Mirrors
/
postfixadmin
mirror of https://github.com/postfixadmin/postfixadmin.git
3
0
Fork 0
Code Releases Activity
Browse Source

final set of refactoring patches 

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@70 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
David Goodwin 19 years ago
parent
941a0ddbd4
commit
4eb83c4bdc
1 changed files with 71 additions and 74 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 145
      functions.inc.php

145
functions.inc.php
View File

@ -15,58 +15,86 @@ if (ereg ("functions.inc.php", $_SERVER['PHP_SELF']))
exit;
}
$version = "2.1.1";
$version = '2.2 SVN';
//
// check_session
// Action: Check if a session already exists, if not redirect to login.php
// Call: check_session ()
//
function check_session ()
/**
* check_session
* Action: Check if a session already exists, if not redirect to login.php
* Call: check_session ()
* @return String username (e.g. foo@example.com)
*/
function authentication_get_username()
{
global $CONF;
session_start ();
session_fixid ();
if (!session_is_registered ("sessid"))
{
if (!isset($_SESSION['sessid'])) {
header ("Location: " . $CONF['postfix_admin_url'] . "/login.php");
exit;
exit(0);
}
$SESSID_USERNAME = $_SESSION['sessid']['username'];
return $SESSID_USERNAME;
}
function check_user_session ()
{
/**
* Returns the type of user - either 'user' or 'admin'
* Returns false if neither (E.g. if not logged in)
* @return String admin or user or (boolean) false.
*/
function authentication_get_usertype() {
if(isset($_SESSION['sessid'])) {
if(isset($_SESSION['sessid']['type'])) {
return $_SESSION['sessid']['type'];
}
}
return false;
}
/**
*
* Used to determine whether a user has a particular role.
* @param String role-name. (E.g. admin, global-admin or user)
* @return boolean True if they have the requested role in their session.
* Note, user < admin < global-admin
*/
function authentication_has_role($role) {
global $CONF;
session_start ();
session_fixid ();
if (!session_is_registered ("userid"))
{
header ("Location: " . $CONF['postfix_admin_url'] . "/login.php");
exit;
if(isset($_SESSION['sessid'])) {
if(isset($_SESSION['sessid']['roles'])) {
if(in_array($role, $_SESSION['sessid']['roles'])) {
return true;
}
}
}
$USERID_USERNAME = $_SESSION['userid']['username'];
return $USERID_USERNAME;
return false;
}
//
// session_fixid
// Action: should avoid 'session fixation'
// Call: session_fixid ()
//
function session_fixid ()
{
if (!isset($_SESSION['exist']))
{
if ( !session_regenerate_id() )
{
die("Couldn't regenerate your session id.");
}
$_SESSION['exist'] = true;
/**
* Used to enforce that $user has a particular role when
* viewing a page.
* If they are lacking a role, redirect them to
* $CONF['postfix_admin_url']/login.php
*
* Note, user < admin < global-admin
*/
function authentication_require_role($role) {
// redirect to appropriate page?
if(authentication_has_role($role)) {
return True;
}
header("Location: " . $CONF['postfix_admin_url'] . "/login.php");
exit(0);
}
/**
* @return boolean TRUE if a admin, FALSE otherwise.
*/
function authentication_is_admin() {
return authentication_get_usertype() == 'admin';
}
/**
* @return boolean TRUE if a user, FALSE otherwise.
*/
function authentication_is_user() {
return authentication_get_usertype() == 'user';
}
//
@ -576,7 +604,7 @@ function check_owner ($username, $domain)
function check_alias_owner ($username, $alias)
{
global $CONF;
if (check_admin ($username)) return true;
if (authentication_has_role('global-admin')) return true;
$tmp = preg_split('/\@/', $alias);
if (($CONF['special_alias_control'] == 'NO') && array_key_exists($tmp[0], $CONF['default_aliases']))
{
@ -646,35 +674,12 @@ function list_domains ()
//
// check_admin
// Action: Checks if the admin is super-admin.
// Call: check_admin (string admin)
//
function check_admin ($username)
{
global $table_domain_admins;
$result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND domain='ALL' AND active='1'");
if ($result['rows'] != 1)
{
return false;
}
else
{
return true;
}
}
//
// admin_exist
// Action: Checks if the admin already exists.
// Call: admin_exist (string admin)
//
// was check_admin
//
function admin_exist ($username)
{
global $table_admin;
@ -972,7 +977,7 @@ function pacrypt ($pw, $pw_db="")
$password = md5crypt ($pw, $salt);
}
if($CONF['encrypt'] == 'md5') {
if ($CONF['encrypt'] == 'md5') {
$password = md5($pw);
}
@ -999,8 +1004,6 @@ function pacrypt ($pw, $pw_db="")
return $password;
}
//
// md5crypt
// Action: Creates MD5 encrypted password
@ -1214,7 +1217,7 @@ function db_connect ()
$link = @mysqli_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die ("<p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error () . "$DEBUG_TEXT");
@mysqli_query($link,"SET CHARACTER SET utf8");
@mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'");
$succes = @mysqli_select_db ($link, $CONF['database_name']) or die ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error () . "$DEBUG_TEXT");
$success = @mysqli_select_db ($link, $CONF['database_name']) or die ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " . mysqli_error ($link) . "$DEBUG_TEXT");
}
else
{
@ -1228,8 +1231,8 @@ function db_connect ()
if (function_exists ("pg_pconnect"))
{
$connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password'];
$link = @pg_pconnect ($connect_string) or die ("<p />DEBUG INFORMATION:<br />Connect: " . pg_last_error () . "$DEBUG_TEXT");
pg_set_client_encoding($link, UNICODE);
$link = @pg_pconnect ($connect_string) or die ("<p />DEBUG INFORMATION:<br />Connect: " . pg_last_error($link) . "$DEBUG_TEXT");
pg_set_client_encoding($link, 'UNICODE');
}
else
{
@ -1270,14 +1273,8 @@ function db_query ($query)
if (!is_resource($link)) $link = db_connect ();
if ($CONF['database_type'] == "mysql")
{
$result = @mysql_query ($query, $link) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysql_error() . "$DEBUG_TEXT");
}
if ($CONF['database_type'] == "mysqli")
{
$result = @mysqli_query ($link, $query) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
}
if ($CONF['database_type'] == "mysql") $result = @mysql_query ($query, $link) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysql_error($link) . "$DEBUG_TEXT");
if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
if ($CONF['database_type'] == "pgsql")
{
$result = @pg_query ($link, $query) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . pg_last_error() . "$DEBUG_TEXT");

Write Preview
Loading…
Cancel
Save