0ct0pu5/webmum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Change all pages to use models

Browse source
This commit is contained in:
ohartl 2016-02-19 15:47:38 +01:00
parent 3964e5331b
commit c182551e8f
9 changed files with 288 additions and 435 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
include/php/pages/admin/createdomain.php
View file

@ -1,22 +1,22 @@
<?php
if(isset($_POST['domain'])){
$domain = $db->escape_string($_POST['domain']);
$domain = strtolower($domain);
if($domain !== ""){
// Check if domain exists in database
$domain_exists = $db->query("SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_DOMAIN."` = '$domain';");
if($domain_exists->num_rows == 0){
$sql = "INSERT INTO `".DBT_DOMAINS."` (`".DBC_DOMAINS_DOMAIN."`) VALUES ('$domain');";
if(!$result = $db->query($sql)){
dbError($db->error);
}
else{
// Created domain successfull, redirect to overview
redirect("admin/listdomains/?created=1");
}
$inputDomain = $_POST['domain'];
if(!empty($inputDomain)){
$existingDomain = Domain::findWhere(array(DBC_DOMAINS_DOMAIN, $inputDomain));
if(!is_null($existingDomain)){
Domain::createAndSave(
array(
DBC_DOMAINS_DOMAIN => $inputDomain,
)
);
// Created domain successfull, redirect to overview
redirect("admin/listdomains/?created=1");
}
else{
add_message("fail", "Domain already exists in database.");

54
include/php/pages/admin/deletedomain.php
View file

@ -5,53 +5,45 @@ if(!isset($_GET['id'])){
redirect("admin/listdomains");
}
$id = $db->escape_string($_GET['id']);
$id = $_GET['id'];
//Load user data from DB
$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
/** @var Domain $domain */
$domain = Domain::find($id);
if(!$result = $db->query($sql)){
dbError($db->error);
}
if($result->num_rows !== 1){
if(is_null($domain)){
// Domain does not exist, redirect to overview
redirect("admin/listdomains");
}
$row = $result->fetch_assoc();
$domain = $row[DBC_DOMAINS_DOMAIN];
// Delete domain
if(isset($_POST['confirm'])){
$confirm = $_POST['confirm'];
if($confirm === "yes"){
$admin_domains = array();
foreach($admins as $admin) {
// Check if admin domain is affected
$isAdminDomain = false;
foreach($admins as $admin){
$parts = explode("@", $admin);
$admin_domains[] = $parts[1];
if(count($parts) === 2 && $parts[2] === $domain->getDomain()){
$isAdminDomain = true;
break;
}
}
// Check if admin domain is affected
if(!in_array($domain, $admin_domains)){
$sql = "DELETE FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id'";
if(!$isAdminDomain){
if(!$result = $db->query($sql)){
dbError($db->error);
}
else{
$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_DOMAIN."` = '$domain'";
$users = User::findWhere(array(DBC_USERS_DOMAIN, $domain->getDomain()));
if(!$result = $db->query($sql)){
dbError($db->error);
}
else{
// Delete domain successfull, redirect to overview
redirect("admin/listdomains/?deleted=1");
}
/** @var User $user */
foreach($users as $user){
$user->delete();
}
$domain->delete();
// Delete domain successfull, redirect to overview
redirect("admin/listdomains/?deleted=1");
}
else{
// Cannot delete domain with admin emails, redirect to overview
@ -66,7 +58,7 @@ if(isset($_POST['confirm'])){
}
?>
<h1>Delete domain "<?php echo $domain ?>"?</h1>
<h1>Delete domain "<?php echo $domain->getDomain() ?>"?</h1>
<div class="buttons">
<a class="button" href="<?php echo url('admin/listdomains'); ?>">&#10092; Back to domain list</a>

66
include/php/pages/admin/deleteredirect.php
View file

@ -5,64 +5,38 @@ if(!isset($_GET['id'])){
redirect("admin/listredirects");
}
$id = $db->escape_string($_GET['id']);
$id = $_GET['id'];
if(defined('DBC_ALIASES_MULTI_SOURCE')){
$sql = "SELECT r.* FROM (
SELECT
group_concat(g.`".DBC_ALIASES_ID."` ORDER BY g.`".DBC_ALIASES_ID."` SEPARATOR ',') AS `".DBC_ALIASES_ID."`,
group_concat(g.`".DBC_ALIASES_SOURCE."` SEPARATOR ',') AS `".DBC_ALIASES_SOURCE."`,
g.`".DBC_ALIASES_DESTINATION."`,
g.`".DBC_ALIASES_MULTI_SOURCE."`
FROM `".DBT_ALIASES."` AS g
WHERE g.`".DBC_ALIASES_MULTI_SOURCE."` IS NOT NULL
GROUP BY g.`".DBC_ALIASES_MULTI_SOURCE."`
UNION
SELECT
s.`".DBC_ALIASES_ID."`,
s.`".DBC_ALIASES_SOURCE."`,
s.`".DBC_ALIASES_DESTINATION."`,
s.`".DBC_ALIASES_MULTI_SOURCE."`
FROM `".DBT_ALIASES."` AS s
WHERE s.`".DBC_ALIASES_MULTI_SOURCE."` IS NULL
) AS r
WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
}
else{
$sql = "SELECT `".DBC_ALIASES_ID."`, `".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
}
/** @var AbstractRedirect $redirect */
$redirect = AbstractRedirect::findMulti($id);
if(!$result = $db->query($sql)){
dbError($db->error);
}
if($result->num_rows !== 1){
if(is_null($redirect)){
// Redirect does not exist, redirect to overview
redirect("admin/listredirects");
}
$redirect = $result->fetch_assoc();
if(isset($_POST['confirm'])){
$confirm = $_POST['confirm'];
if($confirm === "yes"){
$key = DBC_ALIASES_ID;
if(defined('DBC_ALIASES_MULTI_SOURCE') && !empty($redirect[DBC_ALIASES_MULTI_SOURCE])){
$key = DBC_ALIASES_MULTI_SOURCE;
}
$value = $redirect[$key];
if ($redirect instanceof AbstractMultiRedirect){
$sql = "DELETE FROM `".DBT_ALIASES."` WHERE `$key` = '$value'";
// Get single source rows of multi source redirect/alias instead
$hash = $redirect->getMultiHash();
$singleRedirects = AbstractRedirect::findWhere(array(DBC_ALIASES_MULTI_SOURCE, $hash));
if(!$result = $db->query($sql)){
dbError($db->error);
/** @var AbstractRedirect $redirectToDelete */
foreach($singleRedirects as $redirectToDelete){
$redirectToDelete->delete();
}
}
else{
// Delete redirect successfull, redirect to overview
redirect("admin/listredirects/?deleted=1");
else {
$redirect->delete();
}
// Delete redirect successfull, redirect to overview
redirect("admin/listredirects/?deleted=1");
}
else{
// Choose to not delete redirect, redirect to overview
@ -71,8 +45,6 @@ if(isset($_POST['confirm'])){
}
else{
$source = $redirect[DBC_ALIASES_SOURCE];
$destination = $redirect[DBC_ALIASES_DESTINATION];
?>
<h1>Delete redirection?</h1>
@ -84,12 +56,12 @@ else{
<form class="form" action="" method="post">
<div class="input-group">
<label>Source</label>
<div class="input-info"><?php echo strip_tags(formatEmails($source, FRONTEND_EMAIL_SEPARATOR_TEXT)); ?></div>
<div class="input-info"><?php echo formatEmails($redirect->getSource(), FRONTEND_EMAIL_SEPARATOR_TEXT); ?></div>
</div>
<div class="input-group">
<label>Destination</label>
<div class="input-info"><?php echo strip_tags(formatEmails($destination, FRONTEND_EMAIL_SEPARATOR_TEXT)); ?></div>
<div class="input-info"><?php echo formatEmails($redirect->getDestination(), FRONTEND_EMAIL_SEPARATOR_TEXT); ?></div>
</div>
<div class="input-group">

43
include/php/pages/admin/deleteuser.php
View file

@ -1,37 +1,32 @@
<?php
<?php
$id = $db->escape_string($_GET['id']);
//Load user data from DB
$sql = "SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
if(!$result = $db->query($sql)){
dbError($db->error);
if(!isset($_GET['id'])){
// Redirect id not set, redirect to overview
redirect("admin/listredirects");
}
$row = $result->fetch_assoc();
$id = $_GET['id'];
$username = $row[DBC_USERS_USERNAME];
$domain = $row[DBC_USERS_DOMAIN];
/** @var User $user */
$user = User::find($id);
$mailAddress = $username."@".$domain;
if(is_null($user)){
// User does not exist, redirect to overview
redirect("admin/listusers");
}
// Delete user
if(isset($_POST['confirm'])){
$confirm = $_POST['confirm'];
if($confirm === "yes"){
// Check if admin is affected
if (!in_array($mailAddress, $admins)) {
$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id'";
if(!$result = $db->query($sql)){
dbError($db->error);
}
else{
// Delete user successfull, redirect to overview
redirect("admin/listusers/?deleted=1");
}
if(!in_array($user->getEmail(), $admins)){
$user->delete();
// Delete user successfull, redirect to overview
redirect("admin/listusers/?deleted=1");
}
else{
// Admin tried to delete himself, redirect to overview
@ -46,7 +41,7 @@ if(isset($_POST['confirm'])){
?>
<h1>Delete user "<?php echo strip_tags($mailAddress) ?>"?</h1>
<h1>Delete user "<?php echo $user->getEmail() ?>"?</h1>
<div class="buttons">
<a class="button" href="<?php echo url('admin/listusers'); ?>">&#10092; Back to user list</a>

235
include/php/pages/admin/editredirect.php
View file

@ -4,148 +4,117 @@ $id = null;
$redirect = null;
if(isset($_GET['id'])){
$id = $db->escape_string($_GET['id']);
$id = $_GET['id'];
if(defined('DBC_ALIASES_MULTI_SOURCE')){
$sql = "SELECT r.* FROM (
SELECT
group_concat(g.`".DBC_ALIASES_ID."` ORDER BY g.`".DBC_ALIASES_ID."` SEPARATOR ',') AS `".DBC_ALIASES_ID."`,
group_concat(g.`".DBC_ALIASES_SOURCE."` SEPARATOR ',') AS `".DBC_ALIASES_SOURCE."`,
g.`".DBC_ALIASES_DESTINATION."`,
g.`".DBC_ALIASES_MULTI_SOURCE."`
FROM `".DBT_ALIASES."` AS g
WHERE g.`".DBC_ALIASES_MULTI_SOURCE."` IS NOT NULL
GROUP BY g.`".DBC_ALIASES_MULTI_SOURCE."`
UNION
SELECT
s.`".DBC_ALIASES_ID."`,
s.`".DBC_ALIASES_SOURCE."`,
s.`".DBC_ALIASES_DESTINATION."`,
s.`".DBC_ALIASES_MULTI_SOURCE."`
FROM `".DBT_ALIASES."` AS s
WHERE s.`".DBC_ALIASES_MULTI_SOURCE."` IS NULL
) AS r
WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
}
else{
$sql = "SELECT `".DBC_ALIASES_ID."`, `".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id' LIMIT 1;";
}
/** @var AbstractRedirect $redirect */
$redirect = AbstractRedirect::findMulti($id);
if(!$result = $db->query($sql)){
dbError($db->error);
}
if($result->num_rows !== 1){
if(is_null($redirect)){
// Redirect does not exist, redirect to overview
redirect("admin/listredirects");
}
$redirect = $result->fetch_assoc();
$sources = stringToEmails($redirect[DBC_ALIASES_SOURCE]);
$destinations = stringToEmails($redirect[DBC_ALIASES_DESTINATION]);
}
if(isset($_POST['savemode'])){
$savemode = $_POST['savemode'];
$sources = stringToEmails($_POST['source']);
$destinations = stringToEmails($_POST['destination']);
$inputSources = stringToEmails($_POST['source']);
$inputDestinations = stringToEmails($_POST['destination']);
// validate emails
$emailErrors = array();
// basic email validation is not working 100% correct though
foreach(array_merge($sources, $destinations) as $email){
foreach(array_merge($inputSources, $inputDestinations) as $email){
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$emailErrors[$email] = "Address \"$email\" is not a valid email address.";
$emailErrors[$email] = "Address \"{$email}\" is not a valid email address.";
}
}
// validate source emails are on domains
if(defined('VALIDATE_ALIASES_SOURCE_DOMAIN_ENABLED')){
$sql = "SELECT GROUP_CONCAT(`".DBC_DOMAINS_DOMAIN."` SEPARATOR ',') as `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."`";
if(!$resultDomains = $db->query($sql)){
dbError($db->error);
}
$domainRow = $resultDomains->fetch_assoc();
$domains = explode(',', $domainRow[DBC_DOMAINS_DOMAIN]);
$domains = Domain::findAll();
// validate source emails are on domains
foreach($sources as $email){
foreach($inputSources as $email){
if(isset($emailErrors[$email])){
continue;
}
$splited = explode('@', $email);
if(count($splited) !== 2 || !in_array($splited[1], $domains)){
$emailErrors[$email] = "Domain of source address \"$email\" not in domains.";
$emailParts = explode('@', $email);
$searchResult = $domains->search(
function($domain) use ($emailParts){
/** @var Domain $domain */
return $domain->getDomain() === $emailParts[1];
}
);
if(is_null($searchResult)){
$emailErrors[$email] = "Domain of source address \"{$email}\" not in domains.";
}
}
}
// validate no redirect loops
foreach(array_intersect($inputSources, $inputDestinations) as $email){
$emailErrors[$email] = "Address \"{$email}\" cannot be in source and destination in same redirect.";
}
if(count($emailErrors) > 0){
add_message("fail", implode("<br>", $emailErrors));
}
else{
if(count($emailErrors) === 0 && $savemode === "edit" && !is_null($redirect)){
if(count($sources) > 0 && count($destinations) > 0){
$destination = $db->escape_string(emailsToString($destinations));
$source = $db->escape_string(emailsToString($sources));
if(count($inputSources) > 0 && count($inputDestinations) > 0){
$inputDestination = emailsToString();
$key = DBC_ALIASES_ID;
if(defined('DBC_ALIASES_MULTI_SOURCE') && !empty($redirect[DBC_ALIASES_MULTI_SOURCE])){
$key = DBC_ALIASES_MULTI_SOURCE;
}
$value = $redirect[$key];
$sql = "SELECT `".DBC_ALIASES_ID."`, `".DBC_ALIASES_SOURCE."` FROM `".DBT_ALIASES."` WHERE `$key` = '$value'";
if(!$resultExisting = $db->query($sql)){
dbError($db->error);
}
$sourceIdMap = array();
while($existingRedirect = $resultExisting->fetch_assoc()){
$sourceIdMap[$existingRedirect[DBC_ALIASES_SOURCE]] = $existingRedirect[DBC_ALIASES_ID];
}
$existingRedirects = AbstractRedirect::findWhere(
(defined('DBC_ALIASES_MULTI_SOURCE') && $redirect instanceof AbstractMultiRedirect)
? array(DBC_ALIASES_MULTI_SOURCE, $redirect->getMultiHash())
: array(DBC_ALIASES_ID, $redirect->getId())
);
// multi source handling
$hash = (count($sources) === 1) ? "NULL" : "'".md5($source)."'";
$hash = (count($inputSources) === 1) ? null : md5(emailsToString($inputSources));
foreach($sources as $sourceAddress){
$sourceAddress = $db->escape_string(formatEmail($sourceAddress));
foreach($inputSources as $sourceAddress){
$sourceAddress = formatEmail($sourceAddress);
if(isset($sourceIdMap[$sourceAddress])){
// edit existing source
$id = $sourceIdMap[$sourceAddress];
$additionalSql = defined('DBC_ALIASES_MULTI_SOURCE') ? ", `".DBC_ALIASES_MULTI_SOURCE."` = $hash " : "";
$sql = "UPDATE `".DBT_ALIASES."` SET `".DBC_ALIASES_SOURCE."` = '$sourceAddress', `".DBC_ALIASES_DESTINATION."` = '$destination' $additionalSql WHERE `".DBC_ALIASES_ID."` = '$id';";
if(!$result = $db->query($sql)){
dbError($db->error);
/** @var AbstractRedirect $thisRedirect */
$thisRedirect = $existingRedirects->search(
function($model) use ($sourceAddress){
/** @var AbstractRedirect $model */
return $model->getSource() === $sourceAddress;
}
);
unset($sourceIdMap[$sourceAddress]); // mark updated
if(!is_null($thisRedirect)){
// edit existing source
$thisRedirect->setSource($sourceAddress);
$thisRedirect->setDestination($inputDestinations);
$thisRedirect->setMultiHash($hash);
$thisRedirect->save();
$existingRedirects->delete($thisRedirect->getId()); // mark updated
}
else{
// add new source
$additionalSql = defined('DBC_ALIASES_MULTI_SOURCE') ? ", `".DBC_ALIASES_MULTI_SOURCE."`" : "";
$additionalSqlValue = defined('DBC_ALIASES_MULTI_SOURCE') ? ", $hash" : "";
$sql = "INSERT INTO `".DBT_ALIASES."` (`".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` $additionalSql) VALUES ('$sourceAddress', '$destination' $additionalSqlValue);";
if(!$result = $db->query($sql)){
dbError($db->error);
$data = array(
DBC_ALIASES_SOURCE => $sourceAddress,
DBC_ALIASES_DESTINATION => $inputDestination,
);
if(defined('DBC_ALIASES_MULTI_SOURCE')){
$data[DBC_ALIASES_MULTI_SOURCE] = $hash;
}
AbstractRedirect::createAndSave($data);
}
}
// delete none updated redirect
foreach($sourceIdMap as $source => $id){
$sql = "DELETE FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_ID."` = '$id';";
if(!$result = $db->query($sql)){
dbError($db->error);
}
// Delete none updated redirect
foreach($existingRedirects as $redirect){
$redirect->delete();
}
// Edit successfull, redirect to overview
@ -157,56 +126,46 @@ if(isset($_POST['savemode'])){
}
else if(count($emailErrors) === 0 && $savemode === "create"){
if(count($sources) > 0 && count($destinations) > 0){
if(count($inputSources) > 0 && count($inputDestinations) > 0){
$values = array();
foreach($sources as $source){
$values[] = "'$source'";
}
$sql = "SELECT `".DBC_ALIASES_SOURCE."` FROM `".DBT_ALIASES."` WHERE `".DBC_ALIASES_SOURCE."` IN (".implode(',', $values).");";
if(!$resultExisting = $db->query($sql)){
dbError($db->error);
}
$existingRedirects = AbstractRedirect::findWhere(
array(DBC_ALIASES_SOURCE, 'IN', $inputSources)
);
$errorExisting = array();
while($existingRedirect = $resultExisting->fetch_assoc()){
$email = $existingRedirect[DBC_ALIASES_SOURCE];
$errorExisting[] = "Source address \"$email\" is already redirected to some destination.";
}
if($existingRedirects->count() > 0){
$errorMessages = array();
/** @var AbstractRedirect $existingRedirect */
foreach($existingRedirects as $existingRedirect){
$errorMessages[] = "Source address \"{$existingRedirect->getSource()}\" is already redirected to some destination.";
}
if(count($errorExisting) > 0){
add_message("fail", implode("<br>", $errorExisting));
add_message("fail", implode("<br>", $errorMessages));
}
else{
$destination = $db->escape_string(emailsToString($destinations));
$source = $db->escape_string(emailsToString($sources));
$inputDestination = emailsToString($inputDestinations);
$values = array();
if(count($sources) === 1){
$additionalSqlValue = defined('DBC_ALIASES_MULTI_SOURCE') ? ", NULL" : "";
$values[] = "('$source', '$destination' $additionalSqlValue)";
if(defined('DBC_ALIASES_MULTI_SOURCE') && count($inputSources) > 1){
$hash = md5(emailsToString($inputSources));
}
else {
$hash = null;
}
else{
// multi source handling
$hash = md5($source);
foreach($sources as $sourceAddress){
$sourceAddress = $db->escape_string(formatEmail($sourceAddress));
$additionalSqlValue = defined('DBC_ALIASES_MULTI_SOURCE') ? ", '$hash'" : "";
$values[] = "('$sourceAddress', '$destination' $additionalSqlValue)";
foreach($inputSources as $inputSource){
$data = array(
DBC_ALIASES_SOURCE => $inputSource,
DBC_ALIASES_DESTINATION => $inputDestination,
);
if(defined('DBC_ALIASES_MULTI_SOURCE')){
$data[DBC_ALIASES_MULTI_SOURCE] = $hash;
}
$a = AbstractRedirect::createAndSave($data);
}
$additionalSql = defined('DBC_ALIASES_MULTI_SOURCE') ? ", `".DBC_ALIASES_MULTI_SOURCE."`" : "";
$sql = "INSERT INTO `".DBT_ALIASES."` (`".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` $additionalSql) VALUES ".implode(',', $values).";";
if(!$result = $db->query($sql)){
dbError($db->error);
}
else{
// Redirect created, redirect to overview
redirect("admin/listredirects/?created=1");
}
// Redirect created, redirect to overview
redirect("admin/listredirects/?created=1");
}
}
else{
@ -233,7 +192,7 @@ if(isset($_GET['id'])){
<?php output_messages(); ?>
<form class="form" action="" method="post" autocomplete="off">
<input name="savemode" type="hidden" value="<?php echo isset($mode) ? $mode : ''; ?>"/>
<input name="savemode" type="hidden" value="<?php echo $mode; ?>"/>
<div class="input-group">
<div class="input-info">Enter single or multiple addresses separated by comma, semicolon or newline.</div>
@ -243,9 +202,9 @@ if(isset($_GET['id'])){
<label for="source">Source</label>
<div class="input">
<?php if(defined('DBC_ALIASES_MULTI_SOURCE')): ?>
<textarea name="source" placeholder="Source" required autofocus><?php echo isset($sources) ? strip_tags(emailsToString($sources, FRONTEND_EMAIL_SEPARATOR_FORM)) : ''; ?></textarea>
<textarea name="source" placeholder="Source" required autofocus><?php echo formatEmails(isset($_POST['source']) ? strip_tags($_POST['source']) : (is_null($redirect) ? '' : $redirect->getSource()), FRONTEND_EMAIL_SEPARATOR_FORM); ?></textarea>
<?php else: ?>
<input type="text" name="source" placeholder="Source (single address)" required autofocus value="<?php echo isset($sources) ? strip_tags(emailsToString($sources, FRONTEND_EMAIL_SEPARATOR_FORM)) : ''; ?>"/>
<input type="text" name="source" placeholder="Source (single address)" required autofocus value="<?php echo strip_tags(formatEmails(isset($_POST['source']) ? $_POST['source'] : (is_null($redirect) ? '' : $redirect->getSource()), FRONTEND_EMAIL_SEPARATOR_FORM)); ?>"/>
<?php endif; ?>
</div>
</div>
@ -253,7 +212,7 @@ if(isset($_GET['id'])){
<div class="input-group">
<label for="destination">Destination</label>
<div class="input">
<textarea name="destination" placeholder="Destination" required><?php echo isset($destinations) ? strip_tags(emailsToString($destinations, FRONTEND_EMAIL_SEPARATOR_FORM)) : ''; ?></textarea>
<textarea name="destination" placeholder="Destination" required><?php echo formatEmails(isset($_POST['destination']) ? strip_tags($_POST['destination']) : (is_null($redirect) ? '' : $redirect->getDestination()), FRONTEND_EMAIL_SEPARATOR_FORM); ?></textarea>
</div>
</div>

186
include/php/pages/admin/edituser.php
View file

@ -1,27 +1,25 @@
<?php
// If mailbox_limit is supported in the MySQL database
$mailbox_limit_default = 0;
if(defined('DBC_USERS_MAILBOXLIMIT')){
// Get mailbox_limit default value from DB
$sql = "SELECT DEFAULT(".DBC_USERS_MAILBOXLIMIT.") AS `".DBC_USERS_MAILBOXLIMIT."` FROM `".DBT_USERS."` LIMIT 1;";
if(!$result = $db->query($sql)){
dbError($db->error);
}
else{
while($row = $result->fetch_assoc()){
$mailbox_limit_default = $row[DBC_USERS_MAILBOXLIMIT];
$mailboxLimitDefault = User::getMailboxLimitDefault();
$saveMode = (isset($_POST['savemode']) && in_array($_POST['savemode'], array('edit', 'create')))
? $_POST['savemode']
: null;
if(!is_null($saveMode)){
$inputPassword = isset($_POST['password']) ? $_POST['password'] : null;
$inputPasswordRepeated = isset($_POST['password_repeat']) ? $_POST['password_repeat'] : null;
$inputMailboxLimit = null;
if(defined('DBC_USERS_MAILBOXLIMIT')){
$inputMailboxLimit = isset($_POST['mailbox_limit']) ? intval($_POST['mailbox_limit']) : $mailboxLimitDefault;
if(!$inputMailboxLimit === 0 && empty($inputMailboxLimit)){
$inputMailboxLimit = $mailboxLimitDefault;
}
}
}
$username = isset($_POST['username']) ? $db->escape_string(strtolower($_POST['username'])) : '';
$domain = isset($_POST['domain']) ? $db->escape_string(strtolower($_POST['domain'])) : '';
if(isset($_POST['savemode'])){
$savemode = $_POST['savemode'];
if($savemode === "edit"){
if($saveMode === 'edit'){
// Edit mode entered
if(!isset($_POST['id'])){
@ -29,86 +27,79 @@ if(isset($_POST['savemode'])){
redirect("admin/listusers");
}
$id = $db->escape_string($_POST['id']);
$inputId = $_POST['id'];
$sql = "SELECT `".DBC_USERS_ID."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
if(!$resultExists = $db->query($sql)){
dbError($db->error);
}
/** @var User $userToEdit */
$userToEdit = User::find($inputId);
if($resultExists->num_rows !== 1){
if(is_null($userToEdit)){
// User does not exist, redirect to overview
redirect("admin/listusers");
}
if(defined('DBC_USERS_MAILBOXLIMIT')){
$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);
if($mailbox_limit == ""){
$mailbox_limit = $mailbox_limit_default;
}
$sql = "UPDATE `".DBT_USERS."` SET `".DBC_USERS_MAILBOXLIMIT."` = '$mailbox_limit' WHERE `".DBC_USERS_ID."` = '$id';";
if(!$result = $db->query($sql)){
dbError($db->error);
}
if(defined('DBC_USERS_MAILBOXLIMIT') && !is_null($inputMailboxLimit)){
$userToEdit->setMailboxLimit($inputMailboxLimit);
}
$passwordError = false;
// Is there a changed password?
if(empty($_POST['password']) && empty($_POST['password_repeat'])){
// Edit user successfull, redirect to overview
redirect("admin/listusers/?edited=1");
}
else {
if(!empty($inputPassword) || !empty($inputPasswordRepeated)){
try{
Auth::validateNewPassword($_POST['password'], $_POST['password_repeat']);
// Password is okay and can be set
Auth::changeUserPassword($id, $_POST['password']);
// Edit user password successfull, redirect to overview
redirect("admin/listusers/?edited=1");
$userToEdit->changePassword($inputPassword, $inputPasswordRepeated);
}
catch(Exception $passwordInvalidException){
add_message("fail", $passwordInvalidException->getMessage());
$passwordError = true;
}
}
$userToEdit->save();
if(!$passwordError){
// Edit user successfull, redirect to overview
redirect("admin/listusers/?edited=1");
}
}
else if($savemode === "create"){
else if($saveMode === 'create'){
// Create mode entered
if(defined('DBC_USERS_MAILBOXLIMIT')){
$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);
}
else{
// make mailbox_limit dummy for "if"
$mailbox_limit = 0;
}
$inputUsername = isset($_POST['username']) ? $_POST['username'] : null;
$inputDomain = isset($_POST['domain']) ? $_POST['domain'] : null;
if(!empty($inputUsername)
&& !empty($inputDomain)
&& (!empty($inputPassword) || !empty($inputPasswordRepeated))
){
/** @var User $user */
$user = User::findWhereFirst(
array(
array(DBC_USERS_USERNAME, $inputUsername),
array(DBC_USERS_DOMAIN, $inputDomain),
)
);
if(!empty($username) && !empty($domain) && !empty($mailbox_limit) && !empty($_POST['password']) && !empty($_POST['password_repeat'])){
// Check if user already exists
$user_exists = $db->query("SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_USERNAME."` = '$username' AND `".DBC_USERS_DOMAIN."` = '$domain';");
if($user_exists->num_rows == 0){
if(is_null($user)){
try{
// Check password then go on an insert user first
Auth::validateNewPassword($_POST['password'], $_POST['password_repeat']);
Auth::validateNewPassword($inputPassword, $inputPasswordRepeated);
// Optional mailbox_limit support
if(defined('DBC_USERS_MAILBOXLIMIT')){
$sql = "INSERT INTO `".DBT_USERS."` (`".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."`, `".DBC_USERS_MAILBOXLIMIT."`) VALUES ('$username', '$domain', '$mailbox_limit')";
}
else{
$sql = "INSERT INTO `".DBT_USERS."` (`".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."`) VALUES ('$username', '$domain')";
$data = array(
DBC_USERS_USERNAME => $inputUsername,
DBC_USERS_DOMAIN => $inputDomain,
DBC_USERS_PASSWORD => Auth::generatePasswordHash($inputPassword)
);
if(defined('DBC_USERS_MAILBOXLIMIT') && !is_null($inputMailboxLimit)){
$data[DBC_USERS_MAILBOXLIMIT] = $inputMailboxLimit;
}
if(!$result = $db->query($sql)){
dbError($db->error);
}
$userId = $db->insert_id;
// Password is validated and user was created, we can insert the password now
Auth::changeUserPassword($userId, $_POST['password']);
/** @var User $user */
$user = User::createAndSave($data);
// Redirect user to user list
redirect("admin/listusers/?created=1");
@ -122,6 +113,7 @@ if(isset($_POST['savemode'])){
}
}
else{
var_dump($_POST);
// Fields missing
add_message("fail", "Not all fields were filled out.");
}
@ -132,39 +124,23 @@ if(isset($_POST['savemode'])){
$mode = "create";
if(isset($_GET['id'])){
$mode = "edit";
$id = $db->escape_string($_GET['id']);
$id = $_GET['id'];
//Load user data from DB
$sql = "SELECT * from `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
/** @var User $user */
$user = User::find($id);
if(!$result = $db->query($sql)){
dbError($db->error);
}
if($result->num_rows !== 1){
if(is_null($user)){
// User does not exist, redirect to overview
redirect("admin/listusers");
}
$row = $result->fetch_assoc();
$username = $row[DBC_USERS_USERNAME];
$domain = $row[DBC_USERS_DOMAIN];
if(defined('DBC_USERS_MAILBOXLIMIT')){
$mailbox_limit = $row[DBC_USERS_MAILBOXLIMIT];
}
}
//Load user data from DB
$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."`;";
if(!$resultDomains = $db->query($sql)){
dbError($db->error);
}
/** @var ModelCollection $domains */
$domains = Domain::findAll();
?>
<h1><?php echo ($mode === "create") ? 'Create User' : 'Edit user "'.$username.'@'.$domain.'"'; ?></h1>
<h1><?php echo ($mode === "create") ? "Create User" : "Edit user \"{$user->getEmail()}\""; ?></h1>
<div class="buttons">
<a class="button" href="<?php echo url('admin/listusers'); ?>">&#10092; Back to user list</a>
@ -172,8 +148,8 @@ if(!$resultDomains = $db->query($sql)){
<form class="form" action="" method="post">
<input type="hidden" name="savemode" value="<?php echo $mode; ?>"/>
<?php if($mode === "edit" && isset($id)): ?>
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<?php if($mode === "edit"): ?>
<input type="hidden" name="id" value="<?php echo $user->getId(); ?>"/>
<?php endif; ?>
<?php output_messages(); ?>
@ -187,7 +163,7 @@ if(!$resultDomains = $db->query($sql)){
<div class="input-group">
<label for="username">Username</label>
<div class="input">
<input type="text" name="username" placeholder="Username" value="<?php echo isset($username) ? strip_tags($username) : ''; ?>" autofocus required/>
<input type="text" name="username" placeholder="Username" value="<?php echo isset($_POST['username']) ? strip_tags($_POST['username']) : (isset($user) ? $user->getUsername() : ''); ?>" autofocus required/>
</div>
</div>
@ -196,11 +172,11 @@ if(!$resultDomains = $db->query($sql)){
<div class="input">
<select name="domain" required>
<option value="">-- Select a domain --</option>
<?php while($row = $resultDomains->fetch_assoc()): ?>
<option value="<?php echo strip_tags($row[DBC_DOMAINS_DOMAIN]); ?>" <?php echo (isset($domain) && $row[DBC_DOMAINS_DOMAIN] == $domain) ? 'selected' : ''; ?>>
<?php echo strip_tags($row[DBC_DOMAINS_DOMAIN]); ?>
<?php foreach($domains as $domain): /** @var Domain $domain */ ?>
<option value="<?php echo $domain->getDomain(); ?>" <?php echo ((isset($_POST['domain']) && $_POST['domain'] === $domain->getDomain()) || (isset($user) && $user->getDomain() == $domain->getDomain())) ? 'selected' : ''; ?>>
<?php echo $domain->getDomain(); ?>
</option>
<?php endwhile; ?>
<?php endforeach; ?>
</select>
</div>
</div>
@ -221,9 +197,9 @@ if(!$resultDomains = $db->query($sql)){
<?php if(defined('DBC_USERS_MAILBOXLIMIT')): ?>
<div class="input-group">
<label>Mailbox limit</label>
<div class="input-info">The default limit is <?php echo $mailbox_limit_default; ?> MB. Limit set to 0 means no limit in size.</div>
<div class="input-info">The default limit is <?php echo $mailboxLimitDefault; ?> MB. Limit set to 0 means no limit in size.</div>
<div class="input input-labeled input-labeled-right">
<input name="mailbox_limit" type="number" value="<?php echo strip_tags(isset($mailbox_limit) ? $mailbox_limit : $mailbox_limit_default); ?>" placeholder="Mailbox limit in MB" min="0" required/>
<input name="mailbox_limit" type="number" value="<?php echo isset($_POST['mailbox_limit']) ? strip_tags($_POST['mailbox_limit']) : ((isset($user) && defined('DBC_USERS_MAILBOXLIMIT')) ? $user->getMailboxLimit() : $mailboxLimitDefault); ?>" placeholder="Mailbox limit in MB" min="0" required/>
<span class="input-label">MB</span>
</div>
</div>

27
include/php/pages/admin/listdomains.php
View file

@ -9,16 +9,7 @@ else if(isset($_GET['adm_del']) && $_GET['adm_del'] == "1"){
add_message("fail", "Domain could not be deleted because admin account would be affected.");
}
$sql = "SELECT d.*, COUNT(DISTINCT u.`".DBC_USERS_ID."`) AS `user_count`, COUNT(DISTINCT r.`".DBC_ALIASES_ID."`) AS `redirect_count`
FROM `".DBT_DOMAINS."` AS d
LEFT JOIN `".DBT_USERS."` AS u ON (u.`".DBC_USERS_DOMAIN."` = d.`".DBC_DOMAINS_DOMAIN."`)
LEFT JOIN `".DBT_ALIASES."` AS r ON (r.`".DBC_ALIASES_SOURCE."` LIKE CONCAT('%@', d.`".DBC_DOMAINS_DOMAIN."`))
GROUP BY d.`".DBC_DOMAINS_DOMAIN."`
ORDER BY `".DBC_DOMAINS_DOMAIN."` ASC;";
if(!$result = $db->query($sql)){
dbError($db->error);
}
$domains = Domain::findAll();
?>
@ -40,21 +31,21 @@ if(!$result = $db->query($sql)){
<tr>
</thead>
<tbody>
<?php while($row = $result->fetch_assoc()): ?>
<?php foreach($domains as $domain): /** @var Domain $domain */ ?>
<tr>
<td><?php echo strip_tags($row[DBC_DOMAINS_DOMAIN]); ?></td>
<td><?php echo strip_tags($row['user_count']); ?></td>
<td><?php echo strip_tags($row['redirect_count']); ?></td>
<td><?php echo $domain->getDomain(); ?></td>
<td><?php echo $domain->countUsers(); ?></td>
<td><?php echo $domain->countRedirects(); ?></td>
<td>
<a href="<?php echo url('admin/deletedomain/?id='.$row[DBC_DOMAINS_ID]); ?>">[Delete]</a>
<a href="<?php echo url('admin/deletedomain/?id='.$domain->getId()); ?>">[Delete]</a>
</td>
</tr>
<?php endwhile; ?>
<?php endforeach; ?>
</tbody>
<?php if ($result->num_rows > 0): ?>
<?php if ($domains->count() > 0): ?>
<tfoot>
<tr>
<th><?php echo $result->num_rows;?> Domains</th>
<th><?php echo $domains->count();?> Domains</th>
</tr>
</tfoot>
<?php endif; ?>

46
include/php/pages/admin/listredirects.php
View file

@ -10,34 +10,8 @@ else if(isset($_GET['edited']) && $_GET['edited'] == "1"){
add_message("success", "Redirect edited successfully.");
}
if(defined('DBC_ALIASES_MULTI_SOURCE')){
$sql = "SELECT r.* FROM (
SELECT
group_concat(g.`".DBC_ALIASES_ID."` ORDER BY g.`".DBC_ALIASES_ID."` SEPARATOR ',') AS `".DBC_ALIASES_ID."`,
group_concat(g.`".DBC_ALIASES_SOURCE."` SEPARATOR ',') AS `".DBC_ALIASES_SOURCE."`,
g.`".DBC_ALIASES_DESTINATION."`,
g.`".DBC_ALIASES_MULTI_SOURCE."`
FROM `".DBT_ALIASES."` AS g
WHERE g.`".DBC_ALIASES_MULTI_SOURCE."` IS NOT NULL
GROUP BY g.`".DBC_ALIASES_MULTI_SOURCE."`
UNION
SELECT
s.`".DBC_ALIASES_ID."`,
s.`".DBC_ALIASES_SOURCE."`,
s.`".DBC_ALIASES_DESTINATION."`,
s.`".DBC_ALIASES_MULTI_SOURCE."`
FROM `".DBT_ALIASES."` AS s
WHERE s.`".DBC_ALIASES_MULTI_SOURCE."` IS NULL
) AS r
ORDER BY `".DBC_ALIASES_SOURCE."` ASC";
}
else{
$sql = "SELECT `".DBC_ALIASES_ID."`, `".DBC_ALIASES_SOURCE."`, `".DBC_ALIASES_DESTINATION."` FROM `".DBT_ALIASES."` ORDER BY `".DBC_ALIASES_SOURCE."` ASC;";
}
if(!$result = $db->query($sql)){
dbError($db->error);
}
AbstractRedirect::find(21);
$redirects = AbstractRedirect::findMultiAll();
?>
@ -59,23 +33,23 @@ if(!$result = $db->query($sql)){
<tr>
</thead>
<tbody>
<?php while($row = $result->fetch_assoc()): ?>
<?php foreach($redirects as $redirect): /** @var AbstractRedirect $redirect */ ?>
<tr>
<td><?php echo strip_tags(formatEmails($row[DBC_ALIASES_SOURCE], FRONTEND_EMAIL_SEPARATOR_TEXT)); ?></td>
<td><?php echo strip_tags(formatEmails($row[DBC_ALIASES_DESTINATION], FRONTEND_EMAIL_SEPARATOR_TEXT)); ?></td>
<td><?php echo formatEmails($redirect->getSource(), FRONTEND_EMAIL_SEPARATOR_TEXT); ?></td>
<td><?php echo formatEmails($redirect->getDestination(), FRONTEND_EMAIL_SEPARATOR_TEXT); ?></td>
<td>
<a href="<?php echo url('admin/editredirect/?id='.$row[DBC_ALIASES_ID]); ?>">[Edit]</a>
<a href="<?php echo url('admin/editredirect/?id='.$redirect->getId()); ?>">[Edit]</a>
</td>
<td>
<a href="<?php echo url('admin/deleteredirect/?id='.$row[DBC_ALIASES_ID]); ?>">[Delete]</a>
<a href="<?php echo url('admin/deleteredirect/?id='.$redirect->getId()); ?>">[Delete]</a>
</td>
</tr>
<?php endwhile; ?>
<?php endforeach; ?>
</tbody>
<?php if ($result->num_rows > 0): ?>
<?php if ($redirects->count() > 0): ?>
<tfoot>
<tr>
<th><?php echo $result->num_rows;?> Redirects</th>
<th><?php echo $redirects->count();?> Redirects</th>
</tr>
</tfoot>
<?php endif; ?>

34
include/php/pages/admin/listusers.php
View file

@ -13,11 +13,7 @@ else if(isset($_GET['adm_del']) && $_GET['adm_del'] == "1"){
add_message("fail", "Admin user cannot be deleted.");
}
$sql = "SELECT * FROM `".DBT_USERS."` ORDER BY `".DBC_USERS_DOMAIN."`, `".DBC_USERS_USERNAME."` ASC;";
if(!$result = $db->query($sql)){
dbError($db->error);
}
$users = User::findAll();
?>
@ -43,30 +39,28 @@ if(!$result = $db->query($sql)){
<tr>
</thead>
<tbody>
<?php while($row = $result->fetch_assoc()): ?>
<?php foreach($users as $user): /** @var User $user */ ?>
<tr>
<td><?php echo strip_tags($row[DBC_USERS_USERNAME]); ?></td>
<td><?php echo strip_tags($row[DBC_USERS_DOMAIN]); ?></td>
<?php if(defined('DBC_USERS_MAILBOXLIMIT')):
$limit = strip_tags($row[DBC_USERS_MAILBOXLIMIT]);
?>
<td style="text-align: right"><?php echo ($limit > 0) ? $limit.' MB' : 'No limit'; ?></td>
<?php endif;?>
<td><?php echo in_array($row[DBC_USERS_USERNAME].'@'.$row[DBC_USERS_DOMAIN], $admins) ? 'Admin' : 'User'; ?></td>
<td><?php echo$user->getUsername(); ?></td>
<td><?php echo $user->getDomain(); ?></td>
<?php if(defined('DBC_USERS_MAILBOXLIMIT')): ?>
<td style="text-align: right"><?php echo ($user->getMailboxLimit() > 0) ? $user->getMailboxLimit().' MB' : 'No limit'; ?></td>
<?php endif; ?>
<td><?php echo ($user->getRole() === User::ROLE_ADMIN) ? 'Admin' : 'User'; ?></td>
<td>
<a href="<?php echo url('admin/edituser/?id='.$row[DBC_USERS_ID]); ?>">[Edit]</a>
<a href="<?php echo url('admin/edituser/?id='.$user->getId()); ?>">[Edit]</a>
</td>
<td>
<a href="<?php echo url('admin/deleteuser/?id='.$row[DBC_USERS_ID]); ?>">[Delete]</a>
<a href="<?php echo url('admin/deleteuser/?id='.$user->getId()); ?>">[Delete]</a>
</td>
</tr>
<?php endwhile; ?>
<?php endforeach; ?>
</tbody>
<?php if ($result->num_rows > 0): ?>
<?php if ($users->count() > 0): ?>
<tfoot>
<tr>
<th><?php echo $result->num_rows;?> User</th>
<th><?php echo $users->count();?> User</th>
</tr>
</tfoot>
<?php endif; ?>
</table>
</table>