diff --git a/bureau/admin/mail_doedit.php b/bureau/admin/mail_doedit.php index bad2a5d1..39adbcf5 100644 --- a/bureau/admin/mail_doedit.php +++ b/bureau/admin/mail_doedit.php @@ -1,13 +1,9 @@ array ("request","integer",""), - "mail_id" => array ("request","integer",""), - "pass" => array ("request","string",""), - "passconf" => array("request","string",""), - "is_enabled" => array("request","string",""), - "enable" => array("request","string","") -); + "mail_id" =>array ("request","integer",""), + "pass" => array ("request","string",""), + "passconf" => array("request","string",""), + "quotamb" => array("request","integer",0), + "enabled" => array("request","boolean",true), + "islocal" => array("request","boolean",true), + "recipients" => array("request","string",""), + ); getFields($fields); -/* -* checking the password -*/ +$isedit=true; // if we go back to edit, it will know ;) +$error=""; -if(isset($pass) && $pass != ""){ - if($pass != $passconf){ - $error = _("Password do not match"); - include ("mail_edit.php"); - exit(); - }else{ - //adding the password - $mail->setpasswd($mail_id,$pass); - header ("Location: /mail_properties.php?mail_id=$mail_id"); - } -} -/* -* checking the activation state of the mail -* redirecting according to it. -*/ -if($is_enabled == 1){ - if(intval($enable)==0){ - //desactivation - $mail->disable($mail_id); - header ("Location: /mail_properties.php?mail_id=$mail_id"); - }else{ - $error = _("Already Activated"); - include ("mail_edit.php"); - exit(); - } -}elseif($is_enabled == 0){ - if(intval($enable)==0){ - // c'est dja inactif - $error = _("Already disabled "); - include ("mail_edit.php"); - exit(); - }else{ - //Activation - $mail->enable($mail_id); - header ("Location: /mail_properties.php?mail_id=$mail_id"); - } - -} +// We check that email first ... so that we can compare its status with our ... +if (!$res=$mail->get_details($mail_id)) { + $error=$err->errstr(); + include("main.php"); + exit(); +} else { + + + /* + * checking the password + */ + if(isset($pass) && $pass != ""){ + if($pass != $passconf){ + $error = _("Passwords do not match"); + include ("mail_edit.php"); + exit(); + } else { + if (!$mail->set_passwd($mail_id,$pass)) { /* SET THE PASSWORD */ + $error=$err->errstr(); + include ("mail_edit.php"); + exit(); + } else { + $error.=$err->errstr()."
"; + } + } + } + /* + * now the enable/disable status + */ + if ($res["enabled"] && !$enabled) { + if (!$mail->disable($mail_id)) { /* DISABLE */ + $error=$err->errstr(); + include ("mail_edit.php"); + exit(); + } else { + $error.=$err->errstr()."
"; + } + } + if (!$res["enabled"] && $enabled) { + if (!$mail->enable($mail_id)) { /* ENABLE */ + $error=$err->errstr(); + include ("mail_edit.php"); + exit(); + } else { + $error.=$err->errstr()."
"; + } + } + + + /* + * now the islocal + quota + recipients + */ + if (!$mail->set_details($mail_id,$islocal,$quotamb,$recipients)) { /* SET OTHERS */ + $error=$err->errstr(); + include ("mail_edit.php"); + exit(); + } else { + $error.=$err->errstr()."
"; + } + + + /* + * Other elements by hooks + */ + $rh=$hooks->invoke("mail_edit_post",array($mail_id)); + if (in_array(false,$res,true)) { + include ("mail_edit.php"); + exit(); + } else { + foreach($rh as $h) if ($h) $error.=$h."
"; + } + +} + +if ($error) $error=_("Your email has been edited successfully"); + +$_REQUEST["domain_id"]=$dom->get_domain_byname($res["domain"]); +include("mail_list.php"); + diff --git a/bureau/admin/mail_edit.php b/bureau/admin/mail_edit.php index 732a8f2f..beb8af78 100644 --- a/bureau/admin/mail_edit.php +++ b/bureau/admin/mail_edit.php @@ -26,7 +26,13 @@ require_once("../class/config.php"); include_once("head.php"); $fields = array ( - "mail_id" => array ("request", "integer", ""), + "mail_id" =>array ("request","integer",""), + "pass" => array ("request","string",""), + "passconf" => array("request","string",""), + "quotamb" => array("request","integer",0), + "enabled" => array("request","boolean",true), + "islocal" => array("request","boolean",true), + "recipients" => array("request","string",""), ); getFields($fields); @@ -35,22 +41,49 @@ if (!$res=$mail->get_details($mail_id)) { include("main.php"); exit(); } else { -foreach($res as $key=>$val) $$key=$val; + + foreach($res as $key=>$val) $$key=$val; + $quotamb=$quota; + + if ($islocal && $mailbox_action=="DELETE") $islocal=false; + + if (isset($isedit) && $isedit) getFields($fields); // we came from a POST, so let's get the request again ... ?>


+ +$error

"; +} +?> +
+ + + + + @@ -101,14 +134,14 @@ function popoff() { $('#turnoff').show(); $('#poptbl').addClass('grey'); $('#pass').attr("disabled", "disabled"); - $('#quota').attr("disabled", "disabled"); + $('#quotamb').attr("disabled", "disabled"); $('#passconf').attr("disabled", "disabled"); } function popon() { $('#turnoff').hide(); $('#poptbl').removeClass('grey'); $('#pass').removeAttr("disabled"); - $('#quota').removeAttr("disabled"); + $('#quotamb').removeAttr("disabled"); $('#passconf').removeAttr("disabled"); } diff --git a/bureau/admin/styles/style.css b/bureau/admin/styles/style.css index 05593e3b..70fec154 100644 --- a/bureau/admin/styles/style.css +++ b/bureau/admin/styles/style.css @@ -424,7 +424,7 @@ span#emaildom { } .tedit td, .tedit th { border: 1px solid #aaa; - padding: 6px 10px; + padding: 10px; margin: 0; } diff --git a/bureau/class/config.php b/bureau/class/config.php index aa90bc72..03f26723 100644 --- a/bureau/class/config.php +++ b/bureau/class/config.php @@ -46,7 +46,8 @@ Merci de revenir plus tard."; */ ini_set('display_errors', true); -// Some constant +// FIXME: Some constant, we put them here so that we can change them later ;) LFS +define('ALTERNC_MAIL', "/var/alternc/mail"); define('ALTERNC_HTML', "/var/alternc/html"); define('ALTERNC_PANEL', "/var/alternc/bureau"); define('ALTERNC_LOGS', "/var/alternc/logs"); diff --git a/bureau/class/m_mail.php b/bureau/class/m_mail.php index 3c84cb3f..bf8f2632 100644 --- a/bureau/class/m_mail.php +++ b/bureau/class/m_mail.php @@ -169,7 +169,7 @@ class m_mail { // Validate the email syntax: $m=$mail."@".$domain; - if (!filter_var($m,FILTER_VALIDATE_EMAIL)){ + if (!filter_var($m,FILTER_VALIDATE_EMAIL) || (strpos($m,"..")!==false) || (strpos($m,"/")!==false) ) { $err->raise("mail",_("The email you entered is syntaxically incorrect")); return false; } @@ -211,10 +211,13 @@ class m_mail { $err->log("mail","get_details"); $mail_id=intval($mail_id); + // Validate that this email is owned by me... + if (!($mail=$this->is_it_my_mail($mail_id))) { + return false; + } // We fetch all the informations for that email: these will fill the hastable : - $db->query("SELECT a.address, a.password, a.`enabled`, d.domaine AS domain, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin - FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id=$mail_id AND d.id=a.domain_id;"); + $db->query("SELECT a.address, a.password, a.enabled, d.domaine AS domain, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id=".$mail_id." AND d.id=a.domain_id;"); if (! $db->next_record()) return false; $details=$db->Record; // if necessary, fill the typedata with data from hooks ... @@ -226,6 +229,8 @@ class m_mail { } + private $isitmy_cache=array(); + /* ----------------------------------------------------------------- */ /** Check if an email is mine ... * @@ -236,12 +241,15 @@ class m_mail { function is_it_my_mail($mail_id){ global $err,$db,$cuid; $mail_id=intval($mail_id); + // cache it (may be called more than one time in the same page). + if (isset($this->isitmy_cache[$mail_id])) return $this->isitmy_cache[$mail_id]; + $db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id=$mail_id AND d.compte=$cuid;"); if ($db->next_record()) { - return $db->f("email"); + return $this->isitmy_cache[$mail_id]=$db->f("email"); } else { $err->raise("mail",_("This email is not yours, you can't change anything on it")); - return false; + return $this->isitmy_cache[$mail_id]=false; } } @@ -353,6 +361,101 @@ class m_mail { } + /* ----------------------------------------------------------------- */ + /** set the password of an email address. + * @param $mail_id integer email ID + * @param $pass string the new password. + * @return boolean true if the password has been set, false else, raise an error. + */ + function set_passwd($mail_id,$pass){ + global $db,$err,$admin; + $err->log("mail","setpasswd"); + + if (!($email=$this->is_it_my_mail($mail_id))) return false; + if (!$admin->checkPolicy("pop",$email,$pass)) return false; + if (!$db->query("UPDATE address SET password='"._md5cr($pass)."' where id=$mail_id;")) return false; + return true; + } + + + /* ----------------------------------------------------------------- */ + /** Enables an email address. + * @param $mail_id integer Email ID + * @return boolean true if the email has been enabled. + */ + function enable($mail_id){ + global $db,$err; + $err->log("mail","enable"); + if (!($email=$this->is_it_my_mail($mail_id))) return false; + if (!$db->query("UPDATE address SET `enabled`=1 where id=$mail_id;")) return false; + return true; + } + + + /* ----------------------------------------------------------------- */ + /** Disables an email address. + * @param $mail_id integer Email ID + * @return boolean true if the email has been enabled. + */ + function disable($mail_id){ + global $db,$err; + $err->log("mail","disable"); + if (!($email=$this->is_it_my_mail($mail_id))) return false; + if (!$db->query("UPDATE address SET `enabled`=0 where id=$mail_id;")) return false; + return true; + } + + + /* ----------------------------------------------------------------- */ + /** Function used to update an email settings + * should be used by the web interface, not by third-party programs. + * + * @param $mail_id integer the number of the email to delete + * @param $islocal boolean is it a POP/IMAP mailbox ? + * @param $quotamb integer if islocal=1, quota in MB + * @param $recipients string recipients, one mail per line. + * @return true if the email has been properly edited + * or false if an error occured ($err is filled accordingly) + */ + function set_details($mail_id, $islocal, $quotamb, $recipients) { + global $err,$db,$cuid,$quota,$dom,$hooks; + $err->log("mail","set_details"); + if (!($me=$this->get_details($mail_id))) { + return false; + } + if ($me["islocal"] && !$islocal) { + // delete pop + $db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id=".$mail_id.";"); + } + if (!$me["islocal"] && $islocal) { + // create pop + $path=ALTERNC_MAIL."/".substr($me["address"]."_",0,1)."/".$me["address"]."_".$me["domain"]; + $db->query("INSERT INTO mailbox SET address_id=".$mail_id.", path='".addslashes($path)."';"); + } + if ($me["islocal"] && $islocal && $me["mailbox_action"]=="DELETE") { + $db->query("UPDATE mailbox SET mail_action='' WHERE mail_action='DELETE' AND address_id=".$mail_id.";"); + } + + if ($islocal) { + $db->query("UPDATE mailbox SET quota=".intval($quotamb)." WHERE address_id=".$mail_id.";"); + } + + $r=explode("\n",$recipients); + $red=""; + foreach($r as $m) { + $m=trim($m); + if ($m && filter_var($m,FILTER_VALIDATE_EMAIL)) { + $red.=$m."\n"; + } + } + $db->query("DELETE FROM recipient WHERE address_id=".$mail_id.";"); + if ($m) { + $db->query("INSERT INTO recipient SET address_id=".$mail_id.", recipients='".addslashes($red)."';"); + } + return true; + } + + /* ############################################################ */ @@ -443,39 +546,6 @@ class m_mail { - /** - * activate a mail address. - * @param integer mail_id: unique mail identifier - */ - function enable($mail_id){ - global $db,$err; - $err->log("mail","enable"); - if( !$db->query("UPDATE address SET `enabled`=1 where id=$mail_id;"))return false; - } - - - /** - * disable a mail address. - * @param integer mail_id: unique mail identifier - */ - function disable($mail_id){ - global $db,$err; - $err->log("mail","enable"); - if( !$db->query("UPDATE address SET `enabled`=0 where id=$mail_id;")) return false; - } - - - /** - * setpasswd a mail address. - * @param integer mail_id: unique mail identifier - */ - function setpasswd($mail_id,$pass,$passwd_type){ - global $db,$err,$admin; - $err->log("mail","setpasswd"); - if(!$admin->checkPolicy("pop",$mail_full,$pass)) return false; - if(!$db->query("UPDATE address SET password='"._md5cr($pass)."' where id=$mail_id;")) return false; - } - /** * mail_delete a mail address.

+		 +

+ /> + /> +

+

 

+ +

+

@@ -61,7 +94,7 @@ foreach($res as $key=>$val) $$key=$val; - +