/** * AliasHandler needs some special handling in init() and therefore overloads the function. * It also calls parent::init() */ public function init($id) { @(list($local_part, $domain) = explode('@', $id)); # supress error message if $id doesn't contain '@' if ($local_part == '*') { # catchall - postfix expects '@domain', not '*@domain' $id = '@' . $domain; } $retval = parent::init($id); if (!$retval) { return false; } # parent::init() failed, no need to continue # hide 'goto_mailbox' for non-mailbox aliases # parent::init called view() before, so we can rely on having $this->result filled # (only validate_new_id() is called from parent::init and could in theory change $this->result) if ($this->new || $this->result['is_mailbox'] == 0) { $this->struct['goto_mailbox']['editable'] = 0; $this->struct['goto_mailbox']['display_in_form'] = 0; $this->struct['goto_mailbox']['display_in_list'] = 0; } if (!$this->new && $this->result['is_mailbox'] && $this->admin_username != '' && !authentication_has_role('global-admin')) { # domain admins are not allowed to change mailbox alias $CONF['alias_control_admin'] = NO # TODO: apply the same restriction to superadmins? if (!Config::bool('alias_control_admin')) { # TODO: make translateable $this->errormsg[] = "Domain administrators do not have the ability to edit user's aliases (check config.inc.php - alias_control_admin)"; return false; } } return $retval; }
/** * Used to enforce that $user has a particular role when * viewing a page. * If they are lacking a role, redirect them to login.php * * Note, user < admin < global-admin */ function authentication_require_role($role) { // redirect to appropriate page? if (authentication_has_role($role)) { return True; } header("Location: login.php"); exit(0); }
/** * Constructor: fill $struct etc. * @param integer - 0 is edit mode, set to 1 to switch to create mode * @param string - if an admin_username is specified, permissions will be restricted to the domains this admin may manage * @param integer - 0 if logged in as user, 1 if logged in as admin or superadmin */ public function __construct($new = 0, $username = "", $is_admin = 1) { # set label_field if not explicitely set if (empty($this->label_field)) { $this->label_field = $this->id_field; } # set order_by if not explicitely set if (empty($this->order_by)) { $this->order_by = $this->id_field; } if ($new) { $this->new = 1; } if ($is_admin) { $this->admin_username = $username; } else { $this->username = $username; $this->is_admin = 0; $this->is_superadmin = 0; } if ($username != "" && !authentication_has_role('global-admin')) { $this->is_superadmin = 0; } if ($this->domain_field == "") { $this->no_domain_field(); } else { if ($this->admin_username != "") { $this->allowed_domains = list_domains_for_admin($username); } else { $this->allowed_domains = list_domains(); } } if ($this->user_field == '') { $this->no_user_field(); } $this->initStruct(); if (!isset($this->struct['_can_edit'])) { $this->struct['_can_edit'] = pacol(0, 0, 1, 'vnum', '', '', '', '', 0, 1, '1 as _can_edit'); } if (!isset($this->struct['_can_delete'])) { $this->struct['_can_delete'] = pacol(0, 0, 1, 'vnum', '', '', '', '', 0, 1, '1 as _can_delete'); } $struct_hook = Config::read($this->db_table . '_struct_hook'); if ($struct_hook != 'NO' && function_exists($struct_hook)) { $this->struct = $struct_hook($this->struct); } $this->initMsg(); $this->msg['id_field'] = $this->id_field; $this->msg['show_simple_search'] = count($this->searchfields) > 0; }
if (isset($_POST['fPassword'])) { $fPassword = escape_string($_POST['fPassword']); } if (isset($_POST['fPassword2'])) { $fPassword2 = escape_string($_POST['fPassword2']); } isset($_POST['fName']) ? $fName = escape_string($_POST['fName']) : ($fName = ""); if (isset($_POST['fDomain'])) { $fDomain = escape_string($_POST['fDomain']); } isset($_POST['fQuota']) ? $fQuota = intval($_POST['fQuota']) : ($fQuota = 0); isset($_POST['fActive']) ? $fActive = escape_string($_POST['fActive']) : ($fActive = "1"); if (isset($_POST['fMail'])) { $fMail = escape_string($_POST['fMail']); } if (!check_owner($SESSID_USERNAME, $fDomain) && !authentication_has_role('global-admin')) { $error = 1; $tUsername = escape_string($_POST['fUsername']); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; $pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error1']; } if (!check_mailbox($fDomain)) { $error = 1; $tUsername = escape_string($_POST['fUsername']); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; $pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error3']; }
} $smarty = new PFASmarty(); if (!isset($rel_path)) { $rel_path = ''; } # users/* sets this to '../' $CONF['theme_css'] = $rel_path . htmlentities($CONF['theme_css']); if (!empty($CONF['theme_custom_css'])) { $CONF['theme_custom_css'] = $rel_path . htmlentities($CONF['theme_custom_css']); } $CONF['theme_logo'] = $rel_path . htmlentities($CONF['theme_logo']); $smarty->assign('CONF', $CONF); $smarty->assign('PALANG', $PALANG); $smarty->assign('url_domain', ''); //*** footer.tpl $smarty->assign('version', $version); //*** menu.tpl $smarty->assign('boolconf_alias_domain', Config::bool('alias_domain')); $smarty->assign('authentication_has_role', array('global_admin' => authentication_has_role('global-admin'), 'admin' => authentication_has_role('admin'), 'user' => authentication_has_role('user'))); function eval_size($aSize) { if ($aSize == 0) { $ret_val = Config::Lang('pOverview_unlimited'); } elseif ($aSize < 0) { $ret_val = Config::Lang('pOverview_disabled'); } else { $ret_val = $aSize; } return $ret_val; } /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
authentication_require_role('admin'); $admin_username = authentication_get_username(); $list_domains = list_domains_for_admin($admin_username); $page_size = $CONF['page_size']; $fDomain = safepost('fDomain', safeget('domain', safesession('list-virtual:domain'))); if (safesession('list-virtual:domain') != $fDomain) { unset($_SESSION['list-virtual:limit']); } $fDisplay = (int) safepost('limit', safeget('limit', safesession('list-virtual:limit'))); $search = safepost('search', safeget('search', array())); # not remembered in the session if (!is_array($search)) { die(Config::Lang('invalid_parameter')); } if (count($list_domains) == 0) { if (authentication_has_role('global-admin')) { flash_error($PALANG['no_domains_exist']); } else { flash_error($PALANG['no_domains_for_this_admin']); } header("Location: list.php?table=domain"); # no domains (for this admin at least) - redirect to domain list exit; } if (is_array($list_domains) and sizeof($list_domains) > 0) { if (empty($fDomain)) { $fDomain = escape_string($list_domains[0]); } } if (!in_array($fDomain, $list_domains)) { flash_error($PALANG['invalid_parameter']);
* Template File: none */ require_once 'common.php'; if (safeget('token') != $_SESSION['PFA_token']) { die('Invalid token!'); } $username = authentication_get_username(); # enforce login $id = safeget('delete'); $table = safeget('table'); $handlerclass = ucfirst($table) . 'Handler'; if (!preg_match('/^[a-z]+$/', $table) || !file_exists("model/{$handlerclass}.php")) { # validate $table die("Invalid table name given!"); } $is_admin = authentication_has_role('admin'); $handler = new $handlerclass(0, $username, $is_admin); $formconf = $handler->webformConfig(); if ($is_admin) { authentication_require_role($formconf['required_role']); } else { if (empty($formconf['user_hardcoded_field'])) { die($handlerclass . ' is not available for users'); } } if ($handler->init($id)) { # errors will be displayed as last step anyway, no need for duplicated code ;-) $handler->delete(); } flash_error($handler->errormsg); flash_info($handler->infomsg);
function check_alias_owner($username, $alias) { global $CONF; if (authentication_has_role('global-admin')) { return true; } $tmp = preg_split('/\\@/', $alias); if ($CONF['special_alias_control'] == 'NO' && array_key_exists($tmp[0], $CONF['default_aliases'])) { return false; } else { return true; } }
if ($v_active_int == 1) { $v_active = $PALANG['pOverview_vacation_edit']; } else { $v_active = $PALANG['pOverview_vacation_option']; } print "<td><a href=\"edit-vacation.php?username="******"&domain={$fDomain}" . "\">" . $v_active . "</a></td>\n"; } else { // can't tell vacation state - broken pgsql query echo "<td> </td>\n"; } } $edit_aliases = 0; if (authentication_has_role('global-admin') && $CONF['alias_control_admin'] == 'YES') { $edit_aliases = 1; } if (!authentication_has_role('global-admin') && $CONF['alias_control'] == 'YES') { $edit_aliases = 1; } if ($edit_aliases == 1) { print " <td><a href=\"edit-alias.php?address=" . urlencode($tMailbox[$i]['username']) . "&domain={$fDomain}" . "\">" . $PALANG['pOverview_alias_edit'] . "</a></td>\n"; } print " <td><a href=\"edit-mailbox.php?username="******"&domain={$fDomain}" . "\">" . $PALANG['edit'] . "</a></td>\n"; print " <td><a href=\"delete.php?table=mailbox" . "&delete=" . urlencode($tMailbox[$i]['username']) . "&domain={$fDomain}" . "\"onclick=\"return confirm ('" . $PALANG['confirm'] . $PALANG['pOverview_get_mailboxes'] . ": " . $tMailbox[$i]['username'] . "')\">" . $PALANG['del'] . "</a></td>\n"; print " </tr>\n"; } } print "</table>\n"; print "<div id=\"nav_bar\"><a name=\"LowArrow\" /a>\n"; if ($tDisplay_back_show == 1) { print "<a href=\"{$file}?domain={$fDomain}&limit={$tDisplay_back}#LowArrow\"><img border=\"0\" src=\"images/arrow-l.png\" title=\"" . $PALANG['pOverview_left_arrow'] . "\" alt=\"" . $PALANG['pOverview_left_arrow'] . "\" /></a>\n"; }
$tBody = html_entity_decode($PALANG['pUsersVacation_body_text'], ENT_QUOTES, 'UTF-8'); } } if ($_SERVER['REQUEST_METHOD'] == "POST") { $tSubject = safepost('fSubject'); $fSubject = escape_string($tSubject); $tBody = safepost('fBody'); $fBody = escape_string($tBody); $fChange = escape_string(safepost('fChange')); $fBack = escape_string(safepost('fBack')); if (authentication_has_role('admin') && isset($_GET['domain'])) { $fDomain = escape_string($_GET['domain']); } else { $fDomain = $USERID_DOMAIN; } if (authentication_has_role('admin') && isset($_GET['username'])) { $fUsername = escape_string($_GET['username']); } else { $fUsername = authentication_get_username(); } $tUseremail = $fUsername; if ($tSubject == '') { $tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8'); } if ($tBody == '') { $tBody = html_entity_decode($PALANG['pUsersVacation_body_text'], ENT_QUOTES, 'UTF-8'); } //if change, remove old one, then perhaps set new one if (!empty($fBack) || !empty($fChange)) { //if we find an existing vacation entry, disable it $result = db_query("SELECT * FROM {$table_vacation} WHERE email='{$fUsername}'");
if ('pgsql' == $CONF['database_type']) { $row['modified'] = gmstrftime('%c %Z', $row['modified']); $row['active'] = 't' == $row['active'] ? 1 : 0; } $tAlias[] = $row; } } } if ($CONF['vacation_control_admin'] == 'YES' && $CONF['vacation'] == 'YES') { $query = "SELECT {$table_mailbox}.*, {$table_vacation}.active AS v_active FROM {$table_mailbox} LEFT JOIN {$table_vacation} ON {$table_mailbox}.username={$table_vacation}.email WHERE {$table_mailbox}.username LIKE '%{$fSearch}%' OR {$table_mailbox}.name LIKE '%{$fSearch}%' ORDER BY {$table_mailbox}.username"; } else { $query = "SELECT * FROM {$table_mailbox} WHERE username LIKE '%{$fSearch}%' OR name LIKE '%{$fSearch}%' ORDER BY username"; } $result = db_query($query); if ($result['rows'] > 0) { while ($row = db_array($result['result'])) { if (check_owner($SESSID_USERNAME, $row['domain']) || authentication_has_role('global-admin')) { if ('pgsql' == $CONF['database_type']) { $row['created'] = gmstrftime('%c %Z', strtotime($row['created'])); $row['modified'] = gmstrftime('%c %Z', strtotime($row['modified'])); $row['active'] = 't' == $row['active'] ? 1 : 0; } $tMailbox[] = $row; } } } include "templates/header.php"; include "templates/menu.php"; include "templates/search.php"; include "templates/footer.php"; // vim:ts=4:sw=4:et
* tSubject * tBody * tInterval_time * * Form POST \ GET Variables: * * fUsername * fDomain * fCancel * fChange * fBack * fActive */ require_once 'common.php'; // only allow admins to change someone else's 'stuff' if (authentication_has_role('admin')) { $Admin_role = 1; $fUsername = safeget('username'); list(, $fDomain) = explode('@', $fUsername); $Return_url = "list-virtual.php?domain=" . urlencode($fDomain); # TODO: better check for valid username (check if mailbox exists) # TODO: (should be done in VacationHandler) if ($fDomain == '' || !check_owner(authentication_get_username(), $fDomain)) { die("Invalid username!"); # TODO: better error message } } else { $Admin_role = 0; $Return_url = "main.php"; authentication_require_role('user'); $fUsername = authentication_get_username();