X-Git-Url: http://git.datanom.net/qtadmin.git/blobdiff_plain/acaa44d26edeac3ee6838eb636e470a085054138..9ffdf93680390b09350ac2afee0eb9a1b6a8f63e:/quarantine.php?ds=sidebyside diff --git a/quarantine.php b/quarantine.php index 2552995..b6703d8 100644 --- a/quarantine.php +++ b/quarantine.php @@ -5,7 +5,7 @@ require_once $CFG->root . 'lib/utils.inc.php'; function error($error) { - $util = Utils::getInstance(); + $util = new Utils; $util->setHeading("Error"); echo $util->getHeader(); echo $util->getHeading(); @@ -14,116 +14,103 @@ echo $util->getFooter(); } - function handleRequest($request, $ids) { + function handleRequest($util, $request, $ids) { + global $CFG; + $query = array(); foreach ($ids as $id) { $mail_id = urldecode($id); $mail = unserialize($_SESSION['mailInfo']["$mail_id"]); - $secret_id = $mail->secret_id; - $recipient = $mail->recipient; - echo "$mail_id $secret_id $recipient"; -/* - if ($request == 'release') { - $amavisserver = $CFG->amavisd_db_host; - $policy_port = $CFG->amavis_policy_port; - $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30); - if (!$fp) { - error("$errstr ($errno)"); - exit; - } - $out = "request=" . $request . "\r\n"; - $out .= "mail_id=" . $mail_id . "\r\n"; - $out .= "recipient=" . $recipient . "\r\n"; - $out .= "secret_id=" . $secret_id . "\r\n\r\n"; - fwrite($fp, $out); - $response = fread($fp, 8192); - fclose($fp); - $response = urldecode($response); - if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) { - error("Request to release failed [$out][$response]"); - exit; - } - if ($matches[1] != '2.0.0') { - error($matches[2]); + if (is_object($mail) && true == $util->authorized($mail->recipient)) { + $secret_id = $mail->secret_id; + $recipient = $mail->recipient; + $sender = $mail->sender; + + if ($request == 'release') { + $amavisserver = $CFG->amavisd_db_host; + $policy_port = $CFG->amavis_policy_port; + + $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30); + if (!$fp) { + error("$errstr ($errno)"); + exit; + } + $out = "request=" . $request . "\r\n"; + $out .= "mail_id=" . $mail_id . "\r\n"; + $out .= "recipient=" . $recipient . "\r\n"; + $out .= "secret_id=" . $secret_id . "\r\n\r\n"; + fwrite($fp, $out); + $response = fread($fp, 8192); + fclose($fp); + $response = urldecode($response); + if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) { + error("Request to release failed [$out][$response]"); + exit; + } + if ($matches[1] != '2.0.0') { + error($matches[2]); + exit; + } + + $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'"; + } else if ($request == 'delete') { + $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'"; + } else if ($request == 'block') { + $query[] = $sender; + } else { + error("Unknown operation [$request]"); exit; } - - $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'"; - } else if ($request == 'delete') { - $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'"; - } else { - error("Unknown operation [$request]"); - exit; } -*/ } + + return $query; } - $util = Utils::getInstance(); + $util = new Utils; $loggedIn = $util->isLoggedIn(); $request = isset($_GET['op']) ? $_GET['op'] : ''; if ($loggedIn && isset($_GET['id'])) { $ids = explode(',', $_GET['id']); - $query = handleRequest($request, $ids); - exit; -/* $mail_id = urldecode($_GET['id']); - $mail = unserialize($_SESSION['mailInfo']["$mail_id"]); - $secret_id = $mail->secret_id; - $recipient = $mail->recipient; - - $query = array(); - if ($request == 'release') { - $amavisserver = $CFG->amavisd_db_host; - $policy_port = $CFG->amavis_policy_port; - - $fp = fsockopen($amavisserver, $policy_port, $errno, $errstr, 30); - if (!$fp) { - error("$errstr ($errno)"); - exit; - } - $out = "request=" . $request . "\r\n"; - $out .= "mail_id=" . $mail_id . "\r\n"; - $out .= "recipient=" . $recipient . "\r\n"; - $out .= "secret_id=" . $secret_id . "\r\n\r\n"; - fwrite($fp, $out); - $response = fread($fp, 8192); - fclose($fp); - $response = urldecode($response); - if (! preg_match("/^setreply=250\s+([\d\.]+)\s+(.*)/", $response, $matches)) { - error("Request to release failed [$out][$response]"); - exit; - } - if ($matches[1] != '2.0.0') { - error($matches[2]); - exit; + if ($request == 'block') { + // /add/(whitelist|blacklist)/(.+) + $query = handleRequest($util, $request, $ids); + $data = json_encode($query); + if ($util->isAdmin()) { + $method = '/add/blacklist'; + } else { + $method = '/add/blacklist/' . $util->getUser(); } - - $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'"; - } else if ($request == 'delete') { - $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'"; + $success = $util->makeRestCall($method, $data); } else { - error("Unknown operation [$request]"); - exit; - }*/ - $success = $DB->update($query); + $query = handleRequest($util, $request, $ids); + $success = $DB->update($query); + } if (! $success) { - error("Message not released, contact administrator [$query]"); + if ($request == 'block') { + error("Could not blacklist sender"); + } else { + error("Message not released, contact administrator [$query]"); + } exit; } - header('Location: index.php'); + header('Location: qtadmin.php'); } else if ($loggedIn && $request == 'purge') { $marked = unserialize($_SESSION['marked']); unset($_SESSION['marked']); $query = array(); $error = array(); foreach ($marked as $mail_id) { - $query[] = "delete from msgs where mail_id = '$mail_id'"; - $query[] = "delete from msgrcpt where mail_id = '$mail_id'"; - $query[] = "delete from quarantine where mail_id = '$mail_id'"; - $success = $DB->update($query); - if (! $success) { - $error[] = $mail_id; + $recipient = $DB->getRecipient($mail_id); + if ($recipient && true == $util->authorized($recipient)) { + $query[] = "delete from msgs where mail_id = '$mail_id'"; + $query[] = "delete from msgrcpt where mail_id = '$mail_id'"; + $query[] = "delete from quarantine where mail_id = '$mail_id'"; + $success = $DB->update($query); + if (! $success) { + $error[] = $mail_id; + } } } if (count($error) > 0) { @@ -131,9 +118,9 @@ error("The following messages was not purged [$str], contact administrator"); exit; } - header('Location: index.php'); + header('Location: qtadmin.php'); } else if ($loggedIn) { - header('Location: index.php'); + header('Location: qtadmin.php'); } else { header('Location: auth.php'); }