[Postfixadmin-devel] XMLRPC interfaces
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[Postfixadmin-devel] XMLRPC interfaces
|
From: Juan C. G. D. <jua...@pe...> - 2011-01-24 23:21:11
|
Hello guys, it's me Juan Carlos Gutiérrez.
I'm sorry for taking so long to contact you, my project was delayed.
If you don't remember, I'm the one whos trying to enable some new
interfaces through xml-rpc for postfixadmin.
The last time we talk Christian told to enable the admin authetication
interface and base the rest of them on this admin auth.
Well, I did that, I created an AdminHandler class and enabled the login
interface, it is working very good.
My problems came when I was developing the "create_mailbox" interface.
Here is what I did:
First I took the code in the /create_mailbox.php file and tried to put
it in two functions in the model/AdminHandler.php class, one function
for all the intial validations and a second one for the mailbox creating
functionality. Then I used the AdminHandler in the create_mailbox.php.
BTW, I did the same with the admin login code and it worked very nice.
The big difference between the login and the mailbox creation is that
the mailbox creation code uses some variables that the AdminHandler
cannot see, like $CONF.
I tried to pass it through the AdminHandler construtor but it didn't
work either. Also I tried to use a require_once('common.php') in the
model/AdminHandler.php file but I got nothing.
I don't know what else I can do and that's why I'm contacting you, maybe
you can know how I can use these variables in my class.
Some code for you in case you need it:
*create_mailbox.php:*
require_once('common.php');
authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();
if(authentication_has_role('global-admin')) {
$list_domains = list_domains ();
}
else {
$list_domains = list_domains_for_admin($SESSID_USERNAME);
}
$pCreate_mailbox_name_text = $PALANG['pCreate_mailbox_name_text'];
$pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text'];
$pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text'];
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
$fDomain = $list_domains[0];
if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
if(!in_array($fDomain, $list_domains)) {
die("Invalid domain name selected, or you tried to select a
domain you are not an admin for");
}
$tDomain = $fDomain;
$result = db_query ("SELECT * FROM $table_domain WHERE
domain='$fDomain'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$tQuota = $row['maxquota'];
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (isset ($_POST['fUsername']) && isset ($_POST['fDomain']))
$fUsername = escape_string ($_POST['fUsername']) . "@" . escape_string
($_POST['fDomain']);
$fUsername = strtolower ($fUsername);
if (isset ($_POST['fPassword'])) $fPassword = escape_string
($_POST['fPassword']);
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string
($_POST['fPassword2']);
isset ($_POST['fName']) ? $fName = escape_string ($_POST['fName']) :
$fName = "";
if (isset ($_POST['fDomain'])) $fDomain = escape_string
($_POST['fDomain']);
isset ($_POST['fQuota']) ? $fQuota = intval($_POST['fQuota']) :
$fQuota = 0;
isset ($_POST['fActive']) ? $fActive = escape_string
($_POST['fActive']) : $fActive = "1";
if (isset ($_POST['fMail'])) $fMail = escape_string ($_POST['fMail']);
$ah = new AdminHandler($SESSID_USERNAME);
$pCreate_mailbox_username_text = $ah->validate($fUsername, $fDomain,
$fPassword, $fPassword2, $fName, $fQuota);
$tPassGenerated = 0;
if (empty ($fPassword) or empty ($fPassword2) or ($fPassword !=
$fPassword2))
{
if (empty ($fPassword) and empty ($fPassword2) and
$CONF['generate_password'] == "YES")
{
$fPassword = generate_password ();
$tPassGenerated = 1;
}
}
if (!empty($pCreate_mailbox_username_text))
{
$tMessage = $ah->create_mailbox($fUsername, $fDomain,
$fPassword, $fPassword2, $fName, $fQuota, $fActive, $fMail);
}
*model/AdminHandler.php:*
class AdminHandler {
protected $username = null;
public function __construct($username) {
$this->username = $username;
}
/**
* Attempt to log an admin in.
* @param string $username
* @param string $password
* @return boolean true on successful login (i.e. password matches etc)
*/
public static function login($admin_username, $admin_password) {
global $config;
$admin_username = escape_string($admin_username);
$table_admin = table_by_key('admin');
$active = db_get_boolean(True);
$to_return = true;
$result = db_query ("SELECT password FROM $table_admin WHERE
username='$admin_username' AND active='$active'");
if ($result['rows'] == 1)
{
$row = db_array ($result['result']);
$password = pacrypt ($admin_password, $row['password']);
$result = db_query ("SELECT * FROM $table_admin WHERE
username='$admin_username' AND password='$password' AND active='$active'");
if ($result['rows'] != 1)
{
$to_return = false;
}
}
else
{
$to_return = false;
}
return $to_return;
}
/**
* Check if they are domain admin.
* @param string $username
* @return boolean true on being domain admin
*/
public function check_domain_admin($admin_username) {
global $config;
$admin_username = escape_string($admin_username);
$table_domain_admins = table_by_key('domain_admins');
$active = db_get_boolean(True);
$to_return = false;
$result = db_query ("SELECT * FROM $table_domain_admins WHERE
username='$admin_username' AND domain='ALL' AND active='$active'");
if ($result['rows'] == 1)
{
$to_return = true;
}
return $to_return;
}
/**
* Test function
* @param string message_second_part
* @return string message
*/
public function test($message_second_part) {
$message_first_part = 'Hola ';
$message = $message_first_part.$message_second_part;
return $message;
}
/**
* create_mailbox function
* @param string $fUsername
* @param string $fDomain
* @param string $fPassword
* @param string $fPassword2
* @param string $fName
* @param string $fQuota
* @param boolean $fActive
* @param boolean $fMail
* @return string message
*/
public function create_mailbox($fUsername, $fDomain, $fPassword,
$fPassword2, $fName, $fQuota, $fActive, $fMail) {
global $config;
$password = pacrypt ($fPassword);
if($CONF['maildir_name_hook'] != 'NO' &&
function_exists($CONF['maildir_name_hook'])) {
$hook_func = $CONF['maildir_name_hook'];
$maildir = $hook_func ($fDomain, $fUsername);
}
else if ($CONF['domain_path'] == "YES")
{
if ($CONF['domain_in_mailbox'] == "YES")
{
$maildir = $fDomain . "/" . $fUsername . "/";
}
else
{
$maildir = $fDomain . "/" . escape_string
(strtolower($_POST['fUsername'])) . "/";
}
}
else
{
$maildir = $fUsername . "/";
}
if (!empty ($fQuota))
{
$quota = multiply_quota ($fQuota);
}
else
{
$quota = 0;
}
//if ($fActive == "on")
if ($fActive)
{
$sqlActive = db_get_boolean(True);
}
else
{
$sqlActive = db_get_boolean(False);
}
if ('pgsql'==$CONF['database_type'])
{
db_query('BEGIN');
}
$table_alias = table_by_key('alias');
$result = db_query ("INSERT INTO $table_alias
(address,goto,domain,created,modified,active) VALUES
('$fUsername','$fUsername','$fDomain',NOW(),NOW(),'$sqlActive')");
if ($result['rows'] != 1)
{
$tDomain = $fDomain;
$tMessage = $PALANG['pAlias_result_error'] . "<br
/>($fUsername -> $fUsername)</br />";
}
// apparently uppercase usernames really confuse some IMAP
clients.
$fUsername = strtolower($fUsername);
$local_part = '';
if(preg_match('/^(.*)@/', $fUsername, $matches)) {
$local_part = $matches[1];
}
$result = db_query ("INSERT INTO $table_mailbox
(username,password,name,maildir,local_part,quota,domain,created,modified,active)
VALUES
('$fUsername','$password','$fName','$maildir','$local_part','$quota','$fDomain',NOW(),NOW(),'$sqlActive')");
if ($result['rows'] != 1 ||
!mailbox_postcreation($fUsername,$fDomain,$maildir, $quota))
{
$tDomain = $fDomain;
$tMessage .= $PALANG['pCreate_mailbox_result_error'] .
"<br />($fUsername)<br />";
db_query('ROLLBACK');
}
else
{
db_query('COMMIT');
db_log ($SESSID_USERNAME, $fDomain, 'create_mailbox',
"$fUsername");
$tDomain = $fDomain;
$tQuota = $CONF['maxquota'];
if ($fMail == "on")
{
$fTo = $fUsername;
$fFrom = $SESSID_USERNAME;
$fHeaders = "To: " . $fTo . "\n";
$fHeaders .= "From: " . $fFrom . "\n";
$fHeaders .= "Subject: " . encode_header
($PALANG['pSendmail_subject_text']) . "\n";
$fHeaders .= "MIME-Version: 1.0\n";
$fHeaders .= "Content-Type: text/plain;
charset=utf-8\n";
$fHeaders .= "Content-Transfer-Encoding: 8bit\n";
$fHeaders .= $CONF['welcome_text'];
if (!smtp_mail ($fTo, $fFrom, $fHeaders))
{
$tMessage .= "<br />" .
$PALANG['pSendmail_result_error'] . "<br />";
}
else
{
$tMessage .= "<br />" .
$PALANG['pSendmail_result_success'] . "<br />";
}
}
$tShowpass = "";
if ( $tPassGenerated == 1 || $CONF['show_password'] ==
"YES") $tShowpass = " / $fPassword";
if (create_mailbox_subfolders($fUsername,$fPassword))
{
$tMessage .=
$PALANG['pCreate_mailbox_result_success'] . "<br />($fUsername$tShowpass)";
} else {
$tMessage .=
$PALANG['pCreate_mailbox_result_succes_nosubfolders'] . "<br
/>($fUsername$tShowpass)";
}
}
return $tMessage;
}
/**
* validate params
* @param string $fUsername
* @param string $fDomain
* @param string $fPassword
* @param string $fPassword2
* @param string $fName
* @param int $fQuota
* @return string to_return: error message
*/
public function validate($fUsername, $fDomain, $fPassword,
$fPassword2, $fName, $fQuota) {
$to_return = '';
//not a valid domain
if ( (!check_owner ($fUsername, $fDomain)) &&
(!authentication_has_role('global-admin')) )
{
$error = 1;
$tUsername = escape_string ($fUsername);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$to_return = $PALANG['pCreate_mailbox_username_text_error1'];
}
//mailbox limit reached
if (!check_mailbox ($fDomain))
{
$error = 1;
$tUsername = escape_string ($fUsername);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$to_return = $PALANG['pCreate_mailbox_username_text_error3'];
}
//not valid email
if (empty ($fUsername) or !check_email ($fUsername))
{
$error = 1;
$tUsername = escape_string ($fUsername);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$to_return = $PALANG['pCreate_mailbox_username_text_error1'];
}
if (empty ($fPassword) or empty ($fPassword2) or ($fPassword !=
$fPassword2))
{
//password does not match or is empty
if (!(empty ($fPassword) and empty ($fPassword2) and
$CONF['generate_password'] == "YES"))
{
$error = 1;
$tUsername = escape_string ($fUsername);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$to_return =
$PALANG['pCreate_mailbox_password_text_error'];
}
}
if ($CONF['quota'] == "YES")
{
//Quota too high
if (!check_quota ($fQuota, $fDomain))
{
$error = 1;
$tUsername = escape_string ($fUsername);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$to_return = $PALANG['pCreate_mailbox_quota_text_error'];
}
}
$table_alias = table_by_key('alias');
$result = db_query ("SELECT * FROM $table_alias WHERE
address='$fUsername'");
//email already exists
if ($result['rows'] == 1)
{
$error = 1;
$tUsername = escape_string ($fUsername);
$tName = $fName;
$tQuota = $fQuota;
$tDomain = $fDomain;
$to_return = $PALANG['pCreate_mailbox_username_text_error2'];
}
return $to_return;
}
*login.php:*
require_once('common.php');
/* force user to delete setup.php (allows creation of superadmins!)*/
if($CONF['configured'] !== true) {
print "Installation not yet configured; please edit config.inc.php";
exit;
}
if ($_SERVER['REQUEST_METHOD'] == "GET")
{
/*
$smarty->assign ('smarty_template', 'login');
$smarty->display ('index.tpl');
*/
include ("./templates/header.php");
include ("./templates/login.php");
include ("./templates/footer.php");
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$fUsername = '';
$fPassword = '';
if (isset ($_POST['fUsername'])) $fUsername = escape_string
($_POST['fUsername']);
if (isset ($_POST['fPassword'])) $fPassword = escape_string
($_POST['fPassword']);
$lang = safepost('lang');
if ( $lang != check_language(0) ) { # only set cookie if language
selection was changed
setcookie('lang', $lang, time() + 60*60*24*30); # language
cookie, lifetime 30 days
# (language preference cookie is processed even if username
and/or password are invalid)
}
if(AdminHandler::login($_POST['fUsername'], $_POST['fPassword'])) {
session_regenerate_id();
$_SESSION['sessid'] = array();
$_SESSION['sessid']['username'] = $fUsername;
$_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'admin';
echo "check_domain_admin!!! <br>";
// they've logged in, so see if they are a domain admin, as well.
$ah = new AdminHandler($fUsername);
if($ah->check_domain_admin($fUsername)) {
$_SESSION['sessid']['roles'][] = 'global-admin';
}
/*
$result = db_query ("SELECT * FROM $table_domain_admins WHERE
username='$fUsername' AND domain='ALL' AND active='1'");
if ($result['rows'] == 1)
{
$_SESSION['sessid']['roles'][] = 'global-admin';
}
*/
header("Location: main.php");
exit(0);
}
else
{
$tMessage = '<span class="error_msg">' .
$PALANG['pLogin_failed'] . '</span>';
}
|
