<?php
/* vim: set ts=4 tw=0 sw=4 noet: */
- require_once 'config.php';
- require_once $CFG->root . 'lib/db_factory.php';
- require_once $CFG->root . 'lib/utils.inc.php';
+ require_once 'config.php';
+ require_once $CFG->root . 'lib/db_factory.php';
+ require_once $CFG->root . 'lib/utils.inc.php';
- function error($error) {
- $util = Utils::getInstance();
- $util->setHeading("Error");
- echo $util->getHeader();
- echo $util->getHeading();
- echo "<p style=\"color: red;\">$error</p>";
- echo '<a href="index.php">Return</a>';
- echo $util->getFooter();
- }
+ function error($error) {
+ $util = new Utils;
+ $util->setHeading("Error");
+ echo $util->getHeader();
+ echo $util->getHeading();
+ echo "<p style=\"color: red;\">$error</p>";
+ echo '<a href="index.php">Return</a>';
+ echo $util->getFooter();
+ }
+
+ function handleRequest($util, $request, $ids) {
+ global $CFG;
+
+ $query = array();
+ foreach ($ids as $id) {
+ $mail_id = urldecode($id);
+ $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $util = Utils::getInstance();
- $loggedIn = $util->isLoggedIn();
- $request = isset($_GET['op']) ? $_GET['op'] : '';
- if ($loggedIn && isset($_GET['id'])) {
- $mail_id = urldecode($_GET['id']);
- $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $secret_id = $mail->secret_id;
- $recipient = $mail->recipient;
+ if (is_object($mail) && true == $util->authorized($mail->recipient)) {
+ $secret_id = $mail->secret_id;
+ $recipient = $mail->recipient;
+ $sender = $mail->sender;
- $query = array();
- if ($request == 'release') {
- $amavisserver = $CFG->amavisd_db_host;
- $policy_port = $CFG->amavis_policy_port;
+ if ($request == 'release') {
+ $amavisserver = $CFG->amavisd_db_host;
+ $policy_port = $CFG->amavis_policy_port;
- $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
- if (!$fp) {
- error("$errstr ($errno)");
- exit;
- }
- $out = "request=" . $request . "\r\n";
- $out .= "mail_id=" . $mail_id . "\r\n";
- $out .= "recipient=" . $recipient . "\r\n";
- $out .= "secret_id=" . $secret_id . "\r\n\r\n";
- fwrite($fp, $out);
- $response = fread($fp, 8192);
- fclose($fp);
- $response = urldecode($response);
- if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
- error("Request to release failed [$out][$response]");
- exit;
- }
- if ($matches[1] != '2.0.0') {
- error($matches[2]);
- exit;
- }
+ $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
+ if (!$fp) {
+ error("$errstr ($errno)");
+ exit;
+ }
+ $out = "request=" . $request . "\r\n";
+ $out .= "mail_id=" . $mail_id . "\r\n";
+ $out .= "recipient=" . $recipient . "\r\n";
+ $out .= "secret_id=" . $secret_id . "\r\n\r\n";
+ fwrite($fp, $out);
+ $response = fread($fp, 8192);
+ fclose($fp);
+ $response = urldecode($response);
+ if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
+ error("Request to release failed [$out][$response]");
+ exit;
+ }
+ if ($matches[1] != '2.0.0') {
+ error($matches[2]);
+ exit;
+ }
+
+ $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
+ } else if ($request == 'delete') {
+ $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
+ } else if ($request == 'block') {
+ $query[] = $sender;
+ } else {
+ error("Unknown operation [$request]");
+ exit;
+ }
+ }
+ }
+
+ return $query;
+ }
- $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
- } else if ($request == 'delete') {
- $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
- } else {
- error("Unknown operation [$request]");
- exit;
- }
- $success = $DB->update($query);
- if (! $success) {
- error("Message not released, contact administrator [$query]");
- exit;
- }
- header('Location: index.php');
+ $util = new Utils;
+ $loggedIn = $util->isLoggedIn();
+ $request = isset($_GET['op']) ? $_GET['op'] : '';
+ if ($loggedIn && isset($_GET['id'])) {
+ $ids = explode(',', $_GET['id']);
+ if ($request == 'block') {
+ // /add/(whitelist|blacklist)/(.+)
+ $query = handleRequest($util, $request, $ids);
+ $data = json_encode($query);
+ if ($util->isAdmin()) {
+ $method = '/add/blacklist';
+ } else {
+ $method = '/add/blacklist/' . $util->getUser();
+ }
+ $success = $util->makeRestCall($method, $data);
+ } else {
+ $query = handleRequest($util, $request, $ids);
+ $success = $DB->update($query);
+ }
+ if (! $success) {
+ if ($request == 'block') {
+ error("Could not blacklist sender");
+ } else {
+ error("Message not released, contact administrator [$query]");
+ }
+ exit;
+ }
+ header('Location: qtadmin.php');
} else if ($loggedIn && $request == 'purge') {
- $marked = unserialize($_SESSION['marked']);
- unset($_SESSION['marked']);
- $query = array();
- $error = array();
- foreach ($marked as $mail_id) {
- $query[] = "delete from msgs where mail_id = '$mail_id'";
- $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
- $query[] = "delete from quarantine where mail_id = '$mail_id'";
- $success = $DB->update($query);
- if (! $success) {
- $error[] = $mail_id;
- }
- }
- if (count($error) > 0) {
- $str = implode(', ', $error);
- error("The following messages was not purged [$str], contact administrator");
- exit;
- }
- header('Location: index.php');
- } else if ($loggedIn) {
- header('Location: index.php');
+ $marked = unserialize($_SESSION['marked']);
+ unset($_SESSION['marked']);
+ $query = array();
+ $error = array();
+ foreach ($marked as $mail_id) {
+ $recipient = $DB->getRecipient($mail_id);
+ if ($recipient && true == $util->authorized($recipient)) {
+ $query[] = "delete from msgs where mail_id = '$mail_id'";
+ $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
+ $query[] = "delete from quarantine where mail_id = '$mail_id'";
+ $success = $DB->update($query);
+ if (! $success) {
+ $error[] = $mail_id;
+ }
+ }
+ }
+ if (count($error) > 0) {
+ $str = implode(', ', $error);
+ error("The following messages was not purged [$str], contact administrator");
+ exit;
+ }
+ header('Location: qtadmin.php');
+ } else if ($loggedIn) {
+ header('Location: qtadmin.php');
} else {
header('Location: auth.php');
}