Exemplo n.º 1
0
function add_policy($email)
{
    global $dbh;
    $policy_id = 0;
    $domain = "@" . get_domain_from_email($email);
    $select = "SELECT virus_lover, " . "spam_lover, " . "banned_files_lover, " . "bad_header_lover, " . "bypass_virus_checks, " . "bypass_spam_checks, " . "bypass_banned_checks, " . "bypass_header_checks, " . "discard_viruses, " . "discard_spam, " . "discard_banned_files, " . "discard_bad_headers, " . "spam_modifies_subj, " . "spam_tag_level, " . "spam_tag2_level, " . "spam_kill_level " . "FROM policy WHERE policy_name = ?";
    // Try to find a domain-based set of defaults for this user,
    // based on his e-mail address.
    $sth = $dbh->query($select, array($domain));
    if ($row = $sth->fetchRow()) {
        $virus_lover = $row["virus_lover"];
        $spam_lover = $row["spam_lover"];
        $bad_header_lover = $row["bad_header_lover"];
        $banned_files_lover = $row["banned_files_lover"];
        $bypass_virus_checks = $row["bypass_virus_checks"];
        $bypass_spam_checks = $row["bypass_spam_checks"];
        $bypass_banned_checks = $row["bypass_banned_checks"];
        $bypass_header_checks = $row["bypass_header_checks"];
        $discard_viruses = $row["discard_viruses"];
        $discard_spam = $row["discard_spam"];
        $discard_banned_files = $row["discard_banned_files"];
        $discard_bad_headers = $row["discard_bad_headers"];
        $spam_modifies_subj = $row["spam_modifies_subj"];
        $spam_tag_level = $row["spam_tag_level"];
        $spam_tag2_level = $row["spam_tag2_level"];
        $spam_kill_level = $row["spam_kill_level"];
        $nodefault = false;
    } else {
        $sth->free();
        // Try to find a "Default" policy (@.) to copy defaults from.
        $sth = $dbh->query($select, array("Default"));
        if ($row = $sth->fetchRow()) {
            $virus_lover = $row["virus_lover"];
            $spam_lover = $row["spam_lover"];
            $bad_header_lover = $row["bad_header_lover"];
            $banned_files_lover = $row["banned_files_lover"];
            $bypass_virus_checks = $row["bypass_virus_checks"];
            $bypass_spam_checks = $row["bypass_spam_checks"];
            $bypass_banned_checks = $row["bypass_banned_checks"];
            $bypass_header_checks = $row["bypass_header_checks"];
            $discard_viruses = $row["discard_viruses"];
            $discard_spam = $row["discard_spam"];
            $discard_banned_files = $row["discard_banned_files"];
            $discard_bad_headers = $row["discard_bad_headers"];
            $spam_modifies_subj = $row["spam_modifies_subj"];
            $spam_tag_level = $row["spam_tag_level"];
            $spam_tag2_level = $row["spam_tag2_level"];
            $spam_kill_level = $row["spam_kill_level"];
            $nodefault = false;
        } else {
            // No suitable defaults found.
            $nodefault = true;
        }
    }
    $sth->free();
    if ($nodefault) {
        // Use the database defaults as our last resort.
        $insert = "INSERT INTO policy (policy_name) VALUES (?)";
        $dbh->query($insert, array($email));
    } else {
        // Use the domain or system default values found above.
        $insert = "INSERT INTO policy (policy_name, " . "virus_lover, " . "spam_lover, " . "banned_files_lover, " . "bad_header_lover, " . "bypass_virus_checks, " . "bypass_spam_checks, " . "bypass_banned_checks, " . "bypass_header_checks, " . "discard_viruses, " . "discard_spam, " . "discard_banned_files, " . "discard_bad_headers, " . "spam_modifies_subj, " . "spam_tag_level, " . "spam_tag2_level, " . "spam_kill_level" . ") VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
        $dbh->query($insert, array($email, $virus_lover, $spam_lover, $banned_files_lover, $bad_header_lover, $bypass_virus_checks, $bypass_spam_checks, $bypass_banned_checks, $bypass_header_checks, $discard_viruses, $discard_spam, $discard_banned_files, $discard_bad_headers, $spam_modifies_subj, $spam_tag_level, $spam_tag2_level, $spam_kill_level));
    }
    $select = "SELECT id FROM policy WHERE policy_name = ?";
    $sth = $dbh->query($select, array($email));
    if ($row = $sth->fetchRow()) {
        $policy_id = $row["id"];
    }
    $sth->free();
    return $policy_id;
}
/**
 * Queries the domain for this email address to see if it supports WebFinger, and
 * if it does returns the right URL to call to get information on the address
 *
 * @param string $email The email address of the user
 * @return string The URL to call to get information, or null if none found
 */
function webfinger_query_url_for_email($email)
{
    $domain = get_domain_from_email($email);
    if (empty($domain)) {
        return null;
    }
    // First, ask the server for a list of the services it supports, so we can
    // look through that list for WebFinger
    $endpoint_url = WEBFINGER_ENDPOINT_PREFIX;
    $endpoint_url .= $domain;
    $endpoint_url .= WEBFINGER_ENDPOINT_SUFFIX;
    $endpoint_result = http_request($endpoint_url);
    if (!did_http_succeed($endpoint_result)) {
        return null;
    }
    $endpoint_xml = $endpoint_result['body'];
    $endpoint_data = convert_xml_string_to_array($endpoint_xml);
    if (!isset($endpoint_data['xrd']['link'])) {
        return null;
    }
    $endpoint_links = $endpoint_data['xrd']['link'];
    // If there was a single link tag, we'll get its contents in $endpoint_links, but
    // if multiple links were present, the contents will be an numeric array of them all.
    // To normalize this, put lone tags into their own array.
    if (!isset($endpoint_links[0])) {
        $endpoint_links_list = array($endpoint_links);
    } else {
        $endpoint_links_list = $endpoint_links;
    }
    // Now search for a link with the right service rel tag, and get the URL template
    $template = null;
    foreach ($endpoint_links_list as $link) {
        if (!isset($link['@attributes']['rel'])) {
            continue;
        }
        $rel = $link['@attributes']['rel'];
        if ($rel !== WEBFINGER_SERVICE_REL_TYPE) {
            continue;
        }
        if (!isset($link['@attributes']['template'])) {
            continue;
        }
        $template = $link['@attributes']['template'];
    }
    if (empty($template)) {
        return null;
    }
    if (!strpos($template, '{uri}')) {
        return null;
    }
    // Finally substitute the actual email address into the generic template
    $result = str_replace('{uri}', urlencode('acct:' . $email), $template);
    return $result;
}
Exemplo n.º 3
0
    header("Location: index.php" . $sid);
    exit;
}
$id = trim($_GET["id"]);
// Make sure this administrator has the right to impersonate
// this specific user.
$privilege = false;
if (is_a_domain_default_user($id)) {
    $domain_id = get_domain_id(get_user_name($id));
    $privilege = is_admin_for_domain($uid, $domain_id);
} else {
    if (!is_superadmin($uid)) {
        $select = "SELECT email FROM users WHERE maia_user_id = ?";
        $sth = $dbh->query($select, array($id));
        while (!$privilege && ($row = $sth->fetchRow())) {
            $domain_id = get_domain_id("@" . get_domain_from_email($row["email"]));
            $privilege = is_admin_for_domain($uid, $domain_id);
        }
        $sth->free();
    } else {
        // superadmin gets privs
        $privilege = true;
    }
}
if ($id < 1 || !$privilege) {
    header("Location: admindex.php" . $sid);
    exit;
}
// Assume the user's UID as our EUID
$_SESSION["euid"] = $id;
// Go to the main page as if the user we're impersonating
Exemplo n.º 4
0
     $logger->err("xsettings.php: address_id not found.");
     header("Location: index.php{$msid}");
     exit;
 }
 $sth = $dbh->prepare("SELECT policy_id, email, maia_user_id FROM users\n                   WHERE users.maia_user_id = ? AND users.id = ?");
 $res = $sth->execute(array($euid, $address_id));
 if (PEAR::isError($sth)) {
     die($sth->getMessage());
 }
 if ($res->numRows() == 0) {
     $logger->err("xsettings.php: address_id doesn't belong to effective user: {$address_id}");
     header("Location: logout.php");
     exit;
 }
 $row = $res->fetchRow();
 if (!(is_admin_for_domain($uid, get_domain_id("@" . get_domain_from_email($row["email"]))) || $super || $row["maia_user_id"] == $euid)) {
     $logger->err("xsettings.php: failed security check.");
     header("Location: logout.php");
     exit;
 }
 $policy_id = $row['policy_id'];
 $sth->free();
 $sth = $dbh->prepare("SELECT virus_lover, " . "spam_lover, " . "banned_files_lover, " . "bad_header_lover, " . "bypass_virus_checks, " . "bypass_spam_checks, " . "bypass_banned_checks, " . "bypass_header_checks, " . "discard_viruses, " . "discard_spam, " . "discard_banned_files, " . "discard_bad_headers, " . "spam_modifies_subj, " . "spam_tag_level, " . "spam_tag2_level, " . "spam_kill_level " . "FROM policy WHERE id = ?");
 $res = $sth->execute(array($policy_id));
 if (PEAR::isError($sth)) {
     die($sth->getMessage());
 }
 if ($row = $res->fetchRow()) {
     $default_quarantine_viruses = $row["virus_lover"] == "N";
     $default_quarantine_spam = $row["spam_lover"] == "N";
     $default_quarantine_banned_files = $row["banned_files_lover"] == "N";
Exemplo n.º 5
0
     $new_email = $username . "@" . $routing_domain;
 } elseif ($auth_method == "imap") {
     $new_email = get_rewritten_email_address($new_email, $address_rewriting_type);
     $username = get_user_from_email($new_email);
 } elseif ($auth_method == "internal") {
     $new_email = get_rewritten_email_address($new_email, $address_rewriting_type);
     $username = $new_email;
 } else {
     $username = get_user_from_email($new_email);
 }
 $bad_user = empty($username);
 $smarty->assign("bad_user", $bad_user);
 if (!$super && !$bad_user) {
     // Make sure the new address is in a domain that
     // this administrator controls.
     $domain = "@" . get_domain_from_email($new_email);
     $select = "SELECT id " . "FROM maia_domains, maia_domain_admins " . "WHERE maia_domains.id = maia_domain_admins.domain_id " . "AND maia_domain_admins.admin_id = ? " . "AND maia_domains.domain = ?";
     $sth = $dbh->prepare($select);
     $res = $sth->execute(array($uid, $domain));
     if (PEAR::isError($sth)) {
         die($sth->getMessage());
     }
     $bad_domain = !$res->fetchrow();
     $smarty->assign("bad_domain", $bad_domain);
     $sth->free();
 }
 if (($super || !$bad_domain) && !$bad_user) {
     // Only add the new address if it doesn't already exist.
     $sth = $dbh->prepare("SELECT maia_user_id FROM users WHERE email = ?");
     $res = $sth->execute(array($new_email));
     if (PEAR::isError($sth)) {
Exemplo n.º 6
0
function add_user($user_name, $email)
{
    global $dbh;
    global $logger;
    // get domain default if available....
    $domain = get_domain_from_email($email);
    $domain_id = get_user_id("@" . $domain, "@" . $domain);
    if ($domain_id != 0) {
        $domain_defaults = get_maia_user_row($domain_id);
    } else {
        $domain_defaults = get_maia_user_row(get_user_id("@.", "@."));
    }
    // Add an entry to the maia_users table
    $sth = $dbh->prepare("INSERT INTO maia_users (user_name, reminders, charts, language, auto_whitelist, " . "items_per_page, theme_id, quarantine_digest_interval, truncate_subject, truncate_email, spamtrap) " . "VALUES (?,?,?,?,?,?,?,?,?,?,'N')");
    $res = $sth->execute(array($user_name, $domain_defaults["reminders"], $domain_defaults["charts"], $domain_defaults["language"], $domain_defaults["auto_whitelist"], $domain_defaults["items_per_page"], $domain_defaults["theme_id"], $domain_defaults["quarantine_digest_interval"], $domain_defaults["truncate_subject"], $domain_defaults["truncate_email"]));
    if (PEAR::isError($res)) {
        $logger->err("Can't insert new user: "******"SELECT id FROM maia_users WHERE user_name = ?");
    $res = $sth->execute(array($user_name));
    if (PEAR::isError($sth)) {
        die($sth->getMessage());
    }
    if ($row = $res->fetchRow()) {
        $uid = $row["id"];
    }
    $sth->free();
    // Link this e-mail address to this user
    $email_id = add_email_address_to_user($uid, $email);
    // Make this e-mail address the user's primary address
    set_primary_email($uid, $email_id);
    return $uid;
}