/**
* All in one function to check who owns what.
*
* @throws iMSCP_Exception
* @param mixed $id FTP/mail/domain/alias/subdomain/etc id to check
* @param string $type What kind of id $id is
* @param boolean $forcefinal Ignore the resolver's is_final value (force as yes)
* @return int The id of the admin who owns the id $id of $type type
*/
function who_owns_this($id, $type = 'dmn', $forcefinal = false)
{
$who = null;
// Fix $type according to type or by alias
switch ($type) {
case 'dmn_id':
$type = 'domain_id';
break;
case 'sub_id':
$type = 'subdomain_id';
break;
case 'als_id':
$type = 'alias_id';
break;
case 'user':
$type = 'client';
break;
case 'admin_sys_uid':
$type = 'uid';
break;
case 'ticket':
$type = 'ticket_id';
break;
case 'admin_sys_gid':
$type = 'gid';
break;
case 'sqlu_id':
case 'sqluser_id':
$type = 'sql_user_id';
break;
case 'sqld_id':
case 'sqldatabase_id':
$type = 'sql_database_id';
break;
case 'ftpuser':
case 'ftpuserid':
case 'ftp_userid':
$type = 'ftp_user';
break;
case 'sqluser':
case 'sqlu':
case 'sqlu_name':
// Can't guess by type
$type = 'sql_user';
break;
case 'sqldatabase':
case 'sqld':
case 'sqld_name':
// Can't guess by type
$type = 'sql_database';
break;
case 'dmn':
case 'normal':
case 'domain':
if (!is_numeric($id)) {
$type = 'domain';
} else {
$type = 'domain_id';
}
break;
case 'als':
case 'alias':
case 'domain_alias':
if (!is_numeric($id)) {
$type = 'alias';
} else {
$type = 'alias_id';
}
break;
case 'sub':
case 'subdom':
case 'subdomain':
if (!is_numeric($id)) {
$type = 'subdomain';
} else {
$type = 'subdomain_id';
}
break;
case 'alssub':
if (!is_numeric($id)) {
$type = 'subdomain_alias';
} else {
$type = 'subdomain_alias_id';
}
break;
}
/**
* $resolvers is a multi-dimensional array.
* Its elements keys are the value that will be matched by $type.
* Each element is an array, containing at least two elements:
* 'query' and 'is_final'
* The former is the SQL query that should only SELECT one item; or false in case a query isn't used.
* The latter is a boolean which specifies whether the result of that 'resolver' is an admin id or not
*
* Other elements might be:
* 'next', 'separator', 'pos'
*
* 'next' is the $type value for the next call to who_owns_this (only used when 'is_final' is false)
* 'separator' is the separator to be used when exploding the $id (only used when 'query' is false)
* 'post' is the position in the array/result of exploding $id (only used when 'query' is false)
*
* NOTE: 'query' MUST be formated like: 'SELECT something FROM...' in order to correctly detect the field being selected
*/
$resolvers = array();
$resolvers['domain_id'] = array();
$resolvers['domain_id']['query'] = 'SELECT `domain_admin_id` FROM `domain` WHERE `domain_id` = ? LIMIT 1;';
$resolvers['domain_id']['is_final'] = true;
$resolvers['alias_id'] = array();
$resolvers['alias_id']['query'] = 'SELECT `domain_id` FROM `domain_aliasses` WHERE `alias_id` = ? LIMIT 1;';
$resolvers['alias_id']['is_final'] = false;
$resolvers['alias_id']['next'] = 'dmn';
$resolvers['alias'] = array();
$resolvers['alias']['query'] = 'SELECT `domain_id` FROM `domain_aliasses` WHERE `alias_name` = ? LIMIT 1;';
$resolvers['alias']['is_final'] = false;
$resolvers['alias']['next'] = 'dmn';
$resolvers['subdomain_id'] = array();
$resolvers['subdomain_id']['query'] = 'SELECT `domain_id` FROM `subdomain` WHERE `subdomain_id` = ? LIMIT 1;';
$resolvers['subdomain_id']['is_final'] = false;
$resolvers['subdomain_id']['next'] = 'dmn';
$resolvers['subdomain'] = array();
$resolvers['subdomain']['query'] = false;
$resolvers['subdomain']['separator'] = '.';
$resolvers['subdomain']['pos'] = 1;
$resolvers['subdomain']['is_final'] = false;
$resolvers['subdomain']['next'] = 'dmn';
$resolvers['subdomain_alias_id'] = array();
$resolvers['subdomain_alias_id']['query'] = 'SELECT `alias_id` FROM `subdomain_alias` WHERE `subdomain_alias_id` = ? LIMIT 1;';
$resolvers['subdomain_alias_id']['is_final'] = false;
$resolvers['subdomain_alias_id']['next'] = 'alias';
$resolvers['subdomain_alias'] = array();
$resolvers['subdomain_alias']['query'] = false;
$resolvers['subdomain_alias']['separator'] = '.';
$resolvers['subdomain_alias']['pos'] = 1;
$resolvers['subdomain_alias']['is_final'] = false;
$resolvers['subdomain_alias']['next'] = 'alias';
$resolvers['client'] = array();
$resolvers['client']['query'] = 'SELECT `created_by` FROM `admin` WHERE `admin_id` = ? LIMIT 1;';
$resolvers['client']['is_final'] = true;
$resolvers['reseller'] = $resolvers['admin'] = $resolvers['client'];
$resolvers['domain'] = array();
$resolvers['domain']['query'] = 'SELECT `domain_admin_id` FROM `domain` WHERE `domain` = ? LIMIT 1;';
$resolvers['domain']['is_final'] = true;
$resolvers['ticket_id'] = array();
$resolvers['ticket_id']['query'] = 'SELECT `ticket_from` FROM `ticket` WHERE `ticket_id` = ? LIMIT 1;';
$resolvers['ticket_id']['is_final'] = true;
$resolvers['uid'] = array();
$resolvers['uid']['query'] = 'SELECT `admin_id` FROM `admin` WHERE `admin_sys_uid` = ? LIMIT 1;';
$resolvers['uid']['is_final'] = true;
$resolvers['gid'] = array();
$resolvers['gid']['query'] = 'SELECT `admin_id` FROM `admin` WHERE `admin_sys_gid` = ? LIMIT 1;';
$resolvers['gid']['is_final'] = true;
$resolvers['ftp_user'] = array();
$resolvers['ftp_user']['query'] = 'SELECT `admin_id` FROM `ftp_users` WHERE `userid` = ? LIMIT 1;';
$resolvers['ftp_user']['is_final'] = true;
$resolvers['sql_user_id'] = array();
$resolvers['sql_user_id']['query'] = 'SELECT `sqld_id` FROM `sql_user` WHERE `sqlu_id` = ? LIMIT 1;';
$resolvers['sql_user_id']['is_final'] = false;
$resolvers['sql_user_id']['next'] = 'sqld_id';
$resolvers['sql_database_id'] = array();
$resolvers['sql_database_id']['query'] = 'SELECT `domain_id` FROM `sql_database` WHERE `sqld_id` = ? LIMIT 1;';
$resolvers['sql_database_id']['is_final'] = false;
$resolvers['sql_database_id']['next'] = 'dmn';
$resolvers['sql_user'] = array();
$resolvers['sql_user']['query'] = 'SELECT sqld_id FROM sql_user WHERE sqlu_name = ? LIMIT 1;';
$resolvers['sql_user']['is_final'] = false;
$resolvers['sql_user']['next'] = 'sqld_id';
$resolvers['sql_database'] = array();
$resolvers['sql_database']['query'] = 'SELECT `domain_id` FROM `sql_database` WHERE `sqld_name` = ? LIMIT 1;';
$resolvers['sql_database']['is_final'] = false;
$resolvers['sql_database']['next'] = 'dmn';
$resolvers['mail_id'] = array();
$resolvers['mail_id']['query'] = 'SELECT `domain_id` FROM `mail_users` WHERE `mail_id` = ? LIMIT 1;';
$resolvers['mail_id']['is_final'] = false;
$resolvers['mail_id']['next'] = 'dmn';
$resolvers['mail'] = array();
$resolvers['mail']['query'] = false;
$resolvers['mail']['separator'] = '@';
$resolvers['mail']['post'] = 1;
$resolvers['mail']['is_final'] = false;
$resolvers['mail']['next'] = 'dmn';
$resolvers['htaccess_id'] = array();
$resolvers['htaccess_id']['query'] = 'SELECT `dmn_id` FROM `htaccess` WHERE `id` = ? LIMIT 1;';
$resolvers['htaccess_id']['is_final'] = false;
$resolvers['htaccess_id']['next'] = 'dmn';
$resolvers['htaccess_group_id'] = array();
$resolvers['htaccess_group_id']['query'] = 'SELECT `dmn_id` FROM `htaccess_groups` WHERE `id` = ? LIMIT 1;';
$resolvers['htaccess_group_id']['is_final'] = false;
$resolvers['htaccess_group_id']['next'] = 'dmn';
$resolvers['htaccess_user_id'] = array();
$resolvers['htaccess_user_id']['query'] = 'SELECT `dmn_id` FROM `htaccess_users` WHERE `id` = ? LIMIT 1;';
$resolvers['htaccess_user_id']['is_final'] = false;
$resolvers['htaccess_user_id']['next'] = 'dmn';
$resolvers['hosting_plan_id'] = array();
$resolvers['hosting_plan_id']['query'] = 'SELECT `reseller_id` FROM `hosting_plans` WHERE `id` = ? LIMIT 1;';
$resolvers['hosting_plan_id']['is_final'] = true;
if (isset($resolvers[$type])) {
$r = $resolvers[$type];
if ($r['query']) {
$matches = array();
if (!preg_match('/SELECT[ \\t]+`([\\w]+)`[ \\t]+FROM/i', $r['query'], $matches)) {
throw new iMSCP_Exception(tr('Malformed resolver SQL query'));
}
$select = $matches[1];
$stmt = exec_query($r['query'], $id);
if ($stmt->rowCount()) {
if ($r['is_final'] || $forcefinal) {
$who = $stmt->fields[$select];
} else {
$who = who_owns_this($stmt->fields[$select], $r['next']);
}
}
} else {
$ex = explode($r['separator'], $id);
if (!$r['is_final'] && !$forcefinal) {
$who = who_owns_this($r['pos'], $r['next']);
} else {
$who = $ex[$r['pos']];
}
}
}
if ($type != 'admin' && (empty($who) || $who <= 0)) {
$who = null;
}
return $who;
}
function create_catchall_mail_account($sql, $id)
{
$cfg = EasySCP_Registry::get('Config');
list($realId, $type) = explode(';', $id);
// Check if user is owner of the domain
if (!preg_match('(normal|alias|subdom|alssub)', $type) || who_owns_this($realId, $type) != $_SESSION['user_id']) {
set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'error');
user_goto('mail_catchall.php');
}
$match = array();
if (isset($_POST['uaction']) && $_POST['uaction'] === 'create_catchall' && $_POST['mail_type'] === 'normal') {
if (preg_match("/(\\d+);(normal|alias|subdom|alssub)/", $id, $match) == 1) {
$item_type = $match[2];
$post_mail_id = $_POST['mail_id'];
if (preg_match("/(\\d+);([^;]+);/", $post_mail_id, $match) == 1) {
$mail_id = $match[1];
$mail_acc = $match[2];
if ($item_type === 'normal') {
$mail_type = 'normal_catchall';
} elseif ($item_type === 'alias') {
$mail_type = 'alias_catchall';
} elseif ($item_type === 'subdom') {
$mail_type = 'subdom_catchall';
} elseif ($item_type === 'alssub') {
$mail_type = 'alssub_catchall';
}
$query = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`domain_id`, `sub_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`mail_users`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`mail_id` = ?\n\t\t\t\t";
$rs = exec_query($sql, $query, $mail_id);
$domain_id = $rs->fields['domain_id'];
$sub_id = $rs->fields['sub_id'];
$status = $cfg->ITEM_ADD_STATUS;
// find the mail_addr (catchall -> "@(sub/alias)domain.tld", should be domain part of mail_acc
$match = explode('@', $mail_acc);
$mail_addr = '@' . $match[1];
$query = "\n\t\t\t\t\tINSERT INTO `mail_users`\n\t\t\t\t\t\t(`mail_acc`,\n\t\t\t\t\t\t`mail_pass`,\n\t\t\t\t\t\t`mail_forward`,\n\t\t\t\t\t\t`domain_id`,\n\t\t\t\t\t\t`mail_type`,\n\t\t\t\t\t\t`sub_id`,\n\t\t\t\t\t\t`status`,\n\t\t\t\t\t\t`quota`,\n\t\t\t\t\t\t`mail_addr`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?, ?, ?, ?, ?, ?)\n\t\t\t\t";
exec_query($sql, $query, array($mail_acc, '_no_', '_no_', $domain_id, $mail_type, $sub_id, $status, NULL, $mail_addr));
send_request('130 MAIL ' . $domain_id);
write_log($_SESSION['user_logged'] . ": adds new email catch all");
set_page_message(tr('Catch all account scheduled for creation!'), 'success');
user_goto('mail_catchall.php');
} else {
user_goto('mail_catchall.php');
}
}
} else {
if (isset($_POST['uaction']) && $_POST['uaction'] === 'create_catchall' && $_POST['mail_type'] === 'forward' && isset($_POST['forward_list'])) {
if (preg_match("/(\\d+);(normal|alias|subdom|alssub)/", $id, $match) == 1) {
$item_id = $match[1];
$item_type = $match[2];
if ($item_type === 'normal') {
$mail_type = 'normal_catchall';
$sub_id = '0';
$domain_id = $item_id;
$query = "SELECT `domain_name` FROM `domain` WHERE `domain_id` = ?";
$rs = exec_query($sql, $query, $domain_id);
$mail_addr = '@' . $rs->fields['domain_name'];
} elseif ($item_type === 'alias') {
$mail_type = 'alias_catchall';
$sub_id = $item_id;
$query = "SELECT `domain_aliasses`.`domain_id`, `alias_name` FROM `domain_aliasses` WHERE `alias_id` = ?";
$rs = exec_query($sql, $query, $item_id);
$domain_id = $rs->fields['domain_id'];
$mail_addr = '@' . $rs->fields['alias_name'];
} elseif ($item_type === 'subdom') {
$mail_type = 'subdom_catchall';
$sub_id = $item_id;
$query = "SELECT `subdomain`.`domain_id`, `subdomain_name`, `domain_name` FROM `subdomain`, `domain`\n\t\t\t\t\tWHERE `subdomain_id` = ? AND `domain`.`domain_id` = `subdomain`.`domain_id`";
$rs = exec_query($sql, $query, $item_id);
$domain_id = $rs->fields['domain_id'];
$mail_addr = '@' . $rs->fields['subdomain_name'] . '.' . $rs->fields['domain_name'];
} elseif ($item_type === 'alssub') {
$mail_type = 'alssub_catchall';
$sub_id = $item_id;
$query = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tt1.`subdomain_alias_name`,\n\t\t\t\t\t\tt2.`alias_name`,\n\t\t\t\t\t\tt2.`domain_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`subdomain_alias` AS t1,\n\t\t\t\t\t\t`domain_aliasses` AS t2\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tt1.`subdomain_alias_id` = ?\n\t\t\t\t\tAND\n\t\t\t\t\t\tt1.`alias_id` = t2.`alias_id`\n\t\t\t\t\t";
$rs = exec_query($sql, $query, $item_id);
$domain_id = $rs->fields['domain_id'];
$mail_addr = '@' . $rs->fields['subdomain_alias_name'] . '.' . $rs->fields['alias_name'];
}
$mail_forward = clean_input($_POST['forward_list']);
$mail_acc = array();
$faray = preg_split("/[\n,]+/", $mail_forward);
foreach ($faray as $value) {
$value = trim($value);
if (!chk_email($value) && $value !== '' || $value === '') {
// @todo ERROR .. strange :) not email in this line - warning
set_page_message(tr("Mail forward list error!"), 'error');
return;
}
$mail_acc[] = $value;
}
$status = $cfg->ITEM_ADD_STATUS;
$query = "\n\t\t\t\tINSERT INTO `mail_users`\n\t\t\t\t\t(`mail_acc`,\n\t\t\t\t\t`mail_pass`,\n\t\t\t\t\t`mail_forward`,\n\t\t\t\t\t`domain_id`,\n\t\t\t\t\t`mail_type`,\n\t\t\t\t\t`sub_id`,\n\t\t\t\t\t`status`,\n\t\t\t\t\t`quota`,\n\t\t\t\t\t`mail_addr`)\n\t\t\t\tVALUES\n\t\t\t\t\t(?, ?, ?, ?, ?, ?, ?, ?, ?)\n\t\t\t";
exec_query($sql, $query, array(implode(',', $mail_acc), '_no_', '_no_', $domain_id, $mail_type, $sub_id, $status, NULL, $mail_addr));
send_request('130 MAIL ' . $domain_id);
write_log($_SESSION['user_logged'] . ": adds new email catch all ");
set_page_message(tr('Catch all account scheduled for creation!'), 'success');
user_goto('mail_catchall.php');
} else {
user_goto('mail_catchall.php');
}
}
}
}
/**
* Checks if an user has permissions on a specific SQL user
*
* @param int $sqlUserId SQL user unique identifier
* @return bool TRUE if the logged in user has permission on SQL user, FALSE otherwise
*/
function check_user_sql_perms($sqlUserId)
{
return who_owns_this($sqlUserId, 'sqlu_id') == $_SESSION['user_id'];
}
if (isset($_GET['action']) && $_GET['action'] === "activate") {
if (isset($_GET['act_id']) && !empty($_GET['act_id'])) {
$act_id = $_GET['act_id'];
} else {
$_SESSION['orderalact'] = '_no_';
user_goto('alias.php');
}
$query = "SELECT `alias_name` FROM `domain_aliasses` WHERE `alias_id` = ?";
$rs = exec_query($sql, $query, $act_id);
if ($rs->recordCount() == 0) {
user_goto('alias.php');
}
$alias_name = $rs->fields['alias_name'];
$query = "UPDATE `domain_aliasses` SET `status` = '{$cfg->ITEM_ADD_STATUS}' WHERE `alias_id` = ?";
$rs = exec_query($sql, $query, $act_id);
$domain_id = who_owns_this($act_id, 'als_id', true);
$query = 'SELECT `email` FROM `admin`, `domain` WHERE `admin`.`admin_id` = `domain`.`domain_admin_id` AND `domain`.`domain_id` = ?';
$rs = exec_query($sql, $query, $domain_id);
if ($rs->recordCount() == 0) {
user_goto('alias.php');
}
$user_email = $rs->fields['email'];
// Create the 3 default addresses if wanted
if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) {
client_mail_add_default_accounts($domain_id, $user_email, $alias_name, 'alias', $act_id);
}
// enable "ordered"/pending email accounts
// ??? are there pending mail_addresses ???, joximu
$query = "UPDATE `mail_users` SET `status` = ? WHERE `sub_id` = ? AND `domain_id` = ? AND `status` = ? AND `mail_type` LIKE 'alias%'";
$rs = exec_query($sql, $query, array($cfg->ITEM_ADD_STATUS, $act_id, $domain_id, $cfg->ITEM_ORDERED_STATUS));
send_request('110 DOMAIN alias ' . $act_id);
*/
require '../../include/easyscp-lib.php';
check_login(__FILE__);
// let's back to admin interface - am I admin or what ? :-)
if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id']) && isset($_GET['action']) && $_GET['action'] == "go_back") {
change_user_interface($_SESSION['user_id'], $_SESSION['logged_from_id']);
} else {
if (isset($_SESSION['user_id']) && isset($_GET['to_id'])) {
$to_id = $_GET['to_id'];
// admin logged as reseller:
if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id'])) {
$from_id = $_SESSION['logged_from_id'];
} else {
// reseller:
$from_id = $_SESSION['user_id'];
if (who_owns_this($to_id, 'client') != $from_id) {
set_page_message(tr('User does not exist or you do not have permission to access this interface!'), 'error');
user_goto('users.php?psi=last');
}
}
// Remember some data
if (isset($_SESSION['search_for'])) {
$_SESSION['uistack'] = array('search_for' => $_SESSION['search_for']);
if (isset($_SESSION['search_status'])) {
$_SESSION['uistack']['search_status'] = $_SESSION['search_status'];
}
if (isset($_SESSION['search_common'])) {
$_SESSION['uistack']['search_common'] = $_SESSION['search_common'];
}
if (isset($_SESSION['search_page'])) {
$_SESSION['uistack']['search_page'] = $_SESSION['search_page'];
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditFtp, array('ftpUserId' => $userid));
write_log(sprintf("%s updated Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE);
set_page_message(tr('FTP account successfully updated.'), 'success');
}
return $ret;
}
/***********************************************************************************************************************
* Main
*/
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onClientScriptStart);
check_login('user');
customerHasFeature('ftp') or showBadRequestErrorPage();
if (isset($_GET['id'])) {
$userid = clean_input($_GET['id']);
if (who_owns_this($userid, 'ftpuser') != $_SESSION['user_id']) {
showBadRequestErrorPage();
}
$stmt = exec_query("SELECT `domain_name` FROM `domain` WHERE`domain_admin_id` = ?", $_SESSION['user_id']);
$mainDomainName = $stmt->fields['domain_name'];
if (!empty($_POST)) {
if (updateFtpAccount($userid, $mainDomainName)) {
redirectTo('ftp_accounts.php');
}
}
$tpl = new iMSCP_pTemplate();
$tpl->define_dynamic(array('layout' => 'shared/layouts/ui.tpl', 'page' => 'client/ftp_edit.tpl', 'page_message' => 'layout'));
$tpl->assign(array('TR_PAGE_TITLE' => tr('Client / FTP / Overview / Edit FTP Account'), 'TR_FTP_DIRECTORIES' => tojs('Ftp directories'), 'TR_CLOSE' => tojs(tr('Close')), 'TR_FTP_USER_DATA' => tr('Ftp account data'), 'TR_USERNAME' => tr('Username'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Repeat password'), 'TR_HOME_DIR' => tr('Home directory'), 'CHOOSE_DIR' => tr('Choose dir'), 'TR_CHANGE' => tr('Update'), 'TR_CANCEL' => tr('Cancel')));
generatePageData($tpl, $userid, $mainDomainName);
generateNavigation($tpl);
generatePageMessage($tpl);
* Portions created by the ispCP Team are Copyright (C) 2006-2010 by
* isp Control Panel. All Rights Reserved.
*
* Portions created by the i-MSCP Team are Copyright (C) 2010-2015 by
* i-MSCP - internet Multi Server Control Panel. All Rights Reserved.
*/
// Include needed libraries
require 'imscp-lib.php';
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onResellerScriptStart);
// Check for login
check_login('reseller');
// Switch back to admin
if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id']) && isset($_GET['action']) && $_GET['action'] == 'go_back') {
change_user_interface($_SESSION['user_id'], $_SESSION['logged_from_id']);
} elseif (isset($_SESSION['user_id']) && isset($_GET['to_id'])) {
// Switch to customer
$toUserId = intval($_GET['to_id']);
// Admin logged as reseller:
if (isset($_SESSION['logged_from']) && isset($_SESSION['logged_from_id'])) {
$fromUserId = $_SESSION['logged_from_id'];
} else {
// reseller to customer
$fromUserId = $_SESSION['user_id'];
if (who_owns_this($toUserId, 'client') != $fromUserId) {
showBadRequestErrorPage();
}
}
change_user_interface($fromUserId, $toUserId);
} else {
showBadRequestErrorPage();
}
/**
* Send alias order email
*
* @param string $aliasName
* @return void
*/
function send_alias_order_email($aliasName)
{
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$userId = $_SESSION['user_id'];
$resellerId = who_owns_this($userId, 'user');
$stmt = exec_query('SELECT fname, lname FROM admin WHERE admin_id = ?', $userId);
$userFirstname = $stmt->fields['fname'];
$userLastname = $stmt->fields['lname'];
$userEmail = $_SESSION['user_email'];
$data = get_alias_order_email($resellerId);
$toName = $data['sender_name'];
$toEmail = $data['sender_email'];
$subject = $data['subject'];
$message = $data['message'];
$to = $toName ? encode_mime_header($toName) . " <{$toEmail}>" : $toEmail;
if ($userFirstname && $userLastname) {
$fromName = "{$userFirstname} {$userLastname}";
$from = encode_mime_header($fromName) . " <{$userEmail}>";
} else {
if ($userFirstname) {
$fromName = $userFirstname;
} else {
if ($userLastname) {
$fromName = $userLastname;
} else {
$fromName = $userEmail;
}
}
$from = $userEmail;
}
$baseServerVhostPrefix = $cfg['BASE_SERVER_VHOST_PREFIX'];
$port = $baseServerVhostPrefix == 'http://' ? $cfg['BASE_SERVER_VHOST_HTTP_PORT'] == '80' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTP_PORT'] : ($cfg['BASE_SERVER_VHOST_HTTPS_PORT'] == '443' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTPS_PORT']);
$search = array();
$replace = array();
$search[] = '{RESELLER}';
$replace[] = $toName;
$search[] = '{CUSTOMER}';
$replace[] = $fromName;
$search[] = '{ALIAS}';
$replace[] = $aliasName;
$search[] = '{BASE_SERVER_VHOST_PREFIX}';
$replace[] = $baseServerVhostPrefix;
$search[] = '{BASE_SERVER_VHOST}';
$replace[] = $cfg->BASE_SERVER_VHOST;
$search[] = '{BASE_SERVER_VHOST_PORT}';
$replace[] = $port;
$subject = str_replace($search, $replace, $subject);
$message = str_replace($search, $replace, $message);
$subject = encode_mime_header($subject);
$headers = "From: {$from}\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/plain; charset=utf-8\r\n";
$headers .= "Content-Transfer-Encoding: 8bit\r\n";
$headers .= "X-Mailer: i-MSCP Mailer";
mail($to, $subject, $message, $headers, "-f {$userEmail}");
}
/**
* Add catchall
*
* @param string $itemId
* @return void
*/
function client_addCatchall($itemId)
{
list($realId, $type) = explode(';', $itemId);
// Check if user is owner of the domain
if (!preg_match('(normal|alias|subdom|alssub)', $type) || who_owns_this($realId, $type) != $_SESSION['user_id']) {
set_page_message(tr('User do not exist or you do not have permission to access this interface'), 'error');
redirectTo('mail_catchall.php');
}
$match = array();
$mailType = $dmnId = $subId = $mailAddr = '';
if (isset($_POST['mail_type'])) {
if ($_POST['mail_type'] === 'normal' && isset($_POST['mail_id'])) {
if (preg_match('/^\\d+;(normal|alias|subdom|alssub)$/', $itemId, $match)) {
$itemType = $match[1];
$postMailId = clean_input($_POST['mail_id']);
if (preg_match('/(\\d+);([^;]+);/', $postMailId, $match)) {
$mailId = $match[1];
$mailAccount = $match[2];
if ($itemType === 'normal') {
$mailType = MT_NORMAL_CATCHALL;
} elseif ($itemType === 'alias') {
$mailType = MT_ALIAS_CATCHALL;
} elseif ($itemType === 'subdom') {
$mailType = MT_SUBDOM_CATCHALL;
} elseif ($itemType === 'alssub') {
$mailType = MT_ALSSUB_CATCHALL;
} else {
showBadRequestErrorPage();
}
$stmt = exec_query('SELECT domain_id, sub_id FROM mail_users WHERE mail_id = ?', $mailId);
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$dmnId = $row['domain_id'];
$subId = $row['sub_id'];
// Find the mail_addr (catchall -> "@(sub/alias)domain.tld", should be domain part of mail_acc
$match = explode('@', $mailAccount);
$mailAddr = '@' . $match[1];
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddMailCatchall, array('mailCatchall' => $mailAddr, 'mailForwardList' => array($mailAccount)));
exec_query('
INSERT INTO mail_users (
mail_acc, mail_pass, mail_forward, domain_id, mail_type, sub_id, status,
mail_auto_respond, quota, mail_addr
) VALUES (
?, ?, ?, ?, ?, ?, ?, ?, ?, ?
)
', array($mailAccount, '_no_', '_no_', $dmnId, $mailType, $subId, 'toadd', '_no_', NULL, $mailAddr));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddMailCatchall, array('mailCatchallId' => iMSCP_Database::getInstance()->insertId(), 'mailCatchall' => $mailAddr, 'mailForwardList' => array($mailAccount)));
send_request();
write_log("{$_SESSION['user_logged']} added new catch all", E_USER_NOTICE);
set_page_message(tr('Catch all successfully scheduled for addition.'), 'success');
redirectTo('mail_catchall.php');
} else {
showBadRequestErrorPage();
}
} else {
redirectTo('mail_catchall.php');
}
}
} else {
if ($_POST['mail_type'] === 'forward' && isset($_POST['forward_list'])) {
if (preg_match('/^(\\d+);(normal|alias|subdom|alssub)$/', $itemId, $match) == 1) {
$itemId = $match[1];
$itemType = $match[2];
if ($itemType === 'normal') {
$mailType = MT_NORMAL_CATCHALL;
$subId = '0';
$dmnId = $itemId;
$stmt = exec_query('SELECT domain_name FROM domain WHERE domain_id = ?', $dmnId);
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$mailAddr = '@' . $row['domain_name'];
} else {
showBadRequestErrorPage();
}
} elseif ($itemType == 'alias') {
$mailType = MT_ALIAS_CATCHALL;
$subId = $itemId;
$stmt = exec_query('SELECT domain_id, alias_name FROM domain_aliasses WHERE alias_id = ?', $itemId);
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$dmnId = $row['domain_id'];
$mailAddr = '@' . $row['alias_name'];
} else {
showBadRequestErrorPage();
}
} elseif ($itemType === 'subdom') {
$mailType = MT_SUBDOM_CATCHALL;
$subId = $itemId;
$stmt = exec_query("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tdomain_id, CONCAT(subdomain_name, '.', domain_name) AS subdomain_name\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\tsubdomain\n\t\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\t\t\tdomain USING(domain_id)\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tsubdomain_id = ?\n\t\t\t\t\t\t", $itemId);
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$dmnId = $row['domain_id'];
$mailAddr = '@' . $row['subdomain_name'];
} else {
showBadRequestErrorPage();
}
} elseif ($itemType === 'alssub') {
$mailType = MT_ALSSUB_CATCHALL;
$subId = $itemId;
$stmt = exec_query("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tdomain_id, CONCAT(subdomain_alias_name, '.', alias_name) AS subdomain_alias_name\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\tsubdomain_alias\n\t\t\t\t\t\t\tINNER JOIN\n\t\t\t\t\t\t\t\tdomain_aliasses USING(alias_id)\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tsubdomain_alias_id = ?\n\t\t\t\t\t\t", $itemId);
if ($stmt->rowCount()) {
$row = $stmt->fetchRow(PDO::FETCH_ASSOC);
$dmnId = $row['domain_id'];
$mailAddr = '@' . $row['subdomain_alias_name'];
} else {
showBadRequestErrorPage();
}
} else {
showBadRequestErrorPage();
}
$mailForward = clean_input($_POST['forward_list']);
$mailAccount = array();
$faray = preg_split("/[\n,]+/", $mailForward);
foreach ($faray as $value) {
$value = trim($value);
if (!chk_email($value) && $value != '') {
set_page_message(tr('An email addresse is not valid in mail forward list.'), 'error');
return;
} else {
if ($value == '') {
set_page_message(tr('Syntax error found in mail forward list.'), 'error');
return;
}
}
$mailAccount[] = $value;
}
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddMailCatchall, array('mailCatchall' => $mailAddr, 'mailForwardList' => $mailAccount));
exec_query('
INSERT INTO mail_users (
mail_acc, mail_pass, mail_forward, domain_id, mail_type, sub_id, status,
mail_auto_respond, quota, mail_addr
) VALUES (
?, ?, ?, ?, ?, ?, ?, ?, ?, ?
)
', array(implode(',', $mailAccount), '_no_', '_no_', $dmnId, $mailType, $subId, 'toadd', '_no_', NULL, $mailAddr));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddMailCatchall, array('mailCatchallId' => iMSCP_Database::getInstance()->insertId(), 'mailCatchall' => $mailAddr, 'mailForwardList' => $mailAccount));
send_request();
write_log("{$_SESSION['user_logged']} added new catch all", E_USER_NOTICE);
set_page_message(tr('Catch all successfully scheduled for addition.'), 'success');
redirectTo('mail_catchall.php');
} else {
redirectTo('mail_catchall.php');
}
} else {
showBadRequestErrorPage();
}
}
} else {
showBadRequestErrorPage();
}
}
function send_alias_order_email($alias_name)
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
$user_id = $_SESSION['user_id'];
$reseller_id = who_owns_this($user_id, 'user');
$query = 'SELECT `fname`, `lname` FROM `admin` WHERE `admin_id` = ?';
$rs = exec_query($sql, $query, $user_id);
$ufname = $rs->fields['fname'];
$ulname = $rs->fields['lname'];
$uemail = $_SESSION['user_email'];
$data = get_alias_order_email($reseller_id);
$to_name = $data['sender_name'];
$to_email = $data['sender_email'];
$subject = $data['subject'];
$message = $data['message'];
// to
$to = $to_name ? '"' . mb_encode_mimeheader($to_name, 'UTF-8') . "\" <" . $to_email . ">" : $to_email;
// from
if ($ufname && $ulname) {
$from_name = "{$ufname} {$ulname}";
$from = '"' . mb_encode_mimeheader($from_name, 'UTF-8') . "\" <" . $uemail . ">";
} else {
if ($ufname) {
$from_name = $ufname;
} else {
if ($ulname) {
$from_name = $ulname;
} else {
$from_name = $uemail;
}
}
$from = $uemail;
}
$search = array();
$replace = array();
$search[] = '{RESELLER}';
$replace[] = $to_name;
$search[] = '{CUSTOMER}';
$replace[] = $from_name;
$search[] = '{ALIAS}';
$replace[] = $alias_name;
$search[] = '{BASE_SERVER_VHOST}';
$replace[] = $cfg->BASE_SERVER_VHOST;
$search[] = '{BASE_SERVER_VHOST_PREFIX}';
$replace[] = $cfg->BASE_SERVER_VHOST_PREFIX;
$subject = str_replace($search, $replace, $subject);
$message = str_replace($search, $replace, $message);
$subject = mb_encode_mimeheader($subject, 'UTF-8');
$headers = "From: " . $from . "\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: text/plain; charset=utf-8\n";
$headers .= "Content-Transfer-Encoding: 8bit\n";
$headers .= "X-Mailer: EasySCP {$cfg->Version} Service Mailer";
mail($to, $subject, $message, $headers);
}
/**
*
* @global <type> $cr_user_id
* @global <type> $alias_name
* @global <type> $domain_ip
* @global <type> $forward
* @global <type> $forward_prefix
* @global <type> $mount_point
* @global <type> $validation_err_msg
* @param <type> $err_al
* @return <type>
*/
function add_domain_alias(&$err_al)
{
global $cr_user_id, $alias_name, $domain_ip, $forward, $forward_prefix, $mount_point, $validation_err_msg;
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
$cr_user_id = $_POST['usraccounts'];
$alias_name = strtolower($_POST['ndomain_name']);
$mount_point = array_encode_idna(strtolower($_POST['ndomain_mpoint']), true);
if ($_POST['status'] == 1) {
$forward = encode_idna(strtolower(clean_input($_POST['forward'])));
$forward_prefix = clean_input($_POST['forward_prefix']);
} else {
$forward = 'no';
$forward_prefix = '';
}
$query = "\n\t\tSELECT\n\t\t\t`domain_ip_id`\n\t\tFROM\n\t\t\t`domain`\n\t\tWHERE\n\t\t\t`domain_id` = ?\n\t;";
$rs = exec_query($sql, $query, $cr_user_id);
$domain_ip = $rs->fields['domain_ip_id'];
// First check if input string is a valid domain names
if (!validates_dname($alias_name)) {
$err_al = $validation_err_msg;
return;
}
// Should be perfomed after domain names syntax validation now
$alias_name = encode_idna($alias_name);
if (easyscp_domain_exists($alias_name, $_SESSION['user_id'])) {
$err_al = tr('Domain with that name already exists on the system!');
// } else if (!validates_mpoint($mount_point) && $mount_point != '/') {
// $err_al = tr("Incorrect mount point syntax");
} else {
if ($alias_name == $cfg->BASE_SERVER_VHOST) {
$err_al = tr('Master domain cannot be used!');
} else {
if ($_POST['status'] == 1) {
$aurl = @parse_url($forward_prefix . decode_idna($forward));
if ($aurl === false) {
$err_al = tr("Wrong address in forward URL!");
} else {
$domain = $aurl['host'];
if (substr_count($domain, '.') <= 2) {
$ret = validates_dname($domain);
} else {
$ret = validates_dname($domain, true);
}
if (!$ret) {
$err_al = tr("Wrong domain part in forward URL!");
} else {
$domain = encode_idna($aurl['host']);
$forward = $aurl['scheme'] . '://';
if (isset($aurl['user'])) {
$forward .= $aurl['user'] . (isset($aurl['pass']) ? ':' . $aurl['pass'] : '') . '@';
}
$forward .= $domain;
if (isset($aurl['port'])) {
$forward .= ':' . $aurl['port'];
}
if (isset($aurl['path'])) {
$forward .= $aurl['path'];
} else {
$forward .= '/';
}
if (isset($aurl['query'])) {
$forward .= '?' . $aurl['query'];
}
if (isset($aurl['fragment'])) {
$forward .= '#' . $aurl['fragment'];
}
}
}
} else {
$query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain_aliasses`\n\t\t\tWHERE\n\t\t\t\t`alias_name` = ?\n\t\t;";
$res = exec_query($sql, $query, $alias_name);
$query = "\n\t\t\tSELECT\n\t\t\t\t`domain_id`\n\t\t\tFROM\n\t\t\t\t`domain`\n\t\t\tWHERE\n\t\t\t\t`domain_name` = ?\n\t\t;";
$res2 = exec_query($sql, $query, $alias_name);
if ($res->rowCount() > 0 || $res2->rowCount() > 0) {
// we already have domain with this name
$err_al = tr("Domain with this name already exist");
}
$query = "\n\t\t\tSELECT\n\t\t\t\tCOUNT(`subdomain_id`) AS cnt\n\t\t\tFROM\n\t\t\t\t`subdomain`\n\t\t\tWHERE\n\t\t\t\t\t`domain_id` = ?\n\t\t\t\tAND `subdomain_mount` = ?\n\t\t\t;";
$subdomres = exec_query($sql, $query, array($cr_user_id, $mount_point));
$subdomdata = $subdomres->fetchRow();
$query = "\n\t\t\tSELECT\n\t\t\t\tCOUNT(`subdomain_alias_id`) AS alscnt\n\t\t\tFROM\n\t\t\t\t`subdomain_alias`\n\t\t\tWHERE\n\t\t\t\t\t`alias_id`\n\t\t\t\tIN (\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`alias_id`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`domain_aliasses`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`domain_id` = ?\n\t\t\t\t\t)\n\t\t\t\tAND\n\t\t\t\t\t`subdomain_alias_mount` = ?\n\t\t;";
$alssubdomres = exec_query($sql, $query, array($cr_user_id, $mount_point));
$alssubdomdata = $alssubdomres->fetchRow();
if ($subdomdata['cnt'] > 0 || $alssubdomdata['alscnt'] > 0) {
$err_al = tr("There is a subdomain with the same mount point!");
}
}
}
}
if ('_off_' !== $err_al) {
return;
}
// Begin add new alias domain
$alias_name = htmlspecialchars($alias_name, ENT_QUOTES, "UTF-8");
$query = "\n\t\tINSERT INTO\n\t\t\t`domain_aliasses` (\n\t\t\t\t`domain_id`, `alias_name`, `alias_mount`, `status`,\n\t\t\t\t`alias_ip_id`, `url_forward`\n\t\t\t)\n\t\tVALUES\n\t\t\t(?, ?, ?, ?, ?, ?)\n\t;";
exec_query($sql, $query, array($cr_user_id, $alias_name, $mount_point, $cfg->ITEM_ADD_STATUS, $domain_ip, $forward));
$als_id = $sql->insertId();
update_reseller_c_props(get_reseller_id($cr_user_id));
$query = "\n\t\tSELECT\n\t\t\t`email`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t\tLIMIT 1\n\t;";
$rs = exec_query($sql, $query, who_owns_this($cr_user_id, 'dmn_id'));
$user_email = $rs->fields['email'];
// Create the three default addresses if required
if ($cfg->CREATE_DEFAULT_EMAIL_ADDRESSES) {
client_mail_add_default_accounts($cr_user_id, $user_email, $alias_name, 'alias', $als_id);
}
send_request('110 DOMAIN alias ' . $als_id);
$admin_login = $_SESSION['user_logged'];
write_log("{$admin_login}: add domain alias: {$alias_name}");
$_SESSION["aladd"] = '_yes_';
user_goto('alias.php');
}
