From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/mail/mail_user_edit.php |   74 ++++++------------------------------
 1 files changed, 13 insertions(+), 61 deletions(-)

diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index 373fce5..2c1ee3e 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -75,7 +75,8 @@
 		$app->tpl->setVar("email_local_part",$email_parts[0]);
 		
 		// Getting Domains of the user
-		$sql = "SELECT domain, server_id FROM mail_domain WHERE ".$app->tform->getAuthSQL('r').' ORDER BY domain';
+		// $sql = "SELECT domain, server_id FROM mail_domain WHERE ".$app->tform->getAuthSQL('r').' ORDER BY domain';
+		$sql = "SELECT domain, server_id FROM mail_domain WHERE domain NOT IN (SELECT SUBSTR(source,2) FROM mail_forwarding WHERE type = 'aliasdomain') AND ".$app->tform->getAuthSQL('r')." ORDER BY domain";
 		$domains = $app->db->queryAllRecords($sql);
 		$domain_select = '';
 		if(is_array($domains)) {
@@ -108,7 +109,7 @@
 		if($this->dataRecord["quota"] != -1) $app->tpl->setVar("quota",$this->dataRecord["quota"] / 1024 / 1024);
 		
 		// Is autoresponder set?
-		if ($this->dataRecord['autoresponder'] == 'y') {
+		if (!empty($this->dataRecord['autoresponder']) && $this->dataRecord['autoresponder'] == 'y') {
 			$app->tpl->setVar("ar_active", 'checked="checked"');
 		} else {
 			$app->tpl->setVar("ar_active", '');
@@ -174,7 +175,7 @@
 		
 
     $app->uses('getconf');
-    $mail_config = $app->getconf->get_server_config($domain["server_id"],'mail');
+    $mail_config = $app->getconf->get_server_config(!empty($domain["server_id"]) ? $domain["server_id"] : '','mail');
 		
 		//* compose the email field
 		if(isset($_POST["email_local_part"]) && isset($_POST["email_domain"])) {
@@ -209,7 +210,7 @@
         if(!isset($_POST["login"])) $this->dataRecord["login"] = $this->dataRecord["email"];
         elseif(strpos($_POST["login"], '@') !== false && $_POST["login"] != $this->dataRecord["email"]) $app->tform->errorMessage .= $app->tform->lng("error_login_email_txt")."<br>";
 		} else {
-        $this->dataRecord["login"] = $this->dataRecord["email"];
+        $this->dataRecord["login"] = isset($this->dataRecord["email"]) ? $this->dataRecord["email"] : '';
 		}
 		//* if autoresponder checkbox not selected, do not save dates
 		if (!isset($_POST['autoresponder']) && array_key_exists('autoresponder_start_date', $_POST)) {
@@ -227,66 +228,17 @@
 		$domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r'));
 		$app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
 		
-		// send a welcome email to create the mailbox
-//		mail($this->dataRecord["email"],$app->tform->wordbook["welcome_mail_subject"],$app->tform->wordbook["welcome_mail_message"]);
-		
-		/*
-		// the conversion to iso-8859-1 causes compatibility problems, therefore the transition to utf-8
-
-		// tries to detect current charset, and encode subject-header and body from it to ISO-8859-1.
-		$fromCharset      = mb_detect_encoding($app->tform->lng("welcome_mail_subject"));
-		$iconvPreferences = array("input-charset" => $fromCharset,
-					"output-charset" => "ISO-8859-1",
-					"line-length" => 76,
-					"line-break-chars" => "\n",
-					"scheme" => "Q");
-
-		$welcomeFromName  = $app->tform->lng("welcome_mail_fromname_txt");
-		$welcomeFromEmail = $app->tform->lng("welcome_mail_fromemail_txt");
-		$mailHeaders      = "MIME-Version: 1.0" . "\n";
-		$mailHeaders     .= "Content-type: text/plain; charset=iso-8859-1" . "\n";
-		$mailHeaders     .= "From: $welcomeFromName  <$welcomeFromEmail>" . "\n";
-		$mailHeaders     .= "Reply-To: <$welcomeFromEmail>" . "\n";
-		$mailTarget       = $this->dataRecord["email"];
-		$mailSubject      = iconv_mime_encode("trimoff", $app->tform->lng("welcome_mail_subject"), $iconvPreferences);
-		$mailSubject      = str_replace("trimoff: ", "", $mailSubject);
-		$mailBody         = iconv ($fromCharset, "ISO-8859-1", $app->tform->lng("welcome_mail_message"));
-
-		mail($mailTarget, $mailSubject, $mailBody, $mailHeaders);
-		
-		*/
-
-		$welcomeFromName  = $app->tform->lng("welcome_mail_fromname_txt");
-		$welcomeFromEmail = $app->tform->lng("welcome_mail_fromemail_txt");
-		
-		$app->uses('getconf');
-		$global_config = $app->getconf->get_global_config('mail');
-		if(!empty($global_config['admin_mail']))$welcomeFromEmail = $global_config['admin_mail'];
-		if(!empty($global_config['admin_name']))$welcomeFromName = $global_config['admin_name'];
-		
-		$mailHeaders      = "MIME-Version: 1.0" . "\n";
-		$mailHeaders     .= "Content-type: text/plain; charset=utf-8" . "\n";
-		$mailHeaders     .= "Content-Transfer-Encoding: 8bit" . "\n";
-		$mailHeaders     .= "From: $welcomeFromName  <$welcomeFromEmail>" . "\n";
-		$mailHeaders     .= "Reply-To: <$welcomeFromEmail>" . "\n";
-		$mailTarget       = $this->dataRecord["email"];
-		$mailSubject = "=?utf-8?Q?" . imap_8bit($app->tform->lng("welcome_mail_subject")) . "?=";
-		
-		$mailBody = $app->tform->lng("welcome_mail_message");
-
-		mail($mailTarget, $mailSubject, $mailBody, $mailHeaders);
-		
 		// Spamfilter policy
 		$policy_id = intval($this->dataRecord["policy"]);
 		if($policy_id > 0) {
-			$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".mysql_real_escape_string($this->dataRecord["email"])."'");
+			$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
 			if($tmp_user["id"] > 0) {
 				// There is already a record that we will update
 				$app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);
 			} else {
 				// We create a new record
 				$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) 
-				        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".mysql_real_escape_string($this->dataRecord["email"])."', '".mysql_real_escape_string($this->dataRecord["email"])."', 'Y')";
+				        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
 				$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
 			}
 		}  // endif spamfilter policy
@@ -299,7 +251,7 @@
 			$disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y';
 			$disablesmtp = ($this->dataRecord["postfix"] == 'y')?'n':'y';
 		
-			$sql = "UPDATE mail_user SET disableimap = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver' WHERE mailuser_id = ".$this->id;
+			$sql = "UPDATE mail_user SET disableimap = '$disableimap', disablesieve = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver', disablelda = '$disabledeliver' WHERE mailuser_id = ".$this->id;
 			$app->db->query($sql);
 		}
 	}
@@ -314,7 +266,7 @@
 		
 			// Spamfilter policy
 			$policy_id = intval($this->dataRecord["policy"]);
-			$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".mysql_real_escape_string($this->dataRecord["email"])."'");
+			$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
 			if($policy_id > 0) {
 				if($tmp_user["id"] > 0) {
 					// There is already a record that we will update
@@ -322,7 +274,7 @@
 				} else {
 					// We create a new record
 					$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) 
-				        	VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".mysql_real_escape_string($this->dataRecord["email"])."', '".mysql_real_escape_string($this->dataRecord["email"])."', 'Y')";
+				        	VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
 					$app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
 				}
 			}else {
@@ -335,12 +287,12 @@
 		
 		// Set the fields for dovecot
 		if(isset($this->dataRecord["email"])) {
-			$disableimap = ($this->dataRecord["disableimap"])?'y':'n';
-			$disablepop3 = ($this->dataRecord["disablepop3"])?'y':'n';
+			$disableimap = (isset($this->dataRecord["disableimap"]) && $this->dataRecord["disableimap"])?'y':'n';
+			$disablepop3 = (isset($this->dataRecord["disablepop3"]) && $this->dataRecord["disablepop3"])?'y':'n';
 			$disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y';
 			$disablesmtp = ($this->dataRecord["postfix"] == 'y')?'n':'y';
 		
-			$sql = "UPDATE mail_user SET disableimap = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver' WHERE mailuser_id = ".$this->id;
+			$sql = "UPDATE mail_user SET disableimap = '$disableimap', disablesieve = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver', disablelda = '$disabledeliver' WHERE mailuser_id = ".$this->id;
 			$app->db->query($sql);
 		}
 		

--
Gitblit v1.9.1