[qtadmin.git] / quarantine.php

<?php
/* vim: set ts=4 tw=0 sw=4 noet: */
    require_once 'config.php';
    require_once $CFG->root . 'lib/db_factory.php';
    require_once $CFG->root . 'lib/utils.inc.php';

    function error($error) {
        $util = new Utils;
        $util->setHeading("Error");
        echo $util->getHeader();
        echo $util->getHeading();
        echo "<p style=\"color: red;\">$error</p>";
        echo '<a href="index.php">Return</a>';
        echo $util->getFooter();
    }

    function handleRequest($util, $request, $ids) {
        global $CFG;

        $query = array();
        foreach ($ids as $id) {
            $mail_id = urldecode($id);
            $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);

            if (is_object($mail) && true == $util->authorized($mail->recipient)) {
                $secret_id = $mail->secret_id;
                $recipient = $mail->recipient;
                $sender    = $mail->sender;

                if ($request == 'release') {
                    $amavisserver = $CFG->amavisd_db_host;
                    $policy_port = $CFG->amavis_policy_port;

                    $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
                    if (!$fp) {
                        error("$errstr ($errno)");
                        exit;
                    }
                    $out = "request=" . $request . "\r\n";
                    $out .= "mail_id=" . $mail_id . "\r\n";
                    $out .= "recipient=" . $recipient . "\r\n";
                    $out .= "secret_id=" . $secret_id . "\r\n\r\n";
                    fwrite($fp, $out);
                    $response = fread($fp, 8192);
                    fclose($fp);
                    $response = urldecode($response);
                    if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
                        error("Request to release failed [$out][$response]");
                        exit;
                    }
                    if ($matches[1] != '2.0.0') {
                        error($matches[2]);
                        exit;
                    }

                    $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
                } else if ($request == 'delete') {
                    $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
                } else if ($request == 'block') {
                    $query[] = $sender;
                } else {
                    error("Unknown operation [$request]");
                    exit;
                }
            }
        }

        return $query;
    }

    $util = new Utils;
    $loggedIn = $util->isLoggedIn();
    $request = isset($_GET['op']) ? $_GET['op'] : '';
    if ($loggedIn && isset($_GET['id'])) {
        $ids = explode(',', $_GET['id']);
        if ($request == 'block') {
            // /add/(whitelist|blacklist)/(.+)
            $query = handleRequest($util, $request, $ids);
            $data = json_encode($query);
            if ($util->isAdmin()) {
                $method = '/add/blacklist';
            } else {
                $method = '/add/blacklist/' . $util->getUser();
            }
            $success = $util->makeRestCall($method, $data);
        } else {
            $query = handleRequest($util, $request, $ids);
            $success = $DB->update($query);
        }
        if (! $success) {
            if ($request == 'block') {
                error("Could not blacklist sender");
            } else {
                error("Message not released, contact administrator [$query]");
            }
            exit;
        }
        header('Location: qtadmin.php');
    } else if ($loggedIn && $request == 'purge') {
        $marked = unserialize($_SESSION['marked']);
        unset($_SESSION['marked']);
        $query = array();
        $error = array();
        foreach ($marked as $mail_id) {
            $recipient = $DB->getRecipient($mail_id);
            if ($recipient && true == $util->authorized($recipient)) {
                $query[] = "delete from msgs where mail_id = '$mail_id'";
                $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
                $query[] = "delete from quarantine where mail_id = '$mail_id'";
                $success = $DB->update($query);
                if (! $success) {
                    $error[] = $mail_id;
                }
            }
        }
        if (count($error) > 0) {
            $str = implode(', ', $error);
            error("The following messages was not purged [$str], contact administrator");
            exit;
        }
        header('Location: qtadmin.php');
    } else if ($loggedIn) {
        header('Location: qtadmin.php');
    } else {
        header('Location: auth.php');
    }

?>
Commit	Line	Data
6df4b805	1	<?php
6b3d5ba9	2	/* vim: set ts=4 tw=0 sw=4 noet: */
b95d1cdb MR	3	require_once 'config.php';
	4	require_once $CFG->root . 'lib/db_factory.php';
	5	require_once $CFG->root . 'lib/utils.inc.php';
6df4b805	6
b95d1cdb	7	function error($error) {
3056d117	8	$util = new Utils;
b95d1cdb MR	9	$util->setHeading("Error");
	10	echo $util->getHeader();
	11	echo $util->getHeading();
	12	echo "<p style=\"color: red;\">$error</p>";
	13	echo '<a href="index.php">Return</a>';
	14	echo $util->getFooter();
	15	}
6df4b805	16
4e417241	17	function handleRequest($util, $request, $ids) {
6b8a5143 MR	18	global $CFG;
6b8a5143 MR	19
acaa44d2 MR	20	$query = array();
	21	foreach ($ids as $id) {
	22	$mail_id = urldecode($id);
	23	$mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
ebed9332	24
2b099ad2	25	if (is_object($mail) && true == $util->authorized($mail->recipient)) {
af31b70b MR	26	$secret_id = $mail->secret_id;
af31b70b MR	27	$recipient = $mail->recipient;
91da83b5	28	$sender = $mail->sender;
acaa44d2	29
af31b70b MR	30	if ($request == 'release') {
	31	$amavisserver = $CFG->amavisd_db_host;
	32	$policy_port = $CFG->amavis_policy_port;
	33
	34	$fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
	35	if (!$fp) {
	36	error("$errstr ($errno)");
	37	exit;
	38	}
	39	$out = "request=" . $request . "\r\n";
	40	$out .= "mail_id=" . $mail_id . "\r\n";
	41	$out .= "recipient=" . $recipient . "\r\n";
	42	$out .= "secret_id=" . $secret_id . "\r\n\r\n";
	43	fwrite($fp, $out);
	44	$response = fread($fp, 8192);
	45	fclose($fp);
	46	$response = urldecode($response);
	47	if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
	48	error("Request to release failed [$out][$response]");
	49	exit;
	50	}
	51	if ($matches[1] != '2.0.0') {
	52	error($matches[2]);
	53	exit;
	54	}
	55
	56	$query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
	57	} else if ($request == 'delete') {
	58	$query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
0da9e6e7	59	} else if ($request == 'block') {
91da83b5	60	$query[] = $sender;
af31b70b MR	61	} else {
af31b70b MR	62	error("Unknown operation [$request]");
acaa44d2 MR	63	exit;
acaa44d2 MR	64	}
acaa44d2	65	}
acaa44d2	66	}
ebed9332 MR	67
ebed9332 MR	68	return $query;
acaa44d2 MR	69	}
acaa44d2 MR	70
3056d117	71	$util = new Utils;
b95d1cdb MR	72	$loggedIn = $util->isLoggedIn();
	73	$request = isset($_GET['op']) ? $_GET['op'] : '';
	74	if ($loggedIn && isset($_GET['id'])) {
acaa44d2	75	$ids = explode(',', $_GET['id']);
0da9e6e7	76	if ($request == 'block') {
f1c0988b MR	77	// /add/(whitelist\|blacklist)/(.+)
	78	$query = handleRequest($util, $request, $ids);
	79	$data = json_encode($query);
	80	if ($util->isAdmin()) {
	81	$method = '/add/blacklist';
	82	} else {
	83	$method = '/add/blacklist/' . $util->getUser();
	84	}
	85	$success = $util->makeRestCall($method, $data);
0da9e6e7 MR	86	} else {
	87	$query = handleRequest($util, $request, $ids);
	88	$success = $DB->update($query);
f1c0988b MR	89	}
	90	if (! $success) {
	91	if ($request == 'block') {
	92	error("Could not blacklist sender");
	93	} else {
0da9e6e7	94	error("Message not released, contact administrator [$query]");
0da9e6e7	95	}
f1c0988b	96	exit;
b95d1cdb	97	}
7047d03c	98	header('Location: qtadmin.php');
6df4b805	99	} else if ($loggedIn && $request == 'purge') {
b95d1cdb MR	100	$marked = unserialize($_SESSION['marked']);
	101	unset($_SESSION['marked']);
	102	$query = array();
	103	$error = array();
	104	foreach ($marked as $mail_id) {
5ee14494 MR	105	$recipient = $DB->getRecipient($mail_id);
5ee14494 MR	106	if ($recipient && true == $util->authorized($recipient)) {
af31b70b MR	107	$query[] = "delete from msgs where mail_id = '$mail_id'";
	108	$query[] = "delete from msgrcpt where mail_id = '$mail_id'";
	109	$query[] = "delete from quarantine where mail_id = '$mail_id'";
	110	$success = $DB->update($query);
	111	if (! $success) {
	112	$error[] = $mail_id;
	113	}
b95d1cdb MR	114	}
	115	}
	116	if (count($error) > 0) {
	117	$str = implode(', ', $error);
	118	error("The following messages was not purged [$str], contact administrator");
	119	exit;
	120	}
7047d03c	121	header('Location: qtadmin.php');
b95d1cdb	122	} else if ($loggedIn) {
7047d03c	123	header('Location: qtadmin.php');
6df4b805 MR	124	} else {
	125	header('Location: auth.php');
	126	}
	127
	128	?>
	129