* @version $Id: useracl.php,v 1.24 2007/07/05 09:36:48 avel Exp $ * * Main routine - Business and Presentation Logic (GUI) are in here */ /** Squirrelmail Includes */ if (file_exists('../../include/init.php')) { include_once('../../include/init.php'); } else if (file_exists('../../include/validate.php')) { define('SM_PATH','../../'); require_once(SM_PATH . 'include/validate.php'); require_once(SM_PATH . 'functions/global.php'); require_once(SM_PATH . 'functions/display_messages.php'); } require_once(SM_PATH . 'functions/imap.php'); include_once(SM_PATH . 'functions/imap_general.php'); sq_change_text_domain('useracl'); /** Useracl Includes */ require_once(SM_PATH . 'plugins/useracl/config.php'); require_once(SM_PATH . 'plugins/useracl/imap_acl.php'); require_once(SM_PATH . 'plugins/useracl/functions.php'); require_once(SM_PATH . 'plugins/useracl/html.php'); require_once(SM_PATH . 'plugins/useracl/mailnotify.php'); sqgetGlobalVar('key', $key, SQ_COOKIE); sqgetGlobalVar('username', $username, SQ_SESSION); sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); sqgetGlobalVar('perm_check', $perm_check, SQ_POST); if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_FORM)) { $submitted_token = ''; } if(isset($_POST['mbox'])) { $mbox = urldecode($_POST['mbox']); } if (isset($_GET['addacl'])) { $addacl = 1; } if(isset($_POST['perm_prev'])) { $perm_prev = $_POST['perm_prev']; } if(isset($_POST['mailbox'])) { $selected_mbox = urldecode($_POST['mailbox']); } elseif(isset($_GET['mailbox'])) { $selected_mbox = urldecode($_GET['mailbox']); } if(isset($_POST['notify'])) { $notify = true; } else { $notify = false; } if (isset($_POST['adduser']) || isset($_POST['adduser_x']) || isset($_POST['adduser_y'])) { $adduser = true; } if(isset($_POST['newuser'])) { $newuser = $_POST['newuser']; } if(isset($mbox) && isset($addacl)) { $selected_mbox = $mbox; } /* Useful For mail notifications */ $identity = getPref($data_dir, $username, 'identity'); if (isset($identity) && $identity != 'default') { $email_address = getPref($data_dir, $username, 'email_address' . $identity); $full_name = getPref($data_dir, $username, 'full_name' . $identity); $reply_to = getPref($data_dir, $username, 'reply_to' . $identity); } else { $from_mail = getPref($data_dir, $username, 'email_address'); $full_name = getPref($data_dir, $username, 'full_name'); $reply_to = getPref($data_dir, $username,'reply_to'); } /* i18n setup */ $lang_iso = getPref($data_dir, $username, 'language'); $lang = substr($lang_iso, 0, 2); $charset = $languages[$lang_iso]['CHARSET']; $location = get_location(); $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); if(sqimap_capability($imapConnection, 'ACL') == false ) { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); require_once(SM_PATH . 'functions/display_messages.php'); $string = "\n" . 'IMAP server does not support the ACL capability, sorry.'; "\n"; error_box($string,$color); sqimap_logout($imapConnection); exit; } /* ----- Handle POST Actions ----- */ if( isset($_POST['update_all']) || isset($_POST['update']) || isset($adduser) || $show_ldap_cn == true) { if($check_user_method == 'ldap') { /* Initialize ldap handle */ if(!($ldap=ldap_connect($ldap_server[$ldap_server_no]['host'], $ldap_server[$ldap_server_no]['port']))) { print "Could not connect to LDAP server."; } if (isset($ldap_server[$ldap_server_no]['binddn'])) { if (!ldap_bind($ldap, $ldap_server[$ldap_server_no]['binddn'], $ldap_server[$ldap_server_no]['bindpw'])) { print "Could not bind to LDAP server."; } } } } if(isset($_POST['update_all']) && isset($_POST['all_users'])) { /* Update All */ sm_validate_security_token($submitted_token, 3600, TRUE); $all_users = $_POST['all_users']; for($i=0;$i $info) { /* ACLs loop */ if(isset($perm_check[$user][$a])) { $perm_new[$user] .= $info['acl']; } } } foreach($perm_prev as $user=>$perm_old) { if($perm_old != $perm_new[$user]) { $re = set_permission($imapConnection, $mbox, $user, '', $perm_new[$user]); if($notify) { $notify_users[] = array('user' => $user, 'permission' => $perm_new[$user], 'mailbox' => $mbox, 'type' => 'change'); } } } if(isset($re)) { if($re) { $successmsg[] = sprintf( _("Successfully changed permissions for folder %s"), imap_utf7_decode_local($mbox)); } else { $errormsg[] = sprintf( _("Failed to change permissions for folder %s"), imap_utf7_decode_local($mbox)); } } elseif(!isset($newuser)) { $errormsg[] = sprintf (_("No changes in permissions for folder %s"), imap_utf7_decode_local($mbox)); } } if(isset($adduser) || (isset($_POST['update_all']) && isset($newuser))) { /* Add New User */ sm_validate_security_token($submitted_token, 3600, TRUE); $user = trim($newuser); if(strlen($user)) { $new_user_perm_check = array(); if(isset($_POST['new_user_perm_check'])) { $new_user_perm_check = $_POST['new_user_perm_check']; } $new_user_perm = ''; foreach($acl as $a => $info) { /* ACLs loop */ if(isset($new_user_perm_check[$a])) { $new_user_perm .= $info['acl']; } } if($user == $username) { /* Myself */ $errormsg[] = _("Cannot modify permissions on your own folder; you will always have full rights on your folders."); } elseif(isset($perm_prev[$user]) && $perm_prev[$user] == $new_user_perm) { /* Same user, same permission */ $neutralmsg[] = sprintf (_("No changes in permissions for user %s"), $user); } elseif(isset($perm_prev[$user]) && $perm_prev[$user] != $new_user_perm) { /* Same user, changed permission! */ if($ret = set_permission($imapConnection, $mbox, $user, '', $new_user_perm)) { $successmsg[] = sprintf( _("Successfully changed permissions for folder %s"), imap_utf7_decode_local($mbox)); $notify_users[] = array('user' => $user, 'permission' => $new_user_perm, 'mailbox' => $mbox, 'type'=>'change'); } else { $errormsg[] = sprintf( _("Failed to change permissions for folder %s"), imap_utf7_decode_local($mbox)); } } elseif($ret = set_permission($imapConnection, $mbox, $user, '', $new_user_perm)) { /* Successfully added acl for user */ $successmsg[] = sprintf( _("Successfully changed permissions for user %s."), $user); $notify_users[] = array('user' => $user, 'permission' => $new_user_perm, 'mailbox' => $mbox, 'type'=>'new'); } else { /* User does not exist */ $errormsg[] = sprintf( _("Failed to change permissions for user %s."), $user) . ' ' . _("Specified user does not exist."); } } } /* --- Main --- */ /* ------------- Business Logic --------- */ $boxes = useracl_mailbox_list($imapConnection); /* Gather all usernames together in this array. */ $usernames = array(); foreach($boxes as $no=>$box) { $mb = $box['unformatted']; /* Get ACLs only for subfolders of INBOX and INBOX itself - in case * there is an ACL there too. */ if( ($useracl_only_inbox == false) || (strstr($mb, 'INBOX')) ) { sqimap_getacl($imapConnection, $mb, $out); if(array_key_exists($username, $out)) { unset($out[$username]); } $perm[$mb] = $out; } } $perm_array = create_human_readable_permarray($perm); sqimap_logout($imapConnection); if(isset($ldap)) { /* Ask user full names so as to display nicely */ foreach($perm as $mb=>$pe) { $usernames = array_merge($usernames, array_keys($pe)); } /* !!! If removing a user, still keep her here for the data to remain * for email notification */ if(isset($perm_prev)) { foreach($perm_prev as $us=>$pe) { $usernames[] = $us; } } $usernames=array_unique($usernames); $usernames=array_values($usernames); if (!isset($ldap)) { if(!($ldap=ldap_connect($ldap_server[$ldap_server_no]['host'], $ldap_server[$ldap_server_no]['port']))) { print "Could not connect to LDAP server."; } if (isset($ldap_server[$ldap_server_no]['binddn'])) { if (!ldap_bind($ldap, $ldap_server[$ldap_server_no]['binddn'], $ldap_server[$ldap_server_no]['bindpw'])) { print "Could not bind to LDAP server."; } } } $filter = '(|(uid='; $filter .= implode(')(uid=', $usernames); $filter .= '))'; if($show_ldap_cn == true) { $attributes = array('cn', 'uid', 'mail'); } else { $attributes = array('uid', 'mail'); } if (!($sr = ldap_search($ldap, $ldap_server[$ldap_server_no]['base'], $filter, $attributes))) { print "Could not search for usernames."; } $entries = ldap_get_entries ($ldap, $sr); $names = array(); $mails = array(); for($i=0; $i<$entries['count']; $i++) { if($show_ldap_cn == true) { if(isset($entries[$i]['cn;lang-'.$lang][0])) { $names[$entries[$i]['uid'][0]] = useracl_string_convert($entries[$i]['cn;lang-'.$lang][0], $ldap_server[$ldap_server_no]['charset'], $charset); } elseif(isset($entries[$i]['cn'][0])) { $names[$entries[$i]['uid'][0]] = $entries[$i]['cn'][0]; } } if(isset($entries[$i]['mail'][0])) { $mails[$entries[$i]['uid'][0]] = $entries[$i]['mail'][0]; } /* Also fill in translated names for anonymous and anyone */ $names['anyone'] = ''. _("Anyone") .''; $names['anonymous'] = ''. _("Anonymous") .''; } ldap_close($ldap); } /* --- Mail Notification --- */ /* If there is mail notification to send, display the reminder/notice. */ if(isset($notify_users) && $notify) { require_once(SM_PATH . 'class/deliver/Deliver.class.php'); require_once(SM_PATH . 'functions/mime.php'); require_once(SM_PATH . 'functions/identity.php'); foreach($notify_users as $n=>$info) { if($info['user'] == 'anyone' || $info['user'] == 'anonymous') { continue; } $notifyMessage = new Message(); $rfc822_header = new Rfc822Header(); $notifyMessage->rfc822_header = $rfc822_header; $notifyMessage->reply_rfc822_header = ''; $body = useracl_prepare_notify_message($info); if(isset($mails)) { /* uids=>mails, taken from LDAP */ $send_to = $mails[$info['user']]; } else { /* Mail in the form of: userid@domain. Domain is the * default domain taken from config/config.php. */ $send_to = $info['user']. '@' . $domain; } global $subject; if($info['type'] == 'change' && $info['permission'] == 'none') { /* 'remove' */ $subject = sprintf("Notification for removal of access to shared folder, by user: %s, Folder: %s", $username, imap_utf7_decode_local($info['mailbox'])); } elseif($info['type'] == 'change') { /* 'change' */ $subject = sprintf("Notification for changes in access to shared folder, by user: %s, Folder: %s", $username, imap_utf7_decode_local($info['mailbox'])); } else { /* 'new' */ $subject = sprintf("Notification for new shared folder by user: %s, folder: %s", $username, imap_utf7_decode_local($info['mailbox'])); } $Result = deliverMessage($notifyMessage); if (! $Result) { $failnotify[] = $info; } else { $successnotify[] = $info; } unset($notifyMessage); } if(isset($failnotify)) { foreach($failnotify as $n=>$info) { if(isset($names[$info['user']])) { $info['printname'] = $info['user'] . ' ('.$names[$info['user']].')'; } else { $info['printname'] = $info['user']; } } if(sizeof($failnotify) == 1) { $errormsg[] = sprintf( _("Failed to send notification message to user %s"), $info['printname']); } elseif(sizeof($failnotify) > 1) { foreach($failnotify as $n=>$info) { $printnames[] = $info['printname']; } $errormsg[] = sprintf( _("Failed to send notification message to users: %s"), implode(', ',$printnames)); } } if(isset($successnotify)) { foreach($successnotify as $n=>$info) { if(isset($names[$info['user']])) { $info['printname'] = $info['user'] . ' ('.$names[$info['user']].')'; $successprint[] = $info['user'] . ' ('.$names[$info['user']].')'; } else { $info['printname'] = $info['user']; $successprint[] = $info['user']; } } if(sizeof($successprint) == 1) { $successmsg[] = sprintf( _("Successfully sent notification message to user %s"), $successprint[0]); } elseif(sizeof($successprint) > 1) { $successmsg[] = sprintf( _("Successfully sent notification message to users: %s"), implode(', ',$successprint)); } } } /* ------------- Presentation Logic --------- */ // Generate a new single token for the whole form $token = sm_generate_security_token(); $js = << function SetChecked(val) { dml=document.usersList; len = dml.elements.length; var i=0; for( i=0 ; i ECHO; if ($compose_new_win == '1' && isset($_GET['addacl'])) { displayHtmlHeader(_("Add New User Permission"), '', false); } else { sq_change_text_domain('squirrelmail'); displayPageHeader($color, ''); } sq_change_text_domain('useracl'); if(isset($successmsg) && $javascript_on && in_array('uoa_enhancements', $plugins)) { echo << if(parent.opener.window.location.pathname.substr(-13) == "left_main.php") parent.opener.window.location.reload(); ECHO; } if(isset($successmsg)) { print '
'; foreach($successmsg as $msg) { print $msg . '
'; } print '
'; } if(isset($neutralmsg)) { print '
'; foreach($neutralmsg as $msg) { print $msg . '
'; } print '
'; } if(isset($errormsg)) { print '
'; foreach($errormsg as $msg) { print $msg . '
'; } print '
'; } useracl_html_printheader( _("User Permissions") ); useracl_html_print_all_sections_start(); foreach($boxes as $no=>$box) { $mbox = $box['unformatted']; if (isset($_GET['addacl'])) { if($mbox != $selected_mbox) { continue; } } if( (isset($perm[$mbox]) && sizeof($perm[$mbox]) > 0 ) || isset($addacl)) { $formname = "form_".str_replace(array('.','%', '-') , array('_','_','_'), rawurlencode($mbox)); useracl_html_print_section_start( sprintf( _("Current Permissions for Folder: %s") , ''.imap_utf7_decode_local($mbox).'')); print '
'; print ''; print ''; print ''; useracl_print_table_header(); if(isset($perm[$mbox]) && sizeof($perm[$mbox]) > 0) { useracl_print_array($perm[$mbox], $mbox); /* } else { useracl_print_array(array(), $mbox); */ } useracl_print_addnew($formname); useracl_print_table_footer(); print '
'; print '
'; useracl_html_print_section_end(); unset($formname); } } if( ( isset($_GET['addacl']) && !isset($selected_mbox) ) || ( !isset($_GET['addacl']) ) ){ useracl_html_print_section_start( _("Add New User Permission") ); print '
'; print ''; print ''; useracl_print_table_header(true); if(isset($_POST['mbox'])) { useracl_print_addnew_separate(urldecode($_POST['mbox'])); } else { useracl_print_addnew_separate(); } print '
'; print '
'; useracl_html_print_section_end(); } useracl_html_print_all_sections_end(); sq_change_text_domain('squirrelmail'); if ($compose_new_win == '1' && isset($_GET['addacl'])) { echo ''."\n"; } useracl_html_printfooter();