bff5f442d68ade74a6d3b14bbe77fcafdca736d1
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    1) <?php
modules/imap/include/mailaccounts.php    2) 
modules/imap/include/mailaccounts.php    3) require_once('inc/debug.php');
modules/imap/include/mailaccounts.php    4) require_once('inc/db_connect.php');
bernd Logging aktiviert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    5) require_once('inc/base.php');
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    6) require_once('inc/security.php');
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    7) 
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    8) require_once('class/domain.php');
modules/imap/include/mailaccounts.php    9) 
bernd Alles in das email-modul ve...

bernd authored 16 years ago

modules/email/include/mailaccounts.php  10) require_once('common.php');
modules/email/include/mailaccounts.php  11) 
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   12) function mailaccounts($uid)
modules/imap/include/mailaccounts.php   13) {
modules/imap/include/mailaccounts.php   14)   $uid = (int) $uid;
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  15)   $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   16)   DEBUG("Found ".@mysql_num_rows($result)." rows!");
modules/imap/include/mailaccounts.php   17)   $accounts = array();
modules/imap/include/mailaccounts.php   18)   if (@mysql_num_rows($result) > 0)
modules/imap/include/mailaccounts.php   19)     while ($acc = @mysql_fetch_object($result))
modules/imap/include/mailaccounts.php   20)       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
modules/imap/include/mailaccounts.php   21)   return $accounts;
modules/imap/include/mailaccounts.php   22) }
modules/imap/include/mailaccounts.php   23) 
modules/imap/include/mailaccounts.php   24) function get_mailaccount($id)
modules/imap/include/mailaccounts.php   25) {
modules/imap/include/mailaccounts.php   26)   $uid = (int) $uid;
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  27)   $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   28)   DEBUG("Found ".mysql_num_rows($result)." rows!");
bernd IMAP-Accounts deutlicher de...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  29)   if (mysql_num_rows($result) != 1)
modules/email/include/mailaccounts.php  30)     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   31)   $acc = mysql_fetch_object($result);
modules/imap/include/mailaccounts.php   32)   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
modules/imap/include/mailaccounts.php   33)   DEBUG(print_r($ret, true));
modules/imap/include/mailaccounts.php   34)   return $ret;
modules/imap/include/mailaccounts.php   35) }
modules/imap/include/mailaccounts.php   36) 
modules/imap/include/mailaccounts.php   37) function change_mailaccount($id, $arr)
modules/imap/include/mailaccounts.php   38) {
modules/imap/include/mailaccounts.php   39)   $id = (int) $id;
modules/imap/include/mailaccounts.php   40)   $conditions = array();
modules/imap/include/mailaccounts.php   41) 
modules/imap/include/mailaccounts.php   42)   if (isset($arr['account']))
modules/imap/include/mailaccounts.php   43)   {
modules/imap/include/mailaccounts.php   44)     list($local, $domain) = explode('@', $arr['account'], 2);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   45)     $domain = new Domain( (string) $domain);
modules/imap/include/mailaccounts.php   46)     if ($domain->id == NULL)
modules/imap/include/mailaccounts.php   47)       array_push($conditions, "domain=NULL");
modules/imap/include/mailaccounts.php   48)     else
modules/imap/include/mailaccounts.php   49)       array_push($conditions, "domain={$domain->id}");
modules/imap/include/mailaccounts.php   50) 
modules/imap/include/mailaccounts.php   51)     array_push($conditions, "local='".mysql_real_escape_string($local)."'");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   52)   }
modules/imap/include/mailaccounts.php   53)   if (isset($arr['mailbox']))
modules/imap/include/mailaccounts.php   54)     if ($arr['mailbox'] == '')
modules/imap/include/mailaccounts.php   55)       array_push($conditions, "`maildir`=NULL");
modules/imap/include/mailaccounts.php   56)     else
modules/imap/include/mailaccounts.php   57)       array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
modules/imap/include/mailaccounts.php   58) 
modules/imap/include/mailaccounts.php   59)   if (isset($arr['password']))
modules/imap/include/mailaccounts.php   60)   {
modules/imap/include/mailaccounts.php   61)     $encpw = encrypt_mail_password($arr['password']);
modules/imap/include/mailaccounts.php   62)     array_push($conditions, "`password`='$encpw'");
modules/imap/include/mailaccounts.php   63)   }
modules/imap/include/mailaccounts.php   64) 
modules/imap/include/mailaccounts.php   65)   if (isset($arr['enabled']))
modules/imap/include/mailaccounts.php   66)     array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
modules/imap/include/mailaccounts.php   67) 
modules/imap/include/mailaccounts.php   68) 
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   69)   db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
bernd eliminate .php extensions f...

bernd authored 16 years ago

modules/email/include/mailaccounts.php  70)   logger("modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   71) 
modules/imap/include/mailaccounts.php   72) }
modules/imap/include/mailaccounts.php   73) 
modules/imap/include/mailaccounts.php   74) function create_mailaccount($arr)
modules/imap/include/mailaccounts.php   75) {
modules/imap/include/mailaccounts.php   76)   $values = array();
modules/imap/include/mailaccounts.php   77) 
modules/imap/include/mailaccounts.php   78)   if (($arr['account']) == '')
modules/imap/include/mailaccounts.php   79)     system_failure('empty account name!');
modules/imap/include/mailaccounts.php   80) 
modules/imap/include/mailaccounts.php   81)   $values['uid'] = (int) $_SESSION['userinfo']['uid'];
modules/imap/include/mailaccounts.php   82) 
modules/imap/include/mailaccounts.php   83)   list($local, $domain) = explode('@', $arr['account'], 2);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   84)   $domain = new Domain( (string) $domain);
modules/imap/include/mailaccounts.php   85)   if ($domain->id == NULL)
modules/imap/include/mailaccounts.php   86)     $values['domain'] = "NULL";
modules/imap/include/mailaccounts.php   87)   else
modules/imap/include/mailaccounts.php   88)     $values['domain'] = $domain->id;
modules/imap/include/mailaccounts.php   89) 
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   90)   $values['local'] = "'".mysql_real_escape_string($local)."'";
modules/imap/include/mailaccounts.php   91) 
modules/imap/include/mailaccounts.php   92)   if (isset($arr['mailbox']))
modules/imap/include/mailaccounts.php   93)     if ($arr['mailbox'] == '')
modules/imap/include/mailaccounts.php   94)       $values['maildir'] = 'NULL';
modules/imap/include/mailaccounts.php   95)     else
modules/imap/include/mailaccounts.php   96)       $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
modules/imap/include/mailaccounts.php   97) 
modules/imap/include/mailaccounts.php   98) 
modules/imap/include/mailaccounts.php   99)   if (isset($arr['password']))
modules/imap/include/mailaccounts.php  100)   {
modules/imap/include/mailaccounts.php  101)     $values['password'] = "'".encrypt_mail_password($arr['password'])."'";
modules/imap/include/mailaccounts.php  102)   }
modules/imap/include/mailaccounts.php  103) 
modules/imap/include/mailaccounts.php  104)   if (isset($arr['enabled']))
modules/imap/include/mailaccounts.php  105)     $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
modules/imap/include/mailaccounts.php  106) 
modules/imap/include/mailaccounts.php  107) 
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  108)   db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
bernd eliminate .php extensions f...

bernd authored 16 years ago

modules/email/include/mailaccounts.php 109)   logger("modules/imap/include/mailaccounts", "imap", "created account »{$arr['account']}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  110) 
modules/imap/include/mailaccounts.php  111) }
modules/imap/include/mailaccounts.php  112) 
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  113)     
modules/imap/include/mailaccounts.php  114) function get_mailaccount_id($accountname)
modules/imap/include/mailaccounts.php  115) {
modules/imap/include/mailaccounts.php  116)   list($local, $domain) = explode('@', $accountname, 2);
modules/imap/include/mailaccounts.php  117) 
modules/imap/include/mailaccounts.php  118)   $local = mysql_real_escape_string($local);
bernd Fehler beim Passwort-Ändern...

bernd authored 16 years ago

modules/email/include/mailaccounts.php 119)   $domain = mysql_real_escape_string($domain);
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  120) 
bernd Fehler beim Passwort-Ändern...

bernd authored 16 years ago

modules/email/include/mailaccounts.php 121)   $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  122)   if (mysql_num_rows($result) != 1)
modules/imap/include/mailaccounts.php  123)     system_failure('account nicht eindeutig');
modules/imap/include/mailaccounts.php  124)   $acc = mysql_fetch_assoc($result);
modules/imap/include/mailaccounts.php  125)   return $acc['id'];
modules/imap/include/mailaccounts.php  126) }
modules/imap/include/mailaccounts.php  127)     
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  128) 
modules/imap/include/mailaccounts.php  129) function delete_mailaccount($id)
modules/imap/include/mailaccounts.php  130) {
modules/imap/include/mailaccounts.php  131)   $id = (int) $id;
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  132)   db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
bernd eliminate .php extensions f...

bernd authored 16 years ago

modules/email/include/mailaccounts.php 133)   logger("modules/imap/include/mailaccounts", "imap", "deleted account »{$id}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  134) }
modules/imap/include/mailaccounts.php  135) 
modules/imap/include/mailaccounts.php  136) 
modules/imap/include/mailaccounts.php  137) function check_valid($acc)
modules/imap/include/mailaccounts.php  138) {
modules/imap/include/mailaccounts.php  139)   $user = $_SESSION['userinfo'];
modules/imap/include/mailaccounts.php  140)   DEBUG("Account-data: ".print_r($acc, true));
modules/imap/include/mailaccounts.php  141)   DEBUG("User-data: ".print_r($user, true));
modules/imap/include/mailaccounts.php  142)   if ($acc['mailbox'] != '')
modules/imap/include/mailaccounts.php  143)   {
modules/imap/include/mailaccounts.php  144)     if (substr($acc['mailbox'], 0, strlen($user['homedir'])+1) != $user['homedir'].'/')
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  145)       return "Die Mailbox muss innerhalb des Home-Verzeichnisses liegen. Sie haben »".$acc['mailbox']."« als Mailbox angegeben, Ihr Home-Verzeichnis ist »".$user['homedir']."/«.";
modules/imap/include/mailaccounts.php  146)     if (! check_path($acc['mailbox']))
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  147)       return "Sie verwenden ungültige Zeichen in Ihrem Mailbox-Pfad.";
modules/imap/include/mailaccounts.php  148)   }
modules/imap/include/mailaccounts.php  149) 
modules/imap/include/mailaccounts.php  150)   if ($acc['account'] == '' || strpos($acc['account'], '@') == 0)
modules/imap/include/mailaccounts.php  151)     return "Es wurde kein Benutzername angegeben!";
modules/imap/include/mailaccounts.php  152)   if (strpos($acc['account'], '@') === false)
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 153)     return "Es wurde kein Domain-Teil im Account-Name angegeben. Account-Namen müssen einen Domain-Teil enthalten. Im Zweifel versuchen Sie »@".config('masterdomain')."«.";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  154) 
modules/imap/include/mailaccounts.php  155)   list($local, $domain) = explode('@', $acc['account'], 2);
hanno Hatte die Kompatibilität ge...

hanno authored 17 years ago

modules/imap/include/mailaccounts.php  156)   verify_input_username($local);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  157)   $tmpdomains = get_domain_list($user['customerno'], $user['uid']);
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  158)   $domains = array();
modules/imap/include/mailaccounts.php  159)   foreach ($tmpdomains as $dom)
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  160)     $domains[] = $dom->fqdn;
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  161) 
modules/imap/include/mailaccounts.php  162)   if (array_search($domain, $domains) === false)
modules/imap/include/mailaccounts.php  163)   {
bernd Mehr config-optionen und co...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 164)     if ($domain == config('masterdomain'))
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  165)     {
modules/imap/include/mailaccounts.php  166)       if (substr($local, 0, strlen($user['username'])) != $user['username'] || ($acc['account'][strlen($user['username'])] != '-' && $acc['account'][strlen($user['username'])] != '@'))
modules/imap/include/mailaccounts.php  167)       {
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 168)         return "Sie haben »@".config('masterdomain')."« als Domain-Teil angegeben, aber der Benutzer-Teil beginnt nicht mit Ihrem Benutzername!";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  169)       }
modules/imap/include/mailaccounts.php  170)     }
modules/imap/include/mailaccounts.php  171)     else
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  172)       return "Der angegebene Domain-Teil (»".htmlentities($domain, ENT_QUOTES, "UTF-8")."«) ist nicht für Ihren Account eingetragen. Sollte dies ein Fehler sein, wenden sie sich bitte an einen Administrator!";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  173)   }
modules/imap/include/mailaccounts.php  174) 
modules/imap/include/mailaccounts.php  175)   return '';
modules/imap/include/mailaccounts.php  176) }
modules/imap/include/mailaccounts.php  177) 
modules/imap/include/mailaccounts.php  178) 
bernd IMAP-Accounts deutlicher de...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 179) function imap_on_vmail_domain()
modules/email/include/mailaccounts.php 180) {
modules/email/include/mailaccounts.php 181)   $uid = (int) $_SESSION['userinfo']['uid'];
modules/email/include/mailaccounts.php 182)   $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
modules/email/include/mailaccounts.php 183)   if (mysql_num_rows($result) > 0)
modules/email/include/mailaccounts.php 184)     return true;
modules/email/include/mailaccounts.php 185)   return false;
modules/email/include/mailaccounts.php 186) }
modules/email/include/mailaccounts.php 187) 
modules/email/include/mailaccounts.php 188) function user_has_only_vmail_domains()
modules/email/include/mailaccounts.php 189) {
modules/email/include/mailaccounts.php 190)   $uid = (int) $_SESSION['userinfo']['uid'];
modules/email/include/mailaccounts.php 191)   $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
modules/email/include/mailaccounts.php 192)   if (mysql_num_rows($result) == 0)
modules/email/include/mailaccounts.php 193)     return true;
modules/email/include/mailaccounts.php 194)   return false;
modules/email/include/mailaccounts.php 195) }
modules/email/include/mailaccounts.php 196) 
modules/email/include/mailaccounts.php 197)