diff --git a/admin/search.php b/admin/search.php index 784210a..f9b1fca 100644 --- a/admin/search.php +++ b/admin/search.php @@ -21,6 +21,8 @@ require_once '../functions.inc.php'; include '../languages/' . check_language() . '.lang'; +$list_domains = list_domains(); + $search = filter_input(INPUT_POST, 'search', FILTER_DEFAULT); if (isset($search)) { @@ -29,11 +31,21 @@ if (isset($search)) { $sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR); $sth->execute(); $list_alias = $sth->fetchAll(); + foreach ($list_alias as $key => $value) { + if (!in_array($value['domain'], array_column($list_domains, 'domain'))) { + unset($list_alias[$key]); + } + } $sth = $dbh->prepare("SELECT * FROM mailbox WHERE username LIKE ? ORDER BY username"); $sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR); $sth->execute(); $list_mailbox = $sth->fetchAll(); + foreach ($list_mailbox as $key => $value) { + if (!in_array($value['domain'], array_column($list_domains, 'domain'))) { + unset($list_mailbox[$key]); + } + } } else { $list_alias = array(); $list_mailbox = array(); @@ -41,6 +53,6 @@ if (isset($search)) { include '../templates/header.tpl'; include '../templates/admin_menu.tpl'; -include '../templates/admin_search.tpl'; +include '../templates/search.tpl'; include '../templates/footer.tpl'; ?> diff --git a/functions.inc.php b/functions.inc.php index 2758930..df06e5a 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -54,83 +54,6 @@ function check_language() { return DEFAULT_LANGUAGE; } -// -// check_string -// Action: checks if a string is valid and returns TRUE is this is the case. -// Call: check_string(string var) -// -function check_string($var) { - if (preg_match('/^([A-Za-z0-9 ]+)+$/', $var)) { - return true; - } else { - return false; - } -} - -// -// check_email -// Action: Checks if email is valid and returns TRUE if this is the case. -// Call: check_email(string email) -// -function check_email($email) { - if (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '([-0-9A-Z]+\.)+' . '([0-9A-Z]){2,10}$/i', trim($email))) { - return true; - } else { - return false; - } -} - -// -// escape_string -// Action: Escape a string -// Call: escape_string(string string) -// -function escape_string($string) { - global $CONF; - $escaped_string = $string; - return $escaped_string; -} - - -// -// check_alias -// Action: Checks if the domain is still able to create aliases. -// Call: check_alias(string domain) -// -function check_alias($domain) { - $limit = get_domain_properties($domain); - if ($limit['aliases'] == 0) { - return true; - } - if ($limit['aliases'] < 0) { - return false; - } - if ($limit['alias_count'] >= $limit['aliases']) { - return false; - } else { - return true; - } -} - -// -// check_mailbox -// Action: Checks if the domain is still able to create mailboxes. -// Call: ceck_mailbox(string domain) -// -function check_mailbox($domain) { - $limit = get_domain_properties($domain); - if ($limit['mailboxes'] == 0) { - return true; - } - if ($limit['mailboxes'] < 0) { - return false; - } - if ($limit['mailbox_count'] >= $limit['mailboxes']) { - return false; - } else { - return true; - } -} // // connect_db // Action: make db connection @@ -213,36 +136,6 @@ function list_mailboxes($domain, $offset, $limit) { return $list; } -// -// admin_exist -// Action: Checks if the admin already exists. -// Call: admin_exist(string admin) -// -// was check_admin -// -function admin_exist($username) { - $result = db_query("SELECT * FROM admin WHERE username='$username'"); - if ($result['rows'] != 1) { - return false; - } else { - return true; - } -} - -// -// domain_exist -// Action: Checks if the domain already exists. -// Call: domain_exist(string domain) -// -function domain_exist($domain) { - $result = db_query("SELECT * FROM domain WHERE domain='$domain'"); - if ($result['rows'] != 1) { - return false; - } else { - return true; - } -} - // // list_admins // Action: Lists all the admins @@ -263,16 +156,6 @@ function list_admins() { return $list; } -// -// generate_password -// Action: Generates a random password -// Call: generate_password() -// -function generate_password() { - $password = substr(md5(mt_rand()), 0, 8); - return $password; -} - // // bcrypt // Action: Hashs the password with bcrypt @@ -285,108 +168,6 @@ function bcrypt($password) { return $hashed; } -// -// db_connect -// Action: Makes a connection to the database if it doesn't exist -// Call: db_connect() -// -$DEBUG_TEXT = "\n -

\n -Please check the documentation and website for more information.\n -

\n -"; - -function db_connect() { - global $CONF; - global $DEBUG_TEXT; - $link = ""; - - if ($CONF['database_type'] == "mysqli") { - if(function_exists("mysqli_connect")) { - $link = @mysqli_connect($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die("

DEBUG INFORMATION:
Connect: " . mysqli_connect_error() . "$DEBUG_TEXT"); - $succes = @mysqli_select_db($link, $CONF['database_name']) or die("

DEBUG INFORMATION:
MySQLi Select Database: " . mysqli_error() . "$DEBUG_TEXT"); - } else { - print "

DEBUG INFORMATION:
MySQL 4.1 functions not available!
database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; - die; - } - } - - if ($link) { - return $link; - } else { - print "DEBUG INFORMATION:
\n"; - print "Connect: Unable to connect to database
\n"; - print "
\n"; - print "Make sure that you have set the correct database type in the config.inc.php file
\n"; - print $DEBUG_TEXT; - die; - } -} - -// -// db_query -// Action: Sends a query to the database and returns query result and number of rows -// Call: db_query(string query) -// -function db_query($query) { - global $CONF; - global $DEBUG_TEXT; - $result = ""; - $number_rows = ""; - - $link = db_connect(); - - // database prefix workaround - if (!empty($CONF['database_prefix'])) { - if (preg_match("/^SELECT/i", $query)) { - $query = substr($query, 0, 14) . $CONF['database_prefix'] . substr($query, 14); - } else { - $query = substr($query, 0, 6) . $CONF['database_prefix'] . substr($query, 7); - } - } - - if ($CONF['database_type'] == "mysqli") $result = @mysqli_query($link, $query) or die("

DEBUG INFORMATION:
Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT"); - - if (preg_match("/^SELECT/i", $query)) { - // if $query was a SELECT statement check the number of rows with [database_type]_num_rows(). - if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_num_rows($result); - } else { - // if $query was something else, UPDATE, DELETE or INSERT check the number of rows with - // [database_type]_affected_rows(). - if ($CONF['database_type'] == "mysqli") $number_rows = mysqli_affected_rows($link); - } - - if ($CONF['database_type'] == "mysqli") mysqli_close($link); - - $return = array( - "result" => $result, - "rows" => $number_rows - ); - return $return; -} - -// db_row -// Action: Returns a row from a table -// Call: db_row(int result) -// -function db_row($result) { - global $CONF; - $row = ""; - if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_row($result); - return $row; -} - -// db_array -// Action: Returns a row from a table -// Call: db_array(int result) -// -function db_array($result) { - global $CONF; - $row = ""; - if ($CONF['database_type'] == "mysqli") $row = mysqli_fetch_array($result); - return $row; -} - // logging // Action: Logs actions from admin // Call: logging(string username, string domain, string action, string data) @@ -404,26 +185,4 @@ function logging($username, $domain, $action, $data) { $sth->execute(); } } -// -// db_log -// Action: Logs actions from admin -// Call: db_log(string username, string domain, string action, string data) -// -function db_log($username, $domain, $action, $data) { - global $CONF; - if (isset($_SERVER['HTTP_X_CLIENTIP'])) { - $REMOTE_ADDR = $_SERVER['HTTP_X_CLIENTIP']; - } else { - $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; - } - - if ($CONF['logging'] == 'YES') { - $result = db_query("INSERT INTO log (timestamp, username, domain, action, data) VALUES (NOW(), '$username ($REMOTE_ADDR)', '$domain', '$action', '$data')"); - if ($result['rows'] != 1) { - return false; - } else { - return true; - } - } -} ?> diff --git a/search.php b/search.php index f69a986..1e2032d 100644 --- a/search.php +++ b/search.php @@ -11,82 +11,49 @@ // // Template Variables: // -// tAlias -// tMailbox +// list_alias +// list_mailbox // // Form POST \ GET Variables: // -// fSearch +// search // -require("./variables.inc.php"); -require("./config.inc.php"); -require("./functions.inc.php"); -include("./languages/" . check_language() . ".lang"); +require_once './functions.inc.php'; +include './languages/' . check_language() . '.lang'; $SESSID_USERNAME = check_session(); +$list_domains = list_domains($SESSID_USERNAME); -$tAlias = array(); -$tMailbox = array(); +$search = filter_input(INPUT_POST, 'search', FILTER_DEFAULT); -if ($_SERVER['REQUEST_METHOD'] == "GET") { - if (isset($_GET['search'])) $fSearch = escape_string($_GET['search']); - - if ($CONF['alias_control'] == "YES") { - $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias WHERE alias.address LIKE '%$fSearch%' OR alias.goto LIKE '%$fSearch%' ORDER BY alias.address"; - } else { - $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE '%$fSearch%' AND mailbox.maildir IS NULL ORDER BY alias.address"; - } - - $result = db_query("$query"); - - if ($result['rows'] > 0) { - while ($row = db_array($result['result'])) { - if (check_owner($SESSID_USERNAME, $row['domain'])) { - $tAlias[] = $row; - } +if (isset($search)) { + $dbh = connect_db(); + $sth = $dbh->prepare("SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE ? AND mailbox.maildir IS NULL ORDER BY alias.address"); + $sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR); + $sth->execute(); + $list_alias = $sth->fetchAll(); + foreach ($list_alias as $key => $value) { + if (!in_array($value['domain'], array_column($list_domains, 'domain'))) { + unset($list_alias[$key]); } } - $result = db_query("SELECT * FROM mailbox WHERE username LIKE '%$fSearch%' ORDER BY username"); - if ($result['rows'] > 0) { - while ($row = db_array($result['result'])) { - if (check_owner($SESSID_USERNAME, $row['domain'])) { - $tMailbox[] = $row; - } + $sth = $dbh->prepare("SELECT * FROM mailbox WHERE username LIKE ? ORDER BY username"); + $sth->bindValue(1, '%'.$search.'%', PDO::PARAM_STR); + $sth->execute(); + $list_mailbox = $sth->fetchAll(); + foreach ($list_mailbox as $key => $value) { + if (!in_array($value['domain'], array_column($list_domains, 'domain'))) { + unset($list_mailbox[$key]); } } +} else { + $list_alias = array(); + $list_mailbox = array(); } -if ($_SERVER['REQUEST_METHOD'] == "POST") { - if (isset($_POST['search'])) $fSearch = escape_string($_POST['search']); - - if ($CONF['alias_control'] == "YES") { - $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias WHERE alias.address LIKE '%$fSearch%' OR alias.goto LIKE '%$fSearch%' ORDER BY alias.address"; - } else { - $query = "SELECT alias.address,alias.goto,alias.modified,alias.domain FROM alias LEFT JOIN mailbox ON alias.address=mailbox.username WHERE alias.address LIKE '%$fSearch%' AND mailbox.maildir IS NULL ORDER BY alias.address"; - } - - $result = db_query("$query"); - - if ($result['rows'] > 0) { - while ($row = db_array($result['result'])) { - if (check_owner($SESSID_USERNAME, $row['domain'])) { - $tAlias[] = $row; - } - } - } - - $result = db_query("SELECT * FROM mailbox WHERE username LIKE '%$fSearch%' ORDER BY username"); - if ($result['rows'] > 0) { - while ($row = db_array($result['result'])) { - if (check_owner($SESSID_USERNAME, $row['domain'])) { - $tMailbox[] = $row; - } - } - } -} -include("./templates/header.tpl"); -include("./templates/menu.tpl"); -include("./templates/search.tpl"); -include("./templates/footer.tpl"); +include './templates/header.tpl'; +include './templates/menu.tpl'; +include './templates/search.tpl'; +include './templates/footer.tpl'; ?> diff --git a/templates/search.tpl b/templates/search.tpl index 0062735..ede9048 100644 --- a/templates/search.tpl +++ b/templates/search.tpl @@ -1,11 +1,11 @@

-

+

0) { +if (count($list_alias) > 0) { echo "\n"; echo " \n"; echo " "; @@ -17,22 +17,19 @@ if (count($tAlias) > 0) { echo " \n"; echo " \n"; - for ($i = 0; $i < count($tAlias); $i++) { - if ((is_array($tAlias) and count($tAlias) > 0)) { - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - } + foreach ($list_alias as $row) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; } - echo "

".$LANG['Overview_alias_title']."

 
" . $tAlias[$i]['address'] . "" . preg_replace("/,/", "
", $tAlias[$i]['goto']) . "		" . $tAlias[$i]['modified'] . "" . $LANG['edit'] . "" . $LANG['del'] . "
" . $row['address'] . "" . preg_replace("/,/", "
", $row['goto']) . "		" . $row['modified'] . "" . $LANG['edit'] . "" . $LANG['del'] . "
\n"; } -if (count($tMailbox) > 0) { +if (count($list_mailbox) > 0) { echo "\n"; echo " \n"; echo " "; @@ -41,19 +38,16 @@ if (count($tMailbox) > 0) { echo " \n"; echo " \n"; echo " \n"; - echo " \n"; echo " \n"; echo " \n"; - for ($i = 0; $i < count($tMailbox); $i++) { - if ((is_array($tMailbox) and count($tMailbox) > 0)) { - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - } + foreach ($list_mailbox as $row) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; } echo "

".$LANG['Overview_mailbox_title']."

" . $LANG['Overview_mailbox_username'] . "" . $LANG['Overview_mailbox_name'] . "" . $LANG['Overview_mailbox_modified'] . "" . $LANG['Overview_mailbox_active'] . " 
" . $tMailbox[$i]['username'] . "" . $tMailbox[$i]['name'] . "" . $LANG['edit'] . "" . $LANG['del'] . "
" . $row['username'] . "" . $row['name'] . "" . $LANG['edit'] . "" . $LANG['del'] . "
\n"; }