summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manager/application/configs/application.ini1
-rw-r--r--manager/application/controllers/MailController.php15
-rw-r--r--manager/library/CAcert/User/Emails.php57
3 files changed, 71 insertions, 2 deletions
diff --git a/manager/application/configs/application.ini b/manager/application/configs/application.ini
index 61edc99..61f7d98 100644
--- a/manager/application/configs/application.ini
+++ b/manager/application/configs/application.ini
@@ -10,6 +10,7 @@ resources.frontController.noErrorHandler = 0
resources.frontController.useDefaultControllerAlways = 0
resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts"
resources.view[] =
+autoloadernamespaces.0 = "CAcert_"
; Database settings for Session DB
ca_mgr.db.session.pdo = "Pdo_Mysql"
diff --git a/manager/application/controllers/MailController.php b/manager/application/controllers/MailController.php
index 1ba73e2..e1449fd 100644
--- a/manager/application/controllers/MailController.php
+++ b/manager/application/controllers/MailController.php
@@ -8,6 +8,11 @@ require_once(LIBRARY_PATH . '/imap/imapConnection.php');
class MailController extends Zend_Controller_Action
{
+ /**
+ * list of email addresses associated with that account
+ * @var array
+ */
+ private $addresses = array();
public function init()
{
@@ -25,6 +30,11 @@ class MailController extends Zend_Controller_Action
$this->view->url(array('controller' => 'mail', 'action' => 'full'), 'default', true) .
'"' . (($action == 'full')?' class="active"':'') . '>' . I18n::_('View all Mails') . '</a>', Zend_View_Helper_Placeholder_Container_Abstract::SET, 2);
}
+
+ $emails = new CAcert_User_Emails();
+
+ $this->addresses = $emails->getEmailAddressesByLogin($session->authdata['authed_username']);
+
}
public function indexAction()
@@ -43,7 +53,7 @@ class MailController extends Zend_Controller_Action
$header = $imap->imapHeader($i+1);
// skip all emails that do not belong to the user
- if ($header->toaddress != $session->authdata['authed_username'])
+ if (!in_array($header->toaddress, $this->addresses))
continue;
$header->uid = $imap->imapUID($i+1);
@@ -114,7 +124,8 @@ class MailController extends Zend_Controller_Action
$header = $imap->imapFetchOverview($uid);
$session = Zend_Registry::get('session');
- if ($session->authdata['authed_role'] != 'Admin' && $header->to != $session->authdata['authed_username']) {
+
+ if ($session->authdata['authed_role'] != 'Admin' && !in_array($header->to, $this->addresses)) {
$this->view->message = I18n::_('This message does not belong to you');
}
else {
diff --git a/manager/library/CAcert/User/Emails.php b/manager/library/CAcert/User/Emails.php
new file mode 100644
index 0000000..d345ce8
--- /dev/null
+++ b/manager/library/CAcert/User/Emails.php
@@ -0,0 +1,57 @@
+<?php
+
+class CAcert_User_Emails {
+ public function __construct() {
+ Log::Log()->debug(__METHOD__);
+ }
+
+ /**
+ * get list of email addresses by login, needed to be able to filter emails
+ * @param string $addr
+ * @return array
+ */
+ public function getEmailAddressesByLogin($addr) {
+ $db = Zend_Registry::get('auth2_dbc');
+
+ /**
+ * find out user id by email address
+ */
+ $sql = 'select users.id from users where email=?';
+
+ $id = $db->fetchOne($sql, array($addr));
+
+ /**
+ * get secondary email addresses
+ */
+ $sql = 'select email.email from email where memid=?';
+
+ $res = $db->query($sql, array($id));
+
+ $emails = array();
+
+ $num = $res->rowCount();
+ for ($i = 0; $i < $num; $i++) {
+ $row = $res->fetch(PDO::FETCH_ASSOC);
+ $emails[] = $row['email'];
+ }
+
+ /**
+ * get additional addresses by domains
+ */
+ $sql = 'select domains.domain from domains where memid=?';
+
+ $res = $db->query($sql, array($id));
+ $num = $res->rowCount();
+ $variants = array('root','hostmaster','postmaster','admin','webmaster');
+ for ($i = 0; $i < $num; $i++) {
+ $row = $res->fetch(PDO::FETCH_ASSOC);
+
+ foreach ($variants as $variant) {
+ $emails[] = $variants . '@' . $row['domain'];
+ }
+ }
+
+ Log::Log()->debug(__METHOD__ . ' mail addresses ' . var_export($emails, true));
+ return $emails;
+ }
+} \ No newline at end of file