change check_role() to query

This commit is contained in:
mischa 2022-09-06 11:56:05 +00:00
parent 4c680ccd97
commit 1575a17857
27 changed files with 55 additions and 27 deletions

View File

@ -26,7 +26,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -28,7 +28,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -28,7 +28,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE != ADMIN_ROLE) {
header("Location: list-domain.php");

View File

@ -22,7 +22,7 @@ include './languages/' . check_language() . '.lang';
date_default_timezone_set('Europe/Amsterdam');
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE != ADMIN_ROLE) {
header("Location: list-domain.php");

View File

@ -24,7 +24,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -29,7 +29,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE != ADMIN_ROLE) {
header("Location: list-domain.php");

View File

@ -24,7 +24,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -26,7 +26,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();
@ -36,7 +36,7 @@ if ($ROLE == ADMIN_ROLE) {
}
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$username = strtolower(filter_input(INPUT_GET, 'username', FILTER_DEFAULT));
$username = filter_input(INPUT_GET, 'username', FILTER_DEFAULT);
$domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN);
$domain_key = array_search($domain, array_column($list_domains, 'domain'));
$domain_exist = in_array($domain, array_column($list_domains, 'domain'));

View File

@ -48,9 +48,14 @@ function check_session($session = "sessid") {
// Action: Check which role is assighed
// Call: check_role()
//
function check_role($session = "sessid") {
if (!empty($_SESSION[$session]['role'])) {
return $_SESSION[$session]['role'];
function check_role($username) {
$dbh = pdo_connect();
$sth = $dbh->prepare("SELECT role FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
if (!empty($row)) {
return $row['role'];
}
}

View File

@ -21,9 +21,10 @@ require './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
$list_admins = array();
$list_domains = array();
if ($_SERVER['REQUEST_METHOD'] == "GET") {
if ($ROLE == ADMIN_ROLE) {

View File

@ -21,7 +21,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL);

View File

@ -23,7 +23,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();
@ -34,7 +34,12 @@ if ($ROLE == ADMIN_ROLE) {
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$offset = filter_input(INPUT_GET, 'offset', FILTER_VALIDATE_INT) ?? '0';
$limit = PAGE_SIZE;
$domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN) ?? $list_domains[0]['domain'];
$domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN);
if (empty($domain) && count($list_domains) > 0) {
$domain = $list_domains[0]['domain'];
}
if (in_array($domain, array_column($list_domains, 'domain'))) {
$domain_key = array_search($domain, array_column($list_domains, 'domain'));
$list_alias = list_aliases($domain, $offset, $limit);

View File

@ -28,7 +28,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!empty($username) && !empty($password)) {
$dbh = pdo_connect();
$sth = $dbh->prepare("SELECT password,role FROM admin WHERE username=?");
$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
@ -54,7 +54,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (empty($message)) {
session_start();
$_SESSION['sessid']['username'] = $username;
$_SESSION['sessid']['role'] = $row['role'] ?? '';
header("Location: $location");
exit;
}

View File

@ -23,7 +23,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -22,7 +22,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -26,8 +26,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$SESSID_USERNAME = $SESSID_USERNAME ?? ADMIN_EMAIL;
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="edit_form">
<form name="create_alias" method="post">
<table>
@ -32,3 +33,4 @@
</tr>
</table>
</div>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="edit_form">
<form name="create_mailbox" method="post">
<table>
@ -43,3 +44,4 @@
</table>
</form>
</div>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="edit_form">
<form name="edit_alias" method="post">
<table>
@ -29,3 +30,4 @@ foreach ($goto as $row) {
</table>
</form>
</div>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="edit_form">
<form name="edit_mailbox" method="post">
<table>
@ -33,3 +34,4 @@
</table>
</form>
</div>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="overview">
<?php if ($ROLE == ADMIN_ROLE) { ?>
<form name="list_domain" method="get">
@ -44,3 +45,5 @@ if (count($list_domains) > 0) {
}
echo "</table>";
}
?>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="overview">
<form name="select_domain" method="get">
<select name="domain" onChange="this.form.submit()";>
@ -17,6 +18,7 @@ if ($list_domains[$domain_key]['mailboxes'] == 0) $list_domains[$domain_key]['ma
<input class="button" type="submit" name="go" value="<?php echo $LANG['List_button']; ?>" />
</form>
<h4><?php echo $LANG['List_virtual_welcome'] . $domain; ?></h4>
<p><?php echo $LANG['List_domain_aliases'] . ": " . $list_domains[$domain_key]['alias_count'] . " / " . $list_domains[$domain_key]['aliases']; ?></p>
<p><?php echo $LANG['List_domain_mailboxes'] . ": " . $list_domains[$domain_key]['mailbox_count'] . " / " . $list_domains[$domain_key]['mailboxes']; ?></p>
@ -34,10 +36,10 @@ if ($list_domains[$domain_key]['alias_count'] > $limit || $list_domains[$domain_
}
if (($list_domains[$domain_key]['alias_count'] > $limit) || ($list_domains[$domain_key]['mailbox_count'] > $limit)) {
echo "<a href=\"list-virtual.php?domain=" . $_GET['domain'] . "&offset=0\"><img border=\"0\" src=\"images/arrow-u.png\" title=\"" . $LANG['List_up_arrow'] . "\"></a>";
echo "<a href=\"list-virtual.php?domain=" . $list_domains[$domain_key]['domain'] . "&offset=0\"><img border=\"0\" src=\"images/arrow-u.png\" title=\"" . $LANG['List_up_arrow'] . "\"></a>";
}
if ((($offset + $limit) < $list_domains[$domain_key]['alias_count']) || (($offset + $limit) < $list_domains[$domain_key]['mailbox_count'])) {
echo "<a href=\"list-virtual.php?domain=" . $_GET['domain'] . "&offset=" . ($offset + $limit) . "\"><img border=\"0\" src=\"images/arrow-r.png\" title=\"" . $LANG['List_right_arrow'] . "\"></a>";
echo "<a href=\"list-virtual.php?domain=" . $list_domains[$domain_key]['domain'] . "&offset=" . ($offset + $limit) . "\"><img border=\"0\" src=\"images/arrow-r.png\" title=\"" . $LANG['List_right_arrow'] . "\"></a>";
}
echo "</div>";
}
@ -88,3 +90,4 @@ if (count($list_mailbox) > 0) {
echo "</table>";
}
?>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="overview">
<h4><?php echo $LANG['Search_welcome'] . $search; ?></h4>
<form name="search" method="post" action="search.php">
@ -53,3 +54,4 @@ if (count($list_mailbox) > 0) {
echo "</table>";
}
?>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="edit_form">
<form name="sendmail" method="post">
<table>
@ -35,3 +36,4 @@
</table>
</form>
</div>
<?php } ?>

View File

@ -1,3 +1,4 @@
<?php if (count($list_domains) > 0) { ?>
<div id="overview">
<form name="viewlog" method="get">
<select name="domain" onChange="this.form.submit()";>
@ -41,3 +42,4 @@ if (count($log ?? array()) > 0) {
echo "<p />";
}
?>
<?php } ?>

View File

@ -24,7 +24,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();

View File

@ -21,8 +21,7 @@ require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$SESSID_USERNAME = $SESSID_USERNAME ?? ADMIN_EMAIL;
$ROLE = check_role($SESSID_USERNAME);
if ($ROLE == ADMIN_ROLE) {
$list_domains = list_domains();