High5! Code

Commit Diff

Commit:: 1575a17857094f68238c0d6d9259ea1c62e8a980
From:: mischa <mischa@rx.high5.nl>
Date:: Tue Sep 6 11:56:05 2022 UTC
Message:: change check_role() to query
Actions:: Patch | Tree
commit - 4c680ccd97a58811676e275490df5617f36111ab
commit + 1575a17857094f68238c0d6d9259ea1c62e8a980
blob - 39547c7f88215aa153def2ebede075d9370fdf21
blob + e7716f06f9a4ade66c9e77c8158654e74009b57b
--- add-alias.php
+++ add-alias.php
@@ -26,7 +26,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - e059c12ec823c893cfd7376b9ab02a4ea5672635
blob + b3e570d945bd57399ec0dd8a005d7dc78a64b144
--- add-mailbox.php
+++ add-mailbox.php
@@ -28,7 +28,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - 9a523ce84d9cf9ccdd5dfb1644a8ba4ad0e4ee02
blob + 114bafe0db9ff3581e21d24e88524602a4928d8e
--- admin.php
+++ admin.php
@@ -28,7 +28,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE != ADMIN_ROLE) {
 	header("Location: list-domain.php");
blob - 35a6e2eea2f3a92f1f80d75508607c9c7164816d
blob + 5286c26921de9b74243d4be5f658b38c78556ac9
--- backup.php
+++ backup.php
@@ -22,7 +22,7 @@ include './languages/' . check_language() . '.lang';
 date_default_timezone_set('Europe/Amsterdam');
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE != ADMIN_ROLE) {
 	header("Location: list-domain.php");
blob - 265baee683b6acdc681460438504478dafd2feee
blob + d7c71885300df5177970d97f32b0fea90122f8c1
--- delete.php
+++ delete.php
@@ -24,7 +24,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - a88ed48aa10baf029f17a38f8dfada2550cd4cbf
blob + 3a5537ea349fa9ec4084aeeba5041df97034e56b
--- domain.php
+++ domain.php
@@ -29,7 +29,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE != ADMIN_ROLE) {
 	header("Location: list-domain.php");
blob - 6b69dacc63bf948dcdce488dc8b9753f85952e73
blob + 8bad3007f9607fabe7d014615d05baaf832e8a94
--- edit-alias.php
+++ edit-alias.php
@@ -24,7 +24,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - 594f5d0caa10e3661c0a590d22a774625477e974
blob + e1b5bc77f210818dea6aba7f8aff321ae29b55fb
--- edit-mailbox.php
+++ edit-mailbox.php
@@ -26,7 +26,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
@@ -36,7 +36,7 @@ if ($ROLE == ADMIN_ROLE) {
 }
 
 if ($_SERVER['REQUEST_METHOD'] == "GET") {
-        $username = strtolower(filter_input(INPUT_GET, 'username', FILTER_DEFAULT));
+        $username = filter_input(INPUT_GET, 'username', FILTER_DEFAULT);
         $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN);
         $domain_key = array_search($domain, array_column($list_domains, 'domain'));
 	$domain_exist = in_array($domain, array_column($list_domains, 'domain'));
blob - fb06cfd1403c0d860e631da5e90edfe7eb06fd19
blob + 77018dae597faf4c1fff95fe7c90e3283506ce77
--- functions.inc.php
+++ functions.inc.php
@@ -48,9 +48,14 @@ function check_session($session = "sessid") {
 // Action: Check which role is assighed
 // Call: check_role()
 //
-function check_role($session = "sessid") {
-	if (!empty($_SESSION[$session]['role'])) {
-		return $_SESSION[$session]['role'];
+function check_role($username) {
+	$dbh = pdo_connect();
+	$sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
+	$sth->bindParam(1, $username, PDO::PARAM_STR);
+	$sth->execute();
+	$row = $sth->fetch(PDO::FETCH_ASSOC);
+	if (!empty($row)) {
+		return $row['role'];
 	}
 }
 
blob - f784b1d9e1355f40e14316f809e873b921cc20e7
blob + cba363df05a9a8f8720d59646fd6e2ebfe461c4a
--- list-admin.php
+++ list-admin.php
@@ -21,9 +21,10 @@ require './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 $list_admins = array();
+$list_domains = array();
 
 if ($_SERVER['REQUEST_METHOD'] == "GET") {
 	if ($ROLE == ADMIN_ROLE) {
blob - 1726709d16633966c14977a94df337041c1a9087
blob + 4ed071737f2ac2686c0bb6182d989c57c52fd664
--- list-domain.php
+++ list-domain.php
@@ -21,7 +21,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($_SERVER['REQUEST_METHOD'] == "GET") {
 	$username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL);
blob - 071a35ff600c578437ddb5a7bdeaa618ea668655
blob + 7267cd1be28aafc329e4d818373038fcce292658
--- list-virtual.php
+++ list-virtual.php
@@ -23,7 +23,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
@@ -34,7 +34,12 @@ if ($ROLE == ADMIN_ROLE) {
 if ($_SERVER['REQUEST_METHOD'] == "GET") {
 	$offset = filter_input(INPUT_GET, 'offset', FILTER_VALIDATE_INT) ?? '0';
 	$limit = PAGE_SIZE;
-	$domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN) ?? $list_domains[0]['domain'];
+	$domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN);
+
+	if (empty($domain) && count($list_domains) > 0) {
+		$domain = $list_domains[0]['domain'];
+	}
+
 	if (in_array($domain, array_column($list_domains, 'domain'))) {
 		$domain_key = array_search($domain, array_column($list_domains, 'domain'));
 		$list_alias = list_aliases($domain, $offset, $limit);
blob - bbbe62d1b7fb896d078962e739b04b71cf224151
blob + 9eb87c98cd84f07114bbe94785b78eaa44d6469d
--- login.php
+++ login.php
@@ -28,7 +28,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 
 	if (!empty($username) && !empty($password)) {
 		$dbh = pdo_connect();
-		$sth = $dbh->prepare("SELECT password,role FROM admin WHERE username=?");
+		$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
 		$sth->bindParam(1, $username, PDO::PARAM_STR);
 		$sth->execute();
 		$row = $sth->fetch(PDO::FETCH_ASSOC);
@@ -54,7 +54,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 	if (empty($message)) {
 		session_start();
 		$_SESSION['sessid']['username'] = $username;
-		$_SESSION['sessid']['role'] = $row['role'] ?? '';
 		header("Location: $location");
 		exit;
 	}
blob - d4739d21eb9e007493abe9ac582564972b9e5688
blob + c94f8ea4dd7ec115f9f6b5433bac269ef6ce3ea4
--- password.php
+++ password.php
@@ -23,7 +23,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - 3e1a088a89faaa72f03b9db0ae4fa4e14c0b9a86
blob + 4a3c6ef76c4e8bd6e92ef217dea3e0b396b57324
--- search.php
+++ search.php
@@ -22,7 +22,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - 900ade84db3df5454f9ac88f29d67c50e9c7e32f
blob + 12fca2a786e016ed41a8d0574a4c587937051724
--- sendmail.php
+++ sendmail.php
@@ -26,8 +26,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
-$SESSID_USERNAME = $SESSID_USERNAME ?? ADMIN_EMAIL;
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - 4be8b032a36eb71cc27c65a7043adc5827b630d1
blob + 2b1c8231d7218c664d2b02050484bc56f8c25c17
--- templates/add-alias.tpl
+++ templates/add-alias.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="edit_form">
 <form name="create_alias" method="post">
 <table>
@@ -32,3 +33,4 @@
 	</tr>
 </table>
 </div>
+<?php } ?>
blob - fb174ffdf792c2778421cc290a9bd8eb21036c1b
blob + 961b92d79bec1436e6652562ea7cc9d52e97747e
--- templates/add-mailbox.tpl
+++ templates/add-mailbox.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="edit_form">
 <form name="create_mailbox" method="post">
 <table>
@@ -43,3 +44,4 @@
 </table>
 </form>
 </div>
+<?php } ?>
blob - 8ee1dc7d55b553f5859d543670d8dbe0e01640b7
blob + a14c6811efe97d0ff4265130a685f8a03e210546
--- templates/edit-alias.tpl
+++ templates/edit-alias.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="edit_form">
 <form name="edit_alias" method="post">
 <table>
@@ -29,3 +30,4 @@ foreach ($goto as $row) {
 </table>
 </form>
 </div>
+<?php } ?>
blob - 88ad945e3f2ffe8f54fd8b0c5e3f93271a056ae7
blob + da9c4f81e4cb805d3e6196058f0e0a0835ebcece
--- templates/edit-mailbox.tpl
+++ templates/edit-mailbox.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="edit_form">
 <form name="edit_mailbox" method="post">
 <table>
@@ -33,3 +34,4 @@
 </table>
 </form>
 </div>
+<?php } ?>
blob - 74027ee1fd325fb08c76c7322781aa0d4c86bfe1
blob + 26d7ed7424bd672ac5f347146662d71dd2571762
--- templates/list-domain.tpl
+++ templates/list-domain.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="overview">
 <?php if ($ROLE == ADMIN_ROLE) { ?>
 <form name="list_domain" method="get">
@@ -44,3 +45,5 @@ if (count($list_domains) > 0) {
 	}
 echo "</table>";
 }
+?>
+<?php } ?>
blob - 7f2647fbfed822fb8491f743f3a31dcba5d99bd2
blob + b26746c918d04df4e590ed13ffc508d10dc4393a
--- templates/list-virtual.tpl
+++ templates/list-virtual.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="overview">
 <form name="select_domain" method="get">
 <select name="domain" onChange="this.form.submit()";>
@@ -17,6 +18,7 @@ if ($list_domains[$domain_key]['mailboxes'] == 0) $lis
 <input class="button" type="submit" name="go" value="<?php echo $LANG['List_button']; ?>" />
 </form>
 
+
 <h4><?php echo $LANG['List_virtual_welcome'] . $domain; ?></h4>
 <p><?php echo $LANG['List_domain_aliases'] . ": " . $list_domains[$domain_key]['alias_count'] . " / " . $list_domains[$domain_key]['aliases']; ?></p>
 <p><?php echo $LANG['List_domain_mailboxes'] . ": " . $list_domains[$domain_key]['mailbox_count'] . " / " . $list_domains[$domain_key]['mailboxes']; ?></p>
@@ -34,10 +36,10 @@ if ($list_domains[$domain_key]['alias_count'] > $limit
 	}
 	if (($list_domains[$domain_key]['alias_count'] > $limit) || ($list_domains[$domain_key]['mailbox_count'] > $limit)) {
 
-		echo "<a href=\"list-virtual.php?domain=" . $_GET['domain'] . "&offset=0\"><img border=\"0\" src=\"images/arrow-u.png\" title=\"" . $LANG['List_up_arrow'] . "\"></a>";
+		echo "<a href=\"list-virtual.php?domain=" . $list_domains[$domain_key]['domain'] . "&offset=0\"><img border=\"0\" src=\"images/arrow-u.png\" title=\"" . $LANG['List_up_arrow'] . "\"></a>";
 	}		
 	if ((($offset + $limit) < $list_domains[$domain_key]['alias_count']) || (($offset + $limit) < $list_domains[$domain_key]['mailbox_count'])) {
-		echo "<a href=\"list-virtual.php?domain=" . $_GET['domain'] . "&offset=" . ($offset + $limit) . "\"><img border=\"0\" src=\"images/arrow-r.png\" title=\"" . $LANG['List_right_arrow'] . "\"></a>";
+		echo "<a href=\"list-virtual.php?domain=" . $list_domains[$domain_key]['domain'] . "&offset=" . ($offset + $limit) . "\"><img border=\"0\" src=\"images/arrow-r.png\" title=\"" . $LANG['List_right_arrow'] . "\"></a>";
 	}
 	echo "</div>";
 }
@@ -88,3 +90,4 @@ if (count($list_mailbox) > 0) {
 	echo "</table>";
 }
 ?>
+<?php } ?>
blob - 04e4f62bbbc99f3d8fb9775a55c2f591d15bc494
blob + 6ff39a6868fb483837b0a2f3ef37611510c96d00
--- templates/search.tpl
+++ templates/search.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="overview">
 <h4><?php echo $LANG['Search_welcome'] . $search; ?></h4>
 <form name="search" method="post" action="search.php">
@@ -53,3 +54,4 @@ if (count($list_mailbox) > 0) {
 	echo "</table>";
 }
 ?>
+<?php } ?>
blob - 2b335ee7d8ddb9e7fa10fd4baeea112f4442cbee
blob + e153b32cf1cd186568716bd47c89544213af406c
--- templates/sendmail.tpl
+++ templates/sendmail.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="edit_form">
 <form name="sendmail" method="post">
 <table>
@@ -35,3 +36,4 @@
 </table>
 </form>
 </div>
+<?php } ?>
blob - de9c3ee7df0d5ad44dbe6cd43156a578ef37b592
blob + ad221ee80ddcb546d74be85a016e81a9b17c5658
--- templates/viewlog.tpl
+++ templates/viewlog.tpl
@@ -1,3 +1,4 @@
+<?php if (count($list_domains) > 0) { ?>
 <div id="overview">
 <form name="viewlog" method="get">
 <select name="domain" onChange="this.form.submit()";>
@@ -41,3 +42,4 @@ if (count($log ?? array()) > 0) {
 	echo "<p />";
 }
 ?>
+<?php } ?>
blob - 41d9a7de208a84829e71555d585196a3312a5795
blob + a62a12ce3fe6b099aa903053a6937524d4b3fb72
--- vacation.php
+++ vacation.php
@@ -24,7 +24,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();
blob - fa1843e1b98ce878e2397aa6d069c129e5fb3ea7
blob + 6d80bbf5977e41841326372af98aa0e8703ee9e2
--- viewlog.php
+++ viewlog.php
@@ -21,8 +21,7 @@ require_once './functions.inc.php';
 include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
-$ROLE = check_role();
-$SESSID_USERNAME = $SESSID_USERNAME ?? ADMIN_EMAIL;
+$ROLE = check_role($SESSID_USERNAME);
 
 if ($ROLE == ADMIN_ROLE) {
 	$list_domains = list_domains();