- merge edit-active.php and admin/edit-active.php

- merge identical parts of GET and POST code git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@40 a1433add-5e2c-0410-b055-b7f2511e0802
19 years ago · 04ce4827e4
2 changed files with 29 additions and 97 deletions
--- a/admin/edit-active.php
+++ b/admin/edit-active.php
@ -18,84 +18,9 @@
 // fUsername
 // fDomain
 //
-require ("../variables.inc.php");
-require ("../config.inc.php");
-require ("../functions.inc.php");
-include ("../languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session ();
-(!check_admin($SESSID_USERNAME) ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1');
+$incpath = "..";
+require("../edit-active.php");

-if ($_SERVER['REQUEST_METHOD'] == "GET")
-{
-   if (isset ($_GET['username'])) $fUsername = escape_string ($_GET['username']);
-   if (isset ($_GET['alias'])) $fAlias = escape_string ($_GET['alias']); else $fAlias = escape_string ($_GET['username']);
-   if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
-   if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
-
-   if ($fUsername != '')
-   {
-      $query = "UPDATE $table_mailbox SET active=1-active WHERE username='$fUsername' AND domain='$fDomain'";
-      if ('pgsql'==$CONF['database_type'])
-      {
-         $query = "UPDATE $table_mailbox SET active=NOT active WHERE username='$fUsername' AND domain='$fDomain'";
-      }
-      $result = db_query ($query);
-      if ($result['rows'] != 1)
-      {
-         $error = 1;
-         $tMessage = $PALANG['pEdit_mailbox_result_error'];
-      }
-      else
-      {
-         db_log ($CONF['admin_email'], $fDomain, "edit active", $fUsername);
-      }
-   }
-
-   if ($fAlias != '')
-   {
-      $query = "UPDATE $table_alias SET active=1-active WHERE address='$fAlias' AND domain='$fDomain'";
-      if ('pgsql'==$CONF['database_type'])
-      {
-         $query = "UPDATE $table_alias SET active=NOT active WHERE address='$fAlias' AND domain='$fDomain'";
-      }
-      $result = db_query ($query);
-      if ($result['rows'] != 1)
-      {
-         $error = 1;
-         $tMessage = $PALANG['pEdit_mailbox_result_error'] . " alias" . $result['rows'];
-      }
-      else
-      {
-         db_log ($CONF['admin_email'], $fDomain, "edit alias active", $fAlias);
-      }
-   }
-
-   if ($error != 1)
-   {
-      if ( $fReturn != "" )
-      {
-        header ("Location: $fReturn");
-      }
-      else
-      {
-        header ("Location: list-virtual.php?domain=$fDomain");
-      }
-      exit;
-   }
-
-   include ("../templates/header.tpl");
-   include ("../templates/admin_menu.tpl");
-   include ("../templates/message.tpl");
-   include ("../templates/footer.tpl");
-}
-
-if ($_SERVER['REQUEST_METHOD'] == "POST")
-{
-   include ("../templates/header.tpl");
-   include ("../templates/admin_menu.tpl");
-   include ("../templates/message.tpl");
-   include ("../templates/footer.tpl");
-}
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
 ?>
--- a/edit-active.php
+++ b/edit-active.php
@ -19,12 +19,15 @@
 // fDomain
 // fReturn
 //
-require ("./variables.inc.php");
-require ("./config.inc.php");
-require ("./functions.inc.php");
-include ("./languages/" . check_language () . ".lang");

-$SESSID_USERNAME = check_session();
+if (!isset($incpath)) $incpath = '.';
+
+require ("$incpath/variables.inc.php");
+require ("$incpath/config.inc.php");
+require ("$incpath/functions.inc.php");
+include ("$incpath/languages/" . check_language () . ".lang");
+
+$SESSID_USERNAME = check_session ();

 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
@ -32,8 +35,8 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
   if (isset ($_GET['alias'])) $fAlias = escape_string ($_GET['alias']); else $fAlias = escape_string ($_GET['username']);
   if (isset ($_GET['domain'])) $fDomain = escape_string ($_GET['domain']);
   if (isset ($_GET['return'])) $fReturn = escape_string ($_GET['return']);
-   
-   if (!check_owner ($SESSID_USERNAME, $fDomain))
+
+   if (! (check_owner ($SESSID_USERNAME, $fDomain) || check_admin($SESSID_USERNAME) ) )
   {
      $error = 1;
      $tMessage = $PALANG['pEdit_mailbox_domain_error'] . "<b>$fDomain</b>!</font>";
@ -68,32 +71,36 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
         }
      }
   }
-   
+
   if ($error != 1)
   {
      if ( $fReturn != "" )
      {
+### TODO: prevent possible URL injection (return=http://www.irgendwas.de)
+###       http://sourceforge.net/tracker/index.php?func=detail&aid=1770514&group_id=191583&atid=937964
        header ("Location: $fReturn");
      }
      else
      {
-        header ("Location: overview.php?domain=$fDomain");
+         if (check_admin($SESSID_USERNAME)) {
+            header ("Location: list-virtual.php?domain=$fDomain");
+         } else {
+            header ("Location: overview.php?domain=$fDomain");
+         }
      }
      exit;
   }
-   
-   include ("./templates/header.tpl");
-   include ("./templates/menu.tpl");
-   include ("./templates/message.tpl");
-   include ("./templates/footer.tpl");
 }

-if ($_SERVER['REQUEST_METHOD'] == "POST")
-{
-   include ("./templates/header.tpl");
-   include ("./templates/menu.tpl");
-   include ("./templates/message.tpl");
-   include ("./templates/footer.tpl");
+include ("$incpath/templates/header.tpl");
+
+if (check_admin($SESSID_USERNAME)) {
+   include ("$incpath/templates/admin_menu.tpl");
+} else {
+   include ("$incpath/templates/menu.tpl");
 }
+
+include ("$incpath/templates/message.tpl");
+include ("$incpath/templates/footer.tpl");
 /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
 ?>