1<?php 2 $validateAsSiteadmin = 3 ( isset($siteadminManageDomains) 4 && $siteadminManageDomains 5 && isset($_SESSION['username']) 6 && 'siteadmin' === $_SESSION['username'] 7 && isset($_SESSION['siteadmin_domain_id']) ); 8 $domain_id = $validateAsSiteadmin 9 ? $_SESSION['siteadmin_domain_id'] 10 : (isset($_SESSION['domain_id']) ? $_SESSION['domain_id'] : null); 11 if (null !== $domain_id) { 12 $headerquery = "SELECT domains.enabled AS domain, users.enabled AS user FROM users,domains 13 WHERE users.username=:username AND domains.domain_id=:domain_id AND users.domain_id=domains.domain_id;"; 14 $headerresult = $dbh->prepare($headerquery); 15 $headersuccess = $headerresult->execute(array(':username'=>$_SESSION['username'], ':domain_id'=>$domain_id)); 16 if ($headersuccess && $headerrow = $headerresult->fetch()) { 17 if ($headerrow['domain'] === "0") { 18 invalidate_session(); 19 header ("Location: index.php?domaindisabled"); 20 die(); 21 } 22 if ($headerrow['user'] === "0") { 23 invalidate_session(); 24 header ("Location: index.php?userdisabled"); 25 die(); 26 } 27 } else { 28 invalidate_session(); 29 header ("Location: index.php?nodbquery"); 30 die(); 31 } 32 } 33 print "<div id=\"Header\"><p><a href=\"https://github.com/vexim/vexim2\" target=\"_blank\">" . _("Virtual Exim") . "</a> "; 34 if (isset($_SESSION['domain'])) { 35 print "-- " . $_SESSION['domain'] . " "; 36 } 37 // First a few status messages about account maintenance 38 if (isset($_GET['added'])) { 39 printf (_("-- %s has been successfully added."), html_escape($_GET['added'])); 40 } else if (isset($_GET['deleted'])) { 41 printf (_("-- %s has been successfully deleted."), html_escape($_GET['deleted'])); 42 } else if (isset($_GET['lastadmin'])) { 43 printf (_("-- %s is the last admin account. Create another admin account before deleting or demoting this one."), html_escape($_GET['lastadmin'])); 44 } else if (isset($_GET['sitepass'])) { 45 print _("-- Site Admin password has been successfully updated.") . "\n"; 46 } else if (isset($_GET['updated'])) { 47 printf (_("-- %s has been successfully updated."), html_escape($_GET['updated'])); 48 } else if (isset($_GET['userexists'])) { 49 printf (_("-- The account could not be added as the name %s is already in use."), html_escape($_GET['userexists'])); 50 } else if (isset($_GET['addresstoolong'])) { 51 printf (_("-- The account could not be added as the mail address is too long."), html_escape($_GET['addresstoolong'])); 52 } else if (isset($_GET['userupdated'])) { 53 print _("-- Your update was sucessful."); 54 } else if (isset($_GET['userfailed'])) { 55 print _("-- Your account could not be updated. Was your password blank?"); 56 } else if (isset($_GET['usersuccess'])) { 57 print _("-- Your account has been succesfully updated."); 58 } // Now some more general errors on account updates 59 else if (isset($_GET['badaliaspass'])) { 60 printf (_("-- Account %s could not be added. Your passwords do not match."), html_escape($_GET['badaliaspass'])); 61 } else if (isset($_GET['badname'])) { 62 printf (_("-- %s contains invalid characters."), html_escape($_GET['badname'])); 63 } else if (isset($_GET['badpass'])) { 64 printf (_("-- Account %s could not be added. Your passwords were blank, do not match, or contain illegal characters: ' \" ` or ;"), html_escape($_GET['badpass'])); 65 } else if (isset($_GET['weakpass'])) { 66 printf (_("-- The passwords are too weak. Use strong passwords with a a minimum length of 8 and a mix of upper/lower case characters, digits and special characters!"), html_escape($_GET['weakpass'])); 67 } else if (isset($_GET['failadded'])) { 68 printf (_("-- %s could not be added."), html_escape($_GET['failadded'])); 69 } else if (isset($_GET['failaddeddomerr'])) { 70 printf (_("-- Domain %s could not be added."), html_escape($_GET['failaddeddomerr'])); 71 } else if (isset($_GET['failaddedpassmismatch'])) { 72 printf (_("-- Domain %s could not be added. The passwords were blank, or did not match."), html_escape($_GET['failaddedpassmismatch'])); 73 } else if (isset($_GET['failaddedusrerr'])) { 74 printf (_("-- Domain %s could not be added. There was a problem adding the admin account."), html_escape($_GET['failaddedusrerr'])); 75 } else if (isset($_GET['faildeleted'])) { 76 printf (_("-- %s was not deleted."), html_escape($_GET['faildeleted'])); 77 } else if (isset($_GET['failupdated'])) { 78 printf (_("-- %s could not be updated."), html_escape($_GET['failupdated'])); 79 } // Now some really general status messages 80 else if (isset($_GET['canceldelete'])) { 81 printf (_("-- Deletion of %s was canceled."), html_escape($_GET['canceldelete'])); 82 } else if (isset($_GET['domaindisabled'])) { 83 print _("-- This domain is currently disabled. Please see your administrator."); 84 } else if (isset($_GET['userdisabled'])) { 85 print _("-- This account is currently disabled. Please see your administrator."); 86 } else if (isset($_GET['maxaccounts'])) { 87 print _("-- Your Domain Account Limit Has Been Reached. Please contact your administrator."); 88 } else if (isset($_GET['quotahigh'])) { 89 printf (_("-- The quota you specified was too high. The maximum quota you can specify is: %s MB."), html_escape($_GET['quotahigh'])); 90 } else if (isset($_GET['group_deleted'])) { 91 printf (_("-- Group %s has been successfully deleted."), html_escape($_GET['group_deleted'])); 92 } else if (isset($_GET['group_added'])) { 93 printf (_("-- Group %s has been successfully added."), html_escape($_GET['group_added'])); 94 } else if (isset($_GET['group_faildeleted'])) { 95 printf (_("-- Group %s was not deleted."), html_escape($_GET['group_faildeleted'])); 96 } else if (isset($_GET['group_failadded'])) { 97 printf (_("-- Group %s failed to be added."), html_escape($_GET['group_failadded'])); 98 } else if (isset($_GET['group_updated'])) { 99 printf (_("-- Group %s has been updated."), html_escape($_GET['group_updated'])); 100 } else if (isset($_GET['group_failupdated'])) { 101 printf (_("-- Group %s could not be updated."), html_escape($_GET['group_failupdated'])); 102 } else if (isset($_GET['failuidguid'])) { 103 printf (_("-- Error getting UID/GID for %s"), html_escape($_GET['failuidguid'])); 104 } else if (isset($_GET['failmaildirnonabsolute'])) { 105 printf (_("-- Domain Mail directory must be an absolute path, but “%s” was provided"), html_escape($_GET['failmaildirnonabsolute'])); 106 } else if (isset($_GET['failmaildirmissing'])) { 107 printf (_("-- Domain Mail directory “%s” does not exist, is not a directory or is not accessible."), html_escape($_GET['failmaildirmissing'])); 108 } else if (isset($_GET['invalidforward'])) { 109 printf (_("-- %s is not a valid e-mail address."), html_escape($_GET['invalidforward'])); 110 } else if (isset($_GET['nodbquery'])) { 111 print _("-- Database query failed, terminating session"); 112 } else if (isset($_GET['login']) && ($_GET['login'] === "disabled")) { 113 print _("-- Login is disabled. Please contact your administrator."); 114 } 115 if (isset($_GET['login']) && ($_GET['login'] == "failed")) { print _("Login failed"); } 116 117 if ($validateAsSiteadmin) print '<a href="site.php" id="SiteadminHome">siteadmin home</a>'; 118 119 print "</p></div>"; 120