File: edit-alias.php

package info (click to toggle)
postfixadmin 2.3.5-2+deb7u1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 6,200 kB
  • sloc: php: 25,767; xml: 14,485; perl: 964; sh: 664; python: 169; makefile: 84
file content (178 lines) | stat: -rw-r--r-- 5,838 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
<?php
/** 
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at : 
 *     http://www.postfixadmin.com or http://postfixadmin.sf.net 
 * 
 * @version $Id: edit-alias.php 1330 2012-01-11 21:42:19Z christian_boltz $ 
 * @license GNU GPL v2 or later. 
 * 
 * File: edit-alias.php 
 * Used to update an alias.
 *
 * Template File: edit-alias.php
 *
 * Template Variables:
 *
 * tMessage
 * tGoto
 *
 * Form POST \ GET Variables:
 *
 * fAddress
 * fDomain
 * fGoto
 */

require_once('common.php');

authentication_require_role('admin');
$SESSID_USERNAME = authentication_get_username();

if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
    die("Check config.inc.php - domain administrators do not have the ability to edit user's aliases (alias_control_admin)");
}

/* retrieve existing alias record for the user first... may be via GET or POST */
$fAddress = safepost('address', safeget('address')); # escaped below
$fDomain = escape_string(preg_replace("/.*@/", "", $fAddress));
$fAddress = escape_string($fAddress); # escaped now
if ($fAddress == "") {
    die("Required parameters not present");
}

/* Check the user is able to edit the domain's aliases */
if(!check_owner($SESSID_USERNAME, $fDomain) && !authentication_has_role('global-admin'))
{
    die("You lack permission to do this. yes.");
}

$table_alias = table_by_key('alias');
$alias_list = array();
$orig_alias_list = array();
$result = db_query ("SELECT * FROM $table_alias WHERE address='$fAddress' AND domain='$fDomain'");
if ($result['rows'] == 1)
{
    $row = db_array ($result['result']);
    $tGoto = $row['goto'];

    $orig_alias_list = explode(',', $tGoto);
    $tGoto = str_replace(',', "\n", $tGoto);
    $alias_list = $orig_alias_list;
    //. if we are not a global admin, and alias_control_admin is NO, hide the alias that's the mailbox name.
    if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
        /* Has a mailbox as well? Remove the address from $tGoto in order to edit just the real aliases */
        $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
        if ($result['rows'] == 1)
        {
            $alias_list = array(); // empty it, repopulated again below
            foreach($orig_alias_list as $alias) {
                if(strtolower($alias) == strtolower($fAddress)) {
                    // mailbox address is dropped if they don't have special_alias_control enabled, and/or not a global-admin 
                }
                else {
                    $alias_list[] = $alias;
                }
            }
        }
    }
}
else {
    die("Invalid alias");
}

if ($_SERVER['REQUEST_METHOD'] == "POST")
{
    $pEdit_alias_goto = $PALANG['pEdit_alias_goto'];

    if (isset ($_POST['fGoto'])) $fGoto = escape_string ($_POST['fGoto']);
    $fGoto = strtolower ($fGoto);

    if (!check_alias_owner ($SESSID_USERNAME, $fAddress))
    {
        $error = 1;
        $tGoto = $fGoto;
        $tMessage = $PALANG['pEdit_alias_result_error'];
    }

    $goto = preg_replace ('/\\\r\\\n/', ',', $fGoto);
    $goto = preg_replace ('/\r\n/', ',', $goto);
    $goto = preg_replace ('/,[\s]+/i', ',', $goto); 
    $goto = preg_replace ('/[\s]+,/i', ',', $goto); 
    $goto = preg_replace ('/,*$|^,*/', '', $goto);
    $goto = preg_replace ('/,,*/', ',', $goto);

    if (empty ($goto) && !authentication_has_role('global-admin'))
    {
        $error = 1;
        $tGoto = $_POST['fGoto'];
        $tMessage = $PALANG['pEdit_alias_goto_text_error1'];
    }

    $new_aliases = array();
    if ($error != 1)
    {
        $new_aliases = explode(',', $goto);
    }
    $new_aliases = array_unique($new_aliases);

    foreach($new_aliases as $address) {
        if (in_array($address, $CONF['default_aliases'])) continue;
        if (empty($address)) continue; # TODO: should never happen - remove after 2.2 release
        if (!check_email($address))
        {
            $error = 1;
            $tGoto = $goto;
            if (!empty($tMessage)) $tMessage .= "<br />";
            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
        }
    }

    $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$fAddress' AND domain='$fDomain'");
    if ($result['rows'] == 1)
    {
        if($CONF['alias_control_admin'] == 'NO' && !authentication_has_role('global-admin')) {
            // if original record had a mailbox alias, so ensure the updated one does too.
            if(in_array($fAddress, $orig_alias_list)) {
                $new_aliases[] = $fAddress;
            }
        }
    }
    // duplicates suck, mmkay..
    $new_aliases = array_unique($new_aliases);

    $goto = implode(',', $new_aliases);

    if ($error != 1)
    {
        $goto = escape_string($goto);
        $result = db_query ("UPDATE $table_alias SET goto='$goto',modified=NOW() WHERE address='$fAddress' AND domain='$fDomain'");
        if ($result['rows'] != 1)
        {
            $tMessage = $PALANG['pEdit_alias_result_error'];
        }
        else
        {
            db_log ($SESSID_USERNAME, $fDomain, 'edit_alias', "$fAddress -> $goto");
            header ("Location: list-virtual.php?domain=$fDomain");
            exit;
        }
    } else { # on error
        $tGoto = htmlentities($_POST['fGoto']);
    }
}

$fAddress = htmlentities($fAddress, ENT_QUOTES);
$fDomain = htmlentities($fDomain, ENT_QUOTES);
include ("templates/header.php");
include ("templates/menu.php");
include ("templates/edit-alias.php");
include ("templates/footer.php");

/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
?>