} if ($testmailroot && is_dir(realpath($_POST['maildir'])) === false) { header("Location: site.php?failmaildirmissing={$_POST['maildir']}"); die; } $domainpath = $_POST['maildir']; if (substr($domainpath, -1) !== '/') { $domainpath .= '/'; } $domainpath .= $_POST['domain']; $smtphomepath = $domainpath . "/" . $_POST['localpart'] . "/Maildir"; $pophomepath = $domainpath . "/" . $_POST['localpart']; } //Gah. Transactions!! -- GCBirzan if (validate_password($_POST['clear'], $_POST['vclear']) && $_POST['type'] != "alias") { if (!password_strengthcheck($_POST['clear'])) { header("Location: site.php?weakpass={$_POST['domain']}"); die; } $query = "INSERT INTO domains \n (domain, spamassassin, sa_tag, sa_refuse, avscan,\n max_accounts, quotas, maildir, pipe, enabled, uid, gid,\n type, maxmsgsize)\n VALUES (:domain, :spamassassin, :sa_tag, :sa_refuse,\n :avscan, :max_accounts, :quotas, :maildir, :pipe, :enabled,\n :uid, :gid, :type, :maxmsgsize)"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':domain' => $_POST['domain'], ':spamassassin' => $_POST['spamassassin'], ':sa_tag' => isset($_POST['sa_tag']) ? $_POST['sa_tag'] : $sa_tag, ':sa_refuse' => isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : $sa_refuse, ':avscan' => $_POST['avscan'], ':max_accounts' => $_POST['max_accounts'], ':quotas' => isset($_POST['quotas']) ? $_POST['quotas'] : 0, ':maildir' => isset($_POST['maildir']) ? $domainpath : '', ':pipe' => $_POST['pipe'], ':enabled' => $_POST['enabled'], ':uid' => $uid, ':gid' => $gid, ':type' => $_POST['type'], ':maxmsgsize' => isset($_POST['maxmsgsize']) ? $_POST['maxmsgsize'] : 0)); if ($success) { if ($_POST['type'] == "local") { $query = "INSERT INTO users\n (domain_id, localpart, username, crypt, uid, gid, smtp, pop, realname, type, admin)\n SELECT domain_id, :localpart, :username, :crypt, :uid, :gid, :smtp, :pop, 'Domain Admin', 'local', 1\n FROM domains\n WHERE domains.domain=:domain"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_POST['domain'], ':crypt' => crypt_password($_POST['clear']), ':uid' => $uid, ':gid' => $gid, ':smtp' => $smtphomepath, ':pop' => $pophomepath, ':domain' => $_POST['domain'])); // Is using indexes worth setting the domain_id by hand? -- GCBirzan if (!$success) { header("Location: site.php?failaddedusrerr={$_POST['domain']}"); die;
$sth->execute(array(':domain_id' => $_SESSION['domain_id'])); $row = $sth->fetch(); if (isset($_POST['on_avscan']) && $row['avscan'] == 1) { $_POST['on_avscan'] = 1; } else { $_POST['on_avscan'] = 0; } if (isset($_POST['on_spamassassin']) && $row['spamassassin'] == 1) { $_POST['on_spamassassin'] = 1; } else { $_POST['on_spamassassin'] = 0; } # Update the password, if the password was given if (isset($_POST['password']) && $_POST['password'] !== '') { if (validate_password($_POST['password'], $_POST['vpassword'])) { if (!password_strengthcheck($_POST['password'])) { header("Location: adminalias.php?weakpass={$_POST['localpart']}"); die; } $cryptedpassword = crypt_password($_POST['password']); $query = "UPDATE users SET crypt=:crypt WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':crypt' => $cryptedpassword, ':user_id' => $_POST['user_id'], ':domain_id' => $_SESSION['domain_id'])); if ($success) { if ($_POST['localpart'] == $_SESSION['localpart']) { $_SESSION['crypt'] = $cryptedpassword; } } else { header('Location: adminalias.php?failedupdated=' . $_POST['localpart']); die; }