SF.net SVN: postfixadmin: [117] trunk/edit-mailbox.php
Brought to you by:
christian_boltz,
gingerdog
From: <Gin...@us...> - 2007-10-02 13:37:39
|
Revision: 117 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=117&view=rev Author: GingerDog Date: 2007-10-02 06:37:42 -0700 (Tue, 02 Oct 2007) Log Message: ----------- edit-mailbox.php; try and make it work properly Modified Paths: -------------- trunk/edit-mailbox.php Modified: trunk/edit-mailbox.php =================================================================== --- trunk/edit-mailbox.php 2007-10-02 12:49:56 UTC (rev 116) +++ trunk/edit-mailbox.php 2007-10-02 13:37:42 UTC (rev 117) @@ -38,6 +38,10 @@ authentication_require_role('admin'); $SESSID_USERNAME = authentication_get_username(); +$fUsername = 'x'; +$fDomain = 'y'; +$error = 0; + if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']); $fUsername = strtolower ($fUsername); if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']); @@ -45,33 +49,40 @@ $pEdit_mailbox_name_text = $PALANG['pEdit_mailbox_name_text']; $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text']; +$result = db_query("SELECT * FROM $table_mailbox WHERE username = '$fUsername' AND domain = '$fDomain'"); +if($result['rows'] != 1) { + die("Invalid username chosen; user does not exist in mailbox table"); +} + +if (!(check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) ) +{ + $error = 1; + $tName = $fName; + $tQuota = $fQuota; + $tActive = $fActive; + $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "$fDomain</font>"; // XXX ergh; why is a closing font tag here? +} + +$user_details = db_array($result['result']); + if ($_SERVER['REQUEST_METHOD'] == "GET") { - if (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) + if (check_owner($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) { - $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fUsername' AND domain='$fDomain'"); - if ($result['rows'] == 1) - { - $row = db_array ($result['result']); - $tName = $row['name']; - $tQuota = divide_quota($row['quota']); - $tActive = $row['active']; - if ('pgsql'==$CONF['database_type']) { - $tActive = ('t'==$row['active']) ? 1 : 0; - } + $tName = $user_details['name']; + $tQuota = divide_quota($user_details['quota']); + $tActive = $user_details['active']; + if ('pgsql'==$CONF['database_type']) { + $tActive = ('t'==$user_details['active']) ? 1 : 0; } $result = db_query ("SELECT * FROM $table_domain WHERE domain='$fDomain'"); if ($result['rows'] == 1) { - $row = db_array ($result['result']); - $tMaxquota = $row['maxquota']; + $row = db_array ($result['result']); + $tMaxquota = $row['maxquota']; } } - else - { - $tMessage = $PALANG['pEdit_mailbox_login_error']; - } } if ($_SERVER['REQUEST_METHOD'] == "POST") @@ -82,22 +93,15 @@ if (isset ($_POST['fQuota'])) $fQuota = intval ($_POST['fQuota']); if (isset ($_POST['fActive'])) $fActive = escape_string ($_POST['fActive']); - if (! (check_owner ($SESSID_USERNAME, $fDomain) || authentication_has_role('global-admin')) ) - { - $error = 1; - $tName = $fName; - $tQuota = $fQuota; - $tActive = $fActive; - $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "$fDomain</font>"; - } - if ($fPassword != $fPassword2) - { - $error = 1; - $tName = $fName; - $tQuota = $fQuota; - $tActive = $fActive; - $pEdit_mailbox_password_text = $PALANG['pEdit_mailbox_password_text_error']; + if($fPassword != $user_details['password']){ + if($fPassword == $fPassword2) { + $fPassword = pacrypt($fPassword); + } + else { + flash_error($PALANG['pEdit_mailbox_password_text_error']); + $error = 1; + } } if ($CONF['quota'] == "YES") @@ -111,7 +115,6 @@ $pEdit_mailbox_quota_text = $PALANG['pEdit_mailbox_quota_text_error']; } } - if ($error != 1) { if (!empty ($fQuota)) @@ -125,35 +128,20 @@ if ($fActive == "on") { + $sqlActive = db_get_boolean(True); $fActive = 1; } else { + $sqlActive = db_get_boolean(False); $fActive = 0; } - $sqlActive=$fActive; - if ('pgsql'==$CONF['database_type']) { - $sqlActive=($fActive) ? 'true':'false'; - } - if (empty ($fPassword) and empty ($fPassword2)) - { - $result = db_query ("UPDATE $table_mailbox SET name='$fName',quota=$quota,modified=NOW(),active=$sqlActive WHERE username='$fUsername' AND domain='$fDomain'"); - if ($result['rows'] == 1) $result = db_query ("UPDATE $table_alias SET modified=NOW(),active='$sqlActive' WHERE address='$fUsername' AND domain='$fDomain'"); - } - else - { - $password = pacrypt ($fPassword); - $result = db_query ("UPDATE $table_mailbox SET password='$password',name='$fName',quota=$quota,modified=NOW(),active=$sqlActive WHERE username='$fUsername' AND domain='$fDomain'"); - if ($result['rows'] == 1) $result = db_query ("UPDATE $table_alias SET modified=NOW(),active='$sqlActive' WHERE address='$fUsername' AND domain='$fDomain'"); - } - - if ($result['rows'] != 1) - { + $result = db_query ("UPDATE $table_mailbox SET name='$fName',password='$fPassword',quota=$quota,modified=NOW(),active=$sqlActive WHERE username='$fUsername' AND domain='$fDomain'"); + if ($result['rows'] != 1) { $tMessage = $PALANG['pEdit_mailbox_result_error']; } - else - { + else { db_log ($SESSID_USERNAME, $fDomain, 'edit_mailbox', $fUsername); if (authentication_has_role('global-admin')) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |