Viewing file:  siteaddsubmit.php (5.75 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
include_once dirname(__FILE__) . "/config/variables.php";
include_once dirname(__FILE__) . "/config/authsite.php";
include_once dirname(__FILE__) . "/config/functions.php";
include_once dirname(__FILE__) . "/config/httpheaders.php";
if (isset($_POST['avscan'])) {
$_POST['avscan'] = 1;
} else {
$_POST['avscan'] = 0;
}
if (isset($_POST['spamassassin'])) {
$_POST['spamassassin'] = 1;
} else {
$_POST['spamassassin'] = 0;
}
if (isset($_POST['enabled'])) {
$_POST['enabled'] = 1;
} else {
$_POST['enabled'] = 0;
}
if (isset($_POST['pipe'])) {
$_POST['pipe'] = 1;
} else {
$_POST['pipe'] = 0;
}
if ($_POST['type'] == "relay") {
$_POST['clear'] = $_POST['vclear'] = "BLANK";
}
if ($_POST['type'] == "alias") {
$_POST['clear'] = $_POST['vclear'] = "BLANK";
}
if ($_POST['max_accounts'] == '') {
$_POST['max_accounts'] = '0';
}
// User can specify either UID, or username, the former being preferred.
// Using posix_getpwuid/posix_getgrgid even when we have an UID is so we
// are sure the UID exists.
if (isset ($_POST['uid'])) {
$uid = $_POST['uid'];
}
if (isset ($_POST['gid'])) {
$gid = $_POST['gid'];
}
if ($userinfo = @posix_getpwuid ($uid)) {
$uid = $userinfo['uid'];
} elseif ($userinfo = @posix_getpwnam ($uid)) {
$uid = $userinfo['uid'];
} else {
header ("Location: site.php?failuidguid={$_POST['domain']}");
die;
}
if ($groupinfo = @posix_getgrgid ($gid)) {
$gid = $groupinfo['gid'];
} elseif ($groupinfo = @posix_getgrnam ($gid)) {
$gid = $groupinfo['gid'];
} else {
header ("Location: site.php?failuidguid={$_POST['domain']}");
die;
}
$smtphomepath = realpath($_POST['maildir'] . "/") .
"/" . $_POST['domain'] . "/" . $_POST['localpart'] . "/Maildir";
$pophomepath = realpath($_POST['maildir'] . "/") .
"/" . $_POST['domain'] . "/" . $_POST['localpart'];
//Gah. Transactions!! -- GCBirzan
if ((validate_password($_POST['clear'], $_POST['vclear'])) &&
($_POST['type'] != "alias")) {
$query = "INSERT INTO domains
(domain, spamassassin, sa_tag, sa_refuse, avscan,
max_accounts, quotas, maildir, pipe, enabled, uid, gid,
type, maxmsgsize)
VALUES ('" . $_POST['domain'] . "'," .
"{$_POST['spamassassin']},".
((isset($_POST['sa_tag'])) ? $_POST['sa_tag'] : 0) . "," .
((isset($_POST['sa_refuse'])) ? $_POST['sa_refuse'] : 0) . "," .
"{$_POST['avscan']}," .
"{$_POST['max_accounts']},".
((isset($_POST['quotas'])) ? $_POST['quotas'] : 0) . ",'" .
realpath ($_POST['maildir'] . "/") . "/" . $_POST['domain'] ."'," .
"{$_POST['pipe']}," .
"{$_POST['enabled']}," .
"$uid," .
"$gid," .
"'{$_POST['type']}',".
((isset($_POST['maxmsgsize'])) ? $_POST['maxmsgsize'] : 0) . ")";
$domresult = $db->query($query);
if (!DB::isError($domresult)) {
if ($_POST['type'] == "local") {
$query = "INSERT INTO users
(domain_id, localpart, username, crypt, uid, gid,
smtp, pop, realname, type, admin)
SELECT domain_id, '" . $_POST['localpart'] . "'," .
"'{$_POST['localpart']}@{$_POST['domain']}'," .
"'". crypt_password($_POST['clear'],$salt) . "'," .
$uid . "," .
$gid . ", " .
"'{$smtphomepath}', '{$pophomepath}'," .
"'Domain Admin', 'local', 1 FROM domains
WHERE domains.domain = '{$_POST['domain']}'";
// Is using indexes worth setting the domain_id by hand? -- GCBirzan
$usrresult = $db->query($query);
if (DB::isError($usrresult)) {
header ("Location: site.php?failaddedusrerr={$_POST['domain']}");
die;
} else {
header ("Location: site.php?added={$_POST['domain']}" .
"&type={$_POST['type']}");
$_SESSION['domain'] = $_POST['domain'];
mail("{$_POST['localpart']}@{$_POST['domain']}",
"Welcome Domain Admin!",
"$welcome_newdomain",
"From: {$_POST['localpart']}@{$_POST['domain']}\r\n");
die;
}
} else {
header ("Location: site.php?added={$_POST['domain']}" .
"&type={$_POST['type']}");
$_SESSION['domain'] = $_POST['domain'];
mail("{$_POST['localpart']}@{$_POST['domain']}",
"Welcome Domain Admin!",
"$welcome_newdomain",
"From: {$_POST['localpart']}@{$_POST['domain']}\r\n");
die;
}
} else {
header ("Location: site.php?failaddeddomerr={$_POST['domain']}");
die;
}
} else if ($_POST['type'] == "alias") {
$idquery = "SELECT domain_id FROM domains
WHERE domain = '{$_POST['aliasdest']}'
AND domain_id > 1";
$idresult = $db->query($idquery);
if (DB::isError($idresult)) {
header ("Location: site.php?baddestdom={$_POST['domain']}");
die;
} else {
$idrow = $idresult->fetchRow();
if (!isset($idrow['domain_id'])) {
header ("Location: site.php?baddestdom={$_POST['domain']}");
die;
}
}
$query = "INSERT INTO domainalias (domain_id, alias)
VALUES ('{$idrow['domain_id']}', '{$_POST['domain']}')";
$result = $db->query($query);
if (DB::isError($result)) {
header ("Location: site.php?failaddeddomerr={$_POST['domain']}");
die;
} else {
header ("Location: site.php?added={$_POST['domain']}" .
"&type={$_POST['type']}");
die;
}
} else {
header ("Location: site.php?failaddedpassmismatch={$_POST['domain']}");
}
?>
<!-- Layout and CSS tricks obtained from http://www.bluerobot.com/web/layouts/ -->
|