The user can now "jump" to the webmailer and to phpmyadmin direct from within the corresponding list.

vogelor · vogelor · commit cf8190ffc604 · 2008-12-14T18:28:19.000Z
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
@@ -131,7 +131,7 @@ function onSubmit() {
 			$app->tform->errorMessage .= $app->tform->wordbook["error_no_pwd"]."<br>";
 		}
 		
-		// Ccheck the client limits, if user is not the admin
+		// Check the client limits, if user is not the admin
 		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
diff --git a/interface/web/mail/templates/mail_user_list.htm b/interface/web/mail/templates/mail_user_list.htm
@@ -34,6 +34,7 @@ <h2><tmpl_var name="list_head_txt"></h2>
             <td class="tbl_col_autoresponder"><a href="#" onClick="loadContent('mail/mail_user_edit.php?id={tmpl_var name='id'}');">{tmpl_var name="autoresponder"}</a></td>
             <td class="tbl_col_buttons">
               <div class="buttons icons16">    
+                <a class="icons16 icoWebmailer" href="mail/webmailer.php?id={tmpl_var name='id'}" target="webmail"><span>{tmpl_var name='delete_txt'}</span></a>
                 <a class="icons16 icoDelete" href="javascript: del_record('mail/mail_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span>{tmpl_var name='delete_txt'}</span></a>
               </div>
             </td>
diff --git a/interface/web/mail/webmailer.php b/interface/web/mail/webmailer.php
@@ -0,0 +1,62 @@
+<?php
+/*
+Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+//* Check permissions for module
+$app->auth->check_module_permissions('sites');
+
+/* get the id of the mail (must be int!) */
+if (!isset($_GET['id'])){
+    die ("No E-Mail selected!");
+}
+$emailId = intval($_GET['id']);
+
+/*
+ * Get the data to connect to the database
+ */
+$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = " . $emailId);
+$serverId = intval($dbData['server_id']);
+if ($serverId == 0){
+    die ("No E-Mail - Server found!");
+}
+
+$serverData = $app->db->queryOneRecord(
+    "SELECT server_name FROM server WHERE server_id = " .
+    $serverId);
+
+/*
+ * We only redirect to the login-form, so there is no need, to check any rights
+ */
+isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
+header('location:' . $http . '://' . $serverData['server_name'] . '/webmail');
+exit;
+?>
diff --git a/interface/web/sites/database_phpmyadmin.php b/interface/web/sites/database_phpmyadmin.php
@@ -34,7 +34,9 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('sites');
 
-/* get the id of the database (must be int!) */
+/*
+ *  get the id of the database (must be int!)
+ */
 if (!isset($_GET['id'])){
     die ("No DB selected!");
 }
@@ -43,48 +45,20 @@
 /*
  * Get the data to connect to the database
  */
-$dbData = $app->db->queryOneRecord(
-    "SELECT sys_userid, sys_groupid, sys_perm_user, sys_perm_group, server_id, database_name, database_user, database_password FROM web_database WHERE database_id = " .
-    $databaseId);
-
-/*
- * We also need the data of the server
- */
+$dbData = $app->db->queryOneRecord("SELECT server_id FROM web_database WHERE database_id = " . $databaseId);
 $serverId = intval($dbData['server_id']);
 if ($serverId == 0){
     die ("No DB-Server found!");
 }
-
 $serverData = $app->db->queryOneRecord(
     "SELECT server_name FROM server WHERE server_id = " .
     $serverId);
 
 /*
- * Check if the user has the right to open phpmyadmin with this database
- * (we will check only users, not admins)
- */
-if($_SESSION["s"]["user"]["typ"] == 'user') {
-	/* Get the group of the client */
-	$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
-	/* compare both */
-	if ($dbData['sys_groupid'] != $client_group_id){
-	    die ("You don't have the right to access this db!");
-	}
-}
-
-/*
- * Now generate the login-Form
+ * We only redirect to the login-form, so there is no need, to check any rights
  */
 isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
-echo '
-starting phpMyAdmin...<br>
-<form method="post" action="' . $http . '://' . $serverData['server_name'] . '/phpmyadmin/index.php" name="login_form" target="_top" style="visibility:hidden">
-    <input type="text" name="pma_username" id="input_username" value="' .  $dbData['database_user'] . '" />
-    <input type="password" name="pma_password" id="input_password" value="' . $dbData['database_password'] . '" size="24" class="textfield" />
-</form>
-<script type="text/javascript" language="javascript">
-<!--
-document.forms["login_form"].submit();
-//-->
-</script>';
+header('location:' . $http . '://' . $serverData['server_name'] . '/phpmyadmin');
+exit;
+
 ?>
diff --git a/interface/web/themes/default/css/screen/content_ispc.css b/interface/web/themes/default/css/screen/content_ispc.css
@@ -289,5 +289,6 @@
 	.icons16.icoEdit { background-image: url("../../icons/x16/wrench.png"); }
 	.icons16.icoDbAdmin { background-image: url("../../icons/x16/database.png"); }
 	.icons16.icoLoginAs { background-image: url("../../icons/x16/user_go.png"); }
+	.icons16.icoWebmailer { background-image: url("../../icons/x16/mails_arrow.png"); }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ function onSubmit() {`
`131`	`131`	`$app->tform->errorMessage .= $app->tform->wordbook["error_no_pwd"]."<br>";`
`132`	`132`	`}`
`133`	`133`
`134`		`- // Ccheck the client limits, if user is not the admin`
	`134`	`+ // Check the client limits, if user is not the admin`
`135`	`135`	`if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin`
`136`	`136`	`// Get the limits of the client`
`137`	`137`	`$client_group_id = $_SESSION["s"]["user"]["default_group"];`
Original file line number	Diff line number	Diff line change
`@@ -289,5 +289,6 @@`
`289`	`289`	`.icons16.icoEdit { background-image: url("../../icons/x16/wrench.png"); }`
`290`	`290`	`.icons16.icoDbAdmin { background-image: url("../../icons/x16/database.png"); }`
`291`	`291`	`.icons16.icoLoginAs { background-image: url("../../icons/x16/user_go.png"); }`
	`292`	`+ .icons16.icoWebmailer { background-image: url("../../icons/x16/mails_arrow.png"); }`
`292`	`293`	`}`
`293`	`294`