servervars.php at XMail PHP Admin Interface (XPAI)

<?php
if (!$in_xpai)
  die;

if ($_SESSION['loginstatus'] == $login_level['LoginSuperuser'])
{
  echo "<h1><a href=\"javascript:help('xpai_help.html#servervars','".$helpwidth."','".$helpheight."')\"><img src='gfx/ico_help.png' alt='Help' border='0'></a>&nbsp;&nbsp;";
  echo "Server config</h1>";

  if (!isset($_REQUEST['Go']))
  {
    $vars = $mail_server->cfgfileget('server.tab');
?>

  	<form name='frmServerVars' action='main.php' method='post'>
		  <input type='hidden' name='action' value='servervars'>
  		<input type='hidden' name='enabled' value=''>
		  <input type='hidden' name='Go' value='true'>
  		<table border='0' class='tbl'>
		  	<tr>
				  <th width="10"></th>
  				<th width="10"></th>
		  		<th width="150"></th>
				  <th width="*"></th>
  			</tr>
<?php
foreach ($vars as $var)
{
  if (($var != "") && is_array($var) && isset($var[1]) && !isset($var[3])) 
	{
		$enabled = TRUE;
		if ($var[0][0] == '#') 
		{
			$var[0] = substr($var[0], 1);
			$enabled = FALSE;
  	}
?>
				<tr>
					<td>&nbsp;</td>
					<td><input type='checkbox' name='check_<?php echo $var[0]; ?>' <?php if ($enabled) echo 'checked'; ?>></td>
					<td><b><?php echo $var[0]; ?><b></td>
					<td>
						<input type='text' name='var_<?php echo $var[0]; ?>' size='30' style='width: 400px;' value='<?php echo $var[1]; ?>'>
					</td>
				</tr>

<?php
  } else {
    $arr[] = $var;
  }
} ?>
			<tr>
				<td>&nbsp;</td>
				<td>&nbsp;</td>
				<td>
					<input type='text' name='xtr_var' size='30' style='width: 150px;'>
				</td>
				<td>
					<input type='text' name='xtr_value' size='30' style='width: 400px;'>
				</td>
			</tr>
			<tr>
				<td>&nbsp;</td>
				<td>&nbsp;</td>
				<td>&nbsp;</td>
				<td><input type='submit' name='save' value=' Save values '></td>
			</tr>
		</table>
	</form>

<?php
  } else {
			$vars = array();
			$contain_illegal = false;
			foreach($_REQUEST as $var=>$val)
      {
				if (ereg("var_", $var) && $val != '')
        {
					$var = substr($var, 4);
					if (!isset($_REQUEST['check_'.$var]))
          {
						array_push($vars, array("#$var", "$val"));
					} else {
						array_push($vars, array("$var", "$val"));
					}
					if (strcmp(htmlentities($var), $var))
					{
					  $contain_illegal = true;					
					}
				}
			}
			if ($_REQUEST['xtr_var'] != '' && $_REQUEST['xtr_value'] != '') 
			{
				array_push($vars, array(str_replace(" ", "", $_REQUEST['xtr_var']), $_REQUEST['xtr_value']));;
				if (strcmp(htmlentities($_REQUEST['xtr_var']), $_REQUEST['xtr_var']))
				{
				  $contain_illegal = true;
				}
			}

			if (!$contain_illegal)
			{
  			if ($mail_server->cfgfileset('server.tab', $vars, true))
        {
  				echo "Server config was saved successfully<br>";
          echo "Server result: ".$_SESSION['LastXMAILResult']."<br><br>";
  			} else {
  				echo "Error when saving server config<br>";
          echo "Server result: ".$_SESSION['LastXMAILResult']."<br><br>";
        }
			} else {
			  echo "Server variables and/or values contained illegal characters - discarded.<br>";
			}
?>
	<form action='main.php' method='post'>
		<input type='hidden' name='action' value='servervars'>
		<input type='submit' name='click' style='width: 50px;' value=' OK '>
	</form>

<?php } ?>

<?php
} else {
  echo "<br><br><h2>Authorization failed to access this function!</h2><br><br>";
} ?>