Implemented page referal verification mechanism. (Secunia Advisory SA34627)
[squirrelmail.git] / src / options_identities.php
CommitLineData
aaf9abef 1<?php
895905c0 2
35586184 3/**
4 * options_identities.php
5 *
35586184 6 * Display Identities Options
7 *
d4e46166 8 * @copyright &copy; 1999-2009 The SquirrelMail Project Team
4b4abf93 9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
30967a1e 10 * @version $Id$
8f6f9ba5 11 * @package squirrelmail
ca479ad1 12 * @subpackage prefs
0f01b5d7 13 * @since 1.1.3
35586184 14 */
15
ebd2391c 16/** This is the options_identities page */
17define('PAGE_NAME', 'options_identities');
18
30967a1e 19/**
202bcbcc 20 * Include the SquirrelMail initialization file.
30967a1e 21 */
202bcbcc 22require('../include/init.php');
86725763 23
24/* SquirrelMail required files. */
202bcbcc 25require_once(SM_PATH . 'functions/identity.php');
aaf9abef 26
bf02c883 27/* make sure that page is not available when $edit_identity is false */
28if (!$edit_identity) {
29 error_box(_("Editing identities is disabled."));
30 $oTemplate->display('footer.tpl');
31 die();
32}
33
e7f9c987 34if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
35 $identities = get_identities();
fe369c70 36}
e7f9c987 37sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
38sqgetGlobalVar('smaction', $smaction, SQ_POST);
39sqgetGlobalVar('return', $return, SQ_POST);
fe369c70 40
e7f9c987 41// First lets see if there are any actions to perform //
42if (!empty($smaction) && is_array($smaction)) {
91e0dccc 43
e7f9c987 44 $doaction = '';
45 $identid = 0;
91e0dccc 46
e7f9c987 47 foreach($smaction as $action=>$row) {
48 // we only need to extract the action and the identity we are
49 // altering
91e0dccc 50
bb51bc8b 51 foreach($row as $iKey=>$data) {
52 $identid = $iKey;
e7f9c987 53 }
54
55 $doaction = $action;
32f4e318 56 }
91e0dccc 57
e7f9c987 58 $identities = sqfixidentities( $newidentities , $identid , $action );
59 save_identities($identities);
60}
e697b6cc 61
e7f9c987 62if (!empty($return)) {
63 header('Location: ' . get_location() . '/options_personal.php');
64 exit;
65}
e697b6cc 66
876fdb60 67displayPageHeader($color);
e697b6cc 68
0f01b5d7 69/* since 1.1.3 */
6e515418 70do_hook('options_identities_top', $null);
91e0dccc 71
26aefb60 72$i = array();
73foreach ($identities as $key=>$ident) {
74 $a = array();
75 $a['Title'] = $key==0 ? _("Default Identity") : sprintf(_("Alternate Identity %d"), $key);
76 $a['New'] = false;
77 $a['Default'] = $key==0;
78 $a['FullName'] = htmlspecialchars($ident['full_name']);
79 $a['Email'] = htmlspecialchars($ident['email_address']);
80 $a['ReplyTo'] = htmlspecialchars($ident['reply_to']);
81 $a['Signature'] = htmlspecialchars($ident['signature']);
82 $i[$key] = $a;
83}
e697b6cc 84
26aefb60 85$a = array();
86$a['Title'] = _("Add New Identity");
87$a['New'] = true;
88$a['Default'] = false;
89$a['FullName'] = '';
90$a['Email'] = '';
91$a['ReplyTo'] = '';
92$a['Signature'] = '';
93$i[count($i)] = $a;
e697b6cc 94
99b1692b 95//FIXME: NO HTML IN THE CORE
26aefb60 96echo '<form name="f" action="options_identities.php" method="post">' . "\n";
97
98$oTemplate->assign('identities', $i);
99$oTemplate->display('options_advidentity_list.tpl');
e7f9c987 100
99b1692b 101//FIXME: NO HTML IN THE CORE
26aefb60 102echo "</form>\n";
103
104$oTemplate->display('footer.tpl');
105
106/**
107 * The functions below should not be needed with the additions of templates,
108 * however they will remain in case plugins use them.
109 */
bb51bc8b 110
0f01b5d7 111/**
112 * Returns html formated identity form fields
bb51bc8b 113 *
0f01b5d7 114 * Contains options_identities_buttons and option_identities_table hooks.
bb51bc8b 115 * Before 1.4.5/1.5.1 hooks were placed in ShowTableInfo() function.
116 * In 1.1.3-1.4.1 they were called in do_hook function with two or
0f01b5d7 117 * three arguments. Since 1.4.1 hooks are called in concat_hook_function.
118 * Arguments are moved to array.
119 *
120 * options_identities_buttons hook uses array with two keys. First array key is
bb51bc8b 121 * boolean variable used to indicate empty identity field. Second array key
0f01b5d7 122 * is integer variable used to indicate identity number
123 *
124 * options_identities_table hook uses array with three keys. First array key is
bb51bc8b 125 * a string containing background color style CSS (1.4.1-1.4.4/1.5.0 uses only
126 * html color code). Second array key is boolean variable used to indicate empty
127 * identity field. Third array key is integer variable used to indicate identity
0f01b5d7 128 * number
129 * @param string $title Name displayed in header row
130 * @param array $identity Identity information
131 * @param integer $id identity ID
132 * @return string html formatted table rows with form fields for identity management
133 * @since 1.5.1 and 1.4.5 (was called ShowTableInfo() in 1.1.3-1.4.4 and 1.5.0)
134 */
e7f9c987 135function ShowIdentityInfo($title, $identity, $id ) {
136 global $color;
137
138 if (empty($identity['full_name']) && empty($identity['email_address']) && empty($identity['reply_to']) && empty($identity['signature'])) {
139 $bg = '';
140 $empty = true;
141 } else {
142 $bg = ' style="background-color:' . $color[0] . ';"';
f9632976 143 $empty = false;
e697b6cc 144 }
145
e7f9c987 146 $name = 'newidentities[%d][%s]';
147
e697b6cc 148
e7f9c987 149 $return_str = '';
150
99b1692b 151//FIXME: NO HTML IN THE CORE
e7f9c987 152 $return_str .= '<tr>' . "\n";
153 $return_str .= ' <th style="text-align:center;background-color:' . $color[9] . ';" colspan="2">' . $title . '</th> '. "\n";
154 $return_str .= '</tr>' . "\n";
155 $return_str .= sti_input( _("Full Name") , sprintf($name, $id, 'full_name'), $identity['full_name'], $bg);
156 $return_str .= sti_input( _("E-Mail Address") , sprintf($name, $id, 'email_address'), $identity['email_address'], $bg);
157 $return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), $identity['reply_to'], $bg);
158 $return_str .= sti_textarea( _("Signature"), sprintf($name, $id, 'signature'), $identity['signature'], $bg);
ddbd13db 159 $temp = array(&$bg, &$empty, &$id);
160 $return_str .= concat_hook_function('options_identities_table', $temp);
e7f9c987 161 $return_str .= '<tr' . $bg . '> ' . "\n";
162 $return_str .= ' <td> &nbsp; </td>' . "\n";
163 $return_str .= ' <td>' . "\n";
164 $return_str .= ' <input type="submit" name="smaction[save][' . $id . ']" value="' . _("Save / Update") . '" />' . "\n";
165
166 if (!$empty && $id > 0) {
167 $return_str .= ' <input type="submit" name="smaction[makedefault][' . $id . ']" value="' . _("Make Default") . '" />' . "\n";
168 $return_str .= ' <input type="submit" name="smaction[delete]['.$id.']" value="' . _("Delete") . '" />' . "\n";
169
170 if ($id > 1) {
171 $return_str .= ' <input type="submit" name="smaction[move]['.$id.']" value="' . _("Move Up") . '" />' . "\n";
172 }
e697b6cc 173
e697b6cc 174 }
175
ddbd13db 176 $temp = array(&$empty, &$id);
177 $return_str .= concat_hook_function('options_identities_buttons', $temp);
e7f9c987 178 $return_str .= ' </td>' . "\n";
179 $return_str .= '</tr>' . "\n";
180 $return_str .= '<tr>' . "\n";
181 $return_str .= ' <td colspan="2"> &nbsp; </td>' . "\n";
182 $return_str .= '</tr>';
183
184 return $return_str;
aaf9abef 185
01265fba 186}
187
0f01b5d7 188/**
189 * Creates html formated table row with input field
190 * @param string $title Name displayed next to input field
191 * @param string $name Name of input field
192 * @param string $data Default value of input field (data is sanitized with htmlspecialchars)
193 * @param string $bgcolor html attributes added to row element (tr)
194 * @return string html formated table row with text input field
195 * @since 1.2.0 (arguments differ since 1.4.5/1.5.1)
196 * @todo check right-to-left language issues
197 * @access private
198 */
e7f9c987 199function sti_input( $title, $name, $data, $bgcolor ) {
99b1692b 200//FIXME: NO HTML IN THE CORE
e7f9c987 201 $str = '';
202 $str .= '<tr' . $bgcolor . ">\n";
203 $str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
b116fd78 204 $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '" /> </td>' . "\n";
e7f9c987 205 $str .= '</tr>';
bb51bc8b 206
e7f9c987 207 return $str;
aaf9abef 208
e7f9c987 209}
210
0f01b5d7 211/**
212 * Creates html formated table row with textarea field
213 * @param string $title Name displayed next to textarea field
214 * @param string $name Name of textarea field
215 * @param string $data Default value of textarea field (data is sanitized with htmlspecialchars)
216 * @param string $bgcolor html attributes added to row element (tr)
217 * @return string html formated table row with textarea
218 * @since 1.2.5 (arguments differ since 1.4.5/1.5.1)
219 * @todo check right-to-left language issues
220 * @access private
221 */
e7f9c987 222function sti_textarea( $title, $name, $data, $bgcolor ) {
99b1692b 223//FIXME: NO HTML IN THE CORE
e7f9c987 224 $str = '';
225 $str .= '<tr' . $bgcolor . ">\n";
226 $str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
227 $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. htmlspecialchars($data) . '</textarea> </td>' . "\n";
228 $str .= '</tr>';
bb51bc8b 229
e7f9c987 230 return $str;
545238b1 231
aaf9abef 232}
a2b193bc 233