load_config();
$this->debug = $rcmail->config->get('sender_access_list_debug');
$this->dsn = $rcmail->config->get('sender_access_list_db_dsn', '');
$this->whitelist_query = $rcmail->config->get('sender_access_list_whitelist_query', '');
$this->blacklist_query = $rcmail->config->get('sender_access_list_blacklist_query', '');
$this->load_query = $rcmail->config->get('sender_access_list_load_query', '');
$this->remove_query = $rcmail->config->get('sender_access_list_remove_query', '');
if (!$this->dsn) {
if ($this->debug) rcube::write_log('sender_access_list', 'sender_access_list_db_dsn parameter not found in /plugins/sender_access_list/config.inc.php');
} elseif (!$this->whitelist_query) {
if ($this->debug) rcube::write_log('sender_access_list', 'sender_access_list_whitelist_query parameter not found in /plugins/sender_access_list/config.inc.php');
} elseif (!$this->blacklist_query) {
if ($this->debug) rcube::write_log('sender_access_list', 'sender_access_list_blacklist_query parameter not found in /plugins/sender_access_list/config.inc.php');
} else {
$this->add_texts('localization', true);
if ($rcmail->task == 'settings') {
$this->add_hook('settings_actions', array($this, 'settings_actions'));
$this->include_stylesheet($this->local_skin_path() .'/sender_access_list-settings.css');
$this->register_action('plugin.sender_access_list', array($this, 'action_sender_access_list_settings_init'));
$this->register_action('plugin.sender_access_list.addressrule_add', array($this, 'action_sender_access_list_addressrule_add'));
$this->register_action('plugin.sender_access_list.addressrule_del', array($this, 'action_sender_access_list_addressrule_del'));
$this->include_script('sender_access_list-settings.js');
} else {
$this->register_action('plugin.sender_access_list.blacklist', array($this, 'action_to_blacklist'));
$this->register_action('plugin.sender_access_list.whitelist', array($this, 'action_to_whitelist'));
$this->toolbar = $rcmail->config->get('sender_access_list_mb_toolbar', true);
$this->markmenu = $rcmail->config->get('sender_access_list_mb_markmenu', true);
$this->messageheaders = $rcmail->config->get('sender_access_list_mb_messageheaders', true);
if ($rcmail->action == '' || $rcmail->action == 'show' || $rcmail->action == 'preview') {
$this->add_hook('storage_init', array($this, 'hook_storage_init'));
}
if (($rcmail->action == 'show' || $rcmail->action == 'preview') and $this->messageheaders) {
$this->add_hook('message_headers_output', array($this, 'hook_message_headers'));
}
if ($rcmail->action == '' || $rcmail->action == 'show') {
$this->include_script('sender_access_list-mail.js');
$this->include_stylesheet($this->local_skin_path() .'/sender_access_list-mail.css');
if ($this->toolbar) {
$this->add_button(array(
'command' => 'plugin.sender_access_list.blacklist',
'type' => 'link',
'class' => 'button buttonPas senderblacklist disabled',
'classact' => 'button senderblacklist',
'classsel' => 'button senderblacklistSel',
'title' => 'sender_access_list.buttonblacklist',
'label' => 'sender_access_list.blacklist',
'innerclass' => 'inner',
'style' => ''
), 'toolbar');
$this->add_button(array(
'command' => 'plugin.sender_access_list.whitelist',
'type' => 'link',
'class' => 'button buttonPas senderwhitelist disabled',
'classact' => 'button senderwhitelist',
'classsel' => 'button senderwhitelistSel',
'title' => 'sender_access_list.buttonwhitelist',
'label' => 'sender_access_list.whitelist',
'innerclass' => 'inner',
'style' => ''
), 'toolbar');
}
if ($this->markmenu) {
$blacklist = $this->api->output->button(array('command' => 'plugin.sender_access_list.blacklist', 'type' => 'link', 'label' => 'sender_access_list.menublacklist', 'id' => 'senderblacklist', 'class' => 'icon senderblacklist', 'classact' => 'icon senderblacklist active', 'innerclass' => 'icon senderblacklist'));
$whitelist = $this->api->output->button(array('command' => 'plugin.sender_access_list.whitelist', 'type' => 'link', 'label' => 'sender_access_list.menuwhitelist', 'id' => 'senderwhitelist', 'class' => 'icon senderwhitelist', 'classact' => 'icon senderwhitelist active', 'innerclass' => 'icon senderwhitelist'));
$this->api->add_content(html::tag('li', array('role' => 'menuitem', 'style' => ''), $blacklist), 'markmenu');
$this->api->add_content(html::tag('li', array('role' => 'menuitem', 'style' => ''), $whitelist), 'markmenu');
}
$this->api->output->set_env('sender_access_list_markmenu', $this->markmenu);
}
}
}
}
function settings_actions($args) {
// register as settings action
$args['actions'][] = array(
'action' => 'plugin.sender_access_list',
'class' => 'sender_access_list',
'label' => 'accesslists',
'title' => 'accessliststabdesc',
'domain' => 'sender_access_list',
);
return $args;
}
function action_sender_access_list_settings_init() {
$this->add_texts('localization');
$this->register_handler('plugin.body', array($this, 'handler_sender_access_list_settings_form'));
$rcmail = rcube::get_instance();
$rcmail->output->set_pagetitle($this->gettext('personalaccesslists'));
$rcmail->output->send('plugin');
}
function handler_sender_access_list_settings_form() {
$rcmail = rcube::get_instance();
// add some labels to client
$rcmail->output->add_label(
'sender_access_list.accessliststabdesc',
'sender_access_list.accesslists',
'sender_access_list.invalidlistno',
'sender_access_list.enteraddress',
'sender_access_list.addressexists',
'sender_access_list.addresserror',
'sender_access_list.addressdelete',
'sender_access_list.blacklisted',
'sender_access_list.whitelisted'
);
$table1 = new html_table(array('id' => 'addressrulestable', 'class' => 'addressrulestable records-table addressrule_list', 'cellspacing' => '0', 'cols' => 4));
$table1->add_header('address', $this->gettext('addressrulestable-title-senderaddress'));
$table1->add_header('rule', $this->gettext('addressrulestable-title-rule'));
$table1->add_header('control', ' ');
$table1->add_header('empty', ' ');
$field_id = 'rcmfd_accesslist_address';
$input_accesslist_address = new html_inputfield(array(
'name' => '_accesslist_address',
'id' => $field_id,
'class' => 'form-control',
'type' => 'text',
'placeholder' => $this->gettext('addressrulestable-title-senderaddress'),
'value' => ''
));
$field_id = 'rcmfd_accesslist_rule';
$input_accesslist_rule = new html_select(array(
'name' => '_accesslist_rule',
'id' => $field_id
));
$input_accesslist_rule->add($this->gettext('towhitelist'), 'towhitelist');
$input_accesslist_rule->add($this->gettext('toblacklist'), 'toblacklist');
$field_id = 'rcmbtn_accesslist_add';
$accesslist_button_add = $rcmail->output->button(array(
'command' => 'plugin.sender_access_list.addressrule_add',
'type' => 'button',
'id' => $field_id,
'class' => 'button add',
'label' => 'sender_access_list.addrule',
'title' => $this->gettext('addrule')
));
$table1->add(array('class' => 'address'), $input_accesslist_address->show());
$table1->add(array('class' => 'ruletype'), $input_accesslist_rule->show());
$table1->add(array('class' => 'control'), $accesslist_button_add);
$table1->add(array('class' => 'last'), ' ');
$this->load_accesslist();
$hidden_access_list_addresses = new html_hiddenfield(array('name' => '_access_list_addresses[]', 'value' => $accesslist_address));
$hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => ''));
$accesslist_button_del = $rcmail->output->button(array(
'command' => 'plugin.sender_access_list.addressrule_del',
'type' => 'link',
'class' => 'button delete',
'title' => $this->gettext('deleterule'),
'content' => ' '
));
$table1->add(array('class' => 'address value'), $accesslist_address);
$table1->set_row_attribs(array('style' => 'display: none;'));
$table1->add(array('class' => 'rule value'), ' ');
$table1->add(array('class' => 'control'), $accesslist_button_del . $hidden_access_list_addresses->show() . $hidden_access_list_rules->show());
$table1->add(null, ' ');
if ($this->accesslist) $table1->set_row_attribs(array('style' => 'display: none;'));
$table1->add(array('colspan' => '4'), rcube_utils::rep_specialchars_output($this->gettext('noaddressrules')));
foreach ($this->accesslist as $accesslist_address => $accesslist_rule) {
$hidden_access_list_addresses = new html_hiddenfield(array('name' => '_access_list_addresses[]', 'value' => $accesslist_address));
$table1->add(array('class' => 'address value'), $accesslist_address);
if ($accesslist_rule == 'blacklist_from') {
$table1->add(array('class' => 'ruletype value blacklisted'), $this->gettext('blacklisted'));
$hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => 'blacklist_from'));
} elseif ($accesslist_rule == 'whitelist_from') {
$table1->add(array('class' => 'ruletype value whitelisted'), $this->gettext('whitelisted'));
$hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => 'whitelist_from'));
} else {
$table1->add(array(), ' ');
$hidden_access_list_rules = new html_hiddenfield(array('name' => '_access_list_rules[]', 'value' => ''));
}
$table1->add(array('class' => 'control'), $accesslist_button_del . $hidden_access_list_addresses->show() . $hidden_access_list_rules->show());
$table1->add(null, ' ');
}
$rcmail->output->add_gui_object('sender_access_list-form', 'sender_access_list-form');
$form = $rcmail->output->form_tag(array(
'id' => 'sender_access_list-form',
'name' => 'sender_access_list-form',
'method' => '',
'action' => '',
), html::p(array(/* 'style' => 'margin-top: 0;' */), rcmail::Q($this->gettext('whitelistexp'))) . $table1->show());
return html::div(array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('personalaccesslists'))
. html::div(array('class' => 'box formcontainer scroller'),
html::div(array('class' => 'boxcontent formcontent'), $form)
);
}
function load_accesslist() {
$this->accesslist = array();
$rcmail = rcube::get_instance();
$storage = $rcmail->storage;
$db = rcube_db::factory($this->dsn, '', FALSE);
$db->set_debug((bool)$this->debug);
$dsn = rcube_db::parse_dsn($this->dsn);
$db->db_connect('w');
if ($error = $db->is_error()) {
$error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error');
$this->api->output->send();
} else {
$query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $this->load_query);
$sql_result = $db->query($query);
if ($error = $db->is_error()) {
$error_message = "query '$query' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext("unable_to_load_accesslist"), 'error');
$this->api->output->send();
} else {
while ($sql_result and ($sql_arr = $db->fetch_assoc($sql_result))) {
$this->accesslist[$sql_arr['accesslist_address']] = $sql_arr['accesslist_rule'];
}
}
}
}
function action_sender_access_list_addressrule_add() {
$rcmail = rcube::get_instance();
$storage = $rcmail->storage;
$db = rcube_db::factory($this->dsn, '', FALSE);
$db->set_debug((bool)$this->debug);
$dsn = rcube_db::parse_dsn($this->dsn);
$db->db_connect('w');
if ($error = $db->is_error()) {
$error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error');
$this->api->output->send();
} else {
$action = trim(rcube_utils::get_input_value('_act', rcube_utils::INPUT_GPC));
$sender_address = trim(rcube_utils::get_input_value('_address', rcube_utils::INPUT_GPC));
if (($action == "toblacklist") or ($action == "towhitelist")) {
$query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), ($action == "toblacklist" ? $this->blacklist_query : $this->whitelist_query));
$sender_address = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $sender_address);
if (!$sender_address) {
$error_message = "Sender address expected for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "HTTP Error: ".$error_message);
} elseif (preg_match('/[;\(\)""]/', $sender_address)) {
$error_message = "invalid characters found in the sender's address '".$sender_address."' for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__,
'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "HTTP Error: ".$error_message);
} elseif ($sender_address == '<>') {
$error_message = "can not add an empty sender address to access list for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'user', 'file' => __FILE__, 'line' => __LINE__,
'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "USER Error: ".$error_message);
} else {
$sql = str_replace('%sender', $db->quote($sender_address, 'text'), $query);
$res = $db->query($sql);
if ($error = $db->is_error()) {
$error_message = "query '$sql' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
} else {
if ($this->debug) rcube::write_log('sender_access_list', "sender address '".$sender_address."' ".($action == 1 ? "blacklisted" : "whitelisted")." by user '".$_SESSION['username']."'");
}
}
}
}
}
function action_sender_access_list_addressrule_del() {
$rcmail = rcube::get_instance();
$storage = $rcmail->storage;
$db = rcube_db::factory($this->dsn, '', FALSE);
$db->set_debug((bool)$this->debug);
$dsn = rcube_db::parse_dsn($this->dsn);
$db->db_connect('w');
if ($error = $db->is_error()) {
$error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error');
$this->api->output->send();
} else {
$sender_address = trim(rcube_utils::get_input_value('_address', rcube_utils::INPUT_GPC));
$query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $this->remove_query);
$sender_address = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $sender_address);
if (!$sender_address) {
$error_message = "Sender address expected for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "HTTP Error: ".$error_message);
} elseif (preg_match('/[;\(\)""]/', $sender_address)) {
$error_message = "invalid characters found in the sender's address '".$sender_address."' for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__,
'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "HTTP Error: ".$error_message);
} else {
$sql = str_replace('%sender', $db->quote($sender_address, 'text'), $query);
$res = $db->query($sql);
if ($error = $db->is_error()) {
$error_message = "query '$sql' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
} else {
if ($this->debug) rcube::write_log('sender_access_list', "sender address '".$sender_address."' removed from access list by user '".$_SESSION['username']."'");
}
}
}
}
function hook_storage_init($p) {
$p['fetch_headers'] = trim($p['fetch_headers'].' RETURN-PATH');
return $p;
}
function hook_message_headers($p) {
$rcmail = rcube::get_instance();
$header = 'Return-Path';
if ($value = $p['headers']->get($header, false)) {
if (is_array($value)) $value = $value[0];
$value = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $value);
$icon_blacklist = sprintf("", $this->gettext('buttonblacklist'), $this->local_skin_path());
$icon_whitelist = sprintf("", $this->gettext('buttonwhitelist'), $this->local_skin_path());
$p['output'][$header."-accesslist"] = array('title' => $this->gettext('realsenderaddress'), 'value' => ($value ? sprintf("%s %s %s", rcmail::Q($value), rcmail::Q($value), rcmail::Q($value), $icon_blacklist, $icon_whitelist) : '<>'), 'html' => 1);
}
return $p;
}
function action_to_blacklist() {
$this->add_texts('localization');
$uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$this->_add_sender_address($uids, $mbox, true, $this->blacklist_query);
$this->api->output->command('display_message', $this->gettext('reportedasblacklisted'), 'confirmation');
$this->api->output->send();
}
function action_to_whitelist() {
$this->add_texts('localization');
$uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
$mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$this->_add_sender_address($uids, $mbox, false, $this->whitelist_query);
$this->api->output->command('display_message', $this->gettext('reportedaswhitelisted'), 'confirmation');
$this->api->output->send();
}
private function _add_sender_address($uids, $mbox_name = NULL, $blacklist = true, $query) {
$rcmail = rcube::get_instance();
$storage = $rcmail->storage;
$db = rcube_db::factory($this->dsn, '', FALSE);
$db->set_debug((bool)$this->debug);
$dsn = rcube_db::parse_dsn($this->dsn);
$db->db_connect('w');
if ($error = $db->is_error()) {
$error_message = "unable to connect to db. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 603, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('unable_to_connect_to_db'), 'error');
$this->api->output->send();
} else {
$query = str_replace('%u', $db->quote($_SESSION['username'], 'text'), $query);
foreach (explode(",", $uids) as $uid) {
$message = new rcube_message($uid);
$sender_address = $message->headers->get('Return-path', false);
if (is_array($sender_address)) $sender_address = $sender_address[0];
$sender_address = preg_replace('/^\s*<(\S+)>\s*$/', '$1', $sender_address);
if (!$sender_address) {
$error_message = "unable to get header Return-path from message with UID ".$uid." for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "IMAP Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('unable_to_get_sender_address'), 'error');
$this->api->output->send();
} elseif (preg_match('/[;\(\)""]/', $sender_address)) {
$error_message = "invalid characters found in the sender's address '".$sender_address."' for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'imap', 'file' => __FILE__, 'line' => __LINE__,
'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "IMAP Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('addresserror'), 'error');
$this->api->output->send();
} elseif ($sender_address == '<>') {
$error_message = "can not add an empty sender address to access list for user '".$_SESSION['username']."'";
rcube::raise_error(array('code' => 600, 'type' => 'user', 'file' => __FILE__, 'line' => __LINE__,
'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "USER Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext('can_not_add_empty_sender_address'), 'error');
$this->api->output->send();
} else {
$sql = str_replace('%sender', $db->quote($sender_address, 'text'), $query);
$res = $db->query($sql);
if ($error = $db->is_error()) {
$error_message = "query '$sql' failed. Check DSN and verify that necessary privileges are granted to user '".$dsn['username']."'. Error message: " . $error;
rcube::raise_error(array('code' => 600, 'type' => 'db', 'file' => __FILE__, 'line' => __LINE__, 'message' => "sender_access_list.php plugin: ".$error_message), true, false);
if ($this->debug) rcube::write_log('sender_access_list', "DB Error: ".$error_message);
$this->api->output->command('display_message', $this->gettext($blacklist ? "unable_to_save_sender_address_to_blacklist" : "unable_to_save_sender_address_to_whitelist"), 'error');
$this->api->output->send();
} else {
if ($this->debug) rcube::write_log('sender_access_list', "sender address '".$sender_address."' ".($blacklist ? "blacklisted" : "whitelisted")." by user '".$_SESSION['username']."'");
}
}
}
}
}
}
?>