8d3da69039fd501f0664b6cfcf9c4945c4ad8383
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   1) <?php
modules/imap/include/mailaccounts.php   2) 
modules/imap/include/mailaccounts.php   3) require_once('inc/debug.php');
modules/imap/include/mailaccounts.php   4) require_once('inc/db_connect.php');
bernd Logging aktiviert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   5) require_once('inc/base.php');
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   6) require_once('inc/security.php');
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   7) 
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   8) require_once('class/domain.php');
modules/imap/include/mailaccounts.php   9) 
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  10) function mailaccounts($uid)
modules/imap/include/mailaccounts.php  11) {
modules/imap/include/mailaccounts.php  12)   $uid = (int) $uid;
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  13)   $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  14)   DEBUG("Found ".@mysql_num_rows($result)." rows!");
modules/imap/include/mailaccounts.php  15)   $accounts = array();
modules/imap/include/mailaccounts.php  16)   if (@mysql_num_rows($result) > 0)
modules/imap/include/mailaccounts.php  17)     while ($acc = @mysql_fetch_object($result))
modules/imap/include/mailaccounts.php  18)       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
modules/imap/include/mailaccounts.php  19)   return $accounts;
modules/imap/include/mailaccounts.php  20) }
modules/imap/include/mailaccounts.php  21) 
modules/imap/include/mailaccounts.php  22) function get_mailaccount($id)
modules/imap/include/mailaccounts.php  23) {
modules/imap/include/mailaccounts.php  24)   $uid = (int) $uid;
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  25)   $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  26)   DEBUG("Found ".mysql_num_rows($result)." rows!");
modules/imap/include/mailaccounts.php  27)   $acc = mysql_fetch_object($result);
modules/imap/include/mailaccounts.php  28)   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
modules/imap/include/mailaccounts.php  29)   DEBUG(print_r($ret, true));
modules/imap/include/mailaccounts.php  30)   return $ret;
modules/imap/include/mailaccounts.php  31) }
modules/imap/include/mailaccounts.php  32) 
modules/imap/include/mailaccounts.php  33) function encrypt_mail_password($pw)
modules/imap/include/mailaccounts.php  34) {
modules/imap/include/mailaccounts.php  35)   DEBUG("unencrypted PW: ".$pw);
bernd pashword-hashing ohne Aufru...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  36)   require_once('inc/base.php');
modules/imap/include/mailaccounts.php  37)   $salt = random_string(8);
modules/imap/include/mailaccounts.php  38)   $encpw = crypt($pw, "\$1\${$salt}\$");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  39)   DEBUG("encrypted PW: ".$encpw);
modules/imap/include/mailaccounts.php  40)   return chop($encpw);
modules/imap/include/mailaccounts.php  41) 
modules/imap/include/mailaccounts.php  42) }
modules/imap/include/mailaccounts.php  43) 
modules/imap/include/mailaccounts.php  44) function change_mailaccount($id, $arr)
modules/imap/include/mailaccounts.php  45) {
modules/imap/include/mailaccounts.php  46)   $id = (int) $id;
modules/imap/include/mailaccounts.php  47)   $conditions = array();
modules/imap/include/mailaccounts.php  48) 
modules/imap/include/mailaccounts.php  49)   if (isset($arr['account']))
modules/imap/include/mailaccounts.php  50)   {
modules/imap/include/mailaccounts.php  51)     list($local, $domain) = explode('@', $arr['account'], 2);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  52)     $domain = new Domain( (string) $domain);
modules/imap/include/mailaccounts.php  53)     if ($domain->id == NULL)
modules/imap/include/mailaccounts.php  54)       array_push($conditions, "domain=NULL");
modules/imap/include/mailaccounts.php  55)     else
modules/imap/include/mailaccounts.php  56)       array_push($conditions, "domain={$domain->id}");
modules/imap/include/mailaccounts.php  57) 
modules/imap/include/mailaccounts.php  58)     array_push($conditions, "local='".mysql_real_escape_string($local)."'");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  59)   }
modules/imap/include/mailaccounts.php  60)   if (isset($arr['mailbox']))
modules/imap/include/mailaccounts.php  61)     if ($arr['mailbox'] == '')
modules/imap/include/mailaccounts.php  62)       array_push($conditions, "`maildir`=NULL");
modules/imap/include/mailaccounts.php  63)     else
modules/imap/include/mailaccounts.php  64)       array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
modules/imap/include/mailaccounts.php  65) 
modules/imap/include/mailaccounts.php  66)   if (isset($arr['password']))
modules/imap/include/mailaccounts.php  67)   {
modules/imap/include/mailaccounts.php  68)     $encpw = encrypt_mail_password($arr['password']);
modules/imap/include/mailaccounts.php  69)     array_push($conditions, "`password`='$encpw'");
modules/imap/include/mailaccounts.php  70)   }
modules/imap/include/mailaccounts.php  71) 
modules/imap/include/mailaccounts.php  72)   if (isset($arr['enabled']))
modules/imap/include/mailaccounts.php  73)     array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
modules/imap/include/mailaccounts.php  74) 
modules/imap/include/mailaccounts.php  75) 
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  76)   db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
bernd Logging aktiviert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  77)   logger("modules/imap/include/mailaccounts.php", "imap", "updated account »{$arr['account']}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  78) 
modules/imap/include/mailaccounts.php  79) }
modules/imap/include/mailaccounts.php  80) 
modules/imap/include/mailaccounts.php  81) function create_mailaccount($arr)
modules/imap/include/mailaccounts.php  82) {
modules/imap/include/mailaccounts.php  83)   $values = array();
modules/imap/include/mailaccounts.php  84) 
modules/imap/include/mailaccounts.php  85)   if (($arr['account']) == '')
modules/imap/include/mailaccounts.php  86)     system_failure('empty account name!');
modules/imap/include/mailaccounts.php  87) 
modules/imap/include/mailaccounts.php  88)   $values['uid'] = (int) $_SESSION['userinfo']['uid'];
modules/imap/include/mailaccounts.php  89) 
modules/imap/include/mailaccounts.php  90)   list($local, $domain) = explode('@', $arr['account'], 2);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  91)   $domain = new Domain( (string) $domain);
modules/imap/include/mailaccounts.php  92)   if ($domain->id == NULL)
modules/imap/include/mailaccounts.php  93)     $values['domain'] = "NULL";
modules/imap/include/mailaccounts.php  94)   else
modules/imap/include/mailaccounts.php  95)     $values['domain'] = $domain->id;
modules/imap/include/mailaccounts.php  96) 
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  97)   $values['local'] = "'".mysql_real_escape_string($local)."'";
modules/imap/include/mailaccounts.php  98) 
modules/imap/include/mailaccounts.php  99)   if (isset($arr['mailbox']))
modules/imap/include/mailaccounts.php 100)     if ($arr['mailbox'] == '')
modules/imap/include/mailaccounts.php 101)       $values['maildir'] = 'NULL';
modules/imap/include/mailaccounts.php 102)     else
modules/imap/include/mailaccounts.php 103)       $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
modules/imap/include/mailaccounts.php 104) 
modules/imap/include/mailaccounts.php 105) 
modules/imap/include/mailaccounts.php 106)   if (isset($arr['password']))
modules/imap/include/mailaccounts.php 107)   {
modules/imap/include/mailaccounts.php 108)     $values['password'] = "'".encrypt_mail_password($arr['password'])."'";
modules/imap/include/mailaccounts.php 109)   }
modules/imap/include/mailaccounts.php 110) 
modules/imap/include/mailaccounts.php 111)   if (isset($arr['enabled']))
modules/imap/include/mailaccounts.php 112)     $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
modules/imap/include/mailaccounts.php 113) 
modules/imap/include/mailaccounts.php 114) 
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 115)   db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
bernd Logging aktiviert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 116)   logger("modules/imap/include/mailaccounts.php", "imap", "created account »{$arr['account']}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 117) 
modules/imap/include/mailaccounts.php 118) }
modules/imap/include/mailaccounts.php 119) 
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 120)     
modules/imap/include/mailaccounts.php 121) function get_mailaccount_id($accountname)
modules/imap/include/mailaccounts.php 122) {
modules/imap/include/mailaccounts.php 123)   list($local, $domain) = explode('@', $accountname, 2);
modules/imap/include/mailaccounts.php 124)   if ($domain == 'schokokeks.org')
modules/imap/include/mailaccounts.php 125)     $domain = '';
modules/imap/include/mailaccounts.php 126) 
modules/imap/include/mailaccounts.php 127)   $local = mysql_real_escape_string($local);
modules/imap/include/mailaccounts.php 128)   $domain = maybe_null($domain);
modules/imap/include/mailaccounts.php 129) 
modules/imap/include/mailaccounts.php 130)   $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname={$domain}");
modules/imap/include/mailaccounts.php 131)   if (mysql_num_rows($result) != 1)
modules/imap/include/mailaccounts.php 132)     system_failure('account nicht eindeutig');
modules/imap/include/mailaccounts.php 133)   $acc = mysql_fetch_assoc($result);
modules/imap/include/mailaccounts.php 134)   return $acc['id'];
modules/imap/include/mailaccounts.php 135) }
modules/imap/include/mailaccounts.php 136)     
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 137) 
modules/imap/include/mailaccounts.php 138) function delete_mailaccount($id)
modules/imap/include/mailaccounts.php 139) {
modules/imap/include/mailaccounts.php 140)   $id = (int) $id;
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 141)   db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
bernd Logging aktiviert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 142)   logger("modules/imap/include/mailaccounts.php", "imap", "deleted account »{$id}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 143) }
modules/imap/include/mailaccounts.php 144) 
modules/imap/include/mailaccounts.php 145) 
modules/imap/include/mailaccounts.php 146) function check_valid($acc)
modules/imap/include/mailaccounts.php 147) {
modules/imap/include/mailaccounts.php 148)   $user = $_SESSION['userinfo'];
modules/imap/include/mailaccounts.php 149)   DEBUG("Account-data: ".print_r($acc, true));
modules/imap/include/mailaccounts.php 150)   DEBUG("User-data: ".print_r($user, true));
modules/imap/include/mailaccounts.php 151)   if ($acc['mailbox'] != '')
modules/imap/include/mailaccounts.php 152)   {
modules/imap/include/mailaccounts.php 153)     if (substr($acc['mailbox'], 0, strlen($user['homedir'])+1) != $user['homedir'].'/')
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 154)       return "Die Mailbox muss innerhalb des Home-Verzeichnisses liegen. Sie haben »".$acc['mailbox']."« als Mailbox angegeben, Ihr Home-Verzeichnis ist »".$user['homedir']."/«.";
modules/imap/include/mailaccounts.php 155)     if (! check_path($acc['mailbox']))
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 156)       return "Sie verwenden ungültige Zeichen in Ihrem Mailbox-Pfad.";
modules/imap/include/mailaccounts.php 157)   }
modules/imap/include/mailaccounts.php 158) 
modules/imap/include/mailaccounts.php 159)   if ($acc['account'] == '' || strpos($acc['account'], '@') == 0)
modules/imap/include/mailaccounts.php 160)     return "Es wurde kein Benutzername angegeben!";
modules/imap/include/mailaccounts.php 161)   if (strpos($acc['account'], '@') === false)
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 162)     return "Es wurde kein Domain-Teil im Account-Name angegeben. Account-Namen müssen einen Domain-Teil enthalten. Im Zweifel versuchen Sie »@schokokeks.org«.";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 163) 
modules/imap/include/mailaccounts.php 164)   list($local, $domain) = explode('@', $acc['account'], 2);
hanno Hatte die Kompatibilität ge...

hanno authored 17 years ago

modules/imap/include/mailaccounts.php 165)   verify_input_username($local);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 166)   $tmpdomains = get_domain_list($user['customerno'], $user['uid']);
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 167)   $domains = array();
modules/imap/include/mailaccounts.php 168)   foreach ($tmpdomains as $dom)
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 169)     $domains[] = $dom->fqdn;
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 170) 
modules/imap/include/mailaccounts.php 171)   if (array_search($domain, $domains) === false)
modules/imap/include/mailaccounts.php 172)   {
modules/imap/include/mailaccounts.php 173)     if ($domain == "schokokeks.org")
modules/imap/include/mailaccounts.php 174)     {
modules/imap/include/mailaccounts.php 175)       if (substr($local, 0, strlen($user['username'])) != $user['username'] || ($acc['account'][strlen($user['username'])] != '-' && $acc['account'][strlen($user['username'])] != '@'))
modules/imap/include/mailaccounts.php 176)       {
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 177)         return "Sie haben »@schokokeks.org« als Domain-Teil angegeben, aber der Benutzer-Teil beginnt nicht mit Ihrem Benutzername!";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 178)       }
modules/imap/include/mailaccounts.php 179)     }
modules/imap/include/mailaccounts.php 180)     else
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php 181)       return "Der angegebene Domain-Teil (»".htmlentities($domain, ENT_QUOTES, "UTF-8")."«) ist nicht für Ihren Account eingetragen. Sollte dies ein Fehler sein, wenden sie sich bitte an einen Administrator!";