function ok_to_impersonate($euid, $uid) { global $dbh; // It's harmless to impersonate yourself ;) if ($euid == $uid && $euid > 0 && $uid > 0) { return true; } else { // Domain default users can be impersonated by admins // responsible for those domains, and the superadmin. // Only the superadmin can impersonate the system default // user (@.). if (is_a_domain_default_user($euid) || get_config_value("enable_privacy_invasion") == "Y") { if (is_superadmin($uid)) { return true; } else { if (is_a_domain_default_user($euid)) { $domain_id = get_domain_id(get_user_name($euid)); return is_admin_for_domain($uid, $domain_id); } else { if (!is_superadmin($euid)) { $sth = $dbh->prepare("SELECT email FROM users WHERE maia_user_id = ?"); $res = $sth->execute(array($euid)); if (PEAR::isError($sth)) { die($sth->getMessage()); } while ($row = $res->fetchRow()) { $domain_id = get_domain_id("@" . get_domain_from_email($row["email"])); if (is_admin_for_domain($uid, $domain_id)) { $sth->free(); return true; } } $sth->free(); return false; } else { return false; } } } // Impersonating other users is an invasion of privacy, // even for administrators, unless explicitly overridden above. } else { return false; } } }
function rescue_item($user_id, $mail_id, $resend = false) { global $dbh, $logger; $sth = $dbh->prepare("SELECT sender_email, contents, " . "envelope_to, maia_mail_recipients.type " . "FROM maia_mail, maia_mail_recipients " . "WHERE maia_mail.id = maia_mail_recipients.mail_id " . "AND maia_mail_recipients.recipient_id = ? " . "AND maia_mail_recipients.mail_id = ?"); $res = $sth->execute(array($user_id, $mail_id)); if (PEAR::isError($sth)) { die($sth->getMessage()); } if ($row = $res->fetchrow()) { $sender_email = $row["sender_email"]; $body = $row["contents"]; $type = $row["type"]; if (extension_loaded('mcrypt')) { if (text_is_encrypted($body)) { $key = get_encryption_key(); $body = decrypt_text($key, $body); } } if (is_a_domain_default_user($user_id)) { // System default user (@.) or domain-class user (e.g. @domain) $my_email_address = $row["envelope_to"]; } else { // Regular user (e.g. user@domain) $rlist = explode(" ", trim($row["envelope_to"])); $sth2 = $dbh->prepare("SELECT email FROM users " . "WHERE maia_user_id = ? " . "AND email = ?"); $my_email_address = ""; foreach ($rlist as $rmail) { $res2 = $sth2->execute(array($user_id, $rmail)); if (PEAR::isError($sth2)) { die($sth2->getMessage()); } if ($row2 = $res2->fetchrow()) { $my_email_address = $row2["email"]; break; } } $sth2->free(); } if (!empty($my_email_address)) { if ($resend || $type != 'P') { // don't send if it is a labeled fp $smtp_result = smtp_send($sender_email, $my_email_address, $body); } else { $smtp_result = "200 no delivery needed"; } if (($succeeded = strncmp($smtp_result, "2", 1) == 0) || $type == 'P') { if (!$resend) { if ($type == 'S' || $type == 'P') { record_mail_stats($user_id, $mail_id, "fp"); if (get_user_value($user_id, "auto_whitelist") == "Y") { add_address_to_wb_list($user_id, $sender_email, "W"); } } set_item_confirmations('G', $user_id, $mail_id); } } else { $logger->err("rescue attempt failed! " . $smtp_result); } } else { $smtp_result = $lang['text_rescue_error'] . "(EmptyAddress)"; // code really shouldn't be here. } } else { $smtp_result = $lang['text_rescue_error'] . "(MessageNotFound)"; // code really shouldn't be here. } $sth->free(); $logger->info($smtp_result); return $smtp_result; }
$reminder_threshold_count = $row["reminder_threshold_count"]; $enable_spamtraps = $row["enable_spamtraps"] == 'Y'; $enable_username_changes = $row["enable_username_changes"] == 'Y'; $enable_address_linking = $row["enable_address_linking"] == 'Y'; } $sth->free(); $super = is_superadmin($uid); require_once "smarty.php"; $smarty->assign('enable_charts', $enable_charts); $smarty->assign('reminder_threshold_count', $reminder_threshold_count); $smarty->assign('enable_spamtraps', $enable_spamtraps); $smarty->assign('enable_username_changes', $enable_username_changes); $smarty->assign('enable_address_linking', $enable_address_linking); $smarty->assign("message", $message); // verify and set up domain variables if the current focus is a domain user if (is_a_domain_default_user($euid)) { $domain_user = true; $domain_name = get_user_name($euid); $domain_id = get_domain_id($domain_name); } else { $domain_user = false; $domain_name = ""; $domain_id = ""; } $smarty->assign('domain_user', $domain_user); $smarty->assign('domain_name', $domain_name); $smarty->assign('domain_id', $domain_id); $smarty->assign("euid", $euid); $smarty->assign('super', $super); //verify that the supplied address is valid for the current user if (isset($_GET["addid"])) {
$_SESSION["message"] = $lang[$result]; header("Location: wblist.php{$sid}"); exit; } } else { if (isset($_REQUEST['action'])) { $message = $lang['text_activate_javascript']; } } $rows = get_user_wb_rows($dbh, $euid); $domain_rows = get_domain_wb_rows($dbh, $euid); $system_rows = get_system_wb_rows($dbh); require_once "smarty.php"; $smarty->assign("show_user_table", count($rows) > 0 ? true : false); $smarty->assign("rows", $rows); $smarty->assign("show_domain_table", count($domain_rows) > 0 ? !is_a_domain_default_user($euid) : false); $smarty->assign("domain_rows", $domain_rows); $smarty->assign("show_system_table", count($system_rows) > 0 ? !is_system_default_user($euid) : false); $smarty->assign("system_rows", $system_rows); $smarty->display("wblist.tpl"); exit; function get_user_wb_rows($dbh, $user_id) { $select = "SELECT mailaddr.email, mailaddr.id, wblist.wb " . "FROM mailaddr, wblist " . "WHERE mailaddr.id = wblist.sid " . "AND wblist.rid = ? " . "ORDER BY mailaddr.email ASC"; $sth = $dbh->query($select, array($user_id)); $rows = array(); if ($sth->numRows() > 0) { $count = 0; while ($row = $sth->fetchRow()) { $rows[$count]['email'] = $row['email']; $rows[$count]['id'] = $row['id'];
function render($euid) { global $lang, $sid, $msid, $offset, $message; $magic_quotes = get_magic_quotes_gpc(); $nothing_to_show = true; $offset = 0; $this->smarty->assign("msid", $msid); $this->smarty->assign("lang", $lang); $this->smarty->assign("actionlang", response_text($this->type)); $user_config = get_maia_user_row($euid); //set the class names for the given cache type, and default box to check. switch ($this->type) { case 'ham': $this->smarty->assign("banner_class", "hambanner"); $this->smarty->assign("header_class", "hamheader"); $this->smarty->assign("body_class", "hambody"); $this->smarty->assign("alt_body_class", "hambody_alt"); $this->smarty->assign("header_text", $lang['header_suspected_ham']); $this->smarty->assign("def_rb", "ham"); break; case 'spam': $this->smarty->assign("banner_class", "suspected_spambanner"); $this->smarty->assign("header_class", "suspected_spamheader"); $this->smarty->assign("body_class", "suspected_spambody"); $this->smarty->assign("alt_body_class", "suspected_spambody_alt"); $this->smarty->assign("header_text", $lang['header_spam']); $this->smarty->assign("def_rb", "spam"); break; case "virus": $this->smarty->assign("banner_class", "virusbanner"); $this->smarty->assign("header_class", "virusheader"); $this->smarty->assign("body_class", "virusbody"); $this->smarty->assign("alt_body_class", "virusbody_alt"); $this->smarty->assign("header_text", $lang['header_viruses']); $this->smarty->assign("def_rb", "delete"); break; case "attachment": $this->smarty->assign("banner_class", "banned_filebanner"); $this->smarty->assign("header_class", "banned_fileheader"); $this->smarty->assign("body_class", "banned_filebody"); $this->smarty->assign("alt_body_class", "banned_filebody_alt"); $this->smarty->assign("header_text", $lang['header_banned_files']); $this->smarty->assign("def_rb", "delete"); break; case "header": $this->smarty->assign("banner_class", "bad_headerbanner"); $this->smarty->assign("header_class", "bad_headerheader"); $this->smarty->assign("body_class", "bad_headerbody"); $this->smarty->assign("alt_body_class", "bad_headerbody_alt"); $this->smarty->assign("header_text", $lang['header_bad_headers']); $this->smarty->assign("def_rb", "delete"); break; } $numRows = $this->dbh->getOne($this->select_count, array($euid)); if ($numRows > 0) { $select2 = "SELECT email FROM users WHERE maia_user_id = ?"; $sth2 = $this->dbh->query($select2, array($euid)); while ($row2 = $sth2->fetchrow()) { $personal_addresses[] = $row2["email"]; } $sth2->free(); $personal_addresses = array_flip($personal_addresses); $domain_default = is_a_domain_default_user($euid); $need_to = count($personal_addresses) > 1 || $domain_default; $this->smarty->assign("need_to", $need_to); //need to output the to: column $per_page = get_user_value($euid, "items_per_page"); $this->smarty->assign("truncate_subject", $user_config["truncate_subject"] == 0 ? 10000 : $user_config["truncate_subject"]); $this->smarty->assign("truncate_email", $user_config["truncate_email"] == 0 ? 10000 : $user_config["truncate_email"]); $pagerOptions = array('mode' => 'Sliding', 'delta' => 5, 'perPage' => $per_page, 'totalItems' => $numRows); $paged_data = Pager_Wrapper_DB($this->dbh, $this->select_stmt, $pagerOptions, null, DB_FETCHMODE_ASSOC, array($euid)); //$paged_data['data']; //paged data //$paged_data['links']; //xhtml links for page navigation //$paged_data['page_numbers']; //array('current', 'total'); if (PEAR::isError($paged_data)) { $_SESSION["message"] = $paged_data->getMessage(); header("Location: welcome.php" . $sid); exit; } $maxid = 0; $nothing_to_show = false; $this->smarty->assign("data", $paged_data['data']); $this->smarty->assign("offset", $offset); //print_r($paged_data['page_numbers']); $this->smarty->assign("pages", $paged_data['page_numbers']); if ($numRows == 1) { $item_text = $lang['text_item']; } else { $item_text = $lang['text_items']; } $count = 0; $rows = array(); foreach ($paged_data['data'] as $row) { if ($row["id"] > $maxid) { $maxid = $row["id"]; } $rows[$count]['id'] = $row['id']; if ($this->type == 'attachment') { $bnames = $this->get_banned_names($row['id']); foreach ($bnames as $bname) { $rows[$count]['file'] .= $bname . "<br>"; } } elseif ($this->type == 'virus') { $vnames = $this->get_virus_names($row['id']); $rows[$count]['virus_name'] = ""; foreach ($vnames as $vname) { $vurl = get_virus_info_url($vname); if ($vurl == "") { $rows[$count]['virus_name'] .= $row["virus_name"]; } else { $rows[$count]['virus_name'] .= "<a href=\"" . $vurl . "\">" . $vname . "</a>"; } $rows[$count]['virus_name'] .= "<br>"; } } $rows[$count]['received_date'] = $row["received_date"]; $rows[$count]['sender_email'] = $magic_quotes ? stripslashes($row["sender_email"]) : $row["sender_email"]; $rows[$count]['score'] = $row['score']; $to_list = explode(" ", $row["envelope_to"]); $rectmp = ""; foreach ($to_list as $recipient) { if (isset($personal_addresses[$recipient]) || $domain_default) { $rectmp[] = $recipient; } } $rows[$count]['recipient_email'] = $rectmp; $subject = $magic_quotes ? stripslashes($row['subject']) : $row['subject']; if ($subject == "") { $subject = "(" . $lang['text_no_subject'] . ")"; } else { if (preg_match('/=\\?.+\\?=/', $subject)) { $subject = htmlspecialchars(iconv_mime_decode($subject, 2, 'utf-8'), ENT_NOQUOTES, 'UTF-8'); } else { $subject = htmlspecialchars($subject); } } $rows[$count]['subject'] = $subject; $count++; } $this->smarty->assign("row", $rows); $this->smarty->assign("maxid", $maxid); $this->smarty->assign("links", $paged_data['links']); } else { $_SESSION["message"] = $message; header("Location: welcome.php" . $sid); exit; } $this->smarty->assign("nothing_to_show", $nothing_to_show); $this->smarty->display("list-cache.tpl"); }
} } else { // The superadmin can list all e-mail addresses in all domains. $select = "SELECT email, id " . "FROM users " . "WHERE email NOT LIKE '@%' " . "ORDER BY email ASC"; $sth = $dbh->query($select); $address = array(); while ($row = $sth->fetchrow()) { $address[$row["email"]] = $row["id"]; } $sth->free(); // The superadmin can list all users in all domains. $select = "SELECT user_name, id " . "FROM maia_users " . "ORDER BY user_name ASC"; $sth = $dbh->query($select); $user = array(); while ($row = $sth->fetchrow()) { if (is_a_domain_default_user($row["id"])) { continue; } $user[$row["user_name"]] = $row["id"]; } $sth->free(); } ksort($address); $smarty->assign('address', $address); ksort($user); $smarty->assign('user', $user); $smarty->assign('addresses', count($address)); $smarty->assign('users', count($user)); $delete_address = array(); if (!$super) { foreach ($domain_name as $dname) {
foreach ($delete_user as $user_id) { if (!is_a_domain_default_user($user_id)) { delete_user($user_id); } } } } elseif (isset($_POST["button_link"])) { $button = "link"; if (isset($_POST["email"]) && isset($_POST["user"])) { $smarty->assign('email', 1); $smarty->assign('user', 1); // Note that $email is an array $email = $_POST["email"]; $new_owner_id = trim($_POST["user"]); $lang['text_address_linked_array'] = array(); if (is_a_domain_default_user($new_owner_id)) { //cannot link to domain deault accounts $lang['text_address_linked_array'][] = $lang['text_address_not_linked']; } else { foreach ($email as $address_id) { $old_owner_id = get_email_address_owner($address_id); $email_address = get_email_address_by_id($address_id); transfer_email_address_to_user($old_owner_id, $new_owner_id, $email_address); $lang['text_address_linked_array'][] = sprintf($lang['text_address_linked'], $email_address, get_user_name($new_owner_id)); } } } } elseif (isset($_POST["button_find"])) { $button = "find"; if (isset($_POST["lookup"])) { $smarty->assign('lookup', 1);