load_config(); $this->debug = $rcmail->config->get('sender_access_list_debug'); $this->dsn = $rcmail->config->get('sender_access_list_db_dsn', ''); $this->whitelist_query = $rcmail->config->get('sender_access_list_whitelist_query', ''); $this->blacklist_query = $rcmail->config->get('sender_access_list_blacklist_query', ''); $this->load_query = $rcmail->config->get('sender_access_list_load_query', ''); $this->remove_query = $rcmail->config->get('sender_access_list_remove_query', ''); if (!$this->dsn) { if ($this->debug) write_log('sender_access_list', 'sender_access_list_db_dsn parameter not found in /plugins/sender_access_list/config.inc.php'); } elseif (!$this->whitelist_query) { if ($this->debug) write_log('sender_access_list', 'sender_access_list_whitelist_query parameter not found in /plugins/sender_access_list/config.inc.php'); } elseif (!$this->blacklist_query) { if ($this->debug) write_log('sender_access_list', 'sender_access_list_blacklist_query parameter not found in /plugins/sender_access_list/config.inc.php'); } else { $this->add_texts('localization', true); if ($rcmail->task == 'settings') { $this->include_stylesheet($this->local_skin_path() .'/sender_access_list-settings.css'); if ($rcmail->output->browser->ie && $rcmail->output->browser->ver == 6) $this->include_stylesheet($this->local_skin_path() . '/ie6hacks.css'); $this->register_action('plugin.sender_access_list', array($this, 'action_sender_access_list_settings_init')); $this->register_action('plugin.sender_access_list.addressrule_add', array($this, 'action_sender_access_list_addressrule_add')); $this->register_action('plugin.sender_access_list.addressrule_del', array($this, 'action_sender_access_list_addressrule_del')); $this->include_script('sender_access_list-settings.js'); } else { $this->register_action('plugin.sender_access_list.blacklist', array($this, 'action_to_blacklist')); $this->register_action('plugin.sender_access_list.whitelist', array($this, 'action_to_whitelist')); $this->toolbar = $rcmail->config->get('sender_access_list_mb_toolbar', true); $this->markmenu = $rcmail->config->get('sender_access_list_mb_markmenu', true); $this->messageheaders = $rcmail->config->get('sender_access_list_mb_messageheaders', true); if ($rcmail->action == '' || $rcmail->action == 'show' || $rcmail->action == 'preview') { $this->add_hook('storage_init', array($this, 'hook_storage_init')); } if (($rcmail->action == 'show' || $rcmail->action == 'preview') and $this->messageheaders) { $this->add_hook('message_headers_output', array($this, 'hook_message_headers')); } if ($rcmail->action == '' || $rcmail->action == 'show') { $this->include_script('sender_access_list-mail.js'); $this->include_stylesheet($this->local_skin_path() .'/sender_access_list-mail.css'); if ($rcmail->output->browser->ie && $rcmail->output->browser->ver == 6) $this->include_stylesheet($this->local_skin_path() . '/ie6hacks.css'); if ($this->toolbar) { $this->add_button(array('command' => 'plugin.sender_access_list.blacklist', 'type' => 'link', 'class' => 'button buttonPas senderblacklist disabled', 'classact' => 'button senderblacklist', 'classsel' => 'button senderblacklistSel', 'title' => 'sender_access_list.buttonblacklist', 'label' => 'sender_access_list.blacklist', 'style' => ''), 'toolbar'); $this->add_button(array('command' => 'plugin.sender_access_list.whitelist', 'type' => 'link', 'class' => 'button buttonPas senderwhitelist disabled', 'classact' => 'button senderwhitelist', 'classsel' => 'button senderwhitelistSel', 'title' => 'sender_access_list.buttonwhitelist', 'label' => 'sender_access_list.whitelist', 'style' => ''), 'toolbar'); } if ($this->markmenu) { $blacklist = $this->api->output->button(array('command' => 'plugin.sender_access_list.blacklist', 'label' => 'sender_access_list.menublacklist', 'id' => 'senderblacklist', 'class' => 'icon senderblacklist', 'classact' => 'icon senderblacklist active', 'innerclass' => 'icon senderblacklist')); $whitelist = $this->api->output->button(array('command' => 'plugin.sender_access_list.whitelist', 'label' => 'sender_access_list.menuwhitelist', 'id' => 'senderwhitelist', 'class' => 'icon senderwhitelist', 'classact' => 'icon senderwhitelist active', 'innerclass' => 'icon senderwhitelist')); $this->api->add_content(html::tag('li', array('style' => ''), $blacklist), 'markmenu'); $this->api->add_content(html::tag('li', array('style' => ''), $whitelist), 'markmenu'); } $this->api->output->set_env('sender_access_list_markmenu', $this->markmenu); } } } } function action_sender_access_list_settings_init() { $this->add_texts('localization'); $this->register_handler('plugin.body', array($this, 'handler_sender_access_list_settings_form')); $rcmail = rcube::get_instance(); $rcmail->output->set_pagetitle($this->gettext('personalaccesslists')); $rcmail->output->send('plugin'); } function handler_sender_access_list_settings_form() { $rcmail = rcube::get_instance(); // add some labels to client $rcmail->output->add_label( 'sender_access_list.accessliststabdesc', 'sender_access_list.accesslists', 'sender_access_list.chooselist', 'sender_access_list.invalidlistno', 'sender_access_list.enteraddress', 'sender_access_list.addressexists', 'sender_access_list.addresserror', 'sender_access_list.addressdelete', 'sender_access_list.addedto' ); $table1 = new html_table(array('id' => 'addressrulestable', 'class' => 'addressrulestable records-table addressrule_list', 'cellspacing' => '0', 'cols' => 4)); $table1->add_header('rule', $this->gettext('addressrulestable-title-rule')); $table1->add_header('address', $this->gettext('addressrulestable-title-senderaddress')); $table1->add_header('control', ' '); $table1->add_header('empty', ' '); $field_id = 'rcmfd_accesslist_rule'; $input_accesslist_rule = new html_select(array('name' => '_accesslist_rule', 'id' => $field_id)); $input_accesslist_rule->add($this->gettext('rulelistdefault'), ''); $input_accesslist_rule->add($this->gettext('toblacklist'), 'blacklist_from'); $input_accesslist_rule->add($this->gettext('towhitelist'), 'whitelist_from'); $field_id = 'rcmfd_accesslist_address'; $input_accesslist_address = new html_inputfield(array('name' => '_accesslist_address', 'id' => $field_id, 'style' => 'width:200px;')); $field_id = 'rcmbtn_accesslist_add'; $button_accesslist_add = $rcmail->output->button(array('command' => 'plugin.sender_access_list.addressrule_add', 'type' => 'input', 'id' => $field_id, 'class' => 'button', 'label' => 'sender_access_list.addrule')); $table1->add(array('class' => 'ruletype'), $input_accesslist_rule->show()); $table1->add(array('class' => 'address'), $input_accesslist_address->show()); $table1->add(array('class' => 'control'), $button_accesslist_add); $table1->add(null, ' '); $this->load_accesslist(); $hidden_access_list_addresses = new html_hiddenfield(array('name' => '_access_list_addresses[]', 'value' => $accesslist_address)); $hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => '')); $table1->add(array(), ' '); $table1->set_row_attribs(array('style' => 'display: none;')); $table1->add(array('class' => 'address'), $accesslist_address); $del_button = $rcmail->output->button(array('command' => 'plugin.sender_access_list.addressrule_del', 'type' => 'link', 'class' => 'delete', 'label' => 'delete', 'content' => ' ')); $table1->add(array('class' => 'control'), $del_button . $hidden_access_list_addresses->show() . $hidden_access_list_rules->show()); $table1->add(null, ' '); if ($this->accesslist) $table1->set_row_attribs(array('style' => 'display: none;')); $table1->add(array('colspan' => '4'), rep_specialchars_output($this->gettext('noaddressrules'))); foreach ($this->accesslist as $accesslist_address => $accesslist_rule) { $hidden_access_list_addresses = new html_hiddenfield(array('name' => '_access_list_addresses[]', 'value' => $accesslist_address)); if ($accesslist_rule == 'blacklist_from') { $table1->add(array('class' => 'rule blacklist_from'), $this->gettext('blacklisted_from')); $hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => 'blacklist_from')); } elseif ($accesslist_rule == 'whitelist_from') { $table1->add(array('class' => 'rule whitelist_from'), $this->gettext('whitelisted_from')); $hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => 'whitelist_from')); } else { $table1->add(array(), ' '); $hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => '')); } $table1->add(array('class' => 'address'), $accesslist_address); $table1->add(array('class' => 'control'), $del_button . $hidden_access_list_addresses->show() . $hidden_access_list_rules->show()); $table1->add(null, ' '); } $out = html::div( array('class' => 'box fullscreen'), html::div(array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('personalaccesslists')) . html::div( array('class' => 'boxcontent fullscreen crop'), html::p(array('style' => 'margin-top: 0;'), rcmail::Q($this->gettext('whitelistexp'))) . $table1->show() ) ); $rcmail->output->add_gui_object('sender_access_list-form', 'sender_access_list-form'); return $rcmail->output->form_tag(array( 'id' => 'sender_access_list-form', 'name' => 'sender_access_list-form', 'method' => '', 'action' => '', ), $out); } function load_accesslist() { $this->accesslist = array(); $rcmail = rcube::get_instance(); $storage = $rcmail->storage; $db = rcube_db::factory($this->dsn, '', FALSE); $db->set_debug((bool)$this->debug); $dsn = rcube_db::parse_dsn($this->dsn); $db->db_connect('w'); if ($error = $db->is_error()) { $error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error'); $this->api->output->send(); } else { $query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $this->load_query); $sql_result = $db->query($query); if ($error = $db->is_error()) { $error_message = "query '$query' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); $this->api->output->command('display_message', $this->gettext("unable_to_load_accesslist"), 'error'); $this->api->output->send(); } else { while ($sql_result && ($sql_arr = $db->fetch_assoc($sql_result))) { $this->accesslist[$sql_arr['accesslist_address']] = $sql_arr['accesslist_rule']; } } } } function action_sender_access_list_addressrule_add() { $rcmail = rcube::get_instance(); $storage = $rcmail->storage; $db = rcube_db::factory($this->dsn, '', FALSE); $db->set_debug((bool)$this->debug); $dsn = rcube_db::parse_dsn($this->dsn); $db->db_connect('w'); if ($error = $db->is_error()) { $error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error'); $this->api->output->send(); } else { $action = trim(rcube_utils::get_input_value('_act', RCUBE_INPUT_GPC)); $sender_address = trim(rcube_utils::get_input_value('_address', RCUBE_INPUT_GPC)); if (($action == 1) or ($action == 2)) { $query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), ($action == 1 ? $this->blacklist_query : $this->whitelist_query)); $sender_address = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $sender_address); if (!$sender_address) { $error_message = "Sender address expected for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "HTTP Error: ".$error_message); } elseif (preg_match('/[;\(\)""]/', $sender_address)) { $error_message = "invalid characters found in the sender's address '".$sender_address."' for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "HTTP Error: ".$error_message); } elseif ($sender_address == '<>') { $error_message = "can not add an empty sender address to access list for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'user', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "USER Error: ".$error_message); } else { $sql = str_replace('%sender', $db->quote($sender_address, 'text'), $query); $res = $db->query($sql); if ($error = $db->is_error()) { $error_message = "query '$sql' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); } else { if ($this->debug) write_log('sender_access_list', "sender address '".$sender_address."' ".($action == 1 ? "blacklisted" : "whitelisted")." by user '".$_SESSION['username']."'"); } } } } } function action_sender_access_list_addressrule_del() { $rcmail = rcube::get_instance(); $storage = $rcmail->storage; $db = rcube_db::factory($this->dsn, '', FALSE); $db->set_debug((bool)$this->debug); $dsn = rcube_db::parse_dsn($this->dsn); $db->db_connect('w'); if ($error = $db->is_error()) { $error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error'); $this->api->output->send(); } else { $sender_address = trim(rcube_utils::get_input_value('_address', RCUBE_INPUT_GPC)); $query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $this->remove_query); $sender_address = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $sender_address); if (!$sender_address) { $error_message = "Sender address expected for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "HTTP Error: ".$error_message); } elseif (preg_match('/[;\(\)""]/', $sender_address)) { $error_message = "invalid characters found in the sender's address '".$sender_address."' for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "HTTP Error: ".$error_message); } else { $sql = str_replace('%sender', $db->quote($sender_address, 'text'), $query); $res = $db->query($sql); if ($error = $db->is_error()) { $error_message = "query '$sql' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); } else { if ($this->debug) write_log('sender_access_list', "sender address '".$sender_address."' removed from access list by user '".$_SESSION['username']."'"); } } } } function hook_storage_init($p) { $p['fetch_headers'] = trim($p['fetch_headers'].' RETURN-PATH'); return $p; } function hook_message_headers($p) { $rcmail = rcube::get_instance(); $header = 'Return-Path'; if ($value = $p['headers']->get($header, false)) { if (is_array($value)) $value = $value[0]; $value = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $value); $icon_blacklist = sprintf("", $this->gettext('buttonblacklist'), $this->local_skin_path()); $icon_whitelist = sprintf("", $this->gettext('buttonwhitelist'), $this->local_skin_path()); $p['output'][$header."-accesslist"] = array('title' => $this->gettext('realsenderaddress'), 'value' => ($value ? sprintf("%s %s %s", rcmail::Q($value), rcmail::Q($value), rcmail::Q($value), $icon_blacklist, $icon_whitelist) : '<>'), 'html' => 1); } return $p; } function action_to_blacklist() { $this->add_texts('localization'); $uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST); $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $this->_add_sender_address($uids, $mbox, true, $this->blacklist_query); $this->api->output->command('display_message', $this->gettext('reportedasblacklisted'), 'confirmation'); $this->api->output->send(); } function action_to_whitelist() { $this->add_texts('localization'); $uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST); $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST); $this->_add_sender_address($uids, $mbox, false, $this->whitelist_query); $this->api->output->command('display_message', $this->gettext('reportedaswhitelisted'), 'confirmation'); $this->api->output->send(); } private function _add_sender_address($uids, $mbox_name = NULL, $blacklist = true, $query) { $rcmail = rcube::get_instance(); $storage = $rcmail->storage; $db = rcube_db::factory($this->dsn, '', FALSE); $db->set_debug((bool)$this->debug); $dsn = rcube_db::parse_dsn($this->dsn); $db->db_connect('w'); if ($error = $db->is_error()) { $error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error'); $this->api->output->send(); } else { $query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $query); foreach (explode(",", $uids) as $uid) { $message = new rcube_message($uid); $sender_address = $message->headers->get('Return-path', false); if (is_array($sender_address)) $sender_address = $sender_address[0]; $sender_address = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $sender_address); if (!$sender_address) { $error_message = "unable to get header Return-path from message with UID ".$uid." for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "IMAP Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('unable_to_get_sender_address'), 'error'); $this->api->output->send(); } elseif (preg_match('/[;\(\)""]/', $sender_address)) { $error_message = "invalid characters found in the sender's address '".$sender_address."' for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "IMAP Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('addresserror'), 'error'); $this->api->output->send(); } elseif ($sender_address == '<>') { $error_message = "can not add an empty sender address to access list for user '".$_SESSION['username']."'"; raise_error(array('code' => 600, 'type' => 'user', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "USER Error: ".$error_message); $this->api->output->command('display_message', $this->gettext('can_not_add_empty_sender_address'), 'error'); $this->api->output->send(); } else { $sql = str_replace('%sender', $db->quote($sender_address, 'text'), $query); $res = $db->query($sql); if ($error = $db->is_error()) { $error_message = "query '$sql' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error; raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false); if ($this->debug) write_log('sender_access_list', "DB Error: ".$error_message); $this->api->output->command('display_message', $this->gettext($blacklist ? "unable_to_save_sender_address_to_blacklist" : "unable_to_save_sender_address_to_whitelist"), 'error'); $this->api->output->send(); } else { if ($this->debug) write_log('sender_access_list', "sender address '".$sender_address."' ".($blacklist ? "blacklisted" : "whitelisted")." by user '".$_SESSION['username']."'"); } } } } } } ?>