trust new e-mail-addresses inserted by admins and special trusted customers
Bernd Wurst commited on 2025-05-06 11:27:17
Zeige 2 geänderte Dateien mit 30 Einfügungen und 2 Löschungen.
- modules/contacts/include/contacts.php 8897c7a..eefe34b
- modules/contacts/save.php 3e96807..5c8d58a
| ... | ... |
@@ -17,7 +17,7 @@ require_once('inc/icons.php');
|
| 17 | 17 |
require_once('inc/security.php');
|
| 18 | 18 |
require_role([ROLE_CUSTOMER]); |
| 19 | 19 |
require_once('class/domain.php');
|
| 20 |
- |
|
| 20 |
+require_once('session/checkuser.php');
|
|
| 21 | 21 |
require_once('contactapi.php');
|
| 22 | 22 |
|
| 23 | 23 |
|
| ... | ... |
@@ -117,6 +117,28 @@ function have_mailaddress($email) |
| 117 | 117 |
} |
| 118 | 118 |
|
| 119 | 119 |
|
| 120 |
+function allow_new_address() |
|
| 121 |
+{
|
|
| 122 |
+ // Wenn Admin per Su-Login |
|
| 123 |
+ $admin_user = $_SESSION['admin_user']; |
|
| 124 |
+ $role = find_role($admin_user, '', true); |
|
| 125 |
+ if ($role & ROLE_SYSADMIN) {
|
|
| 126 |
+ warning('Die E-Mail-Adresse wird nicht überprüft, da Sie Admin sind!');
|
|
| 127 |
+ return true; |
|
| 128 |
+ } |
|
| 129 |
+ // Wenn der User vertrauenswürdig ist (feld trust_new_contacts) |
|
| 130 |
+ if (isset($_SESSION['customerinfo'])) {
|
|
| 131 |
+ // User ist auch Kundenaccount |
|
| 132 |
+ $result = db_query("SELECT trust_new_contacts FROM kundendaten.kunden WHERE id=?", [(int) $_SESSION['customerinfo']['customerno']]);
|
|
| 133 |
+ $data = $result->fetch(); |
|
| 134 |
+ if ($data['trust_new_contacts'] == 1) {
|
|
| 135 |
+ warning('Die E-Mail-Adresse war bisher nicht in Verwendung. Da Sie für die Verwendung unbekannter Adressen freigeschaltet sind, wird die Adresse von uns nicht überprüft.');
|
|
| 136 |
+ return true; |
|
| 137 |
+ } |
|
| 138 |
+ } |
|
| 139 |
+ return false; |
|
| 140 |
+} |
|
| 141 |
+ |
|
| 120 | 142 |
function possible_kundenkontakt($c) |
| 121 | 143 |
{
|
| 122 | 144 |
if ($c['name'] && $c['email']) {
|
| ... | ... |
@@ -307,6 +329,7 @@ function update_pending($contactid) |
| 307 | 329 |
|
| 308 | 330 |
function delete_contact($id) |
| 309 | 331 |
{
|
| 332 |
+ $keep = false; |
|
| 310 | 333 |
$c = get_contact($id); |
| 311 | 334 |
$kundenkontakte = get_kundenkontakte(); |
| 312 | 335 |
if ($id == $kundenkontakte['kunde']) {
|
| ... | ... |
@@ -322,8 +345,13 @@ function delete_contact($id) |
| 322 | 345 |
// Lösche bei der Registry |
| 323 | 346 |
$c['state'] = 'deleted'; |
| 324 | 347 |
upload_contact($c); |
| 348 |
+ $keep = true; |
|
| 325 | 349 |
} |
| 350 |
+ if ($keep) {
|
|
| 326 | 351 |
db_query("UPDATE kundendaten.contacts SET state='deleted' WHERE id=?", [$c['id']]);
|
| 352 |
+ } else {
|
|
| 353 |
+ db_query("DELETE FROM kundendaten.contacts WHERE id=?", [$c['id']]);
|
|
| 354 |
+ } |
|
| 327 | 355 |
} |
| 328 | 356 |
|
| 329 | 357 |
|
| ... | ... |
@@ -191,7 +191,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
|
| 191 | 191 |
$c['id'] = $id; |
| 192 | 192 |
|
| 193 | 193 |
if (isset($_REQUEST['email']) && check_emailaddr($_REQUEST['email']) && ($new || $c['email'] != $_REQUEST['email'])) {
|
| 194 |
- if (have_mailaddress($_REQUEST['email'])) {
|
|
| 194 |
+ if (have_mailaddress($_REQUEST['email']) || allow_new_address()) {
|
|
| 195 | 195 |
save_emailaddress($c['id'], $_REQUEST['email']); |
| 196 | 196 |
} else {
|
| 197 | 197 |
send_emailchange_token($c['id'], $_REQUEST['email']); |
| 198 | 198 |