commit 1575a17857094f68238c0d6d9259ea1c62e8a980 from: mischa date: Tue Sep 06 11:56:05 2022 UTC change check_role() to query commit - 4c680ccd97a58811676e275490df5617f36111ab commit + 1575a17857094f68238c0d6d9259ea1c62e8a980 blob - 39547c7f88215aa153def2ebede075d9370fdf21 blob + e7716f06f9a4ade66c9e77c8158654e74009b57b --- add-alias.php +++ add-alias.php @@ -26,7 +26,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - e059c12ec823c893cfd7376b9ab02a4ea5672635 blob + b3e570d945bd57399ec0dd8a005d7dc78a64b144 --- add-mailbox.php +++ add-mailbox.php @@ -28,7 +28,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - 9a523ce84d9cf9ccdd5dfb1644a8ba4ad0e4ee02 blob + 114bafe0db9ff3581e21d24e88524602a4928d8e --- admin.php +++ admin.php @@ -28,7 +28,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE != ADMIN_ROLE) { header("Location: list-domain.php"); blob - 35a6e2eea2f3a92f1f80d75508607c9c7164816d blob + 5286c26921de9b74243d4be5f658b38c78556ac9 --- backup.php +++ backup.php @@ -22,7 +22,7 @@ include './languages/' . check_language() . '.lang'; date_default_timezone_set('Europe/Amsterdam'); $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE != ADMIN_ROLE) { header("Location: list-domain.php"); blob - 265baee683b6acdc681460438504478dafd2feee blob + d7c71885300df5177970d97f32b0fea90122f8c1 --- delete.php +++ delete.php @@ -24,7 +24,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - a88ed48aa10baf029f17a38f8dfada2550cd4cbf blob + 3a5537ea349fa9ec4084aeeba5041df97034e56b --- domain.php +++ domain.php @@ -29,7 +29,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE != ADMIN_ROLE) { header("Location: list-domain.php"); blob - 6b69dacc63bf948dcdce488dc8b9753f85952e73 blob + 8bad3007f9607fabe7d014615d05baaf832e8a94 --- edit-alias.php +++ edit-alias.php @@ -24,7 +24,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - 594f5d0caa10e3661c0a590d22a774625477e974 blob + e1b5bc77f210818dea6aba7f8aff321ae29b55fb --- edit-mailbox.php +++ edit-mailbox.php @@ -26,7 +26,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); @@ -36,7 +36,7 @@ if ($ROLE == ADMIN_ROLE) { } if ($_SERVER['REQUEST_METHOD'] == "GET") { - $username = strtolower(filter_input(INPUT_GET, 'username', FILTER_DEFAULT)); + $username = filter_input(INPUT_GET, 'username', FILTER_DEFAULT); $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN); $domain_key = array_search($domain, array_column($list_domains, 'domain')); $domain_exist = in_array($domain, array_column($list_domains, 'domain')); blob - fb06cfd1403c0d860e631da5e90edfe7eb06fd19 blob + 77018dae597faf4c1fff95fe7c90e3283506ce77 --- functions.inc.php +++ functions.inc.php @@ -48,9 +48,14 @@ function check_session($session = "sessid") { // Action: Check which role is assighed // Call: check_role() // -function check_role($session = "sessid") { - if (!empty($_SESSION[$session]['role'])) { - return $_SESSION[$session]['role']; +function check_role($username) { + $dbh = pdo_connect(); + $sth = $dbh->prepare("SELECT role FROM admin WHERE username=?"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->execute(); + $row = $sth->fetch(PDO::FETCH_ASSOC); + if (!empty($row)) { + return $row['role']; } } blob - f784b1d9e1355f40e14316f809e873b921cc20e7 blob + cba363df05a9a8f8720d59646fd6e2ebfe461c4a --- list-admin.php +++ list-admin.php @@ -21,9 +21,10 @@ require './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); $list_admins = array(); +$list_domains = array(); if ($_SERVER['REQUEST_METHOD'] == "GET") { if ($ROLE == ADMIN_ROLE) { blob - 1726709d16633966c14977a94df337041c1a9087 blob + 4ed071737f2ac2686c0bb6182d989c57c52fd664 --- list-domain.php +++ list-domain.php @@ -21,7 +21,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($_SERVER['REQUEST_METHOD'] == "GET") { $username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL); blob - 071a35ff600c578437ddb5a7bdeaa618ea668655 blob + 7267cd1be28aafc329e4d818373038fcce292658 --- list-virtual.php +++ list-virtual.php @@ -23,7 +23,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); @@ -34,7 +34,12 @@ if ($ROLE == ADMIN_ROLE) { if ($_SERVER['REQUEST_METHOD'] == "GET") { $offset = filter_input(INPUT_GET, 'offset', FILTER_VALIDATE_INT) ?? '0'; $limit = PAGE_SIZE; - $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN) ?? $list_domains[0]['domain']; + $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN); + + if (empty($domain) && count($list_domains) > 0) { + $domain = $list_domains[0]['domain']; + } + if (in_array($domain, array_column($list_domains, 'domain'))) { $domain_key = array_search($domain, array_column($list_domains, 'domain')); $list_alias = list_aliases($domain, $offset, $limit); blob - bbbe62d1b7fb896d078962e739b04b71cf224151 blob + 9eb87c98cd84f07114bbe94785b78eaa44d6469d --- login.php +++ login.php @@ -28,7 +28,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { if (!empty($username) && !empty($password)) { $dbh = pdo_connect(); - $sth = $dbh->prepare("SELECT password,role FROM admin WHERE username=?"); + $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?"); $sth->bindParam(1, $username, PDO::PARAM_STR); $sth->execute(); $row = $sth->fetch(PDO::FETCH_ASSOC); @@ -54,7 +54,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { if (empty($message)) { session_start(); $_SESSION['sessid']['username'] = $username; - $_SESSION['sessid']['role'] = $row['role'] ?? ''; header("Location: $location"); exit; } blob - d4739d21eb9e007493abe9ac582564972b9e5688 blob + c94f8ea4dd7ec115f9f6b5433bac269ef6ce3ea4 --- password.php +++ password.php @@ -23,7 +23,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - 3e1a088a89faaa72f03b9db0ae4fa4e14c0b9a86 blob + 4a3c6ef76c4e8bd6e92ef217dea3e0b396b57324 --- search.php +++ search.php @@ -22,7 +22,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - 900ade84db3df5454f9ac88f29d67c50e9c7e32f blob + 12fca2a786e016ed41a8d0574a4c587937051724 --- sendmail.php +++ sendmail.php @@ -26,8 +26,7 @@ require_once './functions.inc.php'; include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); -$ROLE = check_role(); -$SESSID_USERNAME = $SESSID_USERNAME ?? ADMIN_EMAIL; +$ROLE = check_role($SESSID_USERNAME); if ($ROLE == ADMIN_ROLE) { $list_domains = list_domains(); blob - 4be8b032a36eb71cc27c65a7043adc5827b630d1 blob + 2b1c8231d7218c664d2b02050484bc56f8c25c17 --- templates/add-alias.tpl +++ templates/add-alias.tpl @@ -1,3 +1,4 @@ + 0) { ?>
@@ -32,3 +33,4 @@
+ blob - fb174ffdf792c2778421cc290a9bd8eb21036c1b blob + 961b92d79bec1436e6652562ea7cc9d52e97747e --- templates/add-mailbox.tpl +++ templates/add-mailbox.tpl @@ -1,3 +1,4 @@ + 0) { ?>
@@ -43,3 +44,4 @@
+ blob - 8ee1dc7d55b553f5859d543670d8dbe0e01640b7 blob + a14c6811efe97d0ff4265130a685f8a03e210546 --- templates/edit-alias.tpl +++ templates/edit-alias.tpl @@ -1,3 +1,4 @@ + 0) { ?>
@@ -29,3 +30,4 @@ foreach ($goto as $row) {
+ blob - 88ad945e3f2ffe8f54fd8b0c5e3f93271a056ae7 blob + da9c4f81e4cb805d3e6196058f0e0a0835ebcece --- templates/edit-mailbox.tpl +++ templates/edit-mailbox.tpl @@ -1,3 +1,4 @@ + 0) { ?>
@@ -33,3 +34,4 @@
+ blob - 74027ee1fd325fb08c76c7322781aa0d4c86bfe1 blob + 26d7ed7424bd672ac5f347146662d71dd2571762 --- templates/list-domain.tpl +++ templates/list-domain.tpl @@ -1,3 +1,4 @@ + 0) { ?>
@@ -44,3 +45,5 @@ if (count($list_domains) > 0) { } echo ""; } +?> + blob - 7f2647fbfed822fb8491f743f3a31dcba5d99bd2 blob + b26746c918d04df4e590ed13ffc508d10dc4393a --- templates/list-virtual.tpl +++ templates/list-virtual.tpl @@ -1,3 +1,4 @@ + 0) { ?>
+

@@ -34,10 +36,10 @@ if ($list_domains[$domain_key]['alias_count'] > $limit } if (($list_domains[$domain_key]['alias_count'] > $limit) || ($list_domains[$domain_key]['mailbox_count'] > $limit)) { - echo ""; + echo ""; } if ((($offset + $limit) < $list_domains[$domain_key]['alias_count']) || (($offset + $limit) < $list_domains[$domain_key]['mailbox_count'])) { - echo ""; + echo ""; } echo "
"; } @@ -88,3 +90,4 @@ if (count($list_mailbox) > 0) { echo ""; } ?> + blob - 04e4f62bbbc99f3d8fb9775a55c2f591d15bc494 blob + 6ff39a6868fb483837b0a2f3ef37611510c96d00 --- templates/search.tpl +++ templates/search.tpl @@ -1,3 +1,4 @@ + 0) { ?>

@@ -53,3 +54,4 @@ if (count($list_mailbox) > 0) { echo ""; } ?> + blob - 2b335ee7d8ddb9e7fa10fd4baeea112f4442cbee blob + e153b32cf1cd186568716bd47c89544213af406c --- templates/sendmail.tpl +++ templates/sendmail.tpl @@ -1,3 +1,4 @@ + 0) { ?>
@@ -35,3 +36,4 @@
+ blob - de9c3ee7df0d5ad44dbe6cd43156a578ef37b592 blob + ad221ee80ddcb546d74be85a016e81a9b17c5658 --- templates/viewlog.tpl +++ templates/viewlog.tpl @@ -1,3 +1,4 @@ + 0) { ?>