require_once $CFG->root . 'lib/utils.inc.php';
function error($error) {
- $util = Utils::getInstance();
+ $util = new Utils;
$util->setHeading("Error");
echo $util->getHeader();
echo $util->getHeading();
echo $util->getFooter();
}
- function handleRequest($request, $ids) {
+ function handleRequest($util, $request, $ids) {
+ global $CFG;
+
$query = array();
foreach ($ids as $id) {
$mail_id = urldecode($id);
$mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $secret_id = $mail->secret_id;
- $recipient = $mail->recipient;
- //echo "$mail_id $secret_id $recipient";
- if ($request == 'release') {
- $amavisserver = $CFG->amavisd_db_host;
- $policy_port = $CFG->amavis_policy_port;
+ if (is_object($mail) && true == $util->authorized($mail->recipient)) {
+ $secret_id = $mail->secret_id;
+ $recipient = $mail->recipient;
+ $sender = $mail->sender;
- $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
- if (!$fp) {
- error("$errstr ($errno)");
- exit;
- }
- $out = "request=" . $request . "\r\n";
- $out .= "mail_id=" . $mail_id . "\r\n";
- $out .= "recipient=" . $recipient . "\r\n";
- $out .= "secret_id=" . $secret_id . "\r\n\r\n";
- fwrite($fp, $out);
- $response = fread($fp, 8192);
- fclose($fp);
- $response = urldecode($response);
- if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
- error("Request to release failed [$out][$response]");
- exit;
- }
- if ($matches[1] != '2.0.0') {
- error($matches[2]);
+ if ($request == 'release') {
+ $amavisserver = $CFG->amavisd_db_host;
+ $policy_port = $CFG->amavis_policy_port;
+
+ $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
+ if (!$fp) {
+ error("$errstr ($errno)");
+ exit;
+ }
+ $out = "request=" . $request . "\r\n";
+ $out .= "mail_id=" . $mail_id . "\r\n";
+ $out .= "recipient=" . $recipient . "\r\n";
+ $out .= "secret_id=" . $secret_id . "\r\n\r\n";
+ fwrite($fp, $out);
+ $response = fread($fp, 8192);
+ fclose($fp);
+ $response = urldecode($response);
+ if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
+ error("Request to release failed [$out][$response]");
+ exit;
+ }
+ if ($matches[1] != '2.0.0') {
+ error($matches[2]);
+ exit;
+ }
+
+ $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
+ } else if ($request == 'delete') {
+ $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
+ } else if ($request == 'block') {
+ $query[] = $sender;
+ } else {
+ error("Unknown operation [$request]");
exit;
}
-
- $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
- } else if ($request == 'delete') {
- $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
- } else {
- error("Unknown operation [$request]");
- exit;
}
}
return $query;
}
- $util = Utils::getInstance();
+ $util = new Utils;
$loggedIn = $util->isLoggedIn();
$request = isset($_GET['op']) ? $_GET['op'] : '';
if ($loggedIn && isset($_GET['id'])) {
$ids = explode(',', $_GET['id']);
- $query = handleRequest($request, $ids);
-/* exit;
- $mail_id = urldecode($_GET['id']);
- $mail = unserialize($_SESSION['mailInfo']["$mail_id"]);
- $secret_id = $mail->secret_id;
- $recipient = $mail->recipient;
-
- $query = array();
- if ($request == 'release') {
- $amavisserver = $CFG->amavisd_db_host;
- $policy_port = $CFG->amavis_policy_port;
-
- $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30);
- if (!$fp) {
- error("$errstr ($errno)");
- exit;
- }
- $out = "request=" . $request . "\r\n";
- $out .= "mail_id=" . $mail_id . "\r\n";
- $out .= "recipient=" . $recipient . "\r\n";
- $out .= "secret_id=" . $secret_id . "\r\n\r\n";
- fwrite($fp, $out);
- $response = fread($fp, 8192);
- fclose($fp);
- $response = urldecode($response);
- if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) {
- error("Request to release failed [$out][$response]");
- exit;
- }
- if ($matches[1] != '2.0.0') {
- error($matches[2]);
- exit;
+ if ($request == 'block') {
+ // /add/(whitelist|blacklist)/(.+)
+ $query = handleRequest($util, $request, $ids);
+ $data = json_encode($query);
+ if ($util->isAdmin()) {
+ $method = '/add/blacklist';
+ } else {
+ $method = '/add/blacklist/' . $util->getUser();
}
-
- $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'";
- } else if ($request == 'delete') {
- $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'";
+ $success = $util->makeRestCall($method, $data);
} else {
- error("Unknown operation [$request]");
- exit;
- }*/
- print_r($query);
- exit;
- $success = $DB->update($query);
+ $query = handleRequest($util, $request, $ids);
+ $success = $DB->update($query);
+ }
if (! $success) {
- error("Message not released, contact administrator [$query]");
+ if ($request == 'block') {
+ error("Could not blacklist sender");
+ } else {
+ error("Message not released, contact administrator [$query]");
+ }
exit;
}
- header('Location: index.php');
+ header('Location: qtadmin.php');
} else if ($loggedIn && $request == 'purge') {
$marked = unserialize($_SESSION['marked']);
unset($_SESSION['marked']);
$query = array();
$error = array();
foreach ($marked as $mail_id) {
- $query[] = "delete from msgs where mail_id = '$mail_id'";
- $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
- $query[] = "delete from quarantine where mail_id = '$mail_id'";
- $success = $DB->update($query);
- if (! $success) {
- $error[] = $mail_id;
+ $recipient = $DB->getRecipient($mail_id);
+ if ($recipient && true == $util->authorized($recipient)) {
+ $query[] = "delete from msgs where mail_id = '$mail_id'";
+ $query[] = "delete from msgrcpt where mail_id = '$mail_id'";
+ $query[] = "delete from quarantine where mail_id = '$mail_id'";
+ $success = $DB->update($query);
+ if (! $success) {
+ $error[] = $mail_id;
+ }
}
}
if (count($error) > 0) {
error("The following messages was not purged [$str], contact administrator");
exit;
}
- header('Location: index.php');
+ header('Location: qtadmin.php');
} else if ($loggedIn) {
- header('Location: index.php');
+ header('Location: qtadmin.php');
} else {
header('Location: auth.php');
}