edit alias and login with alias setting

2022-03-08 23:45:01 +01:00 · 2022-03-08 23:45:01 +01:00 · a79044e80c
commit a79044e80c
parent d3537daf8a
12 changed files with 1637 additions and 1533 deletions
--- a/src/admin/groups.php
+++ b/src/admin/groups.php
@ -147,7 +147,7 @@ if($_REQUEST['action'] == 'groups')
 			if($_REQUEST['traffic'] > 0)
 				$_REQUEST['traffic'] *= 1024*1024;

-			$db->Query('UPDATE {pre}gruppen SET titel=?, soforthtml=?, sms_monat=?, storage=?, webdisk=?, maxsize=?, anlagen=?, traffic=?, wd_member_kbs=?, wd_open_kbs=?, send_limit_count=?, send_limit_time=?, ownpop3=?, ownpop3_interval=?, selfpop3_check=?, aliase=?, sms_pre=?, mail2sms=?, wap=?, sms_ownfrom=?, checker=?, tbx_webdisk=?, tbx_smsmanager=?, ads=?, share=?, pop3=?, smtp=?, responder=?, imap=?, forward=?, webdav=?, saliase=?, sms_price_per_credit=?, sms_from=?, sms_sig=?, signatur=?, smsvalidation=?, allow_newsletter_optout=?, smime=?, issue_certificates=?, upload_certificates=?, max_recps=?, sender_aliases=?, syncml=?, organizerdav=?, ftsearch=?, notifications=?, maildeliverystatus=?, abuseprotect=?, mail_send_code=?, sms_send_code=?, auto_save_drafts=? WHERE id=?',
+			$db->Query('UPDATE {pre}gruppen SET titel=?, soforthtml=?, sms_monat=?, storage=?, webdisk=?, maxsize=?, anlagen=?, traffic=?, wd_member_kbs=?, wd_open_kbs=?, send_limit_count=?, send_limit_time=?, ownpop3=?, ownpop3_interval=?, selfpop3_check=?, aliase=?, sms_pre=?, mail2sms=?, wap=?, sms_ownfrom=?, checker=?, tbx_webdisk=?, tbx_smsmanager=?, ads=?, share=?, pop3=?, smtp=?, responder=?, imap=?, forward=?, webdav=?, saliase=?, sms_price_per_credit=?, sms_from=?, sms_sig=?, signatur=?, smsvalidation=?, allow_newsletter_optout=?, smime=?, issue_certificates=?, upload_certificates=?, max_recps=?, sender_aliases=?, syncml=?, organizerdav=?, ftsearch=?, notifications=?, maildeliverystatus=?, abuseprotect=?, mail_send_code=?, sms_send_code=?, auto_save_drafts=?,organizer=? WHERE id=?',
 				$_REQUEST['titel'],
 				isset($_REQUEST['soforthtml']) ? 'yes' : 'no',
 				$_REQUEST['sms_monat'],
@ -200,6 +200,7 @@ if($_REQUEST['action'] == 'groups')
 				isset($_REQUEST['mail_send_code']) ? 'yes' : 'no',
 				isset($_REQUEST['sms_send_code']) ? 'yes' : 'no',
 				isset($_REQUEST['auto_save_drafts']) ? 'yes' : 'no',
+				isset($_REQUEST['organizer']) ? 'yes' : 'no',
 				$_REQUEST['id']);
 			$cacheManager->Delete('group:' . $_REQUEST['id']);

--- a/src/admin/templates/groups.edit.tpl
+++ b/src/admin/templates/groups.edit.tpl
@ -156,6 +156,11 @@
 						<td class="td2"><input type="checkbox" name="organizerdav"{if !$davSupport} disabled="disabled"{else}{if $group.organizerdav=='yes'} checked="checked"{/if}{/if} /></td>
 						<td colspan="2">&nbsp;</td>
 					</tr>
+					<tr>
+						<td class="td1">{lng p="organizer"}?</td>
+						<td class="td2"><input type="checkbox" name="organizer"{if $group.organizer=='yes'} checked="checked"{/if} /></td>
+						<td colspan="2">&nbsp;</td>
+					</tr>
 					<tr>
 						<td class="td1">{lng p="smtp"}?</td>
 						<td class="td2"><input type="checkbox" name="smtp"{if $group.smtp=='yes'} checked="checked"{/if} /></td>
--- a/src/languages/deutsch.lang.php
+++ b/src/languages/deutsch.lang.php
@ -1104,6 +1104,8 @@ $lang_user['invalidsmscode']	= 'Der eingegebene Freischalt-Code ist nicht korrek
 $lang_user['taxid'] 			= 'USt-ID';
 $lang_user['yourtaxid'] 		= 'Ihre USt-ID';
 $lang_user['redirect_note']		= 'Weiterleitungshinweis';
+$lang_user['login_with_alias']	= 'Login mit Alias erlauben';
+$lang_user['editalias']			= 'Alias bearbeiten';
 /**
 * Admin phrases
 */
--- a/src/languages/english.lang.php
+++ b/src/languages/english.lang.php
@ -1108,6 +1108,8 @@ $lang_user['invalidsmscode']	= 'The activation code is invalid. Please double-ch
 $lang_user['taxid'] 			= 'VAT';
 $lang_user['yourtaxid'] 		= 'Your VAT';
 $lang_user['redirect_note']		= 'Redirect notice';
+$lang_user['login_with_alias']	= 'Allow Login with Alias';
+$lang_user['editalias']			= 'Edit alias';
 /**
 * Admin phrases
 */
--- a/src/prefs.php
+++ b/src/prefs.php
@ -1083,6 +1083,18 @@ else if($_REQUEST['action'] == 'aliases'
 		$tpl->display('li/index.tpl');
 	}

+	//
+	// edit
+	//
+	else if(isset($_REQUEST['do']) && $_REQUEST['do'] == 'edit' && isset($_REQUEST['id']))
+	{
+		$aliases = $thisUser->GetAliases();
+		$alias = $aliases[(int)$_REQUEST['id']];
+		$tpl->assign('alias', $alias);
+		$tpl->assign('pageContent', 'li/prefs.aliases.edit.tpl');
+		$tpl->display('li/index.tpl');
+	}
+
 	//
 	// create
 	//
@ -1105,7 +1117,8 @@ else if($_REQUEST['action'] == 'aliases'
 					&& !BMUser::AddressLocked(trim($_REQUEST['email_local']))
 					&& strlen(trim($_REQUEST['email_local'])) >= $bm_prefs['minuserlength'])
 				{
-					$thisUser->AddAlias($emailAddress, ALIAS_SENDER|ALIAS_RECIPIENT,strip_tags($_REQUEST['email_name']));
+					$thisUser->AddAlias($emailAddress, ALIAS_SENDER|ALIAS_RECIPIENT,
+					strip_tags($_REQUEST['email_name']),isset($_REQUEST['email_login']) ? 'yes' : 'no');
 					header('Location: prefs.php?action=aliases&sid=' . session_id());
 					exit();
 				}
@ -1167,8 +1180,18 @@ else if($_REQUEST['action'] == 'aliases'
 	//
 	else
 	{
+		// update?
+		if(isset($_REQUEST['do']) && $_REQUEST['do'] == 'update'
+			&& isset($_REQUEST['id']))
+		{
+			$db->Query('UPDATE {pre}aliase SET sendername=?,login=? WHERE id=? AND user=?',
+			strip_tags($_REQUEST['email_name']),
+			isset($_REQUEST['email_login']) ? 'yes' : 'no',
+			(int)$_REQUEST['id'],
+			$userRow['id']);
+		}
 		// delete?
-		if(isset($_REQUEST['do']) && $_REQUEST['do'] == 'delete'
+		else if(isset($_REQUEST['do']) && $_REQUEST['do'] == 'delete'
 			&& isset($_REQUEST['id']))
 		{
 			if($userRow['defaultSender'] == 10+$_REQUEST['id']*2
--- a/src/serverlib/admin.inc.php
+++ b/src/serverlib/admin.inc.php
@ -171,7 +171,7 @@ function AdminAllowed($priv)
 function AdminRequirePrivilege($priv)
 {
    if (!AdminAllowed($priv)) {
-        DisplayError(0x02, 'Unauthorized', 'You are not authrized to view or change this dataset or page. Possible reasons are too few permissions or an expired session.',
+        DisplayError(0x02, 'Unauthorized', 'You are not authorized to view or change this dataset or page. Possible reasons are too few permissions or an expired session.',
            sprintf("Requested privileges:\n%s",
                $priv),
            __FILE__,
--- a/src/serverlib/database.struct.php
+++ b/src/serverlib/database.struct.php
--- a/src/serverlib/user.class.php
+++ b/src/serverlib/user.class.php
@ -1138,13 +1138,20 @@ class BMUser
 		$password = LooksLikeMD5Hash($passwordPlain) ? $passwordPlain : md5($passwordPlain);

 		// try plugin authentication first
-		$pluginAuth = BMUSer::_pluginAuth($email, $password, $passwordPlain);
+		$pluginAuth = BMUser::_pluginAuth($email, $password, $passwordPlain);

 		// no plugin auth
 		if(!is_array($pluginAuth))
 		{
 			// get user ID
-			$userID = BMUser::GetID($email);
+			$userID = BMUser::GetID($email,false,$isAlias);
+			$aliaslogin='no';
+			if($isAlias === true) { // Check if alias login is allowed
+				$res = $db->Query('SELECT login FROM {pre}aliase WHERE user=? AND email=? LIMIT 1',
+				$userID,$email);
+				list($aliaslogin) = $res->FetchArray(MYSQLI_NUM);
+				if($aliaslogin=='no') $userID=0; // Set userID to empty
+			}
 			$res = $db->Query('SELECT id,gesperrt,passwort,passwort_salt,email,last_login_attempt,sms_validation_code,ip,lastlogin,preferred_language,last_timezone FROM {pre}users WHERE id=? LIMIT 1',
 				$userID);
 			$row = $res->FetchArray();
@ -1724,7 +1731,7 @@ class BMUser
 		global $db, $lang_user;

 		$aliases = array();
-		$res = $db->Query('SELECT id,email,type,sendername FROM {pre}aliase WHERE user=? '
+		$res = $db->Query('SELECT id,email,type,sendername,login FROM {pre}aliase WHERE user=? '
 							. 'ORDER BY ' . $sortColumn . ' ' . $sortOrder,
 			$this->_id);
 		while($row = $res->FetchArray(MYSQLI_ASSOC))
@ -1944,7 +1951,7 @@ class BMUser
 	 * @param string $sendername Alias name
 	 * @return in
 	 */
-	public function AddAlias($email, $type, $sendername='')
+	public function AddAlias($email, $type, $sendername='',$aliaslogin='no')
 	{
 		global $db, $lang_custom, $bm_prefs, $thisUser;

@ -1959,12 +1966,13 @@ class BMUser
 		if($type == (ALIAS_RECIPIENT|ALIAS_SENDER))
 		{
 			// add
-			$db->Query('INSERT INTO {pre}aliase(email,user,type,date,sendername) VALUES(?,?,?,?,?)',
+			$db->Query('INSERT INTO {pre}aliase(email,user,type,date,sendername,login) VALUES(?,?,?,?,?,?)',
 				$email,
 				$this->_id,
 				$type,
 				time(),
-				$sendername);
+				$sendername,
+				$aliaslogin);
 			$id = $db->InsertId();

 			// log
--- a/src/setup/update.php
+++ b/src/setup/update.php
@ -671,6 +671,8 @@ elseif ($step == STEP_UPDATE_STEP) {
            }
            mysqli_query($connection, 'UPDATE '.$mysql['prefix'].'staaten SET is_eu = \'no\' WHERE id = 37'); // GB is not in EU anymore
            mysqli_query($connection, 'UPDATE '.$mysql['prefix'].'staaten SET land = \'Eswatini\' WHERE id = 117'); // Rename Swasiland to Eswatini
+            mysqli_query($connection, 'UPDATE '.$mysql['prefix'].'gruppen SET organizer = \'yes\''); // Allow organizer to all groups (default)
+            mysqli_query($connection, 'UPDATE '.$mysql['prefix'].'aliase SET login = \'no\''); // No login with alias (default)
        }

        // add new root certificates
--- a/src/templates/modern/li/prefs.aliases.add.tpl
+++ b/src/templates/modern/li/prefs.aliases.add.tpl
@ -58,6 +58,13 @@
 				<span id="addressAvailabilityIndicator"></span>
 			</td>
 		</tr>
+		<tr>
+			<td class="listTableLeft">&nbsp;</td>
+			<td class="listTableRight">
+				<input type="checkbox" name="email_login" id="email_login"  />
+				<label for="email_login">{lng p="login_with_alias"}</label>
+			</td>
+		</tr>
 		</tbody>
 		
 		<tr>
--- a/src/templates/modern/li/prefs.aliases.edit.tpl
+++ b/src/templates/modern/li/prefs.aliases.edit.tpl
@ -0,0 +1,49 @@
+<div id="contentHeader">
+	<div class="left">
+		<i class="fa fa-user-o" aria-hidden="true"></i>
+		{lng p="editalias"}
+	</div>
+</div>
+
+<div class="scrollContainer"><div class="pad">
+
+<form name="f1" method="post" action="prefs.php?action=aliases&do=update&sid={$sid}">
+	<input type="hidden" name="id" value="{text value=$alias.id}" />
+	<table class="listTable">
+		<tr>
+			<th class="listTableHead" colspan="2"> {lng p="editalias"}</th>
+		</tr>
+		
+		<tbody id="tbody">
+		<tr>
+			<td class="listTableLeft"><label for="email_name">{lng p="sendername"}:</label></td>
+			<td class="listTableRight">
+				<input type="text" name="email_name" id="email_name" value="{text value=$alias.sendername allowEmpty=true}" size="34"  />
+			</td>
+		</tr>
+		<tr>
+			<td class="listTableLeft">* <label for="email">{lng p="email"}:</label></td>
+			<td class="listTableRight">
+				<input type="email" name="email" id="email" value="{text value=$alias.email}" size="34" disabled /><br />
+			</td>
+		</tr>
+		<tr>
+			<td class="listTableLeft">&nbsp;</td>
+			<td class="listTableRight">
+				<input type="checkbox" name="email_login" id="email_login"{if $alias.login=='yes'} checked="checked"{/if}  />
+				<label for="email_login">{lng p="login_with_alias"}</label>
+			</td>
+		</tr>
+		</tbody>
+		
+		<tr>
+			<td class="listTableLeft">&nbsp;</td>
+			<td class="listTableRight">
+				<input type="submit" class="primary" value="{lng p="ok"}" />
+				<input type="reset" value="{lng p="reset"}" />
+			</td>
+		</tr>
+	</table>
+</form>
+
+</div></div>
--- a/src/templates/modern/li/prefs.aliases.tpl
+++ b/src/templates/modern/li/prefs.aliases.tpl
@ -34,6 +34,7 @@
 		<td class="{if $sortColumn=='email'}listTableTDActive{else}{$class}{/if}" nowrap="nowrap">&nbsp;<i class="fa fa-user-o" aria-hidden="true"></i> {email value=$alias.email}</td>
 		<td class="{if $sortColumn=='type'}listTableTDActive{else}{$class}{/if}">&nbsp;{$alias.typeText}</td>
 		<td class="{$class}" nowrap="nowrap">
+			<a href="prefs.php?action=aliases&do=edit&id={$aliasID}&sid={$sid}"><i class="fa fa-pencil" aria-hidden="true"></i></a>
 			<a onclick="return confirm('{lng p="realdel"}');" href="prefs.php?action=aliases&do=delete&id={$aliasID}&sid={$sid}"><i class="fa fa-trash-o" aria-hidden="true"></i></a>
 		</td>
 	</tr>