1<?php
2  include_once dirname(__FILE__) . '/config/variables.php';
3  include_once dirname(__FILE__) . '/config/authpostmaster.php';
4  include_once dirname(__FILE__) . '/config/functions.php';
5  include_once dirname(__FILE__) . '/config/httpheaders.php';
6
7  # confirm that the postmaster is updating an alias they are permitted to change before going further
8  $query = "SELECT localpart,realname,smtp,on_spamassassin,sa_tag,sa_refuse,spam_drop,
9    admin,enabled FROM users
10	WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'";
11  $sth = $dbh->prepare($query);
12  $sth->execute(array(':user_id'=>$_POST['user_id'], ':domain_id'=>$_SESSION['domain_id']));
13  if (!$sth->rowCount()) {
14	  header ("Location: adminalias.php?failupdated={$_POST['localpart']}");
15	  die();
16  }
17
18  # Fix the boolean values
19  if (isset($_POST['admin'])) {
20    $_POST['admin'] = 1;
21  } else {
22    $_POST['admin'] = 0;
23  }
24  if (isset($_POST['enabled'])) {
25    $_POST['enabled'] = 1;
26  } else {
27    $_POST['enabled'] = 0;
28  }
29  $query = "SELECT avscan,spamassassin from domains
30    WHERE domain_id=:domain_id";
31  $sth = $dbh->prepare($query);
32  $sth->execute(array(':domain_id'=>$_SESSION['domain_id']));
33  $row = $sth->fetch();
34  if ((isset($_POST['on_avscan'])) && ($row['avscan'] == 1)) {
35    $_POST['on_avscan'] = 1;
36  } else {
37    $_POST['on_avscan'] = 0;
38  }
39  if ((isset($_POST['on_spamassassin'])) && ($row['spamassassin'] == 1)) {
40    $_POST['on_spamassassin'] = 1;
41  } else {
42    $_POST['on_spamassassin'] = 0;
43  }
44
45  # Update the password, if the password was given
46  if(isset($_POST['password']) && $_POST['password']!=='' ){
47	if (validate_password($_POST['password'], $_POST['vpassword'])) {
48          if (!password_strengthcheck($_POST['password'])) {
49            header ("Location: adminalias.php?weakpass={$_POST['localpart']}");
50            die;
51          }
52		$cryptedpassword = crypt_password($_POST['password']);
53		$query = "UPDATE users SET crypt=:crypt WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'";
54          $sth = $dbh->prepare($query);
55          $success = $sth->execute(array(':crypt'=>$cryptedpassword, ':user_id'=>$_POST['user_id'], ':domain_id'=>$_SESSION['domain_id']));
56
57		if ($success) {
58			if ($_POST['localpart'] == $_SESSION['localpart']) {
59				$_SESSION['crypt'] = $cryptedpassword;
60			}
61		} else {
62		  header ('Location: adminalias.php?failedupdated=' . $_POST['localpart']);
63		  die();
64		}
65	} else {
66		header ('Location: adminalias.php?badaliaspass');
67		die();
68	}
69  }
70
71  # update the actual alias in the users table
72  $forwardto=explode(",",$_POST['target']);
73  for($i=0; $i<count($forwardto); $i++){
74    $forwardto[$i]=trim($forwardto[$i]);
75    if(!filter_var($forwardto[$i], FILTER_VALIDATE_EMAIL)) {
76      header ("Location: adminalias.php?invalidforward=".htmlentities($forwardto[$i]));
77      die;
78    }
79  }
80  $aliasto = implode(",",$forwardto);
81  $query = "UPDATE users SET localpart=:localpart,
82    username=:username, smtp=:smtp, pop=:pop,
83    realname=:realname, admin=:admin, on_avscan=:on_avscan,
84    on_spamassassin=:on_spamassassin, sa_tag=:sa_tag, sa_refuse=:sa_refuse,
85    spam_drop=:spam_drop,enabled=:enabled
86    WHERE user_id=:user_id
87	AND domain_id=:domain_id AND type='alias'";
88  $sth = $dbh->prepare($query);
89  $success = $sth->execute(array(
90    ':localpart'=>$_POST['localpart'],
91    ':username'=>$_POST['localpart'].'@'.$_SESSION['domain'],
92    ':smtp'=>$aliasto,
93    ':pop'=>$aliasto,
94    ':realname'=>$_POST['realname'],
95    ':admin'=>$_POST['admin'],
96    ':on_avscan'=>$_POST['on_avscan'],
97    ':on_spamassassin'=>$_POST['on_spamassassin'],
98    ':sa_tag'=>(isset($_POST['sa_tag']) ? $_POST['sa_tag'] : $sa_tag),
99    ':sa_refuse'=>(isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : $sa_refuse),
100    ':spam_drop'=>(isset($_POST['spam_drop']) ? $_POST['spam_drop'] : 0),
101    ':enabled'=>$_POST['enabled'],
102    ':user_id'=>$_POST['user_id'],
103    ':domain_id'=>$_SESSION['domain_id']
104    ));
105  if ($success) {
106    header ("Location: adminalias.php?updated={$_POST['localpart']}");
107  } else {
108    header ("Location: adminalias.php?failupdated={$_POST['localpart']}");
109  }
110?>
111