<?php if (!defined('SP_ENDUSER')) { die('File not included'); } if (!$settings->getDigestSecret()) { die('No digest secret'); } $node = intval($_GET['node']); $queueid = preg_replace('/[^0-9]/', '', $_GET['queueid']); $time = intval($_GET['time']); $sign = $_GET['sign']; $client = soap_client($node); // Check time, allow 1 week of links if ($time + 3600 * 24 * 7 < time()) { die('Link has expired (valid 1 week)'); } // Get message ID, part of signing hash $query['filter'] = 'queueid=' . $queueid; $query['offset'] = 0; $query['limit'] = 1; $queue = $client->mailQueue($query); if (count($queue->result->item) == 1) { $msgid = $queue->result->item[0]->msgid; $msgfrom = $queue->result->item[0]->msgfrom; $msgto = $queue->result->item[0]->msgto; } // Validate signature $message = $node . $queueid . $time . $msgid; $hash = hash_hmac('sha256', $message, $settings->getDigestSecret()); if ($hash !== $sign) {
$_SESSION['source'] = 'database'; $_SESSION['access'] = array(); $statement = $dbh->prepare("SELECT * FROM users_relations WHERE username = :username;"); $statement->execute(array(':username' => $row['username'])); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { $_SESSION['access'][$row['type']][] = $row['access']; } break 2; break; case 'server': // Loop through all the configured nodes; the primary node going // down shouldn't take all auth down with it, merely slow it for ($i = 0; $i < count($settings->getNodes()); $i++) { try { // Attempt to connect to the node soap_client($i, false, $username, $password)->login(); // Set the client to be logged in $_SESSION['username'] = $username; $_SESSION['source'] = 'server'; $_SESSION['access'] = array(); // Use the user's credentials instead of the config's $_SESSION['soap_username'] = $username; $_SESSION['soap_password'] = $password; break 3; } catch (SoapFault $e) { // If the node is unavailable, skip to the next one if ($e->getMessage() != "Unauthorized") { continue; } } break;
$restrict[] = '&&'; } } $restrict[] = 'action=QUARANTINE'; $restrict[] = 'time>' . strtotime('-24hour'); $real_search = implode(' ', $restrict); // Initial settings $timesort = array(); $total = 0; $param = array(); $clients = array(); foreach ($settings->getNodes() as $n => $r) { $param[$n]['limit'] = $limit; $param[$n]['filter'] = $real_search; $param[$n]['offset'] = 0; $clients[$n] = soap_client($n); } function access_level_merge($a, $b) { if (!isset($a)) { return $b; } if (!isset($b)) { return $a; } if (empty($a) || empty($b)) { return array(); } return array_merge_recursive($a, $b); } function substrdots($text, $len)