diff --git a/README.md b/README.md index 3d058077..3f0ae7fb 100644 --- a/README.md +++ b/README.md @@ -152,7 +152,7 @@ If you are using PGSQL, uncomment the following four lines: ``` Depending on the database type you are using, you will need to uncomment the appropriate lines in the config, to enable lookups. -These control which domains you accept mail for and deliver locally (local_domains), which domains you accept mail for and deliver remotely (relay_to_domains), which IP addresses are allowed to send mail to any domain (relay_from_hosts) and which system users are considered trusted (trusted_users). More on these options – in Exim documentation. +These control which domains you accept mail for and deliver locally (local_domains), which domains you accept mail for and deliver remotely (relay_to_domains), which IP addresses are allowed to send mail to any domain (relay_from_hosts) and which system users are considered trusted (trusted_users). More on these options – in Exim documentation. ``` domainlist local_domains = @ : example.org : ${lookup mysql{VIRTUAL_DOMAINS}} : ${lookup mysql{ALIAS_DOMAINS}} domainlist relay_to_domains = ${lookup mysql{RELAY_DOMAINS}} @@ -181,7 +181,7 @@ exim_group = mail ``` Also it is assumed that the mysql domain socket is /tmp/mysql.sock, which is where the FreeBSD port puts it. Other installations put it in /var/tmp, /usr/lib, or any number of other places. If yours isn't /tmp/mysql.sock, you will need to set this. -TLS is activated by default. We suppose that you already created a SSL key and certificate. +TLS is activated by default. We suppose that you already created a SSL key and certificate. ``` tls_certificate = /etc/exim4/exim.crt tls_privatekey = /etc/exim4/exim.key @@ -198,7 +198,7 @@ The Diffie-Hellman group should have at least 1024 bit and can be created with t In `tls_require_ciphers`, currently (2016) secure ciphers are selected. It works by default on GnuTLS setups (Debian/Ubuntu). If your distribution uses OpenSSL (e.g. FreeBSD, CentOS), comment the block `tls_require_ciphers = ...` and uncomment the line `openssl_options = ...`. If you are not sure, the output of `exim -bV` will show either GnuTLS or OpenSSL. -###### ACL's: +###### ACL's: We have split all of the ACL's into separate files, to make managing them easier. Please review the ACL section of the configure file. If there are ACL's you would rather not have executed, please comment out the '.include' line that references them, or edit the ACL file directly and comment them out. ###### DEBIAN: diff --git a/docs/clients/courierimap.txt b/docs/clients/courierimap.txt index b1bedd36..e7bf7f46 100644 --- a/docs/clients/courierimap.txt +++ b/docs/clients/courierimap.txt @@ -9,7 +9,7 @@ Installing Courier-IMAP 2.x on FreeBSD: cp imapd.dist imapd vi imapd -Installing Courier-IMAP on Debian: +Installing Courier-IMAP on Debian: apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-mysql courier-authdaemon diff --git a/docs/configure b/docs/configure index 79ec4182..065212b2 100644 --- a/docs/configure +++ b/docs/configure @@ -208,7 +208,7 @@ acl_smtp_mime = acl_check_mime # This configuration variable defines the virus scanner that is used with # the 'malware' ACL condition of the exiscan acl-patch. If you do not use # virus scanning, leave it commented. Please read: -# http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html +# http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html # for a list of supported scanners. av_scanner = clamd:/var/run/clamav/clamd @@ -221,8 +221,8 @@ av_scanner = clamd:/var/run/clamav/clamd spamd_address = 127.0.0.1 783 # User who passes mails to spamassassin. He should have a home directory in order -# to save configuration and scanning data (e.g. for Bayes filter). The default -# vexim-user can be used for this purpose. If the user does not exist, SpamAssassin +# to save configuration and scanning data (e.g. for Bayes filter). The default +# vexim-user can be used for this purpose. If the user does not exist, SpamAssassin # will fall back to "nobody" and default settings, with all consequences. VEXIM_SA_USERNAME = vexim diff --git a/vexim/admin.php b/vexim/admin.php index 28031826..52cfa970 100644 --- a/vexim/admin.php +++ b/vexim/admin.php @@ -59,7 +59,7 @@ prepare($query); diff --git a/vexim/adminalias.php b/vexim/adminalias.php index 491ae75a..94df0b4a 100644 --- a/vexim/adminalias.php +++ b/vexim/adminalias.php @@ -50,8 +50,8 @@ . $row['localpart'] . '">'; print '' - . '' . $row['realname'] . ''; diff --git a/vexim/adminaliasadd.php b/vexim/adminaliasadd.php index 18022a90..64575c0d 100644 --- a/vexim/adminaliasadd.php +++ b/vexim/adminaliasadd.php @@ -75,7 +75,7 @@ : - diff --git a/vexim/adminaliasaddsubmit.php b/vexim/adminaliasaddsubmit.php index 6ec79864..617c87f2 100644 --- a/vexim/adminaliasaddsubmit.php +++ b/vexim/adminaliasaddsubmit.php @@ -76,7 +76,7 @@ die; } $query = "INSERT INTO users - (localpart, username, domain_id, crypt, smtp, pop, uid, gid, realname, type, admin, on_avscan, + (localpart, username, domain_id, crypt, smtp, pop, uid, gid, realname, type, admin, on_avscan, on_spamassassin, sa_tag, sa_refuse, spam_drop, enabled) SELECT :localpart, :username, :domain_id, :crypt, :smtp, :pop, uid, gid, :realname, 'alias', :admin, :on_avscan, :on_spamassassin, :sa_tag, :sa_refuse, :spam_drop, :enabled @@ -99,7 +99,7 @@ ':spam_drop'=>(isset($_POST['spam_drop']) ? $_POST['spam_drop'] : 0), ':enabled' => $_POST['enabled'] )); - + if ($success) { header ("Location: adminalias.php?added={$_POST['localpart']}"); @@ -108,6 +108,6 @@ } } else { header ("Location: adminalias.php?badaliaspass={$_POST['localpart']}"); - } + } ?> diff --git a/vexim/adminaliaschange.php b/vexim/adminaliaschange.php index ee4b88a3..e601dc51 100644 --- a/vexim/adminaliaschange.php +++ b/vexim/adminaliaschange.php @@ -4,7 +4,7 @@ include_once dirname(__FILE__) . '/config/functions.php'; include_once dirname(__FILE__) . '/config/httpheaders.php'; $query = "SELECT localpart,realname,smtp,on_avscan,on_spamassassin,sa_tag,sa_refuse,spam_drop, - admin,enabled FROM users + admin,enabled FROM users WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'"; $sth = $dbh->prepare($query); $sth->execute(array(':user_id'=>$_GET['user_id'], ':domain_id'=>$_SESSION['domain_id'])); @@ -36,13 +36,13 @@

- rowCount()) { echo '
'; - echo "Invalid alias userid '" . htmlentities($_GET['user_id']) . "' for domain '" . htmlentities($_SESSION['domain']). "'"; + echo "Invalid alias userid '" . htmlentities($_GET['user_id']) . "' for domain '" . htmlentities($_SESSION['domain']). "'"; echo '
'; - }else{ + }else{ ?>
@@ -178,10 +178,10 @@
- + } + ?>
diff --git a/vexim/adminaliaschangesubmit.php b/vexim/adminaliaschangesubmit.php index 64fdd880..06c78d37 100644 --- a/vexim/adminaliaschangesubmit.php +++ b/vexim/adminaliaschangesubmit.php @@ -4,17 +4,17 @@ include_once dirname(__FILE__) . '/config/functions.php'; include_once dirname(__FILE__) . '/config/httpheaders.php'; - # confirm that the postmaster is updating an alias they are permitted to change before going further + # confirm that the postmaster is updating an alias they are permitted to change before going further $query = "SELECT localpart,realname,smtp,on_spamassassin,sa_tag,sa_refuse,spam_drop, - admin,enabled FROM users + admin,enabled FROM users WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'"; $sth = $dbh->prepare($query); $sth->execute(array(':user_id'=>$_POST['user_id'], ':domain_id'=>$_SESSION['domain_id'])); if (!$sth->rowCount()) { header ("Location: adminalias.php?failupdated={$_POST['localpart']}"); - die(); + die(); } - + # Fix the boolean values if (isset($_POST['admin'])) { $_POST['admin'] = 1; @@ -45,7 +45,7 @@ # Update the password, if the password was given if(isset($_POST['password']) && $_POST['password']!=='' ){ if (validate_password($_POST['password'], $_POST['vpassword'])) { - if (!password_strengthcheck($_POST['password'])) { + if (!password_strengthcheck($_POST['password'])) { header ("Location: adminalias.php?weakpass={$_POST['localpart']}"); die; } @@ -53,7 +53,7 @@ $query = "UPDATE users SET crypt=:crypt WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':crypt'=>$cryptedpassword, ':user_id'=>$_POST['user_id'], ':domain_id'=>$_SESSION['domain_id'])); - + if ($success) { if ($_POST['localpart'] == $_SESSION['localpart']) { $_SESSION['crypt'] = $cryptedpassword; diff --git a/vexim/adminaliasdelete.php b/vexim/adminaliasdelete.php index e3821ac8..d8bea362 100644 --- a/vexim/adminaliasdelete.php +++ b/vexim/adminaliasdelete.php @@ -6,7 +6,7 @@ if(array_key_exists('confirm', $_GET)) { if ($_GET['confirm'] == '1') { - $query = "DELETE FROM users + $query = "DELETE FROM users WHERE user_id=:user_id AND domain_id=:domain_id AND (type='alias' OR type='catch')"; diff --git a/vexim/admincatchall.php b/vexim/admincatchall.php index 49334de1..4d784a23 100644 --- a/vexim/admincatchall.php +++ b/vexim/admincatchall.php @@ -3,7 +3,7 @@ include_once dirname(__FILE__) . '/config/authpostmaster.php'; include_once dirname(__FILE__) . '/config/functions.php'; include_once dirname(__FILE__) . '/config/httpheaders.php'; - $query = "SELECT smtp FROM users WHERE user_id=:user_id + $query = "SELECT smtp FROM users WHERE user_id=:user_id AND domain_id=:domain_id AND type='catch'"; $sth = $dbh->prepare($query); $sth->execute(array(':user_id'=>$_GET['user_id'], ':domain_id'=>$_SESSION['domain_id'])); @@ -25,13 +25,13 @@

- rowCount()) { + if (!$sth->rowCount()) { echo '
'; printf(_("Invalid catchall userid '%s' for domain '%s'"), htmlentities($_GET['user_id']), htmlentities($_SESSION['domain'])); echo '
'; - }else{ + }else{ ?>
@@ -63,10 +63,10 @@ class="textfield">
- + } + ?>
diff --git a/vexim/admincatchallsubmit.php b/vexim/admincatchallsubmit.php index 97c73f4c..1a2fbb92 100644 --- a/vexim/admincatchallsubmit.php +++ b/vexim/admincatchallsubmit.php @@ -19,7 +19,7 @@ '1' FROM domains WHERE domains.domain_id=:domain_id"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':domain'=>'*@'.$_SESSION['domain'], ':domain_id'=>$_SESSION['domain_id'], ':smtp'=>$_POST['smtp'])); - + if ($success) { header ("Location: adminalias.php?updated=Catchall"); } else { diff --git a/vexim/adminfailchange.php b/vexim/adminfailchange.php index 633ba09d..747e45e5 100644 --- a/vexim/adminfailchange.php +++ b/vexim/adminfailchange.php @@ -26,13 +26,13 @@

- rowCount()) { + if (!$sth->rowCount()) { echo '
'; - echo "Invalid fail userid '" . htmlentities($_GET['user_id']) . "' for domain '" . htmlentities($_SESSION['domain']). "'"; + echo "Invalid fail userid '" . htmlentities($_GET['user_id']) . "' for domain '" . htmlentities($_SESSION['domain']). "'"; echo '
'; - }else{ + }else{ ?>
@@ -57,10 +57,10 @@
- + } + ?> diff --git a/vexim/adminfailchangesubmit.php b/vexim/adminfailchangesubmit.php index e59c2cbb..9888eaa7 100644 --- a/vexim/adminfailchangesubmit.php +++ b/vexim/adminfailchangesubmit.php @@ -11,7 +11,7 @@ ':username'=>$_POST['localpart'].'@'.$_SESSION['domain'], ':user_id'=>$_POST['user_id'], ':domain_id'=>$_SESSION['domain_id'])); if ($success) { - header ("Location: adminfail.php?updated={$_POST['localpart']}"); + header ("Location: adminfail.php?updated={$_POST['localpart']}"); } else { header ("Location: adminfail.php?failupdated={$_POST['localpart']}"); die; diff --git a/vexim/admingroupaddsubmit.php b/vexim/admingroupaddsubmit.php index 3f42d141..5b36bedf 100644 --- a/vexim/admingroupaddsubmit.php +++ b/vexim/admingroupaddsubmit.php @@ -21,11 +21,11 @@ $sth = $dbh->prepare($query); $success = $sth->execute(array(':localpart'=>$_POST['localpart'], ':domain_id'=>$_SESSION['domain_id'])); - if ($success) { - header ("Location: admingroup.php?group_added={$_POST['localpart']}"); - } else { - header ("Location: admingroup.php?group_failadded={$_POST['localpart']}"); - } + if ($success) { + header ("Location: admingroup.php?group_added={$_POST['localpart']}"); + } else { + header ("Location: admingroup.php?group_failadded={$_POST['localpart']}"); + } ?> diff --git a/vexim/admingroupchange.php b/vexim/admingroupchange.php index f0ee6ba5..beb6f150 100644 --- a/vexim/admingroupchange.php +++ b/vexim/admingroupchange.php @@ -27,14 +27,14 @@

- rowCount()) { + if (!$sth->rowCount()) { echo '
'; - echo "Invalid groupid '" . htmlentities($_GET['group_id']) . "' for domain '" . htmlentities($_SESSION['domain']). "'"; + echo "Invalid groupid '" . htmlentities($_GET['group_id']) . "' for domain '" . htmlentities($_SESSION['domain']). "'"; echo '
'; }else{ - ?> + ?> @@ -74,7 +74,7 @@ class="textfield"> -
 
+
$sth->execute(array(':domain_id'=>$_SESSION['domain_id'])); while ($row = $sth->fetch()) { ?> - - @@ -168,10 +168,10 @@ class="textfield">
- + } + ?>
diff --git a/vexim/admingroupchangesubmit.php b/vexim/admingroupchangesubmit.php index 679258ad..e2ccb515 100644 --- a/vexim/admingroupchangesubmit.php +++ b/vexim/admingroupchangesubmit.php @@ -18,9 +18,9 @@ $sth = $dbh->prepare($query); $success = $sth->execute(array(':localpart'=>$_POST['localpart'], ':enabled'=>$_POST['enabled'], ':is_public'=>$_POST['is_public'], ':group_id'=>$_POST['group_id'], ':domain_id'=>$_SESSION['domain_id'])); - if ($success) { - header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_updated={$_POST['localpart']}"); - } else { - header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_failupdated={$_POST['localpart']}"); + if ($success) { + header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_updated={$_POST['localpart']}"); + } else { + header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_failupdated={$_POST['localpart']}"); } ?> diff --git a/vexim/admingroupcontentaddsubmit.php b/vexim/admingroupcontentaddsubmit.php index 66c05162..30b0d475 100644 --- a/vexim/admingroupcontentaddsubmit.php +++ b/vexim/admingroupcontentaddsubmit.php @@ -3,15 +3,15 @@ include_once dirname(__FILE__) . '/config/authpostmaster.php'; include_once dirname(__FILE__) . '/config/functions.php'; - # confirm that the user is updating a group they are permitted to change before going further + # confirm that the user is updating a group they are permitted to change before going further $query = "SELECT * FROM groups WHERE id=:group_id AND domain_id=:domain_id"; $sth = $dbh->prepare($query); $sth->execute(array(':group_id'=>$_POST['group_id'], ':domain_id'=>$_SESSION['domain_id'])); if (!$sth->rowCount()) { - header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_failupdated={$_POST['localpart']}"); - die(); + header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_failupdated={$_POST['localpart']}"); + die(); } - + # validate user_id and group_id if (!isset($_POST['usertoadd']) or !isset($_POST['group_id'])) { header("Location: admingroup.php?badname={$_POST['usertoadd']}"); @@ -20,10 +20,10 @@ $query = "INSERT INTO group_contents (group_id, member_id) VALUES (:group_id, :usertoadd)"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':group_id'=>$_POST['group_id'], ':usertoadd'=>$_POST['usertoadd'])); - if ($success) { - header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_updated={$_POST['localpart']}"); - } else { - header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_failupdated={$_POST['localpart']}"); + if ($success) { + header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_updated={$_POST['localpart']}"); + } else { + header ("Location: admingroupchange.php?group_id={$_POST['group_id']}&group_failupdated={$_POST['localpart']}"); die; } ?> diff --git a/vexim/admingroupcontentdeletesubmit.php b/vexim/admingroupcontentdeletesubmit.php index 6832a059..09e8ec15 100644 --- a/vexim/admingroupcontentdeletesubmit.php +++ b/vexim/admingroupcontentdeletesubmit.php @@ -3,28 +3,28 @@ include_once dirname(__FILE__) . '/config/authpostmaster.php'; include_once dirname(__FILE__) . '/config/functions.php'; - # confirm that the user is updating a group they are permitted to change before going further + # confirm that the user is updating a group they are permitted to change before going further $query = "SELECT * FROM groups WHERE id=:group_id AND domain_id=:domain_id"; $sth = $dbh->prepare($query); $sth->execute(array(':group_id'=>$_REQUEST['group_id'], ':domain_id'=>$_SESSION['domain_id'])); if (!$sth->rowCount()) { - header ("Location: admingroupchange.php?group_id={$_REQUEST['group_id']}&group_failupdated={$_REQUEST['localpart']}"); - die(); + header ("Location: admingroupchange.php?group_id={$_REQUEST['group_id']}&group_failupdated={$_REQUEST['localpart']}"); + die(); } - + # validate user_id and group_id if (!isset($_REQUEST['member_id']) or !isset($_REQUEST['group_id'])) { header("Location: admingroup.php?badname={$_REQUEST_['member_id']}"); die; } - $query = "DELETE FROM group_contents + $query = "DELETE FROM group_contents WHERE group_id=:group_id AND member_id=:member_id"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':group_id'=>$_REQUEST['group_id'], ':member_id'=>$_REQUEST['member_id'])); - if ($success) { - header ("Location: admingroupchange.php?group_id={$_REQUEST['group_id']}&group_updated={$_REQUEST['localpart']}"); - } else { - header ("Location: admingroupchange.php?group_failupdated={$_REQUEST['localpart']}"); + if ($success) { + header ("Location: admingroupchange.php?group_id={$_REQUEST['group_id']}&group_updated={$_REQUEST['localpart']}"); + } else { + header ("Location: admingroupchange.php?group_failupdated={$_REQUEST['localpart']}"); } ?> diff --git a/vexim/admingroupdelete.php b/vexim/admingroupdelete.php index cbec322a..8d60b19a 100644 --- a/vexim/admingroupdelete.php +++ b/vexim/admingroupdelete.php @@ -5,15 +5,15 @@ if(array_key_exists('confirm', $_GET)) { if ($_GET['confirm'] == '1') { - # confirm that the user is deleting a group they are permitted to change before going further + # confirm that the user is deleting a group they are permitted to change before going further $query = "SELECT * FROM groups WHERE id=:group_id AND domain_id=:domain_id"; $sth = $dbh->prepare($query); $sth->execute(array(':group_id'=>$_GET['group_id'], ':domain_id'=>$_SESSION['domain_id'])); if (!$sth->rowCount()) { header ("Location: admingroup.php?group_faildeleted={$_GET['localpart']}"); - die(); + die(); } - + # delete group member first $query = "DELETE FROM group_contents WHERE group_id=:group_id"; $sth = $dbh->prepare($query); diff --git a/vexim/adminuser.php b/vexim/adminuser.php index e124f2c6..517887ac 100644 --- a/vexim/adminuser.php +++ b/vexim/adminuser.php @@ -33,7 +33,7 @@ WHERE users.domain_id=:domain_id AND domains.domain_id=users.domain_id AND (users.type='local' OR users.type='piped') - GROUP BY max_accounts"; + GROUP BY max_accounts"; $sth = $dbh->prepare($query); $sth->execute(array(':domain_id'=>$_SESSION['domain_id'])); $row = $sth->fetch(); @@ -72,7 +72,7 @@ @ : - diff --git a/vexim/adminuserblocksubmit.php b/vexim/adminuserblocksubmit.php index 73a22163..2d6ff393 100644 --- a/vexim/adminuserblocksubmit.php +++ b/vexim/adminuserblocksubmit.php @@ -4,7 +4,7 @@ include_once dirname(__FILE__) . '/config/functions.php'; include_once dirname(__FILE__) . '/config/httpheaders.php'; - + $action = (isset($_GET['action']) ? $_GET['action'] : null); if ($action == 'delete') { $query = "DELETE FROM blocklists WHERE block_id=:block_id @@ -27,7 +27,7 @@ die; } $query = "INSERT INTO blocklists - (domain_id, user_id, blockhdr, blockval, color) + (domain_id, user_id, blockhdr, blockval, color) VALUES (:domain_id, :user_id, :blockhdr, :blockval, :color)"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':domain_id'=>$_SESSION['domain_id'], diff --git a/vexim/adminuserchange.php b/vexim/adminuserchange.php index 8dfef084..9e1c601e 100644 --- a/vexim/adminuserchange.php +++ b/vexim/adminuserchange.php @@ -287,7 +287,7 @@ () - @@ -399,7 +399,7 @@ ?> - - + } + ?> diff --git a/vexim/adminuserdelete.php b/vexim/adminuserdelete.php index 0a470298..3beb2e0d 100644 --- a/vexim/adminuserdelete.php +++ b/vexim/adminuserdelete.php @@ -4,21 +4,21 @@ include_once dirname(__FILE__) . '/config/functions.php'; include_once dirname(__FILE__) . '/config/httpheaders.php'; -# confirm that the postmaster is looking to delete a user they are permitted to change before going further +# confirm that the postmaster is looking to delete a user they are permitted to change before going further $query = "SELECT * FROM users WHERE user_id=:user_id - AND domain_id=:domain_id + AND domain_id=:domain_id AND (type='local' OR type='piped')"; $sth = $dbh->prepare($query); $sth->execute(array(':user_id'=>$_GET['user_id'], ':domain_id'=>$_SESSION['domain_id'])); if (!$sth->rowCount()) { header ("Location: adminuser.php?faildeleted={$_GET['localpart']}"); - die(); + die(); } if(!isset($_GET['confirm'])) { $_GET['confirm'] = null; } if ($_GET['confirm'] == '1') { # prevent deleting the last admin - $query = "SELECT COUNT(user_id) AS count FROM users + $query = "SELECT COUNT(user_id) AS count FROM users WHERE admin=1 AND domain_id=:domain_id AND (type='local' OR type='piped') AND user_id!=:user_id"; @@ -28,7 +28,7 @@ if ($row['count'] == "0") { header ("Location: adminuser.php?lastadmin={$_GET['localpart']}"); die; - } + } $query = "DELETE FROM users WHERE user_id=:user_id @@ -45,11 +45,11 @@ header ("Location: adminuser.php?faildeleted={$_GET['localpart']}"); } die; -} else if ($_GET['confirm'] == "cancel") { +} else if ($_GET['confirm'] == "cancel") { header ("Location: adminuser.php?faildeleted={$_GET['localpart']}"); - die; + die; } else { - $query = "SELECT COUNT(user_id) AS count FROM users + $query = "SELECT COUNT(user_id) AS count FROM users WHERE admin=1 AND domain_id=:domain_id AND (type='local' OR type='piped') AND user_id!=:user_id"; @@ -59,7 +59,7 @@ if ($row['count'] == "0") { header ("Location: adminuser.php?lastadmin={$_GET['localpart']}"); die; - } + } $query = "SELECT localpart FROM users WHERE user_id=:user_id"; $sth = $dbh->prepare($query); $sth->execute(array(':user_id'=>$_GET['user_id'])); diff --git a/vexim/config/authuser.php b/vexim/config/authuser.php index f38f37b4..f233864f 100644 --- a/vexim/config/authuser.php +++ b/vexim/config/authuser.php @@ -2,34 +2,34 @@ include_once dirname(__FILE__) . '/variables.php'; include_once dirname(__FILE__) . '/functions.php'; include_once dirname(__FILE__) . '/httpheaders.php'; - + # some session debugging code #print_r($_SESSION); - + # confirm we have the necessary session variables if (!isset($_SESSION['user_id']) || !isset($_SESSION['domain_id']) || !isset($_SESSION['crypt']) - ) + ) { - header ("Location: index.php?login=failed&1"); - die(); + header ("Location: index.php?login=failed&1"); + die(); } - + # Match the session details to an admin account the domain of the postmaster $query = "SELECT crypt FROM users WHERE user_id=:user_id AND domain_id=:domain_id;"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':user_id'=>$_SESSION['user_id'], ':domain_id'=>$_SESSION['domain_id'])); if(!$success || !$sth->rowCount()) { - header ("Location: index.php?login=failed&2"); - die(); + header ("Location: index.php?login=failed&2"); + die(); } $row = $sth->fetch(); # confirm the crypted password in the session matches the crypted password in the database for the user if ($row['crypt'] !== $_SESSION['crypt']) { - header ("Location: index.php?login=failed&3"); - die(); + header ("Location: index.php?login=failed&3"); + die(); } ?> diff --git a/vexim/sitechangesubmit.php b/vexim/sitechangesubmit.php index c3db7a21..046c5f65 100644 --- a/vexim/sitechangesubmit.php +++ b/vexim/sitechangesubmit.php @@ -43,7 +43,7 @@ case 'adminpass': if (validate_password($_POST['clear'], $_POST['vclear'])) { - if (!password_strengthcheck($_POST['clear'])) { + if (!password_strengthcheck($_POST['clear'])) { header ("Location: site.php?weakpass={$_POST['domain']}"); die; } diff --git a/vexim/sitedelete.php b/vexim/sitedelete.php index ee81c770..7b6d933b 100644 --- a/vexim/sitedelete.php +++ b/vexim/sitedelete.php @@ -13,7 +13,7 @@ if(!isset($_GET['type'])) { $_GET['type'] = null; } - + // Delete the domain's users if (($_POST['confirm'] == "1") && ($_POST['type'] != "alias")) { $usrdelquery = "DELETE FROM users WHERE domain_id=:domain_id"; diff --git a/vexim/sitepasswordsubmit.php b/vexim/sitepasswordsubmit.php index bff07c23..a9f4d736 100644 --- a/vexim/sitepasswordsubmit.php +++ b/vexim/sitepasswordsubmit.php @@ -5,7 +5,7 @@ include_once dirname(__FILE__) . "/config/httpheaders.php"; if (validate_password($_POST['clear'], $_POST['vclear'])) { - if (!password_strengthcheck($_POST['clear'])) { + if (!password_strengthcheck($_POST['clear'])) { header ("Location: site.php?weakpass=siteadmin"); die; } diff --git a/vexim/userchangesubmit.php b/vexim/userchangesubmit.php index 7320b838..8c9827ac 100644 --- a/vexim/userchangesubmit.php +++ b/vexim/userchangesubmit.php @@ -112,4 +112,4 @@ } header ("Location: userchange.php?userfailed"); die; - +