/**
* Attempt to log a user in.
* @param string $username
* @param string $password
* @return boolean true on successful login (i.e. password matches etc)
*/
public function login($username, $password)
{
$username = escape_string($username);
$table = table_by_key($this->db_table);
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table} WHERE " . $this->id_field . "='{$username}' AND active='{$active}'";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$crypt_password = pacrypt($password, $row['password']);
if ($row['password'] == $crypt_password) {
return true;
}
}
return false;
}
/**
* @param string $subject
* @param string $body
* @param string $interval_time
* @param date $activeFrom
* @param date $activeUntil
*/
function set_away($subject, $body, $interval_time, $activeFrom, $activeUntil)
{
$this->remove();
// clean out any notifications that might already have been sent.
$E_username = escape_string($this->username);
$activeFrom = date("Y-m-d 00:00:00", strtotime($activeFrom));
# TODO check if result looks like a valid date
$activeUntil = date("Y-m-d 23:59:59", strtotime($activeUntil));
# TODO check if result looks like a valid date
list(, $domain) = explode('@', $this->username);
$vacation_data = array('email' => $this->username, 'domain' => $domain, 'subject' => $subject, 'body' => $body, 'interval_time' => $interval_time, 'active' => db_get_boolean(true), 'activefrom' => $activeFrom, 'activeuntil' => $activeUntil);
// is there an entry in the vacaton table for the user, or do we need to insert?
$table_vacation = table_by_key('vacation');
$result = db_query("SELECT * FROM {$table_vacation} WHERE email = '{$E_username}'");
if ($result['rows'] == 1) {
$result = db_update('vacation', 'email', $this->username, $vacation_data);
} else {
$result = db_insert('vacation', $vacation_data);
}
# TODO error check
# TODO wrap whole function in db_begin / db_commit (or rollback)?
return $this->updateAlias(1);
}
function upgrade_1284()
{
# migrate the ALL domain to the superadmin column
# Note: The ALL domain is not (yet) deleted to stay backwards-compatible for now (will be done in a later upgrade function)
$result = db_query("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'");
if ($result['rows'] > 0) {
while ($row = db_array($result['result'])) {
printdebug("Setting superadmin flag for " . $row['username']);
db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
}
}
}
if ($_SERVER['REQUEST_METHOD'] == "GET") {
include "../templates/header.php";
include "../templates/users_login.php";
include "../templates/footer.php";
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fUsername = escape_string($_POST['fUsername']);
$fPassword = escape_string($_POST['fPassword']);
$lang = safepost('lang');
if ($lang != check_language(0)) {
# only set cookie if language selection was changed
setcookie('lang', $lang, time() + 60 * 60 * 24 * 30);
# language cookie, lifetime 30 days
# (language preference cookie is processed even if username and/or password are invalid)
}
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table_mailbox} WHERE username='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$password = pacrypt($fPassword, $row['password']);
$query = "SELECT * FROM {$table_mailbox} WHERE username='******' AND password='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] != 1) {
$error = 1;
$tMessage = $PALANG['pLogin_password_incorrect'];
$tUsername = $fUsername;
}
} else {
$error = 1;
$tMessage = $PALANG['pLogin_username_incorrect'];
/**
* Replaces database specific parts in a query
* @param String sql query with placeholders
* @param int (optional) whether errors should be ignored (0=false)
* @param String (optional) MySQL specific code to attach, useful for COMMENT= on CREATE TABLE
* @return String sql query
*/
function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "")
{
global $CONF;
if ($CONF['database_type'] == 'mysql' || $CONF['database_type'] == 'mysqli') {
$replace = array('{AUTOINCREMENT}' => 'int(11) not null auto_increment', '{PRIMARY}' => 'primary key', '{UNSIGNED}' => 'unsigned', '{FULLTEXT}' => 'FULLTEXT', '{BOOLEAN}' => 'tinyint(1) NOT NULL', '{UTF-8}' => '/*!40100 CHARACTER SET utf8 COLLATE utf8_unicode_ci */', '{LATIN1}' => '/*!40100 CHARACTER SET latin1 COLLATE latin1_swedish_ci */', '{IF_NOT_EXISTS}' => 'IF NOT EXISTS', '{RENAME_COLUMN}' => 'CHANGE COLUMN');
$sql = "{$sql} {$attach_mysql}";
} elseif ($CONF['database_type'] == 'pgsql') {
$replace = array('{AUTOINCREMENT}' => 'SERIAL', '{PRIMARY}' => 'primary key', '{UNSIGNED}' => '', '{FULLTEXT}' => '', '{BOOLEAN}' => 'BOOLEAN NOT NULL', '{UTF-8}' => '', '{LATIN1}' => '', '{IF_NOT_EXISTS}' => '', '{RENAME_COLUMN}' => 'ALTER COLUMN', 'int(1)' => 'int', 'int(10)' => 'int', 'int(11)' => 'int', 'int(4)' => 'int');
} else {
echo "Sorry, unsupported database type " . $conf['database_type'];
exit;
}
$replace['{BOOL_TRUE}'] = db_get_boolean(True);
$replace['{BOOL_FALSE}'] = db_get_boolean(False);
$query = trim(str_replace(array_keys($replace), $replace, $sql));
if (safeget('debug') != "") {
print "<p style='color:#999'>{$query}";
}
$result = db_query($query, $ignore_errors);
if (safeget('debug') != "") {
print "<div style='color:#f00'>" . $result['error'] . "</div>";
}
return $result;
}
$maildir = $fDomain . "/" . $fUsername . "/";
} else {
$maildir = $fDomain . "/" . escape_string(strtolower($_POST['fUsername'])) . "/";
}
} else {
$maildir = $fUsername . "/";
}
if (!empty($fQuota)) {
$quota = multiply_quota($fQuota);
} else {
$quota = 0;
}
if ($fActive == "on") {
$sqlActive = db_get_boolean(True);
} else {
$sqlActive = db_get_boolean(False);
}
if ('pgsql' == $CONF['database_type']) {
db_query('BEGIN');
}
$result = db_query("INSERT INTO {$table_alias} (address,goto,domain,created,modified,active) VALUES ('{$fUsername}','{$fUsername}','{$fDomain}',NOW(),NOW(),'{$sqlActive}')");
if ($result['rows'] != 1) {
$tDomain = $fDomain;
$tMessage = $PALANG['pAlias_result_error'] . "<br />({$fUsername} -> {$fUsername})</br />";
}
/*
# TODO: The following code segment is from admin/create-mailbox.php. To be compared/merged with the code from /create-mailbox.php.
Lines starting with /* were inserted to keep this section in commented mode.
if ($result['rows'] != 1)
/**
* List domains for an admin user.
* @param String $username
* @return array of domain names.
*/
function list_domains_for_admin($username)
{
global $CONF;
global $table_domain, $table_domain_admins;
$list = array();
// does $username need escaping here?
$active_sql = db_get_boolean(True);
$backupmx_sql = db_get_boolean(False);
$query = "SELECT {$table_domain}.domain, {$table_domain_admins}.username FROM {$table_domain} \n LEFT JOIN {$table_domain_admins} ON {$table_domain}.domain={$table_domain_admins}.domain \n WHERE {$table_domain_admins}.username='******' \n AND {$table_domain}.active={$active_sql} \n AND {$table_domain}.backupmx={$backupmx_sql} \n ORDER BY {$table_domain_admins}.domain";
$result = db_query($query);
if ($result['rows'] > 0) {
$i = 0;
while ($row = db_array($result['result'])) {
$list[$i] = $row['domain'];
$i++;
}
}
return $list;
}
/**
* db_where_clause
* Action: builds and returns a WHERE clause for database queries. All given conditions will be AND'ed.
* Call: db_where_clause (array $conditions, array $struct)
* param array $conditios: array('field' => 'value', 'field2' => 'value2, ...)
* param array $struct - field structure, used for automatic bool conversion
* param string $additional_raw_where - raw sniplet to include in the WHERE part - typically needs to start with AND
* param array $searchmode - operators to use (=, <, > etc.) - defaults to = if not specified for a field (see
* $allowed_operators for available operators)
*/
function db_where_clause($condition, $struct, $additional_raw_where = '', $searchmode = array())
{
if (!is_array($condition)) {
die('db_where_cond: parameter $cond is not an array!');
} elseif (!is_array($searchmode)) {
die('db_where_cond: parameter $searchmode is not an array!');
} elseif (count($condition) == 0 && trim($additional_raw_where) == '') {
die("db_where_cond: parameter is an empty array!");
# die() might sound harsh, but can prevent information leaks
} elseif (!is_array($struct)) {
die('db_where_cond: parameter $struct is not an array!');
}
$allowed_operators = explode(' ', '< > >= <= = != <> CONT LIKE');
$where_parts = array();
$having_parts = array();
foreach ($condition as $field => $value) {
if (isset($struct[$field]) && $struct[$field]['type'] == 'bool') {
$value = db_get_boolean($value);
}
$operator = '=';
if (isset($searchmode[$field])) {
if (in_array($searchmode[$field], $allowed_operators)) {
$operator = $searchmode[$field];
if ($operator == 'CONT') {
# CONT - as in "contains"
$operator = ' LIKE ';
# add spaces
$value = '%' . $value . '%';
} elseif ($operator == 'LIKE') {
# LIKE -without adding % wildcards (the search value can contain %)
$operator = ' LIKE ';
# add spaces
}
} else {
die('db_where_clause: Invalid searchmode for ' . $field);
}
}
$querypart = $field . $operator . "'" . escape_string($value) . "'";
if ($struct[$field]['select'] != '') {
$having_parts[$field] = $querypart;
} else {
$where_parts[$field] = $querypart;
}
}
$query = ' WHERE 1=1 ';
$query .= " {$additional_raw_where} ";
if (count($where_parts) > 0) {
$query .= " AND ( " . join(" AND ", $where_parts) . " ) ";
}
if (count($having_parts) > 0) {
$query .= " HAVING ( " . join(" AND ", $having_parts) . " ) ";
}
return $query;
}
if ($result['rows'] != 1) {
$error = 1;
}
}
}
}
//Set the vacation data for $fUsername
if (!empty($fChange)) {
$goto = '';
$result = db_query("SELECT * FROM {$table_alias} WHERE address='{$fUsername}'");
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$goto = $row['goto'];
}
$Active = db_get_boolean(True);
$notActive = db_get_boolean(False);
// I don't think we need to care if the vacation entry is inactive or active.. as long as we don't try and
// insert a duplicate
$result = db_query("SELECT * FROM {$table_vacation} WHERE email = '{$fUsername}'");
if ($result['rows'] == 1) {
$result = db_query("UPDATE {$table_vacation} SET active = {$Active}, subject = '{$fSubject}', body = '{$fBody}', created = NOW() WHERE email = '{$fUsername}'");
} else {
$result = db_query("INSERT INTO {$table_vacation} (email,subject,body,domain,created,active) VALUES ('{$fUsername}','{$fSubject}','{$fBody}','{$fDomain}',NOW(),{$Active})");
}
if ($result['rows'] != 1) {
$error = 1;
}
if ($goto == '') {
$goto = $vacation_goto;
$sql = "INSERT INTO {$table_alias} (goto, address, domain, modified) VALUES ('{$goto}', '{$fUsername}', '{$fDomain}', NOW())";
} else {
$pAdminCreate_domain_domain_text = $PALANG['pAdminCreate_domain_domain_text_error2'];
}
}
if ($error != 1) {
$tAliases = $CONF['aliases'];
$tMailboxes = $CONF['mailboxes'];
$tMaxquota = $CONF['maxquota'];
if ($fBackupmx == "on") {
$fAliases = -1;
$fMailboxes = -1;
$fMaxquota = -1;
$fBackupmx = 1;
$sqlBackupmx = db_get_boolean(true);
} else {
$fBackupmx = 0;
$sqlBackupmx = db_get_boolean(false);
}
$sql_query = "INSERT INTO {$table_domain} (domain,description,aliases,mailboxes,maxquota,transport,backupmx,created,modified) VALUES ('{$fDomain}','{$fDescription}',{$fAliases},{$fMailboxes},{$fMaxquota},'{$fTransport}',{$sqlBackupmx},NOW(),NOW())";
$result = db_query($sql_query);
if ($result['rows'] != 1) {
$tMessage = $PALANG['pAdminCreate_domain_result_error'] . "<br />({$fDomain})<br />";
} else {
if ($fDefaultaliases == "on") {
foreach ($CONF['default_aliases'] as $address => $goto) {
$address = $address . "@" . $fDomain;
$result = db_query("INSERT INTO {$table_alias} (address,goto,domain,created,modified) VALUES ('{$address}','{$goto}','{$fDomain}',NOW(),NOW())");
}
}
$tMessage = $PALANG['pAdminCreate_domain_result_success'] . "<br />({$fDomain})</br />";
}
}
function _inp_bool($val)
{
return $val ? db_get_boolean(true) : db_get_boolean(false);
}
