-
Notifications
You must be signed in to change notification settings - Fork 3
/
adminuseraddsubmit.php
161 lines (149 loc) · 5.21 KB
/
adminuseraddsubmit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<?php
include_once dirname(__FILE__) . '/config/httpheaders.php';
include_once dirname(__FILE__) . '/config/variables.php';
include_once dirname(__FILE__) . '/config/authpostmaster.php';
include_once dirname(__FILE__) . '/config/functions.php';
# enforce limit on the maximum number of user accounts in the domain
$domquery = "SELECT (count(users.user_id) < domains.max_accounts)
OR (domains.max_accounts=0) AS allowed FROM users,domain
WHERE users.domain_id=domains.domain_id
AND domains.domain_id='{$_SESSION['domain_id']}'
AND (users.type='local' OR users.type='piped')
GROUP BY domains.max_accounts";
$domresult = $db->query($domquery);
if (!DB::isError($domresult)) {
$domrow = $domresult->fetchRow();
if (!$domrow['allowed']) {
header ("Location: adminuser.php?maxaccounts=true");
}
}
# Strip off leading and trailing spaces
$_POST['localpart'] = preg_replace("/^\s+/","",$_POST['localpart']);
$_POST['localpart'] = preg_replace("/\s+$/","",$_POST['localpart']);
# get the settings for the domain
$query = "SELECT spamassassin,pipe,uid,gid,quotas FROM domains
WHERE domain_id='{$_SESSION['domain_id']}'";
$result = $db->query($query);
if ($result->numRows()) {
$row = $result->fetchRow();
}
# Fix the boolean values
if (isset($_POST['admin'])) {
$_POST['admin'] = 1;
} else {
$_POST['admin'] = 0;
}
if (isset($_POST['enabled'])) {
$_POST['enabled'] = 1;
} else {
$_POST['enabled'] = 0;
}
if ($postmasteruidgid == "yes"){
if(!isset($_POST['uid'])) {
$_POST['uid'] = $row['uid'];
}
if(!isset($_POST['gid'])) {
$_POST['gid'] = $row['gid'];
}
}else{
# customisation of the uid and gid is not permitted for postmasters, use the domain defaults
$_POST['uid'] = $row['uid'];
$_POST['gid'] = $row['gid'];
}
if(!isset($_POST['quota'])) {
$_POST['quota'] = $row['quotas'];
}
if($row['quotas'] != "0") {
if (($_POST['quota'] > $row['quotas']) || ($_POST['quota'] == "0")) {
header ("Location: adminuser.php?quotahigh={$row['quotas']}");
die;
}
}
# Do some checking, to make sure the user is ALLOWED to make these changes
if ((isset($_POST['on_piped'])) && ($row['pipe'] == 1)) {
$_POST['on_piped'] = 1;
} else {
$_POST['on_piped'] = 0;
}
if ((isset($_POST['on_spambox'])) && (isset($_POST['on_spamassassin']))) {
$_POST['on_spambox'] = 1;
} else {
$_POST['on_spambox'] = 0;
}
if (isset($_POST['on_spamboxreport'])) {
$_POST['on_spamboxreport'] = 1;
} else {
$_POST['on_spamboxreport'] = 0;
}
if ((isset($_POST['on_spamassassin'])) && ($row['spamassassin'] == 1)) {
$_POST['on_spamassassin'] = 1;
} else {
$_POST['on_spamassassin'] = 0;
}
check_user_exists(
$db,$_POST['localpart'],$_SESSION['domain_id'],'adminuser.php'
);
if (preg_match("/^\s*$/",$_POST['realname'])) {
header('Location: adminuser.php?blankname=yes');
die;
}
if (preg_match("/['@%!\/\| ']/",$_POST['localpart'])
|| preg_match("/^\s*$/",$_POST['localpart'])) {
header("Location: adminuser.php?badname={$_POST['localpart']}");
die;
}
$query = "SELECT maildir FROM domains
WHERE domain_id ='{$_SESSION['domain_id']}'";
$result = $db->query($query);
if ($result->numRows()) { $row = $result->fetchRow(); }
if (($_POST['on_piped'] == 1) && ($_POST['smtp'] != '')) {
$smtphomepath = $_POST['smtp'];
$pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
$_POST['type'] = 'piped';
} else {
$smtphomepath = "{$row['maildir']}/{$_POST['localpart']}/Maildir";
$pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
$_POST['type'] = 'local';
}
if (validate_password($_POST['clear'], $_POST['vclear'])) {
$query = "INSERT INTO users (localpart, username, domain_id, crypt, clear,
smtp, pop, uid, gid, realname, type, admin, on_piped,
on_spamassassin, on_spambox, on_spamboxreport, sa_tag, sa_refuse, maxmsgsize, enabled, quota)
VALUES ('{$_POST['localpart']}',
'{$_POST['localpart']}@{$_SESSION['domain']}',
'{$_SESSION['domain_id']}',
'" . crypt_password($_POST['clear'],$salt) . "',
'{$_POST['clear']}',
'{$smtphomepath}',
'{$pophomepath}',
'{$_POST['uid']}',
'{$_POST['gid']}',
'{$_POST['realname']}',
'{$_POST['type']}',
'{$_POST['admin']}',
'{$_POST['on_piped']}',
'{$_POST['on_spamassassin']}',
'{$_POST['on_spambox']}',
'{$_POST['on_spamboxreport']}',
'" . ((isset($_POST['sa_tag'] )) ? $_POST['sa_tag'] : 0) . "',
'" .((isset($_POST['sa_refuse'] )) ? $_POST['sa_refuse'] : 0) . "',
'{$_POST['maxmsgsize']}',
'{$_POST['enabled']}',
'{$_POST['quota']}')";
$result = $db->query($query);
if (!DB::isError($result)) {
header ("Location: adminuser.php?added={$_POST['localpart']}");
mail("{$_POST['localpart']}@{$_SESSION['domain']}",
"Welcome {$_POST['realname']}!",
"$welcome_message",
"From: {$_SESSION['localpart']}@{$_SESSION['domain']}\r\n");
die;
} else {
header ("Location: adminuser.php?failadded={$_POST['localpart']}");
die;
}
} else {
header ("Location: adminuser.php?badpass={$_POST['localpart']}");
die;
}
?>