d77e71db50e0675f533f13994f852ec372d66678
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    1) <?php
modules/imap/include/mailaccounts.php    2) 
modules/imap/include/mailaccounts.php    3) require_once('inc/debug.php');
modules/imap/include/mailaccounts.php    4) require_once('inc/db_connect.php');
bernd Logging aktiviert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    5) require_once('inc/base.php');
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    6) require_once('inc/security.php');
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    7) 
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php    8) require_once('class/domain.php');
modules/imap/include/mailaccounts.php    9) 
bernd Alles in das email-modul ve...

bernd authored 16 years ago

modules/email/include/mailaccounts.php  10) require_once('common.php');
modules/email/include/mailaccounts.php  11) 
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   12) function mailaccounts($uid)
modules/imap/include/mailaccounts.php   13) {
modules/imap/include/mailaccounts.php   14)   $uid = (int) $uid;
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  15)   $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   16)   DEBUG("Found ".@mysql_num_rows($result)." rows!");
modules/imap/include/mailaccounts.php   17)   $accounts = array();
modules/imap/include/mailaccounts.php   18)   if (@mysql_num_rows($result) > 0)
modules/imap/include/mailaccounts.php   19)     while ($acc = @mysql_fetch_object($result))
modules/imap/include/mailaccounts.php   20)       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
modules/imap/include/mailaccounts.php   21)   return $accounts;
modules/imap/include/mailaccounts.php   22) }
modules/imap/include/mailaccounts.php   23) 
modules/imap/include/mailaccounts.php   24) function get_mailaccount($id)
modules/imap/include/mailaccounts.php   25) {
bernd Keine Domains => Dann auch...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  26)   $id = (int) $id;
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  27)   $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   28)   DEBUG("Found ".mysql_num_rows($result)." rows!");
bernd IMAP-Accounts deutlicher de...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  29)   if (mysql_num_rows($result) != 1)
modules/email/include/mailaccounts.php  30)     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   31)   $acc = mysql_fetch_object($result);
modules/imap/include/mailaccounts.php   32)   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
modules/imap/include/mailaccounts.php   33)   DEBUG(print_r($ret, true));
modules/imap/include/mailaccounts.php   34)   return $ret;
modules/imap/include/mailaccounts.php   35) }
modules/imap/include/mailaccounts.php   36) 
modules/imap/include/mailaccounts.php   37) function change_mailaccount($id, $arr)
modules/imap/include/mailaccounts.php   38) {
modules/imap/include/mailaccounts.php   39)   $id = (int) $id;
modules/imap/include/mailaccounts.php   40)   $conditions = array();
modules/imap/include/mailaccounts.php   41) 
modules/imap/include/mailaccounts.php   42)   if (isset($arr['account']))
modules/imap/include/mailaccounts.php   43)   {
modules/imap/include/mailaccounts.php   44)     list($local, $domain) = explode('@', $arr['account'], 2);
bernd Erlaube @schokokeks.org-IMAP

bernd authored 15 years ago

modules/email/include/mailaccounts.php  45)     if ($domain == config('masterdomain'))
modules/email/include/mailaccounts.php  46)     {
modules/email/include/mailaccounts.php  47)       $values['domain'] = "NULL";
modules/email/include/mailaccounts.php  48)     }
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   49)     else
bernd Sicherstellen, dass die Dom...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  50)     {
bernd Erlaube @schokokeks.org-IMAP

bernd authored 15 years ago

modules/email/include/mailaccounts.php  51)       $domain = new Domain( (string) $domain);
modules/email/include/mailaccounts.php  52)       if ($domain->id == NULL)
modules/email/include/mailaccounts.php  53)         array_push($conditions, "domain=NULL");
modules/email/include/mailaccounts.php  54)       else
modules/email/include/mailaccounts.php  55)       {
modules/email/include/mailaccounts.php  56)         $domain->ensure_userdomain();
modules/email/include/mailaccounts.php  57)         array_push($conditions, "domain={$domain->id}");
modules/email/include/mailaccounts.php  58)       }
bernd Sicherstellen, dass die Dom...

bernd authored 15 years ago

modules/email/include/mailaccounts.php  59)     }
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   60)     array_push($conditions, "local='".mysql_real_escape_string($local)."'");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   61)   }
modules/imap/include/mailaccounts.php   62)   if (isset($arr['mailbox']))
modules/imap/include/mailaccounts.php   63)     if ($arr['mailbox'] == '')
modules/imap/include/mailaccounts.php   64)       array_push($conditions, "`maildir`=NULL");
modules/imap/include/mailaccounts.php   65)     else
modules/imap/include/mailaccounts.php   66)       array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
modules/imap/include/mailaccounts.php   67) 
modules/imap/include/mailaccounts.php   68)   if (isset($arr['password']))
modules/imap/include/mailaccounts.php   69)   {
modules/imap/include/mailaccounts.php   70)     $encpw = encrypt_mail_password($arr['password']);
modules/imap/include/mailaccounts.php   71)     array_push($conditions, "`password`='$encpw'");
modules/imap/include/mailaccounts.php   72)   }
modules/imap/include/mailaccounts.php   73) 
modules/imap/include/mailaccounts.php   74)   if (isset($arr['enabled']))
modules/imap/include/mailaccounts.php   75)     array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
modules/imap/include/mailaccounts.php   76) 
modules/imap/include/mailaccounts.php   77) 
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   78)   db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
bernd Logger mit Logleveln

bernd authored 15 years ago

modules/email/include/mailaccounts.php  79)   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   80) 
modules/imap/include/mailaccounts.php   81) }
modules/imap/include/mailaccounts.php   82) 
modules/imap/include/mailaccounts.php   83) function create_mailaccount($arr)
modules/imap/include/mailaccounts.php   84) {
modules/imap/include/mailaccounts.php   85)   $values = array();
modules/imap/include/mailaccounts.php   86) 
modules/imap/include/mailaccounts.php   87)   if (($arr['account']) == '')
modules/imap/include/mailaccounts.php   88)     system_failure('empty account name!');
modules/imap/include/mailaccounts.php   89) 
modules/imap/include/mailaccounts.php   90)   $values['uid'] = (int) $_SESSION['userinfo']['uid'];
modules/imap/include/mailaccounts.php   91) 
modules/imap/include/mailaccounts.php   92)   list($local, $domain) = explode('@', $arr['account'], 2);
bernd Erlaube wieder @schokokeks....

bernd authored 15 years ago

modules/email/include/mailaccounts.php  93)   if ($domain == config('masterdomain'))
modules/email/include/mailaccounts.php  94)   {
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php   95)     $values['domain'] = "NULL";
bernd Erlaube wieder @schokokeks....

bernd authored 15 years ago

modules/email/include/mailaccounts.php  96)   }
modules/email/include/mailaccounts.php  97)   else
modules/email/include/mailaccounts.php  98)   {
modules/email/include/mailaccounts.php  99)     $domain = new Domain( (string) $domain);
modules/email/include/mailaccounts.php 100)     if ($domain->id == NULL)
modules/email/include/mailaccounts.php 101)       $values['domain'] = "NULL";
modules/email/include/mailaccounts.php 102)     else {
modules/email/include/mailaccounts.php 103)       $domain->ensure_userdomain();
modules/email/include/mailaccounts.php 104)       $values['domain'] = $domain->id;
modules/email/include/mailaccounts.php 105)     }
bernd Sicherstellen, dass die Dom...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 106)   }
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  107) 
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  108)   $values['local'] = "'".mysql_real_escape_string($local)."'";
modules/imap/include/mailaccounts.php  109) 
modules/imap/include/mailaccounts.php  110)   if (isset($arr['mailbox']))
modules/imap/include/mailaccounts.php  111)     if ($arr['mailbox'] == '')
modules/imap/include/mailaccounts.php  112)       $values['maildir'] = 'NULL';
modules/imap/include/mailaccounts.php  113)     else
modules/imap/include/mailaccounts.php  114)       $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
modules/imap/include/mailaccounts.php  115) 
modules/imap/include/mailaccounts.php  116) 
modules/imap/include/mailaccounts.php  117)   if (isset($arr['password']))
modules/imap/include/mailaccounts.php  118)   {
modules/imap/include/mailaccounts.php  119)     $values['password'] = "'".encrypt_mail_password($arr['password'])."'";
modules/imap/include/mailaccounts.php  120)   }
modules/imap/include/mailaccounts.php  121) 
modules/imap/include/mailaccounts.php  122)   if (isset($arr['enabled']))
modules/imap/include/mailaccounts.php  123)     $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
modules/imap/include/mailaccounts.php  124) 
modules/imap/include/mailaccounts.php  125) 
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  126)   db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
bernd Logger mit Logleveln

bernd authored 15 years ago

modules/email/include/mailaccounts.php 127)   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "created account »{$arr['account']}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  128) 
modules/imap/include/mailaccounts.php  129) }
modules/imap/include/mailaccounts.php  130) 
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  131)     
modules/imap/include/mailaccounts.php  132) function get_mailaccount_id($accountname)
modules/imap/include/mailaccounts.php  133) {
modules/imap/include/mailaccounts.php  134)   list($local, $domain) = explode('@', $accountname, 2);
modules/imap/include/mailaccounts.php  135) 
modules/imap/include/mailaccounts.php  136)   $local = mysql_real_escape_string($local);
bernd Fehler beim Passwort-Ändern...

bernd authored 16 years ago

modules/email/include/mailaccounts.php 137)   $domain = mysql_real_escape_string($domain);
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  138) 
bernd Fehler beim Passwort-Ändern...

bernd authored 16 years ago

modules/email/include/mailaccounts.php 139)   $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
bernd Auch mailaccounts können si...

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  140)   if (mysql_num_rows($result) != 1)
modules/imap/include/mailaccounts.php  141)     system_failure('account nicht eindeutig');
modules/imap/include/mailaccounts.php  142)   $acc = mysql_fetch_assoc($result);
modules/imap/include/mailaccounts.php  143)   return $acc['id'];
modules/imap/include/mailaccounts.php  144) }
modules/imap/include/mailaccounts.php  145)     
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  146) 
modules/imap/include/mailaccounts.php  147) function delete_mailaccount($id)
modules/imap/include/mailaccounts.php  148) {
modules/imap/include/mailaccounts.php  149)   $id = (int) $id;
bernd sql-abfragen abstrahiert

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  150)   db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
bernd Logger mit Logleveln

bernd authored 15 years ago

modules/email/include/mailaccounts.php 151)   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "deleted account »{$id}«");
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  152) }
modules/imap/include/mailaccounts.php  153) 
modules/imap/include/mailaccounts.php  154) 
modules/imap/include/mailaccounts.php  155) function check_valid($acc)
modules/imap/include/mailaccounts.php  156) {
modules/imap/include/mailaccounts.php  157)   $user = $_SESSION['userinfo'];
modules/imap/include/mailaccounts.php  158)   DEBUG("Account-data: ".print_r($acc, true));
modules/imap/include/mailaccounts.php  159)   DEBUG("User-data: ".print_r($user, true));
modules/imap/include/mailaccounts.php  160)   if ($acc['mailbox'] != '')
modules/imap/include/mailaccounts.php  161)   {
modules/imap/include/mailaccounts.php  162)     if (substr($acc['mailbox'], 0, strlen($user['homedir'])+1) != $user['homedir'].'/')
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  163)       return "Die Mailbox muss innerhalb des Home-Verzeichnisses liegen. Sie haben »".$acc['mailbox']."« als Mailbox angegeben, Ihr Home-Verzeichnis ist »".$user['homedir']."/«.";
modules/imap/include/mailaccounts.php  164)     if (! check_path($acc['mailbox']))
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  165)       return "Sie verwenden ungültige Zeichen in Ihrem Mailbox-Pfad.";
modules/imap/include/mailaccounts.php  166)   }
modules/imap/include/mailaccounts.php  167) 
modules/imap/include/mailaccounts.php  168)   if ($acc['account'] == '' || strpos($acc['account'], '@') == 0)
modules/imap/include/mailaccounts.php  169)     return "Es wurde kein Benutzername angegeben!";
modules/imap/include/mailaccounts.php  170)   if (strpos($acc['account'], '@') === false)
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 171)     return "Es wurde kein Domain-Teil im Account-Name angegeben. Account-Namen müssen einen Domain-Teil enthalten. Im Zweifel versuchen Sie »@".config('masterdomain')."«.";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  172) 
modules/imap/include/mailaccounts.php  173)   list($local, $domain) = explode('@', $acc['account'], 2);
hanno Hatte die Kompatibilität ge...

hanno authored 17 years ago

modules/imap/include/mailaccounts.php  174)   verify_input_username($local);
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  175)   $tmpdomains = get_domain_list($user['customerno'], $user['uid']);
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  176)   $domains = array();
modules/imap/include/mailaccounts.php  177)   foreach ($tmpdomains as $dom)
bernd Domain-Klasse benutzen

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  178)     $domains[] = $dom->fqdn;
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  179) 
modules/imap/include/mailaccounts.php  180)   if (array_search($domain, $domains) === false)
modules/imap/include/mailaccounts.php  181)   {
bernd Mehr config-optionen und co...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 182)     if ($domain == config('masterdomain'))
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  183)     {
modules/imap/include/mailaccounts.php  184)       if (substr($local, 0, strlen($user['username'])) != $user['username'] || ($acc['account'][strlen($user['username'])] != '-' && $acc['account'][strlen($user['username'])] != '@'))
modules/imap/include/mailaccounts.php  185)       {
bernd Einige Dummheiten repariert...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 186)         return "Sie haben »@".config('masterdomain')."« als Domain-Teil angegeben, aber der Benutzer-Teil beginnt nicht mit Ihrem Benutzername!";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  187)       }
modules/imap/include/mailaccounts.php  188)     }
modules/imap/include/mailaccounts.php  189)     else
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  190)       return "Der angegebene Domain-Teil (»".htmlentities($domain, ENT_QUOTES, "UTF-8")."«) ist nicht für Ihren Account eingetragen. Sollte dies ein Fehler sein, wenden sie sich bitte an einen Administrator!";
bernd webinterface => /webinterface

bernd authored 17 years ago

modules/imap/include/mailaccounts.php  191)   }
modules/imap/include/mailaccounts.php  192) 
modules/imap/include/mailaccounts.php  193)   return '';
modules/imap/include/mailaccounts.php  194) }
modules/imap/include/mailaccounts.php  195) 
modules/imap/include/mailaccounts.php  196) 
bernd IMAP-Accounts deutlicher de...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 197) function imap_on_vmail_domain()
modules/email/include/mailaccounts.php 198) {
modules/email/include/mailaccounts.php 199)   $uid = (int) $_SESSION['userinfo']['uid'];
modules/email/include/mailaccounts.php 200)   $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
modules/email/include/mailaccounts.php 201)   if (mysql_num_rows($result) > 0)
modules/email/include/mailaccounts.php 202)     return true;
modules/email/include/mailaccounts.php 203)   return false;
modules/email/include/mailaccounts.php 204) }
modules/email/include/mailaccounts.php 205) 
modules/email/include/mailaccounts.php 206) function user_has_only_vmail_domains()
modules/email/include/mailaccounts.php 207) {
modules/email/include/mailaccounts.php 208)   $uid = (int) $_SESSION['userinfo']['uid'];
bernd Keine Domains => Dann auch...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 209)   $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
modules/email/include/mailaccounts.php 210)   // User hat keine VMail-Domains
modules/email/include/mailaccounts.php 211)   if (mysql_num_rows($result) == 0)
modules/email/include/mailaccounts.php 212)     return false;
bernd IMAP-Accounts deutlicher de...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 213)   $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
bernd Keine Domains => Dann auch...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 214)   // User hat keine Domains die nicht vmail-Domains sind
bernd IMAP-Accounts deutlicher de...

bernd authored 15 years ago

modules/email/include/mailaccounts.php 215)   if (mysql_num_rows($result) == 0)
modules/email/include/mailaccounts.php 216)     return true;
modules/email/include/mailaccounts.php 217)   return false;
modules/email/include/mailaccounts.php 218) }
modules/email/include/mailaccounts.php 219) 
modules/email/include/mailaccounts.php 220)