function ok_to_impersonate($euid, $uid)
{
global $dbh;
// It's harmless to impersonate yourself ;)
if ($euid == $uid && $euid > 0 && $uid > 0) {
return true;
} else {
// Domain default users can be impersonated by admins
// responsible for those domains, and the superadmin.
// Only the superadmin can impersonate the system default
// user (@.).
if (is_a_domain_default_user($euid) || get_config_value("enable_privacy_invasion") == "Y") {
if (is_superadmin($uid)) {
return true;
} else {
if (is_a_domain_default_user($euid)) {
$domain_id = get_domain_id(get_user_name($euid));
return is_admin_for_domain($uid, $domain_id);
} else {
if (!is_superadmin($euid)) {
$sth = $dbh->prepare("SELECT email FROM users WHERE maia_user_id = ?");
$res = $sth->execute(array($euid));
if (PEAR::isError($sth)) {
die($sth->getMessage());
}
while ($row = $res->fetchRow()) {
$domain_id = get_domain_id("@" . get_domain_from_email($row["email"]));
if (is_admin_for_domain($uid, $domain_id)) {
$sth->free();
return true;
}
}
$sth->free();
return false;
} else {
return false;
}
}
}
// Impersonating other users is an invasion of privacy,
// even for administrators, unless explicitly overridden above.
} else {
return false;
}
}
}
function rescue_item($user_id, $mail_id, $resend = false)
{
global $dbh, $logger;
$sth = $dbh->prepare("SELECT sender_email, contents, " . "envelope_to, maia_mail_recipients.type " . "FROM maia_mail, maia_mail_recipients " . "WHERE maia_mail.id = maia_mail_recipients.mail_id " . "AND maia_mail_recipients.recipient_id = ? " . "AND maia_mail_recipients.mail_id = ?");
$res = $sth->execute(array($user_id, $mail_id));
if (PEAR::isError($sth)) {
die($sth->getMessage());
}
if ($row = $res->fetchrow()) {
$sender_email = $row["sender_email"];
$body = $row["contents"];
$type = $row["type"];
if (extension_loaded('mcrypt')) {
if (text_is_encrypted($body)) {
$key = get_encryption_key();
$body = decrypt_text($key, $body);
}
}
if (is_a_domain_default_user($user_id)) {
// System default user (@.) or domain-class user (e.g. @domain)
$my_email_address = $row["envelope_to"];
} else {
// Regular user (e.g. user@domain)
$rlist = explode(" ", trim($row["envelope_to"]));
$sth2 = $dbh->prepare("SELECT email FROM users " . "WHERE maia_user_id = ? " . "AND email = ?");
$my_email_address = "";
foreach ($rlist as $rmail) {
$res2 = $sth2->execute(array($user_id, $rmail));
if (PEAR::isError($sth2)) {
die($sth2->getMessage());
}
if ($row2 = $res2->fetchrow()) {
$my_email_address = $row2["email"];
break;
}
}
$sth2->free();
}
if (!empty($my_email_address)) {
if ($resend || $type != 'P') {
// don't send if it is a labeled fp
$smtp_result = smtp_send($sender_email, $my_email_address, $body);
} else {
$smtp_result = "200 no delivery needed";
}
if (($succeeded = strncmp($smtp_result, "2", 1) == 0) || $type == 'P') {
if (!$resend) {
if ($type == 'S' || $type == 'P') {
record_mail_stats($user_id, $mail_id, "fp");
if (get_user_value($user_id, "auto_whitelist") == "Y") {
add_address_to_wb_list($user_id, $sender_email, "W");
}
}
set_item_confirmations('G', $user_id, $mail_id);
}
} else {
$logger->err("rescue attempt failed! " . $smtp_result);
}
} else {
$smtp_result = $lang['text_rescue_error'] . "(EmptyAddress)";
// code really shouldn't be here.
}
} else {
$smtp_result = $lang['text_rescue_error'] . "(MessageNotFound)";
// code really shouldn't be here.
}
$sth->free();
$logger->info($smtp_result);
return $smtp_result;
}
$reminder_threshold_count = $row["reminder_threshold_count"];
$enable_spamtraps = $row["enable_spamtraps"] == 'Y';
$enable_username_changes = $row["enable_username_changes"] == 'Y';
$enable_address_linking = $row["enable_address_linking"] == 'Y';
}
$sth->free();
$super = is_superadmin($uid);
require_once "smarty.php";
$smarty->assign('enable_charts', $enable_charts);
$smarty->assign('reminder_threshold_count', $reminder_threshold_count);
$smarty->assign('enable_spamtraps', $enable_spamtraps);
$smarty->assign('enable_username_changes', $enable_username_changes);
$smarty->assign('enable_address_linking', $enable_address_linking);
$smarty->assign("message", $message);
// verify and set up domain variables if the current focus is a domain user
if (is_a_domain_default_user($euid)) {
$domain_user = true;
$domain_name = get_user_name($euid);
$domain_id = get_domain_id($domain_name);
} else {
$domain_user = false;
$domain_name = "";
$domain_id = "";
}
$smarty->assign('domain_user', $domain_user);
$smarty->assign('domain_name', $domain_name);
$smarty->assign('domain_id', $domain_id);
$smarty->assign("euid", $euid);
$smarty->assign('super', $super);
//verify that the supplied address is valid for the current user
if (isset($_GET["addid"])) {
$_SESSION["message"] = $lang[$result];
header("Location: wblist.php{$sid}");
exit;
}
} else {
if (isset($_REQUEST['action'])) {
$message = $lang['text_activate_javascript'];
}
}
$rows = get_user_wb_rows($dbh, $euid);
$domain_rows = get_domain_wb_rows($dbh, $euid);
$system_rows = get_system_wb_rows($dbh);
require_once "smarty.php";
$smarty->assign("show_user_table", count($rows) > 0 ? true : false);
$smarty->assign("rows", $rows);
$smarty->assign("show_domain_table", count($domain_rows) > 0 ? !is_a_domain_default_user($euid) : false);
$smarty->assign("domain_rows", $domain_rows);
$smarty->assign("show_system_table", count($system_rows) > 0 ? !is_system_default_user($euid) : false);
$smarty->assign("system_rows", $system_rows);
$smarty->display("wblist.tpl");
exit;
function get_user_wb_rows($dbh, $user_id)
{
$select = "SELECT mailaddr.email, mailaddr.id, wblist.wb " . "FROM mailaddr, wblist " . "WHERE mailaddr.id = wblist.sid " . "AND wblist.rid = ? " . "ORDER BY mailaddr.email ASC";
$sth = $dbh->query($select, array($user_id));
$rows = array();
if ($sth->numRows() > 0) {
$count = 0;
while ($row = $sth->fetchRow()) {
$rows[$count]['email'] = $row['email'];
$rows[$count]['id'] = $row['id'];
function render($euid)
{
global $lang, $sid, $msid, $offset, $message;
$magic_quotes = get_magic_quotes_gpc();
$nothing_to_show = true;
$offset = 0;
$this->smarty->assign("msid", $msid);
$this->smarty->assign("lang", $lang);
$this->smarty->assign("actionlang", response_text($this->type));
$user_config = get_maia_user_row($euid);
//set the class names for the given cache type, and default box to check.
switch ($this->type) {
case 'ham':
$this->smarty->assign("banner_class", "hambanner");
$this->smarty->assign("header_class", "hamheader");
$this->smarty->assign("body_class", "hambody");
$this->smarty->assign("alt_body_class", "hambody_alt");
$this->smarty->assign("header_text", $lang['header_suspected_ham']);
$this->smarty->assign("def_rb", "ham");
break;
case 'spam':
$this->smarty->assign("banner_class", "suspected_spambanner");
$this->smarty->assign("header_class", "suspected_spamheader");
$this->smarty->assign("body_class", "suspected_spambody");
$this->smarty->assign("alt_body_class", "suspected_spambody_alt");
$this->smarty->assign("header_text", $lang['header_spam']);
$this->smarty->assign("def_rb", "spam");
break;
case "virus":
$this->smarty->assign("banner_class", "virusbanner");
$this->smarty->assign("header_class", "virusheader");
$this->smarty->assign("body_class", "virusbody");
$this->smarty->assign("alt_body_class", "virusbody_alt");
$this->smarty->assign("header_text", $lang['header_viruses']);
$this->smarty->assign("def_rb", "delete");
break;
case "attachment":
$this->smarty->assign("banner_class", "banned_filebanner");
$this->smarty->assign("header_class", "banned_fileheader");
$this->smarty->assign("body_class", "banned_filebody");
$this->smarty->assign("alt_body_class", "banned_filebody_alt");
$this->smarty->assign("header_text", $lang['header_banned_files']);
$this->smarty->assign("def_rb", "delete");
break;
case "header":
$this->smarty->assign("banner_class", "bad_headerbanner");
$this->smarty->assign("header_class", "bad_headerheader");
$this->smarty->assign("body_class", "bad_headerbody");
$this->smarty->assign("alt_body_class", "bad_headerbody_alt");
$this->smarty->assign("header_text", $lang['header_bad_headers']);
$this->smarty->assign("def_rb", "delete");
break;
}
$numRows = $this->dbh->getOne($this->select_count, array($euid));
if ($numRows > 0) {
$select2 = "SELECT email FROM users WHERE maia_user_id = ?";
$sth2 = $this->dbh->query($select2, array($euid));
while ($row2 = $sth2->fetchrow()) {
$personal_addresses[] = $row2["email"];
}
$sth2->free();
$personal_addresses = array_flip($personal_addresses);
$domain_default = is_a_domain_default_user($euid);
$need_to = count($personal_addresses) > 1 || $domain_default;
$this->smarty->assign("need_to", $need_to);
//need to output the to: column
$per_page = get_user_value($euid, "items_per_page");
$this->smarty->assign("truncate_subject", $user_config["truncate_subject"] == 0 ? 10000 : $user_config["truncate_subject"]);
$this->smarty->assign("truncate_email", $user_config["truncate_email"] == 0 ? 10000 : $user_config["truncate_email"]);
$pagerOptions = array('mode' => 'Sliding', 'delta' => 5, 'perPage' => $per_page, 'totalItems' => $numRows);
$paged_data = Pager_Wrapper_DB($this->dbh, $this->select_stmt, $pagerOptions, null, DB_FETCHMODE_ASSOC, array($euid));
//$paged_data['data']; //paged data
//$paged_data['links']; //xhtml links for page navigation
//$paged_data['page_numbers']; //array('current', 'total');
if (PEAR::isError($paged_data)) {
$_SESSION["message"] = $paged_data->getMessage();
header("Location: welcome.php" . $sid);
exit;
}
$maxid = 0;
$nothing_to_show = false;
$this->smarty->assign("data", $paged_data['data']);
$this->smarty->assign("offset", $offset);
//print_r($paged_data['page_numbers']);
$this->smarty->assign("pages", $paged_data['page_numbers']);
if ($numRows == 1) {
$item_text = $lang['text_item'];
} else {
$item_text = $lang['text_items'];
}
$count = 0;
$rows = array();
foreach ($paged_data['data'] as $row) {
if ($row["id"] > $maxid) {
$maxid = $row["id"];
}
$rows[$count]['id'] = $row['id'];
if ($this->type == 'attachment') {
$bnames = $this->get_banned_names($row['id']);
foreach ($bnames as $bname) {
$rows[$count]['file'] .= $bname . "<br>";
}
} elseif ($this->type == 'virus') {
$vnames = $this->get_virus_names($row['id']);
$rows[$count]['virus_name'] = "";
foreach ($vnames as $vname) {
$vurl = get_virus_info_url($vname);
if ($vurl == "") {
$rows[$count]['virus_name'] .= $row["virus_name"];
} else {
$rows[$count]['virus_name'] .= "<a href=\"" . $vurl . "\">" . $vname . "</a>";
}
$rows[$count]['virus_name'] .= "<br>";
}
}
$rows[$count]['received_date'] = $row["received_date"];
$rows[$count]['sender_email'] = $magic_quotes ? stripslashes($row["sender_email"]) : $row["sender_email"];
$rows[$count]['score'] = $row['score'];
$to_list = explode(" ", $row["envelope_to"]);
$rectmp = "";
foreach ($to_list as $recipient) {
if (isset($personal_addresses[$recipient]) || $domain_default) {
$rectmp[] = $recipient;
}
}
$rows[$count]['recipient_email'] = $rectmp;
$subject = $magic_quotes ? stripslashes($row['subject']) : $row['subject'];
if ($subject == "") {
$subject = "(" . $lang['text_no_subject'] . ")";
} else {
if (preg_match('/=\\?.+\\?=/', $subject)) {
$subject = htmlspecialchars(iconv_mime_decode($subject, 2, 'utf-8'), ENT_NOQUOTES, 'UTF-8');
} else {
$subject = htmlspecialchars($subject);
}
}
$rows[$count]['subject'] = $subject;
$count++;
}
$this->smarty->assign("row", $rows);
$this->smarty->assign("maxid", $maxid);
$this->smarty->assign("links", $paged_data['links']);
} else {
$_SESSION["message"] = $message;
header("Location: welcome.php" . $sid);
exit;
}
$this->smarty->assign("nothing_to_show", $nothing_to_show);
$this->smarty->display("list-cache.tpl");
}
}
} else {
// The superadmin can list all e-mail addresses in all domains.
$select = "SELECT email, id " . "FROM users " . "WHERE email NOT LIKE '@%' " . "ORDER BY email ASC";
$sth = $dbh->query($select);
$address = array();
while ($row = $sth->fetchrow()) {
$address[$row["email"]] = $row["id"];
}
$sth->free();
// The superadmin can list all users in all domains.
$select = "SELECT user_name, id " . "FROM maia_users " . "ORDER BY user_name ASC";
$sth = $dbh->query($select);
$user = array();
while ($row = $sth->fetchrow()) {
if (is_a_domain_default_user($row["id"])) {
continue;
}
$user[$row["user_name"]] = $row["id"];
}
$sth->free();
}
ksort($address);
$smarty->assign('address', $address);
ksort($user);
$smarty->assign('user', $user);
$smarty->assign('addresses', count($address));
$smarty->assign('users', count($user));
$delete_address = array();
if (!$super) {
foreach ($domain_name as $dname) {
foreach ($delete_user as $user_id) {
if (!is_a_domain_default_user($user_id)) {
delete_user($user_id);
}
}
}
} elseif (isset($_POST["button_link"])) {
$button = "link";
if (isset($_POST["email"]) && isset($_POST["user"])) {
$smarty->assign('email', 1);
$smarty->assign('user', 1);
// Note that $email is an array
$email = $_POST["email"];
$new_owner_id = trim($_POST["user"]);
$lang['text_address_linked_array'] = array();
if (is_a_domain_default_user($new_owner_id)) {
//cannot link to domain deault accounts
$lang['text_address_linked_array'][] = $lang['text_address_not_linked'];
} else {
foreach ($email as $address_id) {
$old_owner_id = get_email_address_owner($address_id);
$email_address = get_email_address_by_id($address_id);
transfer_email_address_to_user($old_owner_id, $new_owner_id, $email_address);
$lang['text_address_linked_array'][] = sprintf($lang['text_address_linked'], $email_address, get_user_name($new_owner_id));
}
}
}
} elseif (isset($_POST["button_find"])) {
$button = "find";
if (isset($_POST["lookup"])) {
$smarty->assign('lookup', 1);
