381 lines
11 KiB
PHP
381 lines
11 KiB
PHP
|
<?php
|
||
|
function add_domain_admin($postarray) {
|
||
|
global $lang;
|
||
|
global $pdo;
|
||
|
$username = strtolower(trim($postarray['username']));
|
||
|
$password = $postarray['password'];
|
||
|
$password2 = $postarray['password2'];
|
||
|
isset($postarray['active']) ? $active = '1' : $active = '0';
|
||
|
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
if (empty($postarray['domain'])) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['domain_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['username_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
|
||
|
WHERE `username` = :username");
|
||
|
$stmt->execute(array(':username' => $username));
|
||
|
$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||
|
|
||
|
$stmt = $pdo->prepare("SELECT `username` FROM `admin`
|
||
|
WHERE `username` = :username");
|
||
|
$stmt->execute(array(':username' => $username));
|
||
|
$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||
|
|
||
|
$stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
|
||
|
WHERE `username` = :username");
|
||
|
$stmt->execute(array(':username' => $username));
|
||
|
$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||
|
}
|
||
|
catch(PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
foreach ($num_results as $num_results_each) {
|
||
|
if ($num_results_each != 0) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
if (!empty($password) && !empty($password2)) {
|
||
|
if ($password != $password2) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['password_mismatch'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
$password_hashed = hash_password($password);
|
||
|
foreach ($postarray['domain'] as $domain) {
|
||
|
if (!is_valid_domain_name($domain)) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['domain_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
|
||
|
VALUES (:username, :domain, :created, :active)");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
':domain' => $domain,
|
||
|
':created' => date('Y-m-d H:i:s'),
|
||
|
':active' => $active
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
delete_domain_admin(array('username' => $username));
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
|
||
|
VALUES (:username, :password_hashed, '0', :created, :modified, :active)");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
':password_hashed' => $password_hashed,
|
||
|
':created' => date('Y-m-d H:i:s'),
|
||
|
':modified' => date('Y-m-d H:i:s'),
|
||
|
':active' => $active
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['password_empty'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'success',
|
||
|
'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username))
|
||
|
);
|
||
|
}
|
||
|
function delete_domain_admin($postarray) {
|
||
|
global $pdo;
|
||
|
global $lang;
|
||
|
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
$username = $postarray['username'];
|
||
|
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['username_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
));
|
||
|
$stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'success',
|
||
|
'msg' => sprintf($lang['success']['domain_admin_removed'], htmlspecialchars($username))
|
||
|
);
|
||
|
}
|
||
|
function get_domain_admins() {
|
||
|
global $pdo;
|
||
|
global $lang;
|
||
|
$domainadmins = array();
|
||
|
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$stmt = $pdo->query("SELECT DISTINCT
|
||
|
`username`
|
||
|
FROM `domain_admins`
|
||
|
WHERE `username` IN (
|
||
|
SELECT `username` FROM `admin`
|
||
|
WHERE `superadmin`!='1'
|
||
|
)");
|
||
|
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||
|
while ($row = array_shift($rows)) {
|
||
|
$domainadmins[] = $row['username'];
|
||
|
}
|
||
|
}
|
||
|
catch(PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
}
|
||
|
return $domainadmins;
|
||
|
}
|
||
|
function get_domain_admin_details($domain_admin) {
|
||
|
global $pdo;
|
||
|
global $lang;
|
||
|
$domainadmindata = array();
|
||
|
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $domain_admin))) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['username_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("SELECT
|
||
|
`created`,
|
||
|
`active` AS `active_int`,
|
||
|
CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
|
||
|
FROM `domain_admins`
|
||
|
WHERE `username`= :domain_admin");
|
||
|
$stmt->execute(array(
|
||
|
':domain_admin' => $domain_admin
|
||
|
));
|
||
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||
|
$domainadmindata['active'] = $row['active'];
|
||
|
$domainadmindata['active_int'] = $row['active_int'];
|
||
|
$domainadmindata['created'] = $row['created'];
|
||
|
// GET SELECTED
|
||
|
$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
|
||
|
WHERE `domain` IN (
|
||
|
SELECT `domain` FROM `domain_admins`
|
||
|
WHERE `username`= :domain_admin)");
|
||
|
$stmt->execute(array(':domain_admin' => $domain_admin));
|
||
|
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||
|
while($row = array_shift($rows)) {
|
||
|
$domainadmindata['selected_domains'][] = $row['domain'];
|
||
|
}
|
||
|
// GET UNSELECTED
|
||
|
$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
|
||
|
WHERE `domain` NOT IN (
|
||
|
SELECT `domain` FROM `domain_admins`
|
||
|
WHERE `username`= :domain_admin)");
|
||
|
$stmt->execute(array(':domain_admin' => $domain_admin));
|
||
|
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||
|
while($row = array_shift($rows)) {
|
||
|
$domainadmindata['unselected_domains'][] = $row['domain'];
|
||
|
}
|
||
|
}
|
||
|
catch(PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
}
|
||
|
return $domainadmindata;
|
||
|
}
|
||
|
function edit_domain_admin($postarray) {
|
||
|
global $lang;
|
||
|
global $pdo;
|
||
|
$username = $postarray['username'];
|
||
|
$password = $postarray['password'];
|
||
|
$password2 = $postarray['password2'];
|
||
|
isset($postarray['active']) ? $active = '1' : $active = '0';
|
||
|
|
||
|
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if(isset($postarray['domain'])) {
|
||
|
foreach ($postarray['domain'] as $domain) {
|
||
|
if (!is_valid_domain_name($domain)) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['domain_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['username_invalid'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if(isset($postarray['domain'])) {
|
||
|
foreach ($postarray['domain'] as $domain) {
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
|
||
|
VALUES (:username, :domain, :created, :active)");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
':domain' => $domain,
|
||
|
':created' => date('Y-m-d H:i:s'),
|
||
|
':active' => $active
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (!empty($password) && !empty($password2)) {
|
||
|
if ($password != $password2) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => sprintf($lang['danger']['password_mismatch'])
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
$password_hashed = hash_password($password);
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
|
||
|
$stmt->execute(array(
|
||
|
':password_hashed' => $password_hashed,
|
||
|
':username' => $username,
|
||
|
':modified' => date('Y-m-d H:i:s'),
|
||
|
':active' => $active
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
try {
|
||
|
$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active WHERE `username` = :username");
|
||
|
$stmt->execute(array(
|
||
|
':username' => $username,
|
||
|
':modified' => date('Y-m-d H:i:s'),
|
||
|
':active' => $active
|
||
|
));
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'danger',
|
||
|
'msg' => 'MySQL: '.$e
|
||
|
);
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
$_SESSION['return'] = array(
|
||
|
'type' => 'success',
|
||
|
'msg' => sprintf($lang['success']['domain_admin_modified'], htmlspecialchars($username))
|
||
|
);
|
||
|
}
|