if (isset($_POST['fPassword'])) { $fPassword = escape_string($_POST['fPassword']); } if (isset($_POST['fPassword2'])) { $fPassword2 = escape_string($_POST['fPassword2']); } isset($_POST['fName']) ? $fName = escape_string($_POST['fName']) : ($fName = ""); if (isset($_POST['fDomain'])) { $fDomain = escape_string($_POST['fDomain']); } isset($_POST['fQuota']) ? $fQuota = intval($_POST['fQuota']) : ($fQuota = 0); isset($_POST['fActive']) ? $fActive = escape_string($_POST['fActive']) : ($fActive = "1"); if (isset($_POST['fMail'])) { $fMail = escape_string($_POST['fMail']); } if (!check_owner($SESSID_USERNAME, $fDomain) && !authentication_has_role('global-admin')) { $error = 1; $tUsername = escape_string($_POST['fUsername']); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; $pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error1']; } if (!check_mailbox($fDomain)) { $error = 1; $tUsername = escape_string($_POST['fUsername']); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; $pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3']; }
function _get_zone_by_key($key, $value) { if ($value !== '') { foreach (get_all_zones() as $zone) { if ($zone[$key] === $value) { $zone['owner'] = get_zone_owner($zone['name'], 'admin'); if (!check_owner($zone)) { jtable_respond(null, 'error', 'Access denied'); } return $zone; } } } header('Status: 404 Not found'); jtable_respond(null, 'error', "Zone not found"); }
# no domains (for this admin at least) - redirect to domain list exit; } if (is_array($list_domains) and sizeof($list_domains) > 0) { if (empty($fDomain)) { $fDomain = escape_string($list_domains[0]); } } if (!in_array($fDomain, $list_domains)) { flash_error($PALANG['invalid_parameter']); unset($_SESSION['list-virtual:domain']); header("Location: list.php?table=domain"); # invalid domain, or not owned by this admin exit; } if (!check_owner(authentication_get_username(), $fDomain)) { flash_error($PALANG['invalid_parameter'] . " If you see this message, please open a bugreport"); # this check is most probably obsoleted by the in_array() check above unset($_SESSION['list-virtual:domain']); header("Location: list.php?table=domain"); # domain not owned by this admin exit(0); } // store domain and page browser offset in $_SESSION so after adding/editing aliases/mailboxes we can // take the user back to the appropriate domain listing. $_SESSION['list-virtual:domain'] = $fDomain; $_SESSION['prefill:alias:domain'] = $fDomain; $_SESSION['prefill:mailbox:domain'] = $fDomain; $_SESSION['prefill:aliasdomain:target_domain'] = $fDomain; $_SESSION['list-virtual:limit'] = $fDisplay; #
if ('pgsql' == $CONF['database_type']) { $row['modified'] = gmstrftime('%c %Z', $row['modified']); $row['active'] = 't' == $row['active'] ? 1 : 0; } $tAlias[] = $row; } } } if ($CONF['vacation_control_admin'] == 'YES' && $CONF['vacation'] == 'YES') { $query = "SELECT {$table_mailbox}.*, {$table_vacation}.active AS v_active FROM {$table_mailbox} LEFT JOIN {$table_vacation} ON {$table_mailbox}.username={$table_vacation}.email WHERE {$table_mailbox}.username LIKE '%{$fSearch}%' OR {$table_mailbox}.name LIKE '%{$fSearch}%' ORDER BY {$table_mailbox}.username"; } else { $query = "SELECT * FROM {$table_mailbox} WHERE username LIKE '%{$fSearch}%' OR name LIKE '%{$fSearch}%' ORDER BY username"; } $result = db_query($query); if ($result['rows'] > 0) { while ($row = db_array($result['result'])) { if (check_owner($SESSID_USERNAME, $row['domain']) || authentication_has_role('global-admin')) { if ('pgsql' == $CONF['database_type']) { $row['created'] = gmstrftime('%c %Z', strtotime($row['created'])); $row['modified'] = gmstrftime('%c %Z', strtotime($row['modified'])); $row['active'] = 't' == $row['active'] ? 1 : 0; } $tMailbox[] = $row; } } } include "templates/header.php"; include "templates/menu.php"; include "templates/search.php"; include "templates/footer.php"; // vim:ts=4:sw=4:et
# TODO: Does this really make sense? Or should we display a message "please create a mailbox first!"? } $row_id = 0; if ($delete) { $row_id = $delete; } elseif ($edit) { $row_id = $edit; } if ($row_id) { $result = db_query("SELECT " . implode(",", escape_string(array_keys($fm_struct))) . " FROM fetchmail WHERE id=" . $row_id); if ($result['rows'] > 0) { $edit_row = db_array($result['result']); $account = $edit_row['src_user'] . " @ " . $edit_row['src_server']; } $edit_row_domain = explode('@', $edit_row['mailbox']); if ($result['rows'] <= 0 || !check_owner($SESSID_USERNAME, $edit_row_domain[1])) { # owner check for $edit and $delete flash_error(sprintf($PALANG['pFetchmail_error_invalid_id'], $row_id)); $edit = 0; $delete = 0; } } if ($cancel) { # cancel $new or $edit $edit = 0; $new = 0; } elseif ($delete) { # delete an entry $result = db_query("delete from fetchmail WHERE id=" . $delete); if ($result['rows'] != 1) { flash_error($PALANG['pDelete_delete_error']) . '</span>';
$cmok = '0' . $cm; } else { $cmok = $cm; } if ($day_app[$chok][$cmok][tot] > 0 || $day_app_ext[$chok][$cmok][tot] > 0) { if (is_array($day_app[$chok][$cmok])) { foreach ($day_app[$chok][$cmok] as $k => $appunt) { if (is_int($k)) { $res .= ' <a target="_parent" href="appunt_show.php?id=' . $appunt[id] . '">' . $appunt[title] . '</a><br>'; } } } if (is_array($day_app_ext[$chok][$cmok])) { foreach ($day_app_ext[$chok][$cmok] as $k2 => $appunt_ext) { if (is_int($k2)) { $res2 .= ' <a target="_parent" href="appunt_show.php?id=' . $appunt_ext[id] . '">' . $appunt_ext[title] . ' (<b>' . check_owner($appunt_ext[permessi]) . '</b>)</a><br>'; } } } } $ext_app = ""; if ($res2 == "") { $ext_app = ""; } elseif ($res == "" && $res2 != "") { $ext_app = "<b>" . CALENDAR_APPS_COL . "</b><br>{$res2}"; } elseif ($res != "" && $res2 != "") { $ext_app = "<br><b>" . CALENDAR_APPS_COL . "</b><br>{$res2}"; } if ($res == "" && $res2 == "" && $cmok == "00") { print '<tr class="riga-cal-01" onMouseOver="this.className=\'riga-cal-01-over\'" onMouseOut="this.className=\'riga-cal-01\'"> <th width="4%" align="left" valign="top" nowrap><a target="_parent" href="new_app.php?day=' . $curday . '&month=' . $curmonth . '&year=' . $curyear . '&min=0&hour=' . $chok . '" class="ora-cal-giorno-link">' . $chok . '.00 h </a></th>
$result_alias = db_delete($table_alias, $fWhere, $fDelete); $result_mailbox = db_delete($table_mailbox, $fWhere, $fDelete); $result_log = db_delete($table_log, $fWhere, $fDelete); if ($CONF['vacation'] == "YES") { $result_vacation = db_delete($table_vacation, $fWhere, $fDelete); } $result_domain = db_delete($table_domain, $fWhere, $fDelete); if (!$result_domain || !domain_postdeletion($fDelete)) { $error = 1; $tMessage = $PALANG['pAdminDelete_domain_error']; } else { $url = "list-domain.php"; header("Location: {$url}"); } } elseif ($fTable == "alias" or $fTable == "mailbox") { if (!check_owner($SESSID_USERNAME, $fDomain)) { $error = 1; $tMessage = $PALANG['pDelete_domain_error'] . "<b>{$fDomain}</b>!</span>"; } elseif (!check_alias_owner($SESSID_USERNAME, $fDelete)) { $error = 1; $tMessage = $PALANG['pDelete_alias_error'] . "<b>{$fDelete}</b>!</span>"; } else { if ($CONF['database_type'] == "pgsql") { db_query('BEGIN'); } $result = db_query("DELETE FROM {$table_alias} WHERE address='{$fDelete}' AND domain='{$fDomain}'"); if ($result['rows'] != 1) { $error = 1; $tMessage = $PALANG['pDelete_delete_error'] . "<b>{$fDelete}</b> (alias)!</span>"; } else { db_log($SESSID_USERNAME, $fDomain, 'delete_alias', $fDelete);