diff --git a/templates/edit-alias.tpl b/templates/edit-alias.tpl index 2e1e522..30313b2 100644 --- a/templates/edit-alias.tpl +++ b/templates/edit-alias.tpl @@ -2,12 +2,11 @@
- + - @@ -20,13 +19,12 @@ foreach ($goto as $row) { ?> - - + - +

 
 
diff --git a/templates/users_edit-alias.tpl b/templates/users_edit-alias.tpl index 9a44087..7e96310 100644 --- a/templates/users_edit-alias.tpl +++ b/templates/users_edit-alias.tpl @@ -2,34 +2,29 @@
- + - - + - - + - + - +

 
-  
diff --git a/users/edit-alias.php b/users/edit-alias.php index 215653d..bb51f29 100644 --- a/users/edit-alias.php +++ b/users/edit-alias.php @@ -7,77 +7,88 @@ // // File: edit-alias.php // -// Template File: users_edit-alias.tpl +// Template File: edit-alias.tpl // // Template Variables: // -// tMessage -// tGoto +// message +// goto // // Form POST \ GET Variables: // -// fAddress -// fDomain -// fGoto +// address +// domain +// goto // -require("../functions.inc.php"); -include("../languages/" . check_language() . ".lang"); +require_once './functions.inc.php'; +include './languages/' . check_language() . '.lang'; -$USERID_USERNAME = check_session('userid'); -$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1); +$SESSID_USERNAME = check_session(); +$list_domains = list_domains($SESSID_USERNAME); +$admin = $SESSID_USERNAME ?? ADMIN_EMAIL; if ($_SERVER['REQUEST_METHOD'] == "GET") { - $result = db_query("SELECT * FROM alias WHERE address='$USERID_USERNAME'"); - if ($result['rows'] == 1) { - $row = db_array($result['result']); - $tGoto = preg_replace('/vmail/', '', $row['goto']); - #$tGoto = $row['goto']; - } else { - $tMessage = $LANG['Edit_alias_address_error']; + $address = filter_input(INPUT_GET, 'address', FILTER_VALIDATE_EMAIL); + $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN); + $domain_key = array_search($domain, array_column($list_domains, 'domain')); + $domain_exist = in_array($domain, array_column($list_domains, 'domain')); + + if ($domain_exist) { + try { + $dbh = connect_db(); + $sth = $dbh->prepare("SELECT goto FROM alias WHERE address=? AND domain=?"); + $sth->bindParam(1, $address, PDO::PARAM_STR); + $sth->bindParam(2, $domain, PDO::PARAM_STR); + $sth->execute(); + $goto = $sth->fetch(PDO::FETCH_COLUMN); + $goto = explode(',', $goto); + } catch(PDOException $e) { + $message = $LANG['Edit_alias_address_error']; + } } } if ($_SERVER['REQUEST_METHOD'] == "POST") { - $pEdit_alias_goto = $LANG['Edit_alias_goto']; - - if (isset($_POST['fGoto'])) $fGoto = escape_string($_POST['fGoto']); - $fGoto = strtolower($fGoto); - - $goto = preg_replace('/\\\r\\\n/', ',', $fGoto); - $goto = preg_replace('/\r\n/', ',', $fGoto); - $goto = preg_replace('/[\s]+/i', '', $goto); - $goto = preg_replace('/\,*$/', '', $goto); - $array = preg_split('/,/', $goto); - for ($i = 0; $i < count($array); $i++) { - if (in_array("$array[$i]", $CONF['default_aliases'])) continue; - if (empty($array[$i])) continue; - if (!check_email($array[$i])) { - $error = 1; - $tGoto = $goto; - $tMessage = $LANG['Edit_alias_goto_text_error2'] . "$array[$i]"; + $address = strtolower(filter_input(INPUT_GET, 'address', FILTER_VALIDATE_EMAIL)); + $domain = strtolower(filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN)); + $goto = strtolower(filter_input(INPUT_POST, 'goto', FILTER_DEFAULT)); + $domain_key = array_search($domain, array_column($list_domains, 'domain')); + $domain_exist = in_array($domain, array_column($list_domains, 'domain')); + + if (empty($goto)) { + $goto = array(); + $message = $LANG['Edit_alias_goto_text_error1']; + } else { + $goto = preg_replace('/\\\r\\\n/', ',', $goto); + $goto = preg_replace('/\r\n/', ',', $goto); + $goto = preg_replace('/[\s]+/i', '', $goto); + $goto = preg_replace('/\,*$/', '', $goto); + $validate_goto = explode(',', $goto); + foreach ($validate_goto as $row) { + if (!filter_var($row, FILTER_VALIDATE_EMAIL)) { + $goto = explode(',', $goto); + $message = $LANG['Edit_alias_goto_text_error2'] . "$row"; + } } } - - if ($error != 1) { - if (empty($goto)) { - $goto = "vmail"; - } else { - $goto = "vmail," . $goto; - } - - $result = db_query("UPDATE alias SET goto='$goto',modified=NOW() WHERE address='$USERID_USERNAME'"); - if ($result['rows'] != 1) { - $tMessage = $LANG['Edit_alias_result_error']; - } else { - db_log($USERID_USERNAME, $USERID_DOMAIN, "edit alias", "$USERID_USERNAME -> $goto"); - - header("Location: main.php"); - exit; + + if ($domain_exist && empty($message)) { + try { + $dbh = connect_db(); + $sth = $dbh->prepare("UPDATE alias SET goto=?,modified=NOW() WHERE address=? AND domain=?"); + $sth->bindParam(1, $goto, PDO::PARAM_STR); + $sth->bindParam(2, $address, PDO::PARAM_STR); + $sth->bindParam(3, $domain, PDO::PARAM_STR); + $sth->execute(); + logging($admin, $domain, $LANG['Logging_alias_edit'], "$address -> $goto"); + header("Location: list-virtual.php?domain=$domain"); + } catch(PDOException $e) { + $message = $LANG['Edit_alias_result_error']; } } } -include("../templates/header.tpl"); -include("../templates/users_menu.tpl"); -include("../templates/users_edit-alias.tpl"); -include("../templates/footer.tpl"); +include './templates/header.tpl'; +include './templates/admin_menu.tpl'; +include './templates/edit-alias.tpl'; +include './templates/footer.tpl'; ?>