Beispiel #1
0
$domainid = hmailGetVar("domainid", null);
if (hmailGetAdminLevel() == 0) {
    hmailHackingAttemp();
}
// Users are not allowed to show this page.
if (hmailGetAdminLevel() == 1 && $domainid != hmailGetDomainID()) {
    hmailHackingAttemp();
}
// Domain admin but not for this domain.
echo '<table border="0" width="100%" cellpadding="5">';
$bgcolor = "#EEEEEE";
$obDomain = $obBaseApp->Domains->ItemByDBID($domainid);
$obAccounts = $obDomain->Accounts();
$Count = $obAccounts->Count();
$str_delete = $obLanguage->String("Remove");
$currentaccountid = hmailGetAccountID();
$str_accountaddress = $obLanguage->String("Address");
$str_maxsizemb = $obLanguage->String("Maximum size (MB)");
echo "<tr bgcolor=\"#CCCCCC\">";
echo "<td width=\"60%\">{$str_accountaddress}</td>";
echo "<td width=\"20%\">{$str_maxsizemb}</td>";
echo "<td width=\"20%\"></td>";
echo "</tr>";
$obAccounts = $obDomain->Accounts;
for ($i = 0; $i < $Count; $i++) {
    $obAccount = $obAccounts->Item($i);
    $accountaddress = $obAccount->Address;
    $accountid = $obAccount->ID;
    $accountmaxsize = $obAccount->MaxSize();
    $accountaddress = PreprocessOutput($accountaddress);
    $accountaddress_escaped = GetStringForJavaScript($accountaddress);
<?php

if (!defined('IN_WEBADMIN')) {
    exit;
}
$domainid = hmailGetVar("domainid", 0);
$accountid = hmailGetVar("accountid", 0);
$faid = hmailGetVar("faid", 0);
$action = hmailGetVar("action", "");
if (hmailGetAdminLevel() == 0 && ($accountid != hmailGetAccountID() || $domainid != hmailGetDomainID())) {
    hmailHackingAttemp();
}
if (hmailGetAdminLevel() == 1 && $domainid != hmailGetDomainID()) {
    hmailHackingAttemp();
}
// Domain admin but not for this domain.
$obDomain = $obBaseApp->Domains->ItemByDBID($domainid);
$obAccount = $obDomain->Accounts->ItemByDBID($accountid);
$obFetchAccounts = $obAccount->FetchAccounts();
if ($action == "edit") {
    $obFA = $obFetchAccounts->ItemByDBID($faid);
} elseif ($action == "add") {
    $obFA = $obFetchAccounts->Add();
} elseif ($action == "delete") {
    $obFetchAccounts->DeleteByDBID($faid);
    header("Location: index.php?page=account_externalaccounts&domainid={$domainid}&accountid={$accountid}");
    exit;
} elseif ($action == "downloadnow") {
    $obFA = $obFetchAccounts->ItemByDBID($faid);
    $obFA->DownloadNow();
    header("Location: index.php?page=account_externalaccounts&domainid={$domainid}&accountid={$accountid}");
Beispiel #3
0
function GetHasRuleAccess($domainid, $accountid)
{
    global $hmail_config;
    if (hmailGetAdminLevel() == ADMIN_SERVER) {
        // server admin always have access.
        return true;
    } else {
        if (hmailGetAdminLevel() == ADMIN_DOMAIN) {
            // Domain admin has access if domain access is enabled.
            if ($hmail_config['rule_editing_level'] == ADMIN_DOMAIN && hmailGetDomainID() == $domainid && $accountid != 0) {
                return true;
            }
            // Domain admin has access if user-level is permitted and the account
            // is under the domain admins control.
            if ($hmail_config['rule_editing_level'] == ADMIN_USER && hmailGetDomainID() == $domainid) {
                return true;
            }
        } else {
            if (hmailGetAdminLevel() == ADMIN_USER) {
                // user has access if enabled and the rule is connected to his account.
                if ($hmail_config['rule_editing_level'] == ADMIN_USER && hmailGetDomainID() == $domainid && hmailGetAccountID() == $accountid) {
                    return true;
                }
            }
        }
    }
    return false;
}
$addomain = hmailGetVar("addomain", "0");
$adusername = hmailGetVar("adusername", "");
$SignatureEnabled = hmailGetVar("SignatureEnabled", "0");
$SignatureHTML = hmailGetVar("SignatureHTML", "");
$SignaturePlainText = hmailGetVar("SignaturePlainText", "0");
if ($action == "edit") {
    $obAccount = $obDomain->Accounts->ItemByDBID($accountid);
} elseif ($action == "add") {
    $obAccount = $obDomain->Accounts->Add();
} elseif ($action == "delete") {
    $obAccount = $obDomain->Accounts->DeleteByDBID($accountid);
    header("Location: index.php?page=accounts&domainid={$domainid}");
    exit;
}
// If this is the current user, we need to update the session password.
if ($action == "edit" && $accountid == hmailGetAccountID()) {
    if ($accountpassword != "") {
        $_SESSION['session_password'] = $accountpassword;
    }
}
if ($accountpassword != "") {
    $obAccount->Password = "******";
}
$obAccount->PersonFirstName = $PersonFirstName;
$obAccount->PersonLastName = $PersonLastName;
$obAccount->VacationMessageIsOn = $vacationmessageon == "1";
$obAccount->VacationSubject = $vacationsubject;
$obAccount->VacationMessage = $vacationmessage;
$obAccount->VacationMessageExpires = $vacationmessageexpires;
$obAccount->VacationMessageExpiresDate = $vacationmessageexpiresdate;
$obAccount->ForwardEnabled = $forwardenabled == "1";