Merge pull request #26 from ohartl/patch-small-fixes

Patch small fixes

include/php/classes/user.class.php

@@ -78,7 +78,7 @@ class USER {
 		$sql = "SELECT `".DBC_USERS_ID."`, `".DBC_USERS_PASSWORD."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_USERNAME."` = '$username' AND `".DBC_USERS_DOMAIN."` = '$domain' LIMIT 1;";
 
 		if(!$result = $db->query($sql)){
-			die('There was an error running the query [' . $db->error . ']');
+			dbError($db->error);
 		}
 
 		if($result->num_rows === 1){

include/php/default.inc.php

@@ -9,6 +9,13 @@ else{
 }
 
 
+/**
+ * @param string $errorMessage
+ */
+function dbError($errorMessage){
+	die('There was an error running the query ['.$errorMessage.']');
+}
+
 // Establish database connection
 
 $db = new mysqli(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE);

include/php/global.inc.php

@@ -125,6 +125,13 @@ function writeLog($text){
 }
 
 
+/**
+ * @param string $url
+ */
+function redirect($url){
+	header("Location: ".FRONTEND_BASE_PATH.$url);
+	exit;
+}
 
 
 ?>

include/php/pages/admin/createdomain.php

@@ -11,10 +11,11 @@ if(isset($_POST['domain'])){
 			$sql = "INSERT INTO `".DBT_DOMAINS."` (`".DBC_DOMAINS_DOMAIN."`) VALUES ('$domain');";
 				
 			if(!$result = $db->query($sql)){
-				die('There was an error running the query [' . $db->error . ']');
+				dbError($db->error);
 			}
 			else{
-				header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/?created=1");
+				// Created domain successfull, redirect to overview
+				redirect("admin/listdomains/?created=1");
 			}
 		}
 		else{

include/php/pages/admin/deletedomain.php

@@ -1,4 +1,9 @@
-<?php 
+<?php
+
+if(!isset($_GET['id'])){
+	// Domain id not set, redirect to overview
+	redirect("admin/listdomains/");
+}
 
 $id = $db->escape_string($_GET['id']);
 
@@ -6,13 +11,17 @@ $id = $db->escape_string($_GET['id']);
 $sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
 
 if(!$result = $db->query($sql)){
-	die('There was an error running the query [' . $db->error . ']');
+	dbError($db->error);
 }
 
-while($row = $result->fetch_assoc()){
-	$domain = $row[DBC_DOMAINS_DOMAIN];
+if($result->num_rows !== 1){
+	// Domain does not exist, redirect to overview
+	redirect("admin/listdomains/");
 }
 
+$row = $result->fetch_assoc();
+$domain = $row[DBC_DOMAINS_DOMAIN];
+
 // Delete domain
 if(isset($_POST['confirm'])){
 	$confirm = $_POST['confirm'];
@@ -28,29 +37,31 @@ if(isset($_POST['confirm'])){
 		// Check if admin domain is affected
 		if(!in_array($domain, $admin_domains)){
 			$sql = "DELETE FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id'";
-				
+
 			if(!$result = $db->query($sql)){
-				die('There was an error running the query [' . $db->error . ']');
+				dbError($db->error);
 			}
-			
 			else{
 				$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_DOMAIN."` = '$domain'";
-					
+
 				if(!$result = $db->query($sql)){
-					die('There was an error running the query [' . $db->error . ']');
+					dbError($db->error);
 				}
 				else{
-					header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/?deleted=1");
+					// Delete domain successfull, redirect to overview
+					redirect("admin/listdomains/?deleted=1");
 				}
 			}
 		}
 		else{
-			header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/?adm_del=1");
+			// Cannot delete domain with admin emails, redirect to overview
+			redirect("admin/listdomains/?adm_del=1");
 		}
 	}
 	
 	else{
-		header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/");
+		// Choose to not delete domain, redirect to overview
+		redirect("admin/listdomains/");
 	}
 }
 ?>

include/php/pages/admin/deleteredirect.php

@@ -1,4 +1,9 @@
-<?php 
+<?php
+
+if(!isset($_GET['id'])){
+	// Redirect id not set, redirect to overview
+	redirect("admin/listredirects/");
+}
 
 $id = $db->escape_string($_GET['id']);
 
@@ -9,15 +14,16 @@ if(isset($_POST['confirm'])){
 		$sql = "DELETE FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id'";
 			
 		if(!$result = $db->query($sql)){
-			die('There was an error running the query [' . $db->error . ']');
+			dbError($db->error);
 		}
 		else{
-			header("Location: ".FRONTEND_BASE_PATH."admin/listredirects/?deleted=1");
+			// Delete redirect successfull, redirect to overview
+			redirect("admin/listredirects/?deleted=1");
 		}
 	}
-	
 	else{
-		header("Location: ".FRONTEND_BASE_PATH."admin/listredirects/");
+		// Choose to not delete redirect, redirect to overview
+		redirect("admin/listredirects/");
 	}
 }
 
@@ -26,14 +32,18 @@ else{
 	$sql = "SELECT `".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
 	
 	if(!$result = $db->query($sql)){
-		die('There was an error running the query [' . $db->error . ']');
+		dbError($db->error);
 	}
-	
-	while($row = $result->fetch_assoc()){
-		$source = $row[DBC_ALIASES_SOURCE];
-		$destination = $row[DBC_ALIASES_DESTINATION];
+
+	if($result->num_rows !== 1){
+		// Redirect does not exist, redirect to overview
+		redirect("admin/listredirects/");
 	}
-	
+
+	$row = $result->fetch_assoc();
+
+	$source = $row[DBC_ALIASES_SOURCE];
+	$destination = $row[DBC_ALIASES_DESTINATION];
 }
 ?>
 

include/php/pages/admin/deleteuser.php

@@ -6,7 +6,7 @@ $id = $db->escape_string($_GET['id']);
 $sql = "SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
 
 if(!$result = $db->query($sql)){
-	die('There was an error running the query [' . $db->error . ']');
+	dbError($db->error);
 }
 
 while($row = $result->fetch_assoc()){
@@ -27,20 +27,21 @@ if(isset($_POST['confirm'])){
 			$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id'";
 				
 			if(!$result = $db->query($sql)){
-				die('There was an error running the query [' . $db->error . ']');
+				dbError($db->error);
 			}
 			else{
-				header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?deleted=1");
+				// Delete user successfull, redirect to overview
+				redirect("admin/listusers/?deleted=1");
 			}
 		}
 		else{
-			// Admin tries to delete himself. WTH.
-			header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?adm_del=1");
+			// Admin tried to delete himself, redirect to overview
+			redirect("admin/listusers/?adm_del=1");
 		}
 	}
-	
 	else{
-		header("Location: ".FRONTEND_BASE_PATH."admin/listusers/");
+		// Choose to not delete user, redirect to overview
+		redirect("admin/listusers/");
 	}
 }
 

include/php/pages/admin/editredirect.php

@@ -3,6 +3,12 @@
 		$savemode = $_POST['savemode'];
 		
 		if($savemode === "edit"){
+
+			if(!isset($_POST['id'])){
+				// Redirect id not set, redirect to overview
+				redirect("admin/listredirects/");
+			}
+
 			$id = $db->escape_string($_POST['id']);
 			
 			$source = $db->escape_string($_POST['source']);
@@ -11,15 +17,25 @@
 			$destination = strtolower($destination);
 			
 			if($source !== "" && $destination !== ""){
-			
+
+				$sql = "SELECT `".DBC_ALIASES_ID."` FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
+				if(!$resultExists = $db->query($sql)){
+					dbError($db->error);
+				}
+
+				if($resultExists->num_rows !== 1){
+					// Redirect does not exist, redirect to overview
+					redirect("admin/listredirects/");
+				}
+
 				$sql = "UPDATE `".DBT_ALIASES."` SET `".DBC_ALIASES_SOURCE."` = '$source', `".DBC_ALIASES_DESTINATION."` = '$destination' WHERE `".DBC_ALIASES_ID."` = '$id'";
 				
 				if(!$result = $db->query($sql)){
-					die('There was an error running the query [' . $db->error . ']');
+					dbError($db->error);
 				}
 				else{
 					// Edit successfull, redirect to overview
-					header("Location: ".FRONTEND_BASE_PATH."admin/listredirects/?edited=1");
+					redirect("admin/listredirects/?edited=1");
 				}
 			}
 			else{
@@ -35,14 +51,13 @@
 			
 			if($source !== "" && $destination !== ""){
 				$sql = "INSERT INTO `".DBT_ALIASES."` (`".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."`) VALUES ('$source', '$destination')";
-					
+
 				if(!$result = $db->query($sql)){
-					die('There was an error running the query [' . $db->error . ']');
+					dbError($db->error);
 				}
-				
 				else{
-					// Redirect to user edit page when user is created
-					header("Location: ".FRONTEND_BASE_PATH."admin/listredirects/?created=1");
+					// Redirect created, redirect to overview
+					redirect("admin/listredirects/?created=1");
 				}
 			}
 			else{
@@ -61,16 +76,21 @@
 	
 	if($mode === "edit"){
 		//Load user data from DB
-		$sql = "SELECT `".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` from `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = $id LIMIT 1;";
+		$sql = "SELECT `".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
 		
 		if(!$result = $db->query($sql)){
-			die('There was an error running the query [' . $db->error . ']');
+			dbError($db->error);
 		}
-		
-		while($row = $result->fetch_assoc()){
-			$source = $row[DBC_ALIASES_SOURCE];
-			$destination = $row[DBC_ALIASES_DESTINATION];
+
+		if($result->num_rows !== 1){
+			// Redirect does not exist, redirect to overview
+			redirect("admin/listredirects/");
 		}
+
+		$row = $result->fetch_assoc();
+
+		$source = $row[DBC_ALIASES_SOURCE];
+		$destination = $row[DBC_ALIASES_DESTINATION];
 	}
 ?>
 
@@ -86,7 +106,7 @@ Here you can edit a redirect.
 	<a class="button button-small" href="<?php echo FRONTEND_BASE_PATH; ?>admin/listredirects/">&#10092; Back to redirects list</a>
 </p>
 
-<form action="" method="post">	
+<form action="" method="post">
 	<table>
 	<tr> <th>Source</th> <th>Destination</th> </tr>
 	

include/php/pages/admin/edituser.php

@@ -1,13 +1,13 @@
 <?php 
 	// If mailbox_limit is supported in the MySQL database
+	$mailbox_limit_default = 0;
 	if(defined('DBC_USERS_MAILBOXLIMIT')){
 		// Get mailbox_limit default value from DB
 		$sql = "SELECT DEFAULT(".DBC_USERS_MAILBOXLIMIT.") AS `".DBC_USERS_MAILBOXLIMIT."` FROM `".DBT_USERS."` LIMIT 1;";
 		
 		if(!$result = $db->query($sql)){
-			die('There was an error running the query [' . $db->error . ']');
+			dbError($db->error);
 		}
-		
 		else{
 			while($row = $result->fetch_assoc()){
 				$mailbox_limit_default = $row[DBC_USERS_MAILBOXLIMIT];
@@ -21,17 +21,33 @@
 		
 		if($savemode === "edit"){
 			// Edit mode entered
-			$id = $db->escape_string($_POST['id']);	
-			
+
+			if(!isset($_POST['id'])){
+				// User id not set, redirect to overview
+				redirect("admin/listusers/");
+			}
+
+			$id = $db->escape_string($_POST['id']);
+
+			$sql = "SELECT `".DBC_USERS_ID."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
+			if(!$resultExists = $db->query($sql)){
+				dbError($db->error);
+			}
+
+			if($resultExists->num_rows !== 1){
+				// User does not exist, redirect to overview
+				redirect("admin/listusers/");
+			}
+
 			if(defined('DBC_USERS_MAILBOXLIMIT')){
+				$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);
 				if($mailbox_limit == ""){
 					$mailbox_limit = $mailbox_limit_default;
-				}	
-				$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);
-				
+				}
+
 				$sql = "UPDATE `".DBT_USERS."` SET `".DBC_USERS_MAILBOXLIMIT."` = '$mailbox_limit' WHERE `".DBC_USERS_ID."` = '$id';";
 				if(!$result = $db->query($sql)){
-					die('There was an error running the query [' . $db->error . ']');
+					dbError($db->error);
 				}
 			}
 
@@ -42,9 +58,9 @@
 					// Password is okay and can be set
 					$pass_hash = gen_pass_hash($_POST['password']);
 					write_pass_hash_to_db($pass_hash, $id);
-					// $editsuccessful = true;
-					add_message("success", "User edited successfully.");
-					
+
+					// Edit user password successfull, redirect to overview
+					redirect("admin/listusers/?edited=1");
 				}
 				else{
 					// Password is not okay
@@ -53,9 +69,9 @@
 				}
 			}
 			else{
-				// Redirect user to user list
-				header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?edited=1");
-			}				
+				// Edit user successfull, redirect to overview
+				redirect("admin/listusers/?edited=1");
+			}
 		}
 		
 		else if($savemode === "create"){
@@ -66,12 +82,12 @@
 			$domain = strtolower($domain);
 
 			if(defined('DBC_USERS_MAILBOXLIMIT')){
-				$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);	
+				$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);
 			}
 			else{
 				// make mailbox_limit dummy for "if"
 				$mailbox_limit = 0;
-			}		
+			}
 			$pass = $_POST['password'];
 			$pass_rep = $_POST['password_rep'];
 			
@@ -95,11 +111,11 @@
 							}
 						
 						if(!$result = $db->query($sql)){
-							die('There was an error running the query [' . $db->error . ']');
+							dbError($db->error);
 						}
 						
 						// Redirect user to user list
-						header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?created=1");
+						redirect("admin/listusers/?created=1");
 					}
 					else{
 						// Password not okay
@@ -113,13 +129,13 @@
 		 	else{
 		 		// Fields missing
 		 		add_message("fail", "Not all fields were filled out.");
-		 	}		
+		 	}
 		}
 	}
 	
 	
 	// Select mode 
-	$mode = "create";	
+	$mode = "create";
 	if(isset($_GET['id'])){
 		$mode = "edit";
 		$id = $db->escape_string($_GET['id']);
@@ -130,22 +146,27 @@
 		$sql = "SELECT * from `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
 		
 		if(!$result = $db->query($sql)){
-			die('There was an error running the query [' . $db->error . ']');
+			dbError($db->error);
+		}
+
+		if($result->num_rows !== 1){
+			// User does not exist, redirect to overview
+			redirect("admin/listusers/");
 		}
 		
-		while($row = $result->fetch_assoc()){
-			$username = $row[DBC_USERS_USERNAME];
-			$domain = $row[DBC_USERS_DOMAIN];
-			if(defined('DBC_USERS_MAILBOXLIMIT')){
-				$mailbox_limit = $row[DBC_USERS_MAILBOXLIMIT];
-			}
+		$row = $result->fetch_assoc();
+
+		$username = $row[DBC_USERS_USERNAME];
+		$domain = $row[DBC_USERS_DOMAIN];
+		if(defined('DBC_USERS_MAILBOXLIMIT')){
+			$mailbox_limit = $row[DBC_USERS_MAILBOXLIMIT];
 		}
 	}
 ?>
 
 
 
-<h1><?php if($mode === "create") { ?> Create <?php } else {?>Edit <?php } ?>User</h1>
+<h1><?php echo ($mode === "create") ? 'Create' : 'Edit'; ?> User</h1>
 
 
 <?php output_messages(); ?>
@@ -169,18 +190,18 @@
 	
 	<tr>
 		<td>
-			<input name="username" class="textinput" type="text" autofocus value="<?php if(isset($username)){echo strtolower(strip_tags($username));} ?>" placeholder="Username" required="required"/>
+			<input name="username" class="textinput" type="text" autofocus <?php echo ($mode === "edit") ? ' disabled' : '';?> value="<?php if(isset($username)){echo strtolower(strip_tags($username));} ?>" placeholder="Username" required="required"/>
 		</td>
 		
 		<td>
 			@ 
-			<select name="domain">
+			<select name="domain" <?php echo ($mode === "edit") ? ' disabled' : '';?> >
 				<?php  
 				//Load user data from DB
 				$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."`;";
 				
 				if(!$result = $db->query($sql)){
-					die('There was an error running the query [' . $db->error . ']');
+					dbError($db->error);
 				}
 				
 				while($row = $result->fetch_assoc()){

include/php/pages/admin/listdomains.php

@@ -1,13 +1,13 @@
-<?php 
+<?php
 	if(isset($_GET['deleted']) && $_GET['deleted'] == "1"){
 		add_message("success", "Domain deleted successfully.");
 	}
 	else if(isset($_GET['created']) && $_GET['created'] == "1"){
 		add_message("success", "Domain created successfully.");
-	}	
+	}
 	else if(isset($_GET['adm_del']) && $_GET['adm_del'] == "1"){
 		add_message("fail", "Domain could not be deleted because admin account would be affected.");
-	}	
+	}
 ?>
 
 
@@ -21,11 +21,11 @@ Add or delete domains.
 
 
 
-<?php 
+<?php
 	$sql = "SELECT * FROM `".DBT_DOMAINS."` ORDER BY `".DBC_DOMAINS_DOMAIN."` ASC;";
-	
+
 	if(!$result = $db->query($sql)){
-		die('There was an error running the query [' . $db->error . ']');
+		dbError($db->error);
 	}
 ?>
 

include/php/pages/admin/listredirects.php

@@ -14,7 +14,7 @@ else if(isset($_GET['edited']) && $_GET['edited'] == "1"){
 $sql = "SELECT * FROM `".DBT_ALIASES."` ORDER BY `".DBC_ALIASES_SOURCE."` ASC;";
 
 if(!$result = $db->query($sql)){
-	die('There was an error running the query [' . $db->error . ']');
+	dbError($db->error);
 }
 
 ?>

include/php/pages/admin/listusers.php

@@ -28,7 +28,7 @@ else if(isset($_GET['adm_del']) && $_GET['adm_del'] == "1"){
 $sql = "SELECT * FROM `".DBT_USERS."` ORDER BY `".DBC_USERS_DOMAIN."`, `".DBC_USERS_USERNAME."` ASC;";
 
 if(!$result = $db->query($sql)){
-	die('There was an error running the query [' . $db->error . ']');
+	dbError($db->error);
 }
 
 ?>

include/php/pages/login.php

@@ -4,7 +4,7 @@ if(isset($_POST['email']) && isset($_POST['password'])){
 	// Start login
 	$login_success = $user->login($_POST['email'], $_POST['password']);
 	if($login_success){
-		header("Location: ".FRONTEND_BASE_PATH."private/");
+		redirect("private/");
 	}
 	// If login is not successful
 	else{
@@ -16,7 +16,7 @@ if(isset($_POST['email']) && isset($_POST['password'])){
 
 // If user is already logged in, redirect to start.
 if($user->isLoggedIn()){
-	header("Location: ".FRONTEND_BASE_PATH."private/");
+	redirect("private/");
 }
 
 ?>

include/php/pages/logout.php

@@ -2,5 +2,5 @@
 require_once 'include/php/default.inc.php';
 
 session_destroy();
-header("Location: ".FRONTEND_BASE_PATH);
+redirect('');
 ?>

include/php/pages/start.php

@@ -1,6 +1,6 @@
 <?php
 if($user->isLoggedIn() === true){
-	header("Location: ".FRONTEND_BASE_PATH."private/");
+	redirect("private/");
 }
 ?>