quarantine.php

   1 <?php
   2 /* vim: set ts=4 tw=0 sw=4 noet: */
   3     require_once 'config.php';
   4     require_once $CFG->root . 'lib/db_factory.php';
   5     require_once $CFG->root . 'lib/utils.inc.php';
   6
   7     function error($error) {
   8         $util = new Utils;
   9         $util->setHeading("Error");
  10         echo $util->getHeader();
  11         echo $util->getHeading();
  12         echo "<p style=\"color: red;\">$error</p>";
  13         echo '<a href="index.php">Return</a>';
  14         echo $util->getFooter();
  15     }
  16
  17     function handleRequest($util, $request, $ids) {
  18         global $CFG;
  19
  20         $query = array();
  21         foreach ($ids as $id) {
  22             $mail_id = urldecode($id);
  23             $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
  24
  25             if (is_object($mail) && true == $util->authorized($mail->recipient)) {
  26                 $secret_id = $mail->secret_id;
  27                 $recipient = $mail->recipient;
  28
  29                 if ($request == 'release') {
  30                     $amavisserver = $CFG->amavisd_db_host;
  31                     $policy_port = $CFG->amavis_policy_port;
  32
  33                     $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
  34                     if (!$fp) {
  35                         error("$errstr ($errno)");
  36                         exit;
  37                     }
  38                     $out = "request=" . $request . "\r\n";
  39                     $out .= "mail_id=" . $mail_id . "\r\n";
  40                     $out .= "recipient=" . $recipient . "\r\n";
  41                     $out .= "secret_id=" . $secret_id . "\r\n\r\n";
  42                     fwrite($fp, $out);
  43                     $response = fread($fp, 8192);
  44                     fclose($fp);
  45                     $response = urldecode($response);
  46                     if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
  47                         error("Request to release failed [$out][$response]");
  48                         exit;
  49                     }
  50                     if ($matches[1] != '2.0.0') {
  51                         error($matches[2]);
  52                         exit;
  53                     }
  54
  55                     $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
  56                 } else if ($request == 'delete') {
  57                     $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
  58                 } else if ($request == 'block') {
  59                     $query[] = $recipient;
  60                 } else {
  61                     error("Unknown operation [$request]");
  62                     exit;
  63                 }
  64             }
  65         }
  66
  67         return $query;
  68     }
  69
  70     $util = new Utils;
  71     $loggedIn = $util->isLoggedIn();
  72     $request = isset($_GET['op']) ? $_GET['op'] : '';
  73     if ($loggedIn && isset($_GET['id'])) {
  74         $ids = explode(',', $_GET['id']);
  75         if ($request == 'block') {
  76             // /add/(whitelist|blacklist)/(.+)
  77             $query = handleRequest($util, $request, $ids);
  78             $data = json_encode($query);
  79             if ($util->isAdmin()) {
  80                 $method = '/add/blacklist';
  81             } else {
  82                 $method = '/add/blacklist/' . $util->getUser();
  83             }
  84             $success = $util->makeRestCall($method, $data);
  85         } else {
  86             $query = handleRequest($util, $request, $ids);
  87             $success = $DB->update($query);
  88         }
  89         if (! $success) {
  90             if ($request == 'block') {
  91                 error("Could not blacklist sender");
  92             } else {
  93                 error("Message not released, contact administrator [$query]");
  94             }
  95             exit;
  96         }
  97         header('Location: index.php');
  98     } else if ($loggedIn && $request == 'purge') {
  99         $marked = unserialize($_SESSION['marked']);
 100         unset($_SESSION['marked']);
 101         $query = array();
 102         $error = array();
 103         foreach ($marked as $mail_id) {
 104             $recipient = $DB->getRecipient($mail_id);
 105             if ($recipient && true == $util->authorized($recipient)) {
 106                 $query[] = "delete from msgs where mail_id = '$mail_id'";
 107                 $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
 108                 $query[] = "delete from quarantine where mail_id = '$mail_id'";
 109                 $success = $DB->update($query);
 110                 if (! $success) {
 111                     $error[] = $mail_id;
 112                 }
 113             }
 114         }
 115         if (count($error) > 0) {
 116             $str = implode(', ', $error);
 117             error("The following messages was not purged [$str], contact administrator");
 118             exit;
 119         }
 120         header('Location: index.php');
 121     } else if ($loggedIn) {
 122         header('Location: index.php');
 123     } else {
 124         header('Location: auth.php');
 125     }
 126
 127 ?>
 128