commit - 16de74e22032c2da7ebb1cdfde38066f54158df0
commit + 6322a7e71343e788838b53c9846bf851ec8b7580
blob - 6254bf4042eadd963878f716a34cb59dea2eab67
blob + 2758930ca64abedd3ff91f7148634ceb7cb9b391
--- functions.inc.php
+++ functions.inc.php
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session() -or- check_user_session()
//
-function check_session() {
+function check_session($session = "sessid") {
session_start();
- if (empty($_SESSION['sessid']['username'])) {
- header("Location: login.php");
- exit;
- }
- $SESSID_USERNAME = $_SESSION['sessid']['username'];
- return $SESSID_USERNAME;
-}
-
-function check_user_session() {
- session_start();
- if (empty($_SESSION['userid']['username'])) {
+ if (empty($_SESSION[$session]['username'])) {
header("Location: login.php");
exit;
}
- $USERID_USERNAME = $_SESSION['userid']['username'];
- return $USERID_USERNAME;
+ return $_SESSION[$session]['username'];
}
//
blob - 24f6678cc54413086a89b50229da50af037cf40c
blob + f2b6b763acd8ff27408619732061774039f73f58
--- languages/en.lang
+++ languages/en.lang
$LANG['Logging_mailbox_add'] = 'add mailbox';
$LANG['Logging_mailbox_edit'] = 'edit mailbox';
$LANG['Logging_mailbox_delete'] = 'delete mailbox';
+
+$LANG['Logging_password_change'] = 'change password';
$LANG['Search_welcome'] = 'Searching for: ';
?>
blob - 9c79c8f92f1c6f71e1b97a1c72ce8f626405a914
blob + cc9fc8943fc4f9d9c33254351015a84609b6cd61
--- list-virtual.php
+++ list-virtual.php
$list_mailbox = list_mailboxes($domain, $offset, $limit);
}
}
-
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/list-virtual.tpl';
blob - e7d90844402520ce7e16dc8a761c09fb9d6f5111
blob + 8a716cbfe48f58176ebb91852b32a3b5081e1296
--- login.php
+++ login.php
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
}
+
if (!empty($row)) {
if (!password_verify($password, $row)) {
$message = $LANG['Login_incorrect'];
$message = $LANG['Login_incorrect'];
}
+
if (empty($message)) {
session_start();
$_SESSION['sessid']['username'] = $username;
blob - 550fccf1c997f6cdad8f81523503fbb0d05be909
blob + 2d6569d9dc8e552dbfef37ff840d4a9711b4934c
--- logout.php
+++ logout.php
//
// -none-
//
-require("./config.inc.php");
-require("./functions.inc.php");
+require_once './functions.inc.php';
$SESSID_USERNAME = check_session();
blob - d03a0e01955cfc3ca8563002e735a3675076c5fe
blob + fff4275a3a1d9230a72030ea72ac9905e162127d
--- password.php
+++ password.php
//
// Template Variables:
//
-// tMessage
+// message
//
// Form POST \ GET Variables:
//
-// fPassword_current
-// fPassword
-// fPassword2
+// password_current
+// password1
+// password2
//
-require("./functions.inc.php");
-include("./languages/" . check_language() . ".lang");
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fPassword_current = escape_string($_POST['fPassword_current']);
- $fPassword = escape_string($_POST['fPassword']);
- $fPassword2 = escape_string($_POST['fPassword2']);
-
$username = $SESSID_USERNAME;
+ $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
+ $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+ $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
- $result = db_query("SELECT * FROM admin WHERE username='$username'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword_current, $row['assword'])) {
- $error = 1;
- $pPassword_password_current_text = $LANG['Password_password_current_text_error'];
- }
- } else {
- $error = 1;
- $pPassword_email_text = $LANG['Password_email_text_error'];
+ if (empty($password_current) || empty($password1) || $password1 != $password2) {
+ $message = $LANG['Password_password_text_error'];
}
- if (empty($fPassword) or ($fPassword != $fPassword2))
- {
- $error = 1;
- $pPassword_password_text = $LANG['Password_password_text_error'];
- }
-
- if ($error != 1) {
- $password = pacrypt($fPassword);
- $result = db_query("UPDATE admin SET password='$password',modified=NOW() WHERE username='$username'");
- if ($result['rows'] == 1) {
- $tMessage = $LANG['Password_result_succes'];
- } else {
- $tMessage = $LANG['Password_result_error'];
+ if (empty($message) && !empty($password_current)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
+ if (!password_verify($password_current, $row)) {
+ $message = $LANG['Password_password_current_text_error'];
}
+ }
+
+ if (empty($message) && !empty($password1)) {
+ $hashed = bcrypt($password1);
+ try {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
+ $sth->bindParam(1, $hashed, PDO::PARAM_STR);
+ $sth->bindParam(2, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $message = $LANG['Password_result_succes'];
+ } catch(PDOException $e) {
+ $message = $LANG['Password_result_error'];
+ }
}
}
-include("./templates/header.tpl");
-include("./templates/menu.tpl");
-include("./templates/password.tpl");
-include("./templates/footer.tpl");
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/password.tpl';
+include './templates/footer.tpl';
?>
blob - 495b4818506eed6c4223155e73cd314181cc0185
blob + 16dadfac6d7f870f850a51b3ae3dce19fe95eb70
--- sendmail.php
+++ sendmail.php
}
}
}
-
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/sendmail.tpl';
blob - 5672e748579583fe75d5f3889bd8e679a64ca605
blob + d0fc38fc870a687e4099af672aa6deefb92b659c
--- templates/password.tpl
+++ templates/password.tpl
<form name="password" method="post">
<table>
<tr>
- <td colspan="3"><h3><?php echo $LANG['Password_welcome']; ?></h3></td>
+ <td colspan="2"><h3><?php echo $LANG['Password_welcome']; ?></h3></td>
</tr>
<tr>
<td><?php echo $LANG['Password_admin'] . ":"; ?></td>
<td><?php echo $SESSID_USERNAME; ?></td>
- <td><?php echo $pPassword_admin_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password_current']; ?></td>
- <td><input class="flat" type="password" name="fPassword_current" /></td>
- <td><?php echo $pPassword_password_current_text; ?></td>
+ <td><input class="flat" type="password" name="password_current" /></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password'] . ":"; ?></td>
- <td><input class="flat" type="password" name="fPassword" /></td>
- <td><?php echo $pPassword_password_text; ?></td>
+ <td><input class="flat" type="password" name="password1" /></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password2'] . ":"; ?></td>
- <td><input class="flat" type="password" name="fPassword2" /></td>
- <td> </td>
+ <td><input class="flat" type="password" name="password2" /></td>
</tr>
<tr>
- <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
+ <td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
</tr>
<tr>
- <td colspan="3" class="standout"><?php echo $tMessage; ?></td>
+ <td colspan="2" class="standout"><?php echo $message ?? ' '; ?></td>
</tr>
</table>
</form>
blob - 520ceb49f6a58415bf58635444287264bea1cdfe
blob + 8338af54250359c3953da0080dadac73a6af2a5f
--- templates/users_login.tpl
+++ templates/users_login.tpl
</tr>
<tr>
<td><?php echo $LANG['UsersLogin_username'] . ":"; ?></td>
- <td><input class="flat" type="text" name="fUsername" value="<?php echo $tUsername; ?>" /></td>
+ <td><input class="flat" type="text" name="username" value="<?php echo $username ?? ''; ?>" /></td>
</tr>
<tr>
<td><?php echo $LANG['UsersLogin_password'] . ":"; ?></td>
- <td><input class="flat" type="password" name="fPassword" /></td>
+ <td><input class="flat" type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['UsersLogin_button']; ?>" /></td>
</tr>
<tr>
- <td colspan="2" class="standout"><?php echo $tMessage; ?></td>
+ <td colspan="2" class="standout"><?php echo $message ?? ' '; ?></td>
</tr>
</table>
</form>
blob - bbaae9a20988537b821c23cf5e830887fadeacea
blob + 12742ac69e056a606facfd1ffac1cfcd1e95e1aa
--- templates/users_password.tpl
+++ templates/users_password.tpl
<tr>
<td><?php echo $LANG['Password_admin'] . ":"; ?></td>
<td><?php echo $USERID_USERNAME; ?></td>
- <td><?php echo $pPassword_admin_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password_current'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword_current" ></td>
- <td><?php echo $pPassword_password_current_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword" ></td>
- <td><?php echo $pPassword_password_text; ?></td>
</tr>
<tr>
<td><?php echo $LANG['Password_password2'].":" ?></td>
<td><input class="flat" type="password" name="fPassword2" /></td>
- <td> </td>
</tr>
<tr>
- <td colspan="3" class="hlp_center"><input type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
+ <td colspan="2" class="hlp_center"><input type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
</tr>
<tr>
- <td colspan="3" class="standout"><?php echo $tMessage; ?></td>
+ <td colspan="2" class="standout"><?php echo $message; ?></td>
</tr>
</table>
</form>
blob - f537d5f01cc65a0bd166be843224bfdc79ba7516 (mode 644)
blob + /dev/null
--- templates/users_vacation-get.tpl
+++ /dev/null
-<div id="edit_form">
-<form name="vacation" method="post">
-<table>
- <tr>
- <td class="hlp_center"><input class="button" type="submit" name="fBack" value="<?php echo $LANG['UsersVacation_button_back']; ?>" /></td>
- </tr>
-</table>
-</form>
-</div>
blob - 809242364d5d79f2608ca3295f280cf00c5803f1
blob + 2c090613d844fd5c12a008b5f7d44f8372c655fb
--- templates/users_vacation.tpl
+++ templates/users_vacation.tpl
<tr>
<td colspan="3"><h3><?php echo $LANG['UsersVacation_welcome']; ?></h3></td>
</tr>
+ <?php if ($action == 'away') { ?>
<tr>
<td><?php echo $LANG['UsersVacation_subject'] . ":"; ?></td>
- <td><input type="text" name="fSubject" value="<?php echo $LANG['UsersVacation_subject_text']; ?>" /></td>
+ <td><input type="text" name="subject" value="<?php echo $LANG['UsersVacation_subject_text']; ?>" /></td>
<td> </td>
</tr>
<tr>
<td><?php echo $LANG['UsersVacation_body'] . ":"; ?></td>
<td>
-<textarea rows="10" cols="80" name="fBody">
+<textarea rows="10" cols="80" name="body">
<?php echo $LANG['UsersVacation_body_text']; ?>
</textarea>
</td>
<td> </td>
</tr>
<tr>
- <td colspan="3" class="hlp_center"><input class="button" type="submit" name="fAway" value="<?php echo $LANG['UsersVacation_button_away']; ?>" /></td>
+ <td colspan="3" class="hlp_center"><input class="button" type="submit" name="away" value="<?php echo $LANG['UsersVacation_button_away']; ?>" /></td>
+ <?php } else { ?>
+ <td colspan="3" class="hlp_center"><input class="button" type="submit" name="back" value="<?php echo $LANG['UsersVacation_button_back']; ?>" /></td>
+ <?php } ?>
</tr>
<tr>
- <td colspan="3" class="standout"><?php echo $tMessage; ?></td>
+ <td colspan="3" class="standout"><?php echo $message ?? ' '; ?></td>
</tr>
</table>
</form>
blob - 9d6faa1b9e49649461c92201bef096a03e5004bb
blob + 215653d1c937a2530caaa2d10c3045f03fdd4874
--- users/edit-alias.php
+++ users/edit-alias.php
// fDomain
// fGoto
//
-require("../variables.inc.php");
-require("../config.inc.php");
require("../functions.inc.php");
include("../languages/" . check_language() . ".lang");
-$USERID_USERNAME = check_user_session();
+$USERID_USERNAME = check_session('userid');
$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
blob - 687252b87ba5fa10786c855dd29e12bfafc09258
blob + b63e0496eb962b6425f0ba813981bf255dfafc96
--- users/login.php
+++ users/login.php
//
// Template File: login.tpl
//
-// Template Variables:
+// Template variables:
//
-// tMessage
-// tUsername
+// message
+// username
//
-// Form POST \ GET Variables:
+// GET / POST variables:
//
-// fUsername
-// fPassword
+// username
+// password
//
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language () . '.lang';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fUsername = escape_string($_POST['fUsername']);
- $fPassword = escape_string($_POST['fPassword']);
+ $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
+ $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
- $result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword, $row['assword'])) {
- $error = 1;
- $tMessage = $LANG['Login_password_incorrect'];
- $tUsername = $fUsername;
+ if (!empty($username) && !empty($password)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
+ }
+
+ if (!empty($row)) {
+ if (!password_verify($password, $row)) {
+ $message = $LANG['Login_incorrect'];
}
} else {
- $error = 1;
- $tMessage = $LANG['Login_username_incorrect'];
+ $message = $LANG['Login_incorrect'];
}
- if ($error != 1) {
+ if (empty($message)) {
session_start();
- $_SESSION['userid']['username'] = $fUsername;
+ $_SESSION['userid']['username'] = $username;
header("Location: main.php");
exit;
}
}
-include("../templates/header.tpl");
-include("../templates/users_login.tpl");
-include("../templates/footer.tpl");
+include '../templates/header.tpl';
+include '../templates/users_login.tpl';
+include '../templates/footer.tpl';
?>
blob - 2f7ebf8240839b62d9674d44c44e9170a58c9ad7
blob + 3eebb1983205af9e010f7d61a22fe0359b5ff1dc
--- users/logout.php
+++ users/logout.php
//
// -none-
//
-require("../config.inc.php");
-require("../functions.inc.php");
+require_once '../functions.inc.php';
-$USERID_USERNAME = check_user_session();
+$USERID_USERNAME = check_session('userid');
session_unset();
session_destroy();
blob - f40bd2c77b1f5cf88b96d9d3ef333a45ee7ffb41
blob + 4d5166deea9de3e0a4bd3e449c74ab00a7b577ec
--- users/main.php
+++ users/main.php
//
// -none-
//
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
-$USERID_USERNAME = check_user_session();
+include '../languages/' . check_language() . '.lang';
-include("../templates/header.tpl");
-include("../templates/users_menu.tpl");
-include("../templates/users_main.tpl");
-include("../templates/footer.tpl");
+$SESSID_USERNAME = check_session('userid');
+
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/users_main.tpl';
+include '../templates/footer.tpl';
blob - 3fa050316a337a0e31aa3f3fc022b19ed040d5b6
blob + 044ff3d26c3b6ea691dbc9ce3a59b695d4730c3c
--- users/password.php
+++ users/password.php
//
// File: password.php
//
-// Template File: users_password.tpl
+// Template File: password.tpl
//
// Template Variables:
//
-// tMessage
+// message
//
// Form POST \ GET Variables:
//
-// fPassword_current
-// fPassword
-// fPassword2
+// password_current
+// password1
+// password2
//
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language() . '.lang';
-$USERID_USERNAME = check_user_session();
-$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
+$SESSID_USERNAME = check_session('userid');
+$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $fPassword_current = escape_string($_POST['fPassword_current']);
- $fPassword = escape_string($_POST['fPassword']);
- $fPassword2 = escape_string($_POST['fPassword2']);
-
- $username = $USERID_USERNAME;
+ $username = $SESSID_USERNAME;
+ $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
+ $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+ $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
- $result = db_query("SELECT * FROM mailbox WHERE username='$username'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- if (!password_verify($fPassword_current, $row['assword'])) {
- $error = 1;
- $pPassword_password_current_text = $LANG['Password_password_current_text_error'];
- }
- } else {
- $error = 1;
- $pPassword_email_text = $LANG['Password_email_text_error'];
+ if (empty($password_current) || empty($password1) || $password1 != $password2) {
+ $message = $LANG['Password_password_text_error'];
}
- if (empty($fPassword) or ($fPassword != $fPassword2))
- {
- $error = 1;
- $pPassword_password_text = $LANG['Password_password_text_error'];
- }
-
- if ($error != 1) {
- $password = pacrypt($fPassword);
- $result = db_query("UPDATE mailbox SET password='$password',modified=NOW(),scheme='' WHERE username='$username'");
- if ($result['rows'] == 1) {
- $tMessage = $LANG['Password_result_succes'];
- db_log($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME");
- } else {
- $tMessage = $LANG['Password_result_error'];
+ if (empty($message) && !empty($password_current)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
+ $sth->bindParam(1, $username, PDO::PARAM_STR);
+ $sth->execute();
+ $row = $sth->fetch(PDO::FETCH_COLUMN);
+ if (!password_verify($password_current, $row)) {
+ $message = $LANG['Password_password_current_text_error'];
}
+ }
+
+ if (empty($message) && !empty($password1)) {
+ $hashed = bcrypt($password1);
+ try {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
+ $sth->bindParam(1, $hashed, PDO::PARAM_STR);
+ $sth->bindParam(2, $username, PDO::PARAM_STR);
+ $sth->execute();
+ logging($admin, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $admin);
+ $message = $LANG['Password_result_succes'];
+ } catch(PDOException $e) {
+ $message = $LANG['Password_result_error'];
+ }
}
}
-include("../templates/header.tpl");
-include("../templates/users_menu.tpl");
-include("../templates/users_password.tpl");
-include("../templates/footer.tpl");
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/password.tpl';
+include '../templates/footer.tpl';
?>
blob - 3200ad36273956baf770cc585036d704215bb41b
blob + bece1138e1f7a11b551473e293f0564363a09c27
--- users/vacation.php
+++ users/vacation.php
// fSubject
// fBody
//
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language() . '.lang';
-$USERID_USERNAME = check_user_session();
-$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
+$SESSID_USERNAME = check_session('userid');
+$USERID_DOMAIN = substr(strrchr($SESSID_USERNAME, "@"), 1);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
- $result = db_query("SELECT * FROM vacation WHERE email='$USERID_USERNAME'");
- if ($result['rows'] == 1) {
- $row = db_array($result['result']);
- $tMessage = $LANG['UsersVacation_welcome_text'];
- $template = "users_vacation-get.tpl";
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT COUNT(*) FROM vacation WHERE email=?");
+ $sth->execute(array($SESSID_USERNAME));
+
+ if ($sth->fetchColumn() == 1) {
+ $action = 'back';
+ $message = $LANG['UsersVacation_welcome_text'];
} else {
- $template = "users_vacation.tpl";
+ $action = 'away';
}
-
- include("../templates/header.tpl");
- include("../templates/users_menu.tpl");
- include("../templates/$template");
- include("../templates/footer.tpl");
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
- if (isset($_POST['fSubject'])) $fSubject = escape_string($_POST['fSubject']);
- if (isset($_POST['fBody'])) $fBody = escape_string($_POST['fBody']);
+ $subject = filter_input(INPUT_POST, 'subject', FILTER_DEFAULT);
+ $body = filter_input(INPUT_POST, 'body', FILTER_DEFAULT);
- if (!empty($_POST['fBack'])) {
- $result = db_query("DELETE FROM vacation WHERE email='$USERID_USERNAME'");
- if ($result['rows'] != 1) {
- $error = 1;
- $tMessage = $LANG['UsersVacation_result_error'];
+ if (!empty($_POST['back'])) {
+ $action = 'back';
+ $dbh = connect_db();
+ $sth = $dbh->prepare("DELETE FROM vacation WHERE email=?");
+ $sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
+ $sth->execute();
+ if ($sth->rowCount() != 1) {
+ $message = $LANG['UsersVacation_result_error'];
} else {
- $tMessage = $LANG['UsersVacation_result_succes'];
+ $action = 'away';
+ $essage = $LANG['UsersVacation_result_succes'];
}
}
- if (!empty($_POST['fAway'])) {
- $result = db_query("INSERT INTO vacation (email,subject,body,cache,domain,created,active) VALUES ('$USERID_USERNAME','$fSubject','$fBody','','$USERID_DOMAIN',NOW(),'1')");
- if ($result['rows'] != 1) {
- $error = 1;
- $tMessage = $LANG['UsersVacation_result_error'];
- } else {
+ if (!empty($_POST['away'])) {
+ $action = 'away';
+ try {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("INSERT INTO vacation (email,subject,body,cache,domain,created) VALUES (?,?,?,'',?,NOW())");
+ $sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
+ $sth->bindParam(2, $subject, PDO::PARAM_STR);
+ $sth->bindParam(3, $body, PDO::PARAM_STR);
+ $sth->bindParam(4, $USERID_DOMAIN, PDO::PARAM_STR);
+ $sth->execute();
header("Location: main.php");
- exit;
+ } catch(PDOException $e) {
+ $message = $LANG['UsersVacation_result_error'] . " " . $e->getMessage();
}
}
- include("../templates/header.tpl");
- include("../templates/users_menu.tpl");
- include("../templates/users_vacation.tpl");
- include("../templates/footer.tpl");
}
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/users_vacation.tpl';
+include '../templates/footer.tpl';
?>
