root . 'lib/db_factory.php'; require_once $CFG->root . 'lib/utils.inc.php'; function error($error) { $util = new Utils; $util->setHeading("Error"); echo $util->getHeader(); echo $util->getHeading(); echo "
$error
"; echo 'Return'; echo $util->getFooter(); } function handleRequest($util, $request, $ids) { global $CFG; $query = array(); foreach ($ids as $id) { $mail_id = urldecode($id); $mail = unserialize($_SESSION['mailInfo']["$mail_id"]); if (is_object($mail) && true == $util->authorized($mail->recipient)) { $secret_id = $mail->secret_id; $recipient = $mail->recipient; $sender = $mail->sender; if ($request == 'release') { $amavisserver = $CFG->amavisd_db_host; $policy_port = $CFG->amavis_policy_port; $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30); if (!$fp) { error("$errstr ($errno)"); exit; } $out = "request=" . $request . "\r\n"; $out .= "mail_id=" . $mail_id . "\r\n"; $out .= "recipient=" . $recipient . "\r\n"; $out .= "secret_id=" . $secret_id . "\r\n\r\n"; fwrite($fp, $out); $response = fread($fp, 8192); fclose($fp); $response = urldecode($response); if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) { error("Request to release failed [$out][$response]"); exit; } if ($matches[1] != '2.0.0') { error($matches[2]); exit; } $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'"; } else if ($request == 'delete') { $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'"; } else if ($request == 'block') { $query[] = $sender; } else { error("Unknown operation [$request]"); exit; } } } return $query; } $util = new Utils; $loggedIn = $util->isLoggedIn(); $request = isset($_GET['op']) ? $_GET['op'] : ''; if ($loggedIn && isset($_GET['id'])) { $ids = explode(',', $_GET['id']); if ($request == 'block') { // /add/(whitelist|blacklist)/(.+) $query = handleRequest($util, $request, $ids); $data = json_encode($query); if ($util->isAdmin()) { $method = '/add/blacklist'; } else { $method = '/add/blacklist/' . $util->getUser(); } $success = $util->makeRestCall($method, $data); } else { $query = handleRequest($util, $request, $ids); $success = $DB->update($query); } if (! $success) { if ($request == 'block') { error("Could not blacklist sender"); } else { error("Message not released, contact administrator [$query]"); } exit; } header('Location: qtadmin.php'); } else if ($loggedIn && $request == 'purge') { $marked = unserialize($_SESSION['marked']); unset($_SESSION['marked']); $query = array(); $error = array(); foreach ($marked as $mail_id) { $recipient = $DB->getRecipient($mail_id); if ($recipient && true == $util->authorized($recipient)) { $query[] = "delete from msgs where mail_id = '$mail_id'"; $query[] = "delete from msgrcpt where mail_id = '$mail_id'"; $query[] = "delete from quarantine where mail_id = '$mail_id'"; $success = $DB->update($query); if (! $success) { $error[] = $mail_id; } } } if (count($error) > 0) { $str = implode(', ', $error); error("The following messages was not purged [$str], contact administrator"); exit; } header('Location: qtadmin.php'); } else if ($loggedIn) { header('Location: qtadmin.php'); } else { header('Location: auth.php'); } ?>