From 365abdda018af236829dfb08db2b68fc32ebaa14 Mon Sep 17 00:00:00 2001 From: andryyy Date: Wed, 18 Jan 2017 21:28:31 +0100 Subject: [PATCH] Cleanup, cleanup and cleanup, much better sender acl handling, imapsync jobs, login as mailbox user X --- data/web/admin.php | 152 ++- data/web/delete.php | 40 +- data/web/edit.php | 472 +++---- data/web/inc/footer.inc.php | 4 + data/web/inc/functions.inc.php | 2322 +++++++++++++++++++------------- data/web/inc/init.sql | 4 +- data/web/inc/triggers.inc.php | 3 + data/web/inc/vars.inc.php | 1 + data/web/js/user.js | 4 - data/web/lang/lang.de.php | 22 +- data/web/lang/lang.en.php | 21 +- data/web/mailbox.php | 4 +- data/web/user.php | 206 ++- 13 files changed, 1811 insertions(+), 1444 deletions(-) diff --git a/data/web/admin.php b/data/web/admin.php index 24327b02..6d41ba9b 100644 --- a/data/web/admin.php +++ b/data/web/admin.php @@ -74,63 +74,36 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI']; query("SELECT DISTINCT - `username`, - CASE WHEN `active`='1' THEN '".$lang['admin']['yes']."' ELSE '".$lang['admin']['no']."' END AS `active` - FROM `domain_admins` - WHERE `username` IN ( - SELECT `username` FROM `admin` - WHERE `superadmin`!='1' - )"); - $rows_username = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if(!empty($rows_username)): - while ($row_user_state = array_shift($rows_username)): + foreach (get_domain_admins() as $domain_admin) { + $da_data = get_domain_admin_details($domain_admin); + if (!empty($da_data)): ?> - + prepare("SELECT `domain` FROM `domain_admins` WHERE `username` = :username"); - $stmt->execute(array('username' => $row_user_state['username'])); - $rows_domain = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - while ($row_domain = array_shift($rows_domain)) { - echo htmlspecialchars($row_domain['domain']).'
'; + foreach ($da_data['selected_domains'] as $domain) { + echo htmlspecialchars($domain).'
'; } ?> - +
- - + +
@@ -204,41 +177,93 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+

-
-
-

Domain: (dkim._domainkey)

-
-
- 
v=DKIM1;k=rsa;t=s;s=email;p=
-
-
-
- - - -
-
-
- +
+
+

Domain:

+
+
+
+
+
+
+ + + +
+
+
+ +
+
+

↳ Alias-Domain:

+
+
+
+
+
+
+ + + +
+
+
+
+
+
+

Domain:

+
+
+
+
+
+
+ + + +
+
+
+
+
+
+

(Alias-)Domain:

+
+
+ - +
- + +
@@ -246,7 +271,6 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
- diff --git a/data/web/delete.php b/data/web/delete.php index f058b42a..867459c8 100644 --- a/data/web/delete.php +++ b/data/web/delete.php @@ -66,20 +66,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm isset($_GET["aliasdomain"]) && is_valid_domain_name($_GET["aliasdomain"]) && !empty($_GET["aliasdomain"])) { - $alias_domain = strtolower(trim($_GET["aliasdomain"])); - try { - $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` - WHERE `alias_domain`= :alias_domain"); - $stmt->execute(array(':alias_domain' => $alias_domain)); - $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) { + $alias_domain = $_GET["aliasdomain"]; + $result = mailbox_get_alias_domain_details($alias_domain); + if (!empty($result)) { ?> @@ -102,7 +91,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm elseif (isset($_GET["domainadmin"]) && ctype_alnum(str_replace(array('_', '.', '-'), '', $_GET["domainadmin"])) && !empty($_GET["domainadmin"]) && - $_SESSION['mailcow_cc_role'] == "admin") { + $_SESSION['mailcow_cc_role'] == "admin") { $domain_admin = $_GET["domainadmin"]; ?> @@ -121,8 +110,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm filter_var($_GET["mailbox"], FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) { $mailbox = $_GET["mailbox"]; - $domain = substr(strrchr($mailbox, "@"), 1); - if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { + if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) { ?>

@@ -153,21 +141,11 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == if (isset($_GET["syncjob"]) && is_numeric($_GET["syncjob"]) && filter_var($_SESSION['mailcow_cc_username'], FILTER_VALIDATE_EMAIL)) { - try { - $stmt = $pdo->prepare("SELECT `user2` FROM `imapsync` - WHERE `id` = :id AND user2 = :user2"); - $stmt->execute(array(':id' => $_GET["syncjob"], ':user2' => $_SESSION['mailcow_cc_username'])); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($num_results != 0 && !empty($num_results)) { + $id = $_GET["syncjob"]; + $result = get_syncjob_details($id); + if (!empty($result)) { ?> - +

diff --git a/data/web/edit.php b/data/web/edit.php index 3ab5fff0..0c93a0c9 100644 --- a/data/web/edit.php +++ b/data/web/edit.php @@ -20,34 +20,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm if (isset($_GET["alias"]) && !empty($_GET["alias"])) { $alias = $_GET["alias"]; - $domain = substr(strrchr($alias, "@"), 1); - try { - $stmt = $pdo->prepare("SELECT * FROM `alias` - WHERE `address`= :address - AND `goto` != :goto - AND ( - `domain` IN ( - SELECT `domain` FROM `domain_admins` - WHERE `active`='1' - AND `username`= :username - ) - OR 'admin'= :admin - )"); - $stmt->execute(array( - ':address' => $alias, - ':goto' => $alias, - ':username' => $_SESSION['mailcow_cc_username'], - ':admin' => $_SESSION['mailcow_cc_role'] - )); - $result = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($result !== false) { + $result = mailbox_get_alias_details($alias); + if (!empty($result)) { ?>


@@ -62,7 +36,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
- +
@@ -86,68 +60,34 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm $_GET["domainadmin"] != 'admin' && $_SESSION['mailcow_cc_role'] == "admin") { $domain_admin = $_GET["domainadmin"]; - try { - $stmt = $pdo->prepare("SELECT * FROM `domain_admins` WHERE `username`= :domain_admin"); - $stmt->execute(array( - ':domain_admin' => $domain_admin - )); - $result = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($result !== false) { + $result = get_domain_admin_details($domain_admin); + if (!empty($result)) { ?>


"> +
+ +
+ +
+
@@ -167,7 +107,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
- +
@@ -189,29 +129,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm is_valid_domain_name($_GET["domain"]) && !empty($_GET["domain"])) { $domain = $_GET["domain"]; - try { - $stmt = $pdo->prepare("SELECT * FROM `domain` WHERE `domain`='".$domain."' - AND ( - `domain` IN ( - SELECT `domain` from `domain_admins` - WHERE `active`='1' - AND `username` = :username - ) - OR 'admin'= :admin - )"); - $stmt->execute(array( - ':username' => $_SESSION['mailcow_cc_username'], - ':admin' => $_SESSION['mailcow_cc_role'] - )); - $result = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($result !== false) { + $result = mailbox_get_domain_details($domain); + if (!empty($result)) { ?>

"> @@ -228,34 +147,34 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
- +
- +
- +
- +
- +
- +

@@ -266,7 +185,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
- +
@@ -277,26 +196,137 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
-
-
-

Domain: (dkim._domainkey)

-
-
- 
v=DKIM1;k=rsa;t=s;s=email;p=
-
-
-
- - - -
-
-
+
+
+
+

Domain: (dkim._domainkey)

+
+
+
+
+
+
+
+
+

+

+
+
+
+
+ +
+
+
+ +
+
+
+
+ + + + + + + + +
+
+
+ +
+
+
+
+ + + +
+
+ +
+
+
+
+
+

+

+
+
+
+
+ +
+
+
+ +
+
+
+
+ + + + + + + + +
+
+
+ +
+
+
+
+ + + +
+
+ +
+
+
+
+
+ @@ -308,31 +338,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm is_valid_domain_name($_GET["aliasdomain"]) && !empty($_GET["aliasdomain"])) { $alias_domain = $_GET["aliasdomain"]; - try { - $stmt = $pdo->prepare("SELECT * FROM `alias_domain` - WHERE `alias_domain`= :alias_domain - AND ( - `target_domain` IN ( - SELECT `domain` FROM `domain_admins` - WHERE `active`='1' - AND `username`= :username - ) - OR 'admin'= :admin - )"); - $stmt->execute(array( - ':alias_domain' => $alias_domain, - ':username' => $_SESSION['mailcow_cc_username'], - ':admin' => $_SESSION['mailcow_cc_role'] - )); - $result = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($result !== false) { + $result = mailbox_get_alias_domain_details($alias_domain); + if (!empty($result)) { ?>

"> @@ -346,7 +353,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
- +
@@ -357,35 +364,17 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
-
-
-

-
-
-
-
- 
._domainkey
-
-
-
-
- -
-
+
+
+

Domain: (dkim._domainkey)

+
+
+
+
prepare("SELECT `username`, `domain`, `name`, `quota`, `active` FROM `mailbox` WHERE `username` = :username1"); - $stmt->execute(array( - ':username1' => $mailbox, - )); - $result = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($result !== false && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $result['domain'])) { - $left_m = remaining_specs($result['domain'], $_GET['mailbox'])['left_m']; - ?> + $result = mailbox_get_mailbox_details($mailbox); + if (!empty($result)) { + $left_m = remaining_specs($result['domain'], $_GET['mailbox'])['left_m']; + ?>

"> @@ -426,55 +403,59 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
max. MiB
- +
- - - - - - - - - - - - - + + - - + foreach ($sender_acl_handles['sender_acl_addresses']['ro'] as $domain): + ?> + + + + + + + + + + + +
@@ -493,7 +474,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
- +
@@ -519,25 +500,10 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm } elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "user")) { if (isset($_GET['syncjob']) && - is_numeric($_GET["syncjob"]) && - filter_var($_SESSION['mailcow_cc_username'], FILTER_VALIDATE_EMAIL)) { + is_numeric($_GET['syncjob'])) { $id = $_GET["syncjob"]; - $username = $_SESSION['mailcow_cc_username']; - try { - $stmt = $pdo->prepare("SELECT * FROM `imapsync` WHERE `user2` = :username AND id = :id"); - $stmt->execute(array( - ':username' => $username, - ':id' => $id - )); - $result = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if ($result && !empty($result)) { + $result = get_syncjob_details($id); + if (!empty($result)) { ?>

"> diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index d2adca8e..642242a4 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -21,6 +21,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi +
@@ -33,6 +34,9 @@ function setLang(sel) { } $(document).ready(function() { + $(function () { + $('[data-toggle="tooltip"]').tooltip() + }) // Hide alerts after n seconds $("#alert-fade").fadeTo(7000, 500).slideUp(500, function(){ $("#alert-fade").alert('close'); diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index c21b6d2a..f259461d 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -15,22 +15,52 @@ function hasDomainAccess($username, $role, $domain) { return false; } try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins` - WHERE ( - `active`='1' - AND `username` = :username - AND `domain` = :domain - ) - OR 'admin' = :role"); - $stmt->execute(array(':username' => $username, ':domain' => $domain, ':role' => $role)); + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain` = :domain1 + AND (`domain` in ( + SELECT `domain` FROM `domain_admins` + WHERE ( + `username` = :username + AND `domain` = :domain2 + ) + ) OR 'admin' = :role)"); + $stmt->execute(array(':username' => $username, ':domain1' => $domain, ':domain2' => $domain, ':role' => $role)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } catch(PDOException $e) { - error_log($e); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + if (!empty($num_results)) { + return true; + } + return false; +} +function hasMailboxObjectAccess($username, $role, $object) { + global $pdo; + if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) { return false; } - if ($num_results != 0 && !empty($num_results)) { + if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') { + return false; + } + if ($username == $object) { return true; } + try { + $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :object"); + $stmt->execute(array(':object' => $object)); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) { + return true; + } + } + catch(PDOException $e) { + error_log($e); + return false; + } return false; } function init_db_schema() { @@ -187,15 +217,23 @@ function formatBytes($size, $precision = 2) { } function dkim_table($action, $item) { global $lang; + global $pdo; switch ($action) { case "delete": + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } $domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']); if (!is_valid_domain_name($domain)) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid']) ); - break; + return false; } exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'), $out, $return); if ($return != "0") { @@ -203,39 +241,46 @@ function dkim_table($action, $item) { 'type' => 'danger', 'msg' => sprintf($lang['danger']['dkim_remove_failed']) ); - break; + return false; } exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim'), $out, $return); - if ($return != "0") { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['dkim_remove_failed']) - ); - break; - } + if ($return != "0") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['dkim_remove_failed']) + ); + return false; + } $_SESSION['return'] = array( 'type' => 'success', 'msg' => sprintf($lang['success']['dkim_removed']) ); break; case "add": + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } $domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']); $key_length = intval($item['dkim']['key_size']); - if (!is_valid_domain_name($domain) || !is_numeric($key_length)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid']) - ); - break; - } + if (!is_valid_domain_name($domain) || !is_numeric($key_length)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid']) + ); + return false; + } - if (!empty(glob($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'))) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid']) - ); - break; - } + if (!empty(glob($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'))) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid']) + ); + return false; + } $config = array( "digest_alg" => "sha256", @@ -259,6 +304,67 @@ function dkim_table($action, $item) { 'msg' => sprintf($lang['success']['dkim_added']) ); break; + case "get": + try { + $stmt = $pdo->prepare("SELECT `target_domain` + FROM `alias_domain` + WHERE `alias_domain` = :item"); + $stmt->execute(array(':item' => $item)); + $AdDomainData = $stmt->fetch(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + (is_valid_domain_name($AdDomainData['target_domain'])) ? $item = $AdDomainData['target_domain'] : null; + if (!isset($_SESSION['mailcow_cc_role'])) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + $dkim_pubkey_file = escapeshellarg($GLOBALS["MC_DKIM_TXTS"]. "/" . $item . "." . "dkim"); + if (file_exists(substr($dkim_pubkey_file, 1, -1))) { + return 'v=DKIM1;k=rsa;t=s;s=email;p=' . file_get_contents($GLOBALS["MC_DKIM_TXTS"]. "/" . $item . "." . "dkim"); + } + return false; + break; + case "keys-without-domain": + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + $dnstxt_folder = scandir($GLOBALS["MC_DKIM_TXTS"]); + $dnstxt_files = array_diff($dnstxt_folder, array('.', '..')); + foreach($dnstxt_files as $file) { + $pubKey = file_get_contents($GLOBALS["MC_DKIM_TXTS"]."/".$file); + $domains[] = substr($file, 0, -5); + } + return array_diff($domains, mailbox_get_domains()); + break; + case "domains-without-key": + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + $dnstxt_folder = scandir($GLOBALS["MC_DKIM_TXTS"]); + $dnstxt_files = array_diff($dnstxt_folder, array('.', '..')); + foreach($dnstxt_files as $file) { + $pubKey = file_get_contents($GLOBALS["MC_DKIM_TXTS"]."/".$file); + $domains[] = substr($file, 0, -5); + } + return array_diff(mailbox_get_domains(), $domains); + break; } } function mailbox_add_domain($postarray) { @@ -366,6 +472,7 @@ function mailbox_add_domain($postarray) { ); } catch (PDOException $e) { + mailbox_delete_domain(array('domain' => $domain)); $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e @@ -413,6 +520,37 @@ function mailbox_add_alias($postarray) { WHERE `domain`= :domain"); $stmt->execute(array(':domain' => $domain)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['domain_not_found'], $domain) + ); + return false; + } + + $stmt = $pdo->prepare("SELECT `address` FROM `alias` + WHERE `address`= :address"); + $stmt->execute(array(':address' => $address)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['is_alias_or_mailbox'], htmlspecialchars($address)) + ); + return false; + } + + $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` + WHERE `address`= :address"); + $stmt->execute(array(':address' => $address)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($address)) + ); + return false; + } } catch(PDOException $e) { $_SESSION['return'] = array( @@ -421,13 +559,6 @@ function mailbox_add_alias($postarray) { ); return false; } - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['domain_not_found'], $domain) - ); - return false; - } if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) { $_SESSION['return'] = array( @@ -445,48 +576,6 @@ function mailbox_add_alias($postarray) { return false; } - try { - $stmt = $pdo->prepare("SELECT `address` FROM `alias` - WHERE `address`= :address"); - $stmt->execute(array(':address' => $address)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['is_alias_or_mailbox'], htmlspecialchars($address)) - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` - WHERE `address`= :address"); - $stmt->execute(array(':address' => $address)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($address)) - ); - return false; - } - foreach ($gotos as &$goto) { if (empty($goto)) { continue; @@ -545,6 +634,7 @@ function mailbox_add_alias($postarray) { ); } catch (PDOException $e) { + mailbox_delete_alias(array('address' => $address)); $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e @@ -605,29 +695,27 @@ function mailbox_add_alias_domain($postarray) { WHERE `domain`= :target_domain"); $stmt->execute(array(':target_domain' => $target_domain)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['targetd_not_found']) - ); - return false; - } + if ($num_results == 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['targetd_not_found']) + ); + return false; + } - try { $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain UNION SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain_in_domain"); $stmt->execute(array(':alias_domain' => $alias_domain, ':alias_domain_in_domain' => $alias_domain)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['aliasd_exists']) + ); + return false; + } + } catch(PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', @@ -635,13 +723,6 @@ function mailbox_add_alias_domain($postarray) { ); return false; } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['aliasd_exists']) - ); - return false; - } try { $stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `created`, `modified`, `active`) @@ -659,6 +740,133 @@ function mailbox_add_alias_domain($postarray) { ); } catch (PDOException $e) { + mailbox_delete_alias_domain(array('alias_domain' => $alias_domain)); + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } +} +function mailbox_add_mailbox($postarray) { + // Array elements + // active int + // local_part string + // domain string + // name string (username if empty) + // password string + // password2 string + // quota int (MiB) + // active int + + global $pdo; + global $lang; + $local_part = strtolower(trim($postarray['local_part'])); + $domain = idn_to_ascii(strtolower(trim($postarray['domain']))); + $username = $local_part . '@' . $domain; + if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_invalid']) + ); + return false; + } + if (empty($postarray['local_part'])) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_invalid']) + ); + return false; + } + $password = $postarray['password']; + $password2 = $postarray['password2']; + $name = $postarray['name']; + $quota_m = filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT); + + if (empty($name)) { + $name = $local_part; + } + + isset($postarray['active']) ? $active = '1' : $active = '0'; + + $quota_b = ($quota_m * 1048576); + $maildir = $domain."/".$local_part."/"; + + if (!is_valid_domain_name($domain)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['domain_invalid']) + ); + return false; + } + + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + + try { + $stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); + + $stmt = $pdo->prepare("SELECT + COUNT(*) as count, + COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota` + FROM `mailbox` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $domain)); + $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); + + $stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain"); + $stmt->execute(array(':local_part' => $local_part, ':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username)) + ); + return false; + } + + $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username"); + $stmt->execute(array(':username' => $username)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['is_alias'], htmlspecialchars($username)) + ); + return false; + } + + $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username"); + $stmt->execute(array(':username' => $username)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($username)) + ); + return false; + } + + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain"); + $stmt->execute(array(':domain' => $domain)); + $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results == 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['domain_not_found'], $domain) + ); + return false; + } + } + catch(PDOException $e) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e @@ -666,6 +874,101 @@ function mailbox_add_alias_domain($postarray) { return false; } + if (!is_numeric($quota_m) || $quota_m == "0") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['quota_not_0_not_numeric']) + ); + return false; + } + + if (!empty($password) && !empty($password2)) { + if ($password != $password2) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['password_mismatch']) + ); + return false; + } + $password_hashed = hash_password($password); + } + else { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['password_empty']) + ); + return false; + } + + if ($MailboxData['count'] >= $DomainData['mailboxes']) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['max_mailbox_exceeded'], $MailboxData['count'], $DomainData['mailboxes']) + ); + return false; + } + + if ($quota_m > $DomainData['maxquota']) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota']) + ); + return false; + } + + if (($MailboxData['quota'] + $quota_m) > $DomainData['quota']) { + $quota_left_m = ($DomainData['quota'] - $MailboxData['quota']); + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m) + ); + return false; + } + + try { + $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) + VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)"); + $stmt->execute(array( + ':username' => $username, + ':password_hashed' => $password_hashed, + ':name' => $name, + ':maildir' => $maildir, + ':quota_b' => $quota_b, + ':local_part' => $local_part, + ':domain' => $domain, + ':created' => date('Y-m-d H:i:s'), + ':modified' => date('Y-m-d H:i:s'), + ':active' => $active + )); + + $stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`) + VALUES (:username, '0', '0')"); + $stmt->execute(array(':username' => $username)); + + $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`) + VALUES (:username1, :username2, :domain, :created, :modified, :active)"); + $stmt->execute(array( + ':username1' => $username, + ':username2' => $username, + ':domain' => $domain, + ':created' => date('Y-m-d H:i:s'), + ':modified' => date('Y-m-d H:i:s'), + ':active' => $active + )); + + $_SESSION['return'] = array( + 'type' => 'success', + 'msg' => sprintf($lang['success']['mailbox_added'], htmlspecialchars($username)) + ); + } + catch (PDOException $e) { + mailbox_delete_mailbox(array('address' => $username)); + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } } function mailbox_edit_alias_domain($postarray) { // Array elements @@ -756,272 +1059,6 @@ function mailbox_edit_alias_domain($postarray) { 'msg' => sprintf($lang['success']['aliasd_modified'], htmlspecialchars($alias_domain)) ); } -function mailbox_add_mailbox($postarray) { - // Array elements - // active int - // local_part string - // domain string - // name string (username if empty) - // password string - // password2 string - // quota int (MiB) - // active int - - global $pdo; - global $lang; - $local_part = strtolower(trim($postarray['local_part'])); - $domain = idn_to_ascii(strtolower(trim($postarray['domain']))); - $username = $local_part . '@' . $domain; - if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_invalid']) - ); - return false; - } - if (empty($postarray['local_part'])) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_invalid']) - ); - return false; - } - $password = $postarray['password']; - $password2 = $postarray['password2']; - $name = $postarray['name']; - $quota_m = filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT); - - if (empty($name)) { - $name = $local_part; - } - - isset($postarray['active']) ? $active = '1' : $active = '0'; - - $quota_b = ($quota_m * 1048576); - $maildir = $domain."/".$local_part."/"; - - if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['domain_invalid']) - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT - COUNT(*) as count, - COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota` - FROM `mailbox` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $domain)); - $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain"); - $stmt->execute(array(':local_part' => $local_part, ':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username)) - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username"); - $stmt->execute(array(':username' => $username)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['is_alias'], htmlspecialchars($username)) - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username"); - $stmt->execute(array(':username' => $username)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($username)) - ); - return false; - } - - if (!is_numeric($quota_m) || $quota_m == "0") { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['quota_not_0_not_numeric']) - ); - return false; - } - - if (!empty($password) && !empty($password2)) { - if ($password != $password2) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['password_mismatch']) - ); - return false; - } - $password_hashed = hash_password($password); - } - else { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['password_empty']) - ); - return false; - } - - if ($MailboxData['count'] >= $DomainData['mailboxes']) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['max_mailbox_exceeded'], $MailboxData['count'], $DomainData['mailboxes']) - ); - return false; - } - - try { - $stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain"); - $stmt->execute(array(':domain' => $domain)); - $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if ($num_results == 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['domain_not_found'], $domain) - ); - return false; - } - - if ($quota_m > $DomainData['maxquota']) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota']) - ); - return false; - } - - if (($MailboxData['quota'] + $quota_m) > $DomainData['quota']) { - $quota_left_m = ($DomainData['quota'] - $MailboxData['quota']); - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m) - ); - return false; - } - - try { - $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) - VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)"); - $stmt->execute(array( - ':username' => $username, - ':password_hashed' => $password_hashed, - ':name' => $name, - ':maildir' => $maildir, - ':quota_b' => $quota_b, - ':local_part' => $local_part, - ':domain' => $domain, - ':created' => date('Y-m-d H:i:s'), - ':modified' => date('Y-m-d H:i:s'), - ':active' => $active - )); - - $stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`) - VALUES (:username, '0', '0')"); - $stmt->execute(array(':username' => $username)); - - $stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`) - VALUES (:username1, :username2, :domain, :created, :modified, :active)"); - $stmt->execute(array( - ':username1' => $username, - ':username2' => $username, - ':domain' => $domain, - ':created' => date('Y-m-d H:i:s'), - ':modified' => date('Y-m-d H:i:s'), - ':active' => $active - )); - - $_SESSION['return'] = array( - 'type' => 'success', - 'msg' => sprintf($lang['success']['mailbox_added'], htmlspecialchars($username)) - ); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } -} function mailbox_edit_alias($postarray) { // Array elements // address string @@ -1112,103 +1149,8 @@ function mailbox_edit_domain($postarray) { global $lang; global $pdo; - $domain = idn_to_ascii($postarray['domain']); - $description = $postarray['description']; - - $aliases = filter_var($postarray['aliases'], FILTER_SANITIZE_NUMBER_FLOAT); - $mailboxes = filter_var($postarray['mailboxes'], FILTER_SANITIZE_NUMBER_FLOAT); - $maxquota = filter_var($postarray['maxquota'], FILTER_SANITIZE_NUMBER_FLOAT); - $quota = filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT); - - isset($postarray['relay_all_recipients']) ? $relay_all_recipients = '1' : $relay_all_recipients = '0'; - isset($postarray['backupmx']) ? $backupmx = '1' : $backupmx = '0'; - isset($postarray['relay_all_recipients']) ? $backupmx = '1' : true; - isset($postarray['active']) ? $active = '1' : $active = '0'; - - try { - $stmt = $pdo->prepare("SELECT - COUNT(*) AS count, - MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `maxquota`, - COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota` - FROM `mailbox` - WHERE domain= :domain"); - $stmt->execute(array(':domain' => $domain)); - $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - - - try { - $stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias` - WHERE domain = :domain - AND address NOT IN ( - SELECT `username` FROM `mailbox` - )"); - $stmt->execute(array(':domain' => $domain)); - $AliasData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; - } - - if ($maxquota > $quota) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota']) - ); - return false; - } - - if ($MailboxData['maxquota'] > $maxquota) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['max_quota_in_use'], $MailboxData['maxquota']) - ); - return false; - } - - if ($MailboxData['quota'] > $quota) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['domain_quota_m_in_use'], $MailboxData['quota']) - ); - return false; - } - - if ($MailboxData['count'] > $mailboxes) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailboxes_in_use'], $MailboxData['count']) - ); - return false; - } - - if ($AliasData['count'] > $aliases) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['aliases_in_use'], $AliasData['count']) - ); - return false; - } - + + $domain = idn_to_ascii($postarray['domain']); if (!is_valid_domain_name($domain)) { $_SESSION['return'] = array( 'type' => 'danger', @@ -1216,34 +1158,399 @@ function mailbox_edit_domain($postarray) { ); return false; } + + if ($_SESSION['mailcow_cc_role'] == "domainadmin" && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { + $description = $postarray['description']; + isset($postarray['active']) ? $active = '1' : $active = '0'; + try { + $stmt = $pdo->prepare("UPDATE `domain` SET + `modified`= :modified, + `description` = :description + WHERE `domain` = :domain"); + $stmt->execute(array( + ':modified' => date('Y-m-d H:i:s'), + ':description' => $description, + ':domain' => $domain + )); + $_SESSION['return'] = array( + 'type' => 'success', + 'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain)) + ); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + } + elseif ($_SESSION['mailcow_cc_role'] == "admin") { + $description = $postarray['description']; + isset($postarray['active']) ? $active = '1' : $active = '0'; + $aliases = filter_var($postarray['aliases'], FILTER_SANITIZE_NUMBER_FLOAT); + $mailboxes = filter_var($postarray['mailboxes'], FILTER_SANITIZE_NUMBER_FLOAT); + $maxquota = filter_var($postarray['maxquota'], FILTER_SANITIZE_NUMBER_FLOAT); + $quota = filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT); + isset($postarray['relay_all_recipients']) ? $relay_all_recipients = '1' : $relay_all_recipients = '0'; + isset($postarray['backupmx']) ? $backupmx = '1' : $backupmx = '0'; + isset($postarray['relay_all_recipients']) ? $backupmx = '1' : true; + try { + // GET MAILBOX DATA + $stmt = $pdo->prepare("SELECT + COUNT(*) AS count, + MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `maxquota`, + COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota` + FROM `mailbox` + WHERE domain= :domain"); + $stmt->execute(array(':domain' => $domain)); + $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC); + // GET ALIAS DATA + $stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias` + WHERE domain = :domain + AND address NOT IN ( + SELECT `username` FROM `mailbox` + )"); + $stmt->execute(array(':domain' => $domain)); + $AliasData = $stmt->fetch(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + + if ($maxquota > $quota) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota']) + ); + return false; + } + + if ($MailboxData['maxquota'] > $maxquota) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['max_quota_in_use'], $MailboxData['maxquota']) + ); + return false; + } + + if ($MailboxData['quota'] > $quota) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['domain_quota_m_in_use'], $MailboxData['quota']) + ); + return false; + } + + if ($MailboxData['count'] > $mailboxes) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailboxes_in_use'], $MailboxData['count']) + ); + return false; + } + + if ($AliasData['count'] > $aliases) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['aliases_in_use'], $AliasData['count']) + ); + return false; + } + try { + $stmt = $pdo->prepare("UPDATE `domain` SET + `modified`= :modified, + `relay_all_recipients` = :relay_all_recipients, + `backupmx` = :backupmx, + `active` = :active, + `quota` = :quota, + `maxquota` = :maxquota, + `mailboxes` = :mailboxes, + `aliases` = :aliases, + `description` = :description + WHERE `domain` = :domain"); + $stmt->execute(array( + ':relay_all_recipients' => $relay_all_recipients, + ':backupmx' => $backupmx, + ':active' => $active, + ':quota' => $quota, + ':maxquota' => $maxquota, + ':mailboxes' => $mailboxes, + ':aliases' => $aliases, + ':modified' => date('Y-m-d H:i:s'), + ':description' => $description, + ':domain' => $domain + )); + $_SESSION['return'] = array( + 'type' => 'success', + 'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain)) + ); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + } +} +function mailbox_edit_mailbox($postarray) { + global $lang; + global $pdo; + isset($postarray['active']) ? $active = '1' : $active = '0'; + if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['username_invalid']) + ); + return false; + } + $quota_m = $postarray['quota']; + $quota_b = $quota_m*1048576; + $username = $postarray['username']; + $name = $postarray['name']; + $password = $postarray['password']; + $password2 = $postarray['password2']; + try { - $stmt = $pdo->prepare("UPDATE `domain` SET - `modified`= :modified, - `relay_all_recipients` = :relay_all_recipients, - `backupmx` = :backupmx, - `active` = :active, - `quota` = :quota, - `maxquota` = :maxquota, - `mailboxes` = :mailboxes, - `aliases` = :aliases, - `description` = :description - WHERE `domain` = :domain"); + $stmt = $pdo->prepare("SELECT `domain` + FROM `mailbox` + WHERE username = :username"); + $stmt->execute(array(':username' => $username)); + $MailboxData1 = $stmt->fetch(PDO::FETCH_ASSOC); + + $stmt = $pdo->prepare("SELECT + COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_now` + FROM `mailbox` + WHERE `username` = :username"); + $stmt->execute(array(':username' => $username)); + $MailboxData2 = $stmt->fetch(PDO::FETCH_ASSOC); + + $stmt = $pdo->prepare("SELECT + COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_in_use` + FROM `mailbox` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $MailboxData1['domain'])); + $MailboxData3 = $stmt->fetch(PDO::FETCH_ASSOC); + + $stmt = $pdo->prepare("SELECT `quota`, `maxquota` + FROM `domain` + WHERE `domain` = :domain"); + $stmt->execute(array(':domain' => $MailboxData1['domain'])); + $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $MailboxData1['domain'])) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + if (!is_numeric($quota_m) || $quota_m == "0") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'], htmlspecialchars($quota_m)) + ); + return false; + } + if ($quota_m > $DomainData['maxquota']) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota']) + ); + return false; + } + if (($MailboxData3['quota_m_in_use'] - $MailboxData2['quota_m_now'] + $quota_m) > $DomainData['quota']) { + $quota_left_m = ($DomainData['quota'] - $MailboxData3['quota_m_in_use'] + $MailboxData2['quota_m_now']); + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m) + ); + return false; + } + + // Get sender_acl items set by admin + $sender_acl_admin = array_merge( + get_sender_acl_handles($username)['sender_acl_domains']['ro'], + get_sender_acl_handles($username)['sender_acl_addresses']['ro'] + ); + + // Get sender_acl items from POST array + (isset($postarray['sender_acl'])) ? $sender_acl_domain_admin = $postarray['sender_acl'] : $sender_acl_domain_admin = array(); + + if (!empty($sender_acl_domain_admin) || !empty($sender_acl_admin)) { + // Check items in POST array + foreach ($sender_acl_domain_admin as $sender_acl) { + if (!filter_var($sender_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name(ltrim($sender_acl, '@'))) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['sender_acl_invalid']) + ); + return false; + } + if (is_valid_domain_name(ltrim($sender_acl, '@'))) { + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], ltrim($sender_acl, '@'))) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['sender_acl_invalid']) + ); + return false; + } + } + if (filter_var($sender_acl, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $sender_acl)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['sender_acl_invalid']) + ); + return false; + } + } + } + + // Merge both arrays + $sender_acl_merged = array_merge($sender_acl_domain_admin, $sender_acl_admin); + + try { + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); + $stmt->execute(array( + ':username' => $username + )); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + + foreach ($sender_acl_merged as $sender_acl) { + $domain = ltrim($sender_acl, '@'); + if (is_valid_domain_name($domain)) { + $sender_acl = '@' . $domain; + } + try { + $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`) + VALUES (:sender_acl, :username)"); + $stmt->execute(array( + ':sender_acl' => $sender_acl, + ':username' => $username + )); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + } + } + else { + try { + $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); + $stmt->execute(array( + ':username' => $username + )); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + } + if (!empty($password) && !empty($password2)) { + if ($password != $password2) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['password_mismatch']) + ); + return false; + } + $password_hashed = hash_password($password); + try { + $stmt = $pdo->prepare("UPDATE `alias` SET + `modified` = :modified, + `active` = :active + WHERE `address` = :address"); + $stmt->execute(array( + ':address' => $username, + ':modified' => date('Y-m-d H:i:s'), + ':active' => $active + )); + $stmt = $pdo->prepare("UPDATE `mailbox` SET + `modified` = :modified, + `active` = :active, + `password` = :password_hashed, + `name`= :name, + `quota` = :quota_b + WHERE `username` = :username"); + $stmt->execute(array( + ':modified' => date('Y-m-d H:i:s'), + ':password_hashed' => $password_hashed, + ':active' => $active, + ':name' => $name, + ':quota_b' => $quota_b, + ':username' => $username + )); + $_SESSION['return'] = array( + 'type' => 'success', + 'msg' => sprintf($lang['success']['mailbox_modified'], $username) + ); + return true; + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + } + try { + $stmt = $pdo->prepare("UPDATE `alias` SET + `modified` = :modified, + `active` = :active + WHERE `address` = :address"); $stmt->execute(array( - ':relay_all_recipients' => $relay_all_recipients, - ':backupmx' => $backupmx, - ':active' => $active, - ':quota' => $quota, - ':maxquota' => $maxquota, - ':mailboxes' => $mailboxes, - ':aliases' => $aliases, + ':address' => $username, ':modified' => date('Y-m-d H:i:s'), - ':description' => $description, - ':domain' => $domain + ':active' => $active + )); + $stmt = $pdo->prepare("UPDATE `mailbox` SET + `modified` = :modified, + `active` = :active, + `name`= :name, + `quota` = :quota_b + WHERE `username` = :username"); + $stmt->execute(array( + ':active' => $active, + ':modified' => date('Y-m-d H:i:s'), + ':name' => $name, + ':quota_b' => $quota_b, + ':username' => $username )); $_SESSION['return'] = array( 'type' => 'success', - 'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain)) + 'msg' => sprintf($lang['success']['mailbox_modified'], $username) ); + return true; } catch (PDOException $e) { $_SESSION['return'] = array( @@ -1252,7 +1559,6 @@ function mailbox_edit_domain($postarray) { ); return false; } - } function mailbox_get_mailboxes($domain) { global $lang; @@ -1355,6 +1661,7 @@ function mailbox_get_alias_details($address) { `domain`, `goto`, `address`, + `active` as `active_int`, CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, `created`, `modified` @@ -1370,8 +1677,16 @@ function mailbox_get_alias_details($address) { $aliasdata['address'] = $row['address']; (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0; $aliasdata['active'] = $row['active']; + $aliasdata['active_int'] = $row['active_int']; $aliasdata['created'] = $row['created']; $aliasdata['modified'] = $row['modified']; + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } } } catch (PDOException $e) { @@ -1381,13 +1696,6 @@ function mailbox_get_alias_details($address) { ); return false; } - if (isset($aliasdata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; - } return $aliasdata; } function mailbox_get_alias_domain_details($aliasdomain) { @@ -1398,6 +1706,7 @@ function mailbox_get_alias_domain_details($aliasdomain) { $stmt = $pdo->prepare("SELECT `alias_domain`, `target_domain`, + `active` AS `active_int`, CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, `created`, `modified` @@ -1411,6 +1720,7 @@ function mailbox_get_alias_domain_details($aliasdomain) { $aliasdomaindata['alias_domain'] = $row['alias_domain']; $aliasdomaindata['target_domain'] = $row['target_domain']; $aliasdomaindata['active'] = $row['active']; + $aliasdomaindata['active_int'] = $row['active_int']; $aliasdomaindata['created'] = $row['created']; $aliasdomaindata['modified'] = $row['modified']; } @@ -1466,6 +1776,7 @@ function mailbox_get_domain_details($domain) { global $lang; global $pdo; + $domaindata = array(); $domain = idn_to_ascii(strtolower(trim($domain))); if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { @@ -1479,10 +1790,15 @@ function mailbox_get_domain_details($domain) { try { $stmt = $pdo->prepare("SELECT `domain`, + `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, + `relay_all_recipients` as `relay_all_recipients_int`, + `backupmx` as `backupmx_int`, + `active` as `active_int`, + CASE `relay_all_recipients` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_all_recipients`, CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`, CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` FROM `domain` WHERE `domain`= :domain"); @@ -1492,33 +1808,40 @@ function mailbox_get_domain_details($domain) { $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); while($row = array_shift($rows)) { $domaindata['domain_name'] = $row['domain']; + $domaindata['description'] = $row['description']; $domaindata['max_num_aliases_for_domain'] = $row['aliases']; $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes']; $domaindata['max_quota_for_mbox'] = formatBytes(intval($row['maxquota'] * 1048576), 2); + $domaindata['max_quota_for_mbox_mib'] = $row['maxquota']; $domaindata['max_quota_for_domain'] = formatBytes(intval($row['quota'] * 1048576), 2); + $domaindata['max_quota_for_domain_mib'] = $row['quota']; $domaindata['backupmx'] = $row['backupmx']; + $domaindata['backupmx_int'] = $row['backupmx_int']; $domaindata['active'] = $row['active']; + $domaindata['active_int'] = $row['active_int']; + $domaindata['relay_all_recipients'] = $row['relay_all_recipients']; + $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int']; + $domaindata['relay_all_recipients'] = $row['relay_all_recipients']; + + $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias` + WHERE `domain`= :domain + AND `address` NOT IN ( + SELECT `username` FROM `mailbox` + )"); + $stmt->execute(array( + ':domain' => $domain, + )); + $row = $stmt->fetchAll(); + (isset($row[0]['alias_count'])) ? $domaindata['aliases_in_domain'] = $row[0]['alias_count'] : null; + $stmt = $pdo->prepare("SELECT COUNT(`username`) AS `mailbox_count`, SUM(`quota`) AS `quota` FROM `mailbox` + WHERE `domain` = :domain"); + $stmt->execute(array( + ':domain' => $domain, + )); + $row = $stmt->fetchAll(); + $domaindata['mboxes_in_domain'] = $row[0]['mailbox_count']; + $domaindata['quota_used_in_domain'] = formatBytes(intval($row[0]['quota']), 2); } - - $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias` - WHERE `domain`= :domain - AND `address` NOT IN ( - SELECT `username` FROM `mailbox` - )"); - $stmt->execute(array( - ':domain' => $domain, - )); - $row = $stmt->fetchAll(); - $domaindata['aliases_in_domain'] = $row[0]['alias_count']; - - $stmt = $pdo->prepare("SELECT COUNT(`username`) AS `mailbox_count`, SUM(`quota`) AS `quota` FROM `mailbox` - WHERE `domain` = :domain"); - $stmt->execute(array( - ':domain' => $domain, - )); - $row = $stmt->fetchAll(); - $domaindata['mboxes_in_domain'] = $row[0]['mailbox_count']; - $domaindata['quota_used_in_domain'] = formatBytes(intval($row[0]['quota']), 2); } catch (PDOException $e) { $_SESSION['return'] = array( @@ -1533,11 +1856,13 @@ function mailbox_get_domain_details($domain) { function mailbox_get_mailbox_details($mailbox) { global $lang; global $pdo; + $mailboxdata = array(); try { $stmt = $pdo->prepare("SELECT `domain`.`backupmx`, `mailbox`.`username`, `mailbox`.`name`, + `mailbox`.`active` AS `active_int`, CASE `mailbox`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`, `mailbox`.`domain`, `mailbox`.`quota`, @@ -1554,8 +1879,10 @@ function mailbox_get_mailbox_details($mailbox) { $mailboxdata['is_relayed'] = $row['backupmx']; $mailboxdata['name'] = $row['name']; $mailboxdata['active'] = $row['active']; + $mailboxdata['active_int'] = $row['active_int']; $mailboxdata['domain'] = $row['domain']; $mailboxdata['quota'] = formatBytes(intval($row['quota']), 2); + $mailboxdata['quota_bytes'] = $row['quota']; $mailboxdata['quota_used'] = formatBytes(intval($row['bytes']), 2); $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100); $mailboxdata['messages'] = $row['messages']; @@ -1586,216 +1913,6 @@ function mailbox_get_mailbox_details($mailbox) { } return $mailboxdata; } -function mailbox_edit_mailbox($postarray) { - global $lang; - global $pdo; - isset($postarray['active']) ? $active = '1' : $active = '0'; - if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['username_invalid']) - ); - return false; - } - $quota_m = $postarray['quota']; - $quota_b = $quota_m*1048576; - $username = $postarray['username']; - $name = $postarray['name']; - $password = $postarray['password']; - $password2 = $postarray['password2']; - - try { - $stmt = $pdo->prepare("SELECT `domain` - FROM `mailbox` - WHERE username = :username"); - $stmt->execute(array(':username' => $username)); - $MailboxData1 = $stmt->fetch(PDO::FETCH_ASSOC); - - $stmt = $pdo->prepare("SELECT - COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_now` - FROM `mailbox` - WHERE `username` = :username"); - $stmt->execute(array(':username' => $username)); - $MailboxData2 = $stmt->fetch(PDO::FETCH_ASSOC); - - $stmt = $pdo->prepare("SELECT - COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_in_use` - FROM `mailbox` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $MailboxData1['domain'])); - $MailboxData3 = $stmt->fetch(PDO::FETCH_ASSOC); - - $stmt = $pdo->prepare("SELECT `quota`, `maxquota` - FROM `domain` - WHERE `domain` = :domain"); - $stmt->execute(array(':domain' => $MailboxData1['domain'])); - $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $MailboxData1['domain'])) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; - } - if (!is_numeric($quota_m) || $quota_m == "0") { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'], htmlspecialchars($quota_m)) - ); - return false; - } - if ($quota_m > $DomainData['maxquota']) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota']) - ); - return false; - } - if (($MailboxData3['quota_m_in_use'] - $MailboxData2['quota_m_now'] + $quota_m) > $DomainData['quota']) { - $quota_left_m = ($DomainData['quota'] - $MailboxData3['quota_m_in_use'] + $MailboxData2['quota_m_now']); - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m) - ); - return false; - } - - try { - $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username"); - $stmt->execute(array( - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - if (isset($postarray['sender_acl']) && is_array($postarray['sender_acl'])) { - foreach ($postarray['sender_acl'] as $sender_acl) { - if (!filter_var($sender_acl, FILTER_VALIDATE_EMAIL) && - !is_valid_domain_name(str_replace('@', '', $sender_acl))) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['sender_acl_invalid']) - ); - return false; - } - } - foreach ($postarray['sender_acl'] as $sender_acl) { - try { - $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`) - VALUES (:sender_acl, :username)"); - $stmt->execute(array( - ':sender_acl' => $sender_acl, - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - } - } - if (!empty($password) && !empty($password2)) { - if ($password != $password2) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['password_mismatch']) - ); - return false; - } - $password_hashed = hash_password($password); - try { - $stmt = $pdo->prepare("UPDATE `alias` SET - `modified` = :modified, - `active` = :active - WHERE `address` = :address"); - $stmt->execute(array( - ':address' => $username, - ':modified' => date('Y-m-d H:i:s'), - ':active' => $active - )); - $stmt = $pdo->prepare("UPDATE `mailbox` SET - `modified` = :modified, - `active` = :active, - `password` = :password_hashed, - `name`= :name, - `quota` = :quota_b - WHERE `username` = :username"); - $stmt->execute(array( - ':modified' => date('Y-m-d H:i:s'), - ':password_hashed' => $password_hashed, - ':active' => $active, - ':name' => $name, - ':quota_b' => $quota_b, - ':username' => $username - )); - $_SESSION['return'] = array( - 'type' => 'success', - 'msg' => sprintf($lang['success']['mailbox_modified'], $username) - ); - return true; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - } - try { - $stmt = $pdo->prepare("UPDATE `alias` SET - `modified` = :modified, - `active` = :active - WHERE `address` = :address"); - $stmt->execute(array( - ':address' => $username, - ':modified' => date('Y-m-d H:i:s'), - ':active' => $active - )); - $stmt = $pdo->prepare("UPDATE `mailbox` SET - `modified` = :modified, - `active` = :active, - `name`= :name, - `quota` = :quota_b - WHERE `username` = :username"); - $stmt->execute(array( - ':active' => $active, - ':modified' => date('Y-m-d H:i:s'), - ':name' => $name, - ':quota_b' => $quota_b, - ':username' => $username - )); - $_SESSION['return'] = array( - 'type' => 'success', - 'msg' => sprintf($lang['success']['mailbox_modified'], $username) - ); - return true; - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } -} function mailbox_delete_domain($postarray) { global $lang; global $pdo; @@ -2027,6 +2144,10 @@ function mailbox_delete_mailbox($postarray) { $stmt->execute(array( ':username' => $username )); + $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username"); + $stmt->execute(array( + ':username' => $username + )); $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username"); $stmt->execute(array( ':username' => $username @@ -2076,14 +2197,16 @@ function edit_domain_admin($postarray) { return false; } - foreach ($postarray['domain'] as $domain) { - if (!is_valid_domain_name($domain)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['domain_invalid']) - ); - return false; - } + if(isset($postarray['domain'])) { + foreach ($postarray['domain'] as $domain) { + if (!is_valid_domain_name($domain)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['domain_invalid']) + ); + return false; + } + } } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) { @@ -2108,24 +2231,26 @@ function edit_domain_admin($postarray) { return false; } - foreach ($postarray['domain'] as $domain) { - try { - $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`) - VALUES (:username, :domain, :created, :active)"); - $stmt->execute(array( - ':username' => $username, - ':domain' => $domain, - ':created' => date('Y-m-d H:i:s'), - ':active' => $active - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } + if(isset($postarray['domain'])) { + foreach ($postarray['domain'] as $domain) { + try { + $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`) + VALUES (:username, :domain, :created, :active)"); + $stmt->execute(array( + ':username' => $username, + ':domain' => $domain, + ':created' => date('Y-m-d H:i:s'), + ':active' => $active + )); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + } } if (!empty($password) && !empty($password2)) { @@ -2279,7 +2404,26 @@ function set_admin_account($postarray) { function set_time_limited_aliases($postarray) { global $lang; global $pdo; - $username = $_SESSION['mailcow_cc_username']; + (isset($postarray['username'])) ? $username = $postarray['username'] : $username = $_SESSION['mailcow_cc_username']; + + if ($_SESSION['mailcow_cc_role'] != "user" && + $_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + if (filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + try { $stmt = $pdo->prepare("SELECT `domain` FROM `mailbox` WHERE `username` = :username"); $stmt->execute(array(':username' => $username)); @@ -2403,6 +2547,49 @@ function set_time_limited_aliases($postarray) { break; } } +function get_time_limited_aliases($username = null) { + // 'username' can be be set, if not, default to mailcow_cc_username + global $lang; + global $pdo; + $spamaliasdata = array(); + if ($_SESSION['mailcow_cc_role'] != "user" && + $_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + else { + $username = $_SESSION['mailcow_cc_username']; + } + try { + $stmt = $pdo->prepare("SELECT `address`, + `goto`, + `validity` + FROM `spamalias` + WHERE `goto` = :username + AND `validity` >= :unixnow"); + $stmt->execute(array(':username' => $username, ':unixnow' => time())); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + } + return $rows; +} function set_user_account($postarray) { global $lang; global $pdo; @@ -2561,6 +2748,7 @@ function add_domain_admin($postarray) { )); } catch (PDOException $e) { + delete_domain_admin(array('username' => $username)); $_SESSION['return'] = array( 'type' => 'danger', 'msg' => 'MySQL: '.$e @@ -2639,15 +2827,114 @@ function delete_domain_admin($postarray) { 'msg' => sprintf($lang['success']['domain_admin_removed'], htmlspecialchars($username)) ); } -function get_spam_score($username) { +function get_domain_admins() { global $pdo; - $default = "5, 15"; - if ($_SESSION['mailcow_cc_role'] != "user") { + global $lang; + $domainadmins = array(); + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); return false; } - if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { - return $default; + try { + $stmt = $pdo->query("SELECT DISTINCT + `username` + FROM `domain_admins` + WHERE `username` IN ( + SELECT `username` FROM `admin` + WHERE `superadmin`!='1' + )"); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows)) { + $domainadmins[] = $row['username']; + } + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + } + return $domainadmins; +} +function get_domain_admin_details($domain_admin) { + global $pdo; + global $lang; + $domainadmindata = array(); + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; } + if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $domain_admin))) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['username_invalid']) + ); + return false; + } + try { + $stmt = $pdo->prepare("SELECT + `created`, + `active` AS `active_int`, + CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active` + FROM `domain_admins` + WHERE `username`= :domain_admin"); + $stmt->execute(array( + ':domain_admin' => $domain_admin + )); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + $domainadmindata['active'] = $row['active']; + $domainadmindata['active_int'] = $row['active_int']; + $domainadmindata['created'] = $row['created']; + // GET SELECTED + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` IN ( + SELECT `domain` FROM `domain_admins` + WHERE `username`= :domain_admin)"); + $stmt->execute(array(':domain_admin' => $domain_admin)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $domainadmindata['selected_domains'][] = $row['domain']; + } + // GET UNSELECTED + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` NOT IN ( + SELECT `domain` FROM `domain_admins` + WHERE `username`= :domain_admin)"); + $stmt->execute(array(':domain_admin' => $domain_admin)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while($row = array_shift($rows)) { + $domainadmindata['unselected_domains'][] = $row['domain']; + } + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + } + return $domainadmindata; +} +function get_spam_score($username = null) { + global $pdo; + $default = "5, 15"; + if ($_SESSION['mailcow_cc_role'] != "user" && + $_SESSION['mailcow_cc_role'] != "admin") { + return false; + } + if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + return false; + } + } + else { + $username = $_SESSION['mailcow_cc_username']; + } try { $stmt = $pdo->prepare("SELECT `value` FROM `filterconf` WHERE `object` = :username AND (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')"); @@ -2661,7 +2948,7 @@ function get_spam_score($username) { ); return false; } - if ($num_results == 0 || empty ($num_results)) { + if (empty($num_results)) { return $default; } else { @@ -2745,29 +3032,81 @@ function set_spam_score($postarray) { 'msg' => sprintf($lang['success']['mailbox_modified'], $username) ); } -function set_policy_list($postarray) { +function get_policy_list($object = null) { + // 'object' can be be set, if not, default to mailcow_cc_username global $lang; global $pdo; - if ($_SESSION['mailcow_cc_role'] != "admin" && - $_SESSION['mailcow_cc_role'] != "domainadmin" && - $_SESSION['mailcow_cc_role'] != "user") { + if (!isset($_SESSION['mailcow_cc_role'])) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } - (isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username']; - ($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from"; - $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.')); - if (!filter_var($object, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($object)) { + if (isset($object)) { + if (!filter_var($object, FILTER_VALIDATE_EMAIL) && is_valid_domain_name($object)) { + $object = idn_to_ascii(strtolower(trim($object))); + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + elseif (filter_var($object, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + } + else { + $object = $_SESSION['mailcow_cc_username']; + } + try { + // WHITELIST + $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = SUBSTRING_INDEX(:username_domain, '@' ,-1))"); + $stmt->execute(array(':username' => $object, ':username_domain' => $object)); + $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); + // BLACKLIST + $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = SUBSTRING_INDEX(:username_domain, '@' ,-1))"); + $stmt->execute(array(':username' => $object, ':username_domain' => $object)); + $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + } + return $rows; +} +function set_policy_list($postarray) { + // Array data + // Either 'domain' or 'username' can be be set + // If none of the above is set, default to mailcow_cc_username + // + // If 'delete_prefid' then delete item id + global $lang; + global $pdo; + (isset($postarray['username'])) ? $object = $postarray['username'] : null; + (isset($postarray['domain'])) ? $object = $postarray['domain'] : null; + (!isset($object)) ? $object = $_SESSION['mailcow_cc_username'] : null; + + // Can be user, domainadmin or admin + if (!isset($_SESSION['mailcow_cc_role'])) { $_SESSION['return'] = array( 'type' => 'danger', - 'msg' => sprintf($lang['danger']['username_invalid']) + 'msg' => sprintf($lang['danger']['access_denied']) ); return false; } - if (is_valid_domain_name($object)) { + + if (is_valid_domain_name($object)) { if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { $_SESSION['return'] = array( 'type' => 'danger', @@ -2775,9 +3114,21 @@ function set_policy_list($postarray) { ); return false; } - } - if (isset($postarray['prefid'])) { - if (!is_numeric($postarray['prefid'])) { + $object = idn_to_ascii(strtolower(trim($object))); + } + else { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + + // DELETE + if (isset($postarray['delete_prefid'])) { + if (!is_numeric($postarray['delete_prefid'])) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) @@ -2788,7 +3139,7 @@ function set_policy_list($postarray) { $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid"); $stmt->execute(array( ':object' => $object, - ':prefid' => $postarray['prefid'] + ':prefid' => $postarray['delete_prefid'] )); } catch (PDOException $e) { @@ -2800,17 +3151,29 @@ function set_policy_list($postarray) { } $_SESSION['return'] = array( 'type' => 'success', - 'msg' => sprintf($lang['success']['mailbox_modified'], $object) + 'msg' => sprintf($lang['success']['object_modified'], $object) ); return true; } - if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) { + + // ADD WL/BL + ($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : null; + ($postarray['object_list'] == "wl") ? $object_list = "whitelist_from" : null; + $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.')); + if (!ctype_alnum(str_replace(array('@', '.', '-', '*'), '', $object_from))) { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['policy_list_from_invalid']) ); return false; } + if ($object_list != "blacklist_from" && $object_list != "whitelist_from") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } try { $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from') @@ -2818,6 +3181,13 @@ function set_policy_list($postarray) { AND `value` = :object_from"); $stmt->execute(array(':object' => $object, ':object_from' => $object_from)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); + if ($num_results != 0) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['policy_list_from_exists']) + ); + return false; + } } catch(PDOException $e) { $_SESSION['return'] = array( @@ -2826,13 +3196,7 @@ function set_policy_list($postarray) { ); return false; } - if ($num_results != 0) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['policy_list_from_exists']) - ); - return false; - } + try { $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`) VALUES (:object, :object_list, :object_from)"); @@ -2851,53 +3215,95 @@ function set_policy_list($postarray) { } $_SESSION['return'] = array( 'type' => 'success', - 'msg' => sprintf($lang['success']['mailbox_modified'], $object) + 'msg' => sprintf($lang['success']['object_modified'], $object) ); } -function set_tls_policy($postarray) { +function get_syncjobs($username = null) { + // 'username' can be be set, if not, default to mailcow_cc_username global $lang; global $pdo; - if ($_SESSION['mailcow_cc_role'] != "user") { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; + $syncjobs = array(); + if ($_SESSION['mailcow_cc_role'] != "user" && + $_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; } - isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0'; - isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0'; - $username = $_SESSION['mailcow_cc_username']; - if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['username_invalid']) - ); - return false; + if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + else { + $username = $_SESSION['mailcow_cc_username']; + } + try { + $stmt = $pdo->prepare("SELECT *, CONCAT(LEFT(`password1`, 3), '…') as `password1_short` + FROM `imapsync` + WHERE `user2` = :username"); + $stmt->execute(array(':username' => $username)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + } + return $rows; +} +function get_syncjob_details($id) { + global $lang; + global $pdo; + $syncjobdetails = array(); + if ($_SESSION['mailcow_cc_role'] != "user" && + $_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; } - try { - $stmt = $pdo->prepare("UPDATE `mailbox` SET `tls_enforce_out` = :tls_out, `tls_enforce_in` = :tls_in WHERE `username` = :username"); - $stmt->execute(array( - ':tls_out' => $tls_out, - ':tls_in' => $tls_in, - ':username' => $username - )); - } - catch (PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - $_SESSION['return'] = array( - 'type' => 'success', - 'msg' => sprintf($lang['success']['mailbox_modified'], $username) - ); + if (!isset($id) || !is_numeric($id)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + try { + $stmt = $pdo->prepare("SELECT * FROM `imapsync` WHERE (`user2` = :username OR 'admin' = :role) AND id = :id"); + $stmt->execute(array(':id' => $id, ':role' => $_SESSION['mailcow_cc_role'], ':username' => $_SESSION['mailcow_cc_username'])); + $syncjobdetails = $stmt->fetch(PDO::FETCH_ASSOC); + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + } + return $syncjobdetails; } function set_syncjob($postarray, $action) { global $lang; global $pdo; - $username = $_SESSION['mailcow_cc_username']; + if (isset($postarray['username']) && filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) { + return false; + } + else { + $username = $postarray['username']; + } + } + else { + $username = $_SESSION['mailcow_cc_username']; + } if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { $_SESSION['return'] = array( 'type' => 'danger', @@ -2905,7 +3311,7 @@ function set_syncjob($postarray, $action) { ); return false; } - if ($_SESSION['mailcow_cc_role'] != "user") { + if ($_SESSION['mailcow_cc_role'] != "user" && $_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'] = array( 'type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied']) @@ -2959,16 +3365,8 @@ function set_syncjob($postarray, $action) { if (empty($subfolder2)) { $subfolder2 = ""; } - if (empty($maxage)) { - $maxage = 0; - } - - if (!filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 0, 'max_range' => 32767)))) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; + if (!isset($maxage) || !filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 32767)))) { + $maxage = "0"; } if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) { $_SESSION['return'] = array( @@ -3174,12 +3572,19 @@ function set_syncjob($postarray, $action) { return true; } } -function get_tls_policy($username) { +function set_tls_policy($postarray) { global $lang; global $pdo; if ($_SESSION['mailcow_cc_role'] != "user") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); return false; } + isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0'; + isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0'; + $username = $_SESSION['mailcow_cc_username']; if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { $_SESSION['return'] = array( 'type' => 'danger', @@ -3187,6 +3592,50 @@ function get_tls_policy($username) { ); return false; } + try { + $stmt = $pdo->prepare("UPDATE `mailbox` SET `tls_enforce_out` = :tls_out, `tls_enforce_in` = :tls_in WHERE `username` = :username"); + $stmt->execute(array( + ':tls_out' => $tls_out, + ':tls_in' => $tls_in, + ':username' => $username + )); + } + catch (PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + $_SESSION['return'] = array( + 'type' => 'success', + 'msg' => sprintf($lang['success']['mailbox_modified'], $username) + ); +} +function get_tls_policy($username = null) { + global $lang; + global $pdo; + $TLSData = array(); + if ($_SESSION['mailcow_cc_role'] != "user" && + $_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + } + else { + $username = $_SESSION['mailcow_cc_username']; + } try { $stmt = $pdo->prepare("SELECT `tls_enforce_out`, `tls_enforce_in` FROM `mailbox` WHERE `username` = :username"); $stmt->execute(array(':username' => $username)); @@ -3243,121 +3692,102 @@ function remaining_specs($domain, $object = null, $js = null) { } return $spec; } -function get_sender_acl_handles($mailbox, $which) { +function get_sender_acl_handles($mailbox) { global $pdo; + global $lang; if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") { - return false; + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; } - switch ($which) { - case "preselected": - try { - $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :goto AND `address` NOT LIKE '@%'"); - $stmt->execute(array(':goto' => $mailbox)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - return $rows; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - break; - case "selected": - try { - $stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as"); - $stmt->execute(array(':logged_in_as' => $mailbox)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - return $rows; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - break; - case "unselected-domains": - try { - if ($_SESSION['mailcow_cc_role'] == "admin" ) { - $stmt = $pdo->prepare("SELECT DISTINCT `domain` FROM `domain` - WHERE `domain` NOT IN ( - SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as) - AND `domain` NOT IN ( - SELECT REPLACE(`address`, '@', '') FROM `alias` - WHERE `goto` = :goto)"); - $stmt->execute(array( - ':logged_in_as' => $mailbox, - ':goto' => $mailbox, - )); - } - else { - $stmt = $pdo->prepare("SELECT DISTINCT `domain` FROM `domain_admins` - WHERE `username` = :username - AND `domain` != 'ALL' - AND `domain` NOT IN ( - SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as)"); - $stmt->execute(array( - ':logged_in_as' => $mailbox, - ':username' => $_SESSION['mailcow_cc_username'] - )); - } - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - return $rows; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - break; - case "unselected-addresses": - try { - if ($_SESSION['mailcow_cc_role'] == "admin" ) { - $stmt = $pdo->prepare("SELECT `address` FROM `alias` - WHERE `goto` != :goto - AND `address` NOT IN ( - SELECT `send_as` FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as)"); - $stmt->execute(array( - ':logged_in_as' => $mailbox, - ':goto' => $mailbox - )); - } - else { - $stmt = $pdo->prepare("SELECT `address` FROM `alias` - WHERE `goto` != :goto - AND `domain` IN ( - SELECT `domain` FROM `domain_admins` - WHERE `username` = :username) - AND `address` NOT IN ( - SELECT `send_as` FROM `sender_acl` - WHERE `logged_in_as` = :logged_in_as)"); - $stmt->execute(array( - ':logged_in_as' => $mailbox, - ':goto' => $mailbox, - ':username' => $_SESSION['mailcow_cc_username'] - )); - } - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - return $rows; - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - return false; - } - break; - } - return false; + + $data['sender_acl_domains']['ro'] = array(); + $data['sender_acl_domains']['rw'] = array(); + $data['sender_acl_domains']['selectable'] = array(); + $data['sender_acl_addresses']['ro'] = array(); + $data['sender_acl_addresses']['rw'] = array(); + $data['sender_acl_addresses']['selectable'] = array(); + $data['fixed_sender_aliases'] = array(); + + try { + $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :goto AND `address` NOT LIKE '@%'"); + $stmt->execute(array(':goto' => $mailbox)); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows)) { + $data['fixed_sender_aliases'][] = $row['address']; + } + + // Return array $data['sender_acl_domains/addresses']['ro'] with read-only objects + // Return array $data['sender_acl_domains/addresses']['rw'] with read-write objects (can be deleted) + $stmt = $pdo->prepare("SELECT REPLACE(`send_as`, '@', '') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND `send_as` LIKE '@%'"); + $stmt->execute(array(':logged_in_as' => $mailbox)); + $domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($domain_row = array_shift($domain_rows)) { + if (is_valid_domain_name($domain_row['send_as']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) { + $data['sender_acl_domains']['ro'][] = $domain_row['send_as']; + continue; + } + if (is_valid_domain_name($domain_row['send_as']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) { + $data['sender_acl_domains']['rw'][] = $domain_row['send_as']; + continue; + } + } + + $stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND `send_as` NOT LIKE '@%'"); + $stmt->execute(array(':logged_in_as' => $mailbox)); + $address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($address_row = array_shift($address_rows)) { + if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { + $data['sender_acl_addresses']['ro'][] = $address_row['send_as']; + continue; + } + if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { + $data['sender_acl_addresses']['rw'][] = $address_row['send_as']; + continue; + } + } + + $stmt = $pdo->prepare("SELECT `domain` FROM `domain` + WHERE `domain` NOT IN ( + SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` + WHERE `logged_in_as` = :logged_in_as + AND `send_as` LIKE '@%')"); + $stmt->execute(array( + ':logged_in_as' => $mailbox, + )); + $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); + while ($row = array_shift($rows)) { + if (is_valid_domain_name($row['domain']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['domain'])) { + $data['sender_acl_domains']['selectable'][] = $row['domain']; + } + } + + $stmt = $pdo->prepare("SELECT `address` FROM `alias` + WHERE `goto` != :goto + AND `address` NOT IN ( + SELECT `send_as` FROM `sender_acl` + WHERE `logged_in_as` = :logged_in_as + AND `send_as` NOT LIKE '@%')"); + $stmt->execute(array( + ':logged_in_as' => $mailbox, + ':goto' => $mailbox + )); + while ($row = array_shift($rows)) { + if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) { + $data['sender_acl_addresses']['selectable'][] = $row['address']; + } + } + } + catch(PDOException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'MySQL: '.$e + ); + return false; + } + return $data; } function tagging_options($action, $data = null) { global $lang; diff --git a/data/web/inc/init.sql b/data/web/inc/init.sql index 64d7da5a..624f3398 100644 --- a/data/web/inc/init.sql +++ b/data/web/inc/init.sql @@ -115,11 +115,11 @@ CREATE TABLE IF NOT EXISTS `imapsync` ( `password1` VARCHAR(255) NOT NULL, `exclude` VARCHAR(500) NOT NULL DEFAULT '', `maxage` SMALLINT NOT NULL DEFAULT '0', - `mins_INTerval` VARCHAR(50) NOT NULL, + `mins_interval` VARCHAR(50) NOT NULL, `port1` SMALLINT NOT NULL, `enc1` ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS', `delete2duplicates` TINYINT(1) NOT NULL DEFAULT '1', - `returned_TEXT` TEXT, + `returned_text` TEXT, `last_run` TIMESTAMP NULL DEFAULT NULL, `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php index 00de3a9e..1d52ceb7 100644 --- a/data/web/inc/triggers.inc.php +++ b/data/web/inc/triggers.inc.php @@ -95,6 +95,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm break; } } + if (isset($_POST["trigger_set_policy_list"])) { + set_policy_list($_POST); + } if (isset($_POST["trigger_mailbox_action"])) { switch ($_POST["trigger_mailbox_action"]) { case "adddomain": diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php index 29720c89..76abf325 100644 --- a/data/web/inc/vars.inc.php +++ b/data/web/inc/vars.inc.php @@ -1,5 +1,6 @@
Wichtig: Ein korrekter Neustart SOGos kann eine Weile in Anspruch nehmen, bitte warten Sie, bis der Prozess vollständig beendet wurde.'; $lang['dkim']['confirm'] = 'Sind Sie sicher?'; -$lang['danger']['dkim_not_found'] = 'DKIM-Record nicht gefunden'; -$lang['danger']['dkim_remove_failed'] = 'Kann DKIM-Record nicht entfernen'; -$lang['danger']['dkim_add_failed'] = 'Kann DKIM-Record nicht hinzufügen'; +$lang['danger']['dkim_not_found'] = 'DKIM-Key nicht gefunden'; +$lang['danger']['dkim_remove_failed'] = 'Kann DKIM-Key nicht entfernen'; +$lang['danger']['dkim_add_failed'] = 'Kann DKIM-Key nicht hinzufügen'; $lang['danger']['dkim_domain_or_sel_invalid'] = 'DKIM-Domain oder -Selector nicht korrekt'; $lang['danger']['dkim_key_length_invalid'] = 'DKIM Schlüssellänge ungültig'; -$lang['success']['dkim_removed'] = 'DKIM-Record wurde entfernt'; -$lang['success']['dkim_added'] = 'DKIM-Record wurde hinzugefügt'; +$lang['success']['dkim_removed'] = 'DKIM-Key wurde entfernt'; +$lang['success']['dkim_added'] = 'DKIM-Key wurde hinzugefügt'; $lang['danger']['access_denied'] = 'Zugriff verweigert oder unvollständige/ungültige Daten'; $lang['danger']['whitelist_from_invalid'] = 'Whitelist-Eintrag ist ungültig'; $lang['danger']['domain_invalid'] = 'Domainname ist ungültig'; @@ -39,6 +39,7 @@ $lang['success']['alias_added'] = 'Alias-Adresse(n) wurden angelegt'; $lang['success']['alias_modified'] = 'Änderungen an Alias %s wurden gespeichert'; $lang['success']['aliasd_modified'] = 'Änderungen an Alias-Domain %s wurden gespeichert'; $lang['success']['mailbox_modified'] = 'Änderungen an Mailbox %s wurden gespeichert'; +$lang['success']['object_modified'] = "Änderungen an Objekt %s wurden gespeichert"; $lang['success']['msg_size_saved'] = 'Limit wurde gesetzt'; $lang['danger']['aliasd_not_found'] = 'Alias-Domain nicht gefunden'; $lang['danger']['targetd_not_found'] = 'Ziel-Domain nicht gefunden'; @@ -137,6 +138,7 @@ $lang['user']['spamfilter_yellow'] = 'Gelb: Die Nachricht ist vielleicht Spam, w $lang['user']['spamfilter_red'] = 'Rot: Die Nachricht ist eindeutig Spam und wird vom Server abgelehnt'; $lang['user']['spamfilter_default_score'] = 'Standardwert:'; $lang['user']['spamfilter_hint'] = 'Der erste Wert beschreibt den "low spam score", der zweite Wert den "high spam score".'; +$lang['user']['spamfilter_table_domain_policy'] = "n.v. (Domainrichtlinie)"; $lang['user']['tls_policy_warning'] = 'Vorsicht: Entscheiden Sie sich unverschlüsselte Verbindungen abzulehnen, kann dies dazu führen, dass Kontakte Sie nicht mehr erreichen.
Nachrichten, die die Richtlinie nicht erfüllen, werden durch einen Hard-Fail im Mailsystem abgewiesen.'; $lang['user']['tls_policy'] = 'Verschlüsselungsrichtlinie'; @@ -224,6 +226,7 @@ $lang['mailbox']['remove'] = 'Entfernen'; $lang['mailbox']['edit'] = 'Bearbeiten'; $lang['mailbox']['archive'] = 'Archiv-Zugriff'; $lang['mailbox']['no_record'] = 'Kein Eintrag für Objekt %s'; +$lang['mailbox']['no_record_single'] = 'Kein Eintrag'; $lang['mailbox']['add_domain'] = 'Domain hinzufügen'; $lang['mailbox']['add_domain_alias'] = 'Domain-Alias hinzufügen'; $lang['mailbox']['add_mailbox'] = 'Mailbox hinzufügen'; @@ -378,9 +381,12 @@ $lang['admin']['msg_size_limit_details'] = 'Diese Einstellung wird Postfix und d $lang['admin']['save'] = 'Änderungen speichern'; $lang['admin']['maintenance'] = 'Wartung und Information'; $lang['admin']['sys_info'] = 'Systeminformation'; -$lang['admin']['dkim_add_key'] = 'DKIM-Record hinzufügen'; -$lang['admin']['dkim_keys'] = 'DKIM-Records'; -$lang['admin']['dkim_key_length'] = 'DKIM Schlüssellänge (Bits)'; +$lang['admin']['dkim_add_key'] = 'DKIM-Key hinzufügen'; +$lang['admin']['dkim_keys'] = 'DKIM-Keys'; +$lang['admin']['dkim_key_valid'] = 'Key gültig'; +$lang['admin']['dkim_key_unused'] = 'Key ohne Zuweisung'; +$lang['admin']['dkim_key_missing'] = 'Key fehlt'; +$lang['admin']['dkim_key_hint'] = 'Der Selector für DKIM-Keys lautet immer dkim.'; $lang['admin']['add'] = 'Hinzufügen'; $lang['admin']['configuration'] = 'Konfiguration'; $lang['admin']['password'] = 'Passwort'; diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index e764985c..8bc5d50d 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -10,13 +10,13 @@ $lang['footer']['restart_sogo'] = 'Restart SOGo'; $lang['footer']['restart_now'] = 'Restart now'; $lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.

Important: A graceful restart may take a while to complete, please wait for it to finish.'; $lang['dkim']['confirm'] = "Are you sure?"; -$lang['danger']['dkim_not_found'] = "DKIM record not found"; -$lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM record"; -$lang['danger']['dkim_add_failed'] = "Cannot add given DKIM record"; +$lang['danger']['dkim_not_found'] = "DKIM key not found"; +$lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM key"; +$lang['danger']['dkim_add_failed'] = "Cannot add given DKIM key"; $lang['danger']['dkim_domain_or_sel_invalid'] = "DKIM domain or selector invalid"; $lang['danger']['dkim_key_length_invalid'] = "DKIM key length invalid"; -$lang['success']['dkim_removed'] = "DKIM record has been removed"; -$lang['success']['dkim_added'] = "DKIM record has been saved"; +$lang['success']['dkim_removed'] = "DKIM key has been removed"; +$lang['success']['dkim_added'] = "DKIM key has been saved"; $lang['danger']['access_denied'] = "Access denied or invalid form data"; $lang['danger']['whitelist_from_invalid'] = "Whitelist entry invalid"; $lang['danger']['domain_invalid'] = "Domain name is invalid"; @@ -41,6 +41,7 @@ $lang['success']['alias_added'] = "Alias address/es has/have been added"; $lang['success']['alias_modified'] = "Changes to alias have been saved"; $lang['success']['aliasd_modified'] = "Changes to alias domain have been saved"; $lang['success']['mailbox_modified'] = "Changes to mailbox %s have been saved"; +$lang['success']['object_modified'] = "Changes to object %s have been saved"; $lang['success']['msg_size_saved'] = "Message size limit has been set"; $lang['danger']['aliasd_not_found'] = "Alias domain not found"; $lang['danger']['targetd_not_found'] = "Target domain not found"; @@ -139,6 +140,7 @@ $lang['user']['spamfilter_yellow'] = 'Yellow: this message may be spam, will be $lang['user']['spamfilter_red'] = 'Red: This message is spam and will be rejected by the server'; $lang['user']['spamfilter_default_score'] = 'Default values:'; $lang['user']['spamfilter_hint'] = 'The first value describes the "low spam score", the second represents the "high spam score".'; +$lang['user']['spamfilter_table_domain_policy'] = "n/a (domain policy)"; $lang['user']['tls_policy_warning'] = 'Warning: If you decide to enforce encrypted mail transfer, you may lose emails.
Messages to not satisfy the policy will be bounced with a hard fail by the mail system.'; $lang['user']['tls_policy'] = 'Encryption policy'; @@ -226,6 +228,7 @@ $lang['mailbox']['remove'] = 'Remove'; $lang['mailbox']['edit'] = 'Edit'; $lang['mailbox']['archive'] = 'Archive'; $lang['mailbox']['no_record'] = 'No Record for object %s'; +$lang['mailbox']['no_record_single'] = 'No Record'; $lang['mailbox']['add_domain'] = 'Add domain'; $lang['mailbox']['add_domain_alias'] = 'Add domain alias'; $lang['mailbox']['add_mailbox'] = 'Add mailbox'; @@ -379,6 +382,10 @@ $lang['admin']['privacy_anon_mail'] = 'Anonymize outgoing mail'; $lang['admin']['dkim_txt_name'] = 'TXT record name:'; $lang['admin']['dkim_txt_value'] = 'TXT record value:'; $lang['admin']['dkim_key_length'] = 'DKIM key length (bits)'; +$lang['admin']['dkim_key_valid'] = 'Key valid'; +$lang['admin']['dkim_key_unused'] = 'Key unused'; +$lang['admin']['dkim_key_missing'] = 'Key missing'; +$lang['admin']['dkim_key_hint'] = 'Selector for DKIM keys is always dkim.'; $lang['admin']['previous'] = 'Previous page'; $lang['admin']['quota_mb'] = 'Quota (MiB):'; $lang['admin']['sender_acl'] = 'Allow to send as:'; @@ -388,8 +395,8 @@ $lang['admin']['msg_size_limit_details'] = 'Applying a new limit will reload Pos $lang['admin']['save'] = 'Save changes'; $lang['admin']['maintenance'] = 'Maintenance and Information'; $lang['admin']['sys_info'] = 'System information'; -$lang['admin']['dkim_add_key'] = 'Add DKIM record'; -$lang['admin']['dkim_keys'] = 'DKIM records'; +$lang['admin']['dkim_add_key'] = 'Add DKIM key'; +$lang['admin']['dkim_keys'] = 'DKIM keys'; $lang['admin']['add'] = 'Add'; $lang['admin']['configuration'] = 'Configuration'; $lang['admin']['password'] = 'Password'; diff --git a/data/web/mailbox.php b/data/web/mailbox.php index 26c799b6..fffd8c58 100644 --- a/data/web/mailbox.php +++ b/data/web/mailbox.php @@ -1,7 +1,7 @@ @@ -91,7 +91,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI']; endforeach; else: ?> - + diff --git a/data/web/user.php b/data/web/user.php index 33e26e81..8697017f 100644 --- a/data/web/user.php +++ b/data/web/user.php @@ -1,6 +1,5 @@

prepare("SELECT `address`, - `goto`, - `validity` - FROM `spamalias` - WHERE `goto` = :username - AND `validity` >= :unixnow"); - $stmt->execute(array(':username' => $username, ':unixnow' => time())); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if(!empty($rows)): - while ($row = array_shift($rows)): - ?> -
-

-
-
-

-
-
- - - - - -
- +
+

+
+
+

+
+
+
+ + + +
+
+
@@ -233,49 +217,39 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
prepare("SELECT `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND `object`= :username"); - $stmt->execute(array(':username' => $username)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if (count($rows) == 0): + $get_policy_list = get_policy_list($username); + if (empty($get_policy_list['whitelist'])): ?>
-
-
-
-
- - - - - - - -
-
-
- - +
+
+
+
+ + + + + + + +
+
+
+
@@ -298,48 +272,38 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
prepare("SELECT `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND `object`= :username"); - $stmt->execute(array(':username' => $username)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if (count($rows) == 0): + if (empty($get_policy_list['blacklist'])): ?>
-
-
-
-
- - - - - - - -
-
-
- +
+
+
+
+ + + + + + + +
+
+
+
@@ -398,21 +362,9 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user prepare("SELECT *, CONCAT(LEFT(`password1`, 3), '…') as `password1_short` - FROM `imapsync` - WHERE `user2` = :username"); - $stmt->execute(array(':username' => $username)); - $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); - } - catch(PDOException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'MySQL: '.$e - ); - } - if(!empty($rows)): - while ($row = array_shift($rows)): + $get_syncjobs = get_syncjobs($username); + if (!empty($get_syncjobs)): + foreach ($get_syncjobs as $row): ?> @@ -442,7 +394,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user @@ -462,7 +414,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
-
+