At 03:46 PM 2/11/2009, mouss wrote:
Victor Duchovni a écrit :
>>> SELECT
>>>
if(INSTR(maildir,'+'),concat(left(maildir,instr(maildir,'+')-1),'/Maildir/.',right(maildir,length(maildir)-instr(maildir,'+'))),CONCAT(maildir,'Maildir/'))
>>> from mailbox where username ='%s' and active='1'
>> you are still allowing random folder names.
>
> That's what I thought at first, but now I am not so sure. Perhaps all
> this string munging is based on an attribute from the table, not the
> input address. It sems that the database does not hold mailbox paths,
> and they are always constructed from the user name, with special logic
> for user+spam user names. That's OK, provided the OP controls user
> names.
>
ah! indeed, he puts complete addresses in the mailbox table.
In the table, as defined by postfixadmin, is
username (which is the email address) and maildir
(the location of the users Maildir folder). I
initially was using the username for the SQL, but
changed it to the maildir value, which is defined
at the point of user creation, and thus only
tweakable by someone who can make changes to the postfix mysql database.
the folder would be "domain/username/" normally,
so all the SQL is doing is checking to see if
there's a "+ in it (ex:
"example.com/user+foo/") and breaking it apart
so that it's correctly formatted:
example.com/user/Maildir/.foo/
This is too much work however, IMHO. using a "Folder" table would be
better.
Since I"ve already figured out how the SQL works,
I'm not sure how this is "too much work".
Can you expound on a "folder" table as I don't
understand how that's "better". (Keep in mind I
don't know what you mean by a "folder table"
except that obviously it's a table in the same
mysql database). Since this way (above) looks
like it works, isn't anything else more work? :-)
I thought I'd made it work the way the intial
suggestion ... suggested. More than happy to learn what's better.
Rick
