* tDomain * * Form POST \ GET Variables: * * fUsername * fPassword * fPassword2 * fName * fQuota * fDomain * fActive * fMail */ require_once 'common.php'; authentication_require_role('admin'); $SESSID_USERNAME = authentication_get_username(); if (authentication_has_role('global-admin')) { $list_domains = list_domains(); } else { $list_domains = list_domains_for_admin($SESSID_USERNAME); } $pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text']; $pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text']; $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text']; if ($_SERVER['REQUEST_METHOD'] == "GET") { $fDomain = $list_domains[0]; if (isset($_GET['domain'])) { $fDomain = escape_string($_GET['domain']); } if (!in_array($fDomain, $list_domains)) { die("Invalid domain name selected, or you tried to select a domain you are not an admin for");
# no domains (for this admin at least) - redirect to domain list exit; } if (is_array($list_domains) and sizeof($list_domains) > 0) { if (empty($fDomain)) { $fDomain = escape_string($list_domains[0]); } } if (!in_array($fDomain, $list_domains)) { flash_error($PALANG['invalid_parameter']); unset($_SESSION['list-virtual:domain']); header("Location: list.php?table=domain"); # invalid domain, or not owned by this admin exit; } if (!check_owner(authentication_get_username(), $fDomain)) { flash_error($PALANG['invalid_parameter'] . " If you see this message, please open a bugreport"); # this check is most probably obsoleted by the in_array() check above unset($_SESSION['list-virtual:domain']); header("Location: list.php?table=domain"); # domain not owned by this admin exit(0); } // store domain and page browser offset in $_SESSION so after adding/editing aliases/mailboxes we can // take the user back to the appropriate domain listing. $_SESSION['list-virtual:domain'] = $fDomain; $_SESSION['prefill:alias:domain'] = $fDomain; $_SESSION['prefill:mailbox:domain'] = $fDomain; $_SESSION['prefill:aliasdomain:target_domain'] = $fDomain; $_SESSION['list-virtual:limit'] = $fDisplay; #
$admin_properties = get_admin_properties($fUsername); } } else { $list_admins = array(authentication_get_username()); $is_superadmin = 0; $fUsername = ""; } if (isset($admin_properties) && $admin_properties['domain_count'] == 'ALL') { # list all domains for superadmins $list_domains = list_domains(); } elseif (!empty($fUsername)) { $list_domains = list_domains_for_admin($fUsername); } elseif ($is_superadmin) { $list_domains = list_domains(); } else { $list_domains = list_domains_for_admin(authentication_get_username()); } if (!empty($list_domains)) { for ($i = 0; $i < sizeof($list_domains); $i++) { $domain_properties[$i] = get_domain_properties($list_domains[$i]); } } #} include "templates/header.php"; include "templates/menu.php"; if ($is_superadmin) { include "templates/admin_list-domain.php"; } else { include "templates/overview-get.php"; } include "templates/footer.php";
* * Further details on the project are available at http://postfixadmin.sf.net * * @version $Id: delete.php 1733 2014-11-02 23:06:13Z christian_boltz $ * @license GNU GPL v2 or later. * * File: delete.php * Used to delete admins, domains, mailboxes, aliases etc. * * Template File: none */ require_once 'common.php'; if (safeget('token') != $_SESSION['PFA_token']) { die('Invalid token!'); } $username = authentication_get_username(); # enforce login $id = safeget('delete'); $table = safeget('table'); $handlerclass = ucfirst($table) . 'Handler'; if (!preg_match('/^[a-z]+$/', $table) || !file_exists("model/{$handlerclass}.php")) { # validate $table die("Invalid table name given!"); } $is_admin = authentication_has_role('admin'); $handler = new $handlerclass(0, $username, $is_admin); $formconf = $handler->webformConfig(); if ($is_admin) { authentication_require_role($formconf['required_role']); } else { if (empty($formconf['user_hardcoded_field'])) {
<?php if (!defined('POSTFIXADMIN')) { die("This file cannot be used standalone."); } ?> <div id="footer"> <a target="_blank" href="http://postfixadmin.com/">Postfix Admin <?php print $version; ?> </a> | <?php if (isset($_SESSION['sessid']['username'])) { printf($PALANG['pFooter_logged_as'], authentication_get_username()); } ?> | <a target="_blank" href="http://postfixadmin.sf.net/update-check.php?version=<?php print $version; ?> "><?php print $PALANG['check_update']; ?> </a> <?php if ($CONF['show_footer_text'] == "YES" and $CONF['footer_link']) { print " | "; print "<a href=\"" . $CONF['footer_link'] . "\">" . $CONF['footer_text'] . "</a>\n"; }
/** * db_log * Action: Logs actions from admin * Call: db_log (string domain, string action, string data) * Possible actions are defined in $LANG["pViewlog_action_$action"] */ function db_log($domain, $action, $data) { $REMOTE_ADDR = getRemoteAddr(); $username = authentication_get_username(); if (Config::Lang("pViewlog_action_{$action}") == '') { die("Invalid log action : {$action}"); // could do with something better? } if (Config::bool('logging')) { $logdata = array('username' => "{$username} ({$REMOTE_ADDR})", 'domain' => $domain, 'action' => $action, 'data' => $data); $result = db_insert('log', $logdata, array('timestamp')); if ($result != 1) { return false; } else { return true; } } }