if (isset($_POST['fPassword'])) {
$fPassword = escape_string($_POST['fPassword']);
}
if (isset($_POST['fPassword2'])) {
$fPassword2 = escape_string($_POST['fPassword2']);
}
isset($_POST['fName']) ? $fName = escape_string($_POST['fName']) : ($fName = "");
if (isset($_POST['fDomain'])) {
$fDomain = escape_string($_POST['fDomain']);
}
isset($_POST['fQuota']) ? $fQuota = intval($_POST['fQuota']) : ($fQuota = 0);
isset($_POST['fActive']) ? $fActive = escape_string($_POST['fActive']) : ($fActive = "1");
if (isset($_POST['fMail'])) {
$fMail = escape_string($_POST['fMail']);
}
if (!check_owner($SESSID_USERNAME, $fDomain) && !authentication_has_role('global-admin')) {
$error = 1;
$tUsername = escape_string($_POST['fUsername']);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error1'];
}
if (!check_mailbox($fDomain)) {
$error = 1;
$tUsername = escape_string($_POST['fUsername']);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3'];
}
function _get_zone_by_key($key, $value)
{
if ($value !== '') {
foreach (get_all_zones() as $zone) {
if ($zone[$key] === $value) {
$zone['owner'] = get_zone_owner($zone['name'], 'admin');
if (!check_owner($zone)) {
jtable_respond(null, 'error', 'Access denied');
}
return $zone;
}
}
}
header('Status: 404 Not found');
jtable_respond(null, 'error', "Zone not found");
}
# no domains (for this admin at least) - redirect to domain list
exit;
}
if (is_array($list_domains) and sizeof($list_domains) > 0) {
if (empty($fDomain)) {
$fDomain = escape_string($list_domains[0]);
}
}
if (!in_array($fDomain, $list_domains)) {
flash_error($PALANG['invalid_parameter']);
unset($_SESSION['list-virtual:domain']);
header("Location: list.php?table=domain");
# invalid domain, or not owned by this admin
exit;
}
if (!check_owner(authentication_get_username(), $fDomain)) {
flash_error($PALANG['invalid_parameter'] . " If you see this message, please open a bugreport");
# this check is most probably obsoleted by the in_array() check above
unset($_SESSION['list-virtual:domain']);
header("Location: list.php?table=domain");
# domain not owned by this admin
exit(0);
}
// store domain and page browser offset in $_SESSION so after adding/editing aliases/mailboxes we can
// take the user back to the appropriate domain listing.
$_SESSION['list-virtual:domain'] = $fDomain;
$_SESSION['prefill:alias:domain'] = $fDomain;
$_SESSION['prefill:mailbox:domain'] = $fDomain;
$_SESSION['prefill:aliasdomain:target_domain'] = $fDomain;
$_SESSION['list-virtual:limit'] = $fDisplay;
#
if ('pgsql' == $CONF['database_type']) {
$row['modified'] = gmstrftime('%c %Z', $row['modified']);
$row['active'] = 't' == $row['active'] ? 1 : 0;
}
$tAlias[] = $row;
}
}
}
if ($CONF['vacation_control_admin'] == 'YES' && $CONF['vacation'] == 'YES') {
$query = "SELECT {$table_mailbox}.*, {$table_vacation}.active AS v_active FROM {$table_mailbox} LEFT JOIN {$table_vacation} ON {$table_mailbox}.username={$table_vacation}.email WHERE {$table_mailbox}.username LIKE '%{$fSearch}%' OR {$table_mailbox}.name LIKE '%{$fSearch}%' ORDER BY {$table_mailbox}.username";
} else {
$query = "SELECT * FROM {$table_mailbox} WHERE username LIKE '%{$fSearch}%' OR name LIKE '%{$fSearch}%' ORDER BY username";
}
$result = db_query($query);
if ($result['rows'] > 0) {
while ($row = db_array($result['result'])) {
if (check_owner($SESSID_USERNAME, $row['domain']) || authentication_has_role('global-admin')) {
if ('pgsql' == $CONF['database_type']) {
$row['created'] = gmstrftime('%c %Z', strtotime($row['created']));
$row['modified'] = gmstrftime('%c %Z', strtotime($row['modified']));
$row['active'] = 't' == $row['active'] ? 1 : 0;
}
$tMailbox[] = $row;
}
}
}
include "templates/header.php";
include "templates/menu.php";
include "templates/search.php";
include "templates/footer.php";
// vim:ts=4:sw=4:et
# TODO: Does this really make sense? Or should we display a message "please create a mailbox first!"?
}
$row_id = 0;
if ($delete) {
$row_id = $delete;
} elseif ($edit) {
$row_id = $edit;
}
if ($row_id) {
$result = db_query("SELECT " . implode(",", escape_string(array_keys($fm_struct))) . " FROM fetchmail WHERE id=" . $row_id);
if ($result['rows'] > 0) {
$edit_row = db_array($result['result']);
$account = $edit_row['src_user'] . " @ " . $edit_row['src_server'];
}
$edit_row_domain = explode('@', $edit_row['mailbox']);
if ($result['rows'] <= 0 || !check_owner($SESSID_USERNAME, $edit_row_domain[1])) {
# owner check for $edit and $delete
flash_error(sprintf($PALANG['pFetchmail_error_invalid_id'], $row_id));
$edit = 0;
$delete = 0;
}
}
if ($cancel) {
# cancel $new or $edit
$edit = 0;
$new = 0;
} elseif ($delete) {
# delete an entry
$result = db_query("delete from fetchmail WHERE id=" . $delete);
if ($result['rows'] != 1) {
flash_error($PALANG['pDelete_delete_error']) . '</span>';
$cmok = '0' . $cm;
} else {
$cmok = $cm;
}
if ($day_app[$chok][$cmok][tot] > 0 || $day_app_ext[$chok][$cmok][tot] > 0) {
if (is_array($day_app[$chok][$cmok])) {
foreach ($day_app[$chok][$cmok] as $k => $appunt) {
if (is_int($k)) {
$res .= ' <a target="_parent" href="appunt_show.php?id=' . $appunt[id] . '">' . $appunt[title] . '</a><br>';
}
}
}
if (is_array($day_app_ext[$chok][$cmok])) {
foreach ($day_app_ext[$chok][$cmok] as $k2 => $appunt_ext) {
if (is_int($k2)) {
$res2 .= ' <a target="_parent" href="appunt_show.php?id=' . $appunt_ext[id] . '">' . $appunt_ext[title] . ' (<b>' . check_owner($appunt_ext[permessi]) . '</b>)</a><br>';
}
}
}
}
$ext_app = "";
if ($res2 == "") {
$ext_app = "";
} elseif ($res == "" && $res2 != "") {
$ext_app = "<b>" . CALENDAR_APPS_COL . "</b><br>{$res2}";
} elseif ($res != "" && $res2 != "") {
$ext_app = "<br><b>" . CALENDAR_APPS_COL . "</b><br>{$res2}";
}
if ($res == "" && $res2 == "" && $cmok == "00") {
print '<tr class="riga-cal-01" onMouseOver="this.className=\'riga-cal-01-over\'" onMouseOut="this.className=\'riga-cal-01\'">
<th width="4%" align="left" valign="top" nowrap><a target="_parent" href="new_app.php?day=' . $curday . '&month=' . $curmonth . '&year=' . $curyear . '&min=0&hour=' . $chok . '" class="ora-cal-giorno-link">' . $chok . '.00 h </a></th>
$result_alias = db_delete($table_alias, $fWhere, $fDelete);
$result_mailbox = db_delete($table_mailbox, $fWhere, $fDelete);
$result_log = db_delete($table_log, $fWhere, $fDelete);
if ($CONF['vacation'] == "YES") {
$result_vacation = db_delete($table_vacation, $fWhere, $fDelete);
}
$result_domain = db_delete($table_domain, $fWhere, $fDelete);
if (!$result_domain || !domain_postdeletion($fDelete)) {
$error = 1;
$tMessage = $PALANG['pAdminDelete_domain_error'];
} else {
$url = "list-domain.php";
header("Location: {$url}");
}
} elseif ($fTable == "alias" or $fTable == "mailbox") {
if (!check_owner($SESSID_USERNAME, $fDomain)) {
$error = 1;
$tMessage = $PALANG['pDelete_domain_error'] . "<b>{$fDomain}</b>!</span>";
} elseif (!check_alias_owner($SESSID_USERNAME, $fDelete)) {
$error = 1;
$tMessage = $PALANG['pDelete_alias_error'] . "<b>{$fDelete}</b>!</span>";
} else {
if ($CONF['database_type'] == "pgsql") {
db_query('BEGIN');
}
$result = db_query("DELETE FROM {$table_alias} WHERE address='{$fDelete}' AND domain='{$fDomain}'");
if ($result['rows'] != 1) {
$error = 1;
$tMessage = $PALANG['pDelete_delete_error'] . "<b>{$fDelete}</b> (alias)!</span>";
} else {
db_log($SESSID_USERNAME, $fDomain, 'delete_alias', $fDelete);
