mailcow/data/web/inc/triggers.inc.php

<?php
if (isset($_POST["verify_tfa_login"])) {
  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST["token"])) {
    $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
    $_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_method']);
		header("Location: /user");
  }
}

if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
	$login_user = strtolower(trim($_POST["login_user"]));
	$as = check_login($login_user, $_POST["pass_user"]);
	if ($as == "admin") {
		$_SESSION['mailcow_cc_username'] = $login_user;
		$_SESSION['mailcow_cc_role'] = "admin";
    $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
		header("Location: /admin");
	}
	elseif ($as == "domainadmin") {
		$_SESSION['mailcow_cc_username'] = $login_user;
		$_SESSION['mailcow_cc_role'] = "domainadmin";
    $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
		header("Location: /mailbox");
	}
	elseif ($as == "user") {
		$_SESSION['mailcow_cc_username'] = $login_user;
		$_SESSION['mailcow_cc_role'] = "user";
    $_SESSION['mailcow_cc_last_login'] = last_login($login_user);
		header("Location: /user");
	}
	elseif ($as != "pending") {
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_method']);
		unset($_SESSION['mailcow_cc_username']);
		unset($_SESSION['mailcow_cc_role']);
	}
}

if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['acl']['login_as'] == "1") {
	if (isset($_GET["duallogin"])) {
    $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
    if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
      if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
        $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
        $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
        $_SESSION['mailcow_cc_username']    = $duallogin;
        $_SESSION['mailcow_cc_role']        = "user";
        header("Location: /user");
      }
    }
    else {
      if (!empty(domain_admin('details', $duallogin))) {
        $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
        $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
        $_SESSION['mailcow_cc_username']    = $duallogin;
        $_SESSION['mailcow_cc_role']        = "domainadmin";
        header("Location: /user");
      }
    }
  }
}

if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
	if (isset($_POST["set_tfa"])) {
		set_tfa($_POST);
	}
	if (isset($_POST["unset_tfa_key"])) {
		unset_tfa_key($_POST);
	}
}
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
  // TODO: Move file upload to API?
	if (isset($_POST["submit_main_logo"])) {
    if ($_FILES['main_logo']['error'] == 0) {
      customize('add', 'main_logo', $_FILES);
    }
	}
	if (isset($_POST["reset_main_logo"])) {
    customize('delete', 'main_logo');
	}
  // API cannot be controlled by API
	if (isset($_POST["admin_api"])) {
		admin_api('edit', $_POST);
	}
	if (isset($_POST["admin_api_regen_key"])) {
		admin_api('regen_key', $_POST);
	}
  // Not available via API
	if (isset($_POST["rspamd_ui"])) {
		rspamd_ui('edit', $_POST);
	}
	if (isset($_POST["mass_send"])) {
		sys_mail($_POST);
	}
}
?>
Docs 2017-03-02 18:23:23 +08:00			`<?php`
			`if (isset($_POST["verify_tfa_login"])) {`
			`if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST["token"])) {`
			`$_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];`
			`$_SESSION['mailcow_cc_role'] = $_SESSION['pending_mailcow_cc_role'];`
			`unset($_SESSION['pending_mailcow_cc_username']);`
			`unset($_SESSION['pending_mailcow_cc_role']);`
			`unset($_SESSION['pending_tfa_method']);`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`header("Location: /user");`
Docs 2017-03-02 18:23:23 +08:00			`}`
			`}`

			`if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {`
			`$login_user = strtolower(trim($_POST["login_user"]));`
			`$as = check_login($login_user, $_POST["pass_user"]);`
			`if ($as == "admin") {`
			`$_SESSION['mailcow_cc_username'] = $login_user;`
			`$_SESSION['mailcow_cc_role'] = "admin";`
[Web] Fix log line handling [Web] Add mailcow UI logs [Web] Changes to _SESSION['return'] logic and logger (more to come) [Web] Show last login [Web, Postfix] Allow to disable sender check completely [Web] Many minor fixes [Web] Update some libs 2018-08-04 02:31:33 +08:00			`$_SESSION['mailcow_cc_last_login'] = last_login($login_user);`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`header("Location: /admin");`
Docs 2017-03-02 18:23:23 +08:00			`}`
			`elseif ($as == "domainadmin") {`
			`$_SESSION['mailcow_cc_username'] = $login_user;`
			`$_SESSION['mailcow_cc_role'] = "domainadmin";`
[Web] Fix log line handling [Web] Add mailcow UI logs [Web] Changes to _SESSION['return'] logic and logger (more to come) [Web] Show last login [Web, Postfix] Allow to disable sender check completely [Web] Many minor fixes [Web] Update some libs 2018-08-04 02:31:33 +08:00			`$_SESSION['mailcow_cc_last_login'] = last_login($login_user);`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`header("Location: /mailbox");`
Docs 2017-03-02 18:23:23 +08:00			`}`
			`elseif ($as == "user") {`
			`$_SESSION['mailcow_cc_username'] = $login_user;`
			`$_SESSION['mailcow_cc_role'] = "user";`
[Web] Fix log line handling [Web] Add mailcow UI logs [Web] Changes to _SESSION['return'] logic and logger (more to come) [Web] Show last login [Web, Postfix] Allow to disable sender check completely [Web] Many minor fixes [Web] Update some libs 2018-08-04 02:31:33 +08:00			`$_SESSION['mailcow_cc_last_login'] = last_login($login_user);`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`header("Location: /user");`
Docs 2017-03-02 18:23:23 +08:00			`}`
			`elseif ($as != "pending") {`
			`unset($_SESSION['pending_mailcow_cc_username']);`
			`unset($_SESSION['pending_mailcow_cc_role']);`
			`unset($_SESSION['pending_tfa_method']);`
			`unset($_SESSION['mailcow_cc_username']);`
			`unset($_SESSION['mailcow_cc_role']);`
			`}`
			`}`

[Compose] Update watchdog image [Watchdog] Fix IP detection with multiple networks [Web] Show API field (no docs, no support, wip) [Web] haveibeenpwned.com implementation [Web] User and domain admin ACL (no docs, no support, wip) [Web] Some minor fixes 2018-09-10 03:17:59 +08:00			`if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['acl']['login_as'] == "1") {`
Docs 2017-03-02 18:23:23 +08:00			`if (isset($_GET["duallogin"])) {`
[Web] Even more fixes for #1017 2018-02-11 05:42:46 +08:00			`$duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));`
			`if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {`
			`if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {`
Docs 2017-03-02 18:23:23 +08:00			`$_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];`
			`$_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];`
[Web] Even more fixes for #1017 2018-02-11 05:42:46 +08:00			`$_SESSION['mailcow_cc_username'] = $duallogin;`
Docs 2017-03-02 18:23:23 +08:00			`$_SESSION['mailcow_cc_role'] = "user";`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`header("Location: /user");`
Docs 2017-03-02 18:23:23 +08:00			`}`
			`}`
[Web] Fix duplicate success message after editing a domain as domain administrator [Web] Add "login as" button for domain admin table 2018-08-15 06:05:18 +08:00			`else {`
			`if (!empty(domain_admin('details', $duallogin))) {`
			`$_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];`
			`$_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];`
			`$_SESSION['mailcow_cc_username'] = $duallogin;`
			`$_SESSION['mailcow_cc_role'] = "domainadmin";`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`header("Location: /user");`
[Web] Fix duplicate success message after editing a domain as domain administrator [Web] Add "login as" button for domain admin table 2018-08-15 06:05:18 +08:00			`}`
			`}`
Docs 2017-03-02 18:23:23 +08:00			`}`
			`}`
[Web] Sync jobs can be created/viewed/edited by admins/domain admins; Various fixes or improvements 2017-07-29 16:32:17 +08:00
Docs 2017-03-02 18:23:23 +08:00			`if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" \|\| $_SESSION['mailcow_cc_role'] == "domainadmin")) {`
			`if (isset($_POST["set_tfa"])) {`
			`set_tfa($_POST);`
			`}`
			`if (isset($_POST["unset_tfa_key"])) {`
			`unset_tfa_key($_POST);`
			`}`
			`}`
[Web] Customize app menu and logo; Fix #671 2017-10-21 16:07:06 +08:00			`if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {`
Various... 2017-12-09 20:17:15 +08:00			`// TODO: Move file upload to API?`
[Web] Customize app menu and logo; Fix #671 2017-10-21 16:07:06 +08:00			`if (isset($_POST["submit_main_logo"])) {`
			`if ($_FILES['main_logo']['error'] == 0) {`
			`customize('add', 'main_logo', $_FILES);`
			`}`
			`}`
			`if (isset($_POST["reset_main_logo"])) {`
			`customize('delete', 'main_logo');`
			`}`
Various... 2017-12-09 20:17:15 +08:00			`// API cannot be controlled by API`
			`if (isset($_POST["admin_api"])) {`
			`admin_api('edit', $_POST);`
			`}`
			`if (isset($_POST["admin_api_regen_key"])) {`
			`admin_api('regen_key', $_POST);`
			`}`
			`// Not available via API`
			`if (isset($_POST["rspamd_ui"])) {`
			`rspamd_ui('edit', $_POST);`
			`}`
[Web] Fix require_once to always include document root [Web] Add system mails (send mails to all mailboxes via LMTP) [Web] Allow to add more administrators [Web] Fix domain administrator editing [Web] Remove some foreign keys [Web] Remove username from API [Web] Remove more .php extension from code [Web] More minor fixes 2018-10-11 17:59:23 +08:00			`if (isset($_POST["mass_send"])) {`
			`sys_mail($_POST);`
			`}`
[Web] Customize app menu and logo; Fix #671 2017-10-21 16:07:06 +08:00			`}`
Docs 2017-03-02 18:23:23 +08:00			`?>`