commit - f364ad2a180fc95f05efaa49ecaf80662c9798cc
commit + a628e105b023de47f351df6d0097cdd032cc2a31
blob - 784210a12765eba8ec37234ad517b8db45764257
blob + f9b1fcab2f3303151af0e372850c4da7c4c3590f
--- admin/search.php
+++ admin/search.php
require_once '../functions.inc.php';
include '../languages/' . check_language() . '.lang';
+$list_domains = list_domains();
+
$search = filter_input(INPUT_POST, 'search', FILTER_DEFAULT);
if (isset($search)) {
$sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR);
$sth->execute();
$list_alias = $sth->fetchAll();
+ foreach ($list_alias as $key => $value) {
+ if (!in_array($value['domain'], array_column($list_domains, 'domain'))) {
+ unset($list_alias[$key]);
+ }
+ }
$sth = $dbh->prepare("SELECT * FROM mailbox WHERE username LIKE ? ORDER BY username");
$sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR);
$sth->execute();
$list_mailbox = $sth->fetchAll();
+ foreach ($list_mailbox as $key => $value) {
+ if (!in_array($value['domain'], array_column($list_domains, 'domain'))) {
+ unset($list_mailbox[$key]);
+ }
+ }
} else {
$list_alias = array();
$list_mailbox = array();
include '../templates/header.tpl';
include '../templates/admin_menu.tpl';
-include '../templates/admin_search.tpl';
+include '../templates/search.tpl';
include '../templates/footer.tpl';
?>
blob - 2758930ca64abedd3ff91f7148634ceb7cb9b391
blob + df06e5addcc2db09508f91180507664951b4db42
--- functions.inc.php
+++ functions.inc.php
}
//
-// check_string
-// Action: checks if a string is valid and returns TRUE is this is the case.
-// Call: check_string(string var)
-//
-function check_string($var) {
- if (preg_match('/^([A-Za-z0-9 ]+)+$/', $var)) {
- return true;
- } else {
- return false;
- }
-}
-
-//
-// check_email
-// Action: Checks if email is valid and returns TRUE if this is the case.
-// Call: check_email(string email)
-//
-function check_email($email) {
- if (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,10}$/i', trim($email))) {
- return true;
- } else {
- return false;
- }
-}
-
-//
-// escape_string
-// Action: Escape a string
-// Call: escape_string(string string)
-//
-function escape_string($string) {
- global $CONF;
- $escaped_string = $string;
- return $escaped_string;
-}
-
-
-//
-// check_alias
-// Action: Checks if the domain is still able to create aliases.
-// Call: check_alias(string domain)
-//
-function check_alias($domain) {
- $limit = get_domain_properties($domain);
- if ($limit['aliases'] == 0) {
- return true;
- }
- if ($limit['aliases'] < 0) {
- return false;
- }
- if ($limit['alias_count'] >= $limit['aliases']) {
- return false;
- } else {
- return true;
- }
-}
-
-//
-// check_mailbox
-// Action: Checks if the domain is still able to create mailboxes.
-// Call: ceck_mailbox(string domain)
-//
-function check_mailbox($domain) {
- $limit = get_domain_properties($domain);
- if ($limit['mailboxes'] == 0) {
- return true;
- }
- if ($limit['mailboxes'] < 0) {
- return false;
- }
- if ($limit['mailbox_count'] >= $limit['mailboxes']) {
- return false;
- } else {
- return true;
- }
-}
-//
// connect_db
// Action: make db connection
// Call: connect_db()
}
//
-// admin_exist
-// Action: Checks if the admin already exists.
-// Call: admin_exist(string admin)
-//
-// was check_admin
-//
-function admin_exist($username) {
- $result = db_query("SELECT * FROM admin WHERE username='$username'");
- if ($result['rows'] != 1) {
- return false;
- } else {
- return true;
- }
-}
-
-//
-// domain_exist
-// Action: Checks if the domain already exists.
-// Call: domain_exist(string domain)
-//
-function domain_exist($domain) {
- $result = db_query("SELECT * FROM domain WHERE domain='$domain'");
- if ($result['rows'] != 1) {
- return false;
- } else {
- return true;
- }
-}
-
-//
// list_admins
// Action: Lists all the admins
// Call: list_admins()
}
//
-// generate_password
-// Action: Generates a random password
-// Call: generate_password()
-//
-function generate_password() {
- $password = substr(md5(mt_rand()), 0, 8);
- return $password;
-}
-
-//
// bcrypt
// Action: Hashs the password with bcrypt
// Call: bcrypt(string cleartextpassword)
return $hashed;
}
-//
-// db_connect
-// Action: Makes a connection to the database if it doesn't exist
-// Call: db_connect()
-//
-$DEBUG_TEXT = "\n
-<p />\n
-Please check the documentation and website for more information.\n
-<p />\n
-";
-
-function db_connect() {
- global $CONF;
- global $DEBUG_TEXT;
- $link = "";
-
- if ($CONF['database_type'] == "mysqli") {
- if(function_exists("mysqli_connect")) {
- $link = @mysqli_connect($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die("<p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error() . "$DEBUG_TEXT");
- $succes = @mysqli_select_db($link, $CONF['database_name']) or die("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error() . "$DEBUG_TEXT");
- } else {
- print "<p />DEBUG INFORMATION:<br />MySQL 4.1 functions not available!<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT";
- die;
- }
- }
-
- if ($link) {
- return $link;
- } else {
- print "DEBUG INFORMATION:<br />\n";
- print "Connect: Unable to connect to database<br />\n";
- print "<br />\n";
- print "Make sure that you have set the correct database type in the config.inc.php file<br />\n";
- print $DEBUG_TEXT;
- die;
- }
-}
-
-//
-// db_query
-// Action: Sends a query to the database and returns query result and number of rows
-// Call: db_query(string query)
-//
-function db_query($query) {
- global $CONF;
- global $DEBUG_TEXT;
- $result = "";
- $number_rows = "";
-
- $link = db_connect();
-
- // database prefix workaround
- if (!empty($CONF['database_prefix'])) {
- if (preg_match("/^SELECT/i", $query)) {
- $query = substr($query, 0, 14) . $CONF['database_prefix'] . substr($query, 14);
- } else {
- $query = substr($query, 0, 6) . $CONF['database_prefix'] . substr($query, 7);
- }
- }
-
- if ($CONF['database_type'] == "mysqli") $result = @mysqli_query($link, $query) or die("<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
-
- if (preg_match("/^SELECT/i", $query)) {
- // if $query was a SELECT statement check the number of rows with [database_type]_num_rows().
- if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_num_rows($result);
- } else {
- // if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
- // [database_type]_affected_rows().
- if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_affected_rows($link);
- }
-
- if ($CONF['database_type'] == "mysqli") mysqli_close($link);
-
- $return = array(
- "result" => $result,
- "rows" => $number_rows
- );
- return $return;
-}
-
-// db_row
-// Action: Returns a row from a table
-// Call: db_row(int result)
-//
-function db_row($result) {
- global $CONF;
- $row = "";
- if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_row($result);
- return $row;
-}
-
-// db_array
-// Action: Returns a row from a table
-// Call: db_array(int result)
-//
-function db_array($result) {
- global $CONF;
- $row = "";
- if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_array($result);
- return $row;
-}
-
// logging
// Action: Logs actions from admin
// Call: logging(string username, string domain, string action, string data)
$sth->execute();
}
}
-//
-// db_log
-// Action: Logs actions from admin
-// Call: db_log(string username, string domain, string action, string data)
-//
-function db_log($username, $domain, $action, $data) {
- global $CONF;
- if (isset($_SERVER['HTTP_X_CLIENTIP'])) {
- $REMOTE_ADDR = $_SERVER['HTTP_X_CLIENTIP'];
- } else {
- $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
- }
-
- if ($CONF['logging'] == 'YES') {
- $result = db_query("INSERT INTO log (timestamp, username, domain, action, data) VALUES (NOW(), '$username ($REMOTE_ADDR)', '$domain', '$action', '$data')");
- if ($result['rows'] != 1) {
- return false;
- } else {
- return true;
- }
- }
-}
?>
blob - f69a9861891f9e9cf38ea584afa3905e10779a10
blob + 1e2032d65ccc000023d2db66a2f8459ba4e38b9c
--- search.php
+++ search.php
//
// Template Variables:
//
-// tAlias
-// tMailbox
+// list_alias
+// list_mailbox
//
// Form POST \ GET Variables:
//
-// fSearch
+// search
//
-require("./variables.inc.php");
-require("./config.inc.php");
-require("./functions.inc.php");
-include("./languages/" . check_language() . ".lang");
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
+$list_domains = list_domains($SESSID_USERNAME);
-$tAlias = array();
-$tMailbox = array();
+$search = filter_input(INPUT_POST, 'search', FILTER_DEFAULT);
-if ($_SERVER['REQUEST_METHOD'] == "GET") {
- if (isset($_GET['search'])) $fSearch = escape_string($_GET['search']);
-
- if ($CONF['alias_control'] == "YES") {
- $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias WHERE alias.address LIKE '%$fSearch%' OR alias.goto LIKE '%$fSearch%' ORDER BY alias.address";
- } else {
- $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE '%$fSearch%' AND mailbox.maildir IS NULL ORDER BY alias.address";
- }
-
- $result = db_query("$query");
-
- if ($result['rows'] > 0) {
- while ($row = db_array($result['result'])) {
- if (check_owner($SESSID_USERNAME, $row['domain'])) {
- $tAlias[] = $row;
- }
+if (isset($search)) {
+ $dbh = connect_db();
+ $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE ? AND mailbox.maildir IS NULL ORDER BY alias.address");
+ $sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR);
+ $sth->execute();
+ $list_alias = $sth->fetchAll();
+ foreach ($list_alias as $key => $value) {
+ if (!in_array($value['domain'], array_column($list_domains, 'domain'))) {
+ unset($list_alias[$key]);
}
}
- $result = db_query("SELECT * FROM mailbox WHERE username LIKE '%$fSearch%' ORDER BY username");
- if ($result['rows'] > 0) {
- while ($row = db_array($result['result'])) {
- if (check_owner($SESSID_USERNAME, $row['domain'])) {
- $tMailbox[] = $row;
- }
+ $sth = $dbh->prepare("SELECT * FROM mailbox WHERE username LIKE ? ORDER BY username");
+ $sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR);
+ $sth->execute();
+ $list_mailbox = $sth->fetchAll();
+ foreach ($list_mailbox as $key => $value) {
+ if (!in_array($value['domain'], array_column($list_domains, 'domain'))) {
+ unset($list_mailbox[$key]);
}
}
+} else {
+ $list_alias = array();
+ $list_mailbox = array();
}
-if ($_SERVER['REQUEST_METHOD'] == "POST") {
- if (isset($_POST['search'])) $fSearch = escape_string($_POST['search']);
-
- if ($CONF['alias_control'] == "YES") {
- $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias WHERE alias.address LIKE '%$fSearch%' OR alias.goto LIKE '%$fSearch%' ORDER BY alias.address";
- } else {
- $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE '%$fSearch%' AND mailbox.maildir IS NULL ORDER BY alias.address";
- }
-
- $result = db_query("$query");
-
- if ($result['rows'] > 0) {
- while ($row = db_array($result['result'])) {
- if (check_owner($SESSID_USERNAME, $row['domain'])) {
- $tAlias[] = $row;
- }
- }
- }
-
- $result = db_query("SELECT * FROM mailbox WHERE username LIKE '%$fSearch%' ORDER BY username");
- if ($result['rows'] > 0) {
- while ($row = db_array($result['result'])) {
- if (check_owner($SESSID_USERNAME, $row['domain'])) {
- $tMailbox[] = $row;
- }
- }
- }
-}
-include("./templates/header.tpl");
-include("./templates/menu.tpl");
-include("./templates/search.tpl");
-include("./templates/footer.tpl");
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/search.tpl';
+include './templates/footer.tpl';
?>
blob - 0062735f1e8bd2666ac6b21d0d2d8326ba10f1aa
blob + ede90483023bac75bee6a2770bb7ed56bb6060f4
--- templates/search.tpl
+++ templates/search.tpl
<div id="overview">
-<h4><?php echo $LANG['Search_welcome'] . $fSearch; ?></h4>
+<h4><?php echo $LANG['Search_welcome'] . $search; ?></h4>
<form name="search" method="post" action="search.php">
<input type="textbox" name="search">
</form>
</div>
<?php
-if (count($tAlias) > 0) {
+if (count($list_alias) > 0) {
echo "<table id=\"alias_table\">\n";
echo " <tr>\n";
echo " <td colspan=\"5\"><h3>".$LANG['Overview_alias_title']."</h3></td>";
echo " <td colspan=\"2\"> </td>\n";
echo " </tr>\n";
- for ($i = 0; $i < count($tAlias); $i++) {
- if ((is_array($tAlias) and count($tAlias) > 0)) {
- echo " <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
- echo " <td>" . $tAlias[$i]['address'] . "</td>\n";
- echo " <td>" . preg_replace("/,/", "<br>", $tAlias[$i]['goto']) . "</td>\n";
- echo " <td>" . $tAlias[$i]['modified'] . "</td>\n";
- echo " <td><a href=\"edit-alias.php?address=" . $tAlias[$i]['address'] . "&domain=" . $tAlias[$i]['domain'] . "\">" . $LANG['edit'] . "</a></td>\n";
- echo " <td><a href=\"delete.php?table=alias&delete=" . $tAlias[$i]['address'] . "&domain=" . $tAlias[$i]['domain'] . "\"onclick=\"return confirm ('" . $LANG['confirm'] . $LANG['Overview_get_aliases'] . ": ". $tAlias[$i]['address'] . "')\">" . $LANG['del'] . "</a></td>\n";
- echo " </tr>\n";
- }
+ foreach ($list_alias as $row) {
+ echo " <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
+ echo " <td>" . $row['address'] . "</td>\n";
+ echo " <td>" . preg_replace("/,/", "<br>", $row['goto']) . "</td>\n";
+ echo " <td>" . $row['modified'] . "</td>\n";
+ echo " <td><a href=\"edit-alias.php?action=edit&address=" . $row['address'] . "&domain=" . $row['domain'] . "\">" . $LANG['edit'] . "</a></td>\n";
+ echo " <td><a href=\"delete.php?table=alias&delete=" . $row['address'] . "&domain=" . $row['domain'] . "\"onclick=\"return confirm ('" . $LANG['confirm'] . $LANG['Overview_get_aliases'] . ": ". $row['address'] . "')\">" . $LANG['del'] . "</a></td>\n";
+ echo " </tr>\n";
}
-
echo "</table>\n";
}
-if (count($tMailbox) > 0) {
+if (count($list_mailbox) > 0) {
echo "<table id=\"mailbox_table\">\n";
echo " <tr>\n";
echo " <td colspan=\"7\"><h3>".$LANG['Overview_mailbox_title']."</h3></td>";
echo " <td>" . $LANG['Overview_mailbox_username'] . "</td>\n";
echo " <td>" . $LANG['Overview_mailbox_name'] . "</td>\n";
echo " <td>" . $LANG['Overview_mailbox_modified'] . "</td>\n";
- echo " <td>" . $LANG['Overview_mailbox_active'] . "</td>\n";
echo " <td colspan=\"2\"> </td>\n";
echo " </tr>\n";
- for ($i = 0; $i < count($tMailbox); $i++) {
- if ((is_array($tMailbox) and count($tMailbox) > 0)) {
- echo " <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
- echo " <td>" . $tMailbox[$i]['username'] . "</td>\n";
- echo " <td>" . $tMailbox[$i]['name'] . "</td>\n";
- echo " <td><a href=\"edit-mailbox.php?username=" . $tMailbox[$i]['username'] . "&domain=" . $tMailbox[$i]['domain'] . "\">" . $LANG['edit'] . "</a></td>\n";
- echo " <td><a href=\"delete.php?table=mailbox&delete=" . $tMailbox[$i]['username'] . "&domain=" . $tMailbox[$i]['domain'] . "\"onclick=\"return confirm ('" . $LANG['confirm'] . $LANG['Overview_get_mailboxes'] . ": ". $tMailbox[$i]['username'] . "')\">" . $LANG['del'] . "</a></td>\n";
- echo " </tr>\n";
- }
+ foreach ($list_mailbox as $row) {
+ echo " <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
+ echo " <td>" . $row['username'] . "</td>\n";
+ echo " <td>" . $row['name'] . "</td>\n";
+ echo " <td><a href=\"edit-mailbox.php?action=edit&username=" . $row['username'] . "&domain=" . $row['domain'] . "\">" . $LANG['edit'] . "</a></td>\n";
+ echo " <td><a href=\"delete.php?table=mailbox&delete=" . $row['username'] . "&domain=" . $row['domain'] . "\"onclick=\"return confirm ('" . $LANG['confirm'] . $LANG['Overview_get_mailboxes'] . ": ". $row['username'] . "')\">" . $LANG['del'] . "</a></td>\n";
+ echo " </tr>\n";
}
echo "</table>\n";
}
