SF.net SVN: postfixadmin:[627] branches/postfixadmin-smarty
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
SF.net SVN: postfixadmin:[627] branches/postfixadmin-smarty
|
From: <Seb...@us...> - 2009-04-12 09:39:40
|
Revision: 627
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=627&view=rev
Author: Sebastian2009
Date: 2009-04-12 09:39:36 +0000 (Sun, 12 Apr 2009)
Log Message:
-----------
get in sync with mainline.
Modified Paths:
--------------
branches/postfixadmin-smarty/ADDITIONS/fetchmail.pl
branches/postfixadmin-smarty/DOCUMENTS/POSTFIX_CONF.txt
branches/postfixadmin-smarty/common.php
branches/postfixadmin-smarty/config.inc.php
branches/postfixadmin-smarty/create-mailbox.php
branches/postfixadmin-smarty/edit-alias.php
branches/postfixadmin-smarty/login.php
branches/postfixadmin-smarty/model/AliasHandler.php
branches/postfixadmin-smarty/model/UserHandler.php
branches/postfixadmin-smarty/setup.php
branches/postfixadmin-smarty/xmlrpc.php
Modified: branches/postfixadmin-smarty/ADDITIONS/fetchmail.pl
===================================================================
--- branches/postfixadmin-smarty/ADDITIONS/fetchmail.pl 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/ADDITIONS/fetchmail.pl 2009-04-12 09:39:36 UTC (rev 627)
@@ -8,6 +8,35 @@
# require liblockfile-simple-perl
use LockFile::Simple qw(lock trylock unlock);
+######################################################################
+########## Change the following variables to fit your needs ##########
+
+# database settings
+
+# database backend - uncomment one of these
+our $db_type = 'Pg';
+#my $db_type = 'mysql';
+
+# host name
+our $db_host="127.0.0.1";
+# database name
+our $db_name="postfix";
+# database username
+our $db_username="mail";
+# database password
+our $db_password="CHANGE_ME!";
+
+# instead of changing this script, you can put your settings to /etc/mail/postfixadmin/fetchmail.conf
+# just use perl syntax there to fill the variables listed above (without the "our" keyword). Example:
+# $db_username = 'mail';
+if (-f "/etc/mail/postfixadmin/fetchmail.conf") {
+ require "/etc/mail/postfixadmin/fetchmail.conf";
+}
+
+
+#################### Don't change anything below! ####################
+######################################################################
+
openlog("fetchmail-all", "pid", "mail");
sub log_and_die {
@@ -30,11 +59,6 @@
}
}
-# mysql settings
-$database="mailadmin";
-$hostname="127.0.0.1";
-$user="mail";
-
$run_dir="/var/run/fetchmail";
# use specified config file
@@ -42,26 +66,37 @@
do $configfile;
}
-$dsn = "DBI:mysql:database=$database;host=$hostname";
+if($db_type eq "Pg" || $db_type eq "mysql") {
+ $dsn = "DBI:$db_type:database=$db_name;host=$db_host";
+} else {
+ log_and_die "unsupported db_type $db_type";
+}
+
$lock_file=$run_dir . "/fetchmail-all.lock";
$lockmgr = LockFile::Simple->make(-autoclean => 1, -max => 1);
$lockmgr->lock($lock_file) || log_and_die "can't lock ${lock_file}";
-#mysql connect
-$dbh = DBI->connect($dsn, $user, $password) || log_and_die "cannot connect the database";
+# database connect
+$dbh = DBI->connect($dsn, $db_username, $db_password) || log_and_die "cannot connect the database";
-$sql=<<SQL;
-SELECT id,mailbox,src_server,src_auth,src_user,src_password,src_folder,fetchall,keep,protocol,mda,extra_options,usessl
-FROM fetchmail
-WHERE unix_timestamp(now())-unix_timestamp(date) > poll_time*60
-SQL
+if($db_type eq "Pg") {
+ $sql_cond = "date_part('epoch',now())-date_part('epoch',date)";
+} elsif($db_type eq "mysql") {
+ $sql_cond = "unix_timestamp(now())-unix_timestamp(date)";
+}
+$sql = "
+ SELECT id,mailbox,src_server,src_auth,src_user,src_password,src_folder,fetchall,keep,protocol,mda,extra_options,usessl
+ FROM fetchmail
+ WHERE $sql_cond > poll_time*60
+ ";
+
my (%config);
map{
my ($id,$mailbox,$src_server,$src_auth,$src_user,$src_password,$src_folder,$fetchall,$keep,$protocol,$mda,$extra_options,$usessl)=@$_;
- syslog("info","fetch ${src_user}@${src_server} for ${mailbox}");
+ syslog("info","fetch ${src_user}@${src_server} for ${mailbox}");
$cmd="user '${src_user}' there with password '".decode_base64($src_password)."'";
$cmd.=" folder '${src_folder}'" if ($src_folder);
Modified: branches/postfixadmin-smarty/DOCUMENTS/POSTFIX_CONF.txt
===================================================================
--- branches/postfixadmin-smarty/DOCUMENTS/POSTFIX_CONF.txt 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/DOCUMENTS/POSTFIX_CONF.txt 2009-04-12 09:39:36 UTC (rev 627)
@@ -57,7 +57,7 @@
password = password
hosts = localhost
dbname = postfix
-query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1
+query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
(Note: PostgreSQL does not have a concat() function, instead use e.g. .... alias.address = '%u' || '@' || alias_domain.target_domain AND ....)
@@ -67,7 +67,7 @@
password = password
hosts = localhost
dbname = postfix
-query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1
+query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
(See above note re Concat + PostgreSQL)
@@ -87,18 +87,17 @@
password = password
hosts = localhost
dbname = postfix
-query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'
+query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100
-(See above note re Concat + PostgreSQL)
-
mysql_virtual_alias_domain_mailbox_maps.cf:
user = postfix
password = password
hosts = localhost
dbname = postfix
-query = SELECT CONCAT(domain,'/',maildir) FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1
+query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
+
(See above note re Concat + PostgreSQL)
# For quota support
Modified: branches/postfixadmin-smarty/common.php
===================================================================
--- branches/postfixadmin-smarty/common.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/common.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -22,39 +22,33 @@
}
define('POSTFIXADMIN', 1); # checked in included files
-function incorrect_setup() {
- global $incpath;
- # we ask the user to delete setup.php, which makes a blind redirect a bad idea
- if(!is_file("$incpath/setup.php")) {
- die ("config.inc.php does not exist or is not configured correctly. Please re-install setup.php and create/fix your config.");
- } else {
- # common.php is indirectly included in setup.php (via upgrade.php) - avoid endless redirect loop
- if (!preg_match('/setup\.php$/', $_SERVER['SCRIPT_NAME'])) {
- header("Location: setup.php");
- exit(0);
- }
- }
-}
-
$incpath = dirname(__FILE__);
(ini_get('magic_quotes_gpc') ? ini_set('magic_quotes_runtime', '0') : '1');
(ini_get('magic_quotes_gpc') ? ini_set('magic_quotes_sybase', '0') : '1');
-if(ini_get('register_globals')) {
+if(ini_get('register_globals') == 'on') {
die("Please turn off register_globals; edit your php.ini");
}
require_once("$incpath/variables.inc.php");
if(!is_file("$incpath/config.inc.php")) {
- // incorrectly setup...
- incorrect_setup();
+ die("config.inc.php is missing!");
}
require_once("$incpath/config.inc.php");
+
if(isset($CONF['configured'])) {
if($CONF['configured'] == FALSE) {
- incorrect_setup();
+ die("Please edit config.inc.php - change \$CONF['configured'] to true after setting your database settings");
}
+ if(!isset($CONF['setup_password'])) {
+ die("You must have a \$CONF['setup_password'] defined - this allows authenticated access to setup.php");
+ }
+ if($CONF['setup_password'] == 'changeme') {
+ die("You must specify a password in config.inc.php (\$CONF['setup_password']) in order to access setup.php");
+ }
}
+
+
require_once("$incpath/languages/language.php");
require_once("$incpath/functions.inc.php");
require_once("$incpath/languages/" . check_language () . ".lang");
Modified: branches/postfixadmin-smarty/config.inc.php
===================================================================
--- branches/postfixadmin-smarty/config.inc.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/config.inc.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -27,10 +27,12 @@
* The following line needs commenting out or removing before the
* application will run!
* Doing this implies you have changed this file as required.
+ * i.e. configuring database etc; specifying setup.php password etc.
*/
$CONF['configured'] = false;
-
+// In order to setup Postfixadmin, you MUST change the password below.
+$CONF['setup_password'] = 'changeme';
// Postfix Admin Path
// Set the location of your Postfix Admin installation here.
// YOU MUST ENTER THE COMPLETE URL e.g. http://domain.tld/postfixadmin
Modified: branches/postfixadmin-smarty/create-mailbox.php
===================================================================
--- branches/postfixadmin-smarty/create-mailbox.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/create-mailbox.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -203,69 +203,13 @@
$tMessage = $PALANG['pAlias_result_error'] . "<br />($fUsername -> $fUsername)</br />";
}
-/*
-# TODO: The following code segment is from admin/create-mailbox.php. To be compared/merged with the code from /create-mailbox.php.
- Lines starting with /* were inserted to keep this section in commented mode.
-
-
- if ($result['rows'] != 1)
- {
- $tDomain = $fDomain;
- $tMessage .= $PALANG['pCreate_mailbox_result_error'] . "<br />($fUsername)<br />";
- }
- else
- {
-
- $error=TRUE; // Being pessimistic
- if (mailbox_postcreation($fUsername,$fDomain,$maildir))
- {
- if ('pgsql'==$CONF['database_type'])
- {
- $result=db_query("COMMIT");
-
-/* should really not be possible: */
-/*
- if (!$result) die('COMMIT-query failed.');
- }
- $error=FALSE;
- } else {
- $tMessage .= $PALANG['pCreate_mailbox_result_error'] . "<br />($fUsername)<br />";
- if ('pgsql'==$CONF['database_type'])
- {
- $result=db_query("ROLLBACK");
-
-/* should really not be possible: */
-/*
- if (!$result) die('ROLLBACK-query failed.');
- } else {
- /*
- When we cannot count on transactions, we need to move forward, despite
- the problems.
- */
-/*
- $error=FALSE;
- }
- }
-
-
- if (!$error)
- {
- db_log ($CONF['admin_email'], $fDomain, 'create_mailbox', $fUsername);
-
- */
-
-/*
-TODO: this is the start of /create-mailbox code segment that was originally used in /create-mailbox.php instead
- of the above from admin/create-mailbox.php.
- To be compared / merged.
- */
-
// apparently uppercase usernames really confuse some IMAP clients.
$fUsername = strtolower($fUsername);
$local_part = '';
if(preg_match('/^(.*)@/', $fUsername, $matches)) {
$local_part = $matches[1];
}
+
$result = db_query ("INSERT INTO $table_mailbox (username,password,name,maildir,local_part,quota,domain,created,modified,active) VALUES ('$fUsername','$password','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
if ($result['rows'] != 1 || !mailbox_postcreation($fUsername,$fDomain,$maildir, $quota))
{
@@ -277,9 +221,6 @@
{
db_query('COMMIT');
db_log ($SESSID_USERNAME, $fDomain, 'create_mailbox', "$fUsername");
-/*
-TODO: this is the end of /create-mailbox.php code segment
- */
$tDomain = $fDomain;
$tQuota = $CONF['maxquota'];
Modified: branches/postfixadmin-smarty/edit-alias.php
===================================================================
--- branches/postfixadmin-smarty/edit-alias.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/edit-alias.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -34,6 +34,10 @@
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
+if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
+ die("Check config.inc.php - domain administrators do not have the ability to edit user's aliases (alias_control_admin)");
+}
+
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
if (isset ($_GET['address'])) $fAddress = escape_string ($_GET['address']);
@@ -46,6 +50,9 @@
{
$row = db_array ($result['result']);
$tGoto = $row['goto'];
+
+ //. if we are not a global admin, and special_alias_control is NO, hide the alias that's the mailbox name.
+ if($CONF['special_alias_control'] == 'NO' && !authentication_has_role('global-admin')) {
/* Has a mailbox as well? Remove the address from $tGoto in order to edit just the real aliases */
$result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
@@ -53,7 +60,8 @@
{
$tGoto = preg_replace ('/\s*,*\s*' . $fAddress . '\s*,*\s*/', '', $tGoto);
}
- }
+ }
+ }
}
else
{
@@ -90,7 +98,7 @@
$goto = preg_replace ('/,*$|^,*/', '', $goto);
$goto = preg_replace ('/,,*/', ',', $goto);
- if (empty ($goto))
+ if (empty ($goto) && !authentication_has_role('global-admin'))
{
$error = 1;
$tGoto = $_POST['fGoto'];
@@ -121,11 +129,20 @@
/* The alias has a real mailbox as well, prepend $goto with it */
if ($result['rows'] == 1)
{
- $goto = "$fAddress,$goto";
+ // ensure mailbox alias exists... if they're a domain admin, and they're not allowed to...
+ if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
+ $array[] = $fAddress;
+ }
+
}
+ // duplicates suck, mmkay..
+ $array = array_unique($array);
+ $goto = implode(',', $array);
+
if ($error != 1)
{
+ $goto = escape_string($goto);
$result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fAddress' AND domain='$fDomain'");
if ($result['rows'] != 1)
{
Modified: branches/postfixadmin-smarty/login.php
===================================================================
--- branches/postfixadmin-smarty/login.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/login.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -31,14 +31,13 @@
require_once('common.php');
# force user to delete setup.php (allows creation of superadmins!)
-if (file_exists (realpath ("./setup.php"))) {
- if (is_string($CONF['configured']) && $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php')
- {
+if (isset($CONF['configured']) && $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php') {
}
else
{
- print "Please delete " . dirname(__FILE__) . "/setup.php before using Postfix Admin!";
- exit;
+ if($CONF['configured'] !== true) {
+ print "Installation not yet configured; please edit config.inc.php";
+ exit;
}
}
$smarty->assign ('language_selector', language_selector());
Modified: branches/postfixadmin-smarty/model/AliasHandler.php
===================================================================
--- branches/postfixadmin-smarty/model/AliasHandler.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/model/AliasHandler.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -97,6 +97,8 @@
$addresses = array_unique($addresses);
$original = $this->get(true);
+ $tmp = preg_split('/@/', $this->username);
+ $domain = $tmp[1];
foreach($original as $address) {
if($vacation_persist) {
@@ -143,8 +145,6 @@
}
if($this->hasAliasRecord() == false) {
$true = db_get_boolean(True);
- $tmp = preg_split('/@/', $username);
- $domain = $tmp[1];
$sql = "INSERT INTO $table_alias (address, goto, domain, created, modified, active) VALUES ('$username', '$goto', '$domain', NOW(), NOW(), $true)";
}
else {
Modified: branches/postfixadmin-smarty/model/UserHandler.php
===================================================================
--- branches/postfixadmin-smarty/model/UserHandler.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/model/UserHandler.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -35,7 +35,7 @@
$result = db_query ("UPDATE $table_mailbox SET password='$new_db_password',modified=NOW() WHERE username='$username'");
- db_log ($username, $USERID_DOMAIN, 'edit_password', "$USERID_USERNAME");
+ db_log ($username, $USERID_DOMAIN, 'edit_password', "$username");
return true;
}
Modified: branches/postfixadmin-smarty/setup.php
===================================================================
--- branches/postfixadmin-smarty/setup.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/setup.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -23,11 +23,8 @@
* Form POST \ GET Variables: -none-
*/
-define('POSTFIXADMIN', 1); # checked in included files
+require_once("common.php");
-require_once("languages/en.lang");
-require_once("functions.inc.php");
-
$CONF['show_header_text'] = 'NO';
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';
@@ -309,6 +306,17 @@
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
+ // ensure password is correct.
+ if(!isset($_POST['setup_password'])) {
+ $error += 1;
+ $tMessage = "Setup password must be specified";
+ }
+ if($_POST['setup_password'] != $CONF['setup_password']) {
+ $error += 1;
+ $tMessage = "Setup password not specified correctly";
+ }
+
+ if($error == 0) {
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
@@ -325,10 +333,14 @@
if (isset ($_POST['fUsername'])) $tUsername = escape_string ($_POST['fUsername']);
} else {
print "<p><b>$tMessage</b></p>";
- echo "<p><b>Delete (or rename) setup.php, and then click <a href='login.php'>here to login</a>.</b></p>";
}
}
+ else {
+ print "<p><b>$tMessage</b></p>";
+ }
+ }
+
if ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0)
{
?>
@@ -340,6 +352,11 @@
<td colspan="3"><h3>Create superadmin account</h3></td>
</tr>
<tr>
+ <td>Setup password (see config.inc.php)</td>
+ <td><input class="flat" type="password" name="setup_password" value="" /></td>
+ <td></td>
+ </tr>
+ <tr>
<td><?php print $PALANG['pAdminCreate_admin_username'] . ":"; ?></td>
<td><input class="flat" type="text" name="fUsername" value="<?php print $tUsername; ?>" /></td>
<td><?php print $pAdminCreate_admin_username_text; ?></td>
@@ -367,8 +384,8 @@
<?php
}
- print "<b>Make sure you delete this setup.php file!</b><br />\n";
- print "Also check the config.inc.php file for any settings that you might need to change!<br />\n";
+ print "<b>Since version 2.3 there is no requirement to delete setup.php!</b><br />\n";
+ print "<b>Check the config.inc.php file for any other settings that you might need to change!<br />\n";
}
?>
</div>
Modified: branches/postfixadmin-smarty/xmlrpc.php
===================================================================
--- branches/postfixadmin-smarty/xmlrpc.php 2009-04-11 23:24:20 UTC (rev 626)
+++ branches/postfixadmin-smarty/xmlrpc.php 2009-04-12 09:39:36 UTC (rev 627)
@@ -34,7 +34,6 @@
require_once('Zend/XmlRpc/Server.php');
$server = new Zend_XmlRpc_Server();
-session_start();
/**
* @param string $username
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
