl");
|
||||
include ("./templates/password.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/menu.tpl");
|
||||
include ("./templates/password.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
|
||||
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
|
||||
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
|
||||
if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
|
||||
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
|
||||
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
|
||||
|
||||
$username = $SESSID_USERNAME;
|
||||
$username = $SESSID_USERNAME;
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$checked_password = pacrypt ($fPassword_current, $row['password']);
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$checked_password = pacrypt ($fPassword_current, $row['password']);
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
|
||||
}
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
|
||||
}
|
||||
|
||||
if (empty ($fPassword) or ($fPassword != $fPassword2))
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_password_text = $PALANG['pPassword_password_text_error'];
|
||||
}
|
||||
if (empty ($fPassword) or ($fPassword != $fPassword2))
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_password_text = $PALANG['pPassword_password_text_error'];
|
||||
}
|
||||
|
||||
if ($error != 1)
|
||||
{
|
||||
$password = pacrypt ($fPassword);
|
||||
$result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$tMessage = $PALANG['pPassword_result_succes'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$tMessage = $PALANG['pPassword_result_error'];
|
||||
}
|
||||
}
|
||||
if ($error != 1)
|
||||
{
|
||||
$password = pacrypt ($fPassword);
|
||||
$result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$tMessage = $PALANG['pPassword_result_succes'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$tMessage = $PALANG['pPassword_result_error'];
|
||||
}
|
||||
}
|
||||
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/menu.tpl");
|
||||
include ("./templates/password.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
include ("./templates/header.tpl");
|
||||
include ("./templates/menu.tpl");
|
||||
include ("./templates/password.tpl");
|
||||
include ("./templates/footer.tpl");
|
||||
}
|
||||
?>
|
||||
|
21
search.php
21
search.php
@ -20,20 +20,17 @@
|
||||
// fGo
|
||||
// fDomain
|
||||
//
|
||||
require ("./variables.inc.php");
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session();
|
||||
if (!check_admin($SESSID_USERNAME))
|
||||
{
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
require_once('common.php');
|
||||
|
||||
authentication_require_role('admin');
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
if(authentication_has_role('global-admin')) {
|
||||
$list_domains = list_domains ();
|
||||
}
|
||||
else {
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
|
||||
|
||||
$tAlias = array();
|
||||
@ -109,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
|
||||
if (empty ($fSearch) && !empty ($fGo))
|
||||
{
|
||||
if (check_admin($SESSID_USERNAME))
|
||||
if (authentication_has_role('global-admin'))
|
||||
{
|
||||
header("Location: list-virtual.php?domain=" . $fDomain ) && exit;
|
||||
}
|
||||
|
10
sendmail.php
10
sendmail.php
@ -22,14 +22,14 @@
|
||||
// fSubject
|
||||
// fBody
|
||||
//
|
||||
require ("./variables.inc.php");
|
||||
require ("./config.inc.php");
|
||||
require ("./functions.inc.php");
|
||||
include ("./languages/" . check_language () . ".lang");
|
||||
|
||||
$SESSID_USERNAME = check_session ();
|
||||
require_once('common.php');
|
||||
|
||||
authentication_require_role('admin');
|
||||
|
||||
(($CONF['sendmail'] == 'NO') ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
include ("./templates/header.tpl");
|
||||
|
23
viewlog.php
23
viewlog.php
@ -19,22 +19,17 @@
|
||||
// fDomain
|
||||
//
|
||||
|
||||
if (!isset($incpath)) $incpath = '.';
|
||||
|
||||
require ("$incpath/variables.inc.php");
|
||||
require ("$incpath/config.inc.php");
|
||||
require ("$incpath/functions.inc.php");
|
||||
include ("$incpath/languages/" . check_language () . ".lang");
|
||||
require_once('common.php');
|
||||
|
||||
$SESSID_USERNAME = check_session();
|
||||
if (!check_admin($SESSID_USERNAME))
|
||||
{
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
authentication_require_role('admin');
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
if(authentication_has_role('global-admin')) {
|
||||
$list_domains = list_domains ();
|
||||
}
|
||||
else {
|
||||
$list_domains = list_domains_for_admin ($SESSID_USERNAME);
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
@ -45,7 +40,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
die('Unknown request method');
|
||||
}
|
||||
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME)) )
|
||||
if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')))
|
||||
{
|
||||
$error = 1;
|
||||
$tMessage = $PALANG['pViewlog_result_error'];
|
||||
@ -74,7 +69,7 @@ if ($error != 1)
|
||||
|
||||
include ("$incpath/templates/header.tpl");
|
||||
|
||||
if (check_admin($SESSID_USERNAME)) {
|
||||
if (authentication_has_role('global-admin')) {
|
||||
include ("$incpath/templates/admin_menu.tpl");
|
||||
} else {
|
||||
include ("$incpath/templates/menu.tpl");
|
||||
|
Loading…
Reference in New Issue
Block a user