Thread: SF.net SVN: postfixadmin:[700] trunk/functions.inc.php (Page 2)
Brought to you by:
christian_boltz,
gingerdog
From: <Gin...@us...> - 2009-08-04 20:41:50
|
Revision: 700 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=700&view=rev Author: GingerDog Date: 2009-08-04 20:41:24 +0000 (Tue, 04 Aug 2009) Log Message: ----------- fix db_get_boolean behaviour - postgres returns "t" or "f" - and also accepts this Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2009-08-01 14:40:48 UTC (rev 699) +++ trunk/functions.inc.php 2009-08-04 20:41:24 UTC (rev 700) @@ -1514,9 +1514,9 @@ if($CONF['database_type']=='pgsql') { // return either true or false (unquoted strings) if($bool) { - return 'true'; + return 't'; } - return 'false'; + return 'f'; } elseif($CONF['database_type'] == 'mysql' || $CONF['database_type'] == 'mysqli') { if($bool) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <Gin...@us...> - 2009-08-21 10:50:11
|
Revision: 710 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=710&view=rev Author: GingerDog Date: 2009-08-21 10:49:57 +0000 (Fri, 21 Aug 2009) Log Message: ----------- functions.inc.php: fix as per Geoff Shangs report via email Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2009-08-21 07:50:25 UTC (rev 709) +++ trunk/functions.inc.php 2009-08-21 10:49:57 UTC (rev 710) @@ -780,8 +780,8 @@ $query = "SELECT $table_domain.domain, $table_domain_admins.username FROM $table_domain LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain WHERE $table_domain_admins.username='$username' - AND $table_domain.active=$active_sql - AND $table_domain.backupmx=$backupmx_sql + AND $table_domain.active='$active_sql' + AND $table_domain.backupmx='$backupmx_sql' ORDER BY $table_domain_admins.domain"; $result = db_query ($query); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <Gin...@us...> - 2009-09-01 14:01:51
|
Revision: 717 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=717&view=rev Author: GingerDog Date: 2009-09-01 14:01:44 +0000 (Tue, 01 Sep 2009) Log Message: ----------- functions.inc.php: allow for port specification for PostgreSQL Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2009-09-01 14:01:26 UTC (rev 716) +++ trunk/functions.inc.php 2009-09-01 14:01:44 UTC (rev 717) @@ -1461,7 +1461,10 @@ { if (function_exists ("pg_pconnect")) { - $connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password']; + if(!isset($CONF['database_port'])) { + $CONF['database_port'] = '5432'; + } + $connect_string = "host=" . $CONF['database_host'] . " port=" . $CONF['database_port'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password']; $link = @pg_pconnect ($connect_string) or $error_text .= ("<p />DEBUG INFORMATION:<br />Connect: failed to connect to database. $DEBUG_TEXT"); if ($link) pg_set_client_encoding($link, 'UNICODE'); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2009-11-02 18:46:55
|
Revision: 752 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=752&view=rev Author: christian_boltz Date: 2009-11-02 18:46:48 +0000 (Mon, 02 Nov 2009) Log Message: ----------- functions.inc.php: - handle dovecot passwords without any tempfile (to prevent safe_mode issues) Changed based on a patch from Aleksandr @SF, https://sourceforge.net/tracker/?func=detail&atid=937966&aid=2890471&group_id=191583 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2009-11-02 00:24:40 UTC (rev 751) +++ trunk/functions.inc.php 2009-11-02 18:46:48 UTC (rev 752) @@ -1199,22 +1199,30 @@ $dovecotpw = "dovecotpw"; if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw']; - // prevent showing plain password in process table - $prefix = "postfixadmin-"; - $tmpfile = tempnam('/tmp', $prefix); - $pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call + # Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table + $spec = array( + 0 => array("pipe", "r"), // stdin + 1 => array("pipe", "w") // stdout + ); + $pipe = proc_open("$dovecotpw '-s' $method", $spec, $pipes); + if (!$pipe) { - unlink($tmpfile); + die("can't proc_open $dovecotpw"); } else { // use dovecot's stdin, it uses getpass() twice - fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000); - fwrite($pipe, $pw . "\n", 1+strlen($pw)); - pclose($pipe); - $password = file_get_contents($tmpfile); + // Write pass in pipe stdin + fwrite($pipes[0], $pw . "\n", 1+strlen($pw)); usleep(1000); + fwrite($pipes[0], $pw . "\n", 1+strlen($pw)); + fclose($pipes[0]); + + // Read hash from pipe stdout + $password = fread($pipes[1], "200"); + fclose($pipes[1]); + proc_close($pipe); + if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); } $password = trim(str_replace('{' . $method . '}', '', $password)); - unlink($tmpfile); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2009-12-05 01:27:36
|
Revision: 785 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=785&view=rev Author: christian_boltz Date: 2009-12-05 00:13:29 +0000 (Sat, 05 Dec 2009) Log Message: ----------- functions.inc.php - remove obsolete unlink($tmpfile) that was re-introduced by smarty merge Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2009-12-05 00:08:47 UTC (rev 784) +++ trunk/functions.inc.php 2009-12-05 00:13:29 UTC (rev 785) @@ -1228,7 +1228,6 @@ if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); } $password = trim(str_replace('{' . $method . '}', '', $password)); - unlink($tmpfile); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-02-13 21:20:23
|
Revision: 801 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=801&view=rev Author: christian_boltz Date: 2010-02-13 21:20:17 +0000 (Sat, 13 Feb 2010) Log Message: ----------- functions.inc.php: - table_by_key() breaks if database_prefix != "" and database_tables[$table_key] is not set It will now always prepend database_prefix. Note: This might lead to different (but more correct) table names for users that a) have a $CONF[database_prefix] and b) have an incomplete $CONF[database_tables] array. -> Will NOT be backported to 2.3 branch to avoid compatibility problems. - pacrypt(): $CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. (Well, it will work for dovecot, but not for postfixadmin login ;-) pacrypt() will now die() with a useful error message if a user has set this option. Problem found by cgastrell @SF, https://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/3549894/index/page/1 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-02-10 22:49:21 UTC (rev 800) +++ trunk/functions.inc.php 2010-02-13 21:20:17 UTC (rev 801) @@ -1200,6 +1200,7 @@ $split_method = preg_split ('/:/', $CONF['encrypt']); $method = strtoupper($split_method[1]); if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list? + if (strtolower($method) == 'md5-crypt') die("\$CONF['encrypt'] = 'dovecot:md5-crypt' will not work because dovecotpw generates a random salt each time. Please use \$CONF['encrypt'] = 'md5crypt' instead."); $dovecotpw = "dovecotpw"; if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw']; @@ -1788,6 +1789,9 @@ function table_by_key ($table_key) { global $CONF; +# TODO: FIXME: +# - breaks if database_prefix != "" and database_tables[$table_key] is not set +# - should always prepend database_prefix, even if database_tables[$table_key] is not set $table = $CONF['database_prefix'].$CONF['database_tables'][$table_key]; if (empty($table)) $table = $table_key; return $table; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-02-13 21:36:34
|
Revision: 802 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=802&view=rev Author: christian_boltz Date: 2010-02-13 21:36:28 +0000 (Sat, 13 Feb 2010) Log Message: ----------- functions.inc.php: Argh - I didn't save functions.inc.php before the last commit. Therefore it contained only the pacrypt() change. This commit really contains the table_by_key() change: - table_by_key() breaks if database_prefix != "" and database_tables[$table_key] is not set It will now always prepend database_prefix. Note: This might lead to different (but more correct) table names for users that a) have a $CONF[database_prefix] and b) have an incomplete $CONF[database_tables] array. -> Will NOT be backported to 2.3 branch to avoid compatibility problems. Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-02-13 21:20:17 UTC (rev 801) +++ trunk/functions.inc.php 2010-02-13 21:36:28 UTC (rev 802) @@ -1789,11 +1789,8 @@ function table_by_key ($table_key) { global $CONF; -# TODO: FIXME: -# - breaks if database_prefix != "" and database_tables[$table_key] is not set -# - should always prepend database_prefix, even if database_tables[$table_key] is not set $table = $CONF['database_prefix'].$CONF['database_tables'][$table_key]; - if (empty($table)) $table = $table_key; + if (empty($table)) $table = $CONF['database_prefix'].$table_key; return $table; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-02-21 15:16:33
|
Revision: 804 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=804&view=rev Author: christian_boltz Date: 2010-02-21 15:16:26 +0000 (Sun, 21 Feb 2010) Log Message: ----------- functions.inc.php: - table_by_key returned only the $CONF[database_prefix] if a table was unknown in $CONF[database_tables] and $CONF[database_prefix] was not empty. See bugreport from Uwe Walter (uwalter), but I'm using a different patch. https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2951471&group_id=191583 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-02-19 13:35:47 UTC (rev 803) +++ trunk/functions.inc.php 2010-02-21 15:16:26 UTC (rev 804) @@ -1789,9 +1789,13 @@ function table_by_key ($table_key) { global $CONF; - $table = $CONF['database_prefix'].$CONF['database_tables'][$table_key]; - if (empty($table)) $table = $CONF['database_prefix'].$table_key; - return $table; + if (empty($CONF['database_tables'][$table_key])) { + $table = $table_key; + } else { + $table = $CONF['database_tables'][$table_key]; + } + + return $CONF['database_prefix'].$table; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-06-22 20:48:12
|
Revision: 836 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=836&view=rev Author: christian_boltz Date: 2010-06-22 20:48:06 +0000 (Tue, 22 Jun 2010) Log Message: ----------- functions.inc.php - db_query did not return the number of SELECTed rows if the query starts with whitespace, leading to an empty mailbox list (at least in trunk) https://sourceforge.net/tracker/?func=detail&aid=3010371&group_id=191583&atid=937964 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-06-22 20:28:23 UTC (rev 835) +++ trunk/functions.inc.php 2010-06-22 20:48:06 UTC (rev 836) @@ -1579,7 +1579,7 @@ if ($error_text != "" && $ignore_errors == 0) die($error_text); if ($error_text == "") { - if (preg_match("/^SELECT/i", $query)) + if (preg_match("/^SELECT/i", trim($query))) { // if $query was a SELECT statement check the number of rows with [database_type]_num_rows (). if ($CONF['database_type'] == "mysql") $number_rows = mysql_num_rows ($result); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-12-15 23:17:14
|
Revision: 892 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=892&view=rev Author: christian_boltz Date: 2010-12-15 23:17:08 +0000 (Wed, 15 Dec 2010) Log Message: ----------- functions.inc.php: - replaced deprecated split() call with preg_split() https://sourceforge.net/tracker/?func=detail&aid=3060495&group_id=191583&atid=937964 - added hint about probably missing php5-* packages in error messages if database functions don't exist Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-12-09 00:33:46 UTC (rev 891) +++ trunk/functions.inc.php 2010-12-15 23:17:08 UTC (rev 892) @@ -1184,7 +1184,7 @@ $salt = substr(create_salt(), 0, 2); # courier-authlib supports only two-character salts if(preg_match('/^{.*}/', $pw_db)) { // we have a flavor in the db -> use it instead of default flavor - $result = split('{|}', $pw_db, 3); + $result = preg_split('/[{}]/', $pw_db, 3); # split at { and/or } $flavor = $result[1]; $salt = substr($result[2], 0, 2); } @@ -1459,7 +1459,7 @@ } else { - $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 3.x / 4.0 functions not available!<br />database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; + $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 3.x / 4.0 functions not available! (php5-mysql installed?)<br />database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } } elseif ($CONF['database_type'] == "mysqli") @@ -1475,7 +1475,7 @@ } else { - $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available!<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; + $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } } elseif ($CONF['database_type'] == "pgsql") @@ -1491,7 +1491,7 @@ } else { - $error_text .= "<p />DEBUG INFORMATION:<br />PostgreSQL functions not available!<br />database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; + $error_text .= "<p />DEBUG INFORMATION:<br />PostgreSQL functions not available! (php5-pgsql installed?)<br />database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } } else This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-12-25 14:57:41
|
Revision: 902 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=902&view=rev Author: christian_boltz Date: 2010-12-25 14:57:35 +0000 (Sat, 25 Dec 2010) Log Message: ----------- functions.inc.php: - check_domain(): don't trim() the domain - whitespace is an error. This catches "foo@ domain.com" that wasn't catched before. Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-12-25 14:50:26 UTC (rev 901) +++ trunk/functions.inc.php 2010-12-25 14:57:35 UTC (rev 902) @@ -229,7 +229,7 @@ global $CONF; global $PALANG; - if (!preg_match ('/([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', trim ($domain))) + if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', ($domain))) { flash_error(sprintf($PALANG['pInvalidDomainRegex'], htmlentities($domain))); return false; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-12-25 22:04:23
|
Revision: 907 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=907&view=rev Author: christian_boltz Date: 2010-12-25 22:04:16 +0000 (Sat, 25 Dec 2010) Log Message: ----------- functions.inc.php: various improvements while working on UserHandler.php - smtp_mail(): added another (currently optional) parameter. It can now be called with subject and body, no need to build the mail header in every script that needs to send a mail. - db_delete() did not use table_by_key. Fixed, backport queued for 2.3 branch - db_insert() now has array(created,modified) as default for timestamp columns so that most calls can be done without that parameter - db_update() now has array(modified) as default for timestamp column so that most calls can be done without that parameter - new functions db_begin / db_commit / db_rollback - BEGIN / COMMIT / ROLLBACK wrapped in a check for $CONF['database_type'] == "pgsql". One more step to get rid of database-specific code in all files. - db_log(): - migrated to db_insert. This should also fix some missing quoting. - sorted $action_list to make it more readable - backport queued for 2.3 branch for both changes Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-12-25 16:57:30 UTC (rev 906) +++ trunk/functions.inc.php 2010-12-25 22:04:16 UTC (rev 907) @@ -1353,13 +1353,19 @@ -// -// smtp_mail -// Action: Sends email to new account. -// Call: smtp_mail (string To, string From, string Data) -// TODO: Replace this with something decent like PEAR::Mail or Zend_Mail. -function smtp_mail ($to, $from, $data) -{ +/** + * smtp_mail + * Action: Send email + * Call: smtp_mail (string to, string from, string subject, string body]) - or - + * Call: smtp_mail (string to, string from, string data) - DEPRECATED + * @param String - To: + * @param String - From: + * @param String - Subject: (if called with 4 parameters) or full mail body (if called with 3 parameters) + * @param String (optional, but recommended) - mail body + * @return bool - true on success, otherwise false + * TODO: Replace this with something decent like PEAR::Mail or Zend_Mail. + */ +function smtp_mail ($to, $from, $data, $body = "") { global $CONF; $smtpd_server = $CONF['smtp_server']; $smtpd_port = $CONF['smtp_port']; @@ -1369,6 +1375,21 @@ $errstr = "0"; $timeout = "30"; + if ($body != "") { + $maildata = + "To: " . $to . "\n" + . "From: " . $from . "\n" + . "Subject: " . encode_header ($data) . "\n" + . "MIME-Version: 1.0\n" + . "Content-Type: text/plain; charset=utf-8\n" + . "Content-Transfer-Encoding: 8bit\n" + . "\n" + . $body + ; + } else { + $maildata = $data; + } + $fh = @fsockopen ($smtpd_server, $smtpd_port, $errno, $errstr, $timeout); if (!$fh) @@ -1386,7 +1407,7 @@ $res = smtp_get_response($fh); fputs ($fh, "DATA\r\n"); $res = smtp_get_response($fh); - fputs ($fh, "$data\r\n.\r\n"); + fputs ($fh, "$maildata\r\n.\r\n"); $res = smtp_get_response($fh); fputs ($fh, "QUIT\r\n"); $res = smtp_get_response($fh); @@ -1662,6 +1683,7 @@ // function db_delete ($table,$where,$delete) { + $table = table_by_key($table); $query = "DELETE FROM $table WHERE " . escape_string($where) . "='" . escape_string($delete) . "'"; $result = db_query ($query); if ($result['rows'] >= 1) @@ -1678,13 +1700,13 @@ /** * db_insert * Action: Inserts a row from a specified table - * Call: db_insert (string table, array values) - * @param String $table - table name - * @param array - key/value map of data to insert into the table. - * @param array (optional) - array of fields to set to now() + * Call: db_insert (string table, array values [, array timestamp]) + * @param String - table name + * @param array - key/value map of data to insert into the table. + * @param array (optional) - array of fields to set to now() - default: array('created', 'modified') * @return int - number of inserted rows */ -function db_insert ($table, $values, $timestamp = array()) +function db_insert ($table, $values, $timestamp = array('created', 'modified') ) { $table = table_by_key ($table); @@ -1706,14 +1728,14 @@ /** * db_update * Action: Updates a specified table - * Call: db_update (string table, array values, string where) - * @param String $table - table name + * Call: db_update (string table, string where, array values [, array timestamp]) + * @param String - table name * @param String - WHERE condition * @param array - key/value map of data to insert into the table. - * @param array (optional) - array of fields to set to now() + * @param array (optional) - array of fields to set to now() - default: array('modified') * @return int - number of updated rows */ -function db_update ($table, $where, $values, $timestamp = array()) +function db_update ($table, $where, $values, $timestamp = array('modified') ) { $table = table_by_key ($table); @@ -1731,8 +1753,39 @@ return $result['rows']; } +/** + * db_begin / db_commit / db_rollback + * Action: BEGIN / COMMIT / ROLLBACK transaction (PostgreSQL only!) + * Call: db_begin() + */ +function db_begin () { + global $CONF; +# if ('pgsql'== Config::read('database_type')) { + if ('pgsql'== $CONF['database_type']) { + db_query('BEGIN'); + } +} +function db_commit () { + global $CONF; +# if ('pgsql'== Config::read('database_type')) { + if ('pgsql'== $CONF['database_type']) { + db_query('COMMIT'); + } +} +function db_rollback () { + global $CONF; +# if ('pgsql'== Config::read('database_type')) { + if ('pgsql'== $CONF['database_type']) { + db_query('ROLLBACK'); + } +} + + + + + /** * db_log * Action: Logs actions from admin @@ -1768,8 +1821,15 @@ if ($CONF['logging'] == 'YES') { - $result = db_query ("INSERT INTO $table_log (timestamp,username,domain,action,data) VALUES (NOW(),'$username ($REMOTE_ADDR)','$domain','$action','$data')"); - if ($result['rows'] != 1) + $logdata = array( + 'username' => "$username ($REMOTE_ADDR)", + 'domain' => $domain, + 'action' => $action, + 'data' => $data, + ); + $result = db_insert('log', $logdata, array('timestamp') ); + #$result = db_query ("INSERT INTO $table_log (timestamp,username,domain,action,data) VALUES (NOW(),'$username ($REMOTE_ADDR)','$domain','$action','$data')"); + if ($result != 1) { return false; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-12-25 22:59:17
|
Revision: 910 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=910&view=rev Author: christian_boltz Date: 2010-12-25 22:59:11 +0000 (Sat, 25 Dec 2010) Log Message: ----------- functions.inc.php: last commit missed some changes to db_log(): - sorted $action_list to make it more readable - cleanup Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2010-12-25 22:38:09 UTC (rev 909) +++ trunk/functions.inc.php 2010-12-25 22:59:11 UTC (rev 910) @@ -1813,7 +1813,13 @@ global $table_log; $REMOTE_ADDR = getRemoteAddr(); - $action_list = array( 'create_domain', 'create_alias', 'create_alias_domain','delete_domain', 'delete_alias', 'delete_alias_domain','edit_domain', 'edit_alias', 'create_mailbox', 'delete_mailbox', 'edit_mailbox', 'edit_alias_state', 'edit_alias_domain_state', 'edit_mailbox_state', 'edit_password'); + $action_list = array( + 'create_alias', 'edit_alias', 'edit_alias_state', 'delete_alias', + 'create_mailbox', 'edit_mailbox', 'edit_mailbox_state', 'delete_mailbox', + 'create_domain', 'edit_domain', 'delete_domain', + 'create_alias_domain', 'edit_alias_domain_state', 'delete_alias_domain', + 'edit_password', + ); if(!in_array($action, $action_list)) { die("Invalid log action : $action"); // could do with something better? @@ -1828,13 +1834,9 @@ 'data' => $data, ); $result = db_insert('log', $logdata, array('timestamp') ); - #$result = db_query ("INSERT INTO $table_log (timestamp,username,domain,action,data) VALUES (NOW(),'$username ($REMOTE_ADDR)','$domain','$action','$data')"); - if ($result != 1) - { + if ($result != 1) { return false; - } - else - { + } else { return true; } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-04-09 22:37:18
|
Revision: 1022 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1022&view=rev Author: christian_boltz Date: 2011-04-09 22:37:11 +0000 (Sat, 09 Apr 2011) Log Message: ----------- functions.inc.php: - new function create_page_browser() Function to create the page browser index ("a-c, d-h, ...") with light speed (at least when compared with the current code that can take several minutes(!) for people with lots of mailboxes or aliases). At the moment, it only works with MySQL, has several big TODO notes (including notices how to implement the PostgreSQL query) and is not yet actively used. Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-04-09 22:09:37 UTC (rev 1021) +++ trunk/functions.inc.php 2011-04-09 22:37:11 UTC (rev 1022) @@ -566,7 +566,57 @@ } +/** + * create_page_browser + * Action: Get page browser for a long list of mailboxes, aliases etc. + * Call: $pagebrowser = create_page_browser('table.field', 'query', 50) # replaces $param = $_GET['param'] + * + * @param String idxfield - database field name to use as title + * @param String query - core part of the query (starting at "FROM") + * @param Int item_count - number of total items (this function is lazy and doesn't want to count itsself ;-) + * @return String + */ +function create_page_browser($idxfield, $query, $item_count) { + global $CONF; + $page_size = $CONF['page_size']; + $label_len = 2; + $pagebrowser = array(); +# TODO: item_count is undefined on search results +# if ( $item_count <= $page_size ) return array(); # very short list - no pagebrowser needed + + $initcount = "SET @row=-1"; + $result = db_query($initcount); + + $last_in_page = $page_size - 1; + $query = "SELECT * FROM (SELECT $idxfield AS label, @row := @row + 1 AS row $query ) idx WHERE MOD(idx.row, $page_size) IN (0,$last_in_page)"; + +# TODO: $query is MySQL-specific + +# PostgreSQL: +# http://www.postgresql.org/docs/8.1/static/sql-createsequence.html +# http://www.postgresonline.com/journal/archives/79-Simulating-Row-Number-in-PostgreSQL-Pre-8.4.html +# http://www.pg-forum.de/sql/1518-nummerierung-der-abfrageergebnisse.html +# CREATE TEMPORARY SEQUENCE foo MINVALUE 0 MAXVALUE $page_size CYCLE +# afterwards: DROP SEQUENCE foo + + $result = db_query ($query); + if ($result['rows'] > 0) { + while ($row = db_array ($result['result'])) { + if ($row2 = db_array ($result['result'])) { + $label = substr($row['label'],0,$label_len) . '-' . substr($row2['label'],0,$label_len); + $pagebrowser[] = $label; + } else { + $label = substr($row['label'],0,$label_len) . '-' . 'ZZ'; + # TODO: separate query for the last row - or include it in the main query (... OR row = $item_count) + $pagebrowser[] = $label; + } + } + } + + return $pagebrowser; +} + // // get_mailbox_properties // Action: Get all the properties of a mailbox. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-04-10 14:16:23
|
Revision: 1026 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1026&view=rev Author: christian_boltz Date: 2011-04-10 14:16:17 +0000 (Sun, 10 Apr 2011) Log Message: ----------- functions.inc.php: - generate_password(): generate more secure random password Based on a patch from Pierre Fagrell (mrfrenzy@SF), https://sourceforge.net/tracker/?func=detail&aid=2958698&group_id=191583&atid=937964 (with some modifications) Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-04-10 13:13:12 UTC (rev 1025) +++ trunk/functions.inc.php 2011-04-10 14:16:17 UTC (rev 1026) @@ -1163,9 +1163,30 @@ // Action: Generates a random password // Call: generate_password () // -function generate_password () -{ - $password = substr (md5 (mt_rand ()), 0, 8); +function generate_password () { + global $CONF; + + //check that password length is sensible + $length = (int) $CONF['min_password_length']; + if ($length < 5 || $length > 32) { + $length = 8; + } + + // define possible characters + $possible = "2345678923456789abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ"; # skip 0 and 1 to avoid confusion with O and l + + // add random characters to $password until $length is reached + $password = ""; + while (strlen($password) < $length) { + // pick a random character from the possible ones + $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); + + // we don't want this character if it's already in the password + if (!strstr($password, $char)) { + $password .= $char; + } + } + return $password; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-04-10 16:30:56
|
Revision: 1030 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1030&view=rev Author: christian_boltz Date: 2011-04-10 16:30:49 +0000 (Sun, 10 Apr 2011) Log Message: ----------- functions.inc.php: fully working MySQL version of create_page_browser() - force $page_size to int and die() if it is < 2 - dropped $item_count parameter - the function now counts itsself - include last row in the query - return empty array (= no pagebrowser) if all rows fit in one page - PgSQL queries are still on my TODO list Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-04-10 14:46:43 UTC (rev 1029) +++ trunk/functions.inc.php 2011-04-10 16:30:49 UTC (rev 1030) @@ -573,23 +573,43 @@ * * @param String idxfield - database field name to use as title * @param String query - core part of the query (starting at "FROM") - * @param Int item_count - number of total items (this function is lazy and doesn't want to count itsself ;-) * @return String */ -function create_page_browser($idxfield, $query, $item_count) { +function create_page_browser($idxfield, $querypart) { global $CONF; - $page_size = $CONF['page_size']; + $page_size = (int) $CONF['page_size']; $label_len = 2; $pagebrowser = array(); -# TODO: item_count is undefined on search results -# if ( $item_count <= $page_size ) return array(); # very short list - no pagebrowser needed + if ($page_size < 2) { # will break the page browser + die('$CONF[\'page_size\'] must be 2 or more!'); + } + # get number of rows + $query = "SELECT count(*) as counter $querypart"; + $result = db_query ($query); + if ($result['rows'] > 0) { + $row = db_array ($result['result']); + $count_results = $row['counter'] -1; # we start counting at 0, not 1 + } +# echo "<p>rows: " . ($count_results +1) . " --- $query"; + + if ($count_results < $page_size) { + return array(); # only one page - no pagebrowser required + } + + # init row counter $initcount = "SET @row=-1"; $result = db_query($initcount); - $last_in_page = $page_size - 1; - $query = "SELECT * FROM (SELECT $idxfield AS label, @row := @row + 1 AS row $query ) idx WHERE MOD(idx.row, $page_size) IN (0,$last_in_page)"; + # get labels for relevant rows (first and last of each page) + $page_size_zerobase = $page_size - 1; + $query = " + SELECT * FROM ( + SELECT $idxfield AS label, @row := @row + 1 AS row $querypart + ) idx WHERE MOD(idx.row, $page_size) IN (0,$page_size_zerobase) OR idx.row = $count_results + "; +# echo "<p>$query"; # TODO: $query is MySQL-specific @@ -597,7 +617,7 @@ # http://www.postgresql.org/docs/8.1/static/sql-createsequence.html # http://www.postgresonline.com/journal/archives/79-Simulating-Row-Number-in-PostgreSQL-Pre-8.4.html # http://www.pg-forum.de/sql/1518-nummerierung-der-abfrageergebnisse.html -# CREATE TEMPORARY SEQUENCE foo MINVALUE 0 MAXVALUE $page_size CYCLE +# CREATE TEMPORARY SEQUENCE foo MINVALUE 0 MAXVALUE $page_size_zerobase CYCLE # afterwards: DROP SEQUENCE foo $result = db_query ($query); @@ -606,9 +626,8 @@ if ($row2 = db_array ($result['result'])) { $label = substr($row['label'],0,$label_len) . '-' . substr($row2['label'],0,$label_len); $pagebrowser[] = $label; - } else { - $label = substr($row['label'],0,$label_len) . '-' . 'ZZ'; - # TODO: separate query for the last row - or include it in the main query (... OR row = $item_count) + } else { # only one row remaining + $label = substr($row['label'],0,$label_len); $pagebrowser[] = $label; } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-04-10 19:20:37
|
Revision: 1033 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1033&view=rev Author: christian_boltz Date: 2011-04-10 19:20:31 +0000 (Sun, 10 Apr 2011) Log Message: ----------- functions.inc.php: - create_page_browser(): added queries for PgSQL (untested!) Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-04-10 18:34:05 UTC (rev 1032) +++ trunk/functions.inc.php 2011-04-10 19:20:31 UTC (rev 1033) @@ -600,6 +600,9 @@ # init row counter $initcount = "SET @row=-1"; + if ('pgsql'==$CONF['database_type']) { + $initcount = "CREATE TEMPORARY SEQUENCE rowcount MINVALUE 0"; + } $result = db_query($initcount); # get labels for relevant rows (first and last of each page) @@ -609,6 +612,13 @@ SELECT $idxfield AS label, @row := @row + 1 AS row $querypart ) idx WHERE MOD(idx.row, $page_size) IN (0,$page_size_zerobase) OR idx.row = $count_results "; + if ('pgsql'==$CONF['database_type']) { + $query = " + SELECT * FROM ( + SELECT $idxfield AS label, nextval('rowcount') AS row $querypart + ) idx WHERE MOD(idx.row, $page_size) IN (0,$page_size_zerobase) OR idx.row = $count_results + "; + } # echo "<p>$query"; # TODO: $query is MySQL-specific @@ -633,6 +643,10 @@ } } + if ('pgsql'==$CONF['database_type']) { + db_query ("DROP SEQUENCE rowcount"); + } + return $pagebrowser; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-05-31 22:50:29
|
Revision: 1065 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1065&view=rev Author: christian_boltz Date: 2011-05-31 22:50:22 +0000 (Tue, 31 May 2011) Log Message: ----------- functions.inc.php: fix check_quota() to handle unlimited maxquota - explicitely check for unlimited maxquota when checking if $quota > $limit[maxquota]. Without this, $quota was always considered as being too big (not surprising, everything is >0 ;-) This fixes https://sourceforge.net/tracker/?func=detail&aid=3306926&group_id=191583&atid=937964 (caused by domain quota patch, therefore not affecting 2.3.x) - replaced setting $rval with return in some cases if the decision is final without needing to check domain quota - added lots of comments to make understanding the function easier Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-05-31 21:47:02 UTC (rev 1064) +++ trunk/functions.inc.php 2011-05-31 22:50:22 UTC (rev 1065) @@ -682,31 +682,35 @@ global $CONF; $rval = false; $limit = get_domain_properties ($domain); + if ($limit['maxquota'] == 0) { - $rval = true; + $rval = true; # maxquota unlimited -> OK, but domain level quota could still be hit } + if (($limit['maxquota'] < 0) and ($quota < 0)) { - $rval = true; + return true; # maxquota and $quota are both disabled -> OK, no need for more checks } + if (($limit['maxquota'] > 0) and ($quota == 0)) { - $rval = false; + return false; # mailbox with unlimited quota on a domain with maxquota restriction -> not allowed, no more checks needed } - if ($quota > $limit['maxquota']) + + if ($limit['maxquota'] != 0 && $quota > $limit['maxquota']) { - $rval = false; + return false; # mailbox bigger than maxquota restriction (and maxquota != unlimited) -> not allowed, no more checks needed } else { - $rval = true; + $rval = true; # mailbox size looks OK, but domain level quota could still be hit } # TODO: detailed error message ("domain quota exceeded", "mailbox quota too big" etc.) via flash_error? Or "available quota: xxx MB"? if (!$rval || $CONF['domain_quota'] != 'YES') { return $rval; - } elseif ($limit['quota'] <= 0) { + } elseif ($limit['quota'] <= 0) { # TODO: CHECK - 0 (unlimited) is fine, not sure about <= -1 (disabled)... $rval = true; } else { $table_mailbox = table_by_key('mailbox'); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-05-31 22:52:57
|
Revision: 1066 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1066&view=rev Author: christian_boltz Date: 2011-05-31 22:52:51 +0000 (Tue, 31 May 2011) Log Message: ----------- functions.inc.php: - check_quota(): whitespace changes only Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-05-31 22:50:22 UTC (rev 1065) +++ trunk/functions.inc.php 2011-05-31 22:52:51 UTC (rev 1066) @@ -683,27 +683,21 @@ $rval = false; $limit = get_domain_properties ($domain); - if ($limit['maxquota'] == 0) - { + if ($limit['maxquota'] == 0) { $rval = true; # maxquota unlimited -> OK, but domain level quota could still be hit } - if (($limit['maxquota'] < 0) and ($quota < 0)) - { + if (($limit['maxquota'] < 0) and ($quota < 0)) { return true; # maxquota and $quota are both disabled -> OK, no need for more checks } - if (($limit['maxquota'] > 0) and ($quota == 0)) - { + if (($limit['maxquota'] > 0) and ($quota == 0)) { return false; # mailbox with unlimited quota on a domain with maxquota restriction -> not allowed, no more checks needed } - if ($limit['maxquota'] != 0 && $quota > $limit['maxquota']) - { + if ($limit['maxquota'] != 0 && $quota > $limit['maxquota']) { return false; # mailbox bigger than maxquota restriction (and maxquota != unlimited) -> not allowed, no more checks needed - } - else - { + } else { $rval = true; # mailbox size looks OK, but domain level quota could still be hit } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-06-02 20:51:20
|
Revision: 1067 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1067&view=rev Author: christian_boltz Date: 2011-06-02 20:51:12 +0000 (Thu, 02 Jun 2011) Log Message: ----------- functions.inc.php: - lots of whitespace changes old: foo { new: foo { Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-05-31 22:52:51 UTC (rev 1066) +++ trunk/functions.inc.php 2011-06-02 20:51:12 UTC (rev 1067) @@ -24,8 +24,7 @@ * Call: check_session () * @return String username (e.g. fo...@ex...) */ -function authentication_get_username() -{ +function authentication_get_username() { global $CONF; if (defined('POSTFIXADMIN_CLI')) { @@ -88,8 +87,7 @@ } if($role === 'user') { header("Location: " . $CONF['postfix_admin_url'] . '/users/login.php'); - } - else { + } else { header("Location: " . $CONF['postfix_admin_url'] . "/login.php"); } exit(0); @@ -148,15 +146,13 @@ // Call: check_language // Parameter: $use_post - set to 0 if $_POST should NOT be read // -function check_language ($use_post = 1) -{ +function check_language ($use_post = 1) { global $CONF; global $supported_languages; # from languages/languages.php $lang = $CONF['default_language']; - if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) - { + if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $lang_array = preg_split ('/(\s*,\s*)/', $_SERVER['HTTP_ACCEPT_LANGUAGE']); if (safecookie('lang')) { array_unshift($lang_array, safecookie('lang')); # prefer language from cookie @@ -165,12 +161,10 @@ array_unshift($lang_array, safepost('lang')); # but prefer $_POST['lang'] even more } - for($i = 0; $i < count($lang_array); $i++) - { + for($i = 0; $i < count($lang_array); $i++) { $lang_next = $lang_array[$i]; $lang_next = strtolower(trim($lang_next)); - if(array_key_exists($lang_next, $supported_languages)) - { + if(array_key_exists($lang_next, $supported_languages)) { $lang = $lang_next; break; } @@ -184,8 +178,7 @@ // Action: returns a language selector dropdown with the browser (or cookie) language preselected // Call: language_selector() // -function language_selector() -{ +function language_selector() { global $supported_languages; # from languages/languages.php $current_lang = check_language(); @@ -209,14 +202,10 @@ // Action: checks if a string is valid and returns TRUE if this is the case. // Call: check_string (string var) // -function check_string ($var) -{ - if (preg_match ('/^([A-Za-z0-9 ]+)+$/', $var)) - { +function check_string ($var) { + if (preg_match ('/^([A-Za-z0-9 ]+)+$/', $var)) { return true; - } - else - { + } else { return false; } } @@ -229,34 +218,29 @@ // Call: check_domain (string domain) // // TODO: make check_domain able to handle as example .local domains -function check_domain ($domain) -{ +function check_domain ($domain) { global $CONF; global $PALANG; - if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', ($domain))) - { + if (!preg_match ('/^([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,6}$/i', ($domain))) { flash_error(sprintf($PALANG['pInvalidDomainRegex'], htmlentities($domain))); return false; } - if (isset($CONF['emailcheck_resolve_domain']) && 'YES' == $CONF['emailcheck_resolve_domain'] && 'WINDOWS'!=(strtoupper(substr(php_uname('s'), 0, 7)))) - { + if (isset($CONF['emailcheck_resolve_domain']) && 'YES' == $CONF['emailcheck_resolve_domain'] && 'WINDOWS'!=(strtoupper(substr(php_uname('s'), 0, 7)))) { // Look for an AAAA, A, or MX record for the domain if(function_exists('checkdnsrr')) { // AAAA (IPv6) is only available in PHP v. >= 5 - if (version_compare(phpversion(), "5.0.0", ">=")) - { + if (version_compare(phpversion(), "5.0.0", ">=")) { if (checkdnsrr($domain,'AAAA')) return true; } if (checkdnsrr($domain,'A')) return true; if (checkdnsrr($domain,'MX')) return true; flash_error(sprintf($PALANG['pInvalidDomainDNS'], htmlentities($domain))); return false; - } - else { + } else { flash_error("emailcheck_resolve_domain is enabled, but function (checkdnsrr) missing!"); } } @@ -272,8 +256,7 @@ * @return boolean true if it's an email address, else false. * TODO: make check_email able to handle already added domains */ -function check_email ($email) -{ +function check_email ($email) { global $CONF; global $PALANG; @@ -281,24 +264,21 @@ //strip the vacation domain out if we are using it //and change from blah#fo...@au... to bl...@fo... - if ($CONF['vacation'] == 'YES') - { + if ($CONF['vacation'] == 'YES') { $vacation_domain = $CONF['vacation_domain']; $ce_email = preg_replace("/@$vacation_domain/", '', $ce_email); $ce_email = preg_replace("/#/", '@', $ce_email); } // Perform non-domain-part sanity checks - if (!preg_match ('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '[^@]+$/i', trim ($ce_email))) - { + if (!preg_match ('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '[^@]+$/i', trim ($ce_email))) { flash_error($PALANG['pInvalidMailRegex']); return false; } // Determine domain name $matches=array(); - if (!preg_match('|@(.+)$|',$ce_email,$matches)) - { + if (!preg_match('|@(.+)$|',$ce_email,$matches)) { flash_error($PALANG['pInvalidMailRegex']); return false; } @@ -318,8 +298,7 @@ * @return String (or Array) of cleaned data, suitable for use within an SQL * statement. */ -function escape_string ($string) -{ +function escape_string ($string) { global $CONF; // if the string is actually an array, do a recursive cleaning. // Note, the array keys are not cleaned. @@ -330,36 +309,26 @@ } return $clean; } - if (get_magic_quotes_gpc ()) - { + if (get_magic_quotes_gpc ()) { $string = stripslashes($string); } - if (!is_numeric($string)) - { + if (!is_numeric($string)) { $link = db_connect(); - if ($CONF['database_type'] == "mysql") - { + if ($CONF['database_type'] == "mysql") { $escaped_string = mysql_real_escape_string($string, $link); } - if ($CONF['database_type'] == "mysqli") - { + if ($CONF['database_type'] == "mysqli") { $escaped_string = mysqli_real_escape_string($link, $string); } - if ($CONF['database_type'] == "pgsql") - { + if ($CONF['database_type'] == "pgsql") { // php 5.2+ allows for $link to be specified. - if (version_compare(phpversion(), "5.2.0", ">=")) - { + if (version_compare(phpversion(), "5.2.0", ">=")) { $escaped_string = pg_escape_string($link, $string); - } - else - { + } else { $escaped_string = pg_escape_string($string); } } - } - else - { + } else { $escaped_string = $string; } return $escaped_string; @@ -429,8 +398,7 @@ // Action: Get all the properties of a domain. // Call: get_domain_properties (string domain) // -function get_domain_properties ($domain) -{ +function get_domain_properties ($domain) { global $CONF; global $table_alias, $table_mailbox, $table_domain; $list = array (); @@ -450,8 +418,7 @@ $list['alias_count'] = $list['alias_count'] - $list['mailbox_count']; $query="SELECT * FROM $table_domain WHERE domain='$domain'"; - if ('pgsql'==$CONF['database_type']) - { + if ('pgsql'==$CONF['database_type']) { $query=" SELECT *, EXTRACT(epoch FROM created) AS uts_created, EXTRACT(epoch FROM modified) AS uts_modified FROM $table_domain WHERE domain='$domain' "; } $result = db_query ($query); @@ -467,15 +434,12 @@ $list['modified'] = $row['modified']; $list['active'] = $row['active']; - if ($CONF['database_type'] == "pgsql") - { + if ($CONF['database_type'] == "pgsql") { $list['active']=('t'==$row['active']) ? 1 : 0; $list['backupmx']=('t'==$row['backupmx']) ? 1 : 0; $list['created']= gmstrftime('%c %Z',$row['uts_created']); $list['modified']= gmstrftime('%c %Z',$row['uts_modified']); - } - else - { + } else { $list['active'] = $row['active']; $list['backupmx'] = $row['backupmx']; } @@ -573,13 +537,11 @@ // Action: Get all the properties of a mailbox. // Call: get_mailbox_properties (string mailbox) // -function get_mailbox_properties ($username) -{ +function get_mailbox_properties ($username) { global $CONF; global $table_mailbox; $query="SELECT * FROM $table_mailbox WHERE username='$username'"; - if ('pgsql'==$CONF['database_type']) - { + if ('pgsql'==$CONF['database_type']) { $query=" SELECT *, @@ -599,14 +561,11 @@ $list['modified'] = $row['modified']; $list['active'] = $row['active']; - if ($CONF['database_type'] == "pgsql") - { + if ($CONF['database_type'] == "pgsql") { $list['active']=('t'==$row['active']) ? 1 : 0; $list['created']= gmstrftime('%c %Z',$row['uts_created']); $list['modified']= gmstrftime('%c %Z',$row['uts_modified']); - } - else - { + } else { $list['active'] = $row['active']; } @@ -620,24 +579,18 @@ // Action: Checks if the domain is still able to create aliases. // Call: check_alias (string domain) // -function check_alias ($domain) -{ +function check_alias ($domain) { $limit = get_domain_properties ($domain); - if ($limit['aliases'] == 0) - { + if ($limit['aliases'] == 0) { # 0 = unlimited, -1 = disabled return true; } - if ($limit['aliases'] < 0) - { + if ($limit['aliases'] < 0) { return false; } - if ($limit['alias_count'] >= $limit['aliases']) - { + if ($limit['alias_count'] >= $limit['aliases']) { return false; - } - else - { + } else { return true; } } @@ -649,24 +602,18 @@ // Action: Checks if the domain is still able to create mailboxes. // Call: check_mailbox (string domain) // -function check_mailbox ($domain) -{ +function check_mailbox ($domain) { $limit = get_domain_properties ($domain); /* -1 = disable, 0 = unlimited */ - if ($limit['mailboxes'] == 0) - { + if ($limit['mailboxes'] == 0) { return true; } - if ($limit['mailboxes'] < 0) - { + if ($limit['mailboxes'] < 0) { return false; } - if ($limit['mailbox_count'] >= $limit['mailboxes']) - { + if ($limit['mailbox_count'] >= $limit['mailboxes']) { return false; - } - else - { + } else { return true; } } @@ -732,8 +679,7 @@ // Action: Recalculates the quota from bytes to MBs (multiply, *) // Call: multiply_quota (string $quota) // -function multiply_quota ($quota) -{ +function multiply_quota ($quota) { global $CONF; if ($quota == -1) return $quota; $value = $quota * $CONF['quota_multiplier']; @@ -747,8 +693,7 @@ // Action: Recalculates the quota from MBs to bytes (divide, /) // Call: divide_quota (string $quota) // -function divide_quota ($quota) -{ +function divide_quota ($quota) { global $CONF; if ($quota == -1) return $quota; $value = round($quota / $CONF['quota_multiplier'],2); @@ -762,20 +707,16 @@ // Action: Checks if the admin is the owner of the domain (or global-admin) // Call: check_owner (string admin, string domain) // -function check_owner ($username, $domain) -{ +function check_owner ($username, $domain) { global $table_domain_admins; $result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND (domain='$domain' OR domain='ALL') AND active='1'"); - if ($result['rows'] != 1) - { + if ($result['rows'] != 1) { if ($result['rows'] > 1) { # "ALL" + specific domain permissions. 2.3 doesn't create such entries, but they are available as leftover from older versions flash_error("Permission check returned more than one result. Please go to 'edit admin' for your username and press the save " . "button once to fix the database. If this doesn't help, open a bugreport."); } return false; - } - else - { + } else { return true; } } @@ -787,17 +728,13 @@ // Action: Checks if the admin is the owner of the alias. // Call: check_alias_owner (string admin, string alias) // -function check_alias_owner ($username, $alias) -{ +function check_alias_owner ($username, $alias) { global $CONF; if (authentication_has_role('global-admin')) return true; $tmp = preg_split('/\@/', $alias); - if (($CONF['special_alias_control'] == 'NO') && array_key_exists($tmp[0], $CONF['default_aliases'])) - { + if (($CONF['special_alias_control'] == 'NO') && array_key_exists($tmp[0], $CONF['default_aliases'])) { return false; - } - else - { + } else { return true; } } @@ -808,8 +745,7 @@ * @param String $username * @return array of domain names. */ -function list_domains_for_admin ($username) -{ +function list_domains_for_admin ($username) { global $CONF; global $table_domain, $table_domain_admins; $list = array (); @@ -824,11 +760,9 @@ ORDER BY $table_domain_admins.domain"; $result = db_query ($query); - if ($result['rows'] > 0) - { + if ($result['rows'] > 0) { $i = 0; - while ($row = db_array ($result['result'])) - { + while ($row = db_array ($result['result'])) { $list[$i] = $row['domain']; $i++; } @@ -843,17 +777,14 @@ // Action: List all available domains. // Call: list_domains () // -function list_domains () -{ +function list_domains () { global $table_domain; $list = array(); $result = db_query ("SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain"); - if ($result['rows'] > 0) - { + if ($result['rows'] > 0) { $i = 0; - while ($row = db_array ($result['result'])) - { + while ($row = db_array ($result['result'])) { $list[$i] = $row['domain']; $i++; } @@ -869,15 +800,11 @@ // Action: Checks if the admin already exists. // Call: admin_exist (string admin) // -function admin_exist ($username) -{ +function admin_exist ($username) { $result = db_query ("SELECT 1 FROM " . table_by_key ('admin') . " WHERE username='$username'"); - if ($result['rows'] != 1) - { + if ($result['rows'] != 1) { return false; - } - else - { + } else { return true; } } @@ -889,17 +816,13 @@ // Action: Checks if the domain already exists. // Call: domain_exist (string domain) // -function domain_exist ($domain) -{ +function domain_exist ($domain) { global $table_domain; $result = db_query("SELECT 1 FROM $table_domain WHERE domain='$domain'"); - if ($result['rows'] != 1) - { + if ($result['rows'] != 1) { return false; - } - else - { + } else { return true; } } @@ -913,17 +836,14 @@ // // was admin_list_admins // -function list_admins () -{ +function list_admins () { global $table_admin; $list = ""; $result = db_query ("SELECT username FROM $table_admin ORDER BY username"); - if ($result['rows'] > 0) - { + if ($result['rows'] > 0) { $i = 0; - while ($row = db_array ($result['result'])) - { + while ($row = db_array ($result['result'])) { $list[$i] = $row['username']; $i++; } @@ -938,19 +858,15 @@ // Action: Get all the admin properties. // Call: get_admin_properties (string admin) // -function get_admin_properties ($username) -{ +function get_admin_properties ($username) { global $CONF; global $table_admin, $table_domain_admins; $list = array (); $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$username' AND domain='ALL'"); - if ($result['rows'] == 1) - { + if ($result['rows'] == 1) { $list['domain_count'] = 'ALL'; - } - else - { + } else { $result = db_query ("SELECT COUNT(*) FROM $table_domain_admins WHERE username='$username'"); $row = db_row ($result['result']); $list['domain_count'] = $row[0]; @@ -988,10 +904,8 @@ // Action: Encode a string according to RFC 1522 for use in headers if it contains 8-bit characters. // Call: encode_header (string header, string charset) // -function encode_header ($string, $default_charset = "utf-8") -{ - if (strtolower ($default_charset) == 'iso-8859-1') - { +function encode_header ($string, $default_charset = "utf-8") { + if (strtolower ($default_charset) == 'iso-8859-1') { $string = str_replace ("\240",' ',$string); } @@ -1002,126 +916,103 @@ $iEncStart = $enc_init = false; $cur_l = $iOffset = 0; - for ($i = 0; $i < $j; ++$i) - { - switch ($string{$i}) - { - case '=': - case '<': - case '>': - case ',': - case '?': - case '_': - if ($iEncStart === false) - { - $iEncStart = $i; - } - $cur_l+=3; - if ($cur_l > ($max_l-2)) - { - $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); - $aRet[] = "=?$default_charset?Q?$ret?="; - $iOffset = $i; - $cur_l = 0; - $ret = ''; - $iEncStart = false; - } - else - { - $ret .= sprintf ("=%02X",ord($string{$i})); - } - break; - case '(': - case ')': - if ($iEncStart !== false) - { - $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); - $aRet[] = "=?$default_charset?Q?$ret?="; - $iOffset = $i; - $cur_l = 0; - $ret = ''; - $iEncStart = false; - } - break; - case ' ': - if ($iEncStart !== false) - { - $cur_l++; - if ($cur_l > $max_l) - { + for ($i = 0; $i < $j; ++$i) { + switch ($string{$i}) { + case '=': + case '<': + case '>': + case ',': + case '?': + case '_': + if ($iEncStart === false) { + $iEncStart = $i; + } + $cur_l+=3; + if ($cur_l > ($max_l-2)) { $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); $aRet[] = "=?$default_charset?Q?$ret?="; $iOffset = $i; $cur_l = 0; $ret = ''; $iEncStart = false; + } else { + $ret .= sprintf ("=%02X",ord($string{$i})); } - else - { - $ret .= '_'; - } - } - break; - default: - $k = ord ($string{$i}); - if ($k > 126) - { - if ($iEncStart === false) - { - // do not start encoding in the middle of a string, also take the rest of the word. - $sLeadString = substr ($string,0,$i); - $aLeadString = explode (' ',$sLeadString); - $sToBeEncoded = array_pop ($aLeadString); - $iEncStart = $i - strlen ($sToBeEncoded); - $ret .= $sToBeEncoded; - $cur_l += strlen ($sToBeEncoded); - } - $cur_l += 3; - // first we add the encoded string that reached it's max size - if ($cur_l > ($max_l-2)) - { + break; + case '(': + case ')': + if ($iEncStart !== false) { $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); - $aRet[] = "=?$default_charset?Q?$ret?= "; - $cur_l = 3; - $ret = ''; + $aRet[] = "=?$default_charset?Q?$ret?="; $iOffset = $i; - $iEncStart = $i; + $cur_l = 0; + $ret = ''; + $iEncStart = false; } - $enc_init = true; - $ret .= sprintf ("=%02X", $k); - } - else - { - if ($iEncStart !== false) - { + break; + case ' ': + if ($iEncStart !== false) { $cur_l++; - if ($cur_l > $max_l) - { + if ($cur_l > $max_l) { $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); $aRet[] = "=?$default_charset?Q?$ret?="; - $iEncStart = false; $iOffset = $i; $cur_l = 0; $ret = ''; + $iEncStart = false; + } else { + $ret .= '_'; } - else - { - $ret .= $string{$i}; + } + break; + default: + $k = ord ($string{$i}); + if ($k > 126) { + if ($iEncStart === false) { + // do not start encoding in the middle of a string, also take the rest of the word. + $sLeadString = substr ($string,0,$i); + $aLeadString = explode (' ',$sLeadString); + $sToBeEncoded = array_pop ($aLeadString); + $iEncStart = $i - strlen ($sToBeEncoded); + $ret .= $sToBeEncoded; + $cur_l += strlen ($sToBeEncoded); } + $cur_l += 3; + // first we add the encoded string that reached it's max size + if ($cur_l > ($max_l-2)) { + $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); + $aRet[] = "=?$default_charset?Q?$ret?= "; + $cur_l = 3; + $ret = ''; + $iOffset = $i; + $iEncStart = $i; + } + $enc_init = true; + $ret .= sprintf ("=%02X", $k); + } else { + if ($iEncStart !== false) { + $cur_l++; + if ($cur_l > $max_l) { + $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); + $aRet[] = "=?$default_charset?Q?$ret?="; + $iEncStart = false; + $iOffset = $i; + $cur_l = 0; + $ret = ''; + } else { + $ret .= $string{$i}; + } + } } - } - break; + break; + # end switch } } - if ($enc_init) - { - if ($iEncStart !== false) - { + if ($enc_init) { + if ($iEncStart !== false) { $aRet[] = substr ($string,$iOffset,$iEncStart-$iOffset); $aRet[] = "=?$default_charset?Q?$ret?="; - } - else - { + } else { $aRet[] = substr ($string,$iOffset); } $string = implode ('',$aRet); @@ -1175,8 +1066,7 @@ * @param string $encrypted password * @return string encrypted password. */ -function pacrypt ($pw, $pw_db="") -{ +function pacrypt ($pw, $pw_db="") { global $CONF; $pw = stripslashes($pw); $password = ""; @@ -1198,12 +1088,10 @@ if (preg_match("/\\$1\\$/", $pw_db)) { $split_salt = preg_split ('/\$/', $pw_db); $salt = "\$1\$${split_salt[2]}\$"; - } - else { + } else { if (strlen($pw_db) == 0) { $salt = substr (md5 (mt_rand ()), 0, 2); - } - else { + } else { $salt = substr ($pw_db, 0, 2); } } @@ -1216,8 +1104,7 @@ // See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583 // this is apparently useful for pam_mysql etc. - elseif ($CONF['encrypt'] == 'mysql_encrypt') - { + elseif ($CONF['encrypt'] == 'mysql_encrypt') { if ($pw_db!="") { $salt=substr($pw_db,0,2); $res=db_query("SELECT ENCRYPT('".$pw."','".$salt."');"); @@ -1301,8 +1188,7 @@ // Call: md5crypt (string cleartextpassword) // -function md5crypt ($pw, $salt="", $magic="") -{ +function md5crypt ($pw, $salt="", $magic="") { $MAGIC = "$1$"; if ($magic == "") $magic = $MAGIC; @@ -1314,46 +1200,34 @@ $ctx = $pw . $magic . $salt; $final = hex2bin (md5 ($pw . $salt . $pw)); - for ($i=strlen ($pw); $i>0; $i-=16) - { - if ($i > 16) - { + for ($i=strlen ($pw); $i>0; $i-=16) { + if ($i > 16) { $ctx .= substr ($final,0,16); - } - else - { + } else { $ctx .= substr ($final,0,$i); } } $i = strlen ($pw); - while ($i > 0) - { + while ($i > 0) { if ($i & 1) $ctx .= chr (0); else $ctx .= $pw[0]; $i = $i >> 1; } $final = hex2bin (md5 ($ctx)); - for ($i=0;$i<1000;$i++) - { + for ($i=0;$i<1000;$i++) { $ctx1 = ""; - if ($i & 1) - { + if ($i & 1) { $ctx1 .= $pw; - } - else - { + } else { $ctx1 .= substr ($final,0,16); } if ($i % 3) $ctx1 .= $salt; if ($i % 7) $ctx1 .= $pw; - if ($i & 1) - { + if ($i & 1) { $ctx1 .= substr ($final,0,16); - } - else - { + } else { $ctx1 .= $pw; } $final = hex2bin (md5 ($ctx1)); @@ -1368,31 +1242,26 @@ return "$magic$salt\$$passwd"; } -function create_salt () -{ +function create_salt () { srand ((double) microtime ()*1000000); $salt = substr (md5 (rand (0,9999999)), 0, 8); return $salt; } -function hex2bin ($str) -{ +function hex2bin ($str) { $len = strlen ($str); $nstr = ""; - for ($i=0;$i<$len;$i+=2) - { + for ($i=0;$i<$len;$i+=2) { $num = sscanf (substr ($str,$i,2), "%x"); $nstr.=chr ($num[0]); } return $nstr; } -function to64 ($v, $n) -{ +function to64 ($v, $n) { $ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; $ret = ""; - while (($n - 1) >= 0) - { + while (($n - 1) >= 0) { $n--; $ret .= $ITOA64[$v & 0x3f]; $v = $v >> 6; @@ -1441,12 +1310,9 @@ $fh = @fsockopen ($smtpd_server, $smtpd_port, $errno, $errstr, $timeout); - if (!$fh) - { + if (!$fh) { return false; - } - else - { + } else { $res = smtp_get_response($fh); fputs ($fh, "EHLO $smtp_server\r\n"); $res = smtp_get_response($fh); @@ -1472,11 +1338,9 @@ // Action: Get response from mail server // Call: smtp_get_response (string FileHandle) // -function smtp_get_response ($fh) -{ +function smtp_get_response ($fh) { $res =''; - do -{ + do { $line = fgets($fh, 256); $res .= $line; } @@ -1508,82 +1372,58 @@ * b) with $ignore_errors == TRUE * array($link, $error_text); */ -function db_connect ($ignore_errors = 0) -{ +function db_connect ($ignore_errors = 0) { global $CONF; global $DEBUG_TEXT; if ($ignore_errors != 0) $DEBUG_TEXT = ''; $error_text = ''; $link = 0; - if ($CONF['database_type'] == "mysql") - { - if (function_exists ("mysql_connect")) - { + if ($CONF['database_type'] == "mysql") { + if (function_exists ("mysql_connect")) { $link = @mysql_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or $error_text .= ("<p />DEBUG INFORMATION:<br />Connect: " . mysql_error () . "$DEBUG_TEXT"); if ($link) { @mysql_query("SET CHARACTER SET utf8",$link); @mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'",$link); $succes = @mysql_select_db ($CONF['database_name'], $link) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQL Select Database: " . mysql_error () . "$DEBUG_TEXT"); } - } - else - { + } else { $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 3.x / 4.0 functions not available! (php5-mysql installed?)<br />database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } - } - elseif ($CONF['database_type'] == "mysqli") - { - if (function_exists ("mysqli_connect")) - { + } elseif ($CONF['database_type'] == "mysqli") { + if (function_exists ("mysqli_connect")) { $link = @mysqli_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or $error_text .= ("<p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error () . "$DEBUG_TEXT"); if ($link) { @mysqli_query($link,"SET CHARACTER SET utf8"); @mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'"); $success = @mysqli_select_db ($link, $CONF['database_name']) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error ($link) . "$DEBUG_TEXT"); } - } - else - { + } else { $error_text .= "<p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } - } - elseif ($CONF['database_type'] == "pgsql") - { - if (function_exists ("pg_pconnect")) - { + } elseif ($CONF['database_type'] == "pgsql") { + if (function_exists ("pg_pconnect")) { if(!isset($CONF['database_port'])) { $CONF['database_port'] = '5432'; } $connect_string = "host=" . $CONF['database_host'] . " port=" . $CONF['database_port'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password']; $link = @pg_pconnect ($connect_string) or $error_text .= ("<p />DEBUG INFORMATION:<br />Connect: failed to connect to database. $DEBUG_TEXT"); if ($link) pg_set_client_encoding($link, 'UNICODE'); - } - else - { + } else { $error_text .= "<p />DEBUG INFORMATION:<br />PostgreSQL functions not available! (php5-pgsql installed?)<br />database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } - } - else - { + } else { $error_text = "<p />DEBUG INFORMATION:<br />Invalid \$CONF['database_type']! Please fix your config.inc.php! $DEBUG_TEXT"; } - if ($ignore_errors) - { + if ($ignore_errors) { return array($link, $error_text); - } - elseif ($error_text != "") - { + } elseif ($error_text != "") { print $error_text; die(); - } - elseif ($link) - { + } elseif ($link) { return $link; - } - else - { + } else { print "DEBUG INFORMATION:<br />\n"; print "Connect: Unable to connect to database<br />\n"; print "<br />\n"; @@ -1611,8 +1451,7 @@ return 't'; } return 'f'; - } - elseif($CONF['database_type'] == 'mysql' || $CONF['database_type'] == 'mysqli') { + } elseif($CONF['database_type'] == 'mysql' || $CONF['database_type'] == 'mysqli') { if($bool) { return 1; } @@ -1626,8 +1465,7 @@ // Call: db_query (string query) // Optional parameter: $ignore_errors = TRUE, used by upgrade.php // -function db_query ($query, $ignore_errors = 0) -{ +function db_query ($query, $ignore_errors = 0) { global $CONF; global $DEBUG_TEXT; $result = ""; @@ -1642,23 +1480,19 @@ or $error_text = "<p />DEBUG INFORMATION:<br />Invalid query: " . mysql_error($link) . "$DEBUG_TEXT"; if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query) or $error_text = "<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT"; - if ($CONF['database_type'] == "pgsql") - { + if ($CONF['database_type'] == "pgsql") { $result = @pg_query ($link, $query) or $error_text = "<p />DEBUG INFORMATION:<br />Invalid query: " . pg_last_error() . "$DEBUG_TEXT"; } if ($error_text != "" && $ignore_errors == 0) die($error_text); if ($error_text == "") { - if (preg_match("/^SELECT/i", trim($query))) - { + if (preg_match("/^SELECT/i", trim($query))) { // if $query was a SELECT statement check the number of rows with [database_type]_num_rows (). if ($CONF['database_type'] == "mysql") $number_rows = mysql_num_rows ($result); if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_num_rows ($result); if ($CONF['database_type'] == "pgsql") $number_rows = pg_num_rows ($result); - } - else - { + } else { // if $query was something else, UPDATE, DELETE or INSERT check the number of rows with // [database_type]_affected_rows (). if ($CONF['database_type'] == "mysql") $number_rows = mysql_affected_rows ($link); @@ -1681,8 +1515,7 @@ // Action: Returns a row from a table // Call: db_row (int result) // -function db_row ($result) -{ +function db_row ($result) { global $CONF; $row = ""; if ($CONF['database_type'] == "mysql") $row = mysql_fetch_row ($result); @@ -1697,8 +1530,7 @@ // Action: Returns a row from a table // Call: db_array (int result) // -function db_array ($result) -{ +function db_array ($result) { global $CONF; $row = ""; if ($CONF['database_type'] == "mysql") $row = mysql_fetch_array ($result); @@ -1713,8 +1545,7 @@ // Action: Returns a row from a table // Call: db_assoc(int result) // -function db_assoc ($result) -{ +function db_assoc ($result) { global $CONF; $row = ""; if ($CONF['database_type'] == "mysql") $row = mysql_fetch_assoc ($result); @@ -1730,8 +1561,7 @@ // Action: Deletes a row from a specified table // Call: db_delete (string table, string where, string delete) // -function db_delete ($table,$where,$delete) -{ +function db_delete ($table,$where,$delete) { $table = table_by_key($table); $query = "DELETE FROM $table WHERE " . escape_string($where) . "='" . escape_string($delete) . "'"; $result = db_query ($query); @@ -1753,8 +1583,7 @@ * @param array (optional) - array of fields to set to now() - default: array('created', 'modified') * @return int - number of inserted rows */ -function db_insert ($table, $values, $timestamp = array('created', 'modified') ) -{ +function db_insert ($table, $values, $timestamp = array('created', 'modified') ) { $table = table_by_key ($table); foreach(array_keys($values) as $key) { @@ -1869,8 +1698,7 @@ * 'edit_mailbox_state' * 'edit_password' */ -function db_log ($domain,$action,$data) -{ +function db_log ($domain,$action,$data) { global $CONF; global $table_log; $REMOTE_ADDR = getRemoteAddr(); @@ -1889,8 +1717,7 @@ die("Invalid log action : $action"); // could do with something better? } - if ($CONF['logging'] == 'YES') - { + if ($CONF['logging'] == 'YES') { $logdata = array( 'username' => "$username ($REMOTE_ADDR)", 'domain' => $domain, @@ -1922,8 +1749,7 @@ // Action: Return table name for given key // Call: table_by_key (string table_key) // -function table_by_key ($table_key) -{ +function table_by_key ($table_key) { global $CONF; if (empty($CONF['database_tables'][$table_key])) { $table = $table_key; @@ -1940,10 +1766,8 @@ Called after a mailbox has been created in the DBMS. Returns: boolean. */ -function mailbox_postcreation($username,$domain,$maildir,$quota) -{ - if (empty($username) || empty($domain) || empty($maildir)) - { +function mailbox_postcreation($username,$domain,$maildir,$quota) { + if (empty($username) || empty($domain) || empty($maildir)) { trigger_error('In '.__FUNCTION__.': empty username, domain and/or maildir parameter',E_USER_ERROR); return FALSE; } @@ -1963,8 +1787,7 @@ $output=array(); $firstline=''; $firstline=exec($command,$output,$retval); - if (0!=$retval) - { + if (0!=$retval) { error_log("Running $command yielded return value=$retval, first line of output=$firstline"); print '<p>WARNING: Problems running mailbox postcreation script!</p>'; return FALSE; @@ -1977,10 +1800,8 @@ Called after a mailbox has been altered in the DBMS. Returns: boolean. */ -function mailbox_postedit($username,$domain,$maildir,$quota) -{ - if (empty($username) || empty($domain) || empty($maildir)) - { +function mailbox_postedit($username,$domain,$maildir,$quota) { + if (empty($username) || empty($domain) || empty($maildir)) { trigger_error('In '.__FUNCTION__.': empty username, domain and/or maildir parameter',E_USER_ERROR); return FALSE; } @@ -2000,8 +1821,7 @@ $output=array(); $firstline=''; $firstline=exec($command,$output,$retval); - if (0!=$retval) - { + if (0!=$retval) { error_log("Running $command yielded return value=$retval, first line of output=$firstline"); print '<p>WARNING: Problems running mailbox postedit script!</p>'; return FALSE; @@ -2015,18 +1835,15 @@ Called after a mailbox has been deleted in the DBMS. Returns: boolean. */ -function mailbox_postdeletion($username,$domain) -{ +function mailbox_postdeletion($username,$domain) { global $CONF; $confpar='mailbox_postdeletion_script'; - if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) - { + if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) { return true; } - if (empty($username) || empty($domain)) - { + if (empty($username) || empty($domain)) { print '<p>Warning: empty username and/or domain parameter.</p>'; return false; } @@ -2038,8 +1855,7 @@ $output=array(); $firstline=''; $firstline=exec($command,$output,$retval); - if (0!=$retval) - { + if (0!=$retval) { error_log("Running $command yielded return value=$retval, first line of output=$firstline"); print '<p>WARNING: Problems running mailbox postdeletion script!</p>'; return FALSE; @@ -2052,18 +1868,15 @@ Called after a domain has been added in the DBMS. Returns: boolean. */ -function domain_postcreation($domain) -{ +function domain_postcreation($domain) { global $CONF; $confpar='domain_postcreation_script'; - if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) - { + if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) { return true; } - if (empty($domain)) - { + if (empty($domain)) { print '<p>Warning: empty domain parameter.</p>'; return false; } @@ -2074,8 +1887,7 @@ $output=array(); $firstline=''; $firstline=exec($command,$output,$retval); - if (0!=$retval) - { + if (0!=$retval) { error_log("Running $command yielded return value=$retval, first line of output=$firstline"); print '<p>WARNING: Problems running domain postcreation script!</p>'; return FALSE; @@ -2088,18 +1900,15 @@ Called after a domain has been deleted in the DBMS. Returns: boolean. */ -function domain_postdeletion($domain) -{ +function domain_postdeletion($domain) { global $CONF; $confpar='domain_postdeletion_script'; - if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) - { + if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) { return true; } - if (empty($domain)) - { + if (empty($domain)) { print '<p>Warning: empty domain parameter.</p>'; return false; } @@ -2110,8 +1919,7 @@ $output=array(); $firstline=''; $firstline=exec($command,$output,$retval); - if (0!=$retval) - { + if (0!=$retval) { error_log("Running $command yielded return value=$retval, first line of output=$firstline"); print '<p>WARNING: Problems running domain postdeletion script!</p>'; return FALSE; @@ -2124,18 +1932,15 @@ Called after an alias_domain has been deleted in the DBMS. Returns: boolean. */ -function alias_domain_postdeletion($alias_domain) -{ +function alias_domain_postdeletion($alias_domain) { global $CONF; $confpar='alias_domain_postdeletion_script'; - if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) - { + if (!isset($CONF[$confpar]) || empty($CONF[$confpar])) { return true; } - if (empty($alias_domain)) - { + if (empty($alias_domain)) { print '<p>Warning: empty alias_domain parameter.</p>'; return false; } @@ -2146,8 +1951,7 @@ $output=array(); $firstline=''; $firstline=exec($command,$output,$retval); - if (0!=$retval) - { + if (0!=$retval) { error_log("Running $command yielded return value=$retval, first line of output=$firstline"); print '<p>WARNING: Problems running alias_domain postdeletion script!</p>'; return FALSE; @@ -2173,26 +1977,22 @@ Doesn't clean up, if only some of the folders could be created. */ -function create_mailbox_subfolders($login,$cleartext_password) -{ +function create_mailbox_subfolders($login,$cleartext_password) { global $CONF; - if (empty($login)) - { + if (empty($login)) { trigger_error('In '.__FUNCTION__.': empty $login',E_USER_ERROR); return FALSE; } if (!isset($CONF['create_mailbox_subdirs']) || empty($CONF['create_mailbox_subdirs'])) return TRUE; - if (!is_array($CONF['create_mailbox_subdirs'])) - { + if (!is_array($CONF['create_mailbox_subdirs'])) { trigger_error('create_mailbox_subdirs must be an array',E_USER_ERROR); return FALSE; } - if (!isset($CONF['create_mailbox_subdirs_host']) || empty($CONF['create_mailbox_subdirs_host'])) - { + if (!isset($CONF['create_mailbox_subdirs_host']) || empty($CONF['create_mailbox_subdirs_host'])) { trigger_error('An IMAP/POP server host ($CONF["create_mailbox_subdirs_host"]) must be configured, if sub-folders are to be created',E_USER_ERROR); return FALSE; } @@ -2205,23 +2005,19 @@ if ( isset($CONF['create_mailbox_subdirs_hostoptions']) && !empty($CONF['create_mailbox_subdirs_hostoptions']) - ) { - if (!is_array($CONF['create_mailbox_subdirs_hostoptions'])) - { - trigger_error('The $CONF["create_mailbox_subdirs_hostoptions"] parameter must be an array',E_USER_ERROR); - return FALSE; - } - foreach ($CONF['create_mailbox_subdirs_hostoptions'] as $o) - { - $s_options.='/'.$o; - } - } + ) { + if (!is_array($CONF['create_mailbox_subdirs_hostoptions'])) { + trigger_error('The $CONF["create_mailbox_subdirs_hostoptions"] parameter must be an array',E_USER_ERROR); + return FALSE; + } + foreach ($CONF['create_mailbox_subdirs_hostoptions'] as $o) { + $s_options.='/'.$o; + } + } - if (isset($CONF['create_mailbox_subdirs_hostport']) && !empty($CONF['create_mailbox_subdirs_hostport'])) - { + if (isset($CONF['create_mailbox_subdirs_hostport']) && !empty($CONF['create_mailbox_subdirs_hostport'])) { $s_port=$CONF['create_mailbox_subdirs_hostport']; - if (intval($s_port)!=$s_port) - { + if (intval($s_port)!=$s_port) { trigger_error('The $CONF["create_mailbox_subdirs_hostport"] parameter must be an integer',E_USER_ERROR); return FALSE; } @@ -2233,14 +2029,12 @@ sleep(1); # give the mail triggering the mailbox creation a chance to do its job $i=@imap_open($s,$login,$cleartext_password); - if (FALSE==$i) - { + if (FALSE==$i) { error_log('Could not log into IMAP/POP server: '.imap_last_error()); return FALSE; } - foreach($CONF['create_mailbox_subdirs'] as $f) - { + foreach($CONF['create_mailbox_subdirs'] as $f) { $f='{'.$s_host.'}'.$s_prefix.$f; $res=imap_createmailbox($i,$f); if (!$res) { @@ -2263,30 +2057,26 @@ // addresses list in show_custom_domains // Call: gen_show_status (string alias_address) // -function gen_show_status ($show_alias) -{ +function gen_show_status ($show_alias) { global $CONF, $table_alias; $stat_string = ""; $stat_goto = ""; $stat_result = db_query ("SELECT goto FROM $table_alias WHERE address='$show_alias'"); - if ($stat_result['rows'] > 0) - { + if ($stat_result['rows'] > 0) { $row = db_row ($stat_result['result']); $stat_goto = $row[0]; } // UNDELIVERABLE CHECK - if ( $CONF['show_undeliverable'] == 'YES' ) - { + if ( $CONF['show_undeliverable'] == 'YES' ) { $gotos=array(); $gotos=explode(',',$stat_goto); $undel_string=""; //make sure this alias goes somewhere known $stat_ok = 1; - while ( ($g=array_pop($gotos)) && $stat_ok ) - { + while ( ($g=array_pop($gotos)) && $stat_ok ) { $stat_catchall = substr($g,strpos($g,"@")); $stat_delimiter = ""; if (!empty($CONF['recipient_delimiter'])) { @@ -2295,48 +2085,37 @@ $stat_delimiter = "OR address = '$stat_delimiter'"; } $stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '$stat_catchall' $stat_delimiter"); - if ($stat_result['rows'] == 0) - { + if ($stat_result['rows'] == 0) { $stat_ok = 0; } - if ( $stat_ok == 0 ) - { + if ( $stat_ok == 0 ) { $stat_domain = substr($g,strpos($g,"@")+1); $stat_vacdomain = substr($stat_domain,strpos($stat_domain,"@")+1); - if ( $stat_vacdomain == $CONF['vacation_domain'] ) - { + if ( $stat_vacdomain == $CONF['vacation_domain'] ) { $stat_ok = 1; break; } - for ($i=0; $i < sizeof($CONF['show_undeliverable_exceptions']);$i++) - { - if ( $stat_domain == $CONF['show_undeliverable_exceptions'][$i] ) - { + for ($i=0; $i < sizeof($CONF['show_undeliverable_exceptions']);$i++) { + if ( $stat_domain == $CONF['show_undeliverable_exceptions'][$i] ) { $stat_ok = 1; break; } } } } // while - if ( $stat_ok == 0 ) - { + if ( $stat_ok == 0 ) { $stat_string .= "<span style='background-color:" . $CONF['show_undeliverable_color'] . "'>" . $CONF['show_status_text'] . "</span> "; - } - else - { + } else { $stat_string .= $CONF['show_status_text'] . " "; } - } - else - { + } else { $stat_string .= $CONF['show_status_text'] . " "; } // POP/IMAP CHECK - if ( $CONF['show_popimap'] == 'YES' ) - { + if ( $CONF['show_popimap'] == 'YES' ) { $stat_delimiter = ""; if (!empty($CONF['recipient_delimiter'])) { $delimiter = preg_quote($CONF['recipient_delimiter'], "/"); @@ -2345,35 +2124,25 @@ } //if the address passed in appears in its own goto field, its POP/IMAP - if ( preg_match ('/,' . $show_alias . ',/', ',' . $stat_goto . $stat_delimiter . ',') ) - { + if ( preg_match ('/,' . $show_alias . ',/', ',' . $stat_goto . $stat_delimiter . ',') ) { $stat_string .= "<span style='background-color:" . $CONF['show_popimap_color'] . "'>" . $CONF['show_status_text'] . "</span> "; - } - else - { + } else { $stat_string .= $CONF['show_status_text'] . " "; } } // CUSTOM DESTINATION CHECK - if ( count($CONF['show_custom_domains']) > 0 ) - { - for ($i = 0; $i < sizeof ($CONF['show_custom_domains']); $i++) - { - if (preg_match ('/^.*' . $CONF['show_custom_domains'][$i] . '.*$/', $stat_goto)) - { + if ( count($CONF['show_custom_domains']) > 0 ) { + for ($i = 0; $i < sizeof ($CONF['show_custom_domains']); $i++) { + if (preg_match ('/^.*' . $CONF['show_custom_domains'][$i] . '.*$/', $stat_goto)) { $stat_string .= "<span style='background-color:" . $CONF['show_custom_colors'][$i] . "'>" . $CONF['show_status_text'] . "</span> "; - } - else - { + } else { $stat_string .= $CONF['show_status_text'] . " "; } } - } - else - { + } else { $stat_string .= "; "; } @@ -2394,8 +2163,7 @@ ) */ -function create_admin($fUsername, $fPassword, $fPassword2, $fDomains, $no_generate_password=0) -{ +function create_admin($fUsername, $fPassword, $fPassword2, $fDomains, $no_generate_password=0) { global $PALANG; global $CONF; $error = 0; @@ -2403,65 +2171,47 @@ $pAdminCreate_admin_username_text = ''; $pAdminCreate_admin_password_text = ''; - if (!check_email ($fUsername)) - { + if (!check_email ($fUsername)) { $error = 1; $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error1']; } - if (empty ($fUsername) or admin_exist ($fUsername)) - { + if (empty ($fUsername) or admin_exist ($fUsername)) { $error = 1; $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error2']; } - if (empty ($fPassword) or empty ($fPassword2) or ($fPassword != $fPassword2)) - { - if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES" && $no_generate_password == 0) - { + if (empty ($fPassword) or empty ($fPassword2) or ($fPassword != $fPassword2)) { + if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES" && $no_generate_password == 0) { $fPassword = generate_password (); - } - else - { + } else { $error = 1; $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; $pAdminCreate_admin_password_text = $PALANG['pAdminCreate_admin_password_text_error']; } } - if ($error != 1) - { + if ($error != 1) { $password = pacrypt($fPassword); $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())"); - if ($result['rows'] != 1) - { + if ($result['rows'] != 1) { $tMessage = $PALANG['pAdminCreate_admin_result_error'] . "<br />($fUsername)<br />"; - } - else - { - if (!empty ($fDomains[0])) - { - for ($i = 0; $i < sizeof ($fDomains); $i++) - { + } else { + if (!empty ($fDomains[0])) { + for ($i = 0; $i < sizeof ($fDomains); $i++) { $domain = $fDomains[$i]; $result = db_query ("INSERT INTO " . table_by_key ('domain_admins') . " (username,domain,created) VALUES ('$fUsername','$domain',NOW())"); } } $tMessage = $PALANG['pAdminCreate_admin_result_success'] . "<br />($fUsername"; - if ($CONF['generate_password'] == "YES" && $no_generate_password == 0) - { + if ($CONF['generate_password'] == "YES" && $no_generate_password == 0) { $tMessage .= " / $fPassword)</br />"; - } - else - { - if ($CONF['show_password'] == "YES" && $no_generate_password == 0) - { + } else { + if ($CONF['show_password'] == "YES" && $no_generate_password == 0) { $tMessage .= " / $fPassword)</br />"; - } - else - { + } else { $tMessage .= ")</br />"; } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-06-02 22:53:46
|
Revision: 1068 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1068&view=rev Author: christian_boltz Date: 2011-06-02 22:53:40 +0000 (Thu, 02 Jun 2011) Log Message: ----------- functions.inc.php - gen_show_status(): don't show vacation_domain as undeliverable + various code cleanup - don't show the vacation domain as undeliverable In theory this should already have worked already, but $stat_vacdomain missed the first letter of the domain ("xample.com" instead of "example.com") which broke it. Fixed by using $stat_domain, which has the same content anyway. This fixes part (2) of https://sourceforge.net/tracker/?func=detail&aid=1951926&group_id=191583&atid=937967 - generate the regex for $CONF[recipient_delimiter] at the start of the function. Besides saving some CPU cycles, this makes the code more readable. - generate $stat_domain earlier and in a regex-free way - drop $stat_catchall - it's nothing else than @ + $stat_domain - use in_array() to check $CONF[show_undeliverable_exceptions] instead of a while loop Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-06-02 20:51:12 UTC (rev 1067) +++ trunk/functions.inc.php 2011-06-02 22:53:40 UTC (rev 1068) @@ -2068,6 +2068,11 @@ $stat_goto = $row[0]; } + if (!empty($CONF['recipient_delimiter'])) { + $delimiter = preg_quote($CONF['recipient_delimiter'], "/"); + $delimiter_regex = '/' .$delimiter. '[^' .$delimiter. '@]*@/'; + } + // UNDELIVERABLE CHECK if ( $CONF['show_undeliverable'] == 'YES' ) { $gotos=array(); @@ -2077,30 +2082,20 @@ //make sure this alias goes somewhere known $stat_ok = 1; while ( ($g=array_pop($gotos)) && $stat_ok ) { - $stat_catchall = substr($g,strpos($g,"@")); + list(/*NULL*/,$stat_domain) = explode('@',$g); $stat_delimiter = ""; if (!empty($CONF['recipient_delimiter'])) { - $delimiter = preg_quote($CONF['recipient_delimiter'], "/"); - $stat_delimiter = preg_replace('/' .$delimiter. '[^' .$delimiter. ']*@/', "@", $g); - $stat_delimiter = "OR address = '$stat_delimiter'"; + $stat_delimiter = "OR address = '" . preg_replace($delimiter_regex, "@", $g) . "'"; } - $stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '$stat_catchall' $stat_delimiter"); + $stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '@$stat_domain' $stat_delimiter"); if ($stat_result['rows'] == 0) { $stat_ok = 0; } if ( $stat_ok == 0 ) { - $stat_domain = substr($g,strpos($g,"@")+1); - $stat_vacdomain = substr($stat_domain,strpos($stat_domain,"@")+1); - if ( $stat_vacdomain == $CONF['vacation_domain'] ) { + if ( $stat_domain == $CONF['vacation_domain'] || in_array($stat_domain, $CONF['show_undeliverable_exceptions']) ) { $stat_ok = 1; break; } - for ($i=0; $i < sizeof($CONF['show_undeliverable_exceptions']);$i++) { - if ( $stat_domain == $CONF['show_undeliverable_exceptions'][$i] ) { - $stat_ok = 1; - break; - } - } } } // while if ( $stat_ok == 0 ) { @@ -2118,12 +2113,11 @@ if ( $CONF['show_popimap'] == 'YES' ) { $stat_delimiter = ""; if (!empty($CONF['recipient_delimiter'])) { - $delimiter = preg_quote($CONF['recipient_delimiter'], "/"); - $stat_delimiter = preg_replace('/' .$delimiter. '[^' .$delimiter. '@]*@/', "@", $stat_goto); - $stat_delimiter = ',' . $stat_delimiter; + $stat_delimiter = ',' . preg_replace($delimiter_regex, "@", $stat_goto); } //if the address passed in appears in its own goto field, its POP/IMAP + # TODO: or not (might also be an alias loop) -> check mailbox table! if ( preg_match ('/,' . $show_alias . ',/', ',' . $stat_goto . $stat_delimiter . ',') ) { $stat_string .= "<span style='background-color:" . $CONF['show_popimap_color'] . "'>" . $CONF['show_status_text'] . "</span> "; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-06-05 20:23:10
|
Revision: 1071 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1071&view=rev Author: christian_boltz Date: 2011-06-05 20:23:04 +0000 (Sun, 05 Jun 2011) Log Message: ----------- functions.inc.php - pacrypt(): - if dovecotpw does not give the expected output, read stderr and write it to error_log() This would have made the debugging session I just had with makomi on IRC about an hour shorter ;-) Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-06-02 23:42:06 UTC (rev 1070) +++ trunk/functions.inc.php 2011-06-05 20:23:04 UTC (rev 1071) @@ -1150,7 +1150,8 @@ # Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table $spec = array( 0 => array("pipe", "r"), // stdin - 1 => array("pipe", "w") // stdout + 1 => array("pipe", "w"), // stdout + 2 => array("pipe", "w"), // stderr ); $pipe = proc_open("$dovecotpw '-s' $method", $spec, $pipes); @@ -1166,10 +1167,18 @@ // Read hash from pipe stdout $password = fread($pipes[1], "200"); - fclose($pipes[1]); + + if ( !preg_match('/^\{' . $method . '\}/', $password)) { + $stderr_output = stream_get_contents($pipes[2]); + error_log('dovecotpw password encryption failed.'); + error_log('STDERR output: ' . $stderr_output); + die("can't encrypt password with dovecotpw, see error log for details"); + } + + fclose($pipes[1]); + fclose($pipes[2]); proc_close($pipe); - if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); } $password = trim(str_replace('{' . $method . '}', '', $password)); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-07-21 22:47:59
|
Revision: 1103 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1103&view=rev Author: christian_boltz Date: 2011-07-21 22:47:53 +0000 (Thu, 21 Jul 2011) Log Message: ----------- functions.inc.php: - create_admin(): - renamed some internal variables - removed a variable setting that was always overwritten in the next line - disabled setting a var to $PALANG['pAdminCreate_admin_username_text'] This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF), https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-07-21 22:20:25 UTC (rev 1102) +++ trunk/functions.inc.php 2011-07-21 22:47:53 UTC (rev 1103) @@ -2179,18 +2179,18 @@ global $PALANG; global $CONF; $error = 0; - $tMessage = ''; - $pAdminCreate_admin_username_text = ''; - $pAdminCreate_admin_password_text = ''; + $pAdminCreate_admin_message = ''; + $pAdminCreate_admin_username_text_error = ''; + $pAdminCreate_admin_password_text_error = ''; if (!check_email ($fUsername)) { $error = 1; - $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error1']; + $pAdminCreate_admin_username_text_error = $PALANG['pAdminCreate_admin_username_text_error1']; } if (empty ($fUsername) or admin_exist ($fUsername)) { $error = 1; - $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error2']; + $pAdminCreate_admin_username_text_error = $PALANG['pAdminCreate_admin_username_text_error2']; } if (empty ($fPassword) or empty ($fPassword2) or ($fPassword != $fPassword2)) { @@ -2198,18 +2198,17 @@ $fPassword = generate_password (); } else { $error = 1; - $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; - $pAdminCreate_admin_password_text = $PALANG['pAdminCreate_admin_password_text_error']; + $pAdminCreate_admin_password_text_error = $PALANG['pAdminCreate_admin_password_text_error']; } } if ($error != 1) { $password = pacrypt($fPassword); - $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; + // $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())"); if ($result['rows'] != 1) { - $tMessage = $PALANG['pAdminCreate_admin_result_error'] . "<br />($fUsername)<br />"; + $pAdminCreate_admin_message = $PALANG['pAdminCreate_admin_result_error'] . "<br />($fUsername)<br />"; } else { if (!empty ($fDomains[0])) { for ($i = 0; $i < sizeof ($fDomains); $i++) { @@ -2217,14 +2216,14 @@ $result = db_query ("INSERT INTO " . table_by_key ('domain_admins') . " (username,domain,created) VALUES ('$fUsername','$domain',NOW())"); } } - $tMessage = $PALANG['pAdminCreate_admin_result_success'] . "<br />($fUsername"; + $pAdminCreate_admin_message = $PALANG['pAdminCreate_admin_result_success'] . "<br />($fUsername"; if ($CONF['generate_password'] == "YES" && $no_generate_password == 0) { - $tMessage .= " / $fPassword)</br />"; + $pAdminCreate_admin_message .= " / $fPassword)</br />"; } else { if ($CONF['show_password'] == "YES" && $no_generate_password == 0) { - $tMessage .= " / $fPassword)</br />"; + $pAdminCreate_admin_message .= " / $fPassword)</br />"; } else { - $tMessage .= ")</br />"; + $pAdminCreate_admin_message .= ")</br />"; } } } @@ -2236,9 +2235,9 @@ return array( $error, - $tMessage, - $pAdminCreate_admin_username_text, - $pAdminCreate_admin_password_text + $pAdminCreate_admin_message, + $pAdminCreate_admin_username_text_error, + $pAdminCreate_admin_password_text_error ); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-07-22 20:17:23
|
Revision: 1106 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1106&view=rev Author: christian_boltz Date: 2011-07-22 20:17:17 +0000 (Fri, 22 Jul 2011) Log Message: ----------- functions.inc.php - changed array item name in comment for create_admin() This commit is part of the huge cleanup patch by Dale Blount (lnxus@SF), https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3370510&group_id=191583 Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-07-22 19:56:04 UTC (rev 1105) +++ trunk/functions.inc.php 2011-07-22 20:17:17 UTC (rev 1106) @@ -2169,7 +2169,7 @@ Returns: array( 'error' => 0, # 0 on success, otherwise > 0 - 'tMessage' => '', # success / failure message + 'pAdminCreate_admin_message' => '', # success / failure message 'pAdminCreate_admin_username_text' => '', # help text / error message for username 'pAdminCreate_admin_password_text' => '' # error message for username ) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2011-08-21 20:58:26
|
Revision: 1171 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1171&view=rev Author: christian_boltz Date: 2011-08-21 20:58:20 +0000 (Sun, 21 Aug 2011) Log Message: ----------- functions.inc.php - check_owner(): - escape_string() $username and $domain to prevent SQL injections - add a TODO Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-08-21 20:11:14 UTC (rev 1170) +++ trunk/functions.inc.php 2011-08-21 20:58:20 UTC (rev 1171) @@ -764,7 +764,9 @@ // function check_owner ($username, $domain) { global $table_domain_admins; - $result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND (domain='$domain' OR domain='ALL') AND active='1'"); + $E_username = escape_string($username); + $E_domain = escape_string($domain); + $result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$E_username' AND (domain='$E_domain' OR domain='ALL') AND active='1'"); if ($result['rows'] != 1) { if ($result['rows'] > 1) { # "ALL" + specific domain permissions. 2.3 doesn't create such entries, but they are available as leftover from older versions flash_error("Permission check returned more than one result. Please go to 'edit admin' for your username and press the save " @@ -773,6 +775,7 @@ return false; } else { return true; + # TODO: if superadmin, check if given domain exists in the database } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |